Ohh, thats too bad! I don't understand whats the problem with the firmware developers to code to the specs, which are well established and out there for quite a while! Looks like some dudes just like to go IE/Microsoft way!!
Hope you get PPTP working soon.
Thanks. I don't have a lot of faith that an organization as large as Comcast with that many outstanding devices working well otherwise would bother fixing this but maybe they'll surprise us all one day.
>> IPsec works fine as does L2TP (from what others have said-- I have not verified that.) <<
I can confirm that on my TC8305C, an L2TP-based VPN connection works fine, PPTP doesn't.
Interesting side-note: The same problem exists with some of Comcast's public wifi points: I can't get a PPTP VPN connection, but can get an L2TP one. I suspect that the problem wifi points are the result of the same issue--they're using the TC8305C. (I believe that when a consumer-facing business signs up for Comcast internet, unless they opt out, their gateway ends up putting out two signals--one for the business's private use, the other public.)
I was wondering how they got up so many hotspots in these small businesses. Funny how obvious it seems now that you mentioned it!
Anyway, if anyone at Comcast is reading this, please ask the team in charge of these devices to fix them to allow PPTP passthrough. If they'll properly NAT protocol 47 back to the client, it would work fine.
I was able to get the Arris box and it works. The installer was unaware of the problem, he said "there must be a configuration setting" to fix it. Any reasonable person would think that.....
Thank you so much SPS_BOSTON. This worked so that I can use VPN to connect to my workplace.
1) login to TC8305C
2) click on Gateway => Firewall
change to low security
3) click on Connection => Local IP Network
change the Gateway Address from 10.0.0.1 to 192.168.0.1
Today (03/20/2014 ) two different Comcast employeees told me :
1) we don't support VPN
2) sorry the Technicolor (TC*) wireless gateways do not do VPN, you'll have to trade out your wireless Gateway for another brand at a local store/office.
Then I searched the internet and finally read your post and tried it. Even though it took about an hour on the phone and searching etc, I feel like that was minimal time wasted compared to some others.
Thank you so much - you saved me a lot of time !
I don't believe these steps are working for others using PPTP and the Technicolor all-in-one device.
Are you using PPTP or IPSec VPN type?
I personally tried these explicit steps over a couple weeks and had to swap out to an Arris.
Thank you so much SPS_BOSTON. This worked so that I can use VPN to connect to my workplace.
That does NOT work. The only reason that worked for you is because
The issue, again, is that the device does not translate (NAT) protocol 47 back to the client correctly (often called "PPTP passthrough" on other devices). With L2TP and IPsec VPNs, that is not needed which is why changing the IP seems to work for some people but not others.
The only way to fix the PPTP issue is to ditch the device for something else or get it bridged and add your own router. I chose to purchase an Arris TM822G and an ASUS wireless router. I get better speed and can configure it myself. And I don't have to pay $8/month any more to lease a device that isn't configured correctly for what I need anyway, so this will effectively save me a lot of money in the long run.
Also, again for the record, it's honestly not reasonable to expect Comcast tier 1 support to be able to help you. I can assure you that anyone who is proficient in IP-based networking enough to understand this issue will not be working on a customer-facing tier 1 support platform. This problem COULD be fixed pretty easily with a configuration change or firmware update, but given the number of these devices out there, I'm pretty sure that if they wanted it fixed it would have been fixed a long time ago. Either that or someone decided it wasn't worth risking bricking thousands of modems over a firmware patch (which I must admit that I understand as well.)
Please don't take this the wrong way. I know you're trying to help and your actions did, in fact, fix YOUR issue. But you are definitely not using a PPTP VPN tunnel. I'm just trying to explain why this won't work for others who are attempting to establish a PPTP connection so they don't go nuts when it doesn't work!
post by cjb5327 removed because it violates forum posting rules.
(which everyone should read before making his/her first post) state
2. Use Profanity
Please keep your posts clean. Our forums have an automated profanity filter to block out inappropriate language. Please do not circumvent it by finding colorful ways to approximate or disguise those words. If you are caught trying to bypass the filters in any way, your posting privileges may be revoked.
Hey There Queen-Evie -
While I understand that the prior user's post probably deserved to be pulled due profanity... you have to understand the absolute horrible level of frustration Comcast has caused for its loyal customers through this issue.
1) PPTP client VPN connections are used by MILLIONS of residential broadband subscribers to support work-at-home and other remote employees. They ARE NOT running businesses out of their homes and it is a sorry excuse to pawn support off by calling this a business use case.
2) All Comcast gateway devices have suported PPTP through NAT in the past, from my experience and others' posting. The Technicolor device is DEFECTIVE (bugged firmware) and Comcast needs to force the OEM to fix the issue by way of a firmware update.
I got my VPN to work simply by going into the Xfinity Gateway Firewall settings and lowered it from "Typical security (medium) to " Minimum Security (low) and it now works.
Hope this helps!
What type of VPN are you using? PPTP or IPSec?
What firmware version is on your Technicolor gateway?
Numerous people (including myself) have tried that setting with no success.
