cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Beginner
4,649 Views
Message 1 of 16

VPN, HH5, UDP and MAC Codes

First  VPN over BT's network:-

 

I've been using PureVPN for 3 years first on BE/O2 and now in the last 13 months BT. Sometimes my VPN connection over Point-to-Point Protocol grinds to a halt on all servcesi. I've been in intensive testiing and fault finding with my VPN supplier who can find no reason for this behaviour in their networks. After about 1 minute the VPN connection grinds to a halt. I can stop my VPN client, reconnect and whizz away for about another minute before it all stops. 

 

Recently I have changed to Home Hub 5 (mainly to get the 5GHz wireless band). While fault finding with PureVPN I discovered another issue. The HH5 will not allow UDP handshaking when trying to set up a VPN connection over port 53. I've done the obvious; reset the router; port forwarded 53, all to no avail. I do note that PureVPN use port 53 for UDP traffic and suspect, perhaps, the HH5 router is sending this traffic to its DNS servers.

 

Below log of connection:-

 

sudo openvpn --config Germany-UDP.ovpn
[sudo] password for angela: 
Sun Jun  1 16:53:34 2014 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Feb  4 2014
Enter Auth Username:purevpnxxxxxx0
Enter Auth Password:
Sun Jun  1 16:53:53 2014 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Jun  1 16:53:53 2014 WARNING: file 'Wdc.key' is group or others accessible
Sun Jun  1 16:53:53 2014 Control Channel Authentication: using 'Wdc.key' as a OpenVPN static key file
Sun Jun  1 16:53:59 2014 UDPv4 link local: [undef]
Sun Jun  1 16:53:59 2014 UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:53
Sun Jun  1 16:54:59 2014 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Jun  1 16:54:59 2014 TLS Error: TLS handshake failed
Sun Jun  1 16:54:59 2014 SIGUSR1[soft,tls-error] received, process restarting
Sun Jun  1 16:55:01 2014 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Jun  1 16:55:06 2014 UDPv4 link local: [undef]
Sun Jun  1 16:55:06 2014 UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:53
^CSun Jun  1 16:55:31 2014 event_wait : Interrupted system call (code=4)
Sun Jun  1 16:55:31 2014 SIGTERM received, sending exit notification to peer
Sun Jun  1 16:55:33 2014 SIGTERM[soft,exit-with-notification] received, process exiting

 Whereas using the exact same procedures and an old Home Hub 3 I can connect without problem. Additionally, using PureVPN's Android app for connection I cannot access PureVPN's UDP servers, only TCP, while using HH5. With HH3 it works with both protocols. UDP seems to be 10 times faster so TCP traffic is not something I want to use.

 

So Point-to-Point halts soon after connection; UDP traffic on port 53 fails.

 

Secondly MAC Codes:-

 

BT Technical help were no technical help and thought I was a business customer. Finally, I was told it was not BT's problem. So I asked for my MAC code to migrate away. I was staggered to say the least to be told it will take "up to seven days to generate the code". When Be/O2 gave me the code they did it there and then over the phone. In  fact they used BT's web site - they told me. I think this delay will be an issue for OFCOM.

 

Any ideas to try before while I wait to migrate?

0 Ratings
15 REPLIES 15
Highlighted
Distinguished Sage
Distinguished Sage
4,644 Views
Message 2 of 16

Re: VPN, HH5, UDP and MAC Codes

according to OFCOM a MAC code must be issued (not received) in 5 working days.  BT used to issue MAC codes immediately but now take the full time allowed by OFCOM



If you like a post, or want to say thanks for a helpful answer, please click on the Ratings 'Thumbs up' on left hand side.
If someone answers your question correctly please let other members know by clicking on ’Mark as Accepted Solution’.
0 Ratings
Highlighted
Aspiring Expert
4,641 Views
Message 3 of 16

Re: VPN, HH5, UDP and MAC Codes

A number of users have come to this forum seeking assistance with getting VPN to work with a HH5. I may have missed it but I don't recall anyone coming back saying that they had succeeded. If you do get it going - and you seem to have much more technical detail of the problem than most - then please do let us know. I am holding off moving to Infinity until I know that VPN would work.

