Leaderboard

Hello! We're very glad to inform you that two new 10 Gbit/s full duplex servers located in Amsterdam, the Netherlands, are available: Taiyangshou and Vindemiatrix. The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. They support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor : https://airvpn.org/servers/Taiyangshou https://airvpn.org/servers/Vindemiatrix Do not hesitate to contact us for any information or issue. Kind regards & datalove AirVPN Staff

Hello! We're very glad to inform you that a new 1 Gbit/s full duplex server located in Auckland (NZ) is available: Mothallah. The AirVPN client will show automatically the new server. If you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts OpenVPN connections on ports 53, 80, 443, 1194, 2018 UDP and TCP, and WireGuard connections on ports 1637, 47107 and 51820. Just like every other Air server, Mothallah supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/Mothallah Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team 

Hello! We're very glad to inform you that a new 1 Gbit/s full duplex server located in Singapore is available: Azelfafage. The AirVPN client will show automatically the new server. If you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts OpenVPN connections on ports 53, 80, 443, 1194, 2018 UDP and TCP, and WireGuard connections on ports 1637, 47107 and 51820. Just like every other Air server, Azelfafage supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/Azelfafage Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team 

Man im tempted to buy more time but I think im covered

We have kept the OP message to show the pervasiveness of the PRC's propaganda lackeys. We consider Taiwan (Republic of China) to be independent and autonomous from the PRC (People's Republic of China), as it is in fact. ipleak uses MaxMind and IANA databases to display results, and we are pleased that these are aligned with an anti-imperialist and democratic vision that is clearly unpalatable to the dictatorial regime of the PRC, which sees it as an obstacle to its expansionist ambitions.

Hello! We're very glad to inform you that the Black Friday weeks have started in AirVPN! Save up to 74% when compared to one month plan price Check all plans and discounts here: https://airvpn.org/buy If you're already our customer and you wish to jump aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day. AirVPN is one of the oldest and most experienced consumer VPN on the market, operating since 2010. It never changed ownership and it was never sold out to data harvesting or malware specialized companies as it regrettably happened to several competitors. Ever since 2010 AirVPN has been faithful to its mission. AirVPN does not inspect and/or log client traffic and offers: five simultaneous connections per account (additional connection slots available if needed) state of the art and flexible inbound remote port forwarding active daemons load balancing for unmatched high performance - current 'all time high' on client side is 730 Mbit/s with OpenVPN and 2000 Mbit/s with WireGuard flexible and customizable opt-in block lists protecting you from adware, trackers, spam and other malicious sources. You can customize answers or exceptions globally, at account level or even at single device level. powerful API IPv6 full support comfortable management of your client certificates and keys AES-GCM and ChaCha20 OpenVPN ciphers on all servers Perfect Forward Secrecy with unique per-server 4096 bit Diffie-Hellman keys internal DNS. Each server runs its own DNS server. DNS over HTTPS and DNS over TLS are also supported. free and open source software client side software support to traffic splitting on an application basis on Android and Linux and on a destination basis on Windows and macOS GPS spoofing on Android application AirVPN is the only VPN provider which is actively developing OpenVPN 3 library with a fork that's currently 330 commits ahead of OpenVPN master and adds key features and bug fixes for a much more comfortable and reliable experience: https://github.com/AirVPN/openvpn3-airvpn AirVPN, in accordance with its mission, develops only free and open source software for many platforms, including Android, Linux (both x86 and ARM based systems), macOS and Windows. Promotion due to end on 2025-12-03 (UTC). Kind regards & datalove AirVPN Staff

First of all, it's Michigan, a state in the US, not some country, and second, the article also goes into that, stating that the ISPs lack tech to reliably identify VPNs without invasive DPI, which might be a violation of the 4th Amendment. Also, it's a proposed bill, if I read it right, so the statement "will ban vpns soon" is not exactly correct as of today. Relax and calm down first. Anyway, OpenVPN over SSH or SSL or AmneziaWG would probably bypass any of these restrictions, and these have been live for years now.

