Our VPN, what we log, and why

by Paul Reinheimer on

There's been a lot of interest in VPN services lately, mostly due to a change in US policy. WonderProxy offers VPN services, both as part of our proxy plans and through an individual VPN plan that provides access to one server in San Antonio, USA, and one in London, UK.

We launched our VPN to help our proxy customers who were having problems testing technologies that routinely ignore proxy settings (flash & silverlight most commonly). The WonderVPN plan was launched to to help friends who wanted a good coffee-shop solution, this was back in the days when Firesheep was first making the rounds.

We've written in the past about what we log, but we've been getting a lot of questions lately, so we figured we'd address those.

Questions (and Answers)

Do you log?

Yes. I blogged about this a bit before, but the short answer is that when you offer these sorts of tools there's a small percentage of bad actors that can cause a lot of problems. Having no idea who those bad actors are would put some of our servers at risk of disconnection from our providers. People often think about the downsides of logging, which is completely valid! But there is an upside: we've interacted with law enforcement requests twice, and one of the times someone had used our network to defraud the elderly in New Zealand. Since we had some logging, we were able to provide law enforcement with enough information to continue their investigation. I think I still have the letter somewhere.

What do you log?

Our VPN servers have two logs which I'll call the billing log, and diagnostic log. The billing log is used to count traffic used, while the diagnostic log is used to help diagnose problems1.

Billing log:

Apr  5 06:07:25 sanantonio WP-VPN-LOG: 20170405060725 connect stats  
Apr  5 06:07:26 sanantonio WP-VPN-LOG: 20170405060726 disconnect stats 420 365  
Apr  5 06:09:16 sanantonio WP-VPN-LOG: 20170405060916 connect stats  
Apr  5 06:09:18 sanantonio WP-VPN-LOG: 20170405060918 disconnect stats 420 365  
Apr  5 06:09:19 sanantonio WP-VPN-LOG: 20170405060919 connect stats  
Apr  5 06:09:19 sanantonio WP-VPN-LOG: 20170405060919 disconnect stats 420 365  
Apr  5 06:12:22 sanantonio WP-VPN-LOG: 20170405061222 connect stats  

Diagnostic log:

Apr  5 12:24:15 sanantonio xl2tpd[24094]: Connection established to 192.155.82.194, 1701.  Local: 33751, Remote: 34187 (ref=0/0).  LNS session is 'default'  
Apr  5 12:24:15 sanantonio xl2tpd[24094]: control_finish: Warning: Peer did not specify transmit speed  
Apr  5 12:24:15 sanantonio xl2tpd[24094]: start_pppd: I'm running:  
Apr  5 12:24:15 sanantonio xl2tpd[24094]: "/usr/sbin/pppd"  
Apr  5 12:24:15 sanantonio xl2tpd[24094]: "passive"  
Apr  5 12:24:15 sanantonio xl2tpd[24094]: "nodetach"  
Apr  5 12:24:15 sanantonio xl2tpd[24094]: "10.42.96.1:10.42.96.128"  
Apr  5 12:24:15 sanantonio xl2tpd[24094]: "refuse-chap"  
Apr  5 12:24:15 sanantonio xl2tpd[24094]: "auth"  
Apr  5 12:24:15 sanantonio xl2tpd[24094]: "require-pap"  
Apr  5 12:24:15 sanantonio xl2tpd[24094]: "name"  
Apr  5 12:24:15 sanantonio xl2tpd[24094]: "WonderProxy"  
Apr  5 12:24:15 sanantonio xl2tpd[24094]: "file"  
Apr  5 12:24:15 sanantonio xl2tpd[24094]: "/etc/ppp/options.l2tpd"  
Apr  5 12:24:15 sanantonio xl2tpd[24094]: "/dev/pts/1"  
Apr  5 12:24:15 sanantonio xl2tpd[24094]: Call established with 192.155.82.194, Local: 23605, Remote: 56473, Serial: 14219  
Apr  5 12:24:15 sanantonio pppd[22138]: pppd 2.4.6 started by root, uid 0  
Apr  5 12:24:15 sanantonio pppd[22138]: Using interface ppp0  
Apr  5 12:24:15 sanantonio pppd[22138]: Connect: ppp0 <--> /dev/pts/1  
Apr  5 12:24:18 sanantonio pppd[22138]: pam_unix(ppp:session): session opened for user stats by (uid=0)  
Apr  5 12:24:18 sanantonio pppd[22138]: user stats logged in on tty pts/1 intf ppp0  
Apr  5 12:24:18 sanantonio pppd[22138]: PAP peer authentication succeeded for stats  
Apr  5 12:24:18 sanantonio pppd[22138]: local  IP address 10.42.96.1  
Apr  5 12:24:18 sanantonio pppd[22138]: remote IP address 10.42.96.128  
Apr  5 12:24:19 sanantonio xl2tpd[24094]: control_finish: Connection closed to 192.155.82.194, port 1701 (Goodbye!), Local: 33751, Remote: 34187  
Apr  5 12:24:19 sanantonio pppd[22138]: Modem hangup  
Apr  5 12:24:19 sanantonio xl2tpd[24094]: Terminating pppd: sending TERM signal to pid 22138  
Apr  5 12:24:19 sanantonio pppd[22138]: Connect time 0.1 minutes.  
Apr  5 12:24:19 sanantonio pppd[22138]: Sent 420 bytes, received 365 bytes.  
Apr  5 12:24:19 sanantonio pppd[22138]: pam_unix(ppp:session): session closed for user stats  
Apr  5 12:24:19 sanantonio pppd[22138]: Connection terminated.  

Our website runs the standard Apache commonlog. When you log in, we store common data like your username, remote IP, etc. Our billing providers (Stripe, PayPal) as well as our subscription management platform (Recurly) will also log stuff about you paying us.

How long are VPN logs kept?

All logs are kept for a week on the server they originated on, and then deleted from that server. The billing log is also kept on our billing server for 6+ months (the plus is a result of a lack of automation for our culling).

Where are logs kept?

We store our logs on the server used (e.g. San Antonio, or London) for a week and are then deleted. Logs used for billing purposes are copied to our central server in Toronto, Ontario every hour.

Why do you keep logs so long?

That's a good question, and one that we're talking about internally! Looking through our history, we've dealt with 7 or 8 abuse complaints over the lifetime of WonderProxy. None of those have needed logs further back than 2 or 3 months. It's possible we can shorten this.

Abuse is something we think about a lot – it's currently more of a focus for us than than providing anonymity is. We have 237 servers spanning 83 countries. Having built tools like Where's it Up and WonderProxy, it would be easy to turn into a platform for misdeeds. That's kept me up at night.

What VPN technology do you use?

We use LT2P over IPSec using a pre-shared key. We worked hard to be supported by the native clients on Mac & Windows.

Have you hired an external security auditor?

No.

Will you sell my usage data?

No. Our privacy policy forbids it, so we'd need to update that first, which would involve our lawyers who are expensive. This is just a horrid idea.

Further Thoughts

Last year Ars Technica wrote an article on the problems with creating a "Best VPNs" list which dives into a lot of the problems you'll run into creating a list. @KennWhite routinely tweets about the sad state of consumer VPNs. We're probably not the right answer for everyone, but I hope this helps you make an informed decision. If you'd like to try out our VPN, here's the signup link.

  1. The most common problem we see is a hotel or coffee shop assigning local private IPs out of the public IP space.