At AzireVPN, we propose a variety of solutions such as different tunnels and proxies. We are also supporting different clients, covering all the needs of our users.
WireGuard is a new promising open-source tunneling software allowing the creation of a secure point-to-point connection between a client and a server. It uses a formally verified construction for the key exchange.
Authentication on our service is done using asymmetrical cryptography, using a pair of public and private keys. We strongly recommend our users to use this tunnel as it is more robust, secure, faster, multi-threaded and considerably less bloated than OpenVPN.
|Supported systems||Windows1, Linux, macOS2, iOS, Android2 and routers running OpenWrt|
|Available ports||1 to 650003|
|Authentication||A pair of public/private keys (asymmetrical cryptography)|
|Data channel cipher||ChaCha20 with Poly1305 for authentication and data integrity, using an AEAD algorithm defined in the RFC 7539|
|Key exchange authentication||Noise_IKpsk2 from the Noise Protocol Framework, using Curve25519, Blake2s, and ChaCha20‑Poly1305|
- Using an user space implementation and a TAP component (network tap used to capture network packets) on Windows where it is not possible to build WireGuard into the kernel and running it.
- Using an official Go user space implementation on macOS and Android stock ROMs where it is not possible to build the WireGuard Linux kernel module and running it.
- It is possible to choose whichever port in this range. The default port is 51820.
OpenVPN is an open-source tunneling software allowing the creation of a secure point-to-point connection between a client and a server. It uses a custom security protocol using TLS for the key exchange.
Authentication on our service is done using a username/password method or a token and certificates.
|Supported systems||Windows, Linux, macOS, Android, iOS and routers running DD-WRT or pfSense|
|Custom client||azclient on Windows, Linux1 and macOS|
|Supported protocols||UDP and TCP2|
|Available ports||443 and 1194|
|Authentication||Username/password or token method3|
|Data channel cipher||AES‑256‑GCM (OpenVPN 2.4) |
AES-256‑CBC with HMAC‑SHA512 for authentication and data integrity (OpenVPN 2.3)
|Control channel cipher||TLS v1.2 using TLS‑ECDHE‑RSA‑WITH‑AES‑256‑GCM‑SHA384 (AEAD) |
TLS v1.2 using TLS‑DHE‑RSA‑WITH‑AES‑256‑GCM‑SHA384 (AEAD)
TLS v1.0 using TLS‑DHE‑RSA‑WITH‑AES‑256‑CBC‑SHA
|Key exchange authentication||Diffie‑Hellman method and Perfect Forward Secrecy (DHE) using a RSA key with a 4096 bit key size, with a re‑keying every 120 minutes|
|Additional auth key||RSA with a 2048 bit key size|
|Additional crypt key||RSA with a 2048 bit key size|
- It is necessary to compile azclient by hand on Linux. Instructions and commands can be found on the GitHub.
- TCP is actually only available in Shared (NAT) IP mode. We recommend our users to use UDP as it is faster protocol. More information in our FAQ.
- Tokens can be generated on the dashboard manager. A connection is established using token as username and the token value as password.
SOCKS is an Internet protocol that permits exchange of network packets between a client and a server. Our proxy tunnel is not encrypted and only serves the purpose of forwarding packets to another location at the exit of the VPN tunnel. It is mainly used on our service to by-pass geo-restrictions while staying connected on the same VPN tunnel in another location.
- Our SOCKS5 proxy only works when connected to one of our VPN tunnels beforehand. No authentication is needed when using it, the username and password fields can stay blank.