Jump to content
Not connected, Your IP: 3.138.135.201
Sign in to follow this  
Julia307

ANSWERED Does AirVPN use 'Perfect Forward Secrecy' in Manual OpenVPN configurations?

Recommended Posts

Apparently it is as easy as adding the following to the client/server OPVN files: http://my.host.net.nz/2014/04/12/adding-perfect-forward-secrecy-to-openvpn/

 

Create a common private key, eg
 
openvpn --genkey --secret /path/to/store/pfs.key

Securely distribute this key to each OpenVPN client, then add the following to the server
 
tls-server
tls-auth /path/to/store/pfs.key 0
 
and this to each client
 
tls-client
tls-auth /path/to/store/pfs.key 1
 
Without this, using OpenVPN standalone will lack some essential security features.

Share this post


Link to post

Hello!

 

Yes, of course. Since its birth, AirVPN always configured OpenVPN to work in TLS mode with PFS. And there's more: AirVPN uses 4096 bit DH keys and unique DH keys on each VPN server.

 

Kind regards

Share this post


Link to post

Good to know! I had just contacted ExpressVPN and asked them the same... they provide PFS in their proprietary app but not in OpenVPN manual configurations; I'm waiting for a response from Nord staff whether they supply PFS on demand for their OpenVPN manual configurations. I do not see anything in the configuration files suggesting as such.  I suggest this is an essential component to ensuring the privacy of VPN connectivity. Thank you so much for your response! 

Share this post


Link to post

Good to know! I had just contacted ExpressVPN and asked them the same... they provide PFS in their proprietary app but not in OpenVPN manual configurations;

 

This makes no sense (or worse, it makes a sinister sense :) ), but maybe you have just talked with someone who did not even know what you were talking about.

 

I'm waiting for a response from Nord staff whether they supply PFS on demand for their OpenVPN manual configurations. I do not see anything in the configuration files suggesting as such.  I suggest this is an essential component to ensuring the privacy of VPN connectivity. Thank you so much for your response! 

 

Please note that this is not the forum to talk about competitors, not even when doing so exposes our competitors flaws. This is the correct forum to continue with comparison etc.:

https://airvpn.org/forum/39-other-vpn-competitors-or-features/

 

Kind regards

Share this post


Link to post

You say "Airvpn" is "configured to work with" PFS but is it configured this way by default in custom configuration OPVN files, or must this be added manually? You are suggesting that ExpressVPN is using PFS by default in Manual configs, and the staff was wrong in their assertion/assumption?

Share this post


Link to post

You say "Airvpn" is "configured to work with" PFS but is it configured this way by default in custom configuration OPVN files, or must this be added manually?

 

Hello!

 

No manual addition of any directive is necessary.

 

Kind regards

Share this post


Link to post

I just wish to reiterate for the second time, I had asked 3 different staff members whether the aforementioned company used pfs outside their app, all of them said no. I just asked another giant VPN provider (censored), not ExperssVPN, very mountain like vpn, if they used perfect forward secrecy on Reddit, they replied "No. You need to download the root.der certificate, install that CA and then setup an IKEV2 VPN connection in the OS. Strongswan on Linux or through network manager in windows. OpenVPN and the app use normal VPN standards, 256 bit encryption and RSA2048."

Share this post


Link to post

I just wish to reiterate for the second time, I had asked 3 different staff members whether the aforementioned company used pfs outside their app, all of them said no. I just asked another giant VPN provider (censored), not ExperssVPN, very mountain like vpn, if they used perfect forward secrecy on Reddit, they replied "No. You need to download the root.der certificate, install that CA and then setup an IKEV2 VPN connection in the OS. Strongswan on Linux or through network manager in windows. OpenVPN and the app use normal VPN standards, 256 bit encryption and RSA2048."

 

It means that they have not implemented PFS with OpenVPN because IKE has nothing to do with OpenVPN, it's a protocol for the SA in IPsec. Sloppy, wrong OpenVPN implementation if the transiting data integrity and security is a priority.

 

The fact that they kept fueling your confusion with even more confusing answers shows a worrying lack of competence. Maybe you should just stay away from them and move on.

 

Kind regards

Share this post


Link to post

Yes I'm well aware now that Neurd (censored) doesn't use perfect forward secrecy either in their app or OpenVPN server/clients. I'll ask ExpresCreepyN (censored) one more time and see what they have to say, assuming they no better about their own service than you do.  

 

 

Censored.png
 

"Oy vey the goyim know shut it down"

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...