Ask Slashdot: VPN Service For a Deployed US Navy Ship?

shinjikun34 writes "I am currently stationed on a U.S. Navy ship deployed in a country with restrictive internet policies. We are currently in the process of setting up an entertainment internet connection for the crew to use in their downtime. I suggested (and was thereby tasked with finding) a VPN service that would support 100 to 500 devices, have an end point inside the continental United States, be reasonably priced, and secure/trustworthy. Something that is safe to use for banking and other financial affairs. Ideally, it would be fast enough to support several VoIP calls (Skype, Google Voice, etc) along side online gaming, with possible movie/music streaming. It will need an end point in the U.S. to allow for use of Google Books, Netflix, Hulu, and other services that restrict access based on region. I, in all honesty, have no idea where to begin searching, and I ask the good folks of Slashdot to aid me in my quest. One of the main requirements I was given is that the company has to be trustworthy. And it has to be a company — computer in someone's closet hosting a VPN isn't acceptable to the Navy. What services would Slashdot recommend? (I understand that our connection without a VN probably won't be able to handle the described load, but I would prefer a VN service that offers capacity above our need. That way when T/S'ing the connection, the VPN can be at least partially ruled out.)"

Pair

[Frightened_Turtle]

Try Pair.com [pair.com] in Pittsburg, PA. I've been with them for over 16 years now and I've been very happy with their service and support.

The end point should be run by the military

[mrmeval]

The NSA is tasked with securing such communication and you should regardless of classification of data be using their equipment or at least an approved system. In that way you know that you at least are protected from your provider.

Your users shouldn't even know you'd doing jack to their connection except to show as a US IP address. There should be no identifying information that points that IP to any military activity.

Sonic.net

[Anonymous Coward]

I know Sonic.net offers their customers VPN service, and have a great track record and are a pleasure to work with. I'd call their business/enterprise department and see what kind of bandwidth they can give you in a VPN termination.

However, I hope you're aware of the dangers of having multiple secure and insecure internets in close proximity...I sincerely hope one moron with a patch cable can't bridge the "entertainment" network to anywhere else...frankly I'm surprised this isn't handled by the USN core networking folks already....?

Re:Amazon Web Services?

[Jerome H]

From the question:

And it has to be a company — computer in someone's closet hosting a VPN isn't acceptable to the Navy

So firstly he can't host it himself and providing a VPN service for 100 devices is by no mean a trivial task.

Re:The end point should be run by the military

[truesaer]

My guess is that the military DOES provide internet access. And it probably allows them to do basic web tasks, etc but does not allow streaming video, VOIP, etc. This is probably because they are on a limited satellite connection and have to guarantee performance for the actual military functions of the ship.

They also probably have access to Armed Forces radio and television, DVD libraries, etc.

Re:Pair

[Anonymous Coward]

That'll change properly spelled instances to Pittsburghh. What you want is to add a word-terminator to the expression so it doesn't break the correctly spelled words. /nerding out

Re:WTF

[History's Coming To]

Yup, exactly. I'd be very surprised if there was a way to set it up so it was 100% guaranteed to be independent of military equipment (it's going to have to share the same satellite link for example), and unless there's a military networking specialist on /. who's happy to talk openly and publicly about their systems...?

The only people who should be setting this up are the people who admin the rest of the networking equipment on board.

Re:The end point should be run by the military

[icebike]

I'm amazed that people really trust the OP is in a US Navy ship.

He said he is using a local ISP for bandwidth. So clearly he is not talking about ON the ship while at sea.

He is probably talking about dock side encrypted wifi (perhaps bridged to some place onboard).

He's probably stationed on a tug or service boat, oilers, replenishment ships, repair ship, because it would be pointless to set up something like
this on a war ship which doesn't spend all that much time in port.

100 to 500 devices indicates (think cell phones and tablets and the occasional lap top) a crew of something much smaller than a Frigate.
Even Coast Guard national security cutters tend to have a crew greater than 100.

Re:The end point should be run by the military

[jbolden]

Do you think the Roman Legionnaires followed local laws they disagreed with in the many lands they conquered? Of course not,

Actually in general they did. The Roman legions set up all sorts of barriers to prevent Roman troops from offending local custom. It also slowed down the rate at which Roman soldiers "went native" and ended up with mixed loyalties. Which is essentially the policy and model the US follows today.

Re:The end point should be run by the military

[David-D2]

DoD policies on military quarters should apply to quarters on a Navy ship as well. I am not in COM or anything like that, but I live on an Air Force base and I know the DoD does allow private internet connections. The restrictions you are talking about only apply to DoD information systems. If you are creating a network independent of the installation's connectivity and use it for hosting any technical data or as a subsystem to supplement a DoD system, the rules you stated apply. If it is for personal reasons and nothing to do with DoD information technology, the Information Assurance guidelines do not apply.

Re:Pair -- good choice

[Anonymous Coward]

I've also been a Pair customer for many years. Their support is absolutely fantastic. Unlike many large companies who don't bother to read your questions and just reply with boilerplate, Pair responds quickly and accurately, and follow-ups are quick and easy (email). Sometimes, they've proactively fixed accounts that were at risk due to a security flaw or upgrade.

Re:The end point should be run by the military

[belmolis]

The Romans and the Mongols generally operated on different models. The Mongol approach was to overcome resistance by terror. In the absence of some prior dispute, when they came to a city they asked that it submit to them. If it did not, and they succeeded in capturing it, as they usually did, they were brutal: they would generally kill all of the men of military age and the elderly. Younger women and children would often be enslaved and if not, killed. The city would be looted. If, however, the city capitulated, they were actually pretty nice. They would take control but otherwise largely leave things as they were.

The Mongols were tough and prepared to be brutal, but they were not mere bandits, and they were not a mob. The Mongol Empire was well organized, with an excellent courier system and the rule of law. Unlike contemporary European countries, they were religiously tolerant (except for the Ilkhans, in Persia, after 1295 when they converted to Islam.) The Mongol legal code, the Yassa, was, from what survives of it, pretty reasonable for its time.

Re:The end point should be run by the military

[Grishnakh]

You sound like a real piece of shit.