Question

Unable to use T-Mobile Home Internet with work VPN, any suggestions?


Userlevel 2
Badge

I’ve recently been told by work Information Services that I cannot use my work laptop with T-Mobile Home Internet.   Here is there response to my support request.

 

T-Mobile's primary service called "5G Broadband" is not true wire-to-site broadband.  While Cisco AnyConnect can work over 5G and other wireless connections, MTS does not recommend its usage unless absolutely necessary, and if you utilize a phone line such as Cisco Jabber call quality cannot be guaranteed.

The issue is that while 5G can provide broadband level speeds and bandwidth wireless solutions, such as 5G, have a higher tolerance for "packet loss."  Packet loss is when individual pieces of data are dropped/lost during transmission.  For most applications this is a minimal issue that 5G speeds may render unnoticeable, but a live connection, such as the AnyConnect VPN or Voice Over IP phone services, will experience connection degradation or be completely disconnected forcing you to reconnect.

This is not an issue MTS can mitigate.  For this reason the only recommended Internet service types are fully wired based connections including DSL, Broadband, Cable, and Fiber Optic services.

 

Does anyone have a suggestion on a way to work around this issue?  It does not need to be perfect, but being able to work from home is essential, and if I can’t use TMHI to do that… it would be a deal-breaker for me.


115 replies

Basically the T-Mobile router doesn't offer NAT or DNS64 so the information sent to the networks are talking 2 different languages, my best guess is the workaround will be a router with those capabilities connected to your gateway or some sort of software for on Device based translations of the address.  Good luck let me know what you do as I'm not really a tech guy yet just learning 

I’ve recently been told by work Information Services that I cannot use my work laptop with T-Mobile Home Internet.   Here is there response to my support request.

 

T-Mobile's primary service called "5G Broadband" is not true wire-to-site broadband.  While Cisco AnyConnect can work over 5G and other wireless connections, MTS does not recommend its usage unless absolutely necessary, and if you utilize a phone line such as Cisco Jabber call quality cannot be guaranteed.

The issue is that while 5G can provide broadband level speeds and bandwidth wireless solutions, such as 5G, have a higher tolerance for "packet loss."  Packet loss is when individual pieces of data are dropped/lost during transmission.  For most applications this is a minimal issue that 5G speeds may render unnoticeable, but a live connection, such as the AnyConnect VPN or Voice Over IP phone services, will experience connection degradation or be completely disconnected forcing you to reconnect.

This is not an issue MTS can mitigate.  For this reason the only recommended Internet service types are fully wired based connections including DSL, Broadband, Cable, and Fiber Optic services.

 

Does anyone have a suggestion on a way to work around this issue?  It does not need to be perfect, but being able to work from home is essential, and if I can’t use TMHI to do that… it would be a deal-breaker for me.

This is what chat gpt told me: 

Yes, if your router doesn't support IPv6 transition mechanisms like NAT64 or DNS64, you can use software solutions on your computer to achieve IPv6-to-IPv4 communication. One popular option is to use a Teredo tunneling software.

Teredo is a transition technology that allows IPv6 connectivity to IPv4 hosts by encapsulating IPv6 packets within IPv4 packets. This allows IPv6 traffic to traverse IPv4 networks seamlessly. There are various Teredo tunneling software available for different operating systems. Some examples include:

1. **Miredo**: Miredo is an open-source Teredo tunneling software available for Linux, BSD, and macOS. It provides IPv6 connectivity to IPv4-only networks by encapsulating IPv6 packets in UDP/IPv4 datagrams.

2. **Microsoft Teredo**: Microsoft includes Teredo support in Windows operating systems. It's enabled by default in recent versions of Windows, allowing IPv6 connectivity over IPv4 networks. You can check if Teredo is enabled on your Windows system by running the command `netsh interface teredo show state` in Command Prompt.

3. **Teredo Tunneling Client**: There are also standalone Teredo tunneling clients available for Windows that provide similar functionality to Microsoft's built-in Teredo support. These clients may offer additional features and configuration options.

By using Teredo tunneling software on your computer, you can enable IPv6 connectivity even if your router doesn't support IPv6 transition mechanisms directly. Keep in mind that while Teredo can provide IPv6 connectivity, it may introduce additional latency and overhead compared to native IPv6 connectivity.

 

 

That's the solution, the problem is the gateway tmhi uses only users ipv6 a 128 bit compared to ipv4s 32 bit . Anyways you can use this fact to ask some questions and find other possible workaround or solutions to this issue

I was so happy to be able to ditch Xfinity but now I am recognizing I made a horrible mistake switching to TMobile. If only the sales rep would've saved me some time to let me know I wouldn't be able to work from home using T-Mobile because I require a VPN. That would've been honest business. Instead I have wasted hours this week. 

Thankfully, my chat with T-Mobile tech support this morning resulted in them telling me that if my VPN is an IP6TMobile is only IP4 therefore "TMobile may not be a good fit for me."

 

The rep also said she would flag my account with the note that there was nothing wrong with their devices that it was all on my end. Noice.

 

I tried this afternoon to shut off my VPN and it took a while, but my Teams' meetings video and audio significantly improved. But there's no way I can work without using my VPN because I won't have access to any of my work files. I can't try the other fixes here because I do not have the ability to use a command line on my work laptop for security purposes. 
 

So I just want to thank all the contributors to this thread who have validated that TMobile does not want work from home customers. I will be telling all of my colleagues the truth, since they were like me very intrigued about switching to TMobile and getting the heck away from Xfinity but now it looks like we're stuck and I have to go crawling back to Xfinity or hope and pray something improves on my Internet connection in the next 48 hours.

I had an issue with constant disconnects from my personal VPN using IKEv2 with the Sagemcom 5688. If I were downloading a large file, the connection would invariably freeze right around the 250MB point. If I attempted to run a speed test, the download would work but I’d immediately get a “socket error” when the upload test tried to start.

It took a lot of time and research to find a workaround, but it can be done by using PowerShell to set the “PfsGroup” parameter to “none” as described here:

https://learn.microsoft.com/en-us/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=windowsserver2022-ps

It’s not a task for amateurs but if you know what you’re doing and are experiencing the same issues, it absolutely works.

I thought I’d give a bit more information about my previous post. Let me mention a couple of DONT’S first though.

  1. Don’t try this on your work VPN without discussing it with your IT administrator first. The settings may not be compatible with the protocols used by your company.
  2. This command worked with Nord VPN, I’m not sure if it will work with others as each VPN has different encryption algorithms. If you do try it with another provider and it doesn’t work, you can always delete the IKEv2 adapter and recreate it using the instructions on Nord’s “How to manually set up an IKEv2 connection in Windows”.
  3. To make sure you are having the same issues that I had before running the command, go to a site like https://www.buildsometech.com/download-test-files/ , scroll down the page a bit and attempt to download the 1GB test file. If the download fails (freezes) after only downloading 250MB, then this should work for you.
  4. If the connection does freeze, disconnect from the IKEv2 VPN, open a command prompt (as administrator) and enter the following commands:
  5. ipconfig /release
  6. ipconfig /renew      (these commands will unfreeze your interconnection and you should be able to browse the web again. Don’t try to reconnect to the VPN until you complete the rest of the steps.

Having said that, let’s say that your IKEv2 connection’s server address is “us8200.nordvpn.com”.

Open PowerShell by right-clicking it and select “Run as Administrator” (you’ll find it at the bottom of the programs in the Start Menu by scrolling all the way to the bottom).

After you change the server address from “us8200.nordvpn.com” in this command with the server that you are actually using (it’s easiest to copy/paste this command into notepad and make that edit there), copy the entire command, paste it into PowerShell, and hit “enter”. You want to do this while you’re not connected to the VPN.

Set-VpnConnectionIPsecConfiguration -ConnectionName "us8200.nordvpn.com" -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES256 -DHGroup ECP384 -EncryptionMethod GCMAES256 -IntegrityCheckMethod SHA384 -PfsGroup None -PassThru -Force

(note: this is similar to the command that fixes the “Policy Mismatch Error” that can some of you may have had to run when initially setting up your connection, but the parameters are different so don’t give up on trying this if you’ve done that before and suspect that this one won’t fix the problem.)

The command should run without errors, and should show that you’ve changed the IPSEC/IKEv2 parameters.

Again, remember to change the server name to the one you already have setup.

If the command completes succsessfully, connect to the VPN server that you updated (a reboot is not necessary), and attempt to download the 1GB file again. It should download successfully, and you should no longer have problems with the connection “freezing” after a period of time.

I hope this is helpful for a few people. I’ve had no problems staying connected for a week now using this method.

Best Regards,

Johnny

 

 

My company uses Cisco AnyConnect VPN. I’ve been having all the same issues mentioned in this thread and gone down the IT rabbit hole trying to remedy this issue. Finally found a knowledgeable T-Mobile technician that explained if personal or work VPN or systems are operating on IPv4 then you need to go into your T-Mobile home internet app > select network > click “+” to add network > name network > create password > select 2.4 GHz band > select WPA/WPA2 > WPA “TKIP & AES” > then save the new network and connect. Worked out my VPN issues and my security cameras are working now.  
 

this helped my issue! Plus I swapped out my box  

 

I had an issue with constant disconnects from my personal VPN using IKEv2 with the Sagemcom 5688. If I were downloading a large file, the connection would invariably freeze right around the 250MB point. If I attempted to run a speed test, the download would work but I’d immediately get a “socket error” when the upload test tried to start.

It took a lot of time and research to find a workaround, but it can be done by using PowerShell to set the “PfsGroup” parameter to “none” as described here:

https://learn.microsoft.com/en-us/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=windowsserver2022-ps

It’s not a task for amateurs but if you know what you’re doing and are experiencing the same issues, it absolutely works.

I changed the MTU on my company laptop and it works fine now. Make sure it’s lower than 1350.

Badge

I got the the white device, the 

https://www.t-mobile.com/support/home-internet/5g-gateway-g4ar

That didn’t solve my VPN Issue. My work uses Cisco-Meraki

Any ideas?

 

Hello - First, thank you to all who have posted and tried to resolve this.  I am happy to say that changing to the TMO-G4SE 5G Gateway Wht Kit resolved my issues entirely. 

I’m happy to report that all is good now.  I only wish T had sent a blanket email out the very minute they fixed it instead of letting us have to figure it all out for ourselves. It would have saved a lot of aggravation.

Carry on. LOL.

I still haven’t had time to call them. Hopeing for good things

 

I just spoke with Louis at support - there seems to have been an update pushed out on 2/27/2024 (he couldn’t confirm), and all I had to do is reset my modem/router and I am able to use my VPN again. I have AT&T Global Network Client VPN and the Sagemcom model modem/router.

Hopefully this saves others some agravation.

One of my problems isn’t device specific. With the SIM in other modems and phones one of the lines is still throttled to 0.01mbps both up and down.

I’ll report back when I finally do have time to call.

 

TLDR; The guy that actually knew his stuff said there are know issues with specifically the Sagemcom unit and VPN usage. I still have yet to test his theory, but how others here have mentioned adding a double NAT router or changing your devices MTU make sense. So this seems to be isolated to the Sagemcom unit. You should be able to go to any store and request a newer (Nokia) or older unit, both other which do not have issues with VPN. You will be charged an activation when switching units, but should have luck calling into support for a credit. Note billing issues cannot be handled in the store and only over the phone or internet with overseas support.

 

 

15 minutes in, I’m on my 6th transfer to the same department that can’t handle business accounts.

 

So that’s 10 minutes listening to pop music on full blast.

 

7th transfer, got an English speaking rep in NC. But he can’t help with business either. Told me the online account side of things for business had been royally messed up and they don’t even have the resources to know how to contact the business center. I could tell he was really trying and did give me some useful information as to the numbers of the different lines, and what actually happened here.

 

So here’s what happened:

I have had a business account with T-Mobile for a long time. I had many lines on this account, all with the same exact service.

When I get the home internet units on this fully unlimited plan, I remove the SIM cards and use them in enterprise cellular modems (the ones used in military and law enforcement applications). They are used as a redundancy to VPN tunnels for voice and point of sale applications.

 

Whoever added the last line selected a different 100GB capped service - so that’s one issue solved.

 

Then he indicated there are issues with VPN and specifically the Sagemcom unit.

