Specific website won't load when connected via GL-iNet router

AdamK · December 5, 2023, 12:19am

Posting on behalf of someone here.

Someone is trying to connect to whos-next.com. They are running a Tailscale exit node back at home. The Beryl AX is configured with Tailscale enabled and DNS set to auto in the router admin page.

Connecting via two different laptops (and different browsers, cache cleared) and an iPhone does NOT work when connecting through the router, however connecting using a Tailscale client on the device (ex. iPhone Tailscale app), the website will load fine.

The weird thing is I tested the website myself on my Beryl AX and exit node and the website loads fine. I’m stumped on what else to try to diagnose this issue.

By the way, don’t suggest any diagnosis involving pinging that website because whos-next.com blocks ICMP requests/replies.

Edit: I’m suspecting the Azure DNS of this website has something to do with it.

hansome · December 5, 2023, 2:08am

Do you enable VPN policy and adguardhome? please try to turn it off.
When using tailsale exit node, it’s also a kind of VPN client, but the policy and DNS part are fully covered.

AdamK · December 5, 2023, 2:33am

No additional services are enabled. Only Tailscale.

Have also tried manual DNS with Google servers and no luck with that particular website.

hansome · December 5, 2023, 3:00am

I guess the path to that site is through the relay. So the traffic or ttl is limited, you can capture traffic on the home tailscale node to see what happened.

AdamK · December 5, 2023, 3:22am

Nope, not relay. Checked with “tailscale status” and the GL iNet router showed direct connection. Also, the TTL for that website is 1 hour.

admon · December 5, 2023, 5:18am

Could you please try to do a traceroute to this website while connected?

AdamK · December 5, 2023, 1:10pm

Could you elaborate what you’re looking for in the traceroute? I assume you mean while connected to the website via Tailscale client.

admon · December 5, 2023, 1:40pm

Exactly. I want to know there the connection drops - since this is what traceroute will show.

AdamK · December 5, 2023, 1:42pm

The connection doesn’t drop when connected to the Tailscale client. It drops when connected through the GL-iNet router (which is connected to exit node as well).

admon · December 5, 2023, 1:44pm

So you can simply do 2 traceroutes so we can see if the connection really drops at the router or if there are other issues. Traceroute is just a pretty basic troubleshooting tool.

AdamK · December 5, 2023, 2:15pm

Do you mind posting a traceroute to whos-next.com as an example (obviously blocking out your own IP)? For comparison. In the meantime, I’ll try to get some results on my end.

doczenith1 · December 5, 2023, 2:51pm

The website loads fine for me but the tracert is struggling.

C:\Users\doczenith1>tracert whos-next.com

Tracing route to whos-next.com [52.165.133.19]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  RT-AX88U_Pro-EE80 [192.168.1.1]
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4    21 ms     9 ms     8 ms  10.192.192.61
  5    16 ms     9 ms     9 ms  10.192.208.213
  6    11 ms    15 ms    45 ms  ae86-0.chg-96e-1.ntwk.msn.net [104.44.14.65]
  7     *        *        *     Request timed out.
  8    23 ms    16 ms     *     be-120-0.ibr02.ch2.ntwk.msn.net [104.44.11.13]
  9    18 ms    16 ms     *     be-6-0.ibr02.dsm05.ntwk.msn.net [104.44.18.217]
 10    27 ms    16 ms    19 ms  ae162-0.icr02.dsm05.ntwk.msn.net [104.44.22.188]
 11     *        *        *     Request timed out.
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
 14     *        *        *     Request timed out.
 15     *        *        *     Request timed out.
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.
 20     *        *        *     Request timed out.
 21     *        *        *     Request timed out.
 22     *        *        *     Request timed out.
 23     *        *        *     Request timed out.
 24     *        *        *     Request timed out.
 25     *        *        *     Request timed out.
 26     *        *        *     Request timed out.
 27     *        *        *     Request timed out.
 28     *        *        *     Request timed out.
 29     *        *        *     Request timed out.
 30     *        *        *     Request timed out.

Trace complete.

AdamK · December 5, 2023, 3:36pm

The website loads fine for me but the tracert is struggling.

That could be because it’s trying to use ICMP, which this particular website blocks. So what’s happening is the IP packet gets to the Microsoft Azure router and “probably” reaches the host, but it just doesn’t respond. Same thing happens for me.

AdamK · December 5, 2023, 4:55pm

Issue solved. Manually used “https://” to access website. Seems redirect is broken on user’s end for some reason.

admon · December 5, 2023, 4:56pm

Could be a privacy feature as well. Some browsers and plugins block plain HTTP.