For those of you following along at home, we recently set up an openvpn server and connected our android phone to it. Unfortunately, Big Red doesn't offer unlimited data, and while ovpn doesn't really have too bad of a bandwidth overhead, I decided I'd stop playing chicken with the limited data plan and go to tmobile.
The new phone is a goofy-ass samsung note 3, but I think I like it. Everything went smoothly until I reimported my profile and certificates and tried to connect again - it wouldn't work. Oh shit, does tmobile block VPN? A bit of googling led me to this post. Summarizing: go to Settings -> More Networks -> Mobile Networks -> Access Point Names and change a field in the only apn in the list. But all the fields were greyed out. Do I have to root already?
Nope. The solution is to create another APN, copying in all fields from the first. For your/my convenience, the relevant fields and the values were:
Name: big bob's fun time apn - suck it tmobile!
APN type: default,mms,supl
APN protocol: IPv4/IPv6
Roaming APN protocol: IPv4/IPv6
The last two fields are the important ones - "APN protocol" and "Roaming APN protocol". If you don't change the roaming field as well, you won't be able to use vpn when roaming. I don't know what the hell those other fields do, you should use whatever values are in the preset APN on your phone.
The default values are "IPv6 only", but we set up ovpn in tun mode, which does not support IPv6. Change these APN protocol fields to "IPv4/IPv6" and switch to your new and you're golden. Fortunately, the server config, client profile and all certs are still valid.
Yeah, I know IPv4 needs to die, but sometimes we just want our shit to work right and I can't remember a damn IPv6 address other than fe80:: and if you do away with NAT your shit will kind of all be exposed but not really and ...whatever.