VPN "in" and VPN for Deluge conflict

fcupdt2022 · 1 December 2023 22:53

I’m using a RPi 4 with Deluge / Jellyfin / Plex, all under a Surfshark VPN (Wireguard).
I’m trying to add a VPN tunnel in order to use Jellyfin when out of my local network.
I managed to set it up, but it doesn’t work as long as Surfshark is up.

Is there any known workaround?

I’ve read similar issues (like this) but couldn’t find any proper solution.

Thanks!

I have searched the existing open and closed issues

Joulinar · 2 December 2023 11:26

Yes thinks like this requires specific network settings. I guess @trendy already shared some ways how to deal with this. Maybe he can point into right direction.

fcupdt2022 · 2 December 2023 13:13

Found this forum article that might be the solution. Let me try and I’ll post the results here

fcupdt2022 · 2 December 2023 18:44

It works, but I can’t reach some websites like twitter, Reddit, what’s my ip, to name a few

Checking on my PiHole, they get a NODATA reply but even turning it off it doesn’t solve it.

Any clue?

Joulinar · 2 December 2023 19:27

What upstream DNS you use within Pihole?

Edit: AHH I see, upstream DNS is Unbound. So we could install tcpdump and do some tracing

trendy · 2 December 2023 19:57

Twitter.com does not have a AAAA record, as lame as it may seem. Nor HTTPS.

fcupdt2022 · 2 December 2023 22:27

Correct, but even if I change the DNS on the PiHole settings it doesn’t work.
I installed tcpdump and here are some result - total gibberish to me

tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wg0, link-type RAW (Raw IP), snapshot length 262144 bytes
22:25:00.974455 IP 10.122.89.2.55898 > twitter.com.https: Flags [S], seq 2567017579, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 3026142791 ecr 0,sackOK,eol], length 0
22:25:01.142420 IP 10.122.89.2.55903 > api.twitter.com.https: Flags [S], seq 1561547307, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 825257010 ecr 0,sackOK,eol], length 0
22:25:01.161912 IP 10.122.89.2.55899 > twitter.com.https: Flags [S], seq 1846055932, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 4028633451 ecr 0,sackOK,eol], length 0
22:25:01.424490 IP 10.122.89.2.55900 > twitter.com.https: Flags [S], seq 3004591148, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 1275363220 ecr 0,sackOK,eol], length 0
22:25:01.694543 IP 10.122.89.2.55901 > twitter.com.https: Flags [S], seq 2378842091, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 2108174649 ecr 0,sackOK,eol], length 0
22:25:03.534663 IP 10.122.89.2.55904 > twitter.com.https: Flags [S], seq 202962211, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 4251796064 ecr 0,sackOK,eol], length 0
22:25:03.534666 IP 10.122.89.2.55905 > twitter.com.https: Flags [S], seq 2360812849, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 557275623 ecr 0,sackOK,eol], length 0
22:25:03.739633 IP 10.122.89.2.55906 > twitter.com.https: Flags [S], seq 1990684693, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 3134915181 ecr 0,sackOK,eol], length 0
22:25:03.774780 IP 10.122.89.2.55907 > twitter.com.https: Flags [S], seq 3853352105, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 3853159559 ecr 0,sackOK,eol], length 0
22:25:03.995024 IP 10.122.89.2.55908 > twitter.com.https: Flags [S], seq 3847190319, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 1452284023 ecr 0,sackOK,eol], length 0
22:25:04.050114 IP 10.122.89.2.55909 > twitter.com.https: Flags [S], seq 410115830, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 2842679814 ecr 0,sackOK,eol], length 0
22:25:04.267114 IP 10.122.89.2.55910 > twitter.com.https: Flags [S], seq 139286496, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 1103375516 ecr 0,sackOK,eol], length 0
22:25:04.287362 IP 10.122.89.2.55911 > twitter.com.https: Flags [S], seq 1327721640, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 2128056231 ecr 0,sackOK,eol], length 0
22:25:04.492523 IP 10.122.89.2.55904 > twitter.com.https: Flags [S], seq 202962211, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 4251797069 ecr 0,sackOK,eol], length 0
22:25:04.519842 IP 10.122.89.2.55905 > twitter.com.https: Flags [S], seq 2360812849, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 557276627 ecr 0,sackOK,eol], length 0
22:25:04.745145 IP 10.122.89.2.55906 > twitter.com.https: Flags [S], seq 1990684693, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 3134916186 ecr 0,sackOK,eol], length 0
22:25:04.779495 IP 10.122.89.2.55907 > twitter.com.https: Flags [S], seq 3853352105, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 3853160564 ecr 0,sackOK,eol], length 0
22:25:05.017235 IP 10.122.89.2.55908 > twitter.com.https: Flags [S], seq 3847190319, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 1452285028 ecr 0,sackOK,eol], length 0
22:25:05.037178 IP 10.122.89.2.55909 > twitter.com.https: Flags [S], seq 410115830, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 2842680819 ecr 0,sackOK,eol], length 0
22:25:05.274705 IP 10.122.89.2.55910 > twitter.com.https: Flags [S], seq 139286496, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 1103376522 ecr 0,sackOK,eol], length 0
22:25:05.284678 IP 10.122.89.2.55911 > twitter.com.https: Flags [S], seq 1327721640, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 2128057232 ecr 0,sackOK,eol], length 0
22:25:05.494806 IP 10.122.89.2.55904 > twitter.com.https: Flags [S], seq 202962211, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 4251798074 ecr 0,sackOK,eol], length 0
22:25:05.529739 IP 10.122.89.2.55905 > twitter.com.https: Flags [S], seq 2360812849, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 557277632 ecr 0,sackOK,eol], length 0
22:25:05.749869 IP 10.122.89.2.55906 > twitter.com.https: Flags [S], seq 1990684693, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 3134917191 ecr 0,sackOK,eol], length 0
22:25:05.799703 IP 10.122.89.2.55907 > twitter.com.https: Flags [S], seq 3853352105, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 3853161570 ecr 0,sackOK,eol], length 0
22:25:05.866607 IP6 2a01:b740:a41:e80::2:5.https > fd11:5ee:bad:c0de::2.64123: Flags [P.], seq 3496671791:3496671830, ack 1354793513, win 501, options [nop,nop,TS val 4106386684 ecr 3213290074], length 39
22:25:05.866662 IP6 2a01:b740:a41:e80::2:5.https > fd11:5ee:bad:c0de::2.64123: Flags [P.], seq 39:63, ack 1, win 501, options [nop,nop,TS val 4106386684 ecr 3213290074], length 24
22:25:05.867410 IP6 2a01:b740:a41:e80::2:5.https > fd11:5ee:bad:c0de::2.64123: Flags [F.], seq 63, ack 1, win 501, options [nop,nop,TS val 4106386684 ecr 3213290074], length 0
22:25:05.894974 IP6 fd11:5ee:bad:c0de::2.64123 > 2a01:b740:a41:e80::2:5.https: Flags [.], ack 64, win 2047, options [nop,nop,TS val 3213320069 ecr 4106386684], length 0
22:25:05.899744 IP6 fd11:5ee:bad:c0de::2.64123 > 2a01:b740:a41:e80::2:5.https: Flags [P.], seq 1:40, ack 64, win 2048, options [nop,nop,TS val 3213320072 ecr 4106386684], length 39
22:25:05.899746 IP6 fd11:5ee:bad:c0de::2.64123 > 2a01:b740:a41:e80::2:5.https: Flags [P.], seq 40:64, ack 64, win 2048, options [nop,nop,TS val 3213320072 ecr 4106386684], length 24
22:25:05.899877 IP6 fd11:5ee:bad:c0de::2.64123 > 2a01:b740:a41:e80::2:5.https: Flags [F.], seq 64, ack 64, win 2048, options [nop,nop,TS val 3213320074 ecr 4106386684], length 0
22:25:05.932757 IP6 2a01:b740:a41:e80::2:5.https > fd11:5ee:bad:c0de::2.64123: Flags [.], ack 40, win 501, options [nop,nop,TS val 4106386749 ecr 3213320072], length 0
22:25:05.932925 IP6 2a01:b740:a41:e80::2:5.https > fd11:5ee:bad:c0de::2.64123: Flags [.], ack 64, win 501, options [nop,nop,TS val 4106386749 ecr 3213320072], length 0
22:25:05.933263 IP6 2a01:b740:a41:e80::2:5.https > fd11:5ee:bad:c0de::2.64123: Flags [R.], seq 64, ack 64, win 501, options [nop,nop,TS val 4106386749 ecr 3213320072], length 0
22:25:05.939074 IP6 2a01:b740:a41:e80::2:5.https > fd11:5ee:bad:c0de::2.64123: Flags [R], seq 3496671855, win 0, length 0
22:25:06.004779 IP 10.122.89.2.55908 > twitter.com.https: Flags [S], seq 3847190319, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 1452286033 ecr 0,sackOK,eol], length 0
22:25:06.039727 IP 10.122.89.2.55909 > twitter.com.https: Flags [S], seq 410115830, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 2842681824 ecr 0,sackOK,eol], length 0
22:25:06.279540 IP 10.122.89.2.55910 > twitter.com.https: Flags [S], seq 139286496, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 1103377527 ecr 0,sackOK,eol], length 0
22:25:06.294743 IP 10.122.89.2.55911 > twitter.com.https: Flags [S], seq 1327721640, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 2128058237 ecr 0,sackOK,eol], length 0
22:25:06.500080 IP 10.122.89.2.55904 > twitter.com.https: Flags [S], seq 202962211, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 4251799079 ecr 0,sackOK,eol], length 0
