Zen and the Art of Invisibility - VPN Review and Tutorial
Giganews and Golden Frog partnered to offer VyprVPN as a key tool in the bundle customers receive who purchase a Giganews Diamond account. For people who don't want or need a Usenet subscription Golden Frog also sells VyprVPN and VyprVPN Pro separately. What is VPN? "VPN" stands for Virtual Private Networking, and the prefix "Vypr" is the Golden Frog brand. How does VPN work in general? From an existing live Internet connection, you connect to a remote VPN server which takes over handling your Internet connection and acts as a whole new Internet Provider. Why exactly would I want VPN? A mixture of encryption and networking protocols makes your Internet traffic not readable to the original ISP or anyone else. The best part is, Internet content that was previously blocked or filtered by that original ISP is now more likely deliverable via ...in this case, VyprVPN.
I will wait until the end to detail what operating systems and devices are supported, then hyperlink all the acronyms to their matching Wiki for the Alphabet Retentive and newbies who think PPP is when you really have to go. I promise that if you keep reading, I can convey the technical information necessary for you to decide if indeed Vypr, the personal VPN and love child of Giganews and Golden Frog, is something you cannot live without. Unfortunately there is no way around the necessary evil of acronyms, as they maintain clarity. If you experience excessive AcRoNym/Soup ...for now? ...Chillax, wiggle your toes in the warm sands of your Happy Place, and let any mystifying tech gently wash over.
As I gained momentum on my original VyprVPN review, the folks at Giganews and Golden Frog threw me a curve ball, announcing the release of two additional VyprVPN options, L2TP/IPsec and OpenVPN, delivering the latest VPN strategies to potential customers. My original piece was much more lightweight because the original VyprVPN was the standard PPTP-based which VPN veterans are very familiar. The two new options represent more advanced VPN options, so I took more time to drill data, and more importantly, totally read giganews.vyprvpn on Usenet. I thought reading the VyprVPN support newsgroup was a perfect opportunity to analyze the global input from folks posting VPN connection or performance issues. What I discovered was nothing short of eye-opening.
Eyes Wide Shut
All my prior commentary on the SHACK has been about working to retain the freedoms we enjoy on the Internet. We? Who's F'ing "We" Bo?! I'm embarrassed and heartbroken for the enlightenment thrust upon me by simply reading the giganews.vyprvpn newsgroup. In my Democracy-centric ramblings I disregarded a huge percentage of the World that can only dream of one day enjoying the Internet freedoms we take for granted. One of the most important things to understand about VPN is that it can defeat filtering and blocking of Internet sites by Governments and Nationalized Internet service providing. Screw them not being able to see what you are doing online, how about VyprVPN enabling you to see what the rest of the Free World is doing online?
For a huge number of people in countries that routinely block/filter Internet access, VyprVPN is a doorway to a whole new more free Internet experience. From the newsgroup I read posts like "OMG! I can see Facebook!" It may not make them politically free in their country, but it can show them the things their government may desire otherwise ...the joy of freedoms we posses, the simple ability to talk to friends and family around the world, or get the Daily News from another viewpoint. Hell! to watch the ShayTards on YouTube. I have to say my eyes have been opened to the fact that VyprVPN is some Revolutionary stuff.
[Disclaimer] While this may sound exciting, so is going to a frosty remote prison for defying some Government regulation. While I comment on Internet Freedom, I am not an advocate for breaking the Law! You must take due care and the full responsibility to make the informed choices to stay legal in your locale. I cannot provide that information, and this review is no substitute for legal advice.
What's Good for the Goose
It's comforting to know VPN is here to stay because it has become prevalent as a widely adopted Corporate protocol. That means your ISP at home (in the Free World) cannot start refusing or blocking personal VPN traffic (they did in the beginning!) because more and more people are connecting to work from home with a corporate VPN and demand it. Originally, even the Microsoft PPTP VPN was viewed by some ISPs as a hack tool, because it conducted Internet business via encrypted tunnel. Ahh, the Olden Days. In free countries we may not worry about VPN being blocked, so let's talk in more detail about how much privacy one can expect while on a VPN. More about blocking later.
