OpenVPN Service

Advanced feature discussion, beta programs and unsupported "Labs" features.
64 posts Page 7 of 7
by drew.phillips » Tue Aug 23, 2016 5:34 pm
Guest wrote:
For those of us who know just enough networking to be dangerous (I understand basic TCP/IP addressing, setting up a home network, NAT, etc).. Is this mostly just to allow all traffic from your home machines to be hitting the 'net from ovpn.sonic.net, rather than someIP@att.net, and to be routed through sonic's pipes, instead of at&t's pipes to the next peering partner? I get the privacy features - your real IP is hidden.


Yes, but additionally, your traffic is encrypted over ATT's network (the main motivator for this). So as soon as your net traffic leaves your computer, it's encrypted meaning ATT et al cannot see it. Once it hits Sonic's VPN the traffic is decrypted and routed where it needs to go (note HTTPS traffic would still be encrypted between the VPN endpoint and the destination - we couldn't decrypt the contents since the SSL/TLS handshake took place between your computer and the remote server).


Guest wrote:
I have torguard BT proxy + VPN service and have used it at times to make it appear an individual machine is originating elsewhere (for location-based reasons). I am guessing this is similar, except you don't get to pick your exit node (it's always sonic.net in CA), but it's free with sonic service. Does the Pace modem support this, or do I need a custom router? Can this work together with torguard's bittorrent proxy?


Right, you don't get any choice of where your traffic appears to come from. The goal is more privacy than being able to appear to come from a particular region or location. Pace modems don't have OpenVPN built in, you can either run the software on your computer, or buy a router that does support it and bridge the modem to your router. Note: I have FTTN x2 and it was pretty easy to bridge the connection. Running the software on a computer only encrypts traffic for that machine, running it on a router can force it for everything.


Guest wrote:
Does it allow for a reverse-connection? That is, can I ssh to ovpn.sonic.net (or similar) with my sonic userid/password and have it connect back to my modem, which is set up to forward port 21 back to my main linux desktop (hosts.allow/hosts.deny configured to only allow connections from a few domains - I would add sonic.net)? That's the main thing I'd like to add to my setup. I'm pretty sure torguard vpn can do that, but then I need to have some kind of dyn-dns service, whereas with sonic, wouldn't they know my "current" ip and can just forward it there?


Yes. You wouldn't ssh to ovpn.sonic.net but to the IP your VPN client gets assigned. For this reason, if you connect to the VPN using software on your PC, you should make sure your firewall rules are sufficient. Connecting from your computer opens you up to the internet just like plugging your PC directly into a modem and getting a WAN IP on your PC. If your router handles the connection, you're still firewalled and would need to set up port forwards to allow traffic from the VPN through to a service.

Hope that helps, let me know if you have any further questions.
Drew Phillips
Programmer / System Operations, Sonic.net
by tonyquan68 » Sun Nov 13, 2016 11:21 am
timyu94 wrote:
(Might be a stupid question)

Is there any chance that the OpenVPN service will utilize IPv6 anytime soon?

I have the uverse FTTN service and decided to enable IPv6 for the hell of it to test out if ATT's IPv6 implementation still lags / times out sites. I currently run the VPN on my Asus AC87 router and did a IPv6 test which showed an IPv6 connection via ATT while the IPv4 connection via went through Sonic.

While it isn't much of a problem as I've kept IPv6 off for years, it's a tad concerning that IPv6 traffic goes through att as their traffic shaping and subsequent buffering annoys the hell out of me and defeats the purpose of running the VPN.


This question never got answered. I'm in the same boat, but unlike the poster do need ipv6 and would prefer to have the Sonic VPN handle it as well. It looks to be supported in newer versions of OpenVPN: https://community.openvpn.net/openvpn/wiki/IPv6 Could Sonic consider deploying this?
by pratik » Fri Dec 16, 2016 10:24 pm
I would like to know, around what speed should I expect by using VPN.

I've following setup:
FTTN service (50MBPs)
PACE modem 5268AC.
ASUS RT-AC68R/U router configured with Sonic VPN (all traffic goes through VPN)

I run speedtest at speedtest.sonic.net from wired connected computer and I consistently get around 13MBPs. Is this normal or should I check any settings / ask for support?


[EDIT]: And I want to know how would port forwarding work in this case. I've all port forwards defined and saved in router, is that all that would be required?

Thanks
by tonyquan68 » Sat Dec 31, 2016 8:11 pm
tonyquan68 wrote:
timyu94 wrote:
(Might be a stupid question)

Is there any chance that the OpenVPN service will utilize IPv6 anytime soon?

I have the uverse FTTN service and decided to enable IPv6 for the hell of it to test out if ATT's IPv6 implementation still lags / times out sites. I currently run the VPN on my Asus AC87 router and did a IPv6 test which showed an IPv6 connection via ATT while the IPv4 connection via went through Sonic.

While it isn't much of a problem as I've kept IPv6 off for years, it's a tad concerning that IPv6 traffic goes through att as their traffic shaping and subsequent buffering annoys the hell out of me and defeats the purpose of running the VPN.


This question never got answered. I'm in the same boat, but unlike the poster do need ipv6 and would prefer to have the Sonic VPN handle it as well. It looks to be supported in newer versions of OpenVPN: https://community.openvpn.net/openvpn/wiki/IPv6 Could Sonic consider deploying this?


OpenVPN 2.4 is now out with further improvements on the ipv6 side:

https://openvpn.net/index.php/download/ ... loads.html

would Sonic consider providing ipv6 enabled VPN?
64 posts Page 7 of 7

Who is online

In total there are 3 users online :: 0 registered, 0 hidden and 3 guests (based on users active over the past 5 minutes)
Most users ever online was 422 on Sat May 26, 2012 5:28 am

Users browsing this forum: No registered users and 3 guests