Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] Port 443/TCP OpenVPN Remote Access Works on Rogers Cable Internet (Canada)

    Scheduled Pinned Locked Moved OpenVPN
    14 Posts 4 Posters 3.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      guardian Rebel Alliance
      last edited by guardian

      I'm wondering if anyone who has Rogers Cable Internet has successfully used 443 for OpenVPN?

      If you find my post useful, please give it a thumbs up!
      pfSense 2.7.2-RELEASE

      G 1 Reply Last reply Reply Quote 0
      • G
        gjaltemba @guardian
        last edited by gjaltemba

        @guardian Openvpn client or/and server? Why do you ask?

        G 1 Reply Last reply Reply Quote 0
        • G
          guardian Rebel Alliance @gjaltemba
          last edited by

          @gjaltemba said in Canadian Users of Rogers Cable Internet - Port 443:

          @guardian Openvpn client or/and server? Why do you ask?

          Sorry-let me clarify - Server.
          It may be blocked because they don't want people running public web servers.

          Reason I ask is that when traveling a lot of public networks have very restrictive firewalls, but usually 443 TCP is Open so that people can bank and do other things that require https. Especially on a cruise ship where they charge by the minute, to be able to download email over a VPN, work offline and then upload replies back would make a huge difference. The traffic has to look like https.

          If you find my post useful, please give it a thumbs up!
          pfSense 2.7.2-RELEASE

          G 1 Reply Last reply Reply Quote 0
          • G
            gjaltemba @guardian
            last edited by

            @guardian Confirmed to work with UDP 443.

            G 1 Reply Last reply Reply Quote 1
            • G
              guardian Rebel Alliance @gjaltemba
              last edited by

              @gjaltemba said in Canadian Users of Rogers Cable Internet - Port 443:

              @guardian Confirmed to work with UDP 443.

              Thanks... have you tried TCP?

              If you find my post useful, please give it a thumbs up!
              pfSense 2.7.2-RELEASE

              G 1 Reply Last reply Reply Quote 0
              • G
                gjaltemba @guardian
                last edited by

                @guardian Will have to retest TCP 443 later. I only have the one connection now.

                G 1 Reply Last reply Reply Quote 1
                • G
                  guardian Rebel Alliance @gjaltemba
                  last edited by

                  @gjaltemba said in Canadian Users of Rogers Cable Internet - Port 443:

                  @guardian Will have to retest TCP 443 later. I only have the one connection now.

                  Thanks, It would be great if you could easily check it.

                  If you find my post useful, please give it a thumbs up!
                  pfSense 2.7.2-RELEASE

                  1 Reply Last reply Reply Quote 0
                  • JKnottJ
                    JKnott
                    last edited by

                    I'm on Rogers. I just went to www.grc.com and ran the Shields Up port scan and configured packet capture to watch port 443. I could see the packets in the capture. So, Rogers is not blocking port 443. In fact, I don't think they even block 80, as I experimented with creating a web site, a few years ago. I had no problem reaching it.

                    PfSense running on Qotom mini PC
                    i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                    UniFi AC-Lite access point

                    I haven't lost my mind. It's around here...somewhere...

                    G 1 Reply Last reply Reply Quote 1
                    • G
                      guardian Rebel Alliance @JKnott
                      last edited by guardian

                      Thanks @jknott! I did this too before posting this thread.

                      @jknott said in Canadian Users of Rogers Cable Internet - Port 443:

                      I'm on Rogers. I just went to www.grc.com and ran the Shields Up port scan and configured packet capture to watch port 443. I could see the packets in the capture. So, Rogers is not blocking port 443. In fact, I don't think they even block 80, as I experimented with creating a web site, a few years ago. I had no problem reaching it.

                      I'm still struggling to get my VPN server working again on 1194UDP after my certs expired and I upgraded my phone, and I wanted to see if anyone had successfully managed to run a remote access server on port 443. I don't need it very often, but when I'm traveling a lot of free WiFi can have some pretty restrictive firewalls. Port 443 https is now so common , so it's almost guaranteed to be open (at least for TCP) which is why I'm so eager to have it working. Unless the hardware is very simple or the firewall admin is ignorant or sloppy UDP would be blocked.

                      When I first set up an OpenVPN server (as a test about a year ago) I managed to get a working client/server on port 1194UDP. My remote client was on a cell phone, and I was connecting over the cell phone data network.

                      Then I created a profile for port 443TCP that ( as best as I can recall) would connect, and then immediately stop working. I don't know if this was because there was something wrong with my setup, or because of Rogers was doing some sort of packet inspection/blocking.

                      If you find my post useful, please give it a thumbs up!
                      pfSense 2.7.2-RELEASE

                      G 1 Reply Last reply Reply Quote 0
                      • G
                        gjaltemba @guardian
                        last edited by

                        @guardian Does the 443TCP profile include changes to pfsense firewall? What is in client and server log on failed condition?

                        G 1 Reply Last reply Reply Quote 1
                        • G
                          guardian Rebel Alliance @gjaltemba
                          last edited by

                          I can now confirm that it is possible to run an OpenVPN access server on port 443/TCP with rogers. I checked again, and the VPN is connecting. The problem was a routing/configuration problem. The VPN stayed up for a several minutes with no problem.

                          @gjaltemba said in Canadian Users of Rogers Cable Internet - Port 443:

                          @guardian Does the 443TCP profile include changes to pfsense firewall? What is in client and server log on failed condition?

                          If you find my post useful, please give it a thumbs up!
                          pfSense 2.7.2-RELEASE

                          1 Reply Last reply Reply Quote 0
                          • DerelictD
                            Derelict LAYER 8 Netgate
                            last edited by

                            Packet capture on WAN for the interesting traffic. If it arrives on WAN, it is not the ISP.

                            Chattanooga, Tennessee, USA
                            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                            Do Not Chat For Help! NO_WAN_EGRESS(TM)

                            G 1 Reply Last reply Reply Quote 0
                            • G
                              guardian Rebel Alliance @Derelict
                              last edited by

                              @derelict said in Canadian Users of Rogers Cable Internet - Port 443:

                              Packet capture on WAN for the interesting traffic. If it arrives on WAN, it is not the ISP.

                              @derelict can you please expand on this as I'm not sure what you are saying? Are you saying that a packet capture will reveal a lot of hacker activity and leakage from poorly configured users on the cable link?

                              @derelict are you on Rogers cable?

                              If you find my post useful, please give it a thumbs up!
                              pfSense 2.7.2-RELEASE

                              1 Reply Last reply Reply Quote 0
                              • DerelictD
                                Derelict LAYER 8 Netgate
                                last edited by

                                No. I do not have Rogers.

                                If you packet capture on WAN for port 443, attempt a connection, and it arrives, the ISP isn't filtering it. If it doesn't arrive they are or someone else is.

                                Chattanooga, Tennessee, USA
                                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.