It is time for a change AdGuard should become InternetGuard

ShakedBenratzon

New Member
Hello Everybody,

I would like to share with you my 2 ideas/problems:

1. I think AdGuard is beyond anything that I know and it is not just Ad blocker I really think you should take the next step and make the necessary change AdGuard should become InternetGuard,
beside the name change which is vital from my perspective you must add more feature in the internet site like here:
http://www.cyberghostvpn.com/en_us
with some of the features from cyberghostvpn you will have the best in class software on in internet and I would not ask or mentation this if you guys were not talent enough.
VPN features and more security options are the next step of your software.

2. I do not understand why I need so many filters it is like I would have one room for playing and one room for sleeping sometimes this is good to split like in video player and music player but I just do not get the idea to have so many filters to do 1 task which is block Ads.

For example why this filters are not include in your own default filters (in my opinion it is vital filters):

Anti-Adblock Killer.
Adblock Warning Removal List.
Malware Domains.
Spam 404.
 

avatar

Administrator
Staff member
Administrator
VPN features and more security options are the next step of your software.
Hm, since recent time this feature request has become the most popular. Coincidence?:)

I guess we should think about it.

2. I do not understand why I need so many filters it is like I would have one room for playing and one room for sleeping sometimes this is good to split like in video player and music player but I just do not get the idea to have so many filters to do 1 task which is block Ads.
I suppose we should stop being so geek-oriented and hide all this under the hood in some advanced settings section.

Just look at what these iOS content blockers do:


It could be the same filters under the hood, but now it is much more clear what it is.

For example why this filters are not include in your own default filters (in my opinion it is vital filters):
These are third party filters which aren't maintained by us.
 

Venky

Beta Tester
I agree, people looking for a good VPN has increased and will increase over time.

Cybeghost is primarily a VPN but it has basic ad blocking as an addon feature. I can see adguard bring basic VPN and then a more advanced VPN with country selection etc...
 

avatar

Administrator
Staff member
Administrator
The second question is do we really need the full scaled encrypted VPN or maybe it's enough to go with Opera VPN approach (not a VPN but just socks proxy instead).
 

Boo Berry

Moderator + Beta Tester
Moderator
The problem is there's plenty of good VPNs out there already.

https://thatoneprivacysite.net/vpn-comparison-chart/

The other problem is you guys potentially risk spreading yourselves too thin by taking on too many ongoing projects. IMO, trying to cover everything as an "Internetguard" is just asking to get lost down that endless, ever increasing rabbit hole of complexity. I still believe the best solution here is simple: add TOR/SOCKS 5/OpenVPN support within Adguard itself.

"The jack-of-all-trades is a master of none." Stick to what you guys do best, in my honest opinion. :)
 

ShakedBenratzon

New Member
The problem is there's plenty of good VPNs out there already.

https://thatoneprivacysite.net/vpn-comparison-chart/

The other problem is you guys potentially risk spreading yourselves too thin by taking on too many ongoing projects. IMO, trying to cover everything as an "Internetguard" is just asking to get lost down that endless, ever increasing rabbit hole of complexity. I still believe the best solution here is simple: add TOR/SOCKS 5/OpenVPN support within Adguard itself.

"The jack-of-all-trades is a master of none." Stick to what you guys do best, in my honest opinion. :)
You really think AdGuard should stay an AdGuard for the rest of the product life... every software need to evolve full VPN and some extra stuff for internet security and the name change is inevitable

think of it like ESET there is Eset Anti Virus and Eset Smart Security which give you much more feature and security stuff.

AdGuard team should do the same a AdGuard for the sake of blocking Ads and InternetGuard with different price and more features so they will be able to have more income = more developers.

The second question is do we really need the full scaled encrypted VPN or maybe it's enough to go with Opera VPN approach (not a VPN but just socks proxy instead).
First of all the IOS picture you gave is what I think should have on AdGuard for windows also very organize and elegant solution.

Second try to understand my logic I know this list is 3rd party filters
{
Anti-Adblock Killer.
Adblock Warning Removal List.
Malware Domains.
Spam 404.
}
but and a big one do not you think a program that call it self AdGuard should have in it own filter (default) filters that block Anti Adblocker sites and programs or warning removal ? it is the whole meaning for AdGuard and some people are not that smart to even know they need extra filters so they will be able to by pass timer or adblock killers and malware or spam domains and so on...

