Microsoft Point-to-Point Encryption

Microsoft Point-to-Point Encryption (MPPE) is a protocol for encrypting data across Point-to-Point Protocol (PPP) and virtual private network (VPN) links. It uses the RSA RC4 encryption algorithm. MPPE supports 40-bit, 56-bit and 128-bit session keys, which are changed frequently to improve security. The exact frequency that the keys are changed is negotiated, but may be as frequent as every packet.

MPPE alone does not compress or expand data, but the protocol is often used in conjunction with Microsoft Point-to-Point Compression which compresses data across PPP or VPN links.
Negotiation of MPPE happens within the Compression Control Protocol (CCP), a subprotocol of PPP. This can lead to incorrect belief that it is a compression protocol.

What is SSL VPN?

SSL or Secure Sockets Layer is a security protocol created by Netscape that has become an
international standard on the Internet for exchanging sensitive information between a website and the computer communicating with it, referred to as the client.
SSL technology is embedded in all popular browsers and engages automatically when the user connects to a web server that is SSL-enabled. It's easy to tell when a server is using SSL security because the address in the URL window of your browser will start with https. The "s" indicates a secure connection.

When your browser connects to an SSL server, it automatically asks the server for a digital Certificate of Authority (CA). This digital certificate positively authenticates the server's identity to ensure you will not be sending sensitive data to a hacker or imposter site. The browser also makes sure the domain name matches the name on the CA, and that the CA has been generated by a trusted authority and bears a valid digital signature. If all goes well you will not even be aware this handshake has taken place.

However, if there is a glitch with the CA, even if it is simply out of date, your browser will pop up a window to inform you of the exact problem it encountered, allowing you to end the session or continue at your own risk.

Once the handshake is completed, your browser will automatically encrypt all information that you send to the site, before it leaves your computer. Encrypted information is unreadable en route. Once the information arrives at the secure server, it is decrypted using a secret key. If the server sends information back to you, that information is also encrypted at the server's end before being sent. Your browser will decrypt it for you automatically upon arrival, then display it as it normally does.
For those running a secure server it is also possible to authenticate the client connecting to the server to ensure, for example, that the person is not pretending to be someone who has been granted restricted access. Another feature of SSL technology is the ability to authenticate data so that an interceder cannot substitute another transmission for the actual transmission without being detected.

Though SSL makes exchanging sensitive information online secure, it cannot guarantee that the information will continue to be kept secure once it arrives safely at the server. For assurance that sensitive information is handled properly once it has been received, you must read the site's privacy policy. It does little good to trust your personal data to SSL, if the people who ultimately have it will be sharing it with third parties, or keeping it on servers that are not bound by restricted access and other security protocols. Therefore it is always wise to read any site's privacy policy, which includes security measures, before volunteering your personal information online.

What is Internet Speed?

With Pro VPN the speeds of your internet connection should usually not be much less than normally.
Of course this depends on several factors like server load, distance to server, speeds of your ISP, etc.
Should your speeds be lower than expected, there are several things you can try to max out your speed:

• Change protocol (OpenVPN <> PPTP <> L2TP) and test again
• Switch server (nearest does not necessarily mean fastest!)
• Try using OpenVPN-UDP with our alternative clients - it's much faster than PPTP or usual OpenVPN. -> UDP
• Tweak your network settings as explained below.

Speedtest

To test your connection speed before and after tweaking anything, you can use e.g. 

• a speed test at http://www.speedtest.net
• download an test-file from qsc.de
• download a test torrent: Knoppix Torrent

Network tweaking

There are numerous ways to tweak your network-, TCP- and browser-settings.
All tools you will need are linked below.

Deactivate Halfopen-Limit (Windows)

First you should deactivate the limit for halfopen connections windows has. This archive (download) includes several tools for that: TCP-Z, Universal TCP/IP Patch, EvID (LvlLord Patch), TCP Patch.
Goal is to set the limit to 255 or deactivate it completely, depending on your operating system.

Network tweaking with TCP-Optimizer (Windows)

TCP-Optimizer is the best freeware tool for optimizing, tweaking and tuning network settings normal users don't have access to or know of.
It replaces all known Net-Tweak-Apps due its complexity. By using the presets (Windows Default, Current, Optimal, Custom) you can easily tweak all settings with one click.

• Download TCP-Optimizer: http://www.speedguide.net/files/TCPOptimizer.exe
• Documentation & Help: http://www.speedguide.net/tcpoptimizer.php
• FAQ: http://www.speedguide.net/faq_in.php?category=100
• Tutorial Videos: http://www.youtube.com/view_play_list?p=089D35A18C5211B4

Use the fastest DNS server (all operating systems)

With Tools like NameBench or browsermob-dns-perf you can test which is the fastest DNS server for you.
For most people it is Googles Public DNS (8.8.8.8 + 8.8.4.4) but they log your DNS queries.
There are others which are also fast and not from Google.

• How to change your DNS settings: See article DNS
• Download NameBench: https://code.google.com/p/namebench/downloads/list (Win/Mac/Linux)
• Download browsermob-dns-perf: http://wiki.hidemyass.com/images/Browsermob-dns-perf.zip (Win+Java)

Tweaking MacOSX

Unfortunately MacOSX does not have as many possible tweaks and networking related settings as Windows does, but still there are some things you can try:

TCP tweaks

• Start up a terminal window and run the following commands:
  sudo sysctl -w net.inet.tcp.rfc1323=1
  sudo sysctl -w kern.ipc.maxsockbuf=16777216
  sudo sysctl -w net.inet.tcp.sendspace=1048576
  sudo sysctl -w net.inet.tcp.recvspace=1048576

Apple broadband tuner:

• Installing this tool automatically sets the following settings:
  net.inet.tcp.sendspace: 131072
  net.inet.tcp.recvspace: 358400
  kern.ipc.maxsockbuf: 512000
  Download: http://support.apple.com/downloads/Broadband_Tuner_1_0

Additional:

• If you have a WLAN connection, change your routers channel and other WLAN related settings to see if you can get a better signal.
  Also, consider using a wired network setup instead of WLAN. It's more secure and always faster.
• Temporarily disable your firewall to see if this has a significant effect on your connection performance. If it does, check your firewalls settings,
  remove unnecessary rules or consider using a different firewall software.

Tweaking Linux

Please note that any of the following suggested modifications may improve performance and stability as well as make it worse.
To know if a setting has a positive, negative or any effect at all, it's a good idea to keep doing speedtests before and after each change.

• Modify TCP settings in sysctl.conf:
  Changing TCP settings on Linux is done by adding the corresponding lines at the end of the file /etc/sysctl.conf and then running "sysctl -p" to apply the changes.
  You should make a backup of the file (e.g. run "cp /etc/sysctl.conf /etc/sysctl.backup")
  
  net.core.rmem_max = 16777216
  net.core.wmem_max = 16777216
  net.ipv4.tcp_rmem = 4096 87380 16777216
  net.ipv4.tcp_wmem = 4096 65536 16777216
  net.ipv4.tcp_no_metrics_save = 1
  net.ipv4.tcp_congestion_control=htcp

• To increase TCP throughput, run this (replace eth0 with your network device identifier if different, e.g. wlan0):
  ifconfig eth0 txqueuelen 1000

• Disable auto-tuning to prevent unwanted behavior:
  sysctl -w net.ipv4.route.flush=1

• Modify TCP congestion control
  The sysctl variable net.ipv4.tcp_congestion_control is set to "reno" by default. You can set it to one of the following options:   
  
  reno: Traditional TCP used by almost all other OSes. (default)   
  bic: BIC-TCP   
  highspeed: HighSpeed TCP: Sally Floyd's suggested algorithm   
  htcp: Hamilton TCP   
  hybla: For satellite links   
  scalable: Scalable TCP 
  vegas: TCP Vegas  
  westwood: optimized for lossy networks
  
