Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




28 posts

Geek


#265535 26-Jan-2020 13:08
Send private message quote this post

A few years ago I set up several VPN users on my FrtizBox 7490 for myself and my family members working in China. It’s an IPSec Xauth PSK type VPN. It’s a dynamic IP so myfritz.net was used as the dynamic server. We have been using the VPN almost every day since then without any major issues.

 

However, from around 20th January we could not connect to the VPN anymore. Even on my 2degrees mobile phone, I could only connect to the VPN when the phone connected to my home WIFI. When the phone was on cell data it could not connect to the VPN. And my family members in China could not connect to the VPN at all.

 

A weird thing happened the next day. My FritzBox 7490 was suddenly down with the red Info light on. I called 2degrees and they sent me a new router Fritzbox 7530.

 

I set up a VPN user on the 7530 and tried it out on my mobile phone. The same issue happened again. My phone could only be connected to the VPN when my phone was in the home WIFI. So I called 2degree again. It seemed that the staff knew what happened. He put me on to a static IP (203.86.206.xx). After that my phone could connect to the VPN through cell data. But there were some website access issues. I could not connect to some websites, even myfritz.net.

 

I had to call 2degrees again. The staff removed the static IP. I could access those websites after that but could not connect to VPN again. Then I called 2degrees the 4th time. The staff assign me a new static IP (123.255.55.xx). After that my phone has no issue of connecting to the VPN and visiting any websites.

 

Then I set up several VPN users for my family members in China. They said they could connect to the VPN now. However, they could not visit any restricted websites (by Chinese authorities) through the VPN, i.e. google.com, youtube.com etc. But there was no issue to visit unrestricted websites, i.e. trademe.co.nz etc.

 

I do not know what happens there. I do not know why dynamic IP does not work on VPN now. Considering the timing, it is unlikely the GFW in China has been updated to block the IPSec Xauth PSK type VPN. Has 2degrees changed some setting recently made it not working?

 

VPN is a must-have for my family members and me. Could anyone help me to solve this problem please? Many thanks!


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
334 posts

Ultimate Geek

Subscriber

  #2407008 26-Jan-2020 13:33
2 people support this post
Send private message quote this post

2degrees now uses CG-NAT so if you don’t have a static IP. - your incoming VPN is no longer going to work. You will need a static IP for this.

BDFL - Memuneh
65641 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #2407054 26-Jan-2020 17:13
Send private message quote this post

Make sure you are using the static IP and they can connect. Then make sure their VPN client is set to use your gateway as the DNS server.

What client are your family using?




 
 
 
 




28 posts

Geek


  #2407170 26-Jan-2020 21:05
Send private message quote this post

freitasm: Make sure you are using the static IP and they can connect. Then make sure their VPN client is set to use your gateway as the DNS server.

What client are your family using?

 

Yes I am using the static IP now and we all can connect to the VPN. But only me in NZ can visit websites without any issue. My family members in China cannot visit any restricted websites banned by the Chinese Government through the VPN, just like not using VPN at all even they are connected. It looks like the VPN is not fully functioned.

 

We are not using any 3d party clients. Just the default VPN function in Android or Apple phones. Add a new VPN with IPSec Xauth PSK type, which is the only one supported by Fritzbox.




28 posts

Geek


  #2407174 26-Jan-2020 21:08
Send private message quote this post

Jiriteach: 2degrees now uses CG-NAT so if you don’t have a static IP. - your incoming VPN is no longer going to work. You will need a static IP for this.

 

Thanks that makes sense why need a static IP now. But even with a static IP the VPN is not as functional as previous.


BDFL - Memuneh
65641 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #2407177 26-Jan-2020 21:11
Send private message quote this post

When creating the VPN on Android there's "Advanced Options" and you can enter DNS servers and Forwarding Routes there. Are you sure there was no DNS entered on that (the label has e.g. 8.8.8.8) but should really be left blank.







28 posts

Geek


  #2407178 26-Jan-2020 21:15
Send private message quote this post

freitasm:

 

When creating the VPN on Android there's "Advanced Options" and you can enter DNS servers and Forwarding Routes there. Are you sure there was no DNS entered on that (the label has e.g. 8.8.8.8) but should really be left blank.

 

 

Yes I'm quite sure I didn't tell them to fill in DNS. BTW the Google Public DNS has been banned in China.


