Archives

by Jean Luc Picard

A/I VPN

 

Leggi questa pagina in Italiano

Lea esa pagina en español

What are A/I VPNs?

Virtual Private Networks (VPN) are typically used to connect remote workers to the main office network. The A/I VPNs are different: they sends all your internet traffic through an encrypted connection to our servers, where it then goes out onto the public internet. This type of VPN is sometimes called a “Personal VPN”. The goal with a personal VPN is not to securely connect you with a private network, but to securely connect you to the internet as a whole.

Personal VPN can be used for many different reasons. A/I chose to provide this service for emergency situations limited in time, such as a journey, the coverage of an event or a demo. A/I VPNs are not available for permanent home use: if you need to anonimize your Bittorrent traffic you should look forward to different solutions.

Why would you want to use A/I VPNs?

A/I Collective believes that providing its users with safe and anonymous channels to connect to the internet is a very important step against censorship and institutions’, governments’ and polices forces’ dreams of total control on internet access. That’s why we have been suggesting to our supporters to use Tor and that’s why we are releasing this new A/I VPN project.

Around the world, governments are using the internet for social control, through both surveillance and censorship. While many people are familiar with the censorship of the internet by governments in China and Iran (just to mention a couple of examples), you may not realize that the US practices active surveillance of internet users’ relationships and the European Union countries require all ISPs and website operators to record and retain personal data on your behavior. With three-strikes laws, many countries now deny citizens access to the internet if accused of file sharing. Some countries (like Egypt during Tahrir square unrest in 2011) forbid the use of new communication technologies, like skype.

That’s why A/I VPNs can help those who feel the need for a safe, encrypted channel to communicate free of the prying eyes and ears of governments, ISPs and repression or control institutions. A/I VPNs aim to:

  • protect against ISP surveillance: A/I VPNs eliminate the ability of your ISP to monitor your communication. They have no meaningful records which can be used against you, either by marketers or the state.
  • bypass government censorship: A/I VPNs can entirely bypass all government censorship, so long as you still have access to the internet. Note, however, that careful analysis of your traffic could reveal that you are using a VPN, which may or may not be legal in your jurisdiction.
  • allow you to reach the internet through an encrypted channel.
  • access the entire internet, regardless of where you live: A/I VPNs allow you to pretend to live in any country where we have a VPN server. This gives you access to restricted content only available in those countries. A/I VPNs also allow you to use services that may be blocked in your country, like Skype.
  • break free from a corporate firewall: so you work for an evil corporation and you try to waste as much time as possible surfing the web? Unfortunately, the corporate firewall probably prevents you from visiting many websites (riseup.net is on the list of banned sites for many corporate firewalls). A/I VPNs will let you entirely bypass these restrictions and gives you access to the whole web.
  • secure your Wi-Fi connection: any time you use a public Wi-Fi connection, everyone else using that access point can spy on your traffic. A/I VPNs will prevent this.

Limitations to using A/I VPNs

A/I VPNs shares some limitations common with all “personal” VPNs, and their use is further limited by some choices we made as A/I Collective.

From a technical standpoint VPNs are not a panacea: although VPNs accomplish a lot, they can’t fix everything. You should use in any case SSL/TLS connections (https to surf, pop-ssl/imaps/smtp-tls for mail exchange, and so on). Furthermore once your data is securely routed through our servers it will go out on the internet as it normally would, A/I VPNs will only anonymize your location. And A/I VPNs cannot increase your security if your computer is already compromised with viruses or spyware. If you give personal information to a website, there is little that a VPN can do to maintain your anonymity with that website or its partners. Last but not least the internet might get slower: the A/I VPNs routes all your traffic through an encrypted connection to our servers before it goes out onto the normal internet. This extra step can slow things down: this does not matter if your main aim is to communicate safely and privately, but it’s of course a big pain in the neck if you are using A/I VPNs for leisure (the wrong reason to use our resources).

A/I Collective resources are limited, that’s why the package we offer you with A/I VPNs will work for 7 days, after which you will have to renew all the configurations. This is not due to our sadistic nature, but simply to the need to be sure that you are using A/I VPNs for actual needs and to struggle against censorship and control.

How do you configure your PCs to use A/I VPNs?

