Skip to main content
Hi,



Since a couple of days I am having issues with my VPN connection. it uset to work flawless, but that suddenly changed. The Kundenservice advised me to write an email to info@o2online.de. But that email address does not work..



It concerns a connection between 2 fritz!boxes. The VPN connection uses IPSEC. The connection is made, however I cannot send files. This is extremely annoying since I cannot work from home right now. I have the feeling that UDP packets do not arrive. 



In the past I experienced the same issue using an PPTP vpn connection. Could this be an issue after a firmware update of the O2 router? 



I hope to get an aswer soon, I need this connection  for my work.



Thanks in advance,



Erwin



Of course there is technical personal working for o2, but they are not doing first-level customer support.



 



I think o2 might react different if you can pinpoint (better word than proof) where the problem is. If you can provide a trace that shows that there is one server that is blocking udp-traffic most of the time (you said sometimes there is a slow connection), then o2 can perhaps solve the problem. If you just say o2 is a bad provider, because o2 blocks all udp-traffic somewhere, then o2 has no idea where to look for the problem and nothing happens.



 



Do you think this server is the problem or the 6431 is the problem? The problem may have started, when you installed the 6431, but that does not mean that the 6431 is the course. There might be a different routing, since you switched to VDSL.



 



And I think it is very unlikely that o2 is blocking all udp-traffic or the 6431 is blocking udp-traffic, because then there should be much more people complaining about some applications that are not working (because those use udp).



 



What was the exact point when vpn stopped working? Was there anything changed during that time? At the beginning of the thread you asked something about a firmware update. Was there a firmware update on the o2-router during that time?



 



You might order a Fritzbox 3370 on Amazon and try that one as a vdsl-modem. As it costs more than 40 Euro you can return it without any costs for you (if you don't damage it).



 



I know that I can probably not solve your problem, but maybe I can help you pinpoint your problem so that o2 is able to solve your problem. But to do that you need to give me some more information for example the link to the problem you use, maybe a public webserver that you cannot ping over udp, so that I can try that from my account and the trace you mentioned, so I can see where you think the udp-traffic is blocked.



 



And in the moment I use my free time to help you. So please help me melp you.




Same Problem.  My company VPN uses L2TP.  I cannot change to from UDP  to TCP (which I had to do on another private VPN I use sometimes).



 



I tried Port Forwarding on the 6431, to no avail.



 



The extremly ignorant technical support lady did't even talk a minute to me about my VPN problem on the O2 VDSL Network.



 



So, can anyone help, please?




@winegum: What firmware-version is your 6431?




23b




Do you have another vdsl-modem or can borrow one, so you can test whether the 6431 is causing the problem?



Did the L2TP-connection work in the past?




Based on verious other threads and the response above it is clear that O2 is actively blocking UDP traffic and thus creates issues with using VPN. The lame answer 'we cannot solve your VPN problems' clearly shows the lack of respect of O2 for its customers.



 



O2 blocks the port after they see significant traffic over the UDP ports. It still could be in the node or in the 6431. Regardless what the cause is, the customer should not have to bother about it. I just want a working internet connection. That is what I pay for. But that is not what I get.



 



The support O2 is providing is of dreadful quality. The so called Guru's are used as a free way to bounce all questions any customer has. I am sorry to say so, but technical knowledge is lacking to support any customer in resolving the issue. The call center and technical support only know one answer that is written in their script: 'we cannot solve your VPN problems'.



 



It seems to be a corporate policy to block for whatever reason UDP trafic. If I had known I would have never ever chosen O2.



 



So I faxed a cancellation of my internet connection. With a deadline. Zero response.



 



I guess it is time for more drastic measures like stopping payment.



 



O2 - the worst provider ever




Then I cannot help you. Sorry.



 



By the way: If you stop the payments, o2 will completely disable your internet- and phone-connection.




Great! Thanks, In  both instances that means that the current situation is maintained as it ever was.



 



No support and no internet!



 



O2 - the worst provider ever




No, I don't.  Can I use any vdsl modem or am I stuck with the 6431?




Officially you are stuck with the 6431. 



 



There is a way around, check Arcadyan/o2 IAD 4421, IAD 6431 Konfiguration aus Flash auslesen



 



Of course there is a catch: ´Die Box muss geöffnet werden. Sie ist in aller Regel Leihhardware von o2 und sollte deshalb möglichst vorsichtig geöffnet werden`. Opening the box is a violation of the O2 contract.



 



It is of course not the right way forward that the customer has to solve the problems that O2 creates. The lack of transparency and the  lack of customer support in combination with very strict contracts creates a situation where the customer is deliberatly misled. Is there an organisation in Germany that promotes customer rights?



 



I want to get rid of this internet connection. What is the best way forward?



 



O2 - the worst provider ever





 




@winegum: unfortunately with another vdsl-modem your phone will not work, but it would be interesting to know whether the 6431 is causing the problems.



