OpenVPN Failing Through Proxy


When I enable the Cloudflare proxy (i.e. orange network), I get the following error when trying to use OpenVPN

WARNING: Bad encapsulated packet length from peer (18516), which must be > 0 and <= 1626 – please ensure that --tun-mtu or --link-mtu is equal on both peers – this condition could also indicate a possible active attack on the TCP link – [Attempting restart…]

This works fine if I change the network to gray (i.e. bypass proxy). Any suggestions how to fix this?


Can you post a screenshot of the error? Also that would mean you shouldnt be able to open any Cloudflare backed website. Is that the case?


The WARNING I posted above is the error message - this isn’t a web site, but rather a failure from the OpenVPN client … which is traffic over HTTPS, but somehow it’s getting “broken” through the proxy it seems?

Make sense?


Not really. Are you trying to place an OpenVPN server behind Cloudflare and cant connect to it? If that is the case, I cant say if that is supported at all.

There is more at OpenVPN on Port 80/443

1 Like

Yes, server behind Cloudflare - because it’s just HTTPS (443) traffic, proxy should be fine … no?

I read that thread, but I admit - not sure exactly what it means … :-). Can’t tell if folks are saying this should work or not.


Maybe @cs-cf @cloonan @ryan can shed some light here.

It’s traffic on port 443, but I don’t think it’s https traffic, it’s VPN traffic. You can run any service on any port at least theoretically but with our standard service Cloudflare only proxies http/s and websocket traffic. Proxying alternative protocols and ports is only available with our Spectrum product today.


That makes sense, thanks! So for this, bypass the proxy, right?

Correct for this host it needs ot be :grey: in the control panel.

1 Like

That makes sense, thanks for the help!

This topic was automatically closed after 14 days. New replies are no longer allowed.