Can You Trust Your VPN Provider…?

Re: Silk Road owner sold out by his VPN provider!

VPN services that are optimized for, and marketed at, torrent users typically have open ports. I haven't checked AirVPN regarding that, given that I use pfSense router VMs.

 

AirVPN, main reason is that the average user won't set up firewall rules and won't notice disconnections. When I tested AirVPN it would disconnect and stay disconnected without giving any identification or even changing the color of the icon, it just said it was "on" and never gave warnings. No client DNS/Disconnect protection, sure you can set firewalls but just the fact that they don't include them as an option shows apathy on their part and less care about their users.

 

Re: Silk Road owner sold out by his VPN provider!

Maybe this sheds some light:

https://airvpn.org/topic/9358-eu-and-data-retention-laws-with-eu-based-vpn/

 

Re: Silk Road owner sold out by his VPN provider!

Thanks

I was thinking of this:

<-https://airvpn.org/aboutus/->

So, three years later, I'm confident that they're prepared.

 

Re: Silk Road owner sold out by his VPN provider!

You have to wonder though, were the servers compromised for months prior to sudden shutdown, when whoever compromised them was satisfied with the data they collected and told the server farm to shut the servers immediately.

 

Re: Silk Road owner sold out by his VPN provider!

You know I have been using my Tomato router with openVPN support but was just thinking how that 8meg max being held back by the tomato routers cpu is really bad.

I was thinking of building a custom Super Router PC and installing pfsense live cd on it with openvpn, this way I could route all connections to it. Would you think this is a good way ?

Maybe high time I tried out pfsense router vms myself... but just like the idea I can plug something into a router or port and know its 100% under VPN...

 

Re: Silk Road owner sold out by his VPN provider!

Just use a fast router with a fast CPU. Why would you wanna waste time, effort money and electricity making a whole other computer.

 

I agree. This is really bad because probably almost none of their users will ever know this. Do you know if Boleh is any better in this respect?

 

Re: Silk Road owner sold out by his VPN provider!

Well that was the issue even I am using an Asus top end router with a fast cpu, openvpn connections are still maxed out via the router cpu speed to give me 7-8meg per sec and on a 20 meg line.

I figure most folk will just not bother and have openvpn or vpn client running but I like to have multiple users and multiple devices connected so they are all used under one vpn account and also encrypted and protected.

 

I did ask AirVPN regarding the lack of "disconnect when vpn lost connection" and "fix dns leaks" it does appear to be very simple features that most of the top VPN providers already have, they have claimed it only takes 5 minutes to setup firewall and fix dns connections, but have also said they have a new client coming soon.

They have been saying this for the past 3-4 months however, I like BolehVPN
http://bolehvpn.net/ also

 

Re: Silk Road owner sold out by his VPN provider!

For less than 500 USD, you can have a pfSense perimeter firewall/router that will handle over 100 Mbps openvpn traffic each way. The key components are (1) a 2-4 core ~2010 era AMD CPU, (2) 2 GB RAM, (3) the smallest SSD that you can find (just 5 GB needed) and (4) an Intel dual 1 Gbps server network card. Used equipment is fine, except for the SSD. Make sure that the motherboard and network card use the same type card bus. All PCIe isn't the same. Some Intel PCIe 2.0 cards don't work in PCIe 1.0 boards. Going with all PCIe 1.0 is less expensive.

You can also run pfSense as a LiveCD with no disk. There will be no logs that way. But you'll need to reconfigure the openvpn client at every reboot. But you can save and reload the configuration, so it's not unworkable. You'll also want more like 4 GB RAM for the LiveCD option.

 

BolehVPN in my now 2 year experience disconnected only once, and they have Leak/DNS protection built into the client.

You should be getting at least 14-15 MB/s something must be slowing the connection down.

Saying its easy to set up firewalls to their users is like calling their users who don't have the time or knowledge to do so dumb, again a lack of care for their users when a DNS/Leak fix is a simple coding job and the code is already in public domain to just add to the client, which they don't because they don't care.

 

Did you check it looking at the client's log or in another way?
Thanks

 

AirVPN client is blue when its on, and remained/'s on in its blue state no matter what. I checked my IP a bunch and eventually after a little while sometime it would be AirVPN and sometimes my real IP with the icon still in its "on" mode. I then used Wireshark packet capture tool to find out what was going on. I found in a 12 hour period in the first few hours it would be on and then suddenly off leaking my real IP without any noticeable change to browsing or the system, it was a seamless disconnect without any notification. After a few hours it would just drop connection altogether without any warning and stayed off for about 6-7 hours where the icon and the program itself said it was on and even kept counting the data on the stream as if it was still encrypted.

