VPN Access

The_Unbeliever · May 28, 2012

@Juggy - IPv4 address pools are depleted all over the world, hence the talks of switching over to IPv6.

In the interim you can still use IPv4, but might experience issues. YMMV.

jannievanzyl · May 28, 2012

warwickw said:
What I don't understand is how come my R250 ADSL modem allows VPN passthru, but yet the Vodacom network which I'm sure invests millions in their NAT'd solution and firewall can not allow VPN passthru.

The *problem* is actually with the VPN software that does not like NAT'ed IPs, nothing to do with the kit you use.

Most ISPs in South Africa have up to tens of thousands of users, so getting routable IPs is simple. Even the mobile operators (outside of MTN and Vodacom) have less than 300 000 users (according to their reports), so they don't face the same problem.

The TOTAL ADSL base (across all ISPs) is around a million.

Vodacom is (way) in excess of 10 million. Thus the problem.

The_Unbeliever · May 28, 2012

@jannie - quick question :

if Vodacom implement IPv6, will my users be able to VPN in from an IPv6 IP to an IPv4 VPN server?

The_Unbeliever · May 28, 2012

jannievanzyl said:
Vodacom is (way) in excess of 10 million. Thus the problem.

:wtf:

I'm glad I don't have your job

jannievanzyl · May 28, 2012

The_Librarian said:
@jannie - quick question :

if Vodacom implement IPv6, will my users be able to VPN in from an IPv6 IP to an IPv4 VPN server?

Not sure, will check, but my gut reaction would be we would have to still support v4 as not everyone will be able to switch.

Will ask the clever guys or Ambo might know.

jannievanzyl · May 28, 2012

The_Librarian said:
:wtf:

I'm glad I don't have your job

We intend to double this number in the next 24 months.

But these numbers do tend to tell a story. While it's easy to conceptualize a new billing feature or technical solution, most people don't quite comprehend the sheer scale of our world. 26 million users, many millions concurrent data users, peta-bytes of data, all in real-time.

I always smile at the posts on this forum stating it's easy to do this or that, but building data base or a billing system for a few hundred/thousand is substantially different than for tens of millions.

Matthysdt · May 28, 2012

jannievanzyl said:
Vodacom is (way) in excess of 10 million. Thus the problem.

Probable cause for this I'd guess, is the dawn of the affordable smartphone, Android, Blackberry, iPhone (in that order I suppose), today almost everyone with a phone needs an IP Address.

b@nD · May 28, 2012

Vodacom VPN setup -- what equipment ?

The *problem* is actually with the VPN software that does not like NAT'ed IPs, nothing to do with the kit you use.

Is this the VPN software running on the Vodacom system ?
Is one allowed to ask just exactly what equipment VC is running on their side ?

Technical detail is always lost in the buzz of the marketing hype !

The_Unbeliever · May 28, 2012

b@nD said:
Is this the VPN software running on the Vodacom system ?
Is one allowed to ask just exactly what equipment VC is running on their side ?

Technical detail is always lost in the buzz of the marketing hype !

Do you understand how a point to point VPN works?

Juggy · May 28, 2012

The_Librarian said:
@Juggy - IPv4 address pools are depleted all over the world, hence the talks of switching over to IPv6.

In the interim you can still use IPv4, but might experience issues. YMMV.

I understand the issue with IPv4 what I don't understand is Vodacoms inability to find a workaround that doesn't affect the customer. An easier method would be to only issue public addresses to 3G modems and issue NAT'd to cellphones. Surely that would resolve some of the issue if not most of it. I don't know of anyone that VPN's from or through their cellphone.

Basically what happened is no one planned properly for the depletion of IPv4 addresses on the Vodacom network even though the planet has been running short and ahs been warned for years already.

jannievanzyl · May 28, 2012

b@nD said:
Is this the VPN software running on the Vodacom system ?
Is one allowed to ask just exactly what equipment VC is running on their side ?

Technical detail is always lost in the buzz of the marketing hype !

No, it's the VPN software you run on the client (PC, iPAD, etc.) and your VPN server. Vodacom just operates at the IP layers but this is where NATing takes place and your VPN software do not like it as it seems someone is messing with your VPN connection.

jannievanzyl · May 28, 2012

Juggy said:
I understand the issue with IPv4 what I don't understand is Vodacoms inability to find a workaround that doesn't affect the customer. An easier method would be to only issue public addresses to 3G modems and issues NAT'd to cellphones. Surely that would resolve some of the issue if not most of it. I don't know of anyone that VPN's from their cellphone.

