Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsSpark New Zealand (including Skinny and BigPipe)Remote Access / Port Forwarding on Spark Wireless Broadband (4G) Huawei B315s-607
inspectaclueso

29 posts

Geek


#265432 21-Jan-2020 15:14
Send private message

Few points regarding the above...

 

     

  1. This forum is a great resource for information when ISP's let you down.  Wish I'd looked here first instead of going through 'proper' channels.
  2. If you are trying to setup port forwarding/remote access on Spark Wireless Broadband... STOP!  It won't work unless you order a fixed IP for $15 p/m as the connection uses CG-NAT.
  3. Should a Spark representative see this post, it would be great if your help desk staff could be a little more knowledgeable about the subject.  I'm not talking about help with actual configuration, I'm talking about knowing that their network uses CG-NAT so they can advise that remote access won't work without ordering a fixed IP.

 

 

 

Context...

 

Installed a security system for my in-laws.  Configured router port forwarding/DDNS however remote access failed.  Factory reset router, checked firmware up to date, hardwired NVR to router instead of using wireless AP in client mode.  No go.  Port checker shows configured ports as closed.  Can't contact DDNS name or external IP directly.

 

Contacted Spark chat support and explained what I was trying to do, all actions taken along with screenshots of port forwarding configuration.  Even mentioned it was as if they were using CG-NAT like I'd experienced on BigPipe.  I was told that is beyond the level of support provided.  It was suggested I seek the services of a local tech company.  I explained that I was familiar with the process/configuration however I suspected either the router or connection was blocking incoming traffic.  I was asked "You can browse the internet right?".  Sure, I browsed to the chat page.  "Then there is nothing wrong with your connection".  "You should contact Huawei for support."

 

So I phoned the Huawei 0800 number while still connected to Spark chat.  "As the routers have customised firmware for each provider, please contact your ISP for support."

 

Back to Spark... "You can pay for premium support for a monthly fee or a $150 one-off payment."

 

 

 

Spent the next hour on other ISP websites figuring out how hard/costly it would be to switch them to another ISP and port phone number and keep Xtra email address and if wired connections were still available at their address.

 

Drove home, jumped onto Geekzone and found out the issue within 5 minutes of searching.

 

 

 

Summary...

 

  • Geekzone community is awesome!
  • Spark don't support Spark supplied routers.
  • Port forwarding won't work on Spark Wireless Broadband (without ordering a fixed IP) despite the Spark firmware having port forwarding/virtual server settings.

 

Create new topic
hio77
'That VDSL Cat'
12982 posts

Uber Geek

ID Verified
Trusted
Voyager
Subscriber

  #2402993 21-Jan-2020 15:19
Send private message

Hi,

 

 

 

the agent should have been able to advise you of this, apologies for the experience.
It is made very clear to our reps that for port forwarding to work, you require a static ip (which yes does cost).

 

 

 

Port forwarding does work, it just requires a static ip.




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 

 
 
 
 

Trade NZ and US shares and funds with Sharesies (affiliate link).
inspectaclueso

29 posts

Geek


  #2402999 21-Jan-2020 15:39
Send private message

Wish I'd spoken to you, would have saved my last remaining non grey hairs.  😁

 

While I have your attention... they were kind of pushed onto 4G as "copper lines were on the way out." 

 

If they get a few of their visiting grandkids on the internet at the same time it grinds to a halt.  I read that Twizel, Wanaka and some other areas are getting 5G soon.  Any plans for Fairlie?

 

Alternatively, although 4G was promoted to them as the way forward, can a connection be changed back to VDSL or is copper not being supported anymore?  They had paid for VDSL installation previously so wiring is pre-existing.

 

Thanks in advance.

 

 

hio77
'That VDSL Cat'
12982 posts

Uber Geek

ID Verified
Trusted
Voyager
Subscriber

  #2403000 21-Jan-2020 15:46
Send private message

copper lines aren't on the way out, but in many cases wireless Is a better option.

 

 

 

Might be worth having a chat with the Resolve helpdesk folk, a rollback to VDSL might be the best option for you or possibly just an antenna installation :)

 

I can't comment on 5G future plans, communicable sensitivity etc. 




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 



sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #2403013 21-Jan-2020 16:15
Send private message

I hope you're aware of the security implications of port forwards, particularly if this is to a CCTV system. You should never have a port forward in place to any CCTV system unless it's securely whitelisted to allowed public IP range(s).

 

While Spark FWA has always been CG-NAT by default, the move by 2degrees in particular to move to CG-NAT has done wonders with a few insecure camera dropping off insecam and Shodan.

 

 

inspectaclueso

29 posts

Geek


  #2403020 21-Jan-2020 16:41
Send private message

Thanks for the info.

 

I know opening ports up comes with some risk but I thought forwarding traffic to a device with non default username/password should be relatively normal practice?  The alternative is using the manufacturers P2P service but that comes with its own risks from what I've read.

sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #2403021 21-Jan-2020 16:57
Send private message

inspectaclueso:

 

Thanks for the info.

 

I know opening ports up comes with some risk but I thought forwarding traffic to a device with non default username/password should be relatively normal practice?  The alternative is using the manufacturers P2P service but that comes with its own risks from what I've read.

 

 

Password offers zero security is there an exploit that bypasses the password. It also doesn't stop bots from trying to brute force logins.

 

The only truly secure remove access is via VPN.

 

 

 

 

snnet
1377 posts

Uber Geek


  #2403140 21-Jan-2020 20:37
Send private message

This is why I opt for Paradox systems using the SWAN server. Cloud p2p based, doesn't matter if you're on CG-NAT or not.



inspectaclueso

29 posts

Geek


  #2403169 21-Jan-2020 21:45
Send private message

Yes, this Dahua system has a P2P option that can be activated but my preference was not to use it so as not to rely on a third party server.  However, that is the way I'm having to go.

chevrolux
4962 posts

Uber Geek
Inactive user


  #2403214 21-Jan-2020 21:55
Send private message

With the amount of issues lately with 'cloud based' systems and security issues with their platforms (yet people still buy Ring!!), I think anyone is completely mad to have anything but local CCTV systems with VPN for remote access.

BarTender
3530 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2404897 22-Jan-2020 18:39
Send private message

If you want / need this and are technically capable then get a cheap VPS and do an outbound VPN from the home connection so you don't need a static IP.

 

As the person who built the Static IP on Mobile solution after a LOT of pushing to product managers to fund it I was quite concerned about people being DDoSed and either their data stopping (as that was the case with Fixed Wireless Broadband) or getting a large bill like in the old days of overage on wired broadband.

 

I can definitely see the use case but if it's just for CCTV cameras then use an outbound VPN to a known endpoint and then come in over that tunnel IMHO.




and


inspectaclueso

29 posts

Geek


  #2404909 22-Jan-2020 19:00
Send private message

I will have to educate myself further about VPN's.  I am familiar with using an outgoing VPN at router or application level but I've not had experience setting up incoming traffic over VPN. 

 

Also, as the main two people wanting to view the cameras are the retirement age home owners I don't think expecting them to use a VPN connection on their mobile phones etc. is realistic.

 

 

 

 

sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #2405114 23-Jan-2020 07:46
Send private message

Using the Dahua P2P option with secure passwords is probably your best option. Providing this is a legit current generation genuine English Dahua NVR (and not a Chinese model running hacked English firmware) and it is running newer firmware P2P is the most secure option short of a VPN.

 

Many of the P2P exploits people talk about are from very old hardware and exploits, many of which is not even Dahua.

 

 

inspectaclueso

29 posts

Geek


  #2405124 23-Jan-2020 08:26
Send private message

sbiddle:

 

Using the Dahua P2P option with secure passwords is probably your best option. Providing this is a legit current generation genuine English Dahua NVR (and not a Chinese model running hacked English firmware) and it is running newer firmware P2P is the most secure option short of a VPN.

