I have calyx hotspot/ tmobile home internet. Ive been having issues with my work Palo Alto Global Protect VPN and tailscale. Neither of them seem to stay connected. They will work for a bit after I reboot my modem. I am using the glinet spitz 5g modem. Any tips for band, MTU, or APN for better experience?
T-Mobile doesn’t support IPv4
This is categorically false. You can even request a static (IPv4) IP if you have their business 5g router.
Is that a recent change? They did support it (with cgnat) when I had TMobile home internet about a year ago.
It probably has to do with being native ipv6 and needing to ride a 6to4 nat to reach the broader internet.
Start at 1400 and walk the MTU down by ~50 until you find stability, then id creep it back up by 10 to find the ‘perfect’ size, but that part isn’t really needed if you’re impatient. :)
E. I found 1290 was needed for reliable VPN over an ATT nighthawk hotspot.
I’ve had intermittent issues with T-Mobile on hotspot too. I’m not sure how helpful this will be but here’s my 2 cents. The only params I played with that seemed to help were the :
1- MTU (if I remember correctly, I had to dial it down to 1300)
2- and using IPv6 instead of v4.
This will depend on the APN you’re using for T-Mobile. I believe they have a legacy one that only uses IPv4 whereas their new one supports IPv6 only (I wasn’t able to find clear info about this but this is my guess). In any case, I have my wireguard server setup to support and use both IP versions and when v4 doesn’t work for me, switching to v6 fixes the issue for a while. At some point I even suspected they were heavily throttling wireguard traffic, which may be the case but who knows.
I hope this helps, good luck!
Enabled ip6v seems to have helped with the tailscale. As for my works GlobalProtect VPN its 50/50 if it will work. I found an article on Palo Altos website about changing the MTU on the headend. I put in the change request at work to add this to our portal options
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters IP Internet Protocol VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting)
[Thread #374 for this sub, first seen 25th Dec 2023, 23:55] [FAQ] [Full list] [Contact] [Source code]
Never used TailScale but I know it’s WireGuard based. Does it do keepalive by default? I was having issues with VPS (WireGuard peer with static IP) not being able to ping my network (router as WireGuard peer with dynamic IP and no port forwards). Sounds like this isn’t what’s going on here but just in case…
How is your speed and connection quality otherwise? The fact that your work VPN doesn’t stay connected – I’m assuming the client is running on your PC – is odd. That makes me think there may be some issues with signal strength or tower congestion. TMobile also gives home internet a lower priority than cell phone traffic.
The speed varies I beleive due to the tower usage. Generally 150 down 30mbps up. My modem reports the signal strength as full bars or exelent. Restarting the modem sometimes get me back in business.