ssherwood Premium Member join:2002-02-23 Toronto, ON |
ssherwood
Premium Member
2008-Apr-10 12:10 am
IPSEC VPN Throttled!!!Hello all,
I've just had the most annoying time trying to log into my work machines to deal with an ongoing DDoS situation, only to find that my usual IPSEC VPN tunnel (PFSense --> Netscreen) wouldn't allow enough throughput to use remote desktop software...
Luckily for me, I'm testing a new firewall which supports OpenVPN which apparently is not currently throttled.
How can Bell or any other carrier for that matter defend this practice when it has such a severe impact on its end users? This situation could very easily cost businesses plenty of time and money when their IT staff can't log in remotely from their home to deal with emergency problems!
This is completely unacceptable! GRRRRR!!!!!
-- SS |
|
|
Complain to CRTC and your local MP and MPP, explaining this issue. They heard plenty on how throttling is bad for the freedom of information and such, but it's time they hear how it is affecting the established every day situations. How it is affecting ordinary, hard working people. |
|
|
to ssherwood
said by ssherwood:I've just had the most annoying time trying to log into my work machines to deal with an ongoing DDoS situation, only to find that my usual IPSEC VPN tunnel (PFSense --> Netscreen) wouldn't allow enough throughput to use remote desktop software... PM Deadpool about it. Along with OpenVPN, PPTP and Nortel's IPSEC implementation reportedly work, if you have those options available. |
|
|
|
to ssherwood
I require IPSEC to log into my work. I'm not in town now but i sure hope its not slow when i get back or I'm gonna have to switch to Videotron. |
|
|
to ssherwood
Netscreen? I've heard this term 3 times today and I have never heard of it... |
|
34764170 (banned) join:2007-09-06 Etobicoke, ON |
34764170 (banned)
Member
2008-Apr-10 6:10 am
said by DabberDan:Netscreen? I've heard this term 3 times today and I have never heard of it... Used to be a vendor that made firewall's and VPN gear. |
|
ssherwood Premium Member join:2002-02-23 Toronto, ON |
Yeah - Juniper Security Solutions is who maintains the Netscreen platform now. I'm not sure if they bought the technology or not as I hadn't encountered one of these before working for the folks I do now.
At any rate - it uses standard IPSEC VPN - you can use a client made by them as well, but I'm using an endpoint-to-endpoint solution (firewall to firewall).
I will of course write my MP and the CRTC about this, but I can't believe they have implemented something which impacts business users this way!
-- SS |
|
GuspazGuspaz MVM join:2001-11-05 Montreal, QC |
Guspaz
MVM
2008-Apr-10 10:11 am
You'd have much more luck writing Deadpool than your MP. He can fix this for you. Your MP can't. |
|
NeTwOrKDawgNetworking is a lifestyle join:2005-04-25 Brantford, ON |
to ssherwood
said by ssherwood:Luckily for me, I'm testing a new firewall which supports OpenVPN which apparently is not currently throttled. OpenVPN is what has saved me many times lately as well.. What firewall are you using which supports OpenVPN? |
|
1 edit |
to ssherwood
It appears Juniper Networks is one of Ellacoya's "technology Partners" I wonder if Juniper Networks knows Ellacoya's toys are playing dirty with its products. » www.ellacoya.com/partners/ |
|
ssherwood Premium Member join:2002-02-23 Toronto, ON |
to NeTwOrKDawg
Its actually a "roll-your-own" firewall. We purchased a new server and put in plenty of network interfaces. Its really overkill for a standard firewall, but we plan to implement traffic management for our LAN on it.
We're currently evaluating several platforms, but we're leaning towards the pfSense solution as it has some killer add-in packages, and the price is certainly right! (we're a not-for-profit Arts organization...)
I've also looked at Untagled and Vyatta... both excellent products with free options.
-- SS |
|