ANSWERED Does AirVPN use 'Perfect Forward Secrecy' in Manual OpenVPN configurations?

[Julia307 0]

Apparently it is as easy as adding the following to the client/server OPVN files: http://my.host.net.nz/2014/04/12/adding-perfect-forward-secrecy-to-openvpn/

 

Create a common private key, eg

 

openvpn --genkey --secret /path/to/store/pfs.key

Securely distribute this key to each OpenVPN client, then add the following to the server

 

tls-server

tls-auth /path/to/store/pfs.key 0

 

and this to each client

 

tls-client

tls-auth /path/to/store/pfs.key 1

 

Without this, using OpenVPN standalone will lack some essential security features.

[Staff 10116]

Hello!

 

Yes, of course. Since its birth, AirVPN always configured OpenVPN to work in TLS mode with PFS. And there's more: AirVPN uses 4096 bit DH keys and unique DH keys on each VPN server.

 

Kind regards

[Julia307 0]

Good to know! I had just contacted ExpressVPN and asked them the same... they provide PFS in their proprietary app but not in OpenVPN manual configurations; I'm waiting for a response from Nord staff whether they supply PFS on demand for their OpenVPN manual configurations. I do not see anything in the configuration files suggesting as such.  I suggest this is an essential component to ensuring the privacy of VPN connectivity. Thank you so much for your response! 

[Staff 10116]

  On 3/15/2018 at 1:45 PM, Julia307 said:

Good to know! I had just contacted ExpressVPN and asked them the same... they provide PFS in their proprietary app but not in OpenVPN manual configurations;

 

This makes no sense (or worse, it makes a sinister sense ), but maybe you have just talked with someone who did not even know what you were talking about.

 

  On 3/15/2018 at 1:45 PM, Julia307 said:

I'm waiting for a response from Nord staff whether they supply PFS on demand for their OpenVPN manual configurations. I do not see anything in the configuration files suggesting as such.  I suggest this is an essential component to ensuring the privacy of VPN connectivity. Thank you so much for your response! 

 

Please note that this is not the forum to talk about competitors, not even when doing so exposes our competitors flaws. This is the correct forum to continue with comparison etc.:

https://airvpn.org/forum/39-other-vpn-competitors-or-features/

 

Kind regards

[gabariala 1]

You say "Airvpn" is "configured to work with" PFS but is it configured this way by default in custom configuration OPVN files, or must this be added manually? You are suggesting that ExpressVPN is using PFS by default in Manual configs, and the staff was wrong in their assertion/assumption?

[Staff 10116]

  On 3/21/2018 at 7:51 PM, gabariala said:

You say "Airvpn" is "configured to work with" PFS but is it configured this way by default in custom configuration OPVN files, or must this be added manually?

 

Hello!

 

No manual addition of any directive is necessary.

 

Kind regards

[gabariala 1]

Thank you.

[gabariala 1]

I just wish to reiterate for the second time, I had asked 3 different staff members whether the aforementioned company used pfs outside their app, all of them said no. I just asked another giant VPN provider (censored), not ExperssVPN, very mountain like vpn, if they used perfect forward secrecy on Reddit, they replied "No. You need to download the root.der certificate, install that CA and then setup an IKEV2 VPN connection in the OS. Strongswan on Linux or through network manager in windows. OpenVPN and the app use normal VPN standards, 256 bit encryption and RSA2048."

[Staff 10116]

  On 3/23/2018 at 9:39 AM, gabariala said:

I just wish to reiterate for the second time, I had asked 3 different staff members whether the aforementioned company used pfs outside their app, all of them said no. I just asked another giant VPN provider (censored), not ExperssVPN, very mountain like vpn, if they used perfect forward secrecy on Reddit, they replied "No. You need to download the root.der certificate, install that CA and then setup an IKEV2 VPN connection in the OS. Strongswan on Linux or through network manager in windows. OpenVPN and the app use normal VPN standards, 256 bit encryption and RSA2048."

 

It means that they have not implemented PFS with OpenVPN because IKE has nothing to do with OpenVPN, it's a protocol for the SA in IPsec. Sloppy, wrong OpenVPN implementation if the transiting data integrity and security is a priority.

 

The fact that they kept fueling your confusion with even more confusing answers shows a worrying lack of competence. Maybe you should just stay away from them and move on.

 

Kind regards

[gabariala 1]

Yes I'm well aware now that Neurd (censored) doesn't use perfect forward secrecy either in their app or OpenVPN server/clients. I'll ask ExpresCreepyN (censored) one more time and see what they have to say, assuming they no better about their own service than you do.  

 

 

 

"Oy vey the goyim know shut it down"