  E.g. run this:
  sysctl -w net.ipv4.tcp_congestion_control=htcp

• Disable segmentation offload, decreases performance but increases stability:
  ethtool -K eth0 tso off

Additional (all operating systems)

• Always make sure you have the latest available device drivers for your computer; Router firmware, ethernet-adapter and motherboard drivers, BIOS update, etc.
  If you have a network device from realtek, click here. Otherwise check the website of your motherboard/network-device manufacturer.
  Updating your operating system is also a good idea; you should regularly check WindowsUpdate.
• If you're using Firefox, check out the FasterFox add-on. It really improves surfing performance: FasterFox | FasterFox Extra | FasterFox Lite
• For testing your speeds, try the speedtest from above, or download an test-file from qsc.de, or download a test torrent: Knoppix Torrent
• For tweaking uTorrent Advanced Settings there are also several tutorials on this. None of them are perfect, you have to try each setting patiently until you're satisfied with the results. Checkout our article UTorrent for more Info.
• Old routers, or even new router that are provided to you by your internet provider, are often using outdated firmware or are technically badly manufactured. This can make a difference of multiple megabits - consider getting a better router!

Unnecessary protocols and services (Windows) On Windows, you should check the advanced settings of your network adapter in the Windows Network Center: It often contains unnecessary protocols and services that are slowing down your internet connection without being useful in any way. Disable, or better uninstall services like: QoS Packet Scheduler Virtualbox / VMware drivers, protocols and services Link-Layer Topology Bluetooth related Basically you can uninstall everything except Internet Protocol Version 4 (TCP/IPv4) This is the only thing that's essential for the internet connection to work. However, should you loose connectivity after changing anything here, you can just reboot your computer and reinstall the removed things again, one by one.

Links

• For more Downloads and Tweaks visit: http://www.speedguide.net/downloads.php
• Registry tweaks: http://www.speedguide.net/articles.php?category=93
• Downloads: http://www.speedguide.net/downloads.php
• Security Scan: http://www.speedguide.net/scan.php
• Tweaks for all operating systems: http://xgu.ru/wiki/TCP_tuning

What is UDP?

When connecting to HMA Pro VPN using OpenVPN protocol, all connections are made through TCP
protocol.
But there's a way to use UDP protocol instead, resulting in faster speeds and it's bypassing many restrictions for other protocols; like when you cannot connect at certain locations using PPTP or usual OpenVPN.
Since UDP protocol is not yet integrated into the HMA Pro VPN client, you'll have to use our alternative clients for Windows and Mac.

When following the tutorials below, make sure to use the UDP config files: http://newmastervpn.blogspot.com/2013/07/what-is-udp.html
not the TCP config files ( http://hidemyass.com/vpn-config/TCP/ ).


Instructions for Windows -> OpenVPN client
Instructions for Mac -> Tunnelblick
Instructions for Android -> Android
Instructions for iOS -> OpenVPN on IPad/IPhone/ITouch
 

• You can also use the VPN client Viscosity (trialware) for Windows and Mac.
• The Mac client Shimo (shareware) is also supported.

What is L2TP VPN?

In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support . It does not provide any encryption or confidentiality by itself; it relies on an encryption protocol that it passes within the tunnel to provide privacy.
virtual private networks (VPNs)
Although L2TP acts like a Data Link Layer protocol in the OSI model, L2TP is in fact a Session Layer protocol, and uses the registered UDP port 1701.

Encryption: The L2TP payload is encrypted using the standardized IPSec protocol. RFC 483578e9caae14728313c1edadf9673d19db_cfcd208495d565ef66e7dff9f98764da specifies either the 3DES or AES encryption algorithm for confidentiality. A 256 bit key will be used for encryption. (AES256 is the first publicly accessible and open cipher approved by the NSA for top secret information)
Ports used: L2TP/IPSEC uses UDP 500 for the the initial key exchange, protocol 50 for the IPSEC encrypted data (ESP), UDP 1701 for the initial L2TP configuration and UDP 4500 for NAT traversal. L2TP/IPSec is easier to block than OpenVPN due to its reliance on fixed protocols and ports.
Supported operating systems: Windows, Mac, Linux, iOS, Android, DD-WRT

The entire L2TP packet, including payload and L2TP header, is sent within a UDP datagram. It is common to carry Point-to-Point Protocol (PPP) sessions within an L2TP tunnel. L2TP does not provide confidentiality or strong authentication by itself. IPsec is often used to secure L2TP packets by providing confidentiality, authentication and integrity. The combination of these two protocols is generally known as L2TP/IPsec

L2TP/IPsec

Because of the lack of confidentiality inherent in the L2TP protocol, it is often implemented along with IPsec. This is referred to as L2TP/IPsec, and is standardized in IETF RFC 3193. The process of setting up an L2TP/IPsec VPN is as follows:

• Negotiation of IPsec security association (SA), typically through Internet key exchange (IKE). This is carried out over UDP port 500, and commonly uses either a shared password (so-called "pre-shared keys"), public keys, or X.509 certificates on both ends, although other keying methods exist.
• Establishment of Encapsulating Security Payload (ESP) communication in transport mode. The IP protocol number for ESP is 50 (compare TCP's 6 and UDP's 17). At this point, a secure channel has been established, but no tunneling is taking place.
• Negotiation and establishment of L2TP tunnel between the SA endpoints. The actual negotiation of parameters takes place over the SA's secure channel, within the IPsec encryption. L2TP uses UDP port 1701.

When the process is complete, L2TP packets between the endpoints are encapsulated by IPsec. Since the L2TP packet itself is wrapped and hidden within the IPsec packet, no information about the internal private network can be garnered from the encrypted packet. Also, it is not necessary to open UDP port 1701 on firewalls between the endpoints, since the inner packets are not acted upon until after IPsec data has been decrypted and stripped, which only takes place at the endpoints.

For a comparison between the VPN protocols OpenVPN, PPTP and L2TP please refer to the article: VPN protocol comparison

HideMyAss Pro VPN & L2TP

The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/

Instructions for Windows: The easiest way to connect via L2TP on Windows is to use our dialer: PPTP and L2TP Dialer for Windows For a detailed step-by-step tutorial with screenshots on how to create a manual L2TP connection, see: How to create a L2TP connection in Windows Quick manual setup instructions: Start > Control Panel > Network and Internet > Network And Sharing Center > Set up a new connection or network > Connect to a workplace > Next > Use my Internet Connection (VPN) Internet Address: The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/ Destination Name: Name it as you like. Eg: HMA! L2TP. Next Username: Your VPN username Password: Your PPTP password > Your PPTP password can be found at http://vpn.hidemyass.com > PPTP Servers > Login Details Domain: Leave it blank Go back to Network and Sharing Center > Change Adapter Settings > Select HMA! L2TP (the one you just created) > right click and Properties > Security tab > Type of VPN: L2TP/IPSec > Advanced Settings > Use Preshared Key for authentication > Key: HideMyAss > OK Connect!

Instructions for Mac: For step-by-step instructions with screenshots, see: Mac L2TP Connection Setup Quick manual setup instructions: System Preference > Network > click on the + button > Interface: VPN > VPN Type: L2TP over IPSec > Service Name: HMA L2TP > Create. Configuration: Default Server Address: The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/ Account Name: Your VPN username Authentication Settings: Password: Your PPTP password > Your PPTP password can be found at http://vpn.hidemyass.com > PPTP Servers > Login Details. Shared Secret: HideMyAss. > OK. Advanced.. > Options > Make sure ' Send all traffic over VPN Connection' is checked > OK Apply > Connect.