I VPN all the time from my iPad.

The only way you can seperate phones and modems is to put them on different APN's and that would require the user to change the settings on his device. But that sounds strangely familiar.

jannievanzyl · May 28, 2012

Matthysdt said:
Probable cause for this I'd guess, is the dawn of the affordable smartphone, Android, Blackberry, iPhone (in that order I suppose), today almost everyone with a phone needs an IP Address.

We've got about 16 million devices that are IP capable. Fortunately not all connect at the same time.

Juggy · May 28, 2012

jannievanzyl said:
I VPN all the time from my iPad.

The only way you can seperate phones and modems is to put them on different APN's and that would require the user to change the settings on his device. But that sounds strangely familiar.

Fair enough. target users with data only bundles then. Woudl result in much fewer people having to change their settings or deal with the callcentre.

b@nD · May 28, 2012

NO Help

The_Librarian said:
Do you understand how a point to point VPN works?

I might have IF you had enlightened me

As I was thinking; the client is connecting on their 3G via a VPN to their office.
The VPN is setup through the VC network ( am I OK so far ? )
The problem seems to be on the VC side and their implementation of NAT which is interfering with the VPN IP address ( public and private )
The software problem then is on the customer side ( client=mobile / server=office )
What is the software that is giving the problem and what protocols are running ? ( Does this problem occur on all software implementations ? )

Does this occur on a Cisco network / setup ?

The question about what equipment VC is using still stands.

jannievanzyl · May 28, 2012

Juggy said:
I understand the issue with IPv4 what I don't understand is Vodacoms inability to find a workaround that doesn't affect the customer. An easier method would be to only issue public addresses to 3G modems and issue NAT'd to cellphones. Surely that would resolve some of the issue if not most of it. I don't know of anyone that VPN's from or through their cellphone.

Basically what happened is no one planned properly for the depletion of IPv4 addresses on the Vodacom network even though the planet has been running short and ahs been warned for years already.

We're ready to switch to v6. Are you?

The_Unbeliever · May 28, 2012

b@nD said:
I might have IF you had enlightened me
As I was thinking; the client is connecting on their 3G via a VPN to their office.
The VPN is setup through the VC network ( am I OK so far ? )
The problem seems to be on the VC side and their implementation of NAT which is interfering with the VPN IP address ( public and private )
The software problem then is on the customer side ( client=mobile / server=office )
What is the software that is giving the problem and what protocols are running ? ( Does this problem occur on all software implementations ? )

Does this occur on a Cisco network / setup ?

The question about what equipment VC is using still stands.

oops, you're right, I should've elaborated a bit

PPTP VPN requires the use of the GRE protocol. When you run on a NAT'ed IP (as in Vodacom's case) the GRE protocol does not route properly. Without the GRE protocol, PPTP VPN will not work.

OpenVPN should work as it does not require the GRE protocol, but I might be wrong.

Juggy · May 28, 2012

jannievanzyl said:
We're ready to switch to v6. Are you?

Yeah, does the handset/modem support it? The dekstop/laptop OS supports it.

ambo · May 28, 2012

The_Librarian said:
if Vodacom implement IPv6, will my users be able to VPN in from an IPv6 IP to an IPv4 VPN server?

The original plan was that there would be no communication between IPv4 sockets and IPv6 sockets. You would have been able to only tunnel one on top of the other.

End user demand has forced the standards bodies to rethink this and you can now reach most IPv4 sites/servers from an IPv6(-only) connection. You need some blackboxes in the network to make this work and these devices are just NATing the traffic. This is unlikely to solve the current NAT issue.

Why don't you just IPv6 enable your server so that it can accept either IPv6 or IPv4 connections?

ambo · May 28, 2012

jannievanzyl said:
We're ready to switch to v6. Are you?

COOL!

Which APN can I test this on?

I've been doing IPv6 over wifi on my Android phone for a couple of years now with no issues. My next phone will have to support IPv6 on the UMTS side as well. Probably the Galaxy Nexus which has the correct Radio Interface Layer (RIL) capabilities for IPv6 PDP contexts.

footnote: Do any of you realise that MyBroadband has been IPv6 enabled for about a year already?

Join the MyBroadband community

Get started

VPN Access

Honorary Master

Telecoms expert

Honorary Master

Honorary Master

Telecoms expert

Telecoms expert

Well-Known Member

Banned

Honorary Master

Executive Member

Telecoms expert

Telecoms expert

Telecoms expert

Executive Member

Banned

Telecoms expert

Honorary Master

Executive Member

Expert Member

Expert Member