About the VPN as I said I really think you guys should go full VPN (choose VPN Servers) and some other features like Wifi Protection

I said it before you guys should think about it like an evolution of your product and new income like Eset Anti virus and Eset Smart Security so the same here AdGuard for lets say 25$ for life time or InternetGuard for lets say 50$ life time with Wifi protection and VPN features and so on...
 

Boo Berry

Moderator + Beta Tester
Moderator
It still doesn't make sense to be jumping from blocking ads to full blown anti-malware products.

Thing is, ESET was already an antimalware/security company when it released NOD32 Antivirus. ESET Smart Security was the natural evolution to "Internet security"... which all AV vendors seem to do these days (Antivirus+Firewall+Antiransomware+other stuff). Again, branching out into Internet security doesn't make sense as there's so many choices to begin with. What would Adguard offer that other vendors won't? Ad blocking? Vendors already offer that (Kaspersky as an example). VPNs are another can of worms, there's way, way too many out there with even less considered "good" by privacy advocates. For Adguard's proposed VPN service to be considered "good" it'd have to have at least a no logs policy, be based in a country not based in the "fourteen eyes", etc. This is way, way too complex of a jump - it's time consuming and money consuming (servers, hiring people to maintain and develop the service, etc.). And because Adguard's main developers are located in Russia, this *may* make privacy advocates ignore or condemn an Adguard VPN service completely (as being based in Russia would be considered as bad if not worse as a VPN company being based in the USA, in terms of privacy risks involved).

Adguard's niche occupies where Ad Muncher (even though it's more-or-less dead) and AdFender resides. Ad Muncher provides... well provided HTTP proxies, so it makes sense to provide at least SOCKS 5 proxy support, if not TOR and OpenVPN support within the program itself (e.g. you use your own VPN of choice, which would be better, IMO). An actual VPN service would benefit mobile users most... but it still doesn't make sense when OpenVPN support can be integrated within the program itself allowing any VPN to work, more-or-less.

Also with Adblock Plus launching an ad service, this may not be a good time to even consider such a thing. Who knows, it might even have some sort of backlash.

P.S. InternetGuard as a name, in my opinion, is too cliché.
 

ShakedBenratzon

New Member
It still doesn't make sense to be jumping from blocking ads to full blown anti-malware products.

Thing is, ESET was already an antimalware/security company when it released NOD32 Antivirus. ESET Smart Security was the natural evolution to "Internet security"... which all AV vendors seem to do these days (Antivirus+Firewall+Antiransomware+other stuff). Again, branching out into Internet security doesn't make sense as there's so many choices to begin with. What would Adguard offer that other vendors won't? Ad blocking? Vendors already offer that (Kaspersky as an example). VPNs are another can of worms, there's way, way too many out there with even less considered "good" by privacy advocates. For Adguard's proposed VPN service to be considered "good" it'd have to have at least a no logs policy, be based in a country not based in the "fourteen eyes", etc. This is way, way too complex of a jump - it's time consuming and money consuming (servers, hiring people to maintain and develop the service, etc.). And because Adguard's main developers are located in Russia, this *may* make privacy advocates ignore or condemn an Adguard VPN service completely (as being based in Russia would be considered as bad if not worse as a VPN company being based in the USA, in terms of privacy risks involved).

Adguard's niche occupies where Ad Muncher (even though it's more-or-less dead) and AdFender resides. Ad Muncher provides... well provided HTTP proxies, so it makes sense to provide at least SOCKS 5 proxy support, if not TOR and OpenVPN support within the program itself (e.g. you use your own VPN of choice, which would be better, IMO). An actual VPN service would benefit mobile users most... but it still doesn't make sense when OpenVPN support can be integrated within the program itself allowing any VPN to work, more-or-less.

Also with Adblock Plus launching an ad service, this may not be a good time to even consider such a thing. Who knows, it might even have some sort of backlash.

P.S. InternetGuard as a name, in my opinion, is too cliché.
I can not say I fully agree with you but there are some things that I can agree with.