To activate a A/I VPN you have to browse to the vpn.autistici.org website and download a zip file containing an SSL certificate (and private key) used to authenticate to the VPN network. This file is very sensitive, keep it in a safe place, and with it you can configure one of the many different software created to setup personal VPNs. In the zip file you will find a README.txt file where you will specific instructions to install the VPN connection on your device, depending on your OS. Once the A/I VPN has been estabilished all your internet traffic will be routed through an encrypted connection to our server before reaching any other target.
Remember: to download the zip file and use A/I VPNs you have to be one of our users, ie you have to own a mail on our servers and its password. If you don’t have one, get one!

A/I VPN uses OpenVPN. You can use a lot of different client to connect to it. We have written some manuals for most widespread systems. If the information in the README.txt files were not enough for you, read one of the following howtos:

We wish to thank a thousand times Riseup for inspiring this document

from here

by Jean Luc Picard

VPN Gate: Free Access to World Knowledge Beyond Government’s Firewall. @vpngate

 

 

VPN Gate Overview

VPN Gate Academic Experiment Project is an online service as an academic research at the Graduate School of University of Tsukuba, Japan. The purpose of this research is to expand the knowledge of “Global Distributed Public VPN Relay Servers” .

Why VPN Gate?

You can take three advantages if you use VPN Gate:

  1. You can bypass the government’s firewall to browse oversea web sites (e.g. YouTube).
  2. You can camouflage your IP address to hide the source of sending information over Internet.
  3. You can protect use of Wi-Fi with strong encryption.

Unlike existing VPN services, VPN Gate has strong resistance against firewalls.
VPN Gate is free of charge. No user registrations required.

VPN Gate Public VPN Relay Servers

There is a list of Public VPN Relay Servers on the VPN Gate Academic Project Web Site.
Anyone on the Internet can connect a VPN connection to any VPN servers on the list.
No user registrations are required.

How does VPN Gate work?

  • VPN Gate consists of many VPN servers, which are provided by volunteers around the world.
    You can provide your own computer as a VPN server to join this experiment.
  • Windows, Mac, iPhone, iPad and Android are supported.
  • Supports SSL-VPN (SoftEther VPN) protocol, L2TP/IPsec protocol, OpenVPN protocol and Microsoft SSTP protocol.
  • Anonymous connections are accepted.
  • No user-registrations are required.
  • IP addresses of each VPN server are not fixed. IP address may change at irregular period.
  • VPN servers increase and decrease every day. Therefore, all VPN servers don’t located on the particular IP address range.
  • While a VPN client is connecting to the VPN server, the VPN client can access to the Internet via that VPN server. You can hide your IP address of the client.
  • When you use a VPN server which is physically located on an oversea country, your any communication are regarded as if it is initiated from that country. Then you can access to web sites, by using VPN Gate, which are usually unreachable from your country.

The problem that this research solves

Out motivation to begin the VPN Gate Experiment are to solve the following existing problems.

Existing Problem #1. Government’s Firewall Blocks to Access Oversea Web Services for Overprotection

The Internet is a revolutionary network to enable all user’s computers and servers to communicate each other without any restriction. Any web sites which are provided by individuals or companies can be reachable from anywhere around the world. Each people in the world is a potential customer of a web service. So every Internet companies are trying to develop and improve their web services continuously. World-wide competitions occur, and qualities of every services will be better and better, forever.

Such competitions over the world without any barriers are essential for improving the quality of Internet services. Internet provides such a great playing field for fair competition environment. However, some countries are attempting to interfere against the fair competition. For example, great video-sharing sites such as YouTube, or excellent SNS sites such as Twitter or Facebook, are existing in the world. Some governments place a contents-filter on the border between domestic and international Internet. Such a contents-filter is used to be called “Government’s Firewall” . People in such a country are often affected by the government’s firewall.

In United States, Japan and most of Europe countries, people prohibits their governments from placing such a government’s firewall, by the Constitution. However, it is said that some other countries have such a firewall for contents-filtering.

The government’s firewall force the people to use only domestic web services instead of international web services. They cannot visit international web-services which compete with domestic web-services. In other words, such a government supplies unfair advantages to the few domestic web-service providers in exchange for push inconveniences to the all Internet users of the country. In the long-term viewpoint such a government’s overprotecting policies will be cause of decline in public-interests, because most of people in the country are blinded to the world-valuable overseas web services.

It is convenient for users behind the government’s firewall if they can free-access to YouTube, Twitter, Facebook or other great web services. As the consequence, over-protected domestic web-service providers under unfair good-treatment by the government’s firewall will be involved to the world-wide fair competitions. In the long-term view, the competitions will improve both domestic and international web services, and every domestic people will receive benefits.

 

Existing Problem #2. Identifying an individual by tracing an IP address on the access log of the server is possible.

If you access to web sites, or send an e-mail, your source IP address will be logged on the destination web server, or on the headers included in the e-mail contents.

An IP address is not a personal information as only it. However, IP address can be used to track an individual who makes activities over several web sites. Such a tracing technique is used for unwanted advertising.

Additionally, an IP address can be used to identify the person who initiated the concerning communication, by using the law-enforcements procedures. Polices, prosecutors or lawyers can abuse their privileges to request the log files of IP address allocation which are hold by ISPs. Such IP address allocation logs are enclosed by ISPs in usual time. However, once someone obtains the logs, he can investigate who sent an e-mail, or who post a message to the web site. It might be abused to revenge to the one who conducted an indictment for public interests. The risk of IP address traceability might discourages the good people’s motivation to accuse something for public benefit.

Moreover, on the Internet, a person who was assigned a specific IP address at a specific time will be regarded to have the responsibility of any illegal communications which were initiated from that IP address at the same time. Recently in Japan, law-enforcer’s disgraceful matters are criticized as serious problems that law-enforcement officers mistaken arrests innocent Internet users who never conduct nothing illegal on his computer but the computer was infected a Trojan which is controlled remotely by the real criminal person. The real criminal person let the computer of the innocent Internet user to send blackmails to some companies, and the innocent persons was arrested unjustly by law-enforcers. The innocents were finally released, but it was one of the worst false accusation incidents in Japan’s recent history.

Therefore, it is preferable that there is a method to hide your real IP address temporary when you access to the Internet. If your real IP address will be hidden, no advertisement-purposed IP address tracing will be unsuccessful. The risk of IP address traceability will be reduced, and the good people who are planning to accuse something for public interests will be easy to do it. The risk of mistaken arrests will never come to you if you hide your real IP address while connecting to the Internet, even if your computer is infected by Trojan or malicious software.

Existing Problem #3. Public Wi-Fi is under the risk of packet tapping.

Most of public Wi-Fi can be tapped by everyone. Your plaintext communication are not safe. Wired networks are also under the risk of tapping. ARP spoofing attackers can capture your packets. Moreover, the network administrator or the facility owner of cafe or airport who provides the public Wi-Fi can always tap on your communication. Even if you are using Internet at your home, there is a risk that the employee of your ISP or telecom company might tapping on the line to peek your plaintext packets. (In fact, there was a criminal incident that an employee of Nippon Telegraph and Telephone Company conducted the wiretapping in the telecom building. So we can never trust employees of ISPs or telecom companies.)

When using HTTP, POP3 or IMAP plain-text communication on the Internet, you cannot avoid the tapping. SSL (HTTPS) is secure against tapping, however most of web sites uses HTTP. HTTP packets are transmitted in the plaintext format.

It is preferable that there is a method to encrypt all communications to Internet servers automatically. In such a situation, no one on the local network or local telecom building cannot peek contents of your packets.

VPN encrypts and relays your packets

If you use VPN when you uses the Internet, you can solve above all of three problems.

Solution 1. VPN can bypass the government’s firewall.

If the government’s firewall is out of order, and some overseas web sites are unreachable from behind the firewall, you can access such web sites via overseas VPN servers. The overseas VPN server will relay your communication towards the target web server.

Solution 2. VPN can hide your real IP address.

While the VPN connection is established, all communication’s source IP addresses will be replaced to the IP address of the relaying VPN server. This will very helpful for you because no one can no longer easily analyze and trace your real IP address of that moment. IP address logs on the target web server or the header list of e-mail will be recorded as if the communication was initiated by the relaying VPN servers. You can hide your IP address securely, and you can send anonymous posts or e-mails toward web sites or mail servers. It will encourages you if you are intend to conduct a righteous accusation for public benefits. You are now not under the risk of revenge by the accused person. Moreover, if your computer is infected by the Trojan which were sent by the “real criminal” , and the real criminal sends an remote operation to let your computer sends illegal blackmails to someone, you are no longer under the risk of mistaken arrests by law-enforcers.

Solution 3. VPN can prevent the tapping.