@Ptwifty Hello! This is a regrettable attempt to irritate AirVPN customers as retaliation by Eddie for not granting him certain benefits after almost 15 years of service. We will have to suppress these attempts at rebellion with a firm and unyielding hand. Joking aside, it seems that you have defined Sheratan as the only server to which Eddie can connect. From your description, you say that you have defined a blacklist with a single server, but in reality you have defined a whitelist with that single server. Please re-check your lists in the "Servers" window. Kind regards

The implementation tunnels WireGuard UDP traffic through HTTP/3 using the QUIC protocol, making encrypted VPN traffic look identical to regular web browsing.SQUIC started as Google's project to accelerate web traffic and became HTTP/3 in June 2022. The protocol uses UDP instead of TCP, eliminating handshake delays. Mullvad exploits the MASQUE tunneling spec (RFC 9298) to proxy UDP through HTTP servers. State censors (China etc.) see HTTPS web traffic while the VPN tunnel hides inside that envelopetate censors see HTTPS web traffic while the VPN tunnel hides inside that envelope. Can we get this? taken from:

I love the fact that existing customers always get to take advantage of the same offers new users get, thank you!

You're either a troll or completely unhelpful. Next time read the post. This isn't a problem particular to AirVPN, and since I have tried literally everything I can think of and spent several hundred dollars in the process of doing so, I am seeking help on the possible causes. Preferably from people who know what they are talking about. I'll take your style advice in consideration 🙄

That's because the AirVPN team didn't write a forums software from scratch, they picked an existing software and adapted it to the special needs of their infrastructure. A gender field in users' profiles is not a special need, given that 98% of people around here don't bother changing profile settings, let alone edit their profile. IP.Board is a "generic" forums software which can be used in many environments. In some of them contact info, birthdays and genders make sense. In some of them, including airvpn.org, they don't.

Ich hatte noch nicht mal Zeit, mich da voll reizufuchsen. Egal wird schon hinhauen😎 2 Jahre.

Renewed for another 3 years

At least add a few more months, just as a precaution.

The logic becomes sound once you take into account everything else I wrote before that sentence, and I sincerely hope that everyone reads posts for the purpose of understanding the gist of them, not for the sake of rebuking every line written. The gender is, and I reiterate, a more or less unimportant piece of information around here, here being the forums dedicated to AirVPN products and everything related to them or the wider area of topics related to VPNs. Plus, as written, this piece of info is invisible to the whole community when set. When the purpose of that info is for the user to be referred to correctly, it doesn't help that user here if it's not seen by anyone. So the choice of whether I set it to "Non-binary" or "Not telling" doesn't matter in the context of these forums if the outcome – no one will see it, anyway – is the same. If we talked about a context outside of the current environment, then yes, of course, having more choices is a valid request. But as the software does not provide that option, Not telling seems to be the closest thing to Non-binary. The other choices are binary, after all.

this is actually a post....... Ich bin ein Berliner

The gender is a more or less unnecessary piece of information around here. Even if you wanted to provide your pronouns, no one would be able to see this preference when replying in a thread. It's not in the quick info dialog when hovering over the poster's name, and by default profiles are inaccessable to all, so no one would be able to see that info in the first place. You could use the Location field to enter those, it's visible directly under your name, but that'd be displayed with a Location label, see the example on the left under my name (and compare it with how I formatted it in the profile). You must also be advised that this version on IP.Board comes from a different internet era altogether (~10 years ago, I believe), one that didn't have the custom of providing pronouns, or having a variety of genders to identify as. So, you may treat Not telling simply as virtually equivalent to non-binary.

Hello! You will appear on the Internet with the same IP address if you connect to the same VPN server. In order to prevent this from happening please make sure to connect each device to a different VPN server. Kind regards

Specs, section Assigned IPs: For the entry IPs, use a DNS query: $ dig a in +short de3.all.vpn.airdns.org 141.98.102.245 141.98.102.189 141.98.102.181 185.189.112.21 37.46.199.68 141.98.102.237 37.46.199.52 185.189.112.29 83.143.245.53 37.120.217.245 141.98.102.229 37.46.199.84 185.104.184.45 185.189.112.13 $ dig aaaa in +short de3.all.vpn.airdns.org 2001:ac8:20:98:ba0a:dabc:45a8:c67c 2a00:dd0:aaaa:7:e021:9b15:8027:f809 2001:ac8:36:3:2935:d57f:fc05:83e0 2001:ac8:20:96:226a:3a84:c3d8:dba8 2001:ac8:20:2b:d428:2f9d:4c0a:77b8 2001:ac8:20:225:1b06:18f:a622:b2af 2001:ac8:20:97:dad1:f205:28f1:bff5 2001:ac8:20:2a:818d:602e:cf31:f199 2001:ac8:20:99:fbf6:b62a:86df:b560 2001:ac8:20:2c:8efe:ed7:7e97:6f97 2001:ac8:20:5:623e:50fc:8023:a65 2a00:dd0:aaaa:9:2a94:d040:418f:de4a 2001:ac8:20:9a:13e6:576a:41cb:a5f 2a00:dd0:aaaa:8:486b:fb23:5878:32ea .

But you'd be supporting a good cause.

You shouldn't, please read the announcement, thanks! 😋 Kind regards

I also extended my subscription for one year. Easily the best VPN on the market and no other competitor gets even close. Thanks AirVPN staff!

Another year added. Thanks!

One more year for me! Thanks AirVPN and keep up the good work

Even when logged into reddit.com, i now get a "You've been blocked by network security" message. Furthermore, the route checking tool shows that reddit.com is inaccessible from all AirVPN servers (HTTP 403). i don't know if the 403 is because the route checking tool can't be logged into Reddit while checking, or if something has changed recently.

I wish I knew myself. Don't really know how to troubleshoot this, either. Might be comparable, but probably not better. From the roadmap I surmise that OpenVPN 2 will still be a single-core application as multithreading is not found in the feature list, so this bottleneck will persist. Conclusive tests must be done once 2.7 is stable and rolled out to some test servers. For now, I lost interest in finding out why DCO <> non-DCO doesn't work as my OpenVPN setup is now DCO <> DCO. Still using Wireguard primarily, though.

Hello! We're very glad to inform you that Eddie Android edition 3.3.0 has been released. Eddie Android edition is a fully integrated with AirVPN, free and open source WireGuard and OpenVPN GUI client. It is based on official WireGuard library and latest OpenVPN3-AirVPN library (free and open source software library by AirVPN), allowing comfortable connections to both OpenVPN and WireGuard servers. Source code is available on GitLab: https://gitlab.com/AirVPN/EddieAndroid Eddie Android edition 3.3.0 is linked against updated libraries. It is compatible with Android 5.1 and higher versions, up to Android 16, and features revamped ergonomics and important new features. What's new full compatibility with Android 15 and 16 compatible with Android 5.1 and higher versions new, remarkably improved NetworkMonitor improvements in ergonomics for faster and more comfortable use updated OpenSSL, OpenVPN3-AirVPN and WireGuard libraries ability to start and connect during the device bootstrap on all supported Android TV and Android versions, with or without "Always on VPN" opt in ability to auto connect when the app is launched through the new option Settings > AirVPN > Start quick VPN connection at application startup. It requires an account that had logged in with "Remember me" checked updated code, SDK 16 100% compliant see the complete changelog here: https://gitlab.com/AirVPN/EddieAndroid/-/blob/master/ChangeLog.txt Main features WireGuard and OpenVPN support Battery-conscious application, with low RAM footprint Ergonomic and friendly interface Ability to start and connect the application at device bootstrap and/or at app launch, with or without "Always on VPN" GPS spoofing Traffic splitting and reverse traffic splitting on an application basis. You can define which apps must have traffic inside or outside the VPN tunnel through white and black list Localization in simplified and traditional Chinese, Danish, English, French, German, Italian, Portuguese, Russian, Spanish, Turkish Full integration with AirVPN Quick tile button Enhanced security thanks to locally stored encrypted data through optional master password (warning: this option prevents the app from automatically connecting during the startup) Quick one-tap connection and smart, fully automated server selection Smart server selection with custom settings  Manual server selection  Full Android TV compatibility including D-Pad support. Mouse emulation is not required.  Ability to generate configuration files based on the user settings for both OpenVPN and WireGuard Increased accessibility for visually impaired persons  Download link Eddie Android edition 3.3.0 APK can be downloaded here: https://airvpn.org/android/eddie A quick start guide is available at the same above linked page. Quick link to the APK: https://airvpn.org/tv Eddie Android edition is also available on the Google Play Store: https://play.google.com/store/apps/details?id=org.airvpn.eddie and on the Amazon App Store: https://www.amazon.com/Eddie-AirVPN-official-OpenVPN-GUI/dp/B07KTD6DH9 Eddie Android edition is the only VPN application developed by AirVPN for Android. Beware of imitations on the Play Store with very similar names that conceal potential scams. How to sideload Eddie Android edition on Android TV and FireOS devices https://airvpn.org/android/eddie/apk/tv/ Kind regards & datalove AirVPN Staff

