Jump to content
Not connected, Your IP: 3.226.251.81
Staff

Eddie Android Edition 2.4 released - ChaCha20 support

Recommended Posts

On 7/31/2019 at 3:57 PM, Staff said:

Hello!

On the server side we run OpenVPN 2.5 to offer ChaCha20-Poly1305 on the Data Channel. OpenVPN 2.5 is still in beta testing, although some key functions are performed by OpenSSL or mbedTLS which are stable, so we mark servers running OpenVPN 2.5 as "Experimental" (you will see them listed with the yellow warning color). OpenVPN 2.4.7 does not support ChaCha20 on the Data Channel so it's a no go (note that OpenVPN 3 is a library with client only, and not server, features).

When OpenVPN 2.5 stable version is released, then ALL of our servers will support ChaCha20 on the Data Channel. Estimated release date is November 2019 according to OpenVPN community. In the meantime please feel free to use ChaCha20 on the experimental servers, of course.

We can expand the network of experimental servers if we receive requests. Currently the servers in Canada and the Netherlands seem enough to support the traffic of clients using ChaCha20, but please let us have your feedback!

Kind regards
 

This is great, and the performance improvements (connection, timeout reductions, battery improvement), are definitely visible.

However, two questions:

When will this be available in the desktop (Mac, Windows), clients?
Are there any plans for wireguard to really squeeze out battery life on mobile phones?

Thanks

Share this post


Link to post
@laowai

 
Quote

This is great, and the performance improvements (connection, timeout reductions, battery improvement), are definitely visible.


Hello!

We're very glad you can confirm the outcome of our tests as well as reports by AirVPN users, also published in this thread. Great!
 
Quote

When will this be available in the desktop (Mac, Windows), clients?


Our roadmap includes availability of OpenVPN 3.3 AirVPN binary, with some client side nice additions to make the experience more comfortable. in the following systems:
  • Linux (binaries for both x86 and ARM processors) during August 2019
  • FreeBSD
  • OpenBSD
in the above order.

Desktop systems with AES-NI full support decrease performance with ChaCha20 encryption/decryption when compared to AES-GCM, so ChaCha20 will not be a favorite choice by those users who already enjoy AES-NI.

Therefore: our priority is releasing binaries which will be particularly useful in ARM based devices, which typically run on Linux or *BSD. ChaCha20 might perhaps provide higher performance (than AES-GCM with AES-NI), with coming (in the near future) CPUs featuring AVX512, it will be interesting to test.

Additionally, in desktop systems you can already run OpenVPN 2.5 beta which supports ChaCha20 on the Data Channel, while on some embedded devices building OpenVPN 2.5 may be out of the ability of the average user. You can even integrate OpenVPN 2.5 beta in Eddie desktop editions, as Eddie can be configured to use any OpenVPN binary file in "Preferences" > "Advanced" > "OpenVPN Custom Path". You then need to add the following custom directives:
ncp-disable
cipher CHACHA20-POLY1305
in "Preferences" > "OVPN directives", and finally connect to one of our experimental servers.
 
Quote


Are there any plans for wireguard to really squeeze out battery life on mobile phones?


By using Wireguard on Android devices, you already have roughly the same battery life you experience with Eddie Android edition which uses OpenVPN 3.3 AirVPN linked against mbedTLS, on equal terms (same bandwidth, traffic, etc.). Please feel free to report back if you experience some discrepancy, i.e. if you see longer battery life with Wireguard.

Anyway we are following Wireguard closely. Currently we need a couple of new, key features, which will probably be implemented before a stable version is released, as developers told us. Without them, implementation in our systems is too problematic. For example, linking static IP addresses to client keys is a heavy threat to privacy, for the reasons we explained in another thread; and lack of TCP support would cut out a remarkable amount of our customers, whose ISPs disrupt UDP.

Kind regards
 

Share this post


Link to post

I have an Android 9.0 TV box with Eddie 2.4 and ChaCha20.  The box is not that powerful, and I was wondering if using a lower level of encryption would achieve higher speeds.
There is no critical information being sent, just IPTV.  Any input is appreciated.

Share this post


Link to post
19 hours ago, ErrHead said:

I have an Android 9.0 TV box with Eddie 2.4 and ChaCha20.  The box is not that powerful, and I was wondering if using a lower level of encryption would achieve higher speeds.
There is no critical information being sent, just IPTV.  Any input is appreciated.


Hello!

Can you please compare ChaCha20 with AES performance and report back? ChaCha20 is strong but even less onerous than AES-128-GCM for non-AES NI supporting machines, as you might have seen in this thread. Difficult to find a cipher that performs better. Your very specific case probably requires no encryption at all from/to the VPN servers, but we do not offer such a solution, we're sorry.

Kind regards
 

Share this post


Link to post

It looks like some of the requests for experimental servers were declined (UK, Switzerland) but I'll go ahead and request a Dallas server just to see.

Could we have a Dallas experimental server for chacha20?  Thanks.

Share this post


Link to post

I'd say, show some patience. Eventually all servers will support it. For now, resent to testing it on the servers which are there to see if there are issues. The faster we know all is well, the faster it gets widespread implementation.


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post
4 hours ago, giganerd said:

I'd say, show some patience. Eventually all servers will support it. For now, resent to testing it on the servers which are there to see if there are issues. The faster we know all is well, the faster it gets widespread implementation.


There's no impatience and people are more likely to test if the servers is more useful to them. Edited ... by giganerd
Removed insults. Stay objective, please.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...