Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




20 posts

Geek


#265432 21-Jan-2020 15:14
Send private message quote this post

Few points regarding the above...

 

     

  1. This forum is a great resource for information when ISP's let you down.  Wish I'd looked here first instead of going through 'proper' channels.
  2. If you are trying to setup port forwarding/remote access on Spark Wireless Broadband... STOP!  It won't work unless you order a fixed IP for $15 p/m as the connection uses CG-NAT.
  3. Should a Spark representative see this post, it would be great if your help desk staff could be a little more knowledgeable about the subject.  I'm not talking about help with actual configuration, I'm talking about knowing that their network uses CG-NAT so they can advise that remote access won't work without ordering a fixed IP.

 

 

 

Context...

 

Installed a security system for my in-laws.  Configured router port forwarding/DDNS however remote access failed.  Factory reset router, checked firmware up to date, hardwired NVR to router instead of using wireless AP in client mode.  No go.  Port checker shows configured ports as closed.  Can't contact DDNS name or external IP directly.

 

Contacted Spark chat support and explained what I was trying to do, all actions taken along with screenshots of port forwarding configuration.  Even mentioned it was as if they were using CG-NAT like I'd experienced on BigPipe.  I was told that is beyond the level of support provided.  It was suggested I seek the services of a local tech company.  I explained that I was familiar with the process/configuration however I suspected either the router or connection was blocking incoming traffic.  I was asked "You can browse the internet right?".  Sure, I browsed to the chat page.  "Then there is nothing wrong with your connection".  "You should contact Huawei for support."

 

So I phoned the Huawei 0800 number while still connected to Spark chat.  "As the routers have customised firmware for each provider, please contact your ISP for support."

 

Back to Spark... "You can pay for premium support for a monthly fee or a $150 one-off payment."

 

 

 

Spent the next hour on other ISP websites figuring out how hard/costly it would be to switch them to another ISP and port phone number and keep Xtra email address and if wired connections were still available at their address.

 

Drove home, jumped onto Geekzone and found out the issue within 5 minutes of searching.

 

 

 

Summary...

 

  • Geekzone community is awesome!
  • Spark don't support Spark supplied routers.
  • Port forwarding won't work on Spark Wireless Broadband (without ordering a fixed IP) despite the Spark firmware having port forwarding/virtual server settings.

 


Create new topic
'That VDSL Cat'
11937 posts

Uber Geek

Trusted
Spark
Subscriber

  #2402993 21-Jan-2020 15:19
Send private message quote this post

Hi,

 

 

 

the agent should have been able to advise you of this, apologies for the experience.
It is made very clear to our reps that for port forwarding to work, you require a static ip (which yes does cost).

 

 

 

Port forwarding does work, it just requires a static ip.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 




20 posts

Geek


  #2402999 21-Jan-2020 15:39
Send private message quote this post

Wish I'd spoken to you, would have saved my last remaining non grey hairs.  😁

 

While I have your attention... they were kind of pushed onto 4G as "copper lines were on the way out." 

 

If they get a few of their visiting grandkids on the internet at the same time it grinds to a halt.  I read that Twizel, Wanaka and some other areas are getting 5G soon.  Any plans for Fairlie?

 

Alternatively, although 4G was promoted to them as the way forward, can a connection be changed back to VDSL or is copper not being supported anymore?  They had paid for VDSL installation previously so wiring is pre-existing.

 

Thanks in advance.

 

 


 
 
 
 


'That VDSL Cat'
11937 posts

Uber Geek

Trusted
Spark
Subscriber

  #2403000 21-Jan-2020 15:46
Send private message quote this post

copper lines aren't on the way out, but in many cases wireless Is a better option.

 

 

 

Might be worth having a chat with the Resolve helpdesk folk, a rollback to VDSL might be the best option for you or possibly just an antenna installation :)

 

I can't comment on 5G future plans, communicable sensitivity etc. 





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 


28831 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  #2403013 21-Jan-2020 16:15
3 people support this post
Send private message quote this post

I hope you're aware of the security implications of port forwards, particularly if this is to a CCTV system. You should never have a port forward in place to any CCTV system unless it's securely whitelisted to allowed public IP range(s).

 

While Spark FWA has always been CG-NAT by default, the move by 2degrees in particular to move to CG-NAT has done wonders with a few insecure camera dropping off insecam and Shodan.

 

 




20 posts

Geek


  #2403020 21-Jan-2020 16:41
Send private message quote this post

Thanks for the info.

 

I know opening ports up comes with some risk but I thought forwarding traffic to a device with non default username/password should be relatively normal practice?  The alternative is using the manufacturers P2P service but that comes with its own risks from what I've read.


28831 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  #2403021 21-Jan-2020 16:57
One person supports this post
Send private message quote this post

inspectaclueso:

 

Thanks for the info.

 

I know opening ports up comes with some risk but I thought forwarding traffic to a device with non default username/password should be relatively normal practice?  The alternative is using the manufacturers P2P service but that comes with its own risks from what I've read.

 

 

Password offers zero security is there an exploit that bypasses the password. It also doesn't stop bots from trying to brute force logins.

 

The only truly secure remove access is via VPN.

 

 

 

 


628 posts

Ultimate Geek

Subscriber

  #2403140 21-Jan-2020 20:37
Send private message quote this post

This is why I opt for Paradox systems using the SWAN server. Cloud p2p based, doesn't matter if you're on CG-NAT or not.


 
 
 
 




20 posts

Geek


  #2403169 21-Jan-2020 21:45
Send private message quote this post

Yes, this Dahua system has a P2P option that can be activated but my preference was not to use it so as not to rely on a third party server.  However, that is the way I'm having to go.


