
Comcast Blocks VPN Traffic - thehashrocket
https://blog.wjd.io/comcast-blocks-vpn-traffic
======
freestockoption
PPTP was probably blocked because it needs the GRE port. And I think
xfinitywifi only allows UDP/TCP.

I use OpenVPN over TCP and UDP on xfinitywifi all the time. In fact, I have a
wallwart router configured for it. Plug it in, ssh in, set the wifi, and I
have a relatively secure SSID I can use.

One day the UDP VPN stopped working. I found out it was because the MTU on
xfinitywifi changed to ~1300. Sending a packet with a larger size would result
in dropped packets which would cause some stuff to work, but not all. Setting
the mssfix parameter to something lower in OpenVPN fixed it.

You can test this by varying the payload size in ping.

TCP worked fine the whole time.

~~~
freestockoption
Also why are people still using PPTP?! I thought it was considered
compromised.

~~~
kinkdr
When you don't need strong encryption, but need low-latency, high-throughput
on a low end device.

One such use case is IP address masquerading.

------
nickphx
More technical information would be helpful. Simply stating "I simply couldn't
browse any site" ... could be any number of issues from DNS to MTU..

------
technofiend
The ad injection thing is a recent change for even residential customers and
it's pervasive. Forget Forbes.com: many sites recommended by Google Now have
suddenly sprouted full screen buzzing ads with no close button.

Previously I avoided the worst of Comcast's shenanigans by running my own
squid proxy plus a DNS resolver that pointed to Google as I already have an
Android phone so it's not like my DNS searches are novel to Google.

The good news is (for now) you can just close the popup tab but since these
popups could easily be malware adverts I've switched to firefox with ad
blocking to regain control of my phone.

Next up will probably be tacking up a 24/7 VPN so I don't have to configure
one on each device.

This is one of the strongest arguments I can think of for net neutrality.

------
ac29
Bad title, even the article states that "Just to clarify then, Comcast blocks
anonymized VPN traffic when you are connected to one of their public
hotspots."

Seems anecdotal. I've never had trouble with VPNs on my Comcast connection (no
idea about their public hotspots).

------
trendia
Anecdotal: there are times when I have been unable to access rt.com [1]
through Comcast, though I could access it through my 4G connection just fine.

[1] yes, I know it's propaganda, but I was accessing it for research purposes

------
kup0
So far it seems this is anecdotal and not universal, since others have not had
the same issues on the same types of connections using the same providers.

The claim in the headline is a big claim to make whenever only anecdotal
evidence is present.

I wouldn't put something like this past Comcast, though.

