Documentation

We believe in transparancy and open information, hence we have chosen to share as much as possible with our customers.

Tunnels

At AzireVPN, we propose a variety of solutions such as different tunnels and proxies. We are also supporting different clients, covering all the needs of our users.

WireGuard

WireGuard is a new promising open-source tunneling software allowing the creation of a secure point-to-point connection between a user and a server in a remote facility. It uses a formally verified construction for the key exchange.

Authentication on our service is done using asymmetrical cryptography, using pairs of public and private keys. We recommend our users to use this tunnel as it is more robust, secure, faster, multi-threaded and considerably less bloated than OpenVPN.

Technical details

Feature Details
Supported systems Linux, macOS, Android and some routers
Supported protocols UDP
Available ports 1 to 650001
Authentication Pairs of public/private keys (asymmetrical cryptography)
Data channel cipher ChaCha20 with Poly1305 for authentication and data integrity, using an AEAD algorithm defined in the RFC 7539
Authenticated key exchange Noise Protocol Framework's Noise_IKpsk2, using Curve25519, Blake2s, and ChaCha20‑Poly1305
  1. It is possible to choose whichever port in this range. The default port is 51820.

OpenVPN

OpenVPN is an open-source tunneling software allowing the creation of a secure point-to-point connection between a user and a server in a remote facility. It uses a custom security protocol using TLS for the key exchange.

Authentication on our service is done using a username/password method or a token and certificates.

Technical details

Feature Details
Supported systems Windows, Linux, macOS, Android, iOS and some routers
Custom client azclient on Windows, Linux and macOS
Supported protocols UDP and TCP1
Available ports 443 and 1194
Authentication Username/password or token method
Data channel cipher AES‑256‑GCM (OpenVPN 2.4)
AES-256‑CBC with HMAC‑SHA512 for authentication and data integrity (OpenVPN 2.3)
Control channel cipher TLS v1.2 using TLS‑ECDHE‑RSA‑WITH‑AES‑256‑GCM‑SHA384 (AEAD)
TLS v1.2 using TLS‑DHE‑RSA‑WITH‑AES‑256‑GCM‑SHA384 (AEAD)
TLS v1.0 using TLS‑DHE‑RSA‑WITH‑AES‑256‑CBC‑SHA
Authenticated key exchange Diffie‑Hellman method and Perfect Forward Secrecy (DHE) using a RSA key with a 4096 bit key size, re‑keying every 120 minutes
Additional auth key RSA with a 2048 bit key size
Additional crypt key RSA with a 2048 bit key size
  1. TCP is actually only available in Shared IP (NAT) mode. We recommend our users to primarly use UDP as it is faster. More information in our FAQ.

SOCKS5

SOCKS is an Internet protocol that exchanges network packets between a client and a remote proxy server. It is mainly used on our service to by-pass geo-restrictions while staying connected on the same tunnel server in another location, as our proxy is not encrypted.

Technical details

Feature Details
Supported protocols TCP
Available ports 1080
Authentication None1
  1. Our SOCKS5 proxy only works when connected to one of our tunnels beforehand. No authentication is needed when using it, the username and password fields can stay blank.