Yes, with tunnel brokering and the ability to reverse-tunnel "Roaming" 'Internet users should be able find a way to communicate on their own terms', as they move in a "Mobile Environment" switching back-end networks if required, for Mobile VPN. Kudos to Cisco's Mobile Access Router 3200 for being an example for this architecture. Yes, I had the pleasure of "piggyback" riding a WiFi network setup by a neighbor while in a hotelroom in a remote, forsaken place and in the words of Ole, 'as a consumer of paid-for Internet service (that works)', there was no reason for me to care and probably these rules set for user terms will need to be integrated for policy to switch to another network if I really have to pay. Somebody is paying, but there really ain't no free lunch! Regards, Harsh Verma Director, R&D, GLOCOL, Inc Past Vice-Chair (Industry) R&D WG, NECCC Member, Cross Boundary WG Tel: +1(916)684-3262 E-Mail: hverma@xxxxxxxxxx www.glocol.net -----Original Message----- From: ietf-bounces@xxxxxxxx [mailto:ietf-bounces@xxxxxxxx] On Behalf Of Mark Smith Sent: Monday, June 21, 2004 5:39 AM To: cdel@xxxxxxxxxxxxx Cc: ole@xxxxxxxxx; ietf@xxxxxxxx; hadmut@xxxxxxxxxx Subject: Re: What exactly is an internet (service) provider? On Mon, 21 Jun 2004 10:03:46 +0100 "Christian de Larrinaga" <cdel@xxxxxxxxxxxxx> wrote: <snip> > A traveller cannot change ISP easily so either will just have to > accept some things cannot be done or will find a way. As it happens > one can preplan and setup a proxy service or a tunnel broker etc that > can get round many of these issues. > > Perhaps the IETF would be wiser to give a warning about the futility > of trying to break application transparency. "The Internet user may > always find a way to communicate on their own terms" ... using the following tunnel broker / VPN peer. The neat thing about it is that it uses SSL/TLS over UDP, and you can specify the UDP ports to use. As it uses UDP to encapsulate the IP packets, the outer IP header can be NATted. Also, as it uses UDP, and the ports are selectable, you may be able to "punch" a pipe through a firewall, by using UDP ports #53 a.k.a. DNS, depending on how well the firewall inspects DNS traffic. If that works out, "The Internet user may always find a way to communicate on their own terms", irrespective of NAT. http://openvpn.sourceforge.net/ Regards, Mark. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf