With the recent release of our SSH2 Tunnel technology, TUVPN is again breaking ground in the VPN industry with a new and extremely versatile tool at the disposal of our users.

In our Tutorials section, you can find all you need to get started with our SSH2 Tunnels. Firefox is the example application that we configure in our tutorials to use the SSH2 Tunnel. Let's see now how you would configure other popular applications to use our newest technology. We will configure Google Chrome, Internet Explorer, Opera, Firefox, Skype and Filezilla.

Remember that before configuring any given application to use the tunnel you need to have it up&running!:

Windows SSH2 Tunnel Configuration

Ubuntu SSH2 Tunnel Configuration

Google Chrome

We go to Options:

Under the Hood option and Change Proxy Settings:

Select Connection tab and click on the LAN Settings on Local area network window click on Advanced:

Socks localhost and port 7070:

Go to an IP identification site (e.g. www.whatismyipaddress.com ) where you can see that your IP is now a TUVPN server IP in an entirely new location….and probably a new country!

Internet Explorer

We go to Internet Options:

Select Connection tab and click on  LAN Settings:

In Local Area Network window click on Advanced…, On Proxy Settings window we enter socks Localhost and port 7070 click OK:

Go to an IP identification site (e.g. www.whatismyipaddress.com ) where you can see that your IP is now a TUVPN server IP in an entirely new location….and probably a new country!

Opera

We go to Settings then Preferences:

Select Advanced tab and go to Network on the left menu.  Click on Proxy Servers button:

Check the Socks checkbox and enter 127.0.0.1 and port 7070. Click OK:

Go to an IP identification site (e.g. www.whatismyipaddress.com ) where you can see that your IP is now a TUVPN server IP in an entirely new location….and probably a new country!

Mozilla Firefox

We go to Tools and then Options:

Go to Advanced and then select the Network tab and click on Settings button:

Select Manual proxy configuration and then select Socks v5. Now we enter Socks host 127.0.0.1 and port 7070 and click OK:

Go to an IP identification site (e.g. www.whatismyipaddress.com ) where you can see that your IP is now a TUVPN server IP in an entirely new location….and probably a new country!

Skype

We go to Tools and Options:

Go to Advanced tab and click on Connection, then we select Socks5 from drop down list, for host localhost and for port 7070. We click Save and restart skype to be connected through out SSH2 tunnel:

Filezilla

We go to Settings:

The go to Generic proxy, select Socks 5 and enter into Proxy host 127.0.0.1 and Port 7070.  Click OK:

When you connect to any FTP host, check the status window and you will see that it is now routing your traffic through the proxy you have defined and so the SSH2 Tunnel:

Get the Best VPN NOW!

As the number of VPN technologies supported by TUVPN grows (with the new addition of SSH2 Tunnels), we have deemed it appropriate to provide the TUVPN users with access to a simple table. This table details the different VPN protocols available, highlighting strengths and weaknesses, use cases, level of security, speed etc. In summary, all the information that we think should help our users to decide what is best for their needs.

We think this information is very interesting too for the wider VPN user community, many of whom without being TUVPN users, are readers of our blog. So here you have a screenshot of the table. Just click on it and you will have access to the full table.

Hope you find it enlightening!

Get the Best VPN NOW!

With the recent addition of SSH2 Tunnels, TUVPN is fast becoming one of the most complete VPN providers in the VPN ecosystem, offering a wide range of VPN protocols and security tools that can cover any possible user, from newbie to seasoned.

As we offer so many options/choices now, we have decided to summarize in this blog article the difference between the technologies offered so you can better decide which type is most appropriate to what you want to achieve. Primarily we want you to clearly understand how your traffic is protected, which traffic is protected and the level of anonymity provided by each technology. This of course applies to any VPN provider, not just TUVPN, so if you are not yet a TUVPN user it will be useful knowledge all the same!

Typical VPN Protocols (OpenVPN, L2TP/IPSec, PPTP, SSTP)

A common characteristic of these VPN protocols is that they modify the default gateway on your computer/device to redirect ALL INTERNET TRAFFIC over the VPN.

You can't choose which applications are routed over the VPN and which are not.

You can see it graphically here:

This of course has advantages, i.e. you don't have to worry about which traffic is protected and which not, all is by default.

But it also has some limitations i.e. you can't enjoy your full Internet connection speed for applications that don't require high security or anonymity. Using encryption and accessing the Internet through a remote VPN server instead of your local ISP will always add some extra burden to the communication process. The precise amount of extra burden, and so the difference of speed while running your applications, will depend on a number of factors – processor and memory of the client device, the distance to the VPN server with which you are connected, and the available resources at the VPN server level. By the way, you can test our server speeds with a new tool we have just added to the website – try it here.

Further, if you want to make sure that no traffic will reach the internet in the case of the VPN connection going down, you need to rely on third party products (i.e. firewalls) or have this feature integrated in the VPN client provided. By default and if nothing is done, when the VPN connection goes down, traffic will reach the Internet unprotected via your ISP.

With respect to anonymity, all typical VPN protocols will substitute your normal IP with the IP of the VPN server with which you have connected for ALL applications.

SSH2 Tunnels

SSH2 Tunnels offer more flexibility than the typical VPN Protocols for the people that need it.

The internal workings of an SSH2 tunnel are quite different from the typical VPN. Let's see it graphically and then we will go over it:

To establish an SSH2 Tunnel first we will need, as with typical VPNs, a client e.g. MyEnTunnel for Windows.

Typically, this client once connected, will provide a LOCAL SOCKS5 PROXY (so a SOCKS5 Proxy running on our computer/device). But what on earth is this?! Plainly speaking, it is simply a program that will act as a broker for the Internet communications of the applications that we configure to use it.

So once our client is running and the SSH2 Tunnel is up, no application is protected by default, as happens with typical VPN protocols.

Now we need to configure the applications that WE WANT TO BE PROTECTED to use the provided SOCKS5 Proxy on our computer/device. This is fairly trivial and implies just changing a setting in the desired applications.

Now you see where flexibility comes into play. As long as an application supports using a SOCKS5 Proxy, we can protect it while leaving others outside of the SSH2 Tunnel and so without the extra burden that a VPN implies. This may be seen as a huge advantage by many users.

Moreover, you will clearly see that if the SSH2 Tunnel goes down (so the SOCKS5 Proxy goes down too), NO DATA FROM OUR SELECTED APPLICATIONS WILL EVER REACH THE INTERNET. This is quite obvious as they are configured to use the SOCKS5 Proxy to reach Internet and without it no data can be transmitted in any case. Again, this 'by default' behaviour is a strong plus for the SSH2 Tunnels.

When we look at anonymity with an SSH2 Tunnel, it will provide the same level as any typical VPN protocol for the SELECTED APPLICATIONS. For the rest of the applications that we are running outside the tunnel, no anonymity will be provided.

High Anonymity WEB Proxies

Finally we will discuss how High Anonymity WEB Proxies fit into this picture. Again let's see graphically their working:

Everything is much simpler here. WEB Proxies as its name implies just work with WEB browsers (https/https traffic), no other application can use them.

Moreover, no traffic is protected (so no encryption is present in all the communication path). Just anonymity is provided by changing our IP with the IP of the proxy server.

You can read more about Proxies vs VPNs here.

And that should be it! Hope all of this is enough to let you choose your best vpn connection method and enjoy Internet in a more secure way! As always, we welcome your comments and thoughts.

Get the Fastest VPN NOW!

For those of you that are technically minded or keen on learning the inner workings of VPNs, we are  reviewing today a new OpenVPN book: OpenVPN 2 Cookbook.

We have always considered OpenVPN as one of the best vpn protocols, with amazing stability, flexibility and capability to work in most environments.

OpenVPN is an SSL/TLS VPN, one of the fastest types of vpn, and we have previously published a blog post comparing OpenVPN with PPTP. Peers authentication can happen via pre-shared keys, certificates or username/password (as TuVPN does) and the official port in which it will be running , the only one that needs to be allowed for it to work, is 1194 UDP (although you can change it to work on any other port, i.e. 443 TCP, as we do, making it work anywhere compatible with HTTPS).

In OpenVPN 2 Cookbook you will not find OpenVPN basics, but +100 recipes that will take your knowledge about OpenVPN to a new level, all in an extremely practical way.

There is an extensive range of topics, from Point-to-Point Networks, PKI, Certificates and OpenSSL to OS Integration. We will just go quickly over what we have found to be the most interesting and innovative chapters of this book and the ones that have taken our already extensive experience with OpenVPN a step further.

Chapter 2: Client-server IP-only Networks

This chapter gives very interesting information on a topic that can offer certain complexities sometimes: how to route subnets on both sides of the OpenVPN tunnel.

OpenVPN offers enormous flexibility in this sense, but you need to know how to correctly use the route and iroute options in the  server configuration and client configuration files respectively. Also it is important to correctly inform the devices on each of the subnets on how to reach the other subnet IP ranges through the OpenVPN tunnel (setting thus the OpenVPN server as a gateway for these ranges).

All of this is covered in great detail and with illustrative examples that can save loads of time if you are new to all of this.

Chapter 5: Two-factor Authentication with PKCS#11

This is again an extremely interesting topic, not usually seen in OpenVPN books.

It  explains in detail which token devices options we have (focusing on the Aladin eToken Pro USB), how to initialize them, how to copy the private key and certificate to them and how to use them.

So we are taken, step by step, through the process of creating an extremely secure VPN infrastructure protected by two-factor authentication that we can use in the most security conscious environments.

Chapter 9: Performance Tuning

Finally I wanted to highlight another chapter containing some hidden gems. This chapter deals about how to increase performance on your OpenVPN network.

First of all, it explains how to measure current performance via tools like ping, tcpdump and iperf. Then we are taken on an extremely interesting test of cipher performance (Blowfish, AES-128 and AES-256 are analysed) and finally we learn about the use of compression and fine tuning of both UDP and TCP connections.

All in all, OpenVPN 2 Cookbook is a very valuable tool for system administrators and OpenVPN advanced users who want to discover and apply what is beyond the basics of OpenVPN administration and move their VPN networks to the next level. So… it is a perfect book for us!

Get the Best VPN Service NOW!

We have just introduced a new VPN protocol in our VPN network: L2TP/IPSec

So, currently we support PPTP, OpenVPN and now L2TP/IPSec.

In a previous article we already highlighted the differences between PPTP and OpenVPN. Today we will focus on PPTP versus L2TP/IPSec.

L2TP/IPSec

L2TP is a tunneling protocol that allows us to create VPNs. L2TP uses UDP protocol (in contrast with PPTP that uses TCP protocol).

It is important to understand that L2TP doesn't provide by itself any protection (i.e. encryption) to the data being transported. We need to add another layer that provides this service, in our case IPSec.

So, in a typical L2TP/IPSec communication, first IPSec establishes a secure channel between the client and the server and then L2TP takes care of further authentication of the client and establishing the tunnel to securely transport client data to the server within the secure channel provided by IPSec. So IPSec "wraps" L2TP communication and keeps our data safe from prying eyes.

PPTP vs L2TP/IPSec

The main drawback of PPTP versus L2TP/IPSec is the encryption strength (for a good introduction to what is encryption strength and why should you care, check this).

PPTP maximum encryption is 128bit using Microsoft Point-to-Point Encryption (MPPE). IPSec can provide much stronger encryption with more up-to-date ciphers. Typically (as in our case) the cipher used will be AES with 128bit keys.

Moreover, L2TP provides data integrity (protection against modification of the data between the time it left the sender and the time it reached the recipient), authentication of origin (confirmation that the user who claims to have sent the data really did), and replay protection (which keeps a hacker from being able to capture data that is sent, such as the sending of credentials, and then “replay” it to “trick” the server) all of which PPTP is unable to provide.

Due to the additional security features provided by L2TP/IPSec, the overhead involved can result in slightly slower performance than PPTP. But this is negligible most of the times.

PPTP is very easy and quick to deploy as it is supported by default by most operating systems. However, L2TP/IPsec is also easy, but does not have such widespread support and so can require a little more effort to set up.

Finally, L2TP/IPSec is more "firewall friendly" than PPTP, meaning that it has more chances to work where PPTP is not supported/blocked.

Summary

If security is your priority, then definitely use L2TP/IPSec over PPTP when comparing the two protocols.

Also, you will not have any other options when you find PPTP blocked or unsupported by ISPs.

If you want a quick solution, easy to deploy and that will work on most devices without much overhead, then PPTP is the recommended option for you.

OpenVPN remains our No.1 ranked protocol of the three we offer – OpenVPN, L2TP/IPSec, PPTP.

 over \

Get Your VPN NOW!

Dummy users do not worry about how the communication is realized during internet connection. They do not know what  "connection port numbers”, “dynamic RPF”, “open and closed ports” are… But if you are going to use a secure internet connection via VPN, you need to know something about incoming connection ports. When connected to a VPN server, this server automatically becomes a firewall between you and the Internet. And the applications you usually use may not work. Why can it happen?, how to resolve this issue? Read this article…

What are incoming connection ports?

How an application installed on your computer knows where to send data to on Internet? In addition to the IP address of a remote machine, the programs must know the port numbers of the receiving application. Imagine a letter which comes to an address – a building with thousands of rooms.  And to what room must the letter be delivered? So, ports are like room numbers or post office boxes – they specify where exactly the message must be delivered.  Port numbers range from 0 to 65536. Numbers from 0 to 1024 are reserved for privileged services and designated as well-known ports. For example: 80 HTTP, 110 POP3, 443 HTTPS, 563 SNEWS, 569 MSN. Higher-level applications that use TCP/IP, such as Web Protocol and Hypertext Transfer Protocol, have ports with pre-assigned numbers.  Other application processes are given port numbers dynamically for each connection.

When a service (server program) is initially started, it is said to bind to its designated port number. As a client program wants to use that server, it must also must to bind to the designated port number. An example for the use of ports is an email client which you use to receive and send emails. Configuring email settings may be different from program to program, but all email programs require the same basic pieces of information. Among them are SMTP and POP3 email servers and their ports. The Simple Mail Transfer Protocol (SMTP) by default listens on TCP port 25 for incoming requests. The Post Office Protocol (POP) used to fetch email messages from the server listens on TCP port number 110. The following screenshot shows an account configuration window in a email application where you need to define POP3 and SMTP ports.

Incoming Ports and VPN Connection

Every VPN connection uses an incoming connection port on the user’s computer. It is like an endpoint to a connection. However, when connected to a VPN server, this server automatically becomes a firewall between you and the Internet. This can be very convenient because it gives you another layer of security and protection. Port scanning is usually associated with malicious cracking attempts. Closed ports prevent anyone from the Internet connecting to your computer. But remember,  connections with  legitimate purposes will be forbidden as well. To resolve this issue, Dynamic Remote Port Forwarding (DRPF) is used. TUVPN.COM has enabled DRPF for both PPTP VPN and OpenVPN service. Basically, this means that every time you connect to a VPN server, it gives you certain ports that will be automatically redirected to your computer. Any Internet connection to one of these server ports will be immediately directed to your computer through the VPN. Forwarding an individual port still requires you to change where your program connects, telling it to use a non-standard port rather than the standard port. Read more in FAQs (http://www.tuvpn.com/faqs.php?ln=en#99).

Scanning Ports

If you are interested in ports issues, you can drill-down into the topic by using a free open source utility for network exploration Nmap ("Network Mapper"). Port scanning is the core function of Nmap. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems. The simple command

nmap <target>

scans 1,000 TCP ports on the host <target>. While many port scanners have traditionally ranged all ports into the open or closed status, Nmap range ports into six status: open, closed, filtered, unfiltered, open|filtered, or closed|filtered. The output from Nmap is a list of scanned targets, with supplemental information on each depending on the options used. A provided table lists the port number and protocol, service name, and state.

So, now you understand that incoming connection ports are the endpoint for communication via a network. The applications use the default ports until you configure the other ones. During VPN connection the default ports may need to be changed. TUVPN's personal VPN provides you a range of 5 ports to be used by your applications. With Business VPN services you can use as many ports as your working environment requires.

Go to TUVPN.COM

VPN service may offer for its users several advantages: flexibility, ease of use, cost savings, network scalability, and private networking. But the key feature of the VPN is improved security. If you use VPN, your information sent via Internet is firmly protected.

There are three concepts that make a VPN connection secure:

•    Tunneling:

VPN creates a secure path through an untrusted network between you and your destination point. Other users of internet can’t see or recognize this tunnel. VPN builds its security mechanism with a help of special network technologies called cryptographic tunneling protocols. The protocols provide establishing and maintaining a VPN connection, encryption of information sent through the tunnel, and message integrity.
 
•    Encryption of traffic:

All the information transferred through the tunnel is being encrypted. An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses. Nobody can use your private information without your permission. Today the newer standards provide very strong encryption which is so secure that it would take thousands of computers and years to break it through.
 
•    Authentication mechanism:

If a bad guy can get one of the keys, he can decrypt all the traffic on the VPN. So a reliable VPN connection has a strong user authentication mechanism. It means the tunnel end point is authenticated before secure VPN tunnels can be established. For authentication the following can be used: passwords, digital certificates, biometrics, two-factor authentication, other cryptographic methods.

To understand it better, let’s see how it works.

For example, you need to get to an internet resource securely so that information about your IP-address, the sites you are visiting, would stay unknown for everybody else, for example, for internet provider. Once the connection through VPN has been established, you communicate with your VPN provider server through the straight tunnel. The tunnel is in fact built in internet. The difference is that information sent through unsecure internet channels may become available for third parties. Information from your VPN tunnel is not. On the way to the VPN server all the information is encrypted. Then your IP-address is changed to a new,  public IP. Transmission of information continues to the destination point in the Internet under new IP so that nobody can track you and use your personal information.

You may say that you have nothing to hide. But in sense of your privacy, the VPN can be a solution.

Here is one more example. You have a small-business company and you need to exchange e-mails with absolutely private information with your partners from overseas. Let’s imagine, you need to do it regularly and in big pieces, and through internet. In this case the VPN connection is the most secure convenient and cheap solution. On the basis of internet the VPN establishes a tunnel between you and your colleagues and encrypted information becomes defended from other users of internet. You can get it by means of a dedicated VPN Server service.

With a variety of VPN products, you can choose the most secure type for your business: VPN for emails, or to run a couple of applications, or networked server. Growing list of VPN technologies can satisfy the most sophisticated needs in security.

Making the best choice, you need to consider the following issues:

•    reliability of the company providing the VPN service:

It is important to spend some time and to choose a reliable VPN provider. Reliable VPN service provides maximum security to all the users and make sure that their identity is safe on the internet. You need to take into account provider’s reputation, background and user’s reviews.

•    strong user authentication and key management:

Properly configured VPN service allows an access only to authorized users. There are options for key management. You can share one encryption key among several users but in case you have many network users it can be unsafe. Then you can distribute the keys and replace just one user’s key if it’s compromised.

•    fast and efficient internet connection:

A reliable VPN service offers an internet connection with a maximum uptime and doesn’t slow down the connection speed when users need to use internet.

Technological progress has made businesses to look for improvement to secure their networks and business communications. Personal use of internet reveals more and more cases of disregarding your privacy. The VPN technologies have already taken their marketplace and are acquiring more users every day. So it’s only for you to decide whether your VPN time has come.

Get Your VPN NOW!

There is a lot of misunderstanding and misrepresentation regarding encryption strength and how most VPN providers talk about it. In fact, we would say that most of them don't have any idea what they are talking about, or if they have, they try to fool possible users in believing that they are more secure than other VPN services …

Let's see some examples from live VPN sites :

What does 2048 bit Encrypted connection mean ? And what about 128-2048bit security ? Let's try to clarify it as simply as possible….which in itself is challenging when discussing encryption! . We will do our best.

Firstly, encryption strength is related to a type of service. So we have to know if we are talking about PPTP or L2TP or OpenVPN or SSH. Once we know the type of service that we are talking about, we can better assess the information that the VPN provider gives to us related to its strength.

PPTP

So focusing first on PPTP…. it can (and should) offer a maximum strength of 128 bits. Encryption using PPTP is provided by the use of Microsoft Point-to-Point Encryption (MPPE) protocol that can just handle 40-bit, 56-bit and 128-bit session keys. So when talking about PPTP, don't be fooled: 128 bits is the maximum strength that you can expect.

