Topic: MC/VPN issues (Read 1143 times)

HPBEME · « **on:** April 15, 2022, 05:33:01 pm »

For many years now, MC and VPN have not played well together in certain circumstances. Specifically, when I use the get from Internet tool for cover art, it takes a minute+ to download the art. As soon as I turn off VPN it downloads instantly. I turn VPN back on, and the delay returns. This was true when I was using NordVPN, and the problem persists with SurfShark. This over the course of five years or so. And before anyone asks, yes I have configured Windows defender, and I have configured the firewall (Windows 10 2021H2) to allow MC through on both private and public networks.

In addition, I have configured the VPN software to allow MC29, JRservice, JRworker, and JRweb to bypass it altogether. Interestingly though, using this functionality causes MC to hang and never retrieve anything. If I simply use the VPN service as intended, I get the delay I described above, but at least it goes through eventually. I am bringing this up now, because this delay is also occurring with the new Spotlight feature.

Am I the only one who uses MC with the VPN? Surely that can't be the case. Do others have this same issue? I really like where this new Spotlight feature is going, but I am not willing to give up my VPN for it. Hopefully JRiver or one of the many brilliant brains here on the forum can help resolve my issue.

JimH · « **Reply #1 on:** April 15, 2022, 05:36:08 pm »

That's probably a VPN problem, not anything related to MC. We just use the standard network capabilities of the OS. We don't even know there is a VPN.

HPBEME · « **Reply #2 on:** April 15, 2022, 05:44:48 pm »

That is probably right, but… My VPN is lightning fast on anything else I download/upload everywhere else on the web. It is even faster than using the Internet without VPN!

Another interesting tidbit… There is no delay when I submit cover art, it is only when I download.… And only from J River - or I guess YADB to be exact. Is the spotlight feature content hosted on YADB as well? If so, maybe it's related to that?

In any event, I would be interested in others who use VPN along with MC and if they have customized their settings in such a way to tame similar issues.

terrym@tassie · « **Reply #3 on:** April 15, 2022, 11:09:32 pm »

I don't see any real subjective difference in 'Get cover art from Internet' when connected via my VPN service (Cactus). Spotlight is also unaffected when I use the VPN connection. I don't use specific VPN client software just the standard Windows VPN manually configured.

I think possibly your best approach would be to raise the issue with NordVPN support, it may be related to the way they are caching certain Internet content.

It might also be worth having a look the difference in routing using 'tracert' from the command prompt on Windows to see if you can see any major difference between your ISP connection and your VPN. This won't necessarily tell the whole story as the in my case the routing is considerably longer (more hops) and slower when using the VPN to trace the connection to yabb.jriver.com but as I said above I don't have any real subjective difference in cover art lookup (returns data in 1-2 seconds for either ISP or VPN).

Terry

Scobie · « **Reply #4 on:** April 17, 2022, 08:14:43 pm »

Potentially your VPN provider could be routing your queries to a different DNS server that is having trouble with MC lookup requests (for whatever reason), which would explain the different timings.

Could be worth trying to add an entry to your local hosts file to check if you know the address of the cover art lookup site.

HPBEME · « **Reply #5 on:** April 18, 2022, 09:40:24 pm »

Thank you for your replies Scobie and Terry.

I finally did chat support with Surfshark VPN this afternoon. We tried a whole bunch of things, but disabling a specific network setting in Firefox helped quite a bit. Under Firefox's general settings section, at the very bottom of the page, and and after you click another button labeled settings (in the network settings subsection), you get the page below. Apparently Firefox is now checking the box for Enable DNS over HTTPS by default now, which I'm okay with personally, but apparently it interferes with the VPN connection (with JRiver anyway).

Retrieving album art now takes 5 to 10 seconds (versus under a second with VPN turned off) which isn't so great, but it is still monumentally better than the minute plus it was taking before. It also loads an artist spotlight in 5 or so seconds as well. I wish it were faster, but at least it is now tolerable.

Something that might help is inputting the exact URLs for where cover art and spotlight are hosted. Before I tried having MC 29 itself bypass the VPN software, but that did not work at all. But you can also have specific URL addresses bypass the VPN, and those seem to work. For example, Album Art Exchange is inaccessible via VPN unless I put it's URL in the bypass list.

I added https://yabb.jriver.com to the bypass list, but no speed improvement with that. Any chance anyone knows what those URLs are? I am not terribly network savvy, but I could maybe figure it out if I spend enough time on it. Thanks for any help in advance.

markf2748 · « **Reply #6 on:** April 20, 2022, 11:33:28 am »

Quote from: HPBEME on April 18, 2022, 09:40:24 pm

Apparently Firefox is now checking the box for Enable DNS over HTTPS by default now, which I'm okay with personally, but apparently it interferes with the VPN connection (with JRiver anyway).

I found the following Firefox support article interesting. Near the bottom it describes how you can keep "Enable DNS over HTTPS" checked, but then specify domains to be excluded from HTTPS lookup and use OS default resolver for them instead:
https://support.mozilla.org/en-US/kb/firefox-dns-over-https
May be worth a try for your case, if you get those URLs and generally prefer the added security of HTTPS lookup.

