iVPN.

Discussion in 'privacy technology' started by Taliscicero, Jan 23, 2014.

Thread Status:
Not open for further replies.
  1. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    I'm kinda in the mind to remove iVPN from my list of recommended VPN services. I have nothing against those guys, and I hoped they would improve after ( 8 ) months, I gave them a detailed list of what was wrong and nothings really been done to fix it.

    My concerns.
    * No Leak Protection.
    * DNS leaking "No DNS Leak Protection".
    * No Disconnection "Block" or "Halt" system for when the connection breaks.
    * Problems with speed, I have found the speed gets worse when my own or other DNS/Leak fixes are applied. So don't even think about it.
    * Finding your key on their website is retarded hard to find and hidden away.
    * Storing your password and usernames in plain text in the OpenVPN folder.
    *I2P no leak protection (Leaks DNS also)
    *New Beta client flat out does not connect or work
    *If you enter the wrong password you have to re-install the program to change it, as there is no option to change it manually "Or enter the plain text configuration".
    *Multiple hop servers use the first hop servers for DNS, which is poor as it is. This makes no sense, why have multiple hops if your DNS is going to be running through the first server.
    *TCP connections are very slow for no reason.
    *24/7 help good for refunds but kinda clueless how to fix any problems and wont even try "See help section".

    I want to love the service, I just get disappointment and am very close to taking it off my recommended list, In fact it may be off it already for said reasons.
     
  2. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    With any VPN service the only real/true leak protection has to be done by the end user. I wouldn't trust any other way than to set firewall rules to drop my entire internet connection when the VPN connection drops. But at the same time one of iVPN's reps did create the DNS Leak Fix tool which helps too. So I actually think they're better than most in this regard. I would never trust a custom client to prevent leaks.

    I found their speed to be among the best VPN's I've ever used with single hop. And even with double hop only a slight slowdown. I definitely can't concur with this.

    Storing passwords in plain text is indeed a horrid idea. That's why I'd never save the login info, and always type it in freshly each time. That makes this a non factor. And I'd recommend this approach to everyone regardless of what VPN they choose.

    You can change your DNS servers to whatever you want. I set a range in my FW rules for DNS because I came to find they always use a certain range. Then go into my DNS addresses in my TCP/IP settings and use the ones for the 2'nd hop, or Swiss/German Privacy Foundation as the secondary sometimes depending on the situation. So again I don't see an issue here.

    They've always been very helpful to me. Have gotten back to me within 3 days, and usually 1 or 2, and answered every problem I've ever had.

    The only thing I didn't like about their service was no truly anonymous payment method (i.e. Cash), but that can be said about all VPN's I know of save 1 (Mullvad). And having to opt-out of a 2'nd year of service, when it should be opt-in. That alone almost made me remove them from my recommended choices. I don't know if they've changed that policy or not. Haven't used them for like 2 years now. Now I roll with PRQ and Mullvad.
     
  3. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    I would agree with you, but in my experience its different.

    iVPN does not have leak fix built in, and will drop connection without alerting. I also don't want to have to set firewall rules. I use Mullvad for example which does every thing I'm looking for. I don't make excuses for VPN services, and as per my post, iVPN is disappointingly lacking. VPN's should just be "set" and go for an end user, just as Mullvad is. I also don't wanna have to set my own DNS, that's what I pay my VPN provider for etc.
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    I get what you say, Taliscicero. But most of that is irrelevant for me, because I rarely run VPN clients in workspace machines. I use pfSense VMs for virtually all VPN connections. In pfSense it's trivial to prevent leaks. You can easily specify what DNS server(s) your workspace VMs on pfSense LAN get. You delete all outbound NAT from LAN to WAN, so the VPN tunnel is the only way out. And you create a firewall rule that allows outbound traffic only through the VPN gateway. Finally, all inbound traffic is blocked by default, unless you open ports.

    As I've said many times, relying on features of custom VPN clients to protect against leaks is dangerous.

    I can't say much about the speed issue, because I never connect directly to iVPN. They're currently the exit VPN in my chain, going through other VPNs. But even if they are slower, that wouldn't be surprising, because they use two-hop routes.
     
  5. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    I work on the everyman ideal, your clearly not the every man you international man of mystery you. :p

    Not everybody knows how to do what you do, or even wants to heh. :thumb:
     
  6. Stifflersmom

    Stifflersmom Registered Member

    Joined:
    Jan 3, 2013
    Posts:
    45
    iVPN released a beta a few months ago that addresses some of the leak concerns.
    https://www.ivpn.net/blog/new-windows-vpn-client

    You're still relying on their custom software, but it's worth checking out. For windows.
     
  7. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    I tested it, it does not connect heh.
     
  8. Stifflersmom

    Stifflersmom Registered Member

    Joined:
    Jan 3, 2013
    Posts:
    45

    That statement pretty much captures my sentiment as well. iVPN charges premium prices but no longer seems to offer a premium service. They write blog posts all the time, but are slow to respond to tickets and do an even worse job at reaching out to customers and the community. The only real advantage I see over PIA is that iVPN is based in Malta and not subject to U.S. laws. If this trend continues, I don't see how they will stay in business much longer. Look at any forum that discusses VPNs and iVPN is no where to be found. The discussion is always PIA, AirVPN, Mullvad and the other usual suspects.
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Are you sure that I'm a man? ;)

    I've been doing all I can imagine to show how easy it is :)

    That's why I did that Vimeo tutorial. Setting up a pfSense VM takes ~15 minutes!

    When I sit down to work on this box, I typically start this Ubuntu VM and a couple pfSense VMs, and then get coffee. It's totally trivial.

    Various people have told me that I ought to create a host-plus-VMs installation DVD. But that's too much for me, now anyway.
     
  10. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    I certainly wouldn't put any stock into what "most people" say or think. Most people haven't put in the type of research into these things that some of us here have. Most people do a search and click on the first result they see for VPN reviews and see the worst options imaginable get good ratings, and go no further than that to base their decision on. Most are completely oblivious to what happened regarding HMA and see a good rating there. Or StrongVPN. And see things like Mullvad get poor ratings.

    Not to be a jerk or anything, just blunt honesty here... "most people" are ignorant. And if you're depending on a client to prevent leaks really your choice of VPN's is moot. It doesn't take much time or effort to do.
     
  11. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Client software can be just as good as a firewall, a firewall is client software in itself. Your in the belief trap that your way it better, without understanding other people don't wish to use firewalls all the time. Example, Mullvad does it great on its own.
     
  12. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    I actually agree with Mirimir on using personally crafted security over the "click a button" approach. We have discussed this many times before. I usually point folks to the AirVpn forums, where you do NOT have to be a VPN client to read and participate. If you simply cut and paste the firewall rules from threads there, you can then write your own set pretty fast. At one point I think I may have pasted a copy at Wilder's too but I don't remember. Its a half hour tops and YOU control the machine not some "client" that is probably closed source and beyond your examination. This is a simple design for ISP --- > VPN ----- > exit node. That is the finish point for many. If desired; once you get that running you can add VirtualBox and linux VM's with TOR in hardly any time. Those connect over an obfuscated bridge (using the VPN tunnel and NAT) hiding TOR from your ISP and ALL your activities from your VPN provider. Easy!!
     
  13. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    187
    Location:
    https://www.eff.org/issues/anonymity
    I use iVPN. I took the liberty of going into my iVPN account to let SAM from iVPN know about this thread. Sam replied and has requested that I post his private response to me publicly. I am doing so now:

    Hi,

    Please feel free to post this back to the forum thread, in fact I'd appreciate it if you would.

    My concerns.
    * No Leak Protection.

    Leak protection can either be implemented by firewall rules on the client side or by a custom VPN client (i.e. not the open-source community client). It took us a while to decide whether to develop our own custom client with leak protection but we have and its currently in beta and available for testing.

    * DNS leaking "No DNS Leak Protection".

    We were one of the first VPN companies to publish a set of OpenVPN up/down scripts in collaboration with dnsleaktest.com. The beta client will shortly have this functionality included.

    * No Disconnection "Block" or "Halt" system for when the connection breaks.

    See answer 1.

    * Problems with speed, I have found the speed gets worse when my own or other DNS/Leak fixes are applied. So don't even think about it.

    A DNS leak fix script just removes any DNS configuration on non-tap32 adapters, ensuring that all DNS lookups go through the tunnel. I'm not sure how this could affect your speed but I'd be happy to work with you to figure that out.

    * Finding your key on their website is retarded hard to find and hidden away.

    Fair enough. The whole client area is being redesigned to me more user friendly. Should be live in the next few weeks.

    * Storing your password and usernames in plain text in the OpenVPN folder.

    This is not a vulnerability. Client credentials are only used to authenticate you to the network, not to provide you access to any protected resources like an enterprise VPN. If the credentials are discovered then the worst that can happen is we end up with an non-paying customer.

    *I2P no leak protection (Leaks DNS also)

    I'm not sure what the problem is. I assume you are talking about accessing I2P through IVPN? If so, the leak detection will be resolved with the new beta client.

    *New Beta client flat out does not connect or work

    It is a beta client and still has quite a few bugs. We do have a few hundred customers using it everyday without issues but we also have many customers submitting bug reports. The developer of the beta client is not an amateur, he is the same developer who developed the OpenVPN Connect client for OpenVPN technologies. We'd much appreciate it if you could submit the logs so we can understand exactly what is going wrong on your system.

