Next Location For VPN Servers – What Do You Suggest?

Have Your Say 27 Comments »

Now that we have our new VPN client development rolling, we want to add a few more VPN servers to our already comprehensive list. Our objective is to reach 20 countries within TUVPN's network by the end of the year!

We have already committed to a new server in Russia as soon as possible, but then it is up to you! Let us know from this list of possible countries which ones you would like to be added to our network! Help us shape TUVPN!

If you have additional suggestions, let us know and we will add them to the list!


Get the Best VPN NOW!

New TUVPN VPN Custom Client Wish List

Have Your Say 14 Comments »

TUVPN has started the process of developing its own VPN Client. This will be a software geared to provide plug & play functionality for less technically savvy users. Of course, as TUVPN is about choices, we will keep all our currently available options open.

The first release of our custom VPN Client will have basic functionality including auto-updated list of VPN servers, Openvpn support, password save, automatic reconnection etc. We are considering other features and as always value our customer's input and ideas. We have prepared a list below! (you can choose more than one option, and if you think of something else, please leave a comment):


Get the Best VPN NOW!

What do you want TUVPN to do next ? Have your say !

Have Your Say 12 Comments »

As you may have realised, we have been quite active lately :

What shall we do next ? As usual, we think the best idea is to ask you, so have your say !

 

And feel free to leave a comment related to this here, or in our forums ! Waiting to hear from you !


 Get Your VPN NOW!

New VPN Protocol: SSH2 Tunnels or L2TP/IPSec?

Have Your Say, TUVPN News 10 Comments »

SSH2 for TUVPN ?Whilst still working on our new website, that hopefully will be up & running before the end of this month, we have started to discuss which should be the next VPN protocol/system to be implemented in our network.

We try to make ourselves stand out from the growing number of competitors by offering a service that is very simple to use, with very high quality and very flexible.

To enhance this last characteristic, we plan on introducing a new vpn protocol.

What we have in mind at the moment is either SSH2 Tunnels or L2TP/IPSec.

We think that SSH2 Tunnels would be a very good complement to what we have at the moment (as it allows to protect just a given application while leaving the rest of the traffic outside the tunnel). Only issue is that maybe it might be too technical for most users.

The other option, L2TP/IPSec, is becoming popular amongst other VPN providers. We have never had it in high regard, as it tends to be messy to implement and is easy to block  and has issues as it uses several ports during the different phases of the tunnel creation.

Again, we would love to hear what you have to say about it, an as usual, we will do our best to accommodate what most of you want!

So, please, feel free and start commenting!


Get Your VPN NOW!

VPN Performance Tests For Different Ciphers and Key Strengths

Have Your Say, TUVPN News 4 Comments »

Continuing with the lively discussion on our post about changing current TUVPN.COM cipher and as we promised there, we have performed a number of tests with different ciphers and key strength combinations that should allow us to take a final decision with better judgement and understanding of the results.

So without further delays, here you have the results:

To perform the test, we have used speedtest.net, connecting always to the same server in their network.

First, you have the results without VPN, so we can have a baseline to compare with.

For your information, the test laptop was located in Sweden and the VPN Servers we used for testing were Chicago and Steinsel.

Speedtest without running OpenVPN

TUVPN No OpenVPN speed test

Speedtest Default Cipher (BF-CBC) and Default Key Length (128bit) – Chicago VPN Server

TUVPN Blowfish 128 bit Chicago speed test

Speedtest Default Cipher (BF-CBC) and Default Key Length (128bit) – Steinsel VPN Server

TUVPN Blowfish 128 bit Steinsel speed test

Speedtest AES-CBC and 256bit key – Chicago VPN Server

TUVPN AES-CBC 256bit Chicago speed test

Speedtest AES-CBC and 256bit key – Steinsel VPN Server

TUVPN AES-CBC 256bit Steinsel speed test

Speedtest BF-CBC and 256bit key – Chicago VPN Server

TUVPN BF-CBC 256bit Chicago speed test

Speedtest BF-CBC and 256bit key – Steinsel VPN Server

TUVPN BF-CBC 256bit Steinsel speed test

 

Up to here we have just been playing with cipher and key length. So we have strengthened the data channel of the VPN.

As Timmi's very interesting comments on our last post point, we can also play with control channel security (the one which creates and maintains the VPN connection).

So now we have a new round of tests, playing too with the strength of the control channel encryption and also with the HMAC packet authentication.

For reference in the control channel we are currently using RSA 1024bit (encryption) and SHA-1-160bit (HMAC packet authentication).

