Jump to content
Not connected, Your IP: 18.117.99.192

Recommended Posts

Hello

 

I am aware it is not required with AirVPN, but can a user somehow add a password to the User.key using the OpenVPN client?

 

I know you can do it client side, but I have not been able to find the option to do so in the Config Generator (server side).

 

Password is for added security in case the User.key got intercepted when initially sent to me, or somehow gets later copied on my host.

 

end Hello

Share this post


Link to post

Its been a while, and I still have not received a reply to this question from an AirVPN representative.

 

Allowing a single point of failure (unauthorized access to the config files) seems unnecessarily risky to me. I believe it is reasonable to facilitate a simple password verification to strengthen the overall security of the AirVPN service for those who want to use that added security option.

 

Am I missing something here? Is it not technically possible for some reason?

Share this post


Link to post

Hello!

 

PKCS#12 is not supported. Which point of failure are you referring to? user.key is transmitted to you over a TLS connection, and anyway possession of the key by an adversary does not allow him/her to decrypt any of your past, present and future communications to/from the VPN server.

 

Kind regards

Share this post


Link to post

Hello

 

With the recent ProPublica leaks, I don't think I am alone in questioning whether SSL or TLS is secure.

 

I wanted the added security of issuing a password (which I could set/change) every time I logged onto the VPN service.

 

I understand an adversary will not have access to my comms, but they will be able to use the key to access the VPN under my account and do who knows what with. I just feel uncomfortable logging on to a secure service where I don't issue my own changeable password. Maybe its just me, and this is how all VPNs services work.

 

Anyway, if its not supported, its not supported.

 

Just one last question. If I now reissue myself with another key, do the previous key(s)/certs remain valid and usable to connect to AirVPN ?

 

Thank you.

Share this post


Link to post

Hello With the recent ProPublica leaks, I don't think I am alone in questioning whether SSL or TLS is secure. I wanted the added security of issuing a password (which I could set/change) every time I logged onto the VPN service.

 

Hello!

 

That's not necessary, our TLS web server implementation includes Perfect Forward Secrecy, so a different TLS key is negotiated (through ECDHE or DHE, according to your browser) with airvpn.org server at each SSL/TLS connection (provided that you don't run an obsolete browser or IE 8 in Windows XP). The underlying preferred encryption is AES-256 (but you can change your preferences on the cipher from you browser) making any attack revealed by the recent leaks ineffective. Please check here:

 

https://www.ssllabs.com/ssltest/analyze.html?d=airvpn.org

 

Anyway you can change your web site password as many times as you wish from your control panel.

 

 

Just one last question. If I now reissue myself with another key, do the previous key(s)/certs remain valid and usable to connect to AirVPN ? Thank you.

 

Yes, until the account subscription expires or you explicitly require account de-activation.

 

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...