Virtual private network

Unix	Assembly language	Mathematics	Web development	I2P
GhostBSD	Assembly Programming Tutorial	Statistics	Django for Beginners	MuWire
GUI	Artificial intelligence	Artificial neural network	Machine learning	Messenger
Tkinter	Artificial intelligence	Artificial neural network	Machine Learning Mastery with Python	Session

File:Virtual Private Network overview.svg

VPN connectivity overview

A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running across a VPN may therefore benefit from the functionality, security, and management of the private network.^[1]

If you want to pay to VPN or VPS (virtual private server), you'd better use fake personal information. Even you can use cryptocurrency such as Monero or Bitcoin.

Generate a Random Name - Fake Name Generator

https://www.fakenamegenerator.com/

Fake Name Generator

https://namefake.com/

Almost always turn your VPN on to hide your real IP address. It's good for your anonymity, privacy, and security.

But when you use online banking and Tor Browser, you have to turn your VPN off.

Think about device fingerprint and profiling when you use the Internet.

If a website blocks Tor's exit nodes' IP addresses, you can use a proxy server or VPN with Tor.

Privacy vs. Anonymity

Say you use a proxy to visit a website.

Privacy: security of content

With the proxy server, you will be anonymous to the web site you're visiting. That is, it will look like the proxy is requesting the page, not you. The site will still know your content, just not who it's delivered to.

Anonymity: security of identity

Assume you use HTTPS and the proxy or ISP is not maliciously stripping encryption. Then the content of you connection will be private. But the proxy or ISP knows your IP address and that of the site you're visiting. To the proxy or ISP, your connection is private but not anonymous.

For TOR and VPN, the ISP can still match the time and size of packets to make good guesses about the site you're visiting.

Don't use VPN with Tor

Can I use a VPN with Tor?

Generally speaking, we don't recommend using a VPN with Tor unless you're an advanced user who knows how to configure both in a way that doesn't compromise your privacy.

You can find more detailed information about Tor + VPN at our wiki ( https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN ).

https://support.torproject.org/faq/faq-5/

vpn_support · Wiki · tails / blueprints · GitLab

What we don't want

Some users have requested support for VPNs in Tails to "improve" Tor's anonymity. You know, more hops must be better, right?. That's just incorrect -- if anything VPNs make the situation worse since they basically introduce either a permanent entry guard (if the VPN is set up before Tor) or a permanent exit node (if the VPN is accessed through Tor).

Similarly, we don't want to support VPNs as a replacement for Tor since that provides terrible anonymity and hence isn't compatible with Tails' goal.

https://gitlab.tails.boum.org/tails/blueprints/-/wikis/vpn_support/

Combining Tunnels with Tor

It is possible to combine Tor with tunnels like VPNs, proxies and SSH. The traffic can be sent through both Tor and the second tunnel, in either order. However, this is an advanced topic and appropriate only for special cases. Adding a second connection does not automatically improve security, but it will add significant complexity. The potential positive or negative effects on anonymity are being controversially debated. On the balance of the evidence VPNs should be avoided, and these same arguments could be made against other tunnels too.

The improper combination of Tor and another service may actually degrade a user's security and anonymity. These configurations are difficult to set up and should only be attempted by advanced users. For the vast majority of Whonix ™ users, using Tor in isolation – without a VPN or proxy – is the correct choice.

http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Tunnels

https://www.whonix.org/wiki/Tunnels

Free VPNs

It's not a good idea to use a free VPN to protect your privacy since the companies sell your personal information instead of being paid monthly.

But if you just want to circumvent some blockage such as Great Firewall to connect to a lewd manga website (Hitomi, https://hitomi.la/ ) or a porn site (Pornhub, http://pornhubthbh7ap3u.onion/ https://pornhub.com/ ), a free VPN is not a bad option.

If you use a smartphone, you can use ProtonVPN ( https://protonvpn.com/ ). You have to install a VPN app on your Android or iOS. Its free version has limited features, but anyway it works. If you want to use BitTorrent, you have to use at least the Basic plan. And you can use only one device with the free version ProtonVPN.

If you use a laptop or desktop, you can use Browsec extension on your Chrome browser. But you'd better use ProtonVPN on your Linux or macOS since it's way faster than Browsec. You just need to make two free accounts.

UDP is for better speed. TCP is for better reliability.

What is the difference between UDP and TCP?

https://protonvpn.com/support/udp-tcp/

But if you don't want your Tor Browser to connect via ProtonVPN, you'd better use Browsec to read Hitomi.la's comics.

There is another free vpn, VPNhub ( https://www.vpnhub.com/ ). It is made by Pornhub.

If you want to use NordVPN, there are many hacked accounts with their passwords. You can find them on Google.

Hacked VPN accounts

NordVPN hacked accounts sharing

Some of them might not work.

