Major system upgrade COMPLETED

Staff

UPGRADE COMPLETED SUCCESSFULLY

Hello!

We're glad to inform you that a major system upgrade will take place during Sunday, 13 April 2014, 21:00:00 - Sunday, 13 April 2014, 22:00:00 UTC
This upgrade has a triple, important purpose: close any possible exploitation chance, regardless of how unlikely it could be, deriving from past "Heartbleed" vulnerability, bring AirVPN in an even higher security environment and open the road for an important new feature of the service: 3 simultaneous connections per account on different servers (details will be provided soon after the major upgrade which takes precedence).

The upgrade in details

switch to 4096 bit size RSA and DH keys
implementation of additional OpenVPN TLS-Auth layer
re-generation of certificates and keys
general optimization

During the upgrade all the VPN clients will be forcefully disconnected and will not be able to reconnect. The upgrade will take approximately 30 minutes.

Disconnections will occur on all servers from-to:
Sunday, 13 April 2014, 21:00:00 - Sunday, 13 April 2014, 22:00:00 UTC

that is:

Sunday, 13 April 2014, 14:00:00 - Sunday, 13 April 2014, 15:00:00 PDT
Sunday, 13 April 2014, 16:00:00 - Sunday, 13 April 2014, 17:00:00 CDT
Sunday, 13 April 2014, 17:00:00 - Sunday, 13 April 2014, 18:00:00 EDT
Sunday, 13 April 2014, 23:00:00 - Monday, 14 April 2014, 00:00:00 CEST
Monday, 14 April 2014, 06:00:00 - Monday, 14 April 2014, 07:00:00 JST

Click here to find your town: http://www.timeanddate.com/worldclock/fixedtime.html?msg=Switch+to+4096+bit+size+keys&iso=20140413T23&p1=215&ah=1

Mandatory actions

After the upgrade, customers running the Air client for Windows will need to shut down and restart the Air client. It is assumed that customers have already downloaded the new package for Windows which includes OpenVPN with non-vulnerable OpenSSL, available here https://airvpn.org/windows and installed the new OpenVPN version.

Customers running any other OpenVPN wrapper or OpenVPN will need to re-download configuration, certificates and keys files.

Additional information for customers running manually configured wrappers:

the "TLS-Cipher" or equivalent name in your configuration becomes: TLS-DHE-RSA-WITH-AES-256-CBC-SHA
in Tomato, DD-WRT, pfSense, Fritz!Box etc., the client certificate, the server certificate, the client key and the TLS key must be pasted again (after they have been generated and downloaded from the Configuration Generator as usual) in the appropriate fields of your configuration

Please do not hesitate to contact us for any further information.

Kind regards
AirVPN Staff

pfSense_fan

Excellent, excellent news!

Will we only be able to generate the new config files and keys after the disconnect?

I know you said you will provide details afterwards, but I am really curious as to what this will mean for the 4mb minimum bandwidth & future pricing.

and open the road for an important new feature of the service: 3 simultaneous connections per account on different servers (details will be provided soon after the major upgrade which takes precedence).

Staff

Excellent, excellent news!

Will we only be able to generate the new config files and keys after the disconnect?

Hello!

Yes, that's correct. Only AFTER the end of the upgrade.

Kind regards

dwright

This is a dream come true, I feel like throwing a party.

vpnair33

This is a dream come true, I feel like throwing a party.

S.O.A.

Great news AirVPN! Keep up the great work!

airvpn4ever

Excellent news, keep up the good work!

dd79

I like the part about 3 connections

OpenSourcerer

open the road for an important new feature of the service: 3 simultaneous connections per account on different servers

This is going to be very interesting.

switch to 4096 bit size RSA and DH keys

Could you provide a few more details on why you choose to switch to 4096 bit RSA keys?

bubbba

The 3 simultaneous connections per account on different servers sound wonderful, so why did I purchase a second account recently? Glad about the complete Key/Cert change. Keep up the great work...

