Slashdot Mirror
VPN Clients Not Allowed On Residential Service
wayn3 writes "ComputerWorld reports here that two of the major cable companies have language in their terms of service that VPN clients are forbidden for "residential" class, forcing clients on their "business" offering which is at twice or more times the cost of residential service.
Has any been bit by this, and do those companies consider SSH a VPN client? This would stop me from telecommuting since my company would not be able to afford the business service."
I do it anyway. what are they going to do, cut me off?
Girard said cable business-class service "is not any better than residential, yet they charge you more."
Imagine your phone company doubling your bill because they analysed your calls and decided you made a call to the office!!
I buy bandwidth. What I do with the bandwidth is nobody's business (obvious exceptions included..)
Backward%20compatibility%20is%20over-rated
"This would stop me from telecommuting since my company would not be able to afford the business service."
If you are TELECOMMUTING then you ARE a business customer. The only difference is that you aren't PAYING as a business customer.
Everyone can argue about if there should be different "classes" of service, but that is the business structure the Providers have chosen.
There will be people posting here "I use VPN but not for business." With those people I agree: Simply claiming the using VPN makes you a "business" customer is unfair.
But in the case where you ARE using the service as a business but want to only get charged the residential rate:
Quit your whining and stop being cheap
A business has the right to charge you the rates they see as fair and you have the right to not use their convenient service and start driving to work.
---"What did I say that sounded like 'Tell me about your day?'"---
I personally use VPN on my cable line for access to my home box from school. The thing is that I Have firewalled out the rest of the world from accessing the ports the VPN Server uses for it's little Java client web server and the acctual server, Except for the place I am comming from. So unless my Cable provider does some strange thing with spoofing addresses they can't really see them. What they can't see can't hurt them. I am lucky enough though to not have either one of the "C" Cable internet companies so I really don't have to worry that much.
(Score:0, Interesting)
Granted for business purposes I can kinda see the reason (tho dun get me wrong I use VPN-1 for work a lot..) but what about the techie's who use vpn-1 at home.. ie.. I vpn into my friends network at his house all the time, sometimes to remote admin to the gaming server, when it decides to crash, or play 'round with some other things in the network.. this definatly is *NOT* business related.. and a lot of the reason he has it setup is for learning (certifications)..
Granted not a lot of people use vpn as personal, but what about the people that do? sometimes there are non-business related things u can use vpn for.. should they be penalized too?
~slak
that has been there from day one. Excite is the ones forcing the issue and always have. Look at AT&T's TOS now that they sluffed off the leeches called excite. servers allowed, linux specifically mentioned and unofficially supported (as in they'll tell you the ip information instead of saying it all has to be dhcp or we'll kill you or the funny, the dns servers ip address is prepriatory information I cant tell you.)
I'm sure comcast and cox will get a clue when they also fling excite the bord later next year.
Do not look at laser with remaining good eye.
LOL, @that_isp tech support was a joke. I did it too during a school-free summer. Let me just say that I am surpised their network worked at all. No one (not even people we had to call in Redwood) knew almost nothing about computers much less their own network. One time I had a "senior" tech try to tell me to tell a customer that having AIM and MSN Messenger as startup programs would stop their cable modem from syncing up.
sig
There is no identifiable difference between what I telecommute to do and what I do for home use except that what I do for home use requires a tremendously larger amout of bandwitch. I don't browse newsgroups at work. I don't pull ads off of Adcritic at work. I don't browse around to see what neat and new things are out there. In short, my business use ties up a hell of a lot of bandwidth than my play use does. The original reason for business class phone lines was to pay for the extra quality of service that should you have a problem with your phone line, they would attempt to fix it faster than anyone else's residential line. However, the quality of cable does not change for the increase in price. As an Excite@Home customer, the way I have been treated is just ridiculous. To think that I would pay more for no change in service is stupid, at best. This is why I think that DSL is going to win in the end, which I didn't think until recently. Cable has totally overloaded itself.
My two cents,
Chad
Bel, the mostly sane.. "Of course I can't see anything! I'm standing on the shoulders of idiots." -- Me
Let me get this straight, the company pays you enough that you can in turn pay $X for the service but they "can't afford" to additionally pay $X themselves (to make up the difference to the $2X price of business-class)? BS. Either you are exaggerating or the company is lying to you--they just don't want to pay for it.