22:25:06.534632 IP 10.122.89.2.55905 > twitter.com.https: Flags [S], seq 2360812849, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 557278637 ecr 0,sackOK,eol], length 0
22:25:06.754654 IP 10.122.89.2.55906 > twitter.com.https: Flags [S], seq 1990684693, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 3134918197 ecr 0,sackOK,eol], length 0
22:25:06.790316 IP 10.122.89.2.55907 > twitter.com.https: Flags [S], seq 3853352105, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 3853162575 ecr 0,sackOK,eol], length 0
22:25:07.024692 IP 10.122.89.2.55908 > twitter.com.https: Flags [S], seq 3847190319, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 1452287038 ecr 0,sackOK,eol], length 0
22:25:07.045048 IP 10.122.89.2.55909 > twitter.com.https: Flags [S], seq 410115830, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 2842682829 ecr 0,sackOK,eol], length 0
22:25:07.284702 IP 10.122.89.2.55910 > twitter.com.https: Flags [S], seq 139286496, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 1103378532 ecr 0,sackOK,eol], length 0
22:25:07.299752 IP 10.122.89.2.55911 > twitter.com.https: Flags [S], seq 1327721640, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 2128059242 ecr 0,sackOK,eol], length 0
22:25:07.505994 IP 10.122.89.2.55904 > twitter.com.https: Flags [S], seq 202962211, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 4251800085 ecr 0,sackOK,eol], length 0
22:25:07.534817 IP 10.122.89.2.55905 > twitter.com.https: Flags [S], seq 2360812849, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 557279642 ecr 0,sackOK,eol], length 0
22:25:07.774781 IP 10.122.89.2.55906 > twitter.com.https: Flags [S], seq 1990684693, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 3134919200 ecr 0,sackOK,eol], length 0
22:25:07.795058 IP 10.122.89.2.55907 > twitter.com.https: Flags [S], seq 3853352105, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 3853163580 ecr 0,sackOK,eol], length 0
22:25:08.027381 IP 10.122.89.2.55908 > twitter.com.https: Flags [S], seq 3847190319, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 1452288043 ecr 0,sackOK,eol], length 0
22:25:08.052241 IP 10.122.89.2.55909 > twitter.com.https: Flags [S], seq 410115830, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 2842683834 ecr 0,sackOK,eol], length 0
22:25:08.270506 IP 10.122.89.2.55910 > twitter.com.https: Flags [S], seq 139286496, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 1103379533 ecr 0,sackOK,eol], length 0
22:25:08.300168 IP 10.122.89.2.55911 > twitter.com.https: Flags [S], seq 1327721640, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 2128060247 ecr 0,sackOK,eol], length 0
22:25:08.510216 IP 10.122.89.2.55904 > twitter.com.https: Flags [S], seq 202962211, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 4251801090 ecr 0,sackOK,eol], length 0
22:25:08.544762 IP 10.122.89.2.55905 > twitter.com.https: Flags [S], seq 2360812849, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 557280647 ecr 0,sackOK,eol], length 0
22:25:08.774668 IP 10.122.89.2.55906 > twitter.com.https: Flags [S], seq 1990684693, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 3134920205 ecr 0,sackOK,eol], length 0
22:25:08.799733 IP 10.122.89.2.55907 > twitter.com.https: Flags [S], seq 3853352105, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 3853164585 ecr 0,sackOK,eol], length 0
22:25:09.039720 IP 10.122.89.2.55908 > twitter.com.https: Flags [S], seq 3847190319, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 1452289048 ecr 0,sackOK,eol], length 0
22:25:09.054983 IP 10.122.89.2.55909 > twitter.com.https: Flags [S], seq 410115830, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 2842684840 ecr 0,sackOK,eol], length 0
22:25:09.289883 IP 10.122.89.2.55910 > twitter.com.https: Flags [S], seq 139286496, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 1103380534 ecr 0,sackOK,eol], length 0
22:25:09.309607 IP 10.122.89.2.55911 > twitter.com.https: Flags [S], seq 1327721640, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 2128061253 ecr 0,sackOK,eol], length 0
22:25:10.574704 IP 10.122.89.2.55904 > twitter.com.https: Flags [S], seq 202962211, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 4251803095 ecr 0,sackOK,eol], length 0
22:25:10.574707 IP 10.122.89.2.55905 > twitter.com.https: Flags [S], seq 2360812849, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 557282652 ecr 0,sackOK,eol], length 0
22:25:10.789677 IP 10.122.89.2.55906 > twitter.com.https: Flags [S], seq 1990684693, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 3134922210 ecr 0,sackOK,eol], length 0
22:25:10.804776 IP 10.122.89.2.55907 > twitter.com.https: Flags [S], seq 3853352105, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 3853166590 ecr 0,sackOK,eol], length 0
22:25:11.044701 IP 10.122.89.2.55908 > twitter.com.https: Flags [S], seq 3847190319, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 1452291054 ecr 0,sackOK,eol], length 0
22:25:11.059527 IP 10.122.89.2.55909 > twitter.com.https: Flags [S], seq 410115830, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 2842686845 ecr 0,sackOK,eol], length 0
22:25:11.289721 IP 10.122.89.2.55910 > twitter.com.https: Flags [S], seq 139286496, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 1103382539 ecr 0,sackOK,eol], length 0
22:25:11.314806 IP 10.122.89.2.55911 > twitter.com.https: Flags [S], seq 1327721640, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 2128063258 ecr 0,sackOK,eol], length 0
22:25:14.574758 IP 10.122.89.2.55904 > twitter.com.https: Flags [S], seq 202962211, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 4251807100 ecr 0,sackOK,eol], length 0
22:25:14.574762 IP 10.122.89.2.55905 > twitter.com.https: Flags [S], seq 2360812849, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 557286657 ecr 0,sackOK,eol], length 0
22:25:14.797410 IP 10.122.89.2.55906 > twitter.com.https: Flags [S], seq 1990684693, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 3134926215 ecr 0,sackOK,eol], length 0
22:25:14.812231 IP 10.122.89.2.55907 > twitter.com.https: Flags [S], seq 3853352105, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 3853170596 ecr 0,sackOK,eol], length 0
22:25:15.049867 IP 10.122.89.2.55908 > twitter.com.https: Flags [S], seq 3847190319, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 1452295059 ecr 0,sackOK,eol], length 0
22:25:15.064726 IP 10.122.89.2.55909 > twitter.com.https: Flags [S], seq 410115830, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 2842690846 ecr 0,sackOK,eol], length 0
22:25:15.279830 IP 10.122.89.2.55910 > twitter.com.https: Flags [S], seq 139286496, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 1103386544 ecr 0,sackOK,eol], length 0
22:25:15.319656 IP 10.122.89.2.55911 > twitter.com.https: Flags [S], seq 1327721640, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 2128067263 ecr 0,sackOK,eol], length 0
22:25:22.574880 IP 10.122.89.2.55904 > twitter.com.https: Flags [S], seq 202962211, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 4251815106 ecr 0,sackOK,eol], length 0
22:25:22.574883 IP 10.122.89.2.55905 > twitter.com.https: Flags [S], seq 2360812849, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 557294662 ecr 0,sackOK,eol], length 0
22:25:22.800103 IP 10.122.89.2.55906 > twitter.com.https: Flags [S], seq 1990684693, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 3134934220 ecr 0,sackOK,eol], length 0
