Facebook   Twitter    YouTube    RSS Feed    Android App    iPhone and iPad App     BlackBerry App    
Subscribe to Newsletter



View Poll Results: Do you want/need an APN that allows connections initiated from outside the APN?

Voters
173. You may not vote on this poll
  • No thanks, no idea what this means - don't think it applies to me

    15 8.67%
  • No thanks, I know what it means and I will never need it

    12 6.94%
  • Yes please, for [desktop or other] remote support

    101 58.38%
  • Yes please, for hosting

    52 30.06%
  • Yes please, for some other reason explained in my post in the thread

    21 12.14%
  • I clicked a 'Yes' option above, and am prepared to accept the risk of being hacked

    81 46.82%
  • I clicked a 'Yes' option above, and am NOT prepared to accept the risk of being hacked

    6 3.47%
Multiple Choice Poll.
Page 1 of 42 1 234511 ... LastLast
Results 1 to 15 of 618

Thread: Unrestricted APN

  1. #1
    Vodacom Representative
    Join Date
    Jan 2005
    Location
    (mostly) Plattekloof, Cape Town
    Posts
    12,066

    Default Unrestricted APN

    The History

    There are 3 'consumer' APN's available to the Vodacom user base:

    internet - NAT'd IP with all incoming ports blocked, i.e. you can connect to any service with no blocking or shaping of any kind, but your PC can't accept incoming connections. This is out-and-out to protect users from port attacks and scanning.

    internetvpn - Routable, dynamic IP with all incoming ports blocked, i.e. you can connect to any service with no blocking or shaping of any kind, but your PC can't accept incoming connections. This is out-and-out to protect users from port attacks and scanning.

    vlive - same as internet, but allows you to connect to VodafoneLive at no charge.

    All the above apn's block incoming ports but have no restriction on outgoing. You decide what to do with your data.

    Some users, in addition, required unsolicited incoming connections and for this the 'unrestricted' APN was created. This allows you to do things live web streaming, remote desktop support, etc. My original name for the APN was the 'hosting' APN, but it turned out to be more than that.

    The danger of this APN is that it exposes your device to the greater internet and you can (and probably will) be attacked. Worse, because you pay for every byte sent or delivered to your data card, you could end up paying for the privilege of being attacked! But some people require the service and thus I asked for it to be created a year or so ago.

    Another triumph for the forum, BTW!!

    Initially you could auto-provision yourself via 4me but I asked for it to be removed and replaced by the relevant form, the idea is to make VERY sure a user understands the risks.

    On-line, click-through would have enticed users to auto-provision without understanding the risks (and wasting precious routable IP's). We recently saw posts here where there was no need to be on the unrestricted APN, but yet, it seems, the subscriber provisioned himself in any case.

    If you read the disclaimer you'll notice this is basically what it says: By using the 'unrestricted' APN you will not hold Vodacom responsible for incoming data charges. So, please ensure your firewall is up to scratch.

    To summarise:

    1) NO blocking, shaping, throttling or messing with outgoing ports, in any way, on all Vodacom APN's. This covers 99.99% of all Vodacom data users as the vast majority of applications initiate the connection from the 3G side.

    2) internet, vlive and internetvpn APN's will block all unsolicited incoming connections.

    3) unrestricted apn allows all incoming ports, again NO blocking, shaping, throttling or messing with incoming ports, in any way, just like outgoing.

    To summarise the summary: NO shaping, whatsoever.

    How to Apply for the unrestricted APN
    http://www.vodacom.co.za/portal/site...Src%28%29&ht=t
    Last edited by morkhans; 25-04-2011 at 02:01 PM. Reason: Added link to Vodacom page

  2. #2
    Senior Member
    Join Date
    Feb 2005
    Location
    Vanderbijlpark
    Posts
    326

    Default Unrestricted APN

    I need some help and suggestions...

    I'm running a Java Server application on my home PC connected to the 3G network with the internetvpn APN. The server is only used to receive and forward small amounts of data (about 4 MB per day).

    I'm using a dynamic IP client to constantly update my IP address on the DNS server.

    For some reason I cannot access the IP address from outside the 3G network. If both my server and other connection is running on GPRS or 3G I can see the IP but again not from the internet.

    Any ideas? Maybe there is another APN i can use to make the IP visible on the internet? My only other option is to opt for a DSL line.

    When I point my browser (on the machine running the server) to my URL on a certain port, the web page is loaded from the DNS. But this doesn't work from another internet connection. I have my firewall switched off for now.

    Can I get someone to host my server somewhere else maybe?

    ANy help will be appreciated.

    grub

  3. #3
    Vodacom Representative
    Join Date
    Jan 2005
    Location
    (mostly) Plattekloof, Cape Town
    Posts
    12,066

    Default

    If I read you correctly, you are being blocked from opening up a connection from the outside into the 3G network. This is standard practise in most ISP environments to protect users from being port scanned and hacked.

    There are a few solutions to this problem:

    1) If you can get your server to open up the connection from the inside, it will work, i.e. let the server poll the client, or at least let the server open up the comms. This is how P2P systems get around the incoming port blocking.

    2) Not to sure if creating a VPN tunnel might work. Maybe another forumite can comment on this?

    3) In theory we could create an open APN, but taking all the security issues around this in consideration, will need to be carefully constructed.

  4. #4
    Senior Member
    Join Date
    Feb 2005
    Location
    Vanderbijlpark
    Posts
    326

    Default

    thanks v3g,

    I'll send you a PM with the required ports.

  5. #5

    Default

    well i remember when i was using mtn gprs, when you connected to the network, you got some private ip address... then to access the actual internet your traffic went through their proxy... so it was impossible to be seen from outside the mtn network ... you were basically on some little mtn private network!

  6. #6
    Senior Member
    Join Date
    Feb 2005
    Location
    Vanderbijlpark
    Posts
    326

    Default

    bboy,

    That is true for the internet APN. By using the internetvpn APN the IP is routable. I think my problem is associated with the ports I want to use.

  7. #7
    Grandmaster
    Join Date
    Mar 2005
    Location
    Johannesburg
    Posts
    1,988

    Default

    Quote Originally Posted by grubsner
    bboy,

    That is true for the internet APN. By using the internetvpn APN the IP is routable. I think my problem is associated with the ports I want to use.
    So if you use MTN GRPS or V3G and the internetvpn APN , you should get a routable IP?

  8. #8

    Default

    although using the internetvpn apn, I never managed to contact my 3G linux box from outside, not on any "standard" port (eg 80, 21, 22, 110)

  9. #9
    Senior Member
    Join Date
    Feb 2005
    Location
    Vanderbijlpark
    Posts
    326

    Default

    I just did a port scan on ShieldsUp WITHOUT my firewall running and all the ports are reported as STEALTH. This means ALL incoming ports are blocked. I can't even contact my Home PC via my VPN software on port 443.

  10. #10
    Vodacom Representative
    Join Date
    Jan 2005
    Location
    (mostly) Plattekloof, Cape Town
    Posts
    12,066

    Default

    This is correct. You won't be able to open up a port from the outside INTO the 3G/GPRS data network for the reasons stated above.

    However, there might be a valid case for this functionality.

    Can we see a show of (electronic) hands from those who need this, together with a short reason. I can then collate and feed through.

    For example:

    - Require to do support of 3G connected PC's.
    - Need to do maintenance on a 3G system.
    - Want to host a 3G based server.

    etc.

    Just to clarify why the ports are not open by default.

    1) An unsuspecting user can be hacked and infected without realising it.
    2) Any hacking / scanning attempts will be for the account of the user! Remember you pay for all incoming and outgoing traffic.

  11. #11

    Default

    What is the real purpose of the 'internetvpn' APN? I thought that all ports would be open for a end user on v3g/gprs and it is their risk with what happens regarding the data transfered. If you don't want the risk then use the standard 'internet' APN.

    I am wanting to set up my Linksys 3G Routers that i've just got, with DDNS in-order for remote software configuration and maintenance.

    Maybe there should be another APN setup at vodacom for use with these new Linksys 3G Routers??

    So, what is the real purpose of having a v3g linksys router where you can't actually use the router part of it??

  12. #12
    Grandmaster
    Join Date
    Mar 2005
    Location
    Johannesburg
    Posts
    1,988

    Default

    Just saw the other option " I clicked a 'Yes' option above, and am prepared to accept the risk of being hacked"

    but I didn't click it first time round so add another one to that number from me

  13. #13
    Vodacom Representative
    Join Date
    Jan 2005
    Location
    (mostly) Plattekloof, Cape Town
    Posts
    12,066

    Default

    Been approved in principle, busy doing the i's and t's....

  14. #14
    Grandmaster
    Join Date
    Dec 2004
    Location
    Parkview, JHB
    Posts
    964

    Default

    I tried to set up a VPN over the internet between my ADSL PC and MTN 3g laptop using DynDNS and had no luck so far... Is all of the above something to do with my prob?

    It's late and I should be sleepy but you know how it is when you're trying to get something to work......
    Television is push technology - You see what they want you to see. The internet is pull technology - You see what you want to see

  15. #15
    Senior Member
    Join Date
    Jan 2005
    Location
    Wilgeheuwel
    Posts
    230

    Question internetvpn

    Hi

    got my legal IP. but could v3g please confirm or someone that even though you have a legal IP, incoming connections are still blocked???? i.e. connection still needs to be established from the inside? and connection cannot be established from the outside??? dont worry about the fact that the legal IP changes everytime I connect, I am aware of that and have resolved it.

    Thanks

Page 1 of 42 1 234511 ... LastLast

Tags for this Thread

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •