Major system upgrade COMPLETED

[foxwood 4]

Its better to use your regular connection for personal things and use a VPN for everything else in your anonymous life. Also you can use different servers on different devices. Not really sure what the benefit of that is but 3 connections is better than 1!

 

About the only advantage I can see is that your 3 simultaneous vpn connections won't be hammering just one server. By spreading the load over 3 different servers there *may* be a slight performance benefit. Not sure if it'll really be noticeable though considering you still share any server with other users, but more options are better than none. 

 

I was just wondering if there were any other benefits to 3 simultaneous vpn connections that perhaps aren't so obvious - something technical perhaps? 

[Nan M 0]

Hello,

New user of around a week.

Thanks for the comprehensive updates on the broken internet.

I do notice that OpenVPN has now released version 2.3.3, however AirVPN is hosting the 2.3.2 quickfix

I grabbed the latest 2.3.3 I001 from openvpn.org when I read the news.

Any reason I shouldn't prefer it to the AirVPN bundled one?

 

thanks for a great service.

[Wazzza 0]

 

Nice

 

What is the current DH parameter size? It is not mentioned on the website.

 

Hello!

 

2048 bit keys, currently.

 

 

And how about TLS 1.2 support? OpenSSL may not be vulnerable to attacks on TLS 1.0, but TLS 1.2 supports SHA-2.

SHA-1 is in progress of deprecation by MS: http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspx

NIST advises against SHA-1: http://www.zdnet.com/nist-makes-a-hash-of-sha-1-ban-7000025980/

This may be less worrysome in the VPN/OpenSSL context, but it's best to stay ahead instead of becoming a cat and mouse game.

 

So what...? The Control Channel cipher is HMAC SHA1, not SHA1. SHA1 is the underlying hash verification. Deprecation has nothing to do with it. It is well known that SHA1 should never be used as a security cipher and OpenVPN does not use it. In HMAC SHA1 we don't even have to care at all about SHA1 hash collisions. In order to inject forged packets in your traffic flow, an attacker should first break every single upper layer, starting from HMAC which is extremely robust, and THEN try hash collisions.

 

Kind regards

 

Thanks, my router has an OpenVPN server, but it's DH parameters are only 512 bit.. It's possible to change through Telnet/SSH but it doesn't work very well and gone after a reboot.

 

Ah good to know.

[Sarif 3]

Thank you for the Update 

[4Qman 0]

This is awesome news.

 

Another reason AirVPN is the best VPN provider

[Xiocus 9]

You guys simply rock... What a dream world will be if only half of the companies around the world would take seriously the product they sale to their clients the same way you do.

[redindian 0]

Great news! Really like I can connect with my phone also when on the road.

[Mastiff 3]

There's obvious advantages to having 3 simultaneous connections (albeit this is already possible if your router is vpn enabled), but can anyone please answer what advantages would there be in having your simultaneous connections on different servers?

May be just to help spread the load?

[Mastiff 3]

Thanks for the heads up.  Been with Airvpn for two years now and the service has been superb.  Welcome news re the 3 connections.  Thank you.

[jessez 3]

Thank you to all the amazing AirVPN staff for the continuing hard work and dedication to making this the best VPN service anywhere, and creating and maintaining the best forum community on the net. Kudos to you all.

I think the best mostly irrelevant comment was from ZPK Z : Never been this happy about downtime   <-- I couldn't agree more.

2nd mention goes to foxbat for the comment: I think im going to wet myself.....ooops too late.  .....ROFL.

Warm regards to all, meet you at the config server in a few hours ...hahaha!

Jessez

[jake9364@sbcglobal.net 0]

WHAT....?  That is grreeat but I have no idea what he is talking about, or how to do it lol????????

 

PLEASE HELP....ANYONE.....

[jessez 3]

Well, while I was cleaning out all the old AirVPN config files and keys and whatnot, I had a thought that might help a few that are worried about downloading the new info in the clear (Some info may still go in the clear between vpn servers, but it will help minimize risk). There is a plugin for Chrome (ium) called ZenMate. It's basically a browser based VPN plugin/service (and doesn't have any system-wide option). Also while it is still somewhat in testing there is no fee to use it. You can find it in the Chrome extensions galley. They have a Zurich server as an option, so I'd recommend that to anyone wanting to try getting the new AirVPN config, keys, etc, when they are available after the upgrade is complete. I have tested the extension a few times over the last few weeks and found it to be solid, and reliable at not exposing my true IP address.

