Multihop v2 network now available
We’re extremely excited to launch the much anticipated multihop v2 network today. This new network has been built from scratch to offer the highest levels of performance and privacy based on our experience running a VPN network over the last 6 years.
Every server in the network is now both an entry and exit server. When you connect you can choose both where your data will enter into our network and where it will exit providing significantly more flexibility over our existing 3 location setup. Multihop is an important privacy technology as it makes traffic analysis significantly more difficult for adversaries to correlate traffic entering our network with that exiting it. Adversaries would at a minimum require access to the data centers in two different jurisdictions at them same time to identify the source of a connection.
We’ve invested significant time developing a full mesh network so all connections between servers are direct (unlike a hub and spoke model), thereby ensuring the maximum possible speed whilst relaying traffic through multiple servers. Multihop servers are located in different countries so it does however come with the cost of higher latency and lower speeds. Customers should therefor carefully consider their threat model when deciding whether it is necessary to use the new multihop network over the existing singlehop network which will always be the fastest.
To use the new multihop network you can use our latest IVPN v2.4 client launching today or any OpenVPN compatible client. When using a non-IVPN client simply append the short name (2 letter country code) of the exit server to your username e.g. if you connect to the UK server with the username ivpn123456@ro then your traffic will enter the VPN in the UK and exit in Romania. Of course if you are using the latest IVPN client v2.4 then this configuration is fully transparent.
The DNS servers for multihop connections are now positioned in the exit location. Previously if you connected to UK->NL your DNS requests would be resolved by a DNS server based in the location where you connected i.e. the UK. Now your requests will be forwarded through the tunnel to a DNS server in the exit location (in this case NL). This again mitigates the risk of traffic analysis thereby improving your security.
As mentioned in the previous blog update, we now have a reservation based port forwarding system so you can keep the same port number for as long as you want. In addition to port forwarding on the standard singlehop network you can also use port forwarding on the multihop network. So if you activate port forwarding and connect to UK->NL, any traffic sent to the server in NL on your assigned port will be forwarded through the VPN to the UK server and then through the VPN to your device.
We hope you’re as excited about these developments as we are. If you have any feedback we’d love to hear it – firstname.lastname@example.org.