[SOLVED] Port 443/TCP OpenVPN Remote Access Works on Rogers Cable Internet (Canada)
-
I'm wondering if anyone who has Rogers Cable Internet has successfully used 443 for OpenVPN?
-
@guardian Openvpn client or/and server? Why do you ask?
-
@gjaltemba said in Canadian Users of Rogers Cable Internet - Port 443:
@guardian Openvpn client or/and server? Why do you ask?
Sorry-let me clarify - Server.
It may be blocked because they don't want people running public web servers.Reason I ask is that when traveling a lot of public networks have very restrictive firewalls, but usually 443 TCP is Open so that people can bank and do other things that require https. Especially on a cruise ship where they charge by the minute, to be able to download email over a VPN, work offline and then upload replies back would make a huge difference. The traffic has to look like https.
-
@guardian Confirmed to work with UDP 443.
-
@gjaltemba said in Canadian Users of Rogers Cable Internet - Port 443:
@guardian Confirmed to work with UDP 443.
Thanks... have you tried TCP?
-
@guardian Will have to retest TCP 443 later. I only have the one connection now.
-
@gjaltemba said in Canadian Users of Rogers Cable Internet - Port 443:
@guardian Will have to retest TCP 443 later. I only have the one connection now.
Thanks, It would be great if you could easily check it.
-
I'm on Rogers. I just went to www.grc.com and ran the Shields Up port scan and configured packet capture to watch port 443. I could see the packets in the capture. So, Rogers is not blocking port 443. In fact, I don't think they even block 80, as I experimented with creating a web site, a few years ago. I had no problem reaching it.
-
Thanks @jknott! I did this too before posting this thread.
@jknott said in Canadian Users of Rogers Cable Internet - Port 443:
I'm on Rogers. I just went to www.grc.com and ran the Shields Up port scan and configured packet capture to watch port 443. I could see the packets in the capture. So, Rogers is not blocking port 443. In fact, I don't think they even block 80, as I experimented with creating a web site, a few years ago. I had no problem reaching it.
I'm still struggling to get my VPN server working again on 1194UDP after my certs expired and I upgraded my phone, and I wanted to see if anyone had successfully managed to run a remote access server on port 443. I don't need it very often, but when I'm traveling a lot of free WiFi can have some pretty restrictive firewalls. Port 443 https is now so common , so it's almost guaranteed to be open (at least for TCP) which is why I'm so eager to have it working. Unless the hardware is very simple or the firewall admin is ignorant or sloppy UDP would be blocked.
When I first set up an OpenVPN server (as a test about a year ago) I managed to get a working client/server on port 1194UDP. My remote client was on a cell phone, and I was connecting over the cell phone data network.
Then I created a profile for port 443TCP that ( as best as I can recall) would connect, and then immediately stop working. I don't know if this was because there was something wrong with my setup, or because of Rogers was doing some sort of packet inspection/blocking.
-
@guardian Does the 443TCP profile include changes to pfsense firewall? What is in client and server log on failed condition?
-
I can now confirm that it is possible to run an OpenVPN access server on port 443/TCP with rogers. I checked again, and the VPN is connecting. The problem was a routing/configuration problem. The VPN stayed up for a several minutes with no problem.
@gjaltemba said in Canadian Users of Rogers Cable Internet - Port 443:
@guardian Does the 443TCP profile include changes to pfsense firewall? What is in client and server log on failed condition?
-
Packet capture on WAN for the interesting traffic. If it arrives on WAN, it is not the ISP.
-
@derelict said in Canadian Users of Rogers Cable Internet - Port 443:
Packet capture on WAN for the interesting traffic. If it arrives on WAN, it is not the ISP.
@derelict can you please expand on this as I'm not sure what you are saying? Are you saying that a packet capture will reveal a lot of hacker activity and leakage from poorly configured users on the cable link?
@derelict are you on Rogers cable?
-
No. I do not have Rogers.
If you packet capture on WAN for port 443, attempt a connection, and it arrives, the ISP isn't filtering it. If it doesn't arrive they are or someone else is.
