Can anyone please recommend a UK mobile provider that offers a public IP address (and that allows incoming connections) as part of their pay-as-you-go data plan?
I use 3G dongles hanging out of branch office routers (Draytek 2800s) as a backup internet route as a contingency in the case of an ADSL line failure, and until now I thought this solution worked quite well. However towards the backend of last week the ADSL line of our main office went down (or more accurately BT decided to randomly disconnect it!) and it was only then did I discover the ‘standard’ provision from Vodafone (via their ‘public’ APN of “internet”) is a private (Vodafone) IP address that is NAT’d through their proxies – this obviously works fine for outgoing connections but not for incoming connections (ie. to our mail server from the outside world, employees accessing our intranet and webmail from home etc). Further investigations suggest such a configuration is common practise amongst mobile providers and with it seemingly being confirmed Vodafone at least do not offer any alternative provision (with the exception of either a ‘vpn only’ APN which gives you a public IP address but blocks outgoing internet routing on most non-vpn protocols).
I have seen it suggested that Three do give you a public IP address (conflicting reports suggest this to be as standard or by request f.o.c.), similarly maybe Orange too. Can anyone please confirm/deny? To clarify I do not require a static IP address, just a publically addressable IP address that accepts incoming connections (and thus not NAT’d nor proxied), and ideally as part of a PAYG / top-up style plan (as these would be unused for most of the year, hopefully..!).
Many thanks in advance,
Simon
Related
I'm trying to VPN using GPRS to several networks which I have access to but I can't seem to be able to VPN them with my PDA2K. I can VPN them easily with no special configuration with my XP.
My i-mate keeps trying "Connectioning XX VPN..." and then aborts after about half a minute saying to check the username and password. The username and password are correct.
I called my cellular provider and they said that I should be able to connect to a VPN only if 'UDP Encapsulation' is defined on the VPN server?!?!? Well.. What is this thing? I'm trying to connect to big corp VPN, they wouldn't even listen to 'special requests'. I tried to connect to 4 different VPNs and I could not connect to any single one of them!
I really need that VPN connection via GPRS with my PDA2K. Any help would be more than appreciated. Maybe a different client than the built in VPN client of the WM2003SE ?
Thanks in advance.
Sorci
anyone?
bump for help. this gotta be a common prob.
Your GPRS connection will be subject to some form of NAT (Network Adress Translation) through your provider. VPNs don't get along well with NAT as the firewall doing the address translation modifies the packet header after it has had it's hash value calculated by the client (in this case your PDA). The receiving firewall will reject the packet as the hash values for the (now modified) packet don't match.
UDP encapsulation gets around this by encapsulating the encrypted and authenticated (secure) packet in a UDP packet which will be happily modified by the NAT'ing firewall. The receiving firewall will decapsulate(is that even a word?) the UDP packet and process secure packet inside as normal.
James
Thanks a lot Jamz for the thorough detailed info. I appreciate it.
So what's the fix? I tried several other VPNs and was unable to access them as well.. I can't just call all these providers and make some strange requests for a 'one guy with a pda2k and a gprs connection' that wants them to change their VPNs, enabling or disabling protocols or port.
Any other solution?
sorci said:
Any other solution?
Click to expand...
Click to collapse
Are you sure you're using the built-in VPN client in Windows, and not something like a Cisco VPN client?
You could try something like the Movian VPN client (not sure this is still made). I've used this previously with a Cisco VPN and it is fully configurable to handle multiple VPN types.
I've got a similar problem. Am trying to set up a temporary GPRS connection into my work LAN (I work for myself but 2nd child due shortly so want to be able to connect in from home for a couple of weeks only). I've got MS Win2000 Server set up to accept incoming VPN connections and it works fine on a dial-up connection but refuses to authenticate my username/pasword whenever I try to get the GPRS working.
As it's only going to be used for a short period of time, I'm loathe to spend out on any specific hardware/software but if anyone's got any suggestions, I'd be grateful.
If it helps, the LAN is behind a Netgear DG834GT ADSL modem/router/firewall and VPN PPTP and IPSEC are allowing in and out on it. The server is on a static IP address in the range 192.168.99.x.
GPRS Connections and VPN
With O2 you have to aks for VON connectivity to be enabled and connect to vpn.o2.co.uk instead of mobile.o2.co.uk. (by the way you can't access the web whilst connected to the vpn.o2.co.uk AP)
I suspect that most providers have simalair requirements
Dave
Hi,
I have a little problem that I am sure there must be an easy solution to!
I have set up a VPN on my Universal to connect to work. The problem is that my work's VPN server allocates me an ip address in the 10.x.x.x address range. All servers that I need to access behind the VPN have addresses in this range as well. Unfortunately, my ISP (T-Mobile UK), also allocates an address in the same range. Therefore, whenever I try to acccess a server at work, WM5 suffers confusion since it doesn't know whether to route the message through the VPN or directly out to the internet through the cellular modem.
I have been able to verify that the VPN thing works if my work network was on a different network address since initially, I was unable to VPN into my PC at home for the reason described above. I changed the ip addresses of all machines on my home network and now everything works fine at home.
Unfortuantely, I am unlikely to convince the IT people at work to change the address of all their machines. Similarly, I don't think I will have much success with T-Mobile and so is there anything I can change at my end to avoid this problem?
Thanks in advance for any help.
Mark
Narrowing the ip address may help, eg 10.0.0.1 is different to 10.1.0.1.
are you using this over wifi or gprs? if the phone provider is involved, I assume its gprs.
you could try and esablish your ip address as fixed rather than part of the pool, so the it guys assign a range for remote connections as say 10.0.0.100 to 10.0.0.150 as remote dial in connections, thus giving you a separate number.
the best way though I would have thought is for you to a fixed ip address known to you and the servers, and then hard type the ip address as your vpn settings, then establish that ip address as part of the exceptions settings.
in order to use exceptions though you have to know the range, or the exact ip address you will be assigned, and must be different to your telco.
not much of a solution, just some suggested areas to look at.
cheers
s.
hi guys, just out of curiosity what software are you using for VPN? on my laptop my company has installed cisco vpn, does it need to be a cisco vpn for wm5?? :?
From bad to worse...
Thanks for the reply Simon.
Unfortunately, I just went to try out some of your ideas and discovered that I can't get the VPN to connect at all now. It used to connect OK but then have routing problems whenever I tried to access anything. And my home VPN worked perfectly. Now, I can connect to neither.
I simply switched over to an O2 sim and with minimal configuration changes could verify that my setup still works OK and so it must be something to do with T-Mobile blocking ports. They weren't blocked yesterday!!!
Yesterday I "upgraded" my GPRS account from T-Mobile's Web'N'Walk to Web'N'Walk Professional and now I find I have this problem. Is this just a coincidence, or could it be that the Pro version has more severe restrictions than the consumer version?
I have emailed Customer Services to see what they have to say.
I will post back when I get a reply from T-Mobile.
mstar, I am no VPN expert, but for me, using a Windows XP hosted PPTP VPN it works after a fashion (above problems excepted!). I am using the VPN client built into Windows Mobile 5. I think you stand a good chance of getting it working using the built-in client.
Mark
I simply switched over to an O2 sim and with minimal configuration changes could verify that my setup still works OK and so it must be something to do with T-Mobile blocking ports. They weren't blocked yesterday!!!
Click to expand...
Click to collapse
I've heard on the grapevine that T-mobile have explicitly refused certain types of traffic on the web-n-walk
VOIP is the biggy...
I was seriously thinking about getting signed up - but no point if IPSEC is a prob, as well as VOIP.
Not sure how they can tell it's Skype traffic :?
http://www.reghardware.co.uk/2006/05/09/t-mobile_bans_voip/
for more info
An Update
An update on my VPN problem. Yesterday after total failure to get the VPN to connect, I emailed T-Mobile customer services.
