Hacker News new | ask | show | jobs
by freestockoption 3567 days ago
PPTP was probably blocked because it needs the GRE port. And I think xfinitywifi only allows UDP/TCP.

I use OpenVPN over TCP and UDP on xfinitywifi all the time. In fact, I have a wallwart router configured for it. Plug it in, ssh in, set the wifi, and I have a relatively secure SSID I can use.

One day the UDP VPN stopped working. I found out it was because the MTU on xfinitywifi changed to ~1300. Sending a packet with a larger size would result in dropped packets which would cause some stuff to work, but not all. Setting the mssfix parameter to something lower in OpenVPN fixed it.

You can test this by varying the payload size in ping.

TCP worked fine the whole time.
3 comments
freestockoption 3567 days ago
Also why are people still using PPTP?! I thought it was considered compromised.
link
kinkdr 3567 days ago
When you don't need strong encryption, but need low-latency, high-throughput on a low end device.

One such use case is IP address masquerading.

link
aboonaboo 3567 days ago
Netflix geolocation spoofing
link
hiram112 3567 days ago
Thanks for the tip. I have been blocked on xfinity also while using my VPN. I will try TCP instead of the default UDP.
link
edoceo 3567 days ago
Seen similar, a little tweaking and OpenVPN continues to rock
link