Question

Unable to use T-Mobile Home Internet with work VPN, any suggestions?

A
Userlevel 2
Badge

I’ve recently been told by work Information Services that I cannot use my work laptop with T-Mobile Home Internet.   Here is there response to my support request.

 

T-Mobile's primary service called "5G Broadband" is not true wire-to-site broadband.  While Cisco AnyConnect can work over 5G and other wireless connections, MTS does not recommend its usage unless absolutely necessary, and if you utilize a phone line such as Cisco Jabber call quality cannot be guaranteed.

The issue is that while 5G can provide broadband level speeds and bandwidth wireless solutions, such as 5G, have a higher tolerance for "packet loss."  Packet loss is when individual pieces of data are dropped/lost during transmission.  For most applications this is a minimal issue that 5G speeds may render unnoticeable, but a live connection, such as the AnyConnect VPN or Voice Over IP phone services, will experience connection degradation or be completely disconnected forcing you to reconnect.

This is not an issue MTS can mitigate.  For this reason the only recommended Internet service types are fully wired based connections including DSL, Broadband, Cable, and Fiber Optic services.

 

Does anyone have a suggestion on a way to work around this issue?  It does not need to be perfect, but being able to work from home is essential, and if I can’t use TMHI to do that… it would be a deal-breaker for me.

117 replies

S

Sorry. I knew that was going to sound funky. Basically a refresh on your line, port, whatever it is that makes your line "your" line. I'm not hip on the IT lingo. I'm old school POTS guy. LOL.

I’m an old school POTS guy turned digital. I do it all.

I need to call them anyway to waive activation fees of their modems that don’t even work and lines I cancelled but got charged for anyway.

I figured a few calls would probably get things working again. But I have to ask myself, at what cost of my time?

R

I just spoke with Louis at support - there seems to have been an update pushed out on 2/27/2024 (he couldn’t confirm), and all I had to do is reset my modem/router and I am able to use my VPN again. I have AT&T Global Network Client VPN and the Sagemcom model modem/router.

Hopefully this saves others some agravation.

R

I’m happy to report that all is good now.  I only wish T had sent a blanket email out the very minute they fixed it instead of letting us have to figure it all out for ourselves. It would have saved a lot of aggravation.

Carry on. LOL.

S

I’m happy to report that all is good now.  I only wish T had sent a blanket email out the very minute they fixed it instead of letting us have to figure it all out for ourselves. It would have saved a lot of aggravation.

Carry on. LOL.

I still haven’t had time to call them. Hopeing for good things

 

I just spoke with Louis at support - there seems to have been an update pushed out on 2/27/2024 (he couldn’t confirm), and all I had to do is reset my modem/router and I am able to use my VPN again. I have AT&T Global Network Client VPN and the Sagemcom model modem/router.

Hopefully this saves others some agravation.

One of my problems isn’t device specific. With the SIM in other modems and phones one of the lines is still throttled to 0.01mbps both up and down.

I’ll report back when I finally do have time to call.

S

I’m happy to report that all is good now.  I only wish T had sent a blanket email out the very minute they fixed it instead of letting us have to figure it all out for ourselves. It would have saved a lot of aggravation.

Carry on. LOL.

I still haven’t had time to call them. Hopeing for good things

 

I just spoke with Louis at support - there seems to have been an update pushed out on 2/27/2024 (he couldn’t confirm), and all I had to do is reset my modem/router and I am able to use my VPN again. I have AT&T Global Network Client VPN and the Sagemcom model modem/router.

Hopefully this saves others some agravation.

One of my problems isn’t device specific. With the SIM in other modems and phones one of the lines is still throttled to 0.01mbps both up and down.

I’ll report back when I finally do have time to call.

 

TLDR; The guy that actually knew his stuff said there are know issues with specifically the Sagemcom unit and VPN usage. I still have yet to test his theory, but how others here have mentioned adding a double NAT router or changing your devices MTU make sense. So this seems to be isolated to the Sagemcom unit. You should be able to go to any store and request a newer (Nokia) or older unit, both other which do not have issues with VPN. You will be charged an activation when switching units, but should have luck calling into support for a credit. Note billing issues cannot be handled in the store and only over the phone or internet with overseas support.

 

 

15 minutes in, I’m on my 6th transfer to the same department that can’t handle business accounts.

 

So that’s 10 minutes listening to pop music on full blast.

 

7th transfer, got an English speaking rep in NC. But he can’t help with business either. Told me the online account side of things for business had been royally messed up and they don’t even have the resources to know how to contact the business center. I could tell he was really trying and did give me some useful information as to the numbers of the different lines, and what actually happened here.

 

So here’s what happened:

I have had a business account with T-Mobile for a long time. I had many lines on this account, all with the same exact service.

When I get the home internet units on this fully unlimited plan, I remove the SIM cards and use them in enterprise cellular modems (the ones used in military and law enforcement applications). They are used as a redundancy to VPN tunnels for voice and point of sale applications.

 

Whoever added the last line selected a different 100GB capped service - so that’s one issue solved.

 

Then he indicated there are issues with VPN and specifically the Sagemcom unit.

 

He warm transferred me to business billing. They then proceeded to give me access to an online business account as a master admin that wasn’t even my company. LOL

 

TLDR because I’m tired of typing, what a joke, but after a hilarious and painful 90+ minute phone call, I myself was able to get things sorted out for T-Mobile.

S

I’m happy to report that all is good now.  I only wish T had sent a blanket email out the very minute they fixed it instead of letting us have to figure it all out for ourselves. It would have saved a lot of aggravation.

Carry on. LOL.

I still haven’t had time to call them. Hopeing for good things

 

I just spoke with Louis at support - there seems to have been an update pushed out on 2/27/2024 (he couldn’t confirm), and all I had to do is reset my modem/router and I am able to use my VPN again. I have AT&T Global Network Client VPN and the Sagemcom model modem/router.

Hopefully this saves others some agravation.

One of my problems isn’t device specific. With the SIM in other modems and phones one of the lines is still throttled to 0.01mbps both up and down.

I’ll report back when I finally do have time to call.

 

TLDR; The guy that actually knew his stuff said there are know issues with specifically the Sagemcom unit and VPN usage. I still have yet to test his theory, but how others here have mentioned adding a double NAT router or changing your devices MTU make sense. So this seems to be isolated to the Sagemcom unit. You should be able to go to any store and request a newer (Nokia) or older unit, both other which do not have issues with VPN. You will be charged an activation when switching units, but should have luck calling into support for a credit. Note billing issues cannot be handled in the store and only over the phone or internet with overseas support.

 

 

15 minutes in, I’m on my 6th transfer to the same department that can’t handle business accounts.

 

So that’s 10 minutes listening to pop music on full blast.

 

7th transfer, got an English speaking rep in NC. But he can’t help with business either. Told me the online account side of things for business had been royally messed up and they don’t even have the resources to know how to contact the business center. I could tell he was really trying and did give me some useful information as to the numbers of the different lines, and what actually happened here.

 

So here’s what happened:

I have had a business account with T-Mobile for a long time. I had many lines on this account, all with the same exact service.

When I get the home internet units on this fully unlimited plan, I remove the SIM cards and use them in enterprise cellular modems (the ones used in military and law enforcement applications). They are used as a redundancy to VPN tunnels for voice and point of sale applications.

 

Whoever added the last line selected a different 100GB capped service - so that’s one issue solved.

 

Then he indicated there are issues with VPN and specifically the Sagemcom unit.

 

He warm transferred me to business billing. They then proceeded to give me access to an online business account as a master admin that wasn’t even my company. LOL

 

TLDR because I’m tired of typing, what a joke, but after a hilarious and painful 90+ minute phone call, I myself was able to get things sorted out for T-Mobile.

Also, I was able to finesse a nice $130 credit. I figured that was fair for the time I have wasted with them on the phone.

P

Hello - First, thank you to all who have posted and tried to resolve this.  I am happy to say that changing to the TMO-G4SE 5G Gateway Wht Kit resolved my issues entirely. 

C
Badge

I got the the white device, the 

https://www.t-mobile.com/support/home-internet/5g-gateway-g4ar

That didn’t solve my VPN Issue. My work uses Cisco-Meraki

Any ideas?

 

D

I changed the MTU on my company laptop and it works fine now. Make sure it’s lower than 1350.

J

I had an issue with constant disconnects from my personal VPN using IKEv2 with the Sagemcom 5688. If I were downloading a large file, the connection would invariably freeze right around the 250MB point. If I attempted to run a speed test, the download would work but I’d immediately get a “socket error” when the upload test tried to start.

It took a lot of time and research to find a workaround, but it can be done by using PowerShell to set the “PfsGroup” parameter to “none” as described here:

https://learn.microsoft.com/en-us/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=windowsserver2022-ps

It’s not a task for amateurs but if you know what you’re doing and are experiencing the same issues, it absolutely works.