While VPN may use encryption, there is another entity that can fully read your encrypted traffic, your VPN provider. While logged on, that VPN provider at the other end has both encryption keys to see all your traffic in the clear, in order to provide service. I was never comfortable using my work VPN for personal browsing. One may as well be at their desk, logged on their own workstation, in terms of network monitoring (which typically includes logging), plus you are using company bandwidth and resources for personal use. Ingredients for a possible Employee-Management conversation which typically starts with "Do you like working here?" Great reasons to procure your own personal VPN and eliminate the problem.
Mixing work with your personal VPN may be a similar story. Meaning, configuring your work laptop for personal VPN may get you fired. In the same way it bypasses polices and practices on your home ISP connection, it may be considered hacking if you connect while on your domain at work. Some corporate businesses have government regulated policies which could make make it a federal crime, like HIPAA, dotMIL, or S.E.C. regulated businesses where the ability to secretly get out protected information or dodge monitoring may get you a little more than just canned ...as in the Federal Can. You are surely aware if this pertains to you, as it's visible immediately upon your workplace login ...that agreement which the law mandates pop up for your agreement ..."click OK?" You may want to read that next time before clicking OK. If in doubt you can ask you local HR representative [pause for effect] BWAhahaha, I kill me.
Close Examination of Private Tunnel Protocols is HoT!
Anyone who has read my technical reviews knows they are as much commentary as Tech. Who else has attempted to make VPN entertaining? Uh Hello? It's filed under "Commentary" ...however I am a Tech. I remember parking on Microsoft's FTP, waiting for the first second the Microsoft PPTP VPN client was available to download for Windows 95 OSR2 ...excited Nerds we were, so I've been a part of Corporate VPN from the first minute it was available for Windows. PPTP was the original VPN protocol for Windows and the first VyprVPN, but these new offerings, L2TP/IPsec and OpenVPN, represent the latest VPN Technologies. The differences are huge, important, and exciting ...to a nerd ...or a guy in [insert name of not-so-free country here] who wants to talk to his sister in the States over Skype.
L2TP/IPsec is a big deal because it doubles the encryption level of it's little brother PPTP, from 128 bit, to the currently unbreakable 256-AES, the same base level of encryption deemed secure for online banking, shopping, and PGP. L2TP/IPsec is more advanced because at its core, L2TP/IPsec operates as a package within a package. Unlike the original PPTP VPN, L2TP/IPsec additionally encrypts the tunnel with the IPsec protocol. IPsec provides the 256-AES encryption, while L2TP provides the tunnel. L2TP data packets between your device and VyprVPN servers are encapsulated, or hidden, within encrypted IPsec packets, therefore information about the internal private network cannot be read. No one in-between can read the data, which is possible with deep packet inspection and man-in-the-middle attacks on simple PPTP VPNs not using IPsec. The encapsulation in L2TP/IPsec works to defeat "deep packet inspection" and man-in-the-middle encryption key sniffing/hijacking/spoofing.
The original VyprVPN and the new L2TP configuration are both based on the PPTP networking protocol which is conveniently built into various Operating Systems (Windows/Mac/Android). Being "included" means to deploy the PPTP and L2TP/IPsec VyprVPN options on your Internet capable devices (PCs/laptops/tablets/phones) there is nothing to install, and only some quick configuration changes to get live with your own personal VPN. That definitely makes it easier, but there are some factors to consider. L2TP/IPsec might be a best choice as it delivers higher encryption and privacy of the two PPTP options, and may be more successful getting around blocking/filtering. If your paranoia level is lower, the simple PPTP VyprVPN may actually deliver a bit more throughput as it's computational tasks are the lightest of the three. Three?! Oh yeah there's one more VyprVPN option, OpenVPN.
Open Source and OpenVPN
OpenVPN is a free and open source software application designed specifically for VPN. Why install something when VPN is already part of the operating system? The best example (not VPN!) is the wireless controller icon that displays at the bottom in your laptop's Windows taskbar. Generally there are two options, the built-in Microsoft configurator, or the manufacturer's wireless configuration utility. The Microsoft option has a checkbox "Allow Microsoft to manage your wireless networks", but if you uncheck that option, there is usually a custom wireless controller (installed or downloadable) developed by the laptop manufacturer, like Dell or HP. The Microsoft wireless config dialog looks the same for all laptops and displays the minimum of options shared by all. Laptop manufacturers deliver a much more feature rich control panel with many more options based on special features of each individual wireless card in all their various models of laptops.