Hey, wash your vpn connection type pptp? Because i followed the same steps earlier except my gateway address is 192.168.1.1 instead of 192.168.0.1.
Thanks SO much for the help. I was having a similar PPTP VPN issue and tried about everything. I switched off all firewalls, cycled through the local IP's,... Switching the technicolor to an Arris fixed it without any extra configuration (ARRIS TG862G). Thanks again!
Same thing here. After having lost 2 days of work due to this issue I ended up changing the cable modem. The Arris TG862G worked right out the box.
I'm not technical enough to understand how all this works. I have TV, Internet and phone. Just got the TC8305C box because they told me I had to update. Now, as you all have run into, no VPN. If I purchased an Arris box, does that work with the phone? Do I need 2 boxes? Thanks for any help.
I have the same problem since upgrading to theTechnicolor tc8305c. Turning off the firewall and changing the subnet to my local settings do not work. I can use my notebook for VPN over the wireless connection with no problem.but my desktop which is connected by ethernet will not work so there should be a firmware for the modem to fix this issue. Hopefully Comcast will resolve this problem soon.
I just wanted to share an article with all of you fighting to get the TC8305C to work with VPN, There is a reason why they don't;
In mid-August, Comcast Corp. changed its subscriber agreement in order to clarify several of its acceptable use policies. Specifically, the Excite@Home principal partner expanded its "Prohibited Uses of the Service" section to include language that states VPN use is unauthorized.
VPN transport is achieved by tunneling a direct path to a service provider for private data transport over the public Internet. Through point-to-point tunneling standards any personal computer that has point-to-point protocol support will be able to use an Internet service provider to securely connect to a server located elsewhere.
Comcast@Home's acceptable use policy now states that "... the service is for personal and non-commercial use only and customer agrees not to use the service for operation ... in conjunction with a VPN or a VPN tunneling protocol."
A spokesperson for Comcast said "residential service is not intended for those that attempt to host a VPN connection or for those persons attempting to establish a VPN connection with their workplace. Comcast@Home is, and has always been, designated as a residential service and does not allow the use of commercial applications."
My job requires, because I'm the Facilities Operations Manager for a multi campus company, that I periotically log in and check on the security, mechanical systems, and servers, because I'm also the IT Coordinator. Needless to say VPN is very important to me.
Here is the link to the article in my previous post:
FWIW, that article is from 14 years ago. CC hasn't been known as @home for a very long time now. That may have been their policy then. My wife and I both use VPN's successfully to telecommute to businesses nearly ever day. Have been seeing many posts here lately that that particular CC supplied gateway device has issues with VPN functionality. Me thinks it is firmware related.
@Fwiw, that article is from 14 years ago. CC hasn't been known as @home for a very long time now. That may have been their policy then. My wife and I both use VPN's successfully to telecommute to businesses nearly ever day. Have been seeing many posts here lately that that particular CC supplied gateway device has issues with VPN functionality. Me thinks it is firmware related.
Agreed.... I tunnel into work 24x7x365...IT Dept Head....
Thanks, I caught the date on that late, didn't realize it was in 2000 until after. The problem I'm having is that the fixes they keep giving me you can't do with this router, it won't allow you to change ports or protocols. It only has presellected options you can do. It can be frustrating at times. lol
Totally understand your frustration scbailey. I concur with the prior poster who points to the simple fact of a firmware bug being the culprit. PPTP VPN is used by too many remote employees to be a conscious omission/block by Comcast.
I think it probably went down like this:
1) Comcast QA: "Technicolor TC8305C approved for use"
2) Comcast product manager: "Great! Order a million from Technicolor"
... some time passes...
3) Comcast support: "Oh @#$%#$@, client side VPN doesn't work. Customers are complaining, report to product manager"
4) At this point one of 3 things happens:
- Comcast product manager for the Technicolor OEM gateways tells everyone to take a hike and simply doesn't care (give them Arris justification)
- Comcast reports the issue to Technicolor, and Technicolor decides that they don't care enough about Comcast's business to fix the issue
- Comcast reports to Technicolor, Technicolor works on it and finds some kind of critical path that prevents them from easily fixing it. Example: It’s a low level bug that can't be fixed by the exposed high level firmware that users can patch, requiring the gateways to be shipped back and flashed individually via a console cable. At this point Comcast and Technicolor decide together that we as customer's aren't valuable enough to help because we have no other viable high-speed internet choice in most areas. So they blow us off and live with giving out free 6 month NFL red zone promos to make up for all our lost time calling support (plus Arris devices as ultimate fix).
Obviously this is all my speculation, but it feels like what probably went down.
In general I am satisfied with my Comcast service outside of this one issue. But it would be really nice if someone from their support management team would develop a script for the tech support team so they don't waste so much of their customers' time on each new call. The worst part being when they try to push you off onto their paid outsourced tech support who try to promise and charge for a fix for a problem that has no current resolution. That's borderline unethical and happened to myself and many others before getting resolution.
