Tunnels
At ArcaneVPN, we propose a variety of solutions such as different tunnels and proxies. We are also supporting different clients, covering all the needs of our users.
WireGuard®
WireGuard is a new promising open-source tunneling software allowing the creation of a secure point-to-point connection between a client and a server. It uses a formally verified construction for the key exchange.
Authentication on our service is done using asymmetrical cryptography, using a pair of public and private keys. We strongly recommend our users to use this tunnel as it is more robust, secure, faster, multi-threaded and considerably less bloated than OpenVPN.
Technical details
| Feature | Details |
|---|---|
| Supported systems | Linux, Windows, macOS, iOS, Android and routers running OpenWrt |
| Supported protocols | UDP |
| Available ports | 1 to 650003 |
| Authentication | A pair of public/private keys (asymmetrical cryptography) |
| Data channel cipher | ChaCha20 with Poly1305 for authentication and data integrity, using an AEAD algorithm defined in the RFC 7539 |
| Key exchange authentication | Noise_IKpsk2 from the Noise Protocol Framework, using Curve25519, Blake2s, and ChaCha20‑Poly1305 |
- It is possible to choose whichever port in this range. The default port is 51820.
OpenVPN
OpenVPN is an open-source tunneling software allowing the creation of a secure point-to-point connection between a client and a server. It uses a custom security protocol using TLS for the key exchange.
Authentication on our service is done using a username/password method or a token and certificates.
Technical details
| Feature | Details |
|---|---|
| Supported systems | Windows, Linux, macOS, Android, iOS and routers running DD-WRT or pfSense |
| Custom client | azclient on Windows, Linux1 and macOS |
| Supported protocols | UDP and TCP |
| Available ports | 443 and 1194 |
| Authentication | Username/password or token method3 |
| Data channel cipher | AES‑256‑GCM (OpenVPN 2.4) AES-256‑CBC with HMAC‑SHA512 for authentication and data integrity (OpenVPN 2.3) |
| Control channel cipher | TLS v1.2 using TLS‑ECDHE‑RSA‑WITH‑AES‑256‑GCM‑SHA384 (AEAD) TLS v1.2 using TLS‑DHE‑RSA‑WITH‑AES‑256‑GCM‑SHA384 (AEAD) TLS v1.0 using TLS‑DHE‑RSA‑WITH‑AES‑256‑CBC‑SHA |
| Key exchange authentication | Diffie‑Hellman method and Perfect Forward Secrecy (DHE) using a RSA key with a 4096 bit key size, with a re‑keying every 120 minutes |
| Additional auth key | RSA with a 2048 bit key size |
| Additional crypt key | RSA with a 2048 bit key size |
- It is necessary to compile azclient by hand on Linux. Instructions and commands can be found on the GitHub.
- Tokens can be generated on the dashboard manager. A connection is established using token as username and the token value as password.
SOCKS5
SOCKS is an Internet protocol that permits exchange of network packets between a client and a server. Our proxy tunnel is not encrypted and only serves the purpose of forwarding packets to another location at the exit of the VPN tunnel. It is mainly used on our service to by-pass geo-restrictions while staying connected on the same VPN tunnel in another location.
Technical details
| Feature | Details |
|---|---|
| Supported protocols | TCP |
| Available ports | 1080 |
| Authentication | None1 |
- Our SOCKS5 proxy only works when connected to one of our VPN tunnels beforehand. No authentication is needed when using it, the username and password fields can stay blank.