Although they have not replied, when I tried it this afternoon I found that it was working again as before even though it had not been working first thing this morining. Of course I have not changed anythng at my end to cause it to break and then start working again (but they all say that, don't they!).
So, I don't know whether this was just a momentary fault, or whether T-Mobile have changed something to re-enable the VPN ports for me. I can now VPN in to my home PC, but the problem connecting to my work VPN with the 10.x.x.x address remains.
So, Sikkutz, depending on the address of the remote network, you may or may not be able to get a VPN to work using T-Mobile's Web'N'Walk.
By the way, my VPNs both use Microsoft's PPTP and not IPSec and so there may be different issues with that protocol.
I have discovered that O2 provides a separate acccess point, vpn.o2.co.uk, that causes a public ip address to be allocated to the device, ie not on the 10.x.x.x network. It would seem that this is designed to address this very problem. Does anyone know if T-Mobile can provide something similar?
Mark
There must be a solution
Hi!
I have the same problem with my Qtek 9000 (VPA IV). I can connect to my VPN Gateway but the routing into LAN failed. I get a 10.x.x.x address from Vodafone Germany and my LAN uses 10.98.8.X. :-(
But there must be a solution! My previous Qtek 9010 (VPA III) had the same problem, but it was able to route between the 10.-networks after a firmware-upgrade to version 1.40.01! But I don't no why!
What was changed in firmware to enable routing???
Daniel
i have the same issue aswell, I am reluctant to change the IP range of my machines as that usually causes trouble for the servers
Any other ideas?
Thanks
maybe stupid thing, but did you guys try dna forwarding (that is what I use from home office, not on pda to be honest..
Maybe I just did not get your point....
What kind of VPN server do you use? I'am using a Cisco PIX and use a PPTP VPN almost everyday. I can use the 10.1.x.x network at the location the PIX is located (this PIX is directly connected to the 10.1.x.x network).
I can't however use any of the remote offices using 10.2/10.3.x.x etc.
This is becaus of the lack of routing abilities in the PPTP implementation.
With an IPSEC tunnel (additional software needed) the remote offices can be reached without any problems.
I know that some IP implementation disallow routing between a public address and any 10.x address. To solve this you could give your VPN clients an address from a 10.x subnet .
hi sorry been away awhile,
I use the routing and remote admin snapin of Windows server 2003 to manage my VPN, I can connect fine using the phone as a modem with my notebook but as soon as I try accessing any URL/resource on my network it fails, e.g. we have a intranet site on http://servername but it wont open this up.
Any Ideas?
Hi all,
I've been searching high and low for any help on using OpenVPN on my Rogers TyTN. Does anyone have experience with this? I cant connect via Wifi or GPRS and cannot seem to access my TAP device (never loads??).
Any help please!
Thanks.
Are you using the "basic" (standard?) GPRS/3G access point node (APN)? If you're connecting to internet.com, then you are and VPN apps (including the one built into WM) won't work. You need to call Rogers and up your data service to the "VPN" level. The APN for this is vpn.com. It will cost you $10 per month over and above what you're paying for data now.
Basically the difference is this: The internet.com APN is behind a NAT gateway (firewall). The IP address you get is a private address. Some ports (e.g. Port 47 needed for all VPN protocols) are blocked. The vpn.com APN is connected directly to the Internet and the IP address you get is a public Internet address. Lastly, no ports are blocked.
Hope this helps.
John
I'm attempting to use a Windows Mobile 6.1 device (HTC Diamond) for a temporary internet connection for my mail server while my broadband is down (BT cancelled my line in error and do not seem to be in any hurry to restore the service!). Initially I'm using the built-in ICS functionality..
While outgoing connections are fine I do not seem to be able to make in incoming connection. At first I thought this was due to ICS not port mapping incoming connections downstream (in a port forwarding DMZ manor) so I moved to the seemingly very good WMWiFiRouter tool and which is much more configurable in such ways, however still no joy. Further investigation using the useful website whatismyipaddress.com suggests that my connection is actually not a true connection but instead proxy'd (assumingly by Vodafone). Is this correct? If so, assumingly it is therefore impossible to make direct incoming IP connections (TCP or UDP) to devices on a mobile operators network (in my case Vodafone)?
