Jump to content
Not connected, Your IP: 44.210.237.223
Sign in to follow this  
Guest JWW

Why don't Air offer the full range of OpenVPN protocols?

Recommended Posts

Guest JWW

I have just trialled another VPN service. They also offer a client that works with the OpenVPN TAP Adaptor. I had a choice of OpenVPN/ECC, XOR, 256 Bit and 128 Bit. I connected via ECC on a UDP and then a TCP port and achieved hugely greater speeds than my AirVPN connection. I've always been led to believe that the problem with poor speeds over Air must be something to do with my ISP throttling the connection and that only solution was SSH or SSL. Clearly this is not the case and I feel misled as a result. I thought AirVPN was the best - service and support.

 

So come on, why don't we have the choice of the seemingly latest flavours of OpenVPN protocols?

Share this post


Link to post

Hello!

 

ECC is not in OpenVPN main branch. Additionally, there are some unsolved questions and doubts, see Bruce Schneier for example, that we feel to take into highest consideration. We will take ECC into consideration only when it's in the main branch and if implemented without being based on parameters/constants which could have been manipulated by NSA to insert artificial weaknesses, i.e. only curves not based on the NIST recommended parameters etc., because they have been created by Solinas working for NSA and because there are some weird choices which trigger our... paranoia...?

See also this interesting discussion:
https://crypto.stackexchange.com/questions/10263/should-we-trust-the-nist-recommended-ecc-parameters

Before going into ECC, you ought to be sure to use non-influenced by NSA elliptic curves. Ideally, you should also know how and to which extent NSA influenced the development and implementation of ECC through NIST standards and recommendations.

 

Is there any reason for which you are going into ECC with such a light heart, almost "unconsciously" we would dare to say? Which curve parameters is the service you cite using?

 

About performance, there can't be substantial operative difference between elliptic curves and integer discrete based ciphers for the Data Channel, and even less for the Control Channel, so any performance gain or loss can't be caused by that.

 

Kind regards

Share this post


Link to post
Guest JWW

Although I appreciate the response, I really don't understand a word of it. Which just goes to show that since maintaining true privacy on the web is becoming more and more difficult for the 'average person', especially since the 'WebRTC issue' came to light, that it really isn't worth it. I actually feel sorry for the 'average user' - they are still being conned, by most VPN providers, into thinking they're 'safe' and / or 'anonymous' on line whereas the truth is they probably aren't. I'm not really that technical but I'm technical enough to see that this is true - just look at the marketing on VPN service providers websites and Chrome extensions like Zenmate. Most would be forgiven for thinking 'Wow - no one knows who I am!'

 

So, I'm away from this. Not worth it for a few movies. I'll stick to using uncensored DNS servers to make me a feel a little better and leave VPN's to the people who have the time to fight the good fight.

 

Have fun. 

Share this post


Link to post

JWW, you can into the thread with this:

They also offer a client that works with the OpenVPN TAP Adaptor. I had a choice of OpenVPN/ECC, XOR, 256 Bit and 128 Bit. I connected via ECC on a UDP and then a TCP port and achieved hugely greater speeds than my AirVPN connection.

and then don't understand when Staff was talking about the NSA?

 

On the surface, it sounds like you are either trolling, or banged your head between posts.

 

The NSA apparently influenced the ECC design.  The purpose of VPN is to avoid NSA snooping.  Connect the dots.

 

And FWIW, I am getting somewhere around 97% of my native bandwidth (FiOS 75/75) with AirVPN.  It would be virtually impossible to top the performance.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...