OpenVPN delivers improved results in the same way because it's not simply enabling built-in networking in your existing O/S. "Open Source" means OpenVPN is constantly being improved by it's Development Community, unlike the legacy, static, one-size-fits-all PPTP. I must add here that the OpenVPN Vypr service is not currently offered as part of the existing Giganews Diamond Account bundle which does include PPTP-based "original" VyprVPN and L2TP/IPsec. If purchased directly from Golden Frog, OpenVPN is part of the "Pro" package. Translation; OpenVPN is supported right along side the PPTP options, it just cost a few bucks extra. NAT Firewall is also another additional menu item, more on that later.
OpenVPN has gained popularity (especially among Gamers!) for it's ability to work through most proxy servers (including HTTP), and is good at working through Network address translation (NAT) and getting out through (Corporate) firewalls. OpenVPN achieves this by additional VPN transmission protocols like UDP and matched encryption (256-bit SSL/TLS.) Those design elements offload some CPU tasks which can result in better speeds and stability, less latency, and better compatibility across platforms. It can do all that because OpenVPN encapsulates and transmits your network data in a different way than PPTP that is more successful at defeating even advanced attempts to block VPN, while delivering a tighter encryption scheme.
My personal L2TP setup also resulted in some port scanning attempts kicking up in my PC intrusion software. Remember with VPN we are bypassing prior existing levels of filtering/blocking, which can also equal protection, like your ISP's firewall filtering. If you are going to deploy VPN you must have have a strong, regularly updated, personal firewall option [Internet Security Suite?]. To address this issue Golden Frog has an additional component option of a NAT firewall that handles filtering unrequested inbound traffic whilst on VyprVPN.
Why So Many VPNs?
PPTP and L2TP both use the point-to-point protocol originally designed for dial-up phone lines, which function very differently compared to long-distance modern Internet links. That can translate to PPTP and L2TP being more inconsistent in their speeds, especially when dealing with out-of-order packet delivery common on the global fiber-based Net. PPTP-based VPNs detects large packet drops or connection hiccups like hacking attempts and drop the connection, re-prompting you for authentication [enter password press OK]. This was more of a problem on older slower dial-up, and while I have not had any disconnects with my personal L2TP on broadband, OpenVPN is known to address that issue by delivering better reconnect handling.
These more modern design elements are where OpenVPN excels, and perhaps becomes a top pick performance-wise, especially if your data is circling the globe ...but these decisions are never so simple. Realize the distance your data travels can double because you are bouncing all traffic off a remote VPN server. In addition, the resource overhead used by your PC and the network layer to deliver encrypted data streams, become factors that can add up to reduction in throughput. If you are struggling to bypass blocking and filtering it may take some experimentation.
It's different for everyone, based on device and geography, or perhaps on whether your Internet is being blocked or filtered, or if you are the worlds biggest VPN Geek. To make the choice that's right for you, analyze your personal VPN goals. Golden Frog's online instructions for configuring are super easy to follow, and that makes testing multiple VPN options easier. If you have no interest in spending additional cash over your Diamond Account the L2TP/IPSec is safely a best overall pick.
Once successful connecting to Vypr, if you are focused on getting peak performance, there are simple ways to improve and test, such as just choosing a different core VPN type (L2TP?), or VPN server (LA instead of DC?), and performing some DOS pings to a favorite site (Google?). Having the three VPN options allows you to choose perhaps a faster option or a more secure one, one that is more suited to your wallet, or one that is compatible with everything you are trying to do ...like penetrate the Fiber Curtain. Most of the problems on the Support newsgroup were resolved by improvements already made over the last year, like adding additional servers geographically closer to customers, tweaking options, and otherwise carefully following the directions to the letter.
