VPN Blocked in Spectranet

savvy

Newbie
[OP]
Feb 18, 2012
48
10
New Delhi
Dear Friends,
When Spectranet started blocking access to -- link removed --, Imagebam, etc since last few weeks, I signed up for VPN service from PrivateInternetAccess. Everything went fine for few days.
But today not a single site is opening up. It shows that DNS query failed, etc.
Has Spectranet started blocking the VPN traffic?
 
  • Like
Reactions: 1 person

savvy

Newbie
[OP]
Feb 18, 2012
48
10
New Delhi
Problem rectified.
It seems there was some problem at PrivateInternetAccess' end.
Anyways I won't be surprised if Indian ISPs started blocking VPN traffic to tighten the noose around internet users in India.
The biggest dilemma I now face is: if ISPs here do start blocking the VPN traffic, how would I safely login to my own websites that don't have SSL encryptions. The passwords to those sites will be bare open to the ISPs all thanks to their DPI based intrusion into our privacy.
 

mgcarley

Founder, Hayai Broadband
Regulars
Jun 22, 2009
6,301
113
First things first: Can you ping any external IP addresses when connected to the VPN? Say, for example 74.125.236.114.
savvy said:
Problem rectified.It seems there was some problem at PrivateInternetAccess' end. Anyways I won't be surprised if Indian ISPs started blocking VPN traffic to tighten the noose around internet users in India. The biggest dilemma I now face is: if ISPs here do start blocking the VPN traffic, how would I safely login to my own websites that don't have SSL encryptions. The passwords to those sites will be bare open to the ISPs all thanks to their DPI based intrusion into our privacy.
Not the ISPs, the government - 2 very different entities. Unfortunately, ISPs are required by Indian law to collude.
 


  • Like
Reactions: 1 person

dovahkiin

Regular
Regulars
Feb 2, 2011
572
30
vpn traffic is basically ssl stopping that means that nearly 70% of net is not going to work , so you can rest at ease vpns cannot be blocked, nearly every company depends on a vpn network for their employees to work in, vpns is not just for downloading from torrents and all :p
 
  • Like
Reactions: 1 person

naveen_reloaded

>
Regulars
Sep 2, 2007
1,767
109
Good to hear its working again or problem is at PIA`s end.
Can you tell us about the PIng / speed of this VPN ? And how did you choose the VPN ? Did you check the pings , speeds ?
I too am looking for a good , ISP like(in terms of speed/ping) VPN.
 

savvy

Newbie
[OP]
Feb 18, 2012
48
10
New Delhi
Hi Mg,
Thanks for the reply.
Yes I can now ping the external IP addresses. And the sites are opening without any lag.
As for the internet restriction, blocking entire file sharing sites like -- link removed -- also doesn't service any purpose. There are lots and lots of other filehosting sites. If their motive is to stop piracy, they can easily monitor the files using crawlers like Filestube/rapidlibrary and then notify the site owner for DMCA violation.
Further, last night, when I was not on VPN, opening random images on Facebook showed me the page "This URL is blocked by orders from DoT". Ridiculous indeed.

@dovahkiin
I hope so. It's good to know that VPN won't be blocked because password safety is very critical when logging into the admin area of your website.

@naveen_reloaded
Speed in this VPN is good. Haven't experienced any disconnection or speed lag when using it. I found out about this VPN from LifeHacker blog's post where they recommended using VPN to safeguard the passwords.
Code:
ping google.comcom [173.194.35.1] with 32 bytes of data194.35.1: bytes=32 time=176ms TTL=54194.35.1: bytes=32 time=291ms TTL=54194.35.1: bytes=32 time=309ms TTL=54194.35.1: bytes=32 time=176ms TTL=54 for 173.194.35.1:nt = 4, Received = 4, Lost = 0 (0% loss)nd trip times in milli-seconds:76ms, Maximum = 309ms, Average = 238ms
 


