Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN blocked?

    Scheduled Pinned Locked Moved Forum Feedback
    53 Posts 13 Posters 13.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tagit446 @Derelict
      last edited by tagit446

      @derelict said in VPN blocked?:

      @tagit446 Should known spam source addresses, which have been flagged due to recent, active spam activity be "whitelisted" so you can connect to this forum via your VPN service?

      You are sharing source IP addresses with all of the yahoos using that service. If I were you I'd get used to some inconvenience there.

      I just don't get these responses I'm getting, are you all trying to say I'm suspected of being a spammer here or some where else due to my vpn IP? Yes it is a shared IP but so is my ISP IP.

      Again, I get the use of a spam reporting database. I just don't understand why you have chose to implement it the way you have. You all seem aware that good people can end up with a bad IP. What if I got an IP from my ISP that had been reported for spamming? I would not even be able to load this site to find out why. At the very least why not redirect to a page explaining why the site won't load and a contact if that user believes he/she is being wrongly blocked. The only other choice for me would be to reboot my modem or router to get a new IP which I guess would probably be faster than reaching out to someone. A message as to why the block is happening though would still be nice.

      I'll be honest, in the year and a half that I have used a vpn the only inconveniences I've encountered are not having access to this forum at times while using my vpn, amazon prime videos not working on my tv and an online game not working due to closed ports on the vpn. Policy based routing due to pfSense fixed each of those issues however.

      EDIT: I've used some sites such as Amazon that will block a user from logging in when their IP has changed. While attempting to log in with my credentials, before giving access it will send an email with a verification code. I can grab that code from my email and then enter it in the form Amazon provides. Once entered the log in continues as normal.

      Could something like this be implemented on this website instead the non-loading blank webpage? At least that way good people with bad IP's aren't getting blocked from accessing their accounts here. I went through a lot of trouble shooting trying to figure out why this site wouldn't load each time I was blocked. How many others is this happening to aswell.

      I had no idea I was being blocked due to my vpn IP, at least not until this thread. Just before regaining access and seeing the post from the OP I had rebooted my pfSense box and got a new IP that was luckily not blocked.

      Again, the problem is loading this website with a bad IP, not a problem posting or logging in.

      EDIT2: Thinking about this more, why are spam related IP's even getting blocked from loading the forums webpage? Unless they can log into the website.. what can they do to harm the website.. especially this one? After all you are Netgate so I have to assume your server security is better then most.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by johnpoz

        @tagit446 said in VPN blocked?:

        Yes it is a shared IP but so is my ISP IP.

        No - where did you get that Idea... Are you behind a carrier grade nat? My IP has been the same since I moved to this ISP.. Before my IP was the same for years and years with comcast.. So all the IP tells a website is hey that IP is owned by XYZ... Hey that IP is prob in City ABC.. Its not shared at all.

        They are blocked from accessing the forum is because they are blocking it at the firewall not just inside the forum software as well.. Yeah more secure from the spammers ;)

        If you want to use some VPN service that allows any and all to use their IPs for shit like spamming - then guess what.. Your prob going to find some sites that don't like that IP.. Or for that matter might get so fed up playing wack a mole that they just block the netblock..

        And guess what if you were behind a carrier grade nat and sharing IPs - and some yahoo that had your IP yesterday decided it was fun to spam.. And get his IP listed 58 times ;) Then yeah you get that IP your going to have issues..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        T 1 Reply Last reply Reply Quote 0
        • T
          tagit446 @johnpoz
          last edited by

          @johnpoz said in VPN blocked?:

          No - where did you get that Idea... Are you behind a carrier grade nat?

          I'm really not sure what my ISP uses. In my location we only have one choice for internet and that is Bonded ADSL+ through Consolidated Communications. They took over FairPoint Communications in my state about a year ago.

          My ISP modem is bridged and I establish the PPPoE connection through the pfsense router. The service here is pretty bad really. As I've mentioned, I'm still learning pfSense so at times I'll reboot the router after making changes and sometimes the modem. Each time either one reboots I see my public IP has changed on the pfSense router homepage.

          @johnpoz said in VPN blocked?:

          They are blocked from accessing the forum is because they are blocking it at the firewall not just inside the forum software as well.. Yeah more secure from the spammers ;)

          Thanks for this, it makes sense now and finally answers mine and the OP's original question.

          At least as far as spammer IP's go it seems like it would be enough to block them with the website software and not the firewall since a spammer can't spam a website unless they are logged in. Doing the blocking at the website would give more verification options or at least allow a webpage to be displayed as to why a block is happening. In the end though, its not my sandbox and all I can do is make suggestions. If you don't care, why should I.

          I now know why the site wouldn't load for me and I can and have worked around that. My only real concern now is for those that haven't figured it out yet and will probably spend alot of time trying to diag the problem. After all, they won't be able to get here to ask for help because the site will not even load for them. I wonder how many new pfSense users will just give up on it because they are using a vpn and can't load this site to ask for help when they are stuck.

          I won't say anymore on the above subject but I would still like to know why using a vpn service only gives a false sense of security. Like I said before, I don't want to pay for something I don't need and don't like being duped. You seem to be in the know, so please share what you know.

          johnpozJ 1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by Derelict

            I would still like to know why using a vpn service only gives a false sense of security.

            Because you are just transferring the ability to sniff your traffic from your ISP to your VPN provider.

            You exit to the internet in-the-clear at some point.

            A VPN is great for encrypting your traffic across something like a local open wifi hotspot, hotel network, or between two private sites.

            The VPN providers have done a pretty good job convincing a lot of people that they are necessary to protect against evil ISPs.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 1
            • GrimsonG
              Grimson Banned @tagit446
              last edited by

              @tagit446 said in VPN blocked?:

              Wow ok, "RTFM".. had to look that one up.

              Good now continue to look things up before you talk about them. Make this a habit.

              ISP's are known for doing questionable things and don't even try to be transparent. They don't encrypt my connection and most certainly log everything I do on the web, in some circumstances, some ISP's are even known to redirect their users traffic.

              An with a VPN your VPN provider can do exactly the same. And while you know who and where your ISP is located, and what laws it has to follow, you can't say the same about some random VPN provider on the web. So ask yourself again, what makes that VPN provider more trustworthy than your ISP.

              Say this information is flagged and now my government thinks I'm a terrorist, what do you suppose could happen there?

              And continuously running an encrypted tunnel to an endpoint in a different country will not trigger red flags with such a government agency? Heck if I where a government agency tasked with monitoring internet usage I would spin up a few VPN providers and make them known with nice reviews on the net. Then people would not only route their traffic through my servers, they would actually pay me for monitoring them.

              You need to understand that a VPN encrypts only the communication between your client the server from you VPN provider, that server then can do the same stuff your afraid your ISP might do. If your VPN provider then also managed to get you to install their custom CA certificate on your PC, and some try to do that if you run their client directly on the PC, they can even MITM your otherwise encrypted https traffic.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @tagit446
                last edited by johnpoz

                @tagit446 said in VPN blocked?:

                The service here is pretty bad really

                Is it really - or is your VPN?? Why would you add the latency and issues of a vpn on top of questionable service ISP? Only thing the VPN can ever do is make your traffic slower.. Since you have to travel over the isp connection to get to the vpn.. Now you have the added latency going to wherever that is just to possible come back 1 mile from the exit of your isp connection. Maybe - or completely wrong direction from where you want to go to get to xyz.com which adds latency.

                Your already using a PPPoE connection which adds overhead, so lets put a vpn tunnel inside another tunnel.. Yeah GREAT performance is what everyone will scream ;)

                You can do what you want - just don't complain when the IP you choose to use gets blocked, and don't complain when your connection is crap.. And your pocket book is lighter because you think you need to pay the "I'm more secure" stupid tax ;)

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan @tagit446
                  last edited by Gertjan

                  @tagit446 said in VPN blocked?:

                  The VPN encrypts my connection

                  I'm do not want to add another brick against the "why a VPN" wall, but like to add :
                  Today, nearly all sites (mail, ssh, etc) use SSL/TLS by default, so the end-to-end privacy is been taken care of out of the box.
                  Rests the "having another IP" advantage. That's up to you ....

                  Drop by on this forum when it get's hit - as it did on a recent past - by these 'foreign language' spammers. The entire forum was getting spammed with dozens of messages, nearly every week, or more often.
                  These days : didn't saw them any more (or the admins are became very, very reactive !).
                  You, @bafonso , showed that there are side effect for some of us.
                  One thing is pretty sure : your are using the same VPN as spammers - here, or some where else - did. Not your fault, these things happen ;)

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 0
                  • RyanMR
                    RyanM
                    last edited by

                    Ok, this thread has kind of gone all over the place. I will record my VPN IP address next time I can't connect. I am reasonably sure the VPN IP was blocked since clicking the "restart" icon on VPN until I can connect works. Sometimes I have to restart once, other times it takes 5 or 6 times and then I can connect.

                    I am using PIA.

                    In response to "why VPN traffic to pfSense/Netgate?", because I VPN all of my traffic by default. I do have bypass rules for Netflix and AWS, and yes I could add a bypass for pfSense/Netgate, but I figured I would ask about the blocking before adding a bypass rule.

                    Maybe I am being paranoid, but I don't trust websites to not track me. This is partially about my ISP, and partially about trackers on the internet. This was a large part of the reason I setup a pfSense router was to VPN most of my traffic.

