Hello, After instalation, I can’t seem to get to paypal.com. I have a rule in place to white list it under my rules, and auto whitelist setup. but I can’t seem to get to paypal.com. It doesn’t matter which “policy” is used, I’ve even got a machine in unfiltered, and still can’t get to paypal’s website.
Hello @David Here’s why I pretty sure it is. Prior to setup I could access it. Additionally, if I connect to my Modem’s wireless instead of my internal wireless. I can connect to it. It’s ONLY systems going through adam.ONE that can’t reach it.
Additionally, If I “disable” adam:ONE in my ClearOS Gateway, I can then get to Paypal.
This is also affecting my ability to connect to SLACK.
Additionally, Once I connect my Work Laptop to my Work VPN (All it’s traffic goes through the VPN Tunnel my work’s VPN setups) Paypal and Slack are reachable. I disconnect from the VPN, they are not.
All of this points to it being something with Adam:ONE.
I’ve subscribed to several rules under Subscriptions, it says to activate under my Policies page; however they don’t show up. one of the subscriptions is Paypal. Could this be what’s causing the issue?
When you go to http://mytools.management and click on Who Am I it should tell you what policy you are on.
Then on the adam:ONE Dashboard select that policy and check what rules are enabled on it. If it’s a whitelist policy you would need a rule that allows paypal, slack, etc.
You can create new rules by clicking My Rules on the left hand side.
I have done all of this. Even the default “unfiltered” policy is not letting these sites through. And the only “rule” on it (beside allow EVERYTHING) is whitelist the dashboard.
I do get the DNS_PROBE_FINISHED_NXDOMAIN error when going to these sites, so it appears Somewhere it’s on the Block List. (Even though I have created separate rules (one for paypal, and one for slack) under My Rules. but I don’t have the option to add any of the “whitelisted” rules on any of my policies. Additionally, I’ve subscribed to the paypal and slack “lists” that are maintained by adam:ONE; it says to add the rules to my polices on my polices page… but I don’t have the option to add those either. When I click on subscribed on my polices page, It shows blank. Same for my rules. The Only lists that are showing on my policies page is the builtin Systems lists.
I’ll attach a screen shots so you can see what I’m seeing. (This policy is for testing purposes, right now everything but ads are allowed)
Can you go to http://mytools.management/log (you may have to assign yourself log permissions under the Devices page) and then post a screenshot of what you see in your log when you try to access paypal?
Thanks for the log screenshot. As you can see there is no query for paypal.com that reaches adam:ONE. Instead it looks like your computer is appending your AD domain and treating www.paypal.com as if it’s an internal hostname.
Instead of setting the default treatment to allow, try changing it to either OpenDNS, Quad9, or 1.1.1.1.
Also see Active Directory Configuration on how we recommend integrating Active Directory into an adam:ONE setup.
I’ve got the DNS Configured on my Domain Controller like in the example; howver, I’m not running DHCP on my Domain Controller. I’m running DHCP via ClearOS. Is that going to cause issues? Additionally I don’t see an Internal Domains option under My Lists. Do I have to create a DNS Forwarder?
As far as Default Treatment from allow. I don’t have that option on the unfiltered, (Which my work Laptop is on) but i’ll try it on my testing policy
That’s what I figured, and I’ve done that. I’ll try it as soon as my mother in law is done with her paperwork.
I have setup a second adam:ONE on my Desk network (Used for fixing computers etc, on the side, I don’t want anything on a customers computer to have access to my main internal network) and that configuration (also clearos) is working flawlessly.
I found that I did have in my ClearOS DNS, pointing to my AD controller first, then to itself. I’ve taken that out (as suggested in the howto linked above, to not have DNS point to the active Directory Controller. Soley relying on ClearOS DNS now, (so DHCP’s DNS is now setup the “same” way in ClearOS as it would be if doing DHCP on my Domain Controller like linked in the howto above.
I’ll give this a test here as soon as I can and see if it works.
Worst Case Scenerio, I move my DHCP and DNS to my AD controller from ClearOS. (My desk network is running DHCP and DNS on it’s Domain Controller)
Hello @David With @atw’s Help we have determined what the issue is. And you are correct. it’s not adam:ONE. it’s my local DNS. Logs are showing that sites would get (site.com).my.ddns.me requests when trying to go there.
@atw has been helping me figure out how to correct the issue, and I “think” I’ve finally got it. I’ll check it here in a few.
So glad to hear it. We were just discussing ways we can identify these types of issues more proactively in the future, we’ll keep working towards better methods