Anyhow, security wise, the biggest problem with PPTP is not related to the length of its key (there are other protocols very secure with similar key lengths), but to its underlying implementation that has several flaws. You can read more here.

OPENVPN

Although OpenVPN can be configured in several ways, let's focus on the most typical one found in many VPN providers.

In this typical configuration, first the peers taking part in the communication (you and the VPN server to which you are trying to connect) will authenticate to each other. Once this has been done and the VPN tunnel is established, the proper flow of encrypted data from and to your computer will begin.

The authentication process will usually take place using Public-Key Cryptography and/or username and password. When you read about 2048 bit keys, or 4096 bit keys or something like this, you are reading about the key used during the authentication phase of the communication.

But once authentication has happened and because Public-Key algorithms are really slow, OpenVPN will switch to Symmetric Cryptography to actually encrypt the data that is sent between you and the VPN server. This encryption will take place using a given type of symmetric algorithm (AES, Blowfish, Twofish …) and with a given key length (128bit, 192bit, 256bit, 448bit …).

Most probably this last key length is the one you would worry more about along with the type of algorithm that the VPN provider is using. As you can see none of these symmetric key lengths get anywhere close to those 2048bit ot 4096bit keys that some VPN providers boast.

Having longer symmetric keys will increase security at a performance cost (more or less depending on the algorithm selected). All depends on how paranoid we are and the options that the VPN service provider gives to us.

Hope we have clarified things a bit

Get Your VPN NOW!

VPN or Virtual Private Network is an old concept in the world of computing. One possible definition is:

Safe communication method between two points through a public network

Security of your communication is ensured via encryption. Encryption algorithms are applied to the communication, making sure that nobody on the public network (Internet) can access the contents of your communication between two points. In effect it creates a private 'tunnel' between two points.

VPNs have many advantages and uses. Secure and low cost inter-office connection, secure remote access to systems, and private networking on the Internet to name just a few.

VPNs is becoming fashionable. VPN service providers such as TUVPN.COM , provide a solution to the growing concern the general public has about privacy and anonymity on the Internet.

Online privacy threats come from many fronts, starting with the Internet Service Providers (ISPs) that can analyze the traffic generated by users to create profiles of navigation and consumption. This information can then be sold to third parties for unsolicited marketing etc. Governments themselves create systems and organisations to collect and analyze massive amounts of Internet traffic. This is often argued to be done in the public interest, but where is the line drawn? How do we know where are information ends up? We can all remember cases of Government leakage of private information. There is a long string of companies and organizations who traffic our private data, collected through more or less transparent ways for all kinds of purposes. Do you wonder how spam emails end up getting to you?

VPN service providers such as TUVPN fit in this world? Generally we will put at your disposal one or more of our servers in different geographic locations to allow you to connect to the internet through our VPN client. ALL traffic between your computer and our VPN server that you are connecting to is encrypted and NOBODY can see or identify the content of that traffic. In this sense, the VPN service offers privacy between your computer and the VPN server chosen by you.

Your Anonymity is provided via the concealment of your IP (Internet Protocol address), which is that unique signature/number that identifies you and your location. TUVPN.COM, like many VPN service providers, has a non-logging policy which means we do not store any information on the networking activity of our clients.

Through the careful selection of your VPN server provider, you can be sure that only you hold information on your Internet traffic…..browsing, emails, messaging etc.

Obviously, the key to using these services is trusting the integrity of the VPN provider and being comfortable that they deliver guarantees of anonymity and privacy. This is why a careful choice is necessary and highly advisable.

Many would say that if you do nothing wrong you have nothing to hide. This hits upon the eternal discussion on individual liberties and the limits and boundaries governments, corporations, and lobbyists continually debate. Ask yourself this question; Do you lock the door of your house when you leave? You would say, 'yes', and yet do you have anything to hide in your house? Probably not, but you want to make sure that what is private to you is secure and cannot be accessed by anyone without your control. Why therefore would we not want to put a lock on a part of our lives that is becoming more and more important in our day-to-day activities….banking, communication etc etc

Good uses of a VPN service are many and we will be detailing these in the following posts. As with so many things in life, VPN services can be perverted by users to other undesirable purposes, but why should this limit the availablity of such a service to the general public with legitimate uses.

Get Your VPN NOW!