AT&T actively blocking VPN usage?

Let's get that connection stable for you, @Dauger!

Since you've already tried some troubleshooting, let's move on to something else. Let's have you run a traceroute while using the VPN. Once Connected to the VPN, try running the traceroute to a site you use normally for work. You can find the steps in the aforementioned link under the section titled The Basics.

Once you perform this, hare the results here, so we can see exactly where the connection is having issues.

CalebP, AT&T Community Specialist 

CalebP,

This is laughable,  I am another user with AT&T Fiber, BGW320-500 modem.  Wired connections from my computer to the ATT Modem. I pay for 1GB service and my average speed is pretty close to that, however, the minute I connect to my company VPN (AnyConnect client) speeds are about .5 to .8 MB   When we connect the same computer to my neighbors Spectrum Internet modem , then connect to the company VPN we average about 175 MB.  When we connect the same computer wirelessly to a Verizon hotspot or even Starbucks or MCDonalds we average about 60 MB.  I am not the only one in my company having the issue.  We are all in different states but the one thing we have in common is ATT internet.

I have spent  hours on the phone with your tech support , reset our modem to factory several times and had no joy at the results.  

Just to be clear, I am a Network Engineer, so I am not just some consumer complaining, I know what I am saying and what is or could not be the issue.  I asked the last tech to put in a ticket with your NOC because the issue is above the local CO and my modem.  The response I received was that if he did it would be closed immediately because the internet is not down.  Instead he said he was sending me a new modem.

I am now exploring other internet providers in my area.  I have no doubt at this point , because it has been an issue before, that ATT knows full and well what the issue is and that it is happening again.  Furthermore I believe it is intentional because this morning from 9:00 am EST to 11:30 EST it was functioning properly and we were averaging 135-150 MB.

@chriswhoth so post your traceroutes for AT&T and with your VPN active and you will see different routing. I have a Forte VPN client and I get the same speeds (within 50 MBs on my Fiber 1000 and VPN just different peering and routing to my Forte Gateway.

The traceroute command output show where the ping ms latency jumps at a peering hand-off at a router on another network between you and your AnyConnect handoff. Best case it will even show the exact network were the traffic is having issues.

AT&T does not do anything special with VPN traffic. In fact they can't see your VPN traffic since it is in a VPN tunnel. The tech is correct they can't open a NOC ticket if basic Internet service is up and working.

Dave

I know exactly what a TRACERT does, and yes AT&T can and do block certain types of traffic, including IPSEC.  It is not the first time this has been an issue, and I am not the only person having this issue.  Within my company there are 4 other users all using ATT in different parts of the country. Our users not using AT&T are not having the issue at all.  I used my neighbors Spectrum and had no issue either.   The original poster is NOT part of my company and they are having the issue.  AT&T had this same issue last year and in 2020, reported by multiple people.   I have included both on ATT and on connected to a Verizon Hotspot.   I have also had Cisco look at it as well and they smized the same thing, the issue is AT&T.

As for your comment about seeing my VPN traffic, of course they cant see the traffic in the tunnel, but they can see that there is a VPN tunnel, they can see the protocols being used on their network, so although your statement is semantically correct, the point is that they are blocking traffic produced by the VPN connection.  Although there will be some speed drop while connected to the VPN, it should not drop to .5mb.  While connected to the VZW Hotspot, my speed was a constant 160mb, which is vastly different.

First look at your DNS resolutions. You are resolving your app.smartsheet.com to 2 totally different IPv4 addresses. What are you using for DNS resolution?

Only thing in common is the first Class Network of 34.x.x.x.

Dave

Dave,

Its a class A network not a First Class network.   There is no such thing.  I got this, and no matter what you say, its an AT&T issue.  My 30 years, plus the years of experience form 6 other engineers and 2 Cisco Architects say the same thing.  There is no need for your assistance, thank  you and good luck in life

I never had an issue with VPN until I start using AT&T has my home ISP.. 

I dont understand a whole lot of the technical points that were discussed above but I tend to agree with chriswhoth since I just swaitched from basic AT&T network connection to all fi hub or whatever else that it maybe called. Previous to this although my speed was around 50 I had never had any issues with lagging when using VPN. however, in the past week instead of having speeds on my notebook of more than a 100, sometimes I get speeds of around 20 and worse it takes my notebook around 30 seconds or more before i receive full screen information.

If this continues, I maybe looking for alternatives or go back to the basic service

I had my openVPN server working for months and one day it stopped working, I did a lot of troubleshooting and I'm pretty sure there is something being blocked by ATT. I setup a few services on the same machine that hosts the OpenVPN instance to use the same port being forwarded by the router and all of them reached the server fine from outside the network but the moment you try to reach the OpenVPN service it doesn't even reach the router as if no port forwarding was in place. To be sure i setup an openVPN server on a raspberry pi and had the same issue (no access from outside of the network unless is not OpenVPN Traffic so other services using the same port actually worked from outside) another step i did was to take the raspberry pi to a friends house and plugged it in to his network forwarded ports on his router settings an no a single issue connecting from outside of his network.