Menu
Reply
  • 22
  • 0
  • 0
vsn
On our wavelength
127 Views
Message 1 of 5
Flag for a moderator

connecting an EE Signalbox via Hitron CGN4 on VMB?

Hi,

On Virgin Media Business and trying to connect an EE Signalbox via the Hitron CGN4. The signalbox is basically a small 3G cell that connects to the core network via an IPSec tunnel and provides 3G coverage in difficult areas.

I am unable to make it work -- it simply flashes fast green which means it's trying to connect. I suspect that the IPSec tunnel is not being established.

Documentation says it uses IKEv2/IPSec on UDP ports 500/4500.

Has anyone had luck in a setup similar to mine?

Thanks

 

0 Kudos
Reply
  • 22
  • 0
  • 0
vsn
On our wavelength
106 Views
Message 2 of 5
Flag for a moderator

Re: connecting an EE Signalbox via Hitron CGN4 on VMB?

I'm gonna have to reply to my own post. But it may help others.

Preliminary investigation shows that the MTU on this connection is 1300. Now that in itself might be OK and any packets larger than this with the DF (don't fragment) bit set result in an ICMP "Fragmentation Needed but DF is set" error.

The real problem is that it appears the Hitron silently discards packets larger than 1300 bytes when the DF bit is not set. And it so happens that the IKEv2 IKE_AUTH response (over NAT traversal UDP/4500) is a large packet that never makes it back to the Signalbox.

 

 

0 Kudos
Reply
  • 9.96K
  • 290
  • 622
Forum Team
Forum Team
99 Views
Message 3 of 5
Flag for a moderator

Re: connecting an EE Signalbox via Hitron CGN4 on VMB?

Hello vsn,

Thanks for posting and apologies for not replying sooner Smiley Happy

We're trained to support residential customers on the community, but I really do appreciate that you've kept your post up to date.

All the very best,

Take care.

Heather_J

Tech fan? Have you read our Digital life blog yet? Check it out


0 Kudos
Reply
  • 22
  • 0
  • 0
vsn
On our wavelength
87 Views
Message 4 of 5
Flag for a moderator

Re: connecting an EE Signalbox via Hitron CGN4 on VMB?

Yesterday I forwarded a UDP port to an 'inside' host and ran a packet capture on it.

From a different site, I put together a perl script that sends progressively larger UDP packets to the 'inside' host.

Up to IP packet size 1300 (UDP payload = 1272 octets) everything is fine.

Above that, nothing. Nothing at all.

I've raised a ticket with the Business helpdesk.

 

0 Kudos
Reply
  • 22
  • 0
  • 0
vsn
On our wavelength
73 Views
Message 5 of 5
Flag for a moderator

Re: connecting an EE Signalbox via Hitron CGN4 on VMB?

The Business helpdesk have come back to me and have suggested trying switching from static IP to dynamic IP.

I understand the static IP is implemented using a GRE tunnel and it may be this that is breaking the fragmentation/reassembly process.

Well, I said go ahead with it. The Signalbox worked within minutes!

However, port forwarding is now not working, even though I know the external dynamic address the connection has picked up!

Honestly, I have been using the residential service for years and I never had such problems.

I have signed up for two years on the business service and I am not a happy chappy.

 

0 Kudos
Reply