Ah, yes, it's the DDoS protection mechanism. I analyzed it a little once:This part really needs JavaScript, otherwise you're a bot to the software. I see. I might check that out later myself.

Added another 3 years, now 5 and half years as today Hope administration will add more powerful connections on eastern europe states like Romania, Serbia etc or maybe freshly new ones as Moldova,Albania, Hungary etc Cheers

i like that airvpn has forums, the vpn works well but a lot of services lack those nowadays!

While I love that you continue to support OpenVPN would you please reconsider a few WireGuard‑only 10–20 Gbit servers to quantify the uplift for users who prioritize raw speed and low latency? It’s my understanding that OpenVPN server processes are single‑threaded and CPU‑intensive. Co‑hosting OpenVPN and WireGuard on the same high‑capacity host (10–20 Gbit) can constrain aggregate throughput under load because per‑core bottlenecks caps per‑host headroom when many OpenVPN clients are active. In cities where you have multiple 20 Gbit servers like New York dedicating one to Wireguard doesn't seem unreasonable? Thank you for your consideration.

Your grumpy response is amusing, but perhaps not quite the spirit of helpfulness I am seeking. But I shall persist, Alex; you and I probably share a vision of an internet that is nudged into being VPN-friendly. We don't also need to be warring with each other on top of that. When I asked whether AirVPN could do something about it, what I actually meant was that AirVPN should do something about it. Specifically, if there are shared blocklists†, as I suspect, they could work with abuse teams to remove the blacklisting. I used to do some spam-fighting many years ago, with honeypots and the like, and that's exactly the kind of arms race that we had there. Reporters would report spam using the SMTP headers, it would influence various interconnected blocklists in subtle ways, and good service providers would be thus encouraged to terminate abusive accounts. I just contacted the admins of a large site, and I've mentioned their infra is emitting a high number of 429 responses, starting in the last few months, even though I've used them for many years. I've given them an example IP; I'm hopeful they'll come back to me with a concrete reason for their site's behaviour. Interestingly it makes no odds whether I am signed in, so I wonder if there could be some kind of WAF in the way. † Or they could be sharing the same large edge provider e.g. Cloudflare.

The main reason why I use Airvpn is because it has no what I call 'vpn lag', where even with low ping and bandwidth load, performance feels like you're walking through water. This is my 3rd-4th year, and I've noticed this lag on SG servers for at least the last 6 months, so much so I'd rather connect to Japan or the new Taiwan server than use SG servers. Yes, I'm getting better internet surfing performance in higher ping JP/TW Servers than lower ping SG Servers, even when load is low. Then for the the last 1 week, the load on SG and JP servers have been close to max for almost all of them. This is disappointing. Are there plans to upgrade to 10Gbit servers for this region soon?

