Open tm4ig opened 1 month ago
tm4ig
commented
1 month ago Why does nordpn dns say that google.com has ip 192.0.0.88 https://www.reddit.com/r/nordvpn/comments/13ii3zk/nordvpn_dns_servers_resolve_googlecom_into_a/ and why does google.com say ssl errors with nordvpn?
tm4ig
commented
1 month ago with custom dns for active nordvpn (for example 1.1.1.1) I have not any problems for google.com so problem is in nordvpn fake google.com ip 192.0.0.88 and nordvpn dns servers
tm4ig
commented
1 month ago 192.0.0.88 as target ip for google.com works intermittently
curl --resolve google.com:443:192.0.0.88 https://google.com
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>
curl --resolve google.com:443:192.0.0.88 https://google.com
curl: (35) error:0A000126:SSL routines::unexpected eof while reading192.0.0.88 as target host doesn't work at all
curl https://192.0.0.88 -k
curl: (35) error:0A000126:SSL routines::unexpected eof while reading
curl https://192.0.0.88 -k
curl: (35) error:0A000126:SSL routines::unexpected eof while reading
in the firefox I have PR_END_OF_FILE_ERROR error for google.com with nordvpn
mariusSincovici
commented
1 month ago Hi, Thanks for your feedback. The fact that google.com resolves to 192.0.0.88, it is a feature and there will be an explanation page for this.
Regarding the certificate issue, unfortunately I cannot reproduce this and tried on Ubuntu 22 and 24. I did saw a difference between my output and yours:
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22): <---- you get: * TLSv1.0 (OUT), TLS header, Unknown (21):
* TLSv1.3 (IN), TLS handshake, Server hello (2):Could you check the output of curl when not using the VPN, mainly the line after TLSv1.3 (OUT), TLS handshake, Client hello (1):?
Also while connected to the VPN please check if openssl s_client -connect google.com:443 -tls1_2 works fine?
Thanks
tm4ig
commented
1 month ago @mariusSincovici
nordvpn ON, google.com curl OK answer
curl -v https://google.com -s > /dev/null
* Trying 192.0.0.88:443...
* Connected to google.com (192.0.0.88) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS header, Certificate Status (22):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.2 (IN), TLS header, Finished (20):
{ [5 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [15 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [6300 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [79 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.2 (OUT), TLS header, Finished (20):
} [5 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=*.google.com
* start date: Jul 30 12:32:53 2024 GMT
* expire date: Oct 22 12:32:52 2024 GMT
* subjectAltName: host "google.com" matched cert's "google.com"
* issuer: C=US; O=Google Trust Services; CN=WR2
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0x55934e8cceb0)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
> GET / HTTP/2
> Host: google.com
> user-agent: curl/7.81.0
> accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [282 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [282 bytes data]
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
< HTTP/2 301
< location: https://www.google.com/
< content-type: text/html; charset=UTF-8
< content-security-policy-report-only: object-src 'none';base-uri 'self';script-src 'nonce-wtMpnqmoLZKTVYPL0Jxt8w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
< date: Mon, 12 Aug 2024 09:51:46 GMT
< expires: Wed, 11 Sep 2024 09:51:46 GMT
< cache-control: public, max-age=2592000
< server: gws
< content-length: 220
< x-xss-protection: 0
< x-frame-options: SAMEORIGIN
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
<
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* Connection #0 to host google.com left intactnordvpn ON, google.com curl NOT OK answer
curl -v https://google.com -s > /dev/null
* Trying 192.0.0.88:443...
* Connected to google.com (192.0.0.88) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.0 (OUT), TLS header, Unknown (21):
} [5 bytes data]
* TLSv1.3 (OUT), TLS alert, decode error (562):
} [2 bytes data]
* error:0A000126:SSL routines::unexpected eof while reading
* Closing connection 0nordvpn OFF, google.com curl OK answer
curl -v https://google.com -s > /dev/null
* Trying 172.217.168.14:443...
* Connected to google.com (172.217.168.14) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS header, Certificate Status (22):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.2 (IN), TLS header, Finished (20):
{ [5 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [15 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [6300 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [79 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.2 (OUT), TLS header, Finished (20):
} [5 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=*.google.com
* start date: Jul 30 12:32:53 2024 GMT
* expire date: Oct 22 12:32:52 2024 GMT
* subjectAltName: host "google.com" matched cert's "google.com"
* issuer: C=US; O=Google Trust Services; CN=WR2
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0x562fd4dafeb0)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
> GET / HTTP/2
> Host: google.com
> user-agent: curl/7.81.0
> accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [282 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [282 bytes data]
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
} [5 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
< HTTP/2 301
< location: https://www.google.com/
< content-type: text/html; charset=UTF-8
< content-security-policy-report-only: object-src 'none';base-uri 'self';script-src 'nonce-vz2VkIzY-_as4uNVZbHIjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
< date: Mon, 12 Aug 2024 09:57:24 GMT
< expires: Wed, 11 Sep 2024 09:57:24 GMT
< cache-control: public, max-age=2592000
< server: gws
< content-length: 220
< x-xss-protection: 0
< x-frame-options: SAMEORIGIN
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
<
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* TLSv1.2 (IN), TLS header, Supplemental data (23):
{ [5 bytes data]
* Connection #0 to host google.com left intactwith nordvon on for openssl s_client -connect google.com:443 -tls1_2 I sometimes get
openssl s_client -connect google.com:443 -tls1_2
CONNECTED(00000003)
40A7CC7C237F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:../ssl/record/rec_layer_s3.c:317:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 214 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1723456791
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---If I am trying plain http (not https) I sometimes get this error with enabled nordvpn
curl http://google.com -v
* Trying 192.0.0.88:80...
* Connected to google.com (192.0.0.88) port 80 (#0)
> GET / HTTP/1.1
> Host: google.com
> User-Agent: curl/7.81.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 400 Bad request
< content-length: 90
< cache-control: no-cache
< content-type: text/html
<
<html><body><h1>400 Bad request</h1>
Your browser sent an invalid request.
</body></html>
* Connection #0 to host google.com left intactI've managed to reproduce this also, but only in a stress testing. The information was passed to the servers team and they will investigate and work on it.
Very nice finding, thank you.
tm4ig
commented
2 weeks ago I still get errors sometimes with nordvpn
curl https://google.com
curl: (35) error:0A000126:SSL routines::unexpected eof while readingor
curl http://google.com
<html><body><h1>400 Bad request</h1>
Your browser sent an invalid request.
</body></html>Hi, Thank you for your patience.
Regarding the custom IP for google: we are using these local IPs as a part of our internal solution, responsible for delivering seamless and uninterrupted browsing experience. These IP addresses are used to proxy certain traffic to the best quality endpoint of our infrastructure for the given website, while keeping the traffic content 100% secure, encrypted, un-tracked and unknown even for our engineers.
For the curl errors: to ensure the solution is effective and reliable, we have implemented an automated abuse prevention mechanism designed specifically to deter bots or scrapers. It not only enhances the authenticity of the traffic but also helps prevent server errors that can occur from overly rapid connections to our endpoints. The errors you received are a result of this mechanism in action. Specifically, the SSL error is caused by our server rejecting the connection due to a pattern indicative of non-human traffic, but the client, expecting a normal SSL response, interprets the absence of this information as an error. During regular browsing, this issue does not occur.
tm4ig
commented
2 weeks ago I have similar error pr_end_of_file_error with during regular browsing in firefox. At that error in firefox appears with first open https://google.com after a long pause after the previous opening
mariusSincovici
commented
1 day ago Hi, Thank again for your patience.
We identified a bug that caused connection issues, though it only affected abusers. Your browser experience was impacted due to the strict limitations in place in that country to prevent abuse, along with the forced TCP reset. We’ve since released a fix and thoroughly tested the solution. Your feedback is greatly appreciated, and we’d love to offer you additional service time (please check your inbox). If everything looks good, we will close this issue in a week. Don’t hesitate to reach out if anything else comes up. When you'll have time please check and let us know if it is all working fine.
tm4ig
commented
1 day ago There are no any problems with google.com and nordvpn for this week. I am not abuser, but I connect to nordvpn from my VPS and I connect to VPS via xray reality, because I can not to connect to nordvpn servers directly.
Your feedback is greatly appreciated, and we’d love to offer you additional service time (please check your inbox)
What do you mean? There are no messages from nordvpn in my inbox
mariusSincovici
commented
19 hours ago Actually this is something that I wanted to ask. We would like to send you an email, but we cannot identify your account and cannot send a DM on GitHub. Do you by any chance have some temporary email address(in case you don't want to make your personal one public) to send to you? If not I'll think of some other way to send.
tm4ig
commented
13 hours ago my email and account Qtm4ig@gmail.com
Today I have sometimes problems with https://google.com when nordvpn is connected. https://google.com sometimes does not opening In the curl I have sometimes this error when nordvpn is working
Also google.com is resolving to strange ip address 192.0.0.88 with nordvpn dns servers
whois says that 192.0.0.88 is not google ip
Without nordvpn i have not any problems with google.com and google.com was resolved to google ip 172.217.168.14
my nordvpn config