@Home Stops Allowing VPNs

cwilson writes: "I just got a message from my cable modem provider, Comcast@Home (a member of the Excite@Home network) that the terms of service were being changed. The interesting bit: Section 6. Prohibited Uses of the Service. This section specifies that use of the Service in conjunction with a VPN (Virtual Private Network) or a VPN Tunneling Protocol is a prohibited use of the Service. See for yourself here in section 6." Apparently @Home is looking for the little bit of extra revenue they can get by selling additional IPs to people (like me) who have more than one computer. This might not be so bad if @Home provided reliable e-mail and DNS servers and other "basic" services one expects from an ISP, which they don't. This is just another piece of woe for those of us whose only broadband choice is @Home. Bah! Update: 08/14 14:16 by michael : Yes, Robin confused NAT and VPN. TLA's are a PIA.

Comcast Clarification of VPN

[rc-flyer]

I sent them a question asking for clarification about the VPN paragraph. This is their reply:

It is not the intent of this text to prohibit customers from establishing a connection for residential purposes. Activities such as online banking, online trading and making purchases online are not considered in violation of the Subscriber Agreement.

The Comcast Online residential service is not intended for those that attempt to host a VPN connection or for those persons attempting to establish a VPN connection with their workplace.

Thank you for choosing Comcast@Home!

Re:VPN is a strange thing to forbid

[cwilson]

I never assumed that "it means creating a home network". I know the difference between NAT and VPN. Roblimo deleted my commentary on the news and added his own, and forgot to put closing quotation marks to end my part of the story. Roblimo said,

Apparently @Home is looking for the little bit of extra revenue they can get by selling additional IPs to people (like me) who have more than one computer. This might not be so bad if @Home provided reliable e-mail and DNS servers and other "basic" services one expects from an ISP, which they don't. This is just another piece of woe for those of us whose only broadband choice is @Home. Bah!

So, blame Roblimo, NOT me, for the ensuing confusion in almost EVERY BLASTED message in this thread, where people are mixing up NAT and VPN. My original commentary was something along the lines of

What possible reason could Comcast have for dissallowing this service? Are they just trying to insist on being able to snoop on my traffic, and don't want any encryption? What's next -- no outgoing ssh client connections to external ssh servers? GASP: Could ssh itself be considered a VPN Tunneling Protocol?

That's not a completely accurate quotation of my original comments; I can't seem to access my story as originally posted, but Roblimo probably can. Anyway, that's about what I was thinking when I wrote it. FWIW, here is the email I sent to my provider last night:

While most of the revisions specified seem reasonable, I would like to know your rationale for the apparently arbitrary decision to disallow the use of VPN Tunneling Protocol. While I do not currently use a VPN, I have always considered the *possibility* of hooking up to my company's VPN one of the main benefits of a fast, always-on connection.

WHY are you disallowing this use of the service for which I am paying? Is it because you don't like it when your customers encrypt their packets? For the life of me, I can't imagine what possible detriment VPN could have on your infrastructure or other users.

Are you confusing VPN's and ip masquerading?

[Hairy_Potter]

I thought a VPN was a simulated private network across the internet, which I supposed you could use to connect two of your computers, but only if they were physically far apart, using a VPN to connect two computers in the same room sounds insane.

Perhaps you meant to mention the previous clause in the contract, where they prohibit you from being an endpoint for a lan, which is what you need to do if your sharing an internet connection with IP masquerading.