Sunday, August 29, 2010
21

This is a re-blog of the original article written by Riyadh Al Balushi (aka @blue_chi) here.

Essentially, The Regulatory Authority (TRA) have decided that too many people are circumventing the filtering system imposed on net users here via Virtual Private Networks. If you read Arabic, here is the draft proposal being tabled by TRA for banning all VPN's in the Sultanate.

According to Riyadh's translation, those found privately using a VPN will be fined RO 500, and those found commercially using a VPN will be fined RO 1000.

Now this is a double-edged sword, because many companies here use VPN's to conduct their business. In fact, as a business, you must pay an absolute fortune for a leased line here - the only way to get a static IP with Omantel (Omantel conveniently decided that ADSL connections could not have static IP's, even though all it would take is a few clicks of a mouse - Nawras offer static IP's on their connections for a reasonable RO 50 a month). To give you an idea, an 8MB ADSL (and 0.5mb up) residential line is RO 99 a month. A 1MB leased line (that's full duplex, up and down) is RO 1,725 a month (after RO 400 setup fee) (this falls to RO 1,294 a month if you commit to 3 years usage). You read that correctly - to get a Fixed IP (which is required by many corporate networks architecture) you need to spend between US$3,364 and $4,485 a month! And that is only for a 1MB connection - you can look at Omantel's rates here. Alternatively, you could go to Nawras and get a Fixed IP on a 16MB down and 2MB up connection for a rather frugal RO 369 ($959) a month. It's a wonder why Omantel continues to refuse to offer static IP's on it's Business ADSL packages. Stupidity does come to mind.

So now then, the rest of us. Many people have been using VPN's to circumvent the restriction policies in effect. Some people use VPN's to get their skype working, others use them to look at porn, others to access regional-specific websites (Such as the BBC's iPlayer), and further more people use VPN's to access educational institutions. Some people just don't want their browsing to be monitored and so choose to encrypt it. OpenVPN is the software of choice for these people (it's the defacto standard because it's available for free, you just need to connect to a host machine - which is where companies charge). Omantel have blocked the standard ports that OpenVPN use, thus knocking out a large swath of VPN users in one swipe. Nawras have throttled these ports, to a point where a stable VOIP connection cannot be achieved, but browsing can still continue.

It seems that this move by TRA is more about stopping people from VOIPing than protecting the moral fibre of internet users here in the Sultanate.

The point of this argument is this: Where do you draw the line? To ban VPN's because people are using them to enable their Voip connections, that's one thing, but to ban VPN's because people are encrypting their traffic and big brother is not happy (which is the reason being spouted at the moment) is just a slippery slope. What happens when I want to do online banking, or access email, or visit any website which is SSL encrypted (thats https:// as opposed to http://) - following that line of thought from TRA, they will want to stop ALL of that because it's encrypted traffic.

I find this just another example of how draconian the policy makers at TRA really are, and I wonder what will happen next? The filtering hardware and software already imposed on us by TRA slows our internet traffic down significantly already, and for those people that game online (pc or console) they'll tell you the same thing - finding other players that they can play with without a significant lag (delay) is proving to be harder and harder these days.

The fine, if you are caught, is significant - RO 500 for personal users, and RO 1000 for commercial users of VPN's. That's a large chunk of change. TRA will grant licenses for educational institutions and businesses, but you may not apply for a VPN license if you are a private user. There is no word on pricing from the TRA, nor is there any word on how long it will take to get a license granted, or how they will apply those licenses to the ISP's filtering processes. Smart money says it'll be done via a whitelist of IP's - except that wont work for Omantel ADSL business customers, or Nawras Business customers that do not have static IP's. There's a lot left to the imagination here.

To detect whether someone is using a VPN, there are a number of methods that can be employed to do this. The most obvious one is to just simply block the common ports that are used by popular VPN providers, which has already been done. After that it get's technical, and essentially what can be done is that a profile is looked for in the pattern of your internet traffic coming from your account. For example, if all the traffic coming from your account is being funnelled through one port, then that's an easy guess that you are using a VPN. It gets very technical very quickly and thus over my head, but suffice to say - YES, it is entirely possible to detect when people are using VPN's.

One does have to ask the question - when does internet access here become so limited, that it's just not worth the already high prices charged for access?

le fin.

21 comments:

Anonymous said...

My guess is that the internet has become so ingrained in the way we do business and live our personal lives that we simply cannot live without the internet anymore...and I'm pretty sure ISP's know that.

What really pisses me off is that they charge so much for internet here and for what?

In most civilised countries you can unlimited up and down 1/3 of the price and no one will ever say that you can't look at whatever you want to.

If you want to talk about the effect of what the ISP blocks in terms of moral fiber I agree with you, I think it's a moot point.

There's still rape, murder, assults and thefts going on in the Sultanate so does it seem like blocking morally questionable websites has any effect on human nature?

Not really. (but I'm not saying that watching porn leads to rape)

It's truly disgusting how much they charge for internet here and how much they censor, all the while they must be rolling in cash...it really makes me sick.

