Jump to content
Not connected, Your IP: 3.84.7.255

Recommended Posts

Im in the US and noticed my connectivity during peak hours is half, at best, to what I typically can connect with during off-peak hours.  I pay Comcast for 150mbps.  During peak hours, when connected to Eddie, I have awful speeds... again, at best I can connect at about 1/2 my typical connectivity.  Usually my DL is 150+mbps, and UL is 24+.  (Windows 7 Pro OS, using Eddie Beta 2.13.3).  Sometimes w/ Eddie during peak hours best I can configure is 40mbpsDL, 20mbpsUL

 

I'm so burnt on troubleshooting this problem I figured I'd ask w/in the forums.  I've tried everything (changed Protocols, Ports, rolled back TAP driver, and more), but I'm still being throttled.  According to Comcast (Tier 2) tech support, Comcast isn't supposed to shape or throttle VPN connections (but I'm certain they do as one, I never had this problem until about 2 months ago, and two, I've eliminated other variables -I have all new wiring, a new gateway, e.t.).  As I mentioned, my speeds are fine during peak hours w/o AirVPN -so I guess that sums it up.  

 

I've read somewhere adding a 2nd router to the gateway/router registered w/ Comcast allows one to have more control over settings?  I'm open to any suggestions or ideas.  I know my ISPs network is very busy at peak times (per tech support), usually about 2-3pm Eastern Time to about Midnight, Eastern Time.

 

Thanks in advance for any help troubleshooting.  Or, is it time to find a new ISP?

 

Thanks again!

'Jeers to Comcast'

 

Share this post


Link to post

Hi,

 

I'm glad to see you've done your homework and tried every solution there is!

The problem is definitely on Comcast's side but I don't think it's throttling or traffic shaping since they cannot know you're connected to a VPN when using SSL/SSH. (Unless they have a list of VPN IP addresses, but very unlikely).

It can be either:

  • the "cheap" problem: their infrastructure wasn't designed to handle that much traffic during peak-time
  • the "rural" problem: you live in an area that's not densely populated enough for them to consider investing in a better connection

 

Unless someone has a better idea, I think your only solution is to find a new ISP. I've never heard of the second router thing but I'm not a Comcast user so... that might work.

 

P.S.: downgrading the TAP driver is useless now so don't waste your time.

Share this post


Link to post

Sounds to me like you live in an area that's overloaded.  Comcast needs to bring in more fiber and segment your area to distribute the load.  This could be almost proven if a speed test outside the VPN to a local comcast speed test server also showed the slow speed during peak hours.

 

I also have Comcast and while I'm usually able to find a situation where I can get high speed sometimes I just can't with certain servers.  I think more than anything it has to do with the peer/transit providers traversed by the packets.  If I find a server with a route to me that's fast I get great speeds.

 

Hopefully you can get Comcast to do some work in your area.  You might get good customer service here https://www.reddit.com/r/Comcast_Xfinity/

Share this post


Link to post

Thanks for the follow-up nick & go558. It's pretty frustrating, for sure. I live in a densely populated area -so go558, you are correct. And nick's point about them not knowing when using SSL OR SSH is a good one... yet, they seem to know!

 

Speed tests during peak hours w/o AirVPN connection are normal (what I pay for, 150mbps DL, and 24UL). Oddly the UL during peak is usually not too bad (but I guess that makes sense though). Im really at a loss. The only thing that may make my situation a little different is my gateway/router is VOIP compatible as well (all in one). Would that be a factor? I forget where I read it but Ive seen/read if one bridges to a second router that allows more control over their settings. Ive called their Tier 2 numerous times and have had some cool techs try and troubleshoot for me. But no matter what we try, peak hours w/ No AirVPN, I get decent connectivity... the minute I connect, my speeds are in the sh*tter -until about midnight, as use declines. The traffic is certainly a factor, but for the life of me I can't figure out how Comcast discerns when Ive connected using Eddie! I'll keep troubleshooting and update w/ anything I find. Thanks for the reddit link... I'll check it out. Any other feedback is def welcome, and thanks again!! Peace!