I work for a large (3000+ people) company in the Philadelphia region. The company currently supports telecommuting with broadband through VPN. Currently, they pay $39.95 per month for connectivity, plus $30 per month for outsourced broadband routers/firewalls. (The latter part I think is stupid, but I digress.) So for each person telecommuting, they pay roughly $70 per month
Now, increase that highspeed access from $39.95 to $95.00, and they would have to pay roughly $125 per month per person. If only 300 out of the 3000 people here telecommute, that's a cost of $37,500 a month, or $450,000 a year just for broadband users. At the previous price, it would be roughly $252,000 per year. Almost 200k more. That's a lot of money to just "find" in your budget. So what happens? Comcast loses money because my company suspends all high-speed telecommuting. So now instead of getting their extra 200k a year, they get nothing, and the people who benefited from telecommuting no longer can.
You know, if Comcast wanted all these people/companies to shell out $50 more per month, the LEAST they could do is remove that 128kbps upstream cap they enforce for business accounts. Its really annoying to transfer large files to work or VPN to a server when you can't send out over 15K/sec, peak.
The problem here is that most people who use VPNs to connect to their workplace aren't telecommuters, but people who need a file or to check mail or something simple on an infrequent basis. Relatively few people truly telecommute (i.e. work from home most or all of the time). This more expensive business use, as well as actually running a business (servers, whatever) should cost more. But it seems unfair for someone to have to shell out the extra dough so they can check their mail from home.
Obviously there are secure ways besides VPNs to implement this functionality, and eventually I think we'll see a move towards these. The question remains how will the enforce this prohibition? And if it's allowed on business connections, does that mean they'll support it, too?
See, the real issue here isn't "no you can't do that here," but that certain types of users call with certain kinds of questions, and this allows those answering the questions to segregate the questions so the right people can answer them. IP/SEC traffic requires certain very specific protocols and ports to be opened which may not normally be open on a standard ISP network. Most legacy hardware, and much current hardware doesn't support IP/SEC, so it cannot work. Your cable modem/router probably doesn't, unless it's high end or very new.
By prohibiting this activity on their "home" networks, they need not burn cycles explaining why "you can't do that, it just won't work," while really saying "our hardware can't handle it." The latter unfairly casts a negative shadow on an ISP who simply didn't design their network to handle this traffic, and perhaps doesn't see that as being cost effective to do.
So this is another attempt to cover themselves for not providing any sort of support for VPN, including enabling the funcationality on their hardware. It's like their not supporting more than one machine in your house, or not supporting linux on their cable network. It would cost them way more to do it right than it's worth. They aren't doing anything wrong, though they're not doing anyone any favors, either. They aren't likely to tell you to stop, just not to ask for help. IP/SEC may never work on these networks, but other VPN-like items will probably fly under the radar.
An IP packet is an IP packet is an IP packet. He's lying to you.
ok then your [sic] infringing on my copyright! Could you as [sic] me next time before STEALING my comments for your own?
What little chance I had of sympathizing with the "no business use" restrictions of residential service vanished once I realized that residential service is ALL there is.
The places that talk about the restrictions on residential service seem to imply that just by paying more, one can sign up for a "business class" service that is essentially the same as residential service but without those restrictions.
Unfortunately, that's not the case. Business class service (except briefly for some of the areas served by Cox cable) over cable lines does not exist. It is a strawman that cable ISPs use to pretend that their restrictions on "business" use are somehow rational. This is a re-occuring thread in various @Home newgroups.
Hopefully having an article in ComputerWorld will produce more explicit explanation from cable ISPs about what exactly they mean by business use.
Consider that a common Comcast@Home commercial shows someone auditioning for an acting job halfway across the country through an @Home webcast. If that's not allowed, I smell a bait-and-switch lawsuit.
Second, the network isn't going to give me any more bandwidth than I'm paying for, so it shouldn't matter what I'm doing with the bandwidth that I have.
Now, as far as the extras that a business account provides:
Tech support - don't need it, and they don't support Linux anyway.
