Private version of salvation from SORM-3

In recent days, the entire Internet has been filled with articles about systematic crackdown on the privacy of user traffic, closing torrents, and the like. As usual, the initiatives of legislators hide behind noble motives, but we all perfectly understand that the real reason lies in the desire to gain control over information and to prevent any unwanted events that threaten the existing regime. The more totalitarian the system, the more restrictions it is a fact.

However, Habr is out of politics, so I’ll finish the emotional introductory article.
')
There are many different options for saving the intelligence services from the all-seeing eye, but in my humble conviction the best solution is a VPN. If a person is not looking for anonymity, but is interested precisely in the confidentiality and integrity of his data, then a high-quality VPN in a permanent connection mode is what is needed. It does not make sense for a well-ordered user to encrypt under other names in I2P networks, but it makes sense to protect your traffic from being overheard by third parties.

The ruVPN service is intended for this usage scenario. Initially, it was positioned as an iOS solution, since only Apple devices out of the box supported configuration profiles and SCEP certificates. There are still no such standard solutions for Android devices. With the advent of Android 4.0, it has become possible to establish VPN connections within third-party applications. An OpenVPN release has been released, not requiring root privileges on the device and with automatic connection support.

The OpenVPN configuration is a regular test file. You cannot include an access password in the configuration file. But you can use the so-called "inlines", they can accommodate a pair of client keys, a key for TLS authorization and a bunch of server certificates. With this configuration, you need your own certificate center and server for generating user profiles.

When loading a profile, the MIME-type application/x-openvpn-profile , so the profile is immediately recognized by the pre-installed OpenVPN Connect application.
Profile installation occurs in the minimum number of steps:

1. After downloading the profile, OpenVPN automatically offers to install it:



2. After importing, the profile becomes available within the application:



3. After clicking the “Connect” button, the system requires you to confirm the application’s rights to install the VPN connection. This is a one-time request and with a positive response, there will be no more such questions.



4. Everything, connection is established! You can close the application, the connection status will be visible in the system tray.



5. In the notification area you can always see the details of a secure connection:



As you can see, no names / passwords are required, and the profile can only be obtained via HTTPS via a secure link. The chances of compromising your credentials are very slim.

OpenVPN automatically initiates a secure connection to the VPN server for any outgoing traffic. You can be sure that "Comrade Major" with his SORM-3 will sit and bite your elbows, trying to read your traffic.

The parameters of the compound were chosen with an emphasis on maximum safety of the compound, with the participation of advanced masters. Thank them very much for the recommendations and testing!

I want to note that VPN cannot be free. These are costs for servers, communication channels, infrastructure, maintenance personnel. If there is something completely free with a bunch of options, entry points, and the like, then you need to clearly understand the sources of funding. It is obvious that such projects pursue completely different interests than the struggle for the freedom to disseminate information. Most likely, such funds are indirectly funded by the same special services in order to collect all the "secret" traffic under their wing.

ruVPN is a purely commercial project, is outside the jurisdiction of the Russian Federation, with open data on the ultimate owners. I, as the owner of the project, guarantee that the information about the traffic of my users will not be available to any special services, all logs are deleted after 24 hours, automatically.

Please test, try, connect: https://ruvpn.net/ru/product/details/1/

All Habr's readers are given a 10% discount on the connection code habr102013