VPN issues

  • 9 January 2021
  • 22 replies


All devices and home network are good. Signal strength is 2 bars (weak, but functional).  Spouse needs to set up VPN to work from home, but even IT from the office could not get VPN to work via T-Mobile Home Internet.  VPN worked just fine on the same computer using cable network. 

22 replies

Userlevel 5
Badge +7

Seems to be a recurring theme.


I’m having the same issue here. 

Using my old internet connection, I have no issues. The moment I switch over to T-Mobile Home Internet, I can’t login to the VPN.

Any ideas?

I’m having the same issue.  If I can’t get it resolved, I’m going to have to cancel my service and go back to Spectrum.

I read somewhere that turning off IPV6 could solve the issue. Having said that, configuring IPv6 is not an option on the router settings. Not from the app. Not from the router’s webpage. 

Userlevel 3
Badge +5

It's a possibility.  I know that I didn't have issues with my work Vpn when I tested it out about a year ago.   That being said, I know that at some places with wifi, I had issues with a different vpn service (city library + different employer)

Userlevel 3

If you have the new Nokia 5G gateway there are many corporate level VPN’s like PaloAlto Networks GlobalProtect that do NOT work.  Many reports of this and hopefully T-Mobile responds quickly to fix.  These same VPN’s DO work on the white Askey gateway and on the Franklin hotspot.


T-Mobile PLEASE, PLEASE, PLEASE address this as a priority and roll-out an update ASAP.   Thank you.


Tech support said they were all due to VPN set up issues asking to dual stack IPV4 and IPV6.

But why the existing set up works fine with the Specturm cabble not on T-Mobile 5G home internet?

The VPN set-up allows both IPV4 and IPV6.

I am not convinced the tech support’s assertion about dual stacking of IPV4/IPV6.

I am about to return it.

Same issue over here… on a Nokia 5g Gray. Coworker on the 4g White reported same issue after a firmware update was pushed. IPSec VPN is not working over Tmo home internet. I tried both work and home. PPTP oddly enough worked, but that's not a reasonable solution nor is it secure. I really doubt anyone’s employer is going to re-architect their infrastructure for dual stack VPN for a single or a hand full of employees. Same VPN’s work when connected via TMO hotspot on my cell… so I am not sure why they are blocking it. No options in the web console. Not very happy… Hell, charge me $5 more a month to make it work… Looks like TMO was not the escape plan I had hoped for getting away from comcast.

Some troubleshooting info for folks: I had to swap from WireGuard to OpenVPN, had to swap from a UDP to a TCP connection type and I was able to get my VPN to function.

TINC will also works out of box BUT that doesn't help most people that need the VPN for work sadly. I am not going to make massive changes to the environment for 1 person out of 300+ connections. This is going to be a show stopper for lots of people, especially with all the remote working going on.

I’m having the same issues with connecting to my wife’s company’s VPN.  I thought I’d be able to get away from Spectrum, but T-Mobile doesn’t like like a viable solution - despite significant efforts on my part to make it work.

About three weeks ago, I tried connecting to T-Mobile. Initial attempts in connecting to T-Mobile weren’t good – and I was only able to achieve download speeds of 15 mbps.  I called their technical support and found they were having tower/equipment issues - and had been for about 3 weeks - with no anticipated date for repair.  I put back the Spectrum service and told them I’d try it again when they had their equipment issues fixed.


ON 2/1, I re-installed the T-Mobile Gateway equipment - NOKIA 5G21 GATEWAY: T-MOBILE HOME INTERNET and connected T-Mobile Gateway via Cat 5 ethernet directly to my TP-Link Archer AX11000 wireless router.  I did repeated internet bandwidth testing using Speedtest - both through my computer’s Chrome browser, and through the TP-link app - directly from the wireless router.   I wasn’t having any issues with any of my internet-based usage and needs -   achieving download speed ranging on the low-end from 50 Mbps to 110 Mbps. We can stream 4K programming to our TV’s, monitor outdoor 1080p security cameras, conduct video conferences, and all of the normal data applications and downloads. 

Using a Cisco AnyConnect VPN is a WHOLE DIFFERENT STORY.  It DOESN’T WORK with T-Mobile. As soon as I connect to the VPN, my internet speed/bandwdth is non-existent and I can’t access any of the company systems.  Beginning on Friday, I spent two days troubleshooting the issue.  In every case, I would have connection bandwidth speeds between 50 Mbps to 110 Mbps on all of my devices - including the computer I need to connect to the VPN.  With my first attempt, I used Speedtest on two successive runs, with upload speeds were 15 and download speeds were 49 and 72.  Next, I successfully connected to the company VPN  (IPsec) IPv4) , ran Speedtest, and received 10 down and 1 up, and then 6 down and 10 up.  I simultaneously ran the TP-Link Speedtest app and received 86 down and 7 up.  I disconnected from the company VPN, and recorded speeds of 70 Mbps. 

