OpenVPN Open Beta

[kgc]

We've deployed an OpenVPN AS server for testing and are ready to open this to a open beta to our customers. Clients for all major platforms are available including most *nix distributions as well as many home brew router and network appliances. Just log in with your primary sonic username and password to http://beta.vpn.sonic.net and then install the appropriate client or download the profile to import into your preferred client. It is generally pretty self explanatory. Usernames are case sensitive.

Some know issues:

On windows, Firefox is unable to detect when the client is installed and so auto-connect through the browser is broken. If Firefox is your preferred client you can either use another browser or open the connection through the tray app.

On OSX, because the installer is unsigned you have to right click on the package to install it.

For mobile clients, after installing the client you should download and open the profile to import it into the app OR launch the app and import the "Access Server Profile" from the server.

[dherr]

Seems to work for Fedora release 21, 64bit. I already had openvpn installed so it was just a case of downloading the connect script and starting it up.

Since I was now on the Sonic network I had to change name servers since the AT&T servers would not let me on. Expected, but forgot about that.

Checking speeds I see from my GKrellM monitor that it is not doing full speed but the test *shows* as if I now have something like 100M:

Sonic speed test...
Last Result:
Download Speed: 98277 kbps (12284.6 KB/sec transfer rate)
Upload Speed: 1732 kbps (216.5 KB/sec transfer rate)
Latency: 29 ms
Jitter: 1 ms
7/17/2015, 4:12:33 PM

AT&T test:
Download Speed  69.83 Mbps (8728.3 KB/sec transfer rate)
Upload Speed  1.76 Mbps (220.1 KB/sec transfer rate)
Latency  33 ms
Jitter  1 ms

For a more honest view of speed I pulled down the Sonic test file:
testfile.compressed.100meg: 100.00 MB 2.56 MB/s

Without VPN I get:
testfile.compressed.100meg: 100.00 MB 2.71 MB/s

[kgc]

The OpenVPN does compress traffic so a compressible stream could conceivably go faster than link speed but I'm not sure what this amounts to in the real world.

[netllama]

I gave this a try on my Android phone and it worked fine. I didn't bother to do any performance testing, as 99% of the time that I'd actually want to use the VPN, I'm going to be sitting on someone else's network anyway, with all the other problems that come from random networks of varying quality.

[goetsch]

Loaded it onto my Mac (OS X 10.10.4) and it worked fine until I turned it off. At that point, I wasn't living in VPN land, but it didn't return me to my regular FTTN connection either. Only after I uninstalled it completely was I able to get back to my original state. I understand it's Beta, but I think maybe it's a bit too Beta for me.

[Guest]

We've deployed an OpenVPN AS server for testing and are ready to open this to a open beta to our customers.

Thanks. What are the policies of the infrastructure? For example, what is the timeout? If we have activity that bypasses the timeout is there a cutoff time that people talked about for the IPsec VPN?

[rtrinh]

Played around with it tonight. Managed to get it working on my Netgear WNDR3700v2 running DD-WRT (v3.0-r27456 (06/27/15) std) using the guide on the following site. https://www.expressvpn.com/tutorials/dd ... rs_openvpn

Two differences was enabling pass authentication so you can enter your sonic username and password. And the "mss-fix/fragment across the tunnel" was left blank. Or in my case I didn't have that entry or it was renamed to "Tunnel UDP Fragment" which I left blank.

Very interesting transfer speeds with VPN.
Speedtest.net ~17.65mbps down, 1.65mbps up
speedof.me ~11.57mbps down, 1.78mbps up

And to just compare without VPN.
Speedtest.net ~23.05mbps down, 1.73mbps up
speedof.me ~24.51mbps down, 1.83mbps up

Something I noticed while using a test router running DD-WRT is that it would fail the handshake if it wasn't the device that was chosen for the IP passthru on the NVG589. On the same test router it would also would fail to resolve the server name before even attempting to make a handshake when I switched to the IP.

Maybe someone else can find some better optimized settings from here. I never touched OpenVPN until tonight.

[blakers]

Using the VPN, what IP will our connections be seen as originating *from*?

It'll be A Sonic-namespace address, of course ... I assume it'll be shared, but static?

How will that IP be listed, if at all, for policy usage? Specifically, how will it be defined/listed at Spamhaus' PBL (https://www.spamhaus.org/pbl/) re: AUP?

Am I correct in my understanding that any services running on our local nets that we want accessible from the outside will need to remain on our unique, AT&T-allocated IP, and be EXCLUDED from routing over the Sonic VPN?

[guest]

On my network, I'm seeing 11Mbps down and about 4Mbps up when on VPN. When I'm off VPN, I'm seeing about 14Mbps down and 1 Mbps up. Is it the compression that accounts for the increase in upload speed?
Upload speed has been a constant issue for me.

[m2m3]

On my network, I'm seeing 11Mbps down and about 4Mbps up when on VPN. When I'm off VPN, I'm seeing about 14Mbps down and 1 Mbps up. Is it the compression that accounts for the increase in upload speed?
Upload speed has been a constant issue for me.

While running the VPN software, I was seeing about the same speeds, except for some occasions where my download speed would start out between 30-45 Mbs and ramp down to to slightly above normal by the end of my speed tests. I used multiple testers to make sure that I found consistency. One of the best testers is at DSL Reports site.

My ping times were anywhere from about normal (25-30 ms) to 62 ms. Also, my IP address started with 69.x.x.x.

Since I was OK with the results, I placed all of the keys and certs from the VPN program configuration into my dd-wrt enabled router and see no real speed or performance difference than without the VPN enabled. I assume that I have everything properly set, as seems to be the case. I also noticed that my IP address stays within the 50.x.x.x range as before.