Support:

Vodafone Sure Signal

Search in eForum:
Reply
Topic Options
billroth
Established Poster
billroth
Posts: 83
Registered: ‎10-09-2010

‎12-01-2012 08:40 PM - edited ‎12-01-2012 08:48 PM

SureSignal - some answers....

[ Edited ]
Options
I have been playing with the VSS for a couple of months and have got mine going, both over a simple direct aDSL connection and over the Wireless Internet service I provide. I think the information I can provide may be useful and helpful sorting out problems.

The VSS sets up a VPN using ports 50 (?) 500 & 4500, and also contacts NTP timeservers over port 123. The most critical but not well communicated fact (Voda keep it quiet) is that the VSS will only connect using certain 'whitelisted' IP addresses. This is understandable as Voda have to ensure the device is only used in the UK (3G licence conditions) and the whitelisted IPs are (usually) specific to the UK. The big UK ISPs such as Sky, AOL, TalkTalk etc have their IPs on this list but many smaller ISPs do not have their IPs listed. My IP range was not listed, so I posted mine here and it took about two weeks to get them onto the list.

The VSS has to get an IP address via DHCP from the aDSL modem or router. The simplest and most reliable connection is an aDSL modem running a DHCP server, with a single network LAN connection to the VSS. Any firewall should be disabled so the VSS device can connect via any port the Voda servers. Providing there are no packet size issues the VSS should connect, with the caveat that the external IP must be on the whitelist. My VSS connects on a standard aDSL line in this configuration in a few minutes.

When you have an aDSL modem/router with 4 ports (typically) you have to start the port mapping of ports 8, 50, 123, 500 and 4500 to the VSS LAN IP address (I plan to discuss routers and larger networks later)
Share to Facebook Share to Twitter More...
Reply
0
Message 1 of 4 (2,109 Views)
billroth
Established Poster
billroth
Posts: 83
Registered: ‎10-09-2010

‎12-01-2012 10:26 PM

Re: SureSignal - some answers....

Options
With a 4 port router and say four connected devices, each of the devices (computer, laptop, VSS for example) will be assigned 'internal' IP addresses by the router something like 192.168.1.2, 192.168.1.3 and 192.168 .1.4. All the data OUT to the internet will go via an external IP address assigned by your ISP (unless you have one or more static IPs in which case you won't need to read rhis) and may be someting like 89.133.45.65. The possibly confusing thing is three devices all share one external IP.

What you have to do by port mapping is make sure traffic from Voda gets to the VSS - thus you put rules in the port forwarding table to forward traffic from ports 8, 50, 123, 500 and 4500 to the IP address of the VSS. If you are lucky your router will be clever enough to detect traffic coming FROM the VSS and it will port trigger and map this traffic BACK to the VSS - which Is why some routers apparently work without configuration. However most will need some setup.. Alternatively you can set the IP of the VSS as a DMZ but this will not always work.
Share to Facebook Share to Twitter More...
Reply
0
Message 2 of 4 (2,037 Views)
philip42h
Guide II
philip42h
Posts: 440
Registered: ‎07-01-2010

‎13-01-2012 07:21 AM

Re: SureSignal - some answers....

Options

Bill,

The above post perpetuates an urban myth to the point of being 'incorrect'. A standard domestic router provides NAT support to allow the WAN address associated with the router to be shared by each of the devices on the local LAN (there can be many more that 4 of these - this is in no way limited by the number of ports on the router).

 

A correct implementation of NAT will ensure that responses to requests issued from a device within the LAN are router back to that same device. You don't have to be lucky for your router to be clever enough - it's part of the specification for NAT; it isn't port based - the router maintains a routing table.

 

All traffic through the SS is initiated by the SS and thus, should be appropriately routed via NAT. No unsolicited traffic is required for the operation of the SS, so no port mapping is required in a normal domestic set-up. As a result, the SS is plug-and-play for the majority of users.

 

Explicit port mapping may be required in some circumstances - for example:

  • The system admin in a corporate environment may have configured the router firewall to block the default pass-through behaviour for solicited responses.
  • There might be some other explicit port mapping rules configured within the router that prevent the normal operation of the SS.
  • The implementation of NAT within the router could be defective - i.e. requiring a firmware update

I suspect, but of course cannot prove, that there are a good number of SS users out there who have set up and are maintaining port forwarding rules quite unnecessarily ... :smileywink:

Philip
Share to Facebook Share to Twitter More...
Reply
0
Message 3 of 4 (2,030 Views)
billroth
Established Poster
billroth
Posts: 83
Registered: ‎10-09-2010

‎13-01-2012 07:56 AM - edited ‎13-01-2012 08:03 AM

Re: SureSignal - some answers....

[ Edited ]
Options
I was trying to keep matters simple and you have muddied the waters ;-))
Port triggering and port forwarding will ensure (if you are lucky;-)) the response is returned from whence it came.... You have taken me too literally and obviously there can be routing to any number of ports. However explicit port forwarding will ensure the data gets where it needs to. I think you need to accept my post as the usual 'part of the story' rather than the full truth. YOU have to accept that in many cases NAT does not work correctly in free chinese boxes given out by many ISPs and we live in the real world, not one where NAT is adhered to 'correctly'

But some routers will do this, and others may block most ports in their firewall. I was also going to discuss the cases similar to my Wireless ISP where there are MANY internal IP addresses and explicit NAT is essential.... Obviously with switches and routers you can masquerade many internal DHCP or static IP addresses to one external IP, or have a mixture of 1:1 NAT and masq.

There are a couple of final points, where you have correct port triggering and / or NAT but you do not get a connection, or (as has been posted earlier) you get a connection but only get some or little data traffic. Where you get a mismatch between expected and required packet sizes (pppoa, pppoe, Sky MER etc) the Voda servers may either bounce back packets - or worse, simply drop them. This packet size mismatch or fragmentation or rejection can be another reason why an apparently good connection does not work..

In summary the Voda SS box is not a piece of rocket science - it requires no more than the same port forwarding a PS3 may need ( and as you somewhat misleadingly point out, it should often not be needed) - but the existence of the WHITELIST considerably obfuscates matters and makes fault finding more difficult. I agree the VSS is often (even in a routing environment plug n play) but many posts here support my case that the NAT is not working correctly (or firewall rules block uncommon ports) thus in the real world we have to explicitly port forward..
Share to Facebook Share to Twitter More...
Reply
0
Message 4 of 4 (2,026 Views)