1. Is there a monthly bandwidth-usage limit?
-No there are no bandwidth quota
2. Do you throttle connections that use excessive bandwidth?
-We do not throttle connection.
3. How many concurrent connections are allowed per account?
-A maximum of 3 devices per account on a single internet connections is allowed. All 3 devices cannot be connected to the same server.
4. How many hops are there in your VPN connections?
5. What type(s) of VPN encryption do you use? Why?
-We are using AES-256-CBC cipher with RSA-2048 handshake encryption and HMAC SHA-256 data authentication
6. Do you support perfect forward secrecy? If so, how?
-Using DH key in the server config.
7. Do you provide users with Diffie Hellman key files?
-No. This is a server only key.
8. How do you authenticate clients – certificates/keys, or usernames/passwords?
-Certificates and keys
9. Do you employ HMAC-Based TLS Authentication? If so, why?
-Yes. This is to verify the integrity of UDP packets. If the HMAC signature is not verified, the packer will be drop immediately.
10. Do you ever email usernames and passwords to customers?
11. Does each customer have a unique client certificate and key?
12. Are your VPN gateway servers hosted, co-located or in-house?
-Hosted on dedicated servers located in various datacenters.
13. Are any of your VPN gateway servers running on VPS or cloud servers?
-Only DNS forwarding servers, BolehFlix and SurfingStreaming servers
14. How are your VPN gateway servers protected?
-Servers are hardened and do not have any password based authentication enabled. Only SSH key access. Servers do not log any user identifiable data.
15. Where is user account information stored? How is communication between servers secured?
-User account are stored in a central server and remotely access using sshv2 using pki. There is no known vulnerabilites reported in the CVE for SSH since 2012. ALL our servers are using linux operating system.
16. Are your databases encrypted?
-We have a central server which we control that maintains a user's e-mail and expiry, hash+salt of their password along with their access keys.
There is no communication between the VPN gateway servers and the central server as we totally rely on PKI for authentication to the servers.
The purpose of our central server is to provide the OpenVPN keys and configurations for download upon login which is secured with SSL.
As such, the central server also does not have any record of a user's activity on the VPN as they are independent systems unlike others which use a central authentication server.
17. Do you allow port forwarding by users?
-Yes, all port are forwarded to user if they are connected using a dedicated IP server. This dedicated-IP will allocate each user an IP address that is theirs to use for as long as they are connected. The IP is assign dynamically like connected to your local ISP.
18. Are all client ports ever forwarded by default? If so, on which servers?