Cannot connect over UK Vodafone 3G

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
peterh337
Posts: 6
Joined: Mon Nov 03, 2014 1:26 pm

Cannot connect over UK Vodafone 3G

Post by peterh337 » Tue Nov 18, 2014 3:42 pm

The computer is connected to the internet via a bluetooth-connected phone.

It comes back with some cryptic protocol error - code 1

http://peter-ftp.co.uk/screenshots/2014 ... 145989.png

I have tried increasing the timeout from 1 sec to 5 secs. It also happens on 3G/HSPA which is normally several megabits/sec.

I do know Vodafone have blocked VOIP, so my SIP VOIP (DIDlogic) no longer works. Reportedly, Skype also doesn't work, even though it runs on port 80 and 443 only, supposedly.

The client (winXP SP3) config is the default one

Port 443
Disable NAT-T not checked
Direct TCP/IP connection (no proxy)
Always verify certificate not checked
Auth type: standard pwd authentication
Do not use TLS 1.0 not checked
5 TCP connections (tried 1 and 5; 5 runs a lot faster on ADSL WIFI)
Encrypt VPN session with SSL is checked
Data compression and Disable UDP acc. both not checked

Can anybody suggest anything I could try?

What could Vodafone have done that blocks *encrypted* traffic on port 80 and 443 but still allows HTTP and HTTPS?

The VPN works perfectly straight out of the box when connected via WIFI which comes from ADSL.

However if I connect the laptop to the phone *via WIFI* instead of bluetooth (Joikuspot app on a Nokia) I get the same issue. So it doesn't appear to be an issue on the laptop itself i.e. it isn't bluetooth that's causing it.

dajhorn
Posts: 137
Joined: Mon Mar 24, 2014 3:59 am

Re: Cannot connect over UK Vodafone 3G

Post by dajhorn » Wed Nov 19, 2014 6:31 pm

> It comes back with some cryptic protocol error - code 1

Error code 1 usually means that the SoftEther server is unreachable.

> What could Vodafone have done that blocks *encrypted* traffic on port 80 and 443 but still allows HTTP and HTTPS?

Put a powerful DPI system between your modem and the Internet that does statistical analysis, port knocking, or somesuch other restriction.

> The client (winXP SP3) config is the default one

Some ISPs recognize and block unpatched computers to prevent the creation of botnet zombies. Windows XP has a critical exploitable vulnerability in its SSL stack that will never be fixed through Microsoft Update.

> Can anybody suggest anything I could try?

It could magically begin to work if you upgrade to Windows 7 or Windows 8. Past that, if Skype cannot get out over HTTPS on port 443, then SoftEther can't either.

Try instead:

* Running SoftEther on port 992.
* Enabling OVPN emulation on port 1194 and connecting with the native OpenVPN client.
* Running an authenticated SOCKS proxy on the server (like Dante), and tunneling SoftEther through that.

peterh337
Posts: 6
Joined: Mon Nov 03, 2014 1:26 pm

Re: Cannot connect over UK Vodafone 3G

Post by peterh337 » Mon Nov 24, 2014 12:11 pm

We got it going, by checking the "disable NAT-T" box.

It looks like a config which runs purely TCP/IP on port 443 does work over Vodafone. What doesn't seem to work is anything involving non-TCP/IP UDP - if that makes sense. They have to allow UDP for stuff like DNS but maybe they block UDP on ports 80 and 443?

However there was a separate issue, which I ought to describe for completeness in case somebody goes up this road and finds this post on google:

Vodafone are blocking VOIP on all contracts, with two exceptions: (1) on contracts costing £40/month or more and (2) if you buy the 2GB/month data add-on. This policy started a year or two ago.

However, you can ask Customer Services to remove this block and they don't appear to charge for it! It turns out that I had asked them to remove the block in 2013, but the removal is a two-step process on their system and while they (in their words) removed it from my account they forgot to remove it from the network (yeah, whatever that means).

So, now, standard SIP VOIP, UDP on port 5060, does run on my £10/month Vodafone contract, without a VPN.

I am certain this VOIP fix is not what made the VPN work. That was a separate issue.

I did a google on "port knocking". What context do you mean this in?

dajhorn
Posts: 137
Joined: Mon Mar 24, 2014 3:59 am

Re: Cannot connect over UK Vodafone 3G

Post by dajhorn » Mon Nov 24, 2014 3:26 pm

> I did a google on "port knocking". What context do you mean this in?

Suppose that a cellphone client is connecting to vpn.softether.net, which is a SoftEther server. The ISP might delay the session, open http://vpn.softether.net:443/ itself, notice a self-signed certificate, and decide to block the session.

Calling this behavior "port knocking" is technically incorrect but nevertheless descriptive. I forgot what the vendors of such technology call this feature.


> Vodafone are blocking VOIP on all contracts, with two exceptions: (1) on contracts costing £40/month or more and (2) if you buy the 2GB/month data add-on. This policy started a year or two ago.

This is one aspect of the Net Neutrality fight that the Americans are having. In this case, that additional 400% doesn't buy faster or better service from Vodafone, it is protection money for not breaking VOIP or artificially restricting UDP traffic.

peterh337
Posts: 6
Joined: Mon Nov 03, 2014 1:26 pm

Re: Cannot connect over UK Vodafone 3G

Post by peterh337 » Mon Nov 24, 2014 3:34 pm

Re your 1st point, what would it get Vodafone if they did that? They are squeezed by the EU on mainstream charges (voice, text and data) and are looking at ways to screw customers elsewhere.

The most obvious and probably the most productive way is to reduce what % of the *roaming* data allowance customers can actually use.

And the most productive way to do that will be to block movie downloads! You can't do that without an uproar but you can slow down the packets, to irritate people.

I don't see that blocking VPNs would be productive on the grand scale of things. Almost nobody uses a VPN. 99.9% of the public can't even spell V-P-N.

Re your 2nd point, yes... and this fight will continue :) It will be a permanently moving target.

dajhorn
Posts: 137
Joined: Mon Mar 24, 2014 3:59 am

Re: Cannot connect over UK Vodafone 3G

Post by dajhorn » Mon Nov 24, 2014 3:57 pm

peterh337 wrote:
> Re your 1st point, what would it get Vodafone if they did that? They are
> squeezed by the EU on mainstream charges (voice, text and data) and are
> looking at ways to screw customers elsewhere.

Few people know how to ask for technical relief and will just pay the additional £30 if they need VPN service.

> The most obvious and probably the most productive way is to reduce what %
> of the *roaming* data allowance customers can actually use.

It doesn't need to make sense if it is corporate policy. In large companies, cost centers can be completely disconnected from revenue centers.

> And the most productive way to do that will be to block movie downloads!
> You can't do that without an uproar but you can slow down the packets, to
> irritate people.

And that is exactly why they don't chisel on the downstream side. They do, however, extort on the upstream side from content providers like Netflix.

peterh337
Posts: 6
Joined: Mon Nov 03, 2014 1:26 pm

Re: Cannot connect over UK Vodafone 3G

Post by peterh337 » Thu Nov 27, 2014 5:06 pm

I am finding that Passive FTP works but normal FTP doesn't.

Can anyone think of a reason for this?

If it should work then I will do more testing.

peterh337
Posts: 6
Joined: Mon Nov 03, 2014 1:26 pm

Re: Cannot connect over UK Vodafone 3G

Post by peterh337 » Wed Dec 03, 2014 4:55 pm

Update: the above statement appears incorrect. Normal FTP does work. It was only a particular program which did not work over the VPN (the Hyperdesktop screen capture utility). I am now using the Faststone screen cap and that runs fine to the same FTP server.

Post Reply