apeface
join:2000-09-16
Mckinney, TX
 ·AT&T U-Verse
| reply to x51
Re: Uverse DSL With Static IPS WORST ISP EVER!
Another engineer, lulz.
I have the static IP package, a Cisco 878, a couple VLANS set up, and the 2 vpn's I have set up run fine. My wife is running a nice little web server I build for her as well. That also works fine. Only issues I have run into was with a wireless camera.
Maybe you should take a little less time acting like a know it all and little more time doing some research you might come out ahead.
I would offer suggestions, but I would be one of those "9 year old with head trauma" you mention an tend not to want to help people who insult me. |
|
mhetterm
join:2001-11-01
Altadena, CA
·AT&T U-Verse
| Likewise, another engineer here (electrical, but one of my hats at work is managing our IT - the joys of a startup!)
I have uverse at home and my ipsec vpn tunnel to work stays up fine 24/7, softphone/web/ssh/all other traffic through the tunnel is fine, no complaints! I agree the 3800hg UI is a bit fisher-price, but I just put a business-grade router in DMZplus and everything is fine.
Asking for solutions is quite a bit more productive than just ranting ... |
|
bclbob
join:2000-06-23
Oak Park, IL
clubs:
| I'm glad the DMZplus mode is working for you, but it isn't working for me. And the DMZplus mode doesnt pass ICMP traffic. And the 2wire is still firewalling and proxying, so you're limited to what the 2wire can proxy (1024 connections?)
I've already proposed a solution, let us use third party modems - I'm fine with the tech support starting:
1) are you using the U-Verse RG? No? Ok use that, if its still a problem call us back. |
|
djrobx
join:2000-05-31
Valencia, CA
 ·PHONE POWER
·AT&T U-Verse
·AT&T CallVantage
·Time Warner VOIP
 ·RoadRunner Cable
| reply to mhetterm
quote:
I have uverse at home and my ipsec vpn tunnel to work stays up fine 24/7, softphone/web/ssh/all other traffic through the tunnel is fine, no complaints!
What ipsec VPN are you using, and what was your secret? I could not for the life of me get Ipsec working through DMZPlus. Tried both OpenSwan and PFSense. It always died at phase 2. I've set it up dozens of times with a regular bridged connection and never had a problem.
--
AT&T U-Hearse
Your funeral. Delivered.
|
|
mhetterm
join:2001-11-01
Altadena, CA
·AT&T U-Verse
| @djrobx - I have a Netgear FVS336G on either end (doing router-to-router ipsec) - I didn't change the setup from when I had plain old AT&T dsl - just put the router in DMZplus and it worked ...
@bclbob - I agree the ICMP issue is there, but in reality, it's kind-of a non-issue - do you _really_ need to tracert all the way into your home network? I still hope they fix it, though. Re: 2wire proxy - I haven't run into any problems yet (3 weeks with this setup). |
|
ozzy6900
join:2005-01-11
West Haven, CT
·AT&T U-Verse
| reply to bclbob
said by bclbob  :I've already proposed a solution, let us use third party modems - I'm fine with the tech support starting: Seeing as how Uverse TV is proprietary, it is doubtful that you will see 3rd party modems for quite a while. They will have to decode the TV signal and VoIP in addition to the VDSL. Just the VoIP alone is enough to scare the hell out of many of the manufacturers because they realize that the modem has to act like a Central Office to the telephones that stand behind it. Most people don't understand this. There is a lot more to the RG than just the Internet access. |
|
bclbob
join:2000-06-23
Oak Park, IL
clubs:
| said by ozzy6900 : There is a lot more to the RG than just the Internet access. Not to me since U-Verse Small Business is internet only. |
|
x51
join:2009-05-27
Stratford, CT
| reply to apeface
said by x51 :Their static IP offerings must have been planned out by a bunch of 9 year olds with head trauma. said by apeface :I would offer suggestions, but I would be one of those "9 year old with head trauma" you mention an tend not to want to help people who insult me. So you are an engineer who helped plan out the current service from Uverse?
If not then the comment was obviously not directed at you, and I would welcome and sincerely appreciate any suggestions you may have.
If you ARE an engineer who helped plan out this setup, then I’m sorry I ruffled your feathers and welcome you to prove me wrong. If it would make you feel better to take a hostile tone and belittle me back while doing so… that would be fine too. I’d welcome the smackdown if it would get my network working the way I’d like it.
said by apeface :I have the static IP package, a Cisco 878, a couple VLANS set up, and the 2 vpn's I have set up run fine. My wife is running a nice little web server I build for her as well. That also works fine. Only issues I have run into was with a wireless camera. I know it was a long rant, and you probably didn’t read it thoroughly.. or maybe I just didn’t explain well… Sure I can give my Cisco firewall a public IP. I can make my VPNS work that way.. I can add all the vlans I’d like to the private network but the gateway cant be setup to VLAN. I cant have the private side of it in one VLAN and the Public side in another VLAN. I’d have to do all kinds of silly routing that I should not have to do to make it happen. The only way to get my webserver on it’s own public IP is to expose it to the 2wire and put the public directly on the server. I can’t put it behind the Cisco firewall and maintain its Public IP using NAT. I would have to setup a webserver with a public IP and add a second network card with a private IP, then setup the Cisco with a public IP, then add routes to the webserver to go out the Private network card and hit the Cisco on the inside interface to use the VPN.
All the things CAN be done, but in a convoluted roundabout ridiculous way. I think that’s a pretty poor setup to have to work around the gateway like that. If you have another solution I’d welcome the input. I’m thoroughly interested on how you have all your stuff configured.
said by apeface :Maybe you should take a little less time acting like a know it all and little more time doing some research you might come out ahead. Hrm.. Good point… Tell me if this is enough research…
(All this stuff below is a seriously condensed version of my research)
Day 1: Tech who came out was useless.. never heard of static IPs. Spent an hour setting it up myself. got it to work but ran into the issues I mentioned, figured I must be missing something. Called Support, took my info and dropped me in the transfer never called back. I Called back, finally got a level 3 tech. didn’t know anything about statics, sent me to the static IP department, Spoke to them. They transferred me to another level 3 tech who didn’t know anything about statics and asked why they would transfer me to him.. like I would know. He sent me to someone else. They explained how to configure the static IPS. I let them talk, and it was just what I had already setup. I asked how to NAT them so I could use private IPs on my servers.. they said I couldn’t use NAT. I asked how I would talk to my printers and such… silence… then “I don’t know”. I asked would I have to have two network cards.. the reply was “I guess”. That was it… all that took almost 3 hours. I did some research online. Found bunches of people with the same issues.. no real solutions. I could ask the same question, in the same forum, and get the same non-answers… I still must be missing something. I called back, Got another tech. Asked to be escalated to Level 2. Spoke to a level 2 tech who was more knowledgeable, but confirmed everything the first tech had. You can’t NAT, and You must use Public IPs on your equipment. I called customer service to switch back to my old ADSL. They gave me a free month of this Special Pay support called Connect Tech or something. They claimed that would solve everything. She said “They can even connect to your machine remotely and do it for you”. I guess I was supposed to be impressed. I acted like I was. They said I could call in about an hour to get support. About an hour and a half later I called. I was told that I had to wait 24 hours so they could put in a ticket and get me setup. I got my internet working myself, but imagine if I really needed help connecting to the internet???
Day2: Called the Connect Tech support Plus line back. After almost an hour of being on hold, and answering questions They said I wasn’t in the system right and they would call me back after they had a manager set me up. 2 hours later they called back and told me they could “Schedule an appointment” for tomorrow to talk with someone. I complained about the fact that I was told I’d have support in an hour the previous day.. they said they would call me back. An hour later A tech calls and remotes into my machine. Looks at the router and tells me that I have it configured right and does not understand my issue. I explain and I ask the same questions and I’m given the same answers. You can’t NAT, You must have public IPs on your equipment, You need 2 nics, You really should use DHCP from the router or your machines may not show up reliably.
Day 3: Looked online some more. Looked into buying my own device, Looked up all the threads I can find to possibly fix this. Like before everyone in a similar situation was pretty much SOL. The only answers are use DMZ plus and use your own router. That works if you don’t want to use 5 static IPs. I called AT&T to ask again to switch me back to my old DSL. They said it would take 7 days and I’d be without internet all that time. I asked cant you turn off the uverse when I get my other line turned on like you did when I switched to Uverse. She said no, they need to turn off the uverse to provision the other service. She was really nice and convinced me to talk to support again. I did… They had no clue, transferred me to another department, who transferred me to another department, who dropped my call. I called back tech support spoke to them some more, transferred another time, until customer service was closed.
Day 4: More online research… more nothing… Finally Posted my rant.
said by apeface :Maybe you should take a little less time acting like a know it all and little more time doing some research you might come out ahead. Exactly how much research should one do?...
My rant was not to get help…. It was to warn others before they end up in the same situation. Enough disgruntled posts like this, and perhaps someone will fix the issues. I estimate damn close to 14 hours of tech support calls when you include all of the holding and providing my information over and over but NOT including my own research on the web. The tech showed at noon the first day, and I got off the phone with the last call at 10:30pm But some of that Time I was working on it myself, looking online and I ate something… but it was a solid 6 hours at least on the phone. On the second day I spent another solid 4 hours. And at least 3 – 4 hours the 3rd day. I also in addition to the 14 hours spent at least 6 hours reading in forums. I even tasked the others at work to find me a solution… nothing.
I don’t think I know it all, what I wrote here regarding the configuration was confirmed many many AT&T techs. If I’m wrong about any of it, so are they. At least the ones I talked to. The opinion parts, are just that.. my opinion. |
|
x51
join:2009-05-27
Stratford, CT
| reply to mhetterm
said by mhetterm :Likewise, another engineer here (electrical, but one of my hats at work is managing our IT - the joys of a startup!) I have uverse at home and my ipsec vpn tunnel to work stays up fine 24/7, softphone/web/ssh/all other traffic through the tunnel is fine, no complaints! I agree the 3800hg UI is a bit fisher-price, but I just put a business-grade router in DMZplus and everything is fine. Asking for solutions is quite a bit more productive than just ranting ... Your solution is the most common found for this issue. The problem is that it sounds like you are using the single provided IP and your own router in DMZ mode. This is actually how I'm running right now, because it mostly works.