 



@E-berliner: You can try to file a complaint, explain that your internet connection is not fully functional and what ist not working, set a deadline two weeks in advance and announce that you will cancel the contract if o2 cannot fix this until the deadline. Write this as a registered letter with reply advice or as a fax, so you can prove that you send o2 this deadline. If o2 does not answer you can try to cancel the the contract.



Background for this is the §314 BGB (*Click*), but I am not sure whether it will work, because there is only a small bit of the internet connection that ist not working and I don't think that o2 guarantees that you can use every port and every protocol you like.



And I am not a lawyer and I have never done this before, so this tipp is theoretical.



 



Maybe there is someone in this forum with some experience on this topic.




I just did another test and established a AVM-VPN-connection between my Fritzbox 7490 (o2 VDSL-connection) and my family's Fritzbox 7170 (o2 ADSL-connection). Works great. So far I just tried to ping some devices and installed a remote printer, but without problems.




Ah, great, we start the thread again from the beginning again!!



 



1. yes it worked for me too in the beginning.



 



2. 7170 behind the 6431 and a 7390 on the other side.



3. 6431 reset and it did not work anymore....



4. See the logic...?



 



The point is that a normal ping goes via TCP.



Installing a printer goes via TCP..



Transmitting files via UDP... NOT POSSIBLE BECAUSE IT IS BLOCKED BY O2



 



O2 - the worst provider ever




Did you test it with another router? Any Fritzbox with VDSL-Support would be fine. 



I think, this is a problem of the IAD 6431. A few minutes ago, another User with the same IAD wrote, that he also has problems with VPN: http://hilfe.o2online.de/t5/Router-Software-Internet/O2-und-VPN-GRE-protokoll/td-p/568143




I did not want to start the whole discussion again. But in the past you answered only half of my question and that made it quite difficult to help you. Another difficulty is that one day you blame the o2-box next day you blame some o2-server somewhere and then you blame the o2-box again and so on.



And I gave you some advice about how you might perhaps cancel you contract.

And by the way: You never said "thank you" (at least never in a non-ironical way).



E-berliner schrieb:

3. 6431 reset and it did not work anymore....
 That is the first time you mention that the problem started after a reset of the 6431.



The point is that a normal ping goes via TCP.



Installing a printer goes via TCP..



Transmitting files via UDP... NOT POSSIBLE BECAUSE IT IS BLOCKED BY O2



Ping does not use TCP, but ICMP.



And I did the ping through the tunnel, so how can o2 know what kind of packets I transmit through the tunnel (maybe the NSA knows)? I think that the information whether it is an tcp- oder udp-packet going through the tunnel is encrypted too, but I might be wrong.



I thought you mean that the VPN-packets are transmitted over UDP and not that you try to transmit UDP-packets through the tunnel.



Does that mean you can transmit TCP-traffic through the tunnel without problems?



 



@binauchhier: I already suggested using another VDSL-modem, but unfortunately E-berliner does not have one.




nemesis03 schrieb:

@binauchhier: I already suggested using another VDSL-modem, but unfortunately E-berliner does not have one.



Yes, i read it. I did hope, he is going to borrow one, if I write the same thing again. I just wanted to help you ☺️




nemesis03 schrieb:

I did not want to start the whole discussion again. But in the past you answered only half of my question and that made it quite difficult to help you. Another difficulty is that one day you blame the o2-box next day you blame some o2-server somewhere and then you blame the o2-box again and so on.



And I gave you some advice about how you might perhaps cancel you contract.

And by the way: You never said "thank you" (at least never in a non-ironical way).



Well I do have the feeling that I am the one explaining here quite a bit on the way internet works, documenting the process and test I have done pretty well. Fact is that the issue is not in my infrastructure, but in the O2 system. It has only been almost 3 weeks now and still there is no resolution. Anyone working for O2 will get a thank you as soon as the issue is resolved.  



 



So far the only official reaction form O2 is "I'm really sorry, but we can't help u here in this case." That is not very customer friendly. And it does set the mood of the conversation. 



 





 That is the first time you mention that the problem started after a reset of the 6431.



I could not imagine that a reset could cause problems. So far a reset has almost always resolved any issues. However, it could be a vital piece of information. 



 



Ping does not use TCP, but ICMP.
Depends on the program. The standard windows ping is a simple utility with limited functionality. Netscan Tools can use TCP, IMCP, UDP. And so can PsPing.





And I did the ping through the tunnel, so how can o2 know what kind of packets I transmit through the tunnel (maybe the NSA knows)? I think that the information whether it is an tcp- oder udp-packet going through the tunnel is encrypted too, but I might be wrong.



I thought you mean that the VPN-packets are transmitted over UDP and not that you try to transmit UDP-packets through the tunnel.



Does that mean you can transmit TCP-traffic through the tunnel without problems?



 



@binauchhier: I already suggested using another VDSL-modem, but unfortunately E-berliner does not have one.



What port and protocol a VPN tunnel uses depends on the type. source: Juniper Networks



 



Internet Protocol Security (IPSec) uses IP protocol 50 for Encapsulated Security Protocol (ESP), IP protocol 51 for Authentication Header (AH), and UDP port 500 for IKE Phase 1 negotiation and Phase 2 negotiations. UDP ports 500 and 4500 are used, if NAT-T is used for IKE Phase 1 negotiation and Phase 2 negotiations



Secure Sockets Layer (SSL) uses TCP port 443 and works by using a private key to encrypt data that is transferred over the SSL connection. SSL also uses 465 Secure SMTP, 993 Secure IMAP, and 995 Secure POP.



Layer Two Tunneling Protocol (L2TP) uses TCP port 1701 and is an extension of the Point-to-Point Tunneling Protocol. L2TP is often used with IPSec to establish a Virtual Private Network (VPN).



Point-to-Point Tunneling Protocol (PPTP) uses TCP port 1723 and IP port 47 Generic Routing Encapsulation (GRE). PPTP provides a low-cost, private connection to a corporate network through the Internet. PPTP works well for people who work from home or travel and need to access their corporate networks. It is often used to access a Microsoft Remote Access Server (RAS).



 



This is the reason why I can transfer via SSL since it only uses TCP. Any other secure solution uses UDP or GRE.



 



Even IPsec is not safe for the NSA. It is stronger than PPTP though.



 



Final word on replacing the router. I need username and password to do so. I have read to many issues with placing a decent router (fritz 7360/7390/7490) in place of the 6431, since the inlog data are not known, cannot be read from the router (firmware 23b) or provided incorrectly by the customer service. Secondly, I don't see why I need to do a significant investment (starting at 130 euro) in hardware. O2 should deliver a working internet connection without any restrictions that are not being communicated beforehand. 



 



O2 - the worst provider ever




OK, I think I cannot help you as I am not an o2 employee, I don't like your way to tread someone who tries to help you and you keep ignoring my questions. I still hope you manage to solve your problem.




Now I really get the feeling you are an O2 employee. They don't help either!!



 



And I see that an O2 moderator named Stefan gave you a kuddo for your last answer, just like me. It seems this is confirms my previous statement.



 



1https://http://o2de.i.lithium.com/html/rank_icons/moderator.gifo2_StefanModeratorKudos-Gewichtung: 3Kudos: 3Kudos-Datum: ‎03.02.20142http://o2de.i.lithium.com/t5/image/serverpage/avatar-name/toytrain/avatar-theme/chrome/avatar-collection/toys/avatar-display-size/messagehttp://o2de.i.lithium.com/html/rank_icons/ranks_neu%20(24).pngE-berlinerErste ErfahrungenKudos: 1Kudos-Datum: ‎01.02.2014 



O2 - the worst provider ever




Yes, i gave him a Kudo. For what? For his really selfless try, supporting you and your VPN connection over several days.



 



Any trouble with this?



 



Regards



Stefan



 



 




Absolutely not, because now I finally have drawn the attention of an O2 person that is able to explain me why UDP connections are not possible via my connection!!



 



Lieber Stefan, 



 



Why are UDP connections not possible via a O2 VSDL 50 with a 6431 box with firmware 1.01.23b not possible?



 



Thank you in advance for your answer! ☺️



 




UDP connections are possible via an o2 internet connection. You are the first customer who have these trouble with his VPN connection. That it doesn´t work is not a failure in the o2 Internet connection.



 



And im sorry, but in our general technical specifications, i can´t find a note that we provide a vpn connection to a third party provider in the netherlands.



 



So im sorry, but we cant support your "private" network.



This is not a part of our Service. Your DSL connection works fine.



 



Regards



Stefan



 



 



 



 



 



 



 




That is a rude answer. My internet connection does not work right, who are you to tell me that I should be satidfied with it. What a lack of respect for a customer.



 



If you specify you deliver an internet connection, then there are no restrictions. VPN or any other protocol should be possible without having to explicitely mentioning this



 



My internet connection does not work fine since UDP is being blocked. That is the root cause of my VPN issue. However, you should address the root case in stead of blaming the customer. 



 



My issue is NOT UNIQUE. Look at all the threads in the forum! There seems to be 1 common denominator; the 6431 box. However I cannot replace this box without violating O2 conditions. So I am left with no alternatives.



 



There are 2 ways forward:



1. Either you provide me with all the details to be able to setup a working connection via an alternative like a Fritz box. A private message is appreciated.



2. Or we agree to cancel my contract



 



It must be clear that the latter has my preference as you will understand. 



 



Cooperation from your side is highly appreciated to resolve the issue. 



 



 



 




Well, eberliner is not the only one.  My udp connection definately does not work either.



 



I would try a new router.  I don't use the phone anyway.



However, I guess I would need all kind of settings.  Where can I get them?




You need the username and password for the internetconnection. Maybe those are in the "Auftragsbestätigung" that you should have received from o2. Otherwise write a private message to the user o2_dsl and ask for username and password for the internet connection.



Usually you get these information without problems, only the login data for the internet telephony won't be given to you.



 



And you need to configure VPI=1, VCI=32 and VLAN-ID=7 (if that does not work try VLAN-ID=11)