VPN Clients Not Allowed On Residential Service

wayn3 writes "ComputerWorld reports here that two of the major cable companies have language in their terms of service that VPN clients are forbidden for "residential" class, forcing clients on their "business" offering which is at twice or more times the cost of residential service. Has any been bit by this, and do those companies consider SSH a VPN client? This would stop me from telecommuting since my company would not be able to afford the business service."

@home has that in its AUP but...

[StJohnsWort]

I do it anyway. what are they going to do, cut me off?

What if AT&T upped your phone bill?

[Demerara]

Girard said cable business-class service "is not any better than residential, yet they charge you more."

Imagine your phone company doubling your bill because they analysed your calls and decided you made a call to the office!!

I buy bandwidth. What I do with the bandwidth is nobody's business (obvious exceptions included..)

Telecommuting IS a Business activity...

[somethingwicked]

"This would stop me from telecommuting since my company would not be able to afford the business service."

If you are TELECOMMUTING then you ARE a business customer. The only difference is that you aren't PAYING as a business customer.

Everyone can argue about if there should be different "classes" of service, but that is the business structure the Providers have chosen.

There will be people posting here "I use VPN but not for business." With those people I agree: Simply claiming the using VPN makes you a "business" customer is unfair.

But in the case where you ARE using the service as a business but want to only get charged the residential rate:

Quit your whining and stop being cheap

A business has the right to charge you the rates they see as fair and you have the right to not use their convenient service and start driving to work.

So how are they going to find out?

[TheDarkRogue]

I personally use VPN on my cable line for access to my home box from school. The thing is that I Have firewalled out the rest of the world from accessing the ports the VPN Server uses for it's little Java client web server and the acctual server, Except for the place I am comming from. So unless my Cable provider does some strange thing with spoofing addresses they can't really see them. What they can't see can't hurt them. I am lucky enough though to not have either one of the "C" Cable internet companies so I really don't have to worry that much.

Re:What's wrong with this?

[slakdrgn]

Granted for business purposes I can kinda see the reason (tho dun get me wrong I use VPN-1 for work a lot..) but what about the techie's who use vpn-1 at home.. ie.. I vpn into my friends network at his house all the time, sometimes to remote admin to the gaming server, when it decides to crash, or play 'round with some other things in the network.. this definatly is *NOT* business related.. and a lot of the reason he has it setup is for learning (certifications)..

Granted not a lot of people use vpn as personal, but what about the people that do? sometimes there are non-business related things u can use vpn for.. should they be penalized too?

~slak

leftover from excite

[Lumpy]

that has been there from day one. Excite is the ones forcing the issue and always have. Look at AT&T's TOS now that they sluffed off the leeches called excite. servers allowed, linux specifically mentioned and unofficially supported (as in they'll tell you the ip information instead of saying it all has to be dhcp or we'll kill you or the funny, the dns servers ip address is prepriatory information I cant tell you.)

I'm sure comcast and cox will get a clue when they also fling excite the bord later next year.

Re:Rogers@Home

[ekephart]

LOL, @that_isp tech support was a joke. I did it too during a school-free summer. Let me just say that I am surpised their network worked at all. No one (not even people we had to call in Redwood) knew almost nothing about computers much less their own network. One time I had a "senior" tech try to tell me to tell a customer that having AIM and MSN Messenger as startup programs would stop their cable modem from syncing up.

Paying for business behavoir is wrong.

[beldraen]

There is no identifiable difference between what I telecommute to do and what I do for home use except that what I do for home use requires a tremendously larger amout of bandwitch. I don't browse newsgroups at work. I don't pull ads off of Adcritic at work. I don't browse around to see what neat and new things are out there. In short, my business use ties up a hell of a lot of bandwidth than my play use does. The original reason for business class phone lines was to pay for the extra quality of service that should you have a problem with your phone line, they would attempt to fix it faster than anyone else's residential line. However, the quality of cable does not change for the increase in price. As an Excite@Home customer, the way I have been treated is just ridiculous. To think that I would pay more for no change in service is stupid, at best. This is why I think that DSL is going to win in the end, which I didn't think until recently. Cable has totally overloaded itself.

