OpenVPN Security Advisory: Dec 14, 2018
Action needed: Important update for OpenVPN Access Server

What Is A VPN?

The internet has changed the world — which means it’s changed the way many crimes are committed. Today, you are more likely to be the victim of a cyberattack than you are to be in a car accident, or to experience a physical break-in. Criminals know cybercrime has a much higher ROI — which means it has a much higher risk for you.

According to the 2018 McAfee’s Economic Impact of Cyber Crime, “Cybercrime is relentless, undiminished, and unlikely to stop. It is just too easy and too rewarding, and the chances of being caught and punished are perceived as being too low.”

If you don’t protect yourself online, you are setting yourself up for massive failure. But fortunately, there is a very simple solution: using a reputable VPN on your devices mitigates many risks posed by cybercriminals.

What is a VPN?

VPN stands for Virtual Private Network. It is essentially a tunnel that allows your information to travel online securely, providing you with a safe way to access a private network or the public internet. A VPN works by encrypting your data, which means your data is translated into a code that only the VPN server can decipher. It also masks your IP address (or digital footprint, as it’s often referred to), which makes you unrecognizable to Internet Service Providers (ISPs) and the rest of the internet in general.

When you connect to the internet, you connect through an Internet Service Provider’s (ISP’s) server, or Network Access Point. When you connect to the ISP server, the ISP server assigns an IP address to the device you are currently using. This means when you are connected directly to the ISPs network, they can view and monitor your browsing.

When you use a Virtual Private Network, you are connecting to the VPN server first — so the VPN server is the one that assigns the IP address to your device, rather than the ISP server. You are still able to access the internet through your ISP, but the new IP address coupled with heavy encryption means your ISP is not able to track your internet activities. Data limits apply even when using a VPN, and VPNs do use data, but the ISP will not actually be able to see the data itself.

These benefits are not only instrumental in protecting yourself from being monitored by your ISP, but they also protect you from cybercriminals looking to steal your information. A good VPN service will keep you anonymous by changing your IP address, and will utilize high-end security features to prevent hackers from accessing the private tunnel your data is in. And even if a hacker is advanced enough to access the tunnel, a good VPN will have military-grade encryption so that no one can steal your data, even if they can see it.

loading

A VPN For Business

If you work for a company that has a private network you access at the office, a VPN will allow you to virtually access that network safely from a remote location — rather than exposing yourself and your company to cyber threats.

A VPN AT HOME

A VPN provides private, secure access to the public internet from wherever you are. That way, even if you’re on public Wi-Fi, your connection is encrypted — which means prying eyes won’t be able to read it.

A VPN Is NOT:

Many people think VPNs and Proxy Servers are the same thing, but that could not be further from the truth. Like VPNs, Proxy Servers mask your IP address so that it appears your internet activity is coming from somewhere else. But that’s where the similarities end. Proxy Servers offer no encryption or tunneling, so while they might keep you relatively anonymous, they will not keep your information private or protected. A VPN provides you with more privacy, more security, more website access, and more anonymity.

It is important to keep in mind that a VPN is not able to protect your data once it has left the private tunnel. Your information is decrypted upon submission to another website, so if you submit your information to a website that is compromised, your information could be at risk. A VPN keeps your information safe in transit, but it is still up to you to ensure you are only submitting your info to trustworthy websites.

Why Should I Use a VPN?

There are so many tools available on the Internet: streaming services, social networking, instant messaging, access to remote employment and education, and much more. These are all meant for public use, which means the servers on the Internet offering these services are meant to be accessed by anyone.

"Using unsecured internet without a VPN is the equivalent of leaving for work with all the doors to your house wide open — and all of your valuable possessions lying within eyesight."

While these servers are meant to serve legitimate users, their exposure to the Internet means that servers on the ‘public network’ are open to probing and attacks from cybercriminals. These hackers probe for security weaknesses and exploit them to access your sensitive information.

Anyone who accesses unsecured networks is a potential target for a cyberattack. Every time you access an unsecured internet connection, you expose yourself to an extreme amount of risk.

A lot of people have an invincible mentality; we believe it could never happen to us, right? But nobody is invincible — and no person or business is immune to cyberattacks. It could happen to you, and if you aren’t actively defending yourself and your livelihood it probably will. Think about all the times you might access the internet while away from home or the office: scrolling through Facebook newsfeeds while in line to order coffee, doing some online shopping on the train, catching up on last minute work at the airport...

At risk:

Passwords

Bank Account Information

Credit Card Numbers

Business Data

There are countless times that people want or need to connect to public Wi-Fi. And unless you are logged into a private Wi-Fi network that requires a password, any data transmitted during your online session becomes fair game to anybody with the tools and desire to attack.

A  2018 study found 36% of polled consumers were aware they had been hacked at least once, and 12% admitted they might have been hacked, but weren’t sure.

And these individuals were all most likely hacked while connected to public internet, without securing their connection with a VPN. The best way to protect sensitive data and applications is to restrict access to them.

At that rate, the bad guys don’t even have to try — they can just walk right in and take whatever they want. In order to close and lock your “cyber door” and keep your valuable information hidden, you need to use a VPN.

Is Using a VPN Safe?

While no online security method is 100% impenetrable, VPNs are one of the most effective means of maintaining online privacy.

There is virtually no risk for the average user, with one notable exception: when an individual chooses the wrong VPN. Not all VPNs are created equal – using the wrong VPN can be even more dangerous than not using one at all.

“Choosing a VPN without carefully vetting your provider could leave you unprotected and subject to risky liability issues — you may even accidentally download malware in the process.”

Francis Dinha, CEO of OpenVPN

Malware hidden inside VPNs often steal your data, which can be used to:

  • Bombard you with ads and spam emails
  • Control your online accounts
  • Steal your financial information
  • Steal your digital goods or products
  • Lock you out of your device until you pay (ransomware)

The wrong VPN can open you up to the very things you are trying to avoid. It’s important that you do your due diligence when selecting a VPN, because while the risk of cyberattack is very real without one, cyberattack is practically a guarantee when you use a bad VPN product. There are four critical protocols to ensure you are choosing a good VPN:

  1. Review their reputation: Don’t ever use a VPN you are not familiar with. Just like you wouldn’t give a stranger unlimited access to your home, you shouldn’t give unfamiliar programs access to your private data.
  2. Determine your standards: Look for a VPN that can provide evidence that it follows industry standards. Make sure you only consider providers that are peer-reviewed and follow U.S. laws and regulations.
  3. Factor in the cost: There really is no such thing as free, and a free VPN can actually do more harm than not using one at all (we address this further in the following section). Instead of falling for the ruse of a “free” VPN, look for a low-cost provider.
  4. Look for full-scale implementation: Find a VPN provider that covers all of the bases. Many offer weak security protocols which won’t protect you thoroughly.
In addition to those protocols, choose a VPN provider that:
  • Adheres to the OpenVPN industry standard
  • Has reliable, top-notch encryption
  • Provides a dedicated IP address
  • Provides hotspot protection
  • Respects your privacy
  • Provides server locations to suit your needs
  • Has lots of legitimate POSITIVE reviews
  • Has 24/7 customer support
  • Is recommended by people you trust

Despite the fact that VPNs are the best option for online security, only one in four people globally use VPNs consistently. That means 75% of internet users are at an exponentially greater risk of a cyberattack. If you’re a part of the vast majority of people using the internet without protection, it is in your best interest to download a reputable VPN immediately. Private Tunnel offers a free 7-day trial to get you protected right away. Why not give it a try?

Download Private Tunnel

Is a VPN Free To Use?

Fact: There is no such thing as a truly free VPN.

VPNs cost the provider a large amount of money to develop and operate, so if they are not charging you to use their product, be advised: that means YOU are the product. Free VPNs often log and keep track of your IP address, your browsing history, the types of sites you visit, even your personal information, and often sell your data to third parties — which means these free VPNs are exposing you to the very risks they are supposed to block. That isn’t free. If you use a “free” VPN, be aware that you will lose privacy when it comes to:

  • Your browsing preferences
  • Your online habits
  • Your email address
  • Your phone number

By using a “free” VPN, you are actually putting your privacy at even greater risk. Plus, a lot of “free” VPNs are inferior products that throttle your internet speeds to the point of being virtually unusable. It’s true that you get what you pay for, and when you aren’t paying, you aren’t really getting anything at all.

Free VPNs:

  • Don’t offer industry standard protocols
  • Don’t offer consistent access to streaming services
  • Disconnect often, leaving you unprotected
  • Have frustratingly slow connection speeds
  • Limit your data usage drastically
  • Don’t have as many servers globally
  • Don’t offer professional support

Many of these products are very poorly made, so they are easily penetrated by hackers looking to access your private information. A lot of free VPNs don’t actually encrypt your data, and a lot of free VPNs are infected with malware that can seriously harm your devices and compromise your data.

"A study of 283 VPNs found that 38% of free VPNs in the study showed signs of being infected."

A study of 283 VPNs found that 38% of free VPNs in the study showed signs of being infected. That means more than a third of all free VPNs are dangerous to use...and there is no way for you to always know which ones are infected. Do you really want to roll the dice on those odds?

Bonus fact: A lot of “free” VPNs are even run by cybercriminals. It’s an easy way for them to steal data from unsuspecting internet users — they don’t even have to hack into your device, because by using one of their free VPNs, you’re handing the information right over to them.

A lot of people download free VPNs and are lulled into a false sense of security, thinking that their data is in good hands. Then, when the inferior product inevitably fails, these people are completely blindsided. It’s incredibly dangerous to place your trust in the wrong product. No free VPN can truly protect your data and provide you with peace of mind.

Remember, using the wrong VPN can be even more dangerous than not using one at all. A VPN should be seen as an investment into your security, to prevent costly data loss and theft. And the right VPN doesn’t have to be incredibly costly; spending just a few dollars upfront could potentially save you thousands down the road. Don’t step over dollars to pick up dimes — Private Tunnel is a reputable, consumer-level VPN that will keep you completely secure, all for less than the cost of a cup of coffee.

VPNs are perfectly legal to use in most countries.

In the U.S., not only are VPNs legal — they’re now more essential than ever. With the loss of Net Neutrality, your ISP has the freedom to datamine, sell your data, and even block sites they don’t want you visiting. A VPN protects against all that.

Be aware: Just because a VPN is legal to use does not mean it can or should be used for illegal activities. If you engage in illegal activities while using a VPN, law enforcement agencies can collect information from your VPN provider.

Some behaviors that a VPN should obviously NOT be used for are:

  • Spreading internet viruses and malware — Hopefully this is common sense, but don’t spread anything that will harm other devices and data.
  • Gaining illegal access to other computers or networks — Breaking into a device that does not belong to you is not much different than breaking into someone's home. Even if your intentions were just to snoop around, it is still a major violation of privacy.
  • Copyright, Trademark, and Patent Infringement — Stealing is stealing, whether it is running out on the check, plagiarizing in school, or BitTorrenting in order to download bootlegged copies of movies and music. It doesn’t matter how you slice it — it’s wrong.

Hopefully this was already common sense, but it does bear repeating. Using a legal platform does not make illegal activities suddenly legal. A VPN should only be used to keep you safe and connected, not to break the law. A good VPN provider will comply with all requests from law enforcement agencies and procedures established by law; after all, if a VPN provider can’t be trusted to follow the law, they should not be trusted to protect your information.

The other aspect of legality to consider are those locations where VPNs are actually illegal. As internet censorship increases around the world, many governments have instituted laws in an attempt to control internet usage and to censor what their citizens have access to. In order to gain even more control, these countries have limited or completely banned the use of Virtual Private Networks.

Here’s a list of countries where the use of VPNs is currently banned or limited (updated 12/12/18):

countries where the use of VPNs is currently
banned or limited (updated 12/12/18)

Banned:

  • China
  • Turkey
  • Iraq
  • Russia
  • Belarus
  • North Korea

Limited to approved VPNs only:

  • UAE
  • Iran

Limited to business uses only:

  • Oman

Depending on the government, foreigners visiting a country may be able to use a VPN without concern, but locals and visitors alike should look into what it could mean for them if they are caught using a banned VPN. Some countries institute heavy fines, and even jail time on people caught utilizing a VPN. Be sure to check whether your country allows VPN use, and proceed with caution if you are in a country that restricts it.

Why OpenVPN FOR BUSINESS?

OpenVPN has established itself as a de-facto standard in the open source networking space, and is the provider of next-generation secure and scalable communication services.

BYOL: BRING YOUR OWN LICENSE

If you’d rather not work within the cloud, you can purchase your own license and build this system out internally.

BYOD REGARDLESS OF OPERATING SYSTEM

OpenVPN Client software frees your users to choose their favorite device with support for Android, iOS, Linux, macOS, and Windows.

TRANSPARENT OPEN SOURCE CODE

  • Leverages OpenVPN, OpenSSL, and mbed TLS open source projects
  • Code is scrutinized and quick fixes are ensured due to large community support

FINE-GRAINED ACCESS CONTROL

  • Global, Group, and User hierarchy allows for methodical access configuration
  • Rules can be defined at the IP address, protocol, and port granularity

ONE-CLICK CLIENT DISTRIBUTION

  • Just sharing the web address of Access Server's Client Portal with your users solves the Client distribution challenge inherent in wide-scale deployments
  • After authentication, users download their Client software installation files or connection profiles directly from the Access Server's Client Portal

MULTIPLE SECURE AUTHENTICATION MODES

  • Integrated with two-factor authentication using Google Authenticator
  • Plug-ins can be used to integrate multi-factor authentication with Duo Security, smart cards and any TOTP based token generators
  • Users can be authenticated using PAM, RADIUS, LDAP, Active Directory, or a local user database

VPN ADMINISTRATION WEB PORTAL

  • Administrator portal provides for intuitive configuration of settings
  • User connection access logs can be viewed and searched
  • For those administrators that prefer Command Line Interface (CLI) access, a rich command set is available

NO-HASSLE CERTIFICATE MANAGEMENT

  • OpenVPN Access Server comes built-in with its own internal X.509 PKI, but can also support an external PKI
  • VPN clients get their certificates bundled with their configuration profiles
  • OpenVPN has been downloaded by more than 50 million people worldwide since inception, becoming the de-facto industry standard.
  • The company website has more than 3 million monthly visitors, and their consumer VPN Private Tunnel has nearly one million visitors with more than 100,000 new downloads each month.
  • OpenVPN was announced winner for "Best SSL VPN" in the 2007 Best of Open Software Awards by InfoWorld.
  • Lifehacker.com listed OpenVPN as the 2010 Best VPN Tool.
  • Named 100 fastest growing businesses in the Bay Area by The San Francisco Business Times in 2018.
  • Named Top 25 Amazon Cloud Solution Providers in 2018.
  • Listed as 5000 fastest growing private companies by Inc. Magazine in 2018.
  • Named one of 30 Companies to Watch by CIO Bulletin in 2018.
  • OpenVPN’s business solution is used by tens of thousands of enterprises including Google and Verizon.
  • Tesla uses the open source software in their vehicles.

We have integrated a suite of leading-edge networking and software technologies to deliver virtual network software that provides secure, reliable, and scalable communication services, not only fulfilling the requirements of the traditional virtual private network (VPN) market, but also addressing the future demands of SDN – Software Defined Network, Remote Access to private networks, tunneling to UTM – Unified Threat Management Firewall Clouds/Gateways, and tunneling to DDOS Clouds/Gateways to protect against malicious attacks.

OpenVPN is the author of open source Virtual Private Network (OpenVPN) software and the provider of multi-platform OpenVPN applications across all OS platforms ranging from Windows, MAC, Linux, Android, and iOS and end-to-end OpenVPN Server on Cloud, OpenVPN Server as Virtual Appliance, OpenVPN Server as Software Packages, and OpenVPN as a Service (Private Tunnel), addressing the market demands for Remote Secure Access, Access Control, and Cybersecurity, targeting businesses of all size across the globe.

OpenVPN provides flexible VPN solutions to secure your data communications, whether it's for Internet privacy, remote access for employees, securing IoT, or for networking Cloud data centers. Our VPN Server software solution can be deployed on-premises using standard or virtual servers, or in an IaaS Cloud. Another option is to allow us to take care of all the heavy lifting by using our VPN Cloud service Private Tunnel.

Why Private Tunnel For Consumers?

Private Tunnel is our consumer-level VPN product for any individual wanting to increase their personal cybersecurity, and for businesses that want their data protected when employees work remotely. Private Tunnel can securely connect employees to Access Server, even if that employee is on the other side of the world. Private Tunnel provides you with secure, private access to the internet. Wherever you do business, whether it’s at home, over public wi-fi, or traveling, Private Tunnel keeps your connection encrypted and your IP address anonymous.

Our award-winning open source VPN protocol, OpenVPN, is the de-facto standard for accessing private information securely.

That’s the legacy of our software. That’s what Private Tunnel is built on.

