OpenVPN or PPP-over-SSH

Do any of the new(er) VPSes support OpenVPN or PPP over SSH?

SSH access is great. Making backups and changes is a Royal Pain in the Posterior Nether Region with a hosting service that does not allow shell access; MySQL maintenance is difficult and making backups is nigh on impossible. If I charged by the hour, I would become wealthy very quickly. While connecting a VPS to one's local network may be (and probably is) fraught with security issues, it could be very useful to 'integrate' the VPS with the local network, to make the VPS appear as another node on the LAN.

The general idea would be to tunnel from the local site's DMZ (or LAN) on an as-needed basis. If firewalling rules could be configured to strictly control and minimize exposure, the tunnel could be semi-permanent. A couple benefits are:

• A portion of the VPS' file system could be NFS or SMB-mounted on the LAN, streamlining access for web site updates, email, and backups.
• Access to the VPS' SMTP could be further restricted, especially if AdvantageCom's spam/virus filtering service is used. Access would be restricted to the tunnel, localhost and CSKV.

Firewall rules would have to pert-near guarantee that only the LAN can originate connections to the VPS--the VPS should not be able to originate connections to the LAN. The tunnel would have to remain unrouted; its data should not be routed off the VPS, nor out of the LAN.

If it can be configured and be made 'secure', this could be another feature to set AdvantageCom apart from the others.

N

If it can be done on a "real" box of the same specifications over an Internet connection, it can technically be done on an hwVPS. You can install software by yum, compile it yourself, or modify the operating system however you see fit.

I qualify that with the word "technically" because there are some things that our terms of service specifically prohibit.

VPN links to a VPS fall into a gray area regarding whether they are allowed or not. Typically, they come under very close scrutiny and if we can't tell what they are being used for, we watch even closer until the purpose of the VPN link is known.

On VPS accounts, VPN links are most commonly used by hackers, spammers, fraudsters, and Internet predators to hide their identity and instead show the IP of the VPS to whatever Internet locations they might touch with their nasty deeds. Of course, none of those are allowed on our network and they get kicked out as soon as they're discovered. It is more about the intended use rather than the technology itself.

Legitimate uses of VPN links to VPS have been in the extreme minority. There are maybe one or two VPS accounts using a VPN legitimately for legal purposes out of thousands of VPS that have been setup on our systems.

Just to be clear, any VPS account we sell allows SSH access. Our current WebPro accounts (CPanel based) do as well.

The iptables firewalling within the VPS is very robust and can handle just about any scenario. You can load kernel modules to extend the functions as required. You could even replace the kernel altogether. We don't recommend that because we can't support problems arising from a custom kernel, but it could be done if you were confident in your skills.

This is true, but you might find a virtual drive utility that does the same over SFTP/SCP to be a better choice. It doesn't leave a two way back door open into your network. It also doesn't get hammered with broadcast traffic from your local LAN. It is also generally better optimized for the relatively high and variable latency present over much of the Internet.