Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[snadge]

Hi everyone.

I have recently decided to try out NordVPN, and every now and again when I boot up after work, 70% of the time I get the message below, is it anything to be concerned about?



it says on the Nord website for a slightly different but similar thing, that you MAY have networking monitoring software and to disable that and re-ty, I have DSL_stats running on my PC when it turns on, but that's it, the VPN launches well before that as I have it on a 2 minutes delayed launch!!! so don't think its that?

help??
thanks

[Alex Atkin UK]

If I were to guess, the router is intercepting somehow and its getting ITS certificate back, thus the complaint.  Not sure how/why that would be happening though.

[meritez]

That looks like the zyxel DNS server intercepting.
If you make a backup of your router, these settings are at the bottom of the config.

Openwrt can do the same thing, but that was fixed awhile back.

[snadge]

yeah it's not all the time, just on occasions, i wonder if it's because of DSL-stats, because it happens sporadically / randomly - I can't just stop DSL_stats and hope and wait - i want DSL-stats running all the time if i can

It's unlikely im being eavesdropped is it>?

[Alex Atkin UK]

DSL Stats shouldn't cause it, I'd only expect it to happen if temporarily the Internet had stopped working so the router is trying to redirect you to its error/setup page.

[snadge]

DSL Stats shouldn't cause it, I'd only expect it to happen if temporarily the Internet had stopped working so the router is trying to redirect you to its error/setup page.

this makes absolute sense as when it does happen it doesn't "auto-connect" - must be corrupt as 3 days in a row I've had to 'connect' the VPN when it is set to 'auto-connect at boot - i'll reinstall, also KILL SWITCH is on so nothing has internet access UNTIL Nord VPN is up and running which takes a whole MINUTE (after logging in) from a Samsung EVO SSD even when all other services (delayed) as many as i can without affecting performance or security, and tray icons are delayed by 1m30s-2m00s by GlarySoft Boot Manager

thanks for that

@ Meritez - ive backed up the config in a safe place just incase i need to reset

P.S. sorry for al the edits... sat morning yawn!

[kitz]

Could the NTP Time Servers in the Zyxel be causing this?    I notice you say it tends to happen "when I boot up after work,"

One of the things I've noticed is that turning off the router and/or starting it from cold nearly always causes time to become unsynchronized.   
Quite often my router logs will have an incorrect date stamp as it can take a while for NTP to correctly synchronise again with the time servers.   Years ago I had an play with the time server settings to try and get the router to retain time during a cold boot but didn't have much luck.

Incorrect date and time can cause TLS/SSL errors.

If you are starting up the Zyxel from cold.... then its highly likely that until it's got PPP and managed to resync with the time servers that the system date and time will be wrong. 

[snadge]

Could the NTP Time Servers in the Zyxel be causing this?    I notice you say it tends to happen "when I boot up after work,"

One of the things I've noticed is that turning off the router and/or starting it from cold nearly always causes time to become unsynchronized.   
Quite often my router logs will have an incorrect date stamp as it can take a while for NTP to correctly synchronise again with the time servers.   Years ago I had an play with the time server settings to try and get the router to retain time during a cold boot but didn't have much luck.

Incorrect date and time can cause TLS/SSL errors.

If you are starting up the Zyxel from cold.... then its highly likely that until it's got PPP and managed to resync with the time servers that the system date and time will be wrong.

yeah probs that, but since reinstalling windows AND nord ive never had the problem!! got a new problem now lol (unrelated)

[Bowdon]

This is only a long shot.

But I noticed when I was setting up the DNS over HTTPS when I tested my connection on a website checker it would come back with a similar message to the one you're getting.

I figured out in my case its because I'm not using my isp's dns server.

Are you using the default dns server settings from your isp?

[snadge]

This is only a long shot.

But I noticed when I was setting up the DNS over HTTPS when I tested my connection on a website checker it would come back with a similar message to the one you're getting.

I figured out in my case its because I'm not using my isp's dns server.

Are you using the default dns server settings from your isp?

I had those issues whether D.O.H was on or off, AND I was using NORD VPN servers, so does it matter? cos it would, or should, default to NORD's DNS servers...i dunno who rules the roost this respect>?

A) The browsers D.O.H on using Cloudflare (1111) with 1.1.1.1 in IPv4 and IPv6 settings and in the router as static, OR
B) NORD VPN's DNS servers - (note: the app has the ability to use 3rd party DNS but never used it)

I noticed a lot of sites were blocked (Microsoft and other big sites) IF I wasn't using my ISPs DNS (VPN OFF or ON) - this feels in line with the NSA (and due to FVEY the UK's GCHQ too), kicking off at Mozilla for being first to add the feature to their browser, saying something along the lines of "it will prevent/or make it difficult to track users who are breaking the law" - This is probably because the 2016 Investigatory Powers Act (UK) forces your ISP and Mobile supplier to record ALL your Top Level Domain, and call/text/data METADATA (the when, who, where, what time, which site etc) for 12 months, and I'm guessing that would be the easiest way to collect it through your ISP and Mobile Provider simply recording your DNS data and its date and time stamps.

Changing to a private DNS (especially an encrypted one) makes this method impossible...not that it matters, as per Snowden's Leak's, he states that the UK was the worst of them all in FVEY, and supposedly records the entirety of the in/out and about Internet traffic in the UK, how long for depends on how much they can store, I read 3 months back over...using crocodile clips on copper and prisms on fibre at over 200 listening stations across the UK, with DNS metadata it would make it viable as a partial backup and extra evidence, with DNS metadata missing means they (UK) only have that "3-month window" (if its true.) - EDIT: more info on this here - https://en.wikipedia.org/wiki/Global_surveillance

I have since installed a newer bigger 1TB Samsung 860 EVO (the old one was 250GB Samsung 840 EVO), reinstalled everything and so far I've not had the problem, but what I do notice and is in line with what KITZ says, if I have my PC on before the internet comes on when I turn on the router I have issues. I have to boot up the router first, leave it 2 minutes to sync up etc, THEN turn on my PC/Netflix/PLEX etc.

