Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 5 subscribers
  • Views 4413 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ssl vpn not working on port 443 when I connect from any other network , but on port 1194 works

lacta

Hello

 

I have setup ssl vpn on port 443. In the past had work but now it isn't working. When I connect from local network both port 443 and 1194 works. When I connect from data from my cellphone on port 443 doesn't  work, but if I connect on port 1194 works. I 've checked on two different phones.

 

Can anyone help me what's going on?

 

Thank you



This thread was automatically locked due to age.
  • 0

    Confused.  I do not know. how to confiigure two ports at once.   After changing the listen port, you need to download a configuration update from the portal.   Have you done this on your phones after each change?

  • 0

    Cell phones use IPv6 for cellular data.  If your UTM uses only IPv4, something has to do NAT translation.  This normally works well, bit perhaps it is creating problems this time

    Have you tried UDP 443?  This mimics the Google Chrome QzUIC and may be allowed through most firewalls.  I have recently learned that UDP for VPN is preferred for technical reasons.   TCP within TCP can get very confused when a packet is lost or out of order, if both layers trigger retransmits.

  • 0 in reply to DouglasFoster

    Yes Of course I download a configuration when I do a change from 443 to 1194 and opposite

  • 0 in reply to DouglasFoster

    It works on 443 udp. Can you explain me why in the past had work on 443 tcp and now it isn't working?

     

    443 UDP is ok? I mean some firewalls may block this port or not?

     

  • 0 in reply to lacta

    Uncertain.   Primarily, I worry about conflicts between User Portal and SSL VPN fighting for control of the same port.  Even if User Portal is turned off, does UTM have an inherent tendency to send traffic there?

    VPN over UDP has significant techical advantages,as I indicated.  For details, do a web search for "TCP meltdown".   Whether UDP works or not drpends on the firewalls used by your client devices.   But since

    UFP 443 is a performance feature (QUIC) used between the Chrome browser and Google websites, it is likely to be allowed.

    UTM implements  SSL VPN using OpenVPN software, but it does not provide automatic failover between UDP and TCP.  That feature is provided by the OpenVPN server.

    If you need more flexibility, you need another UTM or an OpenVPN server that is separate from UTM.

  • 0 in reply to DouglasFoster

       I read about "tcp meltdown". Thank you for infomartion I didn't know.

    I worried for UDP 443, It works fine but maybe some wifi airports,cafe, etc block udp 443.

     

    What do you think about that?

     

  • 0 in reply to lacta

    No way to know, and outside my experience.  That is why I suggested offering both.

  • 0 in reply to lacta

    Hi and welcome to the UTM Community!

    My guess is that you have a DNAT rule for HTTPS that captures the traffic before the SSL VPN server can see it - see #2 in Rulz.

    I prefer to use UDP 1443 fur the SSL VPN.  UDP 443 might be blocked in some places, but I doubt it since Google now uses it for QUIC.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML