Tell me more x
, there is a new speed test available. Give it a try, leave feedback!
dslreports logo
 
    All Forums Hot Topics Gallery
spc

spacer

Search Topic:
uniqs
7
share rss forum feed

ke4pym
Premium
join:2004-07-24
Charlotte, NC
Reviews:
·Northland Cable ..
·Time Warner Cable
·ooma
·VOIPO
·Verizon Broadban..
reply to Crookshanks

Re: vpn

said by Crookshanks:

Incoming VPN's are also a PITA with dynamic IP addresses.

Not really. I am very successfully running not only site-to-site IPSEC VPN with dynamic IP's but mobile-to-site VPN as well with very few, if any issues.

DNS services like dyndns.org are your friend.

nanaki333

join:2010-08-11
Chantilly, VA
yep. beat me to it. i've been using dyndns for everys (over a decade?) and never paid (or had my work pay) for a home static address. site-to-site VPN to work and PPTP for when i'm on travel to access my home servers.

nanaki333

join:2010-08-11
Chantilly, VA
that was supposed to say years....

Crookshanks

join:2008-02-04
Binghamton, NY
reply to ke4pym
You _can_ do an ipsec tunnel with a dynamic IP address but can be royal PITA with certain routers; Cisco's ASAs in particular have caused me many headaches over the years.

In any case, I'm left wondering how many residential users need the ability to do site-to-site VPNs. I presume you are using such a VPN for business purposes? You could still make it work if you initiated the connection from the end behind NAT; if that doesn't work I doubt AT&T will have any sympathy for you when you tell them you're trying conduct business over your residential connection.

Services like Skype and online gaming will be much more noticeable to the typical residential customer.


cdru
Go Colts
Premium,MVM
join:2003-05-14
Fort Wayne, IN
kudos:7
said by Crookshanks:

In any case, I'm left wondering how many residential users need the ability to do site-to-site VPNs. I presume you are using such a VPN for business purposes? You could still make it work if you initiated the connection from the end behind NAT; if that doesn't work I doubt AT&T will have any sympathy for you when you tell them you're trying conduct business over your residential connection.

It's not site to site, but I do quiet frequently. I need a file from home I can quickly remote in and grab the file I need. It's not for business use, strictly personal.

ke4pym
Premium
join:2004-07-24
Charlotte, NC
Reviews:
·Northland Cable ..
·Time Warner Cable
·ooma
·VOIPO
·Verizon Broadban..
reply to Crookshanks
said by Crookshanks:

I presume you are using such a VPN for business purposes?

if by business purposes you mean me supporting my parent's computers and keeping a remote server to copy data too business, then, sure. We could call it business purposes.

Crookshanks

join:2008-02-04
Binghamton, NY

1 recommendation

reply to cdru
Well, that's what Dropbox and similar services are for. If you have privacy concerns that's where encryption comes in.

Understand that I'm not defending AT&T here; I'm just shooting down the notion that an inability to VPN into a residential connection is even a consideration for them. If you're that technically inclined I don't understand why you aren't willing to pay the extra few dollars for a static IP address. It makes life easier, allows you to host services you can't host otherwise (I do my own DNS and e-mail, plus I run an NTP server in the NTP pool) and at least with my ISP puts you into a business class service rather than a residential one, which comes with other advantages (better support, no blocked ports, more permissive AUP, etc.)

In the final analysis this was probably inevitable when you consider the snail's pace deployment of IPV6. The other day I was informed by my Time Warner rep that they are now charging new business class customers extra money if they need more than one IP address. Apparently it is becoming harder and harder for them to procure more IP address space. We set up our business class service a little over a year ago and obtained a /27 simply by asking for it. No longer.

Network Guy
Premium
join:2000-08-25
New York
kudos:3
Reviews:
·Google Voice
·Verizon FiOS
·Future Nine Corp..
·T-Mobile US
reply to ke4pym
said by ke4pym:


DNS services like dyndns.org are your friend.

Never tried this with an ASA, but on a 1811 I've never been able to bring up a tunnel using a FQDN even if I point both 1811's to a private DNS box with appropriate A records for each side. It only seems to like listing an IP address for a peer under the crypto.

For the typical residential customer who probably runs a Linksys behind their bridge, IPsec VPN access is probably a non-issue.


cdru
Go Colts
Premium,MVM
join:2003-05-14
Fort Wayne, IN
kudos:7

1 recommendation

reply to Crookshanks
said by Crookshanks:

Well, that's what Dropbox and similar services are for.

I have about 6TB of files on my home server. Drop box isn't an option. Plus keeping files synced between home desktop and drop box would become an issue.

If you have privacy concerns that's where encryption comes in.

Privacy isn't a concern here...just accessing MY data is. And it's not even just data. Applications as well. I'm a web developer, and from time to time I have reasons to need to check to see what a project I'm working on looks like or behaves from outside of our corporate network. Yes this is now a "business" function, but it's still my residential connection.

