Return to

Blocked when using VPN


Hi, I am running a PFSENSE box and after watching the video on whole network VPN I recently added a VPN connection. Its running smoothly except for one thing. My Minecraft J since I have changed I am unable to log in.

On the authentication screen it immediately gives me a server unavailable. It seems that the services is blocked on the receiving side. When I try to change my password it become more apparent. That’s when I get:


The request could not be satisfied.

Request blocked.

Generated by cloudfront (CloudFront)

So I have added a rule on my pf sense box to redirect http and https for and to use my ISP as a gateway. But this does not work. I am probably missing some domains that I need to add. Or maybe I need to specify other traffic.

Hopefully someone can help me. Thanks in advance!



It would help if you posted a screenshot of the rules page. But if you’re creating an alias for a domain name to use in the firewall it has to be the exact address you’re trying to connect to, by that I mean you may be connecting to or something like that.

Probably the easiest way to figure it out is to run a packet sniffer like wireshark on the computer you’re using to connect to minecraft and while the capture is running try to login, then stop the capture and filter for dns traffic, then look through the dns requests (the shorter time you run the capture and the less that is going on at the same time will make this easier) until you see something that seems like it’s the minecraft server and add that to your alias. Then just repeat until you get everything you need.



Looks like Microsoft asked Cloudfront to block VPN.

IIRC, set up your pfsense to log every packet based on your MAC address, make sure you have no other traffic other than Minecraft and see what hosts and IP addresses the game uses, then add exceptions for all of them.



I havent used an explicit adress, ill try that. Thank you for the info. Is there anyway to use an astrix with domains or do they always need to be specific?



Not with the way the aliases work. They work by periodically resolving the domain name to get an IP and using that in the firewall rule, so it has to be specific.



Thanks for the explanation, i will try to change that.