Thinking about a VPN but clueless about how it would work

Hi Krusty,
From doing my homework what I have learned is some ISP's will throttle users on congested or clogged servers,
they are allowed to do this, businesses and higher up's get priority and rules were passes that allow this.
UDP 443 which is what most VPN providers suggest you use is easy to throttle, even though your encrypted
and protected the ISP can easily see the tunnel your using when using a VPN. Well on TCP 443 it is so common and
has so much traffic that it is hard for the ISP to single out your tunnel for throttling, not impossible but harder to do
without breaking the internet for everyone on TCP 443 so they usually won't mess with it.
Air is a valid and long lived VPN and some do get faster speeds, at times I do too, but not all the time.
Glad your doing your homework Kursty, that's a good step in the right direction

 

Hi _CyberGhost_,

Read under where the article says, "VPN speed testing methods", particularly this:

That makes sense to me.

According to this SSTP and their 'Stealth' protocols use port 443. It's all over my pay grade anyway.

 

Good article and on point, try using this and see if it is more accruate for you, it is for me.
http://beta.speedtest.net/
That's their new beta format, for me it is much better.

 

Point your VPN at Australia and you'll see that's the only version offered here now, and where I grabbed the earlier screenshot.

 

Can I also encourage people considering VPN to include some non-technical factors, namely

• what jurisdiction the VPN provider is in and
• what threat you are mitigating;
• and what your operational security/compartmentalisation stance is.

 

When reading up on VPN info recently, I ran across mention that encryption bit level can affect network throughput. If the VPN offers 128-bit or 256-bit encryption, you may get better network performance with 128-bit, which is probably good enough for keeping snoopers away...

 

Great point +1

 

Another VPN, currently in beta and looks promising:

https://protonvpn.com/home#


https://www.andryou.com/2017/02/22/in-depth-look-at-protonvpn/


https://www.reddit.com/r/ProtonVPN/

 

AS I been looking VPN's over I see there are some that offer both.

 

Yup, you set your client the way you wish. High security, or high performance? Pick one.

 

Also looking it seems some providers say where they are located and other don't or make it hard to find. Just as an example looking at AirVPN. I can't see who are involved or where they are located. Looking at Mullvad, their site shows who runs it and where they are located. Like so many other, I am having a hard time deciding too. Some give you are free three day trial and other only give you three hours.

 

Air is located in france. u can look at the forum from air(wich is realy active) and look who is admin and runs airvpn. If u still looking for a vpn with privacy, security and transparence airvpn is maybe the best chance u can get, realy. only close vendor to air ps perfect-privacy(germany). these two are for my finding lust over the top and there is realy no vendor atm who can deliver just a service.

 

Ohhhh, this is from the makers of my Email, ProtonMail. It's in beta though
By the time my AirVPN 1yr is up this aught to be stable. I will for sure be switching.
@clubhouse1 I could hug you right now "but I won't" lol

 

Could, please, help me with the following.
Is it safe to use L2TP protocol with VPN?
What is the difference between OpenVPN over TCP and over UDP?
Why do I need to use firewall rules with OpenVPN?

 

It depends. L2TP using shared keys with older integrated clients is vulnerable. OpenVPN is generally more secure. But L2TP with secure user-specific keys is fine. See https://www.ivpn.net/knowledgebase/160/Is-using-L2TPorIPSec-with-a-public-pre-shared-key-secure.html and https://www.ivpn.net/blog/new-ivpn-app-ios Other VPN providers probably have secure L2TP apps, but I'm not into that stuff.

UDP is the default for OpenVPN. UDP is a stateless protocol, so connections are very resilient to network connectivity interruptions. TCP is much more complicated. It's designed to make sure that data gets delivered, and everything must be confirmed. So let's say that there's a glitch between you and the VPN server. With UDP, some data gets lost. So whichever side is waiting will just ask again. But with TCP, you can get a storm of "didn't hear you" and "what's that about?" craziness. So a minor network glitch can turn into a major traffic jam.

On the other hand, some firewalls won't allow UDP traffic. So the rule of thumb is to first try UPD, and if that doesn't work, try TCP. And if TCP doesn't work, try TCP on port 443, which is reserved for HTTPS.

Because otherwise traffic can leak outside the VPN, revealing your ISP-assigned IP address. Let's say that there's a network interruption, while you're downloading or streaming or whatever. The VPN disconnects and reconnects. And while the VPN isn't connected, traffic can use the direct uplink. DNS lookup requests can alse leak outside the VPN tunnel.

 

Thank you.
What is your opinion about the Internet Kill Switch?

 

De nada

That's basically what firewall rules do. But there's no "switch" involved. It's just that only packets to the VPN server are allowed on the physical network adapter. There are various "kill switch" apps, which close particular apps when the VPN goes down. Some VPN clients include them. But that's a misguided approach, because it only takes one leaked packet to pwn you, and packets can be going out faster than the "kill switch" app can do its thing. With firewall rules, there's no need to react. If there's no VPN tunnel to handle outgoing packets, they just don't go out.

 

Is there any point in allowing one sacrificial machine to operate without a VPN while my other machines hide their activity from my ISP?

 

If it's on the same Network Krusty, your kind of defeating the purpose by not adding it to the other machine.
Add it

 

Bear with me:

Now in Australia our ISPs MUST save 2 years worth of our meta data. I understand that means what sites we visit and how long we visit them, but not what we do, see, or read while there. My theory was allowing my ISP to collect that meta data from one machine while being basically anonymous using my other machines.

Maybe I'm over thinking things.

 

That is pretty much standard practice. There are times when you need to use your real identity. Some sites use IPs for security purposes like banks and you can have problems using them from a VPN. VPNs get abused and VPN ips can get blacklisted and you want a setup flexible enough to switch which VPN IP you are using and to be able to use your ISP IP when needed. I have that set up in my router and can select from 3 VPNs and a direct ISP connection just by switching Wifi SSIDs.

 

Ahhh, understood brother

 

Anybody tried HideMyAss VPN?

https://www.hidemyass.com/pricing

 

They are on the not to be trusted list.

https://invisibler.com/lulzsec-and-hidemyass/

 

Ah so you are saying they helped FBI agents in solving a case?
Also the FBI can only legally operate and spy on American citizens. The CIA goes over seas.