OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

HSTS error accessing web portal

https://forums.openvpn.net/viewtopic.php?t=34510

Page 1 of 1

HSTS error accessing web portal

Posted: Fri Jul 08, 2022 4:17 pm
by rokeeffe
Hi,

I've recently set up an OpenVPN AS server via the AWS marketplace. As per the docs I ran an

Code: Select all

apt-get update
and

Code: Select all

apt-get uprade
. I believe this upgraded the AS version to 2.11.0

I changed the Hostname of the server via the GUI and added a DNS entry for it, but when I try access it now I get:

Code: Select all

You cannot visit your.vpn.site right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.


My question is: Is HSTS now enforced server side? The FAQ here says no https://openvpn.net/vpn-server-resources/#faqs second question down.

Cheers!

Re: HSTS error accessing web portal

Posted: Fri Jul 08, 2022 4:25 pm
by openvpn_inc
Hi rokeeffe,

Access Server doesn't do HSTS by itself. It can be added though with a custom HTTP header. But the domain you are using may be registered at the online HSTS preload list. Try using another domain that isn't registered for HSTS. Or accessing it by IP address only.

See also; https://hstspreload.org/

Kind regards,
Johan

Re: HSTS error accessing web portal

Posted: Mon Jul 11, 2022 10:22 am
by rokeeffe
openvpn_inc wrote:
Fri Jul 08, 2022 4:25 pm
 may be registered at the online HSTS preload list.
Bingo, someone (who may not have been me) signed us up some time ago.

Thank you very much Johan.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/