Windows 10, Can only connect to VPN on TCP Ports 80, 443

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
RobertP61
OpenVpn Newbie
Posts: 10
Joined: Tue Mar 24, 2020 5:47 pm

Windows 10, Can only connect to VPN on TCP Ports 80, 443

Post by RobertP61 » Tue Mar 24, 2020 5:58 pm

Hi,

The following applies to the platform:

- Windows 10 Pro, Version 1909 (OS Build 18363.720)
- OpenVPN-Gui v11.14.0.0 (the s/w doesn't seem to be relevant)
- HP Probook 455 G3 (16 GB ddr3 RAM)

I am absolutely befuddled by the following problem and please note: I am not an expert, but not a novice either. Please note also that I have contacted Microsoft tech support, that of my IP provider and the VPN provider (NordVPN and now SurfShark) and none could figure this problem out.

So recently I decided to subscribe to a VPN service. I can connect under the following circumstances:

- openvpn-gui v11.14.0.0 from OpenVPN technologies
- connect (via config file) to any provider VPN server that accepts a TCP connection over PORTS 80 -or- 443

Anything else seems to be blocked; on the Microsoft Network Monitor I can see the Sync message going out from my computer - multiple times - and absolutely nothing comes back. This is for ports that include 1194, 1443, 7070, 7777, 8008, and 8080.

I have tried the "usual suspects", all to no avail:

- completely removing McAfee security;

- poking holes in Windows Firewall (ports, programs), as well as Windows antivirus

- trying (in Windows Firewall) to see what is so special about Ports 80 and 443; I do realize that these ports are the nominal ports for http and https respectively - I doubt this is a co-incidence.

- establishing a Windows manual VPN connection: it accepts the input, but then the device shows up as "Unavailable - device missing" in Network Connections in Ctrl Panel.

- ALL THE STEPS in https://windowsreport.com/vpn-blocked-windows-10/#2

Does anyone have any ideas ? I would at least like to know if it is even possible to do what I'm trying to do in Windows 10 !!

Thanks

Bob

User avatar
Pippin
Forum Team
Posts: 718
Joined: Wed Jul 01, 2015 8:03 am

Re: Windows 10, Can only connect to VPN on TCP Ports 80, 443

Post by Pippin » Tue Mar 24, 2020 6:15 pm

Are you on a company network?
Did you try from different locations?

RobertP61
OpenVpn Newbie
Posts: 10
Joined: Tue Mar 24, 2020 5:47 pm

Re: Windows 10, Can only connect to VPN on TCP Ports 80, 443

Post by RobertP61 » Wed Mar 25, 2020 12:06 pm

No, not company just home. Sorry forgot to include that in the platform : an Arris XB6 modem/router, provided by Rogers Ignite in Canada. It cannot be configured as a vpn itself, but does do port forwarding which I've also tried. Having said that : my iPhone has no such connection problems at home, so I'm assuming the router has nothing to do with it.

No to the 2nd question too - it's a laptop but I don't take it anywhere.

User avatar
Pippin
Forum Team
Posts: 718
Joined: Wed Jul 01, 2015 8:03 am

Re: Windows 10, Can only connect to VPN on TCP Ports 80, 443

Post by Pippin » Wed Mar 25, 2020 12:24 pm

You do not need a port forward on modem.
Did you try disabling the Windows firewall completely?

Also try your phones hotspot (wifi turned off) to test.

TiTex
OpenVPN Super User
Posts: 304
Joined: Tue Apr 12, 2011 6:22 am

Re: Windows 10, Can only connect to VPN on TCP Ports 80, 443

Post by TiTex » Wed Mar 25, 2020 3:03 pm

i had a similar issue with kaspersky total security , even after removing it some artifacts remained active in the windows registry which basically took over the firewalling, so the windows firewall was not used.

i had to download some removal tool from their site to fix the issue.
you can try reseting the windows firewall and/or network stack with netsh

RobertP61
OpenVpn Newbie
Posts: 10
Joined: Tue Mar 24, 2020 5:47 pm

Re: Windows 10, Can only connect to VPN on TCP Ports 80, 443

Post by RobertP61 » Thu Mar 26, 2020 1:08 pm

TiTex, I've tried turning off Windows Firewall, as well as completely removing McAfee.

Pippin, Not sure what you mean by try your phones hotspot (wifi turned off) to test. Btw can't configure my Windoze as a hotspot ~ maybe my adapter doesn't have that ability.

Thanks

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 6691
Joined: Fri Jun 03, 2016 1:17 pm

Re: Windows 10, Can only connect to VPN on TCP Ports 80, 443

Post by TinCanTech » Thu Mar 26, 2020 1:24 pm

Time to post some logs then ..

viewtopic.php?f=30&t=22603#p68963

User avatar
Pippin
Forum Team
Posts: 718
Joined: Wed Jul 01, 2015 8:03 am

Re: Windows 10, Can only connect to VPN on TCP Ports 80, 443

Post by Pippin » Thu Mar 26, 2020 2:09 pm

RobertP61 wrote:
Thu Mar 26, 2020 1:08 pm
Pippin, Not sure what you mean
On your phone, turn on 4G data, turn on hotspot.
Connect Windows to the phones hotspot.
On Windows start the VPN.

RobertP61
OpenVpn Newbie
Posts: 10
Joined: Tue Mar 24, 2020 5:47 pm

Re: Windows 10, Can only connect to VPN on TCP Ports 80, 443

Post by RobertP61 » Thu Mar 26, 2020 3:46 pm

TinCanTech wrote:
Thu Mar 26, 2020 1:24 pm
Time to post some logs then ..

viewtopic.php?f=30&t=22603#p68963
Windows info:
-----------------
Windows info

>ver
Microsoft Windows [Version 10.0.18363.720]

>ipconfig/all
Windows IP Configuration

Host Name . . . . . . . . . . . . : iGUB-PC-2
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : phub.net.cable.rogers.com

Unknown adapter OpenVPN Manual Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Surfshark Windows Adapter V9
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet 2:

Connection-specific DNS Suffix . : phub.net.cable.rogers.com
Description . . . . . . . . . . . : Realtek PCIe GbE Family Controller
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : x.x.x.x(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : March 26, 2020 9:26:23 AM
Lease Expires . . . . . . . . . . : April 2, 2020 9:26:23 AM
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DNS Servers . . . . . . . . . . . : 64.71.255.204
64.71.255.198
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wi-Fi:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : phub.net.cable.rogers.com
Description . . . . . . . . . . . : Realtek RTL8723BE 802.11 bgn Wi-Fi Adapter
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 23:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #15
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 24:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #16
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Client config file

client
dev tun
proto tcp
remote x.x.x.x 8080
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0

#dbg
verb 4

remote-cert-tls server

auth-user-pass

#comp-lzo
verb 3
pull
fast-io
cipher AES-256-CBC

auth SHA512

<ca>
-----BEGIN CERTIFICATE-----
..

client log file
Thu Mar 26 11:28:11 2020 OpenVPN 2.4.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 31 2019
Thu Mar 26 11:28:11 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Mar 26 11:28:11 2020 library versions: OpenSSL 1.1.0l 10 Sep 2019, LZO 2.10
Enter Management Password:
Thu Mar 26 11:28:11 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25363
Thu Mar 26 11:28:11 2020 Need hold release from management interface, waiting...
Thu Mar 26 11:28:11 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25363
Thu Mar 26 11:28:11 2020 MANAGEMENT: CMD 'state on'
Thu Mar 26 11:28:11 2020 MANAGEMENT: CMD 'log all on'
Thu Mar 26 11:28:11 2020 MANAGEMENT: CMD 'echo all on'
Thu Mar 26 11:28:11 2020 MANAGEMENT: CMD 'bytecount 5'
Thu Mar 26 11:28:11 2020 MANAGEMENT: CMD 'hold off'
Thu Mar 26 11:28:11 2020 MANAGEMENT: CMD 'hold release'
Thu Mar 26 11:28:15 2020 MANAGEMENT: CMD 'username "Auth" "xxxxxxxx"'
Thu Mar 26 11:28:15 2020 MANAGEMENT: CMD 'password [...]'
Thu Mar 26 11:28:15 2020 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Thu Mar 26 11:28:15 2020 NOTE: --fast-io is disabled since we are running on Windows
Thu Mar 26 11:28:15 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Mar 26 11:28:15 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Mar 26 11:28:15 2020 MANAGEMENT: >STATE:1585236495,RESOLVE,,,,,,
Thu Mar 26 11:28:15 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:8080
Thu Mar 26 11:28:15 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Mar 26 11:28:15 2020 Attempting to establish TCP connection with [AF_INET]x.x.x.x:8080 [nonblock]
Thu Mar 26 11:28:15 2020 MANAGEMENT: >STATE:1585236495,TCP_CONNECT,,,,,,
Thu Mar 26 11:30:15 2020 TCP: connect to [AF_INET]x.x.x.x:8080 failed: Unknown error
Thu Mar 26 11:30:15 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Thu Mar 26 11:30:15 2020 MANAGEMENT: >STATE:1585236615,RECONNECTING,init_instance,,,,,
Thu Mar 26 11:30:15 2020 Restart pause, 5 second(s)
Thu Mar 26 11:30:20 2020 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Thu Mar 26 11:30:20 2020 NOTE: --fast-io is disabled since we are running on Windows
Thu Mar 26 11:30:20 2020 MANAGEMENT: >STATE:1585236620,RESOLVE,,,,,,
Thu Mar 26 11:30:20 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:8080
Thu Mar 26 11:30:20 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Mar 26 11:30:20 2020 Attempting to establish TCP connection with [AF_INET]x.x.x.x:8080 [nonblock]
Thu Mar 26 11:30:20 2020 MANAGEMENT: >STATE:1585236620,TCP_CONNECT,,,,,,
Thu Mar 26 11:30:42 2020 SIGTERM[hard,init_instance] received, process exiting
Thu Mar 26 11:30:42 2020 MANAGEMENT: >STATE:1585236642,EXITING,init_instance,,,,,

