OpenVPN config update to force TLS 1.2

Dear users,

if you are using OpenVPN please download the latest configs available from the dashboard. The current version of the config file forces the use of TLS 1.2. This change works on most devices.

In case you are using a particularly old version of OpenVPN or the OpenSSL library eg. on an embedded device like a NAS you can revert to a lower TLS version. You can also expect issues if you run ancient software releases on your phone / mobile devices. In any case we recommend to update the device(s) in question.

If you run into issues or have questions please come to the IRC or write an email to support@. Thank you.

The IPredator team

Dear users,

we wish all of you a happy new year 2015!

There were some login issues earlier today because somebody decided to DOS the authentication backends. We adjusted our countermeasures to keep out the bad requests. The issue is fixed now.

Static IP support

We are pleased to announce that you can now get a static IP config. Some of you have been asking for this feature for quite some time. If you decide you want to spend the extra money you get one fixed IPv4 address and one fixed IPv6 address. On request we can also route you a /56 IPv6 network (4700 billion IPs). Please contact the support via email or IRC if you would like get such a config. Because IPs are expensive and you are likely to use more traffic than the average user the current price is 14 Euro per month on top of your normal account. As usual we do not enforce any speeds or shape your traffic in any way.

Merchandise

Another question that has been asked quite frequently was 'When and where can we get merchandise'. Please check out the picture below. You can now order hoodies in grey and black and t-shirts in black. The price for a hoodie is 60 Euro and for a t-shirt 25 (without shipping). The base material is a bit more expensive because we selected hoodies with reinforced seams and the print on the shirts is some kind of fleece. You can get them from S to 5XL in US sizes which means that they are a bit bigger than the EU sizes. Unfortunately we cannot offer fair trade and ecologically produced clothing at the moment simply because nobody wanted to commit on the sizes we need. :/

pic2.jpg

pic3.jpg

If you are interested in getting a t-shirt or hoodie along with some stickers and other propaganda we have lying around please contact the support.

The website will be updated in the coming week with all the information about static IPs and merchandise.

Use more bandwidth!

The IPredator team

Another day another power failure

UPDATE: The power is back online we are restoring all services.

Dear users,

unfortunately there is another power failure at one of our data centers. Looks like we are aiming strong to drive up the average from two power failures in 10 years to four in two months. The whole power grid is down. Its lights out for everyone and the UPS batteries only lasted that long. The power company is working on a fix, but we got no ETA yet.

The IPredator team

Maintenance announcement 11/27/2014 - 23:00 UTC

UPDATE: Maintenance is over. Besides a small hiccup around 23:15 UTC everything went smooth. The work on the power infrastructure at the DC is finished now. Thanks for your patience. Use more bandwidth!

Dear users,

the data center operators are going to fix the power issue from last week. While our infrastructure has dedicated UPS power it is unclear how the adjacent infrastructure will be available. Expect some reachability issues from 23:00 until 04:00 UTC tonight. We will keep you posted.

The IPredator team

Login issue solved

Dear users,

VPN connections work as expected again. Thank you for your patience.

The IPredator team

Login issues

Dear users,

we are currently looking into an issue which leads to users not being able to login to openvpn.ipredator.se anymore since around 2014-11-23, 02:00 AM (UTC). The NAT pool still works. As soon as the issue is fixed, we will let you know.

The IPredator team

Unexpected power outage

Dear users,

tonight we suffered from an unexpected power outage in one of the datacenters we are located in. Power went away for us and everybody else at around 23:55 UTC.

While the network converged most of our machines booted as expected, but the backend database machine decided to take this incident very personal and got naughty. After fixing this particular machine, the service got back online at 02:30 UTC.

We are now fixing minor issues for some users.

Use more bandwidth!

The IPredator team

Dear users,

we have released a guide about how we built an overclocked and water cooled system to run our Tor exit node.

Happy reading.

The IPredator team

Dear users,

here is a short roundup of what has been going on lately:

DNS issues

There has been a DNS issue last week where some of you were unable to resolve our domains, effectively preventing you from connecting to the VPN. As it turned out there was an error in the glue records of one domain that caused confusion for some of the DNS resolvers. The issue was fixed and after a day all the resolvers were happy again.

iOS connection issues

A few reports came in that iOS devices had issues connecting lately. After some debugging we found the issue. Older versions of the OpenVPN client for iOS required the use of a dummy client certificate. The change that caused the problem to appear was that the latest version for the OpenVPN server image also supports SSL certificate authentication. Presenting the server with an invalid SSL certificate wont work. The easy fix is to remove the dummy certificate from the config file. Please fetch the latest config and check if your iOS device works again.

LibreSSL

As you might have noticed OpenSSL had its fair share of issues lately. As part of a cleanup effort the OpenBSD team forked LibreSSL from OpenSSL and released the first portable version a few days ago. We decided to integrate this version into our server images to gather some hands on experience with it. If you want to give it a try connect to libressl.openvpn.ipredator.se. Please keep in mind that this is still experimental. The portable version of LibreSSL comes without ASM instruction support at the moment, this means that there is no hardware accelerated AES using the rsax engine. Expect slower speeds. If you can bear the weaponized sans comic please consider donating to the LibreSSL project. Thank you!

IPv6 support

We have been testing a couple of machines with a dual-stack configuration for IPv4 and IPv6 for a while. If you are interested in getting an IPv6 IP address please connect to ipv6.openvpn.ipredator.se. So far Linux and BSD work fine out of the box. Latest OSX seem to work well too. Please test IPv6, especially with Windows, and report any issues you can find. Keep in mind to configure your firewall properly for IPv6 to prevent accidental exposure of locally running services!

While you test things we will finish a few todos on our end for proper integration of IPv6 like updating the website content or supporting IPv6 on the resolvers.

Second session / NAT pool

You have been asking us to allow more than one session for quite some time now. The basic limitation for one session is that you get your own (rare) public IP address when you connect to the VPN. To work around that limitation you can now establish a second session to nat.openvpn.ipredator.se. This will give you a RFC1918 IP address from the 10.10.0.0/16 IPv4 range. A firewall does the NAT magic to multiplex your internet traffic with the one from other users.

We decided that VPN clients connected to the NAT pool should not be reachable to other VPN clients/users in the same network. This should help with clients that have no or weak firewall capabilities like phones or tablets. You cannot use the NAT tool for torrents or similar use cases that require an inbound port mapping. We are still working on a solution to allow you to map inbound ports.

The IPredator team

Maintenance done

Dear users,

the VPN and all other services are back online. We did updates on the core router and needed to reboot a few machines around it to deploy new kernels.

The IPredator team