Operating 1Password in an restricted environment (only ports 443 and 80 open)

boboAgile

The 1Password client on Windows cannot connect to the 1password.com backend in my environment / network. I'm restricted to TCP ports 80 and 443 only. Can I get 1Password to run in this scenario?

Best Regards, Boris

P.S. I saw that 1Password client is using lots of TCP ports - why?

---

1Password Version: 6.7.457
Extension Version: Not Provided
OS Version: Windows 7
Sync Type: 1Password.com
Referrer: forum-search:ports

bundtkate

@boboAgile: 1Password uses port 443 (HTTPS) for communicating with our 1Password.com service, in addition to our Watchtower and Rich Icon services. We may also use port 80/443 for checking updates and crash report submission via Microsoft's HockeyApp service.

If you have Native Messaging disabled, 1Password may use up to 10 localhost ports for the connection between the main 1Password program and 1Password extension in your browser. Enabling native messaging (Settings > Options > Advanced) will prevent 1Password from using these localhost ports.

If you're having trouble connecting to 1Password.com, it's more likely something other than your network configuration. Do you use a proxy or a PAC file by chance?

As for using "lots of TCP ports," as I mentioned 443 (and sometimes 80) should be it. Could you share some additional detail about the other ports you see 1Password using? You should be able to use 1Password in this environment, but it sounds like we still have a configuration issue to track down somewhere, so this may give us some clues.

Thanks! :chuffed:

boboAgile

Hi, yes there is a proxy in place. Windows gets its proxy configuration from a pac file I think. I thought 1Pw would use the proxy config of the OS.

Regarding the ports: I did not observe this myself but took it from your own documentation: https://support.1password.com/firewall-proxy/

MikeT

Hi @boboAgile,

Unfortunately, PAC files are not supported yet. Windows does not have a system proxy like macOS does, each app has to manually handle it. The good news is that we're working on supporting this in the next stable update. Would you be willing to try a private build to help us confirm if we're on the right track? If yes, is your email address in your forum profile up to date and may we contact you there?

What you saw in that support article is the ten localhost ports (local only, not outgoing) that allows 1Password extension to try via WebSockets to find an open port to connect to the local 1Password Helper process. Some extensions use localhost as well, so in order to have a smooth experience, 1Password does a round-robin check of ten ports. Sometime the first port doesn't open right away, so it connects better on the second port. This will not be used anymore as we'll phase out WebSockets completely soon.

boboAgile

Yes, please contact me via e-mail.

bundtkate

@boboAgile: Thanks for being willing to lend a hand in testing things! It's always a great help when folks are willing to give new features a test drive out in the real world. It's much appreciated and you should hear from @MikeT soon. :chuffed: