Problems with a 4G Connection

[OldAgeTravellers]

Instead of a Broadband Connection I use a 4G router and a Superdrug Sim.This means that I can move the router from house to camper and have a good connection and a house phone and not pay while not using it when away for long periods. For me it works very well EXCEPT....

I cannot use Santander Banking on the app or browser. I put in my credentials it goes away and thinks about it for a few seconds then just comes back to the sign in screen. I can do this an infinite number of times and yes my Credentials are correct as it tells me if I put therm in wrong. The bank does not seem to worry how many times I try so whatever it is is not throwing up flags except refusing the connection. I can use Nationwide bank site and a couple of other banks without problems and Amazon, PayPal etc.

I spoke to Santander (after about an hour hanging on) about it and she said that my IP address was changing so their security refuses the connection. I have looked at my IP with "whatismyipaddress.com" and IPv4: seems to be constant for a session but no IPv6: detected.
It is obviously a problem with the Superdrug "3" system because I put my french Free.fr sim in which has limited data and I had no problems with the Santander site.

Reading online I found others having the same problem with the "EE" network and it was suggested to use a VPN so I connected my "paid for" Ivacy VPN and connected straight away to Santander and downloaded the statement I needed I also downloaded the Opera Browser which has a built-in VPN and I could connect with that.

I have contacted the Superdrug helpline but we have been back and forth for two weeks and are getting nowhere.

It may be an easy question for the likes of Gromett and other knowledgeable Funsters in these things.

I don't hold out much hope for Superdrug solving it as they are only resellers.

The VPN solution is a workaround but I am not totally sure if it is good to connect to financial sites through the likes of IVACY or any of them really although all the reading I can find rates their security as very good with them saving no logs but they are based in Singapore which could be of concern. What about Opera? I can't find anything about them. I did also have a bit of a problem with the French Gouv.FR site which would not function properly using Superdrug but it would using Free.fr and the VPN.

So, does anybody have any suggestions.

Thanks for reading,
Steve

 

[I2C]

I had the same problem today with O2.

I put this down to the iPhone using private relay, I quite often find I’m using an American IP address when I get to where I’m visiting!

No idea what hardware you’re using but mine worked after a couple of tries, sorry if that doesn’t help.

 

[OldAgeTravellers]

I had the same problem today with O2.

I put this down to the iPhone using private relay, I quite often find I’m using an American IP address when I get to where I’m visiting!

No idea what hardware you’re using but mine worked after a couple of tries, sorry if that doesn’t help.

Thanks, but as I said I am using the sim in a router and connecting my pc via internet And myiPad by wifito the router.
Steve

 

[Quackers]

Add something like Nordvpn direct to the router and choose a UK IP address.

 

[Gromett]

Instead of a Broadband Connection I use a 4G router and a Superdrug Sim.This means that I can move the router from house to camper and have a good connection and a house phone and not pay while not using it when away for long periods. For me it works very well EXCEPT....

I cannot use Santander Banking on the app or browser. I put in my credentials it goes away and thinks about it for a few seconds then just comes back to the sign in screen. I can do this an infinite number of times and yes my Credentials are correct as it tells me if I put therm in wrong. The bank does not seem to worry how many times I try so whatever it is is not throwing up flags except refusing the connection. I can use Nationwide bank site and a couple of other banks without problems and Amazon, PayPal etc.

I spoke to Santander (after about an hour hanging on) about it and she said that my IP address was changing so their security refuses the connection. I have looked at my IP with "whatismyipaddress.com" and IPv4: seems to be constant for a session but no IPv6: detected.
It is obviously a problem with the Superdrug "3" system because I put my french Free.fr sim in which has limited data and I had no problems with the Santander site.

Reading online I found others having the same problem with the "EE" network and it was suggested to use a VPN so I connected my "paid for" Ivacy VPN and connected straight away to Santander and downloaded the statement I needed I also downloaded the Opera Browser which has a built-in VPN and I could connect with that.

I have contacted the Superdrug helpline but we have been back and forth for two weeks and are getting nowhere.

It may be an easy question for the likes of Gromett and other knowledgeable Funsters in these things.

I don't hold out much hope for Superdrug solving it as they are only resellers.

