Xfi Advances Security (comcast)

Fri Sep 10 22:49:39 UTC 2021

Ideally being your own customer owned cable modem that meets specs (Comcast
does allow this in some regions) that will function as a layer 2 bridge.

On Fri, Sep 10, 2021, 1:46 PM Owen DeLong <owen at delong.com> wrote:

> First thing I do with any cable modem is convert it to bridge mode.
>
> The fewer “smarts” in the cable modem doing odd things to my traffic, the
> better.
>
> Owen
>
>
> On Sep 10, 2021, at 10:40 , Eric Kuhnke <eric.kuhnke at gmail.com> wrote:
>
> I know this is not a solution to your problem, but I have found myself
> more often running the public interface of openvpn systems on port 443. Any
> sufficiently advanced DPI setup will be able to tell that it's not quite
> normal https traffic.
>
> But 99% of the time it seems to serve the purpose of defeating
> heavily-restricted "free" wifi in airports, hotels, random guest/amenity
> wifi stuff, which obviously can't block https/443 to the world these days.
>
> On Fri, Sep 10, 2021 at 11:08 AM Jason Kuehl <jason.w.kuehl at gmail.com>
> wrote:
>
>> This is an SSL VPN that is being blocked. This is what failure looks
>> like. Curl is the same.
>>
>> Once we disable the Xfi  Advanced Security everyone can connect.
>>
>> [image: image.png]
>>
>> On Fri, Sep 10, 2021 at 11:01 AM Jim Popovitch via NANOG <nanog at nanog.org>
>> wrote:
>>
>>> On Fri, 2021-09-10 at 10:31 -0400, Jason Kuehl wrote:
>>> > For whatever reason Comcast Xfinity is blocking my VPN URL.
>>>
>>> Not certain that this applies, but Concast Advanced Security (setup in
>>> your Comcast gateway) only allows outbound VPN connections to UDP ports
>>> 500, 4500, and 62515 and TCP port 1723.
>>>
>>> -Jim P.
>>>
>>>
>>
>> --
>> Sincerely,
>>
>> Jason W Kuehl
>> Cell 920-419-8983
>> jason.w.kuehl at gmail.com
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210910/838514a2/attachment.html>