Hi guys, I was reading a couple of these VPN issue threads and I'm almost certain that its the same issue related to this PS4 issue, where the network test on the ps4 says the router 'Doesnt Support IP Fragmentation'. They seem to have started around the same time, and from the event log of the guy/girl with the UDP blocking, it says it is blocking fragmented packets.
I'm not sure it's only for UDP, because I see TCP being blocked as well. Either way this only started happening a few days ago after no changes to my home network and seemingly no changes to the other people having issue. My tests have shown that the ps4 doesn't get the issue when connected to my 4g EE but it does through the homehub 5 on Infinity.
I would very much like for this to be sorted out as soon as possible, I have been patient so far and having to deal with BT directly isn't a particulary pleasant experience and it's starting to drag on and on.
For those who aren't very techincal here are the instructions to get details from your Home Hub 5 (HH5). If you are not using a BT provided home hub then you will need to refer to your modem/router manufacturers instructions:
1. Login to the HH5 from one of the computers on your network, by opening a browser and entering the following URL: 192.168.1.254. I'm assuming you haven't changed the IP address of the HH5, if you have then you probably don't need these instructions anyway
2. You should be presented with the BT Home Hub 5 configuration menu. Click on Troubleshooting, then click on the Helpdesk menu option that appears.
3. You will be asked to enter your admin password. This is on the small white card slotted into the back of the HH5. After entering the password, click OK and the Information will be displayed for your HH5.
4. To view the Event Log, click on the appropriate menu option at the top of the screen. Ideally, you want the event log to show the issue, so try using the equipment (PS4/PS3 etc) or software (VPN), then, when the error has occurred, re-click on the Event Log menu option and this will refresh the log entries. You may have to click a few times until it refreshes. The Time and date will indicate the latest event log entries.
5. To log off, simply close the browser window.
I might as well be mature and stop having a hissy fit.
My info -
Geographical Area: Sunderland, Tyne and Wear Northumberland. SR2
Router/Modem Make and Model: BT Home Hub 5A, ECI openreach modem. I don't know the model as it's mounted to the wall.
Router/Modem Firmware Version and Last Updated Date: Software version 220.127.116.11.18.104.22.168.11 (Type A) Last updated 04/07/15
I don't know about the ECI Firmware version either.
Sample of block event from Router/Modem Log:
11:06:26, 15 Aug. IN: ACCEPT  Connection opened (Port Forwarding: ICMP [192.168.1.104] 32927 <--> [22.214.171.124] 32927 - - - [126.96.36.199] type 8, trk 34834 ppp1 NAPT)
11:03:21, 15 Aug. IN: ACCEPT  Connection closed (Port Forwarding: UDP [192.168.1.104]:25421 <--> [188.8.131.52]:25421 - - - [184.108.40.206]:53 ppp1 NAPT)
11:54:28, 15 Aug. (174413.410000) Port forwarding rule added via UPnP/TR064.Protocol: UDP, external ports: any->9308, internal ports: 9308, internal client: 192.168.1.104
^^^^^ Straight after doing the connection test on PS4 with the displayed ip fragment message.
The log for PS4 that's in a dmz. It is most likely different to the vpn log messages of course as I don't know though as I never used a vpn before. Still get the ip fragment message. My log is full of UDP logs for my PS4 than TCP I've noticed too.
Just a note my PS3 has this issues too. same ip fragment message and the like.
Here's a summary of what has been tried to resolve this issue. I've included my own tests and those of others that I have read on the associated posts. Because my issue relates to using VPN software on a laptop, it is fairly easy for me to, for example, try connecting from someone elses BT network. This may not be as simple to do if you are having the issue on your games console.
I will edit this list as and when I read about or try other tests in the hope it will be a full and comprehensive list of what has been tried.
1. Use a friends network. I have tried using VPN on my laptop at 3 friends houses; one of which was on Virgin fibre and the other two were on BT Infinity using the same HH5 hub. My VPN connection worked perfectly using their broadband connections.
2. Using a different HH5. I borrowed a spare HH5 from a friend and swapped it with mine. It made absolutely no difference and the error still occurred i.e. I'm still getting blocked incoming UDP packages.
3. Performed a factory reset of the hub. Made no difference, which is to be expected as this doesn't appear to be a hub issue.
4. Completely turned OFF the firewall on the HH5 (it is usually set to Default). Also turned off my windows software firewall (unlikely to be blocking traffic reported by the HH5). Neither made any difference.
5. I have subscribed to the BT Tech Experts paid subscription service. While very helpful, they have been unable to identify the cause of the issue or offer a solution, so don't waste your money joining this service simply to try to resolve this issue. So far, they have offerred me a replacement HH5 and suggested I use the BT Community forums to get some help about my HH5! So much for being "experts"!
6. Ensure BT Parental Controls are disabled. Mine have never been activated, however, I went through the process of activating them, then deactiving and deleting them, just to be sure they were having no affect - and they weren't as it made no difference.
7. Ensure the BT Web Address Help Preferences are DISABLED. Click here to check your settings.
8. Disable IP Sharing. Go to the following website: http://whatismyipaddress.com/ and click on the "Click for more info" balloon. If the Organisation is shown as simply "BT" your IP is NOT being shared, however, if it is shown as BT - CGNAT then it is being shared. You can opt out of sharing here (it will be necessary to login to your MyBT account and to restart your Hub).
9. Changing your MTU settings. I haven't tried this and I'm not finding any reports of it being successful, in fact I don't believe it is possible to change this setting on a HH5.
10. Change to a 3rd party router. I've read that the TP-LINK TD-W9980 has been tried and the issue still exists. Another indication this issue is being caused by the BT network, not on the Home network or HH5.
11. My employer has monitored my VPN connection and they have confirmed that EVERYTHING is working as expected from their end i.e. they can see the request for a VPN connection arriving, then the response being sent back to my VPN client. Unfortunately, this response is never received due to it being blocked "en-route", hence the inbound UDP block in my HH5 Event Log.
For those having VPN issues, I have found a workaround. In my case this MUST be temporary as my company prefer the use of UDP, rather than TCP for various reasons.
The VPN software I use is Cisco VPN Client, version 5.0.07.0440.
I created a copy of my VPN client connection details and changed the Transport Transparent Tunneling setting from IPsec over UDP (NAT/PAT) to IPsec over TCP (using the default port 80).
Because this is now using TCP, rather than UDP, the inbound TCP packets are NOT being blocked (only the UDP packets), hence it works.
My concern is that the TCP packets will also start to be blocked if the route cause of the issue isn't resolved.
Despite being able to work around my own VPN issue I am keen to progress the cause and solution of this particular issue and will continue to monitor and assist on these forums.