VPN (SonicWall) will not connect over T-mobile 5G Hotspot

Today (5/22/21), I was advised by tier 2 technical support that T-mobile does not support the use of VPNs through a cell phone hot spot.  This was in response to my issue of not being able to establish an IKEv2 VPN from my laptop through the hot spot on a Samsung S20G FE.   (I can do so using a different ISP without issue).   When I asked for the document that stated as much, it was not immediately available.  I was told I would have a copy within 72 hours.   I am not holding my breath.

I can establish an SSL-based VPN connection through the hotspot, probably because SSL has to be supported for an internet connection to be of any value whatsoever.

I consider this a material failure since T-mobile does not make this information available when one signs up.  I am considering legal action to negate the contract.

It’s something worth trying, but it did not help me.   The core issue is that T-mobile does not support VPNs through a cell phone hotspot - as they have told me.   SSL-based VPNs do work, not because T-mobile goes out its way to support them but because SSL is so pervasive a hotspot that did not allow it would be all but useless.

In my case, I am trying to use an IKEv2-based VPN - which is native to Windows - but requires a bit of effort on the part of the carrier to allow the necessary ports and protocols to be opened/allowed.  T-mobile is apparently unable or unwilling to make this effort. 

T-Mobile using ipv6 instead of ipv4.

Keep in mind that, at least for me, the WatchGuard SSL VPN (based on OpenVPN) works just fine with the phone’s hot spot and I know the firewalls at the other end are not using IPv6 (I manage them…. :)).   

Find out for sure whether your VPN is SSL-based or IPSEC/IKEv2-based.   If the former, there may be something you can do, but if it’s the latter, you may be out of luck.   

Both types of VPN work just fine when I use my regular ISP (Cox Cable).

Thank you for the information.   Please clarify whether you were making the VPN connection from your phone itself or if you were making a VPN connection from your laptop and using the phone as a hotspot.   Also, do you know what type of VPN you are using (SSL, IPSEC, IKEv2, etc.)?

At least some of the folks in this thread are trying to do the latter (connecting from a laptop)

Back in 2020, I was able to work remotely through VPN using the t-mobile hotspot without issue. Now the reliability of the connection seems iffy, and I am not able to access certain things as I could before. In addition, previously I could connect to Udacity’s coding modules without issue (while not connected to VPN), but now they seem to be blocked while on hotspot.

I am not sure what has changed, using the same phone as before, but this really has put a major damper on my ability to use my laptop remotely.

I am supporting a user with a new S21, Can’t connect with Global VPN client on a laptop tethered to the phone.  The sim card in another device works this way, and their previous phone, an S10 worked this way.  
I have tried all the methods mentioned.  But through testing I have determined for sure that the packets are not arriving to the Sonicwall at all.    The other interesting thing is that on the phone, if you download the GVPN app, it connects on the phone no problem.  But when a laptop is tethered, it goes around that VPN client on the phone and doesn’t work.  It appears that the phone itself is blocking or somehow that phone on the T-Mobile network is blocking ports 500/4500 only on the hotspot connection. 
This user needs to use their phone as a hotspot and connect their business laptop to their office VPN connection. 
I have not found a solution yet.  

I just found this thread because I’m having the same problem. Hotspot on a Google Pixel 5a. The Sonicwall VPN client on my laptop appears to be having its connection attempts blocked. Everything else works. Fortunately, I’m just testing a new laptop, and it won’t actually be used this way. But it would have been nice to know so I didn’t spend an hour troubleshooting.

Experiencing the same issue receiving numerous calls from our employees working from home using T-mobile’s new 5g home internet.  My IPSEC VPN (Global Protect) will not work over the other T-mobile hotspots either. Spent half the day with Sonicwall’s engineering to find T-mobile’s service was not passing the VPN traffic on ports 500 & 4500.  Hot spots on Verizon and ATT work with no issues. 

So my situation was a little different since I was using a work laptop and Inseego MiFi hotspot and my work laptop is using Cisco AnyConnect Secure Mobility Client VPN. My work laptop locks down Network Preference Properties behind an admin account so I couldn't access any settings there. And the VPN only utilizes IPv4. However, I was able to get the Cisco VPN to work by logging into Inseego Web Admin panel. Once there, I navigated to Settings -> Advanced -> LAN -> IPv6 and unchecking the IPv6 box. Hope this helps someone! 

THANK YOU THANK YOU for this post. My IT Department could not figure this out. I found your post, sent it to them and what do ya know? I was able to successfully connect to my work VPN from my hotspot on my iPhone 14!!!! 

This worked for me, thanks for the help!  I also use FortiClient through my employer and couldn’t connect via my iPhone hotspot.  Disabling the IPv6 as you detailed here worked!

Score! I was also stuck using my company-supplied VPN (FortiClient) and my IT department swore up and down that it must be T-Mobil that is the problem (well it is in the end...). This finally fixed my issue after trying to figure it out on my own for months on end. Last week I was sitting in front of an empty church glomming off of their unprotected wifi signal just so I could obtain a file from my company servers. No more!