Checking VPN connection online. Checking the VPN connection configuration. secure connection via https - ssl protocol

Readers of Complitra ru are already familiar from our articles with various VPN services, their purpose and some of the nuances that are now so necessary for safe and somewhat free use of the Internet - without any restrictions or censorship of the web.

Today we will talk about the fact that not all providers (vpn providers) can provide (or ensure) a stable and high level of unconditional security on the Internet.

Let’s consider the most important aspects so necessary for a respectable user: let’s learn how to check your VPN service for the presence of “cipher voids”; Let’s find out what is important to pay closer attention to: we are only talking about what each user can easily check on their own and understand how reliably they are protected by the VPN service.

Apply - do not use a secure connection via the https - ssl protocol

Text by points:

For those readers who have just wondered about vpn - and this article seems to be something that is not clear, I give the most useful links, by clicking on which you can find out - there, by the way, it discusses in more detail what an SSL connection is... and in general terms below in the text .

I don’t give links to dubious (unscrupulous VPN services), because you yourself, having learned from this article how to check the quality of VPN providers, can easily identify the scoundrels...

secure connection via https - ssl protocol

As sad as it is, I must report that after some tests I carried out, it turned out that several, in general, “not sickly” resources of VPN companies providing advertised services... (don’t be too surprised) still work using the http protocol.

Using an http connection is very good. unsafe(link to article-description just above)! this kind of mess of past technologies makes it possible to easily intercept encryption keys, and, as a sad consequence, to decrypt the Internet traffic of any user of their services.

Today! An important component of the security of the site (and its user) is the indispensable use of the https protocol - “it” uses SSL certificates, which allow you to protect the receipt/transmission of keys... configuration files delivered from the vpn provider to the user.

But for all kinds of protections, there are so-called individual or general encryption keys... More on that below...

individual or shared encryption keys?

Let's call it this - the mistakes - of the VPN providers were like this: many of the services distributed a single key to many servers (and therefore users) - in fact, the user was only protected by the authorization process using a login and password!

Needless to say, in the event of a login and password pair being hacked, the intercepted key (data) allows one to reliably decrypt the client’s (user’s) Internet traffic. Other "Bender" companies simply use different encryption keys for an individual user, but with the same key for all servers. Famously!? ...and you say services/services...)

Only the individuality of the key (for each user) and the server allows for strong protection.

However, the “firms” do not stand still and offer their own branded services!

identified vulnerabilities of “branded” VPN clients

By stipulating the conditions, VPN companies offer their branded VPN clients: no doubt! a branded client is always simpler (in implementing protection) and faster in time, however, it is not always logically safe.

As mentioned, some unscrupulous VPN companies, which still use an unencrypted http connection to the server, recklessly use this negotiation in their branded clients. The whole point of the danger lies in the lack of encryption of the process of receiving/receiving configuration files, etc. - the result is eloquent: keys and configuration files are easily intercepted by outside scammers and can be used against us - all Internet traffic.

...does “our” client use encryption of data reception/transmission, very easily with the help of various programs - sniffers. They are used by hackers, and as you know - “like with like” - if these programs allow you to intercept traffic, then they will help identify vulnerabilities!.. simply, if you manage to find “configuration secrets” cipher keys, then the service is “rotten” in taste.

Everything is clearly visible in the traffic code that the program provides!

changing the key as security for users

In the process of working on a network (on a computer), with a high degree of probability, various situations arise with the loss of secret keys: either the words of a virus... hacking... or the banal loss of a device - for these reasons, avoiding situations of unintentional “deception” of the user, a decent VPN provider offers the user has options to change keys without any loss of the “authorized” subscription.

Moral: as soon as suspicions creep in regarding personal information security, it is definitely recommended to change the VPN keys.

Maintaining and storing logs of Internet work

Keeping and storing logs will provide an information field for the user (for identifying errors) of a particular VPN provider.

This should not be forgotten! since maintaining and remembering/storing logs will allow you to observe the client’s actions on the Internet and his real IP address.

Important!

A VPN representative can thoroughly prove that there is no logging on their (??) server only if he provides full root access (to the client as the administrator of his account, let’s say) for its full verification and control of what is called his own.

how to find out if a VPN is used fingerprint (fingerprint) - in other words, using a VPN

Modern IT technologies make it easy to determine whether a user is using a VPN!? or not...

For the most part, VPN providers do not hide the digital fingerprint of the user. All this is easy to test... //2ip.ru/privacy/

Are encryption algorithms secure?

As it turns out from the article (or rather, by testing), the vast majority (I’m not afraid of this word) of unscrupulous providers use unreliable encryption methods, and this saves the resources of their server. And sometimes, though not often, they do not disdain PPTP, and this has a wide range of vulnerabilities.

You should remember and not forget this circumstance - what technology/encryption algorithms does your VPN provider use?

If anything is not clear and you still have questions, share them in the comments...

A fairly common problem is when a service makes every effort to declare its anonymity, but there is a small note “Terms of Use”. And it already contains detailed information about the logs, including information about the service’s right to record user data for security purposes.

The best VPN services in 2018:

How to make sure your VPN service is anonymous

To make this topic clearer, we will go through a number of questions that will allow us to objectively assess the anonymity of a particular service and the presence of corresponding logs in its operation. When communicating with technical support or managers of the selected service, be sure to ask these questions. Do not rush to ask all questions at once in one letter - this will cause unnecessary suspicion. It is better to limit yourself to one question in the letter. Otherwise, you can’t count on honest and objective answers.

Are logs kept on your VPN service?

If they directly talk about the presence of logs, we immediately refuse such options.

Another option is yes, statistics about users are collected, but only for the service itself. In this case, you need to move directly to the next question.

The third answer is that logs are not kept on the service. Then we immediately skip the next question and move on to the third.

What statistics are collected and processed by the service?

Among the most common answers are various personal data. This includes statistics on email address, browser version, operating system, connection time, etc. This data actually allows you to identify the user. There is a high probability of logging by this service; it obviously cannot be called anonymous. Now is the time to ask the next question to test this statement.

The second likely answer is that we work with Google Analytics to track site visits. In this case, there is no reason to worry. This service is really only intended to collect data about site visits.

You state that the service does not keep logs. Will my account be blocked in case of spam or attacks on sites using this VPN?

If the answer sounds something like “the account will not be blocked, but if there are an abundance of abuses, access to the site through the VPN will be blocked,” In this case, the account will be saved, but you will not be able to log in through our VPN. Such a response becomes a sign of an anonymous service without logging.

The second likely answer is yes, the account will be blocked. Because with the help of our system it is possible to disable logs on the server, but prohibited activities are detected. Consequently, the system will block your account.

Where is the company office located?

We have to understand whether the company is officially registered and whether there is an office. In the case of ghost companies, they have nothing but a website.

If the company's office has state registration of any country, this option should already be alarming. Because upon request from law enforcement authorities, the company will be required to provide all relevant information. State registration establishes the need for logging, with control of user activity. Otherwise, the company will be forced to bear legal responsibility for the activities of its clients. Companies with state registration and office cannot guarantee anonymity. As a rule, on the website you can find information about the offices and the fact of company registration.

If we talk about ghost companies working only with the site, this is a more preferable option for us.

Another option is possible - registering a company in various offshore companies. Yes, such answers are common to make the company more respectable. But in reality, the same ghost company appears before us. But sometimes it’s better not to take risks - if the company is really registered in a certain country, then an official request involves the release of information in accordance with local legislation.

How does the security system work on your service?

The first possible answer is the secret of our service, which we do not disclose. Based on this answer, one can immediately assume that logs are being kept; the resource is not anonymous. Because if there was a special authoring system, it would become a real source of pride for the service that would talk about it. But one cannot count on such miracles.

Another likely option is that there is no response at all from technical support. Such a response also becomes a sign of logging; there are huge doubts about the anonymity of the service.

If all the answers allow you to say that this service can be anonymous, then we move on to practical tests.

But let us warn you right away - all further actions are carried out under your responsibility, at your own peril and risk. We don't really recommend these steps. But they are the ones that allow you to completely verify that there are no logs on the selected service.

This principle involves working with maximum security methods (including anonymous VPN + TOR + proxy). It is under this protection that we try to connect to the server and perform a number of prohibited actions. If an account is blocked, there is no need to talk about anonymity.

It's very easy to hide or change your IP address. All you need is a VPN (virtual private network).

When you connect to a VPN, your IP address is replaced with a different one, and everything looks as if you are elsewhere. When you use a VPN, your internet traffic is routed through an encrypted tunnel so that no one, including your ISP, can see what you do online.

When connected to a VPN, it will appear as if you are in the same location as the server. For example, if you are in the US and connect to a VPN server in the UK, you are virtually in the UK.

What is an IP address?

An Internet Protocol address (IP address) is a unique number assigned to all devices (such as a computer, tablet, or phone) that connect to the Internet.

IPv4 and IPv6 addresses

There are currently two versions of the Internet Protocol in use: version 4 (IPv4) and version 6 (IPv6), and they have two main functions: identification and address assignment.

The sixth version of the Internet Protocol (IPv6) was created in 1995 as a preventative measure to ensure that there would be enough addresses available for the foreseeable future (IPv6 uses 128-bit IP addresses, resulting in 3.4 x 1038 addresses, whereas the IPv4 protocol version uses 32-bit IP addresses and there are about 4 billion addresses in total).

You will not be able to access the Internet without public IP address

To use the Internet, all connected devices must have a public IP address, which allows two devices—the sender and the recipient of Internet communications—to find each other and exchange information.

This is similar to a real address system. For example, if you wanted to subscribe to a magazine, the magazine distributor (the sender) would need your address in order to send you (the recipient) your copies. Without your address, distributors wouldn't know where to send the magazine.

The same goes for the Internet. Without an IP address, two devices will not be able to find each other and exchange information.

What is a private IP address?

Private networks use private IP addresses to identify and exchange information between computers and devices, such as a printer, that are not directly connected to the Internet.

All computers and devices on your home network have a unique private IP address to communicate with each other, but outside the local network they are not visible and cannot be connected to.

With similar functionality, which I recently wrote.

The main idea is to determine whether the user is hiding while surfing the Internet or not, and, if possible, find out his real IP address. There are several interesting features that I have never seen anywhere (two-way ping, matching DNS leak/ISP pairs).

I wanted to have a kind of checklist at hand that would answer whether you are “scorched” or not? At the moment, the list consists of 12 verification methods, which will be discussed below, including how not to fall for them, but first, the simplest ones in order.

HTTP proxy headers

Make sure that the proxy server, if it writes anything in the headers listed below, is at least not your address:

HTTP_VIA, HTTP_X_FORWARDED_FOR, HTTP_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED, HTTP_CLIENT_IP, HTTP_FORWARDED_FOR_IP, VIA, X_FORWARDED_FOR, FORWARDED_FOR, X_FORWARDED, FORWARDED, CLIENT_IP, FORWARDED HTTP_PROX, Y_CONNECTION

Open HTTP proxy ports

The most interesting ports are 3128, 1080, 8123. If you do not use them, then you can completely avoid unfounded suspicions about using 3proxy, SOCKS 5 or Polipo.


Open web proxy ports

Is the web page being given away? Great! At the moment we can detect PHProxy, CGIProxy, Cohula and Glype.

Suspicious hostname

You should not link domain names to your personal VPN, and if you do this, you should avoid “speaking” names.

Difference in time zones (browser and IP)

Is there a difference? This means the user is probably hiding.

For Russia there is no exact base of latitude and longtitude for regions, and since there are many time zones, in the end result we do not take these addresses into account. With European countries it’s the other way around; they are very good at firing.

When switching to a VPN, you need to remember to change the system time, change the time in the browser, or work with Russian proxies.

IP affiliation with the Tor network

Nothing criminal, but the fact that you are hiding is not very encouraging.

Browser Turbo mode

As a rule, such services also leak your real address in the headers. As a means of anonymization, you should not rely on traffic compression.

Web proxy definition (JS method)

Web proxies are not reliable in principle, so it is better to bypass such anonymization methods completely.

IP leak via Flash

By running a special daemon that logs all incoming connections with tag keys, you can learn a lot. The best way to avoid revealing your address is to not use Adobe Flash at all, or disable it in your browser settings.

Tunnel detection (two-way ping)

Of course, the routes there and back may differ, or the web server may be a little slow, but overall the accuracy is quite good.

The only way to protect yourself is to deny ICMP traffic to your VPN server.

DNS leak

The next step was to collect statistics on several million users, who uses what DNS. We linked to providers, discarded public DNS and received a list of DNS/ISP pairs.

Now it’s not at all difficult to find out if a user introduced himself as a subscriber to one network, but uses DNS from a completely different one.

The problem is partially solved by using public DNS services, if this can be called a solution.

Leak via VKontakte

More details can be found in the documentation here

Many VPN services protect your privacy while surfing the web at 5+, but this does not mean that they are flawless. In this article, we will talk about tools that will help you make sure that your VPN service really protects you and your data.

Ensuring the security of user data is the main task facing every VPN service. But how can you be sure that the service really protects you and your data? You can make some mistakes and, as a result, encounter data and/or IP address leakage even when you are connected to a VPN.

In this article we We'll tell you how to check VPN connections for data leaks using various tools. The answer to the question of whether a VPN service really protects you and your data lies in the results of the tests carried out using all these testing tools. So let's get started!

1. Testing for DNS Leaks

We are talking about the domain name system (DNS, Domain Name System). It serves to simplify access to sites by translating domain names into corresponding IP addresses. For example, the site vpnmentor.com looks like 104.25.7.109.

Typically, the task of translating domain names into IP addresses falls on the servers of your Internet provider. In turn, when you use a VPN service, your real IP address is masked, which prevents others from tracking your physical location.

But sometimes requests to translate a domain name into an IP address seem to leak through the VPN tunnel (leak, in other words). This makes your ISP's IP address and location visible to everyone. To test for DNS leaks, you simply need to connect to a VPN server located outside of your country. Then go to, for example, the site dnsleaktest.com . If you see that your IP address, location and other data matches the data of your ISP, then, unfortunately, you have a DNS leak.

A quick note: DNS leaks do not mean your real IP address remains hidden. Only the data of your Internet provider is leaked. However, all this is enough to easily determine your real IP address.

To prevent DNS leaks, use a VPN service that has its own encrypted domain name system.

1. Testing for IP address leakage

Most VPN services promise to protect your real IP address, but the reality is... different, to say the least. As shown by the results of a study that tested the quality of VPN services for devices under control, about 84% of VPN services leak the user's real IP address.

To check your VPN service, use our.

Please note that you need to check the VPN service for IP address leaks twice: when the connection is established and when the connection is restored after a break or reconnection. Many VPN services leak user IP addresses precisely at the reconnection stage after the connection is lost.

If the VPN connection drops, a good VPN service should immediately activate the should have a function, which completely blocks all Internet traffic.

How to check a VPN service for IP address leakage during the reconnection phase:

1. Without stopping the VPN connection, disconnect from the Internet./li>
2. When the connection is lost, connect the Internet again and connect storm testing IP addresses. To do this, you will need to open several tabs at once with a site where you can check for leaks of IP addresses, and quickly, quickly update each of them.
3. When the VPN service restores your connection, stop refreshing your tabs and look at the test results.
4. If your real IP address suddenly appears in one of the tabs, then, alas, you have an IP address leak at the reconnection stage.

A secure and reliable VPN service will allow you to prevent any IP address leaks. You can also manually disable IPv6 connectivity on your device if you are experiencing IPv6 type leaks. By the way, if your VPN service supports IPv6, then you automatically receive full protection against IPv4 leaks.

1. Testing for WebRTC leaks

WebRTC is an API (Application Programming Interface) built into browsers such as Firefox, Chrome and Opera. Exchanging files using the P2P standard and communicating in voice and video chats through a browser without using third-party plugins or extensions became possible thanks to WebRTC. There are various plugins for Internet Explorer and other browsers that add support for WebRTC.

A WebRTC leak is when your IP address is leaked online via the WebRTC API. You can test your VPN service for WebRTC leaks by visiting the Perfect Privacy WebRTC Test site.

To prevent this type of leak, simply disable WebRTC support in the browser you are using.

Checking VPN connection speed

A VPN service should protect the security and anonymity of the user, this is a fact. But that's not all! Connection speed is one of the most important aspects of any VPN service.. . We will list just a few of them.

1. Limits set by your Internet Service Provider

Your VPN service may support astronomically fast connection speeds, but in reality the speed will never exceed what is specified in your contract with the Internet provider. It is your ISP that decides how fast you can surf the web.

1. Encryption level

The higher the encryption level, the slower the VPN connection speed. The L2PT protocol is not only more secure than the PPTP protocol, but also much slower. In other words, if your Internet activity does not require ultra-reliable protection, then it is better to use simpler encryption.

1. Physical distance between the user and the VPN server

This is the most common aspect that affects VPN connection speed. If you are in India and connect to a server located in the US, you will have to endure relatively slow connection speeds. You can solve this problem if you choose a server located closest to where you are.

1. Number of active users connected to the same VPN server

Unfortunately, the servers of many popular VPN services are overloaded with users. Because of this, connection speeds drop. Before you subscribe to the service you like, make sure that you will have access to data on the status of servers indicating their load in real time.

1. Firewall settings

There should be nothing in your firewall settings that would interfere with VPN traffic or process operation. Otherwise, the connection speed may drop more than significantly.

1. Your device's processing power

So, you have installed a VPN client on your computer or smartphone. This means that your device is constantly encrypting and decrypting data packets. This requires significant computing power, and the faster your network connection, the more resources are needed to process the data.

In other words, you can have the fastest VPN service and the fastest connection speed from your ISP, but if your device's processor simply can't keep up with the data...

To check the speed of your VPN connection, visit Speedof.me

What to do if a data leak is discovered?

If you experience data leaks, contact the technical support of your VPN service and try to solve the problem with the help of specialists. Be aware that advertisements for VPN services are often aimed at inexperienced users who may fall for marketing ploys. Therefore, as an option, you can simply start using the services of a high-quality VPN service that does not allow data to leak to the side.

Here is a list of VPN services we would recommend for you.

Place	Provider	Price	Our assessment	User rating
		$2.99/month	5.0		Begin "
2		$6.67/month	4.9		Begin "
3		$2.75/month	4.8