BDFL - Memuneh
65641 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #2407231 26-Jan-2020 22:00
Send private message quote this post

gocheck:

 

freitasm:

 

When creating the VPN on Android there's "Advanced Options" and you can enter DNS servers and Forwarding Routes there. Are you sure there was no DNS entered on that (the label has e.g. 8.8.8.8) but should really be left blank.

 

 

Yes I'm quite sure I didn't tell them to fill in DNS. BTW the Google Public DNS has been banned in China.

 

 

And because it's banned, if by chance that number was entered there the whole thing would stop working despite being connected to your VPN, hence my question.

 

Since you are sure there's no number there, I don't have any other question - someone else?





 
 
 
 


3561 posts

Uber Geek


  #2407252 26-Jan-2020 22:31
Send private message quote this post

A visual of above.

Click to see full size

Either proxy is set, or your local dns isn't being passed as the default route

Or they're not really connected. Give them the router LAN (192.x.x.x) address, if they can't hit that. They sure won't be getting anywhere in nz.

You should also see a green connected light in the user/vpn area.


334 posts

Ultimate Geek

Subscriber

  #2407258 26-Jan-2020 23:21
Send private message quote this post

What’s their gateway IP after connecting to the VPN? Get them to Google what’s my IP once they are connected and it should be your static IP.

This is only going to be the case if the setting of send all traffic via VPN is enabled, else the client config is not correct.

DNS servers should be auto pushed with the config but else if Google’s are banned, try Cloudflares - 1.1.1.1 and 1.0.0.1.

Sounds to me like not all traffic is being routed via the VPN. Easy check though.

BDFL - Memuneh
65641 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #2407259 26-Jan-2020 23:26
Send private message quote this post

I have just created a VPN client on my Android device and you don't have an option to set default gateway. Also the suggestion above (and my previous one) would not make any difference because once the VPN is connected the Google DNS wouldn't be blocked anymore as it would go encrypted through your connection anyway.




334 posts

Ultimate Geek

Subscriber

  #2407260 26-Jan-2020 23:34
Send private message quote this post

freitasm: I have just created a VPN client on my Android device and you don't have an option to set default gateway. Also the suggestion above (and my previous one) would not make any difference because once the VPN is connected the Google DNS wouldn't be blocked anymore as it would go encrypted through your connection anyway.


Not sure about Android - on iOS, send all traffic via VPN is default. Might have to specify it for certain clients on other platforms. On my Mac’s, I have to explicitly set this.

BDFL - Memuneh
65641 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #2407261 26-Jan-2020 23:35
Send private message quote this post
3561 posts

Uber Geek


  #2407273 26-Jan-2020 23:52
Send private message quote this post

It would appear that may be the case for stock, but other releases or apps may be able to toggle the --redirect-gateway options?

Ie CyanogenMod/openvpn if i read it right.



28 posts

Geek


  #2408071 28-Jan-2020 12:47
Send private message quote this post

Jiriteach: What’s their gateway IP after connecting to the VPN? Get them to Google what’s my IP once they are connected and it should be your static IP.

This is only going to be the case if the setting of send all traffic via VPN is enabled, else the client config is not correct.

DNS servers should be auto pushed with the config but else if Google’s are banned, try Cloudflares - 1.1.1.1 and 1.0.0.1.

Sounds to me like not all traffic is being routed via the VPN. Easy check though.

 

Their gateway IP was my static IP. I could see they had connected on the Fritzbox event log 


BDFL - Memuneh
65641 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #2408079 28-Jan-2020 12:54
Send private message quote this post

Interesting. I'd have thought the gateway would've been the router's internal IP, not the external static IP.





 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New Vodafone mobile data plans with unlimited data
Posted 26-Feb-2020 06:55


Vodafone launches innovation initiatives to help businesses use 5G
Posted 26-Feb-2020 05:00


Ultimate Ears HYPERBOOM brings massive sound and extreme bass
Posted 25-Feb-2020 09:00


Withings launches three new devices to help monitor heart health from home
Posted 13-Feb-2020 20:05


Auckland start-up Yourcar matches new car buyers with dealerships
Posted 13-Feb-2020 18:05


School gardens go high tech to teach kids the importance of technology
Posted 13-Feb-2020 11:10


Malwarebytes finds Mac threats outpace Windows for the first time
Posted 13-Feb-2020 08:01


Amazon launches Echo Show 8 in Australia and New Zealand
Posted 8-Feb-2020 20:36


Vodafone New Zealand starts two year partnership with LetsPlay.Live
Posted 28-Jan-2020 11:24


Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26


New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25


N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22


Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42


Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.