cancel
Showing results for 
Search instead for 
Did you mean: 

Meaning of term VPN for BBYW 1

pscraig
Dabbler
Posts: 13
Registered: 15-07-2007

Meaning of term VPN for BBYW 1

Asked this question yesterday on the introducing BBYW thread which is now closed. Was told I should get an answer today, so I'm opening a new topic.

What precisely do you mean by VPN? The wikipedia article includes many possibilities.

My problem is that I use ssh to tunnel ports from my work network to home so that I can access my work imap and http+proxy servers as a local user and so that I can ssh to work machines other than the gateway. According to wikipedia, this could be considered a VPN. On the other hand, it's a low bandwidth use and only requires (long-life) ssh connections?

Will I be OK with BBYW 1? I'm a non-gaming, non file-sharing 2GB PAYG customer so it looks good to me.
67 REPLIES
N/A

Meaning of term VPN for BBYW 1

Please keep discussion to the new thread (which was linked from the old one...)alternatively there is a thread discussing the specifics of VPN and the definition of it on Option 1 here.

As such, this thread is locked.

Thanks
Community Veteran
Posts: 4,729
Registered: 04-04-2007

Meaning of term VPN for BBYW 1

I have reopened this thread, as the OP's question has already been missed in the extended thread on BBYW.
And the other thread linked is about RDC ? VNC not VPN.

Chilly
Liam
Grafter
Posts: 2,083
Registered: 04-04-2007

Meaning of term VPN for BBYW 1

Right now, SSH on standard ports is blocked on Option 1. We're having the dicussion internally about whether it should be. We'll get back to you.
Ianwild
Grafter
Posts: 3,835
Registered: 05-04-2007

Meaning of term VPN for BBYW 1

By restricting VPN, we are saying that the product isn't designed for people that want to connect back into their work networks. It also reduces our exposure from a handful of individuals who use VPNs to usurp traffic management (I estimate there are a thousand or so people in the country capable of rendering an ISPs products unsustainable, but who won't be attracted by the low cost of the product and will hopefully stay elsewhere).

We do agree in principle that SSH when used for terminal admin and Inbound Remote Desktop / VNC should work properly on Option 1 and we will look to change the bundle allocations of these protocols so that they are not treated in the same way as true VPN protocols like IPSEC any more. I'm not sure when we can have the work completed by - it is being planned in now.

Ian
Nick_Russell
Grafter
Posts: 553
Registered: 10-05-2007

Meaning of term VPN for BBYW 1

Quote
By restricting VPN, we are saying that the product isn't designed for people that want to connect back into their work networks. It also reduces our exposure from a handful of individuals who use VPNs to usurp traffic management


...are you seriously suggesting that such people will go elsewhere if VPN is not available on Option 1 rather than pay an extra £5 for option 2? If your estimate of 1000 people is accurate I guess PlusNet would be really unlucky if they all came here!

I think you are being a bit paranoiac.
Ianwild
Grafter
Posts: 3,835
Registered: 05-04-2007

Meaning of term VPN for BBYW 1

You say that, but yep, that's what I'm suggesting to a point.

We have to be a bit paranoid - We've been stung before by too vague product designs that worked for 99% of people but were destroyed by a handful. At some point I have a feeling the usage explosion going on generally is going to start a lot of those people looking for a shiny new ISP - We could handle that with our product designs now, but you won't find us prepared to make the same mistakes as we did before again. Don't forget the overnight exposure here...

I can see what you are saying, but I think the caution is well founded, and as I say I'd agree that RDP, VNC and the like should not be getting treated in this way (And we are sorting it!).

Ian
N/A

Meaning of term VPN for BBYW 1

In simple terms for the OP there are two main types of VPN.

One connects a computer to a LAN (Teleworker), the other connects a your network to another Network (LAN to LAN).

The teleworker VPN makes your PC part of your office network, an example is the Cisco VPN client. This is a bit of software that sits on your PC with a config file issued by your place of work. It is usually used with something like an RSA key which has a display of numbers changing every minute. With this teleworker type of VPN you hit connect, enter a login and pin+display number.

The Lan to Lan VPN usually connects two ROUTERS and once configured in each router can be set to dial on demand (I use this) or connect all the time. So if you were using the IP address range 192.168.1.x for your home network you could configure your work network to appear as 192.168.2.x and connect to devices on that network.

In both cases you are creating a point to point tunnel over the internet, this is cheaper than buying a leased line and ideal for small Branch offices or Home workers.

VPN's do not work in the same way as some other links (e.g. Leased Lines) and are not really appropriate for some applications. However, for remote admin of servers they are great.

I use both types of VPN, I mostly use MS Terminal Services which has a very thin footprint. I also have a VPN to my son's router and am able to config his router and use RDP to connect to his PC in case of a problem.

Teh Cisco teleworker VPN solution requires a big investment at the office but the Lan to Lan simply requires two decent routers. As a bonus you can use this routers to do VoIP and make calls over the internet.

The SSH VPN is often used by people who wish to punch a hole through a firewall. It is very easy to setup with a couple of Linux servers. They often configure these to use port 80 and as the traffic is encryped the only clue is often the traffic.

I was thinking of using Plusnet Option 1 to finally connect my dear old Mum to the internet and there is no way I would pay £5 a month for that. That would make it more expensive than moving her whole phone and broadband to Talk Talk.

She is on a pension and could not afford the extra £5 and paying a 50% premium for this is not acceptable.
jazz
Grafter
Posts: 240
Registered: 06-04-2007

Meaning of term VPN for BBYW 1

@ibc01

Thank you for that very full explanation of VPN types in a language I could understand. Expect the OP will find this very helpful - I certainly did! Cheesy
pacem
Grafter
Posts: 175
Registered: 07-09-2007

Meaning of term VPN for BBYW 1

Right so at the moment with Option 1 with no ssh:
We can't configure our cgi space.
We can't securely check the status of any remote machines we administer. (Or am I now expected to enable telnet just so I can quickly do ps alx, or cat /proc/meminfo?)
We can't securely up-load data to our cgi space.

The sort of people that use ssh as a VPN are the sort of people that will be able to circumvent any restrictions you apply because they will tunnel it over http or any other protocol - they're probably the sort of people that would require more bandwith than £10 can buy.

As things stant PN are breaking their own services by not allowing SSH with Option 1.

Also I hope the blocking of ssh is not a simple port block because VoIP RTP streams can use *any* port including reserved ports.

Now I have to go and cancel my "downgrade" request because PN have ooopsed again.

Paul.<><
pscraig
Dabbler
Posts: 13
Registered: 15-07-2007

Meaning of term VPN for BBYW 1

I couldn't have put it better, pacem. Thanks.
pacem
Grafter
Posts: 175
Registered: 07-09-2007

Meaning of term VPN for BBYW 1

I don't think I put it well enough because I've just realised it also means that I wont be able to sign up my mother, grandmother or aunt (she uses Linux) to this package because I wont be able to remotely help them out when things go wrong. Even if I remain on PAYG PN would still block me from helping them. Or rather pn would block the very people the product is targeted at from being helped!

Paul.<><
Plusnet Staff
Plusnet Staff
Posts: 12,169
Thanks: 18
Fixes: 1
Registered: 04-04-2007

Meaning of term VPN for BBYW 1

We've raised a change control to change how the VPN bundle works on Option 1 so things like SSH and RDP will work (but have a rate limit), I'll check all the details and when the changes will be/were applied tomorrow and get back to you.
Nick_Russell
Grafter
Posts: 553
Registered: 10-05-2007

Meaning of term VPN for BBYW 1

Can we use VNC (such as RealVNC) now with Option 1 or if not, will we be able to if these changes are made?
N/A

Meaning of term VPN for BBYW 1

Quote
We've raised a change control to change how the VPN bundle works on Option 1 so things like SSH and RDP will work (but have a rate limit), I'll check all the details and when the changes will be/were applied tomorrow and get back to you.


What is a rate limit?

RDP by itself is no good because of the man in the middle exploit. This is why we need VPN access so that there is a secure tunnel on which to run the RDP connection.

As your packages are based on traffic I do not understand the problem, if you get dodgy people using it they will pay through the nose. Also the kind of people you are seeking to discourage would not really use this.

Six months ago I would never have considered recommending Plusnet but things have changed massively, the most important change has been one of attitude. I hope you are able to remove all restrictions of this option 1 service as it opens up a potential new market of low usage users. This is just what you guys have been after and in time they will move up the options if their needs change.