UPDATE: my VPN client offers the ability to specify TCP rather than UDP connections and this has fixed the problem.
--
I just got the Arcadyan gateway last night. It appears to be on the latest firmware. Speedtests and other information show a “very good” connection, with download speeds approaching 400Mb and upload at times over 100Mb. Average is probably around 200 down/50 up. Either way it blows away our current DSL connection. I’m in metro Atlanta with an n41 tower very nearby (4 bars according to the gateway). We have access to both XFinity and AT&T fiber in the neighborhood but a completely wireless solution is attractive.
Anyway, I began testing various things with the new gateway, and have my personal router (Netgear R7000P) setup and working. Connecting with my work laptop works fine, but I rely on Barracuda VPN for accessing secured work assets, and it refuses to connect. I’ve tried my own router as well as connecting directly to the Wifi on the Arcadyan and neither works. I have not talked to tech support at work yet but I suspect they will push back on the T-Mobile router, as they should, since the VPN works fine with my current DSL Uverse router.
I’ve read this issue has something to do with ipV4 vs ipv6 but that’s getting beyond my knowledge. I’ve search for anyone else solving this issue but have struck out so far. If there’s an FAQ or something I’ve missed please let me know. I have about 13 days to decide whether the gateway goes back or not.
Talk to your IT staff, the big question is what/how they have their VPN setup at the office
Is your work using ipv6 in the first place? Is your VPN client set to connect to a DNS name? There might be something in the barracuda vpn client logs that tells you why the VPN fails to connect
We cant answer those questions, talk to your IT people. They are paid to answer those questions
I didn’t go down the rabbit hole too far on this, but they use their own custom VPN protocol called “TINA”, which is probably where things are falling apart as it’s not a “standard” one like IPSec or SSL based (or even Wireguard now). I have personally used IPSec (GlobalProtect), SSL (Cisco Anyconnect) and AppGate (a weird routing VPN-like thing) and they all work with my THI to get connected to my workplace.
That said, a perusal of the Linux client docs shows me that there are configurable tunneling modes - TCP, UDP and a Hybrid of both. While I do is probably see if you can change some settings (or work with your IT dept.) to maybe try and use a TCP-based tunneling mode? I don’t really know what TINA protocol does to be honest, so just throwing out the suggestion for you to run with. https://campus.barracuda.com/product/networkaccessclient/doc/78154118/how-to-configure-the-barracuda-vpn-client-for-linux/
I have had TMHI for about one month now. The first thing I noticed is that using a Meraki MX on Tmobile was connecting and dropping every 5 minutes or so. I then started using our Cisco Anyconnect on my work laptop for for about 3 weeks it worked fine. Now it drops just like the Meraki VPN. I have the new router which has zero configuration options. I have forced my laptop to only use ipv4 and it did not help. I am hoping they are just making a config change on the tower so I will give it another month. If it is this unreliable for my work I will be shipping it back. Works great for streaming ( YouTubeTV, Netflix etc). Getting a solid 200-300 meg download and would keep it except for the VPN issues with work.
Saw your update. Keep in mind, TCP on VPN clients is meant as a fallback mode, and you’re going to have performance issues with the VPN. UDP is used for a combination of reasons, but it’s to avoid encapsulating TCP inside of TCP, and causing head of line blocking with connections (wrecks your speed, and real time applications). If you notice any strange latency or performance issues with your work VPN, that is why. I use Cisco AnyConnect, and my speeds in UDP mode are 300+Mbps with low latency under load, but no more than a painful 10Mbps with 1,000+ms latency under load on TCP mode.
UDP - My recommendation is to double check any firewalls in your router. UDP VPN clinets commonly use port 4500 OR 443, depending on whether it is IPSec or DTLS. DTLS traffic is often blocked or mis-appropriated by the router firewalls if they are set too tight. If it is an IPSec based VPN, you’re dealing with Double NAT AND some IPSec ALG in the router, which is most likely the combination that is breaking everything.
Worth checking with your company’s IT department though.
As much as I hate the forced AT&T Gateway on AT&T… giving up Fiber for Wireless *facepalm*
Update - It looks like T-Mobile is making changes across the network. We have several users at work that used to work ok with TMHI. Now they have my problem. It just starts and now their TMHI is useless. I have two of my VPN users just this week complain that it stopped working. Same type of random wonky type failures. From our VPN side it looks like the UDP packets are getting dropped across their network. Same problem using ExpressVPN. We are going to be sending out a notice for our users to not use TMHI with our work VPN. It is a shame because it was a decent product for the home…but businesses are going to fight these issues as we are doing today.
From the logs it looks like it’s failing to make a UDP connection to a specific port on the VPN endpoint. From what I’ve read T-Mobile blocks UDP on 5G so maybe that’s the issue. Downgrading to 4G would defeat the entire benefit of the service so . . .
Thanks for the heads up, so far no noticeable slow-down over TCP, but my work laptop is more CPU/RAM bound as far as compiling our application. My router is pretty much a vanilla set up right now - it was in wireless bridge mode to get to the Uverse router in another room. The T-Mobile setup was an easy way to relocate the main modem/router without a service visit, drilling holes in the house, etc. If it turns sour, we’ll send it back.
“the internets”? I was perusing t-mobile’s community forums and found some mention of it, but it may have pertained to old 5G hotspots, or something like that. I do have a fix - see above reply to my original post.
I was perusing t-mobile’s community forums and found some mention of it, but it may have pertained to old 5G hotspots, or something like that. I do have a fix - see above reply to my original post.