 

Many of the P2P exploits people talk about are from very old hardware and exploits, many of which is not even Dahua.

 

 

 

 

 

 

Yes, it is a NZ sourced (CDLNZ) unit.

 

Did look at some of the Dahua gear on AliExpress but didn't want to take a punt with someone else's money.  It seems the NVR's might be genuine as you can update the firmware but the camera's seem to be the problem as they can't be upgraded.

 

 

sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #2405155 23-Jan-2020 09:33
Send private message

inspectaclueso:

 

sbiddle:

 

Using the Dahua P2P option with secure passwords is probably your best option. Providing this is a legit current generation genuine English Dahua NVR (and not a Chinese model running hacked English firmware) and it is running newer firmware P2P is the most secure option short of a VPN.

 

Many of the P2P exploits people talk about are from very old hardware and exploits, many of which is not even Dahua.

 

 

 

 

 

 

Yes, it is a NZ sourced (CDLNZ) unit.

 

Did look at some of the Dahua gear on AliExpress but didn't want to take a punt with someone else's money.  It seems the NVR's might be genuine as you can update the firmware but the camera's seem to be the problem as they can't be upgraded.

 

 

 

 

Most Dahua gear on Aliexpress both NVRs and cameras is hacked Chinese firmware despite the efforts of Dahua to clamp down on this.

 

If you want to buy from there you need to use a reputable seller like Andy from Empire Technology. I deal with him but direct.

 

 

inspectaclueso

29 posts

Geek


  #2405169 23-Jan-2020 10:30
Send private message

sbiddle:

 

 

 

Most Dahua gear on Aliexpress both NVRs and cameras is hacked Chinese firmware despite the efforts of Dahua to clamp down on this.

 

If you want to buy from there you need to use a reputable seller like Andy from Empire Technology. I deal with him but direct.

 

 

 

 

Thanks for the tip.

Create new topic





News and reviews »

Prodigi Technology Services Announces Strategic Acquisition of Conex
Posted 4-Dec-2023 09:33

Samsung Announces Galaxy AI
Posted 28-Nov-2023 14:48

Epson Launches EH-LS650 Ultra Short Throw Smart Streaming Laser Projector
Posted 28-Nov-2023 14:38

Fitbit Charge 6 Review 
Posted 27-Nov-2023 16:21

Cisco Launches New Research Highlighting Gap in Preparedness for AI
Posted 23-Nov-2023 15:50

Seagate Takes Block Storage System to New Heights Reaching 2.5 PB
Posted 23-Nov-2023 15:45

Seagate Nytro 4350 NVMe SSD Delivers Consistent Application Performance and High QoS to Data Centers
Posted 23-Nov-2023 15:38

Amazon Fire TV Stick 4k Max (2nd Generation) Review
Posted 14-Nov-2023 16:17

Over half of New Zealand adults surveyed concerned about AI shopping scams
Posted 3-Nov-2023 10:42

Super Mario Bros. Wonder Launches on Nintendo Switch
Posted 24-Oct-2023 10:56

Google Releases Nest WiFi Pro in New Zealand
Posted 24-Oct-2023 10:18

Amazon Introduces All-New Echo Pop in New Zealand
Posted 23-Oct-2023 19:49

HyperX Unveils Their First Webcam and Audio Mixer Plus
Posted 20-Oct-2023 11:47

Seagate Introduces Exos 24TB Hard Drives for Hyperscalers and Enterprise Data Centres
Posted 20-Oct-2023 11:43

Dyson Zone Noise-Cancelling Headphones Comes to New Zealand
Posted 20-Oct-2023 11:33








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







GoodSync is the easiest file sync and backup for Windows and Mac






RSS feeds
Main feed
Forums feed
Copyright
©2002-2023 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Affiliate links
Mighty Ape
Sharesies
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.