Hi all,

Seeing and experiencing some of the wonders that OpenVPN can do with respect to overcoming TM's unfair (IMHO) throttling of bittorrent, I would like to invite all those knowledgeable in related subjects to come forward in this thread to share some information in getting our own private OpenVPN services up and running. For the sake of the community and in protest of the unfair limiting of a service that we paid for, fair and square.

To start the ball rolling. Let's talk about hosts. What sort of hosts should we be looking for? This would be going out to experienced webmasters or perhaps even hosting resellers, though anybody with their RM0.02 can chip in too if they have something constructive to add. Should we be looking at shared hosting? Dedicated hosting? I guess American based hosts are out of the question, 'cos of potential issues with copyright, the RIAA and the MPAA and whatnot. Please chime in with your thoughts and opinions.

Thanks!

PS: All this is for personal information only. Those that intend to profit from it, please don't go overboard. If you intend to start a for-profit VPN service, remember to not gouge the users. I personally want to set up a server for myself for the use of me and my friends.

PPS: Existing VPN providers, don't feel that I'm threatening your rice bowl. Not everybody is inclined to get their hands and feet dirty, so you will still have your ready supply of customers. Also, this might be a good place to improve your service by increasing the collective's knowledge.

Framework:

1.0 Choosing the right host & hosting package (start)
2.0 Setting up OpenVPN (not yet started)
2.1 Config options (not yet started)
3.0 Testing and verification (not yet started)
4.0 Enjoy! (end)
5.0 Legal repercussions (covering our asses)

Links:
1) http://openvpn.net/ (OpenVPN homepage)
2) http://en.wikipedia.org/wiki/Openvpn (Wikipedia entry on OpenVPN)

This post has been edited by mediumsliced: Mar 2 2007, 12:57 AM

I'd be more than happy to help out here, I'm not making a profit out of my VPN service either but here goes (I'll keep it short and simple).

1.0: You'd best look for either a dedicated server / colocation service that offers at least 10mpbs connection, its better if its dedicated but if its shared among other users in the datacenter that's fine too. You'd probably want to check their TOS if its a truly unmetered connections or maybe something like 1000GB / month. Also important is the country's copyright laws.

2.0: www.openvpn.net has fairly detailed instructions on how to setup the server, the one that you might find a hassle is creating the certificates indivually, but there is an option to auth externally. Personally I'm using the cert solution (using a semi-automatic generation script) as I can set them to expire at the end of their subscription period, the downside of this is that I can't retract a cert thus enforcing a no refunds policy.

2.1: Not much to config here, most of the clients can work with the standard config file, the only changes that have to be made are to set the certificates and keys in place. Advanced tweaking is available, i.e what kind of routing you'd like but I feel that the default is good enough. However I am experimenting a bit with the MTU settings of the server/client to see if will give any performance improvement.

3.0: N/A

4.0: N/A

5.0: Since my server is hosted locally, I doubt the RIAA would bother to come checking Malaysia, however to cover my asses, I have banned a number of IP's that are known to be 'spies' from connecting to this server, whiles this is not a comprehensive solution, the list is updated whenever possible.


Additional Information
There are actually two ways to route your BT traffic through the VPN connection
1. Through a SOCKS proxy
This is the solution I am using, the problem occurs that the socks servers connections can be become saturated stuffing up your connections. I'm working on a script that will loadbalance the socks connections over a few proxies, and also to 'kill' off 'dead' connections.
2. Routing all traffic through the VPN
This is what is normally used under corporate VPNs whereby all traffic is routed via VPNs, the reason I don't use this is that it has unpredicatble results in a DHCP network like ours(especially on windows based machines), and it will cause additional bandwidth usage.


Hope this helps you guys and if anyone is interested in setting up another VPN server, do let me know, I'd love to setup another server but am seriously lacking the funds to do so atm.

This post has been edited by Diligent Sloth: Mar 2 2007, 01:57 AM

DS, I am currently looking at hosts located in the Netherlands. I read that they have more liberal use policies. What do you think about that? What are the requirements for a server? Do we need a control panel or is SSH good enough?

