My end to ISP fustration: openvpn with a VPS

My end to ISP fustration: openvpn with a VPS

Gadi Cohen dragon at wastelands.net
Sat Feb 6 22:24:52 IST 2010


Amos Shapira wrote:
> Not relevant for me (I'm not in Israel) but have you checked the
> connectivity of this box to the rest of the net? If it's through NV
> then you might end up in (or close to) square 1.
>   
Yeah, this was the main issue.  A traceroute shows that it goes through
012.net.  But even if it was going through NV, I doubt they'd cap
servers the same way they do their users.  What good is a server that
can only manage 6k/sec? :)

Some more on this for those interested... it looks like NV just have
some special rules that go into effect during times of peak traffic.  My
speeds and email are fine most of the time, but in the evenings this
weekend suddenly my slightly less regular mail ports (587, imap ssl on
993) are blocked again and certain intl bandwidth is down to 6k/sec. 
During such times, I can tunnel through the VPN, access my email and
download at normal speeds again.
> Also as others said - check the terms of promised bandwidth in your
> contract, and how much you expect the hosting company to abide by
> them.
>   
Can you be more specific?  What am I checking for?
> Hetz Ben Hamo has a post in his blog about setting up a VPS in Europe
> which might be cheaper and still very accessible from/to Israel. Not
> sure how much this is relevant to you (depends on your destinations),
> but maybe also worth consideration.
>   
Doesn't help.  I have a server in the US, which is barely accessible
during these peak times I mention.  The point on having the VPS in
Israel is that all the caps, QOS, limits, blocks, etc, only affect
international traffic.
> About NV network - many people who access tapuz.co.il from Australia
> mention that they have intermittent problems to access it in the last
> few weeks, traceroute's from Australia die on the NV->London hop. I
> don't follow NV's network status but maybe it's related.
>   
I go a bit off topic again here, but a friend reliably claims that NV
has a data centre in London that inspects all their customers traffic
and shapes it accordingly.  Apparently its for "security reasons", I
think it's just for damage control on oversold bandwidth.  I haven't
checked this out too much, but it did seem strange to sometimes see
packets headed to the US going through London.  Anyway, point being - I
don't want my ISP inspecting my packets and affecting my traffic, so
this solution is great for me.

Tzafrir Cohen wrote:  (and similar point bought up by Hetz Ben Hamo)
> With OpenVZ you'll probably have a problem setting up extra network
> interfaces for the tunnels. If you need a VM to be used as a "VPN
> server", you should probably go with Xen (or KVM).
>   
I actually had a very bad experience with xen, but it was a few years
back.  Exactly the problem that Hetz mentioned; other VPS on the box
started doing some heavy IO, and my machine was unusable.  Eventually
replaced it with a (physically) real rented server, since it was for
production use.  The VPS I'm using now is on VMware, which apparently
has a good track record.
> This host is a 20$/month account, and is certainly not the cheapest. It
> also doubles as my OpenVPN server.
>   
And bandwidth?  The $29 gets me 500gb burstable.

Since it doubles as your openvpn server - what are you using it for? 
Any comments on the plan for mine?

Gadi

-- 
Gadi Cohen aka Kinslayer <dragon at wastelands.net> www.wastelands.net
Freelance admin/coding/design HABONIM DROR linux/fantasy enthusiast
KeyID 0x93F26EF5: 256A 1FC7 AA2B 6A8F 1D9B 6A5A 4403 F34B 93F2 6EF5

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20100206/6cbcc9d6/attachment.html>


More information about the Linux-il mailing list