Freedome works on wifi but not on cellular data

paas0008
paas0008 Posts: 6 Observer

I have an iPhone 4S running iOS 7.1, USA cellular provider is Straight Talk (uses AT&T towers). I installed Freedome at home with wifi, VPN connects right up and all is well. As soon as I switch to the cellular data, the VPN times out and does not establish the connection. As soon as I switch back to wifi, the same configuration connects the VPN just fine.

 

I have tried all combinations of uninstalling/reinstalling the profile along with Straight Talk's settings profile. I worked with Straight Talk support, reset the APN settings several times, power cycled it, etc. They confirmed they do not filter anything like IPSec (though that doesn't mean AT&T isn't filtering it behind them). I would love to use Freedome but not enough to put up with uninstalling and reinstalling the profile every time I leave and return home. Please help. 

 

Comments

  • JohannesL
    JohannesL Posts: 38 Former F-Secure Employee

    Hi, paas0008!

     

    We will look into this topic and check what could create this problem and we will post a reply as soon as we find a solution.

  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    Hello Paas0008,

     

    We have made a VPN configuration change on yesterday (25th of March) which might quite well fix this issue on your network. It resolved similar issues on a Finnish mobile network.

     

     

    Could yout try again and let us know if you still have the issue today?

  • paas0008
    paas0008 Posts: 6 Observer

    Hi Ben,

     

    Thank you for looking into this issue! I removed the profile and then re-added it via Freedome's Protection Off button (Safari -> download new profile). Unfortunately I am still seeing the same behavior; "failed to turn protection on" message. As soon as I connect to wifi, the VPN connects successfully and I can browse the internet. Then I turn wifi off again, and manually activating the VPN connection (Settings -> General -> VPN -> switch) over the 3G network, I get the message "VPN Connection - The VPN server did not respond" with an OK button. 

     

    Since I'm in the US my default Freedome VPN location is N. Virginia. Since you fixed this on a Finnish network I tried changing the Freedome VPN location to Finland. I'm getting the same behavior as above. It connects fine over wifi and not the 3G network. 

     

    Again just to clarify, I currently use Straight Talk as a service provider, and my cellular text in the upper left corner (between signal strength and wifi icons) says "TFW". I hope that helps.

     

    My trial runs out in two more days...

  • paas0008
    paas0008 Posts: 6 Observer

    Hi Ben,

     

    Thank you for the follow-up. I called their support again and directly asked if they filter. Level 1 support is convinced that they provide a neutral pipe to the internet. I asked in multiple different ways, and they gave straight-up "No we do not do any filtering" answers. I asked directly about the streaming, and they explained that streaming simply uses up the high-speed data bucket faster before switching to the slower data network. They said I'm free to do whatever with the connection. It was more of a warning that certain behaviors will chew up the data bucket faster than others. Could just be the one CSR's misunderstanding (which is then of course a training issue). 

     

    I set up a L2TP/IPSec VPN tunnel from my iPhone to my home perimeter firewall this evening. Testing from a local coffee shop, I determined that both VPNs connect successfully whenever connected via wifi, and both VPNs timeout every time when attempting over the 3G network. So this doesn't seem to be necessarily specific to Freedome. 

     

    It was interesting to note a slightly different timeout notification message. My home VPN said:

    "The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your administrator."

     

    The Freedome VPN timeout message said:

    "The VPN server did not respond."

     

    I think it's pretty clear that the cellular provider is blocking VPN tunneling (despite level 1 support's insistence). I'll see if I can get my hands on a different provider's SIM card tomorrow before my Freedome trial expires. 

  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    Hello Paas0008,

     

    Thank you for the update and for your active troubleshooting. We really appreciate.

     

    Please let's us know what your investigation leads up to.

     

  • paas0008
    paas0008 Posts: 6 Observer

    Hi Ben,

     

    I switched over to AT&T and Freedome works perfectly now over cellular data. With a jailbroken phone I probably could do more in-the-weeds troubleshooting, but mine is stock and I don't have time to monkey with it. AT&T provides faster cellular anyway (4G/HSPA vs. 3G). I'm good to go, and I plan on renewing the subscription when the trial ends. Thank you for all the help!

  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    Hi Paas0008,

     

    Thank you for the positive feedback. Glad you could sort this out.

  • waitforit
    waitforit Posts: 1
    Straighttalk IS blocking VPN, specifically udp on port 500. Here is a log snip where my VPN server xxx.xxx.xxx.xxx is trying to respond to the client initiation, and the client NEVER gets it, so it keeps requesting initiation again and again until timeout:

    Jul 26 07:44:50 router.lan syslog: 15[NET] sending packet: from xxx.xxx.xxx.xxx[500] to 173.209.212.147[500] (312 bytes)
    Jul 26 07:45:00 router.lan syslog: 12[NET] received packet: from 173.209.212.147[500] to xxx.xxx.xxx.xxx[500] (400 bytes)
    Jul 26 07:45:00 router.lan syslog: 12[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
    Jul 26 07:45:00 router.lan syslog: 12[IKE] received retransmit of request with ID 0, retransmitting response

    This clearly shows that the client never gets the server response, and thus Straighttalk is blocking VPN use.

    I also believe they sub out the Apn to Syniverse who is doing this on their behalf, so they can shield themselves from the legal issues associated with violating the Open Internet Order of 2010.
This discussion has been closed.
Product & Pricing Info