bypassing DPI/throttling (was: Re:Acanac...?)
Erik (Caneris)
erik_list-etARiVBfTZtBDgjK7y7TUQ at public.gmane.org
Sat Jul 11 00:31:31 UTC 2009
Madison wrote:
> Trick is doing it on our end for all customers... I've not
> been the one
> looking into it though, so I am not sure what the actual challenge is.
>
Not sure what your setup is or how feasible MLPPP is for you guys, but as far as doing SSH tunnel for all of our customers, that was not terribly difficult. We made a custom one-click version of putty which does everything for the users, had the SSH tunnel box auth against RADIUS so no prov work required and folks can login with their existing PPPoE logins, documented the steps for them, and that's pretty much it. It's still in beta, but we're about to roll it out across the user base. It's not perfect, but it's decent enough for now. We're going to improve the method and docs a bit as we go, it's a bit narrow in scope right now. Check out http://www.caneris.com/Support#sshtunnel
We weren't the first to use this method, but we were the first to make it that easy from the end user's perspective, simply due to the customized version of putty combined with the docs. So, you should be able to replicate that setup pretty easily for your customers.
We're still considering whether doing MPPE is worth the effort. It would certainly be a "cleaner" solution, but we haven't researched how widespread CPE support is for it nor the full impact on our LNSs, RADIUS, OSS, tools, and everything else. MPPE requires CHAP, not PAP, if I'm not mistaken, so that's one of the main issues.
Erik
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list