Documentation

We believe in transparancy and open information, hence we have chosen to share as much as possible with our customers.

Security

Blind Operator mode

The Blind Operator mode is rootkit-like Linux kernel module that removes the ability of an ordinary system administrator to query the content of the endpoint and allowed ips fields from WireGuard, and also disables the ability to run live network monitoring tools such as tcpdump and similar software. This module is loaded at boot time on all our VPN servers.

  • Disables loading and unloading of Linux kernel modules.
  • Disables access to /dev/{mem,kmem,port} and /proc/kcore.
  • Disables creation of AF_RAW and AF_INET(6)/SOCK_RAW sockets to break tcpdump and similar software.
  • Disables ptrace, /proc/PID/mem and core dumps to prevent data extraction from software like OpenVPN.
  • Disables the display of endpoint and allowed ips fields from WireGuard.
root@es1-wg1:~# tcpdump -ni eth0
tcpdump: eth0: You don't have permission to capture on that device
(socket: Operation not permitted)
root@es1-wg1:~# rmmod blind_operator_mode
rmmod: ERROR: ../libkmod/libkmod-module.c:777 kmod_module_remove_module() could not remove 'blind_operator_mode': Operation not permitted
rmmod: ERROR: could not remove module blind_operator_mode: Operation not permitted
root@es1-wg1:~# wg | head -n 15
interface: wg0
  public key: ZcFmXAL9JWCQoS//5w9WRDKTzTcOlhXXNOX/8d/cSF8=
  private key: (hidden)
  listening port: 51820

peer: xxx
  allowed ips: (none)
  latest handshake: 1 minute, 20 seconds ago
  transfer: 5.14 GiB received, 1.64 GiB sent

peer: yyy
  allowed ips: (none)

No hard drives

Our VPN servers are running without any hard drives or any other type of persistent media.

No logging

We enforce a 100% non-logging policy which means that we do not keep access logs, traffic logs, DNS logs or any other kind of logs that could be used to identify a customer.

  • AzireVPN does NOT log any traffic or user activity while using our service.
  • AzireVPN does NOT log timestamps or any information relating to when a user connects/disconnects from our service.
  • AzireVPN does NOT log or shape any bandwidth on our servers.
  • AzireVPN does NOT log the original IP addresses of our users when they connect OR their AzireVPN IP address when they are using our service.
  • AzireVPN does NOT log the number of your active sessions or total sessions.
  • AzireVPN does NOT log your DNS requests on our servers.