DNSSEC and ISPs faking DNS responses

Owen DeLong owen at delong.com
Sat Nov 14 12:07:51 UTC 2015

> On Nov 14, 2015, at 03:11 , Roland Dobbins <rdobbins at arbor.net> wrote:
> On 14 Nov 2015, at 16:05, Owen DeLong wrote:
>> Lots of VPN services out there like the ones mentioned earlier in the thread have made it nearly as simple to install and operate a VPN.
> Until the setup and functionality are automagic, we're not going to see broad use of VPNs by non-specialists.

The point you seem to be missing is that your “until…” is already met.

I know of at least one ISP that is providing CPE with VPN pre-configured and built in.

I know of several other software/service solutions that are literally download-launch-subscribe. (download client software, launch installer, supply payment information for subscription).

> VPN functionality is built into pretty much every mainstream (and many non-mainstream) OS out there, including mobile devices.  But it isn't something that's simple; users have to at a minimum install and accept a VPN profile, which means they have to go looking for a service in the first place.

You’re not looking at the right VPN software. The built-in stuff is crap that is years behind the current state of the art.

> I'm wondering if perhaps major OS vendors/developers may start offering/OEMing VPN services, or at least distributing profiles in the same way as browser vendors/developers distribute CA certs?

More likely this is going to be iterations of what is already being more widely accepted. Downloadable pre-configured client software that works with a particular VPN service.

Point-click-subscribe model seems to receive fairly wide adoption among people sufficiently interested in bypassing {insert network damage here} to pay a monthly fee for a service that will do it.

I think the going rate is something like $5/month for US VPNs last time I looked.


More information about the NANOG mailing list