Leaderboard

I wanted to share an interesting presentation I read recently regarding VPNs in VPN-hostile regions. Abstract: VPN adoption has seen steady growth over the past decade due to increased public awareness of privacy and surveillance threats. In response, certain governments are attempting to restrict VPN access by identifying connections using "dual use" DPI technology. To investigate the potential for VPN blocking, we develop mechanisms for accurately fingerprinting connections using OpenVPN, the most popular protocol for commercial VPN services. We identify three fingerprints based on protocol features such as byte pattern, packet size, and server response. Playing the role of an attacker who controls the network, we design a two-phase framework that performs passive fingerprinting and active probing in sequence. We evaluate our framework in partnership with a million-user ISP and find that we identify over 85% of OpenVPN flows with only negligible false positives, suggesting that OpenVPN-based services can be effectively blocked with little collateral damage. Although some commercial VPNs implement countermeasures to avoid detection, our framework successfully identified connections to 34 out of 41 "obfuscated" VPN configurations. We discuss the implications of the VPN fingerprintability for different threat models and propose short-term defenses. In the longer term, we urge commercial VPN providers to be more transparent about their obfuscation approaches and to adopt more principled detection countermeasures, such as those developed in censorship circumvention research. Presentation: https://www.usenix.org/conference/usenixsecurity22/presentation/xue-diwen Paper: https://www.usenix.org/system/files/sec22-xue-diwen.pdf

Hello! The paper re-launches the anti-censorship abilities of OpenVPN over SSH which we proposed 13 years ago! It had a filter rate of 0.32, the third best outcome in the world, very remarkable and putting AirVPN in the top 3 worldwide best filtering escaping VPN. As usual we anyway recommend Tor with private obfs bridges to reach filter rates next to 0. We have invested a lot on Tor and the solution is free for everyone. In Iran and Russia Tor obfs and private bridges are instrumental against blocks. Kind regards

@AVPN0815 Hello! That's not entirely correct because we use RAM disks. It is true that an HDD or SSD is used to boot, and it contains a working boot record, grub software or similar, used in turn to load a kernel which must provide TCP/IP, network and basic services support, but anything else is downloaded via network (after the network is up, obviously). At each (re)boot the server can not start, because it is barred from downloading any relevant file until we authorize the reboot, so it will miss even the essential configuration files, scripts, keys... This allows us to check the kernel (once the network is up) and any relevant storage file against a pristine copy, especially if the reboot is unexpected. Once the TCP/IP stack, the network and their essential services have come up, and a manual authorization has been dispatched by AirVPN management, the server starts downloading any other file needed for normal operations, and all of that remains in RAM disks. Kind regards

Hello! Multiple keys allow you to: selectively pick remotely forwarded inbound ports by device/key connect multiple devices to the same VPN server by using a different key on each device have different, device-specific DNS block lists A dedicated panel to manage your client certificates and keys is accessible in our web site. In order to access the main control panel click Client Area while your account is logged into the AirVPN web site. The Devices button provides you with access to a panel to administer your client certificate/key pairs. The panel lets you use a multi-certificate/key support from AirVPN, a comfortable and convenient feature. You can have multiple pairs, renew them and issue completely new ones. From each device of yours you will be free to use any pair you like. Therefore you can keep all of your certificates and keys under control, administer them and also connect multiple devices to the same server and port by using a different key on each device. Eddie 2.13.6 or higher version is required. In Eddie's Overview window a menu which will let you choose a key before you start a connection will appear automatically when you create a new certificate/key par from your account control panel (note: restart Eddie and log your account out and in again if such menu does not appear). To create a new certificate/key pair click the button labeled Add a new device. The Configuration Generator has been modified as well, in order to let you generate configuration files with the certificate/key pair you wish. Let's see in details how to use the "Devices/Keys" options. Device Name and Description: these are free name and description which you can associate to any pair for your comfort. Click the pencil icon to edit. Details opens a window showing various information: Type, Creation date, Last renew date and Last VPN connection. In the same window you can find the following actions: Renew: when you click this action button, the corresponding certificate will be revoked, and a new certificate/key pair will be issued. Delete: this action button will revoke the corresponding certificate, without issuing a new one. DNS: this action button will let you enter the DNS block list panel for that specific certificate/key pair to let you define, activate or de-activate specific DNS block lists, exceptions and additions, which will apply to that pair only. View history and View Active will toggle with each other to provide you with any relevant information on the history of your actions about keys and the current active list. Some caution when using the aforementioned features: if you revoke or renew a certificate/key pair which is being used by some connected device, that device will soon be disconnected in Eddie Desktop edition, you will need to log your account out and then in again to force Eddie to pick a different pair (new or old) (*) - in Eddie Android edition this is not necessary to use new pairs, you will need to re-generate and import configuration files if you use them with some third-party software, or if you run OpenVPN or Wireguard directly (*) unchecking "Remember me" is necessary in older Eddie versions Kind regards and datalove AirVPN Staff