TomS_
debugger it
Premium,MVM
join:2002-07-19
Australia
3 edits | reply to GTOV8
Re: network up time
On the SSH front at the very least I'd be suggesting the following:
Colocate a small box somwehere with a reliable Internet connection (e.g. your NOC perhaps), and use this box to initiate his SSH sessions. But tell him to use "screen". And if its just for SSH it doesnt need to be anything special. Donate one of your old boxes if you have to. 
Next, tell him to SSH from his house into this box. This is where screen comes in.
Screen allows you to run applications "in the background", effectively on their own "screen", and it keeps them running regardless of whether youre still connected to the box, in a way kind of like what you get with Remote Desktop or VNC. When you SSH into the box, you issue a certain command to re-connect to screen, and resume whatever it was you were doing.
IF he is really as technical as he makes himself out to be he should be all over this little number in no time at all, if hes not using it already.
I use it for IRC. Whether Im at home or at work or anywhere else around the country or the world, I can access my IRC client (running on my FreeBSD box) as if I were always sitting right infront of it. No more reconnecting and disconnecting from IRC servers every time I move around, its the best thing ever.
edit: seems all of the above was covered earlier. Thats what you get for not reading a thread entirely I guess. Disregard. ;-P |
|
j2sw
join:2006-05-02
Williamsport, IN
| reply to GTOV8
If he is losing business he needs to pay for a business connection with a SLA. Unless it's licensed you are never going to beat what a t-1 or other in ground system will deliver so don't bother.
I would fire a customer such as this or have a talk with him saying you can't support him for $40, $50, $60 or whatever sub $300 price he is paying.
Justin |
|
Believer
join:2002-07-04
Baltimore, MD
| reply to Nitroxide
Re: Don't be surprised...
After reading through all of this again my first thought would be to determine if he's plugged directly into your connection/router or using the wireless on his laptop. Maybe the problems he is having are interference related to his wireless phone, baby monitor, neighbor's wireless connection, etc.
--
Comtrain Certified Tower Climber |
|
Nitroxide
join:2009-06-05
1 edit | reply to dr mongolia
That kind of shit pisses me off. I would be disconnecting them within minutes. |
|
dr mongolia
join:2008-07-03
United State | reply to SuperWISP
This has been my experience as well. We actually had a guy last week that was calling about trying to get different upgrades etc and then this week we find him targeting our apache server with shellcode exploits. |
|
SuperWISP
join:2007-04-17
Laramie, WY | reply to Adina
Yep. We have some WoW players. We insist that they buy a business class connection if they want to become BitTorrent nodes, because otherwise they go over their allotted duty cycle. |
|
AnonDOG
@rogers.com
| reply to GTOV8
Re: network up time
The guy seems legit to me in as much as you have said. It is important to remember that a programmer is a programmer, not a network engineer. He is using a VPN, he is clueless as to whether it is PPtP or IPSec. Sadly most of these bank idiots pick broke assed protocols that can't handle lossy links. That is likely what this guy is dealing with.
He thinks, as most developers do, that he completely understands the problem. Having been a developer for the Navy, I can say that five percent of developers actually have a clue about the network. This one actually sounds like he might be trying to grasp things.
Do what you can for him and make sure he knows that you are doing all that you can. If it doesn't work out, you will probably still keep him as a customer. |
|
Adina
join:2007-10-15
Lexington, TX
 ·Cobalt Broadband C..
| reply to SuperWISP
Re: Don't be surprised...
Got any WoW players? Rabid folk they are, and are quite similar to the OP's users in their insistence. I've offered several layers of service ahead of the standard package, private uplink radios, etc, all of which were rebuffed when it came to the money.
Annoying, but not quite shady people. In fact, often their skin is lacking almost any pigment.
 |
|
SuperWISP
join:2007-04-17
Laramie, WY
3 edits | reply to GTOV8
...if within a year the customer suddenly disappears and stops paying his bill. And you read in the paper that he was busted for distributing kiddie porn. Over VPNs, to try to hide what he was up to.