K

My company uses Cisco AnyConnect VPN. I’ve been having all the same issues mentioned in this thread and gone down the IT rabbit hole trying to remedy this issue. Finally found a knowledgeable T-Mobile technician that explained if personal or work VPN or systems are operating on IPv4 then you need to go into your T-Mobile home internet app > select network > click “+” to add network > name network > create password > select 2.4 GHz band > select WPA/WPA2 > WPA “TKIP & AES” > then save the new network and connect. Worked out my VPN issues and my security cameras are working now.  
 

this helped my issue! Plus I swapped out my box  

 

J

I had an issue with constant disconnects from my personal VPN using IKEv2 with the Sagemcom 5688. If I were downloading a large file, the connection would invariably freeze right around the 250MB point. If I attempted to run a speed test, the download would work but I’d immediately get a “socket error” when the upload test tried to start.

It took a lot of time and research to find a workaround, but it can be done by using PowerShell to set the “PfsGroup” parameter to “none” as described here:

https://learn.microsoft.com/en-us/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=windowsserver2022-ps

It’s not a task for amateurs but if you know what you’re doing and are experiencing the same issues, it absolutely works.

I thought I’d give a bit more information about my previous post. Let me mention a couple of DONT’S first though.

  1. Don’t try this on your work VPN without discussing it with your IT administrator first. The settings may not be compatible with the protocols used by your company.
  2. This command worked with Nord VPN, I’m not sure if it will work with others as each VPN has different encryption algorithms. If you do try it with another provider and it doesn’t work, you can always delete the IKEv2 adapter and recreate it using the instructions on Nord’s “How to manually set up an IKEv2 connection in Windows”.
  3. To make sure you are having the same issues that I had before running the command, go to a site like https://www.buildsometech.com/download-test-files/ , scroll down the page a bit and attempt to download the 1GB test file. If the download fails (freezes) after only downloading 250MB, then this should work for you.
  4. If the connection does freeze, disconnect from the IKEv2 VPN, open a command prompt (as administrator) and enter the following commands:
  5. ipconfig /release
  6. ipconfig /renew      (these commands will unfreeze your interconnection and you should be able to browse the web again. Don’t try to reconnect to the VPN until you complete the rest of the steps.

Having said that, let’s say that your IKEv2 connection’s server address is “us8200.nordvpn.com”.

Open PowerShell by right-clicking it and select “Run as Administrator” (you’ll find it at the bottom of the programs in the Start Menu by scrolling all the way to the bottom).

After you change the server address from “us8200.nordvpn.com” in this command with the server that you are actually using (it’s easiest to copy/paste this command into notepad and make that edit there), copy the entire command, paste it into PowerShell, and hit “enter”. You want to do this while you’re not connected to the VPN.

Set-VpnConnectionIPsecConfiguration -ConnectionName "us8200.nordvpn.com" -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES256 -DHGroup ECP384 -EncryptionMethod GCMAES256 -IntegrityCheckMethod SHA384 -PfsGroup None -PassThru -Force

(note: this is similar to the command that fixes the “Policy Mismatch Error” that can some of you may have had to run when initially setting up your connection, but the parameters are different so don’t give up on trying this if you’ve done that before and suspect that this one won’t fix the problem.)

The command should run without errors, and should show that you’ve changed the IPSEC/IKEv2 parameters.

Again, remember to change the server name to the one you already have setup.

If the command completes succsessfully, connect to the VPN server that you updated (a reboot is not necessary), and attempt to download the 1GB file again. It should download successfully, and you should no longer have problems with the connection “freezing” after a period of time.

I hope this is helpful for a few people. I’ve had no problems staying connected for a week now using this method.

Best Regards,

Johnny

 

 

F

I was so happy to be able to ditch Xfinity but now I am recognizing I made a horrible mistake switching to TMobile. If only the sales rep would've saved me some time to let me know I wouldn't be able to work from home using T-Mobile because I require a VPN. That would've been honest business. Instead I have wasted hours this week. 

Thankfully, my chat with T-Mobile tech support this morning resulted in them telling me that if my VPN is an IP6TMobile is only IP4 therefore "TMobile may not be a good fit for me."

 

The rep also said she would flag my account with the note that there was nothing wrong with their devices that it was all on my end. Noice.

 

I tried this afternoon to shut off my VPN and it took a while, but my Teams' meetings video and audio significantly improved. But there's no way I can work without using my VPN because I won't have access to any of my work files. I can't try the other fixes here because I do not have the ability to use a command line on my work laptop for security purposes. 
 

So I just want to thank all the contributors to this thread who have validated that TMobile does not want work from home customers. I will be telling all of my colleagues the truth, since they were like me very intrigued about switching to TMobile and getting the heck away from Xfinity but now it looks like we're stuck and I have to go crawling back to Xfinity or hope and pray something improves on my Internet connection in the next 48 hours.