Share this post


Link to post

When connected via VPN, try a speed test at your favorite test site. If speed is low, blacklist the server in Eddie and try another. Continue to blacklist servers as you go. When you blacklist a server, Eddie will never connect to it unless you remove the indicator. At times, servers outside your country may provide faster speeds then servers near you. Unfortunately, it can vary by day, time, Internet traffic, routing, sun spots, moon beams, mad scientists and such. There are times when servers might have slow speed, but higher at other times. It's difficult to find consistent server speeds with VPN, but you can exclude the slow servers from connecting.

 

Keep in mind, you may test a blacklisted server only to find it's fast again sometime later. If a specific server is always slow, leave it blacklisted.

Share this post


Link to post

This is a bit long and some of it doesn't apply to ethernet but I've done some experimenting keeping six laptops and phones online.  Irate kids aren't much fun...

 

I've run into similar issues with Xfinity (comcast) and 100Mbps service.  With Eddie on and using wifi, if I move across my home to the second floor, speeds decrease and the connection becomes less smooth even though the signal quality (using wifiinfoview) shows 99%. RSSI though drops to about -50 depending on where I am vs. about -25 near my router on the first floor.

Deactivating Eddie while browsing on the second floor decreases load times but has no noticeable or measured effect when browsing near my router. Speed/latency tests always show a decrease/increase with Eddie activated using wifi or ethernet, but the differences are about 90% of those with no Eddie (~110 Mbps vs. ~90 Mbps), can't complain about that.  My upload speeds are poor regardless, ~6 Mbps.

During peak times, speeds can drop to 50-70 Mbps without Eddie and a bit less with.  So, my experiences are similar to yours.  Only my alienware laptop goes through Eddie via. wifi, the rest of our stuff doesn't use VPN.

 

Sometimes it does help to use Air servers in another country, Canada is often better than US.  Try using latency as your scoring rule, seems to always work better than speed for me.  Try using non-Air DNS servers.  There's a tiny app called DNS Jumper that tests, then lets you pick the fastest among many DNS servers.  Not sure going away from Air's DNS exposes you, don't think so.  Air's DNS is slow at times.  There's an Eddie setting to make DNS for all the devices in your computer the same, use that.   

 

I haven't heard a whole lot good about Comcast's modem/router combos so you may want to get your own modem and a separate router.  Don't know if you can bypass the internal router on yours.  You can get modems that work online, mine is a Netgear CM600 and my router a Netgear R7000.  Lots of good choices, though, just avoid routers with internal antennas.  A separate router makes a big difference in wifi performance, especially in AC mode, since you can locate it centrally and adjust the antennas.  Separate routers have many more settings, too.  Cable modems don't; with cable it doesn't seem to matter much, it mattered a lot when I had DSL.

 

Don't bother with a second router unless you need an extender, any decent N or AC router is far faster than your service.  Some definitely work better for wifi in real life though.  Small Net Builder has lots of router info.

 

Try going back and forth from AC to N.  N works better through walls and floors and should be as fast as your service.  Try upgrading your wifi card.  Going from a Killer15 series to Intel 8265 made a huge difference in smoothness for me.

 

Individual sites can slow to a crawl even though a speed test along a different route is fast.  

 

Lastly, if your concern is with real world performance (browsing is slow, dowloading and streaming are choppy) vs. measured speed your browser can be a big part of it.  A decent standard for comparison would be the stripped Chromium nosync, nowidevine, no webRTC available on github.  Plain Chrome and it's variants, Vivaldi, Opera, etc., on a VPN chase you, generate capchas and only seem to work for a certain amount of time before you have to close them and switch Air servers to prevent more roadblocks. Firefox has never done that to me but it does need to have lots of config settings changed.

Windows can slow things drastically, turn off all the services, tracking, geo and tasks you don't need, be sure drivers are current, all that stuff and see if your anti-virus, firewall, ad blockers aren't redundantly doing phishing, malware, spam checks.  Be sure a lot of extraneous programs aren't going online all the time.  Ditch what you don't need. ccleaner fixed a stuck laptop for me once, about the only cleaner that does something. 

 

Probably preaching to the choir, there's a lot more to smooth signal transfer than just the IP gateway and even at your slower peak time speeds, performance should be at least acceptable but yeah, Comcast should IMO give you 150 Mbps.  But the fine print      

Share this post


Link to post

I've been meaning to follow-up here w/ some things I've learned.  So I posted in Reddit, per go558's suggestion... the thing I found interesting was the reply by rsedmonds.  The path from AS7922 e.g. line 10 to lines 11, 12, and 13 (choopa.net)... is this possible the means for Comcast to know when I'm tunneled in Eddie?  (Again, SSL or SSH... doesn't matter... and secondly speeds are so much slower w/ SSL and SSH using Eddie, it's better to use the closest proximity proxy/IP using UDP regardless).  I'm learning a lot as I go. 

 

Here's the Reddit thread...

https://www.reddit.com/r/Comcast_Xfinity/comments/6ts90r/peak_hours_shaping_vpn_users/

 

I've tried using Open DNS Servers (and Google DNS for that matter), disabling DHCP, and setting a Reserved IP.  That worked for a little while, but then Comcast seemed to 'notice' and forced their DNS Servers.  Funny thing also happened, has anyone run into their Gateway/Router being hijacked by utopian.net? 

 

Here's a link about an Xfinity Gateway (similar to mine, but different) -same issues thought (I intend to try the Bridge mode to 2nd Router... I'll update once my new Router comes).

https://forums.xfinity.com/t5/Your-Home-Network/VPN-not-working-with-the-Arris-TG1682G/td-p/2566363

 

Ohh, back to the DNS/Hijack/Utopian.net.  Perhaps unrelated, or perhaps not?  I've read this is a new "targeted" Comcast via Cisco thing, but I've also read that it's a legit hi-jack by "who knows?"..  (I made a fix by adding a line in my hosts file, firewall, and then removing a couple registry entries w/ this weird utopian.net domain that populated my DNS Servers Suffix (Comcast wouldn't let me disable DHCP / Static).  Seemed to fix the weird DNS thing, see here...

Gateway Vulnerabilities...

https://forums.xfinity.com/t5/Your-Home-Network/DPC3941T-Modem-hacked-Utopia-net/td-p/2888703

or

https://forums.xfinity.com/t5/Customer-Service/Arris-Surfboard-SB7580-AC-Firmware-Update/td-p/2930738

 

Here's a good explanation of an existing, and similar to other router exploits (I found a more recent link before, but can't find it now -anyways, applicable to more than just the Arris equp. in link)...

https://console-cowboys.blogspot.ca/2014/09/arris-cable-modem-backdoor-im.html

 

So what I've learned thus far.  There's A LOT to configuring idyllic VPN connections.  Secondly, Comcast S*CKS! 

 

And Lastly, maybe the most intriguing item I'm trying to wrap my head around is the whole DPI thing.  Is comcast using DPI?

http://techrepublic.com/article/deep-packet-inspection-the-smart-persons-guide/ 

 

I'm not a total Noob, but I know most of you are already well learned about the links and topics above.  All I want to do is have decent speeds and simply connect via VPN so my ISP doesn't sell my "sh*t"... it's a civil liberty thing, the principle. 

 

So I welcome any suggestions.  I'm HOPING the 2nd Router idea works (which will allow me more control over the 2nd router's settings, trying different configs -for e.g., removing the DHCP, going Static, using my own DNS Servers, e.t., e.t,)

 

So thanks to those who've replied above. 

 

Rainey & Fly... the best solution I've found in the meantime is to connect to an AirVPN IP closest to me -I'll get decent speeds, maybe 60-70% of what I'd get off-peak.  Also, it would appear other AirVPN/Comcast users in my area are finding this a necessary means for decent connectivity as the Loads on the 3+/- IPs/Proxies nearest me are very high during Peak hours. 

 

I'll post another update when I try the 2nd Router idea (mentioned in one of the links above).  

 

Sorry for the links overkill!   I took the time to write all this up b/c one, I'm learning alot as I go, and two, if I can help out another noob understand this crap and save some time -karma points I suppose. 

 

Thanks again for everyone's feedback, and your time!

