Hiring - Networking Engineer to Assist with VPN Architecture

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
chatmasta
Posts: 4
Joined: Tue Jun 17, 2014 8:49 am

Hiring - Networking Engineer to Assist with VPN Architecture

Post by chatmasta » Tue Jun 17, 2014 8:54 am

Hi,

I'm sorry if hiring requests are inappropriate for this board. If so, mods please feel free to delete. I am looking for somebody who has implemented SoftEther VPN server before to assist me with our VPN architecture. I posted the below ad to eLance -- I hope you don't mind if I copy and paste:

I am an American software engineer, currently living in Taiwan, working full time to start a consumer VPN business (think PrivateInternetAccess, HotSpotShield, HideMyAss, etc.) I just received a B.S. in Computer Science from Yale, so I know what I am doing. This is not your typical eLance engagement where you have to satisfy the unrealistic requirements of some "bizdev guy" who doesn't know his left from his right.

I am looking for a networking engineer to work alongside me for the next 2-3 weeks. You will be responsible for designing and implementing our network architecture. We want to launch our alpha product by July 10, so this is fast paced work. I prefer somebody who can be online most of the day, preferably at the same time as me. I work roughly 12pm-11pm Taiwan time.

This engagement has multiple components. I do not necessarily expect one person to work on all of them. More likely, I will hire multiple people to work on separate parts. So if you only feel comfortable with 1 or 2 of these components, that's fine.

First, let me give you a BUSINESS OVERVIEW so you have a background in what we need:

- We are selling CONSUMER VPN's. Not corporate. This is a direct competitor to sites like PrivateInternetAccess, HotSpotShield, etc.

- We are following a "FREEMIUM" model, meaning we offer two tiers of service. 1) Free tier, ad supported and bandwidth throttled at 3mbps. 2) Premium tier, ad-free and unthrottled. These tiers will run on completely separate servers. The free tier will use squidproxy and eCAP to inject an advertisement into the body of all incoming HTTP responses.

- Upon signup, each user gets his own URL, e.g. "bob.vpn.com" that points to one of our VPN servers via DNS. When he wants to change the server he connects to, he selects it in our web interface, and we update the DNS (using Google Cloud DNS) to point to the new server. In order to account for DNS clients that do not respect TTL, each VPN server will need iptables rules for forwarding traffic from "bob" to his selected server, until his DNS client correctly updates.

Now, the components of the engagement. Remember, I do not necessarily expect one person to do all of this. If you are capable of any of them, please consider.

1) INITIAL CONSULTATION (paid at your hourly rate)

- Skype chat with me for ~60 minutes on the overview and feasibility of this design.
- Specifically, I'm interested in the feasibility of the DDNS approach ("bob.vpn.com")
- I also want to know about injecting ads using squidproxy pcap on the exit end of a VPN connection
- Any thoughts you may have on bandwidth optimization, best datacenter locations, possible peering arrangements
- We can discuss in detail what you are capable of, what I will be providing, any questions you may have, etc.

2) VPN NODE -- Basic VPN software

- This is the bulk of the project.
- Deliverable is a a deployable Vyatta OS image that can run in both a virtual machine and on Ubiquiti Edgecast (http://www.ubnt.com/edgemax)
- Node should run SoftEther VPN and all its protocols (https://github.com/SoftEtherVPN/SoftEtherVPN/)
- There will be more requirements, but I need your help to come up with exactly what they are


3) VPN NODE -- Iptables forwarding


- The iptables rules responsible for forwarding traffic resulting from stale DNS requests from "bob" to the proper VPN node
- I will be coding the API for all this to interact with. You are just responsible for the iptables rules.
- I already have some similar iptables rules written from a previous engagement


4) VPN NODE -- squidproxy ecap


- The squidproxy configuration and ecap server for injecting ads into HTTP body
- Ads will come from an external API coded by me


5) RADIUS NODE -- authentication, accounting


- Accounting, Authentication will be done on a RADIUS node
- MySQL database
- We can discuss more requirements of this
- I have configuration files already written for a similar, but not identical, RADIUS setup


5) Deployment Scripts


- Puppet or ansible scripts for deploying, updating VPN nodes
- Test harness setup using Vagrant VM's running Vyatta OS

If you are interested in this engagement, please email me at miles@5280holdings.com with your relevant experience, availability, billing rate, timezone, and any questions you have. I would like to start immediately. The first step will be a Skype call/IM chat.
Top
Post Reply

Return to “SoftEther VPN General Discussion”