If you always use VPN, all communications will be automatically encrypted. Even if your neighbor on the local network is a wire tapper, your packets cannot be peeked by him.

Note that this solution can only encrypts the VPN tunnel, and can only avoid tapping on the local network. Packets between the relaying VPN server and the destination web servers are plaintexts. Plaintext packets might be tapped. However, at least local tapping can be prevented.

VPN Gate’s advantage to existing VPN services

As described above, VPN can solve several problems on using the Internet. However, usually you need at least one VPN server in the remote place (overseas) physically to exploit the functions of VPN as mentioned above.

Most of Internet users are unable to have their own VPN servers in an overseas country. For such users, there are existing paid shared-VPN services which are provided by some Internet companies. Such a service requires a user registration with credit-card number for payment, and an account will be created for the user. The user will gain the right of use the shared VPN servers for specific terms along to the contract.

So what is different between VPN Gate and existing such paid VPN services? In the viewpoint of users, the two seems to be similar. However, VPN Gate has differences to existing VPN services as described as following.

Problems of existing shared VPN services

Existing VPN services are implemented that the provider company hosts some VPN servers on the datacenter. This traditional way of providing some shared VPN servers on the datacenter has a problem that IP addresses of each VPN servers are on the same or similar IP address allocation block. Because the IP addresses are assigned by the same ISPs, generally. And IP addresses of each VPN servers are fixed, so they are seldom changed.

Such a shared VPN service has not tolerance against “unknown trouble on the government’s firewall” . The “unknown trouble on the government’s firewall” usually appears to the circumstance that some series of IP address blocks become completely unreachable from inside the country. If “unknown trouble” occurs to cover the IP address range of allocated IP address blocks for a shared-VPN server cluster, no VPN servers of the cluster will be unreachable from such a country. In fact, recently it is reported that one day a specific cluster of existing shared VPN servers become unreachable suddenly from a specific country which has the government’s firewall.

There is another problem of existing shared VPN services: occupation of bandwidth. Existing shared VPN servers are physically placed on the specific datacenter. All of every users’ communication will be concentrated at the Internet transit line of the datacenter’s uplink. And all processing workloads will be concentrated on some shared-VPN physical servers hosted in the datacenter. The service provider considers to increase the number of VPN servers in the cluster, or increase the bandwidth of Internet transit lines, but such expansions take costs. If cost increases, the fee of such a shared VPN service will increase. If serves cost, the speed of such a shared VPN service will be decline. Most of shared VPN services cannot provide the adequate quality to users.

Advantages of VPN Gate Academic Experiment

As you can see on the List of VPN Gate Public VPN Relay Servers, there are a lot of running VPN Gate Public VPN Relay Servers. These VPN servers are not physically placed on a specific datacenter nor a specific IP address allocation block; they are hosted on different ISPs and on physical locations to each other.

Every VPN Gate Public VPN Relay Servers are distributed and hosted by many volunteers. A volunteer is a person who owns a computer which is keeping the broadband connection to the Internet. He is a person who agrees to provide the CPU time and bandwidth to support the VPN Gate Academic Experiment. You can become a volunteer.

Volunteers are distributed geographically. The ISPs of volunteers are also distributed. So IP addresses of every VPN servers are distributed. No characteristics on the assigned IP addresses. The number of volunteers increases or decreases every day, and each IP address vary every time. If something “out-of-order” will occur on the government’s firewall, whole the VPN Gate Relay Server are not affected. If a few VPN servers become unreachable from your country, you can still reach other VPN servers.

Because VPN Gate servers are hosted by volunteers and each volunteer spends very small amount of costs for bandwidths and CPU times for his VPN server, the VPN Gate Service can be used for free of charge for everyone. The free of charge means that no user registration is required to anyone who wants to use VPN Gate service.

Therefore, unlike the existing shared VPN services, the VPN Gate Academic Experiment Service can be used with no paying.

Mirror servers of VPN Gate web site

Once a user connects a VPN session to one of the VPN Gate Public VPN Relay Servers, he can gain free access to the Internet from any country.

However, if the www.vpngate.net web site (this web site) is unreachable from his country, he cannot obtain the VPN Gate Public VPN Relay Servers List at first.

So we are providing Many Mirror Site URLs to help users who are in such countries. If a user can obtain access to at least one of the mirror sites, he can browse the VPN Gate Public VPN Relay Servers List page.

If you are a citizen of the country which has a government’s firewall with unknown error which prevents accesses to the www.vpngate.net from the domestic Internet, please access to the Mirror Sites List page, copy the URL list and paste it to SNS, Blogs or community forums in your country to help VPN users in your country.

VPN Gate is an extended plug-in for SoftEther VPN Software

Visit our another VPN project, “SoftEther Project”.
This is the parent project. VPN Gate is a child project of SoftEther Project.

from here

by Jean Luc Picard

n2n: Layer Two Peer-to-Peer VPN

 

n2n is a layer-two peer-to-peer virtual private network (VPN) which allows users to exploit features typical of P2P applications at network instead of application level. This means that users can gain native IP visibility (e.g. two PCs belonging to the same n2n network can ping each other) and be reachable with the same network IP address regardless of the network where they currently belong. In a nutshell, as OpenVPN moved SSL from application (e.g. used to implement the https protocol) to network protocol, n2n moves P2P from application to network level.

The main n2n design features are:

  • An n2n is an encrypted layer two private network based on a P2P protocol.
  • Encryption is performed on edge nodes using open protocols with user-defined encryption keys: you control your security without delegating it to companies as it happens with Skype or Hamachi.
  • Each n2n user can simultaneously belong to multiple networks (a.k.a. communities).
  • Ability to cross NAT and firewalls in the reverse traffic direction (i.e. from outside to inside) so that n2n nodes are reachable even if running on a private network. Firewalls no longer are an obstacle to direct communications at IP level.
  • n2n networks are not meant to be self-contained, but it is possible to route traffic across n2n and non-n2n networks.

 

The n2n architecture is based on two components:

  • edge nodes: applications installed on user PCs that allow the n2n network to be build. Practically each edge node creates a tun/tap device that is then the entry point to the n2n network.
  • an supernode: it is used by edge nodes at startup or for reaching nodes behind symmetrical firewalls. This application is basically a directory register and a packet router for those nodes that cannot talk directly.

 

Edge nodes talk by means of virtual tap interfaces. Each tap interface is an n2n edge node. Each PC can have multiple tap interfaces, one per n2n network, so that the same PC can belong to multiple communities.

Quickstart

  • Download and compile the code
  • Decide where to place your supernode. Suppose you put it on host a.b.c.d at port xyw.
  • Decide what encryption password you want to use to secure your data. Suppose you use the password encryptme
  • Decide the network name you want to use. Suppose you call it mynetwork. Note that you can use your supernode/edge nodes to handle multiple networks, not just one.
  • Decide what IP address you plan to use on your edge nodes. Suppose you use IP address 10.1.2.0/24
  • Start your applications:
    #supernode > supernode -l xyw
    #edge node1> edge -a 10.1.2.1 -c mynetwork -k encryptme -l a.b.c.d:xyw
    #edge node2> edge -a 10.1.2.2 -c mynetwork -k encryptme -l a.b.c.d:xyw

    Now test your n2n network:

    #edge node1> ping 10.1.2.2
    #edge node2> ping 10.1.2.1

Platform-dependent Differences

  • OSXIn some OSX version, the tun/tap device is missing. In this case you need to download and install the tuntapdriver.
  • LinuxYou need to specify the tap interface name with -d.
    #edge node> edge -d n2n0 -c mynetwork -k encryptme -a 1.2.3.4 -l a.b.c.d:xyw
  • WindowsThe port is available. You need to compile the project part of the SVN code using Visual C++ .NET 2008 Express. For your convenience from time to time we compile Win32 binaries that you can download from this URL.

n2n Security

n2n 1.x has been designed to be simple and used in private n2n networks. We’re aware that it has some security limitations such as

  • Keys on the command line are a problem.
  • Lack of nonces in encryption makes it relatively easy to perform replay attacks.
  • Lack of HMAC makes man in the middle relatively easy. (I don’t think this is a valid criticism as n2n is not trying to attach trust to a connection, just opacity).
  • Difficulty in rolling keys and integrating secure key exchange protocols.

For this reasons the next n2n 2.x release will feature the following security extensions:

  • Each encrypted payload gets a 32-bit nonce (salt) so the same packet will get encrypted differently each time. This makes it harder to perform replay attacks, discover keys, etc. [status = WORKING]
  • Each encrypted packet carries a key index in clear-text so the edges can signal key changes to the receiver. Key exchange could be done by eg. IKE (IPSec) or Kerberos, or just having a list of shared keys that is updated from time to time. Having a key index allows for reliable key rolls if the clocks on the two edges are skewed slightly. [status = WORKING]
  • Edge program will have a key discovery channel to allow eg. IKE, Kerberos, SSL, etc. to be plugged in and provide a secure key exchange method. [status = design phase]
  • Each n2n packet carries a transform identifier so a mixture of encrypted and unencrypted packets can be carried and the decoding transform identified at runtime. The transform identifier allows data transform plugins and extensions. When new encryption or compression types are added, the n2n packet format does not need to change and receivers can detect if know how to process the packet. [status = nearly finished]

    The above statements do not mean that n2n is insecure, just that security will be better addressed in the next major release.

n2n Gui: graphical frontend for n2n.

example

n2n website

 

by Jean Luc Picard

#China stops #VPNs we #stopcensure

 

Notice: VPNs Are Not for Fun

These two notices, posted to Google+ last week, inform employees at a business center in the capital of new measures to ensure that virtual private networks (VPNs) are used for work purposes only. VPNs allow users to connect to the Internet outside of China’s Great Firewall. Without access to the free Internet, it would be near impossible for most international organizations to do business in China. But because they have “abused their privilege,” these employees will now have to let technical staff know whenever they need access.

Warning

Recently, it has been discovered that at night in some rooms, staff have been privately logging on to prohibited websites (Facebook, Twitter, MySpace, etc.). Upon discovering such activity, the violator’s Internet access will be directly cut off and the police will be notified. In cooperation with police policy of Internet access through real-name registration, starting today, we will begin the trial implementation of PPPoE* real-name registration for Internet access.

Zhi Jia Rui He Business Center
Jinan City Internet Monitoring Team
2012-11-19

* PPPoE: Point-to-Point Protocol over Ethernet

Warning

In order to eliminate access to prohibited websites through use of software by internal staff, starting today, the function will now be disabled. For those who must use a to access the Internet, after preparing your file, go to D1 (88885681) and ask a technician to help set up your connection.

Jinan Zhi Jia Rui He Business Center
Jinan City Internet Monitoring Team
2012-11-19

Read more about the travails of VPNs, Google, and the free Internet in China from CDT.

Via CDT Chinese. Translation by Little Bluegill.

November 27, 2012 11:32 AM
Posted By:
from here

 

VPNs & Proxies

VPNs and proxies can be used as tools to get around the Great Firewall of China. This means that by using these tools one can access any website when in China, regardless of whether it’s blocked or not. Naturally, many of these tools are themselves blocked. Here’s an overview of some major VPN and proxies and whether they’re accessible in China. If the main website of the tool is blocked, it may be difficult to sign up for the service. However, the service itself may still be working.

Showing 1 to 64 of 64 matching URLs.

