I am using linode as a vpn and have a few other services connecting via reverse proxy to my linodes. But there are a number of sites, that rely on cdns such as fastly that either load so slowly or dont load at all. One example is twitch another is duckduckgo. Another is walmart. I am not sure what i can do to fix this as it would appear linode ips are blocked at fastly cdn level.
You have a VPN tunnel to a Linode VM and you’re using Linode VM as your gateway.
I don’t know if you’re using Chrome - but for these things that load slowly, – have you tried fetching them directly from the gateway?
(reason I’m asking is that there’s maybe something wrong with your tunnel interface setup)
What VPN technology are you using? And are you forwarding DNS? (This may or may not help the issue).
Just be aware many CDNs have issues with hosted cloud service IP ranges, since so many people use them for scraping, hacks and attacks. Though in my experience most will offer a captcha instead of outright blocking you.
1 Like
I don’t wanna be that guy, but could it be DNS, Like cowphrase said?
Is DNS nice and quick for uncached requests?
Might be an easy one to check, especially pages with many external frames/as like newspaper websites
I know you use Pi-Hole, but did you do the whole recursive DNS thing, or whatever PLL had on his guide?
See if openssl s_client -connect duckduckgo.com:443 (or any site you are having trouble with) gets as far as reading all the certificates - it should end with read R BLOCK. Check the actual URL having a problem with the Devtools network tab in Chrome (or equivalent in Firefox) - it’ll show an HTTP(S) request as initiated but never completed, click the request section and get the URL, then get the hostname from that.
If it connects but doesn’t complete the TLS handshake, then it could be an MTU issue. Normally PMTUD will automatically set the TCP MSS on your side from any ICMP “fragmentation needed” messages received from routers along the path, but if you’re blocking ICMP then you won’t receive them - check your firewall settings locally and on the VPN endpoint. Quick fix for that is to force a lower MSS size, e.g. in OpenVPN --mssfix 1400.
1 Like
Im using wireguard attached to pfsense at home.
1 Like
Read this thread, could help maybe
2 Likes
It was mss/mtu. Thank you so much!
5 Likes