Monzo is not able to connect to the internet over WiFi in Dubai

(Naresh Krishna) #1

The Monzo app has been acting weird over WiFi here in Dubai. I’m not sure exactly for how long but the app is not able to connect to the internet. Having said that, it works perfectly fine over mobile data and a VPN.

Is this a problem with my ISP or could the smart people at Monzo do something about it?

(Dan) #2

Just a thought, but it might be that Monzo traffic is being filtered out.

Which explains why it works over VPN :face_with_monocle:.


"The United Arab Emirates censors the Internet using Secure Computing’s solution. The country’s ISPs Etisalat and du (telco) ban pornography, politically sensitive material, all Israeli domains,[8] and anything against the perceived moral values of the UAE."
Yet another reason not to visit that awful place.

(Shaukat) #4

However it’s just not the UAE that block or censor the internet in that way. Oman is also the same and no doubt other GCC countries by proxy could be the same as it could be discussed at that level.

Just be mindful that using a VPN (and VoIP) is illegal in both the UAE and Oman. However when I was a few weeks ago monzo worked fine without in both countries, wonder what has changed.

(Andre Borie) #5

Monzo uses AWS for their infrastructure, it could be that someone else hosted “questionable” (to the eyes of that stupid regime) content on there and they just banned the entire AWS IP ranges.

(Naresh Krishna) #6

Oh right. Very weird that the same ISP allows it over mobile data though.

Anyway, thanks for clearing this up. Much appreciated.

(Andre Borie) #7

Mobile roaming is kind of a weird beast. Essentially when your UK SIM roams on a foreign network a tunnel is set up between their SGSN (located within UAE) and your local carrier’s GGSN (in the UK), so as far as your internet connection is concerned you are in the UK, that’s why it works fine.

(Shaukat) #8

Hi are you using a local / visitor simcard for the UAE or are you roaming using your UK number.


So why won’t things like BBC iPlayer work?

(Andre Borie) #10

I think iPlayer requires access to your device’s location services in addition to the location of your IP address, so even if your IP checks out your device’s physical location still gives you away and so they block it.

I guess they’re too ashamed of their content and want to prevent the outside world from seeing how bad they are. :joy:

(Rika Raybould) #11

The BBC knows that these are international connections. Much in the same way that Netflix will block large IP address ranges known to be owned by proxy and VPN hosts. :slightly_smiling_face:

(Andre Borie) #12

In the case of mobile roaming there is no way for them to know - an EE SIM roaming in UAE will still have an EE IP address and as far as the trace route is concerned the traffic comes from EE’s equipments in the UK. The “roaming tunnel” (for the lack of a better word) is transparent to applications.

(Hugh Wells) #13

Hmm, no. The traceroute would definitely show it originating in the UAE, although what you can see depends who you are (client, ISP, BBC) and where you’re running a trace.
(Because by definition that’s what a traceroute is - a list of every node a packet passed through, a number of those will be in the UAE and enroute back to the UK where it terminates)

(Andre Borie) #14

Except we’re not talking about a tunnel at the IP level - as far as your phone is concerned its network interface is a direct PPP link to the GGSN in the UK. So the first hop would already be equipment in the UK network.

Here’s a demo of a trace route from a Manx Telecom SIM roaming on O2 in the UK:

The first publicly-routable hop - - is owned and operated by Manx Telecom. Neither the phone nor the outside world can know from the IP side of things that the phone is actually roaming.

(Hugh Wells) #15

I don’t know enough about telecoms networks - sorry. I always assumed this went over standard IP but I guess telecos have their own backbones for this kinda stuff. If you’re the ISP you definitely know it’s originating in the UAE from your trace :wink:

Yeah, I didn’t realise GGSN was entirely self contained.

(Andre Borie) #16

Yes the mobile network systems are a huge pile of arcane (and legacy) nonsense that feels completely backwards when seen from a network engineer’s (vs a telco scammer’s) perspective.

As the ISP/carrier you might know from the GGSN that the connection is from the UAE, but then again this is not on the IP side of things - your tunnel from UAE will terminate just the same as another tunnel from a local SIM and will be in the same IP address pool.

(Hugh Wells) #17

GGSN has support for full traces right? It must do…

(Andre Borie) #18

No, what I meant is that the roaming is completely transparent to the IP side of things, it happens at Layer 2 (or lower). The GGSN knows it’s from UAE because it’s receiving a connection (in the form of UDP packets, the protocol is GTP, or GPRS tunnelling protocol) from the SGSN based in UAE, however as far as the phone’s connection is concerned there is no difference - all of this is completely transparent to the phone and to its network side of things.

I guess you could have a GGSN (if you pay enough money to Ericsson, or are crazy enough to make your own) that assigns different IP pools based on where the actual tunnel comes from, but either way at that point the data has already arrived in the UK so no point of doing that, sending the data “back” to UAE (though you’d need something there to receive it, see next point) would be counter-productive and incur even more latency.

As far as I know there is no way to have a roaming SIM get an IP address from the roaming partner’s GGSN (so the data doesn’t have to go around the globe back to the UK) without explicit cooperation on their part, which is a shame but not surprising at all coming from such an industry. :sob:

You might understand better if you consider the GGSN as kind of a PPPoE server - for example on a DSL connection a trace route will show the first hop in your DSL provider’s equipment, despite having dozens of BT-owned routers and DSLAMs in the path as well - but those only forward PPP packets (the equivalent of GTP in the mobile world) and so are transparent to you.