NordVPN hacked account

brathwaite.daniel68@gmail.com

Jordan210

free Surfshark VPN

1_Go To https://order.surfshark.com/

2_Put Temp Mail

3_select 2 Year Plan and click activate on step 3

4_in payment select Crypto Currency , then CoinPayments

5_Click Complete Purchase

6_put your name &Choose Your Coin , Click Bitcoin (BTC) and press Complete Checkout

7_new page will open (coinpayments) now close this and go to https://surfshark.com/ and press LOGIN , and then forgot your passowrd ,

8_Password Reset eamil will be arrive to your mail adress , enter password and now you can login and use surfshark App and connect any country.

I made one with this method.

kpypx@mailto.plus:Surfsharkd72jd72!

ProtonVPN free tier

There are several plans: Free, Basic, Plus, Visionary.

Free plan was quite slow when I read mangas on Hitomi.la ( https://hitomi.la/ ). At least, use Basic tier.

Now the free plan is quite fast. Maybe it's because I use protonvpn-cli instead of protonvpn-gui? The GUI version is very unstable, so you'd better use CLI version.

When it comes to its speed, maybe the time when I use VPN also can affect its speed. The less people, the higher speed.

ProtonVPN's free tier has only three locations: the Netherlands, Japan, and the USA.

Sometimes ProtonVPN free tier is really slow. In that case, you'd better use Browsec.

Does ProtonVPN keep logs?

Does ProtonVPN keep logs?

In order to respect our users’ privacy, ProtonVPN enforces a strict no-logs policy. This means we keep no session usage logs of what you do online, and we do not log metadata that can compromise your privacy.

We don’t log which websites you visit
We don’t log your traffic or the content of any communications
We don’t log your IP address
We don’t log your session lengths
We don’t log or track any location-based information

When you say “no-log policy”, is it only for the PLUS version or for the free version also ?

Hello. All of our customers are treated with the same security that we provide, so that means even free customers are getting AES-256 encryption and no logs policy applied.

https://protonvpn.com/support/no-logs-vpn/

Android

≡ -> Settings -> DNS Leak

Prevent leaking DNS query details to third parties (always on).

Split Tunneling

≡ -> Settings -> Split Tunneling

Split tunneling allows certain apps or IPs to be excluded from the VPN traffic.

Exclude IP Addresses

Exclude Apps

Add apps you want to exclude from your VPN traffic.

You'd better add Tor Browser, Orbot, and the web browser Orbot uses to the exclusion list.

Split tunneling on Windows and Android applications.

https://protonvpn.com/support/protonvpn-split-tunneling/

Always-On VPN & Kill Switch

≡ -> Settings -> Always-On VPN & Kill Switch

Set up ProtonVPN to reconnect automatically or to disable external connections if your VPN connection is disrupted.

Always-On VPN automatically reconnects you to your VPN server if your connection is interrupted.

Kill Switch prevents your device from making external connections if you are disconnected from the VPN, keeping your Internet traffic secure.

The Android operating system controls these features, and you must go out of the app to activate them.

Follow these steps to turn on Always-On VPN and Kill Switch:

1. Open your device's Settings by tapping the button below (search "vpn" on your Android Settings)
2. Find ProtonVPN and tap ⚙
3. Tap the switch next to Always-On VPN to enable it

Perform also this step to activate Kill Switch

4. Tap the switch next to Block connections without VPN to enable Kill Switch (If you turn this feature on, and disconnect or log out ProtonVPN, you won't be able to use any apps requiring Internet connection.)

Be aware that if both Kill Switch and Split Tunneling are activated, Split Tunneling won't work. Kill Switch blocks all connections outside the VPN tunnel, including those created by Split Tunneling.

Kill Switch and Always-On VPN are not always available on older versions of the Android OS or on all Android devices. If your device does not offer Always-On VPN or Kill Switch, there is nothing ProtonVPN can do to implement them. You can update your operating system to the most recent version of Android and try again.

Linux CLI (Official)

Install (Linux CLI)

How to install the official Linux beta app

Debian-based distros

Open Terminal and enter the following commands (or just copy and paste them in). Note: before starting, we recommend running the following command to ensure you system is up to date:

sudo apt-get upgrade

1. Add the ProtonVPN repository to your system’s software sources(2):

wget -q -O - https://repo.protonvpn.com/debian/public_key.asc | sudo apt-key add -

Followed by:

sudo add-apt-repository 'deb https://repo.protonvpn.com/debian unstable main'

Note: Once this repo has been added, the app will be kept updated by your default package manager.

2. Install the client:

sudo apt-get update && sudo apt-get install protonvpn

Login and connect (Linux CLI)

How to use the official Linux beta app

1. Log in using your regular Proton/ProtonVPN account details using the following command (please note that these are not the OpenVPN/IKEv2 login credentials used by the older community Linux client).

protonvpn-cli login [ProtonVPN username]

You will be prompted to enter your password.

