Am I the only one with this issue?

[MoonShadow_1911]

Ok, I can do more explaining. This setup I have works 100% at home. No issues at all. I actually set up a nano router (for the RV) to connect to the Hotspot so I could have certain IP addresses (this is needed for the app server to communicate with the database). So my configuration works great until I try to use the hotspot on my phone. I already know the phone hotspot is not great.

I am hoping that a true hotspot will solve these issues since it is more robust but I am not holding my breath.

Overall, this setup works great except when I am connected to the hotspot.

That sounds like your cell phone provider is blocking port 443. Try ssh'ing to port 443?

Sent from my SM-N986U using Tapatalk

[ajg617]

Kind of interesting. There are a lot of wildcards here. Are you using your phone or a carrier hotspot? Phones were not designed with data in mind (surprise). Carriers have been tightening up on IP range access as have CSPs. The number of firewalls between your phone and servers is likely much ~ 1. Recently found 6 Palo Altos between me and my destination CSP. None were config'ed the same and the company could not identify who owned one of them. Apple and Samsung have had issues with VPNs over IOS and android. A number of browser updates have bitten me getting to https lately (notably FF ESR and the latest Chromium Edge). My Horizon client on my Win10 laptop stopped connecting one day and I was forced to update client SW. If I start browsing on my 5G T-Mobile phone as a hotspot, it blocks internet activity (read browsing) yet it stays connected. Not so on my Verizon LTE phone as a hotspot yet.

[uwskier]

So you have a VM going through a laptop going through a nano router going through a hotspot. I'm surprised that works at all. Try setting the TTL of the VM to 68 and see how that behaves. This technically violates the TOU of tethering phone plans, but if it works, it shows the problem. I still don't think there's any way for the hotspot or a firewall in path to be blocking this flow unless it's cracking your VPN. That'd be bad.

[MoonShadow_1911]

So you have a VM going through a laptop going through a nano router going through a hotspot. I'm surprised that works at all. Try setting the TTL of the VM to 68 and see how that behaves. This technically violates the TOU of tethering phone plans, but if it works, it shows the problem. I still don't think there's any way for the hotspot or a firewall in path to be blocking this flow unless it's cracking your VPN. That'd be bad.

Good point. I seemed to have ignored the VPN part, unless the VPN is only allowing intranet traffic through it and internet traffic through the ISP (split tunnel).

Sent from my SM-N986U using Tapatalk

[trailrydr]

We to use a hotspot on our phone when camping. And my wife VPNs all day week long to her work through it. Im sure all of her servers are HTTPS because of where she works as an IT Software Engineer reading sensitive HIPAA data (I too used to work there as an IT Software Engineer).

She has no issue using our VZ Hotspot to access any of her servers. One caveat though, she VPNs to a work related Data Center, and once there she networks to each server she requires. Not sure if this is your case but it may have something to do with it as well.

However, I will note that some HTTPS sites (financial institutions, government, INS, etc) do not like VPN's at all when trying to gain access to their URL/servers. VPNs apparently will block some identifying data that they require to access their webpage.

[docque]

We to use a hotspot on our phone when camping. And my wife VPNs all day week long to her work through it. Im sure all of her servers are HTTPS because of where she works as an IT Software Engineer reading sensitive HIPAA data (I too used to work there as an IT Software Engineer).

She has no issue using our VZ Hotspot to access any of her servers. One caveat though, she VPNs to a work related Data Center, and once there she networks to each server she requires. Not sure if this is your case but it may have something to do with it as well.

However, I will note that some HTTPS sites (financial institutions, government, INS, etc) do not like VPN's at all when trying to gain access to their URL/servers. VPNs apparently will block some identifying data that they require to access their webpage.

I am going to get a real hotspot today and see how it goes. I really think it is the phone.

To answer everyone's questions about how this even works. It does, flawlessly and has been for many years. That is why it confuses me as to why it just doesn't work correctly when it is paired with the phone.

Here is another fun one. The main laptop has zero connectivity if the CentOS VM is not running. That is because it uses it as a proxy. Always thought that was funny.

I will keep you all informed as to what happens when I get the new hotspot. I assume the MiFi M2000 is not a bad hotspot?

[MoonShadow_1911]

I am going to get a real hotspot today and see how it goes. I really think it is the phone.

To answer everyone's questions about how this even works. It does, flawlessly and has been for many years. That is why it confuses me as to why it just doesn't work correctly when it is paired with the phone.

Here is another fun one. The main laptop has zero connectivity if the CentOS VM is not running. That is because it uses it as a proxy. Always thought that was funny.

I will keep you all informed as to what happens when I get the new hotspot. I assume the MiFi M2000 is not a bad hotspot?

Something tells me that the proxy might be blocking port 443? I dunno, without getting hands on the setup, it's a bit difficult to do a deep dive into it.

Definitely let us know if the new hotspot works. If it doesn't, you are probably looking at something within the configuration itself.

Sent from my SM-N986U using Tapatalk

[docque]

Something tells me that the proxy might be blocking port 443? I dunno, without getting hands on the setup, it's a bit difficult to do a deep dive into it.

Definitely let us know if the new hotspot works. If it doesn't, you are probably looking at something within the configuration itself.

Sent from my SM-N986U using Tapatalk

I wanted to go Starlink but it is not available in our area. Which is very confusing because last I checked, satellites don't avoid certain areas.

But chances are I need Internet and not Hotspot due to the complexity of my configuration.

[MoonShadow_1911]

I wanted to go Starlink but it is not available in our area. Which is very confusing because last I checked, satellites don't avoid certain areas.

But chances are I need Internet and not Hotspot due to the complexity of my configuration.

Sign up for the starlink RV package it's available everywhere for $135 a month.

Sent from my SM-N986U using Tapatalk

[fmartinmn]

After reading through this thread, I can honestly and unequivocally say I didn't understand anything I just read...... and I hope I never have to.