Friends ISP has VPN traffic blocked : Alternative software options?

Boscoh

[H]ard|Gawd
Joined
Nov 25, 2003
Messages
1,159
Yeah...I'd agree with the previous poster. Your ISP is blocking IPSEC because they dont want it on their network, and if 'no vpn' is stated in their Acceptable Uses and TOS they have every right to block it, and they have every right to terminate your buddy's service if they detect him trying to setup and use some sort of VPN tunnel. If this is the case, your solution is to either switch ISP's to one that doesnt block VPN (RoadRunner, TXU, Alltel, and SBC are a few that come to mind), or setup a Secure FTP server on whatever PC your buddy wants to VPN to and access files from, but if your ISP blocks VPN's they probably block servers too.

If your buddy loves this ISP so much and doesnt want to switch perhaps he should give up trying to get around their restrictions before they terminate his service completely.
 
My question is this... What sane ISP blocks VPN traffic?? They must not be big into people "working from home". I would ditch them if it was me because I use a VPN connection to my office all the time from home...
 
I think its a trend that we are seeing and one that will continue to grow.

I think companies realized that they could charge for "business use" and now have a new revenue stream. Same for Hotels, which charge extra to turn on that "feature".

Luckily sbc in so cali doesn't charge extra. But many of my account exec's had to end up bumping their services from 50 to 75+ per month due to this issue.

I guess what would be a solution? SSL type VPN's. (using port 80).
 
Originally posted by Darthkim
I think its a trend that we are seeing and one that will continue to grow.

I think companies realized that they could charge for "business use" and now have a new revenue stream. Same for Hotels, which charge extra to turn on that "feature".

Luckily sbc in so cali doesn't charge extra. But many of my account exec's had to end up bumping their services from 50 to 75+ per month due to this issue.

I guess what would be a solution? SSL type VPN's. (using port 80).

As (I) mentioned earlier, VPNs use a particular type of IP packet. SSL is encryption for TCP packets. This wouldn't work, becuase TCP is encapsulated in IP, not vice versa.
 
Skritch,

I didn't mean to encapsulate IPSEC VPN with an SSL Stream. There are new types of vpn technologies out there that utilize SSL as the encrypting mechanism. Some of them have full clients that do the similar task that a clientside IPSEC VPN can.

Granted, there are still many uses for IPSEC VPN's. (Site to site, support for AES, etc), but i think in the coming months, we will see a general trend towards SSL VPN (for client based access).

Most of the major VPN players have or are commited to implementing some sort of SSL VPN.

Neoteris and aventail are some of the major companies that have this technology.

Either way, i haven't seen any free SSL VPN softwares out there for anyone to utilize. I am sure in the coming months, a free linux package will be out.
 
Originally posted by Darthkim
Skritch,

I didn't mean to encapsulate IPSEC VPN with an SSL Stream. There are new types of vpn technologies out there that utilize SSL as the encrypting mechanism. Some of them have full clients that do the similar task that a clientside IPSEC VPN can.

Granted, there are still many uses for IPSEC VPN's. (Site to site, support for AES, etc), but i think in the coming months, we will see a general trend towards SSL VPN (for client based access).

Most of the major VPN players have or are commited to implementing some sort of SSL VPN.

Neoteris and aventail are some of the major companies that have this technology.

Either way, i haven't seen any free SSL VPN softwares out there for anyone to utilize. I am sure in the coming months, a free linux package will be out.

Yes, I've seen (and sold, for a brief period) the Neoteris solution. They're all appliance-based, and I wouldn't call them VPNs. Traditional VPNs make the client part of the host network. These things simply push files from the host network to the client, and occasionally provide a Java-based SSH shell.

Not really the same thing. With the former, it's no different than being at the office. With the latter, it's nothing I can't do with SFTP or scp.
 
To be honest, between neoteris and Aventail, i've always liked the aventail better.

The thing with neoteris was like you stated, more of a front end shell. Most applications required a web front-end for it to work with the solution

The aventail solution actually has a client which acts the same as a IPSEC Client. This is really the way i think SSL VPN should function and hopefully the industry will follow.
 
Is your friend sure the ISP is blocking all VPNs? Many times you will talk to someone at a ISP and they will think your trying to run the server you are inquiring about, and then they will just say you need to upgrade you account to run servers. Remember that many of the people you will talk to at ISPs arn't the most technical people in the world.

You said you tried the windows VPN, and that didn't work. Is this computer or the server hosting the VPN behind a router? Have any of the clients been able to connect to the VPN? When you try to connect to the VPN how far does it get into the connection process?

One reason why the Windows VPN may not be working is do to some filters the ISP may have put into place do to some recent viruses. I think it was the welchia worm that sends out ICMP traffic that has the same signature (ICMP type 8?) that would be used in part of the connection process that a client goes through to make a connection to a Windows VPN server, and some other proprietary VPNs.


I really don't think a ISP would make you pay $150 a month to use a VPN client. What ISP is this any ways?
 
Wow I didn't read up on this thread but I do have a suggestion. Lately I've been pimping OpenVPN as a great alternative to Microsofts VPN. It transverse NAT, uses only one port, Multi system versions, Supprts eithernet or just IP tunnels and is easy to configure. Open source and is free and GOOD (IMO).
 
Back
Top