A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

VPN - How do they know?



 
 
Thread Tools Display Modes
  #1  
Old July 22nd 06, 12:13 PM posted to uk.telecom.broadband
Dave Saville
external usenet poster
 
Posts: 64
Default VPN - How do they know?

A friend was asking about VPN's and I remembered that he was on NTL and that
when I was on their home service a couple of years back the T&C's prohibited
the use of VPN's, along with a "public FTP server" IIRC. I assume they
considered it a "business" service and that one should be paying for a business
connection.

However, what we were both wondering was - how they could tell? It can't just
be encrypted traffic because of SSH, HTTPS, VNC etc. Just curious.

--

Regards

Dave Saville

NB Remove -nospam for good email address


  #2  
Old July 22nd 06, 01:16 PM posted to uk.telecom.broadband
R. Mark Clayton
external usenet poster
 
Posts: 699
Default VPN - How do they know?


"Dave Saville" wrote in message
. uk...
A friend was asking about VPN's and I remembered that he was on NTL and
that
when I was on their home service a couple of years back the T&C's
prohibited
the use of VPN's, along with a "public FTP server" IIRC. I assume they
considered it a "business" service and that one should be paying for a
business
connection.


Bit of a shame if you work at home for a day and VPN from your work
laptop...


However, what we were both wondering was - how they could tell? It can't
just
be encrypted traffic because of SSH, HTTPS, VNC etc. Just curious.


They would have to look inside for the the protocol.


--

Regards

Dave Saville


BTW the use of "gotcha'" T&C's with arbitrary restrictions is one of the
indicators that you are dealing with a supplier that has never had the
slightest intention of providing satisfactory (let alone good) customer
service.


  #3  
Old July 23rd 06, 12:07 AM posted to uk.telecom.broadband
Tim Clark
external usenet poster
 
Posts: 179
Default VPN - How do they know?

In article ,
"R. Mark Clayton" writes:

"Dave Saville" wrote in message
. uk...
A friend was asking about VPN's and I remembered that he was on NTL and
that
when I was on their home service a couple of years back the T&C's
prohibited
the use of VPN's, along with a "public FTP server" IIRC. I assume they
considered it a "business" service and that one should be paying for a
business
connection.

....
However, what we were both wondering was - how they could tell? It can't
just
be encrypted traffic because of SSH, HTTPS, VNC etc. Just curious.


BTW the use of "gotcha'" T&C's with arbitrary restrictions is one of the
indicators that you are dealing with a supplier that has never had the
slightest intention of providing satisfactory (let alone good) customer
service.


It's also an indication that their legal department is one which no
doubt takes pride in inventing enough contradictory contradictions that
it would be impossible for any customer to adhere to all of them. That
way they can pick on any customer they find to be a nuisance, and get
rid of them for violation of the T&Cs, because all customers will be
in violation of the T&Cs.

The plus side is that such companies don't bother actually policing
the conditions they set. Because, obviously, they would then have zero
customers. If the customer's use of the network is not perceived as
being a problem, the customer won't be disturbed. The downside is that
if they do perceive the customer's use to be a problem for any reason,
real or imaginary, the customer is hit.

I've had a VPN over my NTL connection in place continuously for the last
3 years without any problem. I can quickly move to an alterative
connection if NTL take issue with it.

--
Tim Clark
  #4  
Old July 23rd 06, 01:03 PM posted to uk.telecom.broadband
David Wade
external usenet poster
 
Posts: 210
Default VPN - How do they know?


"Tim Clark" wrote in message
...
In article ,
"R. Mark Clayton" writes:

"Dave Saville" wrote in message
. uk...
A friend was asking about VPN's and I remembered that he was on NTL and
that
when I was on their home service a couple of years back the T&C's
prohibited
the use of VPN's, along with a "public FTP server" IIRC. I assume they
considered it a "business" service and that one should be paying for a
business
connection.


We have a number of home workers who are on NTL and have no problems with
VPN ..

...
However, what we were both wondering was - how they could tell? It

can't
just
be encrypted traffic because of SSH, HTTPS, VNC etc. Just curious.



They can block the standard VPN ports, as most places do for port 25 and
SMTP...

BTW the use of "gotcha'" T&C's with arbitrary restrictions is one of the
indicators that you are dealing with a supplier that has never had the
slightest intention of providing satisfactory (let alone good) customer
service.


It's also an indication that their legal department is one which no
doubt takes pride in inventing enough contradictory contradictions that
it would be impossible for any customer to adhere to all of them. That
way they can pick on any customer they find to be a nuisance, and get
rid of them for violation of the T&Cs, because all customers will be
in violation of the T&Cs.

The plus side is that such companies don't bother actually policing
the conditions they set. Because, obviously, they would then have zero
customers. If the customer's use of the network is not perceived as
being a problem, the customer won't be disturbed. The downside is that
if they do perceive the customer's use to be a problem for any reason,
real or imaginary, the customer is hit.

I've had a VPN over my NTL connection in place continuously for the last
3 years without any problem. I can quickly move to an alterative
connection if NTL take issue with it.


Just don't try updating to the NTL Business service. That appears to block
the normal VPN ports and we have had to move our home workers back to the
"non-business" service.....

--
Tim Clark


Dave.


  #5  
Old July 23rd 06, 03:25 PM posted to uk.telecom.broadband
Mark McIntyre
external usenet poster
 
Posts: 1,835
Default VPN - How do they know?

On Sat, 22 Jul 2006 23:07:09 GMT, in uk.telecom.broadband , "Tim
Clark" wrote:

In article ,
"R. Mark Clayton" writes:

"Dave Saville" wrote in message
. uk...
A friend was asking about VPN's and I remembered that he was on NTL and
that
when I was on their home service a couple of years back the T&C's
prohibited
the use of VPN's, along with a "public FTP server" IIRC. I assume they
considered it a "business" service and that one should be paying for a
business
connection.

...
However, what we were both wondering was - how they could tell?


Euh, by port number.

I've had a VPN over my NTL connection in place continuously for the last
3 years without any problem.


Same here. I suspect the T&C item, if it still exists, refers to
running a VPN server in-house.
--
Mark McIntyre
  #7  
Old July 23rd 06, 11:10 PM posted to uk.telecom.broadband
Jim Hague
external usenet poster
 
Posts: 3
Default VPN - How do they know?

In article ,
Tim Clark wrote:
I've had a VPN over my NTL connection in place continuously for the last
3 years without any problem.


I've been using various VPNs over my NTL connection for about 5 years now.

A few years back NTL published some new T&Cs. These prohibited VPN use.
There was a huge reaction from the customer base, and the prohibition
swiftly removed. (Actually, at this distance, I can't remember if the
T&Cs were ever actually activated. In this case, some gormless clown at
NTL had obviously written the new terms in ignorance of what people
actually use this new-fangled Innernet thing for.) This is probably the
origin of the 'NTL bans VPNs' meme.

If you go and check the current NTL T&Cs at
http://www.home.ntl.com/page/userpolicy, you will find the following:

18. Use of Virtual Private Network (VPN)

You may use VPN but you acknowledge that your Services may be adversely
affected by such use. If you use VPN and this affects our network
performance or any users of ntl's Services, we reserve the right to
instruct you to stop using VPN and you must comply with this request.

Entirely reasonable as far as I can see. As far as running a VPN server
goes, I can see nothing prohibiting it, though it would be subject
to Section 17 on servers, notably

(iii)
Remote Access: all remote access ( FTP; SSH ; PC Anywhere etc) must
be password protected and the address must not be publicly advertised.

and (vi)
Other: you may run other servers but be aware that we reserve the right
to restrict access to them should they cause network problems or should
we receive complaints from other customers.
--
Jim Hague - Never trust a computer you can't lift.
  #8  
Old July 23rd 06, 11:45 PM posted to uk.telecom.broadband
Mark McIntyre
external usenet poster
 
Posts: 1,835
Default VPN - How do they know?

On Sun, 23 Jul 2006 20:17:20 +0100, in uk.telecom.broadband , Killa
wrote:

On Sun, 23 Jul 2006 15:25:00 +0100, Mark McIntyre
wrote:

On Sat, 22 Jul 2006 23:07:09 GMT, in uk.telecom.broadband , "Tim
Clark" wrote:

However, what we were both wondering was - how they could tell?


Euh, by port number.


Yeah right - so what difference is there in port number between an
https connection using TCP port 443 and OpenVPN using TCP port 443?


No idea, tho a SPI firewall could probably tell. The point is, most
company VPNs tend to run on specific ports and 443 isn't it. Obviously
though, if you choose to hijack ports, then you create interesting
problems.
--
Mark McIntyre
  #10  
Old July 26th 06, 08:59 PM posted to uk.telecom.broadband
stephen
external usenet poster
 
Posts: 381
Default VPN - How do they know?

"Chris" wrote in message
...
In article ,
lid says...
On Sun, 23 Jul 2006 22:30:00 +0100, Chris
wrote:

OpenVPN doesn't use TCP ;-) TCP for VPN isn't very efficient, either.


Funny that - because I connect from work to home most days tunnelling
an OpenVPN connection through the corporate web proxy using TCP.


You mis-understand. My statement did not suggest you _couldn't_ use
tcp, rather you would be a fool to do so as the TCP protocol is not
designed for VPN.


like most things it is a tradeoff.

TCP is adaptive to bandwidth - so if you have a poor connection, high loss
rate and variable bandwidth - TCP may give better thruput than UDP (my
practical example is a 3G link - i use this with Cisco VPN client and
although repeatable tests are not practical,TCP usually gives better thruput
than UDP).

The theoretical drawback is the same as was once claimed for ABR ATM -
having TCP connections over a tunnel which is also load and loss adaptive
can lead to unstable swings in thruput. My experience has been that if you
get anywhere near those operating points your conneciton is also worthless
with UDP tunnelling.

You need a datagram based protocol for best
performance.


probably true - but since many enterprise firewalls forbid UDP tunnelling
(or dont maintain long term UDP "connection state", so lose idle connections
quickly than with TCP). In practice UDP may not be feasible.

Also UDP tunnels tend to use proprietary (or no) rate adaption, fall back
etc, but will cut links when they lose too many packets. So many UDP encap
implementations dont seem to work well under adverse network conditions.

Why you would use TCP is a little beyond me -- care to
elaborate?


It often works where UDP encap doesnt. If the server is set to use port 80
or another common port such as 8080 many firewalls will let it thru.

Incidentally, OpenVPN's default server.conf (you *do* admin an OpenVPN
server, right?) defaults to UDP.

Fact - OpenVPN can use either TCP or UDP. TCP is not as 'efficient'
as UDP - but then if you need to get through firewalls, proxies, etc
sometime you just have to accept the inefficiencies.


Erm, I would have thought being UDP you are *more* likely to get through
firewalls. However, i guess its up to the indidiual network. Does your
work network block UDP datagrams or just ones that !== 53? What about
time services, and a host of other services i can think of that rely on
UDP for operation. There would have to be a good reason to use TCP..


--
Regards

- replace xyz with ntl


 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 03:32 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2019 BroadbanterBanter.
The comments are property of their posters.