 

He warm transferred me to business billing. They then proceeded to give me access to an online business account as a master admin that wasn’t even my company. LOL

 

TLDR because I’m tired of typing, what a joke, but after a hilarious and painful 90+ minute phone call, I myself was able to get things sorted out for T-Mobile.

Also, I was able to finesse a nice $130 credit. I figured that was fair for the time I have wasted with them on the phone.

I’m happy to report that all is good now.  I only wish T had sent a blanket email out the very minute they fixed it instead of letting us have to figure it all out for ourselves. It would have saved a lot of aggravation.

Carry on. LOL.

I still haven’t had time to call them. Hopeing for good things

 

I just spoke with Louis at support - there seems to have been an update pushed out on 2/27/2024 (he couldn’t confirm), and all I had to do is reset my modem/router and I am able to use my VPN again. I have AT&T Global Network Client VPN and the Sagemcom model modem/router.

Hopefully this saves others some agravation.

One of my problems isn’t device specific. With the SIM in other modems and phones one of the lines is still throttled to 0.01mbps both up and down.

I’ll report back when I finally do have time to call.

 

TLDR; The guy that actually knew his stuff said there are know issues with specifically the Sagemcom unit and VPN usage. I still have yet to test his theory, but how others here have mentioned adding a double NAT router or changing your devices MTU make sense. So this seems to be isolated to the Sagemcom unit. You should be able to go to any store and request a newer (Nokia) or older unit, both other which do not have issues with VPN. You will be charged an activation when switching units, but should have luck calling into support for a credit. Note billing issues cannot be handled in the store and only over the phone or internet with overseas support.

 

 

15 minutes in, I’m on my 6th transfer to the same department that can’t handle business accounts.

 

So that’s 10 minutes listening to pop music on full blast.

 

7th transfer, got an English speaking rep in NC. But he can’t help with business either. Told me the online account side of things for business had been royally messed up and they don’t even have the resources to know how to contact the business center. I could tell he was really trying and did give me some useful information as to the numbers of the different lines, and what actually happened here.

 

So here’s what happened:

I have had a business account with T-Mobile for a long time. I had many lines on this account, all with the same exact service.

When I get the home internet units on this fully unlimited plan, I remove the SIM cards and use them in enterprise cellular modems (the ones used in military and law enforcement applications). They are used as a redundancy to VPN tunnels for voice and point of sale applications.

 

Whoever added the last line selected a different 100GB capped service - so that’s one issue solved.

 

Then he indicated there are issues with VPN and specifically the Sagemcom unit.

 

He warm transferred me to business billing. They then proceeded to give me access to an online business account as a master admin that wasn’t even my company. LOL

 

TLDR because I’m tired of typing, what a joke, but after a hilarious and painful 90+ minute phone call, I myself was able to get things sorted out for T-Mobile.

I’m happy to report that all is good now.  I only wish T had sent a blanket email out the very minute they fixed it instead of letting us have to figure it all out for ourselves. It would have saved a lot of aggravation.

Carry on. LOL.

I still haven’t had time to call them. Hopeing for good things

 

I just spoke with Louis at support - there seems to have been an update pushed out on 2/27/2024 (he couldn’t confirm), and all I had to do is reset my modem/router and I am able to use my VPN again. I have AT&T Global Network Client VPN and the Sagemcom model modem/router.

Hopefully this saves others some agravation.

One of my problems isn’t device specific. With the SIM in other modems and phones one of the lines is still throttled to 0.01mbps both up and down.

I’ll report back when I finally do have time to call.

I’m happy to report that all is good now.  I only wish T had sent a blanket email out the very minute they fixed it instead of letting us have to figure it all out for ourselves. It would have saved a lot of aggravation.

Carry on. LOL.

I just spoke with Louis at support - there seems to have been an update pushed out on 2/27/2024 (he couldn’t confirm), and all I had to do is reset my modem/router and I am able to use my VPN again. I have AT&T Global Network Client VPN and the Sagemcom model modem/router.

Hopefully this saves others some agravation.

Sorry. I knew that was going to sound funky. Basically a refresh on your line, port, whatever it is that makes your line "your" line. I'm not hip on the IT lingo. I'm old school POTS guy. LOL.

I’m an old school POTS guy turned digital. I do it all.

I need to call them anyway to waive activation fees of their modems that don’t even work and lines I cancelled but got charged for anyway.

