Freedome works on wifi but not on cellular data
I have an iPhone 4S running iOS 7.1, USA cellular provider is Straight Talk (uses AT&T towers). I installed Freedome at home with wifi, VPN connects right up and all is well. As soon as I switch to the cellular data, the VPN times out and does not establish the connection. As soon as I switch back to wifi, the same configuration connects the VPN just fine.
I have tried all combinations of uninstalling/reinstalling the profile along with Straight Talk's settings profile. I worked with Straight Talk support, reset the APN settings several times, power cycled it, etc. They confirmed they do not filter anything like IPSec (though that doesn't mean AT&T isn't filtering it behind them). I would love to use Freedome but not enough to put up with uninstalling and reinstalling the profile every time I leave and return home. Please help.
Comments
-
-
Hi Ben,
Thank you for looking into this issue! I removed the profile and then re-added it via Freedome's Protection Off button (Safari -> download new profile). Unfortunately I am still seeing the same behavior; "failed to turn protection on" message. As soon as I connect to wifi, the VPN connects successfully and I can browse the internet. Then I turn wifi off again, and manually activating the VPN connection (Settings -> General -> VPN -> switch) over the 3G network, I get the message "VPN Connection - The VPN server did not respond" with an OK button.
Since I'm in the US my default Freedome VPN location is N. Virginia. Since you fixed this on a Finnish network I tried changing the Freedome VPN location to Finland. I'm getting the same behavior as above. It connects fine over wifi and not the 3G network.
Again just to clarify, I currently use Straight Talk as a service provider, and my cellular text in the upper left corner (between signal strength and wifi icons) says "TFW". I hope that helps.
My trial runs out in two more days...
-
Hello Paas0008,
We are not entirely sure if StraightTalk is allowing VPN over their mobile network. Apparently Straight Talk has a history of blocking some traffic.
For example their data plan includes "unlimited data" but that "does not include streaming" ("uploading, downloading or streaming of uninterrupted continuous video").
There seems to be some recent discussions about VPN stopping working when switching from WIFI to Mobile network on Straight Talk forum. Unfortunately no clear solution seems to be provided there and the issue is taken offline or handled via private messaging.Unfortunately the operator's web site (http://www.straighttalk.com) does not provide more information.
Their TOS(Terms Of Service) however says the data plan's intended use is "Internet browsing and ordinary content Downloads", which possibly doesn't include VPNs.
According to the discussion and information found, Straight Talk support hasn't been totally adamant about not blocking IPSEC VPNs. Could you provide their exact statement on that matter?
-
Hi Ben,
Thank you for the follow-up. I called their support again and directly asked if they filter. Level 1 support is convinced that they provide a neutral pipe to the internet. I asked in multiple different ways, and they gave straight-up "No we do not do any filtering" answers. I asked directly about the streaming, and they explained that streaming simply uses up the high-speed data bucket faster before switching to the slower data network. They said I'm free to do whatever with the connection. It was more of a warning that certain behaviors will chew up the data bucket faster than others. Could just be the one CSR's misunderstanding (which is then of course a training issue).
I set up a L2TP/IPSec VPN tunnel from my iPhone to my home perimeter firewall this evening. Testing from a local coffee shop, I determined that both VPNs connect successfully whenever connected via wifi, and both VPNs timeout every time when attempting over the 3G network. So this doesn't seem to be necessarily specific to Freedome.
It was interesting to note a slightly different timeout notification message. My home VPN said:
"The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your administrator."
The Freedome VPN timeout message said:
"The VPN server did not respond."
I think it's pretty clear that the cellular provider is blocking VPN tunneling (despite level 1 support's insistence). I'll see if I can get my hands on a different provider's SIM card tomorrow before my Freedome trial expires.
-
-
Hi Ben,
I switched over to AT&T and Freedome works perfectly now over cellular data. With a jailbroken phone I probably could do more in-the-weeds troubleshooting, but mine is stock and I don't have time to monkey with it. AT&T provides faster cellular anyway (4G/HSPA vs. 3G). I'm good to go, and I plan on renewing the subscription when the trial ends. Thank you for all the help!
-
-
Straighttalk IS blocking VPN, specifically udp on port 500. Here is a log snip where my VPN server xxx.xxx.xxx.xxx is trying to respond to the client initiation, and the client NEVER gets it, so it keeps requesting initiation again and again until timeout:
Jul 26 07:44:50 router.lan syslog: 15[NET] sending packet: from xxx.xxx.xxx.xxx[500] to 173.209.212.147[500] (312 bytes)
Jul 26 07:45:00 router.lan syslog: 12[NET] received packet: from 173.209.212.147[500] to xxx.xxx.xxx.xxx[500] (400 bytes)
Jul 26 07:45:00 router.lan syslog: 12[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Jul 26 07:45:00 router.lan syslog: 12[IKE] received retransmit of request with ID 0, retransmitting response
This clearly shows that the client never gets the server response, and thus Straighttalk is blocking VPN use.
I also believe they sub out the Apn to Syniverse who is doing this on their behalf, so they can shield themselves from the legal issues associated with violating the Open Internet Order of 2010.