What's new

One website cannot be accessed when VPN is on

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

systematic

Regular Contributor
Got an interesting one.

So I am using OPENVPN feature of the Merlin Router.

I have downloaded 5 x OVPN files from different countries and loaded them onto the router. All good.

All devices are going through VPN and up until an hour or so ago one site stopped working whilst the VPN is on. When the VPN is turned off and the devices are routing through the ISP all works fine. So to recap

- Surfshark OVPN files used for India, France, UK, Germany and USA
- VPN enabled on the router and all sites working fine on all devices via every country bar one site
- VPN disabled and site starts working again via ISP.

Error that comes up when VPN is on for this site is:

403 ERROR​

The request could not be satisfied.​


Request blocked. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.

Generated by cloudfront (CloudFront)

Now this is where it gets mad - I have asked someone else to connect to the site from their house using the same VPN files and they can get the site up and working as normal. Its obvious the remote site has done something where they have been able to block me from accessing the site. But how?
 
Indeed and this practice will become more wide spread for a good reason.
 
some sites block known VPN exit IP addresses.
Sorry for sounding dense. What is an VPN exit IP address?

Example,

I am based in the UK and connect to a VPN in Poland. My exit IP is 1.1.1.1

My friend is based in Germany and connects to the exact same VPN in Poland. His exit IP is 2.2.2.2

Is that correct?

The exit IP will change depending on which country you are connecting to the VPN from?

Again, looking to learn so apologies for the dense question(s)
 
Exit IP simply means the public IP as seen from the site you're connecting to. There are NO GUARANTEES about what public IP that might be when it comes to the VPN. VPN providers often use the same public IP for a given server for both efficiency and privacy reasons. But they may also internally route users to different servers, if only for load balancing purposes. IOW, the server may actually be just a proxy. So two different users connected to the same server may in fact end up w/ different public IPs on the VPN. And if a remote site happens to be filtering access on that basis, then each user will likely have a different experience w/ that site, be it different content, or the complete denial of service.

All that said, you *might* be assured of a specific public IP w/ a VPN provided it's offering and you're using its port forwarding service. But even then, there's no guarantee than any other user will be given the same public IP under the same circumstances.
 
Ok newb alert here. I have never used DNSMASQ or anything on the merlin router. i am a complete newb on scripts too. But this is what i wanted:

- Enable a VPN in X country
- All traffic from Device A to be pushed that VPN except ONE website, which goes through WAN

I think i can do all this in the VPN Director Rules but the issue is the ONE website I want has an IP address that is a load balancer IP address therefore it cannot resolve the webpage if I specify that laod balancer IP as a REMOTE IP value in the VPN director rules.

Can anyone please help in providing steps on how I am able to achieve this? I think I read that DNSMASQ could do something with that load balancer IP address and have it map to the host name. However, I have ZERO clue how to enable DNSMASQ and what to write, enable scripts etc. Not even sure if it will work but basing this on some research I was doing.
 
Last edited:
If I understand your intentions correctly, you want to use DNSMasq to force a given website's domain name to always resolve to the same public IP, then use the VPN Director to force that remote IP through the WAN.

You can force a domain-name to a specific IP address by adding the following directive to DNSMasq using a dnsmasq.conf.add file.

Code:
address=/domain-name/1.2.3.4

The following link describes how to create such a file and install it.


Of course, you need to replace the DNSMasq directives in that link w/ the above address directive.

P.S. If the client is Windows or Linux, you could alternatively do the mapping of the domain name to a specific public IP use the local hosts file, since that is always referenced first for the purposes of name resolution.
 
Generated by cloudfront (CloudFront)

Key take-a-way is the CloudFront response from AWS...

HTTP Error 403 can be a lot of things, all on the service side...


The big one for many VPN users that are trying to Geo-Unlock content - CloudFront can do specific filters to break that one...


Enjoy!
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top