AirVPN - Windows 10, Disabled Network Without AirVPN

[chrisn1914 0]

I setup your service to autostart when I start windows.  This was a mistake.

 

First of all, I expected your service to preclude all network connections until it connected.  Be careful what you wish for.

 

BAD

It takes almost two minutes to actually run - during which time, the user is unsure of whether AirVPN forgot to run.  Starting a second instance of the application is also a mistake because then two instances will attempt to connect at the same time.

 

BAD

With network lock enabled, the user has no internet during the waiting period because the network lock from the previous session is never turned off.  Without network lock, the internet is open and the user is exposed.  While they may think they are protected, they are actually not.  When AirVPN actually starts all network connections are re-routed through AirVPN's servers meaning they all have to be reset.

It gets worse.

 

VERY BAD

On windows 10, with Start Automatically With Windows checked, after about 4 restarts, AirVPN created a situation whereby my network connection didn't work at all unless AirVPN was connected.  I got a warning icon on my network connection and regardless of what I did to AirVPN or to my firewall, I was unable to connect to the internet unless I connected to an AirVPN server.  I even completely uninstalled AirVPN and rebooted - still no network connection.

I was able to restore my machine to a prior savepoint, which took almost an hour.  Since this was before my network connection corruption, I was again able to choose whether I wanted my connection encrypted or not.

 

I got lucky because I happened to have a save point.  Other users that didn't?  Too bad, they are SOL.  Either connect through AirVPN or they have no internet at all.

 

Like I said - be careful what you wish for.  

 

AirVPN's management of network lock is immature, and poorly coded.  Since it has no actual firewall built in, it is relying on third-party changes to Windows Firewall in order to function.  The only problem is, if AirVPN doesn't execute these changes perfectly, windows can be left in a state where no firewall or application changes will restore network connectivity.

 

This works out well for AirVPN, since that person's only method of accessing the internet is through your service.  But for the user, especially the average non-technical user - its the end of the internet and binds that user to AirVPN until they reinstall windows.

 

My suggestion?  Take the time to rewrite your code base such that it operates on the same level as virus checkers - not as a cheap app launched from the Startup menu.  Write your own firewall instead of relying on Windows to do it for you.  And don't EVER leave a user's machine in a state where normal, non-encrypted internet is not possible.  

 

[Staff 9762]

I setup your service to autostart when I start windows.  This was a mistake.

 

First of all, I expected your service to preclude all network connections until it connected.

 

Hello,

 

where did you get this idea? It is designed specifically NOT to do it, for important reasons (think about headless servers remotely administered).  Leaving your system isolated from the Internet while the Air client is not running is your sole responsibility and can be achieved very easily in a few seconds (see how Netwok Lock works to understand how). It would be an enormous design flaw to allow the Air client to do that.

 

 Be careful what you wish for.

 

BAD

It takes almost two minutes to actually run - during which time, the user is unsure of whether AirVPN forgot to run.  Starting a second instance of the application is also a mistake because then two instances will attempt to connect at the same time.

 

 

The client RAM footprint is minimal and can be loaded in a fraction of seconds. If the client needs two minutes to run, it is certainly some problem in your system. If you mean that it's OpenVPN that needs two minutes to connect, then it's again a problem in your system. Note that the Air client is an OpenVPN wrapper.

 

 

VERY BAD

On windows 10, with Start Automatically With Windows checked, after about 4 restarts, AirVPN created a situation whereby my network connection didn't work at all unless AirVPN was connected.  I got a warning icon on my network connection and regardless of what I did to AirVPN or to my firewall, I was unable to connect to the internet unless I connected to an AirVPN server.  I even completely uninstalled AirVPN and rebooted - still no network connection.

 

I was able to restore my machine to a prior savepoint, which took almost an hour.  Since this was before my network connection corruption, I was again able to choose whether I wanted my connection encrypted or not.

 

 

That's not "corruption" of your network and restoring to a prior savepoint is not necessary. It's an obvious consequence of killing the client without grace, because in such a case you prevent the client to restore your previous firewall and DNS settings.

 

 

I got lucky because I happened to have a save point.  Other users that didn't?  Too bad, they are SOL.  Either connect through AirVPN or they have no internet at all.

 

That's a blatant absurdity, see above.

 

 

AirVPN's management of network lock is immature, and poorly coded.  Since it has no actual firewall built in, it is relying on third-party changes to Windows Firewall in order to function.  The only problem is, if AirVPN doesn't execute these changes perfectly, windows can be left in a state where no firewall or application changes will restore network connectivity.

 

 

Implementing Network Lock through plug-ins which use firewalls is intentional. The good part of it is that it is modular and allows any third-party to support their firewall (Eddie, including the Network Lock plug-ins, is free and open source). The excellent part of it is that it defers packet filtering to already established, peer-reviewed tools developed in decades, instead of starting from scratch with subsequent security problems.

 

For these reasons, writing an own firewall would be a terrible mistake and your recommendations are not only not acceptable, but even a list of "awful things to avoid at all costs in software design". You seem to follow the perverted vision of monolithic applications which try to do anything by themselves, which is a vision that, when implemented (it had some crazy followers some years ago, actually, and someone is still convinced of the goodness in it), has brought to catastrophic consequences.

 

Or perhaps your post has been influenced by major problems in your system, so feel free to open a ticket to try to investigate on them.

 

Kind regards

[me.moo@posteo.me 80]

I setup your service to autostart when I start windows.  This was a mistake.

 

First of all, I expected your service to preclude all network connections until it connected.  Be careful what you wish for.

 

Think about stuff a little deeper. What you expect is irrelevant, try to understand how things work and why and if you have questions then just ask instead of having the attitude.

 

In this particular example above you could copy the rules from within Windows Firewall when the network lock is applied and make those rules your default ones. That way your network will be locked to airvpns tunnel at all times. You could always simply turn off the firewall and turn on another firewall of your choice to work outside of Air.