| |
PPTP VPN wont connect over LTEIs it just my phone? or does rogers now ban PPTP VPN over LTE?
It appears to work fine over wifi. |
|
 HiVolt
Premium Member
join:2000-12-28
Toronto, ON |
HiVolt
Premium Member
2017-Feb-10 7:44 pm
Didn't Rogers at one point require to get some kind of upgraded option for VPN's? something about having a real dynamic IP vs a shared one.. |
|
| |
to the cerberus
That does not sound right, it should not be blocked. |
|
 SimplePandaBSD
Premium Member
join:2003-09-22
Montreal, QC
1 edit |
to the cerberus
PPTP requires GRE (protocol 47) forwarding. Most consumer routers have passthrough support to make this work, hence why it works on WiFi.
But...
1) Rogers IPv4 service is through CGNat.
2) Your phone probably doesn't have passthrough support.
Either will break GRE forwarding.
Incidentally, for issue #1 (CGNat in the way), HiVolt touches on the solution with his comment - some carriers had a "VPN charge" that was really just a fee you paid to get assigned you real, public IPv4 address rather than a private address behind the CGNat.
IPSec works fine on Rogers LTE (I use it almost daily). IPSec has NAT-T (UDP 4500) encapsulation as a fallback for proper protocol 50 (ESP) operation when a NAT is in the way.
SSL based VPNs like OpenVPN have native support for traversing NATs as well.
One of the many reasons PPTP is considered obsolete. |
|
| |
to HiVolt
It worked up until yesterday, just wondering if anyone else can see if it works. seems odd. i didnt change any settings on my phone and the server is up as it works on wifi. |
|
1 recommendation |
same here.. i am on fido aka rogers..
i use the built in VPN on my android device and PPTP won't work .. it has been.. and have been using it .. I tried again when you mentioned this thread and it won't connect. |
|
|
| |
anyway we can get this fixed? |
|
| |
not sure, unless something is going on or updated on rogers part?
and knowing rogers getting anything fixed is like pulling teeth. probably easier to pull a few teeth than getting help |
|
| |
pulling teeth is an understatement.  no help from live chat. 7:35 PMTHE CERBERUS
PPTP VPN over LTE no longer works please escalate issue to production support
7:36 PMBrandon
Hi, I'm Brandon from Rogers in Moncton! You have already been advised this is not something we assist with. There is nothing to escalate.
7:37 PMTHE CERBERUS
the internet is not functioning properly
7:37 PMTHE CERBERUS
i cannot connect to my work and the server is fine
7:37 PMTHE CERBERUS
it is you
7:37 PMTHE CERBERUS
it is your internet
7:37 PMTHE CERBERUS
please have it fixed
7:37 PMTHE CERBERUS
stop pretending this issue does not exist
7:37 PMTHE CERBERUS
it is real
7:38 PMBrandon
Does your data work without the VPN connected?
7:38 PMTHE CERBERUS
yes, but the VPN is being blocked by you
7:38 PMTHE CERBERUS
please escalate the issue
7:38 PMTHE CERBERUS
it worked for 2 years
7:38 PMTHE CERBERUS
i need to do my work
7:38 PMTHE CERBERUS
this is a production issue
7:38 PMTHE CERBERUS
you are blocking my VPN, i need it unblocked
7:39 PMTHE CERBERUS
i cant do my work without it
7:39 PMTHE CERBERUS
the VPN works fine over wifi
7:39 PMBrandon
If the data service functions without the VPN connected our service is functioning as it is intended to. We do not support VPN services at all. Was there anything else I can answer today?
7:39 PMTHE CERBERUS
i dont need your support of my works VPN, the VPN is fine
7:39 PMTHE CERBERUS
you are blocking it
7:39 PMTHE CERBERUS
i need you to stop blocking it
7:39 PMTHE CERBERUS
thats a function of the internet
7:39 PMTHE CERBERUS
i need this escalated ASAP
7:40 PMTHE CERBERUS
production support
7:40 PMTHE CERBERUS
I do not need help with VPN
7:40 PMTHE CERBERUS
i need help with the internet
7:40 PMBrandon
If a block was implemented through our back end there would be a reason our network admins decided to do that. They would not override that decision for one person. There is nothing we can do for this issue. Was there Other issues I could address today since this issue has already been addressed?