I do understand that technical problems are incredibly frustrating. I feel your pain, and I try to help others get past this hurdle. I'm going to ask you to just trust the next couple points: Judging from the emotion in your post, you need a break. Just walk away from this project for 24-48 hours and give your mind and body a rest. Do something that you enjoy. When you come back to these problems with a fresh and rested mind you will be able to try again and succeed. A fresh brain is an AMAZING thing. Know that AirVPN is not the cause of these issues; you are in the right place. You are posting among torrenting LEGENDS who could use any VPN they desire, and they chose to be here. Trust that there is a good reason for that and that you made a great decision to be here. Assuming that you are now well rested, please start again by looking at my stack. This stack configuration has literally torrented hundreds of terabytes; it works! Then, check your AirVPN profile to ensure you set everything up properly and did not rush over or skip a step: When you go to the devices screen have you set up a device? In the ports screen is that device linked to the port (in the dropdown)? When making your config file did you select that device? When working correctly, the sessions screen should list your device at the top of the card when connected; does it? If you accomplish all these things and still have an issue, post again with the current status of things and I'll take another look.

Dark mode on this site would be nice. Strange that there is no dark theme aleready? I use a huge screen and its like flood-lights when i open this page lol opening airvpn.org:

No problem! It's been working very well for me, I even setup different wg tunnels for some devices. This involves creating another vpn device from the client area page, and generating a config file using that device profile.

