technical

Configure an External RAID-1 USB Drive for Backups - Ubuntu 12.04

I have a WD USB 3.0 500gb hard drive for my work laptop who's sole purpose in life is to record back-ups of my Ubuntu 12.04 system.  I've never formatted the device and it's always worked very well for me despite my cavalier treatment: tossing it around in my backpack during my commute mostly. I use a program called back-in-time for my backups and I like it for it's ease-of-use coupled with a healthy sense of fire-and-forget.

Recently, my back-ups started failing with generic write-fail errors so I committed to re-formatting the device.  Since I was going to nuke it, I decided to implement RAID-1 during it's resurrection just to have an "extra" copy of my back-ups.  The partition I back-up is only 100gb -- which is currently about 55% full -- so splitting the device into two logical drives and configuring under RAID shouldn't be a problem, right?

I mean, I have absolutely NO experience with RAID so how hard can this be?

After a few false starts, I honed down the process and this is what I'm sharing with you today.  Oh, and as side note -- in the first paragraph, I linked to this particular drive on Amazon as a courtesy -- I'm not getting and referrals or anything like that...just thought you might want to see what we're dealing with.

Phase 1 - Installation of Tools

Ok - so, to get started, I needed to install mdadm which was pretty easy:

[cc lang='bash' line_numbers='false']

# sudo apt-get install mdadm

[/cc]

What was somewhat confusing was the need for mdadm to install a mailing agent - for the monitoring tool, but during the installation I elected to not configure the mail program and everything still went smoothly.

Next, I installed gparted and all of the available options through the Ubuntu Software Center app.

I already had back-in-time installed and I provided the link above.  Use the Ubuntu Software Center to install this app if you don't already have it.

With all the software in-place, it's time to configure the device.

Part 2 - Wiping and Configuring the Device

Plug your device into your system and wait for it to automount -- which it will do if it still has the factory-equipped partition installed.  Once it's installed, go to your command line and unmount the device:

[cc lang='bash' line_numbers='false']

# umount /dev/{your_mount_point_here}

[/cc]

Either sudo this command, or sudo over to root.  I chose the latter as I get tired of forgetting to sudo.

Once the device is unmounted, start-up gparted,, authenticate, and wait for gparted to stop scanning for devices.  Change your device over to your external drive which was, for me: /dev/sdb.

(Side note: The WD drive comes with it's own software which just swell if you're a Windows or a Mac user.  Otherwise, the software is just taking up space.  Copy these programs if you want but you can always download replacements from the WD website.)

For me, the drive was formatted into one single, large, partition.  Delete this partition and don't look back.

Next, split your partition into two smaller partitions, equally dividing the available space between the two.  RAID-1 is mirroring - you're creating two logical partitions in this device but you will mount it (the system will see it) as a single device.  Data is written to the first partition and RAID copies the data over to the second partition, mirroring the data to the second logical partition.

I chose the ext3 filesystem for my partition simply because:

  • it's better than ext2
  • it's robust
  • I don't believe I'll get any speed benefits from ext4 (USB, eh?)
Make a note of the names of the logical partitions (Mine was /dev/sdb1 and /dev/sdb2.) as you're going to need to know this later.

Note too that you're not actually doing anything at this point - you're just building a task-list for gparted to execute when you're finished creating tasks.

Next, flag each partition as a RAID partition by right-clicking -> Manage Flags -> Raid.

Once this is done, you're ready to execute your task list which will partition and flag the devices.  When the task list completes successfully, you can quit gparted.

Step 3 - MDADM

Next, you need to create the software RAID volume using the mdadm tool.