The VPN solution is a workaround but I am not totally sure if it is good to connect to financial sites through the likes of IVACY or any of them really although all the reading I can find rates their security as very good with them saving no logs but they are based in Singapore which could be of concern. What about Opera? I can't find anything about them. I did also have a bit of a problem with the French Gouv.FR site which would not function properly using Superdrug but it would using Free.fr and the VPN.

So, does anybody have any suggestions.

Thanks for reading,
Steve

That is a common problem and it is caused by Carrier Grade NAT. NAT is Network address translation.

I will try and explain this in an easy way.

In your house you have a BT (swap this out for virgin or whatever) router which has WIFI. You have your TV, Laptop, Tablet and 3 phones connected via WIFI.
But if you go to Broken Link Removed on each of those devices you will see each of them has the same IP address.
If you look in the networking settings for the IP address you will see that they are using something like 192.168.x.x or 10.x.x.x.

An IP address has to be unique to each device otherwise the internet has no idea how to route your data.
There are 4Bn possible IPv4 addresses. 0.0.0.0 to 255.255.255.255 Each octet (sequence of 8 bits or one byte) can only hold a value of 0-255.

So with a 4Bn limit and a lot more than 4Bn computers, servers, phones, tablets, TV connected to the internet something had to give.

An early solution to this and I will explain it in a way that is not entirely technically accurate but will help you understand the principle.

The 192.168.x.x and 10.x.x.x IP ranges are reserved for internal use. These are for networks in your house or business where the traffic will not be routed over the internet.
In fact those ranges will not route over the internet at all. Your BT router will assign one of these IP addresses to each device in your homes internal network.

When your phone or tv makes a connection to the internet via the BT router, the BT router will take the data packet and wrap it in an envelope with it's public IP address on the front of that envelope.
So any site you connect to will think the packet was coming from the public IP address of your BT router. The site will then send the response back to your BT router public IP. The BT router will then know the connection details and swap in the relevant internal IP address before sending the data on to your device. I hope this makes sense so far.

Now here is where your issue starts. Because there is a limited number of public IPs (4Bn) and they are now all been allocated out. Smaller ISP's will run out and they have a choice, either lease or buy IP ranges from other companies for extortionate fees, OR use the same technique as your BT router does but at the carrier level.

Lets say a small ISP has 254 public IP's but 500 customers. They cannot give each of their customers routers a public facing IP address. So what they do is set up say 200 public IPs as exit gateways. And then internally use NAT to be able to allocate 500 IPs to their customers public facing routers. These 500 IP's are likely to be in the 10.x.x.x range.

The issue now becomes how do they map the 500 IPs to the 200 IPs. This is done dynamically to ensure that the traffic load is distributed evenly across all the hardware running the exit gateways.

What this means practically speaking is that on your first request you may go out through exit gateway 1, then 2 minutes later you may go out through exit gateway 45. This is not always the case. If there is not a lot of changes to traffic you "may" stay on the same gateway for 10s of minutes. But at other times you may be swapping every other request. Any ISP using this is prone to have problems with some websites these days. I would simply use another ISP.

If you want a little more information...

Carrier-grade NAT - Wikipedia

en.wikipedia.org

^{_{Subscribers  do not see these advertisements}}

 

[Gromett]

PS: Apologies for any spelling or grammar issues above. I have only recently got up and now need to go get food/coffee etc. Will re-read and spell check when I get back.

 

[Gromett]

Just a brief addendum. There are only 4 real carriers in the UK.

I suspect that 3 for instance when it enrolls a new MVNO onto its network they are given a smallish subnet of the 3 IP range rather than using their own. This will then use CGNAT to allow them to roll out services to customers.
Whereas if you go directly with 3 you will get a proper IP address.

I will test out later to see what IP range I get on my 3 router direct from 3 to confirm they do not use CGNAT on direct customers. I cannot confirm this for any MVNO as I don't have any MVNO sims sorry.

 

[Gromett]

ok. Looks like 3 do use CGNAT on some APN's. I suspect that all 3 MVNO's will use CGNAT and probably a proxy as well.

CGNAT, Web proxy and other limitations of mobile broadband :: Mobile Broadband (3G, 4G, 5G etc) :: think broadband

 

[OldAgeTravellers]

Hi Gromett thanks for that extensive explanation, very much appreciated. Coincidentally Superdrug have come back today and basically said that there is nothing they can do and Santander needs to change their system or I should find a different provider! The trouble with that is getting through to somebody who knows what they are talking about in Santander. That's if you can ever get through.
Given the restrictions you have outlined it seems my only options are to change supplier or use the VPN solution.

