ForumTopicPage
cancel
Showing results for 
Search instead for 
Did you mean: 

VPN through PPTP not working over 3G/4G network

Wizard

VPN through PPTP not working over 3G/4G network

I'm posting this here, originally posted here and here, but thought it should get some visibility on the Network page??  Maybe Will England will know?

The VPN is not connecting due to a "firewall issue" on the Epic 4G Touch as well as other handsets.  I believe that the firewall is somewhere inside Sprint's network.  I am able to connect when I'm on WiFi easily.  I have tried this with 3 different VPN servers.

Tags (2)
21 REPLIES 21
Sprint Product Ambassador

VPN through PPTP not working over 3G/4G network

Just to keep this sane, we'll collect the diagnostic info here.

Questions To Answer:

1) Source IP (your phone)

2) Destination IP (Your VPN gateway address)

3) Traceroute from your phone to the gateway  (try this app:

https://market.android.com/details?id=com.scan.traceroute&hl=en )

4) Specific error message you get from your VPN software

Thanks,

Will

Product Ambassador, long time Sprint employee
Wizard

Re: VPN through PPTP not working over 3G/4G network

1.  66.xx.xx.xx


2.  128.xxx.xxx.xx

3.  Start trace 128.xxx.xxx.xx

1:68.28.145.69(68.28.145.69)
time:  218.091,  217.947,  210.453,

2:68.28.145.91(68.28.145.91)
time:  234.694,  234.561,  234.465,

3:68.28.145.17(68.28.145.17)
time:  244.860,  264.087,  263.966,

4:68.28.138.196(68.28.138.196)
time:  289.044,  288.942,  288.867,

5:68.28.149.69(68.28.149.69)
time:  288.773,  333.436,  343.323,

6:144.223.32.5(144.223.32.5)
time:  343.235,  258.220,  267.725,

7:144.232.8.184(sl-st30-chi-0-4-0-0.sprintlink.net)
time:  267.296,  293.587,  293.345,

8:154.54.10.37(te0-2-0-0.ccr22.ord03.atlas.cogentco.com)
time:  291.632,  288.567,  289.287,

9:154.54.40.182(te2-3.mpd02.ord03.atlas.cogentco.com)
time:  288.941,  302.687,  302.276,

10:38.20.49.10(vl3805.na41.b002281-5.ord03.atlas.cogentco.com)
time:  317.395,  316.955,

10:38.20.49.6(vl3505.na41.b002281-5.ord03.atlas.cogentco.com)
time:  274.396,

11:38.104.103.238(38.104.103.238)
time:  324.070,  328.538,  254.194,

12:208.100.32.42(ip42.208-100-32.static.steadfastdns.net)
time:  269.077,  283.685,  263.013,

13:unknown

14:140.189.8.117
time:  333.715,  368.225,  348.716,

15:216.56.60.226
time:  363.228,  348.525,  347.905,

16:146.151.167.85
time:  372.529,

16:146.151.175.61
time:  323.813,  319.424,

17:146.151.167.6
time:  359.524,  324.204,  365.775,

18:unknown

19:unknown

20:unknown

21:unknown

22:unknown

23:unknown

24:unknown

25:unknown

26:unknown

27:unknown

28:unknown

29:unknown

30:unknown

Trace complete

4.  "Server hung up. Unable to connect to the server due to firewall. Try again?"

Journeyman

VPN through PPTP not working over 3G/4G network

For security reasons, I'm not sure it's a good idea to disclose source / target IPs. However, here's the error message:

Please note that it works fine over WiFi. Just doesn't work with 3G / 4G.

20111219-01-vpn-not-connected.jpg

Journeyman

VPN through PPTP not working over 3G/4G network

Here's my trace (first / last IPs edited out)

Start trace [redacted]

1:[redacted]  time: 1438.813, 1438.034, 1467.578,

2:68.28.121.91(68.28.121.91)  time: 1657.004, 1667.727, 1675.808,

3:68.28.121.17(68.28.121.17)  time: 1674.970, 1679.277, 1683.707,

4:68.28.105.196(68.28.105.196)  time: 1713.082, 1747.478, 1751.915,

5:68.28.125.69(68.28.125.69)  time: 1756.319, 1800.910, 1855.594,

6:144.224.112.17(sl-gw20-hrs-10-0-0.sprintlink.net)  time: 1859.920, 2347.959, 2397.582,

7:144.232.7.133(sl-crs1-hrs-0-0-2-0.sprintlink.net)  time: 2453.917, 2328.814, 2377.347,

8:144.232.24.97(sl-crs1-nyc-0-6-0-0.sprintlink.net)  time: 2424.021, 2463.306, 2499.407,

9:144.232.4.87(144.232.4.87)  time: 2539.314, 2519.251, 2544.411,

10:129.250.8.73(xe-0-2-0-2.r06.nycmny01.us.bb.gin.ntt.net)  time: 2549.347, 2614.323, 2659.372,

11:129.250.4.174(ae-2.r22.nycmny01.us.bb.gin.ntt.net)  time: 2688.964, 2683.421, 3114.558,

