Forum Discussion
I cannot access my job's VPN from home
I am currently working from home. I use a company provided laptop with an always on VPN client to access my job's servers. No problem with spectrum cable. I have the brand new grey t-mobile gateway and cannot get in. My IT guy worked with me and says it must be how the ports are provisioned. He said to call and get level 2 support. He wanted to know about specific ports. Did that, was on hold over an hour. Tech I spoke with basically said they don't do ports. What?! In fact when I gave her the port #s to look into she basically said no, thats not how it is designed. The tech I spoke with before her said WAN is blocked by default. What?! The level 2 person said that was not right. I get about 130 Mbps down and about 35 Mbos up. So speed is good. My tvs, tablets, laptops, nintendo gaming, vivint(connect with lan cable to one of two ports on gateway) are streaming working fine. I can surf the web from the company laptop. I can also get to my MS Teams & Outlook. But when I try to access a certain part of the network it won't connect. Level 2 tech opened a ticket. My VPN does not like this gateway for some reason.
I Am wrote:
I now get a new alert from GlobalProtect once I enter my password
“VPN prerequisites met”
I’m running .0168
And connected via Wi-Fi
Haven’t really tried it with ethernet to see if connection issues persists.
Prefer to use less cords (Wi-Fi)What is the .0168 you’re referring to?
I use GlobalProtect on my hardwired desktop, so maybe it would be different if I was on wireless. I’ll bring my laptop home from work today and try that.
bnewall1 wrote:
I ran across this thread while researching the Virtual Server problem. I can confirm that the Virtual Server setup does not work for me. However, I just got my T-Mobile Home Internet up and running today, and I use GlobalProtect to get into my network at work, and have had no problems. Since I just got the service, perhaps I have a different gateway than others on this thread. My gateway’s model # is TML-RTL0102, which I haven’t seen in this thread (unless I missed it). I am part of the IT team at work, so if I have connectivity trouble from home, I have to ask myself. :) We use a Palo Alto 5260 firewall with GlobalProtect, and so far, no isues with browsing either internet or remote (VPN) web sites. I normally use my VPN connection to RDP into my work desktop, which works fine. I am going to give it a few days before canceling my service with Cox.
Also, a good workaround for the RDP issue is to use Splashtop, which I already have.
My GlobalProtect VPN client is version 5.2.7, if that helps any.
I now get a new alert from GlobalProtect once I enter my password
“VPN prerequisites met”
I’m running .0168
And connected via Wi-Fi
Haven’t really tried it with ethernet to see if connection issues persists.
Prefer to use less cords (Wi-Fi)I ran across this thread while researching the Virtual Server problem. I can confirm that the Virtual Server setup does not work for me. However, I just got my T-Mobile Home Internet up and running today, and I use GlobalProtect to get into my network at work, and have had no problems. Since I just got the service, perhaps I have a different gateway than others on this thread. My gateway’s model # is TML-RTL0102, which I haven’t seen in this thread (unless I missed it). I am part of the IT team at work, so if I have connectivity trouble from home, I have to ask myself. :) We use a Palo Alto 5260 firewall with GlobalProtect, and so far, no isues with browsing either internet or remote (VPN) web sites. I normally use my VPN connection to RDP into my work desktop, which works fine. I am going to give it a few days before canceling my service with Cox.
Also, a good workaround for the RDP issue is to use Splashtop, which I already have.
My GlobalProtect VPN client is version 5.2.7, if that helps any.
I Am wrote:
amithkumarg wrote:
Mine was just the MTU issue, was able to resolve it by lowering the number. If this blog can be helpful for anyone to troubleshoot and resolve the issue:
https://amithkumarg.medium.com/resolved-t-mobile-home-internet-vpn-issue-2f5ca594c23eIs this a confirmed fix for the GlobalConnect issue?
It connects just fine but the sites I need to access do not load.Funny, sometimes I don’t feel like running an Ethernet cord through my home, and sometimes it has worked on Wi-Fi (work sites) and other times it refuses to load - and as soon as I plug in this stupid cord - it works just fine…
This is quite cumbersome, it’s 2021 like “VPN” Ethernet just WORK jeez all these “so called security” protocols - data bases and data still getting hacked and sold - I don’t mind the “VPN” but we are in a wireless world - I almost feel like it isn’t a T-Mobile “issue” as much as its a silly “security” or some odd setting - also if the issue is with the MTU being the lowest on the T-Mo Nokia router then why don’t T-Mobile do a firmware update and just use the MAX size - what is the delay - I just dont understand - I wonder if my IT team will eve given admin access to try this - it really sucks because I don’t want to have to use Comcast - but yea the irony of not being able to use T-Mobile “home” internet and you…….
Yes its a confirmed fix. I have been using it without issue over a month now. I don’t know when T-Mobile will fix this issue in their gateway, but meanwhile lowering MTU on VPN interface is non-harmful in every way, so your IT team shouldn’t have any concern setting this one up for you. Since you don’t have admin access, make sure to ask them to set the sh script (as explained in the blog) to run on every restart as the VPN interface resets itself everytime on restarts.
I have no issues with Pulse Secure.
amithkumarg wrote:
Mine was just the MTU issue, was able to resolve it by lowering the number. If this blog can be helpful for anyone to troubleshoot and resolve the issue:
https://amithkumarg.medium.com/resolved-t-mobile-home-internet-vpn-issue-2f5ca594c23eIs this a confirmed fix for the GlobalConnect issue?
It connects just fine but the sites I need to access do not load.Funny, sometimes I don’t feel like running an Ethernet cord through my home, and sometimes it has worked on Wi-Fi (work sites) and other times it refuses to load - and as soon as I plug in this stupid cord - it works just fine…
This is quite cumbersome, it’s 2021 like “VPN” Ethernet just WORK jeez all these “so called security” protocols - data bases and data still getting hacked and sold - I don’t mind the “VPN” but we are in a wireless world - I almost feel like it isn’t a T-Mobile “issue” as much as its a silly “security” or some odd setting - also if the issue is with the MTU being the lowest on the T-Mo Nokia router then why don’t T-Mobile do a firmware update and just use the MAX size - what is the delay - I just dont understand - I wonder if my IT team will eve given admin access to try this - it really sucks because I don’t want to have to use Comcast - but yea the irony of not being able to use T-Mobile “home” internet and you…….
SOLVED! After days with my IT department and then with Global Protect in Pali Alto, here’s the bottom line. T-Mobile High speed broadband can’t handle IPv6 dynamic IPs therefore can’t communicate in internet. Global Protect can only handle IPv4.
There are no settings on T-Mobile gate way to make it just use IPv4.
Global Protect doesn’t have a fix/VON software to fix this advanced IPv6 communicationI can access my company’s server for data files, outlook for email etc, but cannot access internet based apps like one login or any websites. Except MSN.com - explain that. Not even Google. Com.
Have to switch to my Verizon cell data hotspot to my company laptop to access internet. Then switch back to T-mobile when done with internet
T-Mobile is using advanced technology that companies are not ready to handle, and will take them a long time to become compatible.
Since most users don’t have IOv6, there’s no rush to upgrade corporately. For example, they advise that all the scanner guns in our warehouse aren’t compatible with IPv6, so if they upgrade VPNs now, none of the equipment would work in the warehouse.
Nor are VPN providers putting resources into IPv6 compatibility.
im so annoyed that I switched to the T-Mobile high speed broadband new technology that NO ONE at T-Mobile advised this would be an issue. Even calling tech support, they had no idea what the issue would be. After my IT department figured it out I HAD TO CALL BACK T-MOBILE AND BRUNG THEM UP TO SPEED. Am I in the twilight zone? Ridiculous
So much for all this infrastructure across the US. If we get this new technology, then can’t connect with old technology being used by 99% of corporations, then we’re screwed until they decide to upgrade.
How can this be such a mystery in 2021. IPv6 has been in development for more than 10 years. WHAT’s the holdup and lack of warning of the issue.
So annoyed that I switched to this with no heads up. I’m screwed now unless I switch back to my unreliable Cox cable internet that had service outages at least twice a week while I’ve been working from home.
Mine was just the MTU issue, was able to resolve it by lowering the number. If this blog can be helpful for anyone to troubleshoot and resolve the issue:
https://amithkumarg.medium.com/resolved-t-mobile-home-internet-vpn-issue-2f5ca594c23eDJinMN wrote:
Following - similar boat here, GlobalProtect VPN does not want to play nice with the T-Mobile home internet apparently. :(
Same thing here!!! 😡
homas wrote:
I’m on the latest firmware and had no issues with AnyConnect. I had issues with OpenVPN and Tunnelblick (3 different servers). I could ping everything and dig but browsers simply don’t work.
Based on the previous comment yesterday on the client side (Tunnelblick) I’ve changed MTU down to 1380 (you need to set “mssfix 1420” in the client’s config) and “magically” the problem was gone.
Next day 2 VPNs failed to connect :( Only one out of 3 did work.