The app will remember your login details between sessions. 2. Open a list of ProtonVPN servers with:

protonvpn-cli connect (or protonvpn-cli c)

3. Select a server location and click OK.Select a server at that server location and click OK. 4. Select udp or tcp (we recommend udp unless you have a reason to choose tcp).

A connection to the VPN server will now be established. To check your connection status, enter:

protonvpn-cli status (or protonvpn-cli s)

To disconnect, enter:

protonvpn-cli disconnect (or protonvpn-cli d)

Alternatively, you can disconnect using NetworkManager.

Next time when you turn your computer on, you just need to start with "protonvpn-cli connect". Don't need "protonvpn-cli login ProtonVPN_username".

Kill switch (Linux CLI)

How to use the kill switch

The ProtonVPN official Linux app includes a kill switch. The basic kill switch will block all your internet connections when the VPN app is running and the connection to one of our servers fails. To enable it, enter:

protonvpn-cli ks --on

The app also features an always-on kill switch. This prevents all internet connections unless the VPN app is running and connected to one of our servers. To enable it, enter:

protonvpn-cli ks --always-on

You can disable the kill switch by entering:

protonvpn-cli ks --off

How to use the official Linux app beta

https://protonvpn.com/support/official-linux-client/

Linux GUI (Unofficial)

GUI version is unstable. You'd better use CLI version.

Install (Linux GUI)

I tested two Linux GUI apps on my Ubuntu 20.10.

This one didn't work.

https://pypi.org/project/protonvpn-linux-gui-calexandru2018/

Another one also didn't work at first, but finally it worked.

https://github.com/ProtonVPN/linux-gui

ProtonVPN GUI dependencies

sudo apt install -y python3-gi python3-gi-cairo gir1.2-gtk-3.0

ProtonVPN Tray dependencies

sudo apt install -y gir1.2-appindicator3 libnotify-bin

PIP based

Note: Make sure to run pip with sudo

sudo pip3 install protonvpn-gui

How to use

ProtonVPN GUI

protonvpn-gui

At first it didn't work. So I uninstalled them, and installed them again, and then they worked.

sudo apt purge -y python3-gi python3-gi-cairo gir1.2-gtk-3.0
sudo apt purge -y gir1.2-appindicator3 libnotify-bin
sudo pip3 uninstall protonvpn-gui

How to use (Linux GUI)

≡ -> Configurations -> General

Choose your plan (Free, Basic, Plus, Visionary), and input your "OpenVPN/IKEv2 Username" and "OpenVPN/IKEv2 Password". And then click "Update" button.

You can see them in your ProtonVPN web page.

Connect here ( https://account.protonvpn.com/ ) with your web browser.

Log in with your username and password.

Go to "Account -> OpenVPN / IKEv2 username".

≡ -> Configurations -> Connection -> Default Protocol

The default option is TCP, but it's hell slow when you read mangas on Hitomi.la ( https://hitomi.la/ ).

Set up UDP instead of TCP.

≡ -> Configurations -> Advanced -> Kill Switch

The default option is Off. If you turn Kill Switch on, Split Tunneling won't work.

≡ -> Configurations -> Advanced -> DNS Leak Protection

The default option is On.

≡ -> Configurations -> Advanced -> Split Tunneling

The default option is Off. On Linux GUI program, you can exclude only IP addresses. You can't exclude apps like the Android ProtonVPN app or Windows ProtonVPN software.

Maybe 127.0.0.1 works if you want to exclude Tor Browser, but I'm not sure.

Or you can try to set up Tor Browser to use bridges and then put all those bridges' IPs into the VPN's exclusion list.

Mullvad VPN

Mullvad VPN: http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion/ https://mullvad.net/ ~~http://xcln5hkbriyklr6n.onion/~~

NordVPN and ExpressVPN are trash

NordVPN confirms it was hacked

October 21, 2019

NordVPN, a virtual private network provider that promises to “protect your privacy online,” has confirmed it was hacked.

The admission comes following rumors that the company had been breached. It first emerged that NordVPN had an expired internal private key exposed, potentially allowing anyone to spin out their own servers imitating NordVPN.

https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/

VPNs are Using Fake Server Locations

MARCH 21, 2018

ExpressVPN also boasts of a large server network. Unlike with PureVPN and Hidemyass, ExpressVPN does not admit to using fake locations anywhere on its website. The ExpressVPN chat representative I spoke with claimed that all server locations were real. (This was proven through testing to be false.)

https://restoreprivacy.com/vpn-server-locations/

I investigated the NordVPN ordeal. Here is what I found.

