Home internet service IPv6 traffic is all filtered even when using a Netgear LTE router. No port forwarding. Plz fix!

  • 22 January 2021
  • 57 replies
  • 21098 views

Userlevel 4
Badge

My background is in IT / networking and I started using Tmo Home Internet for the past 2 weeks. The router being shipped today to customers is missing very important features for power users - it actually broke my ability to remotely access my home via direct-connection using public IPv6 and IPv4 that I used on comcast. 

Contacting support for help is pretty much useless, although I have raised a few tickets regarding the major issues affecting me since switching ISPs, namely:

  • Unable to ping my IPv6 WAN address given by T-mobile (to remotely monitor my internet connection)
  • Unable to remotely access my home via my VPN server which listens to connections on the WAN IPv6 address (again, T-mobile is filtering ALL my incoming traffic - comcast, att fiber, other major players in the market don’t do this filtering to endpoints except for spam port 25)
  • Connecting to a VPN server hosted on the internet is unreliable and unstable.
  • T-mobile does not offer IPv6 Prefix Delegation (comcast has it, att fiber does too)

I’ve spent the majority of my time trying to figure out ways to make this work. Most folks out there are blaming the Nokia router firmware which is really locked down by T-mobile, so being the IT engineer I pretend to be I purchased a Netgear LAX20 which is T-mobile and AT&T certified - I swapped SIMs for my Home internet service and tested both.

 

Even with a router that I fully control, with firewall disabled and allowing WAN icmp/ping responses T-mobile seems to continue to filter traffic (even pings!) incoming towards my service equipment… to make a fair comparison I got an AT&T SIM card and repeated the tests. On AT&T I can ping and access my device remotely when it is on the AT&T LTE network on the same Netgear LAX20. 

 

Decided to post here to vent and share some findings, as this is somewhat frustrating that other LTE carriers that do not offer ‘home internet’ service do allow you to control and manage your network as you see fit while the new “home internet” service does not give you any control at all. Those users who wish to be able to remotely manage their smart home should perhaps stay away for now until T-mobile decides to do the right thing which is for “home internet” service subscribers to have different security network rules than cellphones on the network.


T-mobile please fix your business model for this new service, starting with adding the ability to request zero network filtering for home internet subscribers and the ability to get IPv6 prefix delegated.


57 replies

Im searching for a way to setup IPv6 on my router so it runs smoothly with t-mobile's gateway. 

If you're looking for a simple way to connect remotely to your home devices, I got that working yesterday. I was using Google's Remote Desktop pre T-mobile home internet but could not get it wor

king correctly after the switch. Then tried the "Set up via SSH" option on the Crome Remote Desktop login page. Had to take the commands provided to my PC and input. Now it actually works better than before!

Badge

install tailscale on any 2 devices in your home network. preferably one device being static (desktop, raspberry pi) while the other is mobile (laptop, phone)

 

you will be able to reach the entire network that way, albeit with reduced performance since tailscale punches a hole via udp and using intermediary servers to get out of the tmobile jail

My background is in IT / networking and I started using Tmo Home Internet for the past 2 weeks. The router being shipped today to customers is missing very important features for power users - it actually broke my ability to remotely access my home via direct-connection using public IPv6 and IPv4 that I used on comcast. 

Contacting support for help is pretty much useless, although I have raised a few tickets regarding the major issues affecting me since switching ISPs, namely:

  • Unable to ping my IPv6 WAN address given by T-mobile (to remotely monitor my internet connection)
  • Unable to remotely access my home via my VPN server which listens to connections on the WAN IPv6 address (again, T-mobile is filtering ALL my incoming traffic - comcast, att fiber, other major players in the market don’t do this filtering to endpoints except for spam port 25)
  • Connecting to a VPN server hosted on the internet is unreliable and unstable.
  • T-mobile does not offer IPv6 Prefix Delegation (comcast has it, att fiber does too)

I’ve spent the majority of my time trying to figure out ways to make this work. Most folks out there are blaming the Nokia router firmware which is really locked down by T-mobile, so being the IT engineer I pretend to be I purchased a Netgear LAX20 which is T-mobile and AT&T certified - I swapped SIMs for my Home internet service and tested both.

 

Even with a router that I fully control, with firewall disabled and allowing WAN icmp/ping responses T-mobile seems to continue to filter traffic (even pings!) incoming towards my service equipment… to make a fair comparison I got an AT&T SIM card and repeated the tests. On AT&T I can ping and access my device remotely when it is on the AT&T LTE network on the same Netgear LAX20. 

 

Decided to post here to vent and share some findings, as this is somewhat frustrating that other LTE carriers that do not offer ‘home internet’ service do allow you to control and manage your network as you see fit while the new “home internet” service does not give you any control at all. Those users who wish to be able to remotely manage their smart home should perhaps stay away for now until T-mobile decides to do the right thing which is for “home internet” service subscribers to have different security network rules than cellphones on the network.


T-mobile please fix your business model for this new service, starting with adding the ability to request zero network filtering for home internet subscribers and the ability to get IPv6 prefix delegated.

Would be really great if you post this over in the Reddit r/tmobileisp forum.  Lots of people there working on the same issue, appears to be their use of CG-NAT.  Agree?

I’m a bit late to the party here, but have you tried using a VPN that doesn’t require port forwarding? 
 

I’ve been using Twingate for remote access to my plex media server and it’s working well with my T Mobile home internet. I’d give it a shot because it took me ~25 minutes to setup and it’s free.

EVERYONE is missing the point. Tmobile does NOT WANT END USERS TO HAVE THE CONTROL AT ALL. If they did, they’d have worked it in.

Great report. Does this issue prevent the ability to remotely access Wyze cameras, ring alarm system, Ooma phone and video doorbells.  Thanks

I see this post is 2 years old, so I’m not sure what/if anything has changed between then and now because I just recently swapped to T-Mobile’s 5G Home Internet in the last couple months

...I ended up finding this thread while doing some google searches, in effort to troubleshoot ipv6 configuration with t-mobile… Anyways I digress lol.

For me personally - I don’t have any trouble accessing my wyze cams remotely, however I have noticed that sometimes  they’ll be offline briefly when I go to check them - which is something I don’t think I’ve noticed with spectrum.  

IDK about that angle of them not having/not able to use IPV4.

A Basic dig on their ASN's shows they have a crap ton of IPV4 registered.  Over 12 million on just ONE of their USA ID's (AS21928).  Granted, some (like AS393494, that appears to be tied to TVision) only have 60-70k... but who is to say how much is actively in use, and how much could be repurposed?

But they DO in fact have and use IPv4.  The question is why is it not implemented for home internet instead of the screwy XLAT464 crap.

 

Someone feel free to correct me if I’m wrong, but I’d assume those are reserved for their Business customers?

2 years later and they still haven’t fixed it. Dump T-Mobile. It’s useless trash.

Reply