I've recently been told by work Information Services that I cannot use my work laptop with T-Mobile Home Internet. Here is there response to my support request. T-Mobile's primary service called "5G Broadband" is not true wire-to-site broadband. While Cisco AnyConnect can work over 5G and other wireless connections, MTS does not recommend its usage unless absolutely necessary, and if you utilize a phone line such as Cisco Jabber call quality cannot be guaranteed.The issue is that while 5G can provide broadband level speeds and bandwidth wireless solutions, such as 5G, have a higher tolerance for "packet loss." Packet loss is when individual pieces of data are dropped/lost during transmission. For most applications this is a minimal issue that 5G speeds may render unnoticeable, but a live connection, such as the AnyConnect VPN or Voice Over IP phone services, will experience connection degradation or be completely disconnected forcing you to reconnect.This is not an issue MTS can mitigate. For this reason the only recommended Internet service types are fully wired based connections including DSL, Broadband, Cable, and Fiber Optic services. Does anyone have a suggestion on a way to work around this issue? It does not need to be perfect, but being able to work from home is essential, and if I can't use TMHI to do that… it would be a deal-breaker for me.

Hi Everyone, This is something I posted in another T-Mobile forum a while back. After putting some research into this, I believe I have found a solution (at least one that worked for me).PLEASE NOTE: PART OF MY SOLUTION IS USING MY OWN WIRELESS ROUTER ATTACHED VIA ETHERNET CABLE TO THE BACK OF MY HOTSPOT MODEM. THE INSTRUCTIONS I LEFT BELOW WILL NOT BE OF MUCH USE TO YOU IF YOU ARE NOT USING A WIRELESS ROUTER.This does not require much tech-savviness as I found what I needed from a YouTube video and a little googling on how to access the settings I needed, which I'll post a link to at the end of this. Basically, it's the MTU (Maximum Transmission Unit) settings that T-Mobile uses. You don't really have to know much about this other than how to find out how to change it, either on your computer or on your wireless router (if using a wireless connection). Most internet providers set their MTU size at 1500. This is more-or-less a standard most in the industry follow. From what I found, T-Mobile sets their MTU size at 1450. I'm not going to go into explanation on how this works; just know this is the problem. This tiny difference seems inconsequential, but can make or break your VPN connection. Unfortunately, it's on us as the customers to find our own solution(s) to this problem. This YouTube link gave me the information on how to check my MTU settings and change them on a Windows PC. This is a solution specifically for if you want to only change the MTU Size on individual PC's in your home. Ultimately, I did not change my MTU Size on my laptop, but the part of the video that helped me find the MTU Size was key to figuring this whole thing out. The link will take you directly a few seconds right before the spot you need to pay attention at begins: I'm not a Mac user and am not experienced with using them, but this is a link for all y'all Apple fanatics that I found while I was searching for a reason for this problem. It was the first article I came across that set me on the path to figuring out how to change my MTU setting. Hope it helps:https://amithkumarg.medium.com/resolved-t-mobile-home-internet-vpn-issue-2f5ca594c23eAnd, lastly, I use a TP-Link Wireless router. This link is for TP-Link device owners and shows you how to change the MTU Size. There's no way I can find links to all the different types out there. However every brand's settings are easily searched on Google, so good hunting to you and good luck: https://www.tp-link.com/us/support/faq/1134/I hope this helps some people. My issue is (self)resolved.

This exact same thing happened to me out of nowhere today; I've had everything working flawlessly since I switched to tmobile over a month ago from xfinity and now it will not accept my work's vpn. I will cancel my service immediately if this cannot be fixed; this can cost me my job.

This is insanely frustrating. I can't do half my job unless I sit in a cafe with broadband access or work from a friend's house. But the part that is infuriating is every time I call T-Mobile, I get different answers from different people. Call 1: "Can't do anything for ya. Sorry." Call 2: "We can get you to a higher tier of support who will be able to help if you can get us your VPN Settings from your IT Department." Call 3: "None of what call 2 is true. Sorry to say it, but they lied to you. There is no higher tier of support."I bet if I called a 4th time, I'd get another completely different answer. I had this totally fixed by changing the MTU size on my router and now, even changing it directly on my laptop makes NO difference. There really needs to be a fix for this. If I had access to any other ISP that wasn't worse than this, I'd drop this service instantly. Unfortunately, I'm stuck since I live in a rural area. I'll stop complaining now.

