Jump to content


Photo

Three simultaneous connections per account allowed


  • Please log in to reply
61 replies to this topic

#1 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7789 posts

Posted 13 April 2014 - 09:33 PM

Hello!

 

We're glad to inform you that from now on:

 

every account can establish 3 simultaneous connections to DIFFERENT AirVPN servers

 

EDIT 29-Nov-17. This thread is obsolete, now limit of concurrent connections is FIVE. Please see https://airvpn.org/topic/24167-five-simultaneous-connections-per-account/
 

 

No impact on quality of service will occur: the guaranteed allocated bandwidth pertains to accounts, regardless of the number of established connections. If you establish 2 or 3 connections with the same account, we guarantee the SAME allocated bandwidth as before, NOT the double or the triple of it.

 

No price increase has been planned for this new feature.

 

As specified above, you can NOT connect the same account twice or thrice to the same AirVPN server. Each connection must go to a different AirVPN server.

 

We're confident that allowing 3 connections per account at the same price will meet fully the requirements expressed by several customers.

 

Please do not hesitate to contact us for any further information.

 

Kind regards & datalove

AirVPN Staff



#2 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2219 posts

Posted 13 April 2014 - 10:17 PM

Thanks alot for this new feature.

I have checked it, and there are 2 questions :

 

 

1) There seems to be an issue with the Windows client, it is still showing the first connected IP when in fact the real connection is initiated to another server.

 

17710bcadc94db9b5e214e4dbacf7cd1.png

 

 

 

 

As you can see, I am connected to Zaurak but the client still shows Canopus. This is a really minor issue but it can probably cause some confusion especially among less technical customers.

 

 

 

 

 

2) I was opposing to the multiple connections in each topic that had been opened before, my point was that multiple connections will require additional logging on AIr's side.

After all, think if your privacy really worth those extra 54 Euros per year.

Right now, I see no other possible implementation of this, other than running some RADIUS server (FreeRADIUS/FreeSWAN etc) in order to monitor the max 3 connections policy.

 

Dear Staff, can you please clarify if the "No Logs" policy will still be enforced, and if yes, how? After all, there is much more operations that you have to correlate on your backend after this...

 

 

Thanks alot,

Zhang888


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#3 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7789 posts

Posted 13 April 2014 - 10:44 PM

Hello!

 

Thank you for your feedback.

 

1) Client, DDNS handling and port checks need an update. We are already working on it and a solution will come out very soon (a matter probably of days).

 

2) We don't use any RADIUS or other kind of software for authentication purposes.
There is no change about privacy and no additional monitoring.

Internal details:
- Each AirVPN server runs simply OpenVPN daemons
- When a new connection is received, after the cryptographic validations, the VPN server contacts indirectly a backend server to notify the connection. This updates a centralized 'active sessions' table in our db, data queried by our website pages for real time stats.
Previously, if our backend server already had a session from a user, it replied to OpenVPN server to reject the connection
Now, if our backend server already sees 3 sessions from the same user, it tells OpenVPN server to reject the connection.

Technically, there isn't any architectural change. It is a 'political' change.

 

Kind regards



#4 Dr.Dralle

Dr.Dralle

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 13 April 2014 - 10:48 PM

Good Work ..  Thanx for the update...

 

Little  Question... How can i establish 3 connections ?

 

I am Win 8 & Air Client  User....

 

Greets

Dr.Dralle



#5 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2219 posts

Posted 13 April 2014 - 11:08 PM

Hello!

 

Thanks for the explaination, but what you described above describes exactly the use of RADIUS. I didn't mean RFC2865/6 in my question about RADIUS,

what I meant was an abstract common term for systems that monitor internet user subscriptions.

When you say that each server is connected to an "active sessions" DB in order to check the active sessions, for me it means logging. Such DB cannot exist without logging.

I understand that it's possible to build OpenVPN client<>server connections with no logs at all, but that means that the OpenVPN daemon will not query any "central DB".

There is some data that is inevitable for a VPN service to know, such as source IP and source port of the connecting client. But sessions about the active sessions,

and from each server etc, that's a thin border already between logging and non-logging.

After all, logging is a marketing terms and what it means in 99% that the policy is about not logging the actual traffic, assuming that everyone logs the connected client state (connected/not connected).

 

Can you please clarify this point?

 

Thanks,

Zhang888


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#6 avpi

avpi

    Newbie

  • Members
  • Pip
  • 8 posts

Posted 13 April 2014 - 11:32 PM

I don't understand what they should clarify. They have a central database where they are storing the active sesstions. Thats it. In the past they already said that they have exactly this information.

 

Without this it would be harder for AirVPN to show the incomming IP in the Control Panel. Maybe some people don't like it but it transparently shows what they have: Your IP while you are connected.

 

I really appreciate it when someone question things and I don't want to anger you but I think everthing is already said about it.



#7 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7789 posts

Posted 14 April 2014 - 12:00 AM

@zhang888

 

You entered a logical flaw. In order to maintain a high privacy environment and a strong anonymity layer it is mandatory that we agree that logging is not a marketing term, but it means to keep a file to record past events so that they can be rebuilt in ANY arbitrary moment in the future.

