mhetterm
join:2001-11-01
Altadena, CA
 ·AT&T U-Verse
| reply to apeface
Re: Uverse DSL With Static IPS WORST ISP EVER!
Likewise, another engineer here (electrical, but one of my hats at work is managing our IT - the joys of a startup!)
I have uverse at home and my ipsec vpn tunnel to work stays up fine 24/7, softphone/web/ssh/all other traffic through the tunnel is fine, no complaints! I agree the 3800hg UI is a bit fisher-price, but I just put a business-grade router in DMZplus and everything is fine.
Asking for solutions is quite a bit more productive than just ranting ... |
|
bclbob
join:2000-06-23
Oak Park, IL
clubs:
| I'm glad the DMZplus mode is working for you, but it isn't working for me. And the DMZplus mode doesnt pass ICMP traffic. And the 2wire is still firewalling and proxying, so you're limited to what the 2wire can proxy (1024 connections?)
I've already proposed a solution, let us use third party modems - I'm fine with the tech support starting:
1) are you using the U-Verse RG? No? Ok use that, if its still a problem call us back. |
|
djrobx
join:2000-05-31
Valencia, CA
 ·PHONE POWER
·AT&T U-Verse
·AT&T CallVantage
·Time Warner VOIP
 ·RoadRunner Cable
| reply to mhetterm
quote:
I have uverse at home and my ipsec vpn tunnel to work stays up fine 24/7, softphone/web/ssh/all other traffic through the tunnel is fine, no complaints!
What ipsec VPN are you using, and what was your secret? I could not for the life of me get Ipsec working through DMZPlus. Tried both OpenSwan and PFSense. It always died at phase 2. I've set it up dozens of times with a regular bridged connection and never had a problem.
--
AT&T U-Hearse
Your funeral. Delivered.
|
|
mhetterm
join:2001-11-01
Altadena, CA
·AT&T U-Verse
| @djrobx - I have a Netgear FVS336G on either end (doing router-to-router ipsec) - I didn't change the setup from when I had plain old AT&T dsl - just put the router in DMZplus and it worked ...
@bclbob - I agree the ICMP issue is there, but in reality, it's kind-of a non-issue - do you _really_ need to tracert all the way into your home network? I still hope they fix it, though. Re: 2wire proxy - I haven't run into any problems yet (3 weeks with this setup). |
|
ozzy6900
join:2005-01-11
West Haven, CT
·AT&T U-Verse
| reply to bclbob
said by bclbob  :I've already proposed a solution, let us use third party modems - I'm fine with the tech support starting: Seeing as how Uverse TV is proprietary, it is doubtful that you will see 3rd party modems for quite a while. They will have to decode the TV signal and VoIP in addition to the VDSL. Just the VoIP alone is enough to scare the hell out of many of the manufacturers because they realize that the modem has to act like a Central Office to the telephones that stand behind it. Most people don't understand this. There is a lot more to the RG than just the Internet access. |
|
bclbob
join:2000-06-23
Oak Park, IL
clubs:
| said by ozzy6900 : There is a lot more to the RG than just the Internet access. Not to me since U-Verse Small Business is internet only. |
|
x51
join:2009-05-27
Stratford, CT
| reply to mhetterm
said by mhetterm :Likewise, another engineer here (electrical, but one of my hats at work is managing our IT - the joys of a startup!) I have uverse at home and my ipsec vpn tunnel to work stays up fine 24/7, softphone/web/ssh/all other traffic through the tunnel is fine, no complaints! I agree the 3800hg UI is a bit fisher-price, but I just put a business-grade router in DMZplus and everything is fine. Asking for solutions is quite a bit more productive than just ranting ... Your solution is the most common found for this issue. The problem is that it sounds like you are using the single provided IP and your own router in DMZ mode. This is actually how I'm running right now, because it mostly works.
If this IS indeed the case, the problem is that your solution does not address my rant at all. I want to use my block of 5 different static IPs. I want to NAT them and only require 1 NIC in my servers.
If I misunderstood and you ARE using a block of statics, I'd be interested in more detail. |
|
x51
join:2009-05-27
Stratford, CT
| reply to djrobx
said by djrobx :What ipsec VPN are you using, and what was your secret? I could not for the life of me get Ipsec working through DMZPlus. Tried both OpenSwan and PFSense. It always died at phase 2. I've set it up dozens of times with a regular bridged connection and never had a problem. I can confirm in DMZ plus mode i have IPSEC VPN working. I have read posts from many others who, like you, can not get it to work though. I dont know if all of these devices have the same firmware? |
|
djrobx
join:2000-05-31
Valencia, CA
·PHONE POWER
·AT&T U-Verse
·AT&T CallVantage
·Time Warner VOIP
·RoadRunner Cable
2 edits | reply to x51
If you want to "roll your own" routing, you could run linux or BSD in a virtual machine on a physical machine with 2 interfaces. Create 5 virtual network adapters bridged to a real network adapter connected to one of the RG's ports. The RG will see these virtual adapters as individual machines because they each get their own MAC address. Then bridge a sixth virtual adapter to your physical adapter connected to your LAN and set up routing as desired between these interfaces.
--
AT&T U-Hearse
Your funeral. Delivered.
|
|
mhetterm
join:2001-11-01
Altadena, CA
·AT&T U-Verse
| reply to x51
@x51 - you are correct, I have a single dynamic IP - I don't have need for statics, as my router updates my dyndns account (and, apparently, u-verse "dynamic" ip's don't really change)
My point was only that the service _can_ be used for business purposes. I completely agree that AT&T should figure out how to provide a true bridged internet pipe via u-verse - but they don't at the moment, so we have to find work-arounds, or you can drop the service.
Why, exactly, do you need multiple static ip's (just asking so that maybe we can brainstorm a way to provide the services you need ...) |
|
x51
join:2009-05-27
Stratford, CT
| reply to djrobx
said by djrobx :If you want to "roll your own" routing, you could run Linux or BSD in a virtual machine on a physical machine with 2 interfaces. Create 5 virtual network adapters bridged to a real network adapter connected to one of the RG's ports. The RG will see these virtual adapters as individual machines because they each get their own MAC address. Then bridge a sixth virtual adapter to your physical adapter connected to your LAN and set up routing as desired between these interfaces. I had considered something similar.... I have a bunch of 4 port Ethernet cards. I considered throwing 2 of them in an old PC and building a Linux firewall. This could solve the issue with the RG only working off of physical mac addresses.
The Virtual solution WOULD effectively do the same thing and sounds like a better Idea. I may give that a shot. |
|
x51
join:2009-05-27
Stratford, CT
2 edits | reply to mhetterm
said by mhetterm :Why, exactly, do you need multiple static ip's (just asking so that maybe we can brainstorm a way to provide the services you need ...) I have a windows exchange server with Outlook web access, A windows Web server, A linux Apache Web server, a VPN device, and an SFTP server.
There are many workarounds (As I'm doing right now) to fit this all into a single IP address. I can use port forwarding to different devices. The most difficult part is the multiple servers that require port 80 and 443.. simple port forwarding won’t cut it. Right now all websites point at one server on port 80 and 443, and redirect to the proper servers on other ports. I dont want to make people remember port numbers.
I CAN move the important things to one of my datacenters where I wont have any issues... Most of the stuff I have is just for a test lab..
It's more about the point that with any other ISP that offers statics, this would not be a problem. going from AT&T DSL to AT&T Uverse I thought would be pretty simple.
I don’t mind a LITTLE compromising, but it's getting silly.
said by Tigerpaw509 :Would be willing to bet this guy talks for 3 hours on a conference call without a break.h]Has to be one of the worst rants on here Hrm.. maybe thats why I was on with tech support so long?? |
|
bclbob
join:2000-06-23
Oak Park, IL
clubs:
| x51: I think what you need to do is get 2 NICs for the webservers, one side plugged into the U-Verse gateway for the public IP and the other set to your internal network.
Obviously you're going to need to have firewalls on each of the machines, since the idea is you're going to do the DHCP dance to get those machines external IPs. |
|
x51
join:2009-05-27
Stratford, CT
| said by bclbob :x51: I think what you need to do is get 2 NICs for the webservers, one side plugged into the U-Verse gateway for the public IP and the other set to your internal network. Obviously you're going to need to have firewalls on each of the machines, since the idea is you're going to do the DHCP dance to get those machines external IPs. Well with the publics on the machines, I can still use the RG as a firewall... but it all seems to come back to 2 NICs. The one solution from djrobx with the VM linux firewall is the only way I know to avoid it. |
|