I spoke with a VERY knowledgable tech at Comcast who cut me off as soon as I said "VPN" and said he knows exactly what the problem is. He told me to check the brand of my modem and when I said Technicolor he said "there's your problem". He spent some time connected to my laptop (and onward to my modem admin page) trying to change the modem settings to get it to work, but eventually he told me to return the modem to the Comcast office and get a Cisco replacement. I did that and the VPN worked fine, with no changes in settings.
That's positive news in general!
This thread was started some time ago, so its possible tech support has new scripts to follow for this issue.
If Comcast's first line of support can give a solid answer, then it dramatically decreases the customer time spent and eliminates complaints and the pain of a run around. The most frustrating part of my experience was being transferred to Comcast's paid outsourced home networking support when I knew they wouldn't be able to help me.
Can you please post the model of your replacement device so anyone hitting this discussion will know another model to ask for (in addition to Arris)?
Thanks a lot for the info. I just got Comcast and could not connect to Stanford VPN using the built in Mac OS client (not the Cisco client).
What worked was
a. Changing the router address from 10.1.* to 192.168.*
b. Changing the firewall settings from High to Low Security
Not sure b alone would do the trick. a alone did not.
Anyway, you guys rock.
Howdy folks, Just got off the phone with Comcast Tech support and I was told to take my modem down to my local Comcast office and swap it out. The tech mentioned that iether Arris or an SMC would adiquately perform VPN tasks.
Good news, I unplugged the technicolor and took it back to my local office, as soon as I mentioned VPN she knew why I was there. So they gave me a SMCD3GNV, as soon as it connected and activated I was able to VPN in to work like it was right next to me. THIS ROCKS!!!!!!
I had the same problem, VPN would not work.
I have the Netgear R7000 router. I had comcast turn on bridge mode for the TC8305C, but the R7000 would not obtain an IP address from comcast. (Maybe they needed to do some kind of registration with the MAC address of the R7000, but the tech I had just said my device was incompatible with their network).
I took the TC8305C back to my local office and got the Arris device, and the VPN is working now.
Okay, do am IP config and find out what IP address you are assigned. 10.0.0.?. Now go into the modem, click on advaced and finf DMZ. Enable and put the IP address your computer is assigned and save settings.
I am also running the Cisco 5.0.07.0440, I just installed the TC8305C and VPN works perfectly. I do have a Linksys WRVS4400N Wireless N Security Router with VPN between my PC and the TC8305C.
I can confirm now that the solution is to go the service center, and say the magic word: "VPN!". I was out of there in 2 mins. with the ArrisTG862G which worked right out of the box!
Comcast clearly knows there is an issue with the Technicolor box for VPN, but they are dealing with it on a need basis. If you don't use VPN, you don't have a problem, and Tech support doesn't need to know. I guess I don't blame them...they would have to replace every single modem, which I'm sure they don't want to do
Frustrating. I support my parents' home network, but swapping out a box and activing the Arris replacement is hard to do remotely. I'm keeping my fingers crossed for a firmware update sometime before my next trip out there. (In the meantime: "Sorry mom, you'll just have to find a new job that doesn't need you to be able to log in from your house.")
I wonder how Comcast plans on handeling all those tc8305 routers/modems, their getting a ton back. Just a curiosity question. The replacement SMCD3GNV they gave me is rock solid, just happy they chose to do the right thing for people.
Not only a VPN Connection Issue! After I installed the TC8305C, all my printers and other devices on my LAN stopped working. I could Ping them OK and see them, but I could not reach them. After a week or more of playing with the near infinite setups and troubleshooting advice from Comcast ... I finally gave up and swapped out the TC8305C for a Motorola SB6121 and ran that through my old Linksys router/switch. I got the "customer owned" SB6121 activated and everything went back to normal after that; but, I did have to reset my printers and port settings and reinstall some drivers. What a mess! I returned the TC8305C, and I wish I could get my time, frustration, and lost work compensated for!
I had the same problem with my new Technicolor 8305 modem and found that it doen't support VPN. I put a splitter on my line and connected my computer to my old modem, got Comcast to activate it and now I have a VPN connection! I think this is the only option that works.
Your company usually doles out 10 dot numbers on their domain when you connect through VPN to the companies resources. The new Comcast routers are set to dole out 10 dot numbers as well. So when you are communicating on your VPN trying to reach a server at a 10 dot location in your company, that traffice may be going to your IP printer sitting next to you with a 10 dog number...not through the VPN to the server. THis is why changing the IP address of the Comcast router and subsequent DHCP server on that router is your biggest solution to this problem...192.168.1.1 for the router/gateway and .100-150 for the DHCP range. Disabling peer-to-peer blocking may also help, I'm not sure about that.
i got mine pptp vpn to work. setup everything as necessary on your firewall. then login to the comcast router -> Advanced -> Port Forwarding -> Add Service
Other = PPTP
Protocol = TCP & UDP (TCP should be able to work, but I had problems with that.)
Start Port = 1723
End Port = 1723
Server IP = (leave default. This IP should be the WAN interface to your firewall.)
Test and done if your firewall is setup correctly.