    *If you enter the wrong password you have to re-install the program to change it, as there is no option to change it manually "Or enter the plain text configuration".

    All you have to do is edit a single text file however in the past we have recommended to some customers to just re-run the installer which takes about 2 minutes than to have to edit files in the protected c:\program files\ directories. We've even developed a small c++ executable (saveinfo.exe) in the C:\Program Files (x86)\OpenVPN\config directory which you can execute to update your password. Again all of this is resolved in the beta client.

    *Multiple hop servers use the first hop servers for DNS, which is poor as it is. This makes no sense, why have multiple hops if your DNS is going to be running through the first server.

    This has been brought to our attention before and we are considering moving it to the exit server (although technically this is not so simple which is why its taken some time). However I'm interested in exactly what sort of attack you see this mitigating.

    *TCP connections are very slow for no reason.

    TCP is slower than UDP because of the protocol overhead (ACK packets,congestion control etc). Sending TCP over TCP is very inefficient. Unfortunately for some customers they have no choice because their connection is unreliable or their firewall only permits TCP/443 which is why we provide the TCP service.

    *24/7 help good for refunds but kinda clueless how to fix any problems and wont even try "See help section".

    I'm sorry you feel that way, we don't outsource our support like many providers, the founders and engineers who built the service answer tickets everyday. I'm very surprised that any one of us would be 'clueless on how to fix any problems' but I don't doubt that you're disappointed by something we have said and I'd like to review the ticket.

    I want to love the service, I just get disappointment and am very close to taking it off my recommended list, In fact it may be off it already for said reasons.

    I really appreciate your feedback, we have do make decisions everyday about what to prioritize and customer feedback helps tremendously with that. We believe we're building the best VPN privacy service available. I'm sorry that you feel we're not living up to that standard at this time but we're improving faster than we ever have before.

    Kind regards,

    Sam
    Technical Support
     
    Last edited: Jan 24, 2014
  14. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    I don't want to set firewall rules. I know a good 90% of people who use VPN software would not know how or that they even need to do so. I understand its in your new BETA client but that's not in your service now, just your BETA.

    Not included in your current client, only BETA. I am talking about your service now, not in the future. dnsleaktest.com's current script has issues, see my post on speed.

    You don't have this working in the current program, I don't recommend products based on future promises. I am taking an objective look at your product now.

    I know, this is why I used DNSLeakFix because your client leaks DNS. I don't know why this affects speed either, I actually told you guys about this problem ( 8 ) months ago and offered all the help in the world and told you that you could Team-view into my computer for testing but you said no and offered me the help section or a refund because of my constant poor performance.

    I'm a smart guy and every time I'm looking for the key I can't find it. Its hidden weirdly on your website and should be much simpler to find. I understand your improving but right now my objective view states your keys are hard to find.

    It is if the person uses the same password for other services and believes that their password is safe because they don't know any better, its also locked to being the same as your website so anyone who steals it could get into the iVPN web console.

    iVPN's L2TP/IPSec "Not I2P, I may have made a typo". I found again they have DNS leaks with their L2TP/IPSec client and when asking support they told me that's just how it is and nothing can be done. Which I thought was kinda stupid as removing the default DNS for your main adapter fixed the problem when done manually albeit inconvenient.

    Well, it did not work for me so I cant comment, it only caused me the issue where I can't change the password and had to reinstall which is pretty inconvenient.

    I'm not an idiot, I know this. I get 20MB/s download speed with Mullvad on TCP connections and with iVPN the most I get are speeds of 8MB/s if I'm lucky, some are slower and none faster. Which is why my confusion of iVPN being slower since your whole deal is not over packing server space.

    Guys, I don't have anything against you but when I took out iVPN the first time. I tried to help my best and ask for assistance for my problems but nobody would really help me, I offered Team-View to you guys but you said no and offered me a refund. Only advice I got what stuff I already tried and when I told you guys you just offered me refunds. Its why I have disappointment. Multiple-Hop servers and faster speeds sounds great but my experience was not what was advertised.

    PS: I brought up the DNS on first hop issue ages ago and told you guys the security risks behind it. I guess you did not take much notice of my concerns. I can't be bothered to explain them again, as other people here probably can just as well as me. :thumb:
     
  15. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Individual results always vary. To each his/her own. I have heard other people say the support was less than helpful to them, but my experience was the exact opposite. They were helpful, courteous and quick to respond.

