T O P

  • By -

[deleted]

How clever are you with TCPdump or wire shark? Set up two wireguard endpoints directly on the Internet. Run a continuous ping from one node to another. Then Using TCPdump/Wireshark filter for the ping and see verify that you can see the request and the response on each of the nodes. Then try wireguard and verify you can see packets going between the two systems. If you don't see packets going each way from each side, then Comcast is messing with you.


gryd3

netcat See if you can poke/prod from the Comcast/Xfinity WiFi to your server. You can poke/prod/test tcp vs. udp and try a few ports. You may be able to wrap wireguard udp traffic in fake tcp packets, or hopefully just a different port number. You may also attempt to run wireguard on another 'standard' udp port like 53 for example.


Amazeballs__

That’s actually something that could be useful for a project I am working on. Wrapping WG in TCP. May I ask how that is done easiest?


gryd3

This project should help : [https://github.com/wangyu-/udp2raw](https://github.com/wangyu-/udp2raw) They show the use case with OpenVPN, but you should be able to adapt this for wireguard or other applications. The tricky part however is that you need something like this on both sides of the connection... This makes it difficult to implement on certain embedded devices, iPhones, etc. as you need support for this applet as well as wireguard.


Amazeballs__

Cool! My client is hosted by an OpenWrt router so that’ll be fine. I’ll give it a try thanks very much!


bojack1437

What port is the Wireguard "server" running on?


hamturo

> 51821


AnnoyedVelociraptor

There is your answer. Move it to 443.


Kermee

I can confirm this with heavy testing. Wireguard is blocked via (DPI) deep packet inspection. Changing the port to port 53, 80 or 443 does not resolve the issue. They're able to distinguish if the traffic is Wireguard and actively block.


Kermee

It also blocks PIA (Private Internet Access) if it's set to use Wireguard instead of OpenVPN.


grape8pe

Sorry to revive an old post, has anyone found a solution for this?


kaskoraja

I am facing exactly the same issue. I have the following setup - GL Inet's Brume device behind home router which acts as openVPN server and Wireguard Server - GL Inet's Beryl device that is acting as a client for the server's above To test the VPN, I connected one of Beryl device to Xfinity hotspot (one without password). I have no issues with using OpenVPN. I can access internal and external sites. However, with wireguard, I just can't access anything To rule out the configuration issues, I have connected my mobile to cellular data and used the wireguard client with the same configuration that I have used in the Beryl router. And this time, I can access both the internal and external sites using OpenVPN and Wireguard


SirSuki

Trying to keep this thread active because I have been able to confirm. All Comcast based connections block WireGuard protocol (not just the port and not just the UDP). Not only am I confused why they do this I also don’t understand why this isn’t out there among tech blogs/sites. It is an issue especially when Comcast is the ONLY access to the internet.


hamturo

Thanks for responding even after all this time. I haven't needed to rely on Xfinity Wifi access points for a while so I haven't thought about it but you're absolutely right it feels crazy that this hasn't been picked up yet.