This is very easy and is done with a single command:

[cc lang='bash' line_numbers='false']

# mdadm --create --verbose /dev/md0 --level=1 --raid-devices=2 /dev/sdb1 /dev/sdb2

[/cc]

What this command does is:

  • invokes mdadm with the --create option (useful for creating RAID arrays)
  • specifies the "verbose" flag so you can get meaningful diagnostics should something head south
  • specifies the mount-point device (/dev/md0) for your RAID
  • specifies your RAID level (--level-1) (remember, 1 = mirroring)
  • specifies the number of devices in your RAID (--raid-devices=2)
  • lists the device links for the logical drives to be used in the RAID (/dev/sdb1, /dev/sdb2)
In the screen-shot below, I highlighted the raid mountpoint device, /dev/md0, because (a) I kept forgetting it was a required parameter to the command and (b) I am going to need this device name for the next command...
[cc lang='bash' line_numbers='false']

# mdadm --create --verbose /dev/md0 --level=1 --raid-devices=2 /dev/sdb1 /dev/sdb2 mdadm: /dev/sdb1 appears to contain an ext2fs file system size=244174848K mtime=Wed Dec 31 16:00:00 1969 mdadm: Note: this array has metadata at the start and may not be suitable as a boot device. If you plan to store '/boot' on this device please ensure that your boot-loader understands md/v1.x metadata, or use --metadata=0.90 mdadm: /dev/sdb2 appears to contain an ext2fs file system size=244177920K mtime=Wed Dec 31 16:00:00 1969 mdadm: size set to 244173688K Continue creating array? yes mdadm: Defaulting to version 1.2 metadata mdadm: array /dev/md0 started.

[/cc]

Press enter to execute the command and you should get the prompt back after a few seconds.  Note that the program requires no input from you.

Step 4 - Making and Mounting

This is the step that most of the online and available pages on mdadm leave out.

You still need to format your filesystem!

So, let's do this with mkfs...

[cc lang='bash' line_numbers='false']

# mkfs -t ext3 /dev/md0 mke2fs 1.42 (29-Nov-2011) Filesystem label= OS type: Linux Block size=4096 (log=2) Fragment size=4096 (log=2) Stride=0 blocks, Stripe width=0 blocks 15261696 inodes, 61043422 blocks 3052171 blocks (5.00%) reserved for the super user First data block=0 Maximum filesystem blocks=4294967296 1863 block groups 32768 blocks per group, 32768 fragments per group 8192 inodes per group Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 4096000, 7962624, 11239424, 20480000, 23887872

Allocating group tables: done Writing inode tables: done Creating journal (32768 blocks): done Writing superblocks and filesystem accounting information: done

[/cc]

Note that I use the RAID mount-point address of /dev/md0 to create the filesystem.

This will take a few minutes to run so go take a stretch break and play with the dog or annoy your hot receptionist or something.

Once this step completes, you're pretty much done -- all that's left is mounting the device and using it.

[cc lang='bash' line_numbers='false']

# mount /dev/md0 /media/raid

<do stuff like start a back-up>

# df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/PAMCAKES-root 84G 9.4G 70G 12% / udev 3.9G 4.0K 3.9G 1% /dev tmpfs 1.6G 920K 1.6G 1% /run none 5.0M 0 5.0M 0% /run/lock none 3.9G 49M 3.9G 2% /run/shm /dev/sda2 242M 159M 71M 70% /boot /dev/mapper/PAMCAKES-user 93G 48G 42G 54% /home /dev/md0 230G 22G 196G 11% /media/raid

[/cc]

Note that your available filesystem space is approximate one-half the capacity of the drive.

That's right - you paid a whopping $89 for a 500gb device out of which you can use about 230gb.

But you have two of them.  So if your first partition fails, you've got a back-up of your back-up thanks to the wondrous magic of RAID.  And, you learned how to set-up a RAID device, so, win.

Unless one of your kids (or grandkids) decides that your sleek, new, external device looks better in the fish tank than it does on your desk, you have an additional and available option for recovering lost data.

Keep in mind that this is a software solution -- hardware RAID is still the preferred way to go when dealing with issues of redundant data storage.  But this works, too.

Step 5 - Maintenance

To stop your RAID device use this command:

# mdadm --stop /dev/md0

To see the state of your RAID, cat /proc/mdstat to your terminal:

[cc lang='bash' line_numbers='false']

# cat /proc/mdstat Personalities : [raid0] [raid1] md0 : active raid1 sdb2[1] sdb1[0] 244173688 blocks super 1.2 [2/2] [UU] [>....................] resync = 1.8% (4474560/244173688) finish=4948.7min speed=806K/sec

unused devices: <none>

[/cc]

To get details about your RAID, use mdadm:

[cc lang='bash' line_numbers='false']

# mdadm --detail /dev/md0 /dev/md0: Version : 1.2 Creation Time : Tue Jul 24 14:41:55 2012 Raid Level : raid1 Array Size : 244173688 (232.86 GiB 250.03 GB) Used Dev Size : 244173688 (232.86 GiB 250.03 GB) Raid Devices : 2 Total Devices : 2 Persistence : Superblock is persistent

Update Time : Tue Jul 24 14:42:51 2012 State : active, resyncing Active Devices : 2 Working Devices : 2 Failed Devices : 0 Spare Devices : 0

Resync Status : 2% complete

Name : pamcakes:0 (local to host pamcakes) UUID : b542c27c:1d620c3e:6f07b9e8:53aee08d Events : 1

Number Major Minor RaidDevice State 0 8 17 0 active sync /dev/sdb1 1 8 18 1 active sync /dev/sdb2

[/cc]

To uncouple the RAID device:

# mdadm --remove /dev/md0

 

That's it for today...hope this helps...there's a lot of good information already available on the web for using mdadm and software RAID - I just wanted to consolidate everything into a contiguous process.

Later, should sufficient motivation present itself, I'll follow-up with alerts and what not...

 

Back to the 80's...

Most of my first week in Mexico was spent doing battle with two cellular companies:  Boost Mobile and AT&T over cellular coverage and pricing.

As the loser of said battles my only remaining recourse is to document the events within this blog so to serve as a warning to those in similar predicaments so that they will learn from this experience and not waste time getting gobsmacked by indifference and incompetence.

Prior to moving, I enjoyed AT&T cellular service in the SF Bay area.  I very recently changed back to iPhone ownership because the iPhone would pair with my hearing-assist device where as my HTC (Verizon) would not - this, despite spending a full day at the audiologist coaxing the phone, like a groundhog emerging from it's hole, to "see" the bluetooth device.  Eventually I abandoned my HTC phone in favor of the iPhone since the iPhone took the pairing on the first attempt.

(side note: to the credit of Verizon, when they learned of why I was switching phones, they waived the contract cancellation fee.  Well-played, Verizon - you have, through your sense of humanity, ensured an advocate in me!)

Anyway, life was good until I crossed the border into Mexico.  Within inches, AT&T graced me with a free text message informing me that cellular roam rates would now be incurred at $0.99/minute of talk-time and $19.97/megabyte of data.

Considering I had an unlimited data plan, with tethering, $20 per meg struck me as wee bit...shall we say, excessive...  Off to the interweb lumbered I, searching for call plans for my phone that would allow me to use my US phone in Mexico (albeit within a few miles of the international border) without the looming threat of immediate bankruptcy for doing so.

I was unsuccessful in locating a comparable AT&T plan that included Mexico in it's cellular goodness without having first to pledge most, if not all, of my future earnings to this corporation in return for minimal utilization of their services.  So, back across the border to the nearest AT&T store where I met a most-helpful clerk.

Jonaton was aware immediately of my "special" needs -- I don't care for cellular minutes being hard-of-hearing but, instead, rely heavily on data use for my communication needs.  In other words, I communicate with emails and text messaging.  I can use the phone but it's an involved process and, I assure you, I will not hear every word spoken with accuracy.

The best plan, even after he called advanced customer care, was something called the Viva-Mexico plan -- where I can have 450 minutes of talk time per month (on either side of the border) but data would be offered only as a pay-as-you-go option:  text messages would cost $0.50 each and data can be consumed at the rate of a mere $5/mb.  This would also lower my basic bill by half - to about $55/month.

I commented: Boost offers me unlimited text, email, phone and data, with international support, for $55/month -- how can you (AT&T) compete with this?  He just threw me a sad look and said: We can't.

Having, literally, no other choice being a new contract holder, I accepted the new calling plan.  When I later crossed back into Mexico, I tried the cellular service and it works ok.  Texting still seemed really flaky and I don't want to pay $0.50 per text, so I turned off all cellular service and now only use the phone, while in-country, when I can access wireless.  Basically, I am paying AT&T $55/month to not penalize me for the cost of the phone (new plan) or contract cancellation, said total being close to $1,000.

Phoneless, I next went to Boost Mobile because (a) everyone in Mexico uses the radio over the phone, and (b) the phones work in Mexico this close to the border over voice and text as well.  Finding a radio-phone, however, turned out to be an epic quest as all stores in the US have stopped stocking the phones in preparation for the removal of the IDEN towers which provide radio communications, making the (what I like to call the "beep-beep") part of the service go the way of the dodo.

Boost is actively tearing-down their IDEN towers - radio, a far superior communication service in terms of speed and clarity imo, for some reason is going away in the US at the end of this year.

I visited a total of five Boost stores without finding a single radio-equipped phone.  I finally decided on the smart phone option but the last store was out of stock of the particular model I wanted, (weird -- phone stores with no phones) so we headed back to the first store we stopped at.  Where at I learned that the store manager had contacted her manager who hand-delivered his last two radio-phones to the store.  Of which one had already sold.  Awesome!

I snatched the other one up (prematurely) declaring victory over the phone consortium's efforts to thwart my communication needs!  Huzzah!

We activated the phone and I returned to my new home...where I learned that the phone would not work on the cellular or text network.  Dialing 611 -- Boost's customer service number which they promise on their website will never be restricted was, on my phone, restricted.  The split-second I pressed the "ok" button to send a call, a screen pop-up declared "Service Restricted" on my call.

Two people, sitting next to me on my couch, both with Boost service, both with the exact same model of phone, were able to make cellular calls (to the US and Mexico) and send text messages.

At least my radio worked.

The next morning I searched their web site for solutions and, finding none, called customer service.

Remembering how difficult it is for me to use a phone, stumbling through Boost Mobile's IVR (interactive voice response) system was an absolute nightmare of chaos and misdirection.  I challenge you to get to a live person within five minutes of making the connection.  Not hold-time, mind you, but simply by navigating through their IVR options.  It took several tries - hanging-up and recalling - before I learned which options to not press.

As a former support manager, I've designed IVR systems.  Companies use them when they either (A) want to quickly route customers to the right person to talk with or, (B) do not want to talk to their customers.  Boost was clearly in category B - you have to have the persistence and patience of a diplomat to get to a real person.

I finally reached a live person and was further aggravated by having to repeat all of the information I plugged into the IVR back to the CSR.  This, to me, screams of incompetence and ambivalence towards the customer.  If you're not going to use/save the information I provide, then don't waste my time asking me for it.  (IVR Design Note:  A good way to reduce turn-over in your customer service organization is to not have your customers so spun-up and angry that they free-rage on your CSRs when they finally reach them.)

The CSR was clearly ESL (English as a second language) and I spent several minutes explaining the situation to her.   She attempted to "fix" my phone by having me turn the phone off and on several times, and performing master resets from the advanced settings menu.  Restricted service prevailed.  We quickly exhausted her catalog of diagnostic options.

I was escalated to level 2 -- which was another ESL person, who immediately asked me for all of my information starting with everything I plugged into the IR and why I was calling.  So, in addition to the IVR not recording anything, the CSRs apparently do not record anything about why you're calling them so that people in other departments can access (and learn from) the information.  Or they silo the info and the tech folks simply cannot see what the non-tech folks write.