    I did kinda take offense to the part where you said "I'm not making any excuses"... suggesting perhaps that I was, unless I misread that. I'm certainly not making them. I don't even use them anymore and mentioned why I don't, so why would I make excuses for them? I thought I was pretty objective. Was just trying to give you prudent advice... namely to utilize firewall rules to prevent DNS leaks. And to list your servers in your TCP/IP settings, and/or router. Maybe use the DNS Leak Fix tool (that an iVPN dev helped develop btw). And to tell you that my experience was practically polar opposite to yours. I also clear the SSL Cache (in Internet Options > Content tab), and the DNS Cache via CCleaner after connection for good measure.

    Out of curiosity though, I would like to know if they still make a 2'nd year of service opt-out when you pay with Paypal (or other)? If so, that's another thing I believe they should change in their quest to create a more trustworthy service. If they did this and offered a Cash by mail payment option similar to how Mullvad does it, they may be at the top of my list. Because I find their speeds faster than Mullvad, and connection more reliable too. Plus multi-hop. They'd at least be neck & neck with them.

    I'm sorry your experience was negative. But according to your sig you're in good hands. If you plan on running a chain and need another choice to connect directly to I recommend AirVPN.
     
  16. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    I was talking about iVPN making the excuse that the features are coming. I am only interested in what is real and now :). I was not meaning badly at you at all, I was just responding to them.
     
  17. Higashi

    Higashi Registered Member

    Joined:
    Jan 26, 2009
    Posts:
    6
    iVPN have always offered cash by mail. Contact them for mailing address and procedure.
     
  18. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Well the next question then is is it an anonymous method where no personally identifiable info. has to be given away like with Mullvad. i.e. A customer ID # given (no name) in an envelope with no return address.

    I may not be able to get a response there before I no longer have an acct. there. And when I did this option was never mentioned to me.
     
  19. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    187
    Location:
    https://www.eff.org/issues/anonymity
    To the contrary IVPN has offered payment by Bitcoin for years. I am another customer that finds much of what Taliscicero is saying to be non-factual. If I have a support item I am usually responded to the same day with in depth detailed information.
     
  20. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    I did not state it as fact for everyone, only for me. I just posted my experience and what I wish was different. Don't take it personally. I am usually responded to within a day also, but with messages that they don't know how to help me. Or at least that was my experience.
     
  21. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    I get that. If I've said anything to make you wrong, please accept my apology :)
     
  22. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Same here... sorry about your experience Tali, and I wasn't trying to make light of your situation, sorry if you took it that way. I really was just trying to help. AirVPN & Boleh are 2 others worth checking out. I like PRQ but they aren't widely liked/known in this community. But you may want to give it a try anyhow. Best of luck to you.

    But if I find out I can pay "truly" anonymously with iVPN with cash like I can with Mullvad they may replace PRQ. Then I can have 3 anonymous hops for the price of 2 + TOR.
     
  23. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    I do not consider BitCoin an anonymous payment method. The only 2 things I consider as such are Cash by mail, with no return address and no personally identifiable info given... like a Customer ID# assigned to you that you can get from their website, going to the site proxied/VPN'd from the get-go, and/or using public wifi from some coffee shop somewhere with a well hardened/privacy oriented box/browser. And mail the envelope in a mailbox out of town/state when you're on a trip somewhere.

    Or a Visa Gift card using fake credentials from a dummy email account that you buy from a WalMart... showing up to buy it with sunglasses on, a hat with the brim pulled down low, baggy clothing and a fake mustache.

    Yeah... incognito like that. Only one of the two has to have such a method available since the one you connect to directly can see everything they'd need to hang you anyway. But if you can with 2 you chain together, hey, it's better than not having the option.

    The Visa Gift card thing has been made unfeasible these days by "the man" though unfortunately. So the cash thing is really the only way, unless someone knows something I don't and/or things have changed. If you can do this with iVPN I might have to reconsider them and pair them with Mullvad.
     
  24. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    187
    Location:
    https://www.eff.org/issues/anonymity
    The best way to make payments with bitcoin when a provider offers it is first to pay for your bitcoin in cash with the same method you just described. I usually walk into a bank and deposit money into somebodies account. I obscure my appearance. Hat dark glasses as you pointed out. Then it is off to another business to fax the receipt to the bitcoin merchant. Two hours later I have my bitcoin. I have yet to id myself. Next I transfer bitcoin to another account and then tumble it. At this point I send the money to the vendor. I think if one is careful bitcoin is an entirely anonymous e-currency. The problem is admittedly the cameras when you buy the bitcoin. Another thought is coinbase is setup to link to a bank account and as it is fairly easy to anonymize bitcoin right now it might and I say might be a better alternative then paying in cash and subjecting yourself to a camera.

     
  25. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    187
    Location:
    https://www.eff.org/issues/anonymity
    I did not mean to offend either. In my impression Sam is excellent at customer service and simply thought his response in the forum would be interesting. :)

     
Loading...
Thread Status:
Not open for further replies.