User Profile
djb14336
Bandwidth Buddy
Joined 4 years ago
User Widgets
Contribuciones
Re: Home internet service IPv6 traffic is all filtered even when using a Netgear LTE router. No port forwarding. Plz fix!
Agreed... still on the older white box, and itis doublyfrustrating because we have access to the normal features (dmz, forwarding, firewall, etc) but none of the features work. Can see their v6 details... set upmy Asus to link up and try to run v6 instead of v4. No joy.... appears to work at first, but doesn't. We are forced through a 464 tunnel. Any traces run show no nothing once you leave the LAN until you exit that tunnel on the other side. Even setting up OVPN in the router gets knackered up. No bridge mode on their devices... no v6 support on the LAN side... no proper way to manage port traversal… Just so many ways they are missing the boat here. Don't really need all of that to work right now (though it does suck not having remote access to a couple things)... but when I get around to doing multiplayer on the consoles again itWILL become an issue. May force me to switch back to a wired service again.15Visto5likes0ComentariosRe: Port Forwarding on Home Internet
the problem stems from the TMO side of things... even if you were able to set forwarding rules either manually or via UPnP, it won't work. TMO is an IPv6 only network, and they chose to go the 464XLAT route for IPv4 support... which was well documented YEARS ago to break peer to peer style communications that rely on proper port traversal support. It also compounds issues with VPN's because their tunnel functions muchlike a VPN itself, reducing packet size--this causes issues when you use a VPN that may be trying to use a larger packet size, which can cause fragmentation or even discarded packets. Until they revamp their topology to properly support the dual stack environment, it will not be doable in it's "natural" state. Can get around it somewhat with certain VPN services, but itwill have it's limitations. Most only support P2P for certain known applications (like torrent software). The most flexible one I found (windscribe) thatallows you to set custom forwarding rules requires an extra option for reserving your IP as well, costing upwards of $16/month depending if you subscribe on annual plans or not.58Visto5likes0ComentariosRe: Nintendo Switch w/NOK 5G21 Gateway
It basically boils down to an infrastructure problem TMO needs to fix on the other side of themodem first, and then updating the modem's firmware to properly enable/allow port forwarding to work. EDIT: forgive me for the length of thispost... it is a bit of a sore spot in the community, for obvious reasons like what you are experiencing. The TLDR--gaming and IoT devices were NOT considered when they cobbled this service together. It is really only designed for some of the most casual of users out there. Unfortunately, the marketing and even their own reps do not make this distinction up front. You MIGHT be able to get around some issues IF you can use a VPN with what you are doing... but success is limited due to issues with how things are managed. Their network is IPv6 only. Way too many devices and applications are designed with IPv4 with port assignmentsin mind. While you can still assign ports with v6 addresses, the biggerproblem is the reliance on v4 addressing. You can't just "send" v4 addresses over v6 networks--the packets have to be altered on both ends of the v6 network for that network to carry the data back and forth to another v4 client (ie: somegames trying to communicate with it's server via UDP protocol and v4 addressing). TMO opted for an implementation of XLAT464 to handle the dual stack scenario that does not work for the peer-to-peer communication that many of these devices/applications depend on to function properly.While it works to get mostly all "stateful" v4 communications back and forth (you request outbound TCPIP connections that are established/tracked so they can transmit back to you), the "stateless" ones are broken. These are the types of connections that are not tracked at all... often UDP and not TCPIP, or otherwise inbound and unsolicited (you did not open a connection to them first--they are trying to reach out to you directly).These typicallyneeda routing rule to forward such inbound traffic to a specific device, be that filtering by specific ports (set manually or via UPnP feature) or a DMZ rule that forwards all untracked/unassigned traffic to aparticular device. In theory, we should be able to get away with a DMZ rule on their modem to get around it--but their 464 implementation breaks things because of how they are filtering/shaping traffic. It is behaving morelike a "public" free VPN, or Carrier Grade NAT. Thesecan cause the public IP address toactually be used for multiple private users, so there is no 1 to 1 public address that can be paired to your modem or router's private IP in the usual fashion that wouldallowthose peer communications to work properly. Communications MUST be initiated from your end first, and then the other end has to follow specific rules to reach back to you through that same connection for it to make sure it gets back to you properly. Some have managed to get around it somewhat with a paid VPN service... but to get it work for things like game consoles it will require a VPN to run on your own router, which may narrow (or even void) your options considerably depending on specifics of your router. And then there is the issue of the extra encapsulationfor their 464 translation layer. They have to use more space in the packetheaders for their encapsulation, which reduces how much user data can go in each packet. Instead of the more common 1500 byte client side MTU that leaves a 1460 byte MSSfor user data, things get reduced to a 1420 MTU for the client, leaving only 1380 bytes for user data. Some VPN's reduce this down to 1320 or less by default to avoid potential issues with their encapsulation--but not all of them. So some are having issues getting VPN's to work properly... and not all allow the user to override the MTU or MSS values to fix it. Basically... a LOT of people are getting hosed because TMO didn't have a clue of how people more often use their internet these days. They are setup more for the extremely casual user... at best, a Netflixstreamer and social media user. Avid gamers certainly were NOT a consideration for this product... Heck, even the more casual gamer that likes the odd FPS game can get screwed by this system. /endrant7Visto5likes0ComentariosRe: NAT (Forwarding) in T-Mobile Gateway
