Comcast Blocks VPN Traffic (opens in new tab)

(blog.wjd.io)

37 pointsthehashrocket9y ago11 comments

11 comments

PPTP was probably blocked because it needs the GRE port. And I think xfinitywifi only allows UDP/TCP.

I use OpenVPN over TCP and UDP on xfinitywifi all the time. In fact, I have a wallwart router configured for it. Plug it in, ssh in, set the wifi, and I have a relatively secure SSID I can use.

One day the UDP VPN stopped working. I found out it was because the MTU on xfinitywifi changed to ~1300. Sending a packet with a larger size would result in dropped packets which would cause some stuff to work, but not all. Setting the mssfix parameter to something lower in OpenVPN fixed it.

You can test this by varying the payload size in ping.

TCP worked fine the whole time.

freestockoption9y ago

Also why are people still using PPTP?! I thought it was considered compromised.

kinkdr9y ago

When you don't need strong encryption, but need low-latency, high-throughput on a low end device.

One such use case is IP address masquerading.

aboonaboo9y ago

Netflix geolocation spoofing

hiram1129y ago

Thanks for the tip. I have been blocked on xfinity also while using my VPN. I will try TCP instead of the default UDP.

edoceo9y ago

Seen similar, a little tweaking and OpenVPN continues to rock

nickphx9y ago

More technical information would be helpful. Simply stating "I simply couldn't browse any site" ... could be any number of issues from DNS to MTU..

technofiend9y ago

The ad injection thing is a recent change for even residential customers and it's pervasive. Forget Forbes.com: many sites recommended by Google Now have suddenly sprouted full screen buzzing ads with no close button.

Previously I avoided the worst of Comcast's shenanigans by running my own squid proxy plus a DNS resolver that pointed to Google as I already have an Android phone so it's not like my DNS searches are novel to Google.

The good news is (for now) you can just close the popup tab but since these popups could easily be malware adverts I've switched to firefox with ad blocking to regain control of my phone.

Next up will probably be tacking up a 24/7 VPN so I don't have to configure one on each device.

This is one of the strongest arguments I can think of for net neutrality.

ac299y ago

Bad title, even the article states that "Just to clarify then, Comcast blocks anonymized VPN traffic when you are connected to one of their public hotspots."

Seems anecdotal. I've never had trouble with VPNs on my Comcast connection (no idea about their public hotspots).

trendia9y ago

Anecdotal: there are times when I have been unable to access rt.com [1] through Comcast, though I could access it through my 4G connection just fine.

[1] yes, I know it's propaganda, but I was accessing it for research purposes

kup09y ago

So far it seems this is anecdotal and not universal, since others have not had the same issues on the same types of connections using the same providers.

The claim in the headline is a big claim to make whenever only anecdotal evidence is present.

I wouldn't put something like this past Comcast, though.

j / k navigate · click thread line to collapse

11 comments

freestockoption9y ago

PPTP was probably blocked because it needs the GRE port. And I think xfinitywifi only allows UDP/TCP.

I use OpenVPN over TCP and UDP on xfinitywifi all the time. In fact, I have a wallwart router configured for it. Plug it in, ssh in, set the wifi, and I have a relatively secure SSID I can use.

You can test this by varying the payload size in ping.

TCP worked fine the whole time.

freestockoption9y ago

Also why are people still using PPTP?! I thought it was considered compromised.

kinkdr9y ago

When you don't need strong encryption, but need low-latency, high-throughput on a low end device.

One such use case is IP address masquerading.

aboonaboo9y ago

Netflix geolocation spoofing

hiram1129y ago

Thanks for the tip. I have been blocked on xfinity also while using my VPN. I will try TCP instead of the default UDP.

edoceo9y ago

Seen similar, a little tweaking and OpenVPN continues to rock

nickphx9y ago

More technical information would be helpful. Simply stating "I simply couldn't browse any site" ... could be any number of issues from DNS to MTU..

technofiend9y ago

The good news is (for now) you can just close the popup tab but since these popups could easily be malware adverts I've switched to firefox with ad blocking to regain control of my phone.

Next up will probably be tacking up a 24/7 VPN so I don't have to configure one on each device.

This is one of the strongest arguments I can think of for net neutrality.

ac299y ago

Bad title, even the article states that "Just to clarify then, Comcast blocks anonymized VPN traffic when you are connected to one of their public hotspots."

Seems anecdotal. I've never had trouble with VPNs on my Comcast connection (no idea about their public hotspots).

trendia9y ago

Anecdotal: there are times when I have been unable to access rt.com [1] through Comcast, though I could access it through my 4G connection just fine.

[1] yes, I know it's propaganda, but I was accessing it for research purposes

kup09y ago

So far it seems this is anecdotal and not universal, since others have not had the same issues on the same types of connections using the same providers.

The claim in the headline is a big claim to make whenever only anecdotal evidence is present.

I wouldn't put something like this past Comcast, though.

j / k navigate · click thread line to collapse