Leaderboard

I wanted to share an interesting presentation I read recently regarding VPNs in VPN-hostile regions. Abstract: VPN adoption has seen steady growth over the past decade due to increased public awareness of privacy and surveillance threats. In response, certain governments are attempting to restrict VPN access by identifying connections using "dual use" DPI technology. To investigate the potential for VPN blocking, we develop mechanisms for accurately fingerprinting connections using OpenVPN, the most popular protocol for commercial VPN services. We identify three fingerprints based on protocol features such as byte pattern, packet size, and server response. Playing the role of an attacker who controls the network, we design a two-phase framework that performs passive fingerprinting and active probing in sequence. We evaluate our framework in partnership with a million-user ISP and find that we identify over 85% of OpenVPN flows with only negligible false positives, suggesting that OpenVPN-based services can be effectively blocked with little collateral damage. Although some commercial VPNs implement countermeasures to avoid detection, our framework successfully identified connections to 34 out of 41 "obfuscated" VPN configurations. We discuss the implications of the VPN fingerprintability for different threat models and propose short-term defenses. In the longer term, we urge commercial VPN providers to be more transparent about their obfuscation approaches and to adopt more principled detection countermeasures, such as those developed in censorship circumvention research. Presentation: https://www.usenix.org/conference/usenixsecurity22/presentation/xue-diwen Paper: https://www.usenix.org/system/files/sec22-xue-diwen.pdf

Hello! The paper re-launches the anti-censorship abilities of OpenVPN over SSH which we proposed 13 years ago! It had a filter rate of 0.32, the third best outcome in the world, very remarkable and putting AirVPN in the top 3 worldwide best filtering escaping VPN. As usual we anyway recommend Tor with private obfs bridges to reach filter rates next to 0. We have invested a lot on Tor and the solution is free for everyone. In Iran and Russia Tor obfs and private bridges are instrumental against blocks. Kind regards

Hello! We're very glad to inform you that two new 1 Gbit/s full duplex servers located in Miami, Florida, are available: Gudja and Kang, The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637 and 47107 UDP for WireGuard. Gudja and Kang support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor: https://airvpn.org/servers/Gudja/ https://airvpn.org/servers/Kang/ Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team