Am I the only one with this issue?

**docque** · 06-16-2022, 03:36 PM

Ok, time to nerd out and I hope someone can assist.

My setup. Laptop running two VMs. One is my development environment, the other is an Oracle database. The development environment uses a VPN to connect to Linode servers that contains our ticketing system, test Oracle database, etc.

Now for the issue. I have my phone as a hotspot carrier doesn't matter, it is a hotspot. I can ping, ssh and sftp the servers. But I cannot browse to them. Get more nerdy here I can "curl" to the http side but I get no response if I do the https side.

It looks like a hotspot is out of the question or I am missing something. Congratulations if you made it to the end. I am hoping there are other nerds like me out there.

**Soundsailor** · 06-16-2022, 03:38 PM

Originally Posted by docque

Ok, time to nerd out and I hope someone can assist.

My setup. Laptop running two VMs. One is my development environment, the other is an Oracle database. The development environment uses a VPN to connect to Linode servers that contains our ticketing system, test Oracle database, etc.

Now for the issue. I have my phone as a hotspot carrier doesn't matter, it is a hotspot. I can ping, ssh and sftp the servers. But I cannot browse to them. Get more nerdy here I can "curl" to the http side but I get no response if I do the https side.

It looks like a hotspot is out of the question or I am missing something. Congratulations if you made it to the end. I am hoping there are other nerds like me out there.

Could it be that your provider is blocking certain ports on the hot spot?

**MoonShadow_1911** · 06-16-2022, 03:51 PM

Originally Posted by docque

Ok, time to nerd out and I hope someone can assist.

My setup. Laptop running two VMs. One is my development environment, the other is an Oracle database. The development environment uses a VPN to connect to Linode servers that contains our ticketing system, test Oracle database, etc.

Now for the issue. I have my phone as a hotspot carrier doesn't matter, it is a hotspot. I can ping, ssh and sftp the servers. But I cannot browse to them. Get more nerdy here I can "curl" to the http side but I get no response if I do the https side.

It looks like a hotspot is out of the question or I am missing something. Congratulations if you made it to the end. I am hoping there are other nerds like me out there.

For all of this, I'm assuming that you havea little more than a base knowledge of networking and computers.

First thing to try: check to see if you are getting a private IP address, if so configure your adapters to do IPv6 and disable IPv4. If that doesn't work, or the VPN is configured for IPv4 only, then see if you can ssh to port 80. The ssh connection should fail with a connection refused message.

Second fire up Wire Shark (you will have to filter the crap out of the log) and trace the connection to see where it is failing. If it's failing in the send side then it's probably the hotspot blocking something, or striping packets (which usually only the high end firewalls, or pfSense, will do). If it's in the ack side, it your not receiving and ack, then the hotspot is blocking things.

To try to resolve this, see if the hotspot can be put into bridge mode (most won't do this); bridge mode will bypass the hotspot firewall.

Second, turn off the hotspot firewall.

Third, put your source system into the DMZ of the hotspot.

Fourth, get a new hotspot. [emoji16]

Sent from my SM-N986U using Tapatalk

**docque** · 06-16-2022, 04:32 PM

Originally Posted by MoonShadow_1911

For all of this, I'm assuming that you havea little more than a base knowledge of networking and computers.

First thing to try: check to see if you are getting a private IP address, if so configure your adapters to do IPv6 and disable IPv4. If that doesn't work, or the VPN is configured for IPv4 only, then see if you can ssh to port 80. The ssh connection should fail with a connection refused message.

Second fire up Wire Shark (you will have to filter the crap out of the log) and trace the connection to see where it is failing. If it's failing in the send side then it's probably the hotspot blocking something, or striping packets (which usually only the high end firewalls, or pfSense, will do). If it's in the ack side, it your not receiving and ack, then the hotspot is blocking things.

To try to resolve this, see if the hotspot can be put into bridge mode (most won't do this); bridge mode will bypass the hotspot firewall.

Second, turn off the hotspot firewall.

Third, put your source system into the DMZ of the hotspot.

Fourth, get a new hotspot. [emoji16]

Sent from my SM-N986U using Tapatalk

It has to be the port that is getting blocked. This is a phone hotspot so it is not that robust. Because I can do everything (ssh, sftp, etc) i just can't do https

**MoonShadow_1911** · 06-16-2022, 04:39 PM

Originally Posted by docque

It has to be the port that is getting blocked. This is a phone hotspot so it is not that robust. Because I can do everything (ssh, sftp, etc) i just can't do https

Ah, it's a phone. It might be blocked by your provider. Can you visit the site on the phone? If so, then your provider thinks you are tethering the phone to get past the data caps.

Sent from my SM-N986U using Tapatalk

**uwskier** · 06-16-2022, 04:55 PM

If your VPN is terminating on your dev VM, that VM should be able to access the remote servers. The hotspot can't block ports inside the VPN because your traffic is actually encrypted inside a UDP tunnel that's all using the same src/dst port pair. There has to be something else going on here. What happens if you take the laptop to a Starbucks and try the same test?

Are you trying to hit it via IP address directly or is there DNS involved?

**docque** · 06-16-2022, 04:59 PM

Originally Posted by uwskier

If your VPN is terminating on your dev VM, that VM should be able to access the remote servers. The hotspot can't block ports inside the VPN because your traffic is actually encrypted inside a UDP tunnel that's all using the same src/dst port pair. There has to be something else going on here. What happens if you take the laptop to a Starbucks and try the same test?

Are you trying to hit it via IP address directly or is there DNS involved?

DNS is involved and it can resolve it, I can ping the servers by name. Just no https.

**uwskier** · 06-16-2022, 05:05 PM

does the HTTPS connection typically redirect you to a captive portal/login page or something that would require you to be on a domain that may not be open to VPN clients?

**uwskier** · 06-16-2022, 05:07 PM

I would still be interested to see if this setup works on non-hotspot wifi also like if you are at an RV park with decent wifi, or a Starbucks or something. How do you have the VM networking configured? Is it bridged or NATted?

**docque** · 06-16-2022, 05:14 PM

Originally Posted by uwskier

I would still be interested to see if this setup works on non-hotspot wifi also like if you are at an RV park with decent wifi, or a Starbucks or something. How do you have the VM networking configured? Is it bridged or NATted?

Ok, I can do more explaining. This setup I have works 100% at home. No issues at all. I actually set up a nano router (for the RV) to connect to the Hotspot so I could have certain IP addresses (this is needed for the app server to communicate with the database). So my configuration works great until I try to use the hotspot on my phone. I already know the phone hotspot is not great.

I am hoping that a true hotspot will solve these issues since it is more robust but I am not holding my breath.

Overall, this setup works great except when I am connected to the hotspot.