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      @ryanm said in VPN blocked?:

                      but I don't trust websites to not track me

                      You think the only way they track you is via your IP?? hehehhee how cute ;)

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • RicoR
                        Rico LAYER 8 Rebel Alliance
                        last edited by

                        You trust some random VPN provider more than your ISP? You should change your ISP then...

                        -Rico

                        1 Reply Last reply Reply Quote 0
                        • RyanMR
                          RyanM
                          last edited by

                          @johnpoz a VPN is just part of the solution. I also use a couple of browser extensions to attempt to block tracking, and make use of incognito/private browsing fairly regularly. I would be interested in hearing any other recommendations on how to protect my privacy online.

                          @Rico I don't have many options in my area, and for the most part I do trust my ISP but I don't see what the downside to using a VPN is other than cost. My understanding is that PIA is a reasonably well-respected VPN provider, but if I am misinformed, I would love to hear more.

                          1 Reply Last reply Reply Quote 0
                          • RicoR
                            Rico LAYER 8 Rebel Alliance
                            last edited by

                            The downside is, your VPN Provider got all the keys to decrypt your whole traffic if he want to.

                            -Rico

                            GertjanG 1 Reply Last reply Reply Quote 0
                            • GertjanG
                              Gertjan @Rico
                              last edited by Gertjan

                              @rico said in VPN blocked?:

                              The downside is, your VPN Provider got all the keys to decrypt your whole traffic if he want to.

                              -Rico

                              Well : the VPN will decrypt the entire tunnel, that's for sure. They have to ☺
                              But, all SSL traffic inside the tunnel will stay safe. Most of all site traffic - web browsing and mail are all safe these days. And if you insist, DNS can be make safe also, this means : you decide who sees your DNS traffic.

                              No "help me" PM's please. Use the forum, the community will thank you.
                              Edit : and where are the logs ??

                              1 Reply Last reply Reply Quote 0
                              • RyanMR
                                RyanM
                                last edited by

                                @Gertjan I don't want to get too far off topic, but can you point me at a resource to read about making DNS safe? This is around SSL encrypted requests to your DNS provider correct? I moved to using CloudFlare's DNS (1.1.1.1 and 1.0.0.1) in my pfSense configuration. Is there a way to force the SSL version on pfSense?

                                JeGrJ 1 Reply Last reply Reply Quote 0
                                • RyanMR
                                  RyanM
                                  last edited by

                                  Here is an IP that appears to be blocked: 91.207.175.100

                                  FWIW, I am connecting to the PIA US-California instance (us-california.privateinternetaccess.com:1198). In my experience, this instance seems to not be blocked on as many sites (e.g. Macys.com, Craigslist.org, etc.).

                                  1 Reply Last reply Reply Quote 0
                                  • johnpozJ
                                    johnpoz LAYER 8 Global Moderator
                                    last edited by johnpoz

                                    @ryanm said in VPN blocked?:

                                    91.207.175.100

                                    http://stopforumspam.com/ipcheck/91.207.175.100

                                    Blocked!
                                    You sure that is suppose to be US... Shows as Romania on that site.. But its also on a shit ton of other blacklists as well!

                                    To be honest how do people think that the shared IPs they get using some vpn is not going to be blocked all over the net... Since people just do shit while on them, since they they think they are hiding ;)

                                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                                    If you get confused: Listen to the Music Play
                                    Please don't Chat/PM me for help, unless mod related
                                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                                    1 Reply Last reply Reply Quote 0
                                    • RyanMR
                                      RyanM
                                      last edited by

                                      Thank you for checking @johnpoz. Should I bother with trying to get it unblocked? Or just continue to "restart" the VPN client until I get an IP that is not blocked?

                                      I think the IP Address is owned by a European company called M247 Europe SRL, I am not sure why that site is showing it as Romania. However, the location of the VPN IP shows up as Los Angeles, CA and this is in line what latency I see to servers in that area and geolocation type services (e.g. Google Maps, Weather.com, etc.).

                                      1 Reply Last reply Reply Quote 0
                                      • johnpozJ
                                        johnpoz LAYER 8 Global Moderator
                                        last edited by

                                        Their abuse email is to m247.ro

                                        Its a RIPE controlled IP space..

                                        Dude its on WAY more than just the spam database - look it up, its on a LOT of black lists..

                                        If you want to route your traffic through a vpn that is up to you - just policy route so going to pfsense is just off your wan and then you will be fine.

                                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                                        If you get confused: Listen to the Music Play
                                        Please don't Chat/PM me for help, unless mod related
                                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                                        1 Reply Last reply Reply Quote 0
                                        • RyanMR
                                          RyanM
                                          last edited by

                                          Yeah, I think you are right. I will probably just start adding rules to route traffic through WAN when it is blocked. Thanks.

                                          1 Reply Last reply Reply Quote 0
                                          • A
                                            andrew528
                                            last edited by

                                            you interested me

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.