L2TP VPN - Blue Iris - LTE Data

masreyno

n3wb
Joined
May 16, 2017
Messages
5
Reaction score
1
Hello,

Thought I would throw this scenario out there to see if anyone has come across it or have any suggestions to help remedy the issue.

I am currently running a L2TP VPN setup on a Unifi Security Gateway to access my Blue Iris PC while away from the home network.

When I am away from home and connected to wifi, I can successfully VPN into my home network, BI app works good and can access UI3.

When I am away from home and only connected to LTE on my phone, most of the time the VPN says it is connected, but the BI app does not connect, UI3 does not work and basically all other apps on the phone stop working (as if there is no data service any longer). Sometimes the VPN will not connect and the phone says that are no networks available.

Reading around the web, this may be a problem with T-Mobile and IPv6. I am currently using a Pixel 2 XL phone, the native Android VPN client and, again, on T-Mobile service.

I have tried creating a new APN for the T-Mobile network to use strictly IPv4 protocol, but it has been hit or miss in successfully connecting to the VPN. In fact, I have experienced successful connections where everything works when I switch from the IPv4 APN to the default APN and vice versa. Then it fails to work a 2nd time.

Running the logs in Unifi, the USG is recognizing the connection and showing the connection to the VPN IP on the home network. So the communication seems to be in place…I am just not sure where the failure is occurring.

Any thoughts? Since I can connect successfully via wifi, is it a high probability that the issue is in fact with T-Mobile LTE service?

Thanks.
 

brad2388

Getting the hang of it
Joined
Oct 5, 2016
Messages
162
Reaction score
24
Hello,

Thought I would throw this scenario out there to see if anyone has come across it or have any suggestions to help remedy the issue.

I am currently running a L2TP VPN setup on a Unifi Security Gateway to access my Blue Iris PC while away from the home network.

When I am away from home and connected to wifi, I can successfully VPN into my home network, BI app works good and can access UI3.

When I am away from home and only connected to LTE on my phone, most of the time the VPN says it is connected, but the BI app does not connect, UI3 does not work and basically all other apps on the phone stop working (as if there is no data service any longer). Sometimes the VPN will not connect and the phone says that are no networks available.

Reading around the web, this may be a problem with T-Mobile and IPv6. I am currently using a Pixel 2 XL phone, the native Android VPN client and, again, on T-Mobile service.

I have tried creating a new APN for the T-Mobile network to use strictly IPv4 protocol, but it has been hit or miss in successfully connecting to the VPN. In fact, I have experienced successful connections where everything works when I switch from the IPv4 APN to the default APN and vice versa. Then it fails to work a 2nd time.

Running the logs in Unifi, the USG is recognizing the connection and showing the connection to the VPN IP on the home network. So the communication seems to be in place…I am just not sure where the failure is occurring.

Any thoughts? Since I can connect successfully via wifi, is it a high probability that the issue is in fact with T-Mobile LTE service?

Thanks.
I never could get the vpn to work right either. Im using att lte.

Im using airvpn with there port forward. It works great.


Sent from my iPhone using Tapatalk
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
I never could get the vpn to work right either. Im using att lte.

Im using airvpn with there port forward. It works great.


Sent from my iPhone using Tapatalk
airvpn provides you with zero security. if you use their port forward service its just as bad as port forwarding a traditional connection.
 

brad2388

Getting the hang of it
Joined
Oct 5, 2016
Messages
162
Reaction score
24
airvpn provides you with zero security. if you use their port forward service its just as bad as port forwarding a traditional connection.
Correct. But thats the only way to get alerts out of bi as well.


Sent from my iPhone using Tapatalk
 

brad2388

Getting the hang of it
Joined
Oct 5, 2016
Messages
162
Reaction score
24
incorrect. No ports need to be forwarded for alerts.
So what step have i missed?

Behind att lte nat. I cant open ports.
Unless i point blueiris thru the vpn with the open port i get no ios push notifications


Sent from my iPhone using Tapatalk
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
So what step have i missed?

Behind att lte nat. I cant open ports.
Unless i point blueiris thru the vpn with the open port i get no ios push notifications


Sent from my iPhone using Tapatalk
no idea. Its an outgoing push. It would be no different than an email. Blue iris notifications dont require any ports to be forwarded. By definition port forwarding is providing access from the outside in, not inside out. Your lte may be blocking something, but it is not the norm.
 

masreyno

n3wb
Joined
May 16, 2017
Messages
5
Reaction score
1
UPDATE: In case anyone has the same issue, I was able to fix the problem by changing the MTU on the USG for the L2TP VPN connection. Reducing the MTU to around 1300 seems to be the sweet spot (although it could probably be set a little higher) and has so far allowed a working VPN connection over LTE. You have to SSH into the USG to make the MTU changes and, the downside, they are not permanent if you were to reboot, etc. The only way to make it permanent is to do a json file change and I am not going to mess with json until I get a little more comfortable with this setup.

Supposedly Unifi has been saying they are going to make the MTU configuration part of the controller GUI for awhile, but as far as I can find it is not available yet.
 
Top