URL Tested Since Alexa Traffic Rank (Global)sort descending Blocked* Restricted**
URL Tested Since Alexa Traffic Rank (Global)sort descending Blocked* Restricted**
https://code.google.com/p/goagent Dec 17, 2012 1 0% 0%
https://itunes.apple.com/app/opendoor/id5438080… Dec 17, 2012 50 0% 0%
https://s3.amazonaws.com/0ubz-2q11-gi9y/en.html Dec 15, 2012 146 0% 0%
https://1.hidemyass.com Jan 10, 2013 855 0% 0%
https://hidemyass.com Jan 19, 2013 863 0% 0%
www.hidemyass.com Mar 19, 2011 863 100% 0%
hotspotshield.com Feb 26, 2011 7 302 100% 0%
https://www.torproject.org Mar 27, 2011 13 194 100% 0%
www.torproject.org Feb 25, 2011 14 804 100% 0%
cyberghostvpn.com Jul 22, 2011 35 080 100% 0%
https://btguard.com Dec 15, 2012 35 477 0% 0%
https://www.ipredator.se Jul 21, 2012 35 582 100% 0%
https://cyberghostvpn.com Mar 23, 2011 39 998 100% 0%
www.dongtaiwang.com/loc/download.php Dec 15, 2012 40 758 100% 0%
https://www.strongvpn.com Dec 15, 2012 43 793 100% 0%
www.strongvpn.com Mar 10, 2011 44 169 100% 0%
https://www.purevpn.com Mar 25, 2012 77 395 0% 0%
www.purevpn.com Mar 22, 2011 77 395 100% 0%
https://www.goldenfrog.com Mar 23, 2011 78 748 0% 0%
https://www.privateinternetaccess.com Dec 15, 2012 90 085 100% 0%
https://www.overplay.net Mar 23, 2011 108 830 100% 0%
https://ultrasurf.us Dec 17, 2012 109 571 0% 0%
www.overplay.net Aug 02, 2011 112 771 100% 0%
https://torrentprivacy.com Dec 15, 2012 119 231 0% 0%
https://www.tunnelbear.com Mar 10, 2013 137 816 100% 0%
https://www.kepard.com Mar 10, 2013 137 849 100% 0%
https://www.astrill.com Mar 23, 2011 137 870 0% 0%
www.astrill.com Apr 05, 2011 145 402 0% 0%
www.ibvpn.com Mar 10, 2011 149 866 100% 0%
www.hideipvpn.com Mar 04, 2011 157 695 100% 0%
www.witopia.net Mar 12, 2011 181 283 100% 0%
https://www.witopia.net Mar 25, 2012 203 843 0% 0%
https://www.ipvanish.com Dec 15, 2012 205 797 0% 0%
www.ffvpn.com Aug 30, 2012 228 417 0% 0%
www.vpnoneclick.com Dec 17, 2012 230 318 100% 0%
www.vpn4all.com Mar 04, 2011 234 651 100% 0%
https://www.grjsq.biz Dec 26, 2012 244 718 0% 0%
https://www.vpnreactor.com Dec 15, 2012 249 779 0% 0%
www.expressvpn.com May 23, 2011 288 613 100% 0%
www.puffinbrowser.com Apr 19, 2012 310 032 100% 0%
https://vpnreactor.com Mar 10, 2011 315 839 100% 0%
https://airvpn.org Mar 23, 2011 321 963 100% 0%
https://www.vpntunnel.com Dec 15, 2012 337 021 0% 0%
https://faceless.me Dec 15, 2012 338 542 100% 0%
www.itshidden.eu Dec 15, 2012 492 033 0% 0%
torvpn.com Mar 08, 2011 562 130 100% 0%
www.vpnvip.com May 19, 2011 639 311 100% 0%
https://mullvad.net Dec 15, 2012 661 566 100% 0%
https://www.vpnvip.com Dec 17, 2012 702 242 100% 0%
www.vpncloud.me Dec 19, 2012 714 047 0% 0%
https://www.privatvpn.se Dec 15, 2012 790 987 0% 0%
https://www.torservers.net Mar 23, 2011 802 574 0% 0%
https://www.blackvpn.com Dec 15, 2012 802 724 100% 0%
https://puffstore.com Dec 15, 2012 0% 0%
thefreevpn.com Mar 25, 2011 100% 0%
www.swissvpn.net Mar 19, 2011 100% 0%
psiphon.ca May 04, 2011 0% 0%
psiphon3.com Nov 08, 2012 0% 0%
www.vpnfire.com Dec 17, 2012 100% 0%
https://privacy.io Dec 15, 2012 0% 0%
www.ultrareach.com Feb 18, 2011 0% 0%
https://killwall.com Dec 19, 2012 0% 0%
https://ivacy.com Dec 15, 2012 0% 0%
www.yourprivatevpn.com Feb 14, 2012 100% 0%
* Blocked, in the last 30 days. ** Otherwise restricted, in the last 30 days. More info.
from here

 

Use our tools to bypass the censure

by Jean Luc Picard

VPN #Free for #Activists

 

A VPN (virtual private network) encrypts and tunnels all Internet traffic between yourself and another computer. This computer might belong to a commercial VPN service, your organization, or a trusted contact.

Because VPN services tunnel all Internet traffic, they can be used for e-mail, instant messaging, Voice over IP (VoIP) and any other Internet service in addition to Web browsing, making everything that travels through the tunnel unreadable to anyone along the way.

If the tunnel ends outside the area where the Internet is being restricted, this can be an effective method of circumvention, since the filtering entity/server sees only encrypted data, and has no way of knowing what data is passing through the tunnel. It has the additional effect of making all your different kinds of traffic look similar to an eavesdropper.