22:25:22.814838 IP 10.122.89.2.55907 > twitter.com.https: Flags [S], seq 3853352105, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 3853178601 ecr 0,sackOK,eol], length 0
22:25:23.050105 IP 10.122.89.2.55908 > twitter.com.https: Flags [S], seq 3847190319, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 1452303064 ecr 0,sackOK,eol], length 0
22:25:23.069614 IP 10.122.89.2.55909 > twitter.com.https: Flags [S], seq 410115830, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 2842698851 ecr 0,sackOK,eol], length 0
22:25:23.300661 IP 10.122.89.2.55910 > twitter.com.https: Flags [S], seq 139286496, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 1103394550 ecr 0,sackOK,eol], length 0
22:25:23.327023 IP 10.122.89.2.55911 > twitter.com.https: Flags [S], seq 1327721640, win 65535, options [mss 1240,nop,wscale 6,nop,nop,TS val 2128075268 ecr 0,sackOK,eol], length 0
22:25:28.694785 IP6 fd11:5ee:bad:c0de::2.50335 > g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https: Flags [S], seq 2218899794, win 65535, options [mss 1220,nop,wscale 6,nop,nop,TS val 2713491723 ecr 0,sackOK,eol], length 0
22:25:28.733813 IP6 g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https > fd11:5ee:bad:c0de::2.50335: Flags [S.], seq 1643589929, ack 2218899795, win 64260, options [mss 1440,sackOK,TS val 2344245830 ecr 2713491723,nop,wscale 7], length 0
22:25:28.762351 IP6 fd11:5ee:bad:c0de::2.50335 > g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https: Flags [.], ack 1, win 2057, options [nop,nop,TS val 2713491836 ecr 2344245830], length 0
22:25:28.767552 IP6 fd11:5ee:bad:c0de::2.50335 > g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https: Flags [P.], seq 1:518, ack 1, win 2057, options [nop,nop,TS val 2713491837 ecr 2344245830], length 517
22:25:28.805973 IP6 g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https > fd11:5ee:bad:c0de::2.50335: Flags [.], ack 518, win 501, options [nop,nop,TS val 2344245902 ecr 2713491837], length 0
22:25:28.806414 IP6 g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https > fd11:5ee:bad:c0de::2.50335: Flags [.], seq 1:1209, ack 518, win 501, options [nop,nop,TS val 2344245903 ecr 2713491837], length 1208
22:25:28.806530 IP6 g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https > fd11:5ee:bad:c0de::2.50335: Flags [P.], seq 1209:2417, ack 518, win 501, options [nop,nop,TS val 2344245903 ecr 2713491837], length 1208
22:25:28.806575 IP6 g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https > fd11:5ee:bad:c0de::2.50335: Flags [P.], seq 2417:4097, ack 518, win 501, options [nop,nop,TS val 2344245903 ecr 2713491837], length 1680
22:25:28.837598 IP6 fd11:5ee:bad:c0de::2.50335 > g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https: Flags [.], ack 4097, win 2040, options [nop,nop,TS val 2713491910 ecr 2344245903], length 0
22:25:28.875441 IP6 g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https > fd11:5ee:bad:c0de::2.50335: Flags [P.], seq 4097:6513, ack 518, win 501, options [nop,nop,TS val 2344245972 ecr 2713491910], length 2416
22:25:28.875543 IP6 g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https > fd11:5ee:bad:c0de::2.50335: Flags [P.], seq 6513:7126, ack 518, win 501, options [nop,nop,TS val 2344245972 ecr 2713491910], length 613
22:25:28.897506 IP6 fd11:5ee:bad:c0de::2.50335 > g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https: Flags [.], ack 5305, win 2029, options [nop,nop,TS val 2713491970 ecr 2344245972], length 0
22:25:28.907531 IP6 fd11:5ee:bad:c0de::2.50335 > g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https: Flags [.], ack 7126, win 2019, options [nop,nop,TS val 2713491980 ecr 2344245972], length 0
22:25:28.937817 IP6 fd11:5ee:bad:c0de::2.50335 > g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https: Flags [P.], seq 518:598, ack 7126, win 2048, options [nop,nop,TS val 2713492010 ecr 2344245972], length 80
22:25:28.942343 IP6 fd11:5ee:bad:c0de::2.50335 > g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https: Flags [P.], seq 598:1007, ack 7126, win 2048, options [nop,nop,TS val 2713492012 ecr 2344245972], length 409
22:25:28.975287 IP6 g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https > fd11:5ee:bad:c0de::2.50335: Flags [.], ack 598, win 501, options [nop,nop,TS val 2344246072 ecr 2713492010], length 0
22:25:28.976130 IP6 g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https > fd11:5ee:bad:c0de::2.50335: Flags [P.], seq 7126:7413, ack 598, win 501, options [nop,nop,TS val 2344246073 ecr 2713492010], length 287
22:25:28.976209 IP6 g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https > fd11:5ee:bad:c0de::2.50335: Flags [P.], seq 7413:7700, ack 598, win 501, options [nop,nop,TS val 2344246073 ecr 2713492010], length 287
22:25:28.980168 IP6 g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https > fd11:5ee:bad:c0de::2.50335: Flags [.], ack 1007, win 501, options [nop,nop,TS val 2344246077 ecr 2713492012], length 0
22:25:28.981122 IP6 g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https > fd11:5ee:bad:c0de::2.50335: Flags [P.], seq 7700:7975, ack 1007, win 501, options [nop,nop,TS val 2344246078 ecr 2713492012], length 275
22:25:28.997389 IP6 fd11:5ee:bad:c0de::2.50335 > g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https: Flags [.], ack 7700, win 2039, options [nop,nop,TS val 2713492070 ecr 2344246073], length 0
22:25:29.007415 IP6 fd11:5ee:bad:c0de::2.50335 > g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https: Flags [.], ack 7975, win 2043, options [nop,nop,TS val 2713492081 ecr 2344246078], length 0
22:25:30.854922 IP6 fd11:5ee:bad:c0de::2.50335 > g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https: Flags [P.], seq 1007:1031, ack 7975, win 2048, options [nop,nop,TS val 2713493879 ecr 2344246078], length 24
22:25:30.854926 IP6 fd11:5ee:bad:c0de::2.50335 > g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https: Flags [F.], seq 1031, ack 7975, win 2048, options [nop,nop,TS val 2713493879 ecr 2344246078], length 0
22:25:30.892962 IP6 g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https > fd11:5ee:bad:c0de::2.50335: Flags [.], ack 1031, win 501, options [nop,nop,TS val 2344247989 ecr 2713493879], length 0
22:25:30.893175 IP6 g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https > fd11:5ee:bad:c0de::2.50335: Flags [P.], seq 7975:7999, ack 1031, win 501, options [nop,nop,TS val 2344247989 ecr 2713493879], length 24
22:25:30.893443 IP6 g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https > fd11:5ee:bad:c0de::2.50335: Flags [F.], seq 7999, ack 1031, win 501, options [nop,nop,TS val 2344247989 ecr 2713493879], length 0
22:25:30.893871 IP6 g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https > fd11:5ee:bad:c0de::2.50335: Flags [.], ack 1032, win 501, options [nop,nop,TS val 2344247990 ecr 2713493879], length 0
22:25:30.917335 IP6 fd11:5ee:bad:c0de::2.50335 > g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https: Flags [R], seq 2218900825, win 0, length 0
22:25:30.917338 IP6 fd11:5ee:bad:c0de::2.50335 > g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https: Flags [R], seq 2218900825, win 0, length 0
22:25:30.922431 IP6 fd11:5ee:bad:c0de::2.50335 > g2a02-26f0-b200-0298-0000-0000-0000-02a1.deploy.static.akamaitechnologies.com.https: Flags [R], seq 2218900826, win 0, length 0

