I give up... Amazon thinks I have a VPN on this one computer but I do NOT

Great idea.

I went ahead and checked the public facing IP address from two different PC’s and even did it on my phone (connected over WiFi). All 3 devices are showing the same IP address.

And yes, I didn’t think it was my IP either at first because other devices were working but then when I did that phone tether from the same computer… it worked fine. And the only change I made was a different network (mobile) It makes no sense to me!

Btw, it IS a business gateway router. I am wondering if the router is somehow forwarding my traffic differently like you said?

I am wondering if the router is somehow forwarding my traffic differently like you said?

It is possible for a router or gateway device to perform such an operation. But if the router was singling out this one machine and forwarding just their traffic to a proxy or VPN, we would have seen a difference in the IP address. Because we would have seen the IP address of the proxy or VPN exit node when visiting https://iplocation.net/, instead of seeing your ISP IP address.

Instead, since https://iplocation.net/ is reporting the same IP address even from non-problem machines, well, Amazon’s servers should be seeing the same IP address as the non-problem machines, too. Unless we’re going to subscribe further to the crazy, and propose something is only forwarding Amazon traffic differently.

Still, “it’s the router” is the possibility that makes the most sense, if you were able to tether the problem machine to your phone hotspot – thereby bypassing using your ISP – and the problem machine suddenly worked fine.

If we were talking about something like software on the problem machine forwarding everything to a proxy, or your HOSTS file was directing your Amazon DNS requests to a different IP address, or even the ad-blocker you eliminated or some other browser extension causing request differences that were identifiable by Amazon, all of that should have still been a problem over the tethered hotspot connection, too.

But this evidence is still contradictory. We know “it’s not the computer”, because when tethering, the same computer and software configuration works. But when using your ISP, web pages like https://iplocation.net/ say the problem computer is coming from the same IP address as the non-problem computers, thereby ostensibly proving “it’s also not being forwarded differently.”

We were going to get somewhere investigation-wise if “only one or the other” of those things were true. But since both are true, the problem is apparently just more subtle than anything we’re currently thinking to look at / test / eliminate. It’s a bit of a conundrum.

My best guess now is that Amazon is mis-reporting some condition as “VPN or proxy” when in fact it has nothing to do with VPN or proxy or IP address. But the question is still “what could it be”, knowing that when you tether this same computer and software, Amazon works fine.

I appreciate you continuing to reply to me.

So I found something that works… weirdly. cameos (below) mentioned Edge has a built in VPN. So I went ahead and turned it on. And it worked. lol Gotta be kidding me. I turn on a VPN and it works. Sigh.

This makes no sense to me at all. I’d leave it on but it’s only 5 gigs free. I am able to play the video after the page has loaded through the VPN and can disabled it and still hit play and it works. Though I don’t know if the session is still “technically” on the VPN even though I’ve turned it off in the browser. Does that make sense?

I also tried the tether again to see if the IP was somehow different when I did it over my phone. It was not. I even unplugged the ethernet cable from my desktop, connected to my USB phone which is on the same network and got the SAME IP address as if I was still on the Ethernet cable. And for some weird reason it will work when tethered but not over the Ethernet even though they are both on the same Gateway Router.

The ONLY difference I can think of would be I happen to have a 24 port switch in between this PC and the router but its just a dummy Netgear switch. I can’t fathom that would do anything.

There’s one more thing.

This PC is actually the ONLY one that is connected to the Ethernet I was able to test. All the other computers, TV are on WiFi. It’s the same Gateway Router but I wonder if somehow the Gateway is routing traffic differently over the wired and non-wired connections. What do you think?

There wouldn’t inherently be anything different between the IP traffic being handled over WiFi and the IP traffic being handled over wired Ethernet through the same gateway.

All of the IP traffic finally ends up going through the NAT on the gateway router, such that only the ISP’s public IP address for your service ends up being the “from” IP address; no matter which WiFi or wired Ethernet computer might have initiated the communication. When a reply comes back, it’s the NAT in your gateway router that knows how to translate that back to the local WiFi or wired Ethernet computer who initiated the request.

So your gateway router can’t really “go crazy” and just put a different “from” IP address on packets from a specific computer. Because if it did that, the responses to those packets would never come back to your gateway router. The responses would try to go to whatever “false” IP address had been used as the “from” address, and since it wasn’t your ISP’s public IP address, none of the Internet would cooperate in routing those packets back towards you or your ISP.

