dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1993

ssherwood
Premium Member
join:2002-02-23
Toronto, ON

ssherwood

Premium Member

IPSEC VPN Throttled!!!

Hello all,

I've just had the most annoying time trying to log into my work machines to deal with an ongoing DDoS situation, only to find that my usual IPSEC VPN tunnel (PFSense --> Netscreen) wouldn't allow enough throughput to use remote desktop software...

Luckily for me, I'm testing a new firewall which supports OpenVPN which apparently is not currently throttled.

How can Bell or any other carrier for that matter defend this practice when it has such a severe impact on its end users? This situation could very easily cost businesses plenty of time and money when their IT staff can't log in remotely from their home to deal with emergency problems!

This is completely unacceptable! GRRRRR!!!!!

-- SS

Turbinator
join:2007-10-14
Mississauga, ON

Turbinator

Member

Complain to CRTC and your local MP and MPP, explaining this issue. They heard plenty on how throttling is bad for the freedom of information and such, but it's time they hear how it is affecting the established every day situations. How it is affecting ordinary, hard working people.
Name96
join:2008-03-28

Name96 to ssherwood

Member

to ssherwood
said by ssherwood:

I've just had the most annoying time trying to log into my work machines to deal with an ongoing DDoS situation, only to find that my usual IPSEC VPN tunnel (PFSense --> Netscreen) wouldn't allow enough throughput to use remote desktop software...
PM Deadpool about it.

Along with OpenVPN, PPTP and Nortel's IPSEC implementation reportedly work, if you have those options available.
uri0
join:2002-08-09

uri0 to ssherwood

Member

to ssherwood
I require IPSEC to log into my work. I'm not in town now but i sure hope its not slow when i get back or I'm gonna have to switch to Videotron.
DabberDan
join:2004-11-15
Canada

DabberDan to ssherwood

Member

to ssherwood
Netscreen? I've heard this term 3 times today and I have never heard of it...
34764170 (banned)
join:2007-09-06
Etobicoke, ON

34764170 (banned)

Member

said by DabberDan:

Netscreen? I've heard this term 3 times today and I have never heard of it...
Used to be a vendor that made firewall's and VPN gear.

ssherwood
Premium Member
join:2002-02-23
Toronto, ON

ssherwood

Premium Member

Yeah - Juniper Security Solutions is who maintains the Netscreen platform now. I'm not sure if they bought the technology or not as I hadn't encountered one of these before working for the folks I do now.

At any rate - it uses standard IPSEC VPN - you can use a client made by them as well, but I'm using an endpoint-to-endpoint solution (firewall to firewall).

I will of course write my MP and the CRTC about this, but I can't believe they have implemented something which impacts business users this way!

-- SS

Guspaz
Guspaz
MVM
join:2001-11-05
Montreal, QC

Guspaz

MVM

You'd have much more luck writing Deadpool than your MP. He can fix this for you. Your MP can't.

NeTwOrKDawg
Networking is a lifestyle
join:2005-04-25
Brantford, ON

NeTwOrKDawg to ssherwood

Member

to ssherwood
said by ssherwood:

Luckily for me, I'm testing a new firewall which supports OpenVPN which apparently is not currently throttled.
OpenVPN is what has saved me many times lately as well.. What firewall are you using which supports OpenVPN?

Pegasys66
join:2008-01-16

1 edit

Pegasys66 to ssherwood

Member

to ssherwood
It appears Juniper Networks is one of Ellacoya's "technology Partners"
I wonder if Juniper Networks knows Ellacoya's toys are playing dirty with its
products.

»www.ellacoya.com/partners/

ssherwood
Premium Member
join:2002-02-23
Toronto, ON

ssherwood to NeTwOrKDawg

Premium Member

to NeTwOrKDawg
Its actually a "roll-your-own" firewall. We purchased a new server and put in plenty of network interfaces. Its really overkill for a standard firewall, but we plan to implement traffic management for our LAN on it.

We're currently evaluating several platforms, but we're leaning towards the pfSense solution as it has some killer add-in packages, and the price is certainly right! (we're a not-for-profit Arts organization...)

I've also looked at Untagled and Vyatta... both excellent products with free options.

-- SS