I use VPN at work to have access to certain tools/databases etc. Since around 29th of April, I’m unable to connect to a big portion of websites when on VPN, eg. AWS, GitHub, Okta, internal websites in the company, etc.. It used to work previously without any issues, so not sure what could have caused this.
I narrowed down the problem to my home internet connection as the issue appears when connecting to VPN on 3 separate devices when on home wifi, and VPN works fine when I use my phone as a hotspot.
I have following questions:
Was there any change on my account/with my connection around the 29th of April that could have caused this?
I saw on my router’s dashboard that it’s using DS Lite tunnel for IPv4.
Could that be the cause of the issue? If yes, what are possible solutions to make it work - do I need a proper IPv4 address? Could I get an IPv4 address with O2 my Home XL Flex contract?
As VPN worked fine previously, did I have DS Lite tunnel from the beginning or was it changed recently?
Is there any other potential problem and how could it be solved?
Please let me know if I should provide more details. I have been trying to solve this with network engineers at my company but they think it’s something due to my internet provider. This is a serious issue for me as I cannot perform my job without access to VPN and will need to change the internet provider if I can’t find a solution.
Thank you.
Seite 1 / 1
If you are using a cable router it is always DS lite.
If you have a problem working „in the VPN“ it can’t be a O2 Problem!
If you VPN is up and the connection is stable, then you should ask your admin‘s!!
Hello @ArekG ,
welcome to the o2 Community .
As schluej has already said, if the issues arise within your VPN, then we cannot help you with these. As the VPN worked fine previously and o2 itself wouldn’t change your contract or connection without you being informed about it ahead of time or even ordering it yourself, I’d guess that your company changed something about it’s VPN client that is affecting you here.
Kind regards, Sven
Hello,
Coming back to this question. I have been in contact with network engineer at my company and technical support from the company that provides us VPN (Palo Alto). We did deep packet captures on broadband (internet I get at home from o2 where I have issues with VPN) and on my phone hotspot (not from o2, where VPN works fine).
The feedback I got from the packet capture analysis from Palo Alto support was as follows:
>>When the client connects to hotspot the tcp handshake is successful and the SSL conversation is happening successfully
>>When the client connects to broadband the tcp handshake is successful and after the client hello the client is resetting the conversation.
>>checked the captures on gateway firewall and we don't see any drop regards the conversation
>>It would be better If we can capture what is happening on ISP end and we will be able to find what is happening on ISP end.
>>Further I checked the traceroute for both scenarios and it is taking the same route.
Would it be possible to get support from your side to figure out what’s the issue? Or do you have any ideas what could be the problem?
Thank you.
Moin,
after
>>When the client connects to broadband the tcp handshake is successful and after the client hello the client is resetting the conversation.
Ask for the ports the are used. Maybe the FRITZ!Box will block one or more ports.
The FRITZ!Box is blocking port 139 and 445. turn off „NetBIOS-Filter“.
Hello @ArekG ,
did it work with schluej´s suggestion?
I am happy to read from you soon.
Best regards, Manuela
Hi schluej and Manuela,
Thank you for responding.
They are using ports 443 and 4501. Could the Fritzbox block these ports too or in general it’s just 139 and 445? I have FritzBox 6660, not sure if that matters.
Thank you.
@ArekG thanks for your respond. Normally all these Ports are blocked. Unblocking should be possible within the fritzbox.
yours Michael
Hi,
I didn’t find a setting to turn off NetBIOS Filter and I’m not sure what to do to unblock the ports. I have the advanced view enabled.
Would changing port sharing settings help? If yes, what should I do there?
Thank you.
@ArekG thank you for your respond. You have to release the ports one by one. An detailed description should be found directly in the AVM instructions.
@schluej do you have any hints for ArekG
kindly regards Michael
Hi Michael,
Thank you. Do I release them under port sharing or elsewhere?
I’m not sure what to do with settings under IPv4/v6 Settings:
And then when I add the ports under Permit Access,
a) what would be the application type?
b) What ports do I put in “Port to device … through …”, for ex to unblock port 443, do I just write 443 to 443? c) Do I write something under Port requested externally?
Thank you.
@ArekG Thanks for your request.
@schluej or @Joe Doe do you have any ideas how to configurate a fritzbox?
greetings Michael
@ArekG Have you ever restarted the Fritzbox and then immediately tested your VPN connections? No joke, please test this. I seem to remember reading about such a problem with a 6660 on the internet.
Hi @Joe Doe,
Yes, I restarted it several times and even restored factory settings. I restarted it right now too just in case this time somehow it fixes the issue, but VPN still doesn’t work properly.
I set up port sharing like this but it didn’t help:
I also tried different settings like enabling Independent Port Sharing and “Open this device completely for internet sharing” on IPv4 and IPv6 with no effect.
Under point 2 you can find a explanation for setting up port sharing.
I am happy to hear from you soon.
Best regards,
Manuela
@ArekG
Hello,
having the same issue with the same router. Did you find a solution ? If yes, please explain it for stupid people.
Thx
@mohla2 With what VPN solution you have problems?
Hi @mohla2, I didn’t solve it. My work networking team didn’t know how to fix it, I also got the engineers from the VPN provider to work on this and look through deep packet inspection logs, but no help from there either. I also talked to O2 on the chat, I don’t remember what solution was recommended but it didn’t help. In the end basically VPN people said it’s an issue with internet provider and recommended to change the provider, and the solutions here didn’t work. I gave up on this and when I need VPN I set up a hotspot on my phone and I’m careful how much data I use - I hate it but I have no desire to spend more hours looking for solutions.
Hi @mohla2
Wecome to our o2 Community
Hello,having the same issue with the same router.
Did you find a solution ? If yes, please explain it for stupid people.
May you provide some more details, then we may find a solution.
What kind of router do you use and what VPN software do you want to use for the connection?
And most important question: Have you already talked to your company's IT department?
Kind regards matze
I don’t know if this is worth a shot:
I am facing exact same problem with my new O2 cable internet service.
I have Fritzbox 6660 router as well. I am using GlobalProtect VPN. Pretty much exact setup as OP.
I have never faced this problem with the VPN, so I am sure it is not a VPN issue. All other internet service providers so far seem to establish a connection that works seamlessly.
Here is my problem:
I am able to connect to GlobalProtect
I am able to ssh into the remote linux computer in our office.
But, websites related to office network don’t work.
GUI for remote access to linux system doesn’t work
Hopefully someone at O2 is willing enough to help solve this issue.
Thanks
Hi @mohla2
Wecome to our o2 Community
Hello,having the same issue with the same router.
Did you find a solution ? If yes, please explain it for stupid people.
May you provide some more details, then we may find a solution.
What kind of router do you use and what VPN software do you want to use for the connection?
And most important question: Have you already talked to your company's IT department?
Kind regards matze
Im using a Fritzbox 6660 and tried wireguard with Surfshark and Nord VPN. Both didnt work. Only the open VPN TCP works but its not the fastest.
Greetngs
Hello @adityatarey and @mohla2,
As via cable the connection from us works with DS-lite, there might be the possibility that your company´s IT might suggest a solutiuon if you are using a company network.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Scanne Datei nach Viren
Tut uns leid, wir prüfen noch den Inhalt dieser Datei, um sicherzustellen, dass sie gefahrlos heruntergeladen werden kann. Bitte versuche es in wenigen Minuten erneut.