bypassing DPI/throttling (was: Re:Acanac...?)
JoeHill
joehill-R6A+fiHC8nRWk0Htik3J/w at public.gmane.org
Sat Jul 11 01:31:23 UTC 2009
Madison Kelly wrote:
> Erik (Caneris) wrote:
> > Madison wrote:
> >> Trick is doing it on our end for all customers... I've not
> >> been the one
> >> looking into it though, so I am not sure what the actual challenge is.
> >>
> > Not sure what your setup is or how feasible MLPPP is for you guys, but as
> > far as doing SSH tunnel for all of our customers, that was not terribly
> > difficult. We made a custom one-click version of putty which does
> > everything for the users, had the SSH tunnel box auth against RADIUS so no
> > prov work required and folks can login with their existing PPPoE logins,
> > documented the steps for them, and that's pretty much it. It's still in
> > beta, but we're about to roll it out across the user base. It's not
> > perfect, but it's decent enough for now. We're going to improve the method
> > and docs a bit as we go, it's a bit narrow in scope right now. Check out
> > http://www.caneris.com/Support#sshtunnel
> >
> > We weren't the first to use this method, but we were the first to make it
> > that easy from the end user's perspective, simply due to the customized
> > version of putty combined with the docs. So, you should be able to
> > replicate that setup pretty easily for your customers.
> >
> > We're still considering whether doing MPPE is worth the effort. It would
> > certainly be a "cleaner" solution, but we haven't researched how widespread
> > CPE support is for it nor the full impact on our LNSs, RADIUS, OSS, tools,
> > and everything else. MPPE requires CHAP, not PAP, if I'm not mistaken, so
> > that's one of the main issues.
> >
> > Erik
> > --
> > The Toronto Linux Users Group. Meetings: http://gtalug.org/
> > TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> > How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
> >
>
> Our case is a bit different, as a good percentage of our users are on
> Linux or some variation of Unix. We need to find an OS-independent
> solution. I think the big boss has been playing with some stuff, but
> I've been too jammed up on another project to really look into it close
> myself.
>
> It's madness that we have to deal with this at all, truth be told.
> Bloody useless CRTC. If Bell really gave a damn they'd invest the money
> they've spent on this gambit in upgrading their infrastructure.
>
> I am ranting now, I digress...
This is where I'm in agreement with Robert Kahn that government will never be
able to guarantee any kind of 'net neutrality'. The strength of the Internet is
that it can be very easily manipulated to circumvent any attempts at censorship.
I have little or no faith in bureaucrats to protect my networking freedoms, but
I am damned sure the hackers will always be on the lookout for new and more
wonderful ways for me to stick it to the man ;)
--
J
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list