Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1688498 - Local HTTPS websites not opening via VPN
Summary: Local HTTPS websites not opening via VPN
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: openvpn
Version: 29
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: David Sommerseth
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2019-03-13 20:51 UTC by marek
Modified: 2019-03-14 17:13 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description marek 2019-03-13 20:51:09 UTC
Description of problem:
Can't open any local HTTPS webpage over VPN using Fedora 29 built-in VPN client. My system is fully updated. HTTP websites (local and Internet) over VPN are working properly. Other HTTPS websites are working properly when not using VPN. Please note that only *local* HTTPS websites are not working. By local I mean websites that are only available via VPN. Internet (not local) websites with HTTPS are working properly over VPN. I've got Windows 7 on the same PC and the same ISP and using Cisco AnyConnect everything works perfect. It seems that this is Fedora 29 bug and something in Fedora is blocking local HTTPS websites over VPN. I've tried using latest Firefox and Google Chrome browsers and they both report "Performing TLS handshake" and a time-out. When connected to VPN I can successfully do a PING in a Terminal to these not working HTTPS addresses.

Version-Release number of selected component (if applicable):
2.4.7 x86_64-redhat-linux-gnu

How reproducible:
Every time

Steps to Reproduce:
1. Create a VPN connection using Fedora 29 built-in options with default settings.
2. Specify remote address, username, group and user passwords in connection.
3. Connect to the VPN and try to open any local HTTPS webpage in Firefox or Google Chrome.

Actual results:
Browsers report "Performing a TLS handshake" or "Establishing secure connection" and then a time-out.

Expected results:
Local (VPN) websites should open over HTTPS on VPN.

Additional info:
I'm connecting to a remote Cisco ASA. My Internet connection is a standard 300 Mbps cable modem connection. No specific routing or firewall rules.

Comment 1 David Sommerseth 2019-03-14 17:13:41 UTC
I am completely confused here.

a) It works with "Cisco AnyConnect on Windows"
b) Only https sites affected
c) Ping works
d) Fedora 29 VPN connection with default built-in settings

What is lacking here, to avoid speculating:

- Configuration files of the client and preferably server side
- Log files from the VPN connection
- What kind of VPN server is used and which "VPN connection setup" is used in Fedora?
- When using ping ... which address was pinged?  And is it an IP address or a FQDN?
- Does the contents of /etc/resolv.conf match the expected values of pushed DNS settings?
- Have tcpdump been attempted?
- Have 'curl -v' been attempted against the failing web services?  What's the output?

Note You need to log in before you can comment on or make changes to this bug.