Get Umbra for your team

Send scale targets, jurisdictions, protocol requirements — routing and billing follow-ups within one cycle.

info@ecpsolutions.ca Telegram @ECP369

Anonymity · Uncensored · Security
Your privacy, Our priority. Enterprise VPN fabric with RAM-only edges, obfuscated transports, and abuse-resistant routing.

One destination for confidential tunneling — engineered for teams that treat weak VPNs as supply-chain risk, not a checkbox.

View plans Explore stack

Enterprise posture · protocol stack

Defence-grade tunnels operators can evidence

AEAD overlays on WireGuard, OpenVPN (UDP/TCP), and IKEv2 — forward secrecy, obfuscation bridges, and control-plane posture built for subpoena-friction regimes and DPI-heavy routes.

RAM-only edges · zero warm logs · PQ-ready cipher profiles · exportable attestations for technical & legal review teams.

  • AEAD payloads
  • Perfect forward secrecy
  • No payload visibility

Zero-knowledge dataplane

Negotiations are ephemeral peer-to-peer; control plane sees handshakes — never customer traffic content. Mirrors classification-friendly “encrypt-then-route” doctrines.

Session material stays in volatile memory wherever your policy mandates; disks hold configuration and attestations—not flow payloads—so subpoena timelines face cold storage gaps by design rather than narrative.

Identity and entitlement live in planes that cannot satisfy both “prove uptime” SOC asks and bulk surveillance—handshakes and route health sync without furnishing session content to operators or auditors.

  • Per-tunnel rekey windows aligned to your risk register (compromise signal, policy clock, or manual rotation).
  • Exports cover cipher suite, endpoint posture, and tunnel state—not URLs, DNS payloads, or application bytes.

Primitives ChaCha20-Poly1305 · AES‑GCM suites · PQ profiles on roadmap

Protocol bindings →
  • WG
  • OVPN · IKEv2
  • Bridge mode

Cipher & tunnel agility

Rotate transports without re-architecting your stack when carriers or DPI policies shift — opaque profiles where policy allows.

Handshake ML-KEM‑ready profiles · audited cipher sets

  • Split / full tunnel
  • SOC2-aligned exports

Defensible policy fabric

Split tunneling, per-application routing, and artifacts your compliance team can cite under technical and legal review — not slideware.

CSV / SIEM payloads · deterministic audit trails

  • p99 guarded
  • SLA carve-outs

Measured SLOs & headroom

Edges scaled for egress burst, BGP-aware reroute, and jitter budgets that survive red-team ingress — not ad-tech peak curves.

Target 99.x% egress availability · jitter budgets per Tier

  • Signals only
  • Payload-blind IR

Operational visibility sans surveillance

Edge health and incident breadcrumbs without flow payloads — SOC gets correlation, attackers don’t get content.

Metadata minimization mapped to DPI & zero-retention attestations

Tunnels · transports · catalog

Protocols & transports

Two catalogs on one page: disciplined organization VPN for sites and fleets, and a solo / personal catalog — ten Umbra hardened profiles spanning obfuscation, CDN fronts, QUIC, Telegram paths, Tor bridges, egress diversification, and last‑resort escapes.

Org · managed · audited

Fleet posture: point‑to‑site & site‑to‑site

Standard-issue tunnels for workstations, hub concentrators, and cross‑facility links — WireGuard‑first AEAD overlays, IKEv2 for mobility fleets, OpenVPN where middleboxes dictate TCP, and routed obfuscation bundles when DPI blocks naive UDP outright. Map P2S to roaming users terminating on an org edge, S2S as net‑to‑net gateways — same cipher discipline, tighter routing contracts.

Point‑to‑site (P2S)

Road warriors, desktops, SOC analysts — ephemeral keys, split or full‑tunnel policy, SSO‑aware enrollment where your IdP dictates.

Site‑to‑site (S2S)

DC ↔ DC mesh, BGP-aware reroute narratives, SLA language you place next to egress charts — not ephemeral clients, stable crypto bindings.

WireGuard

Default

Preferred data plane — ChaCha20‑Poly1305 AEAD on UDP, Noise‑IKEv2 lineage handshakes, minimal surface for DPI. Best where endpoints support modern WG stacks and jitter budgets favour UDP.

  • AEAD
  • PFS
  • UDP / QUIC‑adjacent jitter

OpenVPN · UDP/TCP

Legacy‑safe

Where carriers interleave TCP 443‑shaped egress, TLS inspection is inconsistent, or you must pin old appliances. AES‑GCM payloads with certificate + OpenSSL posture your compliance pack already speaks.

  • UDP perf
  • TCP fallback
  • Hybrid auth

IKEv2 / IPsec

Mobility

Handsets and roaming radios that historically expect MOBIKE-class behaviour — IKE for session carry, tunnels that survive LTE↔Wi‑Fi flips without app thrash (subject to handset stack).

  • Child SA
  • EAP‑TLS / cert pairs
  • MOBIKE posture

Obfuscation bridges

DPI

Routed when plain UDP WG is stamped or QoS‑starved — multiplex under TLS skins, jitter/padding profiles, staged alongside org policy so SOC sees effect, not payloads.

  • Padding
  • Jitter timers
  • Controlled TCP fallbacks

Solo · personal · obfuscated transports

Ten hardened profiles sourced from Umbra catalogue

MTProto telegram paths, QUIC & AmneziaWG, CDN/WebSocket façade, REALITY mimicry, Tor bridges/WebTunnel, egress diversification, iodine‑class contingencies — surfaced here as static cards (same payloads as rotating hero showcase).

Prefer the cinematic flip‑stack? Open hero protocol deck →

Trust · transparency · limits

Security, privacy — and honest boundaries

A serious VPN reshapes what local networks, ISPs, and many middleboxes can observe about your traffic. It does not rewrite the wider internet: phishing, compromised devices, abusive sites that log accounts, or browser fingerprints still sit outside any tunnel — Umbra is built around bounded guarantees you can cite, not absolute anonymity theatre.

Why use a VPN?

Most breaches of privacy aren’t melodrama — they’re default routing paths. Encrypting egress through an operator you chose is the wedge between accidental exposure and deliberate posture, especially on shared Wi‑Fi, hostile DNS, captive portals, or providers that monetize metadata.

Path & metadata privacy

On-path parties see encrypted envelopes — not HTTPS requests, destinations, or application strings. DPI that keys off cleartext headers loses signal where the tunnel starts, shifting trust to cryptography and Umbra posture instead of whoever owns the hotspot DHCP lease.

Identity friction at your edge

VPN isn’t camouflage apparel — it is strategic choke-point control: force traffic through egress you supervise, correlate with SSO or device posture, and articulate “what crosses the perimeter” statements procurement teams recognize.

What stays outside the tunnel

Outcomes any honest provider should list plainly:

  • Credential phishing or malware on-device — VPN won’t disinfect browsers.
  • Destination sites logging logins — they learn what they always learn inside TLS.
  • Browser fingerprints & ad-tech — tackled with different controls (profiles, hardened clients).
  • Voluntary deanonymisation (payments, SSO handoffs) remains your accountability.
What each tier typically sees when Umbra transports your session
ISP or café Wi‑Fi sees tunnel noise — not granular HTTP inside. Sites you contact still behave as HTTPS sites always have; Umbra concentrates trust in operator architecture and cryptography, not marketing absolutes.

How Umbra backs those promises

Operational controls we surface to IT, legal, and red teams — articulated as privacy outcomes as much as infra nouns.

Confidentiality in transit

Negotiations negotiate forward-secret keys; payloads ride AEAD suites (modern ChaCha20‑Poly1305 / AES‑GCM overlays on standard transports). Boundary routers never see customer cleartext — only cryptography they cannot satisfy without keys.

  • AEAD
  • PFS
  • Multi‑protocol

Privacy through non‑retention

Session material is volatile by design: RAM‑scrub edges, no warm traffic logs, exports that describe posture — not clickstreams. When metadata has nowhere durable to land, bulk surveillance or fishing expeditions face architecture, not reversible policy wording.

  • Volatile keys
  • Zero warm logs
  • Attestation exports

Integrity of operator identity

Control-plane credentials and key ceremony paths sit behind hardware‑backed trust anchors where we claim HSM‑backed identities — narrowing the theft surface versus soft tokens living only on disks.

  • HSM posture
  • Session rotation
  • Boundary keys

Operational visibility minus surveillance creep

SOC teams ingest edge health — tunnel up/down, jitter, cryptographic generation — enough to attest reliability without storing URLs, DNS payloads, or application chatter. We describe that split explicitly so compliance teams inherit honest scope language.

  • Signals only
  • Payload‑blind
  • SOC align

Continue exploring

Plans

Our pricing range

Illustrative tiers — finalize SKUs with sales.

Solo

3 devices · full protocol surface

$9/mo

Popular

Pro

6 devices · community & fast-lane ingress

$12/mo

Business

SAML · audits · Sev‑1 escalation

Custom

Proxies bundled or stand-alone? Jump to proxy list →

Connectivity

Proxy list

Managed HTTP, HTTPS (CONNECT), SOCKS4/SOCKS4a and SOCKS5 exit points beside our VPN fabric — pooled rotation or sticky sessions for automation pipelines.

HTTP / HTTPS

Forward‑proxy verbs on cleartext HTTP and TLS uplift through CONNECT — aligns with auditors who expect HTTPS inspection boundaries instead of opaque tunnels only.

CONNECT

SOCKS5

SOCKS5 negotiates downstream TCP cleanly (UDP associate where supported). One dial point from scrapers or internal jobs into compliant residential / DC pools.

TCP‑first

SOCKS4 · SOCKS4a

Slim IPv4 flows for loaders that refuse SOCKS5 stacks — SOCKS4a resolves remotely so local resolvers aren’t polluted with embargoed hostnames ahead of egress.

IPv4