 

I wasn't sure from your post whether you had re-contracted with BT when the HH5 appeared. That you were asking for a MAC suggests not. But, particularly if it is a new contract, BT may have reset the web address help option at http://preferences.webaddresshelp.bt.com/selfcare/preferences.cgi which will not help your connection.

Michael
0 Ratings
Highlighted
Beginner
4,624 Views
Message 4 of 16

Re: VPN, HH5, UDP and MAC Codes

It's disabled.
I use Linux anyway so am able to set Google as my DNS source in Network Manager thus I don't use BT for DNS. It's got terrible ping times.
0 Ratings
Highlighted
Aspiring Expert
4,591 Views
Message 5 of 16

Re: VPN, HH5, UDP and MAC Codes

Request to the Mods

I recognise, of course, that you decide for yourselves what topics to pick up on. However, I would submit that there is a case for raising the issue of VPN on a HH5 with the technical team responsible. As you did with the similar problem with VPN on the HH3A.

There are a number of threads in the Forum in which problems are reported with VPN and the HH5; this is only the most recent. These reports are consistent with a systemic problem with the HH5 that would need to be explored by the team responsible for the kit. If there really is such a problem the impact will continue to grow as more people - if only new customers - move to the HH5.

Michael
0 Ratings
Highlighted
Community Manager
Community Manager
4,578 Views
Message 6 of 16

Re: VPN, HH5, UDP and MAC Codes

Hi Michael,

 

Thanks for the post.  We work closely with the hub team so I will certainly ask the question.  To my knowledge there are no known issues with the Home hub 5 and using VPN.  I will however ask the team to take a look to see if they can identify anything.

 

Angelacr - Welcome to the forum.  Would you mind emailing me your account details please?  I will need to send off an example to the hub team so your details would certainly aid in the investigation.  Please click on my username, SeanD and you will find the 'Mods contact link' under the 'About me' section of my profile.

 

Cheers

Sean

 

 

0 Ratings
Highlighted
Aspiring Expert
4,529 Views
Message 7 of 16

Re: VPN, HH5, UDP and MAC Codes

I am grateful to you for picking this up.

 

I realise that it is too soon for the technical team to respond to the query - and you would, of course, have posted if you had an answer - but I thought it might be helpful to bump the thread in case other users are wondering about VPN on HH5 systems: if it is on the front page they can more easily see it.

Michael
0 Ratings
Highlighted
Expert
4,502 Views
Message 8 of 16

Re: VPN, HH5, UDP and MAC Codes

UDP port 53 is also used primarily by DNS have you confirmed that BT web address help and more importantly that BT parental controls are disabled? Have ypu tried an alternative router incase the home hub has some sort of security inspection on UDP 53. Finally can your provider not let you use another port? In many situations various security products would block your VPN over port 53.
0 Ratings
Highlighted
Beginner
4,474 Views
Message 9 of 16

Re: VPN, HH5, UDP and MAC Codes

Web address help and Parental Controls are off.

 

I've just tried using my phone as a wifi hotspot for my laptop and used PureVPN's  Point-toPoint-Transfer-Protocol without error for a 1.1GB download. The evidence points only to BT's network and/or router. Since I have had it working well on HH3 in the past, and now on HH3 it stops, that fact alone points to the network being the root cause.

 

After Snowden's revelations the following question is pertinent for the paranoid; are GCHQ intercepting VPN on BT's network and messing it around? I can't get my head round the fact that it fails after several 10's of megabytes have tansferrred.

 

I'm leaving BT in a few days simply as a consequence of failing VPN. And the fact that there is no support for VPN, from BT,  for residential  users.

 

The last time I left BT they were traffic shaping and restricting how much 'unlimited' use could be. Also they'd messed up an earlier transfer from ISDN to broadband. I'm an early adopter, or rather used to be, and BT seemed not to have learned the lesson... 

 

Watch what early adopters use your network for today and plan for everyone doing it tomorrow

0 Ratings
Highlighted
Beginner
4,472 Views
Message 10 of 16

Re: VPN, HH5, UDP and MAC Codes

@seanD

 

Thanks for the welcome but it is now time to say goodbye. I need VPN to work today not tomorrow.

0 Ratings