OpenVPN Open Beta

[Guest]

Any system which does not automatically reconnect, regardless of what the timeout is currently set to, is broken if it is intended to be used as a whole home/fixed vpn solution. Any network event, including regular maintenance, would leave your connection down requiring manual intervention - that doesn't make sense.

It does make sense if you contrast the frequency of maintenances with the current timeout duration. How often does Sonic do a network maintenance? It's certainly not every day. Your logic is similar to saying that any roof that can be damaged by snow and doesn't automatically repair itself is broken if the roof is intended to be used as a permanent shelter becase maintenance of the roof would leave the residents temporarily without a shelter. Losing your shelter once every few months or years isn't the same as losing it once every day.

The main reason that there is a timeout at all is to force the clients to reauthenticate on a regular interval. If we delete or lock your account it will stop working automatically without us having to specifically write code to seek out and disconnect active sessions. Ideally openvpn would be able to reauthenticate on a specified interval to keep the existing connection but, as far as I know, this isn't possible.

There is no "if" for customers who are using your VPN to stay permanently connected to the Internet. Using the VPN to stay connected to the Internet permanently is the reality rather than a mere conditional. Wasn't the whole point of opening a separate OpenVPN server to serve such customers?

What makes the situation so ludicrous isn't even the minor inconvenience. Rather, it's your rationale for forcing reauthentication. It's not to prevent fraudulent access to the VPN account, but to prevent users whose accounts were "deleted or locked" from staying connected. Really? You're so worried about banned users staying connected that you're willing to force everyone to reauthenticate every 24 hours? If my account was just closed by Sonic, finding out how to stay connected to your VPN would be the last thing on my mind.

The certificate type and some other options will be tweaked when we deploy the production service.

If you want your VPN to have value to customers, then you should get rid of the 24 hour timeout. I understand the OpenVPN server is still in its beta period, so I'm willing to wait patiently while you make any necessary changes, but your current reason for forcing reauthentication is patently ridiculous.

[end]

There has been a new vuln posted to that leaks ip over vpn called port fail.

Information can be found here: https://www.perfect-privacy.com/blog/20 ... orwarding/

It effects both openvpn and ipsec.

[Guest]

There has been a new vuln posted to that leaks ip over vpn called port fail.

Information can be found here: https://www.perfect-privacy.com/blog/20 ... orwarding/

It effects both openvpn and ipsec.

Not a big issue. http://it.slashdot.org/story/15/11/27/2 ... s#comments

[a17322a]

What is the max attainable speed when using FTTN x2 with OpenVPN?

I am on the 50MBPS downlad / 6MPBs Upload, but when connected to OpenVPN via an asus router client I can only get around 15MBPS down and 5MBPS up. Is my configuration wrong or is that the restrictions of OpenVPN?

[abhi.kris]

One new interesting behavior, I'm not sure if this is how it is supposed to work, is that on Mac OS X El Capitan I'm able to connect to the VPN ONLY from the website. I have the client downloaded and it sits in the notification bar. But I can't successfully connect to the VPN, it throws up a JSON error. But when I connect from the web the client seems to connect and the status changes to connected.

Is this normal behavior? Why do I absolutely have to connect to the webpage (http://beta.vpn.sonic.net) every time I open my laptop. Another weird behavior is that there is no automatic reconnect. I know there is discussion of a 24hour renegotiate. But every time it opens up from sleep? Seems weird.

[mediahound]

One new interesting behavior, I'm not sure if this is how it is supposed to work, is that on Mac OS X El Capitan I'm able to connect to the VPN ONLY from the website. I have the client downloaded and it sits in the notification bar. But I can't successfully connect to the VPN, it throws up a JSON error. But when I connect from the web the client seems to connect and the status changes to connected.

Is this normal behavior? Why do I absolutely have to connect to the webpage (http://beta.vpn.sonic.net) every time I open my laptop. Another weird behavior is that there is no automatic reconnect. I know there is discussion of a 24hour renegotiate. But every time it opens up from sleep? Seems weird.

Check out the app Viscosity. It works a lot better and has the auto reconnect, etc.

https://www.sparklabs.com/viscosity/

[Guest]

What is the max attainable speed when using FTTN x2 with OpenVPN?

I am on the 50MBPS downlad / 6MPBs Upload, but when connected to OpenVPN via an asus router client I can only get around 15MBPS down and 5MBPS up. Is my configuration wrong or is that the restrictions of OpenVPN?

Your Asus router don't have the CPU capacity to give more than what you're getting. Home routers capabilities are generally a crap shoot.

[pmbell]

What is the max attainable speed when using FTTN x2 with OpenVPN?

I am on the 50MBPS downlad / 6MPBs Upload, but when connected to OpenVPN via an asus router client I can only get around 15MBPS down and 5MBPS up. Is my configuration wrong or is that the restrictions of OpenVPN?

I'd need to go back and verify, but my memory is that I was able to do 35 mbps or so on the Windows 10 download with openVPN running. I was able to do about 40 mbps on the same task without openVPN. In theory I have 50/6 as well, but I've never seen that throughput level (with or without openVPN) the speedtest sites aren't as good as big, well-connected ISO - how fast can your router push traffic without VPN overhead?

I'm using a pfsense box, a dual core Atom processor and Intel NICs with native OS support.

[a17322a]

Looks like my asus only has a 600mhz processor, most likely to be the bottle neck.

Any suggestions on what router would work best to take advantage of the full available bandwidth?

[taupehat]

Just posting a quick note of thanks for this. Uploaded the profile to my Asus router, and am getting a solid 11/2 which is good enough and no more AT&T throttling of YouTube. Can expect I'd get better performance but the router is pegging CPU on high download.