Technologies We Use
IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite, while some other Internet security systems in widespread use, such as Transport Layer Security (TLS) and Secure Shell (SSH), operate in the upper layers at the Transport Layer (TLS) and the Application layer (SSH). IPsec can automatically secure applications at the IP layer. We prefer to use IPsec because it’s proven, simpler, and much faster on a wider-array of devices, including mobile. Hitting 1Gbps with IPsec is relatively trivial but enormously complex with other technologies such as OpenVPN.
For our IPsec implementations, we chose to implement strongSwan. As a fork of the discontinued FreeS/WAN project. it was built with strong authentication, strong encryption, and a modular design that allows for maximum flexibility. We implement IKEv2 with EAP_MSCHAPv2 authentication for compatibility. Your client validates the connection to our servers using a public CA (Let’s Encrypt), then the encrypted tunnel is established using AES128-GCM, SHA2-256 for integrity, and ECP256 for perfect forward secrecy.
If you don’t want the overhead of a VPN, we also offer a Shadowsocks proxy service. Shadowsocks is a SOCKS5 proxy that can be used system-wide or just by a single browser. This allows you much more flexibility in how you secure your traffic and protect your privacy. When you connect to our Shadowsocks server, all your traffic is encrypted with AES256-GCM, which means your traffic is protected, but your device is able to make sure of it’s hardware acceleration capabilities for maximum speed and responsiveness.
A proxy can be advantageous in situations where the overhead of a VPN is unnecessary or unwanted, where a user may not have the necessary rights to configure a VPN connection, or the user just wants to make a secure connection quickly without compromising their VPN credentials. In some instances, Shadowsocks can bypass country level blocks and is currently very popular in China and countries with heavy Internet censorship.