Cannot get WAN IP when using a VPN

[Ian-Polito]

When connected to a VPN, archey4 reports No Address for WanIP, however when disconnecting from the VPN, WanIP is correctly shown.

[HorlogeSkynet]

Hi, WanIP entry is supposed to work transparently in such cases (personally verified). It's more likely your VPN administrators preventing outgoing DNS requests. It's known to be blocked in some private networks (see #81). Could you try to disable DNS requests in configuration (set dns_query fields to false for instance) and check the behavior again ?

PS : in the future, please fill an issue template out, at least very minimally, this could help debugging process.

Bye 👋

[HorlogeSkynet]

See this documentation section :

        /* ... */
        {
            "type": "WAN_IP",
            //  ...
            //
            // Below are settings relative to IPv4/IPv6 public addresses retrieval.
            // I hope options are self-explanatory.
            // You may set `dns_query` (or `http_url`) to `false` to disable them.
            // You may directly set `ipv4` or `ipv6` fields to `false` to completely disable them.
            //
            // ...
            "ipv4": {
                "dns_query": "myip.opendns.com",
                "dns_resolver": "resolver1.opendns.com",
                "dns_timeout": 1,
                "http_url": "https://v4.ident.me/",
                "http_timeout": 1
            },
            "ipv6": {
                "dns_query": "myip.opendns.com",
                "dns_resolver": "resolver1.opendns.com",
                "dns_timeout": 1,
                "http_url": "https://v6.ident.me/",
                "http_timeout": 1
            }
        }
    ],
    /* ... */

[Ian-Polito]

Apologies! I will use the issue template in the future

I have changed the config as follows with the same behavior { "type": "WAN_IP", "ipv4": { "dns_query": false, "dns_resolver": "resolver1.opendns.com", "dns_timeout": 1, "http_url": "https://v4.ident.me/", "http_timeout": 1 }, "ipv6": { "dns_query": false, "dns_resolver": "resolver1.opendns.com", "dns_timeout": 1, "http_url": "https://v6.ident.me/", "http_timeout": 1 } }

[HorlogeSkynet]

Fair enough, I would then bet on a SOCKS proxy required to access Internet from the network you are connected to.

Do you configure your Web browser in any way once connected ? Could you run curl https://ident.me/ in a terminal and paste the error output here ? Have you already tried some things around http_proxy environment variable for instance ?

BR

[Ian-Polito]

I do not configure my web browser to connect to any proxy, nor have i messed with the http_proxy environment variable. My VPN is with Mullvad with their client app. using the curl command gives me this output curl: (7) Failed to connect to ident.me port 443: Connection refused

[HorlogeSkynet]

Well with these details I'd opt for a Mullvad's IP blacklist from ident.me provider, maybe some guys abused it and now it's blocked. Could you try against ifconfig.co for instance ?

[HorlogeSkynet]

If urllib standard library allows us to catch such an error as a ConnectionRefused or something maybe we'd be able to properly handle it in Archey so as to not show "No Address" in such cases.

[Ian-Polito]

gotcha, ill see what I can do with the blacklist on that end. doing a curl command with ifconfig.co does correctly output my external IP address

[HorlogeSkynet]

Glad we sorted this out. I'll close here as it's not an issue related to Archey itself. Maybe we should be asking @pcarrier for Ident.ME's hardening solutions (maybe a Fail2Ban HTTP jail) ?

Bye 👋

[pcarrier]

FWIW none, it’s a tiny nginx service running on a single instance for the longest time without many issues. Some client IPs burst because it’s used in the data center, for configuration management I assume. I don’t retain logs and I don’t think about it often.

[HorlogeSkynet]

Well thanks for your quick feedback ! Maybe something blocked on Mullvad side then ? I fear we won't know for sure. Have you recently tried again @Ian-Polito ?