We help IT Professionals succeed at work.

VPN through Cable

RickWillkins asked
Anyone know a way to set up a vpn across a CableModem network? (computers in two separate homes) apparently there's something blocking VPN access... any ideas how to get around it?

Watch Question

Many cable companies block VPN access under the theory that it can only be used for business purposes (i.e., for telecommuting).  They believe you should get a business line.

Around here that's about $300/month.  The cable company's said   they'll offer a telecommuter's package for $100/month, but it's never materalized.  But then, they've never bothered to actually block VPN traffic (though it is mentioned in the terms of service).

My suggestion is calling the cable company and explaining to them that this is purely for non-commercial use and therefore their terms of service restrictions don't apply.  Furthermore, explain to them, by blocking this they're removing your ability to protect the security of their data, and they therefore risk liability to any damages you may incur as a result, such as through the disclosure of financial data, disclosure of medical data, or attacks on your system.

I don't think that you could threaten them with liability issues.  Most likely they are already protected from that with their usage policy.  In fact, many ISP's are now prohibiting firewalls for home users if you can believe that!  I've dealt enough with communications companies to know that your calling them isn't going to convince them of anything - but at least you should put in the complaint.  Then I would go ahead and use the VPN software or hardware anyway.  Odds are they don't even have a method in place to know if someone is using a VPN protocol.

I agree with Chris.  The cable company's rational is that if you are using VPN, then you are most likely using it for business reasons.  Therefore, you should be paying for a business connection at the very least.  I heard of some companies that use this to sell their managed VPN services.  

Blocking VPN is pretty simple.  They can use an ACL that blocks type 50 IP packets.  On a Cisco router, the ACL would look something like this:

access-list 100 deny 50 any any log

All they have to do is place the ACL on their gateway routers and VPN is out of service.  Deceptively simple, isn't it?

Well, this would block standard IPSec anyway.  It would not block things like UDP-encapsulated IPSec (supported by most vendors these days), PPTP, PPP over SSH, PPP over SSL/TLS, or any number of other ways to setup a VPN.

Not to mention that the cable ISP would have to apply this ACL only to their residential customers, and not their business customers.

For this reason, most cable providers just haven't bothered to actually block VPN traffic.

But meanwhile, I'll fall back on my previous comments...  Terms of service typically state something like "This service is meant for home use and not business use.  Therefore the use of VPN's is not allowed."  Since you're actually not using this for business purposes, the terms of service do not actually apply.  You probably can't convince the cable provider/monopoly of this, but you may be able to convince a municiple/county/state regulatory agency that oversees them to see it.
Les MooreSr. Systems Engineer
Top Expert 2008

I will leave a recommendation in the Cleanup topic area that this question:

I recommend: delete

if there is any objection or other expert commentary to this recommendation then please post in here within 7 days.
If you feel that your question was not properly addressed, or that none of the comments received were appropriate answers, please post a request in Community support (with a link to this page) to refund your points. http://www.experts-exchange.com/Community_Support/


EE Cleanup Volunteer
Answered by chris_calabrese

Community Support Moderator @Experts Exchange

Explore More ContentExplore courses, solutions, and other research materials related to this topic.