-Not a fan of ISP's in Oman

Anonymous said...

Is this why I can no longer do my online banking? I notice that since June I cannot log on to a number of perfectly innocent websites, including Barclays. Is it the encryption issue?
Rather than getting any error message, it just hangs. Other sites work normally (ie slowly!).
Simon

Sythe said...

Try re-installing your browser, or trying a different one (ie firefox / chrome / safari)

Currently I've no problems logging into online banking.

Anonymous said...

Thanks for the suggestion Scythe, but Firefox and Opera were the same. This is now resolved however - it turned out to be a MODEM DNS setting/gremlin I think.

Simon

PS Le Fin? If French should be "La" non?

Anonymous said...

I don't think Omantel or Nawras are blocking standard ports on OpenVPN, because my 'regular' openvpn connections that go through port 443 (akin to https) are also blocked.

What they are doing is performing denial of service attacks during the key negotiation and handshake when openvpn is setting up a tunnel.

However, OpenVPN configs allows you to set up some extra parameters that specifically work to counter such things. You just need to find a provider that has them configured. Or you can roll your own.

Sythe said...

Thanks for the comments everyone. Let's not talk about how to circumvent the blocks though, okay gang!?

Simon, it's Sythe, a name, not a tool.

And "le fin" is a tag-line, not an attempt to be grammatically correct in French. I believe the correct term would just be "fin".

Anonymous said...

OpenVPN works best when couple with unicorn fairy dust :)

Sad said...

I am really tired, frustrated and angry at ISPs in Oman.

I can understand the need to block VPNs in order to prevent people from looking at 'naughty' pics online (this is so important, by the way, because it's not as if you can get an Indian worker to come to your flat, install a 'black box' with a new satellite dish for, like, 50 OMR, and watch ALL the smut you want to all day long on your big screen ... ah, sarcasm ...)

BUT WHAT IS SOOOO WRONG ABOUT SKYPE??? Block VPNs if you want, but WHY, oh WHY, block things like Skype in the first place?

Guess what, Nawras and OmanTel, us expats, yes those of us that are not Omani that work and live in Oman to help YOU and YOUR country - WE also happen to have FAMILY that we LOVE and want to talk to / see. Maybe if your telephone rates were acceptable, there would be no problem. But we are not made of gold and diamonds - it costs me 10 OMR for 3.5 minutes of conversation with my family!!! Not to mention how much it would cost if I, God forbid, had to call my foreign bank ...

About how ridiculously overpriced both Nawras and OmanTel are, how POOR their service is and how little knowledge their staff has, I don't even want to get into.

I hope the decision makers at TRA, at Nawras and OmanTel, and all others involved in making these ridiculous, cruel, and, to some of us, heartbreaking decisions are enjoying Ramadan with their families. I hope they enjoy spending time with the family they love, talking and sharing their lives and love. I wish them a very sincere Ramadan Kareem.

My family and other expat families, will just have to wait until our annual leaves.

Hypocrites.

Anonymous said...

this is to get rid of all the expats?? can't you see, they want to lie under the bush again.

.COM said...

This is Cheney, from VPNGates.com
Don't worry about that, if your ISP blocked VPN connection please contact us, we can help you to resolve this issue.

Anonymous said...

well, but how can we contact you if VPNGates.com is blocked too?

Anonymous said...

PPTP AND L2TP IS BLOCKED IN OMAN?

Anonymous said...

if 1194 is blocked then which ports are available there?

vpn said...

HI ALL,

IF YOU WANT TO UNBLOCK OMAN, PLEASE JOIN WITH THE WWW.ASHVPN.COM. IT IS WORKING IN OMAN.

Anonymous said...

I have noted that Omantel and Nawras are the 2 companies showing profit. Why ? Because of monopoly. Remove the monopoly and see what happens. The internet charges are already one of the highest in the world and the government is turning a blind eye to make the country internet literate.

I wish government protected all industries and the people like this. TRA come one. Be realistic. All countries around the world allow VOIP but the telecom companies there make profits also.

TRA Oman learn new. Think New

jk said...
This comment has been removed by the author.
nada elkelany said...

Hi everyone
I would like to share this program with you
~~I wasel~~
After trying this software i think that i have to share it .
I wasel allows you to open any blocked sites u can imagine.
It also changes your ip address free to choose between 6 servers.
It also unblock the Skype, Paltalk and everything.
You can use it on your cellphone.
I think you have to try it
Go download it now
http://www.mowasl.com
http://www.saudiarabiavpn.com
http://www.qatarvpn.com
www.kuwaitvpn.com

Anonymous said...

help..!!! everything is getting blocked..... :( vpn links all blocked... even ultrasurf , kepard, etc

Anonymous said...

Is there a new program available to unblock skype? My ultrasurf is no longer working.

Anonymous said...

Thanks for sharing many ways to access blocked websites I also want to share my experience that you can access blocked websites by using this simple link.
access via proxy

Linkon Khan said...

Great job buddy. But is all the issue is positive. Thanks for your posting.
point 2 point

Popular Posts