Description

Add caching policy for static assets:

• .svg
• .ico
• .woff2
• .png

Test result: FAILED - (No max-age or expires)

Description

Upgrade dependencies in package.json.
This upgrade will introduce breaking changes for webpack.mix.js config.

QA Notes

As all JavaScript dependencies and build script are upgraded, sanity check for both static website and client area is required.

Feature request

Description

I recently switched to IVPN because my DD-WRT router has Wireguard built in. After setting Wireguard up for my entire home, I found that websites would load slowly, or not even load at all. I messed with a combination of things, including changing DNS servers, switching Wireguard servers, etc and still had no luck. I found an article about this same problem, and the solution found was to adjust the MTU size from the default 1460 to 1420. Reason for this - Wireguard as a standard apparently sends packets at that 1420 size. After changing this value, every website was loading without a hitch.

Describe the solution you'd like

Add additional documentation to the Wireguard setup guide to adjust the MTU to a smaller size (1420 or 1412 worked best).

Simple, not sure if this was an intended slang or not but the second major graphic on the website showing the VPN being used on the phone has a misspelling. The first line is "Yur network is". This is supposed to be "Your". At first I thought it was on purpose until I looked at the desktop version graphic above and it said "Your network is". That's about it, hope I'm not making a fool of myself and missing something; other then that this looks like a great provider :)

Description

We need to update content in CONTRIBUTING.md:

• Git Workflow

Home page

1. Change top and bottom call-to-action buttons text to ' Generate IVPN account '
2. Add ' no email required ' under buttons with paragraph font size

Pricing page

Change:
We offer different plans to better suit your needs. Please select one to create your account. You'll be able to switch it anytime in the future with one click.

Change to:
Select a plan to create your account instantly. You can switch between IVPN Standard and Pro any time in the future.

Change:
All IVPN plans include:

• Anonymous registration - no email required
• No logs, audited VPN service
• Open-source applications for Android, iOS, macOS, Windows and Linux
• Private DNS servers
• Cash, Monero and Bitcoin payment options for better anonymity
• Money back guarantee for 30 days
• Killswitch/firewall and obfuscation methods where applicable
• Router, NAS support

Change to:

All IVPN plans include:

• Anonymous registration - no email required
• Open-source applications for Android, iOS, macOS, Windows and Linux
• Private DNS servers
• Cash, Monero and Bitcoin payment options for better anonymity
• Money-back guarantee for 30 days
• Killswitch/firewall and obfuscation methods where applicable
• Router, NAS support

Why trust IVPN?

• No logs, regularly audited VPN service
• No customer data stored
• Clear privacy policy
• Transparent ownership and team
• Strong ethics: no trackers, no false promises, no surveillance ads

Account page
new client area post creation state

1. Change ' Change product ' to ' Change plan '
2. Under more payment options Change ' IVPN Gift Card ' to ' Gift Code '

Description

App download drop down is not working in iOS Safari.

Server status page update

• [Bug] In locations where we have physical servers for 1.gw and 1.wg the server status page does not show the public key for the wireguard instance on the 1.gw server.
• [Bug] If the 1.wg server is offline, the backend program removes it from the page. It also updates the 1.gw information and gives it the 1.wg hostname (incorrectly). It displays the public key of the 1.gw server that was previously missing. Unfortunately customers trying to connect manually using that information would fail.
• [Enhancement] Display port number for multi hop.
• [Enhancement] When a server in placed into maintenance mode this should be indicated on the server page.
• [Enhancement] Currently when a server goes offline it is removed from the page. It should be indicated that it is offline and not removed.
• [Enhancement] Add sort options
• [Enhancement] Add filter options
• [Enhancement] Better optimisation for mobile screens

Description

JavaScript should detect browser OS and update the Apps URL in the main menu respectively.

Support building Docker image on multiple architectures.

Bug report

The instructions for starting ivpn at sytem boot using systemd have a couple of problems.

Describe your environment

Arch, Headless server. Installed from the AUR.

• Browser: N/A
• OS name and version: Arch GNU/Linux

Describe the problem

The unit file in the example depends on ivpn-service.service.
This service uses Type=simple. system assumes that the service is available the instant the process is spawned. In reality, it takes a fraction of a second before the process begins listening on local TCP sockets.

systemd will then instantly run the ivpn-autoconnect.service.
Sometimes, this script fails, because ivpn-service is not yet listening.
No VPN connection is activated.