If it re-appears I will let you know - but I think KITZ has nailed it.

[snadge]

 
I had the issue again today, there was ZERO internet when it happens and I have to reboot again I've noticed too, the Zyxell is locking IP's to MACs so each device gets the same IP when it boots up so it cant be IP address confliction, this prevents sleeping devices from losing their DHCP IP Address, I've had 30 devices connected over 4 years, I deleted them all last week and it has restarted (150 max allocation) PC is x.x.x.151 and TV is x.x.x.156 (changed the default router DHCP range for added security)

Today I got up, turned on the router and TV at the same time, waited for the router saying it connected before I turned on the PC, I saw the Internet light flash RED for a few milliseconds I got the TLS ALERT accepted it, still, no internet nor on the TV (Netflix saying no connection), so i turned off the PC and rebooted the router, then turned the PC back on - BUT the TV was still ON, connected to the router as it rebooted, soon as it was up, I started up the PC again (while the TV is still on the LAN and ON) and it was fine, and Netflix started.

so think KITZ may have nailed it ...probably


EDIT: Just to add, the Plusnet call centre a few weeks back said it was because "I was turning it off at nights and it MUST be left on a this breaks it" - thats not correct info surely, my dads been turning his router off every night for 15 years and has never had an issue.
this is a new install of window 10 just 5 days old - with most (but not all) of the same software loaded on

[Alex Atkin UK]

I thought we had already figured when there is no Internet the Zyxel will perform a man in the middle to force you onto the "there is no internet" / setup page?

A lack of time on the router should have zero impact as that's only needed if the router has to make secure connections to the Internet, you make a secure connection to the router or so you have proper date stamps on the logs.  Older routers didn't even bother to have NTP support at all as the router knowing the time is not necessary for merely performing NAT.

If it was time related, the certificate would still be NordVPN not Zyxel.  You'd also get a message such as "SSL_ERROR_DC_INAPPROPRIATE_VALIDITY_PERIOD", basically the error would imply it was a date/time problem.

[burakkucat]

Here is the relevant section from the system log of my ZyXEL VMGnnnn device, when it was cold booted, yesterday. Notice the date and time stamp for each message and the sequence in which each action occurs.

2021-01-01T23:00:18 daemon.notice NTP: Unsynchronized with 1.uk.pool.ntp.org
2021-01-01T23:00:49 daemon.notice NTP: Unsynchronized with 2.uk.pool.ntp.org
2021-01-01T23:00:52 daemon.notice XDSL: VDSL link up. Speed:RX:40000/TX:9997 (Kbps)
2021-01-01T23:00:52 daemon.notice Internet: Internet Down.
2021-01-01T23:00:53 daemon.notice DHCP_client: Send DHCP discovery to WAN
2021-01-01T23:01:20 daemon.notice DHCP_client: Receive DHCP offer from 92.29.224.1
2021-01-01T23:01:20 daemon.notice DHCP_client: Send DHCP request to 92.29.224.1
2021-01-01T23:01:20 daemon.notice DHCP_client: Receive DHCP acknowledgement with interface:ptm0.1, assigned ip=92.29.233.220 netmask=255.255.240.0 gateway=92.29.224.1 nameserver=79.79.79.77,79.79.79.78 staticroute=
2021-01-01T23:01:20 daemon.notice Internet: Internet Up. connection type=ptm0.1 IP=92.29.233.220
2021-01-01T23:01:30 daemon.notice IGMP: Adding if: br0 with idx 14
2021-01-01T23:01:30 daemon.notice IGMP: Adding if: ptm0.1 with idx 23
2021-09-19T11:53:48 daemon.notice NTP: Synchronized with 0.uk.pool.ntp.org

(For those who are about to tell me that I have disclosed my IPv4 address my response is that it is not a static address, just one allocated from the dynamic pool. I can drop and re-establish the IPoE connection (without affecting the VDSL2 circuit synchronisation) thus gaining a totally different address.)

[snadge]

phwooar I'll let you experts deal with that one  , you have me lost haha

but, it may be time-related who knows to look at those logs, I will keep updating the thread while it / if it rehappens (VERY likely), I'll try and keep a note of my setup state when it happens, (I.e. are other devices connected and are they getting internet?)

at the moment I'm on Win10Prox64, I use D.o.H in Firefox to Cloudflare, I have 1.1.1.1 set up as static in the router, the Windows TCP/IP Stack is set to get DNS from the device, so the router is static to Cloudflare, but I think either the Browsers DOH or VPN's DNS is being used anyway

thanks for all the help guys & girls, it is much appreciated
EDIT: Just to add, you can get the app that does it for your phone too called WARP - like a VPN for DNS.

[Alex Atkin UK]

Here is the relevant section from the system log of my ZyXEL VMGnnnn device, when it was cold booted, yesterday. Notice the date and time stamp for each message and the sequence in which each action occurs.

(For those who are about to tell me that I have disclosed my IPv4 address my response is that it is not a static address, just one allocated from the dynamic pool. I can drop and re-establish the IPoE connection (without affecting the VDSL2 circuit synchronisation) thus gaining a totally different address.)

It stands to reason though that if the Internet is down, NTP can't function.  Its the old correlation does not mean causation.

An NTP failure can't cause the certificate to come from Zyxel when its supposed to be NordVPN.  Only the router hijacking the traffic and redirecting it to itself can do that.  If it did that and the time was correct, you'd still get the same error as the VPN client knows its the wrong certificate for the endpoint.