Insert usual disclaimer here, use at your own risk, and take whatever other precautions that help protect you and your data.

There are a couple of Android VPN apps that advertise no fees, but I don't know anything about them or whether their claims are true. Use with caution if you choose to go that route.

Anyway, all anyone needs is one server and the new keys, etc from AirVPN, then get hooked back into AIR and get the remainder of what you want.

Warm regards,

Jz 

[M0rph2020 5]

I also am wondering about the pricing, will it go up once the upgrade in place?

[hasjf72bnkbjfas 0]

Customers running any other OpenVPN wrapper or OpenVPN will need to re-download configuration, certificates and keys files.

 

Additional information for customers running manually configured wrappers:

• the "TLS-Cipher" or equivalent name in your configuration becomes: TLS-DHE-RSA-WITH-AES-256-CBC-SHA
• in Tomato, DD-WRT, pfSense, Fritz!Box etc., the client certificate, the server certificate, the client key and the TLS key must be pasted again (after they have been generated and downloaded from the Configuration Generator as usual) in the appropriate fields of your configuration

Sorry for not knowing a whole lot about this.

But does this mean, that if I use tunnelblick from a mac, I have to uninstall and reinstall tunnelblick, in the same manner that I installed it in the first place?

ITunnelblick is not a manually configured wrapper right?

 

Kind Regards.

[edovpn 0]

Will the customer be allowed to generate its own pair of RSA 4096 bit asymmetric keys, thus uploading/sharing to/with airvpn.org site his public RSA key only?

This fact would ensure the highest level of security.In fact, as long as airvpn.org knows both RSA asymmetric keys (i.e.: public and private) there's no guarantee of real privacy.

Right?

 

Edo

[steveh 0]

If I'm running tunneblick on OS X, do I need to make any changes before connecting?

[Staff 9972]

Tunnelblick users need to re-generate certificates, configuration files and keys, just like users of any other OpenVPN wrapper (except the Air client) need to do.

 

Kind regards

[darkLogik 2]

Thanks guys!  Your service has been nothing but exemplary! 

[Staff 9972]

UPGRADE IS IN PROGRESS.

 

You can already download the new configuration files (which include new keys and certificates) if you wish so.

 

Kind regards

[Staff 9972]

Hello!

 

We're glad to inform you that upgrade completed successfully!

 

Kind regards

[aaht 2]

Thanks a lot,

I can't see Crucis server anymore though.

why?

 

 

Hello!

 

We're glad to inform you that upgrade completed successfully!

 

Kind regards

[Staff 9972]

Hello!

 

Crucis is under maintenance and we'll make an announcement soon about it.

 

Kind regards

[Staff 9972]

Well, while I was cleaning out all the old AirVPN config files and keys and whatnot, I had a thought that might help a few that are worried about downloading the new info in the clear (Some info may still go in the clear between vpn servers, but it will help minimize risk).

 

 

Hello!

 

No, wait, the download of keys and certificates is NOT in the clear. It's encrypted via HTTPS with TLS up to 1.2 and Perfect Forward Secrecy (with DHE or ECDHE key exchange). Just don't use Internet Explorer 6 or 8 otherwise you will lose FS and TLS 1.2.

 

Kind regards

[SumRndmDude 22]

I want to verfiy something. I've downloaded all new keys, etc. I noticed the post stating:

 

"the "TLS-Cipher" or equivalent name in your configuration becomes: TLS-DHE-RSA-WITH-AES-256-CBC-SHA"

 

I changed the TLS Cipher in DD-WRT's OpenVPN settings to the above and get a TLS error. However, turning this off logs me in fine. Am I misunderstanding that it becomes that on your end and I need to change nothing in DD-WRT, or am I hitting a bug?

[dIecbasC 38]

Good job guys. That seemed to go well.....down less than 1hr in all.