GlobalProtect VPN not working with T-Mobile

Fixed immediately … T-Mobile tech rep advised they need to downgrade my gateway firmware and they set to stop automatic update to prevent reverting to the update. Fixed it immediately. Unreal that he was only T-Mobile rep who had this knowledge,

needed to downgrade to ..,,168 from ..,178

see below 

WRONG;

Correct firmware version:

It took a while, but I finally got my IT dept to lower the MTU for me.  They refused to use netsh for some reason, but they were able to set it through group policy, or maybe it was a registry setting, I forget.  Anyway, they set it to 1350, and everything seems to be working now.

Also confirmed reducing MTU value in netsh configuration resolved GlobalProtect VPN issue for Windows 10. 

NOTE: You need root/admin access to be able to change it through command line.

1. While connected to VPN, open a Command Prompt CMD (Right Click CMD -> Run Ad Administrator)

2. To verify your Virtual Ethernet Adapter Interface, Type the following:

netsh interface ipv4 show subinterfaces

Change Windows MTU Size

3. As mentioned on the above replies. credit Rich T, Type the following: 

netsh int ipv4 set subinterface “Ethernet 2” mtu=1300 store=persistent

Replace “Ethernet 2” (keep the quotes) with whatever name your computer uses for the globalprotect virtual interface in ipconfig.

4. Test your sites

Browse some Corp and Internet sites while connected to the VPN.

Note: You may have to restart your VPN connection by disconnecting and reconnecting. 

Allso ref: https://amithkumarg.medium.com/resolved-t-mobile-home-internet-vpn-issue-2f5ca594c23e

I contacted T-Mobile support. They indicated the software on my router had been updated to latest version which had issues with global protect. They rolled me back to previous version and it started working. It took 2-3 days, but I have been using it since Friday and all seems to be working. 
 

not sure if they did anything else that I am not aware of. 
 

hope this helps. 

I can confirm that lowering MTU worked for me. I set it to 1300. 

No luck so far.  I even had T-Mobile roll back the version of my gateway's firmware, because I had heard that fixed the problem for some people.  The service rep said he couldn't do it, but when I said I needed to cancel my service then, suddenly it became possible.  It did get a little better, some web pages eventually load, but it's still not usable.

I have one last thing to try.  There are some people who say lowering the MTU setting for globalprotect to 1350 or less might solve the issue.  I doubt it will work, but I'm going to try it.  I don't have access to do it myself, but I'll try to get the IT guys to do it when I'm in the office on Tuesday.  If you have admin access on your machine you can try it yourself:

netsh int ipv4 set subinterface “Ethernet 2” mtu=1350

Replace “Ethernet 2” (keep the quotes) with whatever name your computer uses for the globalprotect virtual interface in ipconfig.

Just got T-Mobile internet to replace my art 4g internet. Same issue. Will not work with global protect. 
 

did T-Mobile provide any kind of update. The speed is way better than att but if I can't use it for work sending back the router and cancelling the service. 
 

interesting I did ask them about restrictions with vpn’s as I encountered that problem with satellite and they did not raise this issue. 
 

just curious if the router solved the problem. 

Thanks for the info, KnappTime2515.  I have the same problem and I think knowing that IPv6 is the problem might let me fix it.  I'm using my own router between the T-Mobile gateway and my computers.  I think maybe having my router accept IPv6 traffic but use IPv4 on the LAN might work around the problem.  If you have a router available, you might want to try the same thing.  It would be really nice if T-Mobile gave us the option of not using IPv6, though.

SOLVED! After days with my IT department and then with Global Protect in Pali Alto, here's the bottom line. T-Mobile High speed broadband can't handle IPv6 dynamic IPs therefore can't communicate in internet. Global Protect can only handle IPv4.

There are no settings on T-Mobile gate way to make it just use IPv4.
Global Protect doesn’t have a fix/VON software to fix this advanced IPv6 communication 

I can access my company's server for data files, outlook for email etc, but cannot access internet based apps like one login or any websites. Except MSN.com - explain that. Not even Google. Com.

Have to switch to my Verizon cell data hotspot to my company laptop to access internet. Then switch back to T-mobile when done with internet  

T-Mobile is using advanced technology that companies are not ready to handle, and will take them a long time to become compatible.

Since most users don't have IOv6, there's no rush to upgrade corporately. For example, they advise that all the scanner guns in our warehouse aren't compatible with IPv6, so if they upgrade VPNs now, none of the equipment would work in the warehouse.

Nor are VPN providers putting resources into IPv6 compatibility.

im so annoyed that I switched to the T-Mobile high speed broadband new technology that NO ONE at T-Mobile advised this would be an issue. Even calling tech support, they had no idea what the issue would be. After my IT department figured it out I HAD TO CALL BACK T-MOBILE AND BRUNG THEM UP TO SPEED.  Am I in the twilight zone? Ridiculous 

So much for all this infrastructure across the US. If we get this new technology, then can't connect with old technology being used by 99% of corporations, then we're screwed until they decide to upgrade.

How can this be such a mystery in 2021. IPv6 has been in development for more than 10 years.  WHAT's the holdup and lack of warning of the issue.

So annoyed that I switched to this with no heads up. I'm screwed now unless I switch back to my unreliable Cox cable internet that had service outages at least twice a week while I've been working from home.

Just got my new T Mobile gateway and set it up.  Exact same issue with exact same VPN.  Nothing works on it!