undefined | Better HN

0 pointsamalag11y ago0 comments

I bought a VPN and it fixes it. Sad that it is necessary.

0 comments

10 comments · 3 top-level

ChuckMcM11y ago· 4 in thread

I did this on Comcast as well, but its interesting to note they do shoot downs of ssh tunnels. Using IPSEC hasn't been an issue though.

Zikes11y ago

Can you describe that ssh tunnel issue? Are they monitoring your traffic and actively disrupting anything that looks like ssh?

ChuckMcM11y ago

Sure, set up an SSH tunnel, make it a SOCKS5 proxy (easy enough to do) to a host in the 'cloud', now proxy you traffic through it (like Netflix).

Watch how suddenly you get 'connection reset by peer', look around and discover nobody in your packet path has any cause to reset your traffic. Now do a straight http proxy (varnish works well for this) to the same machine, run it all day night with bits of http traffic. No issues at all.

No go back to creating an SSH tunnel between your machine and the endpoint. Run traffic, note the mysterious 'connection reset by peer' when some thing upstream sends your TCP connection a FIN.

It could be that their network just has a really hard time with encrypted packets but some how I don't think so. I have tried a variety of port numbers.

EDIT: and I went back and verified I still have 'ServerAliveInterval 60' in my config file for all hosts.

ohashi11y ago

When I was on Comcast, I felt like they were doing this to gaming traffic as well. I have no evidence to back it up except anecdotal experience though.

Zikes11y ago

When I was on AT&T U-Verse they did this with torrents. I replaced my router, OS, and modem thinking the problem lay somewhere on my end, and once I ruled all of that out I called up AT&T to complain and call out the fact that it happened only when I torrented.

Their response was that yes, they do disrupt all torrenting traffic, "because it is illegal and they must comply with copyright holders". Nevermind it was various linux distros I was trying to download and evaluate, all torrenting is automatically evil by association.

I had to switch to Cox because they're the only other option in my area. The 250GB data cap on my plan is BS, but at least I can spend that 250GB however I please.

1 more reply

silverbax8811y ago· 2 in thread

Which VPN did you go with?

amalagOP11y ago

I used privateinternetaccess, i am happy with it. I don't even use it all the time but the speed tests hold up against my 50Mb/s connection. Hulu has blocked it if that is a concern, there is some other VPN that has more egress IP's that works with Hulu, but I didn't know about it and it was more expensive anyway.

djchen11y ago

You can run your own VPN on a VPS and have a dedicated IP without needing to worry about Hulu getting blocked.

IgorPartola11y ago· 1 in thread

I currently have a 6in4 IPv6 tunnel through Hurricane Electric. At least netflix.com seems to load over IPv6. I wonder if my Netflix experience is fine precisely because my traffic appears to go to HE first, then to Netflix.

Edit: in the past I have had similarly good experiences with YouTube problems. They seem to go away as soon as you start accessing YouTube over IPv6.

boredinballard11y ago

Interesting. I'm going to have to start trying Netflix and Youtube over IPv6.

j / k navigate · click thread line to collapse

0 comments

10 comments · 3 top-level

ChuckMcM11y ago· 4 in thread

I did this on Comcast as well, but its interesting to note they do shoot downs of ssh tunnels. Using IPSEC hasn't been an issue though.

Zikes11y ago

Can you describe that ssh tunnel issue? Are they monitoring your traffic and actively disrupting anything that looks like ssh?

ChuckMcM11y ago

Sure, set up an SSH tunnel, make it a SOCKS5 proxy (easy enough to do) to a host in the 'cloud', now proxy you traffic through it (like Netflix).

No go back to creating an SSH tunnel between your machine and the endpoint. Run traffic, note the mysterious 'connection reset by peer' when some thing upstream sends your TCP connection a FIN.

It could be that their network just has a really hard time with encrypted packets but some how I don't think so. I have tried a variety of port numbers.

EDIT: and I went back and verified I still have 'ServerAliveInterval 60' in my config file for all hosts.

ohashi11y ago

When I was on Comcast, I felt like they were doing this to gaming traffic as well. I have no evidence to back it up except anecdotal experience though.

Zikes11y ago

I had to switch to Cox because they're the only other option in my area. The 250GB data cap on my plan is BS, but at least I can spend that 250GB however I please.

1 more reply

silverbax8811y ago· 2 in thread

Which VPN did you go with?

amalagOP11y ago

djchen11y ago

You can run your own VPN on a VPS and have a dedicated IP without needing to worry about Hulu getting blocked.

IgorPartola11y ago· 1 in thread

Edit: in the past I have had similarly good experiences with YouTube problems. They seem to go away as soon as you start accessing YouTube over IPv6.

boredinballard11y ago

Interesting. I'm going to have to start trying Netflix and Youtube over IPv6.

j / k navigate · click thread line to collapse