I quite like the Superdrug offering £20 per month for unlimited data and calls. Unfortunately they have curtailed foreign use but the service can be switched on and off so can be switched off at the end of the month while travelling and buy a local sim. In France. Free.fr can be bought from a machine with a credit card and cancelled with a registered letter then Superdrug switched back on when returning home. They allow it to be off for six months.

What do you think of the VPN solution, Ivacy are not the market leaders but seem to be OK in reviews and their claim to not keep logs seems to be independently verified and I have a lifetime premium subscription which I won in a competition. So is it safe to do financial business through Ivacy VPN? or any other for that matter. The traffic to the bank is encrypted anyway so shouldn't be any different through a VPN, should it? Normally it would be going through the ISP's servers anyway. although I note that the Superdrug tech's are having trouble locating the time stamps I send them. So their servers may not log HTTPS traffic.
So Gromett with the knowledge you have, what would you do in my situation.

Steve

 

[OldAgeTravellers]

Add something like Nordvpn direct to the router and choose a UK IP address.

I can't see how to do that with my Huawei 4G router. But it is very easy to switch the Ivacy VPN I have on and off just a simple switch I have built on the desktop and it is not really necessary to send all traffic through the VPN.

^{_{Subscribers  do not see these advertisements}}

 

[Gromett]

Hi Gromett thanks for that extensive explanation, very much appreciated. Coincidentally Superdrug have come back today and basically said that there is nothing they can do and Santander needs to change their system or I should find a different provider! The trouble with that is getting through to somebody who knows what they are talking about in Santander. That's if you can ever get through.
Given the restrictions you have outlined it seems my only options are to change supplier or use the VPN solution.

I quite like the Superdrug offering £20 per month for unlimited data and calls. Unfortunately they have curtailed foreign use but the service can be switched on and off so can be switched off at the end of the month while travelling and buy a local sim. In France. Free.fr can be bought from a machine with a credit card and cancelled with a registered letter then Superdrug switched back on when returning home. They allow it to be off for six months.

What do you think of the VPN solution, Ivacy are not the market leaders but seem to be OK in reviews and their claim to not keep logs seems to be independently verified and I have a lifetime premium subscription which I won in a competition. So is it safe to do financial business through Ivacy VPN? or any other for that matter. The traffic to the bank is encrypted anyway so shouldn't be any different through a VPN, should it? Normally it would be going through the ISP's servers anyway. although I note that the Superdrug tech's are having trouble locating the time stamps I send them. So their servers may not log HTTPS traffic.
So Gromett with the knowledge you have, what would you do in my situation.

Steve

Just a quick point here. It is not Santander in the wrong here. For logins they use a combination of IP and cookie. This is normal. The cookie stores an auth key. So once you login you don't need to repeat the process each time. However, the downside of cookies is that they can be copied from one computer to another and give that new computer access without logging in. This is a security hole, so as standard practice each cookie is linked at the server to an IP address and upon changing IP you will have to login again.
I hope that makes sense.

It is also not Superdrugs fault per se. They are using an industry standard technology to extend their IPv4 address range and it works for the vast majority of people. However, the technology they are using does have a few limitations and it appears you have found one.

On VPS's I cannot recommend one as I don't use them. If I did want one I would build it myself as I don't trust other companies to provide any of my services. As I ran/owned a decent sized hosting company for many, many years I tend to do this kind of stuff for myself.

I did look to see if it was viable to run a VPS service for funsters, but to be honest I could either run a high quality one for a small number but it would cost more than the mainstream ones charge. I just don't have the scale to do it at such low cost as the commercial offerings and I really don't want to get back into an industry that demands 24/7/52 service.

 

[Gromett]

I can't see how to do that with my Huawei 4G router. But it is very easy to switch the Ivacy VPN I have on and off just a simple switch I have built on the desktop and it is not really necessary to send all traffic through the VPN.

You don't need to run the VPN on your router. You run it on your desktop and only turn it on when required.

 

[Manic]

I know nothing about VPN but have you seen this screen on your Huawei router home screen
maybe this is where you can input vpn details (this is on a Huawei B535)