Cotse.Net Privacy Service -- Your Shield from the Internet
A
Packetderm
LLC
Service
LoginSign Up or RenewServicesSupportResourcesNoticesPolicies

VPN


What is VPN?

In layman's terms VPN is a way to encrypt all your internet traffic between you and us and pass it out through us. Those on your local network, whether a public wifi or other unsecure location, will be unable to see what you do or the data you pass.

In addition, your IP is shielded for everything you do, meaning sites you connect to will be unable to determine your true physical location. Should you make forum posts, send IM messages, send e-mail, skype, or any other form of Internet communication the IP shown will be that of the VPN server.

How does it differ from SSH tunneling?

The VPN differs from the SSH tunnels or socks proxies in that those types of proxies only work with TCP traffic and only with applications you configure to use them. This is why you must change your proxy settings in your browser when using SSH tunneling.

In addition, some applications are unable to be configured to use a proxy, so you just cannot use those with SSH tunnels. Even worse, some applications can bypass the proxy deliberately (which is why it is recommended that you shut off Java and such with the SSH tunnels).

VPN solves these issues. It works with all traffic. You don't have to change settings in anything. It all passes through an encrypted tunnel from your machine to ours and out our network. No more need to disable java because it might try to bypass the proxy.

No more issues with some sites not working right. No more issues with some Internet applications not working with the proxy. Just connect to the VPN and use everything normally, no special proxy settings are needed.

Just as with SSH tunneling, you should continue to use SSL connections (ie. https, imaps, pop3s, smtps, etc), the VPN is an encrypted pipe only between you and us, SSL is between you and your destination. You still want to be using encryption where available for that.

Sounds great, what are the drawbacks?

First we have speed. While much more reliably faster than our SSH tunnels, and certainly not slow, it probably won't be as fast as your ISP connection. Many of you are on fast connections, some 10 Mbit and even 50 Mbit residential (your ISP is seriously overselling, not to mention likely quoting speeds only found on their internal network and not available to the outside Internet).

Anyway, you won't see those many megabit speeds through the VPN. That would cost far more than $14.95 a mo. That would be more like $499-$999 a month (depending upon whether 10 Mbit or 50 Mbit dedicated stream). It will be fast enough, though. Web pages will be quick, Internet radio will work, Skype will work, video streaming will work, everything should work.

We cannot guarantee steady HD streaming in all it's glory, that's a lot of bandwidth and someone steadily using large amounts of bandwidth is going to have an adverse effect on others, we will have to address heavy bandwidth use. You'll be able to do some (depending upon stability of your route to us), but not 24 hours a day.

Pretty much anything you run should work and although maybe not optimal, it all will be fast enough to be comfortably useable. Some of you on DSL and other slower connections will notice no speed drop at all.

Caveat: Connection.

To connect to our VPN you will likely be passing through fourteen (14) or so different routers getting from your ISP to us. If any one of those routers starts experiencing packet loss (such as your local ISP's seriously oversold links), this will affect your VPN connection. ISPs oversell their residential customers, banking on not everyone using their bandwidth at once. Unfortunately many do. So they compensate by prioritizing packets, working to keep the web snappy and customers thinking they are fast.

Unfortunately, prioritizing one type of traffic means you are doing so at the detriment of other types of traffic. VPN and SSH may be at the low end of what your ISP considers priority traffic. This can cause slow speeds and disconnects. There may even be times you cannot connect to the VPN (if one router between you and us temporarily has issues (nothing runs flawlessly forever)).

Connection drops can be dangerous, depending upon why you are using the VPN. They are dangerous because if you are not paying attention your computer might automatically route the traffic normally again. So if you were trying to hide your traffic from your ISP, or your location from some site, it might just become visible to them.

SSH handles this better because your application simply stops working if the tunnel drops. With VPN you can always continue to use SSH within it so that traffic is guarateed to stop if you need to do so. In addition, there are utilities to monitor your VPN and automatically reconnect if it drops.

