What is OpenSSL VPN?

OpenSSL is an open-source implementation of the SSL and TLS protocols. The core library, written C programming language, implements the basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available.
in the

Versions are available for most Unix-like operating systems (including Solaris, Linux, Mac OS X and the various open source BSD operating systems), OpenVMS and Microsoft Windows. IBM provides a port for the System i (OS/400). OpenSSL is based on SSLeay by Eric A. Young and Tim Hudson, development of which unofficially ended around December 1998, when Young and Hudson both started to work for RSA Security.

FIPS 140-2 compliance

As of December 2012, OpenSSL is one of two open source programs to be involved with validation under the FIPS 140-2 computer security standard by the National Institute of Standards and Technology's (NIST) Cryptographic Module Validation Program (CMVP). (OpenSSL itself is not validated, but a component called the OpenSSL FIPS Object Module, based on OpenSSL, was created to provide many of the same capabilities).
A certificate was first awarded in January 2006 but revoked in July 2006 "when questions were raised about the validated module’s interaction with outside software." The certification was reinstated in February 2007.

Licensing

OpenSSL is "dual licensed" under the OpenSSL License and the SSLeay License. The OpenSSL License is Apache License 1.0 and SSLeay License is a 4-clause BSD License. The common usage of the term dual-license is that the user may pick which license they wish to use. However, OpenSSL documentation uses the term dual-license to mean that both licenses apply.

As the OpenSSL License is Apache License 1.0, but not Apache License 2.0, it requires the phrase This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/) to appear in advertising material and any redistributions (Sections 3 and 6 of the OpenSSL License). Due to this restriction, the OpenSSL License and the Apache License are incompatible with the GPL. Some GPL developers have added an OpenSSL exception to their licenses specifically allowing OpenSSL to be used with their system. GNU Wget and climm both use such exceptions. Some packages (like Deluge) explicitely modify the GPL license by adding an extra section at the beginning of the license documenting the exception. Other packages use the LGPL licensed GnuTLS which performs the same task.

Vulnerability in the Debian implementation

In order to keep a warning from being issued by the Valgrind analysis tool, a maintainer of the Debian distribution applied a patch to the Debian implementation of the OpenSSL suite, which inadvertently broke its random number generator in the process. The broken version was included in the Debian release of September 17, 2006 (version 0.9.8c-1). Any key generated with the broken random number generator, as well as data encrypted with such a key, was compromised. The error was reported by Debian on May 13, 2008.
On the Debian 4.0 distribution (etch), these problems were fixed in version 0.9.8c-4etch3 and for the Debian 5.0 distribution (lenny), these problems were fixed in version 0.9.8g-9.

What is IPsec VPN?

Short for IP Security, a set of protocols developed by the IETF to support secure exchange of packets
IPsec supports two encryption modes: Transport and Tunnel. Transport mode encrypts only the data portion (payload) of each packet, but leaves the header untouched. The more secure Tunnel mode encrypts both the header and the payload. On the receiving side, an IPSec-compliant device decrypts each packet.
at the IP layer. IPsec has been deployed widely to implement Virtual Private Networks (VPNs).

For IPsec to work, the sending and receiving devices must share a public key. This is accomplished through a protocol known as Internet Security Association and Key Management Protocol/Oakley (ISAKMP/Oakley), which allows the receiver to obtain a public key and authenticate the sender using digital certificates.

Internet Protocol security (IPsec) uses cryptographic security services to protect communications over Internet Protocol (IP) networks. IPsec supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection.
IPsec is implemented into all newer versions of Microsoft Windows.

How to setup Mac PPTP connection

Import preconfigured PPTP/L2TP connection

You can now also just download a .zip file, which contains a preconfigured PPTP and L2TP connection. You can just import them to your network center by doubeclicking: http://hmastuff.com/HMA_Mac_PPTP_L2TP.zip Of course you still need to enter your VPN account username, PPTP password and enter the IP of the  VPN server you want to connect to. Alternatively, create the PPTP connection manually as explained below ->

How to create a manual PPTP connection on Mac This tutorial will explain how to create a manual PPTP connection on Mac, in case you don't want to use our client. It has been made on Mac OS Leopard on a virtual machine, so excuse me if it should be a little different on your machine. Click on the Apple icon, then on "System preferences"  Click on "Network" in the "Internet & Network" department The network center appears. Do not change anything here yet. Click on the "+" at the bottom left of this window.  Here, click on the Up+Down arrows, right next to the interface selection. You need to select "VPN" here.  In this tutorial we want to create a PPTP connection. If you want to create a L2TP connection, see this tutorial: Mac L2TP Connection Setup  In "Service Name", enter anything you want. This is just the name for the connection. It will make it easier to select a connection, if you have multiple of those. I use "HMA VPN". If you also want to create a L2TP connection later, better use "HMA PPTP VPN" here, or something like that. In "Server Adress", enter any of the PPTP server IPs you can find in the VPN control panel (http://vpn.hidemyass.com - "PPTP servers") Below, in the "Account Name" field, enter your VPN account username. Check "Show VPN status in menu bar". Now please go to "Authentication settings"  Select "Password" and enter your PPTP pasword. Note: This is not your account password. You can find your PPTP password in the VPN control panel ( http://vpn.hidemyass.com ) in "PPTP servers"  Now go to "Advanced..." It's absolute important to select "Send all traffic over VPN connection". Otherwise the VPN will have no effect on your machine. Now you're done.  Click on "OK". Back in the network window, click on "Apply" and close the network manager.  Now, back on your desktop, click the network icon in the top right and select "Connect to HMA VPN" or whatever you called your new connection.  It will now connect and authenticate. As soon as you see the running time, that means you're connected. But we should make sure first your really secure now. So please open Safari browser.  Visit this website: http://ipaddress.com (or any other IP verifying website, like http://www.ip-score.com) You should now see that your IP, location and internet provider is different than usual. That means you're succesfully connected. Well done!

How to work VPN with Tunnelblick

How to use our alternative client Tunnelblick with the HMA Pro VPN TCP+UDP OpenVPN-config files 1. Download Tunnelblick from   http://code.google.com/p/tunnelblick/wiki/DownloadsEntry?tm=2 2. Install Tunnelblick by following the on screen instructions     3. Launch Tunnelblick

4. Add configuration files by clicking on ‘I have configuration files’.     5. Select ‘OpenVPN Configuration(s)’     6. Select ‘Open Private Configurations Folder’     7. A new window with the folder ‘Configurations’ will appear. 8. Now you need the OpenVPN config files for Tunnelblick. Attention: We received reports that on some systems the Tunnelblick does not work with the standard HMA *.ovpn config files. If this is the case, use this Mac-versions instead (outdated - for newest servers, use the links below): http://hmastuff.com/MacOSx_TunnelblickViscosity_HMAConfigFiles_TCPandUDP.zip Standard versions: TCP and UDP config files can be downloaded as single files @ http://hidemyass.com/vpn-config/TCP/ and http://hidemyass.com/vpn-config/UDP/ or completely as .ZIP archive @ http://hidemyass.com/vpn-config/vpn-configs.zip Extract the entire contents into the ‘Configurations’ folder. 9. Launch Tunnelblick from ‘Applications’ 10. Click on Tunnelblick icon on taskbar. 11. A drop down menu will appear.   12.  Select a VPN location you would like to connect to and it will prompt you for your HMA VPN username and password.     13. It will now attempt to connect.   14. Once connected, you can verify the IP address by going to http://ip-adress.com or http://ip2location.com 15. Congratulations! You are now connected to the VPN.

How to Setup Mac L2TP connection

Instructions for Mac Lion / Leopard / Snow Leopard: For step-by-step instructions with screenshots, scroll down. System Preference > Network > click on the + button > Interface: VPN > VPN Type: L2TP over IPSec > Service Name: HMA L2TP > Create. Configuration: Default Server Address: The L2TP server IPs can be found @ http://newmastervpn.blogspot.com/2013/07/what-is-l2tp-vpn.html Account Name: Your VPN username Authentication Settings: Password: Your PPTP Password. Please log in to http://vpn.hidemyass.com > PPTP Servers. You will see a different password there, use that. Shared Secret: HideMyAss Advanced.. > Options > Make sure ' Send all traffic over VPN Connection' is checked > OK Apply > Connect.

Instructions for Mac Tiger: Applications -> Internet Connect > File > New VPN Connection > L2TP over IPSec > Configuration: Edit Configurations > Description: HMA L2TP >The L2TP server IPs can be found @ http://newmastervpn.blogspot.com/2013/07/what-is-l2tp-vpn.html. > Account name: VPN username > User Authentication: Your PPTP password ( found on http://vpn.hidemyass.com > PPTP Servers > Login Details) > Machine Authentication: Shared Secret: HideMyAss > OK > Connect.

This tutorial will explain how to create a manual L2TP connection on Mac, in case you don't want to use our client. It has been made on Mac OS Leopard on a virtual machine, so excuse me if it should be a little different on your machine.  Click on the Apple icon, then on "System preferences"  Click on "Network" in the "Internet & Network" department The network center appears. Do not change anything here yet. Click on the "+" at the bottom left of this window.  Here, click on the Up+Down arrows, right next to the interface selection. You need to select "VPN" here.  In this tutorial we want to create a L2TP connection. If you want to create a PPTP connection, see this tutorial: Mac PPTP Connection Setup  In "Service Name", enter anything you want. This is just the name for the connection. It will make it easier to select a connection, if you have multiple of those. I use "HMA L2TP VPN". In "Server Address", enter any of the L2TP server IPs from the list @ http://hidemyass.com/vpn-config/l2tp/ Below, in the "Account Name" field, enter your VPN account username. Check "Show VPN status in menu bar". Now please go to "Authentication settings"  Select "Password" and enter your PPTP pasword. Note: This is not your account password. You can find your PPTP password in the VPN control panel (http://vpn.hidemyass.com) in "PPTP servers" In the field "Shared secret", enter "HideMyAss" (without quotes, case sensitive!)  Now go to "Advanced..." It's absolute important to select "Send all traffic over VPN connection". Otherwise the VPN will have no effect on your machine. Now you're done.  Click on "OK". Back in the network window, click on "Apply" and close the network manager.  Now, back on your desktop, click the network icon in the top right and select "Connect to HMA L2TP VPN" or whatever you called your new connection.  It will now connect and authenticate. As soon as you see the running time, that means you're connected. But first we should make sure that you're really secure now. So please open Safari browser.  Visit this website: http://ipaddress.com (or any other IP verifying website, like http://www.ip-score.com) You should now see that your IP, location and internet provider is different than usual. That means you're succesfully connected. Well done!

How to work VPN in Shimo?

Shimo is a nice VPN client for Mac - it supports OpenVPN, PPTP, L2TP protocol.
But that's not all, it also supports Hamaichi, SSH, Racoon/IPsec, vpnc and Cisco.
Download -> http://www.macupdate.com/app/mac/22929/shimo

• PPTP: Creating a PPTP connection with Shimo works through the built-in VPN client of MacOS, so it works exactly like explained in our Mac PPTP Tutorial

• L2TP: Creating a L2TP connection with Shimo works through the built-in VPN client of MacOS, so it works exactly like explained in our Mac L2TP Tutorial

• OpenVPN: Shimo has an built-in OpenVPN client that works with our VPN config files
  But you probably need to use special Mac-modified versions of the HMA config files, which can be downloaded here: http://hmastuff.com/MacOSx_TunnelblickViscosity_HMAConfigFiles_TCPandUDP.zip
• The latest config files can be found
  @ http://hidemyass.com/vpn-config/TCP/
  and http://newmastervpn.blogspot.com/2013/07/what-is-udp.html
  or completely as .ZIP archive @ http://hidemyass.com/vpn-config/vpn-configs.zip

• You can import them in the Preferences>Profile section,
  by clicking on the "+" and then select "Import from: OpenVPN Config".

• Should you use the standard HMA config files and not the modified versions mentioned above, you need to modify them by navigating to:
  Preferences>Profiles>Edit>Custom/Routes
• Remove this lines:
• show-net-up
• dhcp-renew
• dhcp-release

That's all - you're now connected :)

How Microsoft Point-to-Point Compression Works?

Microsoft Point-to-Point Compression (described in RFC 2118) is a streaming data compression algorithm based on an implementation of Lempel–Ziv using a sliding window buffer. According to Hifn's IP statement, MPPC is patent-encumbered.

Where V.44 or V.42bis operate at layer 1 on the OSI model, MPPC operates on layer 2, giving it a significant advantage in terms of computing resources available to it. The dialup modem's in-built compression (V.44 or V.42bis) can only occur after the data has been serially transmitted to the modem, typically at a maximum rate of 115,200 bit/s. MPPC, as it is controlled by the operating system, can receive as much data as it wishes to compress, before forwarding it on to the modem.
The modem's hardware must not delay data too much, while waiting for more to compress in one packet, otherwise an unacceptable latency level will result. It also cannot afford to, as this would require both sizable computing resources (on the scale of a modem) as well as significant buffer RAM. Software compression such as MPPC is free to use the host computer's resources which will typically include a CPU of several hundred megahertz and several hundred megabytes of RAM; Greater computing power than the modem by several orders of magnitude. This allows it to keep a much larger buffer to work on at any one time, and it processes through a given amount of data much faster.

The end result is that where V.44 may achieve a maximum of 4:1 compression (230 kbit/s) but is usually limited to 115.2 kbit/s, MPPC is capable of a maximum of 8:1 compression (460 kbit/s). MPPC also, given the far greater computing power at its disposal, is more effective on data than V.44 and achieves higher compression ratios when 8:1 isn't achievable.