Forum Discussion

hadtopickaname's avatar
hadtopickaname
Roaming Rookie
3 years ago

UDP port 4021 tmobile VS my alarm server...

It is unlikely the T-Mobile is blocking at the network level so it would
be related to the router itself. The Envisalink uses UDP port 4021 for
communication so the router is blocking that port, possibly over UDP
only. This may be in effort to block VPN usage or possible Bittorrent
services as both use UDP on non-standard ports.

 

 

This is the response from my alarm server module manufacture.. I have had t moible for 3 months at 2 seperate properties with 2 different gateways..and everthing was working fine up until a week ago.. they must of done a update and now I cannot communicate  with either alarm module

 

 

  • According to their information, “ensure outbound UDP port 4021 and outbound TCP port 4022
    are not blocked on the network.” 

    I ran a local port scan against the Nokia gateway the other day with Zenmap just to check for filtered ports. I found only 3 open ports 53/tcp, 80/tcp, 8099/tcp on 192.168.12.1. Given the use of CGNAT as the T-Mobile solution without using a VPN I would guess the blocking is pretty extensive. It does seem to put a number of limitations on the usage. Frustrating for many users.

    I also used http://ports.my-addr.com/check-all-open-ports-online.php which is developed on nmap.

  • I also check the needed 4021 on both properties  and it is shown closed… Any idea on how to get it open.. Tmobile tech is like talking to a rock ….. they have no idea what I am asking

     

  • I believe your assumption that the update altered the equation. Maybe it was not intentional but it is not something we can know as we don’t know what was changed in the firmware update. 
    The one option as it is would be to use a VPN. I have been looking into the various VPN options. I don’t want the additional cost each month but for the encrypted hole through the T-Mobile CGNAT network it might be worth it. They are not all even close to one another in features so the testing with a 30 day free trial is really the best way to confirm the solution is a good one. 

  • Problem with that option is as far as I know a computer/Pi or other has to run all the time in order for the VPN to have something run it. We are not at the property all the time and do not want to add another device that can fail or not work in to the equation.

  • That is a real consideration. Given the current operating model of the T-Mobile HI solution it might not be a good fit. The cost may be attractive but if it doesn’t fit the needs well time to compare and shop a bit more.