HPBEME · « **Reply #7 on:** April 20, 2022, 08:24:39 pm »

Thanks Mark, I had not read the article so that is interesting information. That said, I feel fairly secure since I use VPN 24/7. However, I may indeed take the specified domain approach you noted, if… if... I can get somebody to provide me those URLs!

voodoo5_6k · « **Reply #8 on:** April 21, 2022, 12:21:41 am »

Quote from: HPBEME on April 20, 2022, 08:24:39 pm

Thanks Mark, I had not read the article so that is interesting information. That said, I feel fairly secure since I use VPN 24/7. However, I may indeed take the specified domain approach you noted, if… if... I can get somebody to provide me those URLs!

I take it from your OP that you use some sort of VPN client on your OS? If so, does it have something like a "killswitch", preventing traffic from leaking through the regular gateway in case the tunnel fails? And have you tested for DNS leaks?

For privacy reasons I also prefer to run a VPN 24/7 for a long time. But only in specific subnets. For others, this is not possible or not intended (e.g. my VoIP subnet, or the subnet in which the FireTV sits). First, I had used the client software of the VPN provider. Later, I switched to using OpenVPN (open source). But finally, I wanted it as airtight as possible. Therefore, my router (Supermicro E200-9A, 16GB ECC) runs 30 OpenVPN clients to form a gateway group on pfSense. Subnets that are supposed to use VPN have specific rules to tag their traffic with a VPN flag. A floating rule assures no tagged traffic ever leaves the standard gateway (even if all 30 OpenVPN clients should fail, no traffic would leave the standard gateway). In addition, I have a dedicated DNS resolver (talking directly to the DNS root servers) in its own subnet, sending all of its requests (be it on port 53 or 853) through the VPN gateway group, and therefore preventing DNS leaks.

Basically, my network infrastructure ensures VPN is run 24/7, and my DNS is entirely from within the VPN, without any client having to do anything, no need to start any software and monitor it constantly in fear it might fail...

So, this might be an idea for you, in case you want to make the whole setup more transparent, have less user interaction and no client software on the OS, and hence, less potential for failure.

Anyhow. I never had any issues with MC over VPN. Granted, I don't use Firefox (but MC doesn't use it too, does it?). All works fine, when it needs the internet (which is only when MC is supposed to get Movie & TV info etc. or has to update itself). 99% of the time though, MC does not have any internet access privileges.

If the Firefox setting affects MC (which uses Edge, if I'm not mistaken), then it should affect other software too. Does it? If it does, then this is not correct in my books. It should point out that it'll make a global change and make the user aware of the potential consequences. And as this is a default setting, it probably just does it during installation, without any opt-in? Not good. At any rate, something's seemingly not really working smoothly on your system's network part. One browser's settings aren't supposed to affect another browser (or other software). The network settings of the OS are the place to do those kind of changes.

JimH · « **Reply #9 on:** April 21, 2022, 06:40:57 am »

Interesting post, voodoo5_6k.

MC uses either Chromium (not the browser) or its equivalent from Edge. They are the browser engines, not the browsers themselves. They can be selected in Options > View. Firefox is not used.

isaccasi1234 · « **Reply #10 on:** April 21, 2022, 08:24:07 am »

Hi, I use NordVPN & JRiver without any issues

HPBEME · « **Reply #11 on:** April 22, 2022, 01:17:45 am »

Hello voodoo5, and thanks for the incredibly detailed post… Wow! The vast majority of that is over my head but I'll try and respond at least a little bit.

Quote from: voodoo5_6k on April 21, 2022, 12:21:41 am

I take it from your OP that you use some sort of VPN client on your OS? If so, does it have something like a "killswitch", preventing traffic from leaking through the regular gateway in case the tunnel fails? And have you tested for DNS leaks?

I use software VPN from surfshark, and it includes a kill switch which I always keep active. I have checked for DNS leaks and it passes.

I know I'm in a small minority of people who continue to use Firefox, but I have it so heavily customized with CSS scripts and extensions that I simply cannot live without it. I don't foresee moving to a different browser. As for the setting that I changed per surfshark support, I cannot say for sure if it's affecting anything else… If it is, it isn't anything that has manifested itself to me.

As for the MC/VPN issues that I've experienced over the years, it has been both with both NordVPN and now surfshark. That said, other people don't seem to have the same VPN issues, so it could very well be Firefox is the culprit, and if not Firefox default set up, then Firefox with all my customizations. All that said, the changes implemented have helped a lot. I may spend some time investigating some the things you mentioned in your post to see if I can speed things up a bit so it is more like a straight connection without VPN.

Thanks again for your very thorough reply - much appreciated.

INTERACT FORUM

Author Topic: MC/VPN issues (Read 1143 times)

HPBEME

MC/VPN issues

JimH

Re: MC/VPN issues

HPBEME

Re: MC/VPN issues

terrym@tassie

Re: MC/VPN issues

Scobie

Re: MC/VPN issues

HPBEME

Re: MC/VPN issues

markf2748

Re: MC/VPN issues

HPBEME

Re: MC/VPN issues

voodoo5_6k

Re: MC/VPN issues

JimH

Re: MC/VPN issues

isaccasi1234

Re: MC/VPN issues

HPBEME

Re: MC/VPN issues