URLs with complex query strings will not download data with OpenVPN connected

I haven’t been able to pin this down to a very specific circumstance, but it seems that it happens consistently when trying to load URLs with very complex query strings. An example that consistently fails are Google’s redirect URLs that are used in search results. Sometimes other URLs fail, but URLs with long query strings fail 100% of the time.

For example if I search Google for openSUSE forums this web site comes up as the top result. If I click the link it doesn’t go directly to forums.opensuse.org but instead uses “google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC8QFjAA&url=http%3A%2F%2Fforums.opensuse.org%2F&ei=jmWKUvbTKKabiALpq4CABg&usg=AFQjCNF7sLC5NeTsLTaCVygE-XZu_DD9zw&sig2=pqwrLV38DQLppfUw__6HWA&bvm=bv.56643336,d.cGE” to redirect me to this site.

If I disable the VPN everything goes back to normal.

I’m not sure if this helps, but I put the URL into wget to see exactly where the request was hanging and this is where it stops:

~> wget https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC8QFjAA&url=http%3A%2F%2Fforums.opensuse.org%2F&ei=jmWKUvbTKKabiALpq4CABg&usg=AFQjCNF7sLC5NeTsLTaCVygE-XZu_DD9zw&sig2=pqwrLV38DQLppfUw__6HWA&bvm=bv.56643336,d.cGE[1] 4785
[2] 4786
[3] 4787
[4] 4788
[5] 4789
[6] 4790
[7] 4791
[8] 4792
[9] 4793
[10] 4794
[11] 4795
[12] 4796
[2]   Done                    rct=j
[3]   Done                    q=
[4]   Done                    esrc=s
[5]   Done                    source=web
[6]   Done                    cd=1
[7]   Done                    cad=rja
[11]-  Done                    usg=AFQjCNF7sLC5NeTsLTaCVygE-XZu_DD9zw
[12]+  Done                    sig2=pqwrLV38DQLppfUw__6HWA
chris@linux-pnvz:~> --2013-11-18 11:10:40--  https://www.google.com/url?sa=t
Resolving www.google.com (www.google.com)...,,, ...
Connecting to www.google.com (www.google.com)||:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: `url?sa=t.1'

     <=>                                   ] 1,223       --.-K/s   in 0s      

2013-11-18 11:10:42 (30.6 MB/s) - `url?sa=t.1' saved [1223]

So far I’ve left it up for over ten minutes and it doesn’t budge. In the browser it sits at “Waiting for www.example.com…”. Using wget on a more basic url like google.com works almost 100% of the time and retrieves the index.html file.

I’m fairly certain this isn’t my VPN provider (PrivateInternetAccess) as the VPN works fine on my phone and Windows PC. The VPN config is pretty basic. Password auth, ca file in place, with LZO compression on, and IPv4 method set to Automatic addresses only per the instructions on my VPN provider’s web site.

What are some steps I can take to troubleshoot this further to find out where the failure is happening? Thanks.

You are apperently having this using a browser. Which browser(s)?

And when you are at it providing basic information, which version of openSUSE?

And about the wget statement you typed. It is realy only intepreted up until the & when you do not escape it. The & lets it then go into the background (with PID 4785). And as there are more & characters there there are more PIDS reported below that. Most of them will soon error because they do not realy have any useful command that works (the Done lines show what tthe commands are).
In short, your wget gives no information at all about your problem.

The problem occurs in Chrome, Firefox, and Konquerer.

OpenSUSE 12.3 running kernel 3.12, but it occurred using the release kernel as well.

I know the phenomenon of redirection through google from coffeeshops in town, but I’ve never seen the resulting urls being crippled, it works fine.
Did you by any chance edit /etc/resolv.conf to try to fix it? I wanted to use google’s dns’s and changed resolv.conf. As a result the internet connection went into a horrible state. Removed resolv.conf, restarted the networking and all was fine again.

I did not. I did have Google DNS configured in the VPN options but I tried removing it and I get no change in results. I also have Google DNS configured in the router DHCP settings but that shouldn’t cause this as I’ve had that set for many months.

Can you provide nameserver details for the cases where is VPN enabled and disabled?

grep -i name /etc/resolv.conf

Recommend searching the system log for possible hints if you want to spend time on it.

This could be a very difficult problem to track down, IMO would require knowing exactly your VPN configuration.
Many VPN configurations (some what say most) will configure DNS queries be performed <outside> the VPN tunnel itself. Is a reason why some VPN tunnels are criticized for lacking privacy (anyone could sniff the DNS queries to know <where> you’re likely connecting to even if they can’t decode the tunnel sessions themselves).

I’ve seen this intermittently.
So, for example when I do a Google search if clicking on the link doesn’t work, I’ll just copy the result’s URL and paste it into a new tab.

And, it likely has to do with <how> Google is executing its re-directs since I don’t remember this problem seen anywhere else.

Just one in a number of annoyances I run into from time to time with VPN tunnels but are too esoteric for me to spend substantial time on them…