I can't believe T-Mobile support just flat out told me that their internet service is incompatible with a VPN! How can they advertise that I can use this for work at home with multiple high speed streams, but just conveniently neglect to let me know I can't use a VPN! No suggestions for solutions, he just offered to cancel my service immediately!

My company uses Cisco AnyConnect VPN. I've been having all the same issues mentioned in this thread and gone down the IT rabbit hole trying to remedy this issue. Finally found a knowledgeable T-Mobile technician that explained if personal or work VPN or systems are operating on IPv4 then you need to go into your T-Mobile home internet app > select network > click "+" to add network > name network > create password > select 2.4 GHz band > select WPA/WPA2 > WPA "TKIP & AES" > then save the new network and connect. Worked out my VPN issues and my security cameras are working now.

Unable to use T-Mobile Home Internet with work VPN, any suggestions?

DerekSB
Roaming Rookie
Hace 9 meses
I changed the MTU on my company laptop and it works fine now. Make sure it's lower than 1350.
Johnny909
Network Novice
Hace 9 meses
I had an issue with constant disconnects from my personal VPN using IKEv2 with the Sagemcom 5688. If I were downloading a large file, the connection would invariably freeze right around the 250MB point. If I attempted to run a speed test, the download would work but I'd immediately get a "socket error" when the upload test tried to start.
It took a lot of time and research to find a workaround, but it can be done by using PowerShell to set the “PfsGroup” parameter to “none” as described here:
https://learn.microsoft.com/en-us/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=windowsserver2022-ps
It’s not a task for amateurs but if you know what you’re doing and are experiencing the same issues, it absolutely works.
ktigger2
Newbie Caller
Hace 9 meses
AJ1234 wrote:

My company uses Cisco AnyConnect VPN. I've been having all the same issues mentioned in this thread and gone down the IT rabbit hole trying to remedy this issue. Finally found a knowledgeable T-Mobile technician that explained if personal or work VPN or systems are operating on IPv4 then you need to go into your T-Mobile home internet app > select network > click "+" to add network > name network > create password > select 2.4 GHz band > select WPA/WPA2 > WPA "TKIP & AES" > then save the new network and connect. Worked out my VPN issues and my security cameras are working now.

this helped my issue! Plus I swapped out my box
Johnny909
Network Novice
Hace 9 meses
Johnny909 wrote:

I had an issue with constant disconnects from my personal VPN using IKEv2 with the Sagemcom 5688. If I were downloading a large file, the connection would invariably freeze right around the 250MB point. If I attempted to run a speed test, the download would work but I'd immediately get a "socket error" when the upload test tried to start.

It took a lot of time and research to find a workaround, but it can be done by using PowerShell to set the “PfsGroup” parameter to “none” as described here:

https://learn.microsoft.com/en-us/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=windowsserver2022-ps

It’s not a task for amateurs but if you know what you’re doing and are experiencing the same issues, it absolutely works.

I thought I'd give a bit more information about my previous post. Let me mention a couple of DONT'S first though.
Don't try this on your work VPN without discussing it with your IT administrator first. The settings may not be compatible with the protocols used by your company.

This command worked with Nord VPN, I'm not sure if it will work with others as each VPN has different encryption algorithms. If you do try it with another provider and it doesn't work, you can always delete the IKEv2 adapter and recreate it using the instructions on Nord's "How to manually set up an IKEv2 connection in Windows".

To make sure you are having the same issues that I had before running the command, go to a site like https://www.buildsometech.com/download-test-files/ , scroll down the page a bit and attempt to download the 1GB test file. If the download fails (freezes) after only downloading 250MB, then this should work for you.

