Staff 10002 Posted ... UPGRADE COMPLETED SUCCESSFULLY Hello!We're glad to inform you that a major system upgrade will take place during Sunday, 13 April 2014, 21:00:00 - Sunday, 13 April 2014, 22:00:00 UTCThis upgrade has a triple, important purpose: close any possible exploitation chance, regardless of how unlikely it could be, deriving from past "Heartbleed" vulnerability, bring AirVPN in an even higher security environment and open the road for an important new feature of the service: 3 simultaneous connections per account on different servers (details will be provided soon after the major upgrade which takes precedence).The upgrade in detailsswitch to 4096 bit size RSA and DH keysimplementation of additional OpenVPN TLS-Auth layerre-generation of certificates and keysgeneral optimizationDuring the upgrade all the VPN clients will be forcefully disconnected and will not be able to reconnect. The upgrade will take approximately 30 minutes. Disconnections will occur on all servers from-to: Sunday, 13 April 2014, 21:00:00 - Sunday, 13 April 2014, 22:00:00 UTCthat is:Sunday, 13 April 2014, 14:00:00 - Sunday, 13 April 2014, 15:00:00 PDTSunday, 13 April 2014, 16:00:00 - Sunday, 13 April 2014, 17:00:00 CDTSunday, 13 April 2014, 17:00:00 - Sunday, 13 April 2014, 18:00:00 EDTSunday, 13 April 2014, 23:00:00 - Monday, 14 April 2014, 00:00:00 CESTMonday, 14 April 2014, 06:00:00 - Monday, 14 April 2014, 07:00:00 JSTClick here to find your town: http://www.timeanddate.com/worldclock/fixedtime.html?msg=Switch+to+4096+bit+size+keys&iso=20140413T23&p1=215&ah=1Mandatory actionsAfter the upgrade, customers running the Air client for Windows will need to shut down and restart the Air client. It is assumed that customers have already downloaded the new package for Windows which includes OpenVPN with non-vulnerable OpenSSL, available here https://airvpn.org/windows and installed the new OpenVPN version.Customers running any other OpenVPN wrapper or OpenVPN will need to re-download configuration, certificates and keys files.Additional information for customers running manually configured wrappers:the "TLS-Cipher" or equivalent name in your configuration becomes: TLS-DHE-RSA-WITH-AES-256-CBC-SHAin Tomato, DD-WRT, pfSense, Fritz!Box etc., the client certificate, the server certificate, the client key and the TLS key must be pasted again (after they have been generated and downloaded from the Configuration Generator as usual) in the appropriate fields of your configurationPlease do not hesitate to contact us for any further information.Kind regardsAirVPN Staff 15 24FWgGC, dwright, dd79 and 12 others reacted to this Quote Share this post Link to post
pfSense_fan 181 Posted ... Excellent, excellent news! Will we only be able to generate the new config files and keys after the disconnect? Quote Hide pfSense_fan's signature Hide all signatures Have my guides helped you? Help me keep helping you, use my referral: How to set up pfSense 2.3 for AirVPNFriends don't let friends use consumer networking equipment! Share this post Link to post
6501166996442015 35 Posted ... I know you said you will provide details afterwards, but I am really curious as to what this will mean for the 4mb minimum bandwidth & future pricing. and open the road for an important new feature of the service: 3 simultaneous connections per account on different servers (details will be provided soon after the major upgrade which takes precedence). Quote Share this post Link to post
Staff 10002 Posted ... Excellent, excellent news! Will we only be able to generate the new config files and keys after the disconnect? Hello! Yes, that's correct. Only AFTER the end of the upgrade. Kind regards Quote Share this post Link to post
dwright 25 Posted ... This is a dream come true, I feel like throwing a party. Quote Share this post Link to post
vpnair33 6 Posted ... This is a dream come true, I feel like throwing a party. Quote Share this post Link to post
dd79 15 Posted ... I like the part about 3 connections 3 dd79, S.O.A. and Stevieoo reacted to this Quote Share this post Link to post
OpenSourcerer 1439 Posted ... open the road for an important new feature of the service: 3 simultaneous connections per account on different servers This is going to be very interesting. switch to 4096 bit size RSA and DH keys Could you provide a few more details on why you choose to switch to 4096 bit RSA keys? 1 dd79 reacted to this Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
bubbba 3 Posted ... The 3 simultaneous connections per account on different servers sound wonderful, so why did I purchase a second account recently? Glad about the complete Key/Cert change. Keep up the great work... Regards, Bubbba 1 CultureVulture reacted to this Quote Share this post Link to post
PirateParty 49 Posted ... Awesome news from you guys. Happy to hear that key sizes are being increased from a suggestion I made earlier when I joined. And the part about 3 connections is awesome and I am very excited for it. Keep up the good work and keep on doing what you do best Quote Hide PirateParty's signature Hide all signatures https://cryptoforums.net/ Computing, Crypto, Security & Privacy Forum Share this post Link to post
