Unable to use T-Mobile Home Internet with work VPN, any suggestions?

Johnny909 wrote:

I had an issue with constant disconnects from my personal VPN using IKEv2 with the Sagemcom 5688. If I were downloading a large file, the connection would invariably freeze right around the 250MB point. If I attempted to run a speed test, the download would work but I'd immediately get a "socket error" when the upload test tried to start.

It took a lot of time and research to find a workaround, but it can be done by using PowerShell to set the “PfsGroup” parameter to “none” as described here:

https://learn.microsoft.com/en-us/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=windowsserver2022-ps

It’s not a task for amateurs but if you know what you’re doing and are experiencing the same issues, it absolutely works.

I thought I'd give a bit more information about my previous post. Let me mention a couple of DONT'S first though.

1. Don't try this on your work VPN without discussing it with your IT administrator first. The settings may not be compatible with the protocols used by your company.
2. This command worked with Nord VPN, I'm not sure if it will work with others as each VPN has different encryption algorithms. If you do try it with another provider and it doesn't work, you can always delete the IKEv2 adapter and recreate it using the instructions on Nord's "How to manually set up an IKEv2 connection in Windows".
3. To make sure you are having the same issues that I had before running the command, go to a site like https://www.buildsometech.com/download-test-files/ , scroll down the page a bit and attempt to download the 1GB test file. If the download fails (freezes) after only downloading 250MB, then this should work for you.
4. If the connection does freeze, disconnect from the IKEv2 VPN, open a command prompt (as administrator) and enter the following commands:
5. ipconfig /release
6. ipconfig /renew    (these commands will unfreeze your interconnection and you should be able to browse the web again. Don't try to reconnect to the VPN until you complete the rest of the steps.

Having said that, let’s say that your IKEv2 connection’s server address is “us8200.nordvpn.com”.

Open PowerShell by right-clicking it and select “Run as Administrator” (you’ll find it at the bottom of the programs in the Start Menu by scrolling all the way to the bottom).

After you change the server address from "us8200.nordvpn.com" in this command with the server that you are actually using (it's easiest to copy/paste this command into notepad and make that edit there), copy the entire command, paste it into PowerShell, and hit "enter". You want to do this while you're not connected to the VPN.

Set-VpnConnectionIPsecConfiguration -ConnectionName "us8200.nordvpn.com" -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES256 -DHGroup ECP384 -EncryptionMethod GCMAES256 -IntegrityCheckMethod SHA384 -PfsGroup None -PassThru -Force

(note: this is similar to the command that fixes the “Policy Mismatch Error” that can some of you may have had to run when initially setting up your connection, but the parameters are different so don’t give up on trying this if you’ve done that before and suspect that this one won’t fix the problem.)

The command should run without errors, and should show that you’ve changed the IPSEC/IKEv2 parameters.

Again, remember to change the server name to the one you already have setup.

If the command completes succsessfully, connect to the VPN server that you updated (a reboot is not necessary), and attempt to download the 1GB file again. It should download successfully, and you should no longer have problems with the connection "freezing" after a period of time.

I hope this is helpful for a few people. I've had no problems staying connected for a week now using this method.

Saludos cordiales,

Johnny