VPN.AC have commenced September brightly by implementing key updates across all of their VPN servers as well as releasing an upgraded version of their Windows client. The updates include significant enhancements to the code OpenVPN code as well as some minor big fixes, which will soon also reflect on the Mac version of the software.
Update 1 – ECC (Elliptic Curve Cryptography) support
The company is well regarded for their commitment towards optimising network security and the newly introduced support for ECC (Elliptic Curve Cryptography) is a great example of a VPN provider that does not wait for cracks to appear. ECC also demonstrates that progression of VPN technology is showing no signs of slowing down. Here’s what the VPN.AC team had to say about their latest update, explaining in brief how ECC works:
We introduced support for Elliptic Curve Cryptography along with TLS 1.2. Elliptic Curve is one of the most powerful types of cryptography today, it is future-proofing and is arguably significantly more secure than RSA. However, its level of security depends on the curves being used: some being more secure than others. In our implementation we decided to use the secp256k1 elliptic curve, that is not part of the NIST standard. The design of NIST curves raised many questions and consensus is that they are likely backdoored by the NSA.
As a result of the update, VPN.AC are now utilising ECC during the most important part of OpenVPN communication – tunnel authentication and key exchange. Taking advantage of hardware acceleration for AES in modern Intel CPUs, AES 128-bit is used for data-channel encryption. Android users can also benefit from ECC as it is supported by the OpenVPN app, on top of which 128-bit AES actually requires less CPU power, leading to better battery longevity in comparison to AES 256-bit.
Update 2 – Obfuscation support for OpenVPN (XOR cipher), optimised for bypassing tough firewalls
The second major update involves integrating obfuscation support with the OpenVPN protocol. In other words, when OpenVPN is obfuscated, its data appears like regular SSL traffic over an unidentified encryption protocol, which makes it very difficult for firewalls with Deep Packet Inspection capabilities to detect and block. The Great Firewall of China is a perfect example of one that uses DPI to sniff out VPN protocols and traffic, and it is easily capable of cutting off a lightly configured OpenVPN connection. To overcome this, VPN.AC are now running both the the robust AES 256-bit implementation together with the new protocol-type that runs on several ports including TCP 443 (HTTPS), substituting the previously implemented Blowfish 128-bit. Consequently, handshake packets are now obfuscated, making it impossible for the firewall to recognise this traffic as part of an OpenVPN tunnel.
Update 3 – Software immunity to DNS blocking
Previously, there have been instances where tough network restrictions resulted in the VPN.AC client not always being able to list all servers, in addition to errors that occasionally sprung up when attempting to manually connect using certain server names. The third update ensures that internet service providers can no longer use DNS blocking to stop VPN.AC users from connecting to any of the nodes.
Update 4 – Geo-IP location fix in software
The fourth update concerns a minor issue with the client’s built-in geo-location display service. With the latest fix, the provider has made the geo-IP service available on 6 servers (on 3 continents), meaning the issue is highly unlikely to persist.
To find out more about VPN.AC and their services, check out our in-depth review.