Topic: Can't access HTTPS (ssl) sites over celluar

The content of this topic has been archived on 25 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Page 1 of 1

Post #1

supergeen

10 Nov 2017, 22:42

Hey everyone,

My goal is to use Cellular as a back up access point. I am close, but I can't access HTTPS websites over cellular, only HTTP. For example, I can access "http://example.com", but not "https://example.com". When I try to access HTTPS websites, I receive this error from my chrome borwser: "ERR_ADDRESS_UNREACHABLE". I don't think it's a DNS issue, since I can access http sites using their hostnames.

Using an ethernet connection, I have no issues accessing HTTPS settings.

As a side note, I am able to make HTTPS requests when I use libcurl library with some C code. Curl accepts arguments such as certificate directory. So maybe OpenWrt is not using the certificate directory?

Anyway, here is the output form cell section from "ifconfig" and network config file. Any help would be greatly appreciated as I have been stuck on this issue for a day.

root@device:~# ifconfig
3g-cell   Link encap:Point-to-Point Protocol  
          inet addr:10.53.207.247  P-t-P:10.53.207.247  Mask:255.255.255.255
          inet6 addr: fe80::bd8a:e375:de9d:bb29/10 Scope:Link
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:1851 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2472 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:907267 (886.0 KiB)  TX bytes:457912 (447.1 KiB)


config interface 'cell'
    option ifname 'ppp0'
    option proto '3g'
    option device '/dev/ttyACM0'
    option service 'umts'
    option metric '60'

Post #2

supergeen

11 Nov 2017, 01:02

I have tried setting iptable rules:

iptables -A INPUT -p tcp -m tcp --sport 443 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT

with no luck. Has anyone encountered a similar issue? maybe not with cellular in particular, just in general? I am starting to lose hope, even though I suspect this is a simple fix.

Post #3

WWTK

11 Nov 2017, 02:37

Maybe try disabling the firewall as a test to see if indeed that is where your issue lies?

Post #4

augustus_meyer

11 Nov 2017, 08:13

disable firewall. but keep MASQUERADE in PREROUTING.

(Last edited by augustus_meyer on 11 Nov 2017, 08:13)

Post #5

hnyman

11 Nov 2017, 08:57

You seem to mix things.
Openwrt does not need any certificates for just routing https traffic as it does not care about the packet contents.

Your firewall rules in OUTPUT concerns traffic originating from the router itself. Like the libcurl usage
Similarly INPUT is about traffic for the router itself.
FORWARD would be the iptables chain for traffic from a PC via router to somewhere. Like using browser in PC.

You have possibly not set the cell interface to wan zone in firewall. Or otherwise set the basic forwarding rules. But strange if http works but https does not.

Do you have any special settings in firewall? And no http proxy?

The discussion might have continued from here.

Page 1 of 1