If this IS indeed the case, the problem is that your solution does not address my rant at all. I want to use my block of 5 different static IPs. I want to NAT them and only require 1 NIC in my servers.
If I misunderstood and you ARE using a block of statics, I'd be interested in more detail. |
|
x51
join:2009-05-27
Stratford, CT
| reply to djrobx
said by djrobx :What ipsec VPN are you using, and what was your secret? I could not for the life of me get Ipsec working through DMZPlus. Tried both OpenSwan and PFSense. It always died at phase 2. I've set it up dozens of times with a regular bridged connection and never had a problem. I can confirm in DMZ plus mode i have IPSEC VPN working. I have read posts from many others who, like you, can not get it to work though. I dont know if all of these devices have the same firmware? |
|
djrobx
join:2000-05-31
Valencia, CA
·PHONE POWER
·AT&T U-Verse
·AT&T CallVantage
·Time Warner VOIP
·RoadRunner Cable
2 edits | reply to x51
If you want to "roll your own" routing, you could run linux or BSD in a virtual machine on a physical machine with 2 interfaces. Create 5 virtual network adapters bridged to a real network adapter connected to one of the RG's ports. The RG will see these virtual adapters as individual machines because they each get their own MAC address. Then bridge a sixth virtual adapter to your physical adapter connected to your LAN and set up routing as desired between these interfaces.
--
AT&T U-Hearse
Your funeral. Delivered.
|
|
mhetterm
join:2001-11-01
Altadena, CA
·AT&T U-Verse
| reply to x51
@x51 - you are correct, I have a single dynamic IP - I don't have need for statics, as my router updates my dyndns account (and, apparently, u-verse "dynamic" ip's don't really change)
My point was only that the service _can_ be used for business purposes. I completely agree that AT&T should figure out how to provide a true bridged internet pipe via u-verse - but they don't at the moment, so we have to find work-arounds, or you can drop the service.
Why, exactly, do you need multiple static ip's (just asking so that maybe we can brainstorm a way to provide the services you need ...) |
|
x51
join:2009-05-27
Stratford, CT
| reply to djrobx
said by djrobx :If you want to "roll your own" routing, you could run Linux or BSD in a virtual machine on a physical machine with 2 interfaces. Create 5 virtual network adapters bridged to a real network adapter connected to one of the RG's ports. The RG will see these virtual adapters as individual machines because they each get their own MAC address. Then bridge a sixth virtual adapter to your physical adapter connected to your LAN and set up routing as desired between these interfaces. I had considered something similar.... I have a bunch of 4 port Ethernet cards. I considered throwing 2 of them in an old PC and building a Linux firewall. This could solve the issue with the RG only working off of physical mac addresses.
The Virtual solution WOULD effectively do the same thing and sounds like a better Idea. I may give that a shot. |
|
x51
join:2009-05-27
Stratford, CT
2 edits | reply to mhetterm
said by mhetterm :Why, exactly, do you need multiple static ip's (just asking so that maybe we can brainstorm a way to provide the services you need ...) I have a windows exchange server with Outlook web access, A windows Web server, A linux Apache Web server, a VPN device, and an SFTP server.
There are many workarounds (As I'm doing right now) to fit this all into a single IP address. I can use port forwarding to different devices. The most difficult part is the multiple servers that require port 80 and 443.. simple port forwarding won’t cut it. Right now all websites point at one server on port 80 and 443, and redirect to the proper servers on other ports. I dont want to make people remember port numbers.
I CAN move the important things to one of my datacenters where I wont have any issues... Most of the stuff I have is just for a test lab..
It's more about the point that with any other ISP that offers statics, this would not be a problem. going from AT&T DSL to AT&T Uverse I thought would be pretty simple.
I don’t mind a LITTLE compromising, but it's getting silly.
said by Tigerpaw509 :Would be willing to bet this guy talks for 3 hours on a conference call without a break.h]Has to be one of the worst rants on here Hrm.. maybe thats why I was on with tech support so long?? |
|
bclbob
join:2000-06-23
Oak Park, IL
clubs:
| x51: I think what you need to do is get 2 NICs for the webservers, one side plugged into the U-Verse gateway for the public IP and the other set to your internal network.
Obviously you're going to need to have firewalls on each of the machines, since the idea is you're going to do the DHCP dance to get those machines external IPs. |
|
x51
join:2009-05-27
Stratford, CT
| said by bclbob :x51: I think what you need to do is get 2 NICs for the webservers, one side plugged into the U-Verse gateway for the public IP and the other set to your internal network. Obviously you're going to need to have firewalls on each of the machines, since the idea is you're going to do the DHCP dance to get those machines external IPs. Well with the publics on the machines, I can still use the RG as a firewall... but it all seems to come back to 2 NICs. The one solution from djrobx with the VM linux firewall is the only way I know to avoid it. |
|
