Jump to content
Not connected, Your IP: 18.117.232.215
AirVPN
produs

NSA decrypting vpn's

By produs, ... in General & Suggestions

Recommended Posts

Staff    9972

Staff
Posted ...

Hello!

 

@produs

Our service is not based on IPsec. This decision was taken in 2010 (even before we opened Air) because the original co-founders did not like very much two facts: IPsec running in kernel space, and important contributions by NSA to some of the development stages.

 

@AgentSmith

The tweet just after the one you linked mentions incorrectly "OpenVPN". From the document, on the contrary, you can see that it refers to IPsec, as correctly fixed in the subsequent tweet. Just a "momentary lapse of reason" by the author of the twit, probably.

 

Kind regards

produs reacted to this

Share this post

Link to post

zhang888    1066

zhang888
Posted ...

On a sidenote, QuarksLab completed their OpenVPN 2.4 audit and will submit the results on April 7th.

There should be a correcting release (2.4.2) with fixes for all the found issues.

We might probably see some class of bugs in parsers (like the recent Cloudflare proxy leak issue), but it's too early to speculate.

Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post

Link to post

greenclaydog    6

greenclaydog
Posted ...

Hello!

 

@produs

Our service is not based on IPsec. This decision was taken in 2010 (even before we opened Air) because the original co-founders did not like very much two facts: IPsec running in kernel space, and important contributions by NSA to some of the development stages.

 

@AgentSmith

The tweet just after the one you linked mentions incorrectly "OpenVPN". From the document, on the contrary, you can see that it refers to IPsec, as correctly fixed in the subsequent tweet. Just a "momentary lapse of reason" by the author of the twit, probably.

 

Kind regards

 

Strange, several tweets that follow the first one directly specify OpenVPN. Did he correct that somewhere? because i cannot see it.

 

Anyways, even if OpenVPN isn't the target, (which unless the twitter user was incorrectly naming OpenVPN, it is true) Isn't this a huge deal for the shitload of all people still using IPsec VPN services? Believe it or not there are still a ton of them that are using less known services or mobile apps that exclusively support IPsec. 

Share this post

Link to post

Staff    9972

Staff
Posted ...

Strange, several tweets that follow the first one directly specify OpenVPN. Did he correct that somewhere? because i cannot see it.

 

 

Yes, for each tweet he/she attached the correct piece of text (as an image, so you might need some effort to read it properly) in which you can see that OpenVPN is unrelated.

 

 

Anyways, even if OpenVPN isn't the target, Isn't this a huge deal for the shitload of all people still using IPsec VPN services? Believe it or not there are still a ton of them that are using less known services or mobile apps that exclusively support IPsec. 

 

It can be, sure, but then this is not a thread for "General & Suggestions" forum, which is aimed to general topics and suggestions for AirVPN service, not other ones! Feel free to move to "Off-topic" for any IPsec related issue.

 

Kind regards

Share this post

Link to post

greenclaydog    6

greenclaydog
Posted ...

 

Strange, several tweets that follow the first one directly specify OpenVPN. Did he correct that somewhere? because i cannot see it.

 

Yes, for each tweet he/she attached the correct piece of text (as an image, so you might need some effort to read it properly) in which you can see that OpenVPN is unrelated.

 

Anyways, even if OpenVPN isn't the target, Isn't this a huge deal for the shitload of all people still using IPsec VPN services? Believe it or not there are still a ton of them that are using less known services or mobile apps that exclusively support IPsec.

It can be, sure, but then this is not a thread for "General & Suggestions" forum, which is aimed to general topics and suggestions for AirVPN service, not other ones! Feel free to move to "Off-topic" for any IPsec related issue.

 

Kind regards

Thanks for clearing that up.

 

I'll see about starting a separate thread elsewhere, although I feel many are already aware of the issues present in IPsec.

Share this post

Link to post

tehhellhound    8

tehhellhound
Posted ...

On a loosely related note, many cell carrier Wi-Fi calling implementations, including T-Mobile(my carrier) use an IPSEC VPN, so I can only imagine how useful this would be for them to intercept conversations. I have this setup on my router though, so that IPSEC tunnel gets tunneled to Canada over OpenVPN, so take that, NSA!

Ricnvolved1956 reacted to this

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Go To Topic Listing
×
×
  • Create New...