cancel
Showing results for 
Search instead for 
Did you mean: 

Struggling with VPN

lhx
Newbie
Posts: 4
Registered: ‎30-10-2020

Struggling with VPN

Struggling to get help with using my plusnet mobile connection to connect with a my open vpn set up I have at home.

The VPN is running fine. I can connect to it with my old Three SIM, my work O2 SIM, but just not my plusnet SIM.

I've tried with plusnet customer support, but the people I have spoken to either don't understand me because they aren't technical, or make statements like 'I don't think we support that'. There doesn't seem to be an option to speak directly with anybody with any technical knowledge. (Which is a shame, becuase PN is selling a technical service)

Compounding the problem is that nobody ever seems to want to call back when they say they will.

My set up connects via UDP port 1194 - standard for open vpn.

I've seen on this forum that some people have found that plusnet's overzealous 'adult services filter' has been known to hobble VPN access - despite VPN use been a standard and non-'adult' internet function. Unfortunately, having this disabled does not seem to enable my access to home.

Another thing I tried - via the EE forum - was to set up a new APN with the same settings, but forcing IPv4 instead of allowing IPv4 and IPv6. This was not successful either.

Anybody got any ideas what may be at the root of my woes?

Cheers, 

Liam

8 REPLIES 8
MisterW
Superuser
Superuser
Posts: 15,092
Thanks: 5,736
Fixes: 409
Registered: ‎30-07-2007

Re: Struggling with VPN

I can connect to it with my old Three SIM, my work O2 SIM, but just not my plusnet SIM.

Does your Three & O2 Sim give you a routable public IP address ? The PlusNet sim won't , it uses CGNAT like many low cost mobile providers.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

lhx
Newbie
Posts: 4
Registered: ‎30-10-2020

Re: Struggling with VPN

Would CGNAT be more likely to be a problem if my problem was inbound traffic from the public internet to my mobile phone?

Surely if my phone can establish a connection outbound on port 80/443 (web browsing), it should be able to do so on 1194?

MisterW
Superuser
Superuser
Posts: 15,092
Thanks: 5,736
Fixes: 409
Registered: ‎30-07-2007

Re: Struggling with VPN

Yes it would definitely be a problem inbound. However, you are using UDP so there is no 'connection'  as there would be with TCP. Therefore I'm not sure that the Plusnet CGNAT can route the responses back to your mobile

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

lhx
Newbie
Posts: 4
Registered: ‎30-10-2020

Re: Struggling with VPN

The benefit of this being a VPN under my control is that I can play with the settings and see what works.

After your last post I thought I'd give it a go under TCP... and it will connect.

This is less than ideal, however. Am a bit sniffy about the potential for TCP meltdown. Will have to see what happens.

aesmith
Pro
Posts: 634
Thanks: 81
Fixes: 4
Registered: ‎26-09-2015

Re: Struggling with VPN


@MisterW wrote:

Yes it would definitely be a problem inbound. However, you are using UDP so there is no 'connection'  as there would be with TCP. Therefore I'm not sure that the Plusnet CGNAT can route the responses back to your mobile


Any half competent CGNAT (or indeed any other sort of NAT) can deal with UDP by matching the response to the request.  Other wise all sorts of thing wouldn't work, from simple DNS lookup to Voice over IP.

MisterW
Superuser
Superuser
Posts: 15,092
Thanks: 5,736
Fixes: 409
Registered: ‎30-07-2007

Re: Struggling with VPN

Agreed, a NAT implementation CAN cope with UDP by matching incoming traffic to outgoing traffic using IP & port. The question is do the mobile providers CGNAT implementations actually do it ? 

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

lhx
Newbie
Posts: 4
Registered: ‎30-10-2020

Re: Struggling with VPN

I found a very odd workaround that seems to work.... though I am not sure that it should.

VPN on UDP1194 flat out refuses to work, off the bat.

But while messing around with setting up alternative ports and protocols, I discovered that If I try to establish a tunnel on TCP 1195 (which won't work because it is not set up at my networks end), then cancel after a few seconds, followed by reconnecting on UDP 1194 it works.

To my mind this is nuts, but I can get access to my home network, so I can live with it.

aesmith
Pro
Posts: 634
Thanks: 81
Fixes: 4
Registered: ‎26-09-2015

Re: Struggling with VPN


@MisterW wrote:

Agreed, a NAT implementation CAN cope with UDP by matching incoming traffic to outgoing traffic using IP & port. The question is do the mobile providers CGNAT implementations actually do it ? 


If you can do a DNS lookup on that provider then yes.  Personally I'm running my home Internet full time over an LTE connection with CGNAT, and a pile of things would stop working if they didn't handle UDP.