Search Amazon.com:
Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
«90 »
  • Post
  • Reply
anthonypants
May 6, 2007



Dinosaur Gum

Thermopyle posted:

I transfer like a terabyte per month through my DigitalOcean-hosted VPN which costs me $5/month.
Algo also has a referral code on their GitHub for $10 of Digital Ocean credit.

Adbot
ADBOT LOVES YOU

Potato Salad
Oct 23, 2014




Tortured By Flan

I am one with the Khala.

Mr. Crow
May 22, 2008

Snap City mayor for life


Thermopyle posted:

I transfer like a terabyte per month through my DigitalOcean-hosted VPN which costs me $5/month.

Can you post details? What's your peak bandwidth? What sort of encryption are you running?

I'm not buying y'all are doing anything other than browsing the web and throttled torrenting on those machines, certainly not streaming video, but maybe I'm retarded (likely).

Trabisnikof
Dec 24, 2005

It's always 2am somewhere.


Mr. Crow posted:

Can you post details? What's your peak bandwidth? What sort of encryption are you running?

I'm not buying y'all are doing anything other than browsing the web and throttled torrenting on those machines, certainly not streaming video, but maybe I'm retarded (likely).

You really think you'll push more than 1TB a month?

https://www.digitalocean.com/commun...hat-will-happen

quote:

The rule of thumb is to avoid anything which uses over 300mbps on a constant basis.

anthonypants
May 6, 2007



Dinosaur Gum

Trabisnikof posted:

You really think you'll push more than 1TB a month?

https://www.digitalocean.com/commun...hat-will-happen
I can hit just over 1TB/month on my home connection without torrenting. But 300Mbps over a month is still 98TB, so,

ChubbyThePhat
Dec 22, 2006



e: wrong as gently caress thread

Content >> I have no idea how much bandwidth I push over my VPN monthly, but my home connection (Twitch, Youtube, imgur, stuff) can push 1TB with those services alone.

ChubbyThePhat fucked around with this message at Oct 18, 2017 around 23:16

Mr. Crow
May 22, 2008

Snap City mayor for life


I realize my previous post was probably a little hostile, I am curious on the details but for $5 or even $20 and the potential to be in control of my own VPN I gotta try it.

Why none of this poo poo came up when I was searching a couple weeks ago I have no idea.

bobfather
Sep 20, 2001

I will analyze your nervous system for beer money

Mr. Crow posted:

I realize my previous post was probably a little hostile, I am curious on the details but for $5 or even $20 and the potential to be in control of my own VPN I gotta try it.

Why none of this poo poo came up when I was searching a couple weeks ago I have no idea.

Likely it just involves getting the small digital ocean droplet for $5 a month and installing Algo on it. Done.

myron cope
Apr 21, 2009



I just did the algo deploy to DigitalOcean (actually I'd done it before, destroyed that droplet for Streisand today, then went back to algo). Am i really supposed to just create a new server instead of updating it? The FAQ seems to suggest that.

It's fairly easy to do, but it's a pain setting up the VPN connections everywhere. Can I just apt-get update && apt-get upgrade every once in a while?

Thermopyle
Jul 1, 2003

...the stupid are cocksure while the intelligent are full of doubt. —Bertrand Russell


Mr. Crow posted:

Can you post details? What's your peak bandwidth? What sort of encryption are you running?

I'm not buying y'all are doing anything other than browsing the web and throttled torrenting on those machines, certainly not streaming video, but maybe I'm retarded (likely).

I just posted a link to the thread where I describe it up thread a few posts. It's the one to the thread about algo.

Turnquiet
Oct 24, 2002

My friend is an eloquent speaker.


Grimey Drawer

Funny story, identity is the edge of security. All you fuckbois trying to justify your existence without even considering identity as an IT and security function are about 5 years behind. loving google dropped their firewall/blocking/corp-public network segmentation bullshit because if you know who wants your data you can drop all that blocking poo poo and instead opt for an entitlement model.

I swear I said the same thing in an earlier version of one of these threads, but we all get too aroused over red teams to see the easy solution.

anthonypants
May 6, 2007



Dinosaur Gum

Turnquiet posted:

Funny story, identity is the edge of security. All you fuckbois trying to justify your existence without even considering identity as an IT and security function are about 5 years behind. loving google dropped their firewall/blocking/corp-public network segmentation bullshit because if you know who wants your data you can drop all that blocking poo poo and instead opt for an entitlement model.

