Jump to content
Not connected, Your IP: 54.198.139.112

Recommended Posts

I see a lot of congrats in here but have to say I found my experience with Airvpn average at best.

 

Dislikes:

- Almost non existent responses from admin to users in the blocked websites forum

- No explanations or feedback when issues arise

- Heavily moderated forums (lets see if this post makes it)

- Average speeds

 

Likes:

-

 

Ciao

 

Share this post


Link to post

I see a lot of congrats in here but have to say I found my experience with Airvpn average at best.

 

Dislikes:

- Almost non existent responses from admin to users in the blocked websites forum

- No explanations or feedback when issues arise

- Heavily moderated forums (lets see if this post makes it)

- Average speeds

 

Likes:

-

 

Ciao

 

What are they supposed to do about sites blocking their servers?  There's a difference between being blocked for geolocation rules and being put on a blocklist due to IP address range, or because some idiot got the server blocked because of abuse.  Unfortunately, I've even been blocked by pfsense forums because they use some database that had the server I used on a blocklist.

 

What issues?

 

Don't like the forums?  Create your own.  It's theirs to control.

 

They don't control the whole internet.  The fraction they do control is a tiny speck of the whole matter.  Their servers are blazing and I regularly get 400mbit/s speeds when the actual content server (e.g. Microsoft updates) can handle it.  On the other hand, I've tried other providers and not been pleased at all.

Share this post


Link to post

Actually the forums are moderated and "censored" in a very simple way.

 

1) Obvious spam, unrelated websites with short links

2) FUD, lies, or controversial content about either AirVPN

or other competitors. The focus here is about competition,

no unproven libel towards any competitive provider will be

tolerated unless a proof can be given. Otherwise we will turn

into "Reddit" and it's not the goal.

Note that for a regular discussion about competition - there

is a special dedicated sub-forum, and everything is OK

expect the first part of this sentence.

That is more liberal than any forum of a VPN provider, I

want to be proven wrong on this, if its not the case.

3) There is no part 3.

 

Regards


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

OP,

 

I've had 4 different VPN's over the last few years, and none were great with customer service / support.  I signed up for another year with Air for the privacy.  I knew the speeds weren't the best; but for the price, they're decent enough. 

Share this post


Link to post

Or you chose a vpn for torrenting or bypass geographic restrictions and you can chose any vpn which allows that. You chose a vpn as you chose a shampoo

Or you chose a vpn because u're interested by internet freedom (or simply freedom) and because this choice has a sense

And the most important criterias are ethics, ethics, ethics, ethics !

Those vpn rare and precious, AirVpn is one of them.

Forum is a great util here to fix problems and moderation is at least as soft that you can find elsewhere ... I really don't see where is the problem

Share this post


Link to post

I am not too happy, for a couple of reasons.

 

1.  IPV6 Leaks unless I disable IPV6 which is not an option on any Amazon device.

2.  DNSSEC Validation fails as well, meaning well, you know what it means

 

Glad I only signed up for 1 Euro as a trial.  I will wait another year and try back in 2019.

Share this post


Link to post

I am not too happy, for a couple of reasons.

 

1.  IPV6 Leaks unless I disable IPV6 which is not an option on any Amazon device.

2.  DNSSEC Validation fails as well, meaning well, you know what it means

 

Glad I only signed up for 1 Euro as a trial.  I will wait another year and try back in 2019.

 

 

I take it you're running an openvpn client on an amazon device.  If so, that openvpn software has nothing to do with AirVPN.  If there's a leak, it's that software's fault.

Share this post


Link to post

I am not too happy, for a couple of reasons.

 

1.  IPV6 Leaks unless I disable IPV6 which is not an option on any Amazon device.

 

Hello!

 

IPv6 full support is imminent, This will solve any issue for persons who have IPv6-only lines, regardless of the device they use.

 

Please note that a proper IPv6 support based on OpenVPN is currently not available in any VPN service in the world, except maybe one. All the services are based on IPv4.

 

Our development team was even forced to rewrite OpenVPN to fix bugs which prevented a real IPv6 support. IPv6 support was planned for the end of 2017 but has been postponed due to new discovered bugs. In spite of all these problems, we're optimistic about releasing the first IPv6 supporting server in a matter of days.

 

 

2.  DNSSEC Validation fails as well, meaning well, you know what it means

 

This is FALSE, contrarily to the names of almost every and each of our competitors, airvpn.org passes all and every DNSSEC analysis, See by yourself:

https://dnssec-debugger.verisignlabs.com/airvpn.org

 

airvpn.info does not, but it's a fall back name (anyway in the future airvpn.info will be signed with DNSSEC too). We are confident that this is irrelevant for the VPN service in itself.

 

Kind regards

Share this post


Link to post

 

I am not too happy, for a couple of reasons.

 

1.  IPV6 Leaks unless I disable IPV6 which is not an option on any Amazon device.

 

Hello!

 

IPv6 full support is imminent, This will solve any issue for persons who have IPv6-only lines, regardless of the device they use.

 

Please note that a proper IPv6 support based on OpenVPN is currently not available in any VPN service in the world, except maybe one. All the services are based on IPv4.

 

Our development team was even forced to rewrite OpenVPN to fix bugs which prevented a real IPv6 support. IPv6 support was planned for the end of 2017 but has been postponed due to new discovered bugs. In spite of all these problems, we're optimistic about releasing the first IPv6 supporting server in a matter of days.

 

 

>2.  DNSSEC Validation fails as well, meaning well, you know what it means

 

This is FALSE, contrarily to the names of almost every and each of our competitors, airvpn.org passes all and every DNSSEC analysis, See by yourself:

https://dnssec-debugger.verisignlabs.com/airvpn.org

 

airvpn.info does not, but it's a fall back name (anyway in the future airvpn.info will be signed with DNSSEC too). We are confident that this is irrelevant for the VPN service in itself.

 

Kind regards

 

 

 

I think what the OP was saying is that AirVPN DNS resolvers don't support validation of domains per DNSSEC. 

 

http://en.conn.internet.nl/connection/

and

https://dnssec.vs.uni-due.de/

 

test for this

Share this post


Link to post

I think what the OP was saying is that AirVPN DNS resolvers don't support validation of domains per DNSSEC. 

 

http://en.conn.internet.nl/connection/

and

https://dnssec.vs.uni-due.de/

 

test for this

 

Hello!

 

Understood. You need to consider the slow adoption of DNSSEC. A remarkable amount of registrars do not offer DNSSEC option, and those who do, do not offer any support for creating and signing DNSSEC keys. See https://www.statdns.com/

 

This is an executive summary (with the omission of inessential details for the readers) of a brief report elaborated last time we had to assign a priority to DNSSEC support. It was an overview not entering the technical, operational challenges in details. Such challenges were postponed to when the general benefit-cost ratio were deemed as acceptable when compared to all the other priorities (keep in mind that not only we do not outsource customers support, but obviously we never outsource any management or configuration of our machines).

 

Pros:

  • obvious: increased reliability of names resolution with the authoritative DNS supporting DNSSEC preventing tampering of resolutions between our DNS server and the authoritative DNS of those names [which are signed] (...) unfortunately a low percentage, as you can see in the charts (...)
  • the increased traffic flow of queries and replies will be 2-4% (...) negligible.

Challenges:

  • frequent outages of DNSSEC worldwide (see report) will impact user experience. (...) What to do: Google DNS fails with SERVFAIL but:"However, if the impact is significant (e.g. a very popular domain is failing validation), we may temporarily disable validation on the zone until the problem is fixed." (sic, official from Google). How can our resolvers decide properly which domain is "very popular"? How should we disable DNSSEC for an entire zone without making DNSSEC a cause for a false sense of security? (...) Manual intervention will be overwhelming (....) not viable Carefully configured negative trust-anchors, provided they are sufficiently reliable to rule out malicious activity, should be mandatory as long as the outages remain frequent.
  •  
  • enlargement of surface attack (see enclosed Akamai security bulletin), specifically (...) DNS amplification DDoS (...) requires configuration attention and even higher than current analysis of DNS resolvers vulnerabilities "Careful with that axe, Eugene!"
  •  
  • re-consider micro-routing in order to preserve it

Cons:

  • misconfiguration of a significant percentage of DNSSEC (...) can lead often to names resolution failures, impacting user experience: what to do when DNSSEC is active, but not RFC compliant, causing issues to the resolver? A solution should be found for (...) a significant percentage of customers will not be able to understand or discern the fact the we should not be deemed "guilty" for third-party misconfigurations when [users] can't resolve names that they could normally resolve before. A reaction to seriously consider is that DNSSEC could be seen as a degradation of our service quality (...) We should not rely on the hope that suddenly [so many] misconfigured [systems] will be all efficiently fixed.

Dubious:

  • re-consider anti-ICANN/ICE censorship circumvention with illegally seized domain names etc. in order to not affect the system
  • consider the report from RIPE (...) higher CPU load for names resolutions. While the percentage of DNSSEC-compliant names is little an impact assessment is probably necessary anyway given the fact that we are already pushing CPUs to provide 1 Gbit/s AES-256 throughput etc. to multiple ovpn clients. (...) Impact on throughput, which is essential to most of our users and a founding basis of a comfortable experience, should maintain the current, high priority.. RIPE provides some data (...) about 5% higher CPU load for resolutions. If confirmed, impact on our servers is acceptable if not negligible.

More data on outages:

https://ianix.com/pub/dnssec-outages.html

 

Fringe view (not in the original report):

https://sockpuppet.org/blog/2015/01/15/against-dnssec/

https://sockpuppet.org/stuff/dnssec-qa.html

 

 

and so on. At that time, the DNSSEC issue was given a priority lower than IPv6 deployment, improvement of Eddie, patch of OpenVPN bugs, and many more features you have seen implemented during 2017, because the benefit-cost ratio appeared not as good as other matters which were objectively more urgent.

 

Please note that the report has been elaborated a year ago so we will re-discuss the matter, of course, because some of the problems might have been mitigated after a year (maybe misconfigurations have been fixed, maybe outages have become rare) AND because after IPv6 deployment we will switch to (in our opinion) better DNS resolver. We will probably re-schedule the whole matter after IPv6 and DNS resolver deployment.

 

As a side note, we have received a private question from one of our users which shows a potential confusion, so we underline that all the DNSSEC issue has nothing to do with the reliability with the DNS queries and replies to and from our DNS servers. Each VPN server runs its DNS server and all the queries and replies to/from your node are encrypted (tunneled in the VPN) so nobody in the middle (not even your ISP), i.e. between your node and our server, can tamper them.

 

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...