VPN issues

  • 9 January 2021
  • 96 replies

Userlevel 1

All devices and home network are good. Signal strength is 2 bars (weak, but functional).  Spouse needs to set up VPN to work from home, but even IT from the office could not get VPN to work via T-Mobile Home Internet.  VPN worked just fine on the same computer using cable network. 

96 replies

Userlevel 4
Badge +1

If you have the new Nokia 5G gateway there are many corporate level VPN’s like PaloAlto Networks GlobalProtect that do NOT work.  Many reports of this and hopefully T-Mobile responds quickly to fix.  These same VPN’s DO work on the white Askey gateway and on the Franklin hotspot.


T-Mobile PLEASE, PLEASE, PLEASE address this as a priority and roll-out an update ASAP.   Thank you.

Userlevel 1

I just got the same message sent to me as Josh123. I’m in IT and work for a large company and troubleshooted the issue with our engineers for a few hours to figure out this is on the T-Mobile side. We are all amazed that they can’t support and won’t support ipv4 and what is more troubling is that they actually give you an ipv4 address for your external gateway which is the same thing Comcast and I’m guessing others are doing. So it makes no sense. The speeds have been awesome as we are less that 5,000 feet from the tower. Everything works great except the most import thing which is being able to use my VPN client. We use Global Protect by PaloAlto.

I was able to solve my VPN issues using the guidance in  This was on a MacBook + Cisco AnyConnect.  I don’t think I needed to change all of them, but I set the MTU on four network adapters to 1350:

utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1350
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1350

Assuming this is something that can be fixed at the router level, I really hope T-Mobile pays attention to this thread.  Not every user is going to be tech savvy enough to do this on their own.

Userlevel 1

TINC will also works out of box BUT that doesn't help most people that need the VPN for work sadly. I am not going to make massive changes to the environment for 1 person out of 300+ connections. This is going to be a show stopper for lots of people, especially with all the remote working going on.

Userlevel 1

Same issue over here… on a Nokia 5g Gray. Coworker on the 4g White reported same issue after a firmware update was pushed. IPSec VPN is not working over Tmo home internet. I tried both work and home. PPTP oddly enough worked, but that's not a reasonable solution nor is it secure. I really doubt anyone’s employer is going to re-architect their infrastructure for dual stack VPN for a single or a hand full of employees. Same VPN’s work when connected via TMO hotspot on my cell… so I am not sure why they are blocking it. No options in the web console. Not very happy… Hell, charge me $5 more a month to make it work… Looks like TMO was not the escape plan I had hoped for getting away from comcast.

Userlevel 1

ITGuy3323, I am also in IT and very disappointed.  I have ordered Starlink now but was really hoping T-Mobile would have a solution but nothing.  I can't even pay more to get a static IPv4 address.  I have read that T-MOBILE is sharing IPv4 addresses.

Userlevel 1

Mine was just the MTU issue, was able to resolve it by lowering the number. If this blog can be helpful for anyone to troubleshoot and resolve the issue:

I’m having the same issue.  If I can’t get it resolved, I’m going to have to cancel my service and go back to Spectrum.

Userlevel 1

This is what support sent me.  Sent it to my IT to see if Cisco Any connect supports this.  My IT is not willing to enable IPv6 due to extra maintaince and security patching.  No T-Mobile for me.

There are no known issues with VPNs and how they interact with the T-Mobile network to provide internet service. There may be an underlying factor (that can only be addressed by the owner of that VPN client) where there is a need to have ipv4 and ipv6 double stacked into the setup configuration to avoid any service issues. Please have the customer reach out to their VPN client support to check if this is indeed the configuration being used and to also further troubleshoot the VPN issue.   Failed outbound VPN connection is caused by a known carrier grade NAT issue relating to T-Mobile’s implementation a fully IPv6 network and the implementation of 464XLAT, NAT64, and DNS64 for accessing IPv4 resources. The customer’s VPN or VPN server they are connecting to is not properly configured to work with an IPv6 network. This is a third party issue that T-Mobile cannot help with.Thanks for being best part of T-MobileBest Regards!

Userlevel 7
Badge +11

Seems to be a recurring theme.


Userlevel 2

Update: They did in fact end up rolling my firmware back and it is working again.


@FlyingDog For sure the performance is worse when connected to the VPN.  The previous several months this was always the case for me, I’d get about a 10-fold reduction in download speed and there was always massive latency.

Userlevel 1

This is the response I got back from them….“This is the workaround engineering has provided to us. We only use IPv6. This is a known pain point that is currently under review. There currently is nothing to escalate”


Tech support said they were all due to VPN set up issues asking to dual stack IPV4 and IPV6.

But why the existing set up works fine with the Specturm cabble not on T-Mobile 5G home internet?

The VPN set-up allows both IPV4 and IPV6.

I am not convinced the tech support’s assertion about dual stacking of IPV4/IPV6.

I am about to return it.

Some troubleshooting info for folks: I had to swap from WireGuard to OpenVPN, had to swap from a UDP to a TCP connection type and I was able to get my VPN to function.

