I use a Meraki MX64 firewall, which supports a L2TP based VPN. Previously I have been able to VPN back to this equipment while on the road, so I know that my firewall and client setups are correct. However since switching to Comcast I can no longer do so. Connection from the outside simply time out and according to the VPN logs on my firewall a connection never makes to the device to even log. I can ping the firewall, so basic connectivity is there.
So, is Comcast blocking inbound ports, specifically ports 500 and 4500 for UDP traffic? If yes, who can I reach to release these ports to the house?
What modem, eMTA, or gateway are you using? Comcast blocks the ports listed on https://www.xfinity.com/support/articles/list-of-blocked-ports for all of these, but the gateways include their own firewall which may be set to block other ports as well.
I have a CGM4140COM according to the My Account page. When my account was initially setup, I had support put it into bridge mode, so my own firewall and networking equipment can get the external IP and do all of the protection. This the same thing I have done with my last two ISPs.
However based on your comment, I realised that the Xfinity modem is accessible from my network and even in bridge mode has its firewall enabled (though set to Low security mode) - this is different from the last two ISPs and their modems. I then disabled the firewall function on the Xfinity modem hoping that it would solve the issue. Today I had a chance to jump on an external network again and tried to connect, but am having the same issue. I can ping my home firewall, but the VPN connection never goes through, and the logs of it do not even show an incoming attempted connection. Something is still blocking things.
If the gateway is truly in full bridge mode, all NAT / routing / firewall / WiFi functions should be disabled. Double-check that it truly is in full bridge mode.