My background is in IT / networking and I started using Tmo Home Internet for the past 2 weeks. The router being shipped today to customers is missing very important features for power users - it actually broke my ability to remotely access my home via direct-connection using public IPv6 and IPv4 that I used on comcast.
Contacting support for help is pretty much useless, although I have raised a few tickets regarding the major issues affecting me since switching ISPs, namely:
Unable to ping my IPv6 WAN address given by T-mobile (to remotely monitor my internet connection)
Unable to remotely access my home via my VPN server which listens to connections on the WAN IPv6 address (again, T-mobile is filtering ALL my incoming traffic - comcast, att fiber, other major players in the market don’t do this filtering to endpoints except for spam port 25)
Connecting to a VPN server hosted on the internet is unreliable and unstable.
T-mobile does not offer IPv6 Prefix Delegation (comcast has it, att fiber does too)
I’ve spent the majority of my time trying to figure out ways to make this work. Most folks out there are blaming the Nokia router firmware which is really locked down by T-mobile, so being the IT engineer I pretend to be I purchased a Netgear LAX20 which is T-mobile and AT&T certified - I swapped SIMs for my Home internet service and tested both.
Even with a router that I fully control, with firewall disabled and allowing WAN icmp/ping responses T-mobile seems to continue to filter traffic (even pings!) incoming towards my service equipment… to make a fair comparison I got an AT&T SIM card and repeated the tests. On AT&T I can ping and access my device remotely when it is on the AT&T LTE network on the same Netgear LAX20.
Decided to post here to vent and share some findings, as this is somewhat frustrating that other LTE carriers that do not offer ‘home internet’ service do allow you to control and manage your network as you see fit while the new “home internet” service does not give you any control at all. Those users who wish to be able to remotely manage their smart home should perhaps stay away for now until T-mobile decides to do the right thing which is for “home internet” service subscribers to have different security network rules than cellphones on the network.
T-mobile please fix your business model for this new service, starting with adding the ability to request zero network filtering for home internet subscribers and the ability to get IPv6 prefix delegated.
After going through all these issues and trying to figure out why T-Mobile work this way (frequent IP changes, no bridge mode - read carrier UE lock, random latency discrepancies between native ipv6 and ipv4), and I have to say this thread explains a lot.
Also, there is no such thing as “IPv6 ONLY network” for companies providing DIA. Sure, parts of them can be IPv6 only but you still need to route IPv4 from NAT64 gateways for resources only available on IPv4, it won’t go away anytime soon. There are also customers business customers you need to take care of… So, you still maintain two separate networks, the difference is that the IPv4 scope becomes more narrow and easier to maintain.
Time will say if T-Mobile is a winner going with 464XLAT but it for sure affects their service offerings today, functionality and compatibility wise.
We talked about shortages of IPs etc. but it looks like Verizon Wireless handled it just fine, with 5G Home Internet getting routable IPv4 addresses, CPEs with bridge mode for both, mmWave and C-Band. Cell phones using true dual stack (CGNAT/IPv6), which seems appropriate.
@ReblogI have been holding off with this observation and thought you might have some insight into the problem. I am responsible for posting documents/pictures, etc. from home to a remote server. Over the years I have used FTP to easily transfer these files. However, since I switched from a slow DSL connection to T-Mobile HI (ASKEY), I no longer can move the files. I used Windows 10 File Explorer in split screen mode (remote on one screen and local files on second) and simply clicked and dragged the files from one screen to the other. Now when I try to connect with T-Mobile HI, I get the following error message...any thoughts? I have permissions on the remote FTP server.
PASV is horribly implemented with Microsoft Windows. It will say it’s in passive mode. It will lie about being in passive mode. Use a dedicated FTP client like FileZilla instead.
The original post is over a year old now. Has T-mobile fixed the problem yet? I have a 4g sim with a netgear modem. I can confirm that incoming IPv4 ports are blocked and natted. I have not tested IPv6.
I have looked into VPNs. but the majority of them don’t allow port forwards, and the ones that do are cost prohibitive. Cheaper just to stay with cable.
My sim is prepaid, so if they haven’t gotten this working by the end of the billing cycle, I’m going to assume that they don’t possess the know-how or technology to provide competent internet service.
Has anyone figured out a work around I need port 443 and 80 open and forwarding it bridge mode!?
Or heard when or if there will be a firmware update for this?
My background is in IT / networking and I started using Tmo Home Internet for the past 2 weeks. The router being shipped today to customers is missing very important features for power users - it actually broke my ability to remotely access my home via direct-connection using public IPv6 and IPv4 that I used on comcast.
