Page 1 of 1

OpenVPN TCP over 443 won't load https websites - how to fix?

Posted: Mon May 30, 2016 11:14 pm
by dpw818
Hi, I've identified the issue - that when connected to OpenVPN, and OpenVPN is configured to use TCP/443, I can't open any websites that are of that same port - that is, https:// , 443. All other websites (http://) open perfectly fine. I was hoping someone could help me find a solution for how to fix this.

Thanks!!

Re: OpenVPN TCP over 443 won't load https websites - how to fix?

Posted: Tue May 31, 2016 12:27 pm
by FalconTent
dpw818 wrote:how to fix this
Start by reading the Forum rules (above)

Re: OpenVPN TCP over 443 won't load https websites - how to fix?

Posted: Sat Jun 04, 2016 4:23 am
by dpw818
By way of background, all machines involved are Linux.

Hi, here is my OpenVPN server.conf.

Code: Select all

local 192.168.0.10
dev tun0
proto tcp
port 443
ca /etc/openvpn/easy-rsa/keys/thisisok.crt
cert /etc/openvpn/easy-rsa/keys/thisisok.crt
key /etc/openvpn/easy-rsa/keys/thisisok.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 10.8.0.2
push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.0.30 255.255.255.0"
push "dhcp-option DNS 192.168.0.1"
push "redirect-gateway def1"
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/thisisok.key 0
cipher AES-256-CBC
keysize 256
comp-lzo
user thisisok
group thisisok
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 6

Code: Select all

Below is my firewall (which is what I have a feeling it is...):

# Flush all current rules from iptables
iptables -F
#
#
# Set access for localhost - necessary for many programs
iptables -A INPUT -i lo -j ACCEPT
#
#
# Accept packets belonging to established and related connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#
#
# Allow tcp port 443 and udp port 1194 (VPN)
#1194 is not actice in server.conf, but leave open for fun
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
#
#
# Allows VPN traffic to Forward
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
#
#
# Make and exception to 'iptables -P FORWARD DROP', allowing specifically 1194 or 443 connections to forward.  Note that 192.168.0.10 could come with a port, i.e., 192.168.0.10:22 (or even a range of ports), allowing the VPN client to forward (access) only one port on the outbound.  See http://www.thegeekstuff.com/2011/06/iptables-rules-examples/
#iptables -t nat -A PREROUTING -p udp --dport 1194 -j DNAT --to 192.168.0.10
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to 192.168.0.10
#
#
# Allows proper routing of VPN subnet
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
#iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 192.168.0.10
#

# Set default policies for INPUT, FORWARD and OUTPUT chains
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#
#
# Save settings
/sbin/service iptables save
#
#
# List rules, verbose
iptables -L -v

Thanks for any help!!

Re: OpenVPN TCP over 443 won't load https websites - how to fix?

Posted: Sat Jun 04, 2016 5:02 pm
by disqualified
OpenVPN requires only one iptables rule and then only if you cannot setup appropriate routing.

See this HOWTO:
HOWTO: Routing all client traffic (including web-traffic) through the VPN

Re: OpenVPN TCP over 443 won't load https websites - how to fix?

Posted: Sat Jun 04, 2016 5:41 pm
by dpw818
Thanks for the quick response. So to be clear, I can delete all my other iptables rules, including iptables -A INPUT -p tcp --dport 443 -j ACCEPT?

Re: OpenVPN TCP over 443 won't load https websites - how to fix?

Posted: Fri Jun 17, 2016 6:33 am
by dpw818
Hi, does anyone have any (non-trolling) ideas on how I could possibly solve this? Thanks a ton.

Re: OpenVPN TCP over 443 won't load https websites - how to fix?

Posted: Wed Aug 29, 2018 3:48 pm
by rajnunna
dpw818 wrote:
Fri Jun 17, 2016 6:33 am
Hi, does anyone have any (non-trolling) ideas on how I could possibly solve this? Thanks a ton.
I have the same issue. How did you resolve this?

Re: OpenVPN TCP over 443 won't load https websites - how to fix?

Posted: Wed Aug 29, 2018 5:00 pm
by TinCanTech
dpw818 wrote:
Mon May 30, 2016 11:14 pm
I've identified the issue - that when connected to OpenVPN, and OpenVPN is configured to use TCP/443, I can't open any websites that are of that same port - that is, https:// , 443. All other websites (http://) open perfectly fine
This is not true .. using port TCP:443 for your VPN has no effect on browsing the internet via your VPN.

Caveat: Encapsulating TCP packets within a TCP VPN packet does have problems ..
rajnunna wrote:
Wed Aug 29, 2018 3:48 pm
I have the same issue. How did you resolve this?
If you want a solution start here:
HOWTO: Request Help !

Re: OpenVPN TCP over 443 won't load https websites - how to fix?

Posted: Sat Apr 22, 2023 11:47 am
by spartanjack
Same issue. Macbook pro.

Code: Select all

curl -v http://website
works but

Code: Select all

curl -v https://website
doesn't.

Re: OpenVPN TCP over 443 won't load https websites - how to fix?

Posted: Mon Apr 24, 2023 2:15 pm
by spartanjack
:arrow: Some additional logs:

Code: Select all

jack@jacksmbp ~ % curl -vvv http://google.com
*   Trying 142.251.167.102:80...
* Connected to google.com (142.251.167.102) port 80 (#0)
> GET / HTTP/1.1
> Host: google.com
> User-Agent: curl/7.87.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Location: http://www.google.com/
< Content-Type: text/html; charset=UTF-8
< Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-yQ1xhdWLnCxg7ytvSWsCbw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
< Date: Mon, 24 Apr 2023 14:18:50 GMT
< Expires: Wed, 24 May 2023 14:18:50 GMT
< Cache-Control: public, max-age=2592000
< Server: gws
< Content-Length: 219
< X-XSS-Protection: 0
< X-Frame-Options: SAMEORIGIN
< 
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
* Connection #0 to host google.com left intact
jack@jacksmbp ~ % curl -vvv https://google.com
*   Trying 142.251.167.102:443...
* Connected to google.com (142.251.167.102) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* [CONN-0-0][CF-SSL] (304) (OUT), TLS handshake, Client hello (1):
At this point it just hangs for minutes. I don't bother letting it finish.

Re: OpenVPN TCP over 443 won't load https websites - how to fix?

Posted: Thu Jul 20, 2023 12:00 pm
by nehakakar
you can try using a web proxy for accessing HTTPS websites while connected to OpenVPN. This can help bypass port conflicts and access websites that use port 443. You can verify individual URL on any online tool Such as https://redirectchecker.com/ and compare output for better understanding.