I’ve been trying to think of how having a router feature enabled like “DMZ” might create an unusual scenario, but not even that seems to fit with the symptoms. e.g. If you enabled DMZ for this one computer at some point in the past, because it needed to run a game server or similar which needed to be “outside” of your gateway router’s firewall and other normal protection features in order to operate correctly.

But not even that would “make your IP communication look different to Amazon.” It would just make less protection for this one computer if anything attempted to communicate /inbound/ to your ISP IP address.

Agree the non-managed switch between this computer and the gateway router doesn’t sound like a likely suspect either. I suppose you could rule that out definitively with a long enough Ethernet cable, to temporarily plug the problem computer directly into the gateway router, bypassing the non-managed switch.

I will say it’s a little unusual that you’re observing the tethered test “didn’t show a different IP address.” Typically turning on your hotspot would force the use of cellular data rather than “whatever WiFi the phone is connected to.” So it should have been your cellular carrier-assigned IP address instead of your ISP-assigned IP address. Maybe the USB-based tether didn’t have to behave that way, and simply used the phone’s WiFi?

But in that case, what we’re actually saying is the conclusion you already reached. Which is that WiFi connections would be fine when accessing Amazon, even if you slapped a WiFi adapter into the problem computer to use instead of the Ethernet. Since if your IP address didn’t change during the USB-tethered test, that’s essentially the action you were performing.

Perhaps try disabling the Windows Firewall temporarily as a troubleshooting step? Those rules can be tied to specific interfaces and/or specific classes of networks (“Public”, “Private”, etc.), and maybe there is something only applying to the Ethernet interface on that computer.

Not that there is a rule I can say “would directly cause this behavior.” It’s more along the lines of “Amazon is reporting this VPN message for a situation that is not actually a VPN issue”, because something was blocked and it punted to the wrong message.

Disabling the Windows Firewall temporarily would rule that out if the Ethernet connection still didn’t work with Amazon. Note if you have a third-party firewall installed (Norton 360, etc.) that’s the one you have to disable instead of Windows Firewall.

Please know we are really just guessing at this point, looking for something that exposes more clues.

I’m guessing at this point too.

I went ahead and disabled the firewall completely. No dice. Still same message. I checked the inbound/outbound rules too just in case but I didn’t see anything strange in there. I do not have any other firewalls installed. Nor have I have installed an AntiVirus like Norton.

I agree that the cell phone would normally switch to the carrier but it really did have the same IP address when I did a public lookup on it. It also said it was still connected to my WiFi so I assume that is what it was using.

I’m going to go try and see if just changing the port will somehow miraculously do something. Maybe even just plug it directly in to the router… bbiab.

Found something interesting.

So I took a different computer that was on WiFi and logged in to it. Worked fine with Amazon.

Then I carried it up here, plugged it in via Ethernet… got the error message.

So something is somehow different with this Router that routes traffic differently when you are on WiFi vs Ethernet.

I already did a factory reset on it (which was a real pain connecting all my devices back to) and the problem still persisted. But how in the world can Amazon know if I’m on Ethernet vs WiFi???!

Yeah no go. Didn’t think it would actually work but trying anything at this point.

I have no idea what else to try.

Interesting. So you plugged directly into the router on that test, or was this still also going through the unmanaged switch too?

It’s certainly not that “Amazon knows Ethernet versus WiFi” in any literal sense. But yes, those results do appear to indicate that something (whether its the router or not) is affecting the traffic that originates from the Ethernet side in some manner that its not doing for the traffic that originates off the WiFi interface.

It would be typical that the router is giving out the same information via DHCP to both the WiFi and the wired connections. But if you run an IPCONFIG /A in a command prompt, do you see anything different on DNS server address(es) or gateway address on the Ethernet connection versus the WiFi connection(s)?

Having factory reset the router should have eliminated any kind of “wrong” quality of service settings or similar that might have been in play. Not that I can draw a straight line between that and getting the result Amazon shows.

Just in case the Ethernet switch isn’t as unmanaged as we’re assuming, a test to bypass that switch and go directly to the router would still be good if not already done, just to make sure there isn’t some kind of QOS or VLAN settings being applied there, either.

Just want you to know I really appreciate you taking the time out of your day to reply back and try and help me through this. It means a lot. Thank you.

This “test” was done directly in to the router. I unplugged the ethernet from the switch and put it in to one of the ports in the back of the Gateway Router. And yes, it would not work unless I changed it over to WiFi. Which is seriously confusing to me.

I assume when you state iponfig /a (you mean /all) which I’ve done. It showed the same information. I have 3 entries for DNS. The ipv6 (2600:1700:etc…) and then 8.8.8.8 and 8.8.4.4. Though I don’t know if the Gateway Router itself is handling DNS traffic or not?

And yes I completely reset that router to factory settings. (It was not fun)

I’m at a loss here…

​

Do you by chance know anything about double NATs and/or WAN’s in how that might affect this? I’m not entirely sure how but I’m grasping straws here.

Any time I’ve been behind multiple NATs “it always just worked”, so I don’t have any specific experience saying that’s going to be a problem or who’s NAT implementation might be a problem in that situation.

Depending on how cramped your ISP is for IPv4 address space its possible they have you behind NAT too, in addition to the NAT you have to have at your home gateway router. But if that’s happening there is generally nothing you can “do” about it, unless they offer additional paid services like assigning you static IPv4 addresses, which could take you out from behind the NAT at the ISP end. (Leaving you with only the NAT of your home gateway router.)

Seeing the 8.8.x.x usually to me means someone changed the DNS address(es) being issued by their home gateway router’s DHCP, in order to get around some unreliability of the ISP’s own DNS services. (Comcast: “Why are you looking at me when you say that??”) The 8.8.x.x DNS server’s are Google’s development DNS servers that many people like to rely on. If that’s what you’ve got after a factory reset of the router, then I guess there is a router which defaults to that too, although I’ve personally never seen that.

Seeing a DNS server with an IPv6 address in your IPCONFIG output does make me assume that must be the gateway router itself. Which is normally the default; the gateway router would give out a DNS server address that simply points to the IPv4 and IPv6 of the gateway router itself. The gateway router then, in turn, would use whatever DNS server(s) are being provided by the DHCP-assigned IP address from your ISP.

So the computers in your home would appear as “I’m using 192.168.1.1 as the DNS server” or similar, but in reality that means you’re using whatever the ISP’s auto-assigned DNS servers are, because that’s who the gateway router will forward those DNS requests to when your home computers send them to 192.168.1.1.

But in your case, it appears the gateway router itself is handing out 8.8.x.x addresses as the DNS server addresses, because those are the DNS addresses you’re seeing in IPCONFIG at the computers inside the home. i.e. It’s more than just saying “your ISP is using 8.8.x.x for DNS” – your ISP may or may not be using those same DNS addresses; we don’t know what DNS addresses the ISP would have otherwise assigned. But we can say your gateway router inside the home is telling computers inside the home “use 8.8.x.x for DNS.”

I don’t expect wrong answers to come from the 8.8.x.x DNS servers. The wildcard is whatever the IPv6 DNS address is, since that could be the IPv6 of your router (and the router in turn is using whatever the ISP assigned for DNS), or maybe this IPv6 address is being explicitly configured like the 8.8.x.x IPv4 DNS addresses are (presumably) being configured.

What happens if, on the problem Ethernet-connected computer, you temporarily unbind from IPv6 entirely, leaving only IPv4 bound to the Ethernet adapter. The Nord VPN knowledgebase article explains doing that clearly enough.

This is going to eliminate not only use of the IPv6 DNS address, but also just eliminate IPv6 communication in general from the wired computer. If Amazon’s DNS entries had been providing IPv6 answers in addition to IPv4 addresses, maybe this change even makes your communication to Amazon now be over IPv4 whereas previously it was using IPv6. Or if the IPv6 DNS address your home computer was getting from the gateway router was a lame ISP DNS server address, maybe the answers we get back from DNS are now different or more correct by eliminating whatever the IPv6 DNS server reference is to.

Those two DNS’s are tied to this computer. They are in the entries under Network Properties. I can remove them if you think it would help.

I’ll try the IPv6 thing later and let you know. Have to go downtown today. I’ll report back later!

THAT WAS IT!

That worked!

I didn’t even have to restart. I just unchecked the ipv6 and it worked. I honestly didn’t think there was ever going to be solution. Wow, you were amazing!

I guess now the only question is… is it ok to navigate the web this way? And also maybe, why is this even a problem?

But thank you for figuring this out and sticking it out with me. You truly were a great help and knowledgeable. Thank you so much.