Aug 26 2018

Their address is 50th Street, Global Plaza Tower: 19th Floor, Suite H, Panama ^[2]

This address is used by shell companies.^[3] ^[4] ^[5] ^[6]

So, now we can be establish that Tefincom is not the real company behind NordVPN.

When you make a payment to NordVPN, your money apparently goes to a CloudVPN Inc.^[7] This is weird, since NordVPN claims to be subject to Panama laws and CloudVPN is based out of the USA.^[8] ^[9]

It gets better, check CloudVPN Inc's public records, and check out their 2017 original report under the history menu.^[10] Listed as the president/director is Darius Bereika.^[11] Darius Bereika is also the CEO of tesonet.^[12]

You read that correctly, the person who is the president of the company who manages NordVPN payments is the same person who's the CEO of Tesonet. If that doesn't bother you, keep in mind that Tesonet runs a data-harvesting service.^[13]

https://www.reddit.com/r/VPNTorrents/comments/9adi37/i_investigated_the_nordvpn_ordeal_here_is_what_i/

Zero Log VPN? Your No Log VPN is Lying to You

APRIL 27, 2020

Is there such a thing as a zero log VPN? The short answer is no, there isn’t. In fact, these companies are flat out lying to you when they claim they are a no log VPN.

Take PureVPN for example. On their website, they claim that after you connect to any server, PureVPN will not “keep any records of anything that could associate any specific activity to a specific user.”

The story of Ryan Lin indicates otherwise. When Ryan was investigated by the FBI under suspicion of harassing, cyber bullying, and hacking, the FBI approached PureVPN after discovering he used the VPN service.

If PureVPN was truly a zero log VPN, they would have been unable to aid the FBI in their investigation against Lin. Instead, PureVPN was able to provide logs that revealed the IP address Lin used to carry out cyber threats.

Lesson #1: VPNs always log some data. In this case, PureVPN logged data despite their claim that they “do NOT keep any logs that can identify or help in monitoring a user’s activity.”

Lesson #2: A VPN is not a secret invisibility cloak that will allow you to conduct whatever illegal activity you want to without reprisal. Now, I certainly don’t condone Ryan Lin’s illegal activity. However, this highlights the blatant lie being told by PureVPN’s marketing team.

https://www.allthingssecured.com/vpn/truth-about-vpn-logging-policies/

VPN restricted countries

Anonymous 03/15/19 (Fri) 19:52:10 No.1041744

>>1041674

In some countries, even using VPN is also illegal.

Only government-approved VPNs are allowed to use

China, Russia, Iran, Oman

Illegal or restricted or fully banned

Turkey, Iraq, Turkmenistan, Belarus, North Korea

Restricted for Individuals

United Arab Emirates (UAE)

Anyone uses a fraudulent IP address to commit a crime or prevent its discovery shall be punished by imprisonment or a fine of up to $400,000 depending on the nature of the crime. Using a VPN to use Skype might cause penalties, too. Worth mentioning that banks, companies, and institutions can use VPN’s freely, it is only individuals who are prohibited from it.

http://oxwugzccvk3dk6tj.onion/tech/res/1041674.html#1041744

Types

Early data networks allowed VPN-style connections to remote sites through dial-up modem or through leased line connections utilizing Frame Relay and Asynchronous Transfer Mode (ATM) virtual circuits, provided through networks owned and operated by telecommunication carriers. These networks are not considered true VPNs because they passively secure the data being transmitted by the creation of logical data streams.^[14] They have been replaced by VPNs based on IP and IP/Multi-protocol Label Switching (MPLS) Networks, due to significant cost-reductions and increased bandwidth^[15] provided by new technologies such as digital subscriber line (DSL)^[16] and fiber-optic networks.

VPNs can be either remote-access (connecting a computer to a network) or site-to-site (connecting two networks). In a corporate setting, remote-access VPNs allow employees to access their company's intranet from home or while traveling outside the office, and site-to-site VPNs allow employees in geographically disparate offices to share one cohesive virtual network. A VPN can also be used to interconnect two similar networks over a dissimilar middle network; for example, two IPv6 networks over an IPv4 network.^[17]

VPN systems may be classified by:

the tunneling protocol used to tunnel the traffic
the tunnel's termination point location, e.g., on the customer edge or network-provider edge
the type of topology of connections, such as site-to-site or network-to-network
the levels of security provided
the OSI layer they present to the connecting network, such as Layer 2 circuits or Layer 3 network connectivity
the number of simultaneous connections.

Security mechanisms

VPNs cannot make online connections completely anonymous, but they can usually increase privacy and security. To prevent disclosure of private information, VPNs typically allow only authenticated remote access using tunneling protocols and encryption techniques.

The VPN security model provides:

confidentiality such that even if the network traffic is sniffed at the packet level (see network sniffer and deep packet inspection), an attacker would see only encrypted data
sender authentication to prevent unauthorized users from accessing the VPN
message integrity to detect any instances of tampering with transmitted messages.

Secure VPN protocols include the following:

Internet Protocol Security (IPsec) was initially developed by the Internet Engineering Task Force (IETF) for IPv6, which was required in all standards-compliant implementations of IPv6 before Template:IETF RFC made it only a recommendation.^[18] This standards-based security protocol is also widely used with IPv4 and the Layer 2 Tunneling Protocol. Its design meets most security goals: authentication, integrity, and confidentiality. IPsec uses encryption, encapsulating an IP packet inside an IPsec packet. De-encapsulation happens at the end of the tunnel, where the original IP packet is decrypted and forwarded to its intended destination.
Transport Layer Security (SSL/TLS) can tunnel an entire network's traffic (as it does in the OpenVPN project and SoftEther VPN project^[19]) or secure an individual connection. A number of vendors provide remote-access VPN capabilities through SSL. An SSL VPN can connect from locations where IPsec runs into trouble with Network Address Translation and firewall rules.
Datagram Transport Layer Security (DTLS) – used in Cisco AnyConnect VPN and in OpenConnect VPN^[20] to solve the issues SSL/TLS has with tunneling over TCP (tunneling TCP over TCP can lead to big delays and connection aborts ^[21]).
Microsoft Point-to-Point Encryption (MPPE) works with the Point-to-Point Tunneling Protocol and in several compatible implementations on other platforms.
Microsoft Secure Socket Tunneling Protocol (SSTP) tunnels Point-to-Point Protocol (PPP) or Layer 2 Tunneling Protocol traffic through an SSL 3.0 channel (SSTP was introduced in Windows Server 2008 and in Windows Vista Service Pack 1).
Multi Path Virtual Private Network (MPVPN). Ragula Systems Development Company owns the registered trademark "MPVPN".^[22]
Secure Shell (SSH) VPN – OpenSSH offers VPN tunneling (distinct from port forwarding) to secure remote connections to a network or to inter-network links. OpenSSH server provides a limited number of concurrent tunnels. The VPN feature itself does not support personal authentication.^[23]^[24]^[25]

Authentication

Tunnel endpoints must be authenticated before secure VPN tunnels can be established. User-created remote-access VPNs may use passwords, biometrics, two-factor authentication or other cryptographic methods. Network-to-network tunnels often use passwords or digital certificates. They permanently store the key to allow the tunnel to establish automatically, without intervention from the administrator.

Routing

Tunneling protocols can operate in a point-to-point network topology that would theoretically not be considered as a VPN, because a VPN by definition is expected to support arbitrary and changing sets of network nodes. But since most router implementations support a software-defined tunnel interface, customer-provisioned VPNs often are simply defined tunnels running conventional routing protocols.

Provider-provisioned VPN building-blocks

Depending on whether a provider-provisioned VPN (PPVPN) operates in layer 2 or layer 3, the building blocks described below may be L2 only, L3 only, or combine them both. Multi-protocol label switching (MPLS) functionality blurs the L2-L3 identity.Template:Citation needed Template:Original research inline

Template:IETF RFC generalized the following terms to cover L2 and L3 VPNs, but they were introduced in Template:IETF RFC.^[26] More information on the devices below can also be found in Lewis, Cisco Press.^[27]

Customer (C) devices

A device that is within a customer's network and not directly connected to the service provider's network. C devices are not aware of the VPN.

Customer Edge device (CE)

A device at the edge of the customer's network which provides access to the PPVPN. Sometimes it is just a demarcation point between provider and customer responsibility. Other providers allow customers to configure it.

Provider edge device (PE)

A PE is a device, or set of devices, at the edge of the provider network which connects to customer networks through CE devices and presents the provider's view of the customer site. PEs are aware of the VPNs that connect through them, and maintain VPN state.

Provider device (P)

A P device operates inside the provider's core network and does not directly interface to any customer endpoint. It might, for example, provide routing for many provider-operated tunnels that belong to different customers' PPVPNs. While the P device is a key part of implementing PPVPNs, it is not itself VPN-aware and does not maintain VPN state. Its principal role is allowing the service provider to scale its PPVPN offerings, for example, by acting as an aggregation point for multiple PEs. P-to-P connections, in such a role, often are high-capacity optical links between major locations of providers.

User-visible PPVPN services

OSI Layer 2 services

Template:Refimprove section

Virtual LAN

Virtual LAN (VLAN) is a Layer 2 technique that allow for the coexistence of multiple local area network (LAN) broadcast domains, interconnected via trunks using the IEEE 802.1Q trunking protocol. Other trunking protocols have been used but have become obsolete, including Inter-Switch Link (ISL), IEEE 802.10 (originally a security protocol but a subset was introduced for trunking), and ATM LAN Emulation (LANE).

Virtual private LAN service (VPLS)

Developed by Institute of Electrical and Electronics Engineers, Virtual LANs (VLANs) allow multiple tagged LANs to share common trunking. VLANs frequently comprise only customer-owned facilities. Whereas VPLS as described in the above section (OSI Layer 1 services) supports emulation of both point-to-point and point-to-multipoint topologies, the method discussed here extends Layer 2 technologies such as 802.1d and 802.1q LAN trunking to run over transports such as Metro Ethernet.

As used in this context, a VPLS is a Layer 2 PPVPN, emulating the full functionality of a traditional LAN. From a user standpoint, a VPLS makes it possible to interconnect several LAN segments over a packet-switched, or optical, provider core; a core transparent to the user, making the remote LAN segments behave as one single LAN.^[28]

In a VPLS, the provider network emulates a learning bridge, which optionally may include VLAN service.

Pseudo wire (PW)

PW is similar to VPLS, but it can provide different L2 protocols at both ends. Typically, its interface is a WAN protocol such as Asynchronous Transfer Mode or Frame Relay. In contrast, when aiming to provide the appearance of a LAN contiguous between two or more locations, the Virtual Private LAN service or IPLS would be appropriate.

Ethernet over IP tunneling

EtherIP (Template:IETF RFC)^[29] is an Ethernet over IP tunneling protocol specification. EtherIP has only packet encapsulation mechanism. It has no confidentiality nor message integrity protection. EtherIP was introduced in the FreeBSD network stack^[30] and the SoftEther VPN^[31] server program.

IP-only LAN-like service (IPLS)

A subset of VPLS, the CE devices must have Layer 3 capabilities; the IPLS presents packets rather than frames. It may support IPv4 or IPv6.

OSI Layer 3 PPVPN architectures

This section discusses the main architectures for PPVPNs, one where the PE disambiguates duplicate addresses in a single routing instance, and the other, virtual router, in which the PE contains a virtual router instance per VPN. The former approach, and its variants, have gained the most attention.

One of the challenges of PPVPNs involves different customers using the same address space, especially the IPv4 private address space.^[32] The provider must be able to disambiguate overlapping addresses in the multiple customers' PPVPNs.

BGP/MPLS PPVPN

In the method defined by Template:IETF RFC, BGP extensions advertise routes in the IPv4 VPN address family, which are of the form of 12-byte strings, beginning with an 8-byte route distinguisher (RD) and ending with a 4-byte IPv4 address. RDs disambiguate otherwise duplicate addresses in the same PE.

PEs understand the topology of each VPN, which are interconnected with MPLS tunnels, either directly or via P routers. In MPLS terminology, the P routers are Label Switch Routers without awareness of VPNs.

Virtual router PPVPN

The virtual router architecture,^[33]^[34] as opposed to BGP/MPLS techniques, requires no modification to existing routing protocols such as BGP. By the provisioning of logically independent routing domains, the customer operating a VPN is completely responsible for the address space. In the various MPLS tunnels, the different PPVPNs are disambiguated by their label, but do not need routing distinguishers.

Unencrypted tunnels

Some virtual networks use tunneling protocols without encryption for protecting the privacy of data. While VPNs often do provide security, an unencrypted overlay network does not neatly fit within the secure or trusted categorization.Template:Citation needed For example, a tunnel set up between two hosts with Generic Routing Encapsulation (GRE) is a virtual private network, but neither secure nor trusted.^[35]^[36]

Native plaintext tunneling protocols include Layer 2 Tunneling Protocol (L2TP) when it is set up without IPsec and Point-to-Point Tunneling Protocol (PPTP) or Microsoft Point-to-Point Encryption (MPPE).^[37]

Trusted delivery networks

Trusted VPNs do not use cryptographic tunneling, and instead rely on the security of a single provider's network to protect the traffic.^[38]

Multi-Protocol Label Switching (MPLS) often overlays VPNs, often with quality-of-service control over a trusted delivery network.
L2TP^[39] which is a standards-based replacement, and a compromise taking the good features from each, for two proprietary VPN protocols: Cisco's Layer 2 Forwarding (L2F)^[40] (obsolete Template:As of) and Microsoft's Point-to-Point Tunneling Protocol (PPTP).^[41]

From the security standpoint, VPNs either trust the underlying delivery network, or must enforce security with mechanisms in the VPN itself. Unless the trusted delivery network runs among physically secure sites only, both trusted and secure models need an authentication mechanism for users to gain access to the VPN.

