croco 1 Posted ... Just wandering what protection AirVPN has against timing correlation attacks on the exit servers like ProtonVPN has called secure-core feature ? https://protonvpn.com/support/secure-core-vpn/ Here's a cut from the article on their site and I apologise if theirs already a thread on this but a quick search didn't give me any results. ProtonVPN’s unique Secure Core architecture allows us to protect our users from network attacks that other VPNs cannot defend against. A classic VPN setup involves a client passing traffic through a VPN server en-route to the final destination. If an attacker can get control of the VPN server, or monitor the network of the server, they will be able to match VPN clients with their traffic, nullifying the privacy benefits of the VPN. Quote Share this post Link to post
Staff 9972 Posted ... Funny marketing fluff. Since AirVPN birth we allow multi-hop connections (opt-in) between different VPN servers, between VPN servers and SOCKS or HTTPS proxies, or (better solution) between VPN servers and Tor nodes. Safer and better than marketing fluff. HOWEVER, it must be known that there are some errors in the article you linked. It mixes at least two totally different attack types and makes a lot of confusion. Timing attacks can be performed anyway even on Tor network (in any low latency mix based protocol network, in general) given an adversary with enough power to monitor vast portions of the Internet., so the general analysis provided by the article is... imaginative, to say the least. Kind regards 2 spe and fourpoint7 reacted to this Quote Share this post Link to post
Guest Posted ... 11 hours ago, Staff said: Funny marketing fluff. Since AirVPN birth we allow multi-hop connections (opt-in) between different VPN servers, between VPN servers and SOCKS or HTTPS proxies, or (better solution) between VPN servers and Tor nodes. Safer and better than marketing fluff. HOWEVER, it must be known that there are some errors in the article you linked. It mixes at least two totally different attack types and makes a lot of confusion. Timing attacks can be performed anyway even on Tor network (in any low latency mix based protocol network, in general) given an adversary with enough power to monitor vast portions of the Internet., so the general analysis provided by the article is... imaginative, to say the least. Kind regards Hi! What do you mean by opting-in to multi-hop connections? Did you refer to your Geo-routing feature or to the inofficial Qomui client? Best! Quote Share this post Link to post
Staff 9972 Posted ... @HannaForest Hello! More simply, by using Tor (either Tor over OpenVPN or OpenVPN over Tor, supported by Eddie desktop editions) or using two connection slots from the same machine (for example with the aid of a VM attached to the host via NAT). First solutions are better because you don't multi-hop on servers all belonging to the same company (AirVPN). Kind regards Quote Share this post Link to post
telemus 16 Posted ... Thank you for this clarification. I wonder if you might be able to point to the instructions for opting-in to the following: Since AirVPN birth we allow multi-hop connections (opt-in) between different VPN servers, Quote Share this post Link to post
rohko 17 Posted ... I think it's almost trivial to connect to internet via multi hop OpenVPN system, at least on Linux. Thanks to AirVPN for allowing multiple connections at the same time! The hopping can be made with the following bash script by Perfect Privacy (https://www.perfect-privacy.com/en/manuals/linux_openvpn_terminal_cascading). At first, you download the ovpn configurations for your favorite servers. I use only one hop so in practice, I need two different OpenVPN servers with their entry IP addresses. Then you follow the instructions of the script. For example, if your first server is in Siauliai, you run sudo openvpn --config AirVPN_LT-Siauliai_Porrima_UDP-443.ovpn --script-security 2 --route remote_host --persist-tun --up updown.sh --down updown.sh --route-noexec Then read the output of the above command and insert the given gateway IP address to the next hop: sudo openvpn --config AirVPN_LV-Riga_Meissa_UDP-443.ovpn --script-security 2 --route remote_host--persist-tun --up updown.sh --down updown.sh --route-noexec --setenv hopid 2 --setenv prevgw 10.xxx.yyy.zzz (Note that the hop script looks also for update-resolv-conf script to update the DNS, so install it if necessary from https://github.com/jonathanio/update-systemd-resolved). Then the traffic goes through two VPN servers! Your ISP sees UDP traffic to the first hop, meanwhile your external IP looks to be the exit IP address of the second server. If you want to apply leak protection, you can use Eddie. The second option is to apply Eddie's leak protection and then export the generated iptables rules to a file: sudo iptables-save > iptables-rules.txt sudo iptables-restore iptables-rules.txt If your iptables rules were empty before leak protection, you can recover that state by sudo iptables -F The last step is really not necessary, but rather for peace of mind. Latest Linux distros may have peculiar DNS behaviour (not leak, because even DNS requests are tunneled in the VPN connection), you can remove the nasty entry of DNS Domain: ~. from your systemd-resolved daemon by command (assumed that your interface is called wlan0) sudo systemd-resolve -i wlan0 --set-domain local I don't know, if the local argument is a proper one, but at least is forces away the value ~. and ipleak.net shows that non-AirVPN DNS servers are not used at all. 2 telemus and nexsteppe reacted to this Quote Share this post Link to post
telemus 16 Posted ... Hello Rohko Thank you so much for that. I'll give it a go. As it I use linux but am still learning. This is a good learning experience. Quote Share this post Link to post
rohko 17 Posted ... 7 hours ago, telemus said: Hello Rohko Thank you so much for that. I'll give it a go. As it I use linux but am still learning. This is a good learning experience. Glad my post was helpful. 😃 BTW the speed of the double hop connection will be of course worse than a single connection, but I am quite happy with it. I usually select two servers, which are located close to each other (like Lithuania and Latvia) so the latency won't increase too much while the extra protection against correlation sniffing is achieved (compared to the case where both servers are located in the same country). 1 telemus reacted to this Quote Share this post Link to post
DarkSpace-Harbinger 11 Posted ... Is it possible to double hop on Windows without the aid of a VM? Understandably i don't want to use two OS'es at the same time just to use double hop. Quote Share this post Link to post