Is T-Mobile Fiber (in the US) friendly to Wireguard, or am I going to have blocking issues?

T-Mobile is installing fiber throughout our neighborhood. While I’m not a huge fan of T-Mobile, I actively loath Comcast, and that (or DSL) are currently our only options. At less cost for guaranteed Gb up/down, it’s a no-brainer switch.

Except that we’re always on VPN. I’ve got a perma-connection through Mullvad on the router, and a bypass for VPN the company my wife works for uses; there’s no unencrypted anything going through the network provider. Comcast has never been an issue, but before I go through switching to T-Mobile it’d be nice to confirm that they aren’t going to try to block VPN traffic.

As in the title, it’s Wireguard; does anyone use anything else anymore? Don’t answer that; it’s rhetorical.

Can anyone in the US confirm they’re successfully using Wireguard on T-Mobile Fiber?

  • 𝕽𝖚𝖆𝖎𝖉𝖍𝖗𝖎𝖌𝖍OP
    link
    fedilink
    arrow-up
    2
    ·
    6 months ago

    You’re absolutely right about not being good for businesses; most of those don’t use Wireguard, though, unless that’s changing. It’s usually some proprietary crap.

    The problem with renting a VPS - of which I already have several - is that at some point you have to pay for the data. Either it’s uncapped, but throttled at a certain number of GBs, or you pay a rate per GB. The hell I’m going to pay T-Mobile and have to pay more because they don’t allow VPNs.

    But, it’s starting to sound like they don’t block them, so it’s probably all good. Worst case scenario, I suppose I can always go crawling back to Comcast.

    • marsara9@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 months ago

      Just wanted to add… After reading your initial post I did some more digging on adding tracking headers, etc… especially by T-Mobile.

      While it’s definitely a thing, it only applies to HTTP traffic. Even HTTPS blocks their ability to add those headers. So any traffic that’s using any other protocol (DNS, email, ssh, or just gaming, etc…) would be safe from your ISP from at least trying to add these tracking headers.

      • 𝕽𝖚𝖆𝖎𝖉𝖍𝖗𝖎𝖌𝖍OP
        link
        fedilink
        arrow-up
        1
        ·
        6 months ago

        You can put headers on any TCP packets, and they’re supposed to be preserved by intermediate routers. It affects all TCP packets, not just HTTP; the only way to bypass it is by using UDP, which is used by some protocols, but not most.

        A TCP implementation MUST be able to receive a TCP Option in any segment (MUST-5).

        RFC9293