Staff 9973 Posted ... If you need to transfer information for which protection of your identity is highly critical, please read all the thread carefully. Kind regards Quote Share this post Link to post
Staff 9973 Posted ... dr wrote:how can i use air vpnHello!Please follow the instructions here: https://airvpn.org/index.php?option=com_content&view=article&id=68&Itemid=57If you need help to use AirVPN over TOR, please do not hesitate to contact us again.Kind regardsAirVPN admins 1 jetpackOO reacted to this Quote Share this post Link to post
anonmc 0 Posted ... Would this work on debian using torify command? i.e. say i wanted to torify an ssh connection, what would be the signal path? my pc -> vpn ->tor entry node -> tor exit node -> ssh server? Or is that wrong? Thanks Pete Quote Share this post Link to post
Staff 9973 Posted ... anonmc wrote:Would this work on debian using torify command? i.e. say i wanted to torify an ssh connection, what would be the signal path?my pc -> vpn ->tor entry node -> tor exit node -> ssh server?Or is that wrong?Thanks PeteHello!You have described TOR over VPN. We recommend VPN over TOR, so that we can't see your real IP address and the TOR nodes see encrypted OpenVPN traffic.The correct path of your config is:PC (OpenVPN with proxy) -> TOR entry -> TOR exit -> VPN server -> SSH serverThere should be no need to torify anything. Every application should transparently use VPN over TOR (thanks to OpenVPN proxy features). Furthermore, UDP traffic now can go through TOR (it's TCP over UDP, done by OpenVPN)!In this way:- SSH server sees VPN server exit-IP address- VPN server sees TOR exit node IP address- VPN server sees SSH encrypted traffic- TOR servers see OpenVPN+SSH encrypted trafficThe packets which finally go out have the SSH server IP address on their header. So please note that if the SSH server is owned by you and you have given your real identity to rent or house it, you might destroy completely the anonymity layer.Kind regardsAirVPN Quote Share this post Link to post
heyyou 0 Posted ... I see this point being made that VPN should be running over Tor but if it is the case that no logs are kept by the VPN, then why is it necessary? Assuming that logs of IP addresses are not kept, why should running Tor be necessary so that the VPN server only sees the Tor exit node? Does it actually matter that the VPN sees my IP in this instance? Quote Share this post Link to post
Staff 9973 Posted ... heyyou wrote:I see this point being made that VPN should be running over Tor but if it is the case that no logs are kept by the VPN, then why is it necessary? Assuming that logs of IP addresses are not kept, why should running Tor be necessary so that the VPN server only sees the Tor exit node? Does it actually matter that the VPN sees my IP in this instance?Hello!We recommend that solution when someone has to transfer critical information and does not want to put his/her trust on us. It is a layer of anonyimity "by design" where trust on us is not necessary.You might be interested in reading this:https://airvpn.org/index.php?option=com_kunena&Itemid=55&func=view&catid=3&id=892Kind regardsAirVPN admins Quote Share this post Link to post
nemonobody 0 Posted ... Could you please explain the technical side of your VPN over Tor solution? I mean, 127.0.0.1:9050 is usually used by the Tor client (Vidalia). So, how can both the OpenVPN client and Vidalia share the same socket? Also, would that method work in case the whole system traffic is to be torified, e.g. if you're using Liberte Linux which does so? Quote Share this post Link to post
Staff 9973 Posted ... Could you please explain the technical side of your VPN over Tor solution?I mean, 127.0.0.1:9050 is usually used by the Tor client (Vidalia). So, how can both the OpenVPN client and Vidalia share the same socket?Also, would that method work in case the whole system traffic is to be torified, e.g. if you're using Liberte Linux which does so?Hello!Connections over http or over SOCKS proxy are a smart feature of OpenVPN. http://openvpn.net/index.php/open-source/documentation/howto.html#httpThe method we suggest in our example can be used successfully in Linux Liberte as well.https://airvpn.org/torPlease do not hesitate to contact us for any further information.Kind regards Quote Share this post Link to post
Anontor 5 Posted ... We recommend that solution when someone has to transfer critical information and does not want to put his/her trust on us. It is a layer of anonyimity "by design" where trust on us is not necessary. Doesn't AIR VPN need to see what user logs in to know if it should be allowed to connect or not, so if the site ur connecting to see the AIR VPN IP adress they know what server connected and when and could match that to airvpn as you can log the user logins, so the trust is back on the your service to uphold the control over the information. Quote Share this post Link to post
