Unable to use T-Mobile Home Internet with work VPN, any suggestions?

I'm glad I'm not alone in this boat. For me, this started Friday morning 0830 19Jan2024. I have used this service with Cisco Anyconnect and a Meraki z3 for over a year and a half. I have been a Tmobile home internet customer for over 2 years.  Its pretty much my only option. 

If you're told by T mobile to call your company's help desk. You can, but they'll be stumped, all the way up to the network engineers.

For context, I’m Tier 2 Help Desk for a hospital network with 25,000 users and I’ve used Tmobile home internet exclusively for over a year and a half.  

I started having this problem on 19Jan as I use a Meraki Z3 to connect to my work network, with Cisco Anyconnect as a backup VPN.  I know there are threads 2 years old about Tmobile having issues with the Meraki but I personally have not. And I had used it for a year and a half with rarely a hick-up. Everything came to a screeching halt at about 0830 Friday morning.  I excused myself from my job to power cycle my devices, thinking Tmobile was slow and power cycle to a new IP. No dice. I lost ALL Meraki connection. Yet the Meraki light showed it was connected.  I switched over to my home wifi and connected to Cisco Anyconnect, but the connection was slow. Roughly 10/2 as opposed to 60/10 outside of VPN. I disconnected from wifi and plugged a direct network cable in. NO connection. I overnighted a network cable from Amazon (I needed a 20 ft). Still NOTHING with a wired connection.  

I then placed a warranty claim on my gateway as it was the old 4g white router. Tmobile overnighted a Nokia (trashcan) 5g router.  STILL no wired connection.  And slow wifi with VPN. By this time I had researched reddit and forums and all were coming down to the conclusion with IPv4  vs IPv6 address conflicts. 100% on Tmobile's side.  But no one at their help desk knew what the heck I was talking about. If I could see their faces, they would probably look at me like I was crazy. I broke out knowledge and experience, and I was shut down like I was speaking a foreign language. 

The guru on my ITS network team in charge of the Meraki Z3 routers mentioned that send and receive are being sent on entirely different ports and the ‘receive’ ports are changing, leading to time outs and bad connections. 

This also affects security cameras like Ring and VOIP phone services.  This will affect a lot of work from home people that talk on a virtual phone like Cisco Jabber or a Cisco IP desk phone.  

This is a SERIOUS issue that is going to drive a lot of people to change service as they can no longer use it for a TRUSTED work from home internet connection.  I do hope T mobile scrapes these forums for ideas and user feedback. If not, a lot of people are going to find alternatives; or lose their jobs. 

Personally, like others; I will be spending the weekend searching for another work alternative. My only other option is US Cellular's home internet. And I'm not impressed with their ping times. If ping times are like my phone (150ms), it won't even do a Zoom meeting. 

Tmobile was the golden goose that allowed me to live my rural country life while still having a taste of modern internet.  This is no longer the case when it comes to my job security. 

Jaycam wrote:

Same here... T-Mobile for sure did something on the back end of their network 3 days ago that has rendered my Cisco Anyconnect unusable for internal Networked applications. I did some testing of my own this evening and what worked for me was disabling IPV6 on my external router. I had IPV6 pass through enabled for the last 2 years and had zero issues. Once disabled, It made my overall connection seem more snappier as well. Also I would highly recommend changing the DNS to Cloudflare.

 

My guess is with announcing this 1.2TB throttle a few days ago, they are doing everything in their power to crack down on individuals that abuse their Network. It's unfortunate that people like ourselves have to suffer at the expense of those individuals.  Hope this helps….

If their intention is to crack down on individuals that abuse their network, blanket banning VPNs isn't the solution. Example; My work VPN uses about 18gb a month. I, on the other hand with streaming services, downloading games on steam, 4k youtube; I use WAY more data than my work allotment does. I think I hit 900gb one month because a gaming hard drive failed and I had to redownload everything. But if my VPN doesn't handshake properly, its slapped in the face and denied. 

IMO, this was a bad business choice to eliminate VPNS, to avoid IPv4 support and provide even more of a worse tech support.  I work tier 2 tech support. Every time I call tmobile, they seem like nice people, but the tech part of the interview was waved. 

@Althius your predicament is a mandate from your employer. You might give TM Home Internet customer service a call and ask them if they have any software solutions for your workplace requirement. Or, ask them to pay for the acceptable service they require (employer requirements are usually paid for by the employer). 

I hope this helps. 

No doubt T-Mobile reads these threads and fixed it so that you can't use VPN. I too was taken a back by this inability to access VPN, rendering working from home - something that 80  percent of the work force is doing these days shocking.  Ill give you in non technical terms what was explained to me..as to why they don't allow it...the towers can't handle that amount of traffic or data moving through the air ..or some garbage along those lines.  I live in a rural area. The closest tower is less the two miles away and the signal to my house sucks. The plan offered to me originally for switching was then retracted and I was told that plan isn't offered in my area. So the cost for service doubled and the data speed became limited.  And then to find out no VPN?  Not a happy camper. I've been a t mobile cell phone user for 12 years and stuck with them while they got their together. Customer service has always been very good. But this experience of being misled and misinformed  has really soured me.  Great concept - but poor execution and would not recommend their home Internet.   

Been using TM 5g home internet for work for the past few months. Logged out last Friday without any issues to speak of. On Monday morning, my services were inop. My work computer showed connected, as did the TM app. After a few days of speaking with my companies IT dept, they informed me the issue is with my ISP. I called TM tech support to see if they had any information to provide. The tech i spoke with was super nice and sounded knowledgeable. He said as of Monday they'd started receiving an influx of calls with this exact issue. He said they are working on a solution, but could not provide a timeline. In the meantime, I'm completely unable to work. If TM cannot get this fiugred out in the next 48 hours, I'll be forced to switch providers.

