VPN issues

Hello:

First day with Gray tower Nokia device: model: 5G21-12W-A, Software Version:

1.2003.03.0168. It arrived at lunchtime.

I found that my speeds were variably slow even without VPN. Usually in the teens-20s for downloads. Uploads were very variable from 0.3 to 25 !  When testing locations around the planet via SurfShark VPN from 5-8pm, there were huge differences. Ping tended to be higher with farther distance from 30-200. Speeds even from the same cities varied by 300%. Never got over 42 mbps.

Via RCN in the DC area: ping 11 ms, 52 / 11 mbps,  jitter 4.8 and 0.35% packet loss via speedtest multi. Loss was zero via single connection.

Why the VPN – in case of doing any banking, like paying bills and helps to keep things more secure.

Proton VPN, free version, worked fine, but ping was in the 200s.

SurfShark VPN initially did not work. Read the prior postings here. Did the items noted below. Someplace along the way I had to change IKE2 protocol to OpenVPN TCP or WIreGuard. Used WireGuard. This was all done in the SS windows 10 software. Ping went from 52 to 54 when using SS VPN. Speeds were a bit slower 27 to 26 and 5 to 2.

First, I did the reboot via the T Mobile ISP website: http://192.168.12.1/. No luck.

Did not do the 45 second reset.

Then I found the posting about the ipv6s and unticked the ipv6 boxes for Proton, SS, and in 1 or 2 other devices.

Still had problems with SS VPN.

Hooked up the T Mobile cylinder to my TP Link wireless device via ethernet and then ethernet from TP L to laptop, then wireless to laptop. It worked. 

Then found that the T Mobile ISP Grey tower worked with SS VPN, but after I killed the ipv6.

Then I tried turning ipv6 back on, took a while to figure out how to do this. I had to turn of SS, Then checked a website Test your IPv6. (test-ipv6.com) after making sure that all 9 network adapters had ipv6 box with a check mark in them ! Had to repeat this process several times. Also turned wireless on and off a few times too (airplane mode).

Best guess, maybe the reset and the IKE2 to TCP or WireGuard did the trick, not killing ipv6.

By 11pm I checked on the work laptop and the government VPN for NIH. It simply worked without any tweaking. Lucky I guess. Fastest speeds via T Mobile and the required gvt VPN 51 40 40 (ping, DL, Upload). Was 21 52 10 via RCN and TP L wireless router.

Also did the wireguard on the SS iphone app. Speeds were wildly variable from 22-40 DL and 1-38 upload on the iphone.

I wasted a whole day on this. I really hope my long posting here helps somebody else.

Cheers…..

VPN issues via SurfShark (SS) are quite different this am. 

Automatic type of connection, SS, IKEv2 or OpenVPN TCP, etc is now connecting via IKEv2. However this is disabling all ipv6’s. WireGuard is not working this am. TCP does work, but disables all ipv6’s. Static IP vs (typical) dynamic IP does not seem to matter with regard to speed, Windows 10 laptop. Speeds around 30s for ping (up to 100 for Seattle and Chicago, from DC), 15-20 1.5-8, DL UL. I did not google “what is my ip” to make sure it matches with my VPN.

Proton free VPN, US 3, was fine today and ping was only 41 - not the 200s; 15, 4 DL, UL.

I will assume that ipv4 vs ipv6 is of no importance for most of us (

As an aside - the enormous variability of speeds without or with VPNs is again noted. Local DC area SS VPN locale had speeds of only 3 for a while, then up to 8, vs Seattle and Chicago, along with NYC static IP at 20 DL. Ten minutes later, the speeds were different again, with local DC SS VPN locale up to 20.

I tried to post a reply twice. Neither seems to have gone thru. Lost my copy. LOL.

Cannot connect via Brave browser, chrome like. So doing this via Edge. I had no issues with Cisco Any Connect on the work laptop 2 days ago. Maybe I was lucky.

Ipv6 drops out via surfshark (SS) VPN. Can someone tell us if 4 vs 6 even matters for most of us? WireGuard no longer worked yesterday. IKEv2 and TCP worked yesterday. Using IKEv2 (automatic) now on SS via Kansas City (KC). Static IP not required for SS. Using dynamic IP. Nearby VPN locations are usually slow with SS. So I have used NYC, KC, Chicago, Seattle, and a few others far from DC over the past 2 days. Could be due to vagaries of SS. Pings usually in 40s from NYC. Higher elsewhere, usually at or under 100. Speeds: DL: sometimes only 1 but often around 20. UL are all over: 1 – 5 – 10 – 25. Tested via speedtest.net. Interestingly, yesterday Proton VPN worked with 40ms or so ping, not 200s. I have no idea what physical place I was connected to (and no idea how to find out) nor which connection protocol was used (smart, TCP, or UDP), as I forgot to check protocol.

What version firmware are you on?

also, what did you end up setting your MTU to for GPVpn?

I’m running GP 5.2.5-66 so I think there might be some differences. 

When I run ifconfig I don’t have a gpd0, if appears as though on my Mac it is using gif0 and the default mtu setting is 1280 which is well within the 1420 threshold of the 5g21.

Yay! I am glad you figured it out. utun (tun short tunneling) is interface created by Mac following any VPN installation. I guess limiting that too, should work, if you don’t see gpd0 specifically.

I was wondering since you have the latest version of GP app >= 5.2.4, you should be able to update the MTU through the app settings. Check here GP documentation:
https://docs.paloaltonetworks.com/globalprotect/5-2/globalprotect-app-new-features/new-features-released-in-gp-app/configurable-maximum-transmission-unit-for-globalprotect-connections

I installed the gray Nokia device yesterday. It worked fine until I tried connecting to work via VPN (Global Protect). I had to get work done so I switched back to Cox. Then I tried this afternoon...no luck. I tried calling support. They were fairly clueless and eventually told me I need to check with my company. I asserted that my VPN worked everywhere else, including from my phone hotspot. 

They continued to assert it was my company’s problem. Then I found this thread and told the rep there are a whole bunch of people with the exact same problem that you refuse to acknowledge. Now I’m scheduled to go to a T-Mobile store tomorrow. I’m not sure what for. Maybe I can just return it then.

I’m not having great experiences with T-Mobile. They sent me to a nearby store with an appointment. I went there to try to return the home internet device. The store said they were an independent T-Mobile store and I had to go to a corporate T-Mobile store (which fortunately wasn’t too far away). The people at the corporate T-Mobile store were trying to be helpful. I don’t think they’d ever seen the Home Internet device despite the fact that they advertise for it in the store. They told me they can’t receive the device back in the store, but that they could help me print a shipping label and maybe find a box to ship it in.

Then the people in the store had to call T-Mobile customer care (which isn’t a fun experience for them, either). After over 30 minutes on the phone with T-Mobile customer care, they passed the phone to me to talk to them. Now I got someone trying to talk me out of returning the home internet device. They asked which VPN I used (Global Protect) and said that firmware revision 168 works with Global Protect (apparently the newer version 178 that I have is worse). So they asked if they could downgrade the version in my device to 168 and try the VPN after that. They said it would take 2 hours for the downgrade and that they’d call to follow up.

Here I am 3 hours later and my firmware hasn’t been downgraded. I called again and they said ideally it takes 2 hours and confirmed that the ticket had been submitted, but he said the changes usually take place between 2 AM and 5 AM Pacific Time. 

What a mess. T-Mobile really isn’t prepared to be selling this product. 

Update: It’s now Monday morning and still no firmware downgrade, although the unit finally acted like it was doing a downgrade overnight. I had to reset everything this morning. But, after getting everything set up again, I found I still have the same firmware (178). I tried calling support and it says there’s an hour wait. Not fun, T-Mobile.

Just to add my (frustrating) experience with the breathtakingly bad service from TMobile. 

When I first got this device several months ago, I was unable to use my VPN (GlobalProtect) due to the tunneling protocol incompatibility.  I made several tech calls which didn’t seem to go anywhere, but for some reason it started working so I assumed they did a firmware patch.

Over the last several months, it worked (slowly) with the VPN, but I would routinely have to restart the modem to get it to work.

This week it completely broke.  I looked through this thread and ultimately made a tech call on Monday.  After a lengthy call, I ended up being told the same thing that FlyingDog was told: 178 doesn’t work so they were going to do a firmware rollback.  I was told they were submitting a ticket and someone would get back to me by Thursday.

Thursday came and went with no word and no rollback, so this morning I called back.  I ended up being on the line for 1.5 hours where I was told there was no record of the ticket to rollback and then told that firmware is something that can’t be rolled back (which is incorrect).  I ultimately ended asking to talk to a supervisor.  Their message was that they don’t have control and only know what they are told.  She did end up submitting a ticket (I have a ticket number this time) for an engineering escalation, which I assume will mean just getting the firmware rolled back.

At this point, I am also leaning toward switching over to Starlink since TMobile really is showing poor technical development and associated support.  The fact that they’d be willing to make firmware changes that completely cripple VPN usage and have technical support that can’t give you consistent answers is troubling to say the least.

It’s really too bad because other than this VPN issue the device has been working really well.  I often get download speeds near 100 Mbps and uploads around 40.

Update: They did in fact end up rolling my firmware back and it is working again.

@FlyingDog For sure the performance is worse when connected to the VPN.  The previous several months this was always the case for me, I’d get about a 10-fold reduction in download speed and there was always massive latency.

This fixed it for me. I had problems using WireGuard VPN. I couldn’t reach many sites and it was very slow.

https://amithkumarg.medium.com/resolved-t-mobile-home-internet-vpn-issue-2f5ca594c23e

Short version is you need to lower the “MTU” setting on your machine’s network adapter

For me on my macbook, it was the “wifi” “en0” device, either at the terminal with “sudo ifconfig en0 mtu 1350” or going to “Network Preferences > Advanced > Hardware” and manually configuring the MTU to 1350.