Staff 9973 Posted ... Quote Quote We recommend that solution when someone has to transfer critical information and does not want to put his/her trust on us. It is a layer of anonyimity "by design" where trust on us is not necessary. Doesn't AIR VPN need to see what user logs in to know if it should be allowed to connect or not, so if the site ur connecting to see the AIR VPN IP adress they know what server connected and when and could match that to airvpn as you can log the user logins, so the trust is back on the your service to uphold the control over the information. Hello! The VPN server needs to check whether an account is on premium status in order to allow the connection but does not keep any information about any account, it queries for authorization a backend server. We recommend NOT to put information in your account data that can be exploited to disclose your identity. As long as we don't know who you are, we can't tell anybody who you are. With Air over TOR, you can also prevent our servers to know your real IP address, even while you are connected. The AirVPN system, if used correctly, is designed to defeat an adversary that has up to the following abilities: the ability to fully monitor the customer's line AND (the relevant portion of the Tor network OR all of the Air VPN servers) the ability to fully monitor any financial transaction of the customer An adversary with such abilities can be defeated in the following way: the customer subscribes to AirVPN with a Bitcoin transaction or a transaction performed through some cryptocurrency designed to keep an anonymity layer on the transaction (check Monero, we accept it without intermediaries) the transaction is performed by tunneling the cryptocurrency transaction and any other operation of that wallet over Tor the transaction is performed with a wallet exactly fit for that transaction the wallet is destroyed immediately after the transaction success (safe deletion of the wallet) the customer always performs "partition of trust" (with the proper account) between parties from now on the customer does NOT insert personally identifiable information in his/her payload, unless he/she wants explicitly to be known by the final recipient: remember that a VPN or Tor or any other system are impotent if you insert personally identifiable information in your content Partition of trust is essential, so that a betrayal of trust by one party does not compromise the anonymity layer. An example of partition of trust is AirVPN over Tor: the Tor nodes see only encrypted (by OpenVPN) traffic and AirVPN servers do not see the real IP address of the user (they see the TOR exit node IP address). On top of that, entry-IP and exit-IP addresses of AirVPN servers are different (to emulate a 2-hop VPN in addition to the multi-hop provided by Tor) in order to prevent correlation attacks. The VPN admins therefore do not know the identity of the customer while the TOR nodes admins do not know the content, the real origin and the real destinations of the packets from/to the Air customer. The drawback of the above setup is that Tor will use always the same circuit, so when this is a concern, you should consider Tor over AirVPN: just run Tor after the system has connected to the VPN and use only Tor-configured applications to transfer sensitive data. In this way, our VPN servers will see your real IP address, but will not know the real, final origin and destinations of such data. Additionally, your packets are still encrypted by Tor when passing through the VPN. The VPN will act as a jumping point to reach Tor, will hide Tor usage from the eyes of an adversary wiretapping the customer's line (extremely useful when someone can be targeted for the mere fact of using Tor), and will at least provide a first protection for UDP flows (if any) and system flows that might be originated by the system and that can't be handled by Tor. Furthemore, the customer should add an encryption layer to protect her packets payload once they get out of our servers or while they transit through the Tor circuits (trivial examples, use GnuPG for e-mails, HTTPS if you reach web sites, SFTP or FTPES for FTP transfers, and so on) in case the payload could be exploited (for example by a second adversary, even unrelated to the first, that monitors the line of the final recipient) to disclose the customer's identity.Always use end-to-end encryption. Always. An adversary with superior abilities may not be defeated by the above setup. Typical examples: an adversary with the ability to monitor the customer's line AND the relevant portion of the Tor network AND all the AirVPN servers an adversary with the ability to fully control the hardware or software of the customer, without the customer's knowledge AND while the customer uses this hardware or software (it's only up to customer to take care against this threat, we can't do anything about it) a global adversary The first kind of adversary requires additional trust partition(s). The second kind of adversary renders the anonymity layer outside the victim's hardware irrelevant. The global adversary theoretically can never be defeated on the Internet. Luckily, the very existence of the global adversary (an adversary with the ability to monitor, store, analyze and correlate all the connections in the world continuously) is highly debatable. Please do not hesitate to contact us for any further information or support. Kind regards Quote Share this post Link to post
justusranvier 0 Posted ... Do you have any plans to allow access via a hidden service so that users can potentially get better performance by avoiding congestion at the exit nodes? Quote Share this post Link to post
tvhawaii 2 Posted ... The method we suggest in our example can be used successfully in Linux Liberte as well. airvpn.org/index.php?option=com_content&...id=64&Itemid=122 returns 404 Quote Share this post Link to post
Staff 9973 Posted ... The method we suggest in our example can be used successfully in Linux Liberte as well.airvpn.org/index.php?option=com_content&...id=64&Itemid=122returns 404Hello!Please replace that link with this one:https://airvpn.org/torKind regards Quote Share this post Link to post
tvhawaii 2 Posted ... I installed Airvpn v1.7, but I can't find any SOCKS proxy option. (*) AirVPN 1.6 or higher is required. The SOCKS proxy option is not available in older versions. 1 Inari reacted to this Quote Share this post Link to post
Staff 9973 Posted ... I installed Airvpn v1.7, but I can't find any SOCKS proxy option.(*) AirVPN 1.6 or higher is required. The SOCKS proxy option is not available in older versions.Hello!Please right-click on the Air dock icon and select "Preferences". In the "Proxy" field select "Type: Socks".Kind regards Quote Share this post Link to post
f0xh0und 0 Posted ... Hey there, i've got a question : I mostly, when i'm connected through TOR, only go to .onion websites, or https clearnet, so, is the VPN through TOR really relevant in this case ? i had some trouble understanding how the stuff work, let me explain myself: when i'm in this config : Computer / ISP / VPN / TOR (.onion website) , something like that should happens : the VPN encrypts the data coming from TOR and pass it through my ISP... the data is decrypted by my computer.. and the TOR encrypted data is decrypted by TOR, am I right ? i may have misunderstood some point. my ISP only sees VPN crypted data, right ? i don't care if you know my real IP, since all the data you catch is TOR encrypted, am i right ? so whatever.. but... if I use your recommended SOCKS config, in my mind, here's what happens : Computer / ISP / TOR (.onion) / VPN When i'm surfing the clearweb, it's really effective indeed, since you don't see my IP address and TOR nodes don't see any clear datas, right... but... when i'm surfing .onion, (tell me if i'm right) : As the .onion traffic doesn't leave TOR, the VPN doesn't even see / crypt it right ? and my ISP doesn't see any VPN traffic, but only TOR traffic ? which can be really annoying right ? i may have misunderstood something, but this solution seems, in this case, less secure. I don't think i'd made myself clear, but i hope so. Regards. Quote Share this post Link to post
Staff 9973 Posted ... Hey there, i've got a question :As the .onion traffic doesn't leave TOR, the VPN doesn't even see / crypt it right ? and my ISP doesn't see any VPN traffic, but only TOR traffic ? which can be really annoying right ?Hello!If you don't want to let your ISP know that you use TOR when you connect to .onion sites, please use TOR over Air instead of Air over TOR. Your ISP will see only encrypted traffic to and from our servers.Kind regards Quote Share this post Link to post
tvhawaii 2 Posted ... Speaking of encryption, I'd appreciate hearing your thoughts on key management expressed in this article: http://www.networkworld.com/news/2012/072512-blackhat-ylonen-261134.html?source=NWWNLE_nlt_security_2012-07-25 How safe are we really? Quote Share this post Link to post
tvhawaii 2 Posted ... I suppose what I'm saying is that since Microsoft's Certificate was compromised and the Flame attack was through Windows Update, how confident can we be in TLS? Again, I'd -really- enjoy hearing someone from Air comment about this. Thanks. Quote Share this post Link to post
Staff 9973 Posted ... I suppose what I'm saying is that since Microsoft's Certificate was compromised and the Flame attack was through Windows Update, how confident can we be in TLS?Again, I'd -really- enjoy hearing someone from Air comment about this.Thanks.Hello!The problem in the first article pertains to SSL certificates issued by "authorities", so it may affect us on the website, in case the certificate were stolen from the authority which issued it to us, not on the OpenVPN connections.Kind regards 1 Ramozzsaboryy reacted to this Quote Share this post Link to post
tvhawaii 2 Posted ... Hey there, i've got a question : As the .onion traffic doesn't leave TOR, the VPN doesn't even see / crypt it right ? and my ISP doesn't see any VPN traffic, but only TOR traffic ? which can be really annoying right ? Regards. Why would TOR traffic be more annoying to your ISP than Air traffic? Thanks for explaining. 1 Ramozzsaboryy reacted to this Quote Share this post Link to post
huiliqwr 0 Posted ... Hi i followed the instruction above https://airvpn.org/tor/ (with the difference that tor changed port from 9050 to 9151) but i can't connect with openvpn because it says : Attempting to establish TCP connection with 127.0.0.1:9151 TCP connection established with 127.0.0.1:9151 socks_handshake: Socks proxy returned bad status TCP/UDP: Closing socket SIGTERM[soft,init_instance] received, process exiting can u help me? Quote Share this post Link to post
Staff 9973 Posted ... Hi i followed the instruction above https://airvpn.org/tor/ (with the difference that tor changed port from 9050 to 9151) but i can't connect with openvpn because it says :Attempting to establish TCP connection with 127.0.0.1:9151TCP connection established with 127.0.0.1:9151socks_handshake: Socks proxy returned bad statusTCP/UDP: Closing socketSIGTERM[soft,init_instance] received, process exitingcan u help me?Hello!Can you please make sure that you have selected a TCP port for the OpenVPN connection and that port 9151 is actually the SOCKS Port (i.e. not the Control Port)?Kind regards Quote Share this post Link to post
huiliqwr 0 Posted ... you have right... the port is 9150 but then Tor tell me: [Warning] socks5: command 3 not recognized. Rejecting. [Warning] Fetching socks handshake failed. Closing. and openvpn's log tell me the same previous thing... Quote Share this post Link to post