Skip to main content

I’ve recently been told by work Information Services that I cannot use my work laptop with T-Mobile Home Internet.   Here is there response to my support request.

 

T-Mobile's primary service called "5G Broadband" is not true wire-to-site broadband.  While Cisco AnyConnect can work over 5G and other wireless connections, MTS does not recommend its usage unless absolutely necessary, and if you utilize a phone line such as Cisco Jabber call quality cannot be guaranteed.

The issue is that while 5G can provide broadband level speeds and bandwidth wireless solutions, such as 5G, have a higher tolerance for "packet loss."  Packet loss is when individual pieces of data are dropped/lost during transmission.  For most applications this is a minimal issue that 5G speeds may render unnoticeable, but a live connection, such as the AnyConnect VPN or Voice Over IP phone services, will experience connection degradation or be completely disconnected forcing you to reconnect.

This is not an issue MTS can mitigate.  For this reason the only recommended Internet service types are fully wired based connections including DSL, Broadband, Cable, and Fiber Optic services.

 

Does anyone have a suggestion on a way to work around this issue?  It does not need to be perfect, but being able to work from home is essential, and if I can’t use TMHI to do that… it would be a deal-breaker for me.

Sorry. I knew that was going to sound funky. Basically a refresh on your line, port, whatever it is that makes your line "your" line. I'm not hip on the IT lingo. I'm old school POTS guy. LOL.

I’m an old school POTS guy turned digital. I do it all.

I need to call them anyway to waive activation fees of their modems that don’t even work and lines I cancelled but got charged for anyway.

I figured a few calls would probably get things working again. But I have to ask myself, at what cost of my time?


I just spoke with Louis at support - there seems to have been an update pushed out on 2/27/2024 (he couldn’t confirm), and all I had to do is reset my modem/router and I am able to use my VPN again. I have AT&T Global Network Client VPN and the Sagemcom model modem/router.

Hopefully this saves others some agravation.


I’m happy to report that all is good now.  I only wish T had sent a blanket email out the very minute they fixed it instead of letting us have to figure it all out for ourselves. It would have saved a lot of aggravation.

Carry on. LOL.


I’m happy to report that all is good now.  I only wish T had sent a blanket email out the very minute they fixed it instead of letting us have to figure it all out for ourselves. It would have saved a lot of aggravation.

Carry on. LOL.

I still haven’t had time to call them. Hopeing for good things

 

I just spoke with Louis at support - there seems to have been an update pushed out on 2/27/2024 (he couldn’t confirm), and all I had to do is reset my modem/router and I am able to use my VPN again. I have AT&T Global Network Client VPN and the Sagemcom model modem/router.

Hopefully this saves others some agravation.

One of my problems isn’t device specific. With the SIM in other modems and phones one of the lines is still throttled to 0.01mbps both up and down.

I’ll report back when I finally do have time to call.


I’m happy to report that all is good now.  I only wish T had sent a blanket email out the very minute they fixed it instead of letting us have to figure it all out for ourselves. It would have saved a lot of aggravation.

Carry on. LOL.

I still haven’t had time to call them. Hopeing for good things

 

I just spoke with Louis at support - there seems to have been an update pushed out on 2/27/2024 (he couldn’t confirm), and all I had to do is reset my modem/router and I am able to use my VPN again. I have AT&T Global Network Client VPN and the Sagemcom model modem/router.

Hopefully this saves others some agravation.

One of my problems isn’t device specific. With the SIM in other modems and phones one of the lines is still throttled to 0.01mbps both up and down.

I’ll report back when I finally do have time to call.

 

TLDR; The guy that actually knew his stuff said there are know issues with specifically the Sagemcom unit and VPN usage. I still have yet to test his theory, but how others here have mentioned adding a double NAT router or changing your devices MTU make sense. So this seems to be isolated to the Sagemcom unit. You should be able to go to any store and request a newer (Nokia) or older unit, both other which do not have issues with VPN. You will be charged an activation when switching units, but should have luck calling into support for a credit. Note billing issues cannot be handled in the store and only over the phone or internet with overseas support.

 

 

15 minutes in, I’m on my 6th transfer to the same department that can’t handle business accounts.

 

So that’s 10 minutes listening to pop music on full blast.

 

7th transfer, got an English speaking rep in NC. But he can’t help with business either. Told me the online account side of things for business had been royally messed up and they don’t even have the resources to know how to contact the business center. I could tell he was really trying and did give me some useful information as to the numbers of the different lines, and what actually happened here.