mgcarley

Founder, Hayai Broadband
Regulars
Jun 22, 2009
6,301
113
savvy said:
Hi Mg, Thanks for the reply.Yes I can now ping the external IP addresses. And the sites are opening without any lag.
Good to hear.
savvy said:
As for the internet restriction, blocking entire file sharing sites like -- link removed -- also doesn't service any purpose.
Can't disagree, but worryingly, copyright holders in various parts of the world (not just the US) seem to be wielding increasing amounts of power and are using increasingly dirty tactics to get sites blocked, seized or shut down.
savvy said:
There are lots and lots of other filehosting sites. If their motive is to stop piracy, they can easily monitor the files using crawlers like Filestube/rapidlibrary and then notify the site owner for DMCA violation.
Correct, but they're lazy. It's just *easier* for them to convince a judge to issue an order to block an entire site/IP range and be done with it.Unfortunately, they still haven't cottoned on to the fact that this usually results in a Streisand effect.
savvy said:
Further, last night, when I was not on VPN, opening random images on Facebook showed me the page "This URL is blocked by orders from DoT". Ridiculous indeed.
Yeah, that'll happen with these stupid blanket bans.
savvy said:
@dovahkiinI hope so. It's good to know that VPN won't be blocked because password safety is very critical when logging into the admin area of your website.
If you're logging in to a site protected by SSL, a VPN isn't entirely necessary. The purpose of a VPN is generally supposed to be such that you *appear* to be on another network (eg the corporate network) so that the admins don't have to go poking holes in the firewall and all that sort of nonsense. In my case, I might use it to access some service (say mysql on one of my database servers, or our internal billing system) by logging in to a VPN server on my network using a token, and then I can allow connections to say mysqladmin only to be from that one IP, rather than having to add rules every time I shift to a different network/ISP/country. Which in my case happens often. It's both more secure and more convenient to do it this way, considering the alternative would be to allow a potentially sensitive page (or indeed and entire server) to be visible to the public internet (both mentioned cases this would be a bad idea). If VPNs didn't exist, I wouldn't *mind* transmitting my password from any given network considering those servers are protected by SSL and aren't going to be transmitted in plain text, but, since VPNs do exist, it affords me the opportunity to simply deny any network other than my own from even trying - or even knowing that the servers in question exist at all.The way consumers use a VPN, however is to get around URL/IP blocks because the regime they happen to live in is oppressive enough that it goes around blocking certain parts of the Internet, that is to say, the tool has been repurposed - and using a VPN only to protect a password is redundant unless the network itself is insecure (open wifi, poisoned dns, fake login page etc). Not a bad thing to be redundant, just... not entirely necessary. You're only moving the end-point for the traffic from A to B, and generally speaking a VPN is only really trustworthy if you own it *and* in reality, passwords aren't usually sniffed out of the air (they're usually obtained from big spankin' database dumps of the company that was targeted that week).
 
  • Like
Reactions: 1 person

savvy

Newbie
[OP]
Feb 18, 2012
48
10
New Delhi
@mg
Very plausible scenario you have mentioned for the good use of VPNs. Here, I use a Linode VPS to host three websites. None of them have SSL certs installed in them. To prevent non-encrypted text passwords from going to the local ISP, it'd be good to use VPN which have gateways abroad. Now I think the websites will be more secure with "Extended Validation Multi-Domain SSL Certificate". Multi domain certificate will be good so that I don't have to allocate dedicated IPs for each website.
As for the mysql service, I use SSH to log into the server with key-pair authentication and have disabled the remote login.
 

mgcarley

Founder, Hayai Broadband
Regulars
Jun 22, 2009
6,301
113
savvy said:
@mg Very plausible scenario you have mentioned for the good use of VPNs. Here, I use a Linode VPS to host three websites. None of them have SSL certs installed in them.
In any case, your use of a VPN is useless because you're still transmitting an insecure password from the end-point of your VPN to your VPS.If it's for personal use, why not just generate a self-signed one? It's only for the server, not for any transactions, so shouldn't be an issue since you'd probably be the only one using it. If it were for a SOHO operation and you wanted to use it for other people, just get a $25 certificate - should be good enough for email even if it would still theoretically work just as well for ecommerce. If it's for a bigger business, get a bigger better certificate accordingly.
savvy said:
To prevent non-encrypted text passwords from going to the local ISP, it'd be good to use VPN which have gateways abroad.
In India, that would be no ISP, but you're going to have to trust that the tranffic from the end-point on any VPN you are using and your server isn't being sniffed too. For all you know, it could be even more pervasive than India.
savvy said:
Now I think the websites will be more secure with "Extended Validation Multi-Domain SSL Certificate". Multi domain certificate will be good so that I don't have to allocate dedicated IPs for each website.
...might be overkill for what you want to do.
savvy said:
As for the mysql service, I use SSH to log into the server with key-pair authentication and have disabled the remote login.
...I was just giving an example of how I might use it (or require it to be used). These days I don't feel the need to directly manipulate any of my databases, it's not my job.In any case, it appears you already have a key set up for SSH, why not set up your server control panel and/or mail and/or whatever else you're logging in to to use the same key? Or even another similarly generated key?
 
  • Like
Reactions: 1 person

savvy

Newbie
[OP]
Feb 18, 2012
48
10
New Delhi
@mg
In that case I'll be better off with a self-signed certificate that secures the communication with the admin panels of the website CMSes. That would encrypt the passwords and would trivialize the use of VPN for the time being.
Thanks for the helpful suggestions, MG. You are the best.
 
  • Like
Reactions: 1 person