1
Occasionally I receive a support request from a user where Wallpunch is working great on their phone, but their Windows PC cannot connect at all. Standard troubleshooting steps yield no clues:
- The Windows app is able to complete the pre-connection authentication step with our servers
- The Windows app doesn't work on different Wi-Fi networks, or when connected to the phone hotspot
- The phone app works fine when connected to the same network as the Windows PC
- The network configuration shown by the "ipconfig" and "route" commands looks normal
- Wallpunch debug logging shows that the PC's traffic is being captured by the VPN tunnel correctly
Everything appears to be functioning completely as expected - except the critical VPN tunnel connections to our servers fail to connect (client records a TCP connection timeout, servers never see any handshake packets).
The first couple times, after exhausting all the debugging options I could think of, I had no choice but to apologize to the user, refund their subscription, and move on. But eventually I noticed a pattern: all of the affected computers had an Intel Killer wi-fi adapter!
Some searching revealed this has been a known problem for a while, with several threads discussing the issue on Reddit as well as the Intel and Microsoft support forums.
- https://www.reddit.com/r/meraki/comments/8638kv/client_vpn_with_killer_network_service/
- https://community.intel.com/t5/Wireless/Smart-AP-disabled-due-to-VPN-Killer-Intelligence-Center/td-p/1513415/page/4
- https://learn.microsoft.com/en-us/answers/questions/4173090/killer-intelligence-centre-causing-a-problem
Nord even has a page on it in their troubleshooting docs: https://support.nordvpn.com/hc/en-us/articles/20226287150609-Intel-Killer-Wi-Fi-adapter-not-working-with-NordVPN
Basically the Killer adapters come with a bunch of software add-ons that are intended to speed up your internet connection but can end up causing problems with VPNs. So far disabling these add-ons has solved the issue for all of my affected users. For detailed steps on how to do so you can check out the threads linked above or this summary page I made: https://wallpunch.net/windows-killer-troubleshooting/
I'm happy to have fixed things for my users but I'd love to get to the bottom of this and figure out how exactly the Killer is blocking VPN connections and if there is a way to get around that blocking without requiring manual user actions. If you know of any good sources of additional information, or if you have an Intel Killer card and would be interested in helping me with further testing, please let me know!
I thought adding a cryptocurrency payment option could give more people access, but I don't have any real experience in the area and the information I've found searching online seems extremely unreliable.
So I'm hoping I can get some better answers from Hacker News. Here are my questions:
1. Is crypto a good choice for this use case? Are there other options that would achieve my goal (allow people who can't use Western payment methods to pay)?
2. Could I start with one or just a few specific cryptocurrencies? Or do I need to support a whole bunch of different coins?
3. Any recommendations for self-hosted tools or third-party processors for actually accepting the payments?
1. The app UI is very simple. Buttons, lists, input boxes. That's about it. Frontend performance is not particularly important.
2. As a VPN app, a large chunk of custom native code is required for each platform to link up with the native VPN-related APIs, so this must be easily integrated with the UI framework.
3. I would like to limit the amount of added dependencies and links in my build chain as much as possible.
4. Once rewritten, I hope it will be easy to find freelancers to implement minor UI changes in the future.
Any suggestions?
For iOS/macOS, once I've got the client working well on my own test devices, it generally works fine for other users. Unfortunately this isn't the case for Android or Windows. Even though the client works flawlessly on the devices I have available to test locally, many real-world users see poor performance or can't get it working at all.
While I always try to work with users to identify and fix the issues, most of them (understandably) prefer to just get a refund and switch to another VPN. So if I could do in-depth testing on a broader range of devices it would boost retention considerably.
Ideas I've considered so far for expanding my testing pool:
- Hire testers on a site like Fiverr
- Offer free accounts for testers
- Use a "real device cloud" testing service
- Hire a more experienced VPN developer with expertise on those platforms
- Open source the client code to get more developer eyes on it
One exception is May's repeated claims that around 1994 someone from the NSA threatened Jim Bidzos for refusing to cooperate with them on RSA. In Section 10.21.17 he gives the source of the claim as an article published in the San Jose Mercury News titled "The Keys to the Kingdom". I was able to find the article in the Mercury News archives (June 27, 1994), which does include the claim as made by Bidzos but without any corroborating evidence:
> He must have said something wrong. One of the agents threatened to run him over in the parking lot, Bidzos said.
> "He looked at me and very coldly said he would do me in," Bidzos said. "He clearly threatened me."
> To Bidzos, the incident -- which could not be confirmed independently -- was another indication that tensions are increasing as his eight-year struggle with the government moves into its final stages.
> The NSA was not able to respond to requests for interviews or to written questions in time for this article.
Section 11.17.2 contains a Usenet post, supposedly by Jim himself, confirming the details:
> "Everything reported in the Merc News is true. I am certain that he was not speaking for the agency, but when it happened he was quite serious, at least appeared to be. There was a long silence after he made the threat, with a staring contest. He was quite intense.
> "I respect and trust the other two who were in the room (they were shocked and literally speechless, staring into their laps) and plan to ask NSA for a written apology and confirmation that he was not speaking for the agency. We'll see if I get it. If the incident made it into their trip reports, I have a chance of getting a letter."
> [jim@RSA.COM (Jim Bidzos), personal communication, posted with permission to talk.politics.crypto, 1994-06-28]
However I can't actually find that post anywhere else except the Cyphernomicon. I also can't find any other news articles, statements by the NSA, or even further mentions in later interviews by Bidzos. So my two theories now are:
1. The story was exaggerated or made up by Bidzos (possibly to generate media attention for his company), and he only mentioned it once or twice.
2. The story is true, but Bidzos came to an agreement with the NSA not to talk about it any more.
Does anybody have more information or better theories?