I’ve been using T-Mobile for a while, but as of more recently have been trying to get VPN working properly over the their “VPN” GPRS service. The odd part about it is that it’s not actually listed on their web site and nobody seems to know about what it actually does. I attempted to call their customer support to answer this question, but ran into a brick wall. The customer service folks seemed to think that only the NOC would have that information. It’s not that hard to find the NOC from their IP space:

OrgName: T-Mobile USA
OrgID: TMOBI
Address: 12920 SE 38th Street
City: Bellevue
StateProv: WA
PostalCode: 98027
Country: US

NetRange: 208.54.0.0 - 208.54.159.255
CIDR: 208.54.0.0/17, 208.54.128.0/19
NetName: TMO2
NetHandle: NET-208-54-0-0-1
Parent: NET-208-0-0-0-0
NetType: Direct Allocation
NameServer: WEST1.JMRTECH.NET
NameServer: EAST1.JMRTECH.NET
NameServer: WEST2.JMRTECH.NET
NameServer: EAST2.JMRTECH.NET
Comment:
RegDate:
Updated: 2003-03-23

OrgTechHandle: DNSAD11-ARIN
OrgTechName: DNS Administrators
OrgTechPhone: +1-888-662-4662
OrgTechEmail: tech@tmodns.net

I normally don’t make it a policy of calling random NOC’s since they don’t tend to take kindly to calls, but what’s the worse that could happen? After explaining my situation and asking for help, my reply was something similar to “I don’t know where you go this number, but you’re going to have to talk to customer service for that. Have a nice evening.”

Maybe we can figure out something with port scanning, since I do have a public IP.

The first thing I checked out was to see whether or not they appeared to be filtering GRE, which would break the Microsoft PPTP VPN:

(The 255 protocols scanned but not shown below are in state: open|filtered)
PROTOCOL STATE SERVICE
55 filtered mobile

/etc/protocols has this to say about it:

mobile 55 MOBILE # IP Mobility

It’s not surprising that they’d filter port 55 since that could be used to muck with T-Mobile’s network when crossing subnets. Protocol 47, or GRE, seems to be accessible incoming.

What about a UDP Scan on interesting ports?

All 1478 scanned ports are: open|filtered
Nmap run completed – 1 IP address (1 host up) scanned in 297.953 seconds

Running a simple SYN TCP scan tells us the following:

All 1663 scanned ports are: filtered
Nmap run completed – 1 IP address (1 host up) scanned in 335.872 seconds

Well then. I suppose that answers my question. I guess it’s not too surprising that I can’t run services on my public IP on T-Mobile. On the other hand, I could always run 6to4 from that if I don’t mind using IPv6.