Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.



2505 posts

Uber Geek
+1 received by user: 243

Trusted
Subscriber

Topic # 99714 26-Mar-2012 09:25 Send private message

Up until last week, I've been happily VPNing into work while stuck on the bus in the mornings to get something productive done while stuck in traffic, but for some reason since last Monday VPN connections always fail - IPSEC connections die after phase 1 negotiation and PPTP connections die due to "invalid message".  This is the same from an iPhone and MacBook (connected via Internet Sharing on Windows Phone and Personal Hotspot on iPhone).

This is an issue Vodafone customers reported after Vodafone changed the APN configuration so VPNs no longer worked - has Telecom made similar changes without bothering to tell us?

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
3015 posts

Uber Geek
+1 received by user: 196

Trusted
Subscriber

  Reply # 600051 26-Mar-2012 09:26 Send private message

Which APN are you using? Have you tried the "internet" APN?





1740 posts

Uber Geek
+1 received by user: 336

Trusted
Spark NZ

  Reply # 600055 26-Mar-2012 09:30 Send private message

Nope

I was VPN'ed in happily this morning over the "internet.telecom.co.nz" APN on my laptop on the way to work.

Are you sure that the APN is set right.  It should be "internet.telecom.co.nz" for most IPSec VPNs, sometimes some VPNs don't handle NAT all that well so you may need to use "direct.telecom.co.nz" as the other APN.  "wap.telecom.co.nz" won't work at all for VPNs.  I have seen reports that "i" devices upgraded recently to iOS 5.1 seem to be losing their APN settings or defaulting back to "wap.telecom.co.nz" which is the telecom mobile device default.  Which if you need to use VPN, won't work.




I work for Spark, but as always my views are my own.

3015 posts

Uber Geek
+1 received by user: 196

Trusted
Subscriber

  Reply # 600064 26-Mar-2012 09:48 Send private message

plambrechtsen: Nope

I was VPN'ed in happily this morning over the "internet.telecom.co.nz" APN on my laptop on the way to work.

Are you sure that the APN is set right.  It should be "internet.telecom.co.nz" for most IPSec VPNs, sometimes some VPNs don't handle NAT all that well so you may need to use "direct.telecom.co.nz" as the other APN.  "wap.telecom.co.nz" won't work at all for VPNs.  I have seen reports that "i" devices upgraded recently to iOS 5.1 seem to be losing their APN settings or defaulting back to "wap.telecom.co.nz" which is the telecom mobile device default.  Which if you need to use VPN, won't work.


You are best to not use any NAT so if direct.telecom.co.nz gives you a public IP straight off that will be more reliable.





1740 posts

Uber Geek
+1 received by user: 336

Trusted
Spark NZ

  Reply # 600097 26-Mar-2012 10:42 Send private message

Zeon: You are best to not use any NAT so if direct.telecom.co.nz gives you a public IP straight off that will be more reliable.


The downside to direct is you are then open to the internet.  So you could get DDos'ed or just probed by random nasties on the internet which in turn counts against your monthly usage.  Which on mobile could turn out to be expensive downside.

When working over ADSL the majority are already behind a NAT, so if you didn't need to do anything special to your router to get VPN working from home.

I recommend "internet.telecom.co.nz" and only go to "direct.telecom.co.nz" if in the unusual case it doesn't work.




I work for Spark, but as always my views are my own.

3930 posts

Uber Geek
+1 received by user: 175

Trusted
Subscriber

  Reply # 600108 26-Mar-2012 10:56 Send private message

I'm not able to connect either. I'm on an iPhone 4S with 5.1 and it was working on Thursday but now I'm getting "A connection could not be established to the PPP server. Try reconnecting."

As noted above my APN was set to wap.telecom.co.nz. I changed this to direct.telecom.co.nz but I still can't connect to the VPN.

Edit: internet.telecom.co.nz not working either.



2505 posts

Uber Geek
+1 received by user: 243

Trusted
Subscriber

  Reply # 600139 26-Mar-2012 11:48 Send private message

direct.telecom.co.nz simply prevents me from connecting to the internet at all. Removing the APN entirely is the only option that works (presumably since it just uses the default provisioned APN from the SIM or Carrier Profile). However then I can't access VPN.

To clarify, the IPSEC VPN is a Cisco ASA. PPTP is nothing special.

plambrechtsen: Nope 

I was VPN'ed in happily this morning over the "internet.telecom.co.nz" APN on my laptop on the way to work. 

Are you sure that the APN is set right.  It should be "internet.telecom.co.nz" for most IPSec VPNs, sometimes some VPNs don't handle NAT all that well so you may need to use "direct.telecom.co.nz" as the other APN.  "wap.telecom.co.nz" won't work at all for VPNs.  I have seen reports that "i" devices upgraded recently to iOS 5.1 seem to be losing their APN settings or defaulting back to "wap.telecom.co.nz" which is the telecom mobile device default.  Which if you need to use VPN, won't work.


I also have a Windows Phone device, which I cannot access VPN through.  Same problem no matter which device I tether via.



2505 posts

Uber Geek
+1 received by user: 243

Trusted
Subscriber

  Reply # 600145 26-Mar-2012 11:55 Send private message

Ugh. So, as it happens Windows Phone also had the APN reset to wap.telecom.co.nz somehow. Since every time I change the APN from within the regular interface it just breaks network connectivity completely, I've set it via the engineering menu and I'll see if it "sticks" a bit later.

1740 posts

Uber Geek
+1 received by user: 336

Trusted
Spark NZ

  Reply # 600163 26-Mar-2012 12:15 Send private message

Kyanar: direct.telecom.co.nz simply prevents me from connecting to the internet at all. Removing the APN entirely is the only option that works (presumably since it just uses the default provisioned APN from the SIM or Carrier Profile). However then I can't access VPN.

To clarify, the IPSEC VPN is a Cisco ASA. PPTP is nothing special.


I use the Cisco ASA here too.  IPSec UDP and TCP VPN and not PPTP without an issue using the "internet.telecom.co.nz" APN.  It's rock solid for me.  Longest VPN session I have had up over XT was 2 1/2 days (58 hours from memory).

You need to make sure your phone gets a new IP that does seem to be in the direct range.  Sometimes depending on how the tethering works on your phone a different APN may be used. Can't speak for the Windows phones but I haven't had an issue with my Android teathered.  Now I have a Sim in my laptop so that just works over that connection.

Neal R has a great blog entry which he keeps reasonably up to date (but no promises)

http://www.geekzone.co.nz/NealR/6460





I work for Spark, but as always my views are my own.

3930 posts

Uber Geek
+1 received by user: 175

Trusted
Subscriber

  Reply # 600638 27-Mar-2012 11:45 Send private message

VPN is working again for me (without changing any settings). Kyanar, does it work for you now too?



2505 posts

Uber Geek
+1 received by user: 243

Trusted
Subscriber

  Reply # 600653 27-Mar-2012 12:16 Send private message

Behodar: VPN is working again for me (without changing any settings). Kyanar, does it work for you now too?


I had to change settings.  All of my devices had reset their APN to wap.telecom.co.nz, not just iDevices.  Telecom claims it's an issue with iOS 5.1, but I'm a little reluctant to believe Telecom didn't do something to cause the situation with the wrong APN when two devices from different vendors using different operation systems both had the same fault.

1740 posts

Uber Geek
+1 received by user: 336

Trusted
Spark NZ

  Reply # 600825 27-Mar-2012 16:25 Send private message

Kyanar:
Behodar: VPN is working again for me (without changing any settings). Kyanar, does it work for you now too?


I had to change settings.  All of my devices had reset their APN to wap.telecom.co.nz, not just iDevices.  Telecom claims it's an issue with iOS 5.1, but I'm a little reluctant to believe Telecom didn't do something to cause the situation with the wrong APN when two devices from different vendors using different operation systems both had the same fault.


There is a known issue with iOS devices "forgetting" about their APNs when they upgrade to 5.1

https://discussions.apple.com/thread/3788200?start=0&tstart=0

So yes you were being told the truth that iOS devices seem to forget their APN settings when upgraded to 5.1.  There has been a few tweets about it too.

I can also say that I have seen both iPhone 4S's using a Cisco VPN directly from the phone and tethering working fine and when using the "internet.telecom.co.nz" too.

So I do recommend you re-check all your config.




I work for Spark, but as always my views are my own.



2505 posts

Uber Geek
+1 received by user: 243

Trusted
Subscriber

  Reply # 601103 28-Mar-2012 09:36 Send private message

You might want to advise your team than it also happens on Windows Phone as well then. I don't even recall there being an update that could cause it.

I'm not blaming you, just saying that there seems to be more to it than just iOS devices forgetting their APNs.

1740 posts

Uber Geek
+1 received by user: 336

Trusted
Spark NZ

  Reply # 601327 28-Mar-2012 14:41 Send private message

Just a FYI about this I had a tweet over the @TelecomNZ twitter just now over this.

Tested on a colleagues iPhone 4S and her iPad Wireless teathered over her iPhone.

She too had upgraded recently to 5.1 and her APN had defaulted back to "wap.telecom.co.nz" and it didn't work.  When I reset her back to "internet.telecom.co.nz" for her APN on iPhone it sorted the problem.

I was then able to VPN into our Cisco VPN from the iPhone and the iPad theathered over Wifi to the iPhone without an issue.




I work for Spark, but as always my views are my own.

gjm

670 posts

Ultimate Geek
+1 received by user: 70

Subscriber

  Reply # 601354 28-Mar-2012 15:42 Send private message


This is an issue Vodafone customers reported after Vodafone changed the APN configuration so VPNs no longer worked - has Telecom made similar changes without bothering to tell us?


Thanks for the heads up on this. Vodafone couldn't be bothered to tell us I guess and I spent a fair bit of time trying to troubleshoot the problem. At least now I know what is wrong




[Amstrad CPC 6128: 128k Memory: 3 inch floppy drive: Colour Screen]

1740 posts

Uber Geek
+1 received by user: 336

Trusted
Spark NZ

  Reply # 601547 28-Mar-2012 20:38 Send private message

Just another update on this.  The customer on Twitter sorted it out using the unlockit web site since for whatever reason the iPhone just didn't take the APN change.  The other option was to use the iPhone Configuration Utility and set it that way.

Best way to check if you're still being routed via the WAP APN instead of the Internet APN is to use WhatsMyIP or similar and then check your IP against NealR's IP address APN list.  If you have a 222.153.223.x IP address then you know you're going through the WAP APN and your phone's config is wrong.




I work for Spark, but as always my views are my own.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Another Trade Me competitor: SellShed
Created by freitasm, last reply by mattwnz on 20-Oct-2014 15:16 (22 replies)
Pages... 2


Why would Suresignal calls be worse quality than non-Suresignal calls from the same location?
Created by Geektastic, last reply by gzt on 20-Oct-2014 15:08 (37 replies)
Pages... 2 3


Picture resizing on the forum
Created by Jase2985, last reply by freitasm on 18-Oct-2014 13:32 (13 replies)

Internet question...
Created by Geektastic, last reply by Geektastic on 17-Oct-2014 22:59 (40 replies)
Pages... 2 3


Just bought a TiVo online. No wireless adaptor. Will a standard one work? Or do I need the TiVo one ?
Created by Limerick, last reply by graemeh on 20-Oct-2014 16:03 (11 replies)

iPad Air 2 and iPad Mini 3. Gonna get one?
Created by Dingbatt, last reply by alexx on 20-Oct-2014 13:34 (45 replies)
Pages... 2 3


Why do people keep thinking National are doing a great job?
Created by sxz, last reply by BurningBeard on 20-Oct-2014 11:06 (155 replies)
Pages... 9 10 11


Lollipop it is then. Android 5 announced with Nexus 6 and 9
Created by Dingbatt, last reply by kiwi_64 on 20-Oct-2014 17:21 (53 replies)
Pages... 2 3 4



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.