foxbat 0 Posted ... 3 simultaneous connections! I think im going to wet myself.....ooops too late. Quote Share this post Link to post
foxwood 4 Posted ... There's obvious advantages to having 3 simultaneous connections (albeit this is already possible if your router is vpn enabled), but can anyone please answer what advantages would there be in having your simultaneous connections on different servers? Quote Share this post Link to post
24FWgGC 6 Posted ... Thank you for upgrading all of this so quickly!I do notice that OpenVPN has now released version 2.3.3, however AirVPN is hosting the 2.3.2 quickfix that was released the other day. Updates moving quickly these days. Quote Share this post Link to post
airvpnusercoin 0 Posted ... Great to see the new features. As I am telling everybody AirVPN is the most trustable VPN provider ever. Never saw stable and fast connections like here and the support team is excellent and always kindly. Quote Share this post Link to post
HurderDurder 2 Posted ... Excellent product getting better. Thank you. Quote Share this post Link to post
sony_15 3 Posted ... Great to see the new features. As I am telling everybody AirVPN is the most trustable VPN provider ever. Never saw stable and fast connections like here and the support team is excellent and always kindly.Couldn't agree more. That's why after testing other VPN this one is miles ahead in all possible elements, like speed, security, support and privacy policy from others. 3 chaos.vpn, ctemby and mani2 reacted to this Quote Share this post Link to post
Wazzza 0 Posted ... Nice What is the current DH parameter size? It is not mentioned on the website.And how about TLS 1.2 support? OpenSSL may not be vulnerable to attacks on TLS 1.0, but TLS 1.2 supports SHA-2.SHA-1 is in progress of deprecation by MS: http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspxNIST advises against SHA-1: http://www.zdnet.com/nist-makes-a-hash-of-sha-1-ban-7000025980/This may be less worrysome in the VPN/OpenSSL context, but it's best to stay ahead instead of becoming a cat and mouse game. Quote Share this post Link to post
Staff 10002 Posted ... Nice What is the current DH parameter size? It is not mentioned on the website. Hello! 2048 bit keys, currently. And how about TLS 1.2 support? OpenSSL may not be vulnerable to attacks on TLS 1.0, but TLS 1.2 supports SHA-2.SHA-1 is in progress of deprecation by MS: http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspxNIST advises against SHA-1: http://www.zdnet.com/nist-makes-a-hash-of-sha-1-ban-7000025980/This may be less worrysome in the VPN/OpenSSL context, but it's best to stay ahead instead of becoming a cat and mouse game. So what...? The Control Channel cipher is HMAC SHA1, not SHA1. SHA1 is the underlying hash verification. Deprecation has nothing to do with it. It is well known that SHA1 should never be used as a security cipher and OpenVPN does not use it. In HMAC SHA1 we don't even have to care at all about SHA1 hash collisions. In order to inject forged packets in your traffic flow, an attacker should first break every single upper layer, starting from HMAC which is extremely robust, and THEN try hash collisions. Kind regards 1 PirateParty reacted to this Quote Share this post Link to post
waterfall 10 Posted ... Thnaks for all that you do to protect me!""""So what...? The Control Channel cipher is HMAC SHA1, not SHA1. SHA1 is the underlying hash verification. Deprecation has nothing to do with it. It is well known that SHA1 should never be used as a security cipher and OpenVPN does not use it. In HMAC SHA1 we don't even have to care at all about SHA1 hash collisions. In order to inject forged packets in your traffic flow, an attacker should first break every single upper layer, starting from HMAC which is extremely robust, and THEN try hash collisions. Kind regards""""" You guys rock, protecting me from all those hash collisions, and acronyms beyond my desire to investigate, memorize and produce more of. I use the net for research and organizing. F#$% the police, and the crackers, who are probably one and the same... 1 McLoEa reacted to this Quote Share this post Link to post
PirateParty 49 Posted ... There's obvious advantages to having 3 simultaneous connections (albeit this is already possible if your router is vpn enabled), but can anyone please answer what advantages would there be in having your simultaneous connections on different servers? Its better to use your regular connection for personal things and use a VPN for everything else in your anonymous life. Also you can use different servers on different devices. Not really sure what the benefit of that is but 3 connections is better than 1! 1 thx reacted to this Quote Hide PirateParty's signature Hide all signatures https://cryptoforums.net/ Computing, Crypto, Security & Privacy Forum Share this post Link to post
CorbellMarkIII 1 Posted ... Fantastic. This aggressive response to HeartBleed and customer service by AirVPN is quite uplifting. 1 ctemby reacted to this Quote Share this post Link to post