Question

VPN issues

  • 9 January 2021
  • 94 replies
  • 42256 views

Userlevel 1
Badge

All devices and home network are good. Signal strength is 2 bars (weak, but functional).  Spouse needs to set up VPN to work from home, but even IT from the office could not get VPN to work via T-Mobile Home Internet.  VPN worked just fine on the same computer using cable network. 


94 replies

T-mobile home internet tech support was able to remotely downgrade my VPN firmware/software so that it works with Global Protect VPN. After the reset, I had to turn the router off, unplug it, then plug it back in after 30 seconds or so then turn it on, for it to work. The representative said that current firmware is known to have issue with Global Protect VPN and they are working on fixing that.

I was able to solve my VPN issues using the guidance in https://amithkumarg.medium.com/resolved-t-mobile-home-internet-vpn-issue-2f5ca594c23e.  This was on a MacBook + Cisco AnyConnect.  I don’t think I needed to change all of them, but I set the MTU on four network adapters to 1350:

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1350
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1350
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1350
utun2: flags=80d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1350

Assuming this is something that can be fixed at the router level, I really hope T-Mobile pays attention to this thread.  Not every user is going to be tech savvy enough to do this on their own.

I too use GlobalProtect which worked fine for 1 day then quit. I resolved the issue by setting the MTU on the PANPG adapter to 1340. However, I am going to try your fix to see if that resolves the issue with the default packet size. I  am getting so much intermittent latency with this service that it is just not working for working from home. But it is great when it works. 

@Ragman177 

Wow -- I tried absolutely everything else that anyone suggested, but nothing worked until I did this.  I looked up what MTU is and how to find the optimal value, and 1340 was the number I came up with too.  After 2 days of non-stop obsessing, this is the first actual progress I’ve made.  Thank you!! 

I’m not sure that I understand the downside of this method.  Are you saying that sometimes it works and sometimes it doesn’t at all? 

Anyway.. if this keeps working, then I can keep Tmobile internet, which will make me very happy.  Thanks again for mentioning it!

 

 

Been fighting this issue for a couple of months. On my windows 10 laptop connected to Cisco Anyconnect VPN I had the IT administrator reduce my MTU to 1350 via this command

 

netsh interface ipv4 set subinterface “Network Name” mtu=1350 store=persistent 

 

substitute Network Name with your whatever your actual connection in.  Mine was Ethernet 2.

It worked.  I’m connected to VPN and have blazing speed.

I was able to solve my VPN issues using the guidance in https://amithkumarg.medium.com/resolved-t-mobile-home-internet-vpn-issue-2f5ca594c23e.  This was on a MacBook + Cisco AnyConnect.  I don’t think I needed to change all of them, but I set the MTU on four network adapters to 1350:

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1350
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1350
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1350
utun2: flags=80d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1350

Assuming this is something that can be fixed at the router level, I really hope T-Mobile pays attention to this thread.  Not every user is going to be tech savvy enough to do this on their own.

I was skeptical of this, but yes, this was definitely the solution for me.  Your MTU number may vary so be sure to follow the procedure from that link.  Again, I have a mac and I use the Cisco AnyConnect software… regardless, your MTU is a hardware network adapter setting so AnyConnect isn’t really the culprit.

I am having the same issue. while accessing a website of my friend. His website basis on hair dryer products. is this a website or vpn?

Step 1

On Windows 10, launch Command Prompt as Administrator 

 

Step 2 

Run this command and get the name of the interface you are connected to. Mine was “Wi-Fi”

 

netsh interface ipv4 show subinterface

 

 

Step 3: 

If MTU is 1500 or more, reduce it to 1400 or lower 

netsh interface ipv4 set subinterface "Wi-Fi" mtu=1400 store=persistent

 

 

Step 4:

Verify if MTU is changed 

 

Step 5:

Reconnect your VPN and try going to pages or applications that had problem earlier. Works like magic. Try lower MTU, maybe 1350 if issues persist. 

 

 

I was able to solve my VPN issues using the guidance in https://amithkumarg.medium.com/resolved-t-mobile-home-internet-vpn-issue-2f5ca594c23e.

This fixed the problem for me, too. Thanks. I’m on MacOS + GlobalProtect VPN.

I switched to T-Mobile home internet couple days ago and I realized that my and my spouse’s VPNs did not work. I called Tmobile and they updated the firmware and my Global Protect Network worked then, but my spouse’s Cysco VPN did not work at all and they said they would give us a call back within 24 hours but never got a call back yet, in 48 hours. My Global protect does not work anymore either and I have to sign in to work tomorrow. I live in an area where there are many t-mobile service towers, I think. And I have been using their wireless for years and am happy with their wireless service. I’m not sure if I can afford the time to keep calling tmobile and be on a  2-hour call with a t-mobile technician. I’m planning to go back to my old service provider. I would have appreciated if t-mobile was transparent upfront and let their customers know they there might be VPN issues. I’m unhappy with the tmobile home internet service!

I’m extremely disappointed that T-Mobile does not publish a list of incompatible VPN devices. This country is working from home, many with VPN devices. I have been on several long waits and calls only to find out T-Mobile does not support the Cisco Meraki VPN. My company’s IT team has had similar issues with other carriers but resolved it with getting a static IP Address assigned. This is not an option from T-Mobile. My company will now inform new employees which carriers to use, I guess some will be blacklisted. What are the chances T-Mobile will notify me IF this problem is resolved before I return to my ISP that just buried fiber in my street? Aside from this, the 5G home router works excellent for all my other connected devices.

I was able to solve my VPN issues using the guidance in https://amithkumarg.medium.com/resolved-t-mobile-home-internet-vpn-issue-2f5ca594c23e.  This was on a MacBook + Cisco AnyConnect.  I don’t think I needed to change all of them, but I set the MTU on four network adapters to 1350:

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1350
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1350
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1350
utun2: flags=80d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1350

Assuming this is something that can be fixed at the router level, I really hope T-Mobile pays attention to this thread.  Not every user is going to be tech savvy enough to do this on their own.

I would be one of those 'Non Tech Savvy' people that this exact problem is effecting. :( If not I'll be off work for weeks with no other internet options in my area to work from home.  I hope TMobile reads these feeds and is able to help.

I’ve had the gray Nokia Gateway since signing up in April and it worked great with my work VPN until that router died and I set up the new one today.  I can still connect to VPN, but am unable to connect to my soft phone server. It’s the same model router as the old one and nothing else changed.  I can connect to the soft phone if I use my hotspot.  Anyone ran into issues like that?

I have read that T-MOBILE is sharing IPv4 addresses.

what the heck. Is this common in the wireless industry?

I was getting a situation with the VPN where it appeared to connect, but it was not functional.  The problem is the MTU packet size value.

For me, I found lowering the MTU value at the client fixed the problem.  The tmobile(nokia) modem seems to be set to 1450 and the cable company was set to 1500.  I don’t think Tmobile will change it at their end. The built in Windows 10 VPN client defaults it to 1400, but there is some header information that moved it past the 1450 window.

 

  1. Find the interface-With the VPN “connected”, initiate the administrator command prompt and type netsh int ipv4 show subinterface.  This will give you a list of interfaces like this:  

       MTU  MediaSenseState   Bytes In  Bytes Out  Interface

    ------  ---------------  ---------  ---------  -------------

      1400                1    2073205    1650218  MY VPN

    4294967295                1          0     167019  Loopback Pseudo-Interface 1

      1500                1  384370968   39338930  Wi-Fi

      1500                5          0          0  Bluetooth Network Connection

      1500                5          0          0  Local Area Connection* 1

      1500                5          0          0  Local Area Connection* 2

      1500                1          0     311118  VirtualBox Host-Only Network

  2. Then, back down the MTU setting with netsh int ipv4 set subinterface “MY VPN” mtu=1380 store=persistent.  You may need to adjust the 1380 value lower for your system.  

  3. exit the VPN and then restart the VPN and see if it works.

  4. If you want to dig deeper, you can figure out when the MTU value craps out with ping www.yahoo.com -f -l -1500 and keep lowering the “1500” value until you see “Packet needs to be fragmented but DF set”.  The last value that worked is close to what the modem is set to.  I’d subtract 70 from that value and set the client mtu to that.

Not sure if someone found out how to correct the issue already. Changed my settings, the VPN protocol from UDP to TCP protocol.  It works fine now

Userlevel 5
Badge +8

 

My company tech’s told me to check the box in the Cisco AnyConnect Settings     

Check   Allow local (LAN) acccess when using VPN (if configured)  

It now works.

All devices and home network are good. Signal strength is 2 bars (weak, but functional).  Spouse needs to set up VPN to work from home, but even IT from the office could not get VPN to work via T-Mobile Home Internet.  VPN worked just fine on the same computer using cable network. 

 

I read somewhere that turning off IPV6 could solve the issue. ...

Thank you! Yes disable IPv6 from your computer’s network connection(s). For example, if you have Windows 10 and use WiFi then right-click the wireless connection > Open Network & Internet settings > Change adapter options > Right-click on the network connection you use > Properties > Uncheck Internet Protocol Version 6 (TCP/IPv6) > OK > Restart your computer.

Badge

I couldn’t connect to my IP cameras inside my house due to the lack of a fixed IP address, however, I came up with a workaround that allowed me to see the camera images.  That is, I placed all the camera images onto a spare computer screen, and connected that computer to my cell phone in the field using “Any Desk”; a desktop sharing application.  In other words, I tunneled (?) through the T-Mobile hotspot.  This was a kluge, but it worked.  However, hooking up the rest of the house would be a nightmare, so I’m sticking with my current ISP. (Note: any desk sharing application can be an outright security threat. )

Reply