S

I’ve recently been told by work Information Services that I cannot use my work laptop with T-Mobile Home Internet.   Here is there response to my support request.

 

T-Mobile's primary service called "5G Broadband" is not true wire-to-site broadband.  While Cisco AnyConnect can work over 5G and other wireless connections, MTS does not recommend its usage unless absolutely necessary, and if you utilize a phone line such as Cisco Jabber call quality cannot be guaranteed.

The issue is that while 5G can provide broadband level speeds and bandwidth wireless solutions, such as 5G, have a higher tolerance for "packet loss."  Packet loss is when individual pieces of data are dropped/lost during transmission.  For most applications this is a minimal issue that 5G speeds may render unnoticeable, but a live connection, such as the AnyConnect VPN or Voice Over IP phone services, will experience connection degradation or be completely disconnected forcing you to reconnect.

This is not an issue MTS can mitigate.  For this reason the only recommended Internet service types are fully wired based connections including DSL, Broadband, Cable, and Fiber Optic services.

 

Does anyone have a suggestion on a way to work around this issue?  It does not need to be perfect, but being able to work from home is essential, and if I can’t use TMHI to do that… it would be a deal-breaker for me.

This is what chat gpt told me: 

Yes, if your router doesn't support IPv6 transition mechanisms like NAT64 or DNS64, you can use software solutions on your computer to achieve IPv6-to-IPv4 communication. One popular option is to use a Teredo tunneling software.

Teredo is a transition technology that allows IPv6 connectivity to IPv4 hosts by encapsulating IPv6 packets within IPv4 packets. This allows IPv6 traffic to traverse IPv4 networks seamlessly. There are various Teredo tunneling software available for different operating systems. Some examples include:

1. **Miredo**: Miredo is an open-source Teredo tunneling software available for Linux, BSD, and macOS. It provides IPv6 connectivity to IPv4-only networks by encapsulating IPv6 packets in UDP/IPv4 datagrams.

2. **Microsoft Teredo**: Microsoft includes Teredo support in Windows operating systems. It's enabled by default in recent versions of Windows, allowing IPv6 connectivity over IPv4 networks. You can check if Teredo is enabled on your Windows system by running the command `netsh interface teredo show state` in Command Prompt.

3. **Teredo Tunneling Client**: There are also standalone Teredo tunneling clients available for Windows that provide similar functionality to Microsoft's built-in Teredo support. These clients may offer additional features and configuration options.

By using Teredo tunneling software on your computer, you can enable IPv6 connectivity even if your router doesn't support IPv6 transition mechanisms directly. Keep in mind that while Teredo can provide IPv6 connectivity, it may introduce additional latency and overhead compared to native IPv6 connectivity.

 

 

That's the solution, the problem is the gateway tmhi uses only users ipv6 a 128 bit compared to ipv4s 32 bit . Anyways you can use this fact to ask some questions and find other possible workaround or solutions to this issue

S

Basically the T-Mobile router doesn't offer NAT or DNS64 so the information sent to the networks are talking 2 different languages, my best guess is the workaround will be a router with those capabilities connected to your gateway or some sort of software for on Device based translations of the address.  Good luck let me know what you do as I'm not really a tech guy yet just learning 

H

My company uses Cisco AnyConnect VPN. I’ve been having all the same issues mentioned in this thread and gone down the IT rabbit hole trying to remedy this issue. Finally found a knowledgeable T-Mobile technician that explained if personal or work VPN or systems are operating on IPv4 then you need to go into your T-Mobile home internet app > select network > click “+” to add network > name network > create password > select 2.4 GHz band > select WPA/WPA2 > WPA “TKIP & AES” > then save the new network and connect. Worked out my VPN issues and my security cameras are working now.  

THANK YOU!!! My company uses the same VPN and it worked perfectly until Monday, 1/22, probably the same change you experienced. I followed your guidance and it works perfectly. I’m back to the same full speed I had previously, maybe even faster, and now I have a second home network dedicated to work from home. 

I also tried this and it worked for 24 hours and stopped working after that. My work’s IT department got me working, though. What was happening was that the vpn (when you log into AnyConnect you have to specify a vpn - something like vpn.mycompany.com) was routing me through our data center that was on the other end of the country. When they gave me a different vpn (vpn.mycompany-15.com) that was going through my local data center, then it worked! I don’t know why this was an issue just for Tmobile internet and not for my previous ISP, but I am seeing no further issues now. 

P

Is there a fix yet for this? I don’t really want to have to switch to another provider happy with tmobile but if my wife can’t work from home then it’s not to beneficial!

Reply


New badge winners

Show all badges
Terms & Conditions