Personal VPN, is a great countermeasure against those who would monitor or block your Internet activities, but allow me to lay one topic to rest. To be clear, encrypting one's traffic via any VPN is not the same as being anonymous online. As I said above your VPN provider can see your traffic, and in the case of VyprVPN, that would be the folks at Golden Frog. While we can idealize the notion that Golden Frog will not give that information to just anyone (because they like having customers!), obviously they still must abide by the Law. This is an obvious privacy issue and is clearly addressed in detail on Golden Frog. That unpleasant business is concluded, I could not let it go unspoken ...it's not News.
WoW, weird as usual. Where is the conclusion? Is VyprVPN good? Does it even work? Here's the deal. VPN is OLD and the new stuff, while highly functional is still not that new. This is not a Beta development project like Mimo, VyprVPN's business is about setting up VPN servers around the world, perfecting them operationally, and Supporting the folks who sign up. VPN is easy and powerful. While VPN has it's quirks, there is very little to not work. It's simply another networking protocol. The Support part is well attended via their Usenet giganews.vyprvpn newsgroup. Answers come fast, and if you read it like me you will discover most of the new problems ...how you say, exist between the keyboard and the chair [heh]. Jokes aside, they take all questions seriously about getting set up, and give great advice to the picky on squeezing ever better performance numbers out of their established connection.
If you had VPN working right now while reading this you would be hard pressed to notice any difference. If you ever used a VPN to connect to work it's exactly the same thing. It's just not that big question as to whether or not VPN, or more specifically VyprVPN, works. Duh. Reading the newsgroup it looks like it's already popular, especially with folks who can't do much without it. An obvious question at this point "...but does this give me a reason to upgrade to a Diamond Account? or just get VyprVPN by itself?" You may also want to look at some metrics with answers to questions like "how is this going to affect my throughput while running 20 streams of Usenet?" All good questions.
I avoided making any detailed claims about throughput differences because there are many performance variables. Golden Frog didn't invent VPN, so Vypr is no different than any other VPN, and in my personal experience the throughput is consistent. The important thing is there are three options, and I cannot see how any user could not find a (very!) satisfactory working VPN from this trio. Hopefully I addressed that in detail, and it is detailed by Vypr/Giganews' Support offerings. My setup was a couple minutes. The online setup instructions are clear and precise, and many problems on the newsgroup were not following them carefully. [heh] RTFM. Read the FAQ Mr.
Sigh, I have already been working on a Part 2. What?! That's a development secret, so you will have to subscribe to the usenetSHACK RSS feed and Twitter to hear when that hits. It's gonna be something special, because, while I blatantly skipped over the metrics in part 1, I'm actually a performance geek. VPN metrics in the funnel.
Now as promised here's Hyperlink City. It may help to gain a better understanding of this new hobby you are thinking about adopting ...VPN. Here's the English Wikipedia ...pictures help! It all started with Point-to-Point Tunneling Protocol (PPTP), but the newer L2TP VprVPN option also uses IPsec to encapsulate your encrypted tunnel for maximum privacy ...sexy. The coolest thing about VyprVPN is it can go on most Internet ready devices including Windows XP/Vista/7, MacOSX/iPad/iPhone/iPod Touch, Android, Ubuntu, and even DD-WRT firmware
There are plenty of decisions in this matrix. I have left visiting Giganews' site for your hands-on research to avoid simply reposting their content. While most Usenet subscription services are trying to offer your ever lowering monthly rates to get your business, Giganews is raising theirs. That's crazy! ...like a fox. Some of the comments on the SHACK communicate what we all know is true ...Usenet is one cruel bitch.
Giganews is putting together a toolbox that delivers solutions to the complexities of Usenet, taking away the fear and frustration, and opening up one of the greatest hidden electronic resources the world has ever known, Usenet. VyprVPN removes fear and adds functionality in no lightweight terms. This is something I want to support with my own business. I want to see this gain momentum. In an ever-whittled down world of less and less, Giganews just makes hard sense ...it gives me more and more. When I think of VyprVPN enabling people seeing what I take for granted, Hell(!) rely on, every day, honestly it brings a tear to my eye.
Stay Safe! ..and legal, and Free, and encrypted
pssst. Watch for "I want Everything for Free Part 2!"