VPN for OS X: Witopia 2012 review (from a three year user)
Tuesday, January 17th, 2012
It used to be really simple to get a VPN for Mac. You'd just go and sign up at Witopia.net and you'd get an inexpensive and reliable VPN with nodes all over the world. Witopia would work with the built-in networking inside your Mac, specifically PPTP protocol.
Here's all the reasons you might want a VPN.
The problem was Bill Bullock was obsessive about our security/anonymity. So the customer portal didn't really work or hardly existed. Support was over email and a bit hope for the best. Your email address had a single subscription.
Worse yet, when you would go to renew your subscription, you had to create a new account and login.
From the beginning there were two services: Personal, which always included PPTP and now includes ipsec and L2TP and Pro which was twice the price and included OpenVPN. Both are secure but Personal is more easily blocked by governments or corporations as they can usually detect the protocol.
Witopia SSL Service: Tunnelblick then Viscosity
Witopia's upgraded SSL service was always a bit of a crapshoot. For years you had to fight Tunnelblick (one of the nastiest pieces of open source software out there, which requires advanced networking knowledge modifying a text file to get anything done: it defaults to not working and makes you move text files all over your computer, authorizing them each time you do). Then came Viscosity which worked a whole lot better. With your Witopia VPN you got a free preconfigured Viscosity client.
Then something went wrong with Viscosity. When you update Viscosity to keep up with Mac OS X, it's another crapshoot if your settings will carry over to the next version.
So as someone who tried to buy three licenses last year (Personal x 2, Pro x 1) for my company and ran in circles for weeks with absolutely silly suggestions from Witopia on how to fix my configuration, I can tell you the dream was over, the shine off of the hood. With the obliging help of Witopia's owner Bill Bullock finally we managed to get a single one of the personal accounts up and limping. Our ideas of using VPN regularly in the various departments at Foliovision went down the tubes.
We cancelled the other two and got on with our lives. OpenVPN on a small VPS turned out to be an even bigger catastrophe. After a whole day of programmer time settting it up, we were able to eke out 2 KB/sec performance. When Witopia is working, you are looking at anything between 1 MB/sec and 8 MB/sec bandwidth up and down. It's not the 100 MB/sec down and the 10 MB/sec up we have on our connection but it's not 2 KB/sec.
So with clients to serve and lives to live, we more or less didn't use VPN except in emergency.
For reasons of my own, I was using VPN via Witopia a fair amount in the last week. All was well until my VPN account wouldn't connect today.
Witopia happily enough has live chat support now. I lost hours with them today so you don't have to.
Why did my Witopia VPN die?
Witopia created a customer portal and consolidated everyone's account history and orders.
When they consolidated the orders some accounts clearly died. Including one of mine as it was a courtesy account offered for last year's nightmare. Tip: don't kill your courtesy accounts early.
Witopia's ability to consolidate our orders years later begs the question how private were our accounts in the first place if Witopia could consolidate them after the fact.
Locked out of the Witopia customer portal
The new portal sounded great. One problem: it was impossible for me to log in with my old username and password. No problem.
I'll reset my password. No luck: No such username.
Joe suggested I reregister. No problem. Wait yes there is, Username already exists.
Joe suggested I create another account using another email and then consolidate them. That sounds like a lot of work and lots of chances for misunderstandings and broken accounts. No, I want access to my existing account.
Joe needs his supervisor.
Tara comes online (last year Tara was the queen of alternative protocols who led me around an enormous emerald coloured garden of irregularly working VPN). Tara remembers me. A bit awkward. Like an affair gone wrong. Happily she doesn't hold a grudge and we get to work.
Fortunately, Tara is able to get a link which allows you to login to your account and reset your password. Remember Witopia is not access to your data. Witopia is only access to your VPN accounts, so security is important but not paramount. If someone sneaks into your Witopia account, the most they can do is cancel your VPN without asking or change your passwords on you or use your VPN surreptitiously for their own purposes (actually that could get you in trouble if they did illegal things while using your account: but the same applies to your home broadband connection).
Inside the new Witopia Customer Portal
So now I'm in the portal. There are all of my orders for the last three years. Hurray.
On the two active orders, there's 412 days left on one and 46 days on the other. The other is also listed as cancelled, with no options for checking data usage, resetting password or assigning the VPN to someone else.
Looks like portal consolidation this week killed off the courtesy account. Sloppy programming. Thanks sloppy Witopia programmers, you've just stolen two hours plus of my life getting all this working again.
Tara asks me to install Witopia software and use that to access my VPN. No dice. With this track record on working software, there's no way I'm letting Witopia's direct installer get at my network settings. I have work to do this week.
Remember Tara loves the alternative protocols. So I set up all of the different OS X VPN protocols following her instructions.
Alas no protocol, PPTP, ipSEC, l2tp will work.
Testing the main Witopia account
I give Tara the password for my main account (not the courtesy one) to test herself. Tara disappears for about seven minutes. When she comes back she announces that the account works just fine and it surely must be a local problem on my end.
I try to reconnect with a couple of the protocols I'd previously set up and tested unsuccessfully. Bingo, I'm on.
"See," admonishes Tara, "it was a local problem after all."
Yes, Tara, but I haven't changed anything in my settings. All that happened was you went and worked on my account with a tech.
Whatever Tara and the tech did while she was away did manage to reset my Witopia account and get it working.
Witopia Speeds
The second test was on an account with send all connections over VPN so I lost my connection to Tara.
Taking the occasion to test while logging on an on, I ran a battery of tests using SpeedTest.net which is nice enough to give both ping and transfer speeds.
Here's what I found:
ipsec New York
ping 111 ms
download 1.2 Mbps
upload 1.1 Mbpsl2tp New York with built-in Mac client
ping 109 ms
download 2.66 Mbps
upload 7.23 MbpsPPTP New York
ping 110ms
download 9.7 Mbps
upload 7.36 Mbps
Witopia VPN Software
I was feeling optimistic after seeing all of these protocols work so I decided to give Witopia's custom built software a chance. The download is quick and the installer opens up automatically.
Witopia's software gives a nice blue icon like airport in the menu bar. It takes up less space than Apple's built-in VPN. I tried the built-in L2TP and got some surprising results.
L2TP New York with Witopia client
ping 114 ms
download 8.43 Mbps
upload 6.86 Mbps
I'm still using this connection.
Here's what the interface of the Witopia VPN client looks like:
WiTopia application interface extras
Witopia application interface
Using either built-in or Witopia client software is fine. If I had to do it again, I'd probably just stick with OS X's built in protocols. I'd use PPTP as it tests out very fast. If you want to use a lot of locations, then Witopia's VPN software might be for you as you won't have to build all the locations by hand.
Round two: trying to get OpenVPN up and running with alternative Witopia account
When I got back to my chat, Tara had gone home. A gentleman named Shirin had taken her place. We spent a lot of time trying to resurrect the dead account.
More or less hopeless.
The main OpenVPN connection is very fussy. It wouldn't work with either the Witopia VPN client nor with Viscosity.
Once installed, to reinstall it you need to remove several .kext via terminal. Viscosity which did work at one point, won't anymore. The updater won't update Viscosity and you have to manually find and reinstall all the certificates.
What finally worked was uninstalling launch2netpremium and then doing a hand search for all of its files (a nasty respawn filled networking logs to the point that it was impossible to tell what was happening with Witopia). Next step was to install and reinstall the Witopia client with reboots.
The whole affair required three reboots to work and deleting kexts. You don't want to do this. Viscosity still won't work but for now with the Witopia client I can get on OpenVPN SSL internet.
I spent over three work hours painfully troubleshooting this by hand. Effectively Witopia stole $500 from my company while I did this unpaid work. All I got out of it was this article. Don't you be so foolish.
To be honest, I would not recommend a Witopia Pro account. The amount of time you will spend fighting with software and with cryptic errors just will not justify the small increase in speed and security which OpenVPN brings.
Not only that but a WiTopia Personal VPN account is just $40 (renewal) or $50 new account, while a Pro VPN account is $70/year and will cause you to lose hours with unnecessary tech support.
If you are in China or Iran or some place where you really need OpenVPN, go ahead and spring for it. But be prepared to spend a lot of time troubleshooting.
Resources
Here's a nice historic comparison of Witopia and HotSpotVPN with interviews with both company owners, Bill Bullock and Glynn Taylor.
Here's why you might want a VPN.
Answer number one: you are travelling and need to be sure your web access is not being logged (at least only by your VPN provider).
Answer number two: you need access to another server from a fixed and known IP. It's possible with a VPN.
Answer number three: you want to watch Hulu or listen to Mog or Spotify while outside the United States. If you don't use Facebook, your one choice is Mog.
Answer number four: you need to sign up for some papers or service from outside your home country. I wasn't able to complete a birth certificate request from Europe until I came in via VPN and made the order via VPN.