12:129.250.4.99(xe-0-0-0-2.r02.stngva01.us.bb.gin.ntt.net)  time: 3174.985, 3208.673, 3163.840,

13:129.250.26.194(mg-2.a00.stngva01.us.da.verio.net)  time: 3614.956, 3593.628, 3684.030,

14:129.250.26.195(mg-2.a01.stngva01.us.da.verio.net)  time: 3719.000, 3724.201, 3744.337,

15:[redacted]  time: 3783.493, 3819.154, 3779.146,

16:[redacted]  time: 3693.961, 3638.614, 3698.715,

Journeyman

VPN through PPTP not working over 3G/4G network

Trace again:

Start trace [redacted]

1:[redacted] time: 88.405, 87.564, 86.779,

2:68.28.121.91(68.28.121.91) time: 92.191, 91.477, 114.577,

3:68.28.121.17(68.28.121.17) time: 138.796, 123.088, 121.125,

4:68.28.105.196(68.28.105.196) time: 109.931, 118.934, 148.099,

5:68.28.125.69(68.28.125.69) time: 177.338, 176.539, 190.350,

6:144.224.112.17(sl-gw20-hrs-10-0-0.sprintlink.net)  time: 213.587, 154.529, 164.272,

7:144.232.7.133(sl-crs1-hrs-0-0-2-0.sprintlink.net)  time: 169.174, 198.681, 198.572,

8:144.232.24.97(sl-crs1-nyc-0-6-0-0.sprintlink.net)  time: 221.129, 206.239, 221.818,

9:144.232.4.89(144.232.4.89)  time: 239.621, 239.574, 265.054,

10:129.250.8.73(xe-0-2-0-2.r06.nycmny01.us.bb.gin.ntt.net)  time: 235.595, 212.908, 238.256,

11:129.250.4.174(ae-2.r22.nycmny01.us.bb.gin.ntt.net)  time: 223.408, *, *,

12:129.250.4.99(xe-0-0-0-2.r02.stngva01.us.bb.gin.ntt.net) time: 204.405, 224.392, 204.153,

13:129.250.26.194(mg-2.a00.stngva01.us.da.verio.net)  time: 203.705, 196.121, 205.696,

14:129.250.26.195(mg-2.a01.stngva01.us.da.verio.net)  time: 182.969, 193.851, 218.321,

15:[redacted]  time: 207.630, 257.394, 251.620,

16:[redacted]  time: 221.199, 230.337, 244.279,

Trace complete

Wizard

VPN through PPTP not working over 3G/4G network

Found anything yet?  Did our information help?  I can confirm that this is still not working over 3G through the Sprint network.  Haven't tried to roam and do it yet....could be another test, not sure how that redirects though, I'd imagine back through sprint at some point.

Sprint Product Ambassador

VPN through PPTP not working over 3G/4G network

No - with the holidays many of the engineers are on vacation.

Product Ambassador, long time Sprint employee
Journeyman

VPN through PPTP not working over 3G/4G network

I have the same issue now that I upgraded from the EVO 4G to the iPhone4s last week.

My wife's evo 4g connects to the VPN just fine...

Journeyman

VPN through PPTP not working over 3G/4G network

Hi,

I can confirm that on my Nexus S 4G and my Fiance's Nexus S 4G  that my corporate PPTP VPN doesn't work via 3G or 4G but it does work  fine via Wifi.

I have launched two seperate "online chat" sessions  about this and the person on the other end always indicates that they  have 'marked my account for VPN' whatever that means but it never starts  working.

This is going to be one of the primary reasons for us to switch once our agreement is up.

My source IP at this moment is 66.87.115.76 but it changes all the time.(like every 5 minutes...)

Journeyman

Re: VPN through PPTP not working over 3G/4G network

The fix for me was to call Sprint  and have them change my IP address  from a dynamic IP to a static IP.  After that I was  able to connect to  my VPN.

I know that it sounds too simple, but apparently Sprint doesn't allow PPTP VPN connections with the newer phones that do not have a static IPs.  Must be an access rule set up on their end for security purposes with 3G connections.   I too was able to connect to my VPN with a WiFi setup, but not 3G.  Changing the IP address to static fixed it.

Hope this helps some of you guys out.

Journeyman

VPN through PPTP not working over 3G/4G network

Running a Wireshark trace on WiFi vs 3G/4G shows that the PPP LCP Configuration ACK is never sent from the mobile device back to the VPN host.  In the WiFi test, the VPN host sends a PPP LCP Config Request, the mobile sends a PPP LCP Config ACK and then the PPTP Set-Link Info from the VPN host.  From the 3G/4G side, the PPP LCP Config ACK is never received by the VPN Host. 

Since the mobile sends the correct VPN setup sequence on WiFi it appears to be either a bug in the VPN code when using 3G/4G radio or the ACK message is being blocked in the Sprint network.  I suspect the ACK message is being blocked by Sprint as unsolicitated inbound traffic.  Sounds like NAT filtering is set to address restricted or port & address restricted.

Just my findings so far....

Community News

This is a PUBLIC ARCHIVE board, all artciles are read only.

Please click here to search the Active Community.