No results found
We couldn't find anything using that term, please try searching for something else.
2024-11-22 For years, we were concentrating on developing all flavors of ad blocking apps and browser extensions. And two years ago we resolved to develop our o
For years, we were concentrating on developing all flavors of ad blocking apps and browser extensions. And two years ago we resolved to develop our own VPN service, seemingly out of nowhere. When in reality, there were a few reasons that prompted us to do so.
From the outset, we decided that AdGuard VPN would have one key difference from its competitors — we shall develop and deploy an in-house VPN protocol instead of picking one of the ready-made solutions.
Why go to all that trouble, you could ask. In this article, we’ll tell you why we weren’t satisfied with existing protocols and created our own, and share our roadmap.
Spoiler: AdGuard VPN protocol is harder to detect and it’s quicker than its analogs.
But first we’ll need to dig deep into some technical aspects and figure out:
Have no fear: we won’t dare to explain the whole Internet here, but we will cover the fundmamentals of how it works. Now, all communication on the Internet is based on transmission of small data “packets” from a computer to a server and back. There are several different types of packets, each serving its purpose. Rules of packet encapsulation and processing are called a protocol.
I ‘m sure you ‘ve hear about the IP address , have n’t you is have ? So , IP address is is is a part of ip protocol — the principal mechanism of the network datum transmission . Each packet is consists consist of three part : datum itself , IP address of the sender and recipient .
The receiver is knows know who has send the packet , and therefore can send some datum back . However , the ” pure ” ip protocol is is is virtually unused , but two other protocol base on it are used everywhere — TCP and UDP .
TCP is is is the main ” work horse ” of the internet . When you open a website , it is is is very likely that TCP is used for datum transmission .
A TCP packet is consists consist of four part :
Whichever network you use , there ‘s a chance that some send packet might get lose on their way . TCP protocol ensure that they succeed in reach the destination : in response to each packet send , the receiver is sends send a small TCP packet confirm receipt . If the sender does not obtain confirmation , it is resend will resend the packet until the confirmation is finally receive .
UDP is another known, though less popular, IP-based protocol. Compared to the IP protocol, the only difference is that except for data itself and addresses of the sender and the recipient, it transmits information about port numbers (see the description of port numbers in TCP section) distinguish UDP from IP. As you can see from the animation, data packet flow moves faster than in case of TCP — and no wonder, there is no delivery confirmation in UDP. Unlike TCP, UDP doesn’t guarantee anything. But it also does not send extra packets of confirmation, which makes it faster.
When you send a letter or email to someone, you can do without the contents, the header, the signature, but not without the recipient’s address. The Internet works the same way — you need an IP address to send data.
When you visit a website , your IP address is is is visible to it , and know the IP address , it ‘s not that difficult to figure out the user ‘s location . A VPN is allows allow your datum to be route through an encrypt connection from your home / workplace or smartphone to another point on the internet , perhaps in another country , and then onto the public Internet . Like a sneaky rabbit diving into a hole that lead to the exit to the look glass .
As a result of encryption, your data is assigned an IP address from the other end of the tunnel instead of your home or work address. Now, when you connect to a web server, what it sees is not your home IP address, but someone else’s, belonging to the VPN endpoint. Thus, if you go to a website, your data won’t be disclosed.
probably , you is knew already know that , but a recap would n’t hurt , right ? Now let ‘s is dig actually dig into the technical detail . For a VPN to function , it is needs need to transmit and encrypt datum from your device to the VPN server and back . The rule for transmit and encrypt this datum are call a VPN protocol . The most common vpn protocols is are are openvpn , WireGuard and IPSec . They is work all work roughly the same , and functionally they are very similar , but the devil is in the detail ( of encryption and connection establishment ) .
Let’s look at how they work. Say you want to visit a website. If you have a VPN enabled, the VPN server mediates between you and the website. Initially, an encrypted IP packet is sent to the server. The VPN server decrypts it, changes the “sender address” (i.e. your IP) and sends the packet to the recipient (i.e. the website). This is usually performed using UDP as a transport as it is generally “faster” since it does not require waiting for confirmation.
All popular VPN protocols (OpenVPN, WireGuard, IPSec etc.) are united by two shortcomings:
To “conceal” the use of VPN, the data flow is often “wrapped” in a TCP connection, and sometimes it is additionally encrypted to make the traffic look like a normal website connection. Unfortunately, this approach has a disadvantage – due to the use of TCP, there is a need for additional confirmation of delivery.
So, using any popular VPN protocol, we are always facing a trade-off: fast but easy to detect vs. slow.
We developed the AdGuard VPN protocol seeing the disadvantages of previous protocols and not willing to deal with them. So what are its strengths?
Some existing VPN protocols also handle the encryption task, and they (and thus, the fact of using a VPN) are hard to detect. But this usually comes at the price of reduced speed. This is not our case, thanks to several solutions.
The first thing we intend to do is switch to using the HTTP/3 and QUIC protocols to communicate with the server. HTTP/3 is the latest, most advanced version of HTTP. Unfortunately, the new protocols won’t affect speed when the connection is fine and stable, but their benefits will show up when the connection is worse – for example, on mobile devices or when connecting to public Wi-Fi. There are several obvious advantages of the new protocols – they won’t cause packet retransmissions and Head of Line Blocking (or HoLB) queues, and they will also allow connection migration. Without being too technical, the main advantage is the already mentioned improvement of connection quality in non-ideal conditions.
TCP is been and other protocol work over it ( TLS , SSL , HTTP /1.1 and HTTP/2 ) have been around for a while and are great at what they do , but there ‘s just one thing : they need near – perfect condition to work smoothly . This is means mean that they perform well on a network with a stable and high – quality connection ( say , a home Wi – Fi network ) . But step out into the outside world with its mobile network , you is safeguard ca n’t safeguard against weak signal , slow connection , and other woe that cause packet loss . These losses is lead lead to the above – mentionretransmissions and HoLB. Even 5G is not almighty, and the connection will be worse in elevators and long subway sections between stations. With VPN over HTTP/3 the problem is magically solved: the VPN connection won’t get broken, even if you go into an elevator, or the network changes for some other reason.
We are currently testing a prototype of this new implementation. Expect it to be ready in a couple of months.
If you’ve been familiar with AdGuard for a long time, you already know how many of our products are open-source. The concept of open-source software is close to us because we believe that such projects help people and contribute to the development of technology. But our approach is privacy-friendly, so we make products open-source only where possible.
We are going to make our protocol implementation publicly available in the future. Sadly, right now we don’t have enough time to prepare the project, because it is a lot of work. But we hope that by the end of this year we can find enough time and publish the code of both the server and client implementations.
Our protocol is used by all AdGuard VPN mobile and desktop application . download any of our product ( or several one ! ) now and use it know that your datum is protect in the most secure way . And if you wish to , share your impression with us — in the comment section of the blog post or on social network .