Abstract: Transmitting data over a VPN connection includes receiving, at a VPN concentrator, from a VPN user device, an initiation request of a first connection, initialized to have an initial MSS, from the VPN user device to a target. The first connection is terminated at the VPN concentrator. A second connection is established across a VPN tunnel between the VPN concentrator and the VPN user device. A third connection is established between the VPN concentrator and the target. A first MSS for the second connection and a second MSS for the third connection are set. One of the first MSS or the second MSS are set to prevent packet fragmentation due to VPN-related encapsulation. First data packets are transmitted between the VPN concentrator and the VPN user device using the first MSS. Second data packets are transmitted between the VPN concentrator and the target using the second MSS.

Abstract: A method and apparatus for generating a dynamic security certificate. The method creates an entropic element from user input, receives metadata from user input and generates a dynamic security certificate using the entropic element and the metadata. The dynamic security certificate is then trusted through user input.

Abstract: A request is received from a user device to establish a VPN tunnel. The VPN tunnel is established with a first private IP address of the VPN concentrator and a second private IP address of the user device as endpoints. An outbound packet for transmission to a target is received from the user device. A third private IP address associated with the tunnel is looked up based on a VPN session. A substitution of the first private IP address with the third private IP address in a header of the outbound packet is performed. NAT is performed on the outbound packet to replace the third private IP address with a third public IP address of the VPN concentrator. The outbound packet is then transmitted to the target.

Abstract: A method including receiving, by a first device from a second device in a mesh network, a control command from the second device to control operation of a network resource device accessible by the first device, the control command being received via a meshnet connection between the first device and the second device; and transmitting, by the first device to the second device, operation information associated with operation of the network resource device in accordance with the control command, the operation information being transmitted via the meshnet connection. Various other aspects are contemplated.

Abstract: A method including receiving, by a first device from a second device in a mesh network, message data to be transmitted to a communication device, the message data being received via a first meshnet connection between the first device and the second device; and transmitting, by the first device to the second device, response data based at least in part on transmitting the message data to the communication device, the response data being transmitted via the first meshnet connection. Various other aspects are contemplated.

Abstract: A method including determining, by a first device in communication with a second device and a third device in a mesh network, a first instant message to be transmitted to the second device and a second instant message to be transmitted to the third device, the first instant message and the second instant message including instant messaging (IM) information; encrypting, by the first device, the first instant message based at least in part on utilizing a symmetric key negotiated between the first device and the second device and the second instant message based at least in part on utilizing a symmetric key negotiated between the first device and the third device; and selectively transmitting, by the first device, the encrypted first instant message over a first meshnet connection and the encrypted second instant message over a second meshnet connection. Various other aspects are contemplated.

Abstract: A method including receiving, by a first device from a second device in a mesh network, message data to be transmitted to a communication device, the message data being received via a first meshnet connection between the first device and the second device; and transmitting, by the first device to the second device, response data based at least in part on transmitting the message data to the communication device, the response data being transmitted via the first meshnet connection. Various other aspects are contemplated.

Abstract: A method including determining, by a first device in communication with a second device in a mesh network, an instant message to be transmitted to the second device; first encrypting, by the first device, the instant message based at least in part on utilizing a symmetric key negotiated between the first device and the second device; second encrypting, by the first device, the first encrypted instant message based at least in part on utilizing a public key associated with the second device; and selectively transmitting, by the first device, the second encrypted instant message to the second device. Various other aspects are contemplated.

Abstract: A method including receiving, by a first device from a second device in a mesh network, a control command from the second device to control operation of a network resource device accessible by the first device, the control command being received via a meshnet connection between the first device and the second device; and transmitting, by the first device to the second device, operation information associated with operation of the network resource device in accordance with the control command, the operation information being transmitted via the meshnet connection. Various other aspects are contemplated.

Abstract: A method including determining, by a first device in communication with a second device in a mesh network, an instant message to be transmitted to the second device; first encrypting, by the first device, the instant message based at least in part on utilizing a symmetric key negotiated between the first device and the second device; second encrypting, by the first device, the first encrypted instant message based at least in part on utilizing a public key associated with the second device; and selectively transmitting, by the first device, the second encrypted instant message to the second device. Various other aspects are contemplated.

Abstract: A method including determining, by a first device in communication with a second device and a third device in a mesh network, a first instant message to be transmitted to the second device and a second instant message to be transmitted to the third device, the first instant message and the second instant message including instant messaging (IM) information; encrypting, by the first device, the first instant message based at least in part on utilizing a symmetric key negotiated between the first device and the second device and the second instant message based at least in part on utilizing a symmetric key negotiated between the first device and the third device; and selectively transmitting, by the first device, the encrypted first instant message over a first meshnet connection and the encrypted second instant message over a second meshnet connection. Various other aspects are contemplated.

Abstract: A method including receiving a first assigned public key from a first device and a second assigned public key from a second device; determining, based on receiving the first assigned public key and the second assigned public key, a first communication parameter associated with the first device and a second communication parameter with the second device; and determining that the first device and the second device are to be included in a secure mesh network based on determining an association between the first device and the second device, and transmitting, based on determining that the first device and the second device are to be included in the secure mesh network, the first assigned public key and the first communication parameter to the second device and the second assigned public key and the second communication parameter to the first device. Various other aspects are contemplated.

Abstract: A method including communicating, by a first device and a second device, connection information to set up a meshnet connection between the first device and the second device in a mesh network, the connection information including security information indicating a cryptographic key to be utilized to communicate meshnet data over the meshnet connection and protocol information indicating a communication protocol to be utilized to communicate the meshnet data over the meshnet connection; and communicating, by the first device and the second device, the meshnet data over the meshnet connection based at least in part on utilizing the cryptographic key and the communication protocol. Various other aspects are contemplated.

Abstract: An encrypted tunnel is established between a virtual private network (VPN) server and a VPN user device. A request to establish a connection with a target device is received from the VPN user device. The request uses initial connection parameters. The connection the converted into a first connection between the VPN user device and the VPN server and a second connection between the VPN server and the target device. The first connection uses first connection parameters and the second connection uses second connection parameters. At least one parameter of the first connection parameters or of the second connection parameters is different from a corresponding parameter of the initial connection parameters. First network packets received from the VPN user device according to the first connection parameters are converted into second network packets according to the second connection parameters. The second network packets are transmitted to the target device.

Abstract: Systems and methods for effectively managing security and privacy measures during a user's connectivity session with a VPN service are provided. The systems and methods use a computer program that introduces a double-NAT feature at the network layer and a temporary hash table containing the minimally necessary temporary data to link two NAT sessions together in a secure manner. The systems and methods avoid including the dynamic management of IP addresses or requiring each client to have an IP address assigned beforehand to avoid compromising the user's identity by hard linking the session traces with the client.

Abstract: A method including receiving, by a first device from a second device in a mesh network, an access request from the second device to access a network service available to the first device, the request being received via a meshnet connection between the first device and the second device; and transmitting, by the first device to the second device, access information associated with accessing the network service based at least in part on receiving the access request, the access information being transmitted via the meshnet connection. Various other aspects are contemplated.

Abstract: A method including determining, by a first device in communication with a second device in a mesh network, an instant message to be transmitted to the second device; and encrypting, by the first device, the instant message based at least in part on utilizing a symmetric key negotiated between the first device and the second device; and selectively transmitting, by the first device to the second device, the instant message over a meshnet connection between the first user device and the second user device in the mesh network. Various other aspects are contemplated.

Abstract: A method and apparatus for generating a dynamic security certificate. The method creates an entropic element from user input, receives metadata from user input and generates a dynamic security certificate using the entropic element and the metadata. The dynamic security certificate is then trusted through user input.

Abstract: Transmitting data over a VPN connection includes receiving, at a VPN concentrator, from a VPN user device, an initiation request of a first connection, initialized to have an initial MSS, from the VPN user device to a target. The first connection is terminated at the VPN concentrator. A second connection is established across a VPN tunnel between the VPN concentrator and the VPN user device. A third connection is established between the VPN concentrator and the target. A first MSS for the second connection and a second MSS for the third connection are set. One of the first MSS or the second MSS are set to prevent packet fragmentation due to VPN-related encapsulation. First data packets are transmitted between the VPN concentrator and the VPN user device using the first MSS. Second data packets are transmitted between the VPN concentrator and the target using the second MSS.

Abstract: A method for improving VPN service transmission quality is disclosed where end-to-end TCP connections, occurring over a VPN tunnel, are terminated at the VPN concentrator and converted into multi-part TCP connections with MSS parameter set independently for each part of the connectivity. To facilitate the termination and multi-part connection management a packet processing software may be implemented as part of the VPN concentrator functionality or as an independent component.