The VikingVPN Seattle Server Cluster is Live

We have completed the provisioning, configuration, testing, and security auditing of our new server cluster in Seattle, and have taken it to live service. The addition of a Seattle server cluster brings optimal service to the Pacific Northwest and the surrounding regions, as well as improving service to nations in and across the pacific.

As always, we urge our customers to connect to the closest VPN servers for the best possible performance.

To access the new servers, you will need to download a new set of keys from the VikingVPN website. You need to sign in with your account, go to the profile area, and select the option to download new certificates. Note: You will need to install these certificates on all devices, as the old set of certificates is revoked for security reasons when you generate a new set.

> read more

Making Installation Easier in Apple OSX - Zip Bug Squashed

A long standing issue with unzipping files in Apple OSX has been fixed. The original problem was that if you tried to unzip our file to set up your account on Apple OSX, the zip module that is built into OSX would misread the header of the zip file and create a new zip file containing the original file. If you opened that file, it gave you the original zip file again and this continued infinitely.

The issue stems from the way OSX reads zip file headers. A new feature in zip files allows "zip streaming" which means that our VikingVPN web server begins sending the file before it is even done compressing the zip file. We used this feature to make the service as fast as possible when you are generating a new set of config files.

> read more

VikingVPN is Expanding to Seattle

VikingVPN is currently building a new server cluster in Seattle to bring our high performance service area to the Pacific Northwest.

Our strategy with our network build-out is to get high performance coverage in all of the US and (most of) Canada.

Our new Seattle cluster will bring even faster service to Seattle, Portland, Vancouver, and surrounding areas.

We expect to have our Seattle cluster deployed and the service open by Nov 1st 2014.

This will increase our number of server clusters to five, (Phoenix, Chicago, New York City, Amsterdam, and Seattle) and allow up to 5 simultaneous connections for all of our customers (one connection per location).

Our next planned expansion after Seattle is Atlanta. We will then move our focus to improving locations in the EU.

> read more

VikingVPN is Adding Bitcoin Paypal and Dwolla Support

A frequently requested feature by our customers is to increase our number of payment methods. The most frequently requested methods are Bitcoin and Paypal support.

We have been listening.

We will be adding Bitcoin, Paypal and Dwolla (a cheaper paypal alternative) support in the coming days.

Due to legal hurdles regarding corporate registration and paperwork, Paypal and Dwolla support will take a few weeks from today to be added. Bitcoin support should be available within 24-hours.

There will pages related to the process of paying with alternative payment systems on the site soon. We will be placing them on the sign up page.

Edit: The Bitcoin policies page is here.

> read more

Emergency Maintenance Applied - Bash

9/26 update:

We have completed emergency maintenance to close the new severe bash vulnerability named ShellShock.

I will be writing a security article on the vulnerability in the near future. Edit: here it is

Viking's network uses a mixture of operating systems that are tuned for security by our staff. Some important facts are: We do not use an OS that defaults to bash, but it does contain bash. Bash is disabled on all servers. We have taken the extra precaution of locking down bash with our intrusion prevention system, so even if a program calls bash, bash will not be able to access any resources to run, execute code, navigate, or utilize any resources.

All VikingVPN services are now hardened against the attack with multiple layers of protection. We do not believe we were vulnerable to attack via this vector originally, but these additional measures are precautionary.

No ShellShock related attacks were detected anywhere on our network.

> read more

NDIS6 TAP Driver Issue Found in Windows 7 - Causes Slowdowns

We have identified an issue with the new NDIS6 compatible TAP driver that is being installed with the latest version of OpenVPN. The issue causes very slow DNS resolution through the VPN service, which makes it so that pages take a very long time to load, or fail to load completely.

The NDIS6 TAP driver is bundled with the "I006" versions of OpenVPN. The driver was updated to fix some long-standing stability issues with Windows 8 and Windows 8.1.

If you are having this issue in Windows Vista, 7, or 8, we recommend that you uninstall the I006 version and install the I003 version that contains the older TAP drivers. This appears to fully resolve the issue.

As was the case before, if you are using the I003 version of the TAP driver with Windows 8 or 8.1, you have to be extremely careful and restart your machine before each time you sign on to the service. This is because Windows improperly handles the older TAP driver and it enters an error state where it doesn't initialize properly.

> read more

A Rolling Restart of the Chicago Cluster

A rolling restart of the entire Chicago cluster is being issued to deal with a synchronization issue that is causing slowdowns for some users.

Downtime is expected to be less than 30 seconds.

> read more

DNS Updates

We are currently investigating a problem with Google DNS that is causing long hangs for users when they are resolving domain names (when you first visit a site by entering the URL in the address bar, it is slow).

We will be issuing a rolling restart of all clusters to resolve the issue by pushing a different DNS server to our customers.

Downtime for each cluster should be less than 1 second. You may need to reconnect to the service is your client fails to auto-resume after the restart of the cluster.

I will update this post when the process is completed.

Update1: The Chicago cluster has been switched to a new set of DNS servers. Performance should now be back to normal for all users on that cluster.

Update2: The Phoenix cluster has been switched to a new set of DNS servers. Performance should now be back to normal for all users on that cluster.

Update3: The New York City cluster has been switched to a new set of DNS servers. Performance should now be back to normal for all users on that cluster.

> read more

OpenVPN 2.3.4 i003 Released With New NDIS6 TAP Driver

OpenVPN for Windows has received a minor update that fixes some OpenSSL vulnerabilities (that do not impact VikingVPN).

The update includes a new Windows TAP driver that is supposed to have better support for the updated standards for NDIS6 and the current Windows 8 network stack. The new TAP driver has been in beta testing for quite some time and now is in the official client as most of the crash bugs have been worked out.

We are currently evaluating the NDIS6 driver in Windows 8 and 8.1 in our labs to see if stability has been improved over the old drivers. As it is now, we have recommended that our users restart their Windows 8 devices every time they wish to connect to our service to prevent a critical bug where the old TAP driver would enter an error state and not function properly.

> read more

Connection Guide Updates

We are working on updating our connection guides to more current graphics, and revamping our videos to reflect the latest changes to the installation process for Tunnelblick and OpenVPN both.

Tunnelblick has streamlined the config file import process, removing a couple of steps from the process.

OpenVPN-GUI has been updated with new Icons, so we plan to update the videos and guides to avoid confusion with the different look of the app.

> read more