NAT Firewall add-on
Add a basic packet filter to your VPN connection
Astrill's NAT Firewall blocks outside hosts from creating unsolicited connections to your host. In this article, we discuss how Astrill bypasses traditional wireless router features and how Astrill's NAT Firewall restores protections offered by those features.
Astrill's NAT Firewall VPN feature is a packet filter that stops third parties from connecting to your Astrill-connected system. This filter prevents malicious or corrupted Internet traffic from reaching your system. Such traffic is commonly used to find bugs in software that can be used to take control of your machine. To understand how our NAT Firewall works, let's first look at how your wireless router works.
What is NAT (Network Address Translation)?
If you have a wireless router at home, you probably connect to it with more than one device. Many people have one or more computers, a phone, and maybe even a gaming system all connected to their wireless router. Because your ISP only gives you one IP address, your wireless router has to figure out how to share that IP address with multiple devices. Your router uses NAT (Network Address Translation) to transform one public IP address to many private IP addresses. Wikipedia has more technical information on how NAT works.
One side effect of NAT is that it protects your home network from a lot of harmful traffic:
- Malicious hackers on the Internet cannot reach your systems because the address translation only works for traffic initiated by your system.
- The NAT acts like a very rudimentary firewall, blocking inbound traffic unless it is in response to some previous outgoing traffic.
- Since your system is not constantly sending out requests for malicious traffic, NAT doesn't allow that traffic to get to you.
Why would I need a NAT Firewall with Astrill?
When you connect to Astrill, we give your system a public IP address reachable by anyone on the Internet.
- Your Astrill IP address is not private, and the VPN tunnels through your wireless router's NAT protections.
- Malicious hackers can send bad packet data to this public IP and your system will accept it - your wireless router cannot stop it since Astrill is delivering the traffic over your secure connection.
Astrill's NAT Firewall service functions just like your wireless router's NAT feature.
- It does not allow unexpected malicious traffic to reach your Astrill IP address.
- It will only let through Internet packets that respond to traffic initiated by your system, and that makes your system much less likely to get hacked.
Protect your system from unauthorized access while using Astrill.
Get NAT Firewall add-on now!
Home Plan add-on
A way to connect your household to secure VPN network
By default, Astrill Personal VPN account can be used on multiple devices, but only on one device at the same time. Connecting another device to Astrill VPN network results in disconnecting the previous one.
Purchasing Astrill's Home Plan gives you the possibility to connect up to 5 devices with one account at the same time. Forget about annoying relogging all the time, stay connected and safe 24/7 with your PC, Mac, iDevice, TV and more at the same time.
Get Home Plan add-on now!
StealthVPN add-on / ProAddon add-on
On May 2011, the Great Firewall of China did a probe which blocked VPNs temporarily. Unfortunately on Dec 2012, the Great Firewall of China ISPs and government worked really hard to block all existing VPN protocols. They have updated GFW so it can now learn, detect and block VPN protocols in real-time and automatically. All standard protocols like OpenVPN, PPTP, L2TP/IPSec, IPSec, SSTP are blocked. They use DPI (deep packet inspection) to detect IP addresses running VPN protocols. Then it takes them a few hours or in best case 1 day to block these IPs.
This practically means standard VPN protocols will not work in China anymore. Not now or ever. Censorship in China will become much worse. They are making new laws which will make VPNs illegal and request from Internet users to use their real name when signing up on web sites.
All VPN providers are affected by this block, not just Astrill in China. Even big companies like Apple are affected and their employees have problems to connect to their corporate VPN from China.
Protect your traffic with double encryption and undetectable VPN protocol
As a response to Great Firewall of China VPN blocking events, we decided to create a new VPN protocol that is not detectable as VPN protocol and which works in China. We named those new protocols StealthVPN and RouterPro VPN.
StealthVPN and RouterPro VPN is our customized version of OpenVPN, and is our solution which works in China. StealthVPN add-on is for computers only (Windows, Mac OSX and Linux), and RouterPro VPN add-on is for routers only (DD-WRT, Tomato, TomatoUSB, ASUS Merlin, RMerl/asuswrt-merlin). While both StealthVPN and RouterPro VPN protocols were originally designed for China users, anyone can use this protocols as means to prevent your ISP Throttling Your Internet Connection.
The new protocols StealthVPN and RouterPro VPN are designed to make it really hard to detect and block. The new protocol has 2-layers of encryption for even better security. Standard price for StealthVPN add-on is $5/month and $10/month for RouterPro VPN add-on. This fee is necessary to cover development and maintenance costs and server expenses, as this new protocol uses much more system resources due to two layers of encryption.
Get StealthVPN add-on now! Get ProAddon add-on now!
VPN Sharing add-on
Share your computer VPN connection with all your devices
You can enable VPN Sharing from Astrill application and share either OpenWeb or OpenVPN/StealthVPN connection, and then simply adjust network connection settings on your devices to utilize your computer VPN connection. VPN Sharing addon is affordable, and you only need a computer with Windows, Mac OS X or Linux operating system to use this addon.
There is no limit of how many devices you can connect with VPN Sharing. However a typical modem/router will allow you to connect up to 254 devices.
Get VPN Sharing add-on now!
Private IP add-on
Private IPs, also known as static IPs, fixed IPs or simply dedicated IPs - are IPs for your private use and not shared by anyone. By default all customers are connected to shared IP on Astrill VPN network. Thus on shared IP not all ports are not available, as all customers are allocated with 1 port number for port forwarding.
Advantage of Private IPs:
- Dedicated IP for your private use, and not shared by anyone.
- All ports are available to you (that's total of 65535 ports).
- No Port Forwarding required, simply Plug-n-Play and you are good to go.
- You can host any type of service on your private IP, on any port number.
Get Private IP add-on now!
Our standard plan includes BlowFish 128-bit and AES-128 and AES-256 bit encryption. BlowFish is selected as default encryption in OpenVPN by OpenVPN creators. AES encryption is used on many web sites on the internet as a standard and it is recommended and approved by NSA (think why!).
CryptoPlus is a set of more secure encryption algorithms supporting up to 512-bit encryption. CryptoPlus can be used with Astrill OpenVPN protocol only. CryptoPlus encryption algorithms are not endorsed or affiliated by NSA in any way.
Advantage of CryptoPlus (encryption algorithms):
- BlowFish 256-512-bit
- CAST 128-512 bit
- Camellia 128-256 bit
- CAST is used in PGP software and Camellia is Japanese and European encryption standard.
Get CryptoPlus add-on now!