Contacting support for help is pretty much useless, although I have raised a few tickets regarding the major issues affecting me since switching ISPs, namely:
Unable to ping my IPv6 WAN address given by T-mobile (to remotely monitor my internet connection)
Unable to remotely access my home via my VPN server which listens to connections on the WAN IPv6 address (again, T-mobile is filtering ALL my incoming traffic - comcast, att fiber, other major players in the market don’t do this filtering to endpoints except for spam port 25)
Connecting to a VPN server hosted on the internet is unreliable and unstable.
T-mobile does not offer IPv6 Prefix Delegation (comcast has it, att fiber does too)
I’ve spent the majority of my time trying to figure out ways to make this work. Most folks out there are blaming the Nokia router firmware which is really locked down by T-mobile, so being the IT engineer I pretend to be I purchased a Netgear LAX20 which is T-mobile and AT&T certified - I swapped SIMs for my Home internet service and tested both.
Even with a router that I fully control, with firewall disabled and allowing WAN icmp/ping responses T-mobile seems to continue to filter traffic (even pings!) incoming towards my service equipment… to make a fair comparison I got an AT&T SIM card and repeated the tests. On AT&T I can ping and access my device remotely when it is on the AT&T LTE network on the same Netgear LAX20.
Decided to post here to vent and share some findings, as this is somewhat frustrating that other LTE carriers that do not offer ‘home internet’ service do allow you to control and manage your network as you see fit while the new “home internet” service does not give you any control at all. Those users who wish to be able to remotely manage their smart home should perhaps stay away for now until T-mobile decides to do the right thing which is for “home internet” service subscribers to have different security network rules than cellphones on the network.
T-mobile please fix your business model for this new service, starting with adding the ability to request zero network filtering for home internet subscribers and the ability to get IPv6 prefix delegated.
Would be really great if you post this over in the Reddit r/tmobileisp forum. Lots of people there working on the same issue, appears to be their use of CG-NAT. Agree?
I’m a bit late to the party here, but have you tried using a VPN that doesn’t require port forwarding?
I’ve been using Twingate for remote access to my plex media server and it’s working well with my T Mobile home internet. I’d give it a shot because it took me ~25 minutes to setup and it’s free.
Great report. Does this issue prevent the ability to remotely access Wyze cameras, ring alarm system, Ooma phone and video doorbells. Thanks
I see this post is 2 years old, so I’m not sure what/if anything has changed between then and now because I just recently swapped to T-Mobile’s 5G Home Internet in the last couple months
...I ended up finding this thread while doing some google searches, in effort to troubleshoot ipv6 configuration with t-mobile… Anyways I digress lol.
For me personally - I don’t have any trouble accessing my wyze cams remotely, however I have noticed that sometimes they’ll be offline briefly when I go to check them - which is something I don’t think I’ve noticed with spectrum.
IDK about that angle of them not having/not able to use IPV4.
A Basic dig on their ASN's shows they have a crap ton of IPV4 registered. Over 12 million on just ONE of their USA ID's (AS21928). Granted, some (like AS393494, that appears to be tied to TVision) only have 60-70k... but who is to say how much is actively in use, and how much could be repurposed?
But they DO in fact have and use IPv4. The question is why is it not implemented for home internet instead of the screwy XLAT464 crap.
Someone feel free to correct me if I’m wrong, but I’d assume those are reserved for their Business customers?
install tailscale on any 2 devices in your home network. preferably one device being static (desktop, raspberry pi) while the other is mobile (laptop, phone)
you will be able to reach the entire network that way, albeit with reduced performance since tailscale punches a hole via udp and using intermediary servers to get out of the tmobile jail
2 years later and they still haven’t fixed it. Dump T-Mobile. It’s useless trash.
T-Mobile come on its been months now. Why do we still not have basic things like prefix delegation and inbound ipv6. This would let us use a real router with things like a guest network, and fix a lot of online gaming and vpn issues.
IKR... QoS has been slowly improving in our market, which has kept me subscribing. Even when signal dips as bad as -96db, been able to still get around 60 down, 10 up--sometimes even better (easily breaks 100/30 when signal is strong and not a lot of congestion).
It is proving itself to be a viable alternative to $pectrum here for smaller households that don't need a lot of bandwidth. Some neighborhoods here still get capped at 100 mbps instead of their "national" standard of 200--but the base price is still $75/ month. Yes, you may qualify for a $25 promo discount for 12 months your FiRST year, but after that you have to haggle annually, and each time the discount gets smaller.
But when it comes to things like remote access to media servers, cameras, or even something as basic/common as multiplayer gaming... the "filtering" or whatever is at play IS going to be a problem for many households.
Fortunately for TMO, I have gotten back into online RPG again which consumes most of my gaming time these days, so I am sticking with TMO a bit longer since I am not reliant on P2P and such to play.
But when the day comes that I go back to console games that will require port forwarding for party forming... this WILL push me off their network if they don't find a way to fix it.
My background is in IT / networking and I started using Tmo Home Internet for the past 2 weeks. The router being shipped today to customers is missing very important features for power users - it actually broke my ability to remotely access my home via direct-connection using public IPv6 and IPv4 that I used on comcast.
Contacting support for help is pretty much useless, although I have raised a few tickets regarding the major issues affecting me since switching ISPs, namely:
Unable to ping my IPv6 WAN address given by T-mobile (to remotely monitor my internet connection)
Unable to remotely access my home via my VPN server which listens to connections on the WAN IPv6 address (again, T-mobile is filtering ALL my incoming traffic - comcast, att fiber, other major players in the market don’t do this filtering to endpoints except for spam port 25)
Connecting to a VPN server hosted on the internet is unreliable and unstable.
T-mobile does not offer IPv6 Prefix Delegation (comcast has it, att fiber does too)
I’ve spent the majority of my time trying to figure out ways to make this work. Most folks out there are blaming the Nokia router firmware which is really locked down by T-mobile, so being the IT engineer I pretend to be I purchased a Netgear LAX20 which is T-mobile and AT&T certified - I swapped SIMs for my Home internet service and tested both.
Even with a router that I fully control, with firewall disabled and allowing WAN icmp/ping responses T-mobile seems to continue to filter traffic (even pings!) incoming towards my service equipment… to make a fair comparison I got an AT&T SIM card and repeated the tests. On AT&T I can ping and access my device remotely when it is on the AT&T LTE network on the same Netgear LAX20.
Decided to post here to vent and share some findings, as this is somewhat frustrating that other LTE carriers that do not offer ‘home internet’ service do allow you to control and manage your network as you see fit while the new “home internet” service does not give you any control at all. Those users who wish to be able to remotely manage their smart home should perhaps stay away for now until T-mobile decides to do the right thing which is for “home internet” service subscribers to have different security network rules than cellphones on the network.
T-mobile please fix your business model for this new service, starting with adding the ability to request zero network filtering for home internet subscribers and the ability to get IPv6 prefix delegated.
With the LAX20 did you try fast.t-mobile.com APN? I’m thinking it’s the fbb.home APN.
Thx
This post I found seems related and comments have been disabled. (link below) I have had my gateway for three days now and just attempting the gateway settings and noticed port forwarding is missing. It looks like this has been an issue for some time and there are no plans to address it. So we were sold home internet, but got a wifi hotspot. I am sad that my only option now is to return the unit to T-Mobile and pay triple what T-Mobile was offering to get the same speeds with Cox. :-(
T-Mobile is an IPv6 network. Port forwarding is for ipv4 networks. So, its unlikely you will ever have port forwarding. For ipv6, right now T-Mobile blocks all unsolicited inbound traffic. This may be a global network configuration or it may be on the gateway. At any rate, there is no inbound traffic allowed at this time. If you need a work around, you can connect up your own router to the gateway and use a VPN service for about $5.00 a month.
What a dumpster fire. No Ipv6 or Ipv4. Might as well call this one way internet. This breaks multiple internet standards and expectations for an internet provider. Ipv4 is still crucial in 2021. Borking Ipv6 is not acceptable.
Well, I don’t know about internet standards and expectations for iPv4 since we have been out of ipv4 address for years now. Due to this fact, T-Mobile made the smart decision to switch to IPv6 several years ago. After all, with no more ipv4 addresses available, what choice did they have? At any rate, the lack of ipv4 isn’t really the problem. The problem is not being able to manage inbound traffic under IPv6. If that is a problem for you, there are work arounds until T-Mobile allows this functionality on TMHI. Another option is to use Calyx. Calyx uses the T-Mobile network and the T-Mobile MiFi M2000 and it allows inbound IPv6 traffic.
I don’t want a wifi hotspot I need “home internet” as this is sold. There is no real solution, only finnicky hacky workarounds such as VPN. Tmobile could have used Ipv4 if they wanted that is not even a question. Not supporting ipv4 breaks many critical components of the internet.
I don’t want a wifi hotspot I need “home internet” as this is sold. There is no real solution, only finnicky hacky workarounds such as VPN. Tmobile could have used Ipv4 if they wanted that is not even a question. Not supporting ipv4 breaks many critical components of the internet.
I’m not how you know Tmobile could have used ipv4. T-Mobile stopped using ipv4 on its network years ago. Spending the time and money to bring ipv4 back just for home internet customers probably didn’t make sense. Also, since the global internet is out of ipv4 addresses, I’m not sure where you think T-Mobile will be getting these ipv4 addresses to hand out to each customer. IPv4 still works with T-Moblie. It just cannot be used for inbound traffic.
You can still buy/rent IPV4 space. If Tmobile has that defeatist attitude this service wont sell well….
IDK about that angle of them not having/not able to use IPV4.
A Basic dig on their ASN's shows they have a crap ton of IPV4 registered. Over 12 million on just ONE of their USA ID's (AS21928). Granted, some (like AS393494, that appears to be tied to TVision) only have 60-70k... but who is to say how much is actively in use, and how much could be repurposed?
But they DO in fact have and use IPv4. The question is why is it not implemented for home internet instead of the screwy XLAT464 crap.
Who knows why they still own these subnets. Owning them, however, doesn’t mean T-Mobile isn’t an IPv6 network. Indeed they are. They completed the transition years ago. XLAT464 is of course used for compatibility with IPv4. Some of these IP’s are needed for that. At any rate, let's just say they would make the decision to switch back to IPv4, these block’s of IP’s wouldn’t come close to the number of IP’s needed to support IPv4 for all the devices on their network. And the problem only gets worse as their network grows.
Well that's tough cookies cuz that is what it's like to be a home internet provider in 2021. I wish I had somone who would come up with excuses for me everytime I mad poor choices at work.
T-Mobile does not work with most set top boxes or streaming internet devices, it does not work for most gaming sites via pc or console most of the time. It’s fast for uploads and downloads on sites that are compatible with it. I wish they would fix it to be a general purpose internet but I have no idea who to contact to get anything done.
I have spoken to the advanced tech support people and they say limitations of the network mean it won’t really work as general purpose home internet unless major changes are made to the T-Mobile network itself on their end, and that they have no plans to do it in the near future.
What set top boxes or streaming devices are you using? It works fine with my Roku, Apple TV, Fire Stick, Sony and Samsung TV’s.
The lack of port forwarding was an issue for me. But it was easily solvable with a $5 month VPN subscription. I don’t mind paying that since I am saving $60 a month over Comcast with much better speed and no data caps.
@Locutus
Not sure you caught all that was posted in there.
I ran a generic search on a specific name (T-Mobile USA), which returned like a dozen unique ASN's.
That in no way encompasses the entirety of their organization's provisioned addresses.
Remember, they also just picked up all those Sprint assets as well, which also has over a dozen ASN's provisioned.
Just ONE ASN had over 12million v4 IP's reserved…
...as in provisioned for their exclusive use.
How many are actively in use, and how many could be repurposed is an important question.
For example, what if they flipped the script on fully functional cell over to home internet provisioning? Put all the cell/hotspots into the new funky and restrictive XLAT/CGN layer, and give all the vacated fully functional IP's to home internet.
Think about this for a moment…
Why is it sooo important to reserve all that super high speed bandwidth and port traversal capability for those mobile devices, as opposed to the home internet users? What is the rational for prioritizing north of 100-200mbps down and 20mbps up as well as a properly functioning network model for mostly single user device cell usage while denying such important things to HOME NETWORKS?
They very well COULD have set this up properly…
...but for whatever reason, they CHOSE to set it up this way.
They didn't HAVE too.
@Locutus
Not sure you caught all that was posted in there.
I ran a generic search on a specific name (T-Mobile USA), which returned like a dozen unique ASN's.
That why no way encompasses the entirety of their organization's provisioned addresses.
Remember, they also just picked up all those Sprint assets as well, which also has over a dozen ASN's provisioned.
Just ONE ASN had over 12million v4 IP's reserved…
...as in provisioned for their exclusive use.
How many are actively in use, and how many could be repurposed is an important question.
For example, what if they flipped the scriotnonncell and home internet provisioning? Put all the cell/hotspots into the funky XLAT/CGN layer, and give all the vacated IP's to home internet.
Think about this for a moment…
Why is it sooo important to reserve all that super high speed bandwidth and port traversal capability for those mobile devices, as opposed to the home internet users? What is the rational for prioritizing north of 100-200mbps down and 20mbps up as well as a properly functioning network model for mostly single user device cell usage while denying such important things to a home NETWORK.
They very well COULD have set this up properly…
...but for whatever reason, they CHOSE to set it up this way.
They didn't HAVE too.
