Documentation

We believe in transparancy and open information, hence we have chosen to share as much as possible with our customers.

Tunnels

At AzireVPN, we propose a variety of solutions such as different tunnels and proxies. We are also supporting different clients, covering all the needs of our users.

WireGuard

WireGuard is a new promising open-source tunneling software allowing the creation of a secure point-to-point connection between a client and a server. It uses a formally verified construction for the key exchange.

Authentication on our service is done using asymmetrical cryptography, using a pair of public and private keys. We strongly recommend our users to use this tunnel as it is more robust, secure, faster, multi-threaded and considerably less bloated than OpenVPN.

Technical details

Feature Details
Supported systems Windows1, Linux, macOS2, Android2 and routers running OpenWrt
Supported protocols UDP
Available ports 1 to 650003
Authentication A pair of public/private keys (asymmetrical cryptography)
Data channel cipher ChaCha20 with Poly1305 for authentication and data integrity, using an AEAD algorithm defined in the RFC 7539
Key exchange authentication Noise_IKpsk2 from the Noise Protocol Framework, using Curve25519, Blake2s, and ChaCha20‑Poly1305
  1. Using an user space implementation and a TAP component (network tap used to capture network packets) on Windows where it is not possible to build WireGuard into the kernel and running it.
  2. Using an official Go user space implementation on macOS and Android stock ROMs where it is not possible to build the WireGuard Linux kernel module and running it.
  3. It is possible to choose whichever port in this range. The default port is 51820.

OpenVPN

OpenVPN is an open-source tunneling software allowing the creation of a secure point-to-point connection between a client and a server. It uses a custom security protocol using TLS for the key exchange.

Authentication on our service is done using a username/password method or a token and certificates.

Technical details

Feature Details
Supported systems Windows, Linux, macOS, Android, iOS and routers running DD-WRT or pfSense
Custom client azclient on Windows, Linux1 and macOS
Supported protocols UDP and TCP2
Available ports 443 and 1194
Authentication Username/password or token method3
Data channel cipher AES‑256‑GCM (OpenVPN 2.4)
AES-256‑CBC with HMAC‑SHA512 for authentication and data integrity (OpenVPN 2.3)
Control channel cipher TLS v1.2 using TLS‑ECDHE‑RSA‑WITH‑AES‑256‑GCM‑SHA384 (AEAD)
TLS v1.2 using TLS‑DHE‑RSA‑WITH‑AES‑256‑GCM‑SHA384 (AEAD)
TLS v1.0 using TLS‑DHE‑RSA‑WITH‑AES‑256‑CBC‑SHA
Key exchange authentication Diffie‑Hellman method and Perfect Forward Secrecy (DHE) using a RSA key with a 4096 bit key size, with a re‑keying every 120 minutes
Additional auth key RSA with a 2048 bit key size
Additional crypt key RSA with a 2048 bit key size
  1. It is necessary to compile azclient by hand on Linux. Instructions and commands can be found on the GitHub.
  2. TCP is actually only available in Shared (NAT) IP mode. We recommend our users to use UDP as it is faster protocol. More information in our FAQ.
  3. Tokens can be generated on the dashboard manager. A connection is established using token as username and the token value as password.

SOCKS5

SOCKS is an Internet protocol that permits exchange of network packets between a client and a server. Our proxy tunnel is not encrypted and only serves the purpose of forwarding packets to another location at the exit of the VPN tunnel. It is mainly used on our service to by-pass geo-restrictions while staying connected on the same VPN tunnel in another location.

Technical details

Feature Details
Supported protocols TCP
Available ports 1080
Authentication None1
  1. Our SOCKS5 proxy only works when connected to one of our VPN tunnels beforehand. No authentication is needed when using it, the username and password fields can stay blank.