Question

NOK 5G21 home internet VPN issue

  • 22 January 2021
  • 17 replies
  • 2915 views

Userlevel 1
Badge

I got this new 5G gateway and satisfied with speed and stability.

However, I am having problem with using VPN, and this will be a deal breaker.

User interface is so basic, and APN setup is not present.

BTW, the same VPN setup works fine with the Spetrum cable internet.

I hate Spectrum but have to return this T Mobile home internet gateway if VPN issue is not fixed.

Does anyone  else have VPN issue like me?


17 replies

Userlevel 3
Badge

Almost everybody has VPN issues with the Nokia 5G gateway.  Does not look like T-MO cares.

Surf around on Reddit, way more active users over there:

https://www.reddit.com/r/tmobileisp/

Userlevel 1
Badge

Almost everybody has VPN issues with the Nokia 5G gateway.  Does not look like T-MO cares.

Surf around on Reddit, way more active users over there:

https://www.reddit.com/r/tmobileisp/

Thanks for the link.

I am disappointed that TMobile and Nokia are using us as beta testers.

VPN is must to have when so many people are working from home these days. I am surprised that they did not verify the VPN functionality before rolling out NOK5G21 and its user interface.

Technical support doesn’t have much knowledge on VPN and not realize the severity of this issue. As much as I am rooting for T-Mobile’s success beating out the existing the cable providers, I am certainly concerned about its speed and ability to resolve this issue.

I use PIA as my VPN for streaming. It did not work until a went into settings and turned on the switch to lower the packet size. Works fine now. However, the download is slower, by that is a common with any VPN. Even with the VPN on, T-Mobile 5g21 is faster than My AT&T simcard wireless setup. 

Got my gateway 3 days ago. No success accessing my employer VPN either. I will call IT and TMO support...

Userlevel 1
Badge +1

Just a note….I use Cisco AnyConnect for VPN services with work and I have NOT had any issues connecting.

I also use Cisco AnyConnect VPN for my work computer--my wife does as well--and neither of us have had problems.  For reference, the Nokia is connected to a mesh through an ethernet, and I set the mesh to AP mode, since there was no option for bridge mode on the Nokia.

An update… so my Cisco AnyConnect VPN still works great but my NordVPN for personal use kills my internet access when I allow it to automatically select the VPN protocol or if I manually select IKEv2.  It works fine, however, if I select UDP or Nordlynx.

Userlevel 3
Badge

Well at least your Gateway works, 6 weeks of trying for me, at first it was good but still had to be rebooted every day, then one day the 5g signal gave up and I was stuck with SLOW speeds. 

I HATE Spectrum but had to go back to them. The Good news is you can sign up with Spectrum online, if its been almost 30 days, you will get the $49 price for 1 year which is what I did, no contract and if TMobile ever gets their act together I will go back sooner and if not I will wait the one year and try again.

I have the white Askey router and use Cisco AnyConnect for VPN for work.  For about three months the T-Mobile service was near perfect.  Now I have experienced multiple days on and off where my max speed over VPN is less than 1 mbps while off VPN I consistently have 150 / 50 mbps (or better!).  I’ve reset my router to factory defaults without any luck.  The intermittent connectivity is absolutely maddening and I know for certain nothing was changed on the side of the work VPN.   T-Mobile just blames my work vpn for being IVP4 only.  

 

Using Cisco AnyConnect VPN which works fine but my company also uses VeloCloud SD-WAN for teleworkerswhich is unable to establish tunnels.  A PCAP shows the VCE sending its tunnel establishment traffic using UDP 2426 but not getting any return traffic.  Ping and other traffic works fine.  Any idea if UDP 2426 VPN traffic is being blocked?

I made the below changes to NordVPN and it I was able to connect without issue:

  • Make sure your protocol is OpenVPN
  • Change your connection type to TCP
  • Change your configuration method to Static

 

The suggestion came from a separate post:

 

Userlevel 1

Try lowering the MTU and see if fixes your issue too. Here is a blog to help anyone with troubleshooting and resolving the issue:
https://amithkumarg.medium.com/resolved-t-mobile-home-internet-vpn-issue-2f5ca594c23e

Thank you amithkumarg, that fix worked perfectly for me!

Just received the NOK 5G21 today 8/27/21.  (gray cylinder)

Setup went smoothly.  Signal showing 3 bars.   Ran speed test on PC was OK ~40 down, ~30 up.

