TLS Handshakes on SOCKSv5 Proxy

blueberrypie · August 9, 2018, 11:13pm

Please follow the below template, it will help us to help you!

Expected Behaviour:

[I am SSH tunneling using SOCKSv5 to my proxy server at home that is using pihole for DNS & DHCP. From the remote location I use Firefox and have it set to "Proxy DNS when using SOCKSv5." When proxying I expect ad-free websites from the remote location to load at almost the same speed as if I was directly on the proxy server at home. I am running pihole 4.0 on Raspbian Stretch Lite, and everything is up-to-date.]

Actual Behaviour:

[Ad-free webpages load, but seem a little slow. At the bottom of Firefox I can see numerous TLS handshakes occurring to different ad websites. Is there something that I can do to prevent these unnecessary handshakes? It seems like this wasted chatter is what's causing the pages to load slow.]

Debug Token:

[89sy3i576c]

blueberrypie · August 10, 2018, 5:16pm

How do I determine the blocking method?

blueberrypie · August 10, 2018, 5:23pm

BTW, as an example, when I have "Proxy DNS when using SOCKS v5" selected in Firefox it takes 20 seconds for a page to load. If I unselect it, the same page loads in three to four seconds.

jfb · August 10, 2018, 11:37pm

If you haven't changed it in Pi-Hole, the default for V4 is NULL. Pi-Holed requests return IP 0.0.0.0.

This will show in your debug log, when you tail your pihole log, and if you run a dig command on a site in your block list.

Run dig flurry.com for a test. That's a known ad-serving site that is on the standard block lists that load with Pi-Hole.

More reading here: Blocking mode - Pi-hole documentation

blueberrypie · August 13, 2018, 8:25pm

This is what I got...

dig flurry.com

; <<>> DiG 9.10.3-P4-Raspbian <<>> flurry.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23775
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;flurry.com. IN A

;; ANSWER SECTION:
flurry.com. 2 IN A 192.168.1.88

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Aug 13 20:24:01 UTC 2018
;; MSG SIZE rcvd: 55

jfb · August 13, 2018, 8:28pm

That's IP blocking, the Pi-Hole returned it's own IP for the blocked domain.

I don't think that's related to your speed problem. Is there a reason you are using SOCKSv5 on Firefox?

blueberrypie · August 13, 2018, 8:35pm

For privacy reasons, and because I don't want to install a VPN adapter on this machine.

blueberrypie · August 16, 2018, 9:30pm

Anyone else have any other thoughts on this?

system · September 6, 2018, 9:36pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.