Firefox plus NordVPN split tunneling feature breaks google.com [updates]

pwalker@discuss.tchncs.de to Firefox@lemmy.ml – 36 points –

I normally don't use Firefox very often but wanted to give it a try again. My usual default browser would be Vivaldi (which is unfortunately Chrome based). Anyway I usually have turned on my NordVPN system wide (Windows 10 Edu V. 22H2), which works fine on Vivaldi. I turns out it does have a weird side effect on Firefox. The DNS resolution for "google.com" just doesn't work anymore. Any http request runs into a timeout. Strangely it works on any other google domain like google.de or google.org, also I couldn't find any other domain to reproduce this behavior. Now this wouldn't be such a big deal if google's reCaptcha wouldn't also be used by a lot of webpages and the api is hosted on google.com so basically the reCaptcha box just never appears and I'm stuck on those pages.

I tested it with v. 123.0 (64-bit), in private mode, in safe mode, FF portable 115.8.0 ESR and it is all the same strange behavior.

NordVPN also does have a FireFox Extension and using this extension everything works again.

Also tested it with the FF MacOS version and NordVPN client, here it works.

I can't really explain this behavior other than some weird Firefox behavior together with NordVPN or some interaction with the Windows 10 vpn layer.

Can someone confirm this behavior on Windows? I assume other VPN providers like Mozilla VPN don't have this?

[Update]: Forgive me it was late yesterday. I still can't explain the behavior exactly but for sure the reason is the split tunneling feature of NordVPN. I had it enabled as I only wanted certain apps to go through the VPN and Firefox wasn't on that list. So actually the NordVPN client should have treated FF routed through my default system connection and FF should just not have been routed through the VPN. Now it is more likely that it is some split tunneling bug that for whatever reason the google.com requests are treated differently by NordVPN/FF and are kind of blocked on my side or wrongly routed and never reach the google server.

[Update2]: As @LucidBoi@lemmy.world noted in the comments, the problem is not only related to Firefox and therefore wrong in this community. It actually also works on other browsers as well. It seems to be a problem of the windows NordVPN client and/or Windows 10. As soon as you use the split tunneling feature and exclude a browser from it, suddenly google.com doesn't work anymore. Very strange, but that's it. Actually for Firefox you should just use the NordVPN add-on anyway as it gives you a lot of flexibility to use split tunneling per domain, which actually works also for google.com then.

16

Are you sure this is a DNS issue? If google.com can't be resolved it shouldn't run into a timeout. It should display an error message that google.com can't be resolved pretty much instantly.

No I am not sure, I don't really see any error message, just a timeout. Not sure how an error of the DNS resolver looks like compared to any error caused by a timeout. However the DNS resolution should indeed be returning a different error, at least when entering a random non existing URL Firefox returns "server not found" instead of "problem loading page"(and NS_ERROR_NET_TIMEOUT in network debugging consoel). But what else could it be? It is so strange that the combination of Firefox and NordVPN extension does work, so it seems that the routing through the vpn network generally works, so it actually has to be something with the windows client interaction I guess.

best guess is the vpn endpoint is blacklisted by google.com with the requests being ignored instead of serving you with a 403 as some sites might. The other geographic google tlds I assume are operating separate blacklists.

See my update in the post, now everything makes a little more sense and it is for sure related to the split tunneling feature.

A similar thread on Reddit suggests that Google blocks certain nordvpn IP addresses.

Seems weird it would only be Google.com but they suggested changing server location. May be worth a go.

again, this doesn't make sense as the NordVPN Firefox extension is using the same IP address ranges. Also I tried different VPN server in different regions, even the "IP obfuscating" ones

I was literally just going to post about this. I use NordVPN along with the desktop extension. When I try to navigate to google.com on any other browser, or even a FF profile that doesn't have the extension enabled, it won't connect.

See my update in the main post, please check if you also had split tunneling enabled. Still a weird behavior but now it is narrowed down to this feature.

I do have it enabled, both in the desktop app and in the browser add-on. However, it does work on my FF profile where I have both enabled. If I use another profile which doesn't have the add-on, the domain won't load. If I use another browser, the domain won't load either. Lame.

I don't think there is split tunneling in the browser add-on, not exactly sure what you mean.

You can use split tunneling for specific domains in the browser add-on.

do you have DNS over https turned on in Firefox? iirc nordvpn blocks it to prevent DNS leaks

That doesn't make sense, why would it only cause google.com to break? Also I tried turning it off completely, didn't work.