Is secure ftp blocked on the Rogers wireless network

Need Help?

That's what we're here for! The goal of the Rogers Community is to help you find answers on everything Rogers. Can't find what you're looking for? Just ask!
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
I'm Here A Lot
Posts: 5

Is secure ftp blocked on the Rogers wireless network

Is secure ftp blocked when using the Rogers wireless network?  I am submitting this question for a colleague.  He's using a Roger's phone as a hotspot.

 

We have a work process that involves transferring data back and forth to remote locations using secure ftp (SFTP).  Secure ftp being used for obvious reasons - corporate data security.  My colleague recently changed to Rogers and now his data transfers are failing.  He tried on a different network provider (on his wifi network at home)  and the transfer worked. Colleagues on other wireless providers are able to successfully complete sftp data transfers.  The evidence is pointing towards the issue being due to the wireless provider being used.

 

I ran into this two years ago with a different wireless provider, I'll call them "Company B".  Any of our remote workers using Company B as their wireless provider had their data transfers failing.  Company B's support was contacted, the first line response was that secure ftp traffic is not blocked.  Some persistence got us through to an L2 support group, and some traffic monitoring revealed that secure ftp was indeed being blocked.

 

If my colleague's problem using secure ftp on Rogers wireless cannot be resolved he may have to switch wireless providers.

 

Thank you.

 

 

**Addd Labels**

Highlighted
Resident Expert
Resident Expert
Posts: 6,987

Re: Is secure ftp blocked on the Rogers wireless network

This is a question for @RogersDave.  Hopefully he can tell you pretty fast if there is any issue with Secure FTP.  IPV6 issues also come to mind.  I'll send a private message asking him to have a look at this.



Highlighted
Retired Support
Retired Support
Posts: 611

Re: Is secure ftp blocked on the Rogers wireless network


@creaume wrote:

Is secure ftp blocked when using the Rogers wireless network?  I am submitting this question for a colleague.  He's using a Roger's phone as a hotspot.


Creaume,

 

Welcome to the Community! I just tested SFTP on our wireless network and was able to transfer a file without any issue. I suspect however that there may be something going on with the way hotspot operates in that circumstance.

 

Would you be able to confirm that the phone your colleague is using (model) and if you would happen to know if the server is IPv6 enabled or not. If you don't know that answer, it is ok.

 

Dave

Highlighted
I'm Here A Lot
Posts: 5

Re: Is secure ftp blocked on the Rogers wireless network

 

He is using an iPhone 6.  I'm working on getting an answer to the IPv6 question.


Thank you.

Highlighted
I'm Here A Lot
Posts: 5

Re: Is secure ftp blocked on the Rogers wireless network

I have learned that the server that the phone is trying to connect to is not IPv6 enabled.

 

Chris

Highlighted
Resident Expert
Resident Expert
Posts: 6,987

Re: Is secure ftp blocked on the Rogers wireless network

@creaume, ok, in that case consider trying the following, and that is to set the connected pc/laptop to use IPV4 only.  I'm assuming that the hotspot might be running IPV6, so that might be the source of the issue.  That would be easy enough to confirm by running an ipv6 test and trace.  For your colleague:

 

1.  With a web browser, go to ipv6-test.com    That will show the results of an IPV4 and IPV6 connectivity check.  A score of 4/20 on the upper right hand would indicate that the pc/laptop is running IPV4 only.  A score of 19/20 would indicate that the pc/laptop is using IPV6 and should be set to use IPV6.  Rogers doesn't supply an IPV6 hostname, which would be the final element to allow a score of 20/20.  Anything less, such as 17/20 would indicate an additional missing element in the score.  Usually that is the IPV6 ICMP.  If thats the case, an exemption for IPV6 ICMP is required for the Windows and possibly anti-virus firewall.  With that exemption added, the final result should be 19/20.

 

Here is the Microsoft instruction page to add the IPV6 rule to the Windows firewall.  Note that this should be added for IPV6 only.  Do not add a rule for IPV4.  

