Forum Discussion
Trouble with connection to work VPN
I am using TMobile home internet with a 5G router.
the connection appears fine until I connect to my work VPN (speed unusably slow). Other employees do not have the same issue using the same VPN and I have been working with IT.
The VPN is using Cisco AnyConnect to a DTLS, SSL, TCP and UDP 443 endpoint.
They are suggesting that there may be a problem at TMobile with the UDP traffic on port 443.
could someone please verify this for me?
thx
This is a known issue to us, everyone with T-Mobile’s Home Internet service and the Cisco VPN Client have WEIRD issues, and have only been able to switch Internet providers, as absolutely no solutions were provided by T-Mobile, in both cases, almost like they don’t know what the issue is. Last one was about a month ago 7/2022, and she switched Internet providers and all is well.
It’d be nice if like a second level support could assist at T-Mobile, but no such luck in troubleshooting on their end.
It appears to be a router issue, maybe a memory leak, blocked ports, or bad routing?
I noticed one time that all DNS queries did not resolve DNS hostnames (FQDN acutally), via the VPN connection.
I am using T-Mobile 5G home internet. Everything works great, but all of the sudden when I connect my work laptop to the VPN, nothing over the VPN works. This was working fine for a year. Not sure if there was a firmware upgrade something that caused this. After a ton of searching, I found the issue for me. It was the MTU setting on my laptop. This is very easy to fix. It was as simple from changing a setting from 1400 to 1374. That worked. Google hot to check your MTU size. It is with the "NETSH" command. Do some ping tests forcing a MTU size until you find the best one. Make the change. Very basic overview….
1.
Checking and changing the MTU size
Open a command prompt as admin
Check the MTU size as it is set now.
Netsh interface ipv4 show interfaces
-
Before we change the MTU, we need to find the optimum size by using this command
Ping 8.8.8.8 -f -l 1400
It is showing as fragmented. We want to find the highest number where we do not get that. So keep trying numbers, lower and lower until one comes back normal.
For me, it was 1346. That's our base number. Fore technical reasons having to do with headers, etc, we need to add 28 to that number. My number would be 1374.
3.
Change the mtu (CMD as admin)
Netsh interface ipv4 set subinterface “Ethernet 4” mtu=1374 store=persistent
(Ethernet 4 is the name of my interface, yours will probably be different, like “Wifi” )
Now check your change.
Netsh interface ipv4 show interfaces
You should now see the new MTU
-
Does anyone at TMobile read these?
Hola Everyone,
After putting some research into this, I believe I have found a solution (at least one that worked for me).
PLEASE NOTE: PART OF MY SOLUTION IS USING MY OWN WIRELESS ROUTER ATTACHED VIA ETHERNET CABLE TO THE BACK OF MY HOTSPOT MODEM. THE INSTRUCTIONS I LEFT BELOW WILL NOT BE OF MUCH USE TO YOU IF YOU ARE NOT USING A WIRELESS ROUTER.
This does not require much tech-savviness as I found what I needed from a YouTube video and a little googling on how to access the settings I needed, which I'll post a link to at the end of this. Basically, it's the MTU (Maximum Transmission Unit) settings that T-Mobile uses. You don't really have to know much about this other than how to find out how to change it, either on your computer or on your wireless router (if using a wireless connection).
Most internet providers set their MTU size at 1500. This is more-or-less a standard most in the industry follow. From what I found, T-Mobile sets their MTU size at 1450. I'm not going to go into explanation on how this works; just know this is the problem. This tiny difference seems inconsequential, but can make or break your VPN connection. Unfortunately, it's on us as the customers to find our own solution(s) to this problem.
This YouTube link gave me the information on how to check my MTU settings and change them on a Windows PC. This is a solution specifically for if you want to only change the MTU Size on individual PC's in your home. Ultimately, I did not change my MTU Size on my laptop, but the part of the video that helped me find the MTU Size was key to figuring this whole thing out. The link will take you directly a few seconds right before the spot you need to pay attention at begins:
I'm not a Mac user and am not experienced with using them, but this is a link for all y'all Apple fanatics that I found while I was searching for a reason for this problem. It was the first article I came across that set me on the path to figuring out how to change my MTU setting. Hope it helps:
https://amithkumarg.medium.com/resolved-t-mobile-home-internet-vpn-issue-2f5ca594c23e
And, lastly, I use a TP-Link Wireless router. This link is for TP-Link device owners and shows you how to change the MTU Size. There's no way I can find links to all the different types out there. However every brand's settings are easily searched on Google, so good hunting to you and good luck:
https://www.tp-link.com/us/support/faq/1134/
I hope this helps some people. My issue is (self)resolved.Devanl wrote:
Does anyone at TMobile read these?
This community is mostly made up of T-mobile customers like you, with sparse T-Mobile moderation. We are usually not privy to the internal information within T-Mobile, to accurately answer questions such as you have asked.
Your best option is to contact T-Mobile directly.
https://www.t-mobile.com/isp/faq
¿Dónde puedo obtener ayuda para la configuración o el diagnóstico de problemas?
Si estás teniendo problemas con la conexión, el gateway o la app, ¡podemos ayudarte! Go here for more information: Troubleshooting Support. You can also reach out to us on social media or call the T-Mobile Home Internet support team 24x7 at 1-844-275- 9310 to get help with your service.
There are a few threads that might address your issue:
https://community.t-mobile.com/tv-home-internet-7/cisco-anyconnect-vpn-and-t-mobile-39169https://community.t-mobile.com/tv-home-internet-7/topic-vpn-issues-info-from-t-mobile-37031https://community.t-mobile.com/network-coverage-5/vpn-issues-34151VPN Issues with T-Mobile Home internet when using Cisco Anyconnect
Firmware update has fixed my Cisco AnyConnect VPN issues with T-mobile home internet
Happy to report that T-mobile replaced my modem with a new model and the problem appears to be fixed!
Devanl wrote:
Happy to report that T-mobile replaced my modem with a new model and the problem appears to be fixed!
Did they replace with the same type of 5G gateway or a completely different model? Do you mind sharing what gateway works now for you? Having a similar issue but I cannot even connect to my VPN. TIA.
Checking the box for Allow local (LAN) access when using VPN (if configured) in the Cisco preferences worked for me. I also selected the "First_Time_Connect" server (don't know if that's a universal option). I'm online now via T-mobile for the first time in two weeks.
I installed an Eero Pro mesh network, and now the VPN works without a problem.
For anyone out there using Microsoft VPN technology; DirectAccess, which uses HTTPS tunneling, works fine over T-Mobile internet. However Microsoft Always On VPN, configured to use IKEv2, is blocked. Just got off half an hour with tech support, they can't unblock it.
I'm going to try and get our Always On VPN approved for SSTP, which is not as secure as IKEV2 but uses HTTPS tunneling as well, which should work.
