Comcast blocking OpenVPN at least with Apple devices

Raylo32

Getting the hang of it
Joined
Dec 3, 2016
Messages
166
Reaction score
84
I know this has been discussed here before but wondering if there might be a new solution. I have Open VPN and BI running on a Windows server at home with Xfinity service and Linksys router. I really need to access my VPN from a friend's house, also with Xfinity service. They also have a Linksys router, not what Xfinity gives you, and the only way to do it is to disable wifi on the phone then view BI on it, via LTE, or use the phone as a hotspot so I can view BI on a bigger screen. I would like to accomplish other VPN tasks as well. The crazy thing is that I have this issue at this place with a Linksys router, but at another friend's place in a nearby state with an Xfinity router I have zero issues and can easily access my VPN over the Xfinity network. Anyone else worked through this and have any suggestions?
 

anotherone

Getting the hang of it
Joined
Mar 31, 2022
Messages
48
Reaction score
51
Location
seattle
I had a problem connecting via VPN when my home network and the guest network I was using had the same IP address for the first 3 digits. Both address were of the type 192.168.1.x

I have since changed my home address to 192.168.237.x and haven't had a problem since.
 

Raylo32

Getting the hang of it
Joined
Dec 3, 2016
Messages
166
Reaction score
84
But was you problem universal or just on networks served by a certain provider? Mine is only an issue on this particular Xfinity network but works elsewhere, including at least one other Xfinity network.
 

Vettester

Getting comfortable
Joined
Feb 5, 2017
Messages
493
Reaction score
397
Anyone else worked through this and have any suggestions?
I used to use OpenVPN but I switched to WireGuard and it has worked much better. I haven't found an instance yet where it hasn't worked while I'm away from home.
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
2,465
Reaction score
3,388
Sounds more like maybe an issue with how the Linksys/your VPN is set up. As above, is your friend using the same IP range for their network as you do? If so, then it may be looping back to his internal network when you're on WiFi there.
 

SpacemanSpiff

Getting comfortable
Joined
Apr 15, 2021
Messages
852
Reaction score
1,170
Location
USA
I had a problem connecting via VPN when my home network and the guest network I was using had the same IP address for the first 3 digits. Both address were of the type 192.168.1.x

I have since changed my home address to 192.168.237.x and haven't had a problem since.
Sounds more like maybe an issue with how the Linksys/your VPN is set up. As above, is your friend using the same IP range for their network as you do? If so, then it may be looping back to his internal network when you're on WiFi there.
^^^ +1

1. Note your IP address scheme when connected via wifi to the LAN at your house
2. Visit house of friend 1 and connect to their LAN via wifi and note your devices IP address
3. Visit house of friend 2 and connect to their LAN via wifi and note your devices IP address

Highly likely you will find the first 3 octets match 192.168.1.x. Perform the 3 steps above and report the results.

Over time I've been changing friends/family's home networks away from the 192.168.1.x scheme. Likewise for any businesses I might support.
 

SpacemanSpiff

Getting comfortable
Joined
Apr 15, 2021
Messages
852
Reaction score
1,170
Location
USA
I regularly connect to other locations, both comca$$ customers, without issues. Provided the two locations do not match the first 3 octets as mentioned in prev post.
 

Raylo32

Getting the hang of it
Joined
Dec 3, 2016
Messages
166
Reaction score
84
My home router running the VPN is on the default range of ip addresses, 192.168.1-maybe 100 or whatever. The PC running the BI and Plex servers has a static ip within that range. The router here where VPN fails is the same I am sure. No one here would have changed it.
 

Raylo32

Getting the hang of it
Joined
Dec 3, 2016
Messages
166
Reaction score
84
I'll give this a try when I get a chance. PITA to have to change ip range and all the addresses. But I don't understand why this should be an issue. When the VPN is active the tunnel should be looking at the remote network, not the local one.
 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
5,146
Reaction score
5,188
Location
Houston Tx
I use OpenVPN on a ASUS router, on an XFINITY / comcast internet connection. Used it this morning with my phone when out and about using the ATT cell network. All work ok. My home network use 192.168.1.x.
MY BI web server is 192.168.1.235:81
I use the ASUSCOMM.com to resolve the internet IP address, as it does change. DDNS (Dynamic Domain Name System)

My second NIC for the cameras is on 192.168.2.x
 

Raylo32

Getting the hang of it
Joined
Dec 3, 2016
Messages
166
Reaction score
84
Everything works perfectly me for everywhere on LTE using my iPhone natively or as a hotspot to the Mac. It is just on some wifi locations where it fails. I haven't tried in many different ones but the one I am at by far the most is a total fail, iPhone or Mac. Comcast service Linksys router, default ip ranges. Easy enough to turn off wifi and check the cams on the phone via LTE network, but more of a PITA to then to swap the Mac to that hotspot wifi. And the LTE connection isn't really fast enough for Plex streaming anyway.

