Documentation

We believe in transparancy and open information, hence we have chosen to share as much as possible with our customers.

Security

Blind Operator

Rootkit-like module that removes the ability of an ordinary system administrator to query endpoint or allowed-ip information about WireGuard peers, disable the ability to run tcpdump and much more. This module is loaded at startup on all our VPN servers.

  • Disables Kernel module (un)loading.
  • Disables /dev/{mem,kmem,port} and /proc/kcore access.
  • Disables AF_RAW and AF_INET(6)/SOCK_RAW sockets creation in order to break tcpdump.
  • Disable Ptrace, /proc/PID/mem and coredumps to prevent data extraction from programs like OpenVPN.
  • Disables endpoint and allowedips field in the userspace tools, to prevent visibility of user information.
root@es1-wg1:~# tcpdump -ni eth0
tcpdump: eth0: You don't have permission to capture on that device
(socket: Operation not permitted)
root@es1-wg1:~# rmmod blind_operator_mode
rmmod: ERROR: ../libkmod/libkmod-module.c:777 kmod_module_remove_module() could not remove 'blind_operator_mode': Operation not permitted
rmmod: ERROR: could not remove module blind_operator_mode: Operation not permitted
root@es1-wg1:~# wg | head -n 15
interface: wg0
  public key: ZcFmXAL9JWCQoS//5w9WRDKTzTcOlhXXNOX/8d/cSF8=
  private key: (hidden)
  listening port: 51820

peer: xxx
  allowed ips: (none)
  latest handshake: 1 minute, 20 seconds ago
  transfer: 5.14 GiB received, 1.64 GiB sent

peer: yyy
  allowed ips: (none)

No hard drives

Our VPN servers are running without any hard drives or any other type of persistent media. We use a secure PXE booting system based on iPXE and a hardened and customerized Debian image.

No logging

We enforce a 100% no-logging policy which means we keep no access logs, traffic logs, DNS logs or any other kind of logs that could be used to identify a customer.

  • AzireVPN does NOT log any traffic or user activity while using our service.
  • AzireVPN does NOT log timestamps or any information relating to when a user connects/disconnects from our service.
  • AzireVPN does NOT log or shape any bandwidth on our servers.
  • AzireVPN does NOT log the original IP addresses of our users when they connect OR their AzireVPN IP address when they are using our service.
  • AzireVPN does NOT log the number of your active sessions or total sessions.
  • AzireVPN does NOT log your DNS requests on our servers.