Set up VPN tunnels with our Android application, through almost any private network for free
Our VPN infrastructure is hosted on the Amazon EC2 & OVH clouds
open-source software: Java server, Flex client for Adobe AIR and Perl client are available on GitHub
The feature list follows. To know how to configure and use those features, please refer to the documentation page.
As you can see on the following picture, the interface layout depends on the type of Android device: phone or tablet.
VPN-over-DNS is only available on Google Play. This is the Android marketplace managed by Google, previously named the Android Market. Click on the following image to download VPN-over-DNS:
The DNS requests sent by the client application only use "IN A" query type. No use of "IN TXT" or other less common query types, because they could be too easily filtered. Application-level messages are scattered into many DNS queries and the downstream is GZIP-compressed. Application-level messages are multiplexed on top of the VPN session, such that several messages can be processed simultaneously. The low-level protocol layer handles a pool of up to 20 simultaneous running queries, for optimal flow-control. In case of network congestion, queries discarded by the network are rescheduled when some timeout occurs.
Two languages are supported: English and French.
You can configure the GUI with any of the two available skins: Shiny for standard users and Geek specifically designed to meet geek requirements.
The VPN between your mobile device and our server farm is not ciphered, but your mailbox provider credentials are never transfered on the DNS tunnel. Your VPN-over-DNS credentials (the login & password you choose when you create your VPN account) and your mailbox provider credentials (the email & password used to connect to your mail provider) are exchanged with our servers over a secured SSL/TLS session. This session is secured by means of our X.509 certificate signed by UserTrust/Comodo.
Mail User Agent
You have 3 ways to read and send mails :
- using the native Mail User Agent integrated with VPN-over-DNS. It is optimized for speed and integrated with the following four major mailbox providers: GMail from Google, HotMail/Live from Microsoft, Yahoo! Mail from Yahoo! and FastMail from Opera. Limited to your 20 last new mails. Each mail content is limited to its text part only, truncated to 64 kilo bytes max. MIME attachments and HTML MIME parts inside mails are removed. The subject length is truncated to 4 kilo bytes max. The headers are removed, except for "From", "To", "Cc", "Date" and "Subject" headers. At the moment you check your mails, the server farm connects to your mailbox provider through IMAPs ou POP3s and downloads up to 20 new mails. When the download is complete, your new mails are stored in a cloud database and sent to your mobile device through our specific protocol on top of DNS queries. In case of a network outage while mails are sent back to your device, mails stored on the cloud database will be sent next time you set up the tunnel.
- using a web mail portal. If your mail provider is not one of the fourth supported by our native Mail User Agent, or if you want to get advanced features like attachements, other MIME capabilities, conversation threads filtering & multiple mailboxes handling, you may connect to your web mail portal using the VPN-over-DNS tunnel. For this purpose, you need to use our VPN-encapsulated proxy on localhost, port 8081.
- using your prefered Mail User Agent. If you prefer using a SMTPs/POP3s/IMAPs mail agent, to get advanced features like attachements, other MIME capabilities, conversation threads filtering & multiple mailboxes handling, you may use the TCP port redirection feature with VPN-over-DNS running in the background. This way, you can use any Mail User Agent.
You have 4 ways to browser the Internet :
Here is a table comparing the features available with each web browsing use-case:
You can securely access your own server using SSH, by means of port redirection (see next section). Just let VPN-over-DNS run in the background and use ConnectBot (the leading Android SSH implementation) or any other SSH client to connect to your server. Moreover, you can do SSH tunneling this way, adding port redirection at the SSH layer, connecting to services offered by your private infrastructure.
TCP port redirection
The VPN-over-DNS application can handle TCP port redirections on top of DNS requests, the same way a SSH client can manage TCP port redirections on top of a SSH session. An initial set of redirections is pre-configured, some for internal needs, some others for common usages and you can also define your own redirections.
VPN-over-DNS, installed on your Android device, can share the web proxies (or any other port redirected service) to your iPad or your laptop: just connect your iPad or your laptop to the same local Wi-Fi network (for instance, the one with the captive portal you want to bypass), and configure the proxy of your iPad or laptop to the IP of your Android device, and to port 8080 or 8081 depending of the VPN-over-DNS proxy you prefer (half-featured fast proxy or full-featured low-bandwidth proxy).
Server and clients are now open-source: GPLv3 Explore the source tree on GitHub
Perl version available on Docker Hub Pull the Docker image from Docker Hub