I figured a few calls would probably get things working again. But I have to ask myself, at what cost of my time?

Sorry. I knew that was going to sound funky. Basically a refresh on your line, port, whatever it is that makes your line "your" line. I'm not hip on the IT lingo. I'm old school POTS guy. LOL.

I’m glad I found this thread. As of the same date everyone here is having issues, I am as well.

I use these under a business account for multiple locations and I currently have 3 deployed.

As of the same date of you issues, end of January 2024, two of the lines started having problems. VPN does not work to connect to critical cable systems I need to maintain, and one line is throttled to 0.01mbps with low usage, and I’ve tried the SIM in enterprise cell modems and other tmo boxes, same throttling.

So since late Jan 2024, lines are being throttled with low usage for no reason and OVPN, Wireguard, and oither VPNs no longer work.

Also issues with streaming services for no reason.

I guess I’m switching away. I wondered if $55/month unlimited on a cell network was too good to be true. I liked how it was impervious to utility and power failures with a battery backup but I’ll have to use other carriers with an enterprise modem instead.

Go ahead and call in to repair and have them do a reset on your account.  So far, so good, but it’s only been an hour. Hah. I hope others see this thread also.  It’s been a tough month.

What exactly does an “account reset” do? LOL

I’m glad I found this thread. As of the same date everyone here is having issues, I am as well.

I use these under a business account for multiple locations and I currently have 3 deployed.

As of the same date of you issues, end of January 2024, two of the lines started having problems. VPN does not work to connect to critical cable systems I need to maintain, and one line is throttled to 0.01mbps with low usage, and I’ve tried the SIM in enterprise cell modems and other tmo boxes, same throttling.

So since late Jan 2024, lines are being throttled with low usage for no reason and OVPN, Wireguard, and oither VPNs no longer work.

Also issues with streaming services for no reason.

I guess I’m switching away. I wondered if $55/month unlimited on a cell network was too good to be true. I liked how it was impervious to utility and power failures with a battery backup but I’ll have to use other carriers with an enterprise modem instead.

Go ahead and call in to repair and have them do a reset on your account.  So far, so good, but it’s only been an hour. Hah. I hope others see this thread also.  It’s been a tough month.

I’m glad I found this thread. As of the same date everyone here is having issues, I am as well.

I use these under a business account for multiple locations and I currently have 3 deployed.

As of the same date of you issues, end of January 2024, two of the lines started having problems. VPN does not work to connect to critical cable systems I need to maintain, and one line is throttled to 0.01mbps with low usage, and I’ve tried the SIM in enterprise cell modems and other tmo boxes, same throttling.

So since late Jan 2024, lines are being throttled with low usage for no reason and OVPN, Wireguard, and oither VPNs no longer work.

Also issues with streaming services for no reason.

I guess I’m switching away. I wondered if $55/month unlimited on a cell network was too good to be true. I liked how it was impervious to utility and power failures with a battery backup but I’ll have to use other carriers with an enterprise modem instead.

2024-02-28: After working with my work IT folks for a month, finding out about this known issue with T-mobile/Global Protect and reading this thread, I called T-Mobile to report the problem and potentially threaten to leave the service. Service rep Keisha found some information and said it had been fixed two days ago. She had me unplug the combination modem/router from the wall, wait a couple of minutes while she did something, then plug it back in. Once it was up, she had me try the VPN again, and IT WORKED. So I recommend calling T-Mobile and telling them what you read here. 

Thank you for posting on here today.  I just got off the phone with a repair rep and he supposedly did the same for me.  We are connected, but I’ll reserve judgment for the next few days.  I’ve got a Verizon gateway on the way and after all this, if it’s working correctly, I won’t have to take it out of the box.

 

Thanks again.

2024-02-28: After working with my work IT folks for a month, finding out about this known issue with T-mobile/Global Protect and reading this thread, I called T-Mobile to report the problem and potentially threaten to leave the service. Service rep Keisha found some information and said it had been fixed two days ago. She had me unplug the combination modem/router from the wall, wait a couple of minutes while she did something, then plug it back in. Once it was up, she had me try the VPN again, and IT WORKED. So I recommend calling T-Mobile and telling them what you read here. 

Let me first say that I’ve been a T-Mobile fan boy ever since I signed up.  

When I first got TMHI, it worked like a champ.  My wife logs into PaloAlto GlobalProtect everyday. Worked.  Worked better than my previous fiber connection which seemed to need too many reboots to work, which is why I moved to unwired internet.

Then out of the blue, VPN stopped working, but EVERYTHING else still worked.  Naturally, I thought it was the VPN issue. Called into TM support, and was told it was an issue between GlobalProtect and TMobile and that they were working on it with no ETA.

I started Googling the issue and found that there were numerous complaints about the same problem in this community. I tried everything that has been suggested with little success.  The most success I had was yesterday.  I decided to factory reset my Sagemcom. When it got to the part when the app asked me to update, I closed the app.  I checked the connection to the VPN and to my surprise, everything worked.  Outlook, TEAMS, the internet, and everything else my wife logs into. It worked for about 4 hours.  Unfortunately for me, I had posted on another thread about what I did to get it to work and what I thought about TMobile’s culpability about it.

After about 3 hours after I posted about it on the other thread, the troubles started again. Not only with the gateway, but my Linksys mesh network connected to it, which was a first. It’s possible that my Linksys issue is a coincidence.

So, I’ve got opinions. LOL. First, I think it’s pretty repugnant that TMobile would let us sway in the wind like this.  They have known that the update they pushed to our gateways caused the VPN connection issue. I suspect it’s gotta be a business decision.  They probably didn’t foresee how many users were going to use their service to connect to their work VPN servers.  There must be a great amount of data that is being used. If it was the VPN companies issue, why was I able to login to their network and use it flawlessly for so long? When I did start having trouble, there was a message on the gateway stating that there was a problem and to reboot? Also, I imagine that a T-Mobile moderator cruises these threads and I may have opened myself up to a targeted whatever you wanna call it. Again, I could be reaching.

Anyway, I’m very disappointed in how TMobile has dealt with this. I don’t like being lied to. If they had any intention to fixing the issue, they would have pushed a firmware patch weeks ago. I do not buy the “we didn’t know” or “we just found out and we’re trying to fix it” pitch. 

Good luck to the rest of you.  I moving on to a different provider. 

 

Ran into the same issue today (Cisco AnyConnect VPN wasn’t working) and ran across this forum post. Called into TMobile internet tech support and spoke to someone who was knowlegeable about the issue. He said that this was a known issue for the Sagemcom manufactured routers but not for any other manufacturer. The only ones that he could order to ship to me as an exchange were the same manufacturer, but fortunately a TMobile store near me had a Nokia one that they were able to exchange super fast (I still had the original box for my non-working one). Got the Nokia one set up and successfully connected to my VPN!

Is it still working?

Ran into the same issue today (Cisco AnyConnect VPN wasn’t working) and ran across this forum post. Called into TMobile internet tech support and spoke to someone who was knowlegeable about the issue. He said that this was a known issue for the Sagemcom manufactured routers but not for any other manufacturer. The only ones that he could order to ship to me as an exchange were the same manufacturer, but fortunately a TMobile store near me had a Nokia one that they were able to exchange super fast (I still had the original box for my non-working one). Got the Nokia one set up and successfully connected to my VPN!

Userlevel 1

After an hour of going back and forth with Customer service reps and technicians, they gave me this solution.

T-Mobile home internet app > select network > click “+” to add network > name network > create password > select 2.4 GHz band > select WPA/WPA2 > WPA “TKIP & AES” > then save the new network and connect.

The thing is it works but lagging like crazy, can't don't anything. I use Cisco AnyConnect as a requirement from the company and it has been a disaster since I switched from Spectrum to T-Mobile home Internet since the first week of February. Even after this thread, it seems like they still haven't come up with any better solution. I missed my Teams meetings and deadlines while I am working from home. I am on the brink of losing my job. I will wait until this weekend and if it doesn't work out, might as well get Spectrum back. Very frustrating.


I tried this and it does not work for me.  My OpenVPN VPN connection still does not work.  With my other ISP VPN works fine.  It worked fine with T-Mobile Home Internet with the Sagemcom gateway a few weeks ago.  I assume it’s the 1.2AC firmware update that broken VPN.

Reply