Comcast is throttling OpenVPN traffic -

Comcast is throttling OpenVPN traffic

Douglas Crawford

Douglas Crawford

February 14, 2014

Leading US telecoms firm Comcast got into trouble with the Federal Communications Commission (FCC) a few years ago when, in line with the FCC’s new net neutrality rules, it was ordered to stop throttling BitTorrent traffic in 2008.

A couple of weeks ago the U.S. Court of Appeals for the District of Columbia Circuit found against the principle of net neutrality in a court case between Verizon and the FCC. If left to stand, this decision effectively puts an end to net neutrality (the concept that all internet traffic should be treated the same, regardless of where it comes from and what it contains – a core principle that has led to the success of the internet).

It is widely expected that the FCC will re-establish its legal basis for enforcing net neutrality ‘in the coming days’ (by reclassify internet services as ‘communications services’ rather than ‘information services’, and thereby bringing them back under its jurisdiction), but  in the meantime Comcast has wasted no time in going back to its bad old ways.

It has already been reported that Comcast is throttling traffic from rival media streaming service Netflix, but we now hear reports that UDP traffic on port 1194 (the default port used by OpenVPN) is also being throttled.

Fortunately, bypassing this restriction is easy, all you have to do is switch from UDP 1194 to TCP 443 – the port used by SSL traffic (i.e. everything using https://), and which is almost impossible to block without breaking the internet.

Many providers’ custom VPN clients let you easily switch ports. To do this in the generic open source OpenVPN client, you can edit the relevant .ovpn config file in a text editor, and manually change the settings.

 ovpn change port

If you have problems then your VPN provider should be able and happy to provide assistance.

Douglas Crawford

I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. You can now follow me on Twitter - @douglasjcrawf.

7 responses to “Comcast is throttling OpenVPN traffic

  1. The reason this is happening is because Comcast does deep packet inspection on all OpenVPN traffic. It doesn’t matter which port you use. If you want to get around it, you’ll need to go with VyprVPN which has a feature called Chameleon that scrambles the OpenVPN metadata.

    1. Hi Sam,

      If Comcast is using Deep packet inspection, then yes, the Chameleon feature of VyprVPN should help, as will AirVPN’s VPN through an SSL or SSH tunnel, ExpressVPN’s “stealth servers”, BolehVPN’s “xCloak” servers (and possibly others).

  2. I have the problem described in this article. However, switching from UDP 1194 to TCP port 443 had no effect. The VPN download speeds remain 1/10 of what they are without VPN. One interesting fact — upload speeds are not appreciably affected (and that is true for a variety of VPN configurations).

    1. Hi Dave,

      Interesting. Are you sure that Comcast throttling is the culprit here? You could try using a VPN that offers obfuscations technologies, such as AirVPN’s VPN through SSL tunnel feature, or BolehVPN’s “xCloak” stealth servers…

  3. We are still seeing this behavior! We are using DMVPN (multipoint VPN for business) which is UDP. We perpetually have “throttling behavior” or inability to deploy sites on Comcast. The same settings and hardware works on all other ISPs attempted so far. Comcast says that it is not their problem, “since the download issue does not exist outside of the VPN.” I guess I should have know I was screwed when the Tier III tech didn’t understand the difference between latency and throughput…. Buyers beware, stay away from Comcast “cable” services (no issues so far with their Ethernet services) for your business class needs if significant VPN capabilities are needed.

  4. TCP with OpenVPN is much slower than UDP.

    But I too have this issue. It seems in my case that comcast is blocking ALL incoming UDP though.

    1. It’s much more likely that the network you’re try to connect from has a firewall that is blocking all outbound UDP traffic. That is the case for me at some locations anyway. I would be surprised if Comcast blocked all UDP traffic for you.

Leave a Reply

Your email address will not be published. Required fields are marked *

Exclusive Offer
Get NordVPN for only
Get NordVPN for only