Static IP address - the residential service gives me that anyway - and even if it didn't, I would be somewhat inconvenienced, but it's not something I care about.
Web hosting, email hosting, etc... - don't need it, don't want it.
other value added services - don't need them, don't want them, wouldn't use them.
So I have absolutely no use for the business service and I physically cannot use more bandwidth than their network will give me (which is what I'm paying for) so I don't see any reason for them to get all pissy about what kind of packets I'm sending over the bandwidth that I pay for.
Besides, I use Cox and I seriously doubt that they have the technical knowhow to navigate themselves out of a wet paper bag, much less figure out what applications I'm running on my computer at home.
"Business" lines are usually sold to brick-and-mortar businesses, e.g., a pizza shop, because they tend to use the phone far more than most residential customers. This requires more resources (switches, physical lines), and they are charged more. By the time a business has a PBX, the lines may be use constantly.
But then modems came along - and the telcos had to beef up their switching equipment because evening residential usage jumped way up. That's why there was a short-lived proposal for a modem tax. But the telcos eventually figured out that selling second (and third lines) for modems, teenagers and other heavy users was more profitable than that tax, and a lot less politically explosive.
Nowadays, I doubt many telcos care about home business use - during the day there's excess capacity in the residential areas since they're currently designed to handle everyone getting online in the evening.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Yes, and some VPN's include features in order to get around NAT devices typically installed on home networks. For example, Cisco's VPN can communicate on the standard IPSec IP protocol, or if you're behind a NAT device, you turn on UDP encapsulation and all of your packets go from UDP port 10000 and to UDP port 10000.
Of course, I'm one of those lucky people who has a choice of cable modem at my house or several xDSL providers. So if the cable company ever decides to ban VPN's and if they ever figure out how to effectively enforce such a ban (doubtful) then I get to take advantage of competition.
The good news is for those of you without such a plethora of choices is that enforcement, AFAIK is currently impossible.
Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
I have Pacific Bell DSL AKA SBC Internet.
Just spent 10 minutes TRYING to find an "Acceptable Use Policy" or something similar.
It's just NOT THERE... Really, it seems, they don't *care* what you do with your Internet Service! Basic rate is $50/mo, Biz use starts at $65. (I subscribed to a plan they no longer offer, a single static IP for $50/mo)
I know, I'm in bed with that evil monopoly, Pac Bell, but Hey! This is COOL! I've run my own DNS/Web/Mail/Proxy/NTP/etc Linux server for 2 years without a hitch. No complaints, nothin' - and reliable bandwidth to boot.
I *LOVE* these guys! (Even if they ARE an evil monopoly)
-Ben
I have no problem with your religion until you decide it's reason to deprive others of the truth.
I used to be a comcast subscriber. I ran Linux with apache etc. (a server) for a year and then the TOS people threatened to cut my service (and did for about a day). Apparently they port scan you, and told me exactly what ports I needed to shutdown: www, ssh, smtp, pop3, dns :(
I talked to all the people at comcast about getting a business account but they told me that there are NO business uses if you are on the cable modem, period! Sure, comcast has business services, but they are leased line, T1 stuff that any ISP can offer you. The cable modem was strictly a residential service and they did not allow you to run any server processes at all - no exceptions.
For the typical Linux geek with web, dns, ssh etc, comcast cable modem is completely the wrong choice. Take a look at the cheaper DSL business services out there. They might cost about 2x ($90/mo) the residential cable modem, but that's life.
If I buy their "business service" is my cable is routed through "special" switches on a more reliable and fault tolerant network than my "residential service?" All they really want is a reason to charge more money for the same service.
"Stop whining!" - Arnold, as Mr. Kimble
That seems like a simple support call to resolve. Start off by "log in as 'administrator' and ...". If they say "I can't do that", you point them at your configuration web page, tell them to tell their administrator to fix it, and end the support call. Takes less than a minute and would cost you almost nothing. That's no reason to impose draconian contractual terms.
Well this totaly differnt issue, If they (cable companies) would say that they do not provide any technical support for VPN related problems. What they are saying is that no VPN activity is allowed through there network, and that's what ticks me (and seems everybody else who is reading this post) !!!