A second problem, is that ivpn-autoconnect.service also uses Type=simple.
The script can fail, but, systemd will assume its success, and move on to the next unit files as soon as the process has started, and not yet failed.

I have my own systemd service, that i only want to start, IF the vpn has successfully connected.
And I only want my service started after the VPN connection is fully established.

When I follow these instructions in their unmodified form, even though my service is set:

Requires=ivpn-autoconnect.service
After=ivpn-autoconnect.service

My service is started, regardless of whether the VPN connected successfully.

Steps to reproduce:

1. Follow systemd instructions
2. (optional) make ivpn-autoconnect a dependancy (Requires=ivpn-autoconnect, After=ivpn-autoconnect) of a 3rds patry service.
3. Reboot.

Observed Results:

Sometimes, ivpn-autoconnect failed to connect to ivpn-service, because altho the process was running, it had not yet started to listen on local TCP sockets.

Any services that depended on ivpn-autoconnect had eroniously started, because Type=simple is the wrong choice of service Type for this type of action.

Expected Results:

The VPN should have started.
In the event that it did not start for any reason, and dependant services should not have started.

Workaround:

1. Add a small delay after ivpn-service is started, but before continueing on to dependant units, to give the process some time to become available.
   sudo systemctl edit ivpn-service

[Service]
ExecStartPost=sleep 2

2. ivpn-autoconnect.service should look a little something like the following.
   Tailoring ExecStart/ExecStop to the users needs.

[Unit]
Description=Connect to iVPN
After=network.target ivpn-service.service
Requires=network-online.target ivpn-service.service

[Service]
Type=oneshot
ExecStart=ivpn connect -fastest -p OpenVPN
ExecStop=ivpn disconnect
RemainAfterExit=yes

RemainAfterExit=yes is needed to keep the service marked available after the ivpn cli has exited.
Type=oneshot means that any dependant unit files will not be processed untill after the ivpn cli has finished connecting.
This also means, that any failed attempt at connecting would prevent dependant units from running.
Which is certainly what a user would expect, and desire. (Otherwise, they would have used Wants=)

• Display a search bar in sidebar of https://www.ivpn.net/blog/ and sub pages, above Tags
• Yield search results to free text input with relevant results, paginated if necessary - appearance similar to tags pages

Description

https://www.ivpn.net/knowledgebase/linux/linux-how-do-i-prevent-vpn-leaks-using-iptables/

Styles for code block with instructions needs to be fixed.

Description

On production, on small devices such as iPhone 5S, there is a cutoff in the Home screen, the issue doesn't seem to happen in other pages throughout the website.

Note:
See attached screenshot for further details.

Actual result:

Cutoff in the Home screen on small devices.

Expected result:

The text should be visible, not cutoff issues should be present throughout the website.

Steps to reproduce:

1. Use a small device, e.g. iPhone 5S (reproducible via web browser console).
2. Open ivpn.net
3. Observe the cutoff.

Environment:

• Device: iPhone 5S
• Production

Screenshot:

Feature request

Description

This probably involves 2 features:

1. Publish pre-release builds somewhere on the site and enable users to conveniently install them (eg. adding a custom repo to f-droid given official f-droid can be tedious RE: ivpn/android-app#27). Similar setup for pre-release builds on other platforms.

2. A guide page for ^

Description

To improve page load performance, we need to disable RocketChat LiveChat widget for mobile devices.

Feature request

Description

Add IVPN to winget-pkgs

Describe the solution you'd like

Hey! I was wondering if it'd be possible to add IVPN to Winget -- would love to be able to deploy it on Windows via the native package manager.

Describe alternatives you've considered

I can manually install it just fine, but I've recently moved over from macOS, and IVPN worked on Homebrew there. Either way, thanks for the work you do on this!

Description

Implement support for Braintree 3D Secure.
More info:
https://developers.braintreepayments.com/guides/3d-secure/client-side/javascript/v3

We want to handle a specific Authentication Required (2099) Braintree error response and display a more specific error message in the UI.

Description

In the new static website, in the login form, the auth validation does not ignore spaces before and/or after the account ID/Email address.
This issue easily reproducible when copying an account ID from the client etc. which sometimes takes an extra space, consequently this could be mislead users to believe that the login has failed for other reasons and increase their frustration.
 

Expected result:

Login fields, both for the account ID and email login options, should ignore spaces before and/or after the account ID/Email address.

Steps to reproduce:

1. Proceed to ivpn.net
2. Either in the email login or the account ID login, use valid credentials, but add an extra space at the beginning or the end of the input data.
3. Attempt to login.

Feature request

Description

It would be great to see the list of devices that have logged in with an account id. For example, when I try to login with my tablet, I get the message I have exceeded the number of devices allowed, but I'm sure I'm not using it on those many devices. But maybe I logged in on the same device more than once and that's why I get that message(?).

Describe the solution you'd like

Currently, I see the option to log out of all other sessions, but I cannot selectively terminate/log out of individual sessions. Basically, I'm hoping for this selective removal.

Not sure if this is the right place to file this issue as it would be nice to see it in other apps too.

Using apt-key to add a repo key to a Debian or Debian-like system is deprecated because of security implications. Using gpg directly offers a way to limit security implications. This requires updates to the Linux page on the website and .list files on the repo server at the same time.

https://manpages.debian.org/testing/apt/apt-key.8.en.html
https://wiki.debian.org/DebianRepository/UseThirdParty
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851774
https://www.mail-archive.com/[email protected]/msg764545.html

On this page:
https://www.ivpn.net/apps-linux/
src/content/pages/apps-linux.md

Change the # Add IVPN's GPG key command from one line to two for the Ubuntu, Debian and Mint code block sections:

curl -fsSL https://repo.ivpn.net/stable/ubuntu/generic.gpg | gpg --dearmor > ~/ivpn-archive-keyring.gpg 
sudo mv ~/ivpn-archive-keyring.gpg /usr/share/keyrings/ivpn-archive-keyring.gpg 

It would be nice to condense the two line above to one line, though gpg --dearmor produces binary-like output that can cause unwanted terminal behaviour (can be fixed by typing reset) and tee does not seem to have a way to suppress output and output redirection with > plus sudo tends not to work as expected.

Updates to the contents of the generic.list files for Ubuntu, Debian and Mint on the repo server are required as well, which will likely require concurrent co-operation with someone with direct access to the repo server:
https://repo.ivpn.net/stable/ubuntu/generic.list
https://repo.ivpn.net/stable/debian/generic.list
https://repo.ivpn.net/stable/mint/generic.list

Update the contents of the [] section to include a path pointing to the signing key. Here is the change for Ubuntu, for example:

deb [arch=amd64 signed-by=/usr/share/keyrings/ivpn-archive-keyring.gpg] https://repo.ivpn.net/stable/ubuntu ./generic main

I have tested these changes on Debian 10, Ubuntu 16.04 LTS, 20.10, and Mint 20.1.

Description

Upgrade dependencies in package.json.

QA Notes

As all JavaScript dependencies and build script are upgraded, sanity check for both static website and client area is required.

Make the QR code on the account section bigger as I had trouble scanning.

It would be nice have an RSS feed for the blog so that we could get that content into our RSS reader of choice. :) Apparently it's in the works, but I wanted to open an issue here for more visibility.

Description

Upgrade dependencies in package.json to the latest version.

Feature request

Description

Client area should show number of devices logged. It can allow authentic users to verify in real time if their account is not misused without authorisation.

Describe the solution you'd like

As central authetication server hold record of number of devices logged already, this info can be mirrored into client area in real time.

Describe alternatives you've considered

None in mind yet.

Currently, number of digits after decimal point is inconsistent in the 'load' column on the server status page:
https://ivpn.net/status

For example, some server load is shown as '8%' and some '5.03%', this makes it more difficult to parse these values on a glance.

Expected behaviour
Values in the load column should have fixed number of digits after decimal point across all servers.

We want to unify thumb image size for "Related posts" section, in the same size as on the main blog feed.

Description:

On mobile, certain pages in the Guides section have some content cutoff, we need to optimise the tables in order to fix the issue.

Tested on iPhone XR, Safari and Firefox browsers.

E.g. URL: https://www.ivpn.net/privacy-guides/vpn-vs-tor/

Description

Update favicon to new black/red style of IVPN logo.

IVPN Desktop app GitHub repos have been migrated to a mono repo:
https://github.com/ivpn/desktop-app

Change log URLs need to be updated on pages:
https://www.ivpn.net/apps-windows/
https://www.ivpn.net/apps-macos/
https://www.ivpn.net/apps-linux/

Description

Add IPv6 address in Account Settings -> WireGuard -> WireGuard Keys.

Description

Braintree authentication_unavailable error should not be rejected if 3DS is required.

Braintree response data

Liability Shift Possible: false
Liability Shifted: false
Enrolled Value: "U"

More info

https://developer.paypal.com/braintree/docs/guides/3d-secure/legacy-3d-secure/server-side/ruby#status-authentication_unavailable-the-card-network-is-unavailable-to-verify-the-customer39s

Is there any installation tutorial?

Feature request

Description

I want to regenerate account ID from Client area on my own whenever I desire so.

Describe the solution you'd like

Client area should offer option to regenerate account ID. So that accounts will be more protected against unfortunate credential thefts.

Describe alternatives you've considered

Ask staff for same which I feel cumbersome and also feels uncomfortable with.

Add a link to the RSS feed in the sidebar of the blog, below Tags.

Hey there, so i was browsing your guys's website and i saw a little typo of sorts, i just want to let all of you know about it.

Here bellow you'll find a screenshot of the the issue talked about above.

Above you'll find a screenshot of the problem i'm talking about.

If for any reason you don't understand the problem of what i'm talk about, then don't hesitate to comment or contact me in any way.

Description

In some cases, when navigating through the main menu and returning to the Home page, the connection info bar displays previous and incorrect state cached by the browser.

Description

https://www.ivpn.net/status/
On the status page, we want to load the flag icons from IVPN server.

We want to show a specific error message for 3D Secure failure.
Based on Braintree documentation:
https://developer.paypal.com/braintree/docs/guides/3d-secure/server-side/ruby

Posts with WireGuard tag render the tag erroneously under blog post body: "Wire guard" instead of the correct format "WireGuard".
E.g: https://www.ivpn.net/blog/ipv6-over-ipv4-available-for-testing/
Displays correctly in blog sidebar.

Add server speed limit in servers status page.
This info should be located in server details, in the following form Line Speed / Configured Speed.

When enabling 2FA in the client area, we want to add a warning that 2FA is also applied to authentication in the IVPN apps.

After Bob's example stuff, the sentence "As soon as you’re connected, all of your online activity is encrypted and untraceable." can be misleading. I recommend to put there "from the ISP side" at the end.

See: As soon as you’re connected, all of your online activity is encrypted, and untraceable from the ISP side.

Bug report

Describe your environment

• Browser: Firefox, Chromium
• OS name and version: _____

Describe the problem

In order to copy a WG server's public key, the server has to be expanded, but clicking the WG key to highlight text causes the server details to collapse.

Steps to reproduce:

1. Expand a WG server on ivpn.net/status
2. Highlight the public key
3. How to copy?

Observed Results:

The expanded details tend to collapse before the copying can occur.

Expected Results:

The expanded details should remain open to allow for copying the WG public key.

Relevant Code:

// TODO(you): code here to reproduce the problem

Servers status page update:

• Group OpenVPN and WireGuard instances together
• Remove "Protocol" column and filter

https://www.ivpn.net/apps-ios/

Bug report

Describe your environment

• OS name and version: Fedora 34

Describe the problem

Steps to reproduce:

1. Start with a prior /etc/wireguard/ivpn.conf with only ipv4 configured
2. Add comma-separated ipv6 address from Wireguard tab in account page to the Address field in the conf file
3. systemctl restart [email protected]

Observed Results:

ipv4 continues to work as expected. No ipv6 though.

$ curl -6 ifconfig.co
curl: (7) Couldn't connect to server

Expected Results:

Should display my ipv6 address (I guess).

Relevant Code:

$ cat /etc/wireguard/ivpn.conf 
[Interface]
PrivateKey = *HIDDEN*
Address = 172.16.x.y/32, fd00:4956:504e:ffff::xx:yy/128
DNS = 10.0.254.2
[Peer]
PublicKey = rg+GGDmjM4Vxo1hURvKmgm9yonb6qcoKbPCP/DNDBnI=
Endpoint = ca1.wg.ivpn.net:2049
AllowedIPs = 0.0.0.0/0, ::0

$ sudo systemctl restart [email protected]

Feature request

Description

It is great that bitcoin payment is accepted. However with the current mempool size it is very inefficient to make a on-chain payment. Even the 3-year IVPN PRO plan 220 USD is madness to pay right now.

Describe the solution you'd like

You have already implemented BTCPay server, so it should be easy to implement LND, C-lightning or Eclair. I would consider implementing CADR (Cryptoanarchy Debian Repository). It is super easy to install and implement. (sudo apt install lnd btcpayserver)

Describe alternatives you've considered

The other option maybe faster to implement for you is to install LND right away. Don't forget to open channels and arrange inbound liquidity.