But then on PC connected Cisco Anyconnect VPN (v4.8) and speed went to almost zero.

Called support, they indicated it came with the 178 version.   To allow Cicso Anyconnect VPN to work they would need to change software to version 168….that will take about 30 min, will then call me back

Support also said in a few days it will automatically upgrade to 169 version and VPN will still work

We’ll see...

 

Userlevel 4
Badge +5

Just received the NOK 5G21 today 8/27/21.  (gray cylinder)

Setup went smoothly.  Signal showing 3 bars.   Ran speed test on PC was OK ~40 down, ~30 up.

But then on PC connected Cisco Anyconnect VPN (v4.8) and speed went to almost zero.

Called support, they indicated it came with the 178 version.   To allow Cicso Anyconnect VPN to work they would need to change software to version 168….that will take about 30 min, will then call me back

Support also said in a few days it will automatically upgrade to 169 version and VPN will still work

We’ll see...

 

I have 

1.2101.00.1609 just came last nite no issues with 3 different VPN’s including Cicso Anyconnect.

Just received the NOK 5G21 today 8/27/21.  (gray cylinder)

Setup went smoothly.  Signal showing 3 bars.   Ran speed test on PC was OK ~40 down, ~30 up.

But then on PC connected Cisco Anyconnect VPN (v4.8) and speed went to almost zero.

Called support, they indicated it came with the 178 version.   To allow Cicso Anyconnect VPN to work they would need to change software to version 168….that will take about 30 min, will then call me back

Support also said in a few days it will automatically upgrade to 169 version and VPN will still work

We’ll see...

 

Device has upgraded to 1.2101.00.1609 version

When I do https://www.speedtest.net/  now with TMobile 

(still showing same 3 bars signal strength on device)

TMobile Off VPN:  100 down, 35 up

TMobile On VPN:  10 down, 10 up

as compared to Spectrum cable internet

Spectrum Off VPN: 130 down, 12 up

Spectrum On VPN: 45 down, 11 up

 

I’ll see how it goes using VPN with TMobile for next few days before making decision whether to keep or not

 

 

 

 

 

Userlevel 5
Badge +4

Should be prepared to see many VPN's perform a bit worse on TMO than pretty much any conventional broadband service when connecting to the same VPN endpoints.

The extra overhead pushing through their XLAT464 sort of CGNAT tunnel is almost like running a VPN already... effectively you may have the overhead/processing lag you might expect if running a VPN through another VPN.  On top of you being able to send less data per send/receive cycle, you have the extra processing involved with converting the packets at additional layers to get through their network.

With the typical ISP, you are starting with a packet size of up to 1492 or 1500 bytes per packet.  Your local operating system reserves space in each packet when packing data for navigating across ethernet and the internet in general, and then your VPN does an additional layer of that as well.  But with TMO, you are reduced to a max of 1420 locally because at the next layer up, they need to do a similar thing to prepare the packets for moving across their IPv6 only network to an egress point where it goes BACK to an IPv4 network... and then it goes through the same process in reverse to come back to your client.

All that extra manipulation/processing will slow things down even if you manage to get shunted through the same peers along the way.  Which it may be unlikely tou get the same routing since the TMO "tunnel" is likely shunting you through one of their centralized hubs within a couple hundred miles from your actual location, where as you might shoot straight to a large peering IP exchange when using a traditional ISP. 

For example, all my data goes through Charlotte, NC first, then the system seeks out the best route to either the endpoint or an appropriate peer to connect me to the destination's edge network--with the assumption I am in the Charlotte area, when I am in fact in Florence, SC.  This routing does not consider the cost of getting to Charlotte from Florence at all--I am essentially locked to go to Charlotte no matter what, even if their may exist better routes through Columbia, Charleston, Atlanta, or Raleigh.

On Spectrum, I typically got routed to either Raleigh or Atlanta based on where I was going from the Florence/Myrtle Beach area (return path frequently went through Myrtle Beach).  They woulld chose a peer based on routing statistics which hubs were best for getting to the requested endpoints.  From there I would hop on to a higher tier ISP (ie: massive bandwidth) like Level3, Cogentco, or TATA.  Only time I got routed through Charlotte was as a last resort when Raleigh/Atlanta was not reachable for some reason... primarily because of the higher routing cost to get to Charlotte.

 

All of this can potentially knacker up pretty much ANY route's comparison when looking at how your traditional ISP performs... simply because the two operate in considerably different ways that leaves TMO at a disadvantage by design.

Reply