My Omnia blocks packets sent from certain websites. eg: www.caiso.com. How can I enable transfer from such sites?
How did you reach that conclusion?
I have several computers connected to my Turris Omnia. Some are ethernet connected some are WiFi connected. Some are running Win10 some are running various Linux distributions. Various browsers are used. When I connect directly to the internet via my ISP-provided modem ethernet port (the modem has no WiFi), I can browse at will. None of my computers can browse to www.caiso.com nor my health provider website when connected thru my Turris Omnia. In all cases I get ‘timed out’ messages.
From this situation I infer that there is a packet transfer issue in my Turris.
This might be DNS related, you could try to configure your computer to directly use ether google’s 8.8.8.8 or cloudflare’s 1.1.1.1 or even IBM’s 9.9.9.9, this would sidestep the knot resolver in the omnia and would if you can access the sites successfully indicate a dns issue. If that helps it might be worth lokking into this more closely, maybe dnssec is broken for that site…
the router’s LuCI interface offers some basic network diagnostics → Network → Diagnostics, alternatively from the command line interface via ssh.
ping is not working since the firewall of the server (caiso) is apparently blocking responses to ping, thus try traceroute caiso.com instead
traceroute to caiso.com (12.200.60.135)
If it does not resolve the ip (12.200.60.135) then it is likely the case of an issue with DNSSEC of the upstream DNS resolver being queried by the TO router (suppose the one from your ISP?) or the router’s resolver not resolving that domain.
To double check on the DNS resolution run from the ssh cli
dig caiso.com and dig caiso.com +dnssec
Whether DNSSEC is working with the current upstream resolver can be tested as well from the router’s Foris interface.
In case of an issue with DNSSEC there are basically 2 options
- disable DNSSEC (via the Foris interface), or
- change the upstream DNS resolver to one that supports DNSSEC
If the DNS(SEC) just works fine however try actual connectivity from the router ssh cli
cd /tmp && wget http://www.caiso.com/Documents/Real-TimeDailyMarketWatchOct11-2018.pdf
the output should be reading:
Resolving www.caiso.com… 12.231.58.136
Connecting to www.caiso.com|12.231.58.136|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 221030 (216K) [application/pdf]
Saving to: ‘Real-TimeDailyMarketWatchOct11-2018.pdf’
If that is working too the connectivity between TO router and the domain content is established. Should any of the clients still not be able to access the domain however diagnostics from any such client would have to be undertaken.
Are you sure adblock doesn’t block it?
So far as I could tell, DNS seems to be OK using the tests you suggested. Your final suggestion to ‘try actual connectivity’ fails. The first two lines return are exactly as you suggest but the process ends after “12.231.58.136|:80…” . Connection is never achieved.
As further test, I added a second router between the modem from the ISP and the TO. With that router in place, connection is achieved. As soon as the second router is removed… connection is no longer achieved.
Is there anything else I can try?
That is a very curious outcome. Suppose the TO is not connecting to a VPN endpoint and thus showing a different ip that gets blocked by the domain’s firewall?
Is the ISP provisioning ipv6 or ipv4?
Further diagnostic would require a bit more effort, as in tcpdump on the router and then inspecting the dump file with a tool like wireshark on a pc in order to discover what happens to the tcp stream.