Solved

Vpn over 3G

Posted on 2011-09-17
18
1,482 Views
Last Modified: 2012-08-13
Hi,

I configured vpn on my Synology nas (pptp and openvpn), now I can perfectly connect over wifi but not over 3g (iphone).

What could this be?

Thanks,
J
0
Comment
Question by:janhoedt
  • 12
  • 4
  • 2
18 Comments
 
LVL 90

Expert Comment

by:John Hurst
ID: 36555084
A couple of things are possible:

1. Openvpn and pptp may not be compatible with 3g. I have seen that before and do not know a fix that except more modern VPN software. I use NCP Secure Entry and it works great through my cellular modem. It does IPSec, but I think it can do pptp as well.

2. My ISP requires me to use a special access point for their 3g service (and upcharges me for that). The upcharge is an extra $5; I pay it; and it all works. .... Thinkpads_User
0
 

Author Comment

by:janhoedt
ID: 36555486
Probably vpn port is blocked on 3G(?)
Can t I pptp over another port? With openvpn it works fine over 443 (on pc), however with proxy and behind firewalm (work) again it doesnt.

I m just looking for a way to securely connect from anywhere (pc and iphone) to my home configs (pc, nas running at different ports). Logmein requires pc to be on all the time and us less practical.
0
 
LVL 8

Expert Comment

by:Mac2010
ID: 36555591
iPhone VPN should work over 3G. I have connections working over 3G with PPTP, IPSec and L2TP VPN. All work without (big) problems. The built in iOS VPN client should do the job. I never needed 'openvpn' or other client. Typically the other VPN-clients that you should need are for SSL-vpn.

As far as I know Apple has no offical support for Synology VPN servers, but that doesn't mean that they're incompatible. Maybe this article helps:
http://developer.apple.com/library/ios/#featuredarticles/FA_VPN_Server_Configuration_for_iPhone_OS/Introduction/Introduction.html

A few things that could cause this issue:
- Configuration of VPN server is not as required for iPhone
- IP-number conflicts. I recommend VPN users to use for their LAN IP numbers that are not too common. This to avoid IP-confusion. Like when on both ends of the VPN there is a 192.168.1.x subnet.
Maybe your 3G operator is doing this.
- Your 3G operator is blocking VPN to charge you more money for a "business account". As "thinkpads_user" already suggested.

I would start with checking if the iPhone can connect to the VPN when connected to a Wi-Fi network. Next, figure out if your ISP is blocking ports. Then I would check the configuration on the VPN server.
0
 

Author Comment

by:janhoedt
ID: 36555685
Please see my first post:
"now I can perfectly connect over wifi but not over 3g (iphone)"
0
 

Author Comment

by:janhoedt
ID: 36555735
! Here is another thought: the vpn address I receive is 10.0.0.1, I m pretty sure the carrier uses also the 10-range. Shouldnt I change this range? I can, but to what, actually it is 10.0.0.0, my local/lan range is 192.168.2.0.

J.
0
 
LVL 8

Expert Comment

by:Mac2010
ID: 36555987
If you have room to change IP ranges, it is worth testing, but that's more something to do later on. Recently I've switched to use 172.(16-31).x.x numbers for VPN users, because routers typically don't use this private range by default.
The 10-range is not bad, but 10.0.x.x and 10.1.x.x are quite common. So I would avoid using those. But this is -to my own experience- a bit of trial and error.

I think I would first check with your 3G operator if all VPN ports are open on your connection/subscription. If the ports are not blocked, then focus on IP issues and VPN-server configuration. With my own iPhone 4 over 3G I have almost no issues with VPN connections. It's just slow...
0
 

Author Comment

by:janhoedt
ID: 36556818
I changed the setting to 172.16.0.0 and it did work 1 time. Strangely it did not afterwards. So I do not thing firewall of carrier is cause.

Behavior:
-I can connect via wireless but after disconnect I am not able to reconnect again
-if I reboot the nas on which the vpn resides, I can reconnect
-I could connect 1 time by 3G but not afterwards
-no ports are blocked on router, doublechecked that

Is pptp known as instable/buggy? NAS VPN has only two options: openvpn and pptp, only pptp is supported on IPhone.

I would like to connect to my nas from as well my iphone (wifi, 3g) as well as behind any firewall/proxy.

Please advise.

0
 

Author Comment

by:janhoedt
ID: 36557139
Also friend tried openvpn over 3g (port 443, which redirects on my router to openvpn port) on Android, no success whereas over wifi works perfect!
0
 
LVL 8

Expert Comment

by:Mac2010
ID: 36557349
I did some testing too. It looks like my 3G provider is using NAT and a 10.x.x.x range too, even though I have a business account with them and various VPN connections from there are usually stable.

> Is pptp known as instable/buggy.
Not that I know of. Actually in one case I've switched (temporarily) to PPTP because I had some IP problems with L2TP. PPTP did work, even with a 192.168.1.x range on both ends of the VPN. By the way, your router should allow traffic on TCP port 1723 for PPTP.

Did you already try reconnecting the iPhone after a little while? In some cases there still seems to be some VPN settings chached, that prevent immediate reconnecting. After a little while connecting works again. I've seen similar issues on Mac OS X (which is similar to iOS).

I would definately check with your 3G operator, just to make sure there are no port-issues there.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 90

Expert Comment

by:John Hurst
ID: 36557356
>>> It looks like my 3G provider is using NAT and a 10.x.x.x range too, even though I have a business account

I got the upgrade to my account for VPN access and I get an external (not NAT'd) IP address and it works fine with VPN. ... Thinkpads_User
0
 

Author Comment

by:janhoedt
ID: 36558535
This is my config, I cannot connect from behind a proxy (work), I will try to test later over 3G.
Local ip 192.168.1.0
VPN: 172.16.0.0 are correct


SETTINGS CLIENT:
-----------------

dev tun
tls-client

remote synology-nas-ipaddress 443

# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)

#redirect-gateway

pull

proto tcp-client
script-security 2

ca ca.crt

comp-lzo

reneg-sec 0

SETTINGS SERVER:
-----------------
DS> vi openvpn.conf
push "route 192.168.1.0 255.255.255.0"
push "route 172.16.1.0 255.255.255.0"
dev tun

management 127.0.0.1 1195

server 172.16.1.0 255.255.255.0


dh /usr/local/synovpn/etc/openvpn/keys/dh1024.pem
ca /usr/local/synovpn/etc/openvpn/keys/ca.crt
cert /usr/local/synovpn/etc/openvpn/keys/server.crt
key /usr/local/synovpn/etc/openvpn/keys/server.key

max-clients 5

comp-lzo

persist-tun
persist-key

verb 3


#log-append /var/log/openvpn.log

keepalive 10 60
reneg-sec 0

plugin /usr/local/synovpn/lib/radiusplugin.so /usr/local/synovpn/etc/openvpn/rad
client-cert-not-required
username-as-common-name
duplicate-cn
proto tcp
~



auth-user-pass
0
 

Author Comment

by:janhoedt
ID: 36558537
Note: issue = Connection timed out (WSAETIMEDOUT).
0
 

Author Comment

by:janhoedt
ID: 36565023
It works!!! Over tcp and other port.
But now I get:
host address: mydyndns [HOST_NOT_FOUND] The specified host is unknown
0
 

Author Comment

by:janhoedt
ID: 36565369
And then again when I connect to WIFI (work) it doesn't connect ... connection timed out.
Damn.
0
 
LVL 8

Expert Comment

by:Mac2010
ID: 36566162
I'm not a Synology expert, unfortunately. Can you tell if the 'Open VPN' server is also the server of PPTP? Or does that have seperate server-software? I do know that for enabling VPN for iPhone, the VPN server must support AES 128-bit encryption and/or "MSCHAP2" authentication.

It looks like we're getting into trial and error. Sometimes when on my iPhone VPN can't connect, I delete the configuration and set it up again. That often fixes time out and similar errors.

Below are configuration lines from my Mac OS X 10.7 VPN server:
vpn:servers:com.apple.ppp.pptp:AuthenticationProtocol = "MSCHAP2"
vpn:servers:com.apple.ppp.pptp:CurrentConnections = 0
vpn:servers:com.apple.ppp.pptp:enabled = yes
vpn:servers:com.apple.ppp.pptp:MPPEKeySize = "MPPEKeySize128"
vpn:servers:com.apple.ppp.pptp:startedTime = "2011-09-20 08:57:56 +0000"
vpn:servers:com.apple.ppp.pptp:Type = "PPP"
vpn:servers:com.apple.ppp.pptp:SubType = "PPTP"
vpn:servers:com.apple.ppp.pptp:AuthenticatorPlugins = "DSAuth"
vpn:servers:com.apple.ppp.pptp:pid = 97
0
 

Accepted Solution

by:
janhoedt earned 0 total points
ID: 36568666
Should be something with proxy, pretty sure about that.
I added line auto-proxy now, will test tomorrow.
0
 

Author Comment

by:janhoedt
ID: 36572003
Ok now, I'll close this case.
0
 

Author Closing Comment

by:janhoedt
ID: 36594807
setting tcp + proxy on http solved the problem
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now