If the connection does freeze, disconnect from the IKEv2 VPN, open a command prompt (as administrator) and enter the following commands:

ipconfig /release

ipconfig /renew (these commands will unfreeze your interconnection and you should be able to browse the web again. Don't try to reconnect to the VPN until you complete the rest of the steps.
Having said that, let’s say that your IKEv2 connection’s server address is “us8200.nordvpn.com”.
Open PowerShell by right-clicking it and select “Run as Administrator” (you’ll find it at the bottom of the programs in the Start Menu by scrolling all the way to the bottom).
After you change the server address from "us8200.nordvpn.com" in this command with the server that you are actually using (it's easiest to copy/paste this command into notepad and make that edit there), copy the entire command, paste it into PowerShell, and hit "enter". You want to do this while you're not connected to the VPN.
Set-VpnConnectionIPsecConfiguration -ConnectionName "us8200.nordvpn.com" -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES256 -DHGroup ECP384 -EncryptionMethod GCMAES256 -IntegrityCheckMethod SHA384 -PfsGroup None -PassThru -Force
(note: this is similar to the command that fixes the “Policy Mismatch Error” that can some of you may have had to run when initially setting up your connection, but the parameters are different so don’t give up on trying this if you’ve done that before and suspect that this one won’t fix the problem.)
The command should run without errors, and should show that you’ve changed the IPSEC/IKEv2 parameters.
Again, remember to change the server name to the one you already have setup.
If the command completes succsessfully, connect to the VPN server that you updated (a reboot is not necessary), and attempt to download the 1GB file again. It should download successfully, and you should no longer have problems with the connection "freezing" after a period of time.
I hope this is helpful for a few people. I've had no problems staying connected for a week now using this method.
Saludos cordiales,
Johnny
FOMOMOBILE
Newbie Caller
Hace 8 meses
I was so happy to be able to ditch Xfinity but now I am recognizing I made a horrible mistake switching to TMobile. If only the sales rep would've saved me some time to let me know I wouldn't be able to work from home using T-Mobile because I require a VPN. That would've been honest business. Instead I have wasted hours this week.

Thankfully, my chat with T-Mobile tech support this morning resulted in them telling me that if my VPN is an IP6TMobile is only IP4 therefore "TMobile may not be a good fit for me."

The rep also said she would flag my account with the note that there was nothing wrong with their devices that it was all on my end. Noice.

I tried this afternoon to shut off my VPN and it took a while, but my Teams' meetings video and audio significantly improved. But there's no way I can work without using my VPN because I won't have access to any of my work files. I can't try the other fixes here because I do not have the ability to use a command line on my work laptop for security purposes.

So I just want to thank all the contributors to this thread who have validated that TMobile does not want work from home customers. I will be telling all of my colleagues the truth, since they were like me very intrigued about switching to TMobile and getting the heck away from Xfinity but now it looks like we're stuck and I have to go crawling back to Xfinity or hope and pray something improves on my Internet connection in the next 48 hours.
Squaleman
Network Novice
Hace 8 meses
Althius wrote:

I've recently been told by work Information Services that I cannot use my work laptop with T-Mobile Home Internet. Here is there response to my support request.

T-Mobile's primary service called "5G Broadband" is not true wire-to-site broadband. While Cisco AnyConnect can work over 5G and other wireless connections, MTS does not recommend its usage unless absolutely necessary, and if you utilize a phone line such as Cisco Jabber call quality cannot be guaranteed.

The issue is that while 5G can provide broadband level speeds and bandwidth wireless solutions, such as 5G, have a higher tolerance for "packet loss." Packet loss is when individual pieces of data are dropped/lost during transmission. For most applications this is a minimal issue that 5G speeds may render unnoticeable, but a live connection, such as the AnyConnect VPN or Voice Over IP phone services, will experience connection degradation or be completely disconnected forcing you to reconnect.

This is not an issue MTS can mitigate. For this reason the only recommended Internet service types are fully wired based connections including DSL, Broadband, Cable, and Fiber Optic services.

Does anyone have a suggestion on a way to work around this issue? It does not need to be perfect, but being able to work from home is essential, and if I can't use TMHI to do that… it would be a deal-breaker for me.