Then the tech informed me (as did the CSR) that the IDEN service was going way at the end of the year leaving me with the impression of: since my phone has radio and this service is expiring, they don't feel as if they are obligated to help me with my issue.

First thing level-2 wants me to do is reset the phone: turn it off/on, master reset, remove the battery, etc.  I wondered if he thought that if he asked me to do this, if it would differently from when the CSR asked me to do this.

Still restricted service.

Side note - on my phone display, I show full bars, that line-1 is ready, and I am connected to the Boost network.  There's no reason why the phone should not work.

So eventually, the tech gets frustrated and takes the cop-out response of: well, since you're in Mexico, our $5 international plan only means that calls are guaranteed to work from the US to Mexico and not from Mexico to anywhere.  Doesn't care that services work on other phones in my proximity and has no interest of pursuing the issue further.

And that's how we ended the call.

So, my next thought was that maybe the counter-person at Boost (back in the US) forgot to register my cell with the network.  I gave my phone to one of my friends with an identically-working phone because she was heading over the border the next day and agreed to stop by the Boost store and ask them to look at it.  However, when she got to the border with the phone, she called her husband from my phone and since cellular service seemed to working, she decided to not go to the store and instead returned with the phone.

Which was still service restricted.

So, I called Boost back, and within about 30 minutes finally made it back to a level-2 tech who was quite puzzled as to why my phone wouldn't work.  We tried several variations of the reset, but nothing worked.  I opined to him that because the "Service Restricted" message was popping up so quickly when I pressed the send key, that the problem was in the phone's ROM and service restriction was software and not tower based.

He agreed that this was a possibility especially considering that my phone, chronologically, was a year or two older than my friends' phones that were working.

I asked him to call me, to see what he heard on his end and that was the end of that call as I was dropped.  Apparently too much to handle, the tech either intentionally dropped my call or his phone system was at a level so advanced he cannot work it properly.  In either case, I was pretty sure I wasn't going to get resolution from him.

Contacting Boost CSR a final time about my brick, that I've yet to use successfully, I asked about returns and refunds and was informed, in no uncertain terms, that I have pre-paid for my service.  They have no refund program.  Is there anything else we can "help" you with today?

So I paid about $110 for a brick -- at least I can use the two-way for the time being.  $3/day for 30 days (more or less) with more features I can't use than I can.  Sweet deal, yo.

Yesterday, I went to the Nextel store in Rosarito to inquire about IDEN and cellular service.  tl;dr - I can get a minimal calling plan (120 minutes) with unlimited radio for about $40/month.  I only get 20 text messages per month but additional texting is about $0.06 per message.  (It's nice when a phone company doesn't subject you to violent sex acts for a service, isn't it?)  All services on the phone work into California up to about Bakersfield at which point they become 1-way only.  Not sure how I feel about that but, hey, at least it works and I would have full services.

So, I'm going to chuck my Boost phone into the ocean once my month is up and buy the Mexico Nextel phone.  I use my Google-Voice number, which is paired to my Skype number, for all other phone services and eventually I'll add a Vonage number to my house that has a US number (to which I'll forward my Google phone to) and I'll be set.

Side note - I made the mistake of enrolling in auto-pay on the Boost mobile website assuming I would have a working phone similar to what my friends enjoy. While it was super easy to enroll, it's impossible to un-enroll from autopay on the website.  So another dreaded call to Boost is looming.  If you ever have to call Boost mobile, I recommend this information to help you get to a live person as quickly as possible.  I want something in writing from them canceling my autopay so that when they autobill me next month, I can force a refund.  (Look!  A windmill!  Chaaaarge!)

My AT&T phone I can use as a data terminal over wifi (facetime calls with the office and such) but I won't turn it on unless I'm back over the border in the US.  Once my contract is at a point where I can quit for $200, I'm out.

I have my Mexican Nextel for calling when I'm not at home.  If you're in the US and you want to call me, you're going to have to deal with your cellular provider and pay the extra fees that they'll extort from you.  Good luck with that.