All of this is really unfortunate because I've been a champion of TM 5G. I now look like a donkey to the folks I've been telling all these great things. Fingers crossed they come through.

AJ1234 wrote:

My company uses Cisco AnyConnect VPN. I've been having all the same issues mentioned in this thread and gone down the IT rabbit hole trying to remedy this issue. Finally found a knowledgeable T-Mobile technician that explained if personal or work VPN or systems are operating on IPv4 then you need to go into your T-Mobile home internet app > select network > click "+" to add network > name network > create password > select 2.4 GHz band > select WPA/WPA2 > WPA "TKIP & AES" > then save the new network and connect. Worked out my VPN issues and my security cameras are working now.  

THANK YOU!!! My company uses the same VPN and it worked perfectly until Monday, 1/22, probably the same change you experienced. I followed your guidance and it works perfectly. I'm back to the same full speed I had previously, maybe even faster, and now I have a second home network dedicated to work from home. 

SmellyPillow wrote:

Just to note on this thread in case anyone at T-Mobile is curious, I have GlobalConnect by Palo Alto Networks and this did NOT fix my issue at all.

Same. 

Ive called in twice trying to get some kind of resolution and in both cases were told I should try contacting my works help desk.…

Will be spending my weekend shopping new ISPs I guess.

SmellyPillow wrote:

If you have t-mobile for your phone you can turn it into a hotspot if you have unlimited data. Ive been working like that, ironically the hotspot works just fine and is faster. kind of amazing.

I tried that last Friday (Jan 19) and it still didn't work. I've picked up a new LTE router from a local vendor, it works good at my home in Scottsdale, no VPN issues. Will be trying it out in Pine tomorrow. It's got an AT&T SIM. The router is a Cudy AC1200 if anyone is interested. It's 4G, but I don't think I was getting true 5G speeds from TMobile anyway.

My wife and I need to do video conferencing, and we watch streaming content on just one Roku TV, so we really don’t need a ton of bandwidth.

Also, I have an Ambient Weather station, and it has never connected with the TMHI. It only works on a 2.4GHz WIFI band, and as you probably know, the TMHI will only broadcast on EITHER 2.4 or 5GHz, not both like most home routers. Even on the 2.4GHz band, it wouldn't recognize the internet from the TMobile cellular network.

I have a very short window to return the LTE router if I want to go back to TMobile. But even if TM gets things fixed up by tomorrow, they may have already lost my trust. As many have said… VPN is critical for my wife and I to work from home. It's non-negotiable.

TheLostITGuy wrote:

Hola Everyone, 

This is something I posted in another T-Mobile forum a while back. After putting some research into this, I believe I have found a solution (at least one that worked for me).

PLEASE NOTE: PART OF MY SOLUTION IS USING MY OWN WIRELESS ROUTER ATTACHED VIA ETHERNET CABLE TO THE BACK OF MY HOTSPOT MODEM. THE INSTRUCTIONS I LEFT BELOW WILL NOT BE OF MUCH USE TO YOU IF YOU ARE NOT USING A WIRELESS ROUTER.

This does not require much tech-savviness as I found what I needed from a YouTube video and a little googling on how to access the settings I needed, which I'll post a link to at the end of this. Basically, it's the MTU (Maximum Transmission Unit) settings that T-Mobile uses. You don't really have to know much about this other than how to find out how to change it, either on your computer or on your wireless router (if using a wireless connection). 

Most internet providers set their MTU size at 1500. This is more-or-less a standard most in the industry follow. From what I found, T-Mobile sets their MTU size at 1450. I'm not going to go into explanation on how this works; just know this is the problem. This tiny difference seems inconsequential, but can make or break your VPN connection. Unfortunately, it's on us as the customers to find our own solution(s) to this problem. 

This YouTube link gave me the information on how to check my MTU settings and change them on a Windows PC. This is a solution specifically for if you want to only change the MTU Size on individual PC's in your home. Ultimately, I did not change my MTU Size on my laptop, but the part of the video that helped me find the MTU Size was key to figuring this whole thing out. The link will take you directly a few seconds right before the spot you need to pay attention at begins:

 

 

I'm not a Mac user and am not experienced with using them, but this is a link for all y'all Apple fanatics that I found while I was searching for a reason for this problem. It was the first article I came across that set me on the path to figuring out how to change my MTU setting. Hope it helps:

https://amithkumarg.medium.com/resolved-t-mobile-home-internet-vpn-issue-2f5ca594c23e

And, lastly, I use a TP-Link Wireless router. This link is for TP-Link device owners and shows you how to change the MTU Size. There's no way I can find links to all the different types out there. However every brand's settings are easily searched on Google, so good hunting to you and good luck: 

https://www.tp-link.com/us/support/faq/1134/

I hope this helps some people. My issue is (self)resolved. 

This is old knowledge and he has since reported it didn't work after 45 minutes. Just saving people time. 

Same here... T-Mobile for sure did something on the back end of their network 3 days ago that has rendered my Cisco Anyconnect unusable for internal Networked applications. I did some testing of my own this evening and what worked for me was disabling IPV6 on my external router. I had IPV6 pass through enabled for the last 2 years and had zero issues. Once disabled, It made my overall connection seem more snappier as well. Also I would highly recommend changing the DNS to Cloudflare.

My guess is with announcing this 1.2TB throttle a few days ago, they are doing everything in their power to crack down on individuals that abuse their Network. It's unfortunate that people like ourselves have to suffer at the expense of those individuals.  Hope this helps….