Forum Discussion
Unable to use T-Mobile Home Internet with work VPN, any suggestions?
I've recently been told by work Information Services that I cannot use my work laptop with T-Mobile Home Internet. Here is there response to my support request.
T-Mobile's primary service called "5G Broadband" is not true wire-to-site broadband. While Cisco AnyConnect can work over 5G and other wireless connections, MTS does not recommend its usage unless absolutely necessary, and if you utilize a phone line such as Cisco Jabber call quality cannot be guaranteed.
The issue is that while 5G can provide broadband level speeds and bandwidth wireless solutions, such as 5G, have a higher tolerance for "packet loss." Packet loss is when individual pieces of data are dropped/lost during transmission. For most applications this is a minimal issue that 5G speeds may render unnoticeable, but a live connection, such as the AnyConnect VPN or Voice Over IP phone services, will experience connection degradation or be completely disconnected forcing you to reconnect.
This is not an issue MTS can mitigate. For this reason the only recommended Internet service types are fully wired based connections including DSL, Broadband, Cable, and Fiber Optic services.
Does anyone have a suggestion on a way to work around this issue? It does not need to be perfect, but being able to work from home is essential, and if I can't use TMHI to do that… it would be a deal-breaker for me.
BoldKPI- just created. We'll see in the morning if it works. Praying it does! Thanks for the tip!
AJ1234 wrote:
My company uses Cisco AnyConnect VPN. I've been having all the same issues mentioned in this thread and gone down the IT rabbit hole trying to remedy this issue. Finally found a knowledgeable T-Mobile technician that explained if personal or work VPN or systems are operating on IPv4 then you need to go into your T-Mobile home internet app > select network > click "+" to add network > name network > create password > select 2.4 GHz band > select WPA/WPA2 > WPA "TKIP & AES" > then save the new network and connect. Worked out my VPN issues and my security cameras are working now.
My wife's company uses Cisco AnyConnect as well. I tried your solution, and it is currently working. Thank you. For the record, I also work from home and am using SonicWall NetExtender without any previous nor current issues. We have the old black tower modem, and I'm going to try to replace it with the new white square one per another user's recommendations in case this solution turns out to be temporary. This has been a very thorough and interesting thread to read. God bless you all.
So I did also just find out it appears to be a Modem issue. If you have the "sagecom" modem it seems to be specific to that. Go into your local tmobile store and see if they have one of the other 3 brands. I did it and now my cisco VPN is working fine. Took 5 minutes for them to exchange it out for me at the store
Add me to the list. Globalprotect VPN has been unusable for the past few weeks. Blocking UDP port 4501 forces it to connect in SSL mode and it helps a little but is very slow. Lowering MTU did not resolve for me. T-Mobile please get this fixed.
After a week of zero connectivity over VPN for work, finally figured out that it was the modem and not the laptop. All kinds of weird error messages. Spoke with Tech Support yesterday for 45 minutes and they did a "Realignment" of my modem. Well, at 630am this morning, same issue so the fix was only temporary. Spoke with Tech Support again and this time was informed that the problem was with the type of modem. Apparently, the "Arcadyan" modem will work with VPNs.
I got it resolved by swapping out the Sagemcom and getting the Arcadyan device. Based on the timing of the other comments it seems like it was the latest firmware update that broke all VPN access. My tech support was clueless about the issue, she just said "oh yeah VPN doesn't work at all." I told her it was working for 6 months without issue and she had nothing to say to that. Thankfully I found this thread about trying a different manufacturer. So far the Arcadyan is working but its like 30% slower. We'll see how long this lasts before they push out another destructive update.
We use GlobalProtect and the MTU adjustment was only a temporary fix because every time I reconnected to the VPN the MTU reset itself to 1400. Need admin level to change the MTU so I couldn't do that every single time. Another work around was attaching a router to the gateway and changing the MTU in the router settings. Even though it connected, it was constantly briefly disconnecting so my large data files kept failing to transfer. If you can deal with these problems then the swap may not be necessary for you.
The first post here is quoted with this…”T-Mobile's primary service called "5G Broadband" is not true wire-to-site broadband. While Cisco AnyConnect can work over 5G and other wireless connections,"…..HUGE LIE!!!! T-Mobile 5G Home Internet does NOT work with Cisco AnyConnect VPN which is what my company uses. Ive been going round and round with my company IT and T-Mobile IT to no avail, both blaming each other and I'm stuck in the middle! T-Mobile tells me that I have the wrong gateway…ummm I told you EXACTLY what I needed service for including WFH on a VPN and they gave me the gateway that would work! IT DOESNT!!!! I was begging them to send me the correct gateway overnight last night otherwise I will possibly lose my job, and I will cancel service….,, T-MOBILE DOES NOT GIVE!!! I have Verizon FIOS coming to install WORKING SERVICE on Saturday!!!
AJ1234 wrote:
My company uses Cisco AnyConnect VPN. I've been having all the same issues mentioned in this thread and gone down the IT rabbit hole trying to remedy this issue. Finally found a knowledgeable T-Mobile technician that explained if personal or work VPN or systems are operating on IPv4 then you need to go into your T-Mobile home internet app > select network > click "+" to add network > name network > create password > select 2.4 GHz band > select WPA/WPA2 > WPA "TKIP & AES" > then save the new network and connect. Worked out my VPN issues and my security cameras are working now.
2/16/2024: I did this and it worked for two weeks. Now, it isn't working again on 2.4 GHz. Is T-Mobile trying to get me fired?
Althius wrote:
I've recently been told by work Information Services that I cannot use my work laptop with T-Mobile Home Internet. Here is there response to my support request.
T-Mobile's primary service called "5G Broadband" is not true wire-to-site broadband. While Cisco AnyConnect can work over 5G and other wireless connections, MTS does not recommend its usage unless absolutely necessary, and if you utilize a phone line such as Cisco Jabber call quality cannot be guaranteed.
The issue is that while 5G can provide broadband level speeds and bandwidth wireless solutions, such as 5G, have a higher tolerance for "packet loss." Packet loss is when individual pieces of data are dropped/lost during transmission. For most applications this is a minimal issue that 5G speeds may render unnoticeable, but a live connection, such as the AnyConnect VPN or Voice Over IP phone services, will experience connection degradation or be completely disconnected forcing you to reconnect.
This is not an issue MTS can mitigate. For this reason the only recommended Internet service types are fully wired based connections including DSL, Broadband, Cable, and Fiber Optic services.Does anyone have a suggestion on a way to work around this issue? It does not need to be perfect, but being able to work from home is essential, and if I can't use TMHI to do that… it would be a deal-breaker for me.
2/16/24 UPDATE - T-Mobile tech employee Kevin K. told me today on the phone that I will need to leave T-Mobile home Internet company if I need to work using a VPN (Cisco). Neither he nor the local T-Mobile store were aware of the widely known T-Mobile VPN issue, even as I read it aloud to them from their own site and other sites. After begging Kevin K to look into it, he found out about it, but was unable to follow the directions in his system to resolve it, and told me I would have to leave T-Mobile (for fiber Metronet, in my case). Please be aware that T-Mobile does not support customers needing to use a VPN! Just sorry it took me and my ITS folks four weeks to figure it out. Unfortunately, for me, it is for my job, otherwise, I was happy with T-Mobile.
TheLostITGuy wrote:
Hola Everyone,
This is something I posted in another T-Mobile forum a while back. After putting some research into this, I believe I have found a solution (at least one that worked for me).
PLEASE NOTE: PART OF MY SOLUTION IS USING MY OWN WIRELESS ROUTER ATTACHED VIA ETHERNET CABLE TO THE BACK OF MY HOTSPOT MODEM. THE INSTRUCTIONS I LEFT BELOW WILL NOT BE OF MUCH USE TO YOU IF YOU ARE NOT USING A WIRELESS ROUTER.
This does not require much tech-savviness as I found what I needed from a YouTube video and a little googling on how to access the settings I needed, which I'll post a link to at the end of this. Basically, it's the MTU (Maximum Transmission Unit) settings that T-Mobile uses. You don't really have to know much about this other than how to find out how to change it, either on your computer or on your wireless router (if using a wireless connection).
Most internet providers set their MTU size at 1500. This is more-or-less a standard most in the industry follow. From what I found, T-Mobile sets their MTU size at 1450. I'm not going to go into explanation on how this works; just know this is the problem. This tiny difference seems inconsequential, but can make or break your VPN connection. Unfortunately, it's on us as the customers to find our own solution(s) to this problem.
This YouTube link gave me the information on how to check my MTU settings and change them on a Windows PC. This is a solution specifically for if you want to only change the MTU Size on individual PC's in your home. Ultimately, I did not change my MTU Size on my laptop, but the part of the video that helped me find the MTU Size was key to figuring this whole thing out. The link will take you directly a few seconds right before the spot you need to pay attention at begins:
I'm not a Mac user and am not experienced with using them, but this is a link for all y'all Apple fanatics that I found while I was searching for a reason for this problem. It was the first article I came across that set me on the path to figuring out how to change my MTU setting. Hope it helps:
https://amithkumarg.medium.com/resolved-t-mobile-home-internet-vpn-issue-2f5ca594c23e
And, lastly, I use a TP-Link Wireless router. This link is for TP-Link device owners and shows you how to change the MTU Size. There's no way I can find links to all the different types out there. However every brand's settings are easily searched on Google, so good hunting to you and good luck:
https://www.tp-link.com/us/support/faq/1134/
I hope this helps some people. My issue is (self)resolved.Thank you, following that first YouTube video to lower the MTU seems to have helped me.
(Sagemcom modem, Cisco AnyConnect VPN)
Not sure if this mattered, my employer’s IT support also recommended unchecking “Internet Protocol Version 6 (TCP/IPv6)” and “Client for Microsoft Networks” in the Windows properties of all network adapters (Wi-Fi, Ethernet and Cisco AnyConnect).
While the problem was ongoing, only HTTP (web pages) didn’t work under AnyConnect VPN, other protocols (MS Outlook, MS Teams, ping command) seemed to still work in VPN.
So far, for one hour after the configurations, the connectivity is holding.
