Slashdot Mirror
VPN Connectivity From Iraq And Kuwait?
direktorjb writes "I have an urgent need to connect about 6 users in Baghdad and another 6 in Kuwait to an AS400 app (5250 emulation) back in the states. Is anyone aware of a decent ISP in those regions? If I cant get a reliable ISP (and therefore a solid VPN connection), what are my other choices? Should I check out VSAT?"
Tell em you need the Internet connection for some porn. The nice GIs will share what they value.
"Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
The only people in Iraq with reliable communications are the Provisional Authority, US Army and contractors associated with both.
Hook up with them somehow. You're going to have alot of problems running a VPN over satellite. The military is pre-empting transponders to control RAVs and such, so the link will not be reliable.
Now that you've BROADCASTED your goal for a private connection between iraq / States, you have pretty much screwed yourself.
:)
Homeland security is tapping your phonelines as I type
OR... if you work for homeland security, man were you a waste of budget if you can't set up a VPN.
Anyways now that the rant is over... your best option is too use some kind of satellite based internet connection. Or a cellmodem which has reliable connectivity in iraq, but dials into a long distance number to an ISP that works... of course if the long distance charges are super high, you might as well have him dial directly into a phone line/modem at your location and you don't need to use the internet at all. It really depends on what you want to use the connection for, but I have to assume dialup is no good.. as you need all three to be dedicated.
however, a cheaper solution is a regular satalite ISP (where the return channel is by modem).
With most European SAT ISP's will have coverage in most of the Middle Eaest. (I've worked with some from Israel)
One problen with VSAT/SAT is that the link latancy and BER are mutch higher then for a land link. (which might or might not bother your app depending on what you do)
As of Postgres v6.2, time travel is no longer supported.
The military is using VSAT through an ISP called Segovia for all of our Morale, Welfare and Recreation (MWR) internet cafes. Depending on the setup we're getting between 1 and 2 Mbs down and 128-256 kbs up.
Service is fair. You'll see probably two to four outages per month that last anywhere from an hour to 12 hours. Ensure your site has some means of calling back to the states to troubleshoot the link. Expect to be on hold for a while if you call during EST business hours. You'll find out quickly which of the 10-12 "NOC Techicians" aren't just reading from a script. Normally, they just have to re-route your traffic to a different place in Europe. They're probably having major growing pains: We've got over 200 of these sites across Iraq and Kuwait.
Have you looked into this?
and what the heck is wrong with asking on the proper channels like nanog, then getting hit by millions of sales droids???? :-)
Do you really need a VPN ?
My company sells >flame-proof-suit<an expensive Windows-only 5250 terminal emulator >/flame-proof-suit< with built-in support for SSL.
Install stunnel at the AS400 site.
I hear Jon Katz's pal JUNIS will be happy to set you up with his C=64 tunnelling services.
If your '400 has nothing but twinax things get more difficult(since that only connects to dumb terminals or twinax client cards in PCs), so I assume you've got TCP/IP. I don't remember the commands any more, but GO MAJOR and page down until you find 'Telnet Server Commands'.
:) ) and use VNC. It's painful but better than nothing. It's also insecure by itself, so be sure to tunnel that VNC connection through SSH or something.
Get a linux box, put TN5250 on it from http://tn5250.sourceforge.net/, and just SSH in from remote. (So: remote machine --> SSH over internet --> Linux box on local network --> TN5250 over LAN --> AS/400) TN5250 can just telnet into the '400. You'll have to teach them the weird key sequences for PF1 through PF24 (escape then 1-9 for PF1 through PF9, escape then 0 for PF10, escape then - for PF11, escape then = for PF12, and escape then the same keys again SHIFTED for PF13 through PF24) and for sysrequest, help, etc.
If your '400 has nothing but twinax for terminal connections, get a twinax client card on a PC and some client software (IBM's Client Access for AS/400 works
--Michael Spencer
...and then I realize, I answered a different question than you asked. Drat. All of that would be obvious if you had TCP/IP to begin with - that's the part you're missing.