Joulinar · 3 December 2023 14:10

Question is if it is a DNS issue or something else. To verify the DNS request, you need to filter tcpdump like this

tcpdump -i any -c500 -nn port 53 or port 5335

trendy · 3 December 2023 15:02

10.122.89.2 is what exactly? It seems that it is trying to do a TCP handshake with twitter[.]com server (so it is not a DNS issue, as the resolving is finished) but the twitter[.]com is not responding. Maybe they have filtered the surfshark addresses?

fcupdt2022 · 3 December 2023 15:22

Thanks @Joulinar for your correction, all this is new to me
So, the strangest thing is that it connects to the website, it loads the “frame” of the site but not the content (twitter or reddit).
Regarding your question @trendy yes, it’s Surfshark. But if I open a VPN connection on my mobile (last iOS) it works without any hiccups.

So I’ve done as Joulinar said and here is the result (limited to wg0, the VPN from my mobile)

root@DietPi:~# tcpdump -i wg0 -c500 -nn port 53 or port 5335
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wg0, link-type RAW (Raw IP), snapshot length 262144 bytes
15:10:20.297125 IP 10.122.89.2.56482 > 10.122.89.1.53: 55930+ AAAA? static.ads-twitter.com. (40)
15:10:20.297128 IP 10.122.89.2.63390 > 10.122.89.1.53: 47744+ A? static.ads-twitter.com. (40)
15:10:20.297775 IP 10.122.89.1.53 > 10.122.89.2.56482: 55930* 1/0/0 AAAA :: (68)
15:10:20.298064 IP 10.122.89.1.53 > 10.122.89.2.63390: 47744* 1/0/0 A 0.0.0.0 (56)
15:10:39.809686 IP 10.122.89.2.51688 > 10.122.89.1.53: 37120+ AAAA? static.ads-twitter.com. (40)
15:10:39.809690 IP 10.122.89.2.65317 > 10.122.89.1.53: 15356+ A? static.ads-twitter.com. (40)
15:10:39.810272 IP 10.122.89.1.53 > 10.122.89.2.51688: 37120* 1/0/0 AAAA :: (68)
15:10:39.810551 IP 10.122.89.1.53 > 10.122.89.2.65317: 15356* 1/0/0 A 0.0.0.0 (56)
15:10:45.392206 IP 10.122.89.2.64972 > 10.122.89.1.53: 3458+ Type65? clients1.google.com. (37)
15:10:45.392208 IP 10.122.89.2.57071 > 10.122.89.1.53: 3698+ AAAA? clients1.google.com. (37)
15:10:45.397096 IP 10.122.89.2.57156 > 10.122.89.1.53: 59466+ A? clients1.google.com. (37)
15:10:45.645624 IP 10.122.89.1.53 > 10.122.89.2.64972: 3458 1/1/0 CNAME clients.l.google.com. (111)
15:10:45.651884 IP 10.122.89.1.53 > 10.122.89.2.57071: 3698 2/0/0 CNAME clients.l.google.com., AAAA 2a00:1450:400e:80f::200e (89)
15:10:45.666822 IP 10.122.89.1.53 > 10.122.89.2.57156: 59466 2/0/0 CNAME clients.l.google.com., A 142.251.36.14 (77)
15:10:45.672141 IP 10.122.89.2.60680 > 10.122.89.1.53: 56992+ Type65? clients.l.google.com. (38)
15:10:45.673509 IP 10.122.89.1.53 > 10.122.89.2.60680: 56992 0/1/0 (88)
15:10:47.594907 IP 10.122.89.2.57440 > 10.122.89.1.53: 24751+ Type65? www.reddit.com. (32)
15:10:47.595080 IP 10.122.89.2.61782 > 10.122.89.1.53: 6606+ AAAA? www.reddit.com. (32)
15:10:47.595082 IP 10.122.89.2.55776 > 10.122.89.1.53: 33875+ A? www.reddit.com. (32)
15:10:47.694669 IP 10.122.89.2.59450 > 10.122.89.1.53: 25860+ Type65? config.aps.amazon-adsystem.com. (48)
15:10:47.694672 IP 10.122.89.2.59799 > 10.122.89.1.53: 23592+ AAAA? config.aps.amazon-adsystem.com. (48)
15:10:47.700164 IP 10.122.89.2.64995 > 10.122.89.1.53: 23399+ A? config.aps.amazon-adsystem.com. (48)
15:10:47.700167 IP 10.122.89.2.53136 > 10.122.89.1.53: 48472+ Type65? www.googletagservices.com. (43)
15:10:47.700169 IP 10.122.89.2.56926 > 10.122.89.1.53: 16193+ AAAA? www.googletagservices.com. (43)
15:10:47.700171 IP 10.122.89.2.60058 > 10.122.89.1.53: 13918+ A? www.googletagservices.com. (43)
15:10:47.700173 IP 10.122.89.2.57817 > 10.122.89.1.53: 29501+ Type65? c.amazon-adsystem.com. (39)
15:10:47.700174 IP 10.122.89.2.62891 > 10.122.89.1.53: 55161+ AAAA? c.amazon-adsystem.com. (39)
15:10:47.700176 IP 10.122.89.2.52521 > 10.122.89.1.53: 47888+ A? c.amazon-adsystem.com. (39)
15:10:47.701986 IP 10.122.89.1.53 > 10.122.89.2.53136: 48472 0/0/0 (43)
15:10:47.702742 IP 10.122.89.1.53 > 10.122.89.2.56926: 16193* 1/0/0 AAAA :: (71)
15:10:47.703492 IP 10.122.89.1.53 > 10.122.89.2.60058: 13918* 1/0/0 A 0.0.0.0 (59)
15:10:47.705394 IP 10.122.89.1.53 > 10.122.89.2.57817: 29501 0/0/0 (39)
15:10:47.706236 IP 10.122.89.1.53 > 10.122.89.2.62891: 55161* 1/0/0 AAAA :: (67)
15:10:47.706947 IP 10.122.89.1.53 > 10.122.89.2.52521: 47888* 1/0/0 A 0.0.0.0 (55)
15:10:47.916848 IP 10.122.89.1.53 > 10.122.89.2.55776: 33875 2/0/0 CNAME dualstack.reddit.map.fastly.net., A 199.232.149.140 (93)
15:10:48.002082 IP 10.122.89.1.53 > 10.122.89.2.57440: 24751 1/1/0 CNAME dualstack.reddit.map.fastly.net. (135)
15:10:48.004337 IP 10.122.89.1.53 > 10.122.89.2.61782: 6606 2/0/0 CNAME dualstack.reddit.map.fastly.net., AAAA 2a04:4e42:65::396 (105)
15:10:48.017049 IP 10.122.89.1.53 > 10.122.89.2.64995: 23399 4/0/0 A 13.225.10.79, A 13.225.10.102, A 13.225.10.9, A 13.225.10.94 (112)
15:10:48.019679 IP 10.122.89.2.50124 > 10.122.89.1.53: 60961+ Type65? dualstack.reddit.map.fastly.net. (49)
15:10:48.021060 IP 10.122.89.1.53 > 10.122.89.2.50124: 60961 0/1/0 (110)
15:10:48.042342 IP 10.122.89.1.53 > 10.122.89.2.59450: 25860 0/1/0 (130)
15:10:48.067964 IP 10.122.89.1.53 > 10.122.89.2.59799: 23592 0/1/0 (130)
15:10:49.949785 IP 10.122.89.2.56222 > 10.122.89.1.53: 33614+ Type65? accounts.google.com. (37)
15:10:49.954877 IP 10.122.89.2.51512 > 10.122.89.1.53: 33355+ AAAA? accounts.google.com. (37)
15:10:49.955054 IP 10.122.89.2.50085 > 10.122.89.1.53: 24268+ A? accounts.google.com. (37)
15:10:50.052636 IP 10.122.89.1.53 > 10.122.89.2.50085: 24268 1/0/0 A 142.250.102.84 (53)
15:10:50.096050 IP 10.122.89.1.53 > 10.122.89.2.56222: 33614 0/1/0 (87)
15:10:50.137771 IP 10.122.89.1.53 > 10.122.89.2.51512: 33355 1/0/0 AAAA 2a00:1450:4025:402::54 (65)
15:10:50.149920 IP 10.122.89.2.52111 > 10.122.89.1.53: 57749+ Type65? oauth.reddit.com. (34)
15:10:50.154910 IP 10.122.89.2.64913 > 10.122.89.1.53: 59395+ AAAA? oauth.reddit.com. (34)