I switched to T-Mobile home internet couple days ago and I realized that my and my spouse’s VPNs did not work. I called Tmobile and they updated the firmware and my Global Protect Network worked then, but my spouse’s Cysco VPN did not work at all and they said they would give us a call back within 24 hours but never got a call back yet, in 48 hours. My Global protect does not work anymore either and I have to sign in to work tomorrow. I live in an area where there are many t-mobile service towers, I think. And I have been using their wireless for years and am happy with their wireless service. I’m not sure if I can afford the time to keep calling tmobile and be on a  2-hour call with a t-mobile technician. I’m planning to go back to my old service provider. I would have appreciated if t-mobile was transparent upfront and let their customers know they there might be VPN issues. I’m unhappy with the tmobile home internet service!

I too am having this issue with the Grey T-Mobile Gateway and GlobalProtect. I live out in the middle of nowhere so we don’t have any other real high speed options by any definition of the word. It is very unfortunate that when I finally sign up for a real high speed option, it doesn’t work with my company’s VPN. My company won’t change anything since I am 1 case in about 8000 employees so I hope there will be a fix soon from T-Mobile.

Honestly though, I can’t imagine their QA team did enough testing before releasing this product. They have to have known that people would intend to work on this network through a VPN. 

Userlevel 1

What version firmware are you on?

also, what did you end up setting your MTU to for GPVpn?

My configuration is this:
Host: Apple Mac OS X 10.15.7
Provider: GlobalProtect v5.0.9–15 Palo Alto Networks
Tunnel Mode: IPSEC
T-Mobile Home Internet Gateway:
Model: 5G21–12-A Grey
Hardware Version: 3TG00739AABB
Software Version: 1.2003.03.0178

And the MTU I set to 1350, using this command “
sudo ifconfig gpd0 mtu 1350”

Just adding to this - I want to use this service so badly!  Currently on my 4th day and still have Comcast while I was testing and found this issue.  Unfortunately, it’s a deal breaker and Ill have to go back to Comcast if this doesn’t work, my wife is a nurse and needs to be able to VPN to work, as do I for my job.

Any updates on this T-Mobile?

Been fighting this issue for a couple of months. On my windows 10 laptop connected to Cisco Anyconnect VPN I had the IT administrator reduce my MTU to 1350 via this command


netsh interface ipv4 set subinterface “Network Name” mtu=1350 store=persistent 


substitute Network Name with your whatever your actual connection in.  Mine was Ethernet 2.

It worked.  I’m connected to VPN and have blazing speed.

Got my gateway 3 days ago. No success accessing my employer VPN either. I will call IT and TMO support, but it seems Comcast is very happy right now...

I have had the T-Mobile Home Internet Service for about 2 months now and have been fighting non-stop with the VPN issues. I use Cisco AnyConnect for my work and constantly have issues with applications needed for work, mostly Microsoft Teams. When NOT connected to the VPN my download is about 75mbps and upload about 25mbps, all very good numbers. However, once connected to Cisco AnyConnect those numbers come down to almost a crashing halt of 2.5mbps down and 2.0mbps up… it is absolutely awful and quite honestly embarrassing because I have to be on Microsoft Teams all day including conferences.

I’ve talked to the tech support and it was elevated to a second tier, but that resulted in no solution. Their belief is that the VPN was the problem and that I needed to speak with my employer’s IT department about it… so I did. I opened up various tickets through my employer and went in to the office so they could do additional diagnosing. They could not find anything wrong, in fact, had me log in to the VPN via their network and it worked just fine. 

I have starlink service on order and hope to have it here in a month. Ideally for the cost and what I anticipated being great performance by T-Mobile, I would prefer to keep T-Mobile. However, I simply CANNOT wait much longer especially if the company appears to be denying even an issue.

Hope T-Mobile comes to the rescue.

This fixed it for me. I had problems using WireGuard VPN. I couldn’t reach many sites and it was very slow.

Short version is you need to lower the “MTU” setting on your machine’s network adapter

For me on my macbook, it was the “wifi” “en0” device, either at the terminal with “sudo ifconfig en0 mtu 1350” or going to “Network Preferences > Advanced > Hardware” and manually configuring the MTU to 1350. 

If they plan to roll this out for business and personal use they need to fix this or it's going to be a massive fail. I've tried factory resetting the router 10+ times and still can't get the update to push. For now I'm  still using my phone hotspot but the whole point of subscribing to T Mobile Home Internet was because it won't play nice on Teams calls/meetings.

I read somewhere that turning off IPV6 could solve the issue. Having said that, configuring IPv6 is not an option on the router settings. Not from the app. Not from the router’s webpage. 

Update: It’s now Thursday morning. T-Mobile support had promised to call me back on Tuesday morning with an update (they didn’t). I checked today and saw that I had finally been downgraded to firmware 168. I tried my Global Protect VPN and it actually works! I’ll try working the rest of the day on that to see if it continues to work.