I still think that VPN and maybe wifi protection and other features should take to consideration even if it will not be "full VPN" or connected to Ads blocking.

maybe it is because I just see stuff in different light I do not really like the idea of splits things like on IOS and Androids that you need app for any simple function such as flash light or compass music finder music player music editor and so on... I think you got my idea

computers have more power and more resources and I do not say it is always a bad thing like music player and video player but most of the time it is just bad and the goal is to have 1 software that will do everything (in it territory of course)

I think any person will want 1 software to defense it computer and take care of all the security stuff for him and 1 software to take care of it media stuff like movies/series and music and not to need use 3-4 software that 1 run good HD and the other one run smooth MKV and soft sub and so on... it is a waste of time + you need to learn and remember so many UI/UX.

anyway I like ESET and pay for it every year because it is just worth it you get new improve UI/UX and better icons from time to time and new feature every year that make it closer to reach the goal of being best and 1 solution for security and not just ESET

you have Office 365 home or personal and Steam and a few more who get this idea and target it.

even Utorrent understand this vison and added built in anti virus and streaming.

To sum up I just hope AdGuard with or with out the name change will do this switch and will think about this move to add more features in the internet and VPN side
 
Last edited:

avatar

Administrator
Staff member
Administrator
but and a big one do not you think a program that call it self AdGuard should have in it own filter (default) filters that block Anti Adblocker sites and programs or warning removal ?
In fact we do it already, just report such websites here or on github:)

The only important thing to note is that by default we do not block anti-adblock messages until they prevent you from using the website.
If you want these to be removed, I suggest turning on Adguard's Annoaynces filter.
 

avatar

Administrator
Staff member
Administrator
Here are my thoughts on the topic.

1. Of course we should focus at Adguard's main functions, but it does not mean that this is the only thing we should do. So I agree with @ShakedBenratzon, Adguard should evolve. The question is how:)

2. @Boo Berry is also right, we are not ESET or Kaspersky and we don't have enough resources to do everything. Even if we decide to draw some investment and speed up the company growth, it will be very hard to compete with others.

3. However, providing a VPN feature makes perfect sense in light of our plans on improving privacy protection features.

4. I agree with @Boo Berry on the VPN challenges and privacy advocates questions.

make privacy advocates ignore or condemn an Adguard VPN service completely (as being based in Russia would be considered as bad if not worse as a VPN company being based in the USA, in terms of privacy risks involved).
Funny thing is that the world's most popular VPN (hotspot shield) is based in USA and founded by 2 russian emigrants:)

That's all for now, I'll go think about it a bit more:)
 

Gass

Member
{POLL - your allowed up to 3 selections/choices for your Vote / OK / You can only Vote but once per member.}
https://forum.adguard.com/index.php?threads/the-truth-behind-vpn-protection.13798/
:)
Really InternetGuard just sounds off for some reason, since guard is already apart of Adguard - what say you to Adguard CYBERMaster or as a plural defense Adguard CyberGuardian , it's work thus far has already set brand loyalty being earned for the name Adguard. Like of open source software ventures, it responsiveness to it's user ideals and comments are valued on both sides of the coin and has a strong beta following for it's user generated benefits of leaving the communications door open wide.

Then to heck, in no way or fashion should it become an anti-virus base concept, way to many already out there now and coming on stage annually. (Who do you trust? - tried and true or new breeds?) What's in the forms of protection now is fine as long as it's basic root stays focused on blocking whatever is today and that which yet is unforeseen of tomorrows and still speeding up your web experience - which I think, should at least be of a considered possibly in examination as I give in my post #5 of thread https://forum.adguard.com/index.php?threads/future-of-adguard.12908/ aka: "Future Of Adguard", as an Adguard Hybrid Browser model to aid against System ID-ing, Fingerprinting Methods, User Profile Tracking as some Hybrid Browser are moving towards.

A user forum such as this can lead to brain storming and be as factual as some WIKI pages in offering information and research and direction.

CyberGhost I used for a very long time and once considered myself a fan, then they got big and greedy and support to the customer begins to fall way short of solving problems of the service on different platforms - you know like the fame and money ruined them, as in early ZZ Top and Aero Smith with all the bubble-gun music they started turning out, lost their early days small bar venue concept of sound, (Jesus Just Left Chicago) v (Cheap Sunglasses) or (Lord Of The Thighs) v (Big Ten Inch Record), both sold out their uniqueness of sound to a commercial capitalism routine of almost reciprocating the same bubble-gum sound album to album changing lyrics and theater show values. Athletes also face similar problems with big money and fame loosing a self stance and being swayed away from their individual uniqueness to become brand clone icons and corporate mouth pieces, then walking the detailed line these corporations have drawn for them.
There are places in my town having served meals for generations that haven't changed one iota of anything since they started. Yet generation after next all find them a staple and comfort to knowing things won't change, so they continue coming back for knowing this earned trust. What I'm saying is, if you do something very good and treat people right, offer a quality product there is no need to break pace and try to fix or improve something that's not broke in the first place.

I think if to test the waters of a VPN offering it should not be a sole endeavor only on Adguard's part. Every now Adguard license holder should commit to some term of a VPN subscriptions length when and if it's started.
What I would like to see, is an open source software program/app OpenVPN client unique to Adguard and special in being able to be used on other VPN Providers service isolating Adguard's base clientele from the others VPN providers control. Separate but sharing the encryption service.
Adguard's OpenVPN client customizable with increased functionality by using downloadable scripts for all it's currently supported platforms made to run on the other Venders VPN Tier-1 network , with Adguard software/app client after development to offer in the client that of killswitch, IP-DNS-WebRTC -IPv6 leak protection and a UDP/TCP toggle and a tab for Servers and Speed/Load check, 2048-bit or better yet with 4096-bits RSA and OpenVPN encryption of at least AES 256 - possibly totally moving away from NIST certified standards, https://jiggerwit.wordpress.com/2013/09/25/the-nsa-back-door-to-nist/ , https://www.wired.com/2013/09/nsa-backdoor/ , https://jiggerwit.wordpress.com/2013/09/25/the-nsa-back-door-to-nist/,
and finally in implementing and adapting a Modulating IP’ technology that continually changes a users IP address, making it very difficult to track individual users or that of users based on a certain server hive.

In this way Adguard wouldn't have to put up much of it's resources, mainly just for bandwidth rentals and the marketing and developing of the software and app's OpenVPN clients to be used on already supported Adguard platforms. The Adguard VPN Client should be then adapted and in furthering that development of the clients towards the integration to an already established VPN vender(s) (more than 1) list of countries and servers to their high-speed Tier-1 networks, in basically just looking to renting unlimited bandwidth volumes annually from the sources, and only selecting the locations of choices to utilize in Adguard's own VPN service offering, which will then be paid for by the user subscriptions. Following this logic Adguard Team?

No personal information is asked at all - 2 day trial or a regular subscriptions term, and if you choose to carry on and subscribe then you are issued a RANDOM ID number to your chosen payment system so that depending on your chosen payment method, you cannot be identified to a specific payments system or that of your personal information. All Adguard would know is ID # 22G74J09 has paid for 6 months subscription starting on 01/01/2017. Once login to the Adguard VPN service system through the Adguard client with your ID #22G74J09, it would then be voided and you'd pick a user name and password for use from that point on. I strongly suggest that no email address be linked to a user or user name and questions be of chat or open forum type communication. Also if you forget or loose your login credentials your SOL for the rest of that subscription term - if this is something you might experience and do often then Adguard VPN is not for you, as anonymity is first and you should safe guard and backup your login credentials in different mediums. Accounts can be used on up to three devices to start with, and be upped to more devices for an addition subscription price if needed at each new start of a subscription term.

If it was chosen by Adguard to go as a solo act as compared to a join/shared venture of network server resources - theses two VPN 's offer low count country / server selections and are in business today, AzireVPN Sweden, United Kingdom, USA / Mullvad Sweden, Germany, Netherlands, US . So you shouldn't bite off to much expense that your able handle at first start-up.

This VPN offers a niche specially to it's service which Adguard could also consider to find that of special ways to market their VPN service as well, this is but one example.
VPNArea offers optional add-on only for 6-month and yearly subscriptions to a dedicated IP and it’s the only one (to their knowledge) that includes a free private VPN server with it. Appealing to the techies out there, and anyone who wants to run mail or gaming servers, less likely than a shared VPN IP address to get noticed and blocked by services like US Netflix, so not the best option if privacy is your top priority.

NOTEs:
‘Modulating IP connections’, which ‘varies the public IP addresses that your data is being sent and received from. It might change 100 or more times during a single session. The more people using the service the more IP addresses will be used and the more often it will change.’ This is basically a shared IP that modulates from IP to IP making it more anonymous then a normal shared IP. One problem with having your IP constantly changing is that many websites that use cookies or otherwise have high IP security may freak out. Although I delete all my cookies every 5 min.'s and search for new every 1 min. - the only thing I run in to with this is having to login again periodically to remain able of using a sites services that you login for, password managers are grate for this - as it's just click...

