Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

IVPN VPN Questions

For spammy stuff, and any other threads or posts that get far enough away from being constructive that it's best for them to have a bit of a time-out...

Topic Author
balockae
Posts: 3
Joined: Tue Oct 06, 2015 5:06 am

IVPN VPN Questions

Postby balockae » Thu Oct 22, 2015 8:29 am

So I found it interesting that IVPN put up privacy guides for their users. In one of the guides (https://www.ivpn.net/privacy-guides/18- ... e-provider) they include their 10 questions to ask your VPN provider. I am curious, what would you add to the list or how would you modify it. I will paste the recommended questions below.



Is there a monthly bandwidth-usage limit?
Do you throttle connections that use excessive bandwidth?
How many concurrent connections are allowed per account?
How many hops are there in your VPN connections?
What type(s) of VPN encryption do you use? Why?
Do you support perfect forward secrecy? If so, how?
Do you provide users with Diffie Hellman key files?
How do you authenticate clients – certificates/keys, or usernames/passwords?
Do you employ HMAC-Based TLS Authentication? If so, why?
Do you ever email usernames and passwords to customers?
Does each customer have a unique client certificate and key?
Are your VPN gateway servers hosted, co-located or in-house?
Are any of your VPN gateway servers running on VPS or cloud servers?
How are your VPN gateway servers protected?
Where is user account information stored?
How is communication between servers secured?
Do you allow port forwarding by users?
Are all client ports ever forwarded by default? If so, on which servers?

User avatar

parityboy
Site Admin
Posts: 1266
Joined: Wed Feb 05, 2014 3:47 am

Re: IVPN VPN Questions

Postby parityboy » Thu Oct 22, 2015 4:27 pm

@OP

I'm not staff but I'll try to answer as many of these questions as I can. :)

1. Is there a monthly bandwidth-usage limit?
No.

2. Do you throttle connections that use excessive bandwidth?
See 1.

3. How many concurrent connections are allowed per account?
<unknown>

4. How many hops are there in your VPN connections?
One, until the voodoo nodes come online.

5. What type(s) of VPN encryption do you use? Why?
AES-256-CBC with SHA-512 HMAC. Strongest combination currently available for OpenVPN.

6. Do you support perfect forward secrecy? If so, how?
Yes, through the use of ephemeral keys.

7. Do you provide users with Diffie Hellman key files?
If you mean client-side keys, no. Does not fit the security model.

8. How do you authenticate clients – certificates/keys, or usernames/passwords?
In the Cryptostorm security model, clients are not authenticated as such. The password is a default password used by everyone, so the only differentiator which is used to provide access to the network is the hashed token. Think of it as buying a postage stamp, lottery ticket, or train ticket - in cash. The token is your ticket to use the system, nothing more.

9. Do you employ HMAC-Based TLS Authentication? If so, why?
See 5, unless you mean additional key-based TLS authentication, to which the answer is no.

10. Do you ever email usernames and passwords to customers?
No, just tokens.

11. Does each customer have a unique client certificate and key?
No.

12. Are your VPN gateway servers hosted, co-located or in-house?
Hosted. In the real world (LEO) it makes absolutely no difference.

13. Are any of your VPN gateway servers running on VPS or cloud servers?
The core VPN nodes are running on bare metal. voodoo nodes will run on VPS instances, but they are no more than gateways to the core nodes, where all of the authentication is performed.

14. How are your VPN gateway servers protected?
Standard and non-standard security methods including firewalls, IDS/IPS and custom scripts, as well as custom compiled, grsecurity-hardened kernels.

15. Where is user account information stored?
There isn't any. Token hashes are stored in a database running on each exit node. Additionally, no IP logs are kept anywhere.

16. How is communication between servers secured?
I don't know for certain, but if it was me it would be a combination of firewalls and secure tunnels.

17. Do you allow port forwarding by users?
If you mean static port-forwarding for servers or BitTorrent clients/seedboxes, no.

18. Are all client ports ever forwarded by default? If so, on which servers?
All client-side ports (i.e. replies) are forwarded on all servers.


Damn, I was hoping for two more questions. :P


mart-e
Posts: 18
Joined: Thu Jul 02, 2015 5:07 pm

Re: IVPN VPN Questions

Postby mart-e » Tue Oct 27, 2015 12:57 pm

Thanks for the info, about the number of parallels connections, see viewtopic.php?p=13404#p13404 it states

How many connections are allowed per user?

We don't do "user"-based network authentication; we make use of network access tokens to manage this process, and as such one token enables one concurrent network session. We have not become comfortable with the MiTM risks of multiple concurrent sessions in a security-intensive framework such as this.


Khariz
Posts: 163
Joined: Sun Jan 17, 2016 7:48 am

Re: IVPN VPN Questions

Postby Khariz » Sun Jan 17, 2016 10:34 pm

I think the answer to the concurrent users question is out of date now, or merely incorrect. I can connect on my phone (through OpenVPN connect) and via my PC via the Widget at the same time with no issues on either device. Just to be clear, I'm connecting to two different servers.


ayushiyakshi
Posts: 5
Joined: Fri Jan 29, 2016 3:41 pm

Re: IVPN VPN Questions

Postby ayushiyakshi » Fri Jan 29, 2016 4:06 pm

IVPN offers premium anonymous VPN services to privacy minded individuals including multi-hop technology and fast bandwidth. You can protect your privacy now.



http://www.aghorvashikaran.com/enemy-de ... or-shatru/


Return to “Dumping_Ground”

Who is online

Users browsing this forum: No registered users and 11 guests

cron

Login