Later on in the evening, we ran more comparative tests and the results were even more disconcerting.  The T-Mobile speeds in general were lower – averaging about 50 down and 8 up – as measured both on my wife’s computer through her Chrome browser using Speedtest prior to VPN connection and independently on my TP app also using Speedtest.  However, once connected to the VPN, opening the Chrome browser and attempting to run Speedtest, I couldn’t even get the Speedtest to run – receiving “Download Test Error”. 

The company’s IT Director took the computer home over the weekend to troubleshoot it in his home environment with Spectrum.  He had no problem connecting through the VPN, and recorded speeds in excess of 70Mbps.

This evening, I again attempted to connect to the VPN, and had the same results.  After a 2 hour wait to get T-Mobile support, I had a nice support rep who simply took down my information, created a trouble ticket, and said someone will get back to my in 24 - 48 hours.  After reading all of the other people who are having the same issues, and having no addressable solution, I placed an order for Spectrum to have my service restored.




My VPN (openVPN) worked fine except for SSH. Could not SSH through the VPN while on LTE to save my life.
Worked fine on other connections, and worked fine on the LTE if not through the VPN.

Ended up having to uncomment a line in my ssh_config per this stackoverflow post:

Now ssh through the VPN on the LTE works like a champ.

Got my gateway 3 days ago. No success accessing my employer VPN either. I will call IT and TMO support, but it seems Comcast is very happy right now...

This is what support sent me.  Sent it to my IT to see if Cisco Any connect supports this.  My IT is not willing to enable IPv6 due to extra maintaince and security patching.  No T-Mobile for me.

There are no known issues with VPNs and how they interact with the T-Mobile network to provide internet service. There may be an underlying factor (that can only be addressed by the owner of that VPN client) where there is a need to have ipv4 and ipv6 double stacked into the setup configuration to avoid any service issues. Please have the customer reach out to their VPN client support to check if this is indeed the configuration being used and to also further troubleshoot the VPN issue.   Failed outbound VPN connection is caused by a known carrier grade NAT issue relating to T-Mobile’s implementation a fully IPv6 network and the implementation of 464XLAT, NAT64, and DNS64 for accessing IPv4 resources. The customer’s VPN or VPN server they are connecting to is not properly configured to work with an IPv6 network. This is a third party issue that T-Mobile cannot help with.Thanks for being best part of T-MobileBest Regards!

I just got the same message sent to me as Josh123. I’m in IT and work for a large company and troubleshooted the issue with our engineers for a few hours to figure out this is on the T-Mobile side. We are all amazed that they can’t support and won’t support ipv4 and what is more troubling is that they actually give you an ipv4 address for your external gateway which is the same thing Comcast and I’m guessing others are doing. So it makes no sense. The speeds have been awesome as we are less that 5,000 feet from the tower. Everything works great except the most import thing which is being able to use my VPN client. We use Global Protect by PaloAlto.

ITGuy3323, I am also in IT and very disappointed.  I have ordered Starlink now but was really hoping T-Mobile would have a solution but nothing.  I can't even pay more to get a static IPv4 address.  I have read that T-MOBILE is sharing IPv4 addresses.

This is the response I got back from them….“This is the workaround engineering has provided to us. We only use IPv6. This is a known pain point that is currently under review. There currently is nothing to escalate”


I think I am having the same issue… except I am in healthcare and trying to access a health record and the IT speak is over my head :). Someone had said something about MTU packet size… is this a possibility or is it more related to the ipv4/IPv6 issue. The IT department at my facility isn’t going to be able to help me so I need to figure out if there is anything I can ask them to change for me on my laptop. And probably silly question but this won’t be solved by me hooking the gateway to a separate router will it? I have no other home internet options so I guess it is back to chewing up my data on my cell phone… Thanks so much!

Userlevel 3
Badge +5

Cisco AnyConnect works fine with my cell as a hotspot.  I had to use it recently when Spectrum had an outage

I too am having this issue with the Grey T-Mobile Gateway and GlobalProtect. I live out in the middle of nowhere so we don’t have any other real high speed options by any definition of the word. It is very unfortunate that when I finally sign up for a real high speed option, it doesn’t work with my company’s VPN. My company won’t change anything since I am 1 case in about 8000 employees so I hope there will be a fix soon from T-Mobile.

Honestly though, I can’t imagine their QA team did enough testing before releasing this product. They have to have known that people would intend to work on this network through a VPN. 

Userlevel 3
Badge +5

I suspect that the issue would be resolved much quicker if it was a ‘T-Mobile business’  related issue than ‘consumer’.