OpenVPN TCP over 443 won't load https websites - how to fix?

Scripts with setup, destroy, and modify routing tables and firewall rulesets for client connections.
Post Reply
dpw818
OpenVpn Newbie
Posts: 9
Joined: Thu Feb 25, 2016 4:46 pm

OpenVPN TCP over 443 won't load https websites - how to fix?

Post by dpw818 » Mon May 30, 2016 11:14 pm

Hi, I've identified the issue - that when connected to OpenVPN, and OpenVPN is configured to use TCP/443, I can't open any websites that are of that same port - that is, https:// , 443. All other websites (http://) open perfectly fine. I was hoping someone could help me find a solution for how to fix this.

Thanks!!

FalconTent
OpenVPN User
Posts: 18
Joined: Fri Sep 12, 2014 3:29 pm

Re: OpenVPN TCP over 443 won't load https websites - how to fix?

Post by FalconTent » Tue May 31, 2016 12:27 pm

dpw818 wrote:how to fix this
Start by reading the Forum rules (above)

dpw818
OpenVpn Newbie
Posts: 9
Joined: Thu Feb 25, 2016 4:46 pm

Re: OpenVPN TCP over 443 won't load https websites - how to fix?

Post by dpw818 » Sat Jun 04, 2016 4:23 am

By way of background, all machines involved are Linux.

Hi, here is my OpenVPN server.conf.

Code: Select all

local 192.168.0.10
dev tun0
proto tcp
port 443
ca /etc/openvpn/easy-rsa/keys/thisisok.crt
cert /etc/openvpn/easy-rsa/keys/thisisok.crt
key /etc/openvpn/easy-rsa/keys/thisisok.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 10.8.0.2
push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.0.30 255.255.255.0"
push "dhcp-option DNS 192.168.0.1"
push "redirect-gateway def1"
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/thisisok.key 0
cipher AES-256-CBC
keysize 256
comp-lzo
user thisisok
group thisisok
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 6

Code: Select all

Below is my firewall (which is what I have a feeling it is...):

# Flush all current rules from iptables
iptables -F
#
#
# Set access for localhost - necessary for many programs
iptables -A INPUT -i lo -j ACCEPT
#
#
# Accept packets belonging to established and related connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#
#
# Allow tcp port 443 and udp port 1194 (VPN)
#1194 is not actice in server.conf, but leave open for fun
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
#
#
# Allows VPN traffic to Forward
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
#
#
# Make and exception to 'iptables -P FORWARD DROP', allowing specifically 1194 or 443 connections to forward.  Note that 192.168.0.10 could come with a port, i.e., 192.168.0.10:22 (or even a range of ports), allowing the VPN client to forward (access) only one port on the outbound.  See http://www.thegeekstuff.com/2011/06/iptables-rules-examples/
#iptables -t nat -A PREROUTING -p udp --dport 1194 -j DNAT --to 192.168.0.10
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to 192.168.0.10
#
#
# Allows proper routing of VPN subnet
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
#iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 192.168.0.10
#

# Set default policies for INPUT, FORWARD and OUTPUT chains
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#
#
# Save settings
/sbin/service iptables save
#
#
# List rules, verbose
iptables -L -v

Thanks for any help!!

User avatar
disqualified
OpenVPN User
Posts: 41
Joined: Fri Jun 03, 2016 7:13 pm

Re: OpenVPN TCP over 443 won't load https websites - how to fix?

Post by disqualified » Sat Jun 04, 2016 5:02 pm

OpenVPN requires only one iptables rule and then only if you cannot setup appropriate routing.

See this HOWTO:
HOWTO: Routing all client traffic (including web-traffic) through the VPN

dpw818
OpenVpn Newbie
Posts: 9
Joined: Thu Feb 25, 2016 4:46 pm

Re: OpenVPN TCP over 443 won't load https websites - how to fix?

Post by dpw818 » Sat Jun 04, 2016 5:41 pm

Thanks for the quick response. So to be clear, I can delete all my other iptables rules, including iptables -A INPUT -p tcp --dport 443 -j ACCEPT?

dpw818
OpenVpn Newbie
Posts: 9
Joined: Thu Feb 25, 2016 4:46 pm

Re: OpenVPN TCP over 443 won't load https websites - how to fix?

Post by dpw818 » Fri Jun 17, 2016 6:33 am

Hi, does anyone have any (non-trolling) ideas on how I could possibly solve this? Thanks a ton.

rajnunna
OpenVpn Newbie
Posts: 1
Joined: Wed Aug 29, 2018 3:47 pm

Re: OpenVPN TCP over 443 won't load https websites - how to fix?

Post by rajnunna » Wed Aug 29, 2018 3:48 pm

dpw818 wrote:
Fri Jun 17, 2016 6:33 am
Hi, does anyone have any (non-trolling) ideas on how I could possibly solve this? Thanks a ton.
I have the same issue. How did you resolve this?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4877
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN TCP over 443 won't load https websites - how to fix?

Post by TinCanTech » Wed Aug 29, 2018 5:00 pm

dpw818 wrote:
Mon May 30, 2016 11:14 pm
I've identified the issue - that when connected to OpenVPN, and OpenVPN is configured to use TCP/443, I can't open any websites that are of that same port - that is, https:// , 443. All other websites (http://) open perfectly fine
This is not true .. using port TCP:443 for your VPN has no effect on browsing the internet via your VPN.

Caveat: Encapsulating TCP packets within a TCP VPN packet does have problems ..
rajnunna wrote:
Wed Aug 29, 2018 3:48 pm
I have the same issue. How did you resolve this?
If you want a solution start here:
HOWTO: Request Help !

Post Reply