15:10:50.155070 IP 10.122.89.2.53598 > 10.122.89.1.53: 54937+ A? oauth.reddit.com. (34)
15:10:50.155072 IP 10.122.89.2.55491 > 10.122.89.1.53: 62561+ Type65? gql.reddit.com. (32)
15:10:50.155074 IP 10.122.89.2.50862 > 10.122.89.1.53: 25254+ AAAA? gql.reddit.com. (32)
15:10:50.155077 IP 10.122.89.2.53408 > 10.122.89.1.53: 19766+ A? gql.reddit.com. (32)
15:10:50.169086 IP 10.122.89.1.53 > 10.122.89.2.53408: 19766 2/0/0 CNAME reddit.map.fastly.net., A 199.232.149.140 (83)
15:10:50.240968 IP 10.122.89.1.53 > 10.122.89.2.53598: 54937 2/0/0 CNAME reddit.map.fastly.net., A 199.232.149.140 (85)
15:10:50.254086 IP 10.122.89.1.53 > 10.122.89.2.50862: 25254 1/1/0 CNAME reddit.map.fastly.net. (125)
15:10:50.269841 IP 10.122.89.2.61285 > 10.122.89.1.53: 59919+ AAAA? reddit.map.fastly.net. (39)
15:10:50.270387 IP 10.122.89.1.53 > 10.122.89.2.61285: 59919 0/0/0 (39)
15:10:50.279667 IP 10.122.89.1.53 > 10.122.89.2.55491: 62561 1/1/0 CNAME reddit.map.fastly.net. (125)
15:10:50.294868 IP 10.122.89.2.59224 > 10.122.89.1.53: 58454+ Type65? reddit.map.fastly.net. (39)
15:10:50.296628 IP 10.122.89.1.53 > 10.122.89.2.59224: 58454 0/1/0 (100)
15:10:50.326367 IP 10.122.89.1.53 > 10.122.89.2.64913: 59395 1/1/0 CNAME reddit.map.fastly.net. (127)
15:10:50.326760 IP 10.122.89.1.53 > 10.122.89.2.52111: 57749 1/1/0 CNAME reddit.map.fastly.net. (127)
15:10:50.839869 IP 10.122.89.2.57573 > 10.122.89.1.53: 55280+ Type65? www.google-analytics.com. (42)
15:10:50.840028 IP 10.122.89.2.62607 > 10.122.89.1.53: 53600+ AAAA? www.google-analytics.com. (42)
15:10:50.840887 IP 10.122.89.1.53 > 10.122.89.2.57573: 55280 0/0/0 (42)
15:10:50.841529 IP 10.122.89.1.53 > 10.122.89.2.62607: 53600* 1/0/0 AAAA :: (70)
15:10:50.849894 IP 10.122.89.2.60920 > 10.122.89.1.53: 25421+ A? www.google-analytics.com. (42)
15:10:50.850059 IP 10.122.89.2.60672 > 10.122.89.1.53: 26305+ Type65? www.googletagmanager.com. (42)
15:10:50.850919 IP 10.122.89.1.53 > 10.122.89.2.60920: 25421* 1/0/0 A 0.0.0.0 (58)
15:10:50.851747 IP 10.122.89.1.53 > 10.122.89.2.60672: 26305 0/0/0 (42)
15:10:50.854711 IP 10.122.89.2.54732 > 10.122.89.1.53: 9739+ AAAA? www.googletagmanager.com. (42)
15:10:50.854824 IP 10.122.89.2.54143 > 10.122.89.1.53: 42401+ A? www.googletagmanager.com. (42)
15:10:50.855575 IP 10.122.89.1.53 > 10.122.89.2.54732: 9739* 1/0/0 AAAA :: (70)
15:10:50.856176 IP 10.122.89.1.53 > 10.122.89.2.54143: 42401* 1/0/0 A 0.0.0.0 (58)
15:10:51.119737 IP 10.122.89.2.59965 > 10.122.89.1.53: 33675+ Type65? events.redditmedia.com. (40)
15:10:51.119742 IP 10.122.89.2.53542 > 10.122.89.1.53: 34496+ AAAA? events.redditmedia.com. (40)
15:10:51.121688 IP 10.122.89.1.53 > 10.122.89.2.59965: 33675 0/0/0 (40)
15:10:51.122203 IP 10.122.89.1.53 > 10.122.89.2.53542: 34496* 1/0/0 AAAA :: (68)
15:10:51.124679 IP 10.122.89.2.50145 > 10.122.89.1.53: 55449+ A? events.redditmedia.com. (40)
15:10:51.125307 IP 10.122.89.1.53 > 10.122.89.2.50145: 55449* 1/0/0 A 0.0.0.0 (56)
15:11:08.010090 IP 10.122.89.2.54747 > 10.122.89.1.53: 23261+ Type65? ip00am4sn.com. (31)
15:11:08.010093 IP 10.122.89.2.59855 > 10.122.89.1.53: 57559+ AAAA? ip00am4sn.com. (31)
15:11:08.014780 IP 10.122.89.2.57854 > 10.122.89.1.53: 39351+ A? ip00am4sn.com. (31)
15:11:08.212411 IP 10.122.89.1.53 > 10.122.89.2.57854: 39351 1/0/0 A 212.117.190.201 (47)
15:11:08.338313 IP 10.122.89.1.53 > 10.122.89.2.59855: 57559 0/1/0 (115)
15:11:08.353603 IP 10.122.89.1.53 > 10.122.89.2.54747: 23261 0/1/0 (115)
15:11:13.410084 IP 10.122.89.2.58528 > 10.122.89.1.53: 41703+ Type65? configuration.apple.com. (41)
15:11:13.410087 IP 10.122.89.2.64147 > 10.122.89.1.53: 21619+ AAAA? configuration.apple.com. (41)
15:11:13.411716 IP 10.122.89.1.53 > 10.122.89.2.64147: 21619 8/0/0 CNAME configuration.apple.com.akadns.net., CNAME configuration.apple.com.edgekey.net., CNAME e673.dsce9.akamaiedge.net., AAAA 2a02:26f0:b200:184::2a1, AAAA 2a02:26f0:b200:1bd::2a1, AAAA 2a02:26f0:b200:1a6::2a1, AAAA 2a02:26f0:b200:187::2a1, AAAA 2a02:26f0:b200:1b8::2a1 (317)
15:11:13.412513 IP 10.122.89.1.53 > 10.122.89.2.58528: 41703 3/1/0 CNAME configuration.apple.com.akadns.net., CNAME configuration.apple.com.edgekey.net., CNAME e673.dsce9.akamaiedge.net. (233)
15:11:13.415018 IP 10.122.89.2.49368 > 10.122.89.1.53: 64918+ A? configuration.apple.com. (41)
15:11:13.415864 IP 10.122.89.1.53 > 10.122.89.2.49368: 64918 4/0/0 CNAME configuration.apple.com.akadns.net., CNAME configuration.apple.com.edgekey.net., CNAME e673.dsce9.akamaiedge.net., A 23.213.168.27 (193)
15:11:13.424904 IP 10.122.89.2.59985 > 10.122.89.1.53: 1393+ Type65? e673.dsce9.akamaiedge.net. (43)
15:11:13.426190 IP 10.122.89.1.53 > 10.122.89.2.59985: 1393 0/1/0 (108)
15:11:15.192548 IP 10.122.89.2.60211 > 10.122.89.1.53: 21631+ Type65? api.twitter.com. (33)
15:11:15.192553 IP 10.122.89.2.60071 > 10.122.89.1.53: 47394+ AAAA? api.twitter.com. (33)
15:11:15.193790 IP 10.122.89.1.53 > 10.122.89.2.60071: 47394 1/0/0 CNAME tpop-api.twitter.com. (67)
15:11:15.194304 IP 10.122.89.1.53 > 10.122.89.2.60211: 21631 1/1/0 CNAME tpop-api.twitter.com. (121)
15:11:15.197574 IP 10.122.89.2.60545 > 10.122.89.1.53: 56742+ A? api.twitter.com. (33)
15:11:15.198234 IP 10.122.89.1.53 > 10.122.89.2.60545: 56742 2/0/0 CNAME tpop-api.twitter.com., A 104.244.42.130 (83)
15:11:15.212390 IP 10.122.89.2.50498 > 10.122.89.1.53: 12077+ Type65? tpop-api.twitter.com. (38)
15:11:15.212520 IP 10.122.89.2.58432 > 10.122.89.1.53: 4650+ AAAA? tpop-api.twitter.com. (38)
15:11:15.213488 IP 10.122.89.1.53 > 10.122.89.2.58432: 4650 0/0/0 (38)
15:11:15.213984 IP 10.122.89.1.53 > 10.122.89.2.50498: 12077 0/1/0 (103)
15:11:15.467387 IP 10.122.89.2.54009 > 10.122.89.1.53: 24998+ Type65? www.euractiv.com. (34)
15:11:15.467449 IP 10.122.89.2.56610 > 10.122.89.1.53: 25015+ AAAA? www.euractiv.com. (34)
15:11:15.472441 IP 10.122.89.2.63037 > 10.122.89.1.53: 17173+ A? www.euractiv.com. (34)
