L2TP VPN - Blue Iris - LTE Data

Discussion in 'Blue Iris' started by masreyno, Feb 1, 2019.

Share This Page

  1. masreyno

    masreyno n3wb

    Joined:
    May 16, 2017
    Messages:
    5
    Likes Received:
    1
    Hello,

    Thought I would throw this scenario out there to see if anyone has come across it or have any suggestions to help remedy the issue.

    I am currently running a L2TP VPN setup on a Unifi Security Gateway to access my Blue Iris PC while away from the home network.

    When I am away from home and connected to wifi, I can successfully VPN into my home network, BI app works good and can access UI3.

    When I am away from home and only connected to LTE on my phone, most of the time the VPN says it is connected, but the BI app does not connect, UI3 does not work and basically all other apps on the phone stop working (as if there is no data service any longer). Sometimes the VPN will not connect and the phone says that are no networks available.

    Reading around the web, this may be a problem with T-Mobile and IPv6. I am currently using a Pixel 2 XL phone, the native Android VPN client and, again, on T-Mobile service.

    I have tried creating a new APN for the T-Mobile network to use strictly IPv4 protocol, but it has been hit or miss in successfully connecting to the VPN. In fact, I have experienced successful connections where everything works when I switch from the IPv4 APN to the default APN and vice versa. Then it fails to work a 2nd time.

    Running the logs in Unifi, the USG is recognizing the connection and showing the connection to the VPN IP on the home network. So the communication seems to be in place…I am just not sure where the failure is occurring.

    Any thoughts? Since I can connect successfully via wifi, is it a high probability that the issue is in fact with T-Mobile LTE service?

    Thanks.
     
  2. brad2388

    brad2388 Getting the hang of it

    Joined:
    Oct 5, 2016
    Messages:
    141
    Likes Received:
    18
    I never could get the vpn to work right either. Im using att lte.

    Im using airvpn with there port forward. It works great.


    Sent from my iPhone using Tapatalk
     
  3. fenderman

    fenderman Staff Member

    Joined:
    Mar 9, 2014
    Messages:
    30,827
    Likes Received:
    9,801
    airvpn provides you with zero security. if you use their port forward service its just as bad as port forwarding a traditional connection.
     
  4. brad2388

    brad2388 Getting the hang of it

    Joined:
    Oct 5, 2016
    Messages:
    141
    Likes Received:
    18
    Correct. But thats the only way to get alerts out of bi as well.


    Sent from my iPhone using Tapatalk
     
  5. fenderman

    fenderman Staff Member

    Joined:
    Mar 9, 2014
    Messages:
    30,827
    Likes Received:
    9,801
    incorrect. No ports need to be forwarded for alerts.
     
    OldBobcat likes this.
  6. brad2388

    brad2388 Getting the hang of it

    Joined:
    Oct 5, 2016
    Messages:
    141
    Likes Received:
    18
    So what step have i missed?

    Behind att lte nat. I cant open ports.
    Unless i point blueiris thru the vpn with the open port i get no ios push notifications


    Sent from my iPhone using Tapatalk
     
  7. fenderman

    fenderman Staff Member

    Joined:
    Mar 9, 2014
    Messages:
    30,827
    Likes Received:
    9,801
    no idea. Its an outgoing push. It would be no different than an email. Blue iris notifications dont require any ports to be forwarded. By definition port forwarding is providing access from the outside in, not inside out. Your lte may be blocking something, but it is not the norm.
     
    Bob Ebaugh and Mike like this.
  8. masreyno

    masreyno n3wb

    Joined:
    May 16, 2017
    Messages:
    5
    Likes Received:
    1
    UPDATE: In case anyone has the same issue, I was able to fix the problem by changing the MTU on the USG for the L2TP VPN connection. Reducing the MTU to around 1300 seems to be the sweet spot (although it could probably be set a little higher) and has so far allowed a working VPN connection over LTE. You have to SSH into the USG to make the MTU changes and, the downside, they are not permanent if you were to reboot, etc. The only way to make it permanent is to do a json file change and I am not going to mess with json until I get a little more comfortable with this setup.

    Supposedly Unifi has been saying they are going to make the MTU configuration part of the controller GUI for awhile, but as far as I can find it is not available yet.
     
    bob2701 likes this.