Warum O2
Warenkorb
 Service
Gelöst

VPN stopped working properly

A
Rang

Hi,

I use VPN at work to have access to certain tools/databases etc. Since around 29th of April, I’m unable to connect to a big portion of websites when on VPN, eg. AWS, GitHub, Okta, internal websites in the company, etc.. It used to work previously without any issues, so not sure what could have caused this.

I narrowed down the problem to my home internet connection as the issue appears when connecting to VPN on 3 separate devices when on home wifi, and VPN works fine when I use my phone as a hotspot.

 

I have following questions:

  1. Was there any change on my account/with my connection around the 29th of April that could have caused this?
  2. I saw on my router’s dashboard that it’s using DS Lite tunnel for IPv4.
    • Could that be the cause of the issue? If yes, what are possible solutions to make it work - do I need a proper IPv4 address? Could I get an IPv4 address with O2 my Home XL Flex contract?
    • As VPN worked fine previously, did I have DS Lite tunnel from the beginning or was it changed recently?
  3. Is there any other potential problem and how could it be solved?

 

Please let me know if I should provide more details. I have been trying to solve this with network engineers at my company but they think it’s something due to my internet provider. This is a serious issue for me as I cannot perform my job without access to VPN and will need to change the internet provider if I can’t find a solution.

 

Thank you.

 

icon

Lösung von schluej 15 May 2022, 17:59

Zur Antwort springen

22 Antworten

schluej
Rang

If you are using a cable router it is always DS lite.

If you have a problem working „in the VPN“ it can’t be a O2 Problem!

If you VPN is up and the connection is stable, then you should ask your admin‘s!!

 

 

 

Live long and prosper 🖖
o2_Sven

Hello @ArekG ,

welcome to the o2 Community 💙.

As schluej has already said, if the issues arise within your VPN, then we cannot help you with these. As the VPN worked fine previously and o2 itself wouldn’t change your contract or connection without you being informed about it ahead of time or even ordering it yourself, I’d guess that your company changed something about it’s VPN client that is affecting you here.

 

Kind regards, Sven

Der Wochenrückblick - https://g.o2.de/wcr
A
Rang

Hello,

Coming back to this question. I have been in contact with network engineer at my company and technical support from the company that provides us VPN (Palo Alto). We did deep packet captures on broadband (internet I get at home from o2 where I have issues with VPN) and on my phone hotspot (not from o2, where VPN works fine).

The feedback I got from the packet capture analysis from Palo Alto support was as follows:

>>When the client connects to hotspot the tcp handshake is successful and the SSL conversation is happening successfully

>>When the client connects to broadband the tcp handshake is successful and after the client hello the client is resetting the conversation.

>>checked the captures on gateway firewall and we don't see any drop regards the conversation

>>It would be better If we can capture what is happening on ISP end and we will be able to find what is happening on ISP end.

>>Further I checked the traceroute for both scenarios and it is taking the same route.

 

Would it be possible to get support from your side to figure out what’s the issue? Or do you have any ideas what could be the problem?

 

Thank you.

schluej
Rang

Moin,

after 

>>When the client connects to broadband the tcp handshake is successful and after the client hello the client is resetting the conversation.

Ask for the ports the are used. Maybe the FRITZ!Box will block one or more ports.

The FRITZ!Box is blocking port 139 and 445. turn off „NetBIOS-Filter“.

Live long and prosper 🖖
o2_Manuela

Hello @ArekG , 

did it work with schluej´s suggestion?

I am happy to read from you soon. 😊

 

Best regards, 
Manuela

 

Euch hat ein Testbericht besonders gut gefallen? Dann lasst unbedingt ein Like da :)
A
Rang

Hi schluej and Manuela,

Thank you for responding.

They are using ports 443 and 4501. Could the Fritzbox block these ports too or in general it’s just 139 and 445? I have FritzBox 6660, not sure if that matters.

Thank you.

o2_Micha
Benutzerebene 7

@ArekG thanks for your respond.
Normally all these Ports are blocked. Unblocking should be possible within the fritzbox.

yours
Michael

#bleibgesund
A
Rang

Hi,

I didn’t find a setting to turn off NetBIOS Filter and I’m not sure what to do to unblock the ports. I have the advanced view enabled.

Would changing port sharing settings help? If yes, what should I do there?

 

Thank you.

o2_Micha
Benutzerebene 7

@ArekG thank you for your respond.
You have to release the ports one by one.
An detailed description should be found directly in the AVM instructions.

@schluej do you have any hints for ArekG

kindly regards
Michael

#bleibgesund
A
Rang

Hi Michael,

 

Thank you. Do I release them under port sharing or elsewhere?