They need to fix their screwy xlat464/cgnat style network first. As long as they continue to filter that unsolicited inbound traffic at the higher network layers, won't matter what options are available/configured on our local modems/routers. It is actually getting nixed at the outer edges of the networks, so it never makes it to the modem, much less the router.61Visto5likes0ComentariosRe: T-mobile 5g home internet forcing to tower with no data issues/changing towers/bands
Cell phones get top priority once utilization reaches a certain threshold. Don't know what that level is exactly, but home internet packets will get heavily queued when it happens (you can see the jitter factors go through the roof when it kicks in). If itholds them long enough you risk timeouts depending on the application's tolerance for delayed packets. Thus, the <usual> culprit is the congestion level. Not necessarily for the wireless, but it can also be on the back haul as well. A single tower can host multiple bands at the same location, all feeding into the same upstream pipeline. Which can lead to a massive chokepoint under highutilization. As a result, lately TMO seems to be wrangling with a capacity issue more so than coverage.18Visto4likes0ComentariosRe: High-Speed Internet Gateway will not lock to 5G speeds (5G21)
Yeah... I am holding out as long as I can against going back to Spectrum. Got tired of the rate increases, continually haggling for a $10 discount. Rate card says "up to 200mbps"... but no matter how many times I asked, they would not lift the 100mbps cap on our line. Even when I called to cancel and told them that was specifically why I was cancelling--over 4 years base price kept going up from $60 to now $75, while we were still limited to 100mbps. We've had that line active in some capacity for 41 years... and they just refused to do right by us. My dad was on one of the crew's that was rollingcable through the Carolinas in the 70's. I ran a dedicated line for our internet TWICE (first was base RG6, then later to quad-shield with copper core, not that copper clad steel crap). So it is a SUPER clean line... techs are always shocked how little drop there is from ther tap after the ~78 foot run. $50 for64/14 with TMO, versus their 108/12 for$75. Tested tothe same location while I was on the phone with them. All they offered was a $10 discount for one year--which was still resulting in a $5 increase from what I had been paying. Enough was enough. I countered... if you will lift the cap to the published 200 that we know the line is physically capable of and your own marketing tells us we can get I would reconsider and they declined. So, kicked them to curb. And now they are bombarding me with offersfor $50 for one year. Even had a rep come to the house TWICE! And my response again... lift our cap to the advertised 200 and we can talk. No can do… So, no soup for you!4Visto4likes0ComentariosRe: UPnP and XBox gaming
Unfortunately there are issues in networking layers above the modem that break proper NAT for IPv4. The LTEmodems came withfunctional port forwarding/DMZ. Things would appear to get configured properly, but in realiy it brokeon the other side of the modem. TMO needs to move to aproper dual-stack setup for this to have a chance at behaving like it needs to for many devices and applications.16Visto4likes0ComentariosRe: Home internet service IPv6 traffic is all filtered even when using a Netgear LTE router. No port forwarding. Plz fix!
SGS wrote: Great report. Does this issue prevent the ability to remotely access Wyze cameras, ring alarm system, Ooma phone and video doorbells. Thanks yes. any unsolicited inbound connection will get blocked. basically, if an app or device requires a port to be opened/forwarded to work properly, it can knacker it up. peer to peer games/applications, remote desktops, inbound VPN's… all manner of things are getting hosed because they are forcing us to use a 464XLAT approach instead of a more proper dual stack--or even full IPv6.17Visto3likes0ComentariosRe: 5G 5G21-12W-A Gateway "Trashcan" Bridge Mode
If you can get them to send you the white Askey LTE modem, you can at least do DMZ. It has UPnP and manual forwarding capability and all that, which will appease an xbox or playatation's network test and all... but the P2P communications still get broken at the next tier up because of the 464/CGNAT crap. Haven't been able to get remote access to my media server, but at least it works locally for us. It is a trade off... 5G access for a more flexible modem. In somemarkets, 4G/5G seem to be performing pretty close to each other during peak traffic times anyway, since their 5G is not standalone (yet)... so the 4G congestion still hamstrings both technologies atm.15Visto3likes0ComentariosRe: 5G 5G21-12W-A Gateway "Trashcan" Bridge Mode
Unfortunately, all inbound unsolicited traffic is "blocked" by design. There was much discussion about this late last year/first of this year, but it has all sloughed off to the back pages now. Basically, it is all tied into how they are managing the dual IP4/IP6 stack situation. They chose to go theroute of 464XLAT, which is a roundabout way of translating v4 addresses to v6 to run packets through their v6 only network. So there isn't a forwardfacing v4 address space for us to use--it all gets "tunneled" throughTMO's v6 network, and then flipped back to v4 when it exits their network. Without extra layers to manage the port traversal aspect with this process, it screws up a LOT of what people do ontheir networks--including things as common as voice chat on gaming consoles, cameras, etc. Some people have managed to get SOME applications to behave via VPN, but that can still bring some issues with it. The 464 tunnel drops MTU down to 1420, so some VPN's need to be tweaked to drop MSS low enough to keep packets under that limit (1320 to 1380, depending on the config). But this doesn't solve all issues...some VPN's only support known peer to peer style communication for known application standard port assignments--meaning they won't always work withcustom numbers. Some may even require you to pay extra to get a "static" IP (not truly static, they may still change periodically with a "hard" lease renewal, kindof like how cable companies do it). Oh yeah... and we also can't run a pure v6 network on our end either. We have tried to set up v6 delegation through their oldermore flexible Askey modems and our routers like we were able to do with our previous ISP's, which APPEARED to work at first... but was a no go in thelong run as well.9Visto3likes0Comentarios