Peace

Share this post


Link to post

Making progress.  Still needs some tweaks but I bought an additional router, placed the gateway (3 in one, b/c I use VOIP) in bridge mode, then set up my router w/ settings more towards my liking.  Right now I'm not getting the speeds I had in the past during peak hours, but I know I'm getting closer... b/c I can tweak the Netgear Router settings vs. the VOIP/Gateway I still have to use.  Before I only had a leased Comcast 3in1 router/gateway/VOIP -so I was limited.  I might be wrong, but using two routers w/ Comcast might be the way to go in general (whether you need a VOIP gateway or not)... w/ just the one, they lock it down, force firmware updates, mandate DNS, no Static connection, et. 

 

It's getting better... once I find the settings on the my new 2nd Router that finally puts this Comcast shaping thing to bed I'll post more.  Oh, one tip did help w/ the initial 2nd router set-up -which I found here... 

 

https://www.reddit.com/r/Comcast/comments/42ths7/arris_tg1682g_how_to_solve_your_bridge_mode_woes/

Share this post


Link to post

(Solved)  Finally.  This works to set-up a 2nd router and do whatever you see fit.  Working solution to assign a new ISP provided MAC Address to 2nd router (i.e., a router that one can configure optimally, as you see fit).  At least for me, this worked on a different model gateway than the one noted w/in link below (I presume it works for many other models as well).  

 

https://forums.xfinity.com/t5/Your-Home-Network/Xfinity-Cisco-DPC3941T-Bridge-Mode-Issues/m-p/2632838#M32515   

 

Sidenote:  I had to exceed my self-imposed, 25min Pomodoro Technique time limit(s) to figure this out -but it's the ticket to optimal, peak hour VPN connectivity via ISP noted above (and probably other shaping/throttling ISPs).    

Share this post


Link to post

I haven't followed all this but i read your thread on reddit.  I've been saying this re cogent for some time - that it's cogent's connection from Dallas VPN servers to Houston Comcast that's clogged, not Comcast themselves.

 

That's why the new Dallas servers are horrible during peak hours but the previous servers became quite nice because they started using Zayo to reach Comcast Houston.  (there was a point in the past that only Tonatiuh was good for me)

Share this post


Link to post

I'll just say that for me, Comcast in Baltimore area has been slow at peak times recently regardless of VPN or clear status.

 

I'm also noticing an inability the past few days to connect to Open NIC DNS servers in Canada.  I can connect to them in the USA.  No idea if I should blame Comcast or if its a coincidence.

 

-- Zagone

Share this post


Link to post

I'll just say that for me, Comcast in Baltimore area has been slow at peak times recently regardless of VPN or clear status.

 

I'm also noticing an inability the past few days to connect to Open NIC DNS servers in Canada.  I can connect to them in the USA.  No idea if I should blame Comcast or if its a coincidence.

 

-- Zagone

Hey now.  It started that way for me (but since I pay for 150mbps, I'd call Comcast and they'd send a soft reset signal to my gateway -not a standard 'refresh signal', but a soft reset basically telling my gateway I pay for 150mbps).  That would restore my sans VPN connection -but still left the AirVPN connection at about 30% what I'd typically have, non-peak.  So I'm obv. in an area where Comcast needs more infrastructure, so they're doing some DPI or whatnot to keep user bandwidth down.   

 

I don't know why the 2nd router thing seems to work for me, but probably a few reasons.  The ability to configure settings is obviously huge.   For e.g., when using the 2nd router Comcast isn't ramming their DNS servers down my machines' throat(s).   I'm able to use OpenDNS servers on both my router set-up and via my Windows adapaters, Ethernet and/or Wireless set-ups (previously, they'd default/auto-switch back to Comcast DNS after a disconnect or restart as I'm still going with DHCP).  I did try reserving IPs and going Static but didn't find any real advantage there. 