But they DO have to. They all HAVE to. T-Mobile put the money and time into switching to IPv6 long before they rolled out home internet. They didn’t do it just for fun. After doing so, when it came to home internet, I imagine their thoughts were: Everyone has to switch to IPv6. We are already where we need to be. Why do we want to roll back to IPv4 while our competitors.are still trying to switch their networks over to IPv6. In my opinion, the fact T-Mobile was able to switch IPv6 earlier than most, shows them as a leader. Since they have, most of my traffic is IPv6. And, like I said, please excuse me if I am assuming here, I don’t think your complaint is about IPv6. Your complaint is about not having inbound connectivity. And I agree with that complaint. But that is a different issue IPv6 or not.
Just got home and pulled up the ASN info on my TMO HI.
It is the AS21928 ID I looked at earlier from work…
... the one with 12, 671, 488 v4 IP's assigned.
This particular 172.58.0.0/21 subnet has been reserved/announced since 2016 (was 172.58.0.0/15 for about 10 months beforehand).
So no... they didn't exactly become a V6 only network.
They have been maintaining active v4 IP's for quite a while... this particular subnet since 20160825. The history here dates back into 2012, where it notes a different subnet described as internet backbone.
Their TRANSIT may have moved over to v6... but they have maintained their v4 assignments.
And yes, the gripe includes the inbound traffic.. but there is more to it.
The geo data assigned to my v4 addresses put me out of state... which monkeys up functionality for some services (sometimes Charlotte, other times Atlanta--I live in Florence, SC). It is also monkeying with game traffic as well.
People have posted here those problems go away when going through their phones and/or hotspots.
In other words... the v4 subnets the "normal" cell devices are using have more proper functionality.
So again... they are perfectly CAPABLE of a better dual-stack implementation... but CHOSE otherwise.
Just got home and pulled up the ASN info on my TMO HI.
It is the AS21928 ID I looked at earlier from work…
... the one with 12, 671, 488 v4 IP's assigned.
This particular 172.58.0.0/21 subnet has been reserved/announced since 2016 (was 172.58.0.0/15 for about 10 months beforehand).
So no... they didn't exactly become a V6 only network.
They have been maintaining active v4 IP's for quite a while... this particular subnet since 20160825. The history here dates back into 2012, where it notes a different subnet described as internet backbone.
Their TRANSIT may have moved over to v6... but they have maintained their v4 assignments.
And yes, the gripe includes the inbound traffic.. but there is more to it.
The geo data assigned to my v4 addresses put me out of state... which monkeys up functionality for some services (sometimes Charlotte, other times Atlanta--I live in Florence, SC). It is also monkeying with game traffic as well.
People have posted here those problems go away when going through their phones and/or hotspots.
In other words... the v4 subnets the "normal" cell devices are using have more proper functionality.
So again... they are perfectly CAPABLE of a better dual-stack implementation... but CHOSE otherwise.
I have had the same issue with the geolocation. But, mine occurred on both ipv4 and ipv6. And, it also occurred on my phone when its not connected to TMHI. I called the number listed on the trashcan’s web interface and they fixed the problem for me on home internet . I’m still a little off. But it close enough now.
I agree their dual stack deployment could have been better and probably will get better. Its likely still a work in progress. Its also interesting DNS64 is used on the phone network while it isn’t on home internet. I’m curious why thats different.
As far as inbound connectivity, hopefully thats coming. I do not believe it is disallowed globally as others have said since Calyx customers on the MiFi are able to enable inbound IPv6 traffic, Unfortunately, it doesn’t look like you can manage the traffic by port or address which is a security issue. As such, if inbound traffic is ever allowed, I will probably always keep a personal router between the trashcan and my network.
I just want to use IPv6 passthrough (bridge mode) so I can connect my external router. I don’t need port forwarding or inbound access. I called before ordering the service and they told me this was possible — but I guess they lied.
Front-line support are mostly useless and don’t even know about double-NAT and why it is a problem for VOIP and many other apps.
Does T-Mobile have any real network engineers? It seems like the people on this forum are better qualified.
I just want to use IPv6 passthrough (bridge mode) so I can connect my external router. I don’t need port forwarding or inbound access. I called before ordering the service and they told me this was possible — but I guess they lied.
Front-line support are mostly useless and don’t even know about double-NAT and why it is a problem for VOIP and many other apps.
Does T-Mobile have any real network engineers? It seems like the people on this forum are better qualified.
IPv6 passthrough with your router should be working. It does for me. But, that’s a function of your router. If its not working, the issue is on the inside of your network. Its not with the gateway. But, if your VOIP service doesn’t support IPv6, using passthrough won’t help. Also, I don’t have an issues with VOIP services. In the past, I have heard of others having issues. But, I do not.