VPN Blocked in Spectranet

Dear Friends,
When Spectranet started blocking access to link-removed, Imagebam, etc since last few weeks, I signed up for VPN service from PrivateInternetAccess. Everything went fine for few days.
But today not a single site is opening up. It shows that DNS query failed, etc.
Has Spectranet started blocking the VPN traffic?

Problem rectified.
It seems there was some problem at PrivateInternetAccess' end.
Anyways I won't be surprised if Indian ISPs started blocking VPN traffic to tighten the noose around internet users in India.
The biggest dilemma I now face is: if ISPs here do start blocking the VPN traffic, how would I safely login to my own websites that don't have SSL encryptions. The passwords to those sites will be bare open to the ISPs all thanks to their DPI based intrusion into our privacy.

First things first: Can you ping any external IP addresses when connected to the VPN? Say, for example 74.125.236.114.

savvy said:

Problem rectified.It seems there was some problem at PrivateInternetAccess' end. Anyways I won't be surprised if Indian ISPs started blocking VPN traffic to tighten the noose around internet users in India. The biggest dilemma I now face is: if ISPs here do start blocking the VPN traffic, how would I safely login to my own websites that don't have SSL encryptions. The passwords to those sites will be bare open to the ISPs all thanks to their DPI based intrusion into our privacy.

Click to expand...

Not the ISPs, the government - 2 very different entities. Unfortunately, ISPs are required by Indian law to collude.

VPN traffic is basically ssl stopping that means that nearly 70% of net is not going to work , so you can rest at ease vpns cannot be blocked, nearly every company depends on a vpn network for their employees to work in, vpns is not just for downloading from torrents and all 😛

Good to hear its working again or problem is at PIA`s end.
Can you tell us about the PIng / speed of this VPN ? And how did you choose the VPN ? Did you check the pings , speeds ?
I too am looking for a good , ISP like(in terms of speed/ping) VPN.

Hi Mg,
Thanks for the reply.
Yes I can now ping the external IP addresses. And the sites are opening without any lag.
As for the internet restriction, blocking entire file sharing sites like link-removed also doesn't service any purpose. There are lots and lots of other filehosting sites. If their motive is to stop piracy, they can easily monitor the files using crawlers like Filestube/rapidlibrary and then notify the site owner for DMCA violation.
Further, last night, when I was not on VPN, opening random images on Facebook showed me the page "This URL is blocked by orders from DoT". Ridiculous indeed.

@dovahkiin
I hope so. It's good to know that VPN won't be blocked because password safety is very critical when logging into the admin area of your website.

@naveen_reloaded
Speed in this VPN is good. Haven't experienced any disconnection or speed lag when using it. I found out about this VPN from LifeHacker blog's post where they recommended using VPN to safeguard the passwords.

savvy said:

Hi Mg, Thanks for the reply.Yes I can now ping the external IP addresses. And the sites are opening without any lag.

Click to expand...

Good to hear.

savvy said:

As for the internet restriction, blocking entire file sharing sites like link-removed also doesn't service any purpose.

Click to expand...

Can't disagree, but worryingly, copyright holders in various parts of the world (not just the US) seem to be wielding increasing amounts of power and are using increasingly dirty tactics to get sites blocked, seized or shut down.

savvy said:

There are lots and lots of other filehosting sites. If their motive is to stop piracy, they can easily monitor the files using crawlers like Filestube/rapidlibrary and then notify the site owner for DMCA violation.

Click to expand...

Correct, but they're lazy. It's just *easier* for them to convince a judge to issue an order to block an entire site/IP range and be done with it.Unfortunately, they still haven't cottoned on to the fact that this usually results in a Streisand effect.

savvy said:

Further, last night, when I was not on VPN, opening random images on Facebook showed me the page "This URL is blocked by orders from DoT". Ridiculous indeed.

Click to expand...

Yeah, that'll happen with these stupid blanket bans.

savvy said:

@dovahkiinI hope so. It's good to know that VPN won't be blocked because password safety is very critical when logging into the admin area of your website.