Scripts Library for the Windows client: these scripts include Fix DNS leaks, Start Application on Connect, VPN Check, Enable Internet Before VPN connects, Disable Internet on VPN Disconnect – Enable Internet on VPN Connect, Close Program on VPN Disconnect, and DNS Leak Prevention, allowing you to choose the features that you want by scripts added.

Custom client for OSX, to support the scripts: Quit Transmission and notify via Growl, Start and Contro0l VPN & Transmission, and Start App on VPN Connect and Kill App on VPN Disconnect all user added by having a choice.

REDUNDANCY /JACK OF ALL - MASTER OF NONE
https://forum.adguard.com/index.php?threads/redundancy-is-it-good-is-it-not-good.13603/

Gass :)
 
Last edited:

Gass

Member
ShakedBenratzon said: VPN features and more security options are the next step of your software.
Hm, since recent time this feature request has become the most popular. Coincidence? :) I guess we should think about it.
Adguard should evolve. The question is how:)
I think if to test the waters of a VPN offering it should not be a sole endeavor only on Adguard's part. Every now Adguard license holder should commit to some term of a VPN subscriptions length when and if it's started.
Another way to test the waters (stair step in to something better and permanent) would be to contract with a few top VPN providers (2 to 5) to offer whatever kind of deals Adguard can secure.

THIS IS ONLY A SUGGESTION: New Adguard License purchases of either (1year/Lifetime) give a free VPN service for 6months/1year, and people who already having a license of Adguard (1year/Lifetime or what terms are still active from prior sales) offer a % off a years or 6 months purchase to one of the top VPV's.

I believe Adguard's Team could learn of much from this and just what the market would be that Adguard could expect to offering it's own VPN (solely or jointly), then to, of the VPN's that people are interested in of their features and country/servers offered.
It could also give Adguard - the length of time up to a year (unless Adguard could contract for better deals in offering back to back years of this promotion and run this again next year in 2017) - to make up that of it's mind and in developing a VPN Client of it's own - if things worked out, possibly that of a single partner VPN Provider to continue on with should Adguard not want it's own VPN service to run.
In that to of drawing more new sales of Adguard licenses as well in a bottom line understanding here.

It would be cool to have this start on Black Friday 2016 and run till Dec. 26th 2016 around a month long...
Adguard could even (stemming from the Deals it can secure) make it a graduating decline week after week to the VPN's in total that are offered or better is to increase the % in price of the 6month and 1year VPN subscriptions week after week to those already holding Adguard License. I don't know but after a sale of an Adguard License or email contact with already License owner - some promotions code is issued AND possibly used on a commerce platform for online publishers, communities and brands - redeeming for the free term or buying the VPN subscription at the discounted %.

Lets hear other thoughts - do chime in, and Adguard could make it's own POLL in terms of questions it wants to ask members. Member should also suggest questions to Adguard for it's POLL :D
Gass :cool:
 
Last edited:

Boo Berry

Moderator + Beta Tester
Moderator
*cough*Integration OpenVPN and use any VPN you want!*cough**

*If it's legal to, of course, within OpenVPN's license(s). :p
 

Gass

Member
*cough*Integration OpenVPN and use any VPN you want!*cough**

*If it's legal to, of course, within OpenVPN's license(s). :p
Bless you - you caught a cold Sir.
I'm feeling a little dense here, if you could explain this cause all I find is-
Pricing All OpenVPN Access Server downloads come with 2 free client connections for testing purposes.

Client License Pricing

$15.00 License Fee Per Client Connection Per Year. Support & Updates included. 10 Client minimum purchase.

OpenVPN Access Server Client license can be purchased for more than one year at the discount listed in the following table:
https://openvpn.net/index.php/access-server/pricing.html
OpenVPN Access Server is a full featured secure network tunneling VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client software packages that accommodate Windows, MAC, Linux, Android, and iOS environments. OpenVPN Access Server supports a wide range of configurations, including secure and granular remote access to internal network and/ or private cloud network resources and applications with fine-grained access control
https://openvpn.net/index.php/access-server/overview.html
OpenVPN runs on:
Linux, Windows 2000/XP and higher, OpenBSD, FreeBSD, NetBSD, Mac OS X, and Solaris. An OpenVPN PocketPC port is under development.