This is what chat gpt told me:
Yes, if your router doesn't support IPv6 transition mechanisms like NAT64 or DNS64, you can use software solutions on your computer to achieve IPv6-to-IPv4 communication. One popular option is to use a Teredo tunneling software.
Teredo is a transition technology that allows IPv6 connectivity to IPv4 hosts by encapsulating IPv6 packets within IPv4 packets. This allows IPv6 traffic to traverse IPv4 networks seamlessly. There are various Teredo tunneling software available for different operating systems. Some examples include:
1. **Miredo**: Miredo is an open-source Teredo tunneling software available for Linux, BSD, and macOS. It provides IPv6 connectivity to IPv4-only networks by encapsulating IPv6 packets in UDP/IPv4 datagrams.
2. **Microsoft Teredo**: Microsoft includes Teredo support in Windows operating systems. It's enabled by default in recent versions of Windows, allowing IPv6 connectivity over IPv4 networks. You can check if Teredo is enabled on your Windows system by running the command `netsh interface teredo show state` in Command Prompt.
3. **Teredo Tunneling Client**: There are also standalone Teredo tunneling clients available for Windows that provide similar functionality to Microsoft's built-in Teredo support. These clients may offer additional features and configuration options.
By using Teredo tunneling software on your computer, you can enable IPv6 connectivity even if your router doesn't support IPv6 transition mechanisms directly. Keep in mind that while Teredo can provide IPv6 connectivity, it may introduce additional latency and overhead compared to native IPv6 connectivity.

That's the solution, the problem is the gateway tmhi uses only users ipv6 a 128 bit compared to ipv4s 32 bit . Anyways you can use this fact to ask some questions and find other possible workaround or solutions to this issue
Squaleman
Network Novice
Hace 8 meses
Basically the T-Mobile router doesn't offer NAT or DNS64 so the information sent to the networks are talking 2 different languages, my best guess is the workaround will be a router with those capabilities connected to your gateway or some sort of software for on Device based translations of the address. Good luck let me know what you do as I'm not really a tech guy yet just learning
HHHHHellow
Network Novice
Hace 7 meses
Gfiz247 wrote:

AJ1234 wrote:

My company uses Cisco AnyConnect VPN. I've been having all the same issues mentioned in this thread and gone down the IT rabbit hole trying to remedy this issue. Finally found a knowledgeable T-Mobile technician that explained if personal or work VPN or systems are operating on IPv4 then you need to go into your T-Mobile home internet app > select network > click "+" to add network > name network > create password > select 2.4 GHz band > select WPA/WPA2 > WPA "TKIP & AES" > then save the new network and connect. Worked out my VPN issues and my security cameras are working now.

THANK YOU!!! My company uses the same VPN and it worked perfectly until Monday, 1/22, probably the same change you experienced. I followed your guidance and it works perfectly. I'm back to the same full speed I had previously, maybe even faster, and now I have a second home network dedicated to work from home.

I also tried this and it worked for 24 hours and stopped working after that. My work's IT department got me working, though. What was happening was that the vpn (when you log into AnyConnect you have to specify a vpn - something like vpn.mycompany.com) was routing me through our data center that was on the other end of the country. When they gave me a different vpn (vpn.mycompany-15.com) that was going through my local data center, then it worked! I don't know why this was an issue just for Tmobile internet and not for my previous ISP, but I am seeing no further issues now.
pchrist
Network Novice
Hace 7 meses
Is there a fix yet for this? I don't really want to have to switch to another provider happy with tmobile but if my wife can't work from home then it's not to beneficial!
voyager32
Network Novice
Hace 7 meses
A call to support may have fixed my issue.
I have an Arkadyan home internet hotspot and my firm uses globalprotect. Traffic over VPN had always been slower, but still at ~200 Mbps for downloads. Suddenly in the last few weeks it dropped to 1Mbps for downloads which of course was unusable, and ~35 Mbps for uploads which was close to normal.
I called T-mobile support, got the worst tech support person I’ve ever had, a complete nitwit who didn’t let me finish my sentences, (“that’s just the way it works with VPN” / “I won’t be able to file a support ticket for you because this has already been reported”, etc.) I insisted against his protests that he file a ticket and less than 24 hours later my download speeds over VPN are back to 200+ Mbps.
Based on my case, I suggest you call support and if you get somebody who’s obnoxious and incompetent and (most important) totally unhelpful, insist that they file a ticket. and then give them a 0 rating (something I’ve never done before as I always feel for the support folks).
Good luck to everyone who's on this thread. It's a serious problem and I hope you get it resolved.