4390 posts

Uber Geek

Trusted

  #2403214 21-Jan-2020 21:55
Send private message quote this post

With the amount of issues lately with 'cloud based' systems and security issues with their platforms (yet people still buy Ring!!), I think anyone is completely mad to have anything but local CCTV systems with VPN for remote access.


3004 posts

Uber Geek

Trusted
Lifetime subscriber

  #2404897 22-Jan-2020 18:39
2 people support this post
Send private message quote this post

If you want / need this and are technically capable then get a cheap VPS and do an outbound VPN from the home connection so you don't need a static IP.

 

As the person who built the Static IP on Mobile solution after a LOT of pushing to product managers to fund it I was quite concerned about people being DDoSed and either their data stopping (as that was the case with Fixed Wireless Broadband) or getting a large bill like in the old days of overage on wired broadband.

 

I can definitely see the use case but if it's just for CCTV cameras then use an outbound VPN to a known endpoint and then come in over that tunnel IMHO.





and




20 posts

Geek


  #2404909 22-Jan-2020 19:00
Send private message quote this post

I will have to educate myself further about VPN's.  I am familiar with using an outgoing VPN at router or application level but I've not had experience setting up incoming traffic over VPN. 

 

Also, as the main two people wanting to view the cameras are the retirement age home owners I don't think expecting them to use a VPN connection on their mobile phones etc. is realistic.

 

 

 

 


28831 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  #2405114 23-Jan-2020 07:46
Send private message quote this post

Using the Dahua P2P option with secure passwords is probably your best option. Providing this is a legit current generation genuine English Dahua NVR (and not a Chinese model running hacked English firmware) and it is running newer firmware P2P is the most secure option short of a VPN.

 

Many of the P2P exploits people talk about are from very old hardware and exploits, many of which is not even Dahua.

 

 




20 posts

Geek


  #2405124 23-Jan-2020 08:26
Send private message quote this post

sbiddle:

 

Using the Dahua P2P option with secure passwords is probably your best option. Providing this is a legit current generation genuine English Dahua NVR (and not a Chinese model running hacked English firmware) and it is running newer firmware P2P is the most secure option short of a VPN.

 

Many of the P2P exploits people talk about are from very old hardware and exploits, many of which is not even Dahua.

 

 

 

 

 

 

Yes, it is a NZ sourced (CDLNZ) unit.

 

Did look at some of the Dahua gear on AliExpress but didn't want to take a punt with someone else's money.  It seems the NVR's might be genuine as you can update the firmware but the camera's seem to be the problem as they can't be upgraded.

 

 


28831 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  #2405155 23-Jan-2020 09:33
Send private message quote this post

inspectaclueso:

 

sbiddle:

 

Using the Dahua P2P option with secure passwords is probably your best option. Providing this is a legit current generation genuine English Dahua NVR (and not a Chinese model running hacked English firmware) and it is running newer firmware P2P is the most secure option short of a VPN.

 

Many of the P2P exploits people talk about are from very old hardware and exploits, many of which is not even Dahua.

 

 

 

 

 

 

Yes, it is a NZ sourced (CDLNZ) unit.

 

Did look at some of the Dahua gear on AliExpress but didn't want to take a punt with someone else's money.  It seems the NVR's might be genuine as you can update the firmware but the camera's seem to be the problem as they can't be upgraded.

 

 

 

 

Most Dahua gear on Aliexpress both NVRs and cameras is hacked Chinese firmware despite the efforts of Dahua to clamp down on this.

 

If you want to buy from there you need to use a reputable seller like Andy from Empire Technology. I deal with him but direct.

 

 




20 posts

Geek


  #2405169 23-Jan-2020 10:30
One person supports this post
Send private message quote this post

sbiddle:

 

 

 

Most Dahua gear on Aliexpress both NVRs and cameras is hacked Chinese firmware despite the efforts of Dahua to clamp down on this.

 

If you want to buy from there you need to use a reputable seller like Andy from Empire Technology. I deal with him but direct.

 

 

 

 

Thanks for the tip.


Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel introduces 10th Gen Intel Core H-series for mobile devices
Posted 2-Apr-2020 21:09


COVID-19: new charitable initiative to fund remote monitoring for at-risk patients
Posted 2-Apr-2020 11:07


Huawei introduces the P40 Series of Android-based smartphones
Posted 31-Mar-2020 17:03


Samsung Galaxy Z Flip now available for pre-order in New Zealand
Posted 31-Mar-2020 16:39


New online learning platform for kids stuck at home during COVID-19 lockdown
Posted 26-Mar-2020 21:35


New 5G Nokia smartphone unveiled as portfolio expands
Posted 26-Mar-2020 17:11


D-Link ANZ launches wireless AC1200 4G LTE router
Posted 26-Mar-2020 16:32


Ring introduces two new video doorbells and new pre-roll technology
Posted 17-Mar-2020 16:59


OPPO uncovers flagship Find X2 Pro smartphone
Posted 17-Mar-2020 16:54


D-Link COVR-2202 mesh Wi-Fi system now protected by McAfee
Posted 17-Mar-2020 16:00


Spark Sport opens its platform up to all New Zealanders at no charge
Posted 17-Mar-2020 10:04


Spark launches 5G Starter Fund
Posted 8-Mar-2020 19:19


TRENDnet launches high-performance WiFi Mesh Router System
Posted 5-Mar-2020 08:48


Sony boosts full-frame lens line-up with introduction of FE 20mm F1.8 G large-aperture ultra-wide-angle prime Lens
Posted 5-Mar-2020 08:44


Vector and Spark teamed up on smart metering initiative
Posted 5-Mar-2020 08:42



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.