What is UDP?

When connecting to HMA Pro VPN using OpenVPN protocol, all connections are made through TCP
protocol.
But there's a way to use UDP protocol instead, resulting in faster speeds and it's bypassing many restrictions for other protocols; like when you cannot connect at certain locations using PPTP or usual OpenVPN.
Since UDP protocol is not yet integrated into the HMA Pro VPN client, you'll have to use our alternative clients for Windows and Mac.

When following the tutorials below, make sure to use the UDP config files: http://newmastervpn.blogspot.com/2013/07/what-is-udp.html
not the TCP config files ( http://hidemyass.com/vpn-config/TCP/ ).


Instructions for Windows -> OpenVPN client
Instructions for Mac -> Tunnelblick
Instructions for Android -> Android
Instructions for iOS -> OpenVPN on IPad/IPhone/ITouch
 

• You can also use the VPN client Viscosity (trialware) for Windows and Mac.
• The Mac client Shimo (shareware) is also supported.

What is L2TP VPN?

In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support . It does not provide any encryption or confidentiality by itself; it relies on an encryption protocol that it passes within the tunnel to provide privacy.
virtual private networks (VPNs)
Although L2TP acts like a Data Link Layer protocol in the OSI model, L2TP is in fact a Session Layer protocol, and uses the registered UDP port 1701.

Encryption: The L2TP payload is encrypted using the standardized IPSec protocol. RFC 483578e9caae14728313c1edadf9673d19db_cfcd208495d565ef66e7dff9f98764da specifies either the 3DES or AES encryption algorithm for confidentiality. A 256 bit key will be used for encryption. (AES256 is the first publicly accessible and open cipher approved by the NSA for top secret information)
Ports used: L2TP/IPSEC uses UDP 500 for the the initial key exchange, protocol 50 for the IPSEC encrypted data (ESP), UDP 1701 for the initial L2TP configuration and UDP 4500 for NAT traversal. L2TP/IPSec is easier to block than OpenVPN due to its reliance on fixed protocols and ports.
Supported operating systems: Windows, Mac, Linux, iOS, Android, DD-WRT

The entire L2TP packet, including payload and L2TP header, is sent within a UDP datagram. It is common to carry Point-to-Point Protocol (PPP) sessions within an L2TP tunnel. L2TP does not provide confidentiality or strong authentication by itself. IPsec is often used to secure L2TP packets by providing confidentiality, authentication and integrity. The combination of these two protocols is generally known as L2TP/IPsec

L2TP/IPsec

Because of the lack of confidentiality inherent in the L2TP protocol, it is often implemented along with IPsec. This is referred to as L2TP/IPsec, and is standardized in IETF RFC 3193. The process of setting up an L2TP/IPsec VPN is as follows:

• Negotiation of IPsec security association (SA), typically through Internet key exchange (IKE). This is carried out over UDP port 500, and commonly uses either a shared password (so-called "pre-shared keys"), public keys, or X.509 certificates on both ends, although other keying methods exist.
• Establishment of Encapsulating Security Payload (ESP) communication in transport mode. The IP protocol number for ESP is 50 (compare TCP's 6 and UDP's 17). At this point, a secure channel has been established, but no tunneling is taking place.
• Negotiation and establishment of L2TP tunnel between the SA endpoints. The actual negotiation of parameters takes place over the SA's secure channel, within the IPsec encryption. L2TP uses UDP port 1701.

When the process is complete, L2TP packets between the endpoints are encapsulated by IPsec. Since the L2TP packet itself is wrapped and hidden within the IPsec packet, no information about the internal private network can be garnered from the encrypted packet. Also, it is not necessary to open UDP port 1701 on firewalls between the endpoints, since the inner packets are not acted upon until after IPsec data has been decrypted and stripped, which only takes place at the endpoints.

For a comparison between the VPN protocols OpenVPN, PPTP and L2TP please refer to the article: VPN protocol comparison

HideMyAss Pro VPN & L2TP

The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/

Instructions for Windows: The easiest way to connect via L2TP on Windows is to use our dialer: PPTP and L2TP Dialer for Windows For a detailed step-by-step tutorial with screenshots on how to create a manual L2TP connection, see: How to create a L2TP connection in Windows Quick manual setup instructions: Start > Control Panel > Network and Internet > Network And Sharing Center > Set up a new connection or network > Connect to a workplace > Next > Use my Internet Connection (VPN) Internet Address: The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/ Destination Name: Name it as you like. Eg: HMA! L2TP. Next Username: Your VPN username Password: Your PPTP password > Your PPTP password can be found at http://vpn.hidemyass.com > PPTP Servers > Login Details Domain: Leave it blank Go back to Network and Sharing Center > Change Adapter Settings > Select HMA! L2TP (the one you just created) > right click and Properties > Security tab > Type of VPN: L2TP/IPSec > Advanced Settings > Use Preshared Key for authentication > Key: HideMyAss > OK Connect!

Instructions for Mac: For step-by-step instructions with screenshots, see: Mac L2TP Connection Setup Quick manual setup instructions: System Preference > Network > click on the + button > Interface: VPN > VPN Type: L2TP over IPSec > Service Name: HMA L2TP > Create. Configuration: Default Server Address: The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/ Account Name: Your VPN username Authentication Settings: Password: Your PPTP password > Your PPTP password can be found at http://vpn.hidemyass.com > PPTP Servers > Login Details. Shared Secret: HideMyAss. > OK. Advanced.. > Options > Make sure ' Send all traffic over VPN Connection' is checked > OK Apply > Connect.

Instructions for Mac Tiger: Applications -> Internet Connect > File > New VPN Connection > L2TP over IPSec > Configuration: Edit Configurations Description: HMA L2TP Server address: The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/ Account name: VPN username > User Authentication: Your PPTP password ( found on http://vpn.hidemyass.com > PPTP Servers > Login Details) Machine Authentication: Shared Secret: HideMyAss > OK > Connect.

Instructions for DD-WRT routers: 1. Login to your DDWRT router's web interface. (usually http://192.168.1.1) 2. Setup 3. Basic Setup 4. Wan Setup > Connection Type: L2TP 5. Username: Your VPN Username 6. Password: Your L2TP/PPTP password > Your PPTP password can be found at http://vpn.hidemyass.com > PPTP Servers > Login Details. 7. Gateway: The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/. 8. Connection strategy: Keep Alive: Redial Period 180 seconds 9. STP: Disable 10. Leave everything as it is. 11. Save and Apply Settings.  For the complete tutorial, please refer to the article Router configuration

Instructions for iOS devices (IPhone / IPad / IPad2...) For a more info and a step-by-step tutorial, see the article Apple Quick manual setup instructions: Settings > General > Network > VPN > Add VPN Configuration... > L2TP Description: Anything. Eg: HMA L2TP Server: The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/ Account: Your VPN username RSA SecurID: Off Password: Your PPTP password > Your PPTP password can be found at http://vpn.hidemyass.com > PPTP Servers > Login Details Secret: HideMyAss Send All Traffic: On

Instructions for Android devices: For a more info and a step-by-step tutorial, see the article Android Quick manual setup instructions: Menu > Settings > Wireless and Network > VPN Settings > Add VPN > Add L2TP VPN VPN Name: Anything. Eg: HMA L2TP Set VPN Server: The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/ DNS Search domain: 4.4.4.4 (or any other DNS) Secret: Leave it OFF Tap Menu, and Save. Tap your new VPN connection in order to connect. Enter your credentials: Username: Your VPN username Password: Your PPTP password > Your PPTP password can be found at http://vpn.hidemyass.com > PPTP Servers > Login Details

Instructions for Linux: Please see the article Linux L2TP for instructions and tutorials about how to connect via L2TP on Linux.

What is Peerblock?

PeerBlock (formerly PeerGuardian) lets you control who your computer "talks to" on the Internet. By selecting appropriate lists of "known bad" computers, you can block communication with advertising or spyware oriented servers, computers monitoring your p2p activities, computers which have been "hacked", even entire countries! They can't get in to your computer, and your computer won't try to send them anything either.

Official website: http://www.peerblock.com

Download: PeerBlock-Setup_v1.1_r518.exe

You need Blocklists (also known as "Blacklists") for setting up PeerBlock to handle certain IP-ranges.

Get the IP-Blocklists @ IBlockList.com

Note that your IP-Blocklists shouldn't be too large. This slows down your internet and is the main reason when websites seem to be down, but actually the website's server IP is in the blocklists.

Peerblock and HMA! Pro VPN

You can decide to use HMA! Pro VPN together with Peerblock. This potentially increases security because it prevents connections to anti-P2P-companies, spammers, hackers etc. from being made. So it's actually a quite good idea to mix both services, but it can result in connectivity-problems.
Watch what you add into the blocklists or else you can't connect to

• Seeds & Peers
• certain websites
• your local network
• your router

It's easy to find out if Peerblock is the reason for your connectivity problems - just deactivate it and check again.
For prevent this problems from happening, you should only add anti-P2P-IPs into your blocklist-database and only things that are really dangerous for you.
In addition, most IPs in those blocklists are outdated long before you're using them. (-> dynamic IPs)

What is Firewall?

This summary is not available. Please click here to view the post.

What is OpenVPN

OpenVPN (open source virtual private network) is an open source virtual private network (VPN) product that offers a simplified security framework, a modular network design and cross-platform portability. OpenVPN is licensed under the GNU General Public License (GPL). It includes several techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses SSL/TLS security for encryption and is capable of traversing network address translators (NATs) and firewalls. It was published under the GNU General Public License (GPL).
OpenVPN allows peers to authenticate each other using a pre-shared secret key, certificates, or username/password. When used in a multiclient-server configuration, it allows the server to release an authentication certificate for every client, using signature and Certificate authority. It uses the OpenSSL encryption library extensively, as well as the SSLv3/TLSv1 protocol, and contains many security and control features. It is sometimes used by computer gamers as a way of accessing LAN games over the internet.

Encryption: OpenVPN uses the OpenSSL library to provide encryption. OpenSSL supports a number of different cryptographic algorithms such as 3DES, AES, RC5, Blowfish. 128 bit Blowfish encryption with a A 1024 bit key will be used for encryption, while 256bit encryption is used for the control channel (password, authentication, etc.)
Ports used: OpenVPN can be easily configured to run on any port using either UDP or TCP. To easily bypass restrictive firewalls, OpenVPN can be configured to use TCP on port 443 which is indistinguihasble from standard HTTP over SSL making it extremely difficult to block. For UDP we are using port 53. The OpenVPN management port is 13010.
Supported operating systems: Windows, Mac, Linux, iOS (?), DD-WRT

Advantages

• Security provisions that function against both active and passive attacks.
• Compatibility with all major operating systems.
• High speed (1.4 megabytes per second is typical).
• Ability to configure multiple servers to handle numerous connections simultaneously.
• All encryption and authentication features of the OpenSSL library.
• Advanced bandwidth management.
• A variety of tunneling options.
• Compatibility with smart cards that support the Windows Crypto application program interface (API).

Comparison to other protocols

Personal experiences may differ, so bare with me if you have a different opinion. You can discuss your speed experiences with and without VPN in the HMA Forums (http://forum.hidemyass.com).
Several people agree that OpenVPN is faster than PPTP as protocol for VPN connections. Of course this depends on many other factors and can thereby be different on every computer, internet connection and network.
It's also safer than PPTP and has a high compatibility; it's supported by numerous operating systems and devices.

What is PPTP VPN?

The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.
The PPTP specification does not describe encryption or authentication features and relies on the PPP protocol being tunneled to implement security functionality. However the most common PPTP implementation, shipping with the Microsoft Windows product families, implements various levels of authentication and encryption natively as standard features of the Windows PPTP stack. The intended use of this protocol is to provide similar levels of security and remote access as typical VPN products.
Encryption: The PPP payload is encrypted using Microsoft's Point-to-Point Encryption protocol (MPPE). MPPE implements the RSA RC4 encryption algorithm with a maximum of 128 bit session keys.
Ports used: PPTP uses TCP port 1723 and GRE (Protocol 47). PPTP can be easily blocked by restricting the GRE protocol.
Supported operating systems: Windows, Mac, Linux, iOS, Android, DD-WRT

Also supported: OpenWRT, Tomato, Mikrotik, DrayTek, BoxeeBox, Touchpad...

Comparison to other VPN protocols

PPTP often seems to be slower than OpenVPN and it's security is mainly estimated to be lower than with other protocols. However, the feeling of speed is subjective; there are many factors that determine the connection speed, like network, ISP, ethernet adapter, operating system, etc. If you're having speed issues, check this page: Speed

For a comparison between the VPN protocols OpenVPN, PPTP and L2TP please refer to the article: VPN protocol comparison

Guides for setting up PPTP-connections

• Windows:
  • Dialer with all VPN servers included (all windows versions): PPTP and L2TP Dialer for Windows
  • Manual connection on Windows XP: newmastervpn.blogspot.com/2013/04/how-to-create-pptp-connection-on.html
• Mac: Mac PPTP Connection Setup (Tutorial)
• iPhone/iPad: newmastervpn.blogspot.com/2013/04/how-to-setup-pptp-connection-for-iphone.html
• Android: http://vpn.hidemyass.com/vpncontrol/pptp/android.html
• HP Touchpad: http://vpn.hidemyass.com/vpncontrol/pptp/hptouchpad.html

More PPTP guides, L2TP and OpenVPN instructions and tutorials for other operating systems and devices can be found @ Connection Instructions

Troubleshooting

Windows
If you're unable to connect via PPTP protocol with our HMA Pro VPN client, the first thing you should do is to uninstall our client, reboot your computer and reinstall our client. This will revert all settings back to default and often solves the problem.
If the problem remains, or if you're using a manual PPTP connection (WinXP: newmastervpn.blogspot.com/2013/04/how-to-create-pptp-connection-on.html - Win Vista / 7: http://vpn.hidemyass.com/vpncontrol/pptp/7.html), your problem may be caused by non-activated services.

This PPTP issue may occur if the following windows services are disabled:
• Telephony
• Remote Access Connection Manager
• Remote Access Auto Connection Manager

To resolve this issue, enable the disabled services, then start the services, and set them to automatic.
Either do it manually as described below, or let a batch script do it for you: startservices.bat

1. Click Start, right-click My Computer, and then click Manage.
2. Double-click Services and Applications, and then double-click Services.
3. Right-click Telephony, and then click Properties.
4. On the General tab, click Manual next to Startup type.
5. On the General tab, click Start under Service status, and then click OK.
6. Repeat steps 3 - 5 for the Remote Access Connection Manager service and for the Remote Access Auto Connection Manager service.

This applies to:
• Microsoft Windows XP Professional Edition
• Microsoft Windows XP Home Edition

With Windows Vista and Win7 configuring services may be a little different. In your start menu type in the search field: "Component Services". Run it. Find "Services" and make sure you enable the services mentioned.

Java

What is Java?

Java Platform, Standard Edition or Java SE is a widely used platform for programming in the Java language. It is the Java Platform used to deploy portable applications for general use. In practical terms, Java SE consists of a virtual machine, which must be used to run Java programs, together with a set of libraries (or "packages") needed to allow the use of file systems, networks, graphical interfaces, and so on, from within those programs.

Why do I need Java?

There are lots of applications and websites that won't work unless you have Java installed, and more are created every day. Java is fast, secure, and reliable. From laptops to datacenters, game consoles to scientific supercomputers, cell phones to the Internet, Java is everywhere.
You need java for Javascripts, Java-Applets, .jar-files and many applications.

Why should I have the latest version?

The latest Java version contains important enhancements to improve performance, stability and security of the Java applications that run on your machine. Installing the latest update will ensure that your Java applications continue to run safely and efficiently.
You should regularly update Java for avoid bad things like getting hacked, computer crashes, instability, performance slowdown, etc. . If your computer is somewhat older and Java-applications take all system resources, an update may improve the performance of all java-based programs. Keep also in mind that running older versions of any software, and especially software like Java, is a security risk.

Where to get Java

You can download the latest version of Java for your computer at the official website:
http://www.java.com/en/download/index.jsp

Privacy & Java

When using proxies (IP:Port proxies or Webproxies), your real IP can be revealed by Java. This means, every website that uses Java can identify you online. You can test this @ IP-score.com.
To avoid this, you can disable Javascript either in your browser's settings (in case you're using IP:Port proxies).
Or disable Javascript in the settings of your webproxy (*[http://hidemyass.com/proxy @ "Advanced option")

The same goes for Flash, Silverlight, Windows Media Player and several other plugins/add-ons. They all might reveal your real identity. The reason for this is that a usual proxy works only within your browser; but plugins and add-ons work like independent applications, so your proxy may get ignored by them. Note: This can happen only with webproxies and IP:Port proxies. When using HMA's Pro VPN service, your real IP will be safe in these cases.