Hotel internet...incoming video/audio ports blocked
#16
Join Date: Apr 2004
Programs: SSSS Preferred, UA 1K
Posts: 309
Originally Posted by SpaceBass
What about setting up your own VPN at home? it would allow you to get around any ports that your ISP blocks (and shame on them for doing it!).
The network was ultimately running on two hacked HP Digital Entertainment Centers (DE200C: http://www.robertwrose.com/dec/) which was fun to get going, but not so interesting to maintain.
I recently replaced an old router and access point with a combined Netgear VPN router/AP, thinking a VPN appliance would be a lot easier than setting up FreeS/WAN on a box. I didn't realize I had to buy the client software separately, and I've ignored it since.
#18
Join Date: Nov 2002
Location: San Francisco, CA
Programs: US CP, *wood Gold, Marriott gold, Hilton something
Posts: 1,458
Originally Posted by anotherbrian
I recently replaced an old router and access point with a combined Netgear VPN router/AP, thinking a VPN appliance would be a lot easier than setting up FreeS/WAN on a box. I didn't realize I had to buy the client software separately, and I've ignored it since.
I guess, either lived with blocked ports, or find a way around them
I can appericate the sentiment... I dont work in IT and when I'm at home, at times, I feel like a sysop which is a pain....other times its rewarding.
For instance, I've stopped hosting my web server...paying $50 a year is just easier... but running my own voip server is priceless...I just enjoy it (when it works).
The VPN thing works the same way...knock on wood...my windows 2003 domain controllers are very reliable and one is a VPN gateway...as is my BSD router....when they are running (like I said, knock on wood b/c they are like 99% up) they are great...but I can see how a netgear box would be a good idea too.
Have you looked into 3rd party IPsec clients? Most of those VPN routers use a standard that either MS IPsec services (seperate free download from MS) or any (IE OpenVPN or Cisco) client can connect to.
#19
Join Date: Feb 2007
Posts: 6
Trusting your life to an amateur?
I'm not a VPN administrator. I'm a finance guy. I don't want to trust my ongoing access to my email, etc. to an amateur VPN administrator, even if the amateur is me.
#20
Join Date: Aug 2006
Location: DCA / WAS
Programs: DL 2+ million/PM, YX, Marriott Plt, *wood gold, HHonors, CO Plt, UA, AA EXP, WN, AGR
Posts: 9,388
I'm currently staying at a TownePlace Suites with Stayonline service.
VPN is blocked entirely (spent an hour on the phone with tech support that first told me that Zonealarm was the problem and that I should NEVER run a firewall on their system, and then told me that the problem was that the outbound pipe didn't have enough capacity and I needed to wait until someone else stopped using their computer).
Exchange webmail doesn't work from their network, either, it continually & repeatedly brings up the username/password box and finally says "access denied". They had no answer for that.
Both work fine from dialup, wireless hotspots, and every other hotel I've stayed in.
I see why it's free at this hotel - it's totally useless.
VPN is blocked entirely (spent an hour on the phone with tech support that first told me that Zonealarm was the problem and that I should NEVER run a firewall on their system, and then told me that the problem was that the outbound pipe didn't have enough capacity and I needed to wait until someone else stopped using their computer).
Exchange webmail doesn't work from their network, either, it continually & repeatedly brings up the username/password box and finally says "access denied". They had no answer for that.
Both work fine from dialup, wireless hotspots, and every other hotel I've stayed in.
I see why it's free at this hotel - it's totally useless.
#21
Join Date: Nov 2002
Location: San Francisco, CA
Programs: US CP, *wood Gold, Marriott gold, Hilton something
Posts: 1,458
If anyone who suggest that I not run a firewall on their network, I'd be tempted to laugh in their face. I'd have to buffer that with the understanding that its just a guy doing their job and probably reading a script...still...thats a really bad thing to say.
The only solution I've found for those situations is SSH. I have a box with SSH running at home that answers on port 443 (which is typically for secure web, https). Since its almost never blocked, it works...but its not an ideal solution at all.
I think your right, you get what you pay for
As for exchange, that doesnt make a lot of sense. Assuming your OWA server is using HTTPS then the entire thing either makes it or it doesnt.... if you are being prompted, it should work fine. Is there a chance your user is locked out from repeated attempts? That being said, I've seen firewalls do some strange things...
The only solution I've found for those situations is SSH. I have a box with SSH running at home that answers on port 443 (which is typically for secure web, https). Since its almost never blocked, it works...but its not an ideal solution at all.
I think your right, you get what you pay for
As for exchange, that doesnt make a lot of sense. Assuming your OWA server is using HTTPS then the entire thing either makes it or it doesnt.... if you are being prompted, it should work fine. Is there a chance your user is locked out from repeated attempts? That being said, I've seen firewalls do some strange things...
#22
Join Date: Aug 2006
Location: DCA / WAS
Programs: DL 2+ million/PM, YX, Marriott Plt, *wood gold, HHonors, CO Plt, UA, AA EXP, WN, AGR
Posts: 9,388
I think your right, you get what you pay for
As for exchange, that doesnt make a lot of sense. Assuming your OWA server is using HTTPS then the entire thing either makes it or it doesnt.... if you are being prompted, it should work fine. Is there a chance your user is locked out from repeated attempts? That being said, I've seen firewalls do some strange things...
It's only happening on this one network, so either they're blocking something or they've got something configured wrong. (The conspiracy nut would say they only want to handle unencrypted traffic, but I don't think that's the case). The hotel is about to lose my future business.
I'll probably do SSH and set up a Linux/BSD box at home as a router. Assuming, of course, that SSH isn't blocked here, too.
#23
Join Date: Feb 2007
Posts: 6
A solution being offered by http://www.loapowertools.com overcomes the Port 25 problem for outbound email (and the related problem created when your ISP won't let you relay from outside their network) securely, without a VPN. A VPN is more complex than necessary just for email. The LoaPowertools solution is still in beta, but you can sign up for the beta.
Last edited by kgord; May 14, 2007 at 3:12 pm
#24
Join Date: Nov 2002
Location: San Francisco, CA
Programs: US CP, *wood Gold, Marriott gold, Hilton something
Posts: 1,458
I just cannot stress the value of a VPN enough. I totally understand the reluctance about running a server, etc... but there are 3rd party VPNs out there. VPNs provide a lot more than a way to get around blocked ports. Most noteably, when configured correctly, they effectivly remove you from the hotel's LAN (which you share with every guest) and protect your traffic from prying eyes. I know its not always a popular stance, but personally I won't ever surf outside of my LAN without a VPN connection either back to my network or to my work network.
#25
FlyerTalk Evangelist
Join Date: Jun 2005
Posts: 38,410
It had to be wiped and reinstalled.
#26
Join Date: Aug 2005
Location: SNA Rwy 20L
Programs: QF Silver
Posts: 703
Before I decided to run my own Linux servers I just was running a regular old XP desktop with a cable modem. I installed OpenVPN and configured it to run on port 443 to bypass hotel port blocking. Before traveling just start the application, open the port in the router and you have a pretty easy way to safely access the internet from the road. Upon return, just reboot the machine, block the port in the router and everything is back to normal.
No Linux or server knowledge required, just download the software w/GUI (http://openvpn.se), install on desktop & laptop, follow their install help to create certificates, keys, and config files, enable port on router/firewall, run dyndns (if necessary) and you're done. One caveat is whether your home ISP blocks incoming ports, some block 443, but you can usually find one that works...1194, 8080, etc.
I know there are always security risks making your machine visible, but they are pretty minimal compared to the risks of using an insecure hotel network.
Last edited by Zarf4; May 15, 2007 at 10:16 am
#27
Join Date: Nov 2002
Location: San Francisco, CA
Programs: US CP, *wood Gold, Marriott gold, Hilton something
Posts: 1,458
OpenVPN can be tricky but with the right guide it can be a snap. There are also some consumer or SoHo routers that will accept incoming VPN connections, although I understand they are tricky to configure and not all of them relay traffic back out though the remote gateway.
#28
Join Date: Aug 2006
Location: DCA / WAS
Programs: DL 2+ million/PM, YX, Marriott Plt, *wood gold, HHonors, CO Plt, UA, AA EXP, WN, AGR
Posts: 9,388
I think thats a great solution!
OpenVPN can be tricky but with the right guide it can be a snap. There are also some consumer or SoHo routers that will accept incoming VPN connections, although I understand they are tricky to configure and not all of them relay traffic back out though the remote gateway.
OpenVPN can be tricky but with the right guide it can be a snap. There are also some consumer or SoHo routers that will accept incoming VPN connections, although I understand they are tricky to configure and not all of them relay traffic back out though the remote gateway.
I solved my hotel issues by getting a Sprint broadband wireless card. As fast, if not faster, than the hotel connection, and flawless with the VPN and Exchange wbmail.