7:40 PMTHE CERBERUS
it is a function of the internet that i have used for the passed 2 years
7:40 PMTHE CERBERUS
i need it working so i can do my work
7:41 PMTHE CERBERUS
i cannot work without it
7:41 PMTHE CERBERUS
i would have to cancel my cell phone if you cannot get it working
7:41 PMTHE CERBERUS
you need to escalate this issue
7:41 PMTHE CERBERUS
there is no reason for a general function of the internet to be blocked
7:41 PMBrandon
If that is what you wish you are certainly entiled to do so. There is nothing that will be escalated for this issue because we do not support VPN services.
7:42 PMTHE CERBERUS
i do not need your support of my VPN
7:42 PMTHE CERBERUS
the VPN is fine
7:42 PMTHE CERBERUS
i need your internet to function properly
7:42 PMTHE CERBERUS
so i can access my work
7:42 PMBrandon
The internet is functioning properly. It works without the VPN. That is the service we provided
7:42 PMTHE CERBERUS
it does not function properly if it is blocking ports
7:43 PMBrandon
As you appear to have no issues other than with the VPN I will need to close the chat as this issue has already been addressed. Just to inform you, we've added a number of features to our website at www.rogers.com/support under wireless such as Device Aid which can help answer common how to questions and the Network Status Checker which allows you to see if there are issues going on in your area without having to chat or call in. Thank you for choosing Rogers and have a great day!
7:43 PMTHE CERBERUS
thats a difference of opinion here, its a technical hurdle you dont seem to be understanding |
|
SimplePandaBSD
Premium Member
join:2003-09-22
Montreal, QC |
to the cerberus
said by the cerberus:It worked up until yesterday, just wondering if anyone else can see if it works. seems odd. i didnt change any settings on my phone and the server is up as it works on wifi. Possible you were getting a public IP before and now you're not? What IP address is being assigned to your phone? It's also possible Rogers was doing some sort of ALG for PPTP and have stopped doing so given the wide deployment of IPv6 now. Which is to say, they're not so much blocking PPTP now as they are not applying a workaround to actually make it work on the mobile network. Tough to say. If you have an IPSec connection to test does that still work? |
|
1 recommendation |
to the cerberus
I use nordvpn which has its own openvpn client for Android.
Same thing happened. It stopped working sometime last week.
I called and they said you have to subscribe and only for business accounts. |
|
| |
What right do they have to block functions of the internet?
Especially one like this that protects our privacy?
I can't help but think this was done so as to be able to spy on us/invade our privacy.
Is there anything we can do to stop this injustice?
I can't see how this is not a net neutrality issue as well. |
|
Sanek
join:2006-08-10
Kanata, ON |
to the cerberus
So this was working before, but I was at a client's office today and needed to VPN into my office PC and BAM - not working anymore.
I'm on Fido - are you guys saying that I should pay them extra to have this unblocked for me now or we don't know what's going on yet? |
|
| |
It's being blocked and only business accounts can purchase the VPN option. |
|
 mozerdLight Will Pierce The Darkness
MVM
join:2004-04-23
Nepean, ON |
to SimplePanda
said by SimplePanda:If you have an IPSec connection to test does that still work? I am using L2TP over IPsec --- EdgeRoute-Lite -- and via my iPhone6 ... works BUT performance over the past 5 days has been very poor [very slow] over Rogers LTE ... very VERY annoying. |
|
2 edits |
Good news. I had the chat escalated to a support agent who actually is investigating this issue now.
They already called a bunch today and have escalated to the network team.
Sounds like I'm going to get a real answer and perhaps a solution.
They are actually reading this thread, so any added technical details would be good. |
|
SimplePandaBSD
Premium Member
join:2003-09-22
Montreal, QC |
to mozerd
said by mozerd:I am using L2TP over IPsec --- EdgeRoute-Lite -- and via my iPhone6 ... works BUT performance over the past 5 days has been very poor [very slow] over Rogers LTE ... very VERY annoying. This suggests they're not actively blocking VPN connectivity across the board and it's a PPTP problem exclusively. PPTP should need an ALG to function through any NAT so maybe there's an issue there on the Rogers side (or maybe they've intentionally decided to disable support). Will be interesting to see. At any rate, there were a lot of reasons to stop using PPTP before this. Maybe a good time to move to a better VPN solution. |
|
1 recommendation |
to the cerberus
PPTP is legacy, and should be banned anyway as it's insecure. Most routers today have OpenVPN support. Why not use that instead? Super easy to setup. |
|
camelot
1 recommendation |
to the cerberus
said by the cerberus:I can't help but think this was done so as to be able to spy on us/invade our privacy.
Is there anything we can do to stop this injustice?
I can't see how this is not a net neutrality issue as well. Really? |
|
4 edits |
to camelot
said by camelot:PPTP is legacy, and should be banned anyway as it's insecure. Most routers today have OpenVPN support. Why not use that instead? Super easy to setup. Are you not following along? OpenVPN is blocked too! Does it have negative impact on the network? No. Can it be used with malicious intent to spam someone like a mailserver can? No. Then it does not deserve to be banned. I'm using a client on rogers network, not running a server. why do you care if I use a "insecure" protocol or not? are you going to say that every server that does not use SSL and has logins should be banned to? it should not be banned. that is not net neutrality. said by camelot:said by the cerberus:I can't help but think this was done so as to be able to spy on us/invade our privacy.
Is there anything we can do to stop this injustice?
I can't see how this is not a net neutrality issue as well. Really? REALLY! Thats what net neutrality means, treat all protocols as equals. Next you are going to tell me telnet should be banned as well. ffs. this has nothing to do with security of the user. Are you going to ban all HTTP connections that arent SSL as well? This is nonsense. People log into insecure servers every day, it has nothing to do with the issue at hand. I would completely understand if it negatively impacted the network. PPTP client does not do that. neither does telnet. you clearly do not understand net neutrality. VPNs add privacy, by blocking both OpenVPN and PPTP they prevent us from attaining added privacy and can spy on us/see everything we do online, every connection goes through them instead of the desired VPN server. I can't help but think this was intentional for various agencies to spy on us without with or without warrant. |
|
SimplePandaBSD
Premium Member
join:2003-09-22
Montreal, QC
1 recommendation |
I just did a quick test using tethering and OpenVPN works fine (port 1194 UDP as is standard for OpenVPN).
That said, OpenVPN is defacto unblockable anyways - it works over UDP or TCP and can be migrated to any port on either protocol and is specifically designed to bypass networks that are restricting port and protocol access.
So no, it doesn't look like Rogers is blocking OpenVPN at all, at least for me.
The PPTP thing really does feel like an ALG being disabled somewhere and the charge they're apparently asking people to pay is the standard carrier charge of migrating you from a CGNat address to a public address.
Sucks if it was working before and isn't now - but from a neutrality point of view it doesn't look like they've decided to "block" anything, per se.
I also don't buy that this was a move to "spy" on users. Feels a lot more like router upgrades are going on and they can't be bothered maintaining software support for what very much is an antiquated and obsolete protocol (PPTP). |
|
| |
interesting. maybe your tower is still on the old settings. i cant seem to get openvpn to work anymore and the above user couldn't either. said by Anond4386 :I use nordvpn which has its own openvpn client for Android.
Same thing happened. It stopped working sometime last week.