## Plex Remote Access via a AirVPN with Proxmox This guide explains how to run a Plex Media Server in a virtual machine that routes all its traffic through a separate, dedicated VPN gateway VM. This is ideal for users who want to expose Plex to the internet without revealing their home IP address. ## The "Double NAT" Problem The challenge is a "double NAT" scenario. A standard Plex setup assumes a simple path: Internet -> Your Router -> Plex. In this VPN setup, the path is more complex: Internet -> VPN Public IP -> VPN Server -> Your Alpine Gateway VM -> Your Plex VM this is some what of a guide for myself to show you how to configure the firewall rules to correctly forward traffic through this chain. when you have more than 1 NIC on a linux VM make sure you only have 1 gateway. you can have a NIC with no gateway and it will connect to LAN clients. ## 1. System Overview This setup uses two virtual machines on a Proxmox host: Alpine Linux Gateway VM: A minimal VM that connects to your VPN service (e.g., AirVPN using WireGuard) and acts as a router and firewall. Similar to Whomnix. Plex Server VM: A VM running your preferred OS (like MX Linux) that holds your Plex installation. Its internet traffic is routed exclusively through the Alpine Gateway. connects to NFS share for media. Network Layout: Proxmox Host: Connected to your main LAN. Internal Network: A private virtual bridge in Proxmox (e.g., vmbr1) using a subnet like 10.66.66.0/24. This network is for communication between VM's only, no WWW access until you connect to the alpine gateway. Alpine VM: Has two network cards. One on your LAN which connects to AirVPN (192.168.1.x, then the internal network forward packets to VM's with IP (e.g., 10.66.66.1). Plex VM: Has one network card on the internal network with a static IP (e.g., 10.66.66.70) and its gateway set to the Alpine VM's IP. (10.66.66.1) ## Step 1: Configure VPN Port Forwarding Get your forwarded port from AirVPN . This will be the first link in the chain. Log in to your VPN provider's control panel (the first image shows AirVPN's panel). Request a new port forward. Note the two ports it gives you change the Local Port diffrent from the main one: External Public Port: The port the outside world will connect to (e.g., 40516). Internal Forwarded Port: The port your gateway VM will receive traffic on (e.g., 6699). ## Step 2: Configure the Alpine Gateway VM Alpine Linux This is the most critical part. The Alpine VM must be configured to forward traffic from the VPN tunnel to your Plex VM. install wireguard and set up the AirVPN wireguard with wg-quick to auto start when booted up. This set up will use the following format. WWW 40516 --> AirVPN 6699 --> Alpine Gateway 40516 --> Plex VM 32400 ### A. Enable IP Forwarding Edit /etc/sysctl.conf and make sure this line is uncommented: net.ipv4.ip_forward=1 ### B. Create a Startup Script In Alpine, rc services are used for startup. Create a script to bring up your VPN and apply your firewall rules. Create the file: sudo nano /etc/local.d/vpn-firewall.start Paste the following script inside, adjusting interfaces and IPs as needed. #!/binbash sleep 5 ip link set eth1 up sleep 2 # Bring down the tunnel to ensure a clean state wg-quick down wg0 2>/dev/null sleep 2 # Bring up the WireGuard tunnel wg-quick up wg0 sleep 2 echo "WireGuard tunnel activated." >> /var/log/wireguard-boot.log # Flush old rules for a clean slate iptables -t nat -F PREROUTING iptables -t nat -F POSTROUTING iptables -F FORWARD echo "Applying new iptables rules..." >> /var/log/wireguard-boot.log # Rule 1: Allow established connections to return iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT # Rule 2: Masquerade (NAT) all outgoing traffic from the internal network through the WireGuard tunnel iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE # Rule 3: DNAT - This is the Plex port forward. iptables -t nat -A PREROUTING -i wg0 -p tcp --dport 6699 -j DNAT --to-destination 10.66.66.70:32400 # Rule 4: FORWARD - This allows the packet from the DNAT rule to be forwarded to the Plex VM. iptables -A FORWARD -i wg0 -o eth1 -p tcp -d 10.66.66.70 --dport 32400 -j ACCEPT echo "Firewall rules applied successfully." >> /var/log/wireguard-boot.log # Ping check host="10.128.0.1" count=1 if ping -c "$count" "$host" > /dev/null 2>&1; then echo "$(date) Ping to $host successful." >> /var/log/wireguard-boot.log else echo "$(date) Failed to ping $host. Restarting WireGuard." >> /var/log/wireguard-boot.log wg-quick down wg0 2>/dev/null && wg-quick up wg0 && sleep 3 fi echo "$(date) WireGuard setup complete." >> /var/log/wireguard-boot.log Make the script executable: sudo chmod +x /etc/local.d/vpn-firewall.start Now this script will run automatically on boot. ## Step 3: Configure Plex Remote Access ✅ Finally, tell Plex about your custom setup. In Plex, go to Settings -> Remote Access. Check the box for "Manually specify public port". Enter the External Public Port AirVPN gave you (e.g., 40516). Click Apply. Plex should briefly check the connection and then show the green "Fully accessible" message. I wouldn't trust Plex port checker use the AirVPN one as it is more robust and won't give false positives. Your Plex server is now fully accessible from outside your network through your secure VPN gateway. Once you confirm Alpine is set up properly you can now set the drive to be read only as good practice. Make sure you untick Enable Relay in network in Plex to avoid using the unreliable and slow speed network. if you have issues check you have right ports forwarded in alpine with iptables -t nat -L PREROUTING --line-numbers

Hello, I am a user from Mainland China. Over long connections, both SSH and SSL get blocked and the connection is reset, so none of the Eddie-supported protocols can maintain a long-term connection. Only the AmneziaWG protocol can sustain long connections without speed degradation—and it’s even faster and more stable than standard WireGuard. However, switching servers with AmneziaWG is somewhat cumbersome. I would like to ask: could future versions of Eddie support the AmneziaWG protocol? I believe it could completely replace standard WireGuard. This would be a huge benefit for AirVPN users behind the firewall. The AmneziaWG protocol’s source code is open-source on GitHub under the MIT license and supports free commercial use. I strongly hope Eddie can add support for AmneziaWG. Thank you!

@Bohdan Kushnirchuk Hello! How to solve: To grant Terminal full disk access (except some specific critical directories) on macOS, follow these steps: Open System Settings (or System Preferences): On macOS Ventura and later, click the Apple menu at the top-left of your screen, then choose System Settings. On macOS Monterey or earlier, choose System Preferences. Go to Privacy & Security: In System Settings (Ventura and later), select Privacy & Security in the left-hand menu. In System Preferences (Monterey and earlier), click Security & Privacy, then go to the Privacy tab. Select Full Disk Access: In the Privacy & Security or Security & Privacy tab, scroll down and click Full Disk Access in the left menu. Unlock Settings: At the bottom-left of the window, you might need to click the lock icon and enter your admin password to make changes. Add Terminal: Once the lock is open, click the + button beneath the list of apps with Full Disk Access. In the file chooser window that pops up, go to Applications > Utilities, and select Terminal. Click Open to add it to the list. Restart Terminal: Close the Terminal app if it’s open, then reopen it to apply the changes. 2. Open the terminal and change ownership of the relevant files: sudo chown root /Applications/Eddie.app/Contents/MacOS/* Kind regards

Hello I would like to give my personal recommendations to help with network censorship in Russia. I may not have time to write a authoritative, proper guide, but wanted to share this. Everything "clicked" once I read a comment how the DPI works to determine a new connection. Preface IP and subnet blocks came first. They completely blackhole all traffic to blocked IP addresses. The only thing you can try is IPv6 in place of IPv4. Some Air servers are blocked by IP. The Deep Packet Inspection (DPI) is a required installation for residential ISPs and (as of late) industrial networks like data centers. It works to dynamically block known protocol traffic, anything "forbidden" that's not yet in IP blocklists from above. This system was put in law many years ago. Nevertheless, the networks across the country are at various stages of rollout and their capabilities will differ. Real example: residential ISP did not block OpenVPN->Air, yet the mobile carrier did. Yet in 2024 the residential ISP upgraded their DPI system and started blocking OpenVPN too. Common methods of circumvention Mangle traffic locally to fool the DPI systems. It will allow you to connect to servers not blocked by IP (TLS SNI name detection). Proxy/VPN server: A prerequisite is an outside server, it must not have been blocked by IP. If it's a private server and OpenVPN or Wireguard work - you're lucky. However be prepared to still get blocked by DPI any day for using a VPN protocol. There are many proxy tools, especially developed to combat the Great Firewall of China. They don't run directly on Air, so this is something for self-hosting or other services to provide. We're talking about Air, so let's get that VPN working. Everything below requires you to find a reachable Air server (no direct IP blocks). The configuration server used by Eddie is IP blocked, so it won't work at all. I suggest you to generate all server configs in advance and see which are reachable from Russian networks. Airvpn.org seems to be reachable though. OpenVPN over SSH to Air It is possible to set this up on mobile, however the connection is reset after 10-30 seconds due to a lot of traffic being pushed. I used ConnectBot and it didn't restart the SSH connection properly, anyhow OpenVPN and ConnectBot had to be reconnected manually each time --> unusable. Since both apps are easily downloadable from app stores/F-Droid, this can be enough to generate and download configs from AirVPN's website in a dire situation. This connection type works like this: SSH connects to Air server, forwards a local port -> Air (internal_ip:internal_port) OpenVPN connects to local_ip:local_port and SSH sends the packets to Air's OpenVPN endpoint inside this tunnel Once the connection is established, it works like a regular OpenVPN on your system OpenVPN over stunnel to Air I haven't tried, desktop only? OpenVPN (TCP) over Tor to Air While connecting to Tor will be another adventure, do you really need a VPN if you get Tor working for browsing? If yes, I suppose it could work. I haven't tried. OpenVPN (TCP) to Air May start working after hours on Android, if the connection was established initially. Until then you'll see a lot of outgoing traffic but almost zero incoming traffic (NOT ZERO though!) It is unclear