 

*One thing that was important in setting-up the 2nd Router (I use a Netgear, 2nd router) was the step where you reset the first gateway/router (let's call it Comcast1), plug your machine into Ethernet Port 2 of Gateway1/Comcast1, go into your Network Settings, disable Wireless 2.4/5ghz, disable ipv4/ipv6 Firewalls...  Enable Bridge Mode Comcast1, then plug 2nd Router (Netgear) into Ethernet Port 1 of Comcast1, unplug machine from Ethernet Port 2 (Comcast1), and wait for Bridge mode to fully take.  I posted a link above, but again, found here... https://forums.xfinity.com/t5/Your-Home-Network/Xfinity-Cisco-DPC3941T-Bridge-Mode-Issues/m-p/2632838#M32515 

 

My speeds as a whole are much better during peak hours, and secondly, my SSL and SSH speeds aren't taking a hit anymore (on port 443, using Eddie -but strangely SSL/SSH speeds were also way down before I used 2nd router). 

 

Go558, I agree as the loads on my preferred IPs/Proxies seem to be higher these days -but the speeds when connected to my 'go-to' VPN IPs were a small fraction of what they used to be months ago (leading me to believe it's a Comcast Network infrastructure thing as I'm in an Urban area -perhaps worsened by VPN traffic multiplier?).  

 

I've learned a lot about this sh*t... which is cool, but time-consuming.  I'm obv. not as tech-savvy as prob. the majority of AirVPN users so I appreciate any feedback here.  Is it time to try Pfense?  Use strictly OpenVPN and forget about Eddie?  I dunno.  Hopefully the stuff in this thread helps someone else... and thanks to all for any feedback!             

Share this post


Link to post

one tool I forgot to mention was very helpful. No affiliation with the developer or Co. I used PingPlotter to run a barage of tests that helped me make heads or tails of different configs -which proved helpful to me. They give you the Pro Version for 2 weeks... its a great interface and sheds some light on your various hops to potentially tweak settings. A good piece of software...but I know there are others just as helpful. Anyway, try out PingPlotter if inclined... it's very informative. https://www.pingplotter.com/

Share this post


Link to post

Should probably get email notifications on these threads...

Glad things are better and you're sorting out all the minutiae.  One thing I found a month or so ago was with Netgear routers, it can make a huge difference to clean out the old firmware, not just factory reset, but all the way back to the original firmware, before installing new versions.  I was ready to blow up my R7000 until I did that.  Apparently some firmware versions wreck later updates. Netgear forums explain how to go back to original config, it can't be done through the GUI. Of course write down all current settings if they're not memorized by now!

Share this post


Link to post

Please do not use Comcast "gateway" routers. They are horribly maintained. Cisco doesn't even support the Comcast primary "black brick" router/gateway modem on their website despite being the manufacturer,  and the firmware is completely worthless. Comcast "patches" their routers by DDoSing their own customers, and they do not send any security alerts of any kind despite claiming they do. For instance, a  backdoor (there's been more than one) announced by hacktivists and even Homeland Security didn't get so much as a whisper from them on their own forums, my useless Comcast "e-mail account" didn't have a single warning despite being signed up for such security alerts. They. Do. Not. Care.  Their tech support is essentially worthless. Once a guy told me to visit a random search link for Comcast equipment, it was some spam site. That's how much they care about you and that's how much their tech support is trained. If you run into any security issues with your equipment, you will be talking to a man in South Asia who also doesn't care and who's sole purpose is to sell you Norton Antivirus. I am not saying anything against these people because of where they are from, it's more about the labor practices of Comcast. It's more about money than support. They are a horrible company, but for many of us they control monopolies on high speed, so we have to do what we can. I have been through a nightmare with Comcast, I keep my old compromised "gateway router" as legal evidence as I'm sure there will be yet another massive class action suit against them on this issue, which is  a ticking time bomb. With current political climate their power to affect their customers traffic is growing, now our traffic can be monitored and sold and the FCC is now just a chewtoy for big ISPs and their lawyers, but what can you do.

 

routersecurity.org is the place to go for help with choosing good equipment. The man who maintains it (Michael Horowitz) also has ethics similar to what we see with AirVPN staff (or what I assume, I do not know them personally, only their posts), he speaks at DEFCON, and does in-depth reviews of equipment, and also teaches basics about routers that was very helpful to me. I have also communicated with him on forums and he is very approachable. The two-router/two NIC solution is ok and I have read of people doing this and thought of it myself, but will require a lot of homework on top of everything else.  Another solution is to just get a good router.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...