1. Is there a monthly bandwidth-usage limit?

    No, we do not record bandwidth used and therefore there is no limit.

  2. Do you throttle connections that use excessive bandwidth?

    No.

  3. How many concurrent connections are allowed per account?

    By default 3 concurrent connections. However, our intention with this policy is only to prevent people from sharing their credentials with others, which is an unfortunate problem within our industry. We firmly believe that customers should be able to connect concurrently to the network from as many devices as they own. If you are a customer and would like to request additional devices please contact our support team.

  4. How many hops are there in your VPN connections?

    We have a choice of both single and multi-hop connections.

  5. What type(s) of VPN encryption do you use? Why?

    We use the highest AES-256 with 4096-bit RSA keys.

  6. Do you support perfect forward secrecy? If so, how?

    Yes, our OpenVPN servers are configured to automatically generate new encryption keys every hour. If an adversary was able to crack the encryption key, they would only be able to decrypt the traffic captures since the last key rotation.

  7. Do you provide users with Diffie Hellman key files?

    No, this is a server configuration.

  8. How do you authenticate clients – certificates/keys, or usernames/passwords?

    We issue a random username and password to each customer.

  9. Do you employ HMAC-Based TLS Authentication? If so, why?

    Yes, it mitigates DDos and buffer overflow attacks on our servers.

  10. Do you ever email usernames and passwords to customers?

    No.

  11. Does each customer have a unique client certificate and key?

    No.

  12. Are your VPN gateway servers hosted, co-located or in-house?

    We use dedicated hosted servers and co-located servers.

  13. Are any of your VPN gateway servers running on VPS or cloud servers?

    No.

  14. How are your VPN gateway servers protected?

    We build each server according to strict CIS benchmarks. This includes full disk encryption, fifo logs writing to tempfs, strict change control procedures etc.

  15. Where is user account information stored?

    On a hardened database server that is not exposed to the general Internet.

  16. How is communication between servers secured?

    OpenVPN using AES-256.

  17. Do you allow port forwarding by users?

    Yes, but it is off by default.

  18. Are all client ports ever forwarded by default? If so, on which servers?

    No.