Question

GlobalProtect VPN not working with T-Mobile


Badge

I have seen several posts about VPNs not working with T-Mobile Home Internet. What is T-Mobile's plan to address this? I contacted my corporate IT department and they said it's not their VPN. All works fine on my old ATT home internet and Verizon Hotspot (work cell). Maybe I should drop T-Mobile Home Internet and go back to ATT.


32 replies

Try lowering you MTU value on the VPN connection. I could connect with Global Connect and use network resources, but couldnt use internet or teams video while connected. Which really sucked as some of our stuff is web based. So I was constantly connecting and un-connecting to VPN depending on what info I needed, and where it was (web or office network) After running a ping test, I had to lower my MTU to around 1340 from the default of 1500. Once I did that, I stopped losing internet connection everytime I connected to VPN, and video in Teams worked as well. I stay connected to VPN for my work day with no issues now. I noticed that even outside of VPN, the router doesnt accept the default 1500 MTU size. I lowered it to around 1460 I believe. Not a lot, but it stopped the bottleneck at the router. I have the latest firmware for comparison.

for Windows, go to a command prompt and type this in

ping www.yahoo.com -f -l 1500

If it comes back saying fragmented, run it again dropping it to 1400. Keep dropping it until the ping successfully completes. Then move the value back up by 10 until it fragments again. Then back it down by 1 or 5 until it completes again. Once you find it, that is the optimum MTU value your router will successfully pass while running VPN. Anything larger, and you will get a packet bottleneck at the router, degrading some of your services like internet etc.

look up how to change the MTU value on the network interface once you find it. Make sure you run the test WHILE VPN is connected, as that interface is only running while connected to VPN.

Badge

Got my Tmobile Home Internet yesterday and having same issue, will call Tmobile to rollback the firmware for Global VPN fix. Any issues on network speed by rolling back the firmware?

No need to rollback. Update to the latest 1609 version instead.

Yes, called Tmobile and updated my firmware to .1609 and Global VPN works now.
But I do notice that my speed is reduced when connected to the Global VPN, download speed reduces by a factor 2x and upload speed reduces by a factor of 10x. So when working on my remote desktop through VPN connection it is choppy/laggy.
Hoping this is a temporary issue hate to switch back to spectrum as Tmobile is faster and cheaper.  

Most VPNs adds overhead to the internet connection that usually slows down your internet speed throughput. Maybe ask your work if they can enable split-tunneling for their VPN? That might help with the internet speed throughput reduction with VPN.

Got my Tmobile Home Internet yesterday and having same issue, will call Tmobile to rollback the firmware for Global VPN fix. Any issues on network speed by rolling back the firmware?

No need to rollback. Update to the latest 1609 version instead.

Yes, called Tmobile and updated my firmware to .1609 and Global VPN works now.
But I do notice that my speed is reduced when connected to the Global VPN, download speed reduces by a factor 2x and upload speed reduces by a factor of 10x. So when working on my remote desktop through VPN connection it is choppy/laggy.
Hoping this is a temporary issue hate to switch back to spectrum as Tmobile is faster and cheaper.  

Badge

Got my Tmobile Home Internet yesterday and having same issue, will call Tmobile to rollback the firmware for Global VPN fix. Any issues on network speed by rolling back the firmware?

No need to rollback. Update to the latest 1609 version instead.

Got my Tmobile Home Internet yesterday and having same issue, will call Tmobile to rollback the firmware for Global VPN fix. Any issues on network speed by rolling back the firmware?

Badge

Just checked this morning and I see that my T-Mobile Internet Gateway is now on the newer 1609 version. My GlobalProtect VPN now works with no issue (so far)! <knock on wood> I am now able to use Remote Desktop to my desktop computer in the office as well as access internal work sites.

Badge

Ugh! Just got my T-Mobile 5G Internet Gateway and it came with .0178 software version. Internet speeds are great at 500 down and 50 up! (Los Angeles area btw)

However, I am having the Global Protect VPN issue where it connects but I can’t use Remote Desktop to my office computer or access any of our internal sites.

After reading posts on this forum, I called T-Mobile Support to upgrade my firmware version to the newer .1609 version. They told me it may take up to a day. Keeping fingers crossed that the new .1609 version fixes the Global Protect VPN issue!

 

For ordinary computer users understanding how VPN works is not a fun task, while most Americans even never heard the word. If you are a T-Mobile user, VPN setting issues can be resolved without inventing a new wheel or spending a whole day for settings unless you enjoy it. 

 

This was my solution which was reasonably quick and trouble-free. After I read articles above posted by other frustrated users (or grateful pioneers) I called T-Mobile tech support and pinpointed what I should ask for. The tech guy understood the task immediately and jumped into the “upgrading” a feature in my modem. He called back about 20 min later to declare the success. I like T-Mobile once again.

Hey all,

 

Same problem as most, wife’s now WFH and her work laptop’s VPN GlobalProtect would connect, but upon connecting, she couldn’t actually access any sites.   And her work was unwilling to make the MTU adjustment.

 

Called T-Mobile Home Internet Tech Support at 844-275-9310, tonight on Sept 2nd 2021.  After a decent hold time, the representative got on the line, told him we had the GlobalProtect conflict, and he seemed to know immediately what to do.

 

Interesting part is I asked him what they were going to do, and he said they would NOT roll back to .168.  Instead, he said T-Mobile has recognized they had issues with not only GlobalProtect but also other VPNs (believe he mentioned Cisco), and so their engineers have been working on it. 

 

He then remotely put our router on version 1.2101.00.1609.  (before the call we were on .0178). My wife then got on GlobalProtect, tested all her apps, and at least with a few minutes of testing everything seems to be working well now. 

 

Thanks for everyone who posted info about this problem on this thread.  **hopefully** it’s fixed now with this .1609 update that we just got.  A few more days’ testing time will conclude one way or the other.

I just received my Gateway over the weekend & ran into this problem w/GlobalProtect this past Monday.  Microsoft Outlook & Teams worked fine, but no web access.  As of Tuesday, the 24th, at least here in the Washington, DC, area, T-Mobile’s solution is still to roll back the firmware.

My symptom was a little unique, but it might help somebody else with the same issue.

I was able to successfully connect thru GlobalConnect, however occasionally I would lose internet connectivity.  Of greater importance, I was unable to maintain a RDP connection to Windows Servers (2016 and 2019).  I could connect to the server, however it would drop after 20-30 seconds.  RDP connections to Workstations running Windows10 worked fine.

T-Mobile support downgraded my firmware to .0168 (as mentioned above).  My RDP sessions are now working as expected.

Also as mentioned above, as soon as I said “Global Protect” to the T-Mobile support person, they immediately knew what to do (downgrade the firmware).

Change Windows MTU Size

3. As mentioned on the above replies. credit Rich T, Type the following: 

netsh int ipv4 set subinterface “Ethernet 2” mtu=1300 store=persistent

Replace “Ethernet 2” (keep the quotes) with whatever name your computer uses for the globalprotect virtual interface in ipconfig.

Confirmed this one works on Cisco Meraki VPN.  My VPN was connecting intermittently.  When connected, download speed was only ~45kbps.  It was enough to see files on the network but took forever to download anything, and was unable to load any website.  Once I changed the mtu size from the default 1400 to 1300, everything works just fine.  My gateway has .178 firmware.

 

I had the same issue as everyone was saying. I called the support, they rolled back firmware version to 0168 on the device. But i still not able to access internet while i am on VPN. I am able to connect but unable to access internet over VPN.

Userlevel 5
Badge +3

With any luck the new firmware they started rolling out last week will finally resolve the VPN issues.

 

Now if they could just put a proper dual-stack configuration in place so port forwarding would work....

I ended up calling T-Mobile support, and was pleasantly surprised to be quickly connected to a knowledgeable support rep. who instantly -- as soon as I said the words “GlobalProtect VPN” -- knew what to do.  He rolled back my firmware to the prior version (168) and my issues immediately resolved.

 

 

Lowering the MTU to 1350 worked for me !

I’m experiencing this same issue and it seems there are two possible solutions -- 1. Get my corporate IT to drop GlobalProtect’s MTU setting to 1300, or 2) Get T-Mobile to roll back the gateway firmware version to 168 (and turn off firmware auto-updates).

Is one solution better than the other?  Do both?  Go back to Cox?

Advice appreciated,

Superfly

Badge

Not sure I understand the why??but all webpages and my cloud providers load just fine for me? I have private Internet access as a VPN and have no problems, download speeds are slowed down a bit with the VPN on but that was true with my last service provider. 

Fixed immediately … T-Mobile tech rep advised they need to downgrade my gateway firmware and they set to stop automatic update to prevent reverting to the update. Fixed it immediately. Unreal that he was only T-Mobile rep who had this knowledge,

 

needed to downgrade to ..,,168 from ..,178

see below 


 

WRONG;


 

Correct firmware version:

 


 

 

This solved my problem and the T-Mobile rep took care of this very quickly for me when I called and asked to have my firmware update rolled back.  Thanks for sharing!!!

“Trash Can” = the grey, cylinder modem/router from T-Mobile lol. It looks like a trash can

Trash can?

it depends if your company infrastructure is ready to handle IPv6

This is strange. My trash can is on firmware .0178 and my company uses GlobalProtect VPN and I’m able to connect every day without any problems. Occasionally a page will fail to load and I have to refresh a few times, but that’s the only issues I’ve noticed. In fact, it wasn’t until my trash can upgraded to .0178 that I was even able to connect to my work VPN.

Maybe it’s a setting on your company’s VPN and not T-Mobile? \_0_/

Fixed immediately … T-Mobile tech rep advised they need to downgrade my gateway firmware and they set to stop automatic update to prevent reverting to the update. Fixed it immediately. Unreal that he was only T-Mobile rep who had this knowledge,

 

needed to downgrade to ..,,168 from ..,178

see below 


 

WRONG;


 

Correct firmware version:

 


 

 

It took a while, but I finally got my IT dept to lower the MTU for me.  They refused to use netsh for some reason, but they were able to set it through group policy, or maybe it was a registry setting, I forget.  Anyway, they set it to 1350, and everything seems to be working now.

Also confirmed reducing MTU value in netsh configuration resolved GlobalProtect VPN issue for Windows 10. 

NOTE: You need root/admin access to be able to change it through command line.

1. While connected to VPN, open a Command Prompt CMD (Right Click CMD -> Run Ad Administrator)

2. To verify your Virtual Ethernet Adapter Interface, Type the following:

netsh interface ipv4 show subinterfaces

Change Windows MTU Size

3. As mentioned on the above replies. credit Rich T, Type the following: 

netsh int ipv4 set subinterface “Ethernet 2” mtu=1300 store=persistent

Replace “Ethernet 2” (keep the quotes) with whatever name your computer uses for the globalprotect virtual interface in ipconfig.

4. Test your sites

Browse some Corp and Internet sites while connected to the VPN.

Note: You may have to restart your VPN connection by disconnecting and reconnecting. 

Allso ref: https://amithkumarg.medium.com/resolved-t-mobile-home-internet-vpn-issue-2f5ca594c23e

Reply