dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5428
share rss forum feed


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:12
reply to claykin

Re: USG50 HELP request - Tmobile wifi call traffic blocked

Any chance getting that 2nd public IP?

JPedroT

join:2005-02-18
kudos:2
reply to claykin
How will the WNDR know the difference between packets that are destined for the WLAN compared to the switch port connected to the USG? You still need the same ALG support in the NAT in the WNDR as you need in the USG without the WNDR.

Double NAT will foobar some stuff, but it depends on the ALG on the edge.
--
"Perl is executable line noise, Python is executable pseudo-code."

claykin

join:2003-08-22
Fort Lauderdale, FL
reply to Brano
said by Brano:

Any chance getting that 2nd public IP?

Comcast residential service. Probably less chance than Zyxel implementing GAN before end 2012.

I would likely need to switch to Comcast business for 2x the cost.

JPedroT

join:2005-02-18
kudos:2
How about getting IPv6? And end of 2012 is not something I would bet on, you can place your bets when its on the roadmap.
Until then its just a wish :/

claykin

join:2003-08-22
Fort Lauderdale, FL
Not sure if IPV6 is available in South Florida (yet). Forums posts seem to indicate it is. Anyway, Comcast claims their entire network will be IPV6 by end 2012.

I would need a new modem which is not an issue as I've been eyeing the Motorola 6121 for a while. Cheap upgrade.

So, assuming I can get IPV6, how do I go about implementing this? Is it because the USG has two sets of firewall rules, one for IPV4 and IPv6 that you think we can get this done?

If you really think its possible I'll order the modem tomorrow.


janderso1
Jim
Premium,MVM
join:2000-04-15
Saint Petersburg, FL
reply to claykin
If Tmobile supports IPv6 then you can an IPv6 tunnel from Hurricane Electric.

»www.he.net/

You get a /64 for the tunnel, a routed /64 and a routed /48 for free. My USG 50 manages my tunnel.

»Setup Hurricane Electric tunnel on USG XX?

A /48 can be subnetted into up to 65000 /64 subnets.

The only problem I have seen with the tunnel is IPv6 tracert doesn't work through the USG 50.
--
Jim Anderson

claykin

join:2003-08-22
Fort Lauderdale, FL
Am I checking this correctly?

I went to »ip-lookup.net/index.php and typed one of the TMo IPV4 addresses in. Then I clicked the CONVERSIONS link which gave the relevant 6to4 address. I click that and it responds with the TMobile DNS server answerback. So, does that mean TMo supports IPV6?

I assume my phones do NOT need IPV6 support since I'd be doing IPv4 on the LAN?


janderso1
Jim
Premium,MVM
join:2000-04-15
Saint Petersburg, FL
To use the tunnel the PC or other device uses its IPv6 routable address.

C:\Users\janderso>ping google.com

Pinging google.com [2001:4860:4002:801::1006] with 32 bytes of data:
Reply from 2001:4860:4002:801::1006: time=102ms
Reply from 2001:4860:4002:801::1006: time=99ms
Reply from 2001:4860:4002:801::1006: time=119ms
Reply from 2001:4860:4002:801::1006: time=95ms

Ping statistics for 2001:4860:4002:801::1006:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 95ms, Maximum = 119ms, Average = 103ms

C:\Users\janderso>

C:\Users\janderso>
So the phone would have to support IPv6
--
Jim Anderson


mozerd
Light Will Pierce The Darkness
Premium,MVM
join:2004-04-23
Nepean, ON
reply to claykin
Apparent TMOBILE supports IPv6 so if your smartphone supports IPv6 and if your Comcast service supports IPV6 you should be able to accomplish your objective. Lots of IFs

claykin

join:2003-08-22
Fort Lauderdale, FL
Yeah, lots of if's and one big NO. RIM does not support IPV6 on their GAN enabled phones, even OS7.1. And from what I read Android support is iffy even on ICS.

I think I'm back to square one for the time being.

JPedroT

join:2005-02-18
kudos:2
reply to claykin
Android works just fine, albeit the DHCP client does not support it. So you need to have SLAAC enabled on your USG.
--
"Perl is executable line noise, Python is executable pseudo-code."

claykin

join:2003-08-22
Fort Lauderdale, FL
said by JPedroT:

Android works just fine, albeit the DHCP client does not support it. So you need to have SLAAC enabled on your USG.

