Results 1 to 8 of 8
  1. #1
    Join Date
    Nov 2004
    Location
    Finland
    Posts
    536
    VPN Hosting, practicality, automation solutions?

    I've been thinking about starting a VPN hosting service, the grand idea is something along these lines:
    Lots of people live abroad, but would prefer to listen to radio stations on their home country (atleast for Finnish people that is), however, Finnish regulation says that the streams may only work for finnish origin IP addresses. So a VPN is a solution here, a legitimate solution (Finnish website, so it's very highly unlikely that non-finns would order the service). This would be the main target customer base.
    and on more mainstream, just offer a secure VPN tunnel to other part of the world to avoid snooping, content filtering (China ...) etc. used in some places. (this is the mainstream selling page offering, VPNs located in US, Netherlands and Germany)
    So, i'm looking for is there any automated solutions out there yet?
    OpenVPN seems good choice as the VPN providing software on Linux boxes, PoPToP is too limited (needs client IP Address as well). Is there suggestions to look on other implementations aswell? Any hassles with using OpenVPN?
    Windows could be affordable too, it's dead easy to setup manually, but is there a automated fashion i could use to setup VPNs on a windows box? Mainly it would require adding new VPN users.
    I'm planning to stick upto 60 clients per box of Pentium D 3Ghz / Core2Duo ~2.2-2.4ghz / Xeon dualcore (Core2Duo arch) with 1Gb-2Gb ram. Is this sufficient hardware? What are the hardware requirements basically, how much resources does an VPN need?
    I see it needing some ram during data transfers as buffer, but i would assume it's going to be max peak of around 50mb per client, and on regular usage 1-3mb, and CPU power mostly on opening the tunnel(handshake)? on regular use, CPU power of a client on a 3Ghz Pentium D i would suppose to be around 1%?
    Network I/O on that many clients is the obvious bottleneck as with 60 clients using simultaneously 100Mbps is saturated rather easy.
    Also using Linux i'm thinking i would do small time traffic shaping:
    * Prioritise port 22, 80 (on this order), others equivalent share
    * Pseudo Proxy (transparent), a squid proxy caching image files etc. to lessen bandwidth demand
    * Cap clients to 25Mbps maximum so 1 client cannot saturate the connection and most people don't even have 25Mbps speed.
    Should i also pass through TOR the web traffic? Or sell that as a added service? TOR would slow down surfing tho
    On legalities, how worried i should be about using it for very immoral activities, and how would the privacy policies be drafted? Log no traffic at all? Keep no client details, only use recurring subscriptions with as little data collected as possible?
    Any other recommendations?
    Thank You! ^^





    __________________
    NuCode
    Web Development and Hosting services

  2. #2
    Join Date
    Aug 2003
    Posts
    599
    Quote:



    Originally Posted by Skal Tura


    On legalities, how worried i should be about using it for very immoral activities, and how would the privacy policies be drafted? Log no traffic at all? Keep no client details, only use recurring subscriptions with as little data collected as possible?
    Any other recommendations?
    Thank You! ^^


    I think this will be the most challenging part of the business and you will certainly require professional legal advice, which will not be cheap at all.
    The extent to which you will need to regulate your service will depend on the country in which your servers physically exist, the laws of the country in which your business in incorportated and any other restrictions of your ISP. (I hear Leaseweb are very flexible in the regard ).
    Technically speaking, you can automate everything with OpenVPN, including compiling custom client installers for lots of operating systems.





    Last edited by topgun : 11-02-2008 at 06:14 AM.

  3. #3
    Join Date
    Nov 2004
    Location
    Finland
    Posts
    536
    Quote:



    Originally Posted by topgun


    I think this will be the most challenging part of the business and you will certainly require professional legal advice, which will not be cheap at all.
    The extent to which you will need to regulate your service will depend on the country in which your servers physically exist, the laws of the country in which your business in incorportated and any other restrictions of your ISP. (I hear Leaseweb are very flexible in the regard ).
    Technically speaking, you can automate everything with OpenVPN, including compiling custom client installers for lots of operating systems.


    Indeed, i do agree this is the most challenging part. The easy route would be to "Customers use the service on their own liability, and are responsible for their own actions. We have to share your contact details with authorities shall such requests come", but customers wouldn't like that probably





    __________________
    NuCode
    Web Development and Hosting services

  4. #4
    I am curious to know what kind of software you are using to manage the openVPN software.





    __________________
    Want to sell domain names? Sign up today for an eNom.com reseller account from a trusted eNom ETP provider.* We provide support and service to over 3245 happy eNom domain name and SSL certificate resellers!

  5. #5
    Join Date
    Nov 2004
    Location
    Finland
    Posts
    536
    well nothing yet, that's why this thread. It'll be custom tailored most likely.





    __________________
    NuCode
    Web Development and Hosting services

  6. #6
    Join Date
    Dec 2006
    Location
    Netherlands
    Posts
    1,435
    Quote:



    Originally Posted by Skal Tura


    So, i'm looking for is there any automated solutions out there yet?


