Jump to content
Not connected, Your IP: 54.242.25.198

Recommended Posts

Tried to compare but cannot. Totally different kind of service and target audience.

All their "servers" are just cheap VPS instances with no statistics. I can't find anything about logging as well,

but since it is shared servers, be sure they are in place.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

I tried Express VPN but was disappointed; BBC I Player was inaccessible using that service, so I tried AirVPN and it worked.

YMMV.

Their Customer Service was tops though, very attentive and refunded my subscription very quickly.

Share this post


Link to post

Hello !

 

I once asked them about their servers and they weren't willing to give any real information. So in terms of a comparison, Air is much more transparent than ExpressVPN is; which matters a lot in terms of security.

 

Sent to you from me with datalove


Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you.
Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily.


Tired of Windows? Why Linux Is Better.

Share this post


Link to post

Expressvpn is good for streaming and only provider that actually works with netflix.

I don't think it's reasonable to say they're the only provider who works with Netflix. Even Air works, it's perhaps just a little more touch and go. I'm inclined to imagine it's more luck than anything, that they work, seeing as it can't possibly be a lack of knowledge on Airs part.

 

Sent to you from me with datalove


Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you.
Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily.


Tired of Windows? Why Linux Is Better.

Share this post


Link to post

 

Both of them accept bitcoin, provide high encyption and don't safe any logflies (as they promise). 

But AirVPN has only one protocol (OpenVPN) and fewer servers' number. 

 

 

 

Providing PPTP should be considered negatively at least when some security is required. About the VPN servers amount, it looks like we have more servers than ExpressVPN. In the machines amount, we only count real, physical machines with a dedicated line and port, or at least a dedicated line for each of our racks.

 

We don't count VPS or IP addresses geo-located to some country but assigned to datacenters in a different country and similar "tricks".

 

It also looks like we provide a greater variety of protocols and destination ports, with the options to tunnel OpenVPN in additional stunnel and SSH tunnels, but we might be wrong, and a wide array of ports and alternative, partially hidden entry-IP addresses.

 

Kind regards

Share this post


Link to post

I use AirVPN and sometimes ExpressVPN for Netflix (because it still works). But something irritates me: When i check the logfiles of the ExpressVPN app i see that their actual app uses OpenVPN 2.3.14 which is at least two years old. AIR uses 2.4.6 in the newest Eddie beta. Is using an old version of OpenVPN something concerning or doesn´t it matter much in terms of security if the servers of the VPN Provider are patched with new versions of OpenVPN and just the clients run old OpenVPN versions?

Share this post


Link to post

Hello!
 

The first three things that come to mind are that you can't use tls-crypt with OpenVPN 2.3.x and we also detected some severe IPv6 bugs in those versions. Last but not least at all, you can't use TLS 1.2 with 2.3.14 (which supports only SSL 3 and TLS 1.0).

 

TLS 1.2 is supported in OpenVPN 2.3.3 or higher versions.

 

If the problem is only client side, you can easily upgrade, but if the problem is in their servers, and they do not offer any server with the above features (such as our 90 "Gen 2" servers), it might be a bad symptom of insufficient care toward security.

 

Kind regards

Share this post


Link to post

I use AirVPN and sometimes ExpressVPN for Netflix (because it still works).

 

Hello,

 

to access Netflix USA you can use AirVPN as well, from all servers except UK servers, from now on. Feel free to test and report back. As usual it is mandatory that you use VPN DNS to access Netflix USA.

 

UK servers traffic is not re-routed to Netflix USA because access to Netflix UK from most of our UK servers remained possible up to now.

 

Kind regards

Share this post


Link to post

 

I use AirVPN and sometimes ExpressVPN for Netflix (because it still works).

 

Hello,

 

to access Netflix USA you can use AirVPN as well, from all servers except UK servers, from now on. Feel free to test and report back. As usual it is mandatory that you use VPN DNS to access Netflix USA.

 

UK servers traffic is not re-routed to Netflix USA because access to Netflix UK from most of our UK servers remained possible up to now.

 

Kind regards

 

Great, good to know! Do you think ExpressVPN is lying about their encryption if they mention on Torrentfreak that they use the following setup:

 

ExpressVPN apps generally default to our recommended protocol for security and performance: OpenVPN UDP. Our apps use a 4096-bit CA, AES-256-CBC encryption, TLSv1.2, and SHA512 signatures to authenticate our servers."

 

They still use OpenVPN 2.3.14 for their apps, so TLSv1.2 should not be possible or am i wrong? I asked why they use old OpenVPN versions but got only the answer that their servers are patched and that theres no problem in terms of security if they still use 2.3.14 for their clients. Whats the deal on updating to a current version of OpenVPN, why don´t they do it?

Share this post


Link to post

 

 

I use AirVPN and sometimes ExpressVPN for Netflix (because it still works).

 

Hello,

 

to access Netflix USA you can use AirVPN as well, from all servers except UK servers, from now on. Feel free to test and report back. As usual it is mandatory that you use VPN DNS to access Netflix USA.

 

UK servers traffic is not re-routed to Netflix USA because access to Netflix UK from most of our UK servers remained possible up to now.

 

Kind regards

 

Great, good to know! Do you think ExpressVPN is lying about their encryption if they mention on Torrentfreak that they use the following setup:

 

ExpressVPN apps generally default to our recommended protocol for security and performance: OpenVPN UDP. Our apps use a 4096-bit CA, AES-256-CBC encryption, TLSv1.2, and SHA512 signatures to authenticate our servers."

 

They still use OpenVPN 2.3.14 for their apps, so TLSv1.2 should not be possible or am i wrong? I asked why they use old OpenVPN versions but got only the answer that their servers are patched and that theres no problem in terms of security if they still use 2.3.14 for their clients. Whats the deal on updating to a current version of OpenVPN, why don´t they do it?

 

 

Unless they've done like PIA in the past - use their own custom openvpn based on 2.3.14 but updated to include newer capability, security fixes, etc.  I'm not defending them, just bringing up that possibility. 

Share this post


Link to post

 

Kind regards

 

Great, good to know! Do you think ExpressVPN is lying about their encryption if they mention on Torrentfreak that they use the following setup:

 

ExpressVPN apps generally default to our recommended protocol for security and performance: OpenVPN UDP. Our apps use a 4096-bit CA, AES-256-CBC encryption, TLSv1.2, and SHA512 signatures to authenticate our servers."

 

They still use OpenVPN 2.3.14 for their apps, so TLSv1.2 should not be possible or am i wrong? I asked why they use old OpenVPN versions but got only the answer that their servers are patched and that theres no problem in terms of security if they still use 2.3.14 for their clients. Whats the deal on updating to a current version of OpenVPN, why don´t they do it?

 

 

Hello!

 

Correct, OpenVPN 2.3.14 does support TLS 1.2. TLS 1.2 support started in OpeVPN 2.3.3:

https://community.openvpn.net/openvpn/wiki/Hardening

 

(search for As of OpenVPN 2.3.3, OpenVPN supports TLS version negotiation. Earlier versions only supported TLS 1.0 )

 

We're very sorry, in the previous message we considered OpenVPN 2.3.1, and not 2.3.14.

 

About the security patches: of course nothing prevents to fork OpenVPN and recompile some old version with backports or own code to change anything you want.

 

As a general rule we try to not modify the OpenVPN source code except when we are definitely forced to do so (for example, in the past, to fix a critical bug which prevented usage of IPv6 in some 2.3.x version, or even when we patched, many years ago, a bug related to connections of OpenVPN to a proxy: anyway patches which were submitted for acceptance or rejection).

 

The reason because forking is a delicate matter with some software is that the main branch is always audited by a wide community, extensive usage etc., while with a fork you always take a risk to insert some vulnerability, so an audit of any fork (in our sector, where security is a top priority) should be mandatory before putting it into production.

 

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...