Trouble with connection to work VPN

I own the VPN I have end to end. I've used l2tp with IKEv2, blocked; wireguard worked for a day then blocked; openvpn worked for a day then blocked I even reconfigured it for different ports each would work until disconnected then blocked, I setup teleport that worked for a day then blocked.

The best I can tell, t-mobile doesn't want you using VPNs on their equipment, the best I can pin down is any device you have has to be NATed. Meaning if you have a cellular hotspot turn it on and then connect your device to that via tethering and then the VPN on the device will work; but if you have devices like a cellular laptop they will shut that VPN down. I don't know if this is because of voice enabled lines vs "hot spot" dedicated data only lines but my gut is telling me it has something to do with the plan for the sim being used. I've got no prof as I've not tried it on a "data only plan" yet but it's next on my list of things to try. Until then I'm having to tether a cellular enabled laptop(yes t-mobile those exist and you shouldn't ignore them) through the hotspot on my phone to get VPN access.
 

I hope this helps. I know for you whole home cellular users and remote users like my self it's just frustrating. I've been considering jumping ship for years and this might be just enough reason to finally do it.

If you're experiencing trouble connecting to your work VPN, it could be due to various reasons. Here are some steps you can take to troubleshoot the issue:

1. Check Network Connection: Ensure that your device is connected to the internet and that your Wi-Fi or Ethernet connection is stable. If you're using Wi-Fi, try switching to a different network or connecting via Ethernet cable.

2. Verify VPN Settings: Double-check the VPN settings provided by your IT department or network administrator. Make sure you have the correct VPN server address, username, password, and any other required authentication details.

3. Restart VPN Client: If you're using a VPN client application, try restarting it. Sometimes, restarting the client can resolve temporary connection issues.

4. Reiniciar dispositivo: Restart your computer or mobile device to clear any temporary glitches or network configurations that may be causing the issue.

5. Update VPN Client: Make sure you're using the latest version of your VPN client software. Updates often include bug fixes and improvements that can help resolve connectivity issues.

6. Firewall and Antivirus: Check if your firewall or antivirus software is blocking the VPN connection. Temporarily disable any firewall or antivirus software and try connecting to the VPN again to see if it resolves the issue.

7. Check VPN Protocol: Some VPNs support multiple protocols (e.g., OpenVPN, L2TP/IPsec, IKEv2). Try switching to a different VPN protocol in the settings of your VPN client to see if it improves connectivity.

8. Contact IT Support: If you've tried the above steps and still can't connect to the VPN, contact your company's IT support team for assistance. They can provide additional troubleshooting steps specific to your organization's VPN setup.

9. Alternative Connection Methods: If you're unable to connect to the VPN using your current network, consider using alternative methods such as tethering to a mobile hotspot or connecting from a different location (e.g., a public Wi-Fi network or a different internet service provider).

Old black modem model = FAST 5688W

New white modem Model = TMO-G4AR

Here was my situation and how it was eventually fixed.

We've had Spectrum Internet for a few years and everything worked great but they kept increasing the price on us. No problems at all with anyone's access. We switched to TMobile Internet right after Thanksgiving (Black Friday deal) and the modem wouldn't work right out  of the gate. Took almost a month for them ( and 2 SIM card changes + 1 modem change) to figure out that it was a configuration issue on their end. So had the system up and running right before Christmas and it worked great for everyone. But then, right after the holidays were over, my wife fired up her work computer for the first time on TMobile Internet service and right away had the "connection lost" issue every one describes above. She would start up and connect but then, after some time, Outlook, Teams and Edge would all show as disconnected. She could switch to another router or even ethernet and this would temporarily fix her connection but it would always come back. I had been working in the meantime on my work computer without any issues on both the Spectrum and TMobile networks. I tried all of the fixes mentioned above but none of them worked for her. Finally got another modem, plugged in the old SIM card and voila it worked immediately. There were 2 other symptoms of this that also went away - my Ooma VOIP system reconnected (it had been flashing red for weeks) and my Ring cameras stopped acting flaky when trying to view video.

Here are the OLD (non-working) and NEW (working internet) modems. So looks like its a modem issue

samgsapp1971 wrote:

I am using T-Mobile 5G home internet.  Everything works great, but all of the sudden when I connect my work laptop to the VPN, nothing over the VPN works.  This was working fine for a year.  Not sure if there was a firmware upgrade something that caused this.  After a ton of searching, I found the issue for me.  It was the MTU setting on my laptop.  This is very easy to fix.  It was as simple from changing a setting from 1400 to 1374.  That worked.  Google hot to check your MTU size.  It is with the "NETSH" command.  Do some ping tests forcing a MTU size until you find the best one.  Make the change. Very basic overview….

1.

Checking and changing the MTU size

Open a command prompt as admin

Check the MTU size as it is set now.

Netsh interface ipv4 show interfaces

2.  

   Before we change the MTU, we need to find the optimum size by using this command

   Ping 8.8.8.8 -f -l 1400

It is showing as fragmented.  We want to find the highest number where we do not get that. So keep trying numbers, lower and lower until one comes back normal.

For me, it was 1346.  That's our base number.  Fore technical reasons having to do with headers, etc, we need to add 28 to that number.  My number would be 1374.

3.

Change the mtu (CMD as admin)

Netsh interface ipv4 set subinterface “Ethernet 4” mtu=1374 store=persistent

(Ethernet 4 is the name of my interface, yours will probably be different, like “Wifi” )

Now check your change.

Netsh interface ipv4 show interfaces

You should now see the new MTU

 

 

Thanks very much for this! Looks like this could be working for me. 

However, following your testing procedures by pinging with different sized packets, when I'm not on VPN, I'm able to send packet sizes up to 1472 successfully (corresponding to MTU of 1500). When I'm connected to my VPN, the MTU was already set to 1390, but I was still having issues with VPN. I went ahead and just tried your MTU setting of 1374, and it seems like VPN is working so far (only tested a few minutes). Tried various settings around 1374, and anything larger fails, while smaller settings continue working. 

So for others, if the detected maximum MTU size doesn't resolve your VPN issues, try 1374, or possibly other settings that are smaller than the detected max MTU size. In my case, changing MTU size via netsh made immediate impact, so it was easy to just test different values to see what works. 

I am using T-Mobile 5G home internet.  Everything works great, but all of the sudden when I connect my work laptop to the VPN, nothing over the VPN works.  This was working fine for a year.  Not sure if there was a firmware upgrade something that caused this.  After a ton of searching, I found the issue for me.  It was the MTU setting on my laptop.  This is very easy to fix.  It was as simple from changing a setting from 1400 to 1374.  That worked.  Google hot to check your MTU size.  It is with the "NETSH" command.  Do some ping tests forcing a MTU size until you find the best one.  Make the change. Very basic overview….

1.

Checking and changing the MTU size

Open a command prompt as admin

Check the MTU size as it is set now.

Netsh interface ipv4 show interfaces

2.  

   Before we change the MTU, we need to find the optimum size by using this command

   Ping 8.8.8.8 -f -l 1400

It is showing as fragmented.  We want to find the highest number where we do not get that. So keep trying numbers, lower and lower until one comes back normal.

For me, it was 1346.  That's our base number.  Fore technical reasons having to do with headers, etc, we need to add 28 to that number.  My number would be 1374.

3.

Change the mtu (CMD as admin)

Netsh interface ipv4 set subinterface “Ethernet 4” mtu=1374 store=persistent

(Ethernet 4 is the name of my interface, yours will probably be different, like “Wifi” )

Now check your change.

Netsh interface ipv4 show interfaces

You should now see the new MTU

Hola Everyone, 

After putting some research into this, I believe I have found a solution (at least one that worked for me).

PLEASE NOTE: PART OF MY SOLUTION IS USING MY OWN WIRELESS ROUTER ATTACHED VIA ETHERNET CABLE TO THE BACK OF MY HOTSPOT MODEM. THE INSTRUCTIONS I LEFT BELOW WILL NOT BE OF MUCH USE TO YOU IF YOU ARE NOT USING A WIRELESS ROUTER.

This does not require much tech-savviness as I found what I needed from a YouTube video and a little googling on how to access the settings I needed, which I'll post a link to at the end of this. Basically, it's the MTU (Maximum Transmission Unit) settings that T-Mobile uses. You don't really have to know much about this other than how to find out how to change it, either on your computer or on your wireless router (if using a wireless connection). 

Most internet providers set their MTU size at 1500. This is more-or-less a standard most in the industry follow. From what I found, T-Mobile sets their MTU size at 1450. I'm not going to go into explanation on how this works; just know this is the problem. This tiny difference seems inconsequential, but can make or break your VPN connection. Unfortunately, it's on us as the customers to find our own solution(s) to this problem. 

This YouTube link gave me the information on how to check my MTU settings and change them on a Windows PC. This is a solution specifically for if you want to only change the MTU Size on individual PC's in your home. Ultimately, I did not change my MTU Size on my laptop, but the part of the video that helped me find the MTU Size was key to figuring this whole thing out. The link will take you directly a few seconds right before the spot you need to pay attention at begins:

 

I'm not a Mac user and am not experienced with using them, but this is a link for all y'all Apple fanatics that I found while I was searching for a reason for this problem. It was the first article I came across that set me on the path to figuring out how to change my MTU setting. Hope it helps:

https://amithkumarg.medium.com/resolved-t-mobile-home-internet-vpn-issue-2f5ca594c23e

And, lastly, I use a TP-Link Wireless router. This link is for TP-Link device owners and shows you how to change the MTU Size. There's no way I can find links to all the different types out there. However every brand's settings are easily searched on Google, so good hunting to you and good luck: 

https://www.tp-link.com/us/support/faq/1134/

I hope this helps some people. My issue is (self)resolved. 

We both have the same phone, and I'm having trouble with SIM cards.  This needs to be fixed.  If they don't fix this, we might switch more than 100 phones to Verizon.  We also use IKE2, and a single carrier isn't going to make us switch protocols.  MyKohlsCard

Kphoneagent wrote:

Called for the 3rd time today with same issues. Apparently the ping is too high and T-Mobile drops packets as data is sent. The tech explained that bc the IP address changes frequently, TMOBILE is not compatible with working through a VPN. So, the problem is going to continue and they don't have a solution. She was amazingly honest and I will be keeping my service for my home with them but for office I'm getting a new provider.

What number did you call to get them?

We have a static VPN address and the tracert showed over 500 ms.