:)
OK, if anyone else wants to provide a solution: all he really needs is TCP/IP. His 400 doesn't need anything special on top of that (since the advice I gave is probably obvious to him), so any ISP solution should work.
And I apparently don't know how to read a question before answering. Yay.
Use IOL (Iraq Online). Sign up today and get 15,000,000 free hours.
I really hope this doesn't mean the Pentagon/CIA joint data mining operation to catch Osama isn't running on an AS/400.
Clearly, we need a Beowulf cluster in order to catch bin Laden.
I'd be a bit careful on your creation of this VPN. Last I checked, Iraq isn't one of the countries that the US allows exportation of high-encryption, and the establishment of a secure (encrypted) vpn connection between the states and iraq will certianly raise a few eyebrows.
Hal Flynn, is that you? I saw your past this week on that Security Focus mailing list about heading to the mid-east, so come on out here right now, and bring your Purchase Request form with you!
They are interesting to follow. One fellow is leaving because he can't stand the cultural divide and just feels too out of place. Some love the place and are enjoying their stay either as an adventure or just because they like the place.
Find some people already there. You may get a good reply here, but there are plenty of people who have already done what you're needing. In fact, at least one group is putting up wireless nodes at the cell towers.
--
Evan
"$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
Then there was that "awe and shock" thing.
You're under arrest.
You have the right to remain silent, and be held without bail at secret facilities for an unlimited time. If you wish to give up these rights, well that's too bad.
I've been looking into VSAT for an application in rural Mississippi. While doing this I learned (maybe) somethings about VSAT and VPN. I looked at the current crop of small business offering from Starband (Gilat reseller in the USA) as well as several resellers of DirecWay (Hughes). What I found out about VPN and VSAT is that it can work, but unless the ISP hosts the VPN, all forms of IPSEC will be very slow. SSH will be slow. The problem according to a fellow at Skycasters www.skycasters.com is that encrypted packets can't be "batched up" for sending.
m l
The currently deployed technology seems to be oriented more toward streaming media, like TV. To make the best use of bandwidth on the sat, they allow packets to build up in a bucket or queue while the satellite spoofs the "acks" from the other end of the TCP communication. When the bucket is full, the packets are streamed to earth (or to the satellite). This spoofing/batching thing is also why there is so much latency in sat communication.
Technically VPN can work in this scenario, but the sat must turn off its packet spoofing procedure and each packet essentially makes at individual round trip. With no batching, VSAT uploads get really slow, at about 24 - 38 kbits/sec or less (usually much less). Downloads are affected as well but as you have more downstream bandwidth (on most service plans) you notice it less.
HTH
The alternative, is to buy sat time from someone who can host the VPN earth-side. I think Skycasters does this in the USA. They are Hughes resellers.
In other news:
ViaSat http://www.viasat.com/ is supplying VSAT to the coalition in Iraq:
http://www.spacedaily.com/news/vsat-04l.ht
This sig kills fascists.
1. Provide false evidence for war 2. Ignore UN and world opinion 3. Start Illegal war, because your dad's buddys want it and you want to get back that Saddam guy! 4. Bomb the hell out of anything, Soldier, Camel, Child 5. ??? using VPN for your apps 6. Profit!
i was going to mod this down, but couldn't find '-1 fuckwit' on the dropdown
Why do you want to mod it down? I am curious? Thanks Jay
"Why do you want to mod it down? I am curious? ""
/. setup, we are in fact the end of the thread...). ...
1. The title is a clear violation of Godwin's Law (on my
2. The AC has no idea whether the application has anything to do with the US governments war effort (i.e. maybe its for an Aid Agency ?), yet
3.the AC rattles off slogans that have less meaning than those used by late night TV Advertorials.
In short, the post lacked sense, humour or technical merit. The tenuous relevance to the original question is diminsihed to nothing by point 2.
In fact the more I type, the more I feel my life slowly wasting away... 5 minutes that have gone for ever, never to return.
thanks, Magoo