15:11:15.572439 IP 10.122.89.2.51812 > 10.122.89.1.53: 3166+ Type65? t.co. (22)
15:11:15.574011 IP 10.122.89.1.53 > 10.122.89.2.51812: 3166 0/1/0 (90)
15:11:15.582362 IP 10.122.89.2.60262 > 10.122.89.1.53: 9539+ AAAA? t.co. (22)
15:11:15.582475 IP 10.122.89.2.51836 > 10.122.89.1.53: 35012+ A? t.co. (22)
15:11:15.582887 IP 10.122.89.1.53 > 10.122.89.2.60262: 9539 0/0/0 (22)
15:11:15.583512 IP 10.122.89.1.53 > 10.122.89.2.51836: 35012 4/0/0 A 104.244.42.133, A 104.244.42.197, A 104.244.42.69, A 104.244.42.5 (86)
15:11:15.632463 IP 10.122.89.1.53 > 10.122.89.2.63037: 17173 1/0/0 A 217.19.234.2 (50)
15:11:15.731494 IP 10.122.89.1.53 > 10.122.89.2.56610: 25015 0/1/0 (111)
15:11:15.732446 IP 10.122.89.1.53 > 10.122.89.2.54009: 24998 0/1/0 (111)
15:11:15.850057 IP 10.122.89.2.49969 > 10.122.89.1.53: 16594+ Type65? api-glb-aeuw3c.smoot.apple.com. (48)
15:11:15.850226 IP 10.122.89.2.62115 > 10.122.89.1.53: 28207+ AAAA? api-glb-aeuw3c.smoot.apple.com. (48)
15:11:15.855081 IP 10.122.89.2.61041 > 10.122.89.1.53: 25377+ A? api-glb-aeuw3c.smoot.apple.com. (48)
15:11:15.855419 IP 10.122.89.2.52607 > 10.122.89.1.53: 59619+ Type65? www.ehow.com. (30)
15:11:15.855480 IP 10.122.89.2.65362 > 10.122.89.1.53: 18729+ AAAA? www.ehow.com. (30)
15:11:15.855483 IP 10.122.89.2.54480 > 10.122.89.1.53: 41141+ A? www.ehow.com. (30)
15:11:15.949434 IP 10.122.89.1.53 > 10.122.89.2.61041: 25377 2/0/0 CNAME smoot-searchv2-aeuw3c.v.aaplimg.com., A 35.181.25.252 (110)
15:11:15.979851 IP 10.122.89.1.53 > 10.122.89.2.49969: 16594 1/1/0 CNAME smoot-searchv2-aeuw3c.v.aaplimg.com. (148)
15:11:15.994962 IP 10.122.89.2.61605 > 10.122.89.1.53: 35603+ Type65? smoot-searchv2-aeuw3c.v.aaplimg.com. (53)
15:11:15.996484 IP 10.122.89.1.53 > 10.122.89.2.61605: 35603 0/1/0 (113)
15:11:16.021748 IP 10.122.89.1.53 > 10.122.89.2.54480: 41141 1/0/0 A 23.207.110.82 (46)
15:11:16.076629 IP 10.122.89.1.53 > 10.122.89.2.62115: 28207 1/1/0 CNAME smoot-searchv2-aeuw3c.v.aaplimg.com. (148)
15:11:16.095005 IP 10.122.89.2.54353 > 10.122.89.1.53: 53536+ AAAA? smoot-searchv2-aeuw3c.v.aaplimg.com. (53)
15:11:16.095573 IP 10.122.89.1.53 > 10.122.89.2.54353: 53536 0/0/0 (53)
15:11:16.105905 IP 10.122.89.1.53 > 10.122.89.2.52607: 59619 0/1/0 (89)
15:11:16.307124 IP 10.122.89.1.53 > 10.122.89.2.65362: 18729 0/1/0 (89)
15:11:16.655073 IP 10.122.89.2.63235 > 10.122.89.1.53: 58890+ Type65? twitter.com. (29)
15:11:16.656702 IP 10.122.89.1.53 > 10.122.89.2.63235: 58890 0/1/0 (94)
15:11:16.665088 IP 10.122.89.2.56894 > 10.122.89.1.53: 15724+ AAAA? twitter.com. (29)
15:11:16.665236 IP 10.122.89.2.49493 > 10.122.89.1.53: 924+ A? twitter.com. (29)
15:11:16.665698 IP 10.122.89.1.53 > 10.122.89.2.56894: 15724 0/0/0 (29)
15:11:16.666275 IP 10.122.89.1.53 > 10.122.89.2.49493: 924 4/0/0 A 104.244.42.129, A 104.244.42.1, A 104.244.42.193, A 104.244.42.65 (93)
15:11:22.413087 IP 10.122.89.2.51114 > 10.122.89.1.53: 5524+ Type65? www.publico.pt. (32)
15:11:22.413090 IP 10.122.89.2.61748 > 10.122.89.1.53: 9989+ AAAA? www.publico.pt. (32)
15:11:22.419915 IP 10.122.89.2.59150 > 10.122.89.1.53: 12768+ A? www.publico.pt. (32)
15:11:22.447299 IP 10.122.89.2.53197 > 10.122.89.1.53: 47152+ Type65? static.publicocdn.com. (39)
15:11:22.447667 IP 10.122.89.2.50504 > 10.122.89.1.53: 53613+ AAAA? static.publicocdn.com. (39)
15:11:22.450482 IP 10.122.89.2.52054 > 10.122.89.1.53: 44187+ A? static.publicocdn.com. (39)
15:11:22.852068 IP 10.122.89.1.53 > 10.122.89.2.51114: 5524 1/1/0 CNAME d2myb36x6mulj5.cloudfront.net. (162)
15:11:22.877492 IP 10.122.89.1.53 > 10.122.89.2.59150: 12768 5/0/0 CNAME d2myb36x6mulj5.cloudfront.net., A 18.238.243.63, A 18.238.243.121, A 18.238.243.37, A 18.238.243.70 (139)
15:11:22.901712 IP 10.122.89.2.54587 > 10.122.89.1.53: 44284+ Type65? d2myb36x6mulj5.cloudfront.net. (47)
15:11:22.903488 IP 10.122.89.1.53 > 10.122.89.2.54587: 44284 0/1/0 (134)
15:11:22.923797 IP 10.122.89.1.53 > 10.122.89.2.61748: 9989 1/1/0 CNAME d2myb36x6mulj5.cloudfront.net. (162)
15:11:22.940893 IP 10.122.89.2.57854 > 10.122.89.1.53: 32535+ AAAA? d2myb36x6mulj5.cloudfront.net. (47)
15:11:22.941398 IP 10.122.89.1.53 > 10.122.89.2.57854: 32535 0/0/0 (47)
15:11:22.965475 IP 10.122.89.1.53 > 10.122.89.2.53197: 47152 1/1/0 CNAME d121s2m54m3ubs.cloudfront.net. (160)
15:11:22.966212 IP 10.122.89.1.53 > 10.122.89.2.50504: 53613 1/1/0 CNAME d121s2m54m3ubs.cloudfront.net. (160)
15:11:22.990153 IP 10.122.89.2.50709 > 10.122.89.1.53: 53246+ Type65? d121s2m54m3ubs.cloudfront.net. (47)
15:11:22.990238 IP 10.122.89.2.51564 > 10.122.89.1.53: 39090+ AAAA? d121s2m54m3ubs.cloudfront.net. (47)
15:11:22.990746 IP 10.122.89.1.53 > 10.122.89.2.51564: 39090 0/0/0 (47)
15:11:22.990894 IP 10.122.89.1.53 > 10.122.89.2.50709: 53246 0/1/0 (128)
15:11:23.042685 IP 10.122.89.1.53 > 10.122.89.2.52054: 44187 5/0/0 CNAME d121s2m54m3ubs.cloudfront.net., A 108.156.60.121, A 108.156.60.76, A 108.156.60.124, A 108.156.60.41 (146)
15:11:23.420345 IP 10.122.89.2.61815 > 10.122.89.1.53: 40425+ Type65? www.whatsmyip.org. (35)
15:11:23.420348 IP 10.122.89.2.49196 > 10.122.89.1.53: 33526+ AAAA? www.whatsmyip.org. (35)
15:11:23.420350 IP 10.122.89.2.50279 > 10.122.89.1.53: 52049+ A? www.whatsmyip.org. (35)
15:11:23.942956 IP 10.122.89.1.53 > 10.122.89.2.50279: 52049 1/0/0 A 208.79.209.138 (51)
15:11:24.115733 IP 10.122.89.1.53 > 10.122.89.2.49196: 33526 0/0/0 (35)
15:11:24.115862 IP 10.122.89.1.53 > 10.122.89.2.61815: 40425 0/0/0 (35)
15:11:25.645073 IP 10.122.89.2.56683 > 10.122.89.1.53: 6276+ AAAA? events.redditmedia.com. (40)
15:11:25.645223 IP 10.122.89.2.58502 > 10.122.89.1.53: 19939+ A? events.redditmedia.com. (40)
15:11:25.645768 IP 10.122.89.1.53 > 10.122.89.2.56683: 6276* 1/0/0 AAAA :: (68)
15:11:25.646053 IP 10.122.89.1.53 > 10.122.89.2.58502: 19939* 1/0/0 A 0.0.0.0 (56)
^C
170 packets captured
170 packets received by filter
0 packets dropped by kernel

