We have a number of SMB using UniFi and their VPN service. We have started to see Comcast blocking VPN (again) and causing those connections to fail. We have created a “script” for the employees to use when calling Comcast and always get mixed results. I’m VERY confident if Comcast wanted to, they could allow these connections. Couple questions:
- Is there a way to change the port number that UniFi uses for VPN? If so, would this help?
- Would using something like PFSense w/OpenVPN allow these users to connect?
- Are there any other solutions we should be looking at?
You could always rent a linode server and create your own wireguard VPN. Then you can configure it to use whichever port you like. I had many problems with PIA (near dial-up speeds, ports being blocked, throttling from my ISP and mysteriously being banned on sites and games I use) wireguard isn’t immune to this stuff but you’re essentially the only one using your VPN IP so you won’t get prebanned from sites, there’s no throttling on the linode server side and it’s much cheaper to run actually. Just my two cents
While not impossible I doubt you ISP is blocking traffic on port 1194, so I suspect that you have another problem. I don’t use Unifi but there ought to be a way to change the port to something else. Look for 1194 as that’s the default for OpenVPN and change it to something else and test the connection, if it’s not working then it’s not your ISP.
We have lots of clients using Comcast and no issues with OpenVPN on pfsense. We have had many people complaining about the UniFi VPN system going down and having to be restarted to get it back up and running.