Forum Discussion
VPN issues
All devices and home network are good. Signal strength is 2 bars (weak, but functional). Spouse needs to set up VPN to work from home, but even IT from the office could not get VPN to work via T-Mobile Home Internet. VPN worked just fine on the same computer using cable network.
- TheloniusJRoaming Rookie
Just to add my (frustrating) experience with the breathtakingly bad service from TMobile.
When I first got this device several months ago, I was unable to use my VPN (GlobalProtect) due to the tunneling protocol incompatibility. I made several tech calls which didn't seem to go anywhere, but for some reason it started working so I assumed they did a firmware patch.
Over the last several months, it worked (slowly) with the VPN, but I would routinely have to restart the modem to get it to work.
This week it completely broke. I looked through this thread and ultimately made a tech call on Monday. After a lengthy call, I ended up being told the same thing that FlyingDog was told: 178 doesn't work so they were going to do a firmware rollback. I was told they were submitting a ticket and someone would get back to me by Thursday.
Thursday came and went with no word and no rollback, so this morning I called back. I ended up being on the line for 1.5 hours where I was told there was no record of the ticket to rollback and then told that firmware is something that can't be rolled back (which is incorrect). I ultimately ended asking to talk to a supervisor. Their message was that they don't have control and only know what they are told. She did end up submitting a ticket (I have a ticket number this time) for an engineering escalation, which I assume will mean just getting the firmware rolled back.
At this point, I am also leaning toward switching over to Starlink since TMobile really is showing poor technical development and associated support. The fact that they'd be willing to make firmware changes that completely cripple VPN usage and have technical support that can't give you consistent answers is troubling to say the least.
It's really too bad because other than this VPN issue the device has been working really well. I often get download speeds near 100 Mbps and uploads around 40.
- FlyingDogRoaming Rookie
Update: It's now Thursday morning. T-Mobile support had promised to call me back on Tuesday morning with an update (they didn't). I checked today and saw that I had finally been downgraded to firmware 168. I tried my Global Protect VPN and it actually works! I'll try working the rest of the day on that to see if it continues to work.
- FlyingDogRoaming Rookie
Update: It's now Monday morning and still no firmware downgrade, although the unit finally acted like it was doing a downgrade overnight. I had to reset everything this morning. But, after getting everything set up again, I found I still have the same firmware (178). I tried calling support and it says there's an hour wait. Not fun, T-Mobile.
- MHCLVRoaming Rookie
Today (5/22/21),I was advised by tier 2 technical support that T-mobile does not support the use of VPNs through a cell phone hot spot. This was in response to my issue of not being able to establish an IKEv2 VPN from my laptop through the hot spot on a Samsung S20G FE. (I can do so using a different ISP without issue). When I asked for the document that stated as much, it was not immediately avalible. I was told I would have a copy within 72 hours. I am not holding my breath.
I can establish an SSL-based VPN connection through the hotspot, probably because SSL has to be supported for an internet connection to be of any value whatsoever.
I consider this a material failure since T-mobile does not make this information available when one signs up. I am considering legal action to negate the contract.
- FlyingDogRoaming Rookie
I'm not having great experiences with T-Mobile. They sent me to a nearby store with an appointment. I went there to try to return the home internet device. The store said they were an independent T-Mobile store and I had to go to a corporate T-Mobile store (which fortunately wasn't too far away). The people at the corporate T-Mobile store were trying to be helpful. I don't think they'd ever seen the Home Internet device despite the fact that they advertise for it in the store. They told me they can't receive the device back in the store, but that they could help me print a shipping label and maybe find a box to ship it in.
Then the people in the store had to call T-Mobile customer care (which isn't a fun experience for them, either). After over 30 minutes on the phone with T-Mobile customer care, they passed the phone to me to talk to them. Now I got someone trying to talk me out of returning the home internet device. They asked which VPN I used (Global Protect) and said that firmware revision 168 works with Global Protect (apparently the newer version 178 that I have is worse). So they asked if they could downgrade the version in my device to 168 and try the VPN after that. They said it would take 2 hours for the downgrade and that they'd call to follow up.
Here I am 3 hours later and my firmware hasn't been downgraded. I called again and they said ideally it takes 2 hours and confirmed that the ticket had been submitted, but he said the changes usually take place between 2 AM and 5 AM Pacific Time.
What a mess. T-Mobile really isn’t prepared to be selling this product.
- MHCLVRoaming Rookie
fatherloves wrote:
By the way, if you can’t get your VPN to work for any reason, there is a work around of connecting to VPN using your phone’s hotspot.
Turn on your phone’s hotspot and connect to your computer to your phone's hotspot WIFI connection. Then, connect to your VPN. This worked for me.
This is a small hassle, but if you want to keep TMobile Home Internet, then this is another option.
Not necessarily. If your VPN uses SSL, which I think CIsco ANyConnect is, you will probably be OK; However, the hotspot on my S20G fails to connect when using an IKEv2 VPN.
- FlyingDogRoaming Rookie
I installed the gray Nokia device yesterday. It worked fine until I tried connecting to work via VPN (Global Protect). I had to get work done so I switched back to Cox. Then I tried this afternoon...no luck. I tried calling support. They were fairly clueless and eventually told me I need to check with my company. I asserted that my VPN worked everywhere else, including from my phone hotspot.
They continued to assert it was my company's problem. Then I found this thread and told the rep there are a whole bunch of people with the exact same problem that you refuse to acknowledge. Now I'm scheduled to go to a T-Mobile store tomorrow. I'm not sure what for. Maybe I can just return it then.
- Evan123Newbie Caller
amithkumarg wrote:
Mine was just the MTU issue, was able to resolve it by lowering the number. If this blog can be helpful for anyone to troubleshoot and resolve the issue:
https://amithkumarg.medium.com/resolved-t-mobile-home-internet-vpn-issue-2f5ca594c23eNice work. Reducing the MTU fixed my issue. I'm using Cisco AnyConnect and was able to connect but when I visited websites that required me to login using our single sign-on, it would hang after I entered my credentials. When working correctly, I get a 2FA push on my phone after successful authentication, but it would timeout before requesting the push.
- amithkumargRoaming Rookie
eps414 wrote:
Figured it out. We apparently use advanced routing, so my gpd0 is actually utun0 and we have 2 vpn's. Each vpn requires a different mtu setting, but having found the correct numbers 1330 and 1310 it now works.
Yay! I am glad you figured it out. utun (tun short tunneling) is interface created by Mac following any VPN installation. I guess limiting that too, should work, if you don't see gpd0 specifically.
I was wondering since you have the latest version of GP app >= 5.2.4, you should be able to update the MTU through the app settings. Check here GP documentation:
https://docs.paloaltonetworks.com/globalprotect/5-2/globalprotect-app-new-features/new-features-released-in-gp-app/configurable-maximum-transmission-unit-for-globalprotect-connections - eps414Network Novice
Figured it out. We apparently use advanced routing, so my gpd0 is actually utun0 and we have 2 vpn's. Each vpn requires a different mtu setting, but having found the correct numbers 1330 and 1310 it now works.
Contenido relacionado
- Hace 2 meses
- Hace 11 meses