Re: Xfi Advances Security (comcast)

[Owen DeLong via NANOG <nanog () nanog org>]

First thing I do with any cable modem is convert it to bridge mode.

The fewer “smarts” in the cable modem doing odd things to my traffic, the better.

Owen


> On Sep 10, 2021, at 10:40 , Eric Kuhnke <eric.kuhnke () gmail com> wrote:
>
> I know this is not a solution to your problem, but I have found myself more often running the public interface of 
> openvpn systems on port 443. Any sufficiently advanced DPI setup will be able to tell that it's not quite normal 
> https traffic. 
>
> But 99% of the time it seems to serve the purpose of defeating heavily-restricted "free" wifi in airports, hotels, 
> random guest/amenity wifi stuff, which obviously can't block https/443 to the world these days.
>
> On Fri, Sep 10, 2021 at 11:08 AM Jason Kuehl <jason.w.kuehl () gmail com <mailto:jason.w.kuehl () gmail com>> wrote:
> This is an SSL VPN that is being blocked. This is what failure looks like. Curl is the same.
>
> Once we disable the Xfi  Advanced Security everyone can connect.
>
>
>
> On Fri, Sep 10, 2021 at 11:01 AM Jim Popovitch via NANOG <nanog () nanog org <mailto:nanog () nanog org>> wrote:
> On Fri, 2021-09-10 at 10:31 -0400, Jason Kuehl wrote:
> > For whatever reason Comcast Xfinity is blocking my VPN URL. 
>
> Not certain that this applies, but Concast Advanced Security (setup in
> your Comcast gateway) only allows outbound VPN connections to UDP ports
> 500, 4500, and 62515 and TCP port 1723.
>
> -Jim P.
>
>
>
> -- 
> Sincerely,
>  
> Jason W Kuehl
> Cell 920-419-8983
> jason.w.kuehl () gmail com <mailto:jason.w.kuehl () gmail com>