dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
13688
share rss forum feed

DRNewcomb

join:2012-07-25
Long Beach, MS

U-Verse Internet: What does not work

I have not seen this mentioned on this forum. If you are considering getting U-Verse Internet there are some things that ATT won't tell you and you will have to learn on your own. For me, U-Verse Internet has worked OK but has a couple of irksome issues.

1. In a normal U-Verse setup it seems to be almost impossible to access a PPTP VPN server behind the RG. This has something to do with the RG always acting as a NAT boundary, even in DMZ+ mode. You may be able to overcome this if you pay more for a fixed IP address.

2. I personally have not been able to get a ping response from any device on the other side of the RG. The RG either answers a ping or discards it. There seems to be no option for passing one.

3. If you have U-Verse telephone, you will probably have problems running any SIP-based VOIP service as these ports are trapped by the RG.

4. I have been informed that if you have a wireless desktop box for U-Verse TV, you will not be able to use SSL services.



bigunk
Gort, Klattu Birada Nikto

join:2001-02-10
USA

I experienced everything you said except for #3. Maybe it's because I didn't have UVerse phone, but my SIP services worked perfectly. Every VPN client I used failed, no matter the settings I made in the gateway. I tried DMZ+ and a firewall, DMZ+ without a firewall, and a few other things that don't come to mind. They all failed.

Had to dump UVerse for TW. So far so good, except for regional outages that happen from time to time. Last time that happened was a comedy. My PC power supply had died. Fixed that and saw no internet. Rebooted my firewall and called TW at the same time. They confirmed the outage. TW came up later in the day and I realized my firewall wasn't working. Did some checking and found the hard drive died on it. Perfect storm centered right at my house.
--
"Political correctness is a doctrine, fostered by a delusionary, illogical minority, which is rabidly promoted by an unscrupulous mainstream media, who holds forth the proposition that it is entirely possible to pick up a turd by the clean end."



Mr Anon

@k12.il.us
reply to DRNewcomb

1. False, I have booth ran a local PPTP server and connected to a remote PPTP. I just, like as while I'm typing this connected to my server 2000 PPTP VPN (hello, home network, so nice to see you)

2. You are trying to ping from one local client to the other and local client? You are trying to ping from remote to the public IP of the RG or the public IP of one of the other devices on your network? If you are trying to ping from remote to the private IP addresses that is impossible.

Pinging the RG is possible but you must make sure you have set it to be pingable.

3. I do not have this service

4. I do not have this service


DRNewcomb

join:2012-07-25
Long Beach, MS

1. I never said you could not connect out to a PPTP VPN server. You are the first person I have ever encountered who has claimed to have a PPTP VPN server working and accessible behind a U-Verse RG (without paying for a static IP). Perhaps you can tell us how you accomplished this?

2. Trying to ping a host or router behind the RG from outside. The (2Wire) gateway can only be set answer or ignore (swallow) the ping. I have not been able to get it to pass the ping on to a router or host behind the RG.



Forosnai

join:2011-09-30
kudos:2
reply to DRNewcomb

Click for full size
»forums.att.com/t5/Residential-Ga···=desktop


Mr Anon

@sbcglobal.net
reply to DRNewcomb

for the VPN server (MS PPTP) All I did is first set the server up, I always give my server static addresses. Next go to your RG, log in:
Settings > Firewall > Applications, Pinholes and DMZ >
click on your computer you wish to be the endpoint. Click servers under filter by application. Select PPTP, hit add. Make sure you save the setting.

Having a dynamic or static IP would have nothing to do about rather or not you can do this, actually as most people have noticed your IP tends to not change with uverse, I've only had my address change 3 times, each time I either had a new RG or a new port on the VRAD

2. What you are describing is not possible, period. I have never heard someone say they could pass IGMP over nat to devices behind it.

4. Although I don't have this service one of my friends does, as he is a network admin, his job requires the use of gmail, he would have screamed bloody murder by now and dumped the service.

You mentioned a router behind the RG? Sounds like you might be in a router behind router situation, which the RG will warn you about (it is not always quick on detecting this, I ran that way for months without seeing the warning), this is not a recommended configuration and should only be attempted by those very familiar with networking.


DRNewcomb

join:2012-07-25
Long Beach, MS

OK. So using a port forward to a VPN server with a static LAN address might work. What I have tried to do is run a VPN server on a DD-WRT router behind the RG. In DMZ+ mode, the router is given the same address as the RG and all incoming traffic is supposed to be forwarded to the router. I use the router's DDNS function to be able to address the RG by name, rather than try to keep up with IP numbers. It is unfortunate that the RGs do not have a true pass-through mode as do most cable and DSL modems.



howardfine

join:2002-08-09
Saint Louis, MO
reply to DRNewcomb

Does Uverse block any ports? Specifically 21/22/80 and any other useful ones. I ssh quite a bit and occasionally run a server so clients can view web pages from my office test setup. Most ISPs don't let you host files but I only do this for an hour or so every couple of weeks, not all the time.

Over the last 15 years I've heard nothing but BS from ATT about their "high speed internet". While they advertise one speed, reality comes nowhere close. Now it seems they say their top speed is 24Mbs, I think. How close to reality is that?



Mr ANon

@sbcglobal.net

The only port they block is 25 for spam reasons, you can have this removed but I thin, there is a small one time fee for that now. Of course 135/139 but that is it. Unlike most ISPs having servers on your connection is not against the TOS.



SomeJoe7777

join:2010-03-30
Houston, TX
kudos:7
reply to howardfine

U-Verse blocks the following ports:

Outbound:

- 25 (SMTP) to any server other than outbound.att.net for spam control.

To get around the port 25 outbound block requires payment of a 1-time fee to ConnectTech.

Inbound:

- 8000-8015: reserved for U-Voice VOIP
- 50000?: reserved for control of the RG
- 443: reserved for the wireless STB access point if you have wireless STBs. Not blocked if you don't have wireless STBs.

Some people claim that 22 (SSH) may be blocked, but this appears to be inconsistent.

To get around any of the inbound port blocks requires static IP addresses.



howardfine

join:2002-08-09
Saint Louis, MO

said by SomeJoe7777:

Some people claim that 22 (SSH) may be blocked, but this appears to be inconsistent.

The claim or the reality? Can't someone test and let me know?

Zilveari

join:2012-07-30
Bloomington, IL
reply to DRNewcomb

5) AT&T likes to lie. They may tell you that you're getting "U-Verse", or "fiber" or "FTTP", even when you only have ATM/PTM ADSL/VDSL.



jcouch93

join:2002-01-29
Marietta, GA
reply to DRNewcomb

I can also confirm that PPTP works behind the RG. I'm running DMZ+ mode with my WNDR3700v1 doing the routing and my WHSv1 box functioning as the VPN server. I use both PPTP and L2TP VPN's and they work fine with no issues. I have the router using DynDNS so that I don't have to remember my IP address but it worked without that.


Secyurityet
Premium
join:2012-01-07
untied state
reply to DRNewcomb

As for a static IP, my IP might as well be static -- I've had the same IP since 2009...


DRNewcomb

join:2012-07-25
Long Beach, MS
reply to jcouch93

I appear to have gotten PPTP to work. My DD-WRT WRT54G router is connected to the RG but not in DMZ+ mode. I forget how that came to be. On the RG, I forwarded incoming PPTP packets to the router. On the router I set up the DD-WRT PPTP server and entered the RG's WAN address in the "Server IP" block. I'm going to do some more testing. Not sure if I can put my DDNS host name in the "Server IP" block. Who knows, I may keep U-verse after all.



stormbow
Freedom isn't FREE
Premium
join:2002-07-31
Simi Valley, CA
reply to howardfine

said by howardfine:

said by SomeJoe7777:

Some people claim that 22 (SSH) may be blocked, but this appears to be inconsistent.

The claim or the reality? Can't someone test and let me know?

Not only do I have ssh running, but I am tunneling vnc over it. Works great


SECraft

@bellsouth.net
reply to Zilveari

The ill-informed tend to generalize.

1. "U-Verse" is a brand/product name. As such, If the product is named "U-Verse" and you purchase it, you have U-Verse.

2. FTTP is a deployed service, available in many communities, including my own in TN.

3. AT&T is not alone is touting a "fiber" network. Many providers use a FTTN setup and provide last mile solutions over copper/coax. Comcast/Time Warner/Cablevision are included in this.

Less anger, more facts next time.



NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:11
Reviews:
·SONIC.NET
·Pacific Bell - SBC
reply to Zilveari

said by Zilveari:

5) AT&T likes to lie. They may tell you that you're getting "U-Verse", or "fiber" or "FTTP", even when you only have ATM/PTM ADSL/VDSL.

"U-verse" IS either ADSL2+, or VDSL. Neither uses an ATM backhaul. All U-verse is, at a minimum, "Fiber To The Node", which is the same topology as the HFC run by the MSOs. Some rare U-verse installs are FTTP, but the majority are FTTN.

Only ADSL uses ATM. And AT&T appears bent on decommissioning their ADSL networks.

My apology, SECraft. I jumped in before reading down far enough to see your reply.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum