How to operate: in-depth understanding of unique AdGuard VPN protocol
How to operate: in-depth understanding of unique AdGuard VPN protocol
Over the years, we have focused on developing various advertising interception applications, browser extensions and DNS. For many users, two years ago, I seem to have decided to develop my own VPN service, but in fact, there are several reasons to make us determined.
Due to the ADGUARD mobile app exists with other VPN applications
Internet work principle
Do not worry! We will not explain the working principle of the Internet from beginning to end, but some basic principles. The current communication on the Internet is based on the transmission of packets between computers. There are several packet types, and each type has its own unique purpose. The rule of packet package and processing is called a protocol.
You must have heard of the IP address? Basically, the IP address is a part of the IP protocol – the main mechanism of network data transmission. Each packet contains three parts: data, sender, and IP addresses of the receiver.
The recipient knows who is sent to a packet, so you can also send some data. Although “simple” IP protocol is almost useless, it is extremely widely used based on its other two protocols, which is TCP and UDP protocols.
TCP is a “happiness horse” in the Internet. When you open the site, the most likely the Internet uses TCP to perform data transfer.
TCP contains four parts:
IP header, including source address and destination address.
The port number of the sender and the receiver. This number is used for operating the system which data package is sent to a service on which computer is sent.
The data package serial number. Sometimes, the order sequentially sent by the packet is different from the order of arriving at the recipient. The serial number can be used as the correct sequence of reference.
Packet type. This property is used to ensure the accuracy of transferring data. Read the following can learn more.
No matter what the network you are using, some packets may be lost during the transfer process. The TCP protocol guarantees that the packet will successfully forward to the target address. For each transmitted packet, the recipient will send a TCP package that contains confirmation information. If the sender confiscates confirmation information, it will resend the packet. The sender received confirmation information until the sender received.
UDP is another, but not so popular IP-based protocol. The only difference between the IP protocol is that it also transmits information about the port number in addition to the data and the sender and the receiver address. As can be seen from the GIF map below, since there is no confirmation information sent back to the recipient, the UDP is faster than the Packet Transmission speed of the TCP protocol.
VPN protocol working principle
When you send a letter or email to a person, you can write the content, things, sign, but you need to enter the recipient address. The working principle of the Internet is the same. In order to send data, you need an IP address.
When you visit the site, it detects your IP address. I can easily determine the location of the user. VPN allows your data to be sent from your home / office or mobile phone from your home / office or mobile phone first by encrypted connection, and may even send it to the public internet. This operation seems to have a rabbit to sneak into a hole, but the export is in a certain place.
By encryption, your data will get the IP address of the other end of the tunnel, not your address or work. Now, when you connect to the web server, the IP address detected by the server is no longer your home, but the IP address of the VPN endpoint. So if you visit the website, your data will not be exposed.
You are likely to know the following content, but you should also look back. Let us understand some of the techniques in technology. In order to make VPN work, it is necessary to transmit and encrypt data from your device to the VPN server. Rules that transmit and encrypt these data are called VPN protocols. The most common VPN protocol has OpenVPN, Wireguard, and IPSec. Basically, these protocols are similar in terms of operation and functionality. However, the devil is in the details (ie, on encryption and connection).
Let’s take a look at the working principle of the VPN protocol. For example, you want to visit a website. If you enable VPN, the VPN server is equivalent to the intermediaries between you and the website. Initially, the encrypted IP package will be sent to the server. The VPN server decrypts this packet to change the “sender address” (ie, your IP), and then send this packet to the recipient (ie, you are accessing). Generally, UDP can be used as a transport protocol to achieve this purpose. Because it does not need to wait for the confirmation information of the other party, the speed is faster.
Existing VPN protocol limit
All popular VPN protocols (including OpenVPN, Wireguard, IPSec, etc.) have two common disadvantages:
On the network level, they can be easily detected and blocked.
If you try to “hide” them, their performance will decrease.
To “hide” VPN, usually the data can be “package” to the TCP connection. Sometimes, the packet will also be added to make the traffic look more like a normal website. Unfortunately, this method has a disadvantage – Due to use TCP, you need to receive confirmation information.
This way, when we use the mainstream VPN protocol, we always face two embarrassing choices: high-speed running but easier to detect vs. Low speed running but more concealed.
Advantages of the AdGuard VPN protocol
We didn’t want to use it as soon as I saw the existing protocol, so I developed the AdGuard VPN protocol. So what is the strength of our agreement?
Our agreement is almost unable to distinguish between normal HTTPS traffic. This means that the connection of the AdGuard VPN server looks almost the same as the normal connection of the website.
For encryption, we use HTTPS (TLS) capable of encrypting. This is the most popular encryption method in the world, and the database of HTTPS is constantly being securely audited by the database.
Some existing VPN protocols can also be encrypted (such hidden VPN is being used), so they are difficult to detect. However, their encryption functions result in a decrease in running speed. However, we have found some solutions, so this situation has nothing to do with us.
We use the HTTP / 2 transfer protocol so that the AdGuard VPN protocol is not only detected, but the speed is generally not restricted.
Unlike other protocols, the AdGuard VPN protocol processes data instead of packets. This means that the AdGuard VPN establishes a separate “tunnel” for each connection, and each HTTP / 2 data stream responds within a connection. The AdGuard VPN passes the tunnel transmission data, before sending the packet to the VPN server (or from the server to the client), we can integrate a few packets of data into a packet, so we can save the package containing confirmation information, we The speed of processing can be accelerated. The less packet, the less the package we need to confirm the information.