Skip to content
N

Contributor

 • 

20 Messages

Sunday, December 3rd, 2023 8:04 PM

Internet Connectivity Only Through VPN

I want to like Comcast.  I really do.  The level one support is so much better than it used to be and when I have had work done on my line, the folks are usually competent and pleasant to work with.  Last week I started having Internet connectivity issues.  After checking my firewall and IPS I isolated the issue to Comcast.  On Wednesday 29 Nov, I opened a ticket (CR119400730).  I was told there would be a call back that day as the ticket was being escalated to level 2.  On Thursday morning, I called in to see what was going on.  I received a call back.  It was the most insane conversation I’ve ever had with an alleged Network Engineer.  I should state that I’ve been doing networking since 1994 and used to do turn ups for companies.  I work in the security field now and utilize my networking background to identify attacks and assist the networking team at work.

The level 2 support person starts off by telling me he could not do anything since I owned my own modem.  I told him I was taking more errors on channel 8 and asked him what it looked like on his side.  He told me the signal just goes straight out to the Internet.  I said there have to be several pieces of equipment on his side that the data passes through before going to the Internet.  He said no it just goes to the Internet.  This is THE most bazaar support conversations I’ve ever had in my life!  I tried to break it down into level 1 lingo to see if I could connect.  I said well the cable is an analog signal and something terminates this and digitizes it; then it will be routed several times and then go out a firewall to the Internet.  He started talking about the small pole on the front of the property.  I’m not getting anywhere and ask for the ticket to be escalated again to someone that can access (heck at least knows about) CMTSes.  He said he would escalate and it would be 24 hours for a return call. 

I get on my social media accounts and let my networking and security friends about my experience with Comcast.  We make jokes and pass around the meme about when God lets Satan create one thing…Comcast.  I wonder if Brian Roberts ever saw that meme and knows how popular it is and what a lot of people think of Comcast.  He is a billionaire and if he cared, you would think he could give up a little bit of his salary to hire some quality people.  Ok, back to the story.

I called in the next day.  The auto attendant wants to check my modem again.  Oh no, he closed my ticket that rotten jerk. After being on hold for 45 minutes, a voice comes on the line and says the office is closing early today and hangs up on me.  This is just before 3PM ET.  I wait an hour and call back.  After 30minutes on hold, I’m so angry I hang up because the call is not going to be productive. 

Now it is Sunday.  I’ve been doing my own research and finding ways to pull data from my modem.  I discovered many interesting things as well.  There were several posts about Comcast doing a transparent DNS proxy.  I do not use Comcast’s DNS for DNS resolution.  That is at least part of what is broken.  Nslookup fails to resolve any of my DNS servers when I do not have a VPN working and when the VPN is on, everything works fine.  I also was able to get rid of Comcast Security on my modem when I renewed my contract in June.  My modem still says it is provisioned. 

Here is a good hack to avoid the modem check when one calls in for support.  Just unplug it before calling.  That way it fails and one does not have to call back in because the auto attendent will force one to wait 10 minutes and hang up on customers.  I was able to speak to a human.  I asked to speak with a level 2 manager about getting the arrogant jerk fired; he is not an asset to customers because now I’m looking at going with Verizon Home or Starlink.  I can’t be the only customer he has encouraged to go somewhere else.  I also asked for the ticket to be reopened.  I was told there should be a callback today. 

If you are interested in hearing more about how this story ends, put a comment below.  If you want to know how to detect for a transparent DNS proxy so you are certain your company’s data is private, let me know.  If you have had similar issues, I would enjoy hearing about them as well. 

Official Employee

 • 

29 Messages

1 year ago

Hello @NetNeutrality

Thank you for reaching out and sharing this experience. To ensure we have all of our ducks in a row on the issue, I was hoping to ask a few questions. Have you spoken with your IT team at the VPN tunneling destination? You are having normal performance when VPN is disabled? Appreciate your time and getting us in the loop.

 

I wanted to clear up what provisioning would be. All modems that are activated are provisioned. Provisioning is only referencing inserting the speed tier bootfile on to the modem during the activation. If there is no provisioning done to a modem then it would just be in a walled garden. 

Contributor

 • 

20 Messages

Hello @Comcast_ThomasE ,

Thank you for getting back to me so quickly.  

The VPN I'm referring to is not an internal VPN to my organization.  It is a tunnel from laptops in my office to an outside provider.  I can pick the other endpoint for the destination.  This does not matter.  As long as I use a VPN, I can connect outside.  I cannot setup my security devices to VPN out so all my cameras and motion detectors are down because everything has to go to the cloud nowadays.  If there is a physical break in, I will hold Comcast liable.  I hope this helps explain the situation and urgency. 

I do not have anywhere near normal performance when not using a VPN.  Occasionally I will get a connection, but from a functionality standpoint, this is a complete outage.  

I understand the provisioning aspects.  My last contract had the security bundle included.  I did not want this and worked with level 3 to disable.  I was told it was part of provisioning.  I was also told that provisioning was scripted and upon reboot, the modem is provisioned again with security.  He could have removed security from provisioning, but this would be overwritten periodically to enable security again.  I disabled what I could in the customer interface.  Now it seems this is more flexible than I thought as security is not disabled with my new contract.

The point with provisioning I'm trying to make is that my modem is provisioned for BPI+ and I do not have this as part of my contract anymore so it should not be appearing in my configuration.  It seems there needs to be an adjustment for my modem to disable the security option.  I don't need it and it just gets in the way of my tools when troubleshooting issues and investigating attacks.  This could be the entire issue and a quick fix if I can get someone competent on the phone that can permanently remove it.

Official Employee

 • 

14 Messages

@NetNeutrality I would like to look into the ticket you mentioned. Can you please send us a DM. You can start by clicking the chat icon located in the top right corner of your forums' page when signed in. Once there, you can direct your messages to "Xfinity Support." Please add your full name and service address to help us locate your account. Let me know if you have any questions. 

Contributor

 • 

20 Messages

I just got off the phone with my lawyer.  He recommended filing with the FCC.

So Comcast does not have a phone to call me?

Official Employee

 • 

14 Messages

@NetNeutrality We are happy to assist you online. Our agents over the phone would also be able to assist if you prefer assistance over the phone. I requested you send us a DM to further assist you online. 

Contributor

 • 

20 Messages

When I create a new message and type Xfinity for a lookup, I get "No Results Found"

Contributor

 • 

20 Messages

1 year ago

I'm on hold with customer no service right now waiting on a supervisor.  My ticket was closed again against my direction.  

I also filed my first FCC complaint.  It did not take as long as I thought it would.  

Official Employee

 • 

30 Messages

Hello was that supervisor able to assist you?

Contributor

 • 

20 Messages

I was hung up on again.  Never spoke with a supervisor.  Not expecting there is an open ticket now either.

Official Employee

 • 

30 Messages

Sorry to hear you that happened! I can check on a ticket for you if you want to send a DM to XFINITY SUPPORT with your name and address for me. 

Official Employee

 • 

27 Messages

I am sorry to hear that you have not heard back on that ticket @NetNeutrality. I would be happy to check on that for you. Could you send a direct message to Comcast Business with the full name and complete address for your service? 

To send a direct message [private message]:

   Click the "Direct Message" icon or  https://forums.xfinity.com/direct-messaging

   Click the "New message" (pencil and paper) icon

   The "To:" line prompts you to "Type the name of a person". Instead, type "Comcast Business" there.

   - As you are typing a drop-down list appears. Select "Comcast Business" from that list.

   - An "Comcast Business" graphic replaces the "To:" line.

   Type your message in the text area near the bottom of the window

   Press Enter to send it