We are having issues exclusively with our users who have Comcast/Xfinity home internet. Pinging the WAN interface of our firewall from their home network results in all of the packets being either dropped or they complain that the destination is unreachable… Rebooting the router temporarily fixes the problem. My guess is it’s some kind of network-layer problem in the router. Has anyone else had a problem like this with Comcast?
Check xfinity advanced security, It might be flagging your vpn service.
Comcasr was issuing routers that flat out blocked VPN years back, no way to modify the firewall rules. Are you using their hardware or your own?
I am on our companies VPN from home all day every weekday - no issues thankfully.
We have never been able to get it to work correctly using IP/Sec based VPNs. Try a SSL based VPN which they will have a harder time fucking with…
uncheck ipv6 on the client computer. Windows/Comcast prefer ipv6 and if it’s not fully setup on your vpn server you will have either vpn leak, split route, or disconnects no connection like you are seeing.
Control Panel\All Control Panel Items\Network Connections network card. https://imgur.com/a/7bv0hGl
We have an issue with Xfinity users because the routers they provide use the same IP space as our office as their default. It’s not quite the same issue, but it does cause a lot of issues trying to access certain network resources for those employees. We generally have to help them change the IP scheme on their Xfinity router in order to get them working again.
Yep. Users’ traffic getting flagged as “potentially malicious.”
So far, having them calling Comcrap and tell them that, no, they’re using a VPN has gotten things fixed quickly. So far.
I’ve seen this with Charter Spectrum users as well. Pretty notorious with Ubiquiti USG being on the business end, rebooting the USG solved the issue temporarily.
I don‘t know Comcast but the last time I‘ve hat a similar issue it was because the User hat a DSLite connection.
When the pandemic started there were noticeable bandwidth drops. I just figured they were too over-provisioned for the spike.
We’ve had a couple of issues with users who have the very latest Xfinity router. We’re using the Barracuda NGFW and for some reason if the TINA firewall client is set to UDP mode (the default) they are completely unable to connect to VPN. Setting it to TCP (same port, 691) works fine.
Tried turning off the advanced security as suggested by another commenter, made no difference. The fact that it only happens with brand new routers while all our other users with older Xfinity routers have no problems makes me think it’s a router firmware issue. Comcast support won’t admit it’s their problem but honestly I wouldn’t expect anyone manning the phones to have the first clue anyway.
We ran into issues with Comcast and ipv6 not too long ago. Anything that used or defaulted to it, even if it could fail over to v4, was having troubles. We had to disable ipv6 on all staff machines who had comcast at home.
check your router firewall rules. recommend widevpn.com , support wireguard vpn, unblock any content. $9.99/yearly
I once had a problem with Comcast forcing all my traffic out over IPv6… problem was our VPN Gateway was only on IPv4.
one thing to check is if they are using 2.4 and 5g auto switching that has been driving me up a wall.
There was a report of those Intel based modems can caused some weird issues
Do you happen to have Comcast for an ISP at the office too by chance? If so, reset your modem and that might help, especially if you’ve got users that’re staying within Comcast’s own network. But yeah, overall we’ve had a lot of issues with VPNs over Comcast’s network being shit, and even more problems with Comcast to Comcast VPNs simply not working.
Could you try bypassing the ISP’s DNS?
Here is a simple solution. I changed the DNS setting for both IP4 and IP6 using Cloudfire (1.1.1.1) and this fixed the issue for me. We have had this issue repeatedly with my work from home agents.