xfinity, VPN, Bridge Mode, DMZ, Home Router

[anotherbrian]

Having troubles using my work VPN from my home. It works if device uses wifi direct to xfinity router but will not work as I desire. I desire all devices to connect via my tomato home router with the home router hardwired to the xfinity router and no xfinity radio transmissions polluting my environment.
.
According to xfinity website, for a user to connect to a vpn, the user must connect (via wifi) to their router or their router must be configured as bridge mode.

Xfinity Bridge Mode Unreliable

In bridge mode, a wifi connected device to the home router is able to access the work VPN. Unfortunately, widely reported is a problem with bridge mode where the xfinity router stops communicating with the home router. Attempts to get the lease renewed from the home router shows "renewing" but does not get the new lease. Later it may successfully renew or it may go on for hours. Rebooting the home router results in success but the issue may repeat after several days or it may repeat many times in a day. So I stopped using bridge mode.

Xfinity Non-Bridge Mode VPN won't work if wifi through Home Router

The device will not connect to the work vpn if the device connects to the home router via wifi. What is it in the xifinity router that blocks vpn connections? VPN works if the device connects direct to the xfinity wifi. My goals here are to have all my home devices connect via my tomato router and have no trace of xfinity radio signals.

I probably am able to isolate the bridge mode issue but I would need to do some digging to find that old bridge and learning wireshark.

Can the xfinity router dmz function be used to allow vpn connection via home router?

Is this a plot by xfinity to force people to use their wifi?

thx for suggestions / reading

 

[JJQuin]

You can replace the Xfinity router with a cable modem. I had xfinity where I lived a few years ago. They really hard sell their routers since they can charge a higher rental fee each month. Contact Xfinity and see if you can exchange the router for a modem. Better yet see if you can purchase your own DOCSIS 3.1 modem so you don't have to pay rental fees!

If they won't exchange the router, you can look for another service. I recently had AT&T Fiber and they would ONLY let me use a router/modem combo. My wife had issues with connecting to her VPN at work. I looked around and found Spectrum was cheaper and I switched. Of course, I confirmed three times I only wanted a modem (Spectrum only charges rental fees for routers here, modems are free). The guy still showed up with a router, but he was nice and put in what I asked for and cancelled the router request.

 

[anotherbrian]

You can replace the Xfinity router with a cable modem.

Thanks for the suggestion - I may do that.

The DMZ idea worked. But something else is now broken.

I have an application that runs via a web-server on my LAN that needs to be accessible by me from everywhere. Using port forwarding on the home router, I can access the web-server externally using my public WAN address. I can also access it locally using my local devices in the LAN using LAN IP addresses. However, if I try to access the web-server from a local device using th public WAN address, it doesn't work.

I believe this is what is called NAT Loopback. Whether I should confiure the ISP router or my home router I am not certain.

 

[JJQuin]

I would leave that alone, I believe NAT Loopback is disabled for security reasons. I would suggest you use a name instead of IP address. You can setup DDNS on your router to access your webserver through a domain name from outside and add a hosts entry to your LAN's DNS server (usually your router) to access it internally, that way no matter where you are you just use the domain name (i.e. www.myserver.ddns.com).

You can use a free DDNS service an a subdomain of their name or even register your own domain name with a service like Google Domains for only $12 a year.

https://www.howtogeek.com/66438/how-to-easily-access-your-home-network-from-anywhere-with-ddns/

 

[Martineau]

I have an application that runs via a web-server on my LAN that needs to be accessible by me from everywhere. Using port forwarding on the home router, I can access the web-server externally using my public WAN address. I can also access it locally using my local devices in the LAN using LAN IP addresses. However, if I try to access the web-server from a local device using th public WAN address, it doesn't work.

I believe this is what is called NAT Loopback. Whether I should confiure the ISP router or my home router I am not certain.

The NAT loopback feature is on the Firewall->General tab:

As per the help tip , you should try both of the methods Asus and Merlin to see if one works for you.