I use OpenVPN on a ASUS router, on an XFINITY / comcast internet connection. Used it this morning with my phone when out and about using the ATT cell network. All work ok. My home network use 192.168.1.x.
MY BI web server is 192.168.1.235:81
I use the ASUSCOMM.com to resolve the internet IP address, as it does change. DDNS (Dynamic Domain Name System)

My second NIC for the cameras is on 192.168.2.x
 
Last edited:

Raylo32

Getting the hang of it
Joined
Dec 3, 2016
Messages
166
Reaction score
84
I did another quick test, still at the remote location, I turned on the VPN client and tried to login to my home router, 192.168.1.1, of course the admin page that came up was for the local router. And being that half the routers in the world use 192.168.1.1xxxx I guess I'll have to go home and redo my network to make this work reliably wherever I may go. Seems a little odd to me that VPN servers and clients would be affected like this and that the VPN providers should warn us about this issue. Or maybe they did and I just wan't listening or looking?
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
2,465
Reaction score
3,388
It's a common problem. Search for something like "OpenVPN office home same IP range 192.168" and you should find lots of discussion. Some ways around that but best if not too much trouble to just change your local IP range to something different like 192.168.2.x or whatever. Then should work pretty much wherever.
 

biggen

Known around here
Joined
May 6, 2018
Messages
2,202
Reaction score
2,154
I have Comcast in three locations and all three are using a mixture of Wireguard and OpenVPN as end points. I would guess that it's not a Comcast issue on your end and probably instead a configuration error.
 

Raylo32

Getting the hang of it
Joined
Dec 3, 2016
Messages
166
Reaction score
84
Thanks for the tips folks. I'll re-rack my network ip setup soon and see if that helps. I just got this new MacBook Air M2 (longtime strict windows user) and it is a bit of a learning curve. So I have been in the mood to fix some of these little tech annoyances like the VPN issue. Since I have dog watch duty at my friends' all place this week and it is hot as balls outside I am even setting up filters on the imap server for all the SPAM e-mails that I have been getting. Marking stuff as spam, or trying to unsubscribe hardly ever works. So filters it is. It really is insane. Basically every place you have ever shopped, every hotel chain you have stayed at, any restaurant you have ordered takeout from, any charity you have ever given to, every car you have ever purchased and done some online business for, etc, etc. The only saving grace is that I buy so much stuff on Amazon that eliminates a lot of other potential SPAM. Egads!
 

Raylo32

Getting the hang of it
Joined
Dec 3, 2016
Messages
166
Reaction score
84
Got this done today, changed my home router to 192.168.2.xxxx and updated the server static ip and all the cam static ips. Works like a charm. But I didn't write down my ui3 password and, of course, it is asking for it at my remote location. I tried a few times and reached max attempts. OK, fine, I used the VPN and remote desktop to retrieve the password from the BI console on the server. But now the ui3 webpage won't even give me the log in window. Just says access denied. What is the fix for this? I already went into the server and made myself a new user ID and password, but it doesn't even give me the window to log on. Will this time out or what?

Edit: I'll try restarting the server PC. i can do that from here via remote desktop.
 
Last edited:

TonyR

IPCT Contributor
Joined
Jul 15, 2014
Messages
11,338
Reaction score
23,645
Location
Alabama
Got this done today, changed my home router to 192.168.2.xxxx and updated the server static ip and all the cam static ips. Works like a charm. But I didn't write down my ui3 password and, of course, it is asking for it at my remote location. I tried a few times and reached max attempts. OK, fine, I used the VPN and remote desktop to retrieve the password from the BI console on the server. But now the ui3 webpage won't even give me the log in window. Just says access denied. What is the fix for this? I already went into the server and made myself a new user ID and password, but it doesn't even give me the window to log on. Will this time out or what?
You did re-boot the server, right?
 

Raylo32

Getting the hang of it
Joined
Dec 3, 2016
Messages
166
Reaction score
84
Yes, didn't work. Also tried clearing browser cache. If I try to log on with false credentials it tells me that no such user or password and leaves me on the login page to try again. If I use my real credentials it says I am not authorized and takes me off the login page to a blank whit page with that message with no chance to login again. The same credentials work on my phone and I assume my other PCs' browsers.

Can someone remind me how to uninstall ui3 so I can re-install it? This stuff has been on autopilot for so long I don't remember. I am on updated BI5, BTW.
You did re-boot the server, right?
 

Raylo32

Getting the hang of it
Joined
Dec 3, 2016
Messages
166
Reaction score
84
This is officially nuts. If I add a simple test user with a 4 character password to the server ui3 on this remote says no such user/password... but leaves me on the login screen. But If I try my regular logon or a new separate userID I made both using my original password, confirmed to be correct, I get the screen of death. In any case I can't login to the server on the computer. My failed login attempts seem to have permanently blacklisted it.
 

Raylo32

Getting the hang of it
Joined
Dec 3, 2016
Messages
166
Reaction score
84
Bottom line is that if I try to log in with any valid credentials I get sent to a blank page with the below message. Says I don't have user rights to view the page. But this happens even with the main admin user iD. While using invalid credentials just gets a failed login and try again??/

One thing I haven't tried yet is to restart this MacBook. Here goes...


Access to 192.168.2.118 was denied
You don't have the user rights to view this page.

HTTP ERROR 403
 
Last edited:
Top