Connectivity
Back to Top

L2TP/IPSEC appear to be blocked

Highlighted
DonC1967
Visitor

L2TP/IPSEC appear to be blocked

Well, I just had my first poor experience with Comcast Business phone support to the point where I was hung up on so I'll try to pose my question here. 

 

I am a long time user of the comcast service and SMC gateway device from them and I have multiple port forward rules set up, smtp, www, pptp, etc.  They all work fine.  I have added ports for L2tp/IPSec (500, 1701, 8500 and ESP).  I have not been able to connect to my Synology VPN host from anywhere outside my local LAN.  I have tried from a windows 8.1 and Ubuntu client.  From the internal LAN, it works fine from either platform.  When I try one of those third part port check tools, it says the above mentioned ports for L2tp/IPSec are closed even though the gateway gui says they are enabled.  Does anyone know if comcast blocks these and if so their reasoning? 

 

That is the question I proposed to them and the poor level 1 guy was confused thinking I wanted him to setup my comcast device which I don't need help with.  I think his supervisor had the same confusion.  I hope the converstation was recorded and gets reviewed.   I've never had anything but superior support from Comcast and this was a let down.  Maybe I should not call on a Sunday though.

Official Employee

Re: L2TP/IPSEC appear to be blocked

Thanks for visiting our Comcast Business Support Forums, DonC1967. I apologize to hear about your experience with us. I'd like to help with your questions regarding your VPN. Please, send me a private message with your full name and phone number. I'll need to take a look at your network from the Comcast Business Modem to ensure I understand the full scope of your question. 

DonC1967
Visitor

Re: L2TP/IPSEC appear to be blocked

No change from what I see on the port test but do have some level of success now outside the LAN.  All my tests were using the shared key approach because I understand the setup for that better, but at least for a windows client, if I switch to "Use certificate for authentication", it works as long as I don't enforce encryption. I think that requires more certificate work to get that going, but still researching.   As far as I can tell, that option is not availble in Ubuntu but that is not a primary concern at present. 

Official Employee

Re: L2TP/IPSEC appear to be blocked

I'm glad you were able to figure out a workaround. If you'd like me to take a look at your Comcast Network, send me a private message. I'd be more than happy to provide whatever assistance I can. 

DonC1967
Visitor

Re: L2TP/IPSEC appear to be blocked

I appreciate it.  Taking a fresh look at things this morning, the issue may be something on the Synology side.  Browsing some of their forums for similar issues had results of "they logged into my box and did something and now it works."  The box supports PPTP, L2TP/IPSec and OpenVPN.  My original issue is that PPTP is now blocked by Apple/Sprint so I was trying to find something allowed through.  I use it infrequently but it is a nice capability to have.  I gave OpenVPN a shot and it is working like a champ, so I am good.  Since those online port checkers are saying the OpenVPN port is not open either but it is clearly working, must mean they have issues trying to probe UDP ports in some cases.  Anyway, thanks for responding.  Smiley Happy

Official Employee

Re: L2TP/IPSEC appear to be blocked

Sure thing. I'm glad you were able to find some potential answers. If you have any questions or concerns about your Comcast Network or other services, don't hesitate to reach back out. Thanks for choosing Comcast Business and enjoy the rest of your day.

Discussion stats
  • 5 replies
  • 181 views
  • 0 kudos
  • 2 in conversation