OK, call me cynical. But so far every customer I've had who has been that obsessive about the performance of a relatively inexpensive unlicensed link, and would not pay more for a business-class connection, has been doing something shady. |
|
gunther_01
Premium
join:2004-03-29
Saybrook, IL
| reply to GTOV8
Re: network up time
See,.. I like to show up in my van, with customer right behind me of course. Open my side door of the van, and have my AR in-cased, and my opened 12 pack of Budweiser sitting there. (from the night before obviously)
AMAZINGLY, I don't hear any complaints anymore 
Yea, raise your hand if you think I don't do that LOL. It just happens from time to time. When I work 16 hours and go out to a farm later for some fun.
I LOVE the country |
|
GTOV8
join:2006-02-04
47894
| reply to GTOV8
Now he says it's not doing too bad. I guess he's kinda settled into knowing that we're his only alternative. I ordered a Canopy Advantage SM for him so we can give him better bandwidth and latency than the regular SM. That may help. We have all Advantage APs but only use the Adv SM when need be and charge extra for them of course. The new SM may be very helpful. I think he's calming down. He also acknowledged that he's read our terms on the contract that specifically says we do not guarantee up time at all. |
|
shorthairedp
join:2005-11-21
united state
| reply to GTOV8
I will give him credit, Ive found that alot of preconfigured secure boxes for remote users are so overly secure they barely work. His VPNs are probably set up to die if theres any inconsistency to it to eliminate the risk of a man in the middle attack (because its so possible to do that on a vpn right?)
sarc.
I think theres some malarkey (sp)
turn his power on the radio to zero, act like youre troubleshooting it for a week, then tell him you just can service his location any more |
|
GNca George
GorillaNET
Premium
join:2008-07-12
Minden, ON
| reply to Jerm
Just so. I agree with dr mongolia btw, the best secure VPN we know of is OpenVPN over UDP. Works great over wireless.
We run a considerable number of links using ZeroShell as both the server and client. Works great...
But the corporate world standard is still Cisco IPsec, unfortunately.
George
--
Don't steal, the government doesn't like competition!!! |
|
Jerm
join:2000-04-10
Richland, WA
1 edit | reply to GNca George
said by GNca George  : There is no doubt that wireless can get a little weird when coupled with certain revs of Cisco VPN firmware. You can say that again. I get the lovely task of assisting our Cisco VPN and at times and it can be flakey just enough that even 50ft away from the AP I still drop sometimes. Other days I can drive around and keep my VPN tunnel open even on our outdoor mesh. Go fig. |
|
GNca George
GorillaNET
Premium
join:2008-07-12
Minden, ON
| reply to GTOV8
We do a good number of IPsec VPNs over wireless for very large corporations and have done for many years. There is no doubt that wireless can get a little weird when coupled with certain revs of Cisco VPN firmware.
Generally things are fine, but every once in a while the VPN has problems even when our testing shows everything SHOULD be OK.
The restrictions the guy lays out are not that strange. We have a good number of individual customers on our network who work for large banks/brokerage houses/health authorities who all work under similar restrictions. Sometimes they end up reconnecting their sessions many times in a day if we are having problems at our end.
They also recognize that we try very hard to keep a stable link for them, and do much, much better than our 'competition'.
George
--
Don't steal, the government doesn't like competition!!! |
|
gunther_01
Premium
join:2004-03-29
Saybrook, IL
| reply to dr mongolia
i would go a step farther and actively graph his copmuter/router connection to you. We have done this with a few people in the past at 10 second intervals.
I'm big on graphing though..It's hard to dispute a graph that says you're not broken. Also, check and get the IP of his VPN termination server. You may be able to do the same thing there also. And your bases are covered.
We aren't perfect,but there are a lot of people that use VPN's through us. No problems there either. Some go through triple NAT even. The few things that come to my mind with his VPN are do you NAT? Is he on a "true" routed public IP? And or do you have multiple gateways or any kind of balancing/policy routes that could be changing on him? Things like that can cause (although very fast) unpredictable results with a strict policied VPN set-up. |
|
dr mongolia
join:2008-07-03
United State
 ·Cox HSI
1 edit | reply to GTOV8
Yeah this guy seems quite unusual. I'm also fairly certain that the problem isn't on your end, because:
said by GTOV8 :A VPN is just so touchy, it does not take many dropped packets or much latency to cause one to drop connection. Even using open source VPN solutions I've got tunnels that stay up for a long, long time on connections with packet loss and high latency. If in his experience VPNs are touchy, it's most likely because the configuration for his VPN is touchy.