 

So here’s what happened:

I have had a business account with T-Mobile for a long time. I had many lines on this account, all with the same exact service.

When I get the home internet units on this fully unlimited plan, I remove the SIM cards and use them in enterprise cellular modems (the ones used in military and law enforcement applications). They are used as a redundancy to VPN tunnels for voice and point of sale applications.

 

Whoever added the last line selected a different 100GB capped service - so that’s one issue solved.

 

Then he indicated there are issues with VPN and specifically the Sagemcom unit.

 

He warm transferred me to business billing. They then proceeded to give me access to an online business account as a master admin that wasn’t even my company. LOL

 

TLDR because I’m tired of typing, what a joke, but after a hilarious and painful 90+ minute phone call, I myself was able to get things sorted out for T-Mobile.


I’m happy to report that all is good now.  I only wish T had sent a blanket email out the very minute they fixed it instead of letting us have to figure it all out for ourselves. It would have saved a lot of aggravation.

Carry on. LOL.

I still haven’t had time to call them. Hopeing for good things

 

I just spoke with Louis at support - there seems to have been an update pushed out on 2/27/2024 (he couldn’t confirm), and all I had to do is reset my modem/router and I am able to use my VPN again. I have AT&T Global Network Client VPN and the Sagemcom model modem/router.

Hopefully this saves others some agravation.

One of my problems isn’t device specific. With the SIM in other modems and phones one of the lines is still throttled to 0.01mbps both up and down.

I’ll report back when I finally do have time to call.

 

TLDR; The guy that actually knew his stuff said there are know issues with specifically the Sagemcom unit and VPN usage. I still have yet to test his theory, but how others here have mentioned adding a double NAT router or changing your devices MTU make sense. So this seems to be isolated to the Sagemcom unit. You should be able to go to any store and request a newer (Nokia) or older unit, both other which do not have issues with VPN. You will be charged an activation when switching units, but should have luck calling into support for a credit. Note billing issues cannot be handled in the store and only over the phone or internet with overseas support.

 

 

15 minutes in, I’m on my 6th transfer to the same department that can’t handle business accounts.

 

So that’s 10 minutes listening to pop music on full blast.

 

7th transfer, got an English speaking rep in NC. But he can’t help with business either. Told me the online account side of things for business had been royally messed up and they don’t even have the resources to know how to contact the business center. I could tell he was really trying and did give me some useful information as to the numbers of the different lines, and what actually happened here.

 

So here’s what happened:

I have had a business account with T-Mobile for a long time. I had many lines on this account, all with the same exact service.

When I get the home internet units on this fully unlimited plan, I remove the SIM cards and use them in enterprise cellular modems (the ones used in military and law enforcement applications). They are used as a redundancy to VPN tunnels for voice and point of sale applications.

 

Whoever added the last line selected a different 100GB capped service - so that’s one issue solved.

 

Then he indicated there are issues with VPN and specifically the Sagemcom unit.

 

He warm transferred me to business billing. They then proceeded to give me access to an online business account as a master admin that wasn’t even my company. LOL

 

TLDR because I’m tired of typing, what a joke, but after a hilarious and painful 90+ minute phone call, I myself was able to get things sorted out for T-Mobile.

Also, I was able to finesse a nice $130 credit. I figured that was fair for the time I have wasted with them on the phone.


Hello - First, thank you to all who have posted and tried to resolve this.  I am happy to say that changing to the TMO-G4SE 5G Gateway Wht Kit resolved my issues entirely. 


I got the the white device, the 

https://www.t-mobile.com/support/home-internet/5g-gateway-g4ar

That didn’t solve my VPN Issue. My work uses Cisco-Meraki

Any ideas?

 


I changed the MTU on my company laptop and it works fine now. Make sure it’s lower than 1350.


I had an issue with constant disconnects from my personal VPN using IKEv2 with the Sagemcom 5688. If I were downloading a large file, the connection would invariably freeze right around the 250MB point. If I attempted to run a speed test, the download would work but I’d immediately get a “socket error” when the upload test tried to start.

It took a lot of time and research to find a workaround, but it can be done by using PowerShell to set the “PfsGroup” parameter to “none” as described here:

https://learn.microsoft.com/en-us/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=windowsserver2022-ps

It’s not a task for amateurs but if you know what you’re doing and are experiencing the same issues, it absolutely works.


My company uses Cisco AnyConnect VPN. I’ve been having all the same issues mentioned in this thread and gone down the IT rabbit hole trying to remedy this issue. Finally found a knowledgeable T-Mobile technician that explained if personal or work VPN or systems are operating on IPv4 then you need to go into your T-Mobile home internet app > select network > click “+” to add network > name network > create password > select 2.4 GHz band > select WPA/WPA2 > WPA “TKIP & AES” > then save the new network and connect. Worked out my VPN issues and my security cameras are working now.  
 

this helped my issue! Plus I swapped out my box  

 


I had an issue with constant disconnects from my personal VPN using IKEv2 with the Sagemcom 5688. If I were downloading a large file, the connection would invariably freeze right around the 250MB point. If I attempted to run a speed test, the download would work but I’d immediately get a “socket error” when the upload test tried to start.

It took a lot of time and research to find a workaround, but it can be done by using PowerShell to set the “PfsGroup” parameter to “none” as described here:

https://learn.microsoft.com/en-us/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=windowsserver2022-ps

It’s not a task for amateurs but if you know what you’re doing and are experiencing the same issues, it absolutely works.

I thought I’d give a bit more information about my previous post. Let me mention a couple of DONT’S first though.

  1. Don’t try this on your work VPN without discussing it with your IT administrator first. The settings may not be compatible with the protocols used by your company.
  2. This command worked with Nord VPN, I’m not sure if it will work with others as each VPN has different encryption algorithms. If you do try it with another provider and it doesn’t work, you can always delete the IKEv2 adapter and recreate it using the instructions on Nord’s “How to manually set up an IKEv2 connection in Windows”.
  3. To make sure you are having the same issues that I had before running the command, go to a site like https://www.buildsometech.com/download-test-files/ , scroll down the page a bit and attempt to download the 1GB test file. If the download fails (freezes) after only downloading 250MB, then this should work for you.
  4. If the connection does freeze, disconnect from the IKEv2 VPN, open a command prompt (as administrator) and enter the following commands:
  5. ipconfig /release
  6. ipconfig /renew      (these commands will unfreeze your interconnection and you should be able to browse the web again. Don’t try to reconnect to the VPN until you complete the rest of the steps.

Having said that, let’s say that your IKEv2 connection’s server address is “us8200.nordvpn.com”.

Open PowerShell by right-clicking it and select “Run as Administrator” (you’ll find it at the bottom of the programs in the Start Menu by scrolling all the way to the bottom).

After you change the server address from “us8200.nordvpn.com” in this command with the server that you are actually using (it’s easiest to copy/paste this command into notepad and make that edit there), copy the entire command, paste it into PowerShell, and hit “enter”. You want to do this while you’re not connected to the VPN.

Set-VpnConnectionIPsecConfiguration -ConnectionName "us8200.nordvpn.com" -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES256 -DHGroup ECP384 -EncryptionMethod GCMAES256 -IntegrityCheckMethod SHA384 -PfsGroup None -PassThru -Force

(note: this is similar to the command that fixes the “Policy Mismatch Error” that can some of you may have had to run when initially setting up your connection, but the parameters are different so don’t give up on trying this if you’ve done that before and suspect that this one won’t fix the problem.)

The command should run without errors, and should show that you’ve changed the IPSEC/IKEv2 parameters.

Again, remember to change the server name to the one you already have setup.

If the command completes succsessfully, connect to the VPN server that you updated (a reboot is not necessary), and attempt to download the 1GB file again. It should download successfully, and you should no longer have problems with the connection “freezing” after a period of time.

I hope this is helpful for a few people. I’ve had no problems staying connected for a week now using this method.

Best Regards,

Johnny

 

 


I was so happy to be able to ditch Xfinity but now I am recognizing I made a horrible mistake switching to TMobile. If only the sales rep would've saved me some time to let me know I wouldn't be able to work from home using T-Mobile because I require a VPN. That would've been honest business. Instead I have wasted hours this week. 

Thankfully, my chat with T-Mobile tech support this morning resulted in them telling me that if my VPN is an IP6TMobile is only IP4 therefore "TMobile may not be a good fit for me."

 

The rep also said she would flag my account with the note that there was nothing wrong with their devices that it was all on my end. Noice.

 

I tried this afternoon to shut off my VPN and it took a while, but my Teams' meetings video and audio significantly improved. But there's no way I can work without using my VPN because I won't have access to any of my work files. I can't try the other fixes here because I do not have the ability to use a command line on my work laptop for security purposes. 
 

So I just want to thank all the contributors to this thread who have validated that TMobile does not want work from home customers. I will be telling all of my colleagues the truth, since they were like me very intrigued about switching to TMobile and getting the heck away from Xfinity but now it looks like we're stuck and I have to go crawling back to Xfinity or hope and pray something improves on my Internet connection in the next 48 hours.


