VyprVPN

[calcu007 5]

any thoughts?

 

 

Sent from my iPhone using Tapatalk

[Flx 76]

3 hours ago, calcu007 said:

any thoughts?

IPSec supported or they have not heard it's been broken.
No static key still using username/password. Google DNS and OpenDNS as best ones to use in given DNS options.
O me amour.
Price-wise very appealing.

[OpenSourcerer 1435]

10 hours ago, Flx said:

IPSec supported or they have not heard it's been broken.

Elaborate, with some sources, please.

I remember VyprVPN being listed as a logging VPN provider in TorrentFreak's VPN provider questionnaires, so it is sufficient if you want to watch Netflix in Uganda or pretty much anything decent on the internet if you're in China. Not sure about today or if TF still does those questionnaires, but you really shouldn't torrent over it – or hope for a pseudonym in the face of prosecution.

[Flx 76]

3 hours ago, OpenSourcerer said:

Elaborate, with some sources, please.

What the coconuts is this? "We support both L2TP and IKEv2 for IPSec on select platforms providing you fast, secure and reliable performance."--->>https://www.vyprvpn.com/features/vpn-protocols

 

[OpenSourcerer 1435]

Nonono, elaborate on why IPsec is broken.

[Flx 76]

34 minutes ago, OpenSourcerer said:

Nonono, elaborate on why IPsec is broken.

Are you serious? Enough "elaboration" has been done...in the "Community Forum(s)" here.

 

[Staff 9972]

@OpenSourcerer
@Flx

In general NSA is not able to break hard encryption so key exfiltration is mandatory to obtain encryption circumvention and not encryption "break". A more advanced stage is attacking the key exchange process (that explains why we already used 2048 bit DH keys since 2010 and shifted to 4096 bit DH keys in 2014, as well as 4096 bit RSA keys).

Moreover, in the specific IPsec case, check the APEX VPN four phases according to top secret documents, for a summary on how NSA can successfully attack IPSec IKEv2 and ESP through HAMMERCHANT and HAMMERSTEIN.

Unfortunately, how the decryption of ESP packets actually takes place remains unexplained. We know however that the decryption is real. "No details as to how the NSA decrypts those ESP — “Encapsulating Security Payload” — packets, although there are some clues in the form of code names in the slides." (Schneier). See also Bruce Schneier's blog and The Intercept publication of the relevant top secret document.

On top of all that, in 2013 proof of the BULLRUN program emerged thanks to Snowden revelations. BULLRUN was a program aimed, among other things, at inserting vulnerabilities into commercial encryption systems. Nowadays it is strongly suspected that BULLRUN targeted IPsec too.

We are talking about  documents leaked in 2013 but related (even) to programs designed and developed during earlier years, so it's not unreasonable to assume that in the meantime NSA has further progressed to breaking IPsec. When we created AirVPN we decided to not adopt IPsec because already in 2010 doubts on NSA interference spread out as rumors.

https://theintercept.com/document/2014/03/12/vpn-voip-exploitation-hammerchant-hammerstein/

https://www.schneier.com/blog/archives/2014/03/how_the_nsa_exp.html
(check Q&A as well)

Kind regards
 

[OpenSourcerer 1435]

I see. Should be evident that I didn't follow Snowden's document stream too closely back then. Thank you for the summary