One of the most common errors that pops up in Google Chrome is ERR_TUNNEL_CONNECTION_FAILED. Typically, it shows up when virtual private network (VPN) or proxy users have misconfigured settings leading to a header data discrepancy. Let’s cover exactly what that means.
One of the results of the way VPNs and proxy servers hide users’ identities is replacing their browsers’ header data. More technically, when a proxy service replaces a users’ IP address with its own, the browser uses the new header data of the corresponding address – it wouldn’t make a very effective proxy otherwise.
But occasionally, Chrome has difficulty resolving the connection between itself and the proxy. Chrome requests the proxy send its header information so that it can display the requested web page, but it receives a response that it is unable to render, leading to a 502/302 discrepancy that Google Chrome triggers as, “Error 111: ERR_TUNNEL_CONNECTION_FAILED”.
Why Doesn’t Google Fix the ERR_TUNNEL_CONNECTION_FAILED Error?
It might seem to some Chrome users that if the ERR_TUNNEL_CONNECTION_FAILED error is so prevalent, it falls on Google to resolve the error from within Chrome. However, Google has all but ruled out any potential fix for this error, leaving users to handle it on their own.
Security is the mean reason why this error persists. If Chrome allows 502/302 scripts to ignore discrepancies and run in the same place as the target domain, attackers may be able to gain illicit access to Chrome users’ computers.
One of the ways they can do this is by hijacking target domain cookies. An attacker on the same network as the user could put themselves between the user and the network as a SOCKS/HTTP proxy and remain totally undetected.
Fortunately, there are a few ways users can fix this problem on their own systems. If you consistently have trouble connecting to your proxy through Google Chrome, try any of the following steps to resolve the issue.
1. Verify Your Network Settings
Before trying anything else, you should verify your network settings and make sure that Chrome is properly configured to use your proxy service:
- Open Google Chrome, Click on Settings and open the Advanced Settings tab.
- Click on Change Proxy Settings. Chrome will open the Internet Properties window.
- On the Connections tab, click on LAN Settings.
- Make sure that the Address and Port settings shown match the settings you received from your proxy provider.
- If you changed the settings, restart your PC for the new settings to take effect.
You may also set your browser to Automatically Detect Settings. If you already set your browser this way, try manually entering proxy server and port number data. In some cases, this can be enough for Chrome to figure out how to resolve the proxy connection on its own.
You may also be able diagnose overall Internet connectivity by switching your proxy off entirely and verifying if your browser can still go online. If it does, that shows the problem lies somewhere between your computer and the proxy server, or between the proxy server and the rest of the Internet.
2. Reset TCP/IP and Flush DNS
In the course of using Google Chrome on Windows, you may accidentally change specific Internet connection protocols in ways that don’t automatically reset when you restart the computer. In particular, Windows likes to remember IP addresses so that it doesn’t have to resolve them through a Domain Name System (DNS) lookup request every time you want to connect to a website (or proxy).
But if the destination IP address changes, then the address located in your system’s DNS resolver cache will no longer reflect the website or proxy you wish to connect to. If Google Chrome gets the wrong header data from the (now different) destination address, it will give you the ERR_TUNNEL_CONNECTION_FAILED error.
When this happens, you have to reset these configurations yourself.
You can reset the Transmission Control Protocol/Internet Protocol (TCP/IP) and DNS lookup record using Windows’ Command Prompt application. You must choose to Run as Administrator because some of the commands you will use are only available to users with top-level privileges to change system files.
Changing and resetting system files comes with some risks, so be sure to copy the commands exactly as written below. If done correctly, your network configuration will reset. This poses no threat to your computer, since it will reproduce these settings when you restart Windows.
The commands you want to run in Command Prompt are:
ipconfig /flushdns nbtstat -r netsh int ip reset netsh winsock reset
When you restart your computer, the next time you attempt to connect to your proxy server, Chrome will connect to the DNS server that resolves the address of that proxy as if it were brand new. This way, if the address changed in the meantime, there will be no discrepancy and no error.
3. Set a New DNS Server Address
For the most part, Google Chrome has no problem connecting to DNS servers automatically and using the service to resolve IP addresses. However, when it encounters obstacles, the ERR_TUNNEL_CONNECTION_FAILED error can pop up.
If the DNS address provided by your Internet Service Provider is not resolving addresses correctly, or is not compatible with your proxy server, then setting a new DNS server address can fix the issue. One of the most reliable ways to do this is to use Google’s DNS server address.
To set Chrome to resolve DNS requests using Google’s DNS server, perform the following actions:
- Open the Network menu on the windows taskbar. It’s the same menu you normally use to connect to Wi-Fi. Right click on it and click on Open Network and Sharing Center.
- In the window that opens, click on View Your Active Networks. Click on the network you are connected to currently.
- Click on the Properties option in the Internet Connection Status window.
- Go to the Networking tab and find Internet Protocol Version 4 (TCP/IPv4) in the list of items the connection uses. Double-click on it.
- In the resulting window, you will probably see the Obtain DNS Server Address Automatically box checked. Uncheck it and input the following two addresses:
Preferred DNS server: 18.104.22.168 Alternate DNS Server: 22.214.171.124
By setting Google Chrome to lookup IP addresses using Google’s DNS server, you may be able to sidestep compatibility issues between your browser, your proxy service, and the DNS lookup process. Google’s server should work with most proxies, but if it does not, you will have to use better proxies.
4. Use Proxies that Support HTTPS Protocol
Remember how Google wouldn’t fix the ERR_TUNNEL_CONNECTION_FAILED error because of security implications involving running scripts in the same origin as target domains in Chrome? One of the main reasons this attack vector works is because most proxy services don’t support Chrome’s HTTPS protocol – they only support HTTP.
Under the HTTPS protocol, two communicating systems agree on a code that establishes their respective identities before sharing any information. This code, scrambled and shared through Secure Sockets Layer (SSL) technology, allows two computer systems to authenticate the other before sharing data, preventing hackers from impersonating one of them.
Unsurprisingly, low-quality proxy providers don’t spend their time and effort engineering ways to correctly resolve HTTPS requests in Chrome. This leads to a situation where the low-quality proxy fails to deliver the right code to Chrome, and Chrome assumes that it must be a hacker posing as the proxy – which would be pretty bad.
In fact, the “Pretty Bad Proxy” was one of the subjects of the 2009 IEEE Symposium on Security and Privacy. It takes a great deal of development talent to create a high quality proxy (such as GhostProxies) that can handle Chrome HTTPS requests and avoid ERR_TUNNEL_CONNECTION_FAILED errors, but it’s absolutely necessary if you plan on using proxies to access HTTPS websites.
Use High-Quality Proxies to Resolve Common Errors
The ERR_TUNNEL_CONNECTION_FAILED proxy error, like most proxy errors, occurs when a proxy is unable to convince one of the systems it communicates with that it is genuine. Since web administrators and the systems they oversee cannot reliably tell the difference between a harmless proxy and a potential cyberattack vector, they have to err on the side of caution.
At the same time, major developers like Google cannot leave their systems exposed to security vulnerabilities in order to make proxies easier to use. Google’s constant quest for best-in-class security performance means it has to treat non HTTPS-compatible proxy requests as suspicious.
In fact, as of October 2018, Google will start showing a red “not secure” warning whenever users enter data on HTTP pages that don’t feature SSL encryption. It stands to reason that it will block any HTTP-based proxy service attempting to integrate with its browser application. The time to upgrade to a secure, high-quality proxy service is now.
The views, information and opinions expressed in this guest article are for educational purposes only and do not necessarily reflect the views and opinions of GhostProxies.
We do not promote illegal activities or distribute tools for such activities. All trademarks and images used in this article are property of their respective owners. Please contact us if you believe any content within this article is incorrect or in any violation of law and/or copyright.