 

If you extend the meaning of logging as you are doing, then the RAM image itself would mean "logging", or more generally any state at any given moment of any kind of a limited Turing machine would be a log. According to your definition every type of limited Turing machine logs and every state is a log (even if that state is destroyed in time) and the concepts of "anonymity layer" and "privacy" do not exist anymore as soon as any limited Turing machine or a computer is used, while on real world it is clear the difference (given the flow of time as we perceive it) between keeping information that can be used in any arbitrary moment in the future and NOT keeping them. Amongst other things, what here is relevant is that keeping a temporary information (for example, 1 byte) about whether a "connection" is established or not (which is mandatory to make Internet working) is not only totally irrelevant for privacy, but also and above all completely equivalent regardless of the value of that byte, from which the absurdity of your conclusion derives: there is no difference according to your definition in allowing n connections from one account, for each possible value of n, including n=1 and n=3.

 

Such philosophical discussion is completely irrelevant for our mission and for the purposes of our customers, for whom the concept of "anonymity" and "privacy" are preserved when no information can be rebuilt in an arbitrary future moment even if it is known that they were using a VPN service, but it can imply a real nice philosophical discussion that you are free to open in "Off Topic", but please not in this topic, thanks in advance.

 

Kind regards



#8 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7789 posts

Posted 14 April 2014 - 12:06 AM

Good Work ..  Thanx for the update...

 

Little  Question... How can i establish 3 connections ?

 

I am Win 8 & Air Client  User....

 

Greets

Dr.Dralle

 

Hello!

 

The most common usage is establishing up to 3 connections to up to 3 different servers from up to three different (either real or virtual) machines.

 

Kind regards



#9 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2219 posts

Posted 14 April 2014 - 12:19 AM

Thanks for the professional response.

 

By no means my comment was to discredit the quality of the service or to get into a phylosiphic discussion about privacy.

Please understand that, and I really appreciate your responses, unlike other servers that will usually tell you "if you don't like it, get another provider".

 

Yes, I can assume that the RAM of the Air servers, is a potential logging facility, not because I don't trust Air, only because of

the latest revelations of Mr. Snowden made me, and probably many other users, more natuarally aware.

My assumption is that there will always be a circle of what we "Don't know", just like the latest heartbleed bug.

That means we cannot trust our software (OpenSSL) providers - See heartbleed, Nor hardware - See Intel's RdRand saga.

My only point is that, the less data we all keep, the more safe we are. Without going much into Turing machinery, because this is really off-topic.

 

Thanks again for the great service,

I just opened this discussion because I think I can speak on behalf of many other users that share the same thoughts like me, i.e.

"How they allow us using 3 connections but still keep no logs".

 

 

Regards,

Zhang888.


  • LZ1 likes this

Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#10 PirateParty

PirateParty

    Advanced Member

  • Members
  • PipPipPip
  • 64 posts

Posted 14 April 2014 - 01:45 AM

Good Work ..  Thanx for the update...

 

Little  Question... How can i establish 3 connections ?

 

I am Win 8 & Air Client  User....

 

Greets

Dr.Dralle

 

You can establish 3 connections for example by using any other devices you have such as phone, laptop and desktop.

 

*facepalm* see that it was already answered.


https://cryptoforums.net/ Computing, Crypto, Security & Privacy Forum


#11 radweh

radweh

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 14 April 2014 - 02:00 AM

About the active connections table, what information exactly is stored there?  For example this seems privacy-friendly:

 

 

user_id INT 

while this does not:

user_id INT
client_ip_address VARCHAR
server_id INT
time_connected DATETIME

For me the client IP address is something that should avoid being kept anywhere other than RAM.  Seeing my IP address in the control panel has always been disturbing.  Not because AirVPN has access to that information (of course it has to at some level), but that you have access to that information in a way that allows you to easy query for it and display it on the website (i.e. it's in a database).

 

Even if it's only temporarily in the database until the connection closes, that can be days.  If a third-party gained access to your database without your knowledge (bug in the app code for example), then that is pretty much the same as them having access to a log file.  So, do you keep the client IP address anywhere other than the RAM of the OpenVPN server we connect to?



#12 bubbba

bubbba

    Advanced Member

  • Members
  • PipPipPip
  • 30 posts

Posted 14 April 2014 - 08:37 AM

Question: Do the 3 simultaneous connections need to be connected from the same domain/ip address? 



#13 Rosie3581

Rosie3581

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 14 April 2014 - 09:10 AM

A quick note to say how pleased I am that Airvpn has now allowed 3 simultaneous sessions and has increased the strength of its RSA key encryption.

Thankyou Airvpn team. Your so far ahead of the VPN pack. Wonderful.

Bill...

#14 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7789 posts

Posted 14 April 2014 - 10:40 AM

Question: Do the 3 simultaneous connections need to be connected from the same domain/ip address? 

 

Hello!