My two cents,
Chad

Re:Your company can't afford it?

[thesolo]

Let me get this straight, the company pays you enough that you can in turn pay $X for the service but they "can't afford" to additionally pay $X themselves (to make up the difference to the $2X price of business-class)? BS. Either you are exaggerating or the company is lying to you--they just don't want to pay for it.

I work for a large (3000+ people) company in the Philadelphia region. The company currently supports telecommuting with broadband through VPN. Currently, they pay $39.95 per month for connectivity, plus $30 per month for outsourced broadband routers/firewalls. (The latter part I think is stupid, but I digress.) So for each person telecommuting, they pay roughly $70 per month

Now, increase that highspeed access from $39.95 to $95.00, and they would have to pay roughly $125 per month per person. If only 300 out of the 3000 people here telecommute, that's a cost of $37,500 a month, or $450,000 a year just for broadband users. At the previous price, it would be roughly $252,000 per year. Almost 200k more. That's a lot of money to just "find" in your budget. So what happens? Comcast loses money because my company suspends all high-speed telecommuting. So now instead of getting their extra 200k a year, they get nothing, and the people who benefited from telecommuting no longer can.

You know, if Comcast wanted all these people/companies to shell out $50 more per month, the LEAST they could do is remove that 128kbps upstream cap they enforce for business accounts. Its really annoying to transfer large files to work or VPN to a server when you can't send out over 15K/sec, peak.

Re:Telecommuting IS a Business activity...

[lythander]

The problem here is that most people who use VPNs to connect to their workplace aren't telecommuters, but people who need a file or to check mail or something simple on an infrequent basis. Relatively few people truly telecommute (i.e. work from home most or all of the time). This more expensive business use, as well as actually running a business (servers, whatever) should cost more. But it seems unfair for someone to have to shell out the extra dough so they can check their mail from home.

Obviously there are secure ways besides VPNs to implement this functionality, and eventually I think we'll see a move towards these. The question remains how will the enforce this prohibition? And if it's allowed on business connections, does that mean they'll support it, too?

See, the real issue here isn't "no you can't do that here," but that certain types of users call with certain kinds of questions, and this allows those answering the questions to segregate the questions so the right people can answer them. IP/SEC traffic requires certain very specific protocols and ports to be opened which may not normally be open on a standard ISP network. Most legacy hardware, and much current hardware doesn't support IP/SEC, so it cannot work. Your cable modem/router probably doesn't, unless it's high end or very new.

By prohibiting this activity on their "home" networks, they need not burn cycles explaining why "you can't do that, it just won't work," while really saying "our hardware can't handle it." The latter unfairly casts a negative shadow on an ISP who simply didn't design their network to handle this traffic, and perhaps doesn't see that as being cost effective to do.

So this is another attempt to cover themselves for not providing any sort of support for VPN, including enabling the funcationality on their hardware. It's like their not supporting more than one machine in your house, or not supporting linux on their cable network. It would cost them way more to do it right than it's worth. They aren't doing anything wrong, though they're not doing anyone any favors, either. They aren't likely to tell you to stop, just not to ask for help. IP/SEC may never work on these networks, but other VPN-like items will probably fly under the radar.

Re:Rogers@Home

[Anonymous Coward]

An IP packet is an IP packet is an IP packet. He's lying to you.

Sue them under Robinson-Patman?

[aozilla]

A seller charging competing buyers different prices for the same "commodity" or discriminating in the provision of "allowances" -- compensation for advertising and other services -- may be violating the Robinson-Patman Act. This kind of price discrimination may hurt competition by giving favored customers an edge in the market that has nothing to do with the superior efficiency of those customers. However, price discriminations generally are lawful, particularly if they reflect the different costs of dealing with different buyers or result from a seller?s attempts to meet a competitor?s prices or services.

http://www.ftc.gov/bc/compguide/discrim.htm

What's wrong? Business class doesn't exist.

[fizbin]

What little chance I had of sympathizing with the "no business use" restrictions of residential service vanished once I realized that residential service is ALL there is.

The places that talk about the restrictions on residential service seem to imply that just by paying more, one can sign up for a "business class" service that is essentially the same as residential service but without those restrictions.

Unfortunately, that's not the case. Business class service (except briefly for some of the areas served by Cox cable) over cable lines does not exist. It is a strawman that cable ISPs use to pretend that their restrictions on "business" use are somehow rational. This is a re-occuring thread in various @Home newgroups.

Hopefully having an article in ComputerWorld will produce more explicit explanation from cable ISPs about what exactly they mean by business use.

Consider that a common Comcast@Home commercial shows someone auditioning for an acting job halfway across the country through an @Home webcast. If that's not allowed, I smell a bait-and-switch lawsuit.

Re:What's wrong with this?

[bobKali]

Ok, first off they're selling me the bandwidth, and as far as I can see I'm completely within my rights to use as much of it as I like - that's what I'm paying for after all. It's none of my business if their business model depends on the majority of their customers not using all the bandwidth they're paying for.
Second, the network isn't going to give me any more bandwidth than I'm paying for, so it shouldn't matter what I'm doing with the bandwidth that I have.
Now, as far as the extras that a business account provides:

Tech support - don't need it, and they don't support Linux anyway.

Static IP address - the residential service gives me that anyway - and even if it didn't, I would be somewhat inconvenienced, but it's not something I care about.

Web hosting, email hosting, etc... - don't need it, don't want it.

other value added services - don't need them, don't want them, wouldn't use them.

So I have absolutely no use for the business service and I physically cannot use more bandwidth than their network will give me (which is what I'm paying for) so I don't see any reason for them to get all pissy about what kind of packets I'm sending over the bandwidth that I pay for.
Besides, I use Cox and I seriously doubt that they have the technical knowhow to navigate themselves out of a wet paper bag, much less figure out what applications I'm running on my computer at home.

Home business lines are treated as residential

[coyote-san]

"Business" lines are usually sold to brick-and-mortar businesses, e.g., a pizza shop, because they tend to use the phone far more than most residential customers. This requires more resources (switches, physical lines), and they are charged more. By the time a business has a PBX, the lines may be use constantly.

But then modems came along - and the telcos had to beef up their switching equipment because evening residential usage jumped way up. That's why there was a short-lived proposal for a modem tax. But the telcos eventually figured out that selling second (and third lines) for modems, teenagers and other heavy users was more profitable than that tax, and a lot less politically explosive.

Nowadays, I doubt many telcos care about home business use - during the day there's excess capacity in the residential areas since they're currently designed to handle everyone getting online in the evening.

Re:@home has that in its AUP but...

[Binestar]

Doing a network sync or logging in does use quote a bit of bandwidth. But perhaps I was too general in my wording above.

When an ISP/Telco/Cable company sells to residential, they are doing that selling based on the fact that *MOST* residential users will be using the service after hours of the business users, and they provision bandwidth and hardware based on that. (I may even be off by saying most, I *KNOW* that the cable company I used to wrk for did just that though)

When a residential user is using the bandwidth during business hours regularly there is less capacity to oversell the bandwidth. (Meaning they sell the business accounts based on the fact that the majority of businesses are 8AM-6PM, and residential based on the fact that the majority of residential use is 5-12PM. This isn't a hard number, just the fact that on all the graphing and business models I've seen this is how it is planned, obviously there is some overlap.

By getting the users who are connected during business hours onto a business rate, and those connected during residential hours on the residential rate allows the company to know exactly what kind of bandwidth they will have available for the businesses and sell that bandwidth/QOS based on that.

It's all a law of averages, and overall a few residential users staying home for the day sick, or working from home won't affect the averages all that much, the users who just have a home office and are sending large files over VPN's for residential rates to deserve to pay the business rates.

Again, it is thier business, they have the freedoms to run it how they see fit so long as they break no laws.

Re:How to classify a VPN?

[mjh]

Yes, and some VPN's include features in order to get around NAT devices typically installed on home networks. For example, Cisco's VPN can communicate on the standard IPSec IP protocol, or if you're behind a NAT device, you turn on UDP encapsulation and all of your packets go from UDP port 10000 and to UDP port 10000.

Of course, I'm one of those lucky people who has a choice of cable modem at my house or several xDSL providers. So if the cable company ever decides to ban VPN's and if they ever figure out how to effectively enforce such a ban (doubtful) then I get to take advantage of competition.

The good news is for those of you without such a plethora of choices is that enforcement, AFAIK is currently impossible.

Re:What if AT&T upped your phone bill?

[Tipsy McStagger]

Agreed. NTL really do get it..

Their tech's don't baulk when you say you're running linux - they ask you which kernel, distribution and dhcp client you're using ;-) They make notes in your account that you have a clue and talk to you intelligently.

And (last time I looked) their AUP says you can run whatever servers you like so long as they don't cause loads of traffic and they're secure - security is the users problem. Blueyonder seem a bit less with it. Although they're happyish to work with linux they do have issues with some servers and have the x many concurrent connections rule and you must know the person you're dealing with.

It's nice working with a company that has a clue and listens to you when you explain service outages to them.

I just don't get it!

[mcrbids]

I have Pacific Bell DSL AKA SBC Internet.

Just spent 10 minutes TRYING to find an "Acceptable Use Policy" or something similar.

It's just NOT THERE... Really, it seems, they don't *care* what you do with your Internet Service! Basic rate is $50/mo, Biz use starts at $65. (I subscribed to a plan they no longer offer, a single static IP for $50/mo)

I know, I'm in bed with that evil monopoly, Pac Bell, but Hey! This is COOL! I've run my own DNS/Web/Mail/Proxy/NTP/etc Linux server for 2 years without a hitch. No complaints, nothin' - and reliable bandwidth to boot.

I *LOVE* these guys! (Even if they ARE an evil monopoly)

-Ben

Re:Comcast offers business-class service?

[Anonymous Coward]

I used to be a comcast subscriber. I ran Linux with apache etc. (a server) for a year and then the TOS people threatened to cut my service (and did for about a day). Apparently they port scan you, and told me exactly what ports I needed to shutdown: www, ssh, smtp, pop3, dns :(

I talked to all the people at comcast about getting a business account but they told me that there are NO business uses if you are on the cable modem, period! Sure, comcast has business services, but they are leased line, T1 stuff that any ISP can offer you. The cable modem was strictly a residential service and they did not allow you to run any server processes at all - no exceptions.

For the typical Linux geek with web, dns, ssh etc, comcast cable modem is completely the wrong choice. Take a look at the cheaper DSL business services out there. They might cost about 2x ($90/mo) the residential cable modem, but that's life.

Point taken, but...

[codefool]

If I buy their "business service" is my cable is routed through "special" switches on a more reliable and fault tolerant network than my "residential service?" All they really want is a reason to charge more money [slashdot.org]for the same service.

Re:A View from the Other Side

[mj6798]

That seems like a simple support call to resolve. Start off by "log in as 'administrator' and ...". If they say "I can't do that", you point them at your configuration web page, tell them to tell their administrator to fix it, and end the support call. Takes less than a minute and would cost you almost nothing. That's no reason to impose draconian contractual terms.

Re:A View from the Other Side

[okigan]

Well this totaly differnt issue, If they (cable companies) would say that they do not provide any technical support for VPN related problems. What they are saying is that no VPN activity is allowed through there network, and that's what ticks me (and seems everybody else who is reading this post) !!!