At AzireVPN, we propose a variety of solutions such as different tunnels and proxies. We are also supporting different clients, covering all the needs of our users.
WireGuard is a new promising open-source tunneling software allowing the creation of a secure point-to-point connection between a user and a server in a remote facility. It uses a formally verified construction for the key exchange.
Authentication on our service is done using asymmetrical cryptography, using pairs of public and private keys. We recommend our users to use this tunnel as it is more robust, secure, faster, multi-threaded and considerably less bloated than OpenVPN.
|Supported systems||Linux, macOS, Android and some routers|
|Available ports||1 to 650001|
|Authentication||Pairs of public/private keys (asymmetrical cryptography)|
|Data channel cipher||ChaCha20 with Poly1305 for authentication and data integrity, using an AEAD algorithm defined in the RFC 7539|
|Authenticated key exchange||Noise Protocol Framework's Noise_IKpsk2, using Curve25519, Blake2s, and ChaCha20‑Poly1305|
- It is possible to choose whichever port in this range. The default port is 51820.
OpenVPN is an open-source tunneling software allowing the creation of a secure point-to-point connection between a user and a server in a remote facility. It uses a custom security protocol using TLS for the key exchange.
Authentication on our service is done using a username/password method or a token and certificates.
|Supported systems||Windows, Linux, macOS, Android, iOS and some routers|
|Custom client||azclient on Windows, Linux and macOS|
|Supported protocols||UDP and TCP1|
|Available ports||443 and 1194|
|Authentication||Username/password or token method|
|Data channel cipher||AES‑256‑GCM (OpenVPN 2.4) |
AES-256‑CBC with HMAC‑SHA512 for authentication and data integrity (OpenVPN 2.3)
|Control channel cipher||TLS v1.2 using TLS‑ECDHE‑RSA‑WITH‑AES‑256‑GCM‑SHA384 (AEAD) |
TLS v1.2 using TLS‑DHE‑RSA‑WITH‑AES‑256‑GCM‑SHA384 (AEAD)
TLS v1.0 using TLS‑DHE‑RSA‑WITH‑AES‑256‑CBC‑SHA
|Authenticated key exchange||Diffie‑Hellman method and Perfect Forward Secrecy (DHE) using a RSA key with a 4096 bit key size, re‑keying every 120 minutes|
|Additional auth key||RSA with a 2048 bit key size|
|Additional crypt key||RSA with a 2048 bit key size|
- TCP is actually only available in Shared IP (NAT) mode. We recommend our users to primarly use UDP as it is faster. More information in our FAQ.
SOCKS is an Internet protocol that exchanges network packets between a client and a remote proxy server. It is mainly used on our service to by-pass geo-restrictions while staying connected on the same tunnel server in another location, as our proxy is not encrypted.
- Our SOCKS5 proxy only works when connected to one of our tunnels beforehand. No authentication is needed when using it, the username and password fields can stay blank.