Instructions for Mac Tiger: Applications -> Internet Connect > File > New VPN Connection > L2TP over IPSec > Configuration: Edit Configurations Description: HMA L2TP Server address: The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/ Account name: VPN username > User Authentication: Your PPTP password ( found on http://vpn.hidemyass.com > PPTP Servers > Login Details) Machine Authentication: Shared Secret: HideMyAss > OK > Connect.

Instructions for DD-WRT routers: 1. Login to your DDWRT router's web interface. (usually http://192.168.1.1) 2. Setup 3. Basic Setup 4. Wan Setup > Connection Type: L2TP 5. Username: Your VPN Username 6. Password: Your L2TP/PPTP password > Your PPTP password can be found at http://vpn.hidemyass.com > PPTP Servers > Login Details. 7. Gateway: The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/. 8. Connection strategy: Keep Alive: Redial Period 180 seconds 9. STP: Disable 10. Leave everything as it is. 11. Save and Apply Settings.  For the complete tutorial, please refer to the article Router configuration

Instructions for iOS devices (IPhone / IPad / IPad2...) For a more info and a step-by-step tutorial, see the article Apple Quick manual setup instructions: Settings > General > Network > VPN > Add VPN Configuration... > L2TP Description: Anything. Eg: HMA L2TP Server: The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/ Account: Your VPN username RSA SecurID: Off Password: Your PPTP password > Your PPTP password can be found at http://vpn.hidemyass.com > PPTP Servers > Login Details Secret: HideMyAss Send All Traffic: On

Instructions for Android devices: For a more info and a step-by-step tutorial, see the article Android Quick manual setup instructions: Menu > Settings > Wireless and Network > VPN Settings > Add VPN > Add L2TP VPN VPN Name: Anything. Eg: HMA L2TP Set VPN Server: The L2TP server IPs can be found @ http://hidemyass.com/vpn-config/l2tp/ DNS Search domain: 4.4.4.4 (or any other DNS) Secret: Leave it OFF Tap Menu, and Save. Tap your new VPN connection in order to connect. Enter your credentials: Username: Your VPN username Password: Your PPTP password > Your PPTP password can be found at http://vpn.hidemyass.com > PPTP Servers > Login Details

Instructions for Linux: Please see the article Linux L2TP for instructions and tutorials about how to connect via L2TP on Linux.

What is Peerblock?

PeerBlock (formerly PeerGuardian) lets you control who your computer "talks to" on the Internet. By selecting appropriate lists of "known bad" computers, you can block communication with advertising or spyware oriented servers, computers monitoring your p2p activities, computers which have been "hacked", even entire countries! They can't get in to your computer, and your computer won't try to send them anything either.

Official website: http://www.peerblock.com

Download: PeerBlock-Setup_v1.1_r518.exe

You need Blocklists (also known as "Blacklists") for setting up PeerBlock to handle certain IP-ranges.

Get the IP-Blocklists @ IBlockList.com

Note that your IP-Blocklists shouldn't be too large. This slows down your internet and is the main reason when websites seem to be down, but actually the website's server IP is in the blocklists.

Peerblock and HMA! Pro VPN

You can decide to use HMA! Pro VPN together with Peerblock. This potentially increases security because it prevents connections to anti-P2P-companies, spammers, hackers etc. from being made. So it's actually a quite good idea to mix both services, but it can result in connectivity-problems.
Watch what you add into the blocklists or else you can't connect to

• Seeds & Peers
• certain websites
• your local network
• your router

It's easy to find out if Peerblock is the reason for your connectivity problems - just deactivate it and check again.
For prevent this problems from happening, you should only add anti-P2P-IPs into your blocklist-database and only things that are really dangerous for you.
In addition, most IPs in those blocklists are outdated long before you're using them. (-> dynamic IPs)

What is Firewall?

This summary is not available. Please click here to view the post.