 

No, that's not required. You are totally free to connect from three different addresses. For example, if you travel you can leave your home computer connected and stay connected during the travel with two more devices (smart phone and tablet, laptop and smart phone...).

 

Kind regards



#15 traffic_22

traffic_22

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 14 April 2014 - 10:46 AM

Question: Do the 3 simultaneous connections need to be connected from the same domain/ip address? 

 

Hello!

 

No, that's not required. You are totally free to connect from three different addresses. For example, if you travel you can leave your home computer connected and stay connected during the travel with two more devices (smart phone and tablet, laptop and smart phone...).

 

Kind regards

 

Thats exactly my scenario - I am more than happy that you changed the policy there, up to now this was the only real downside to your service in my eyes.

Thank you very much, AirVPN team - this is really great!

I do believe that your service is the best there is for technically proficient users wanting a certain degree of privacy and anonymity on the net.

 

Thanks again!



#16 Steal spear

Steal spear

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 14 April 2014 - 12:43 PM

okay got a question regarding multiple connections

 

how will the DDNS and port forwarding feature work when you establish multiple connections?

 

which connection will the port forwarding and the dns record apply to?

Or will the the port forwarding be applied to every connection and the external ip of every vpn server connected to be added to the dns record?

 

/Steal spear



#17 Philiberti

Philiberti

    Advanced Member

  • Members2
  • PipPipPip
  • 58 posts

Posted 14 April 2014 - 12:48 PM

Hi,

    I'm not an advanced user and may have misunderstood the 3 simultaneous connections aspect of the upgrade. I downloaded v 1.92 a few days ago after the Heartbleed issue so am up to date with the client, but when I connected today I was only allowed to connect to 1 server as usual. I then tried to launch the client again but got the message that I was already connected to the VPN. Can someone explain in simple terms how to go about running 3 simultaneous connections - is it possible to do this from the same windows 7 PC?

 

Regards



#18 Tony M

Tony M

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 14 April 2014 - 01:43 PM

For me the client IP address is something that should avoid being kept anywhere other than RAM.  Seeing my IP address in the control panel has always been disturbing.  Not because AirVPN has access to that information (of course it has to at some level), but that you have access to that information in a way that allows you to easy query for it and display it on the website (i.e. it's in a database).

 

Even if it's only temporarily in the database until the connection closes, that can be days.  If a third-party gained access to your database without your knowledge (bug in the app code for example), then that is pretty much the same as them having access to a log file.  So, do you keep the client IP address anywhere other than the RAM of the OpenVPN server we connect to?

 

In order to display your IP on this web site, we can assume at the very least it is stored in RAM here. We also can assume that some parts of this site are backed up on non-volatile storage so they can restart their services after a reboot or power outage.

The existence of a session database doesn't mean that the IPs are stored on non-volatile storage. Selecting HEAP storage engine in MySQL, putting Sqlite/PostgreSQL database on a ramdisk, Memcached or Redis w/ persistency turned off, are all methods available to them. Page cache & PHP objects can also be stored in RAM as well, assuming caching is used so they aren't DOSed so easily.

Switching to a decentralized method would mean all VPN servers would have to be polled at each connection, which would increase connection time. They would also have to change the policy of "disallow new connections" to "disconnect older sessions" since the VPN servers might not be synced or reachable to each other 100% of the time.

 

In light of these two issues, and the airvpn.org site being a highly visible target for an adversary, they should at least store the session database in RAM on non-public facing server(if they aren't already).

 

They should also probably remove the session info from the Client Area unless it serves some other purpose. The only reason I can think of is it's there to allow users to detect if someone else is using their credentials... But it's not very useful for that. The rows are only temporary and if the other person disconnects you'd never know. There are other ways to detect it without showing IPs, such as disconnecting all connections, and reconnecting only one (or none). Then if there are more live connections then you expect, or to a server you aren't connecting to, you would know someone else has your credentials. After the user.key regeneration feature is added you won't even have to message the staff to kick them off.



#19 NaDre

NaDre

    Advanced Member

  • Members2
  • PipPipPip
  • 421 posts

Posted 14 April 2014 - 02:14 PM

Hi,

    I'm not an advanced user and may have misunderstood the 3 simultaneous connections aspect of the upgrade. I downloaded v 1.92 a few days ago after the Heartbleed issue so am up to date with the client, but when I connected today I was only allowed to connect to 1 server as usual. I then tried to launch the client again but got the message that I was already connected to the VPN. Can someone explain in simple terms how to go about running 3 simultaneous connections - is it possible to do this from the same windows 7 PC?

 

Regards

 

See this discussion:

 

/topic/11277-its-possible-connect-two-vpn-at-the-same-time/



#20 Rompastompa

Rompastompa

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 14 April 2014 - 03:05 PM

Hey,

Great news on the 3 simultaneous connections.

Just one question - how will port forwarding work in the future? How will I specify which of my three devices to forward incoming connections to?

Thanks
R




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Servers online. Online Sessions: 15674 - BW: 68919 Mbit/sYour IP: 34.226.208.185Guest Access.