Forum Discussion
I cannot access my job's VPN from home
I am currently working from home. I use a company provided laptop with an always on VPN client to access my job's servers. No problem with spectrum cable. I have the brand new grey t-mobile gateway and cannot get in. My IT guy worked with me and says it must be how the ports are provisioned. He said to call and get level 2 support. He wanted to know about specific ports. Did that, was on hold over an hour. Tech I spoke with basically said they don't do ports. What?! In fact when I gave her the port #s to look into she basically said no, thats not how it is designed. The tech I spoke with before her said WAN is blocked by default. What?! The level 2 person said that was not right. I get about 130 Mbps down and about 35 Mbos up. So speed is good. My tvs, tablets, laptops, nintendo gaming, vivint(connect with lan cable to one of two ports on gateway) are streaming working fine. I can surf the web from the company laptop. I can also get to my MS Teams & Outlook. But when I try to access a certain part of the network it won't connect. Level 2 tech opened a ticket. My VPN does not like this gateway for some reason.
Just FYI if someone has issues with Microsoft AOVPN. After I’ve enabled IKE2 fragmentation on AOVPN server (restart required) I was able to connect. IKE2 fragmentation is supported in win10 by default but on servers only on Windows 2019 server 1803 on
Measuring MTU 1372 is the max.
More here : https://directaccess.richardhicks.com/2019/02/11/always-on-vpn-and-ikev2-fragmentation/amp/
We are having the same issue. My wife is having problems working from home when connected through the 5G router. All pages load fine when connected through the CenturyLink router, but do not load when connected through the 5G router. Will have to cancel T-Mobile internet. Disappointing since it is much faster than our DSL. But if certain web pages won't load....
DJames_Houston wrote:
I run Big-IP Edge Client with TMobile 5G Gateway. I just started using TMobile 5G, I switched from AT&T FiberOptics because of the difference in price $30 TMobile 5G and $80 AT&T FiberOptics. Now, I realize that I cannot connect to VPN to connect to work. I have made a terrible mistake. Anyone know how to get an IP address assigned from the gateway?
I had the same problem and installed an Eero Mesh Network (and no, I don’t work for Eero or T-Mo). I got the Pro 6E version so cannot vouch for anything else. But I installed it, and it just worked. Nothing fancy, now changing the MTU, no bridge, just out of the box.
It also expanded coverage to all corners of my house.
Good luck.
I run Big-IP Edge Client with TMobile 5G Gateway. I just started using TMobile 5G, I switched from AT&T FiberOptics because of the difference in price $30 TMobile 5G and $80 AT&T FiberOptics. Now, I realize that I cannot connect to VPN to connect to work. I have made a terrible mistake. Anyone know how to get an IP address assigned from the gateway?
I installed an Eero Pro mesh network, and now the VPN works without a problem.
My company uses Check Point SecuRemote VPN and I am getting "Negotiation with site failed” using TMHI.
After spending the better part of two days trying to get my VPN working (using the built in Microsoft VPN software) it looks like there is no solution.
I was on Twitter DMs with T-Mo support, and after telling them what I did (MTU, Dropping IPV6, rebooting numerous times) they replied thusly:
It seems like you truly have done the steps we recommend and if multiple VPNs are not working we may not be able to get them to agree with the service. I know the VPN is crucial, I have to use one for work and I know tons of people use VPN for that. We may not always go the route of suggesting to cancel service or have that talk that the home internet service is not for you but at the end of the day our number one goal is to make sure our services do the job, and if they do not, I don't want to take your money for something like that.
I admire them for being willing to tell me this, and to lose me as a customer. It is refreshing to see this, as sad as I am to not have a solution
I am still trying to find a way to keep using them (I seldom use VPN, my wife needs it more frequently than I do, and we are looking for another solution)
leechat wrote:
Sorry for the delay. Basically it is an IPv4 vs v6 issue and my IT says they are not going to re-provision the network to work with TMobile's IPv6 network. Here is what Tmob sent me in an email:
"There are no known issues with VPNs and how they interact with the T-Mobile network to provide internet service. There may be an underlying factor (that can only be addressed by the owner of that VPN client) where there is a need to have ipv4 and ipv6 double stacked into the setup configuration to avoid any service issues. Please have the customer reach out to their VPN client support to check if this is indeed the configuration being used and to also further troubleshoot the VPN issue.
Failed outbound VPN connection is caused by a known carrier grade NAT issue relating to T-Mobile’s implementation a fully IPv6 network and the implementation of 464XLAT, NAT64, and DNS64 for accessing IPv4 resources. The customer’s VPN or VPN server they are connecting to is not properly configured to work with an IPv6 network. This is a third party issue that T-Mobile cannot help with."
That is a bold faced lie- if it was a third party issue with the VPN then why does everything work perfectly on my Verizon hotspot and it worked on my CenturyLink WiFi but suddenly I switch to T-Mobile and I can't access Citrix workspace VPN it just keeps disconnecting
DJinMN wrote:
Following - similar boat here, GlobalProtect VPN does not want to play nice with the T-Mobile home internet apparently. :(
Odd I haven't had any issues with globalprotect VPN I'm having issues with Citrix workspace that we use to access a virtual application
Trying change MTU on PC to 1390 or find proper MTU using ping to destination IP. What’s allow MTU
