It too me a while to work out why my Nextcloud stuff wasn’t working on my phone. It wasn’t until I went to http://duckdns.org on mobile data I saw the block. I had changed ISP from one with IPv6, which I had setup, to an ISP without it, and thought it might be that. But it was just coincidence.
I’ve written to O2 but I doubt they will change anything, so I’ll be changing network.
So heads up UK O2 self hosting people!
You must log in or register to comment.
If it’s just a DNS block, you could use a different DNS server. You should do this anyway in my opinion.
It’s not the DNS server. I’m sure of this because Termux uses a different DNS server but does the same. I also tried setting my phone to use OpenDNS directly. I’m pretty sure they are inspecting the DNS traffic. Exactly so changing DNS server doesn’t help.
I don’t see a problem when using IP directly. I mean the IP is static, so I could must buy a domain, but I’d also have to piss about with my setup.
Modern Android versions can use DoH (DNS over HTTPS) which can not be intercepted. If you don’t have this option or are not sure how to configure it, you could use the Quad9 app to enable secure DNS. This way you can make sure it is not related to DNS. Frankly, I can’t imagine they are blocking the IPs of the DuckDNS servers directly.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters CGNAT Carrier-Grade NAT DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web HTTPS HTTP over SSL IP Internet Protocol NAT Network Address Translation PIA Private Internet Access brand of VPN SSH Secure Shell for remote terminal access SSL Secure Sockets Layer, for transparent encryption VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting)
[Thread #341 for this sub, first seen 9th Dec 2023, 20:15] [FAQ] [Full list] [Contact] [Source code]
T-mobile was doing this in the US but only blocking certain ports when talking to my home server, might try putting it on a non-standard port as well and see if you can access the service then.
Oh I know some ports are ok. My SSH and WireGuard get through. Port 80 is redirected to a block page place holder and 443 is interfered with so SSL fails.
Interesting.
I have no idea how the piggyback operators work (ie, purely financial, nothing technical?), but a quick check shows Tesco (uses O2) responds the same way.
I’m lucky to have static IPs, but I have a noip.com and that appears to work ok, so it can’t be a blanket policy on dynamic DNS per se.
Giffgaff uses o2 and also blocks duckdns. Additionally, whatever blocklist my employer is using also blocks it, so it’s probably a common thing now.
Just a follow up to this.
So I never ended up contacting O2 to say “please stop this”, I just used Wireguard to home and ignored it. Until the local Morrison’s wifi started doing the same thing but worse and I couldn’t event Wireguard round it.
So I finally just bought a domain and setup my Apache to redirect the old duckdns to the new domain.
So far this all seams to be working great.
O2 has an on-by-default security filter that blocks all sorts of “bad stuff”. For me, it was preventing connecting to any PIA VPN servers. Ping their customer support and they can disable it for you.
I’ve emailed them. See what they come back with. I mean unless they block SSH, Wireguard and Tor, I’ve got to hand work arounds. I just doesn’t like them fighting me.
those “security filters” are the worst, a few years ago vodafone with their “rete sicura” was blocking githubcontent and it was a nightmare to have them disable the service for me, the operator was like “but this is a free premium service that protects you”
If it’s a dns block I’d highly recommend setting up your own recursive dns resolver. Something like pihole and unbound. That way you query the authoritative servers directly and your ISP can’t filter your content as effectively since they would be limited to incredibly ineffective IP based filtering.
