User with VPN intermittently can't reach my server

[GoWilkes]

I have limited information on this one, but I'm concerned that it could be a larger problem and I'm just not hearing about it.

I had a user contact me that said he can't access my main site while using NordVPN. It happens intermittently, so sometimes he can and sometimes he can't.

I block non-US IPs at the firewall, but he sent a screenshot showing that his VPN is set to use US IPs.

He sent a screenshot of the error, and I see that he was using the Brave browser. It's throwing an error that says DNS_PROBE_POSSIBLE

A quick search found this to be an exclusive error for Brave, but he sent a screenshot while using another browser (he didn't specify what) that states ERR_NAME_NOT_RESOLVED. That screenshot's file name includes DuckDuckGo, though, so somehow it's related to that. And the favicon next to my site's address shows a black circle with a B+ in it (which isn't my favicon), so whatever that tells you.

After that, I asked if he would mind running tracert to see where the breakdown happens, but it's been a few days with no reply. So he may not have gotten my email, or may not be able to email me back if the connection to the server is blocked.

Any thoughts?

 

[cPRex]

Hey hey! I don't have any specific thoughts on this, other than *something* in the VPN connection isn't getting to your server. Anything other than that would require the additional testing you ask for, as I think a trace while connected to the VPN is a perfect next-step.

I can't say I've heard of similar behavior from others at this point, though.

 

[sparek-3]

DNS_PROBE_POSSIBLE and ERR_NAME_NOT_RESOLVED sound like DNS issues. Perhaps connecting to the VPN does not have proper DNS functions and/or the DNS functions are blocked from the parent connection.

But I would think if it's a DNS issue, then no website would resolve while connected to the VPN.

 

[GoWilkes]

No reply from the user yet, that's a bummer. I always worry that they're not getting my replies. Or worse, he's trying to reply but since his VPN doesn't make the connection then the email is being blocked!

Either way.

@sparek-3, I had the same thought but DNSChecker.org doesn't report any issues. IntoDNS.com throws all kinds of errors, but I think they're coming from a non-US IP because those errors go away when I turn off the firewall...

... unless they have the same connection problem that my user with NordVPN is having? If that's the case then I have no clue how to track it down any further :-/

 

[sparek-3]

Well... DNS in this context is not referring to nameservers. It's referring to the connection's DNS resolver.

If you have an Internet connection, you're using a DNS resolver some where. Maybe it's being supplied by your ISP. Maybe your router is using a predefined list of DNS resolvers (Google's 8.8.8.8 and 8.8.4.4 are common because they are easy to remember). This doesn't have anything to do with the domain name or checking a domain name's DNS. It's based on your connection.

I kind of doubt that it's a DNS resolver issue, otherwise the user would not be able to resolve anything while using the VPN. It's not real clear if that is the case as it would seem that only one site is having this issue.

I do know that I have used some VPNs on some devices - I forget all of the specifics - and I had trouble resolving anything, because the VPN connection was overriding the parent connection's DNS resolvers. I would have to configure the VPN to reset DNS resolvers to something (again, usually 8.8.8.8 and 8.8.4.4 because they're easy to remember). It just depends on how the VPN connection is working and how the OS's network configuration responds to this.