Openvpn Xfinity Router

[Vickiana Sconyers]

Severalposts on the internet suggest VPN for using Samba in a restricted environment so I gave it a try.I setup OpenVPN server on my remote machine using openvpn-install, a script by Nyr. During the script setup, it may not be obvious as per this issue, but make sure to enter the correct IPv4 addresses (interface versus public) when prompted by the script.

Actually there was a big issue when connecting to remote servers with VPN. I was using an AWS instance to host the OpenVPN server. Several internet web servers such as those of Google and Yahoo would refuse to connect when I web browsing through the VPN. Other sites such as Bing and CNN worked fine. Ping and DNS were successful for all sites.

It seems that some sites block certain AWS traffic. I spun up a VM instance on Microsoft Azure and setup OpenVPN server on that VM. The same sites that blocked AWS traffic turned out to not block Azure. VPN server blocking solved.

I could stop here and just run the OpenVPN client on each device that I needed Samba access with. However, I would need to distribute the OpenVPN profile to each device on the LAN that needed Samba access across the internet. The OpenVPN server would also need to be configured to handle more concurrent connections and performance would suffer from the overhead of managing multiple VPN sessions.

When starting the OpenVPN client with openvpn --config /etc/openvpn/client.ovpn the created VPN connection hangs after a few minutes. The remedy for my setup was starting openvpn with the --mssfix 1300 option. ServerFault solution.

Now you can manually start the OpenVPN on the router and all internet traffic will be tunnelled through your VPN server. Devices that do not natively support VPN are now secured. A lot less work than setting up OpenVPN on each device I wanted to use!

I decided to not start the client on router startup because a failed startup would leave me in an undesired connectivity status. Starting the client automatically can be left as an exercise for the reader.

When tunneling traffic VPN, I noticed that my 2x xfinitywifi speed advantage was eliminated and I was getting speeds comparable to not combining two wireless networks. VPN traffic was being routed to the VPN tun0 interface and openvpn was only utilizing wan2 -> radio0 for VPN traffic.

I was unable to figure out how to get openvpn to load balance over two WANs. There are many posts on the internet about done this the opposite direction, an OpenVPN server ultilizing multiple interfaces but no resources that I have found for the OpenVPN client.

A split tunnel can be setup to a range of IP addresses with the --route network/IP [netmask] [gateway] option for openvpn. Any traffic destined for the specified network/IP address range will be routed through the gateway. OpenVPN command reference

route-nopull tells the client to ignore any routes that the OpenVPN server pushes to it. A normal OpenVPN server (the one I setup) is configured as a full tunnel for all traffic. We want to use ONLY our own routes. This way we will be able to have a normal full tunnel to the OpenVPN server without modifying configurations on server or other clients.

Lastly, the remote Samba server can be hardened by updating Samba, enabling encryption, and specifying minimum supported protocol. Add these options to /etc/samba/smb.conf on the Samba server immediately after the [global] line:

Since broadband privacy rules were repealed in 2017, internet service providers can track what you do online and sell that information to advertisers. A VPN will also prevent Comcast from spying on your internet activity and sharing that information with third parties, which is, unfortunately now legal in the US.

NordVPN is the best VPN for Xfinity from Comcast. It operates over 5,000 servers in 59 countries. The Panama-based company has a proven track record of never storing any logs about its VPN users. NordVPN allows you to see the distance and current load of any server to make it easier to find one that best suits your needs. Some servers can unblock geo-locked content like Netflix, Hulu, Amazon Prime Video, and BBC iPlayer. Other servers are optimized for specific purposes, like double VPN or accessing Tor over VPN.

Nord employs a military-grade level of encryption. A kill switch is included that will halt internet traffic if the VPN connection drops. You can cut off the internet to specific applications only or the entire device. DNS leak protection and a CyberSec feature go a step further to protect you from snooping and other online threats. You can torrent on any server, but a few are optimized for P2P file sharing.

BEST VPN for Comcast Xfinity:NordVPN is our top choice. A great option which works reliably with Comcast and most popular streaming sites. Connects up to 6 devices simultaneously. Extremely fast speeds. Risk-free 30-day money back guarantee.

BEST BUDGET OPTION:Surfshark offers unlimited bandwidth,, great unblocking ability, and powerful security at a very reasonable price. In fact, this no-logs VPN even includes a 30-day money-back guarantee.

The provider uses the highest-level encryption on the market. A kill switch and DNS leak protection both come bundled in the apps. You can also toggle options for traffic obfuscation and set the app to change your IP address at specified intervals.

USER FRIENDLY APPS:IPVanish is great for families that need multiple simultaneous connections. Works great with Comcast and an array of streaming services. Own network of super-fast servers and score top marks for privacy and their advanced security protocols. 7-day money-back guarantee.

ExpressVPN has servers in more than 90 countries. Based in the British Virgin Islands, this VPN is not subject to any data retention laws and keeps no logs of your IP address or traffic contents. Servers are generally fast enough to stream video in HD and download large files. P2P file sharing is allowed. ExpressVPN has some servers that can unblock geo-locked content and bypass VPN bans on sites and apps like Netflix, Hulu, HBO, Amazon Prime Video, and BBC iPlayer.

CyberGhost operates more than 5,700 servers in 89+ countries. The app allows you to choose a server by location or by how you plan to use it. If you want to stream Netflix, for example, you can simply select that option rather than figuring out which servers work through trial and error. Amazon Prime and BBC iPlayer are among the many channels that CyberGhost can unblock.

The Romania-based provider keeps no logs and uses 256-bit AES encryption to protect your data and keep it private from Comcast and other prying eyes. DNS leak protection and a kill switch are included with the apps. Extra protections include anti-tracking and anti-malware features. Excellent speeds and P2P file sharing is tolerated.

The young provider uses top-of-the-line encryption standards and follows a strict zero-logs policy. Should the VPN connection drop at any point, you can enable a kill switch to stop traffic from being sent over the unencrypted network. DNS leak protection is built into the apps. PrivateVPN allows P2P file sharing.

PureVPN is almost unbeatable for Comcast Xfinity users wanting a VPN that balances cost and functionality. Priced from just $1.96 per month, it offers everything you need to stop Comcast from monitoring your web visits and ensure you can access region-locked content and websites from 65 different countries worldwide.

Apps are available for Windows, Mac, iOS, Android, and Firestick. The service offers a strict no-logs policy, a kill switch, and DNS leak protection, ensuring you can torrent privately. Just remember that port forwarding is an optional extra that costs a few bucks more.

Finally, PureVPN has a 31-day money-back guarantee, which means you can test it with your Comcast Xfinity account and compare it to any other VPNs that interest you. Live chat support is available on its website, but the agents are very slow to respond.

LOW COST:PureVPN lets you bypass blocks, torrent safely, and access foreign TV streams with your Comcast Xfinity account. It works to watch Netflix, ABC, ESPN, Hulu, HBO Max, and many other US services on vacation and protects you against hackers on public wifi. The VPN is very cheap and offers a 31-day money-back guarantee.

ProtonVPN is based in Switzerland, a country with decent privacy laws. This allows the VPN to implement a rock solid no logging policy. ProtonVPN is perfect for Comcast Xfinity users who want to access international content. Its network extends to 85+ countries, giving users access to streaming services from Canada, Australia, Britain, or any other country that takes your fancy. It also has a choice of servers across the US, perfect for accessing regional services and bypassing blackout games.

The VPN has apps for various operating systems, including Windows, Mac, iOS, and Android. These apps come with AES encryption, a kill switch, multiple protocol options, obfuscation, split tunneling, multi-hop connections, self-owned secure core servers, and Tor over VPN. The port forwarding feature makes ProtonVPN ideal for torrenting.

ProtonVPN is fast thanks to its WireGuard protocol, which makes it ideal for Comcast users wanting to play games, torrent, and stream HD content. You can ask questions by contacting the live chat support on its website and test the VPN yourself using its 30-day money-back guarantee. The only real downside is that it is a touch expensive.

STRONG PRIVACY:ProtonVPN is a fast VPN perfect for Comcast Xfinity users.. It has a choice of US servers to access blackout games or regional US services. Apps come with a kill switch, obfuscation, multi-hop, and AES encryption. Torrenting is allowed throughout its network, and it includes port forwarding. 30-day money-back guarantee.

Comparitech rates and reviews VPNs on a number of criteria that we assess using expert analysis, real-world experience, and a battery of tests. Our methodology is designed to produce the most accurate, useful, and comprehensive VPN reviews and recommendations on the web. When it comes to Comcast and Xfinity VPNs, we specifically look at:

3a8082e126