Click to expand...

If you're logging in to a site protected by SSL, a VPN isn't entirely necessary. The purpose of a VPN is generally supposed to be such that you *appear* to be on another network (eg the corporate network) so that the admins don't have to go poking holes in the firewall and all that sort of nonsense. In my case, I might use it to access some service (say mysql on one of my database servers, or our internal billing system) by logging in to a VPN server on my network using a token, and then I can allow connections to say mysqladmin only to be from that one IP, rather than having to add rules every time I shift to a different network/ISP/country. Which in my case happens often. It's both more secure and more convenient to do it this way, considering the alternative would be to allow a potentially sensitive page (or indeed and entire server) to be visible to the public internet (both mentioned cases this would be a bad idea). If VPNs didn't exist, I wouldn't *mind* transmitting my password from any given network considering those servers are protected by SSL and aren't going to be transmitted in plain text, but, since VPNs do exist, it affords me the opportunity to simply deny any network other than my own from even trying - or even knowing that the servers in question exist at all.The way consumers use a VPN, however is to get around URL/IP blocks because the regime they happen to live in is oppressive enough that it goes around blocking certain parts of the Internet, that is to say, the tool has been repurposed - and using a VPN only to protect a password is redundant unless the network itself is insecure (open wifi, poisoned dns, fake login page etc). Not a bad thing to be redundant, just... not entirely necessary. You're only moving the end-point for the traffic from A to B, and generally speaking a VPN is only really trustworthy if you own it *and* in reality, passwords aren't usually sniffed out of the air (they're usually obtained from big spankin' database dumps of the company that was targeted that week).

@mg
Very plausible scenario you have mentioned for the good use of VPNs. Here, I use a Linode VPS to host three websites. None of them have SSL certs installed in them. To prevent non-encrypted text passwords from going to the local ISP, it'd be good to use VPN which have gateways abroad. Now I think the websites will be more secure with "Extended Validation Multi-Domain SSL Certificate". Multi domain certificate will be good so that I don't have to allocate dedicated IPs for each website.
As for the mysql service, I use SSH to log into the server with key-pair authentication and have disabled the remote login.

savvy said:

@mg Very plausible scenario you have mentioned for the good use of VPNs. Here, I use a Linode VPS to host three websites. None of them have SSL certs installed in them.

Click to expand...

In any case, your use of a VPN is useless because you're still transmitting an insecure password from the end-point of your VPN to your VPS.If it's for personal use, why not just generate a self-signed one? It's only for the server, not for any transactions, so shouldn't be an issue since you'd probably be the only one using it. If it were for a SOHO operation and you wanted to use it for other people, just get a $25 certificate - should be good enough for email even if it would still theoretically work just as well for ecommerce. If it's for a bigger business, get a bigger better certificate accordingly.

savvy said:

To prevent non-encrypted text passwords from going to the local ISP, it'd be good to use VPN which have gateways abroad.

Click to expand...

In India, that would be no ISP, but you're going to have to trust that the tranffic from the end-point on any VPN you are using and your server isn't being sniffed too. For all you know, it could be even more pervasive than India.

savvy said:

Now I think the websites will be more secure with "Extended Validation Multi-Domain SSL Certificate". Multi domain certificate will be good so that I don't have to allocate dedicated IPs for each website.

Click to expand...

...might be overkill for what you want to do.

savvy said:

As for the mysql service, I use SSH to log into the server with key-pair authentication and have disabled the remote login.

Click to expand...

...I was just giving an example of how I might use it (or require it to be used). These days I don't feel the need to directly manipulate any of my databases, it's not my job.In any case, it appears you already have a key set up for SSH, why not set up your server control panel and/or mail and/or whatever else you're logging in to to use the same key? Or even another similarly generated key?

@mg
In that case I'll be better off with a self-signed certificate that secures the communication with the admin panels of the website CMSes. That would encrypt the passwords and would trivialize the use of VPN for the time being.
Thanks for the helpful suggestions, MG. You are the best.