OpenVPN Failing Through Proxy


#1

Hi,

When I enable the Cloudflare proxy (i.e. orange network), I get the following error when trying to use OpenVPN

WARNING: Bad encapsulated packet length from peer (18516), which must be > 0 and <= 1626 – please ensure that --tun-mtu or --link-mtu is equal on both peers – this condition could also indicate a possible active attack on the TCP link – [Attempting restart…]

This works fine if I change the network to gray (i.e. bypass proxy). Any suggestions how to fix this?

Thanks!


#2

Can you post a screenshot of the error? Also that would mean you shouldnt be able to open any Cloudflare backed website. Is that the case?


#3

Hi,

The WARNING I posted above is the error message - this isn’t a web site, but rather a failure from the OpenVPN client … which is traffic over HTTPS, but somehow it’s getting “broken” through the proxy it seems?

Make sense?

Thanks!


#4

Not really. Are you trying to place an OpenVPN server behind Cloudflare and cant connect to it? If that is the case, I cant say if that is supported at all.

There is more at OpenVPN on Port 80/443


#5

Yes, server behind Cloudflare - because it’s just HTTPS (443) traffic, proxy should be fine … no?

I read that thread, but I admit - not sure exactly what it means … :-). Can’t tell if folks are saying this should work or not.

Thanks!


#6

Maybe @cscharff @cloonan @ryan can shed some light here.


#7

It’s traffic on port 443, but I don’t think it’s https traffic, it’s VPN traffic. You can run any service on any port at least theoretically but with our standard service Cloudflare only proxies http/s and websocket traffic. Proxying alternative protocols and ports is only available with our Spectrum product today.


#8

That makes sense, thanks! So for this, bypass the proxy, right?


#9

Correct for this host it needs ot be :grey: in the control panel.


#10

That makes sense, thanks for the help!