This morning at 4.30am I found myself following an ambulance to the nearest NHS hospital around 15 miles from my home here in the UK. This was for a heart issue, including tightness in the chest. After arriving I couldn’t obtain a mobile signal anywhere and later discovered that O2 had a massive outage, which has been widely reported since then in the press.
Luckily there was NHS guest wi-fi available, so I registered and immediately had a wi-fi signal, but no internet and this carried on for a couple hours while I was trying to send emails without luck. Eventually it dawned on that it might be 1.1.1.1 that was the problem so I disconnected the app on my Android phone and immediately had internet.
I don’t know why, but for whatever reason the NHS doesn’t seem to like 1.1.1.1, so I am posting this in the hope that Cloudflare can investigate and hopefully not have others experience this in the future.
That would be an issue with NHS’s network configuration, as they are either using hardware that has inappropriately used 1.1.1.1 for itself, or they’re actively blocking traffic to 1.1.1.1.
I’m curious if the 1.1.1.1 app gives any indication if it’s actually working. I’m looking at mine on iOS and it’s saying “Connected” but I’m not sure if it’s the app’s VPN that’s “Connected” or if it’s actually connecting to a 1.1.1.1 server.
I wonder if it can auto-disconnect with a warning if it’s not working.
The NHS is a crazy large organisation with an annual budget for England alone of roughly £125 billion, so it seems unlikely their hardware would be using 1.1.1.1, but it’s possible they are blocking traffic from 1.1.1.1 for some reason. Perhaps they want to monitor what sites you are visiting?
When you arrive at a hospital, you’ll see a dozen wifi networks that are all locked, apart from the guest wifi that brings up a registration screen with T&Cs when you select it. The whole time I was connected to 1.1.1.1 via the app I was unable to reach any web page or access email.
The wifi signal was fine, so eventually I checked the network info and found I was connected at 30mbps with a good signal. That made me think about 1.1.1.1, so I flicked the switch in the app to the off position, then I was immediately able to use the internet.
They may not be using Cloudflare’s 1.1.1.1 services, but there is a very strong possibility NHS (as many businesses make the same mistake) are trying to use public IP addresses internally.
Also, don’t forget how hard they were hit by WannaCry not so long ago and still not where they should be.
It’s most likely that the NHS don’t like people using their guest network without using their internal DNS servers (these may be a part of their content filtering design) so block attempts to tunnel out to 3rd party DNS servers. Pretty standard, esp in a big coporation.
By default, I believe the app does DoH to 1.1.1.1. So they must be blocking 1.1.1.1 traffic, or just have 1.1.1.1 assigned to some internal hardware. I suspect the latter.