Not able to load the specific website
-
Hi!
I'm having trouble with loading a specific website in my network. I have read the documentation:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/website-access-issues.html
https://docs.netgate.com/pfsense/en/latest/troubleshooting/connectivity.htmlBut I am still unsure if the issue is still with my firewall or something. I have two interfaces, I have a LAN and a DMZ (which runs on an VPN interface with a static IP provided from the VPN provider). The website that I cannot access is: https://api.minecraftservices.com/publickeys. I have tried to ping the websites IP from the firewall, my lan & the dmz. The firewall itself cannot reach the website, but the LAN interface, has no trouble displaying the website or doing a ping. The DMZ on the other hand, is able to do ping and nslookup, but I cannot view the webpage, or complete a traceroute. I am able to access I am able to access other websites just fine. Btw, snort is running on both my WAN interface and the DMZ interface as well. (But it does not seem like the issue here) The webtraffic leaves the firewall, with TCP:S, but there isn't any traffic coming in it looks like and there isn't any correct handshake performed it seems like. That's why I am scratching my head here.
Here is a picture of the traceroute:
https://imgur.com/a/4eJsZa5What should I try next, I am kinda lost here...
-
I found this just now... https://www.minecraftforum.net/forums/support/java-edition-support/2344348-minecraft-will-not-authenticate
Is it that easy that my VPN ip may be blacklisted?
-
Isn't it easy to test if that's the case ?
-
@Gertjan I've reached out to the VPN company, but they said that there shouldn't be any blockage that they are aware of, although this is only tested with a dynamic IP-address and not the same address as the static IP that I am using. I will investigate further into this issue, but is there anything else that you might think can cause this issue?
-
It is not uncommon for commercial websites to begin blocking known VPN address netblocks. They may do this for various reasons which can include wanting to verify geolocation to meet copyright/license committments in contracts the website may have signed, and because lots of mischief can come from VPN addresses as the bad guys desire some level of anonymity.
It can sometimes be difficult to get a website to acknowledge if (and what) IP netblocks they may be restricting from accessing their resources. And sometimes, depending on the acumen of the website operator, they may block a range of IP addresses (such as a CDN) that encompasses many "good guys" in addition to one or two "bad guys". If that is the case, then the site admin can inadvertently block a lot of legitimate traffic and not even realize what they've done.
Just today I read a post from a user in the OPNsense forum posting about essentially the same issue with his Nord VPN setup. With his VPN active, his DNS lookups failed. With his VPN disabled, his DNS lookups worked fine.