    There are a lot of VPN providers here. I am sure some will be glad to help you out.
    Quote:



    Originally Posted by Skal Tura


    OpenVPN seems good choice as the VPN providing software on Linux boxes, PoPToP is too limited (needs client IP Address as well). Is there suggestions to look on other implementations aswell? Any hassles with using OpenVPN?


    OpenVPN request the client IP too. How on earth will it setup a tunnel without knowing the other end?
    Your telling me USPS (PoPToP) can deliver post only when they have the client's address where as FedEx (OpenVPN) can deliver a post without the client's address?
    Quote:



    Originally Posted by Skal Tura


    I'm planning to stick upto 60 clients per box of Pentium D 3Ghz / Core2Duo ~2.2-2.4ghz / Xeon dualcore (Core2Duo arch) with 1Gb-2Gb ram. Is this sufficient hardware? What are the hardware requirements basically, how much resources does an VPN need?
    I see it needing some ram during data transfers as buffer, but i would assume it's going to be max peak of around 50mb per client, and on regular usage 1-3mb, and CPU power mostly on opening the tunnel(handshake)? on regular use, CPU power of a client on a 3Ghz Pentium D i would suppose to be around 1%?


    Servers are not the way to go. Servers have a low PPS compared to routers made for the purpose. When you do go with a router, your only limit would be the max users limit placed by the router and your bandwidth - you don't have to worry about CPU, RAM, HDD I/O, etc.
    These routers cost from 50 USD to 5000 USD. Get one which offers 128 bit encryption with around 200~ users - should cost around 500 USD; good one. That way, you can save a lot on power + colocating that router!
    Quote:



    Originally Posted by Skal Tura


    On legalities, how worried i should be about using it for very immoral activities, and how would the privacy policies be drafted? Log no traffic at all? Keep no client details, only use recurring subscriptions with as little data collected as possible?


    That is dependent on the country where you are colocating. Incase of Sweden (source: relakks.com) you don't have to keep client info so long your offering a flat-fee prepaid service (no subscription). Same goes here in India (from experience). But the thing to keep watch on is that you have to log all activities the client does.
    Quote:



    Originally Posted by Skal Tura


    Any other recommendations?


    You might want to block all payment gateway sites (PP, MB, etc) - more likely people are to commit fraud using VPNs and proxy networks.





    __________________Infinite Technologies - Specializing in VPS and Dedicated Servers+1 (888) WEB-5333 - Contact Us

  7. #7
    Join Date
    Nov 2004
    Location
    Finland
    Posts
    536
    ty for your answers Ganesh.
    I see VPN tunnels opened on daily basis without the VPN providing server knowing upfront the IP Address from which client connects (ie. not pre-configured), that is what i meant. PoPToP doesn't support anything else than preconfiguring the addresses.
    Servers i thought because that gives me more control, i doubt the VPN devices offer things such as: Pseudo WWW proxy, Bandwidth Throttling, Per user usage statistics (If this is even possible with OpenVPN i do not know), and blocking certain websites. On the PPS issues, many of the devices i've seen are basicly minicomputers running Linux on somekind of RISC CPU, or other miniscule power consumption and price point cpus. So a regular device is likely to have the same PPS issues. Infact, i've seen "routers" which had so low PPS throughput that even a P90 would probably have higher.
    The no subscription clause is interesting, why couldn't there an flat-fee prepaid service use subscription based payments, ie. credit card charged automatically each month.
    Ty, didn't think outright think about the payment services.





    __________________
    NuCode
    Web Development and Hosting services

  8. #8
    Join Date
    Dec 2006
    Location
    Netherlands
    Posts
    1,435
    Quote:



    Originally Posted by Skal Tura


    ty for your answers Ganesh.
    I see VPN tunnels opened on daily basis without the VPN providing server knowing upfront the IP Address from which client connects (ie. not pre-configured), that is what i meant. PoPToP doesn't support anything else than preconfiguring the addresses.


    PoPToP doesn't need to know the IP address of the connecting client in advance. It can work just on username/pass authentication. So no need of any preconfiguration... since the last time I used it.
    Quote:



    Originally Posted by Skal Tura


    Servers i thought because that gives me more control, i doubt the VPN devices offer things such as: Pseudo WWW proxy, Bandwidth Throttling, Per user usage statistics (If this is even possible with OpenVPN i do not know), and blocking certain websites. On the PPS issues, many of the devices i've seen are basicly minicomputers running Linux on somekind of RISC CPU, or other miniscule power consumption and price point cpus. So a regular device is likely to have the same PPS issues. Infact, i've seen "routers" which had so low PPS throughput that even a P90 would probably have higher.


    Try some of the Nortel products. I don't remember exactly... one of them offers you 2000 SSL connections simultaneously on 128 bit crypto. I doubt you can get such performance on any server.
    Quote:



    Originally Posted by Skal Tura


    The no subscription clause is interesting, why couldn't there an flat-fee prepaid service use subscription based payments, ie. credit card charged automatically each month.
    Ty, didn't think outright think about the payment services.


    You can make your customers prepay for 1, 3, 6, 9 or 12 months. But you cannot make them subscribe, a.k.a no contract.





    __________________Infinite Technologies - Specializing in VPS and Dedicated Servers+1 (888) WEB-5333 - Contact Us

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •