Jump to content
Not connected, Your IP: 44.192.254.246

All Activity

This stream auto-updates     

  1. Past hour
  2. Today
  3. The server is not in Berlin. M247, AS9009 does not have peering in Berlin. I checked with a looking glass run by a very nice person and it has multiple servers from different networks in Frankfurt and one server in Berlin. Apart from outsiders that have 14ms ping from allegedly FRA to FRA, most pings are ~1ms and confirm what traceroutes here show. The only lg Berlin server to Air's Cujam has got 8ms ping. That lg Berlin server is hosted on a network that's has peering at BCIX and ECIX-BER. Even if the Cujam server were 'physically in Berlin' then it doesn't matter because what matters to users is latency, alias geographic location. Back to what M247 say themselves, all four German DCs are in Frankfurt: Ancotel (Equinix), Interxion FRA4, Telehouse Frankfurt, Global Switch Frankfurt https://m247.com/services/host/dedicated-servers/ https://m247.com/services/cloud-hosting/ https://m247.com/services/host/colocation/ The only location in Germany on this map is Frankfurt. I cannot thoroughly check Spain, but again AS9009 is at DE-CIX Madrid and doesn't appear to be present at DE-CIX Barcelona, two Madrid servers' pings are 0.3ms and 2ms to "Barcelona" Eridanus. Whatever the reasons, the current descriptions are not representing the reality. PS: Actually the entire prefix/subnet is reported as Berlin by M247. Hence the geolocation databases say it is "in Berlin", that's the definition of a "virtual location" right? Still I see how it could be useful in certain cases even though the server is not physically there. Until this is clearly indicated, it will be a shortcoming especially in terms of sincerity and transparency.
  4. Yesterday
  5. Does it mean I can actually get paid for this? The difference is user experience. If I'm the only one then it's just a me problem. If I'm not the only one who stumbled over this scratching the head then it definitely should be improved. blablabla... better ux = more users = more money PS: Weirdly i wasnt notified of your reply
  6. Bluetit tried to access a part of memory which doesn't belong to it (SEGV = segmentation fault). I think LXC's sandboxing is the cause. Maybe that Bluetit container is not permitted to execute iptables and nf_tables modules of the host, or execute iptables/nft? Is there something like a permission system in Proxmox?
  7. After some trouble I have managed to get bluetit working inside a proxmox lxc container. However enabling network lock results in the following issue: Sep 17 17:47:04 VPNGateway1 bluetit[998]: External network is reachable via gateway 192.168.1.254 through interface eth0 Sep 17 17:47:04 VPNGateway1 bluetit[998]: Successfully connected to D-Bus Sep 17 17:47:04 VPNGateway1 bluetit[998]: Reading run control directives from file /etc/airvpn/bluetit.rc Sep 17 17:47:04 VPNGateway1 bluetit[998]: IPv6 is available in this system Sep 17 17:47:04 VPNGateway1 bluetit[998]: WARNING: networklockpersist directive found in /etc/airvpn/bluetit.rc. networklock directive is ignored. Sep 17 17:47:04 VPNGateway1 bluetit[998]: Bluetit successfully initialized and ready Sep 17 17:47:04 VPNGateway1 systemd[1]: Started AirVPN Bluetit Daemon. Sep 17 17:47:04 VPNGateway1 bluetit[998]: Enabling persistent network filter and lock Sep 17 17:47:04 VPNGateway1 systemd[1]: bluetit.service: Main process exited, code=killed, status=11/SEGV Sep 17 17:47:04 VPNGateway1 systemd[1]: bluetit.service: Failed with result 'signal'. Any advice on how to troubleshoot this would be great. Thanks
  8. qBittorrent, Tixati. There's an advanced configuration option in uTorrent too but it is not automatic. For detailed help, PM me.
  9. Qbittorent Thanks I'll check it out, the old utorrent 2.2.1 is a bit dated now, especially if Qbittorrent has a security lock
  10. Are you soft-auditing AirVPN or what's with the 10+ threads about such trifles? And what's exactly the difference? No matter if you "update the key somehow" or replace it with a new one, you'd need to regenerate configs or reconnect, anyway. Besides, it's written that this feature is best used if you think your key pair is abused or something.
  11. I suggest you instead use a client that will lock itself onto a network interface (VPN in this case). Always used utorrent, do you have a torrent client in mind to try?
  12. IMPORTANT CORRECTION TO THE PREVIOUS MESSAGE. If you define a "quick" connection mode at boot, Bluetit will consider and respect white and black list directives included in bluetit.rc during the connection at bootstrap. Therefore, the proposed solution is optimal and does not require Goldcrest: just remember to change connection mode to quick (and do not set it to country), and define white lists according to the conditions written in our previous message (i.e. three empty intersection subsets, one subset per device). Kind regards
  13. I'm talking about this page: https://airvpn.org/devices/ I find the 'Renew' button misleading. I first thought it does update the key somehow, and does not stand for the revoke-generate new process. I did not notice the small explanation text at the bottom back then and wondered why my config files stopped working I suggest the button name to be changed to "Regenerate" as it implies a greater change than the word "renew"... to me at least. Then either highlight the bottom description on mouse hover over the buttons or bring it to the top. Current: Paraphrased example:
  14. This is vague until you tell what your factual ISP speed is, what you get with VPN connected and how far the servers are (geographically, and in network distance) and the extra latency the connection incurs. Note that AirVPN dismisses many countries as locations due to legal grounds (national laws) and some VPN providers have been caught providing "virtual locations": Server is physically in country A but is tracked in geo databases as country B. (not saying Proton/Express do this, but you must be aware of this possibility and check)
  15. I suggest you instead use a client that will lock itself onto a network interface (VPN in this case).
  16. The Eddie version currently on Play Store still has compression enabled by default. It's been a while since a vulnerability has been known (VORACLE if I'm right) I think it's best to disable and remove the option completely because practical gains from compression are negligible at best (most traffic is TLS or otherwise incompressible).
  17. I would love to get back on topic, it's interesting. But it doesn't need complete cooperation. Remember the example with WhatsApp: you can hide all you want, but all it takes is one of your contacts to end up in Facebook's database. The more contacts you have, the more probable it is. With networks this is harder, but generally you still only need ONE node surveilling. The more hops your traffic does, the more likely you will hit an "attacker". Even if your incoming / outgoing traffic flows differently (e.g. one way is tracked and another is not) this is still enough to know there was communication between you. Symmetric example: you <---> hop1 <---> hop2 <---> evil hop3 <---> hop4 <---> hop5 <---> host Wiretapping on any of the 5 hops and they got your full metadata. Asymmetric example: you ---> hop1 ---> hop2 ---> evil hop3 ---> hop4 ---> hop5 ---> host you <--- hop1 <--- hop2 <--- hopA <--- hopB <--- host It is known that NSA does extensive wiretapping in the US, European traffic in most cases flows through France/UK (also known to be wiretapped) then over the Atlantic, lately there was a story about wiretapping in Denmark by the same parties, before that directly at DE-CIX in Germany (a major internet exchange for European traffic too). Heck even West AND East Europe to Japan is often routed through the UK-US. One Russian hosting (Moscow, Saint-Petersburg) too! Get someone's good looking glass to see that one. Damn I now see the scale of operations here.
  18. The VPN itself is not a problem nor a particular IP (in most cases). Google incrementally marks whole subnets (it is their literal interview task) or has data center IPs on a blacklist to present them with a captcha. We can't know whether their reasoning is it to prevent automated search result scraping or to discourage use of anonymising services. Probably both. Source: Used a personal server as a VPN with a popular hosting provider. The IP never did anything bad. Google will "let you in" if you're not using private browsing and have their cookies all set/logged in etc.
  19. IPLeak only shows the DNS server IP of the AirVPN server I'm connected to. Mullvad's leak tester on the other hand shows my ISP's DNS server in addition to that. Some other testers detect the ISP too. The DNS Leak test should be more rigorous in how it does the test to not give a false sense of security. Software: default OpenVPN GUI on Windows, OpenVPN 2.5.1
  20. I don't think I need to explain much here. The embedded map is fetched from Google, so Google potentially tracks all users playing with their VPN connection turning it on and off. Further I don't know whether this embed is violating GDPR or not: does Google set custom (not technically required) cookies? Either way, Chromium browsers send a presumably identifiable header to Google domains by default. The alternative is either OpenStreetMap, no map at all or only load the map after a click (user confirmation). I have only once wanted to view the map out of numerous times visiting ipleak.net
  21. Last week
  22. @cannac Hello! You have related options in Goldcrest. If the white list must be global and respected by all users, superuser must define it in Bluetit run control file. If the white list can be decided each time by any user inside airvpn group, then superuser must not define it in Bluetit run control file. The related Goldcrest options, which can be specified on the command line only, and not in goldcrest.rc file, are: --air-white-server-list, -G : AirVPN white server list <list> --air-black-server-list, -M : AirVPN black server list <list> Please see also: https://airvpn.org/suite/readme/#controlling-goldcrest-client Kind regards
  23. So the airwhiteserverlist option in bluetit.rc found here, cannot be used at bootstrap and is only used by the goldcrest client? Should/Can this option be used in goldcrest.rc or is it only available in bluetit.rc?
  24. @cannac Hello! A solution which might meet your needs is partitioning the US Air VPN servers set into three empty intersection subsets, one per device, compiling airwhitserverlist directive with a unique subset in each device, and finally restarting the three connections via Goldcrest on the US country basis. and finally defining the connection mode in bluetit.rc as quick. If the connection mode is not defined as quick Bluetit ignores white and black lists but it does not warn you. A warning in the log and a clarification on the documentation will be implemented. By doing so you will never have two or more devices connecting to the same server. when the air-connect command for the same country is issued by different clients in different devices. If Bluetit connects during the machine bootstrap, remember to send disconnect first: enabled persistent network lock by directive networklockpersist ensures no traffic leak outside the VPN tunnel. In a future Bluetit version we might implement a new Bluetit run control file directive defining a white list for automatic connection at bootstrap so that you will not need to send a connection order via a client later on. Kind regards
  25. So, choose ProtonVPN. But before you do, you should give much more info on why you think it's better, and elaborate on that small but not so innocent mention of "almost as good as ExpressVPN", which in my eyes looks somewhat like covert advertising. What you really meant was "ProtonVPN is so good that it's almost as good as AirVPN"
  26. I'm a long time fan of AirVPN. With that in mind, we used the services of a competitor, ProtonVPN. My OS is Ubuntu, and the ProtonVPN application has caused several crashes. In terms of speed, ProtonVPN is the way to go. Their VPN is very good. Their VPN is so good that it's almost as good as ExspressVPN. But in terms of trustworthiness, I'm going back to AirVPN, and AirVPN's Eddie is wonderfully stable! Stability and security is what we all want. As a note, if you are using Windows 10, iOS or Android, ProtonVPN is the way to go. ProtonVPN's application on Linux is poor, to say the least. People who want privacy and security tend to use Linux, so in the long run, AirVPN should be a huge company.
  27. You downloaded the installer of Eddie 2.20.0, yes? You executed it and the installer guided you through the installation? And while doing that you explicitly ticked the option to create a shortcut, if any? Also, you don't open openvpn.exe, you open eddie.exe. But it shouldn't be necessary, the desktop shortcut should be created.
  28. Many thanks for this - really appreciate it. So far so good with the wintun driver - will continue testing and researching! Thanks again. Cheers, Jules
  1. Load more activity
×
×
  • Create New...