Let's say this hosting package comes with 1000 GBs of traffic a month. Does this count for both upload and download? Because ultimately we intend to run BT over VPN, there'll be lots of traffic in and outbound of the server so will take that into consideration for bandwidth costs.

I found a Dutch service that's barebones going for EUR39/month for 1000 GB transfer. Link:

http://www.leaseweb.com/index.php?p=express1

If unmetered, there's this package going for EUR69 a month for a 10 Mbps link:

http://www.leaseweb.com/index.php?p=flatfee1

Am trying to look for their ToS or AUP but can't seem to find it. Will send them an email later from the office.

definitely it is 1000GB for both upload and download

So, theoritically:

1,024 kbps / 384 kbps D/U per user, maxed 24 hours a day gives us:

11,059,200 kB / 4,147,200 kB D/U per user, running for 30 days:

331,776,000 kB / 124,416,000 kB D/U per user per month.

Wow. Add those two numbers up and we are looking at a theoretical max of ~455 GB per user per month. Get two guys using BT over VPN and we're spent.

I guess unmetered would be the best bet.

I have spoken to LeaseWeb before, they are quite liberal in their usage policies. Was planning to setup a TF service there, but in the end, i was like, i didn't want to go through all the hassle administrating a service; if things go wrong then people will blame me. TF is very much DIY-friendly anyways.

Furthermore, there is no such thing as "unmetered" really. Their sysadmins monitor bandwidth traffic, and if one particular server is hogging all the bandwidth, they will shut you down. This is because they themselves have a limited amount of bandwidth to distribute, and if they find one VPN server utilizing a disproportionate amount of the bandwidth, they will surely take corrective action. They also have their other customers to consider.

If you go with LeaseWeb, you definitely need to limit the number of users to make the project viable. What you need to check is whether they allow VPNs to be run from their servers.

With TF, i would only have accepted 5 users, allocating each a limit of 200GB transfer a month (which is a lot really, unless you're a power user), and charge about RM40-50 each per month.

Thanks for your input, Tentris. Now, when you say excessive usage, by that you mean utilizing more than the allocated 10 Mbps? I thought that it would be automatically limited by the hosts so we don't have to worry about having the service shut down on us?

Bandwidth are expensive, hope you all will learn this quick and fast

I search for quite some time too..

found 2-3 dedi host that have no problem with installing vpn service

US & Germany I guess

both offer 100mbit shared port with average 15-25mbit & burstable up to 50mbit (seems reasonable)

thats roughly 4500G+ output transfer (unlimited input)

the problem is .. money....!

being poor is no fun!

This post has been edited by fairx: Mar 2 2007, 11:45 AM

It means that the servers are not on a dedicated 10 Mbps link, and that your server in general seems to be hogging the bandwidth making other servers on the same connection seem sluggish

With Leaseweb, I can personally vouch that they're unmetered (at about $600-700/month per server for 100Mbps). A website I know pushes out in total about 2.4Gbps across 26 servers for well over half the day, every day, for that amount. Although Leaseweb isn't particularly happy about that, they honour it

If you do go down this path, make sure you get the nForce-based dedicated servers, vs the VIA-based ones, as you lose about 5-10Mbps throughput with the VIA Rhine NIC (from our testing).

that is very informative.

is there any reading / site that discuss this thoroughly?

BTW, there are calculations on how much vpn connection : RAM ratio ? I remember reading bout that somewhere.

This post has been edited by fairx: Mar 2 2007, 12:08 PM

You'd have to tweak that out yourself I guess, since its not just dependant on the VPN but on the services you run, ie. socks, http etc etc proxies.. yadda yadda..

nice place to search dedicated server package
http://forums.hostsearch.com/forumdisplay.php?f=25

i think its too hard due to limited budget, what if someone set up a Malaysian torrent website? and only accepts registration user from local ip?


ehem.. i mean for legal content? lol

That's a semi limited solution, cause while the tracker will be there, who will actually bother to upload to it? You'd still need 'outside' content.

oh.. in that case, if im not mistaken Romania is pretty lose on piracy law too? hosting a server from there can be good, but i dunno any..

You'd also have to consider our route to the server lah, no point 100mps connection if our average download is too little

why only Malaysia's connection like this ah?

anyone here had any experience with fdcservers.net?