Caveat: DNS Leaks

VPN connections, especially PPTP VPN connections, are susceptible to DNS leaks under certain operating systems and configurations. To find out more visit our page on
DNS Leaks.

Tell me more

We offer two types of VPN service, PPTP and OpenVPN. PPTP is so widespread that it is likely that even your phone supports it. However, it is the weaker of the two. OpenVPN is stronger and works more reliably in blocked locations. However, support for OpenVPN is not as widespread and there may not be a client for your device or OS, or the one available may be difficult to install and configure.

PPTP drawbacks

PPTP must be correctly configured on the server to be fairly secure. We have configured ours in a secure manner. It is not a Microsoft VPN server, we run BSD, it does require 128 bit encryption, we do deny mschapv1, it is stateless, and we do force a longer non-dictionary password (for those of you who do not understand what all of that means, it means it's configured to be as safe and secure as possible).

That said, a determined attacker with local access to your datastream may be able to capture your encrypted VPN password hash from the stream and attempt to decrypt it. If he can get the hash, whether or not he can crack it depends upon your choice of password. A strong password won't be cracked.

What do they get if they do crack your VPN password? Well assuming it is not also the password to everything you own, they just get access to our VPN server, meaning they can log in as you and use it. In addition, the main weakness of the encryption is that it uses your password as a key. This means that if you use a stupidly simple password that can be easily cracked, they can also theoretically decrypt your VPN traffic.

The main issue with a PPTP VPN, as touched on above, is that while it does use 128 bit encryption, it uses your password as a key to the encryption. In effect, this means that if you use a weak password, you have weak encryption. If you use a strong one, the encryption is stronger. It is extremely important with PPTP to use a strong password. If you are going to use a word from a dictionary, you may as well not even bother using PPTP and just connect directly instead.

(this is why we force non-dictionary alphanumeric terms. A word in any dictionary will have your password hash cracked in less than 10 minutes, a password using just lowercase random letters may take a half hour, a shorter random upper and lower case password, perhaps a few hours to a day, while l0phtcrack will just run forever trying to brute force a longer mixed case alphanumeric password.

Addendum: Using numbers for your vowels is old news, a simple regex to run that against dictionary words will crack those. We recommend that you be more creative).


PPTP VPN is only secure if the drawbacks are understood and countered.

We do expect that you'll still use strong GPG/PGP encryption and SSL within the VPN for your e-mail and other services. So in that manner it's a big step up in protection from what you are already doing. To be the safest, you may even continue to use your SSH tunnels within the VPN (although this will slow it down some for you) and have all the safety of the SSH tunnels with the additional protection and functionality of the VPN.

Open VPN

OpenVPN has none of the weaknesses of PPTP. It is a certificate based encryption using Blowfish, a strong uncrackable algorythm. It uses a strong TLS authentication. Your password hash can not be retrieved from it's data stream like with PPTP. It is not as subject to connection issues. Where PPTP is weak, OpenVPN is strong.

OpenVPN, unlike PPTP can also be proxied via a socks or http proxy. It runs on common ports looking to your firewall like it is either a https web site, an encrypted e-mail connection, or an encrypted IM connection.

The big drawback of OpenVPN, it can be difficult to install, run, and configure for non Windows users.

With our service you can choose which VPN you want to use and/or bounce between them as needed.


General:
  Login
  Home
  Subscribe or Renew
  Services
  Pricing
  Policies
  Testimonials
  Current Specials
  About Us
  Contacting Us

Support:
  Index
  FAQ
  Basics
  Email
  Set up email app
  iPhone/iPad/iPod Mail
  Android Mail
  Proxies
  Web Hosting
  SSH Tunnels
  VPN
  Mail Filter Order
  Other

  Resources

DMCA Notices to: DMCA@cotse.net
Support to: helpdesk@cotse.net
Abuse to:
abuse@cotse.net

LoginSign Up or RenewServicesSupportResourcesNoticesPolicies
Back To Top

cotse.net(tm) is a subsidiary of Packetderm, LLC.
The Cotse.Net logo and all site content is owned by Packetderm, LLC., unless otherwise specified. All rights reserved.