OpenVPN TCP over 443 won't load https websites - how to fix?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 9
- Joined: Thu Feb 25, 2016 4:46 pm
OpenVPN TCP over 443 won't load https websites - how to fix?
Hi, I've identified the issue - that when connected to OpenVPN, and OpenVPN is configured to use TCP/443, I can't open any websites that are of that same port - that is, https:// , 443. All other websites (http://) open perfectly fine. I was hoping someone could help me find a solution for how to fix this.
Thanks!!
Thanks!!
-
- OpenVpn Newbie
- Posts: 18
- Joined: Fri Sep 12, 2014 3:29 pm
Re: OpenVPN TCP over 443 won't load https websites - how to fix?
Start by reading the Forum rules (above)dpw818 wrote:how to fix this
-
- OpenVpn Newbie
- Posts: 9
- Joined: Thu Feb 25, 2016 4:46 pm
Re: OpenVPN TCP over 443 won't load https websites - how to fix?
By way of background, all machines involved are Linux.
Hi, here is my OpenVPN server.conf.
Thanks for any help!!
Hi, here is my OpenVPN server.conf.
Code: Select all
local 192.168.0.10
dev tun0
proto tcp
port 443
ca /etc/openvpn/easy-rsa/keys/thisisok.crt
cert /etc/openvpn/easy-rsa/keys/thisisok.crt
key /etc/openvpn/easy-rsa/keys/thisisok.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 10.8.0.2
push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.0.30 255.255.255.0"
push "dhcp-option DNS 192.168.0.1"
push "redirect-gateway def1"
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/thisisok.key 0
cipher AES-256-CBC
keysize 256
comp-lzo
user thisisok
group thisisok
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 6
Code: Select all
Below is my firewall (which is what I have a feeling it is...):
# Flush all current rules from iptables
iptables -F
#
#
# Set access for localhost - necessary for many programs
iptables -A INPUT -i lo -j ACCEPT
#
#
# Accept packets belonging to established and related connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#
#
# Allow tcp port 443 and udp port 1194 (VPN)
#1194 is not actice in server.conf, but leave open for fun
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
#
#
# Allows VPN traffic to Forward
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
#
#
# Make and exception to 'iptables -P FORWARD DROP', allowing specifically 1194 or 443 connections to forward. Note that 192.168.0.10 could come with a port, i.e., 192.168.0.10:22 (or even a range of ports), allowing the VPN client to forward (access) only one port on the outbound. See http://www.thegeekstuff.com/2011/06/iptables-rules-examples/
#iptables -t nat -A PREROUTING -p udp --dport 1194 -j DNAT --to 192.168.0.10
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to 192.168.0.10
#
#
# Allows proper routing of VPN subnet
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
#iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 192.168.0.10
#
# Set default policies for INPUT, FORWARD and OUTPUT chains
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#
#
# Save settings
/sbin/service iptables save
#
#
# List rules, verbose
iptables -L -v
Thanks for any help!!
- disqualified
- OpenVPN User
- Posts: 40
- Joined: Fri Jun 03, 2016 7:13 pm
Re: OpenVPN TCP over 443 won't load https websites - how to fix?
OpenVPN requires only one iptables rule and then only if you cannot setup appropriate routing.
See this HOWTO:
HOWTO: Routing all client traffic (including web-traffic) through the VPN
See this HOWTO:
HOWTO: Routing all client traffic (including web-traffic) through the VPN
-
- OpenVpn Newbie
- Posts: 9
- Joined: Thu Feb 25, 2016 4:46 pm
Re: OpenVPN TCP over 443 won't load https websites - how to fix?
Thanks for the quick response. So to be clear, I can delete all my other iptables rules, including iptables -A INPUT -p tcp --dport 443 -j ACCEPT?
-
- OpenVpn Newbie
- Posts: 9
- Joined: Thu Feb 25, 2016 4:46 pm
Re: OpenVPN TCP over 443 won't load https websites - how to fix?
Hi, does anyone have any (non-trolling) ideas on how I could possibly solve this? Thanks a ton.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Wed Aug 29, 2018 3:47 pm
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: OpenVPN TCP over 443 won't load https websites - how to fix?
This is not true .. using port TCP:443 for your VPN has no effect on browsing the internet via your VPN.
Caveat: Encapsulating TCP packets within a TCP VPN packet does have problems ..
If you want a solution start here:
HOWTO: Request Help !
-
- OpenVpn Newbie
- Posts: 5
- Joined: Tue Feb 21, 2023 2:15 pm
Re: OpenVPN TCP over 443 won't load https websites - how to fix?
Same issue. Macbook pro. works but doesn't.
Code: Select all
curl -v http://website
Code: Select all
curl -v https://website
-
- OpenVpn Newbie
- Posts: 5
- Joined: Tue Feb 21, 2023 2:15 pm
Re: OpenVPN TCP over 443 won't load https websites - how to fix?
Some additional logs:
At this point it just hangs for minutes. I don't bother letting it finish.
Code: Select all
jack@jacksmbp ~ % curl -vvv http://google.com
* Trying 142.251.167.102:80...
* Connected to google.com (142.251.167.102) port 80 (#0)
> GET / HTTP/1.1
> Host: google.com
> User-Agent: curl/7.87.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Location: http://www.google.com/
< Content-Type: text/html; charset=UTF-8
< Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-yQ1xhdWLnCxg7ytvSWsCbw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
< Date: Mon, 24 Apr 2023 14:18:50 GMT
< Expires: Wed, 24 May 2023 14:18:50 GMT
< Cache-Control: public, max-age=2592000
< Server: gws
< Content-Length: 219
< X-XSS-Protection: 0
< X-Frame-Options: SAMEORIGIN
<
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
* Connection #0 to host google.com left intact
jack@jacksmbp ~ % curl -vvv https://google.com
* Trying 142.251.167.102:443...
* Connected to google.com (142.251.167.102) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
* CAfile: /etc/ssl/cert.pem
* CApath: none
* [CONN-0-0][CF-SSL] (304) (OUT), TLS handshake, Client hello (1):
-
- OpenVpn Newbie
- Posts: 11
- Joined: Tue Jul 11, 2023 1:29 pm
Re: OpenVPN TCP over 443 won't load https websites - how to fix?
you can try using a web proxy for accessing HTTPS websites while connected to OpenVPN. This can help bypass port conflicts and access websites that use port 443. You can verify individual URL on any online tool Such as https://redirectchecker.com/ and compare output for better understanding.