We offer:

AES ENCRYPTION

The worldwide standard for encryption is AES. It is virtually uncrackable, making it less open to cyber attacks than other ciphers. AES is the leading encryption algorithm.

HOT SPOT PROTECTION

Did you know you don’t control the hotspot you’re connected to when surfing the web at your favorite coffee shop? Our software makes sure your traffic is encrypted no matter who operates that public wi-fi.

24/7 SUPPORT

Private Tunnel offers 24/7 email support, LIVE web chat support and ticketing support. You can also email support@privatetunnel.com — they’re always here for you.

OPENVPN CORE

Private Tunnel is built and developed by OpenVPN, the de-facto standard in the open source networking space with over 50 million downloads since inception.

SERVER CONNECTIONS

Using Private Tunnel, you can connect to one of the 12 regions worldwide, in countries like Sweden and Hong Kong, to establish your virtual presence.

WORLDWIDE ACCESS

Everyone should have the freedom to surf the internet without being blocked from websites. Have unrestricted access to more information and resources for a better internet experience.

INCREASED IP PRIVACY

Protect your online identity for better privacy and security. By shielding your location and IP address, you protect yourself from cybercriminals and data corruption.

TRAVEL PROTECTION

Don't want hackers knowing where you are? Whether you’re on a business or personal trip, protect your location for better online security.

You can easily connect with Private Tunnel on iOS, Android, and desktop to ensure all of your devices are protected at all times.

Windows Apple Android iOS

As an individual looking for privacy and protection online, OpenVPN products are built for you. Private Tunnel provides secure access to the Internet for consumers’ personal needs. Our VPN is secure, economical, and built with powerful cyber protection in mind.

With a widespread community around our open source software, we’ve become the de facto standard in the VPN industry. As a leading force in the world of cybersecurity, we believe that free and secure internet access is an essential human right. Our mission is to promote and provide that across the world with integrity and transparency — and to continue to provide the absolute best VPN on the market.

Benefits of Using a VPN

You might be asking the question: Are there any other benefits to using a VPN?

And the answer is: Yes. There are actually many additional benefits that come from using a VPN.

Aside from the many security benefits VPNs offer, a VPN might actually help improve your internet speed. A lot of internet service providers throttle internet speeds — usually to get you to buy a more expensive subscription. ISPs typically throttle your speeds when it comes to downloading content or streaming material, so when you’re watching tv online you might notice it buffering more or taking longer to load. This can be frustrating, but there is a way around it that doesn’t involve caving in and spending even more money. In order to throttle your bandwidth, your internet service provider needs to be able to see your online activity and know when you are streaming. When you use a VPN, your activity is hidden from the ISP, so they do not know when you are streaming and therefore can’t reduce your speeds.

VPNs also allow you to access information more freely, regardless of your geographical location.

Many people use VPNs in order to:

Bypass geographical restrictions for audio and video - you don’t have to miss out on watching the live finale of your favorite show just because you are traveling! A VPN allows you to set your location so you can still watch as if you were at home.

Use streaming platforms - many countries prevent access to online streaming services, or show different material. With a VPN you will have access to the services and material you want, when you want.

Access censored information like news outlets and religious information - many countries also censor information that might conflict with the government agenda, a VPN places the information back in the hands of the people.

Whether you’re traveling to (or living in) a country that limits certain websites, or simply want to protect yourself from the datamining of your own internet service provider, a VPN keeps your data hidden — so you’re free to safely browse as you choose.

Free and secure internet access is an essential human right, and using a VPN ensures you have that right no matter where you go. If you reside in, or are planning to travel to, a country with internet restrictions, be sure to download Private Tunnel so that you can still have full control over your internet usage.

How do I Use a Consumer VPN?

Consumer VPNs are incredibly easy to use. You do not have to have a master’s degree in cybersecurity — you just have to be able to point and click. To use the Private Tunnel VPN you simply:

  1. Sign up and register your email address.
  2. Check your email and click the Private Tunnel Activation Link.
  3. Click the “APPS” link to download the Private Tunnel app for your device.
  4. Launch the Private Tunnel app.
  5. Select a regional carrier and click “connect.”

And…that’s it! Getting set up with the Private Tunnel VPN will be the best-spent three minutes of your day, guaranteed. Get started — today.

We’d love to help you decide if Access Server is the right solution your business.

Please fill out the required fields below, and one of our team members will be in touch with you shortly.

Request More Information