trendy · 3 December 2023 18:44

If the tunnel is running on dietpi, which is my understanding, then the results are correct and there is no problem with the dns.
It is not clear what do you mean by “the VPN from my mobile”.

fcupdt2022 · 3 December 2023 23:20

As I lack precise terminology I used my plain English to explain my situation.

I have a RBPi with dietpi on my local network, with Surfshark as a VPN, PiHole and Unbound.
What I’m trying to do is to connect my iPhone to my local network when I’m out, and for doing so I created a second VPN, from my mobile phone to my local network, using Wireguard.

I have access to my network, I can surf most part of the web but some website simply stop loading, as Twitter / Reddit / whatsmyip . Even changing my upstream DNS on PiHole or disabling it doesn’t solve this issue.

Joulinar · 4 December 2023 08:42

I don’t think this is a DNS issue or related to PiHole. Might be some packages not going the right way if using public Surfshark + WG Server on DietPi

trendy · 4 December 2023 15:07

Let’s have a look. Please post the output of the following from dietpi:

ip -4 addr; ip -4 ro list table all; ip -4 ru; \
iptables-save -c

fcupdt2022 · 4 December 2023 15:32

Here it goes

(Just to remember some context, I applied this modification to the wireguards configurations)

: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    inet 192.168.1.73/24 brd 192.168.1.255 scope global dynamic noprefixroute eth0
       valid_lft 2599sec preferred_lft 2149sec
3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 10.122.89.1/24 scope global wg0
       valid_lft forever preferred_lft forever
5: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
7: veth4cfdde5@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default  link-netnsid 0
    inet 169.254.177.113/16 brd 169.254.255.255 scope global noprefixroute veth4cfdde5
       valid_lft forever preferred_lft forever
12: surfshark-01: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 10.14.0.2/16 scope global surfshark-01
       valid_lft forever preferred_lft forever
default dev surfshark-01 table 51820 scope link 
default via 192.168.1.254 dev eth0 proto dhcp src 192.168.1.73 metric 202 
10.14.0.0/16 dev surfshark-01 proto kernel scope link src 10.14.0.2 
10.122.89.0/24 dev wg0 proto kernel scope link src 10.122.89.1 
169.254.0.0/16 dev veth4cfdde5 scope link src 169.254.177.113 metric 207 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 
192.168.1.0/24 dev eth0 proto dhcp scope link src 192.168.1.73 metric 202 
local 10.14.0.2 dev surfshark-01 table local proto kernel scope host src 10.14.0.2 
broadcast 10.14.255.255 dev surfshark-01 table local proto kernel scope link src 10.14.0.2 
local 10.122.89.1 dev wg0 table local proto kernel scope host src 10.122.89.1 
broadcast 10.122.89.255 dev wg0 table local proto kernel scope link src 10.122.89.1 
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 
local 169.254.177.113 dev veth4cfdde5 table local proto kernel scope host src 169.254.177.113 
broadcast 169.254.255.255 dev veth4cfdde5 table local proto kernel scope link src 169.254.177.113 
local 172.17.0.1 dev docker0 table local proto kernel scope host src 172.17.0.1 
broadcast 172.17.255.255 dev docker0 table local proto kernel scope link src 172.17.0.1 
local 192.168.1.73 dev eth0 table local proto kernel scope host src 192.168.1.73 
broadcast 192.168.1.255 dev eth0 table local proto kernel scope link src 192.168.1.73 
0:	from all lookup local
32764:	from all lookup main suppress_prefixlength 0
32765:	not from all fwmark 0xca6c lookup 51820
32766:	from all lookup main
32767:	from all lookup default
# Generated by iptables-save v1.8.7 on Mon Dec  4 15:17:56 2023
*mangle
:PREROUTING ACCEPT [2807112:946469024]
:INPUT ACCEPT [2799965:945871781]
:FORWARD ACCEPT [7126:594673]
:OUTPUT ACCEPT [2697408:3718693582]
:POSTROUTING ACCEPT [2821917:3730219499]
[1472580:537349285] -A PREROUTING -p udp -m comment --comment "wg-quick(8) rule for surfshark-01" -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
[739376:432313768] -A POSTROUTING -p udp -m mark --mark 0xca6c -m comment --comment "wg-quick(8) rule for surfshark-01" -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff
COMMIT
# Completed on Mon Dec  4 15:17:56 2023
# Generated by iptables-save v1.8.7 on Mon Dec  4 15:17:56 2023
*raw
:PREROUTING ACCEPT [2807112:946469024]
:OUTPUT ACCEPT [2697408:3718693582]
[0:0] -A PREROUTING -d 10.14.0.2/32 ! -i surfshark-01 -m addrtype ! --src-type LOCAL -m comment --comment "wg-quick(8) rule for surfshark-01" -j DROP
COMMIT
# Completed on Mon Dec  4 15:17:56 2023
# Generated by iptables-save v1.8.7 on Mon Dec  4 15:17:56 2023
*filter
:INPUT ACCEPT [2600836:870400629]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2697408:3718693582]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
[196534:75283212] -A INPUT -i eth0 -p udp -m udp --dport 51821 -m comment --comment wireguard-input-rule -j ACCEPT
[2595:187940] -A INPUT -i wg0 -p udp -m udp --dport 53 -m comment --comment pihole-DNS-rule -j ACCEPT
[0:0] -A INPUT -i wg0 -p udp -m udp --dport 53 -m comment --comment pihole-DNS-rule -j ACCEPT
[0:0] -A INPUT -i wg0 -p udp -m udp --dport 53 -m comment --comment pihole-DNS-rule -j ACCEPT
[0:0] -A INPUT -i wg0 -p udp -m udp --dport 53 -m comment --comment pihole-DNS-rule -j ACCEPT
[0:0] -A INPUT -i eth0 -p udp -m udp --dport 51820 -m comment --comment wireguard-input-rule -j ACCEPT
[0:0] -A INPUT -i wg0 -p udp -m udp --dport 53 -m comment --comment pihole-DNS-rule -j ACCEPT
[7126:594673] -A FORWARD -j DOCKER-USER
[7126:594673] -A FORWARD -j DOCKER-ISOLATION-STAGE-1
[0:0] -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -o docker0 -j DOCKER
[0:0] -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
[0:0] -A FORWARD -i docker0 -o docker0 -j ACCEPT
[52:39572] -A FORWARD -d 10.122.89.0/24 -i eth0 -o wg0 -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment wireguard-forward-rule -j ACCEPT
[52:5313] -A FORWARD -s 10.122.89.0/24 -i wg0 -o eth0 -m comment --comment wireguard-forward-rule -j ACCEPT
[0:0] -A FORWARD -d 10.37.120.0/24 -i eth0 -o wg0 -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment wireguard-forward-rule -j ACCEPT
[0:0] -A FORWARD -s 10.37.120.0/24 -i wg0 -o eth0 -m comment --comment wireguard-forward-rule -j ACCEPT
[0:0] -A FORWARD -d 10.180.139.0/24 -i eth0 -o wg0 -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment wireguard-forward-rule -j ACCEPT
[0:0] -A FORWARD -s 10.180.139.0/24 -i wg0 -o eth0 -m comment --comment wireguard-forward-rule -j ACCEPT
[0:0] -A FORWARD ! -d 192.168.0.0/24 -o eth0 -j REJECT --reject-with icmp-port-unreachable
[7022:549788] -A FORWARD -i wg0 -j ACCEPT
[0:0] -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -j REJECT --reject-with icmp-port-unreachable
[0:0] -A FORWARD ! -d 192.168.0.0/24 -o eth0 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A FORWARD -i wg0 -j ACCEPT
[0:0] -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -j REJECT --reject-with icmp-port-unreachable
[0:0] -A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 9000 -j ACCEPT
[0:0] -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
[7126:594673] -A DOCKER-ISOLATION-STAGE-1 -j RETURN
[0:0] -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
[0:0] -A DOCKER-ISOLATION-STAGE-2 -j RETURN
[7126:594673] -A DOCKER-USER -j RETURN
COMMIT
# Completed on Mon Dec  4 15:17:56 2023
# Generated by iptables-save v1.8.7 on Mon Dec  4 15:17:56 2023
*nat
:PREROUTING ACCEPT [22319:3933944]
:INPUT ACCEPT [21129:3820056]
:OUTPUT ACCEPT [311760:42143306]
:POSTROUTING ACCEPT [238479:31099589]
:DOCKER - [0:0]
[17127:2762741] -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
[37519:12565678] -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
[7835:2646828] -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
[25:1508] -A POSTROUTING -s 10.122.89.0/24 -o eth0 -m comment --comment wireguard-nat-rule -j MASQUERADE
[0:0] -A POSTROUTING -s 10.37.120.0/24 -o eth0 -m comment --comment wireguard-nat-rule -j MASQUERADE
[0:0] -A POSTROUTING -s 10.120.17.0/24 -o eth0 -m comment --comment wireguard-nat-rule -j MASQUERADE
[66609:8508653] -A POSTROUTING -o eth0 -j MASQUERADE
[0:0] -A POSTROUTING -o vpn-client -j MASQUERADE
[0:0] -A POSTROUTING -o eth0 -j MASQUERADE
[0:0] -A POSTROUTING -o vpn-client -j MASQUERADE
[0:0] -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p tcp -m tcp --dport 9000 -j MASQUERADE
[0:0] -A DOCKER -i docker0 -j RETURN
[0:0] -A DOCKER ! -i docker0 -p tcp -m tcp --dport 9002 -j DNAT --to-destination 172.17.0.2:9000
COMMIT
# Completed on Mon Dec  4 15:17:56 2023

trendy · 4 December 2023 19:46

Your vpn client interface is named

but you apply masquerade in iptables nat table to

interface.

fcupdt2022 · 4 December 2023 20:37

Well, that was dumb on my side… but after changing vpn-client to surfshark-01 the VPN stopped working all together.
Let me check if I can understand what happened

fcupdt2022 · 4 December 2023 21:05

Ok, not sure what happened but now everything seems to work fine!

When the next pay check is in I’ll make a donation, and sorry for waisting your time and expertise with my noob mistakes

Joulinar · 5 December 2023 07:53

all good. Thx @trendy for your commitment and continuous support.

fcupdt2022 · 20 December 2023 11:26

Another question from the noob
This VPN configuration works perfectly fine over phone data but doesn’t work over wi-fi (outside of my house). Any reason and any easy fix for this?
I can’t access my local network nor the web.

Thanks!