Is T-Mobile Fiber (in the US) friendly to Wireguard, or am I going to have blocking issues?
T-Mobile is installing fiber throughout our neighborhood. While I’m not a huge fan of T-Mobile, I actively loath Comcast, and that (or DSL) are currently our only options. At less cost for guaranteed Gb up/down, it’s a no-brainer switch.
Except that we’re always on VPN. I’ve got a perma-connection through Mullvad on the router, and a bypass for VPN the company my wife works for uses; there’s no unencrypted anything going through the network provider. Comcast has never been an issue, but before I go through switching to T-Mobile it’d be nice to confirm that they aren’t going to try to block VPN traffic.
As in the title, it’s Wireguard; does anyone use anything else anymore? Don’t answer that; it’s rhetorical.
Can anyone in the US confirm they’re successfully using Wireguard on T-Mobile Fiber?
I know this doesn’t help much but I use T-Mobile cell towers with an always on VPN with no issue. But I don’t see why they’d block Mullvad. (I’d be more concerned that they’d block them than wireguard in general). But there’s completely legitimate reasons to use both so I don’t see them really bothering to block either.
Harvesting tracking data is a revenue stream. T-Mobile and Verizon home internet have both been caught attaching tracking headers to TCP packets. A VPN strips those. If enough customers use VPNs, it really can impact their bottom line, as they have data on fewer customers to sell.
That’s the “why they’d bother.”
Yes but while the service is targeted for home use there still is remote work which generally requires a VPN back to the company network. They wouldn’t be able to block this. Now sure they might be more inclined to block Mullvad but they’d impact too many businesses by blocking wireguard as a whole.
And assuming they did block Mullvad but not wireguard… Just rent a VPS and install a wireguard server and client there to bridge back to Mullvad.
You’re absolutely right about not being good for businesses; most of those don’t use Wireguard, though, unless that’s changing. It’s usually some proprietary crap.
The problem with renting a VPS - of which I already have several - is that at some point you have to pay for the data. Either it’s uncapped, but throttled at a certain number of GBs, or you pay a rate per GB. The hell I’m going to pay T-Mobile and have to pay more because they don’t allow VPNs.
But, it’s starting to sound like they don’t block them, so it’s probably all good. Worst case scenario, I suppose I can always go crawling back to Comcast.
Just wanted to add… After reading your initial post I did some more digging on adding tracking headers, etc… especially by T-Mobile.
While it’s definitely a thing, it only applies to HTTP traffic. Even HTTPS blocks their ability to add those headers. So any traffic that’s using any other protocol (DNS, email, ssh, or just gaming, etc…) would be safe from your ISP from at least trying to add these tracking headers.
You can put headers on any TCP packets, and they’re supposed to be preserved by intermediate routers. It affects all TCP packets, not just HTTP; the only way to bypass it is by using UDP, which is used by some protocols, but not most.
A TCP implementation MUST be able to receive a TCP Option in any segment (MUST-5).