Speedtest Default Cipher (BF-128-CBC) and RSA 2048bit + SHA-2-512bit – Chicago VPN Server

TUVPN BF-CBC 128bit RSA 2048bit SHA1 Chicago speed test

Speedtest Default Cipher (BF-128-CBC) and RSA 2048bit + SHA-2-512bit – Steinsel VPN Server
TUVPN BF-CBC 128bit RSA 2048bit SHA1 Steinsel speed test
Speedtest AES-CBC-256bit key and RSA 2048bit + SHA-2-512bit – Chicago VPN Server

TUVPN AES-CBC 256bit RSA 2048bit SHA1 Chicago speed test

Speedtest AES-CBC-256bit key and RSA 2048bit + SHA-2-512bit – Steinsel VPN Server

TUVPN AES-CBC 256bit RSA 2048bit SHA1 Steinsel speed test

Speedtest BF-CBC-256bit key and RSA 2048bit + SHA-2-512bit – Chicago VPN Server

TUVPN BF-CBC 256bit RSA 2048bit SHA1 Chicago speed test

Speedtest BF-CBC-256bit key and RSA 2048bit + SHA-2-512bit – Steinsel VPN Server

TUVPN BF-CBC 256bit RSA 2048bit SHA1 Steinsel speed test

 

Conclusion:

So now WHAT ? :P

First thing: TUVPN VPN servers are REALLY fast ! Well, we already knew that, but here it has been more than proved !

Second thing: Increasing the cipher strength to 256bit, with both AES or Blowfish, doesn't seem to penalise performance much. As expected, current configuration is faster, but not that much faster.

Third thing: Keeping current configuration and strengthening control channel security again doesn't inflict a noticeable damage to performance.

but

Fourth thing: Increasing BOTH data channel and control channel security AFFECTS VPN performance. We see a sustained 20% performance decrease.

 

So, considering that TUVPN's users give a lot of importance to the SPEED of our network, we would not go for a full blown security revamp of the network including both channels.

And, as most users prefer to increase data channel security vs control channel security (agree that many probably  don't know about control channel, but at the end of the day we are here, not only to instruct , but also to listen and act on the wishes of the majority of our users :)), we are willing to go in that direction.

About AES-CBC-256 or BF-CBC-256, we would have a preference for Blowfish as it has been working pretty well up to know, but let's see WHAT YOU HAVE TO SAY!

Hope something comes out of this, after so much work ! ;)


Go to TUVPN.COM

New VPN Servers for the TUVPN Network

Have Your Say, TUVPN News 17 Comments »

TUVPN.COM Global VPN Server LocationsAs growth of the network continues, we are thinking about our next moves for our VPN network.

The first addition will be a new server in London to be added later this week. This will be our second server in the UK, which of course will be available to all of you at no additional cost. There has been a strong demand for the dedicated IP service for this location, so this addition was mandatory to meet the immediate demand.

After this addition, we are open to your suggestions.

As our strongest demand is in Europe, we were thinking about adding a new VPN server in Zlin (Czech Republic).

Another option would be a new server somewhere in Asia, but we are not fully convinced yet as our current Kuala Lumpur server in Malaysia is somewhat underused.

After going over the forum proposals from our users, we have been able to summarize customer thoughts as follows:

  • Switzerland – Some users have insisted that we reinstate a server in this domicile. So this is currently first in our request list.
  • Russia (Omsk) – Speed. Covering of Asia/Europe. Many users have asked for this.
  • Kyrgyzstan – Could be a good location to supply Asia/Europe.
  • Denmark – Because of download speed and privacy laws.
  • Panama – Would be a good complement to Chicago and Montreal VPN servers.
  • Hong Kong – Asian location most mentioned.
  • Latvia, Lithuania – Good speeds.
  • Bulgaria – Privacy.

Or….. do we just keep adding servers to the current locations ? e.g. a new server in Luxembourg.

What do you think?

For the three most insightful and helpful comments we are offering a one month free VPN account !

Help us shape our network for you!


Go to TUVPN.COM

Do we change current OpenVPN cipher and key length ?

Have Your Say 19 Comments »

This is not a question that will stir the interest of every reader! :) …….but for those who have had their curiosity stirred, we would love to hear your thoughts! Read on and all will be revealed…..

 

We have received several requests to change our current OpenVPN cipher. We are currently using the default cipher provided with OpenVPN – Blowfish.

 

Our view has been that the developers of OpenVPN should have a deep knowledge and insight as to which cipher works best with their software. To the best of our knowledge, Blowfish has never been broken and there are several reports that support Blowfish as the faster cipher with OpenVPN.

 

However, in the spirit of maintaining our healthy dialogue with customers, we would welcome your opinion.

 

In particular, we have had requests to move from Blowfish to AES with 256bit key. If we were to change, this would be our preferred option also. We would argue that it could give a good balance of speed and arguably enhanced security.

 

Change wouldn't be extremely difficult to implement for TUVPN. We would do a slight tweak on each server configuration, reboot them and provide users with a new OpenVPN installer or directions to add a single line to their OpenVPN configuration. That would be it.

 

In any case, before committing to a particular course of action, we would really love to have your feedback about this subject. Please feel free !


Go to TUVPN.COM

Get Your VPN NOW!

©2011 TUVPN.COM. All rights reserved.