I’m not sure what to do with settings under IPv4/v6 Settings: 

 

And then when I add the ports under Permit Access,

a) what would be the application type?

b) What ports do I put in “Port to device … through …”, for ex to unblock port 443, do I just write 443 to 443?
c) Do I write something under Port requested externally?

 

 

Thank you.

o2_Micha
Benutzerebene 7

@ArekG Thanks for your request.

@schluej  or @Joe Doe do you have any ideas how to configurate a fritzbox?

greetings
Michael

#bleibgesund
Joe Doe
Rang
Benutzerebene 7
Abzeichen +5

@ArekG Have you ever restarted the Fritzbox and then immediately tested your VPN connections? No joke, please test this. I seem to remember reading about such a problem with a 6660 on the internet.

Bin nur Kunde und versuche anderen nach bestem Gewissen zu helfen / I'm just a customer and try to help others as best I can
A
Rang

Hi @Joe Doe,

Yes, I restarted it several times and even restored factory settings. I restarted it right now too just in case this time somehow it fixes the issue, but VPN still doesn’t work properly.

A
Rang

I set up port sharing like this but it didn’t help:

I also tried different settings like enabling Independent Port Sharing and “Open this device completely for internet sharing” on IPv4 and IPv6 with no effect.

o2_Manuela

Hello @ArekG , 

sorry for the late response. 

How does it work in the meantime?

May this knowledge document from AVM can help you.

Under point 2 you can find a explanation for setting up port sharing.

I am happy to hear from you soon. 😊

 

Best regards, 

Manuela

 

Euch hat ein Testbericht besonders gut gefallen? Dann lasst unbedingt ein Like da :)
M
Rang

@ArekG 

Hello,

having the same issue with the same router. Did you find a solution ? If yes, please explain it for stupid people. 

 

Thx

Joe Doe
Rang
Benutzerebene 7
Abzeichen +5

@mohla2 With what VPN solution you have problems?

Bin nur Kunde und versuche anderen nach bestem Gewissen zu helfen / I'm just a customer and try to help others as best I can
A
Rang

Hi @mohla2, I didn’t solve it. My work networking team didn’t know how to fix it, I also got the engineers from the VPN provider to work on this and look through deep packet inspection logs, but no help from there either. I also talked to O2 on the chat, I don’t remember what solution was recommended but it didn’t help. In the end basically VPN people said it’s an issue with internet provider and recommended to change the provider, and the solutions here didn’t work. I gave up on this and when I need VPN I set up a hotspot on my phone and I’m careful how much data I use - I hate it but I have no desire to spend more hours looking for solutions.

o2_Matze

Hi @mohla2 

Wecome to our o2 Community 

 

Hello,having the same issue with the same router.

Did you find a solution ? If yes, please explain it for stupid people. 

May you provide some more details, then we may find a solution.

What kind of router do you use and what VPN software do you want to use for the connection?

And most important question: Have you already talked to your company's IT department?

Kind regards matze 

https://g.o2.de/wcr
A
Rang

I don’t know if this is worth a shot:

 

I am facing exact same problem with my new O2 cable internet service.

 

I have Fritzbox 6660 router as well. I am using GlobalProtect VPN. Pretty much exact setup as OP.

I have never faced this problem with the VPN, so I am sure it is not a VPN issue. All other internet service providers so far seem to establish a connection that works seamlessly.

Here is my problem:

I am able to connect to GlobalProtect

I am able to ssh into the remote linux computer in our office.

But, websites related to office network don’t work.

GUI for remote access to linux system doesn’t work

Hopefully someone at O2 is willing enough to help solve this issue.

Thanks

 

M
Rang

Hi @mohla2 

Wecome to our o2 Community 

 

Hello,having the same issue with the same router.

Did you find a solution ? If yes, please explain it for stupid people. 

May you provide some more details, then we may find a solution.

What kind of router do you use and what VPN software do you want to use for the connection?

And most important question: Have you already talked to your company's IT department?

Kind regards matze 

 

Im using a Fritzbox 6660 and tried wireguard with Surfshark and Nord VPN. Both didnt work. Only the open VPN TCP works but its not the fastest.

 

Greetngs

o2_Gerrit

Hello @adityatarey and @mohla2,

As via cable the connection from us works with DS-lite, there might be the possibility that your company´s IT might suggest a solutiuon if you are using a company network.

Did you already ask your company`s IT experts?

Regards,

Gerrit

Deine Antwort


Allgemeine Nutzungsbedingungen der O₂ Community
© Telefónica Germany GmbH & Co. OHG Telefónica