HSTS error accessing web portal

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
rokeeffe
OpenVpn Newbie
Posts: 17
Joined: Wed Apr 01, 2015 4:11 pm

HSTS error accessing web portal

Post by rokeeffe » Fri Jul 08, 2022 4:17 pm

Hi,

I've recently set up an OpenVPN AS server via the AWS marketplace. As per the docs I ran an

Code: Select all

apt-get update
and

Code: Select all

apt-get uprade
. I believe this upgraded the AS version to 2.11.0

I changed the Hostname of the server via the GUI and added a DNS entry for it, but when I try access it now I get:

Code: Select all

You cannot visit your.vpn.site right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.


My question is: Is HSTS now enforced server side? The FAQ here says no https://openvpn.net/vpn-server-resources/#faqs second question down.

Cheers!

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: HSTS error accessing web portal

Post by openvpn_inc » Fri Jul 08, 2022 4:25 pm

Hi rokeeffe,

Access Server doesn't do HSTS by itself. It can be added though with a custom HTTP header. But the domain you are using may be registered at the online HSTS preload list. Try using another domain that isn't registered for HSTS. Or accessing it by IP address only.

See also; https://hstspreload.org/

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

rokeeffe
OpenVpn Newbie
Posts: 17
Joined: Wed Apr 01, 2015 4:11 pm

Re: HSTS error accessing web portal

Post by rokeeffe » Mon Jul 11, 2022 10:22 am

openvpn_inc wrote:
Fri Jul 08, 2022 4:25 pm
may be registered at the online HSTS preload list.
Bingo, someone (who may not have been me) signed us up some time ago.

Thank you very much Johan.

Post Reply