RobertP61
OpenVpn Newbie
Posts: 10
Joined: Tue Mar 24, 2020 5:47 pm

Re: Windows 10, Can only connect to VPN on TCP Ports 80, 443

Post by RobertP61 » Thu Mar 26, 2020 4:06 pm

Pippin wrote:
Thu Mar 26, 2020 2:09 pm
RobertP61 wrote:
Thu Mar 26, 2020 1:08 pm
Pippin, Not sure what you mean
On your phone, turn on 4G data, turn on hotspot.
Connect Windows to the phones hotspot.
On Windows start the VPN.
I think the first 2 steps were enough - connected. Super slow though - 3.8Mbps both ways.
Thanks

RobertP61
OpenVpn Newbie
Posts: 10
Joined: Tue Mar 24, 2020 5:47 pm

Re: Windows 10, Can only connect to VPN on TCP Ports 80, 443

Post by RobertP61 » Thu Mar 26, 2020 4:47 pm

RobertP61 wrote:
Thu Mar 26, 2020 4:06 pm
Pippin wrote:
Thu Mar 26, 2020 2:09 pm
RobertP61 wrote:
Thu Mar 26, 2020 1:08 pm
Pippin, Not sure what you mean
On your phone, turn on 4G data, turn on hotspot.
Connect Windows to the phones hotspot.
On Windows start the VPN.
I think the first 2 steps were enough - connected. Super slow though - 3.8Mbps both ways.
Thanks
.. and it results in weird network behavior: started a Network capture, and the connection completely disappears from available conn. And then ethernet was slowed down to a crawl for a few minutes.

TiTex
OpenVPN Super User
Posts: 304
Joined: Tue Apr 12, 2011 6:22 am

Re: Windows 10, Can only connect to VPN on TCP Ports 80, 443

Post by TiTex » Fri Mar 27, 2020 2:50 pm


RobertP61
OpenVpn Newbie
Posts: 10
Joined: Tue Mar 24, 2020 5:47 pm

Re: Windows 10, Can only connect to VPN on TCP Ports 80, 443

Post by RobertP61 » Sun Mar 29, 2020 12:23 pm

Thanks TiTex, I really appreciate it, but I've gone that route before. And why wouldn't McAfee block the connections on ports 80 and 443 ?

RobertP61
OpenVpn Newbie
Posts: 10
Joined: Tue Mar 24, 2020 5:47 pm

Re: Windows 10, Can only connect to VPN on TCP Ports 80, 443

Post by RobertP61 » Sun Mar 29, 2020 4:25 pm

Additional information :

I had the Windows Event Viewer on, filtered to include only Windows Defender, Windows Firewall and Windows Remote Management events. My unsuccessful attempts resulted in exactly ZERO events; the successful one has the following Windows Firewall with Advanced Security events, in order of appearance:
- 1x event id 2010
- 4x event id 2041
- 1x event id 2002
- 7x event id 2041

It would seem that the unsuccessful attempts don't even "reach" the Firewall. Does this make sense - and would anyone know of (an)other service(s) I could monitor ?

Thanks

TiTex
OpenVPN Super User
Posts: 304
Joined: Tue Apr 12, 2011 6:22 am

Re: Windows 10, Can only connect to VPN on TCP Ports 80, 443

Post by TiTex » Sun Mar 29, 2020 8:37 pm

did you actually run to completion the mcpr tool ?
And why wouldn't McAfee block the connections on ports 80 and 443 ?
because mcafee might flag it as malicious traffic since it's not coming from an http client (ie. browsers)

check your deny firewall rules , as those take precedence over allow rules or undefined
other than that , i have no idea

Post Reply