Do you want/need an APN that allows connections initiated from outside the APN?

  • No thanks, no idea what this means - don't think it applies to me

    Votes: 17 8.5%
  • No thanks, I know what it means and I will never need it

    Votes: 15 7.5%
  • Yes please, for [desktop or other] remote support

    Votes: 110 55.3%
  • Yes please, for hosting

    Votes: 61 30.7%
  • Yes please, for some other reason explained in my post in the thread

    Votes: 27 13.6%
  • I clicked a 'Yes' option above, and am prepared to accept the risk of being hacked

    Votes: 93 46.7%
  • I clicked a 'Yes' option above, and am NOT prepared to accept the risk of being hacked

    Votes: 6 3.0%

  • Total voters
    199
Hi there

I don’t know whether this has been discussed yet, but it seems that Vodacom restricts the use of certain ports where a subscriber must fill in an indemnity form - and faxed back with copy of ID - before they can use the Unrestricted APN (attached).

The feedback we have received is from an online poker player which says this is a new occurrence. Was this discussed before?

Any feedback will be great.

Regards,

RPM

As the instigator of the attached document let me explain the policies around the various apn's. It has been discussed at length before, BTW, but I don't mind giving a summary....;)

There are 3 'consumer' APN's available to the Vodacom user base:

internet - NAT'd IP with all incoming ports blocked, i.e. you can connect to any service with no blocking or shaping of any kind, but your PC can't accept incoming connections. This is out-and-out to protect users from port attacks and scanning.

internetvpn - Routable, dynamic IP with all incoming ports blocked, i.e. you can connect to any service with no blocking or shaping of any kind, but your PC can't accept incoming connections. This is out-and-out to protect users from port attacks and scanning.

vlive - same as internet, but allows you to connect to VodafoneLive at no charge.

All the above apn's block incoming ports but have no restriction on outgoing. You decide what to do with your data.

Some users, in addition, required unsolicited incoming connections and for this the 'unrestricted' APN was created. This allows you to do things live web streaming, remote desktop support, etc. My original name for the APN was the 'hosting' APN, but it turned out to be more than that.

The danger of this APN is that it exposes your device to the greater internet and you can (and probably will) be attacked. Worse, because you pay for every byte sent or delivered to your data card, you could end up paying for the privilege of being attacked. But some people require the service and thus I asked for it to be created a year or so ago.

Another triumph for the forum, BTW!!

Initially you could auto-provision yourself via 4me but I asked for it to be removed and replaced by the attached form, the idea is to make VERY sure a user understands the risks.

On-line, click-through would have enticed users to auto-provision without understanding the risks (and wasting precious routable IP's). We recently saw posts here where there was no need to be on the unrestricted APN, but yet, it seems, the subscriber provisioned himself in any case and now are questioning charges....:rolleyes:

If you read the disclaimer you'll notice this is basically what it says: By using the 'unrestricted' APN you will not hold Vodacom responsible for incoming data charges. So, please ensure your firewall is up to speed.

To summarise:

1) NO blocking, shaping, throttling or messing with outgoing ports, in any way, on all Vodacom APN's. This covers 99.99% of all Vodacom data users as the vast majority of applications initiate the connection from the 3G side.

2) internet, vlive and internetvpn APN's will block all unsolicited incoming connections.

3) unrestricted allows all incoming ports, again NO blocking, shaping, throttling or messing with incoming ports, in any way, just like outgoing.

To summarise the summary: NO shaping, whatsoever.
 
Everything you ever needed to know about the [thread=32730]Unrestricted APN...[/thread]

PS: The unrestricted APN is specifically for hosting of services using Vodacom's network, it is not for online poker players.

Thanks ic, amazing to see that it's exactly 2 years ago that we started the poll to see if there was a requirement for this APN. At least we got that right...;)

rpm, often someone will have a problem connecting to a specific site. These need to be reported so we can investigate and see what's causing the problem. We commonly see a few recurring problems with some external sites.

1) Poorly built sites - Unfortunately, many sites out there don't observe the accepted rules (like w3) when constructing sites. This then causes problems for the in-line engines (which Prometheus insist we don't have:rolleyes:) resulting in the comms breaking down.

When we get a report like this, we try and help the author to fix his site (think how much of an admin overhead this is...) and if we don't have joy we put bypass rules into the engines. But this is not a nice way of 'resolving' the problem.

2) Sites getting confused by NATing - As users NAT via the the internet and vlive APN's they'll be seen with the same IP address but DIFFERENT ports. However, some web sites only look at the IP and then see this as a 'duplicate' IP and gets all confused. Again, a poorly built site as it should look at the source IP:Port, not just the IP.

The easiest solution is to put the subscriber on the internetvpn APN.

I suspect this is the case with your on-line gambler. Maybe PM me the details and I'll look into it. For sure the unrestricted APN is not the right answer.

3) Users using well-known ports - We've seen on-line gamers, etc. using standard ports for non-standard applications. This freaks the in-line engines (the ones we don't have) completely as they think it's an unsolicited attack and will kill the session. (Again this in-line scanning to protect users is just a figment of my imagination.....;))

Here we just help the subscriber to pick the right ports.
 
Last edited:
What exactly is an APN? I mean, what does it stand for?

Access Point Name - It's an ID that you put into your 3G card or phone and allows a specific set of services.

Think of it as a password for a specific set of services. When you connect your modem sends this 'password' to the network and it allows you certain functions.
 
Hi there

I am the one who reported this to RPM. The problem I am experiencing is www.pkr.com software. The software uses the following ports:

51330 to 51339
52330 to 52339
58018
58019

The problem is that last week it was still working, and now suddenly I am not allowed to make use of the software.

It just feels that I am now "capped" or "restricted" and now I need to fill in forms and ID books and stuff.

Am I missing something?
 
I called 3 times already ...

1st time ... they had to activate something on my phone and this would have taken 24 hours ... not exactly sure what they activated

2nd time ... I have to fill in the indemnity form

and I called again and this time I have to speak to Autopage (as they are my Service Provider)

I am now stuck ...

The real problem is that this was working fine for the last 2 months and just suddenly it is not working. It works fine on my Telkom ADSL line ...

This does not seem right ...
 
Hi there

I am the one who reported this to RPM. The problem I am experiencing is www.pkr.com software. The software uses the following ports:

51330 to 51339
52330 to 52339
58018
58019

The problem is that last week it was still working, and now suddenly I am not allowed to make use of the software.

It just feels that I am now "capped" or "restricted" and now I need to fill in forms and ID books and stuff.

Am I missing something?

We need to get much better info, if you don't mind.

1) Where are you based?

2) Which APN do you use?

3) What is your IP? (via ipconfig)

4) Pre-paid or contract? (I assume you have credit? :))

5) Mobile number? (you can PM this to me)

6) Exact symptoms? How did it work, and what is not working now? When did it start, etc.

7) What does this mean: "It just feels that I am now "capped" or "restricted".... "?

8) I'd like to listen to the call where you were advised to use the unrestricted APN. Can you PM the date/time and number from where you called 155?
 
Hi Vodacom3G, IC

Thanks a bunch for the comprehensive feedback. I see Albert himself make contact :D
 
okay i've read through this thread a few times now and it seems very uncertain....

so i'm gonna just ask straight and hope to get an informed answer?

if i had a linksys 3g/hsdpa router would i be able to have all the ports open for incoming connections that I want open? or are they still blocked on 3g? or what is the situation?
 
As the ...

Some users, in addition, required unsolicited incoming connections and for this the 'unrestricted' APN was created. This allows you to do things live web streaming, remote desktop support, etc. My original name for the APN was the 'hosting' APN, but it turned out to be more than that.....

how would i go about changing mine to this?
 
What are the charges for using the different APN's?

What are the charges for using the different APN's, if there is any.

What is the purpose of each APN?
1) Internet
2) Internetvpn
3) unrestricted
4) Vlive

When/why/how may I/we, ask to have the APN/APN's enabled on my sim?
:cool:
 
Last edited:
No APN (access point name) is charged for.

To answer csnoopy's question; If you need to ask what the different APN's are for, you probably don't need to move from the vlive or internet APN.

So please don't try and provision yourself for these APN's if you have no need. You'll gain nothing and probably end up with something you don't want (potential lower performance and/or port attacks)

There are 3 'consumer' APN's available to the Vodacom user base:

internet - NAT'd IP with all incoming ports blocked, i.e. you can connect to any service with no blocking or shaping of any kind, but your PC can't accept incoming connections. This is out-and-out to protect users from port attacks and scanning.

internetvpn - Routable, dynamic IP with all incoming ports blocked, i.e. you can connect to any service with no blocking or shaping of any kind, but your PC can't accept incoming connections. This is out-and-out to protect users from port attacks and scanning.

vlive - same as internet, but allows you to connect to VodafoneLive at no charge.

All the above apn's block incoming ports but have no restriction on outgoing. You decide what to do with your data.

Some users, in addition, required unsolicited incoming connections and for this the 'unrestricted' APN was created. This allows you to do things live web streaming, remote desktop support, etc. My original name for the APN was the 'hosting' APN, but it turned out to be more than that.

The danger of this APN is that it exposes your device to the greater internet and you can (and probably will) be attacked. Worse, because you pay for every byte sent or delivered to your data card, you could end up paying for the privilege of being attacked. But some people require the service and thus I asked for it to be created a year or so ago.

Another triumph for the forum, BTW!!

Initially you could auto-provision yourself via 4me but I asked for it to be removed and replaced by the relevant form, the idea is to make VERY sure a user understands the risks.

On-line, click-through would have enticed users to auto-provision without understanding the risks (and wasting precious routable IP's). We recently saw posts here where there was no need to be on the unrestricted APN, but yet, it seems, the subscriber provisioned himself in any case and now are questioning charges....

If you read the disclaimer you'll notice this is basically what it says: By using the 'unrestricted' APN you will not hold Vodacom responsible for incoming data charges. So, please ensure your firewall is up to speed.

To summarise:

1) NO blocking, shaping, throttling or messing with outgoing ports, in any way, on all Vodacom APN's. This covers 99.99% of all Vodacom data users as the vast majority of applications initiate the connection from the 3G side.

2) internet, vlive and internetvpn APN's will block all unsolicited incoming connections.

3) unrestricted allows all incoming ports, again NO blocking, shaping, throttling or messing with incoming ports, in any way, just like outgoing.

To summarise the summary: NO shaping, whatsoever.
 
@v3g

Is the unrestricted APN then like having a wireless highspeed dialup connection, no restrictions.

In what instances then would there be a charge when using the unrestricted APN??

:cool:
 
@v3g

Is the unrestricted APN then like having a wireless highspeed dialup connection, no restrictions.

In what instances then would there be a charge when using the unrestricted APN??

:cool:

I'm going to type this slowly, please read along..;)

T-H-E-R-E
A-R-E
N-O
C-H-A-R-G-E-S
F-O-R
T-H-E
U-N-R-E-S-T-R-I-C-T-E-D
O-R
A-N-Y
O-T-H-E-R
A-P-N.

I-T
G-I-V-E-S
Y-O-U
N-O-T-H-I-N-G
T-H-E
I-N-T-E-R-N-E-T
A-P-N
W-O-U-L-D
N-O-T.

P-L-E-A-S-E
C-H-A-N-G-E
Y-O-U-R
S-E-T-T-I-N-G-S
B-A-C-K
T-O
T-H-E
I-N-T-E-R-N-E-T
A-P-N.
 
Last edited:
I'm going to type this slowly, please read along..;)

T-H-E-R-E
A-R-E
N-O
C-H-A-R-G-E-S
F-O-R
T-H-E
U-N-R-E-S-T-R-I-C-T-E-D
O-R
A-N-Y
O-T-H-E-R
A-P-N.

I-T
G-I-V-E-S
Y-O-U
N-O-T-H-I-N-G
T-H-E
I-N-T-E-R-N-E-T
A-P-N
W-O-U-L-D.

P-L-E-A-S-E
C-H-A-N-G-E
Y-O-U-R
S-E-T-T-I-N-G-S
B-A-C-K
T-O
T-H-E
I-N-T-E-R-N-E-T
A-P-N.

Ah, it all makes sense now. :D:p
 
Top
Sign up to the MyBroadband newsletter
X