I cannot access my job's VPN from home

leechat wrote:

 "There are no known issues with VPNs and how they interact with the T-Mobile network to provide internet service.”

That’s a total BS answer.

Please write back and or call them and ask “Why does the GlobalConnect VPN (and other VPN’s   and XBOX Party Chat, Etc.) work and is supported on your ASKEY LTE Gateway and the Franklin T9 Hotspot but NOT on the Nokia 5G Gateway?”

They are fully aware that there are widespread VPN and other access issues with this new gateway.  Search on this community and on Reddit. https://www.reddit.com/r/tmobileisp/ There are Manny, many open tickets including a master ticket for this very issue.

It’s time for TMO to publicly announce and document that they have NO intention of providing updates to the crippled gateway software, firmware and network configurations to allow people to actually use this thing beyond doing email and surfing the web.

Following - similar boat here, GlobalProtect VPN does not want to play nice with the T-Mobile home internet apparently. :( 

ipv4 is very limited so t-mobile uses CGN (you share the same ip with multiple people) so strict firewall + double nat - no port forwarding at all. Ask IT guy if vpn is ipv6 and ask him to try switching between udp/tcp

@leechat Please do share the solution once you have found it.  It's good to have someone motivated to reach out and get this resolved.  I'm having very similar issues.  Everything works wonderfully except the one thing I really, really need.  My organization has us connecting from home using Cisco AOVPN.  I've never had trouble connecting regardless of the source of the Wi-Fi, but it's like this thing is redirecting port 443 to never never land.  :(

Mine was just the MTU issue, was able to resolve it by lowering the number. If this blog can be helpful for anyone to troubleshoot and resolve the issue:
https://amithkumarg.medium.com/resolved-t-mobile-home-internet-vpn-issue-2f5ca594c23e

athornfam2 wrote:

leechat wrote:

Update.  Turns out the event log says I am getting an 809 error.  IT asked me to relay this to TMobile when they respond. Still hopeful. 

Worst case is with the BS that T-mobile is doing with their gateway and internal networking… You could always ask your IT department to provision you on a WVD through Azure (if you have it) or they could setup you up with RDS web browser access.

it’s not t-mobiles fault that ipv4 is out of addresses  ¯\_(ツ)_/¯ 

Sorry for the delay.  Basically it is an IPv4 vs v6 issue and my IT says they are not going to re-provision the network to work with TMobile's IPv6 network. Here is what Tmob sent me in an email:

"There are no known issues with VPNs and how they interact with the T-Mobile network to provide internet service. There may be an underlying factor (that can only be addressed by the owner of that VPN client) where there is a need to have ipv4 and ipv6 double stacked into the setup configuration to avoid any service issues. Please have the customer reach out to their VPN client support to check if this is indeed the configuration being used and to also further troubleshoot the VPN issue.   

Failed outbound VPN connection is caused by a known carrier grade NAT issue relating to T-Mobile's implementation a fully IPv6 network and the implementation of 464XLAT, NAT64, and DNS64 for accessing IPv4 resources. The customer's VPN or VPN server they are connecting to is not properly configured to work with an IPv6 network. This is a third party issue that T-Mobile cannot help with."

drnewcomb wrote:

However, I can connect to my home OpenVPN server using an OpenVPN client app on my phone. It just took some fiddling with the settings. I suggest you get with your IT folks and have them diagnose the connection IRT.

How were you able to get OpenVPN working to your home server?
That’s all i want to do is to be able to connect to my home network from my phone but with double NAT and no port forwarding, I assumed that was not possible.
Are you using a separate service like “remote.it” or similar to reach your home network?
Can you elaborate on how you are reaching your home server from outside your home?
¡Gracias por tu ayuda!

I have the white Askey router and use multiple VPN services for both personal and work.  A while back some of my VPNs would intermittently connect, and if they did, they were extremely slow.  Around the same time, I started having an issue where some (but not all) of my devices would only be able to get to IPv6 addresses, IPv4 stopped working for those devices.  Tmo Cust Service walked me through a fix which resolved the IPv6/v4 issue as well as fixed the connection to most of my VPNs.
On the white Askey router, go to the (Expert) Network → LTE → Dial-Up Settings area, pick Add APN Profile, and add a new profile with the following settings: APN: fbb.home / Authentication Type: None / PDN Type: IPv4+v6 (this is the key change, the default is likely IPv6) / leave Username and Password blank.  Click the Save button and maybe throw in a power cycle for good measure.

This resolved several of my issues.  That being said, I still have one remaining AOVPN that I haven't been able to figure out yet.

FWIW, I have no issues with VPN into my office with Aruba VIA (Virtual Intranet Access). In case someone is keeping a list of what works and what doesn't.

Good luck to those having issues. This is situation that shouldn't be.