Quintilius 0 Posted ... HI all First many thanks for this program. Easy to set up and with the help on the forum, (and disabling IPvP6), all my leaks and tracing are fixed. However, since fixing my DNS leaks and disabling IPvP6, when I try to connect to airvpn.org chrome and firefox both tell the connection is unsecure and I can't proceed. To be precise chrome tells me it is because the site uses HSTS. I am connecting now through my laptop which I'm not bothered about vpn and it works fine. I presume this is something to do with my DNS fix (static IP address) and disabling IPvP6. I found on windows 10, disabling IPvP6 was the only thing to fully hide my DNS leaks. Any other workarounds to fix this (I am a complete n00b, be warned). Thanks Quote Share this post Link to post
Staff 9973 Posted ... Hello! HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect secure HTTPS websites against downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections,[1] and never via the insecure HTTP protocol. https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security Quote First many thanks for this program. Easy to set up and with the help on the forum, (and disabling IPvP6), all my leaks and tracing are fixed. However, since fixing my DNS leaks and disabling IPvP6, when I try to connect to airvpn.org chrome and firefox both tell the connection is unsecure and I can't proceed. To be precise chrome tells me it is because the site uses HSTS. The implications of your report are deep. It means that your browsers correctly connected to airvpn.org in the past, but now are connecting to some web site that is not forcing HTTPS. Please check airvpn.org resolution in the system with this problem. Kind regards Quote Share this post Link to post
tlc 1 Posted ... I know this is old, but recently I've been having this problem. Firefox and chrome do not allow me to access to https://airvpn.org (the website) when I'm not using the VPN. Period. They cite HSTS and there is no way to add an exception. tlc Quote Share this post Link to post
Staff 9973 Posted ... @tlc See our previous reply. Your traffic to airvpn.org is hijacked and either your ISP, your DNS or some malware in your system try to send you to some fake/bogus airvpn.org web site. Since the problem disappears when you are in the VPN, we would rule out that a malware is the "culprit", because it would hijack your traffic even inside the VPN. The browsers are doing their job and good for you that we implemented HSTS. If you wish so, can you contact us in private and tell us your ISP and DNS? Kind regards Quote Share this post Link to post
tlc 1 Posted ... It appears you're on an OpenDNS list. Quote $ nslookup airvpn.org Server: 208.67.222.123 Address: 208.67.222.123#53 Non-authoritative answer: Name: airvpn.org Address: 146.112.61.106 $ nslookup 146.112.61.106 Server: 208.67.222.123 Address: 208.67.222.123#53 Non-authoritative answer: 106.61.112.146.in-addr.arpa name = hit-adult.opendns.com. Authoritative answers can be found from: So you're not getting any new customers from anyone using OpenDNS. You might want to try to get off that list! Thanks, -tlc 1 OpenSourcerer reacted to this Quote Share this post Link to post
Staff 9973 Posted ... @tlc Hello! Look: $ dig @208.67.222.222 airvpn.org +short 5.196.64.52 $ dig @208.67.222.220 airvpn.org +short 5.196.64.52 which is correct. However 208.67.222.123 considers airvpn.org an adult only web site or a porn site. Just another proof of how idiotic censorship is, how web site filtering is exploited by hidden political agenda eventually, and how stupid the persons who gladly look for censorship and delegate their choices to a third party are. Kind regards 2 nexsteppe and Flx reacted to this Quote Share this post Link to post
Flx 76 Posted ... On 1/15/2020 at 6:46 AM, Staff said: Your traffic to airvpn.org is hijacked and either your ISP, your DNS Isn't this what OpenDNS is known for? "hijacking DNS" and others such as "injecting packets".@tlc Is it really that difficult to change your DNS servers? Quote Hide Flx's signature Hide all signatures Guide - EMBY Block ALL interfaces except tap/vpn Windows OS - Configuring your operating system Windows OS - Multi Session/Tunnel Share this post Link to post
tlc 1 Posted ... On 1/16/2020 at 9:01 PM, Flx said: Isn't this what OpenDNS is known for? "hijacking DNS" and others such as "injecting packets".@tlc Is it really that difficult to change your DNS servers? Not at all. I'm fine now that I know what's going on. But I'm using that DNS service for a purpose, free porn blocking.https://www.opendns.com/home-internet-security/ I just thought the staff here might like to know that they're potentially missing out on business. Because airvpn.org shows up in OpenDNS's "adult" list, people using OpenDNS will never get to the airvpn.org website when they're looking for a VPN provider. I thought that, rather than ranting about the evils of censorship (censorship I chose for my home network), they might try to get off that list for business reasons. Quote Share this post Link to post
Flx 76 Posted ... 4 hours ago, tlc said: But I'm using that DNS service for a purpose, free porn blocking. On that I agree with you. Some say it doesn't work from their perspective. Q:Is it working for you a.k.a does it block porn websites? Just check. Quote Hide Flx's signature Hide all signatures Guide - EMBY Block ALL interfaces except tap/vpn Windows OS - Configuring your operating system Windows OS - Multi Session/Tunnel Share this post Link to post
OpenSourcerer 1435 Posted ... 16 hours ago, tlc said: But I'm using that DNS service for a purpose, free porn blocking. You might be interested in Pi-Hole, then. Same purpose, same tech, but you've got the control over what is being blocked, and then some. Some blocklists you can use: StevenBlack, Energized. They're all "tiered", as in, you can choose how restrictive it is. Energized Unified for example is a very big overkill with their 1.2 million domains, but it blocks every big and little domain with a tracker in it, even if it's on mobile only. StevenBlack's list is more compatible, but only contains ~72000 domains, which are the most important data aggregators and sites of the four categories gambling, porn, social and fake news. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post