The VikingVPN Warrant Canary is Live!

We have implemented our warrant canary into the site. Functionality is live.

What this means for our users is that they can be alerted if we receive any legal action that contains a gag order. A good example would be the National Security Letters from the US government.

The key component with the warrant canary is it has to be passively activated. We have created a mechanism that will change the logo on the front page of our site to alert our users that something is wrong. Because of the nature of national security letters, if we have been served a national security letter or some other oppressive action that includes a gag order, we will be obliged by law not to talk about the action taken, nor can we acknowledge that the program or legal action that is being discussed even exists.

> read more

We are investigating an iPad issue involving 4G connectivity on ATT and Verizon LTE.

We are getting multiple customer reports on failures of our service to properly forward traffic on iPads while connected to 4G wireless services.

We are currently investigating the issue.

At this time, we believe that Wifi connectivity is working properly.

As a stop-gap, we recommend trying a hard-reset of your iPad (hold power+home for 10 seconds) to rectify the issue if your VPN stops working on an iPad.

I will update this post as we get more information on the issue and a resolution.

Update 1:

It seems that the iOS application is confirmed to be not working over AT&T 4G LTE properly at this time for all carriers regardless of settings. This is caused by a vendor update to iOS 6 and 7 that doesn't allow SSL VPNs to work properly due to a permissions issue. There is an update to OpenVPN Connect being worked on.

A discussion on the issue is here:

> read more

Investigating Issue With Foreign Zip/Postal Codes

We are currently investigating an issue that is affecting our international customer's ability to sign up for services. It seems that an error in the restriction on the postal code field denies our customers payment processing if they reside in a country that does not use a 5-digit postal code.

We are currently working with our payment providers to rectify the issue for our international customers.


Update:

The issue has been corrected and we have verified that international postal codes are working properly.

> read more

Warrant Canary On The Way

We have completed our website face lift.

The next item on our list is a warrant canary, so that we can passively inform our users if we have been served with law enforcement requests even if they contain a gag order.

As of this writing I can positively say we have had zero law enforcement requests with VikingVPN.

Our warrant canary will involve all requests that involve breaking the privacy of our users. This includes requests to snoop on an individual user on our network (which is not possible with our security model), and any request for keys to our servers.

We are committed to keeping our users data safe, primarily by not having data. We have a policy to not log any user data, and keep our network as close to "zero knowledge" as possible.

We will post about how our warrant canary works when it is in place! Stay tuned!

For more information about warrant canaries see the Wikipedia entry at http://en.wikipedia.org/wiki/Warrant_canary

> read more

New Comcast Modems -- Wireless Issues

We are working on a solution to a problem with the latest Comcast modem/router units by Arris. The new units Comcast is issuing do not properly function with OpenVPN for any device on Wifi. Attempting to sign on to our service while on one of these modems leads to packet loss and total loss of connectivity. If you assign a static IP address to a single device on wireless, and then put that device on DMZ hosting, it marginally works.

In our testbeds we were only able to achieve about 1/3 of our total possible throughput regardless of settings client or server side, even with encryption disabled entirely. Sometimes signing on to OpenVPN would crash the device entirely, and it would drop all users, including wired users, from the network. When we were able to sign on with out testbeds, the connection would hang for 30-60 seconds as if the connection had dropped, but would then limp along at significantly reduced speeds. Signing off of OpenVPN causes a similar hang.

> read more

We have some exciting new stuff coming to VikingVPN in the next few weeks!

Website Facelift -- When we first launched VikingVPN, our main concern was getting things functional and secure. We wanted a fully operational and trustworthy service in place for our customers to use. We have now achieved that goal and are moving on to the look and feel of the website. We have a large update in the works to make the site look more professional, as well as more accessible to our customers and potential customers. This project is near completion.

Further Security Hardening -- We are implementing even further technologies to protect our users from intrusion into their privacy.

Warrant Canary -- Due to popular demand, we plan to implement a warrant canary on our home page. This is to further assure users that no government entity has compromised the security of our systems, or requested that we violate the privacy of our users. This should be implemented shortly after the facelift goes live.

> read more

3PM EST: Sign-On and Speed Issues -- Investigation

We are currently investigating an issue connecting to the service.

I will update with more information when I have it.

-Derek

Update: 3:39PM

Services have been fully restored.

> read more

Enforcing the Rules of the Network

We will be restarting the servers over the next few minutes to activate a new certificate revocation system. This system will not allow old certificates onto the network, only the last certificate that was issued on your account. This is to keep users and the service secure from intrusion by parties with stale certificates and credentials.

If your service stops working and you are unable to reconnect to the service, your device is likely using a stale set of keys. You can fix this by generating a new config file in your profile on the site. 

This system is in place to prevent a compromised account from accessing the network without the user being aware. In order to access our service, the attacker would have to generate a new config file with new keys, which will immediately revoke old config file that the user is using, dropping them from the service and alerting them to a problem with their account.

> read more

Viking VPN is making some infrastructure changes.

These changes are motivated by our dissatisfaction with our current datacenter.  They have caused 2 full days of downtime in the past 2 months.  They're also not serving us the kinds of speeds that we're promising our customers.  Obviously, we can't allow this situation to continue any longer.

We will be shuttering our servers in Ohio, and opening servers in Chicago, and shortly thereafter in Phoenix.

Current customers probably won't notice any change, except an increase in speed.

The old Ohio servers will go down around noon(12pm EST) tomorrow(Wed 09/11/2013).  If you're connected to the Ohio server at the time of shutdown, you will lose connection.  All you need to do is reconnect to the service.  Our system will handle everything and see to it that you get connected to the new server.

As with the old servers, the new servers won't have any kind of logging enabled.

> read more

Slow Speeds Being Investigated

We have detected slow throughput on our VPN service. We are currently investigating the issue. At this time it appears to be a problem at our hosting datacenter.

I will edit this post when the problem is corrected.

Update 1: We have isolated the problem to a switch on our datacenters network. We are awaiting action by the NOC to correct the issue.

Update 2: Services are now totally down. It appears to be a hardware failure. We will be extending subscriptions for all customers for free. There is no ETA on restoration of services yet.

Rest assured, i'm loading up on coffee and getting ready to pull an all nighter. Thank you for your continued patience.

Update 3: NOC has reported back that it was a hardware failure. ETA on restoration of services is Midnight EST.

Update 4: Our NOC missed their midnight ETA. The server is now up, but needs reconfiguration. New ETA (which is actually under our control now) is 2:15AM EST.

> read more