VPNs in mobile environments

Users utilize mobile virtual private networks in settings where an endpoint of the VPN is not fixed to a single IP address, but instead roams across various networks such as data networks from cellular carriers or between multiple Wi-Fi access points.^[42] Mobile VPNs have been widely used in public safety, where they give law-enforcement officers access to mission-critical applications, such as computer-assisted dispatch and criminal databases, while they travel between different subnets of a mobile network.^[43] Field service management and by healthcare organizations,^[44]Template:Qn among other industries, also make use of them.

Increasingly, mobile professionals who need reliable connections are adopting mobile VPNs.^[44]Template:Qn They are used for roaming seamlessly across networks and in and out of wireless coverage areas without losing application sessions or dropping the secure VPN session. A conventional VPN can not withstand such events because the network tunnel is disrupted, causing applications to disconnect, time out,^[42] or fail, or even cause the computing device itself to crash.^[44]

Instead of logically tying the endpoint of the network tunnel to the physical IP address, each tunnel is bound to a permanently associated IP address at the device. The mobile VPN software handles the necessary network-authentication and maintains the network sessions in a manner transparent to the application and to the user.^[42] The Host Identity Protocol (HIP), under study by the Internet Engineering Task Force, is designed to support mobility of hosts by separating the role of IP addresses for host identification from their locator functionality in an IP network. With HIP a mobile host maintains its logical connections established via the host identity identifier while associating with different IP addresses when roaming between access networks.

VPN on routers

With the increasing use of VPNs, many have started deploying VPN connectivity on routers for additional security and encryption of data transmission by using various cryptographic techniques.^[45] Home users usually deploy VPNs on their routers to protect devices, such as smart TVs or gaming consoles, which are not supported by native VPN clients. Supported devices are not restricted to those capable of running a VPN client.^[46]

Many router manufacturers supply routers with built-in VPN clients. Some use open-source firmware such as DD-WRT, OpenWRT and Tomato, in order to support additional protocols such as OpenVPN.

Setting up VPN services on a router requires a deep knowledge of network security and careful installation. Minor misconfiguration of VPN connections can leave the network vulnerable. Performance will vary depending on the Internet service provider (ISP).^[47]

Networking limitations

One major limitation of traditional VPNs is that they are point-to-point, and do not tend to support or connect broadcast domains. Therefore, communication, software, and networking, which are based on layer 2 and broadcast packets, such as NetBIOS used in Windows networking, may not be fully supported or work exactly as they would on a real LAN. Variants on VPN, such as Virtual Private LAN Service (VPLS), and layer 2 tunneling protocols, are designed to overcome this limitation.Template:Citation needed

A VPN connection may not be as robust as a direct connection to a network. A VPN connection depends on the VPN provider and the ISP. If either fails, the connection fails.

References

↑ Template:Cite book
↑ https://nordvpn.com/contact-us/
↑ https://offshoreleaks.icij.org/nodes/235588
↑ https://offshoreleaks.icij.org/nodes/14018408
↑ https://offshoreleaks.icij.org/nodes/14018410
↑ https://opencorporates.com/companies/pa/155628861
↑ https://i.sigavpn.com/img/5661932733.jpg
↑ https://torrentfreak.com/vpn-services-anonymous-review-2017-170304/
↑ https://www.bizapedia.com/wy/cloudvpn-inc.html
↑ https://wyobiz.wy.gov/Business/FilingDetails.aspx?eFNum=005203253040182072024101188243235057222189038105
↑ https://i.sigavpn.com/img/5757370209.jpg
↑ https://tesonet.com/random/history/the-story-of-tesonet/
↑ https://oxylabs.io/faq
↑ Cisco Systems, et al. Internet working Technologies Handbook, Third Edition. Cisco Press, 2000, p. 232.
↑ Lewis, Mark. Comparing, Designing. And Deploying VPNs. Cisco Press, 2006, p. 5
↑ International Engineering Consortium. Digital Subscriber Line 2001. Intl. Engineering Consortium, 2001, p. 40.
↑ Template:Cite web
↑ Template:IETF RFC, "IPv6 Node Requirements", E. Jankiewicz, J. Loughney, T. Narten (December 2011)
↑ Template:Cite web
↑ Template:Cite web
↑ Template:Cite web
↑ Template:Cite web
↑ Template:Cite web
↑ Template:Cite web
↑ Template:Cite web
↑ Template:Cite news
↑ Template:Cite book
↑ Template:Citation
↑ Template:Cite web
↑ Glyn M Burton: RFC 3378 EtherIP with FreeBSD, 03 February 2011
↑ net-security.org news: Multi-protocol SoftEther VPN becomes open source, January 2014
↑ Address Allocation for Private Internets, Template:IETF RFC, Y. Rekhter et al., February 1996
↑ Template:IETF RFC, A Core MPLS IP VPN Architecture
↑ Template:IETF RFC, E. Chen (September 2000)
↑ Template:Cite web
↑ Template:IETF RFC: Generic Routing Encapsulation over IPv4 networks. October 1994.
↑ IETF (1999), Template:IETF RFC, Layer Two Tunneling Protocol "L2TP"
↑ Template:Cite book
↑ Layer Two Tunneling Protocol "L2TP", Template:IETF RFC, W. Townsley et al., August 1999
↑ IP Based Virtual Private Networks, Template:IETF RFC, A. Valencia et al., May 1998
↑ Point-to-Point Tunneling Protocol (PPTP), Template:IETF RFC, K. Hamzeh et al., July 1999
↑ ^42.0 ^42.1 ^42.2 Phifer, Lisa. "Mobile VPN: Closing the Gap", SearchMobileComputing.com, July 16, 2006.
↑ Willett, Andy. "Solving the Computing Challenges of Mobile Officers", www.officer.com, May, 2006.
↑ ^44.0 ^44.1 ^44.2 Cheng, Roger. "Lost Connections", The Wall Street Journal, December 11, 2007.
↑ Template:Cite web
↑ Template:Cite web
↑ Template:Cite news