All comments welcome!
Thanks, Simon
To reply / follow-up to my own post..
It seems this is due to a problem with Vodafone providing data connections with a private NAT’d IP address that is routed through their proxies for traffic optimization etc, and not the required (publically addressable) public IP address for incoming connections.
Please see my separate post on this wider issue: http://forum.xda-developers.com/showthread.php?t=478741
had a problem kinda like it trying to make a socket connection from 2 3 gprs devices
did'nt work unless both had static ip's which cost extre
but it worked ok if just one of them were not a 3 grps device
like a normal pc or a gprs device from another operator
Hi folks,
First post here, I've had my G2 (Hero) for nearly a week and think it's amazing, but I have encountered a problem.
My Hotmail sends and receives just fine whether I am connected by WiFi or 3G, but my pop3 email will send and receive if I'm on WiFi but it will only
receive if I'm out and about on 3G. It's a bloody nuisance and I can't
think of any reason that would be the case.
Has anyone else found this?
Cheers!
V.
It seems like the SMTP server that you're using is not accessible using the 3G network. ISPs commonly block access to their SMTP servers from other networks. E.g., if my regular ISP is ISPA (to which I connect using WiFi) and my mobile operator is ISPB (to which I connect using 3G), I cannot access ISPA's SMTP server when I am connected through ISPB and vice versa.
The most likely cause of your problem is that your POP provider's SMTP-server doesn't accept message relaying from the addresses your phone is assigned when connecting over the phone network. Many providers permit unauthenticated relaying from addresses in their own network. In that case, make sure that the outgoing server (SMTP) for your POP-account is configured with authentication (username/password). Encryption (TLS or SSL) is also recommended. If that isn't enough, contact your POP-provider and ask if they at least can enable global access to authenticated relaying over SSL (port 465) or authenticated SMTP relaying in general.
Ah, I wonder if this is what the girl in the T-Mobile shop was going on about when she asked if I wanted to pay another £5 a month for email? Perhaps they have, as you have suggested nerfed the email capability over 3G. That would be a proper nuisance, I've not had a network do that to me before
Seems a bit of a nerve to make you pay for unlimited internet/data and then charge extra for email!
Vormulac said:
Seems a bit of a nerve to make you pay for unlimited internet/data and then charge extra for email!
Click to expand...
Click to collapse
That's not the issue. Any half decent server administrator makes sure that his/her servers do not relay messages on behalf of the entire planet. However, when done properly the provider will have a system that allows relaying for authenticated clients, and will provide all the information their customers need to set up their clients accordingly.
If your POP mail provider, presumably your ISP, cannot supply authenticated SMTP access (check this first!), you have a few realistic options (I'm sure there are more!)
Buy access to an authenticated SMTP server (e.g. http://www.authsmtp.com/mobile/index.html) which will allow you to send email via SMTP regardless of how you are connected.
Use an intermediate email service like Gmail to collect your POP3 email and send replies via Gmail.
Your cellular provider will have their own SMTP gateway - you can change your email settings to use their SMTP gateway when connected via cellular data, but I guess you will have to do this manually every time you want to switch between cellular and WiFi.
Note that this isn't a fault with Hero or Android - it's your mail provider!
Regards,
Dave
My ISP is Blueyonder (well, Virgin now). I just think it's strange that they should be rejecting the smtp connection as I have set up these two pop3 accounts on every mobile I've had for the last 10 years and they've worked perfectly (a Siemens, a few Sony-Ericssons and a Nokia and that's on Virgin Mobile, Orange and 3 networks). It would be a shame if I was limited to using my Hotmail for everything from now on.
I'll drop Virgin customer services a line and see if there is some way they can do this magical authentication thing of which you speak.