I have several RIM devices that do not support IPV6.

And which version/flavor of Android did you have luck with? I've been reading some varying IPV6 support on the Android forums.


mozerd
Light Will Pierce The Darkness
Premium,MVM
join:2004-04-23
Nepean, ON

JPedroT

join:2005-02-18
kudos:2
reply to claykin
I have done it with the Galaxy Nexus S and Galaxy Nexus obviously with JB and ICS. But I was experimenting with the Nexus S before ICS I believe.

But if not all your devices does support it then its not something that will solve your problem completely

But I do suggest you do the IPv6 thing, because its something you need to do anyway and why not do it now and solve the problem for a subset of your users?
--
"Perl is executable line noise, Python is executable pseudo-code."

JPedroT

join:2005-02-18
kudos:2
reply to mozerd
Before the Nexus S, TMobile had a LG Android phone with IPv6 support available. So that list is not 100% correct
--
"Perl is executable line noise, Python is executable pseudo-code."


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to claykin
DSL pardner, you are a fine wine my friend, you only get better with age!!

claykin

join:2003-08-22
Fort Lauderdale, FL
I really do appreciate the help and advice. Wish I could easily implement IPV6 and resolve this.

Not sure I'll satisfy most users. There's only a few Androids, and most seem to be 2.3.x models such as myTouch4G. They've got another 6 months - year before they'll be upgrading again.

I've got quite a few BB9900 users who travel Int'l often and they won't give up their BB anytime soon. BB has the best data roaming options so they stick with it. Plus the 9900 seems to be a pretty good phone. Does all the important stuff a smartphone should do, just minus some popular apps (mostly goofy apps).

Right now I'm thinking I need to look into a second WAN IP for these locations.

How would I go about setting this up with a second WAN IP?

BTW, I did hear back from the USG PM @ Zyxel. Their HQ is looking at this and will report back shortly. I'll continue to be hopeful.


imanon

@comcast.net
reply to claykin
I had a similar problem with the IPsec port being captured by the device rather than forwarded to the AT&T 3G microcell on my LAN - I solved it by removing IPsec from the "wan to zyxel" rule, obviously that means no IPsec VPN terminations to the device, so I'm using SSL VPN instead - not sure if that work be sufficient for you.

claykin

join:2003-08-22
Fort Lauderdale, FL
said by imanon :

I had a similar problem with the IPsec port being captured by the device rather than forwarded to the AT&T 3G microcell on my LAN - I solved it by removing IPsec from the "wan to zyxel" rule, obviously that means no IPsec VPN terminations to the device, so I'm using SSL VPN instead - not sure if that work be sufficient for you.

Tried that, but had unpredictable results. Worked, then didn't. Not nearly as well as when USG was completely out of the picture.

claykin

join:2003-08-22
Fort Lauderdale, FL

1 recommendation

reply to claykin
A happy ending.

TMobile released a new SIM card called UICC GBA (Generic Bootstrapping Architecture). This SIM handles user authentication and since converting to it, I no longer have USG log entries from TMo servers on port 4500.

The odd thing is this SIM came out in Q4 2011 and I've called TMo about 10 times about my wifi calling issues and not a single person said anything about a new SIM. Yet, their tech page says this GBA SIM is required for newer phones using wifi calling. Anyway, a billing rep knew about it. A quick trip to my local TMo store and I was swapped out.

So far so good. Its been 5 days with pretty good Wifi calling success behind the USG with my IPSec VPN enabled.

claykin

join:2003-08-22
Fort Lauderdale, FL
reply to imanon
said by imanon :

I had a similar problem with the IPsec port being captured by the device rather than forwarded to the AT&T 3G microcell on my LAN - I solved it by removing IPsec from the "wan to zyxel" rule, obviously that means no IPsec VPN terminations to the device, so I'm using SSL VPN instead - not sure if that work be sufficient for you.

I would check with AT&T and see if they have a new SIM. I cannot imagine TMo are the only ones...