Hacker News new | past | comments | ask | show | jobs | submit login
Comcast Blocks VPN Traffic (wjd.io)
37 points by thehashrocket on Sept 7, 2016 | hide | past | favorite | 11 comments

PPTP was probably blocked because it needs the GRE port. And I think xfinitywifi only allows UDP/TCP.

I use OpenVPN over TCP and UDP on xfinitywifi all the time. In fact, I have a wallwart router configured for it. Plug it in, ssh in, set the wifi, and I have a relatively secure SSID I can use.

One day the UDP VPN stopped working. I found out it was because the MTU on xfinitywifi changed to ~1300. Sending a packet with a larger size would result in dropped packets which would cause some stuff to work, but not all. Setting the mssfix parameter to something lower in OpenVPN fixed it.

You can test this by varying the payload size in ping.

TCP worked fine the whole time.

Also why are people still using PPTP?! I thought it was considered compromised.

When you don't need strong encryption, but need low-latency, high-throughput on a low end device.

One such use case is IP address masquerading.

Netflix geolocation spoofing

Thanks for the tip. I have been blocked on xfinity also while using my VPN. I will try TCP instead of the default UDP.

Seen similar, a little tweaking and OpenVPN continues to rock

More technical information would be helpful. Simply stating "I simply couldn't browse any site" ... could be any number of issues from DNS to MTU..

The ad injection thing is a recent change for even residential customers and it's pervasive. Forget Forbes.com: many sites recommended by Google Now have suddenly sprouted full screen buzzing ads with no close button.

Previously I avoided the worst of Comcast's shenanigans by running my own squid proxy plus a DNS resolver that pointed to Google as I already have an Android phone so it's not like my DNS searches are novel to Google.

The good news is (for now) you can just close the popup tab but since these popups could easily be malware adverts I've switched to firefox with ad blocking to regain control of my phone.

Next up will probably be tacking up a 24/7 VPN so I don't have to configure one on each device.

This is one of the strongest arguments I can think of for net neutrality.

Bad title, even the article states that "Just to clarify then, Comcast blocks anonymized VPN traffic when you are connected to one of their public hotspots."

Seems anecdotal. I've never had trouble with VPNs on my Comcast connection (no idea about their public hotspots).

Anecdotal: there are times when I have been unable to access rt.com [1] through Comcast, though I could access it through my 4G connection just fine.

[1] yes, I know it's propaganda, but I was accessing it for research purposes

So far it seems this is anecdotal and not universal, since others have not had the same issues on the same types of connections using the same providers.

The claim in the headline is a big claim to make whenever only anecdotal evidence is present.

I wouldn't put something like this past Comcast, though.

Applications are open for YC Winter 2022

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact