Webiste not loading: help me to understand why
-
Hi,
I'm setting up my new pfsense box and I'm testing it.
I setup a failover multi-wan (primary wan is a cable modem and secondary a 4G LTE modem).
I have three vpn connections (two in load-balancing on the primary wan and one in the secondary).
Many VLANs with DNS-forwarder for not crypted VLANs and DNS-resolver for VPN ones.
I also have pfblocker-NG with DSNBL.All works fine (well, more or less), I'm fighting with roadwarrior openvpn connection when the server connection is restablished. But that's another story.
I found a website that I can't open when connected via VPN.
It's a food shop (https://www.supertosano.com), DNS lookup works but can't resolve the name.
If connected via non-VPN VLAN it works.So it is a DNS issue or a DNSBL block (but I can't find block line in the log).
I searched with my main router (ER-X) whith online DNS lookup tools and it seems (to me) that this website entry isn't hosted in global DNS servers but only by one local provider one.
Is it the issue? Or where I can look? I found nothing in all logs :(
-
@valepe69 said in Webiste not loading: help me to understand why:
hat this website entry isn't hosted in global DNS servers but only by one local provider one.
huh?
;; QUESTION SECTION: ;www.supertosano.com. IN A ;; ANSWER SECTION: www.supertosano.com. 3600 IN A 81.24.230.195
That site resolves just fine globally.
@valepe69 said in Webiste not loading: help me to understand why:
If connected via non-VPN VLAN it works
Its quite possible that site just blocks access from VPNs - not uncommon for sites to do that..
-
@valepe69 said in Webiste not loading: help me to understand why:
DNS lookup works
Exact :
but can't resolve the name.
?? resolve == lookup ( fro an A record, for example ).
C:\Users\Gauche>nslookup Serveur par dÚfaut : pfsense.my-domain.net Address: 192.168.1.1 > www.supertosano.com Serveur : pfsense.my-domain.net Address: 192.168.1.1 Réponse ne faisant pas autorité : Nom : www.supertosano.com Address: 81.24.230.195
You meant to say that a web browser can't connect to it ?
The domain seems fine to me : https://www.zonemaster.net/result/75daeb00055171bd
-
@johnpoz said in Webiste not loading: help me to understand why:
Its quite possible that site just blocks access from VPNs - not uncommon for sites to do that..
This explain the fine response from DNS Lookup but no answer from the browser.
Infact all connections that worked are from straight connections (not from VPN).Thanks a lot.
-
@valepe69 You could always validate that your traffic is in fact going out your "vpn" by sniffing, and just not getting a response.
Are you saying all sites do not work through vpn, or just this one and some others?
It is quite common to block vpn IPs, especially if your wanting to geo filter.. Say you want to only allow US users, just saying.. Known vpns using US ips, could be anyone - not just actual US users. The vast majority of VPNs are used to either hide their p2p traffic from their ISP, or circumvention of geo restrictions.
Sure there might be some actual us users using the us based vpn exit points - but sometimes when you throw out a barrel of bad apples, there might be a couple of good ones in there, but not worth digging through all the rotten apples to try and save a couple..
-
@johnpoz said in Webiste not loading: help me to understand why:
@valepe69 You could always validate that your traffic is in fact going out your "vpn" by sniffing, and just not getting a response.
Are you saying all sites do not work through vpn, or just this one and some others?
It is quite common to block vpn IPs, especially if your wanting to geo filter.. Say you want to only allow US users, just saying.. Known vpns using US ips, could be anyone - not just actual US users. The vast majority of VPNs are used to either hide their p2p traffic from their ISP, or circumvention of geo restrictions.
Sure there might be some actual us users using the us based vpn exit points - but sometimes when you throw out a barrel of bad apples, there might be a couple of good ones in there, but not worth digging through all the rotten apples to try and save a couple..
Only this one. Considering that it's a local food distribution it may sense that it locks VPN ips.
Sometimes (rarely) I have a long delay before browser starts to load a new website, not sure why but I read of a not-confirmed-yet issue with DNS in 2.6.0.I use VPN to make my privacy stronger but do I should consider to use a straight connection with pfblockerNG and DSNBL? Leaving VPN for P2P?
-
@valepe69 said in Webiste not loading: help me to understand why:
Considering that it's a local food distribution it may sense that it locks VPN ips
I would understand that a local food delivery store doesn't want to take orders from an IP coming from South Africa, or the south pole.
It's a known issue : people want to use the lists from "MaxMind GeoIP" and check as many countries a possible.@valepe69 said in Webiste not loading: help me to understand why:
I use VPN to make my privacy stronger
That's far more an idea carefully being constructed by entities that want to sell you services linked to this concept.
It's "VPN here VPN there" these days, as it was "anti virus here / anti vius there" before. People finally found out that "do not execute that unknown EXE from the Internet, even as it promised a free World of Warcraft game play".These days its more
a) many media services so you can show to the word what your are doing 24/24h.
b) many VPN services so you can hide showing yourself. (something like that).The ones who know who you are, what you are doing, what you are buying and what you are looking for, are not hindered by the fact you use a VPN.
A VPN was help full when web and mail traffic was 'clear'. That's rarely the case these days.If I was a member of one of those 3 letter organisations, I would have a talk with the share holders of all those VPN companies, and propose them :
I) big infrastructure like big routers, all paid by 'uncle sam',
II) a big (really big) $/€ check
III) the promise they won't get bordered by their legal services.Both parties are in for a big win here.
The third party will be you. You want to be member of the Internet ? Ok, you will be the product. This stays valid, and this time you are even paying for it.Remember : the VPN is the end point of the tunnel, they know who you are, where you are, so live gets much easier for those 3 letter agencies.