EDIT: What is he using to test for latency on his end? Does he actually have a legitimate troubleshooting tool? If so, ask for the results. If he's just guessing that it's due to latency, then have him setup a tool that checks for latency 1) to your network and 2) to his network. That should clear up the problem and get him to realize that the problem is on his end without you having to be rude and say "ITS YOUR PROBLEM!" |
|
AMD Phreak
Premium
join:2003-12-14
| reply to GTOV8
I have a bucket of rocks from the yard at home I can mail to you. You can give them to your customer and tell him to pour them on the ground and kick them.
I also have some sand bags you could use, and you can tell him to pound them.
I'm in a good mood today.
--
"No job is so important, and no service is so urgent that we cannot take the time to perform our work safely."
-- AT&T, Your World, Destroyed.
--Safety One Tower Rescue Certified
--LLigetfa:"Wimax is like teenage sex. Everyone talks about doing it." |
|
smeghead
join:2009-02-11 | reply to GTOV8
How intelligent can this guy be..
He is "loosing" his VPN
Jesus.. learn how to spell. |
|
GTOV8
join:2006-02-04
47894
| reply to GTOV8
Wow here is what this guy responded with. I suggested we put a server in our colo rack and then he could vpn into that and work on a server that is sitting on a huge fiber ring. Here is his reply:
*** will not let any computer other than their own laptop which is identified by a secure digital certificate that cannot be faked. There is no way for me to access the *** VPN other than from the *** laptop. There are lots of security deamons running on the laptop that allow them to monitor the laptop through the VPN and they install updates to the OS etc. on a daily basis. The laptop becomes a node that is part of an Enterprise Management network. That node cannot be a server in the data center. It is required for the Iron Mountain software to run a complete backup of the laptop to the corp backup servers over the VPN on a daily basis.
I do not use the ssh sessions to transfer the large files, I need the files on my laptop as that is where I write code to process the files etc. I use FTP to transfer the files to my laptop.
I use the ssh sessions to monitor log files on the *** servers and start and stop processes etc. I have to write all the code and process the files on my laptop as the software that is licensed to me for that work only runs on Windows XP.
I have a laptop that was sent to me by FedEx and it is all setup with a Cisco VPN including a digital certificate that is assigned to me, and all the software applications I need to do my job. I dont even have admin rights on the laptop. They are very security minded which makes sense, since once I am on the VPN I can access the *** production servers in ** and ** where all the account balances are calculated every night. They are protective about access.
I had a similar thought, as I also have a server in a data center that is sitting on multiple T3 backbones with multiple power sources etc. etc. I cannot use my server either, I have asked.
I am finding that your network works fine for me as long as it does not drop the VPN. It dropped the VPN again this afternoon, but this time I did not loose access to the internet, the VPN just dropped. I had to reconnect everything but after that it has been stable this afternoon. A VPN is just so touchy, it does not take many dropped packets or much latency to cause one to drop connection. I have never used a VPN over wireless like this so I dont know what to expect. I am trying though.........
______________
There were no packet drops on our network that would have caused a vpn connection to drop. This guy has a great stable signal on our Canopy network and Prizm shows no disconnects in the history graphing.
I guess we'll just keep working with him for a while. I already told him we'll give him a partial refund and I pointed him to our printed and publicly published terms which are right on the contract forms:
Routine maintenance and periodic system repairs, upgrades and reconfigurations, public emergency or necessity, force majeure, restrictions imposed by law, acts of God, labor disputes and other situations, including mechanical or electronic breakdowns may result in temporary impairment or interruption of service. As a result, **** does not guarantee continuous or uninterrupted service and reserves the right from time to time to temporarily reduce or suspend service without notice. Client shall indemnify and hold *** and its directors, officers, employees, and agents harmless from any and all obligations, charges claims, liabilities, costs and fees incurred as the result of interruptions or omissions of service.
_______________________
This guy is doing only up to 300kbps during the day and then I see a 3mb bandwidth for 20 mins and that was it for 24 hours. Weird. I hate when they get weird. I need to put wording in the contract: "If we think you are weird, this contract is null and void." |
|