With OpenVPN, you can:
  • tunnel any IP subnetwork or virtual ethernet adapter over a single UDP or TCP port,
  • configure a scalable, load-balanced VPN server farm using one or more machines which can handle thousands of dynamic connections from incoming VPN clients,
  • use all of the encryption, authentication, and certification features of the OpenSSL library to protect your private network traffic as it transits the internet,
  • use any cipher, key size, or HMAC digest (for datagram integrity checking) supported by the OpenSSL library,
  • choose between static-key based conventional encryption or certificate-based public key encryption,
  • use static, pre-shared keys or TLS-based dynamic key exchange,
  • use real-time adaptive link compression and traffic-shaping to manage link bandwidth utilization,
  • tunnel networks whose public endpoints are dynamic such as DHCP or dial-in clients,
  • tunnel networks through connection-oriented stateful firewalls without having to use explicit firewall rules,
  • tunnel networks over NAT,
  • create secure ethernet bridges using virtual tap devices, and
  • control OpenVPN using a GUI on Windows or Mac OS X.
What distinguishes OpenVPN from other VPN packages?
  • OpenVPN's principal strengths include cross-platform portability across most of the known computing universe, excellent stability, scalability to hundreds or thousands of clients, relatively easy installation, and support for dynamic IP addresses and NAT.
  • OpenVPN provides an extensible VPN framework which has been designed to ease site-specific customization, such as providing the capability to distribute a customized installation package to clients, or supporting alternative authentication methods via OpenVPN's plugin module interface (For example the openvpn-auth-pam module allows OpenVPN to authenticate clients using any PAM authentication method -- such methods may be used exclusively or combined with X509 certificate-based authentication).
  • OpenVPN offers a management interface which can be used to remotely control or centrally manage an OpenVPN daemon. The management interface can also be used to develop a GUI or web-based front-end application for OpenVPN.
  • On Windows, OpenVPN can read certificates and private keys from smart cards which support the Windows Crypto API.
  • OpenVPN uses an industrial-strength security model designed to protect against both passive and active attacks. OpenVPN's security model is based on using SSL/TLS for session authentication and the IPSec ESP protocol for secure tunnel transport over UDP. OpenVPN supports the X509 PKI (public key infrastructure) for session authentication, the TLS protocol for key exchange, the OpenSSL cipher-independent EVP interface for encrypting tunnel data, and the HMAC-SHA1 algorithm for authenticating tunnel data.
  • OpenVPN is built for portability. At the time of this writing, OpenVPN runs on Linux, Solaris, OpenBSD, FreeBSD, NetBSD, Mac OS X, and Windows 2000/XP. Because OpenVPN is written as a user-space daemon rather than a kernel module or a complex modification to the IP layer, porting efforts are dramatically simplified.
  • OpenVPN is easy to use. In general, a tunnel can be created and configured with a single command (and without any required configuration files). OpenVPN's documentation contain examples illustrative of its ease of use.
  • OpenVPN has been rigorously designed and tested to operate robustly on unreliable networks. A major design goal of OpenVPN is that it should be as responsive, in terms of both normal operations and error recovery, as the underlying IP layer that it is tunneling over. That means that if the IP layer goes down for 5 minutes, when it comes back up, tunnel traffic will immediately resume even if the outage interfered with a dynamic key exchange which was scheduled during that time.
  • OpenVPN has been built with a strongly modular design. All of the crypto is handled by the OpenSSL library, and all of the IP tunneling functionality is provided through the TUN/TAP virtual network driver. The benefits of this modularity can be seen, for example, in the way that OpenVPN can be dynamically linked with a new version of the OpenSSL library and immediately have access to any new functionality provided in the new release. For example, when OpenVPN is built with the latest version of OpenSSL (0.9.7), it automatically has access to new ciphers such as AES-256 (Advanced Encryption Standard with 256 bit key) and the encryption engine capability of OpenSSL that allows utilization of special-purpose hardware accelerators to optimize encryption, decryption, and authentication performance. In the same way, OpenVPN's user-space design allows straightforward porting to any OS which includes a TUN/TAP virtual network driver.
  • OpenVPN is fast. Running Redhat 7.2 on a Pentium II 266mhz machine, using TLS-based session authentication, the Blowfish cipher, SHA1 authentication for the tunnel data, and tunneling an FTP session with large, precompressed files, OpenVPN achieved a send/receive transfer rate of 1.455 megabytes per second of CPU time (combined kernel and user time).
  • While OpenVPN provides many options for controlling the security parameters of the VPN tunnel, it also provides options for protecting the security of the server itself, such as --chroot for restricting the part of the filesystem the OpenVPN daemon has access to, --user and --group for downgrading daemon privileges after initialization, and --mlock to ensure that key material and tunnel data is never paged to disk where it might later be recovered.
Why choose TLS as OpenVPN's underlying authentication and key negotiation protocol?
TLS is the latest evolution of the SSL family of protocols developed originally by Netscape for their first secure web browser. TLS and its SSL predecessors have seen widespread usage on the web for many years and have been extensively analyzed for weaknesses. In turn, this analysis has led to a subsequent strengthening of the protocol such that today, SSL/TLS is considered to be one of the strongest and most mature secure protocols available. As such, we believe TLS is an excellent choice for the authentication and key exchange mechanism of a VPN product.



Does OpenVPN support IPSec or PPTP?
There are three major families of VPN implementations in wide usage today: SSL, IPSec, and PPTP. OpenVPN is an SSL VPN and as such is not compatible with IPSec, L2TP, or PPTP.

The IPSec protocol is designed to be implemented as a modification to the IP stack in kernel space, and therefore each operating system requires its own independent implementation of IPSec.

By contrast, OpenVPN's user-space implementation allows portability across operating systems and processor architectures, firewall and NAT-friendly operation, dynamic address support, and multiple protocol support including protocol bridging.

There are advantages and disadvantages to both approaches. The principal advantages of OpenVPN's approach are portability, ease of configuration, and compatibility with NAT and dynamic addresses. The learning curve for installing and using OpenVPN is on par with that of other security-related daemon software such as ssh.

Historically, one of IPSec's advantages has been multi-vendor support, though that is beginning to change as OpenVPN support is beginning to appear on dedicated hardware devices.

While the PPTP protocol has the advantage of a pre-installed client base on Windows platforms, analysis by cryptography experts has revealed security vulnerabilities.



Is OpenVPN standards-compliant?
As a user-space VPN daemon, OpenVPN is compatible with with SSL/TLS, RSA Certificates and X509 PKI, NAT, DHCP, and TUN/TAP virtual devices.

OpenVPN is not compatible with IPSec, IKE, PPTP, or L2TP.



Can OpenVPN tunnel over a TCP connection?
Yes, starting with version 1.5.



Can I use a web browser as an OpenVPN client?
No. While OpenVPN uses the SSL/TLS protocol for security, OpenVPN is not a web application proxy. It is an OSI layer 2 or 3 full-mesh internetwork tunneling solution and requires that OpenVPN be installed on both client and server.



Building OpenVPN
OpenVPN can easily be built from source for Linux and BSD variants. Building OpenVPN for Windows is more complex, therefore a pre-built installer is available for Windows on the OpenVPN download site.

OpenVPN can be built:

  • with both the OpenSSL Crypto and SSL libraries (version 0.9.6 or higher required), offering certificate-based authentication, public key encryption, and TLS-based dynamic key exchange,
  • with only the OpenSSL Crypto library, offering static-key based conventional encryption and authentication, or
  • standalone, with support for unencrypted UDP tunnels.
OpenVPN can also be linked with the LZO real-time compression library. OpenVPN supports adaptive compression, meaning that it will enable link compression only when the tunnel data stream is found to be compressible.

OpenVPN runs entirely in user space and does not require any special kernel components other than the TUN/TAP virtual network driver available for Windows, Linux, and BSD variants.
https://openvpn.net/index.php/component/content/article/55-about-openvpn.html

Of note:
control OpenVPN using a GUI on Windows or Mac OS X.
2 free client connections for testing purposes.
$15.00 License Fee Per Client Connection Per Year. Support & Updates included. 10 Client minimum purchase.

Would this really work?
How is this in compared to a commercial VPN that offers OpenVpn protocol?

Gass :confused:
 
Last edited:

Bruno

Member
Hello Everybody,

I would like to share with you my 2 ideas/problems:

1. I think AdGuard is beyond anything that I know and it is not just Ad blocker I really think you should take the next step and make the necessary change AdGuard should become InternetGuard,
beside the name change which is vital from my perspective you must add more feature in the internet site like here:
http://www.cyberghostvpn.com/en_us
with some of the features from cyberghostvpn you will have the best in class software on in internet and I would not ask or mentation this if you guys were not talent enough.
VPN features and more security options are the next step of your software...
FYI CyberGhost was identified in an academic paper because its Android VPN app is considered “malicious or intrusive” and it also tested positive for malware by VirustTotal.
 
Top