I’ve recently been told by work Information Services that I cannot use my work laptop with T-Mobile Home Internet.   Here is there response to my support request.

 

T-Mobile's primary service called "5G Broadband" is not true wire-to-site broadband.  While Cisco AnyConnect can work over 5G and other wireless connections, MTS does not recommend its usage unless absolutely necessary, and if you utilize a phone line such as Cisco Jabber call quality cannot be guaranteed.

The issue is that while 5G can provide broadband level speeds and bandwidth wireless solutions, such as 5G, have a higher tolerance for "packet loss."  Packet loss is when individual pieces of data are dropped/lost during transmission.  For most applications this is a minimal issue that 5G speeds may render unnoticeable, but a live connection, such as the AnyConnect VPN or Voice Over IP phone services, will experience connection degradation or be completely disconnected forcing you to reconnect.

This is not an issue MTS can mitigate.  For this reason the only recommended Internet service types are fully wired based connections including DSL, Broadband, Cable, and Fiber Optic services.

 

Does anyone have a suggestion on a way to work around this issue?  It does not need to be perfect, but being able to work from home is essential, and if I can’t use TMHI to do that… it would be a deal-breaker for me.

This is what chat gpt told me: 

Yes, if your router doesn't support IPv6 transition mechanisms like NAT64 or DNS64, you can use software solutions on your computer to achieve IPv6-to-IPv4 communication. One popular option is to use a Teredo tunneling software.

Teredo is a transition technology that allows IPv6 connectivity to IPv4 hosts by encapsulating IPv6 packets within IPv4 packets. This allows IPv6 traffic to traverse IPv4 networks seamlessly. There are various Teredo tunneling software available for different operating systems. Some examples include:

1. **Miredo**: Miredo is an open-source Teredo tunneling software available for Linux, BSD, and macOS. It provides IPv6 connectivity to IPv4-only networks by encapsulating IPv6 packets in UDP/IPv4 datagrams.

2. **Microsoft Teredo**: Microsoft includes Teredo support in Windows operating systems. It's enabled by default in recent versions of Windows, allowing IPv6 connectivity over IPv4 networks. You can check if Teredo is enabled on your Windows system by running the command `netsh interface teredo show state` in Command Prompt.

3. **Teredo Tunneling Client**: There are also standalone Teredo tunneling clients available for Windows that provide similar functionality to Microsoft's built-in Teredo support. These clients may offer additional features and configuration options.

By using Teredo tunneling software on your computer, you can enable IPv6 connectivity even if your router doesn't support IPv6 transition mechanisms directly. Keep in mind that while Teredo can provide IPv6 connectivity, it may introduce additional latency and overhead compared to native IPv6 connectivity.

 

 

That's the solution, the problem is the gateway tmhi uses only users ipv6 a 128 bit compared to ipv4s 32 bit . Anyways you can use this fact to ask some questions and find other possible workaround or solutions to this issue


Basically the T-Mobile router doesn't offer NAT or DNS64 so the information sent to the networks are talking 2 different languages, my best guess is the workaround will be a router with those capabilities connected to your gateway or some sort of software for on Device based translations of the address.  Good luck let me know what you do as I'm not really a tech guy yet just learning 


My company uses Cisco AnyConnect VPN. I’ve been having all the same issues mentioned in this thread and gone down the IT rabbit hole trying to remedy this issue. Finally found a knowledgeable T-Mobile technician that explained if personal or work VPN or systems are operating on IPv4 then you need to go into your T-Mobile home internet app > select network > click “+” to add network > name network > create password > select 2.4 GHz band > select WPA/WPA2 > WPA “TKIP & AES” > then save the new network and connect. Worked out my VPN issues and my security cameras are working now.  

THANK YOU!!! My company uses the same VPN and it worked perfectly until Monday, 1/22, probably the same change you experienced. I followed your guidance and it works perfectly. I’m back to the same full speed I had previously, maybe even faster, and now I have a second home network dedicated to work from home. 

I also tried this and it worked for 24 hours and stopped working after that. My work’s IT department got me working, though. What was happening was that the vpn (when you log into AnyConnect you have to specify a vpn - something like vpn.mycompany.com) was routing me through our data center that was on the other end of the country. When they gave me a different vpn (vpn.mycompany-15.com) that was going through my local data center, then it worked! I don’t know why this was an issue just for Tmobile internet and not for my previous ISP, but I am seeing no further issues now. 


Is there a fix yet for this? I don’t really want to have to switch to another provider happy with tmobile but if my wife can’t work from home then it’s not to beneficial!


A call to support may have fixed my issue.

I have an Arkadyan home internet hotspot and my firm uses globalprotect. Traffic over VPN had always been slower, but still at ~200 Mbps for downloads. Suddenly in the last few weeks it dropped to 1Mbps for downloads which of course was unusable, and ~35 Mbps for uploads which was close to normal.

I called T-mobile support, got the worst tech support person I’ve ever had, a complete nitwit who didn’t let me finish my sentences, (“that’s just the way it works with VPN” / “I won’t be able to file a support ticket for you because this has already been reported”, etc.)  I insisted against his protests that he file a ticket and less than 24 hours later my download speeds over VPN are back to 200+ Mbps.

Based on my case, I suggest you call support and if you get somebody who’s obnoxious and incompetent and (most important) totally unhelpful, insist that they file a ticket. and then give them a 0 rating (something I’ve never done before as I always feel for the support folks).

Good luck to everyone who’s on this thread. It’s a serious problem and I hope you get it resolved.

 


https://live.paloaltonetworks.com/t5/globalprotect-discussions/cannot-connect-to-globalprotect-from-hotspot/m-p/577422#M4976

As a workaround, change your WiFi interface to a static IP with a netmask that isn't /32:
Something like:
networksetup -setmanual Wi-Fi 172.20.10.3 255.255.255.240 172.20.10.1
And when you disconnect from your hotspot and reconnect to regular wifi you would need to revert with:
networksetup -setdhcp Wi-Fi


I have been working on T Mobile for a year through my company’s Sonic Wall Net Extender VPN. No issue at all. UNTIL May 1st 2024, it broke. My IT department has tried everything. They are trying all sorts of things. Between the time they have lost, and the time I’m behind in my work, I’ve just about resigned myself to having to get rid of TMobile. It’s really been a great service, but if I can’t work from home, it’s useless. T-Mobile doesn’t even try to answer. I experienced what y’all did, four different calls, four different answers. I can’t understand why it all went haywire just like that.


We have had two different employees for two different companies who both happen to be using using the Sonicwall Global VPN client have a similar issue.

They both tried various troubleshooting and tech support calls, but nothing worked.

Upgrading to the newer router/modem solved the issues.

https://www.t-mobile.com/support/home-internet/5g-gateway-g4ar


So I’ll just throw my hat in the ring here as someone having issues.
My setup is slightly different.  I have the InseeGo FX3100 gateway/router.  For any not familiar, it’s the business device TMO sends out for users who have more technical needs.  I’ll be connecting mine to a hardware firewall, if I ever get it working properly standalone.  The basic internet is fine, but like all of you, my “VPNs” (Tailscale and Zerotier) are refusing to connect and/or transfer files with any usable speed.  I’ve spent the past 2 weeks doing not much but troubleshooting everything under the sun, including isolating the TMO service from my network completely and plugging it directly into my desktop, with no improvement.  This confirms to me that it’s 100% on the TMO side.  I’ve set my MTU to everything from 1280-1500, with no improvement.  I’ve disabled IPv6.  Nothing has helped.
I was really hoping this service would be the solution to terrible DSL, but it just may not be. 

T-Mobile, please listen to your customers, and provide some real support for this obviously widespread issue.


I have the InseeGo FX3100 gateway/router.

Oh no! I wish I saw this comment before calling up support. They are sending me this device. Has there been any improvements since you last post?


I should clarify my previous comment.  The basic connectivity issue with VPNs was solved by the new G4AR gateway as I mentioned.  However the speed issue with a VPN was not.    For those locations with T-Mobile that needed more than 10-15Mbps of performance over a VPN we had to switch to other carriers.  We spent a solid month trying to get reasonable performance out of the VPNs and T-Mobile and failed.

Several hours of tech support, multiple devices, multiple tower assignments, provisioning changes, etc..  We were going to try the 3100 gateway as mentioned, but they said the services under the hood are the same for all T-Mobile gateways now and it would not help so we did not try that one too.

The 3100 does give you access to run bridge mode with static IPs (sort of anyway) but the VPN issue they said was the same.

We never had success so I cannot comment on what happened earlier this year for others when it apparently was working.


If you like the Inseego FX3100, here is a wall mount 3D print you might find handy.

 

https://www.printables.com/model/819909-cradle-for-inseego-fx2000-and-fx3100

 

 


Reply