VPN on Router Failing when Connecting to Disney Plus

[georgev]

I have a dedicated IP with NordVPN and I have an .ovpn config on my RT-AX86U (running Merlin) to put all of my traffic over that VPN. Everything has been going great. However, just recently, I can no longer log into Disney+ on my network! I try to hit the login page, and it says Disney+ has encountered an issue!

I've done my best to troubleshoot, but I'm at my wit's end. Here was my troubleshooting so far:

Q: Disney+ could be down?
A: Negative

Q: Maybe my Dedicated IP has been blacklisted!
A: I can VPN to my Dedicated IP via client software on my Android phone and Linux laptop via the same technology/protocol as my router's connection (OpenVPN/UDP), and it works when I VPN on the client device!

Q: Maybe there is a DNS leak? Maybe some general DNS funkiness? I do run a PiHole as the DNS on my network.
A: On the client devices, I can put in public DNS servers (Cloudflare, NordVPN's DNS servers, etc.) and I still have the same issue. On my linux machine, I changed `/etc/resolv.conf` to exactly match what it gets set to when I connect to my VPN with the nord client software (`nameserver 103.86.96.100` and `nameserver 103.86.99.100`). No luck

Q: Browser caches? App caches?
A: Yeah... that's why this has taken so long! I have been clearing those. However, I don't think I need to, because when I switch the client nordvpn software on/off, I see imediate results in my browser by just refreshing the login page (it works with the client software on, and doesn't with the client software off).

So that's about as far as I got. I'm wondering if it could be a DoT or DoH thing? But I'm not really sure how to flip that switch on/off or how to tell if that switch is getting flipped on/off when I turn on/off the nordvpn client software. I really doubt it since I would think that's something my browser is in control of? Or maybe not? I think I've tried every combination of `Enable DNS Rebind protection`, `Enable DNSSEC support`, and `Prevent client auto DoH` (I've landed on "No" for all of those which I think is where I started").

Does anyone have any tips to help me run this down?

 

[ColinTaylor]

So what happens if you turn off the VPN client on the router and use a "normal" internet connection?

 

[georgev]

Well... everything is working now... I swear I didn't change anything recently, but changing my "Accept DNS Configuration" on my VPN client connection (on the router) from "Strict" to "Exclusive" fixed everything.

I didn't have any DNS leaks before (I'm currently in India and all of my cloudflare DNS servers showing up were in the US... wait... are there only Cloudflare DNS servers in the US?). My thinking was I didn't want the VPN to do something where it pushed a DHCP config to my clients to make them use a DNS that wasn't my pihole, but I see that even when I have this set to exclusive it doesn't affect my DNS.

So, pivoting my question (and with the atmospheric that I am now a happy camper), what changes when this "Accept DNS configuration" is set to "Exclusive"? Is it just that it changes the /etc/resolv.conf on my router to whatever DNS servers are pushed by the VPN server I'm connecting to? Do we think that when it was set to "Strict" that Disney+ tried to connect to the VPN recommended servers, took too long, then fell back to a "local" option in the resolv.conf and used a DNS server that bypassed the "all traffic through the VPN" rule?

 

[CaptainSTX]

If after trying Colin's suggestion you can connect then contact NordVPN and ask them if they have a server that hasn't been blocked by Disney.

 

[georgev]

Sorry, I have a response that is currently awaiting moderator approval that clears things up a bit. The problem was that my VPN client "Accept DNS Configuration" was set to "Strict" instead of "Exclusive". So now I have a question of "what does that setting really do" that is asked in my "moderator pending" post. If the first post gets approved you can delete this one!

 

[ColinTaylor]

Sorry, I have a response that is currently awaiting moderator approval that clears things up a bit. The problem was that my VPN client "Accept DNS Configuration" was set to "Strict" instead of "Exclusive". So now I have a question of "what does that setting really do" that is asked in my "moderator pending" post. If the first post gets approved you can delete this one!

If you place your mouse pointer over the words "Accept DNS Configuration" a question mark will appear. Click the mouse button and some help text will appear explaining the options.