I swear I said the same thing in an earlier version of one of these threads, but we all get too aroused over red teams to see the easy solution.
Who are you trying to argue with here

apseudonym
Feb 25, 2011



Turnquiet posted:

Funny story, identity is the edge of security. All you fuckbois trying to justify your existence without even considering identity as an IT and security function are about 5 years behind. loving google dropped their firewall/blocking/corp-public network segmentation bullshit because if you know who wants your data you can drop all that blocking poo poo and instead opt for an entitlement model.

I swear I said the same thing in an earlier version of one of these threads, but we all get too aroused over red teams to see the easy solution.
No one has claimed (yet) in this discussion has claimed anything about firewalls...

Proteus Jones
Feb 28, 2013



anthonypants posted:

Who are you trying to argue with here

Who knows. It's reductionist bullshit anyway. No one claimed identity wasn't important, but it's not the end all be all either.

Furism
Feb 21, 2006

Live long and headbang


Why do you guys say "push 1TB" when you mean "pull"?

Volmarias
Dec 31, 2002


Furism posted:

Why do you guys say "push 1TB" when you mean "pull"?

Sometimes when we want to move the big crate of data it doesn't have straps or handles, so we sort of have to shove it and push it to get it over there instead of being able to pull it.

That's just how bandwidth works

Thanks Ants
May 21, 2004

Bless you, ants. Blants.




Fun Shoe

Look man, it's not just a big truck you can dump stuff on.

BangersInMyKnickers
Nov 3, 2004

I have a thing for courageous dongles



Turnquiet posted:

Funny story, identity is the edge of security. All you fuckbois trying to justify your existence without even considering identity as an IT and security function are about 5 years behind. loving google dropped their firewall/blocking/corp-public network segmentation bullshit because if you know who wants your data you can drop all that blocking poo poo and instead opt for an entitlement model.

I swear I said the same thing in an earlier version of one of these threads, but we all get too aroused over red teams to see the easy solution.

My firewalls verify identity with kerberos tickets gently caress off.

ChubbyThePhat
Dec 22, 2006



Volmarias posted:

Sometimes when we want to move the big crate of data it doesn't have straps or handles, so we sort of have to shove it and push it to get it over there instead of being able to pull it.

Kicking and screaming where necessary.

Sheep
Jul 24, 2003


Thanks Ants posted:

Look man, it's not just a big truck you can dump stuff on.

Yes it is.

Proteus Jones
Feb 28, 2013




"Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway." --Andrew S. Tanenbaum

Furism
Feb 21, 2006

Live long and headbang


Proteus Jones posted:

"Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway." --Andrew S. Tanenbaum

Yeah but the latency is poo poo.

EVIL Gibson
Mar 23, 2001

THE CLOUD WILL PROTECT US


Furism posted:

Yeah but the latency is poo poo.

Compared to data transfer via pigeon where poo poo is packet signal amplification .

Mr. Crow
May 22, 2008

Snap City mayor for life


Since nobody would answer and if anyone reading cares, a cheap droplet chokes openvpn at about 150 Mbps with aes-128.

astral
Apr 26, 2004

Out there.


Mr. Crow posted:

Since nobody would answer and if anyone reading cares, a cheap droplet chokes openvpn at about 150 Mbps with aes-128.

IPSec ought to perform better, if you haven't tried that yet - I believe that's what Thermopyle is using.

Furism
Feb 21, 2006

Live long and headbang


IPSEC will always be better than OpenVPN because it's implemented at lower layers of the OSI model ; there's less overhead. It can lead to packet fragmentation though (because it makes the IP headers larger) but that's not really a problem nowadays. Also it's kinda more secure because you've got two rounds of key exchanges, the second one being fully encrypted since the beginning by the first one. Another downside of IPSEC is that sometimes it's blocked in hotels or public Wifi (this is less and less true ; I do travel my fair share in EMEA and only once or twice out of dozens of hotel was IPSEC blocked). And last but not least, IPSEC clients are implemented natively in all major OSes so you don't need to download a client. I honestly don't know why VPN services use OpenVPN and not IPSEC. I mean, there's a reason companies use IPSEC (or some proprietary SSL-VPN solution ; and yes they loving say SSL when it's TLS, assholes) and not OpenVPN

Now that being said, none of this is really anonymous. This is why earlier in the thread I asked to know more about the guy's use case. Like anything encrypted, the meta-data has to be unencrypted because that's just the way these protocols work. You still need a source and destination IP and port. If somebody is monitoring your connection they know the destination IP, which'll be your VPN exit point probably (unless the VPN provider does internal routing and makes your packet come out from a random IP ; it's better but still not bulletproof). So then you monitor the exit point and by comparing the packets you can confirm if it's the same person or not. It's been proven to work, and for a while, as we know, all ISPs were tapped so anyone could run this kind of analysis nation-wide.

Of course this matters only if a state if after you, for good or bad reasons.

Also I could be wrong and not know OpenVPN enough and talk out of my rear end. I really like IPSEC

Lain Iwakura
Aug 5, 2004

The body exists only to verify one's own existence.


Taco Defender

The problem with IPSEC is that while it is good on paper, every vendor does something slightly differently to make it a pain to inter-operate. Try and get a Juniper and a Sonicwall to talk to each other via IPSEC and then suggest to me that it will be good for a VPN service. I agree with what you're saying, but I think that OpenVPN is preferred due to support reasons.

D. Ebdrup
Mar 13, 2009


IPsec can actually be astonishingly fast even on relatively old hardware.
Some benchmarks done on FreeBSD 11.0 show that on a Xeon L5630 from 2010, IPsec doing ~850Mbps whereas OpenVPN manages a respectable ~547Mbps
These benchmarks were done before IPsec was moved into a kernel module (instead of being statically compiled into the config, in addition to which NAT-T was added), plus the network stack, opencrypto and other parts has seen quite a bit of speed improvments since, so IPsec may be approaching or topping gigabit linespeed on more modern hardware.

EDIT: Don't let a small CPU discourage you from using a VPN if you're on a hotspot, even an APU2 with a 1GHz quad-core AMD can manage ~350Mbps

D. Ebdrup fucked around with this message at Oct 20, 2017 around 20:54

Docjowles
Apr 9, 2009



Lain Iwakura posted:

The problem with IPSEC is that while it is good on paper, every vendor does something slightly differently to make it a pain to inter-operate. Try and get a Juniper and a Sonicwall to talk to each other via IPSEC and then suggest to me that it will be good for a VPN service. I agree with what you're saying, but I think that OpenVPN is preferred due to support reasons.

This is fair. I must have spent 2 weeks trying to get a goddam site-to-site ipsec tunnel setup with Rackspace, talking to techs who ostensibly know what they're doing.

"Please configure a tunnel using these settings and these networks"
"ok we did it"
"it won't come up, some poo poo is wrong on Rackspace's end"
"nah"
*repeat this exchange like 20 times*
"oh actually we typoed a subnet mask, try it now"
*tunnel immediately comes up. I pour 5 fingers of bourbon*

ipsec has a lot of knobs and is fiddly as hell. Which is good for security but bad for random people who just want something to work. Enter OpenVPN.

Thermopyle
Jul 1, 2003

...the stupid are cocksure while the intelligent are full of doubt. —Bertrand Russell


Docjowles posted:


ipsec has a lot of knobs and is fiddly as hell. Which is good for security but bad for random people who just want something to work.

This is why algo is good. (at least seemingly...im not qualified to really judge it)

Unfortunately, on Android you need a client app to use algos ipsec VPN.

Powered Descent
Jul 13, 2008

We haven't had that spirit here since 1969.

I just have a $2/month Linux VPS, connect to it with ssh -D <someportnumber>, point Firefox to the SOCKS proxy at localhost:<thatportnumber> and set network.proxy.socks_remote_dns to true. Boom, done. (True, it only protects traffic from that browser, but that's 99% of everything these days.) It even works with my phone; if I have the settings saved in ConnectBot, it takes about three taps to connect and I'm good to go.

(Which reminds me, is there a way to do an ssh tunnel from an iPhone yet? It seems to be one of the lines that Apple doesn't want you coloring outside of.)

anthonypants
May 6, 2007



Dinosaur Gum

Powered Descent posted:

I just have a $2/month Linux VPS, connect to it with ssh -D <someportnumber>, point Firefox to the SOCKS proxy at localhost:<thatportnumber> and set network.proxy.socks_remote_dns to true. Boom, done. (True, it only protects traffic from that browser, but that's 99% of everything these days.) It even works with my phone; if I have the settings saved in ConnectBot, it takes about three taps to connect and I'm good to go.

(Which reminds me, is there a way to do an ssh tunnel from an iPhone yet? It seems to be one of the lines that Apple doesn't want you coloring outside of.)
I really doubt iOS allows you to open local ports.

Dylan16807
May 12, 2010


anthonypants posted:

I really doubt iOS allows you to open local ports.

At least for doing it on localhost a quick google says that proxying over ssh works just fine. But you have to deal with background network connections getting killed after 10 minutes.

anthonypants
May 6, 2007



Dinosaur Gum

Dylan16807 posted:

At least for doing it on localhost a quick google says that proxying over ssh works just fine. But you have to deal with background network connections getting killed after 10 minutes.
And that result you found was from 2017?

Adbot
ADBOT LOVES YOU

Dylan16807
May 12, 2010


anthonypants posted:

And that result you found was from 2017?

2016.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
«90 »