[1] Template:Cite book

[2] ttps://nordvpn.com/contact-us/

[3] ttps://offshoreleaks.icij.org/nodes/235588

[4] ttps://offshoreleaks.icij.org/nodes/14018408

[5] ttps://offshoreleaks.icij.org/nodes/14018410

[6] ttps://opencorporates.com/companies/pa/155628861

[7] ttps://i.sigavpn.com/img/5661932733.jpg

[8] ttps://torrentfreak.com/vpn-services-anonymous-review-2017-170304/

[9] ttps://www.bizapedia.com/wy/cloudvpn-inc.html

[10] ttps://wyobiz.wy.gov/Business/FilingDetails.aspx?eFNum=005203253040182072024101188243235057222189038105

[11] ttps://i.sigavpn.com/img/5757370209.jpg

[12] ttps://tesonet.com/random/history/the-story-of-tesonet/

[13] ttps://oxylabs.io/faq

[14] Cisco Systems, et al. Internet working Technologies Handbook, Third Edition. Cisco Press, 2000, p. 232.

[15] Lewis, Mark. Comparing, Designing. And Deploying VPNs. Cisco Press, 2006, p. 5

[16] International Engineering Consortium. Digital Subscriber Line 2001. Intl. Engineering Consortium, 2001, p. 40.

[17] Template:Cite web

[rfc6434-18] Template:IETF RFC, "IPv6 Node Requirements", E. Jankiewicz, J. Loughney, T. Narten (December 2011)

[19] Template:Cite web

[20] Template:Cite web

[21] Template:Cite web

[22] Template:Cite web

[23] Template:Cite web

[24] Template:Cite web

[25] Template:Cite web

[26] Template:Cite news

[27] Template:Cite book

[28] Template:Citation

[29] Template:Cite web

[30] Glyn M Burton: RFC 3378 EtherIP with FreeBSD, 03 February 2011

[net-security.org-31] t-security.org news: Multi-protocol SoftEther VPN becomes open source, January 2014

[32] Address Allocation for Private Internets, Template:IETF RFC, Y. Rekhter et al., February 1996

[33] Template:IETF RFC, A Core MPLS IP VPN Architecture

[34] Template:IETF RFC, E. Chen (September 2000)

[35] Template:Cite web

[36] Template:IETF RFC: Generic Routing Encapsulation over IPv4 networks. October 1994.

[37] IETF (1999), Template:IETF RFC, Layer Two Tunneling Protocol "L2TP"

[38] Template:Cite book

[39] Layer Two Tunneling Protocol "L2TP", Template:IETF RFC, W. Townsley et al., August 1999

[40] IP Based Virtual Private Networks, Template:IETF RFC, A. Valencia et al., May 1998

[41] Point-to-Point Tunneling Protocol (PPTP), Template:IETF RFC, K. Hamzeh et al., July 1999

[Phifer-42] 42.0 ^42.1 ^42.2 Phifer, Lisa. "Mobile VPN: Closing the Gap", SearchMobileComputing.com, July 16, 2006.

[43] Willett, Andy. "Solving the Computing Challenges of Mobile Officers", www.officer.com, May, 2006.

[Cheng-44] 44.0 ^44.1 ^44.2 Cheng, Roger. "Lost Connections", The Wall Street Journal, December 11, 2007.

[45] Template:Cite web

[draytek-46] Template:Cite web

[47] Template:Cite news

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

[20]

[21]

[22]

[23]

[24]

[25]

[26]

[27]

[28]

[29]

[30]

[31]

[32]

[33]

[34]

[35]

[36]

[37]

[38]

[39]

[40]

[41]

[42]

[43]

[44]

[45]

[46]

[47]