 

https://technet.microsoft.com/en-us/itpro/windows/keep-secure/create-an-inbound-icmp-rule

 

Reboot the pc after the rule has been added. 

 

When a score of 19/20 is observed, refresh the page a couple of times or more to ensure consistent results.  I've seen inconsistent results from that site, which is why I recommend the page refresh.  

 

2.  Run a trace to google using IPV6.  

 

tracert -6 ipv6.google.com

 

That trace should complete all the way to google.  The test at ipv6-test.com should reveal any problems with the cell tower issuing an IPV6 address to the cell phone.  It would simply be impossible to get anything above a score of 4/20.  The trace would also reveal that, and any additional routing issues after the tower.  So, its possible to see the tower issue an IPV6 address, yet, the trace could fail further downstream and simply time out if there was a server issue downstream.  That would be important to know, whether the trace completes properly, going all of the way to google, or if it times out and continues to time out after that, essentially failing the trace test.  

 

3.  If the tests above show that the pc/laptop is using IPV6, then, you can force that pc/laptop to use IPV4 only.  

 

a.  Navigate to START .... CONTROL PANEL .... NETWORK and SHARING CENTER .... Change adapter settings.

b.  Right click on the wifi adapter to bring up the Wifi Properties panel

c.  Scroll down the list to Internet Protocol Version 6 (TCP/IPv6)

d.  Uncheck the left hand check box for that protocol

e.  Hit Ok at the bottom, close all of the windows and reboot the laptop.

f.  After the reboot, run a check at ipv6-test.com which should only result in a score of 4/20

 

Its also possible to check the IPV4/IPV6 status by running an ipconfig command at a command prompt.  

 

If the pc/laptop is only using IPV4, the top portion of the results will show:

 

C:\Users\Test>ipconfig

 

Windows IP Configuration     (note IPV4 only)


Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . :
IPv4 Address. . . . . . . . . . . :
Subnet Mask . . . . . . . . . . . :
Default Gateway . . . . . . . . . :

 

 

There is more after this, but the important point is the presence of a Link-local IPv6 Address followed by the IPv4 Address.  

 

For a pc/laptop that is running IPV6 and IPV4, the top results will look like the following:

 

 

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2607:XXXX:XXXX:XXX:XXXX:XXXX:XXXX:XXXX
Temporary IPv6 Address. . . . . . : 2607:XXXX:XXXX:XXX:XXXX:XXXX:XXXX:XXXX
Link-local IPv6 Address . . . . . : XXXX::XXXX:XXXX:XXXX:XXXXXX
IPv4 Address. . . . . . . . . . . : XXX.XXX.XXX.XXX
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : IPV6 address shown
                                                   IPV4 address shown

 

Notice the order of the addresses.  At the top is the IPV6 Address, followed by the Temporary IPv6 Address, Link-local IPv6 Address and finally the IPv4 Address.

 

So, if you have a method of forwarding all of this to your colleague, or talking him or her through it, disable IPV6 in the pc/laptop and see if that resolves the linking issue to the server.

 

To forward the link to this post, copy the link address at the bottom right of this post.  Right click on the "highlighted" post number after "Message".  Then you can copy and paste that link to the specific post in an email or message and forward the message.

 

Please let us know if this resolves the problem.  If there is an issue that the cell-tower is not supplying an IPV6 address or there is a failure to complete the IPV6 trace, that is something that @RogersDave would be interested in so that it can be taken care of. 

 



Highlighted
I'm Here A Lot
Posts: 5

Re: Is secure ftp blocked on the Rogers wireless network

 

I've passed on the info about the IPv6 test to my colleague.  He's on days off right now so I'm waiting to hear back from him when he comes back on shift.

Highlighted
I'm Here A Lot
Posts: 5

Re: Is secure ftp blocked on the Rogers wireless network

My colleague sent me a screensot of the results of his test at ipv6test.com:

 

ipv6test.jpg

 

If I understood your post Dave, this is bad news for the troubleshooting.  You suspected something in the connection chain was set to use only ipv6.  But this test indicates all parts in the connection are set to ipv4, am I right?

 

What is the next theory on what could be causing the sftp to fail?