If they were locally configured rather than being given out via DHCP, it seems even less likely the DNS could be the issue. (Even though we trust Google’s DNS to have correct answers, regardless.) Because if the 8.8.x.x addresses were just configured overrides on this one computer, why would plugging another computer into the Ethernet instead of WiFi then also show the same failure.

Still, if it were in front of me, I would at least try removing them and reverting back to the same DNS all the other devices are using “just to be sure.” But it doesn’t seem like the evidence points that way.

Yeah, the IPv6 test seems like a better possibility for affecting the issue. It wouldn’t explain why IPv6 isn’t also an issue on WiFi, but one guess at a time…

Well, that’s interesting. Disabling IPv6 has kind of “tested two things at once”, since it both keeps the machine from using IPv6 for communication (regardless of whether it needed DNS to look up IPv6 service addresses or not), but it has also stopped the machine from using the IPv6-specified DNS server (which, since we don’t know who’s DNS server this was actually querying, has some possibility of being a DNS server that was giving wrong answers).

Yeah, you’re completely fine without IPv6 for the foreseeable future. There are plenty of folks without working IPv6 support through their ISPs, and they’re all using the public Internet just fine. IPv6 is the key to a future in which there are more devices than addresses, but we have continued to be more successful in preserving IPv4 address space, and every common public service available on the Internet still has IPv4 addresses (whether in addition to IPv6 or not). It was expected that “the day when IPv6 will be required” was already going to happen. But it still hasn’t happened yet, and doesn’t even feel imminent as it once did. For now.

Now that we know what we’re searching for, looks like we weren’t the first to figure this out: https://www.reddit.com/r/ShieldAndroidTV/comments/kzcr7h/disabling_ipv6_allowed_amazon_prime_to_finally/. I see some other discussions of disabling IPv6 to solve Amazon issues, but they’re cases of folks who actually are using an IPv4 VPN, but their ISP has IPv6 support and Amazon used their IPv6 address to betray to actual non-VPN-hidden location.

Nothing urgent, but if you continue to have the urge to experiment, one thing I would try is re-binding IPv6 and then explicitly configure the DNS. Meaning, instead of whatever the previous “2600:1700:…” DNS server address was, explicitly configure Google’s IPv6 DNS server address(es), same as you had explicitly configured Google’s IPv4 DNS server 8.8.x.x addresses. That info is available at https://developers.google.com/speed/public-dns/docs/using .

Because we /might/ still be in a case where “only the IPv6 DNS server specified was the issue” (not knowing who that DNS server actually is), and so pointing to Google’s IPv6 DNS server and then continuing to use IPv6 might address the problem.

But we might be in a case where it’s the IPv6 communication itself that is the issue. Meaning, your ISP does support and provide you with IPv6 addressing, but the manner in which your ISP is providing this IPv6 support /actually does/ involve a proxy, and hence Amazon’s reaction when IPv6 was allowed to be used.

Glad you found a way to make the Ethernet machines happy. That was going to bug both of us if it had continued to remain a mystery.

I completely agree about bugging me to no end because it just didn’t make any sense why it wasn’t working. I would have never thought to have disabled the ipv6 if it wasn’t for you. You have been incredibly helpful through all of this.

I went ahead and turned it back on and added the Google DNS’s to the ipv6. Tried Amazon, no go. Didn’t work. Turned ipv6 off it started working again.

I also looked to see if there was a way for me to put DNS entries directly in to the Router but I could not find anywhere to do so. I’m guessing AT&T might just have something on their end?

Either way, if it is safe to navigate without the ipv6 turned on, then I’ll probably just keep it off. Just nice to not have to go through the hassle of turning things on and off or broadcasting from the phone to watch something off of Amazon Prime.

Thank you again for your help and assistance. It is such a nice feeling to have another human being be so kind and helpful out of the goodness of their heart.

Thank you,
Kev

Well you’re very welcome. We were certainly not guaranteed to find anything, so I’m glad that it did work out.

Yeah, if adding the IPv6 DNS server addresses from Google still failed with IPv6 enabled, then my guess is that your ISP’s IPv6 support actually does “look like a proxy” to Amazon for some reason. Which if true, there isn’t really anything you can do from your end about that, but could be something to remember if talking to the ISP again in the future about this or some similar issue “solved” by disabling IPv6 usage.

Have fun not thinking about routers or IP addresses for a while.