I called and they said you have to subscribe and only for business accounts. said by SimplePanda:The PPTP thing really does feel like an ALG being disabled somewhere and the charge they're apparently asking people to pay is the standard carrier charge of migrating you from a CGNat address to a public address. Appears to be the same ip i was getting before, neither was public. (192.x.x.x) said by SimplePanda:Sucks if it was working before and isn't now - but from a neutrality point of view it doesn't look like they've decided to "block" anything, per se. Certainly feels like a block to me, it was working, now its not. if its not blocked, its certainly broken. do they have a right to break protocols? that doesnt sound like net neutrality to me. said by SimplePanda:I also don't buy that this was a move to "spy" on users. Feels a lot more like router upgrades are going on and they can't be bothered maintaining software support for what very much is an antiquated and obsolete protocol (PPTP). I can't help but feel like it is to spy on us. VPNs worked, now they dont. Seems pretty cut and dry to me. They want to see the connections. |
|
| |
to the cerberus
If you're truly worried about someone "spying" on you, don't use PPTP. You have everyone on this thread advising you not to use it anymore. There is a reason- it is obsolete. |
|
1 edit |
said by camelot:If you're truly worried about someone "spying" on you, don't use PPTP. You have everyone on this thread advising you not to use it anymore. There is a reason- it is obsolete. :( thats not the point at all. i dont care that pptp is insecure or obsolete. i dont think they are spying on me per se. i just want my packets routed through a somewhat private network at work instead of rogers. take for example MLPPP on bells network, turning it on stopped DPI from throttling torrents, but it never added any extra security to stop them doing it. it simply tricked a mass inspector by moving a few bits in a packet. That's all I want, a bit a privacy so its not easy, to spy on my packets. additionally something like liability of copyright trolls would transfer to the VPN provider as well. i can't move the server to a different protocol either as its actively in use by others and openvpn is being blocked anyways. |
|
4 recommendations |
kiloohm
Member
2017-Feb-14 11:02 am
In 2016, Rogers started the deployment of IPv6 on our Wireless network. At that point, most recent phones (2015++) started receiving from our LTE network both an IPv4 and an IPv6 address. This was the first phase of our IPv6 deployment plan for the wireless network.
Late last year, we started enabling IPv6-only service (no native IPv4) on some phone models (LG G4, Google Nexus 5 and Samsung Galaxy S4). Recently, we enabled the service on more models (most Samsung Galaxy phones). With IPv6-only service, phones are still able to access the entire IPv4 space through the use of a technology called 464XLAT on the phone itself combined with a DNS64 and a CGN64 in our core network. This transition was necessary as IPv4 resources worldwide are completely exhausted.
With this technology, the transition to IPv6-only service has been transparent for most users and almost nobody noticed that their phone was operating natively on IPv6 without direct IPv4 connectivity. PPTP VPNs however use a very old technology that is not well supported in this configuration. We have also noticed that in some rare cases, L2TP/IPSec VPNs are broken. This last scenario is due to a bug in the Android code and we are actively working with Google to resolve it.
There is however a workaround for users affected (both for the PPTP and L2TP/IPSec issues). Directly on their phone, users can go in their APN settings to change the “PDP Type” to IPv4 (by default it is set to IPv4v6). Depending on the phone model, users may be able to simply change the PDP Type or they may have to create a new APN entry (copying existing settings) and make it default.
Let me know if this helps.
Dave
-----
I am a Rogers Network Architect. I am here to provide production solutions for the specific topics I engage in. For other concerns, please reach out to me on Rogers Community Forums. |
|
1 recommendation |
to the cerberus
Deleted. RogersDave gave the answer. It's not a conspiracy. It's a code bug. |
|
| |
to kiloohm
|
|
SimplePandaBSD
Premium Member
join:2003-09-22
Montreal, QC
1 recommendation |
to the cerberus
EDIT: RogersDave says that XLAT is indeed the case. Thanks for the update RogersDave.  Also explains why I wasn't having issues with OpenVPN (not using an XLAT enabled device). |
|
| |
switched APN to ipv4. its good now.  RogersDave rules!! |
|
| |
to the cerberus
And here I was going to say that mobilesyrup picked up the story as well. » mobilesyrup.com/2017/02/ ··· ers-lte/RogersDave settings above work. Weird how it was working all this time, and just out of the blue it stopped |
|
no help from live chat.