If you're that technically inclined I don't understand why you aren't willing to pay the extra few dollars for a static IP address.

Frontier 35mbit symmetrical residental FIOS: $56.50
Frontier 35mbit symmetrical business FIOS w/ static IP: $129.99
I would not consider 73.49 a "few extra dollars". Even at just the $15, it's still ridiculous as static IPs aren't necessary.

It makes life easier, allows you to host services you can't host otherwise (I do my own DNS and e-mail, plus I run an NTP server in the NTP pool) and at least with my ISP puts you into a business class service rather than a residential one, which comes with other advantages (better support, no blocked ports, more permissive AUP, etc.)

My service has been rock solid, so support isn't an issue. Ports aren't blocked with the exception of outbound 25, but you can easily relay through their server or free google apps (aka gmail with your own domain name). I can run my own internal DNS and have a free zoneedit dns hosting which is far more reliable and better connected then my single fios line. Not saying that my setup is optimal for everyone...but it suits me. And everything is ran off of a dynamic IP that's updated via my router if/when my DNS changes.

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9
reply to Network Guy
Correct. Cisco (IOS and ASA) will resolve the address on the spot instead of storing the name and resolving it every time it needs to use it. This is very annoying to people who don't know it does this.

Crookshanks

join:2008-02-04
Binghamton, NY
reply to cdru
said by cdru:

Frontier 35mbit symmetrical residental FIOS: $56.50
Frontier 35mbit symmetrical business FIOS w/ static IP: $129.99
I would not consider 73.49 a "few extra dollars". Even at just the $15, it's still ridiculous as static IPs aren't necessary.

*shrug*, don't know what to tell you, the choices I had (also from Frontier) were:

3/384 residential dsl for $34.95
6/1 business dsl for $60 + $10 for static IP

I could get by without the static IP but as I've already said it just makes life easier.

said by cdru:

Privacy isn't a concern here...just accessing MY data is. And it's not even just data. Applications as well. I'm a web developer, and from time to time I have reasons to need to check to see what a project I'm working on looks like or behaves from outside of our corporate network. Yes this is now a "business" function, but it's still my residential connection.

So you're using it for commercial purposes? It sounds like you'll need to pony up some dollars if your ISP ever decides to go this route. I'll concur that it sucks but the sad reality is that the vast majority of users will never know or care that they don't have globally valid IP addresses. Those who need them will have to pay extra for a scarce resource or wait for the deployment of IPV6. That's the law of supply and demand: limited resource + increased demand = higher prices.

BTW, I'm not sure if Frontier's residential FIOS service is under the same AUP as the residential DSL service but if it is you've got a problem:

Customers may not resell High Speed Internet Access Service ("Service") without a legal and written agency agreement with Frontier. Customers may not retransmit the Service or make the Service available to anyone outside the premises (i.e. wi-fi or other methods of networking). Customers may not use the Service to host any type of commercial server.

Frontier's residential Internet access services are provided for residential usage only. Commercial or business use of residential services is prohibited. In the event of such usage Frontier at its option may suspend or terminate service or may move the customer to a commercial Internet access service, in which case higher charges may apply.

Users may not run any program which makes a service or resource available to others, including but not limited to port redirectors, proxy servers, chat servers, MUDs, file servers, and IRC bots. Users may not run such programs on their own machines to make such services or resources available to others through one of our dialup or DSL accounts; a dedicated access account is required for such purposes.


That's another reason why I opted for business class service; the AUP is far more permissive and essentially prohibits nothing other than hacking, open relays, UCE and child pornography.


cdru
Go Colts
Premium,MVM
join:2003-05-14
Fort Wayne, IN
kudos:7

1 recommendation

said by Crookshanks:

BTW, I'm not sure if Frontier's residential FIOS service is under the same AUP as the residential DSL service but if it is you've got a problem:

Customers may not retransmit the Service or make the Service available to anyone outside the premises (i.e. wi-fi or other methods of networking).

Any type of peer to peer communications (and not just p2p file sharing) would be in violation of this if interpreted in the most strict literal sense. The intent of this clause is to prevent a customer from sharing their connection with their neighbor for instance.

Users may not run any program which makes a service or resource available to others, including but not limited to port redirectors, proxy servers, chat servers, MUDs, file servers, and IRC bots. Users may not run such programs on their own machines to make such services or resources available to others through one of our dialup or DSL accounts; a dedicated access account is required for such purposes.

For my use, this clause doesn't pertain to me. I'm a party to the policy, so I wouldn't be considered part of the "to others". And it wouldn't be hard to argue any family member living with me also would not be considered others.

If ANY and ALL servers are prohibited, then there wouldn't be clauses necessary that says paraphrased, "Commercial servers are prohibited". The commercial could be removed and simplify things by just saying "Any server is prohibited." But that is not their intent and we both know it.