Issues with IKEv2 IPSec VPN on Rogers LTE/3G

Need Help?

That's what we're here for! The goal of the Rogers Community is to help you find answers on everything Rogers. Can't find what you're looking for? Just ask!
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
I'm Here A Lot
Posts: 5

Re: Issues with IKEv2 IPSec VPN on Rogers LTE/3G

Not to say that this is not a Rogers problem, but it could also be an app issue. Keep in mind Rogers is one of the few networks that is ipv6 only for specific devices and they use 464XLAT (for Android) and an ios equivalent for Apple with NAT64 and DNS64. An improperly written app may not handle this properly. When Rogers switched to ipv6 only, my voip app on ios stopped working. The call would set up but no audio would be transmitted. However, switching to an alternate voip app with the same backend SIP server was able to pass audio successfully proving it to be an app issue. The app in this case was not calling the appropriate ios API to convert the ipv4 media addresses provided by the SIP server to the ipv6 address needed for NAT64. The replacement app I used did and things started working.

 

A possible issue is if the VPN app was doing a DNS lookup from Rogers servers, and the hostname was ipv4, Rogers DNS would return an ipv6 address which goes to the Rogers NAT64 server. If the VPN then tunnelled this traffic to the VPN server, the ipv6 address would not be routable as the NAT64 server is not reachable from the VPN server. Instead, the VPN server should tunnel the DNS request as well to get the real ipv4 address. With Rogers ipv6, Rogers DNS never returns an ipv4 address.

 

T-mobile USA is also ivp6 only. If you see complaints about the app on the T-mobile forums as well, it's possibly an app issue.

I Plan to Stick Around
Posts: 14

Re: Issues with IKEv2 IPSec VPN on Rogers LTE/3G

What is unclear about this issue. Multiple people have not changed anything on their servers nor on their clients and their VPN stopped working simultaneously. We use Windows RAS, router based VPN servers and various commercial VPN services (North, PIA, etc). And you're trying to say that Rogers hasn't changed anything but the whole world changed last Friday...

And just to be clear, frustrations aside, we rely on this service and we need it restored asap. Bashing Rogers and threatening won't help anyone. Once the service is back up and running we can start another thread about compensation, sla, etc.
I'm Here A Lot
Posts: 5

Re: Issues with IKEv2 IPSec VPN on Rogers LTE/3G

I didn't say Rogers didn't change anything - quite the opposite - they have switched to an ipv6 only network on many devices. If I check the Interface information on my iPhone 6s using HE network tools, I no longer have an ipv4 address. I only have an ipv6 address beginning with 2605:8d80:464:cbe9:... - thus, when communicating with the ipv4 internet where many VPN and corporate servers are hosted, special procedures are used (464XLAT (Android), DNS64, NAT64) and some apps may not handle this properly. I'm not saying the apps are the cause, I'm saying they COULD be the cause if they do not handle ipv6 only networks with ipv4 transition technologies properly.

I Plan to Stick Around
Posts: 14

Re: Issues with IKEv2 IPSec VPN on Rogers LTE/3G

I totally get it. The question becomes: what are we supposed to do? I am using the VPN client built in IOS 11.4 to access my corporate network. Since Friday I've been locked out of my own corporate network. In case of an emergency, if I don't carry my laptop with me, I am screwed.
I'm Here A Lot
Posts: 5

Re: Issues with IKEv2 IPSec VPN on Rogers LTE/3G


In this case, the solution is tied to compensation.

Let’s be honest: All these changes happened last Friday. It is EASY for them to just “go back” to Friday’s settings. Instead, they are being stubborn and taking their time trying to find a solution within the current settings.

The only way you will get a timely resolution is through hundreds of complaints to the CCTS. Rogers does not want a high number of CCTS complaints. The complaints look bad, they are costly to deal with, and almost always result in compensation. This will force them to go to the easy, immediate solution.

We bonded together and did this when the Internet in our subdivision was going down about one full day every month. When we hit them with about one hundred CCTS complaints, the problem was solved. I haven’t lost Internet in over a year.

Complain, seek compensation, get results.
I'm Here A Lot
Posts: 6

Re: Issues with IKEv2 IPSec VPN on Rogers LTE/3G

I just noticed that indeed, there's no audio on SIP calls with voip.ms anymore when connecting through LTE.

 

Using Acrobits Softphone on iPhone. 

I Plan to Stick Around
Posts: 14

Re: Issues with IKEv2 IPSec VPN on Rogers LTE/3G

I am using "Media5-fone" and SIP hasn't worked in years. I always had to VPN either into my home network or into the work network in order to be able to use it. 

 

SIP is another example of illegal port filtering/throttling that Rogers never admitted to, but it's obiously doing in order to protect their own phone services.

 

I guess, as much as I hate threatening and arm twisting, it looks like that's the only way to get them to listen and do the right thing...

 

I've Been Here Awhile
Posts: 3

Re: Issues with IKEv2 IPSec VPN on Rogers LTE/3G

Rogers support just called and said it was fixed and asked me test it. I tested and told them it is not fixed. Seems like they don't know what the problem is. You would think that they could use a stock iPhone and test with the native VPN service on it and know whether it was fixed or not.

I Plan to Stick Around
Posts: 14

Re: Issues with IKEv2 IPSec VPN on Rogers LTE/3G

Definitely NOT fixed.
Highlighted
I'm Here A Lot
Posts: 5

Re: Issues with IKEv2 IPSec VPN on Rogers LTE/3G

This was my experience as well - Acrobits stopped working with voip.ms. I switched to the Zoiper client and it started working with ipv6 and voip.ms. I opened a trouble ticket with Acrobits with the issue but never got a response. Acrobits does not seem to be converting the media addresses returned in the SDP thru the Apple API to get the NAT64 address required in an ipv6 only network.