HTTP(S) traffic blocked in (some) Windows 11 configurations

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Cursor42
OpenVpn Newbie
Posts: 5
Joined: Wed Nov 02, 2022 7:24 pm

HTTP(S) traffic blocked in (some) Windows 11 configurations

Post by Cursor42 » Wed Nov 02, 2022 8:28 pm

Hello,

I'm facing a strange problem that seems to be somehow related to my Windows 11 OpenVPN/network configuration:

Network setup is as follows:
- Remote opnSense firewall/router with current OpenVPN server installed
- Local AVM 'FritzBox' router using LAN and WLAN.
- Both remote and local networks use 192.168.0.x IPv4 addresses.
- Local computer (notebook with Windows 10) using (old) OpenVPN client (version 2.x)
- Local computer (notebook with Windows 11) using (new) OpenVPN Connect (version 3.3.6)
- VPN connection is using UDPv4.

Connecting my (old) Windows 10 notebook with an OpenVPN client version 2 and a configuration file generated by the opnSense appliance
has been working correctly for a long time and still works (!).

The same configuration file was imported on a new Windows 11 notebook into the current OpenVPN Connect V3 client and worked as expected - for a while.

Since last week, VPN connections show a strange behavior:
- Connection is established correctly according to the client (no error messages or warnings in the log).
- Some services may be accessed (e.g. SSH shell using port 22 or SMB file access to a NAS).
- Trying to access any remote machine's services based on HTTP or HTTPS does not work and 'blocks' infinitely.
- According to 'wget' the HTTP(S) requests are sent, but no answer is received.
- The problem occurs when connected via cable LAN and WLAN.

Another strange observation to note:
- When changing connection to a temporary WLAN provided by my mobile phone the VPN connection works!

I have no clue what causes this strange behavior. This is what I tried so far:
- Deinstalling antivirus software, changing to MS Defender, disabling antivirus software completely
- Disabling firewall completely
- Re-installing OpenVPN client V3
- Installing OpenVPN client V2 (same behavior)
- Using a 'guest' network for WLAN access (different from 192.168.0.x)

As far as I know I do not have any other applications installed that may conflict with the network setup.
The should be no IP address conflicts.

Does anyone have an idea? Any help would be appreciated.

Best regards,

Chris

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: HTTP(S) traffic blocked in (some) Windows 11 configurations

Post by Pippin » Wed Nov 02, 2022 8:39 pm

Hi,
Both remote and local networks use 192.168.0.x IPv4 addresses.
Please see here:
https://community.openvpn.net/openvpn/w ... gConflicts
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

Cursor42
OpenVpn Newbie
Posts: 5
Joined: Wed Nov 02, 2022 7:24 pm

Re: HTTP(S) traffic blocked in (some) Windows 11 configurations

Post by Cursor42 » Wed Nov 02, 2022 9:50 pm

Hi Halton,

thank you for your quick reply.

I don't think that this is a routing problem because
- I have control of the IP addresses of both remote and local subnets and I'm relatively sure that I have not produced any IP conflict.
- Hosts of the remote network can be reached in all scenarios (by IP and by name), even services may be used (but nothing related to HTTP/HTTPS on any port).
- Access over a different 'guest' network provided by the local router did not work, too.

Best regards,

Christian

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: HTTP(S) traffic blocked in (some) Windows 11 configurations

Post by Pippin » Wed Nov 02, 2022 10:56 pm

Ok,

Are you able to ping over vpn from the client to those remote machine's running http(s) with bigger packet sizes, like start at 1360 then 1370, 1380, etc.?

Also, packet capture on those affected machines to see http(s) traffic arrives or not.

PS
Wish I was Halton ;)
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

Cursor42
OpenVpn Newbie
Posts: 5
Joined: Wed Nov 02, 2022 7:24 pm

Re: HTTP(S) traffic blocked in (some) Windows 11 configurations

Post by Cursor42 » Thu Nov 03, 2022 7:27 am

Hi again,

ping to machines in the remote network does not work (even with default settings) - this also applies to the >>working<< scenario when I'm using a tethering/mobile phone hotspot.

MTU is 1500 for all adapters on the local machine.

I'll check the logs if I can see any requests reaching its destination on the remote machines. I'm not sure if I have the right tools to do packet capturing on the remote side.

Thanks,

Christian

Cursor42
OpenVpn Newbie
Posts: 5
Joined: Wed Nov 02, 2022 7:24 pm

Re: HTTP(S) traffic blocked in (some) Windows 11 configurations

Post by Cursor42 » Fri Nov 04, 2022 11:10 pm

Update:

HTTP(S) requests seam to reach their destination but no answer is returned.
I re-installed several software components (including VPN client and graphics driver) - no change.

I still have no idea what causes this behavior.

Does anyone have a clue?

Chris

Cursor42
OpenVpn Newbie
Posts: 5
Joined: Wed Nov 02, 2022 7:24 pm

Re: HTTP(S) traffic blocked in (some) Windows 11 configurations

Post by Cursor42 » Sun Nov 13, 2022 7:18 pm

Just to let you know:

I gave up figuring out what was causing this strange problem.

The solution was to switch to an alternate VPN client software (Viscocity) which is working as expected.

Best regards,

Chris

Post Reply