Since many international companies use VPN technology to allow employees who need access to sensitive financial or other information to access the companies’ computer systems from home or other remote locations over the Internet, VPN technology is less likely to be blocked than the technologies used only for circumvention purposes.

It is important to note that the data is only encrypted as far as the end of the tunnel, and then travels unencrypted to its final destination. If, for example, you set up a tunnel to a commercial VPN provider, and then request the Web page http://news.bbc.co.uk through the tunnel, the data will be encrypted from your computer to the VPN provider’s computer at the other end, but from there it will be unencrypted to the servers run by the BBC, just like normal Internet traffic. This means that the VPN provider, the BBC and anyone with control over a system between these two servers, will, in theory, be able to see what data you sent or have requested.

Using VPN services

VPN services might or might not require installation of client-side software (many rely on existing VPN support in Windows, Mac OS or GNU/Linux and so need no extra client software).

Using a VPN service requires you to trust the owners of the service, but provides a simple and convenient method of bypassing Internet filtering, for free or for a monthly fee generally between 5 and 10 US dollars, depending on the service. Free services are often either ad-supported, or limit the bandwidth and/or the maximum traffic allowed over a given period.

Popular free VPN services:

  • Hotspot Shield, https://hotspotshield.com
    According to a 2010 report from the Berkman Center, Hotspot Shield is overwhelmingly the most popular VPN service. For more details on how to get and use Hotspot Shield, read the “Hotspot Shield” chapter of this manual.

Examples of paid VPN services include Anonymizer, GhostSurf, XeroBank, HotSpotVPN, WiTopia, VPN Swiss, Steganos, Hamachi LogMeIn, Relakks, Skydur, iPig, iVPN.net, FindNot, Dold, UnblockVPN and SecureIX.

You can find a list of free and paid VPN providers, with their monthly fee and technical characteristics at http://en.cship.org/wiki/VPN.

We suggest to read this article about VPN anonymity and this article about mandatory data retention.

VPN standards and encryption

There are a number of different standards for setting up VPN networks, including IPSec, SSL/TLS and PPTP, that vary in terms of complexity, the level of security they provide, and which operating systems they are available for. Naturally, there are also many different implementations of each standard within software that have various other features.

  • While PPTP is known to use weaker encryption than either IPSec or SSL/TLS, it may still be useful for bypassing Internet blocking, and the client software is conveniently built into most versions of Microsoft Windows.
  • SSL/TLS-based VPN systems are relatively simple to configure, and provide a solid level of security.
  • IPSec runs at the Internet level, responsible for packet transfer in the Internet architecture, while the others run at the Application level. This makes IPsec more flexible, as it can be used for protecting all the higher level protocols, but also difficult to set up.

Set up your own VPN service

As an alternative to paying for commercial VPN services, users with contacts in unrestricted locations may have these contacts download and install software that sets up a private VPN service. This requires a much higher level of technical knowledge, but it will be free. Also the private nature of such a setup means it is less likely to be blocked than a commercial service that has been available for a long time. One of the most widely used free and open source programs available for setting up this kind of private VPN is OpenVPN (http://openvpn.net), which can be installed on Linux, MacOS, Windows and many other operating systems.

To understand how to set up an OpenVPN system, read the “Using OpenVPN” chapter in this manual.

Advantages

A VPN provides encrypted transfer of your data, so it is one of the safest ways to bypass Internet censorship. Once configured, it is easy and transparent to use.

VPNs are best suited for technically capable users who require secure circumvention services for more than just web traffic and who access the Internet from their own computer where they can install additional software. VPNs are an excellent resource for users in censored locations who do not have trusted contacts in non-filtered locations. VPN technology is a common business application that is not likely to be blocked.

Disadvantages and Risks

Some commercial VPNs (especially the free ones) are publicly known and may be filtered. They normally cannot be used in public access locations where users cannot install software, such as Internet cafés or libraries. Use of VPNs may require a higher level of technical expertise than other circumvention methods.

A network operator can detect that a VPN is being used and determine who the VPN provider is. The network operator should not be able to view the communications sent over the VPN unless the VPN is set up incorrectly.

The VPN operator (much like a proxy operator) can see what you’re doing unless you use some additional encryption for your communications, like HTTPS for Web traffic; without additional encryption, you have to trust the VPN or tunnel operator not to abuse this access.

from here

If you want a VPN read this and contact us, we'll send you a paid VPN access of the duration of 1 month or more. Free. But only for activists!