Finally, I'm really hoping that Richard Branson does something spectacular with his Virgin line of phones.  It would be awesome to see a cellular company erase international borders and just have a phone that works, regardless of where you are, for a consistent fee.

Other than shoveling obscene amounts of profits into the never-satiated maws of the phone conglomerates, I just don't understand why this should be so difficult.  I honestly look forward to untethering myself -- like a heroin junkie coming clean -- from the cellular leash.  Freedom, I crave thy sweet sting!

I'm taking the path of least resistance.  If the phone companies don't want to offer something reasonable in return for my hard-earned dollars, then I have absolutely no problem converting those dollars to pesos and spending them here.

Just saying...

Using a VPN for Everything...

I recently moved to Mexico from California because my job was approved for 100% telecommuting and, since I can do that from anywhere, why not Mexico?

Unfortunately, for me, I chose to live in a town that's a bit out of the way -- between Rosarito and Ensenada, Puerto Nuevo sports DSL as the only means of internet access.  Buh-bye cable modems.

I've been toying with the idea of using a VPN as a gateway to my ISP simply because of the legislation that's cropping up recently that enables our respective (not respectable) governments to spy on the internet traffic of it's citizens without due process.  And, I believe, this due process is a long time coming because this is (to the government) a new frontier who's sanctity has yet to be defined in the higher courts of law.  So, boys and girls, until that happens, Big Brother can pretty much do as they want.

And, they do.

Now, the prevailing argument that causes most of us to bleat our way through endless queues at airports waiting patiently for our turns to be molested is this: if you're not doing anything wrong, then why hide what you're doing?

Note that you'll normally hear the same thing from some street cop when he pulls you over and asks to search your car without a warrant; if you have nothing to hide, then why can't I search your car?   Well, it's a little thing called the Fourth Amendment to the Constitution (of the US)...

So the passive-aggressive kicks-up in me and I consider installing a VPN so that no one can track what I do when I am online.  Never you mind that what I do is so damn boring and mind-numblingly dull (for a living, mind you) that there's only a small fraction of the existing population that would even understand the particulars, it's just the principal of the thing.

Same reason why I use DuckDuckGo for my search engine instead of Google.  Why?  Because DDG protects me by not linking my searches to my identity.  Google is infamous for rolling over, exposing your soft underbelly to anyone waiving a law-enforcement letter-head demanding your emails and search and browser history from the beginning of time.  That same patriotic spirit that caused my forefathers to flip King George the finger is what still burns brightly in me today:  Because I can.

So, quick side note -- what's a vpn and why do I need one?

A VPN (virtual private network) is just that - it's a private network that exists within your existing network.

When you connect to the internet, through your ISP, you're establishing a network between your home machine(s) (also a network) and the internet (THE network).  All your requests are routed through your ISP and out to the 'net where their response is then filtered back to you.  An ISP, then, has the ability to know exactly what you request, when you request it, and how many requests you make.

An ISP can also filter and monitor your requests and can deny you access to certain internet-based resources based on the type, amount, or time of the activity.

For example, some ISPs throttle (reduce) your available bandwidth (the diameter of your data flow) if you exceed a set-amount of data downloaded within a period of time.  You have "unlimited" bandwidth but the reality is, once you hit some arbitrary limit determined by the ISP, things get a lot slower for you.  Unfortunately, a VPN cannot help with this.  Data is data.

Some ISPs record and/or block your ability to transact certain types of data.  The most notorious example of this would be P2P or bit-torrent packets.  While a mainstay of the gray (or darker) areas of software licensing, there's a legitimate use for bit-torrent packets (linux distros for one!) that should never be prevented from reaching your computer.  However, like most totalitarian regimes, your ISP may have an "all or nothing" policy with regards to filtering by packet types.

Another example of filtering is by content.  China is infamous for it's firewall of profound social cluelessness, filtering all (what the ruling regime considers to be) subversive sites from being viewed willy-nilly by it's population.

So, as you can see, ISPs wield a tremendous amount of power.  They can meter, view, and deny data packets based on their rules and how heavily influenced they are by corporations or governments.

VPN kind of takes you around all that by creating a private tunnel to what essentially is another ISP (network) allowing you to use the internet as dog himself intended: safely, securely, and without limits.

Allow me to explain...

When you connect to the internet, you establish a network (as I mentioned earlier) between your home machine (network) and your ISP (internet).   All subsequent requests are routed through your ISP and are subject to various levels of scrutiny and transcription.   Fine.

But, creating a VPN within your network basically does this:

  • establish a secure (encrypted) connection with your VPN provider
    • all data packets you send are directed to your VPN
    • all data packets you send to your VPN are encrypted
      • your ISP cannot decrypt the data in these packets; your ISP only knows that there are packets
  • all routing (DNS) requests are sent to your VPN provider
    • address lookups happen on your VPN, not your ISP
      • your ISP does not know where you are going
  • all data requests are sent to your VPN provider, not your ISP
    • request fulfillments happen on your VPN, not your ISP
      • your ISP does not know what you are requesting or receiving

An analog analogy for his is a spy movie where someone gets one of those electronic voice scramblers -- the person making the phone call (you) attaches the scrambler (encryption) device to their phone, inputs some unique code, and calls (ISP connect) their contact (VPN) who attaches their scrambler and enters the same code so they can de-scramble your voice while scrambling their own.  The phone company knows that a call is being made,  and how long the call lasts, and maybe even how much information is being transmitted, but they can't de-scramble or understand the conversation or know who's talking on the other end.

See?  This what a VPN does.  But it's only one thing a VPN does.

When I moved to Mexico, for example and as I stated about a thousand words ago, I experienced an unintended consequence of exchanging an implicit .us domain for a .mx domain.  US-based web-sites detect that I am not of the US and re-direct my requests, they automatically translate my web pages into Espanyol (which I don't speak), or they convert dollars into Mexican pesos.

By using a VPN, I can imply that I am physically in the US, and avoid all that unpleasantness.  Plus I still get to "stick it to the man" (or hombre).

So, finally getting to the point, yesterday, I signed-up for a seven-day trial offer with a VPN company called BolehVPN.  They use tunnelblick as their delivery vehicle for connecting to their VPN.  This was OK with me because I already have tunnelblick installed and use it for work.  All I needed to do was sign-up for a trail account, create my account, give them about $4 US for the 7-day trial, and download and install the configuration files for tunnelblick.

All this took about five minutes.

BolehVPN offers the following configurations:

  • Proxied - mainly used for P2P connections, servers are hosted in Europe
  • Fully-Routed - Secure P2P, anonymous surfing, and data security, servers in Europe and Canada
  • Surfing/Streaming - TCP and UDP for anonymous surfing and streaming content, servers are in the US and Hong Kong
  • TCP443 - http protocol over tls/ssl used for bypassing firewalls

What really sold me on this particular vendor, however, were these features:

  • no logging/monitoring of your traffic -- so even if they were hit with a disclosure order, they have nothing which ties traffic to you
  • compatibility with portable devices -- I had my iPad up on the VPN within seconds over my wireless
  • freedom to chose which VPN service best meets your needs at that time
  • Download speed reduction minimal - about 5%

Cons (so far):

  • some of their website configuration is out of date
  • forum data is dated
    • this could be a good thing -- service is so easy to use, no one posts questions!
  • Expensive - BolehVPN is almost 2x the cost of comparable VPN services

Will I sign with them for a year?

Probably not.  Based on cost alone, all things being equal, there's a lot of competition in the VPN services.  As such, if I can find a competing service that has the same performance as BolehVPN, then I'll probably sign with the other service and save myself about $40/year.

That's about it...hope this was helped you understand why a VPN is important and if you decide you need one, what your next steps are.