Regards,

Bubbba

PirateParty

Awesome news from you guys. Happy to hear that key sizes are being increased from a suggestion I made earlier when I joined. And the part about 3 connections is awesome and I am very excited for it. Keep up the good work and keep on doing what you do best

foxbat

3 simultaneous connections! I think im going to wet myself.....ooops too late.

foxwood

There's obvious advantages to having 3 simultaneous connections (albeit this is already possible if your router is vpn enabled), but can anyone please answer what advantages would there be in having your simultaneous connections on different servers?

24FWgGC

Thank you for upgrading all of this so quickly!

I do notice that OpenVPN has now released version 2.3.3, however AirVPN is hosting the 2.3.2 quickfix that was released the other day. Updates moving quickly these days.

McLoEa

Va bene!

airvpnusercoin

Great to see the new features. As I am telling everybody AirVPN is the most trustable VPN provider ever. Never saw stable and fast connections like here and the support team is excellent and always kindly.

HurderDurder

Excellent product getting better. Thank you.

ZPKZ

Never been this happy about downtime

sony_15

Great to see the new features. As I am telling everybody AirVPN is the most trustable VPN provider ever. Never saw stable and fast connections like here and the support team is excellent and always kindly.

Couldn't agree more. That's why after testing other VPN this one is miles ahead in all possible elements, like speed, security, support and privacy policy from others.

Wazzza

Nice

What is the current DH parameter size? It is not mentioned on the website.

And how about TLS 1.2 support? OpenSSL may not be vulnerable to attacks on TLS 1.0, but TLS 1.2 supports SHA-2.
SHA-1 is in progress of deprecation by MS: http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspx
NIST advises against SHA-1: http://www.zdnet.com/nist-makes-a-hash-of-sha-1-ban-7000025980/
This may be less worrysome in the VPN/OpenSSL context, but it's best to stay ahead instead of becoming a cat and mouse game.

Staff

Nice

What is the current DH parameter size? It is not mentioned on the website.

Hello!

2048 bit keys, currently.

And how about TLS 1.2 support? OpenSSL may not be vulnerable to attacks on TLS 1.0, but TLS 1.2 supports SHA-2.
SHA-1 is in progress of deprecation by MS: http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspx
NIST advises against SHA-1: http://www.zdnet.com/nist-makes-a-hash-of-sha-1-ban-7000025980/
This may be less worrysome in the VPN/OpenSSL context, but it's best to stay ahead instead of becoming a cat and mouse game.

So what...? The Control Channel cipher is HMAC SHA1, not SHA1. SHA1 is the underlying hash verification. Deprecation has nothing to do with it. It is well known that SHA1 should never be used as a security cipher and OpenVPN does not use it. In HMAC SHA1 we don't even have to care at all about SHA1 hash collisions. In order to inject forged packets in your traffic flow, an attacker should first break every single upper layer, starting from HMAC which is extremely robust, and THEN try hash collisions.

Kind regards

waterfall

Thnaks for all that you do to protect me!

""""So what...? The Control Channel cipher is HMAC SHA1, not SHA1. SHA1 is the underlying hash verification. Deprecation has nothing to do with it. It is well known that SHA1 should never be used as a security cipher and OpenVPN does not use it. In HMAC SHA1 we don't even have to care at all about SHA1 hash collisions. In order to inject forged packets in your traffic flow, an attacker should first break every single upper layer, starting from HMAC which is extremely robust, and THEN try hash collisions.

Kind regards"""""

You guys rock, protecting me from all those hash collisions, and acronyms beyond my desire to investigate, memorize and produce more of. I use the net for research and organizing. F#$% the police, and the crackers, who are probably one and the same...

PirateParty

There's obvious advantages to having 3 simultaneous connections (albeit this is already possible if your router is vpn enabled), but can anyone please answer what advantages would there be in having your simultaneous connections on different servers?

Its better to use your regular connection for personal things and use a VPN for everything else in your anonymous life. Also you can use different servers on different devices. Not really sure what the benefit of that is but 3 connections is better than 1!

CorbellMarkIII

Fantastic. This aggressive response to HeartBleed and customer service by AirVPN is quite uplifting.

Major system upgrade COMPLETED

Recommended Posts

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Join the conversation