Simple answer, AirVPN secretly disconnects without telling you.

It also leaks your DNS by default even when its working.

 

Interesting.

I use 3-4 nested VPNs with pfSense, with LAN routing to VPN only, and firewall rules. Occasionally, at most maybe once a week, but sometimes not for several weeks or more, the setup stops routing. So mostly I just reboot the pfSense VMs, starting with the one I'm connecting to directly.

AirVPN is often one of the the VPNs. But I don't recall ever seeing dead connections without an obvious reason in the connection log. Well actually, I do recall that, but not for AirVPN, and it apparently involved maxed-out DNS servers run by the provider. Anyway, I'll pay more attention, especially to AirVPN.

Taliscicero, have you asked AirVPN about this? If you've already posted about that, please forgive my bad memory

 

I can backup every word what Taliscicero says about AirVPN. You do get random disconnects from time to time but still shows it's connected.

I just figure it's someone special (NSA *COUGH*) DOS'N your connection to unmask you since we live in the Snowden era.

 

Re: Silk Road owner sold out by his VPN provider!

Yes, this is how I do it, but I use DD-WRT. I found a free minitower PC on a local message board, popped in a 2nd NIC and small SSD. I use AirVPN and I'm getting a little more than 50Mbps down and around 10Mbps up. Everything on my network is protected, and with a couple of lines in DD-WRT's firewall, I don't have to worry about dropped connections and having my real IP exposed.

 

Fawkesguy/Mirimir

Thanks yes I think ill try and go that same super router route, was thinking of of using an intel nuc or gigabrix but found the cheaper units don't support AES instructions in the cpu. Without it the cpu would be used much more via my OpenVPN connection. May consider creating a NAS/All in one Super Router Also had no idea DD-WRT could run on a normal pc, so will check into that, or pfsense.

Taliscicero:

From what I can see its just the lack of router cpu performance or lack of AES instructions on the cpu, I think these routers use ARM cpus not sure but my Asus router hits around 10meg at peak but normalizes around 8ish depending on connections etc.

A super router build with pfsense fixes this, no more bottlenecks.

Apart from the low power usage, a super modem diy build may make sense in my case.

 

Regarding AirVPN

I use to hassle them a bit regarding questions about security and privacy, and while I agree its just a bit of extra coding and they really should have a better up to date client with dns leaks/drop connection features. I did not have any issues with them with disconnections for the few months I used them. I think one time one of there servers went down so just chose another one.

They did have that issue 3 years ago but yeah they seemed to learn from it and they are in France, and the guy there has a kill switch in case of a raid.

In 3 years they have not had any legal interference, if they did they have suggested they would investigate it internally, but again no logs or data to see as they said. They seem to understand giving up just one customers ip or details would result in loss of an entire company. Really committed into privacy also.

They mentioned they have a good layer of trust so no issues like with earth vpn data centres giving up users ip/logs and details also.

And then I double click on BolehVPN client....

 

I did ages ago when first using the service for testing, they said "use Comodo firewall, set up firewall rules" Which again a normal user can't do, and they would not address the non-notification issue and ignored it, I use GDATA, not Comodo.... I should not be locked into using a product from another company to use a VPN company product I pay for.

 

I noticed some on here suggest using VPN tunnelling or nesting, is a bit pointless, considering you can just OpenVPN with Tor so no one sees your IP, but guess that benefit of your ISP not knowing your even using Tor network or anyone else has a + to it.

What other benefits can one get if they nest or tunnel VPNs anyhow ?

AirVPN suggested one could connect to your VPN 1, run a VM and connect to VPN 2 with that while under Truecrypt. I like this idea, doesn't this spread your level of trust and you still get the benefit of a good speed ?

 

VPN + Tor = Your ISP won't know your using Tor and the Tor node (1) won't know your ISP. Only benefit to using nested tunnels is if your paranoid, want to have a slower connection or committing crimes. I don't use them.

 

Of course, nested VPNs aren't as anonymous as Tor. But they're faster, and you can connect to Tor through them, and also route them through Tor.

In doing that, you'd be nesting VPNs, routing VPN2 through VPN1.

 

thx guys clears it up further

 

This might be another solution to the VPN silent disconnection problem:

http://www.guavi.com/vpncheck_free.html