I have calyx hotspot/ tmobile home internet. Ive been having issues with my work Palo Alto Global Protect VPN and tailscale. Neither of them seem to stay connected. They will work for a bit after I reboot my modem. I am using the glinet spitz 5g modem. Any tips for band, MTU, or APN for better experience?
I’ve had intermittent issues with T-Mobile on hotspot too. I’m not sure how helpful this will be but here’s my 2 cents. The only params I played with that seemed to help were the :
1- MTU (if I remember correctly, I had to dial it down to 1300)
2- and using IPv6 instead of v4.
This will depend on the APN you’re using for T-Mobile. I believe they have a legacy one that only uses IPv4 whereas their new one supports IPv6 only (I wasn’t able to find clear info about this but this is my guess). In any case, I have my wireguard server setup to support and use both IP versions and when v4 doesn’t work for me, switching to v6 fixes the issue for a while. At some point I even suspected they were heavily throttling wireguard traffic, which may be the case but who knows.
Enabled ip6v seems to have helped with the tailscale. As for my works GlobalProtect VPN its 50/50 if it will work. I found an article on Palo Altos website about changing the MTU on the headend. I put in the change request at work to add this to our portal options
It probably has to do with being native ipv6 and needing to ride a 6to4 nat to reach the broader internet.
Start at 1400 and walk the MTU down by ~50 until you find stability, then id creep it back up by 10 to find the ‘perfect’ size, but that part isn’t really needed if you’re impatient. :)
E. I found 1290 was needed for reliable VPN over an ATT nighthawk hotspot.
How is your speed and connection quality otherwise?
The fact that your work VPN doesn’t stay connected – I’m assuming the client is running on your PC – is odd. That makes me think there may be some issues with signal strength or tower congestion. TMobile also gives home internet a lower priority than cell phone traffic.
The speed varies I beleive due to the tower usage. Generally 150 down 30mbps up. My modem reports the signal strength as full bars or exelent. Restarting the modem sometimes get me back in business.
Never used TailScale but I know it’s WireGuard based. Does it do keepalive by default? I was having issues with VPS (WireGuard peer with static IP) not being able to ping my network (router as WireGuard peer with dynamic IP and no port forwards). Sounds like this isn’t what’s going on here but just in case…
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
I’ve had intermittent issues with T-Mobile on hotspot too. I’m not sure how helpful this will be but here’s my 2 cents. The only params I played with that seemed to help were the :
1- MTU (if I remember correctly, I had to dial it down to 1300)
2- and using IPv6 instead of v4.
This will depend on the APN you’re using for T-Mobile. I believe they have a legacy one that only uses IPv4 whereas their new one supports IPv6 only (I wasn’t able to find clear info about this but this is my guess). In any case, I have my wireguard server setup to support and use both IP versions and when v4 doesn’t work for me, switching to v6 fixes the issue for a while. At some point I even suspected they were heavily throttling wireguard traffic, which may be the case but who knows.
I hope this helps, good luck!
Enabled ip6v seems to have helped with the tailscale. As for my works GlobalProtect VPN its 50/50 if it will work. I found an article on Palo Altos website about changing the MTU on the headend. I put in the change request at work to add this to our portal options
It probably has to do with being native ipv6 and needing to ride a 6to4 nat to reach the broader internet.
Start at 1400 and walk the MTU down by ~50 until you find stability, then id creep it back up by 10 to find the ‘perfect’ size, but that part isn’t really needed if you’re impatient. :)
E. I found 1290 was needed for reliable VPN over an ATT nighthawk hotspot.
T-Mobile doesn’t support IPv4
This is categorically false. You can even request a static (IPv4) IP if you have their business 5g router.
Is that a recent change? They did support it (with cgnat) when I had TMobile home internet about a year ago.
How is your speed and connection quality otherwise? The fact that your work VPN doesn’t stay connected – I’m assuming the client is running on your PC – is odd. That makes me think there may be some issues with signal strength or tower congestion. TMobile also gives home internet a lower priority than cell phone traffic.
The speed varies I beleive due to the tower usage. Generally 150 down 30mbps up. My modem reports the signal strength as full bars or exelent. Restarting the modem sometimes get me back in business.
Never used TailScale but I know it’s WireGuard based. Does it do keepalive by default? I was having issues with VPS (WireGuard peer with static IP) not being able to ping my network (router as WireGuard peer with dynamic IP and no port forwards). Sounds like this isn’t what’s going on here but just in case…
New Lemmy Post: VPN on TMobile home 5G internet calyx (https://lemmy.world/post/9944728)
Tagging: #SelfHosted
(Replying in the OP of this thread (NOT THIS BOT!) will appear as a comment in the lemmy discussion.)
I am a FOSS bot. Check my README: https://github.com/db0/lemmy-tagginator/blob/main/README.md
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
[Thread #374 for this sub, first seen 25th Dec 2023, 23:55] [FAQ] [Full list] [Contact] [Source code]