to me whether this is because Android keeps reconnecting after sleeping or sometimes it pushes so little traffic over the established connection that DPI forgets or clears the block for this connection only. OpenVPN (UDP) to Air Doesn't work. Wireguard to Air Doesn't work, it's always UDP and very easily detected. AmneziaWG client to connect to standard Wireguard Air servers This worked for me almost flawlessly. The trick of AmneziaWG is to send random trash packets before starting the connection sequence. This is what the new parameters are and some of them are compatible with standard Wireguard servers. The DPI only checks traffic within the initial traffic size window of the connection. If it doesn't find VPN connection signatures (and it doesn't due to random data) then it whitelists the connection. Wireguard then sends its connection packets and connects to Air. Full speed ahead, no throttling. The VPN connection works! What's the catch? The AmneziaWG packet configuration must be right. This worked for me across all networks I encountered: MTU: 1320 (safe value, higher MTU will give better bandwidth, if it works at all and doesn't begin to fragment packets) Junk Packet count (Jc): 31 Junk Packet minimum size (Jmin): 20 Junk Packet maximum size (Jmax): 40 Init packet junk size (S1): none (afaik only with AmneziaWG server; delete from config or try to set 0) Response packet junk size (S2): none (afaik only with AmneziaWG server; delete from config or try to set 0) Magic header settings changeable afaik only with AmneziaWG server: Init packet magic header (H1): 1 Response packet magic header (H2): 2 Underload packet magic header (H3): 3 Transport packet magic header (H4): 4 Example: [Interface] ... other default values, including MTU ... Jc=31 Jmin=20 Jmax=40 H1=1 H2=2 H3=3 H4=4 And how would you know what numbers to set? This single insight: This means flooding small random UDP packets at the beginning is the winning strategy. That's how I optimized someone's config from "sometimes it works, sometimes it doesn't" to "works 100% of the time, everywhere". You actually don't want to blast big packets and be blocked because of it. Smaller random packets are good for mobile traffic too. How would you setup AmneziaWG to connect to Air (Android)? Generate and download AirVPN Wireguard configs, for each individual server, try different entry IPs too. DO NOT USE THE DEFAULT (OFFICIAL) WIREGUARD PORT. We don't want long-term logging to highlight the working servers for the next round of IP blocks. Download AmneziaWG-Android VPN client (the Android edition is actually a fork of the official Wireguard app aka "AmneziaWG". Don't download their regular all-in-one client aka "AmneziaVPN"!): amnezia.org or https:// storage.googleapis .com/kldscp/amnezia.org or https://github.com/amnezia-vpn/amneziawg-android/releases Import Air's configs in the app Apply "Junk Packet" settings from above Try to connect Try different entry IPs and servers if the connection doesn't work. See if the server IP is completely blocked either with: ping "<entry IP>" nc -zv -w 10 "<entry IP>" "<port 80 or 2018 for OpenVPN TCP>" This is GNU netcat Keep in mind: on Android the safest way to avoid any traffic leaks is to go to system settings, Connection & sharing > VPN, or search for "VPN", click on (i) for advanced settings, Enable: "Stay Connected to VPN" & "Block All Connections not Using VPN". If you ever disconnect from VPN by using Android's system notification, you'll need to re-enable these settings. If you switch between VPN apps (like Eddie -> AmneziaWG), I suggest to make sure these settings are always enabled like this: Turn off Wi-Fi (or mobile data) For previous VPN app disable: "Stay Connected to VPN" & "Block All Connections not Using VPN" For next VPN app enable: "Stay Connected to VPN" & "Block All Connections not Using VPN" Turn on Wi-Fi / connect using next VPN app Android battery optimization: Finally, go to app's settings (or Settings-Battery then app list somewhere) and make sure the AmneziaWG app is "not optimized" for battery. This way it will not be interrupted in the background and potentially drop connection until the screen is awake. -- https://dontkillmyapp.com/ for guides and more info Thanks for reading. Big politicians are not your friends, stay strong and propagate what you truly believe in.

Account is more than 6 months old with a lot of karma. The moment I opened the app with VPN enabled I was instantly logged out with the error account doesn't exist. Not sure what gives. Anyone have any tips on how to navigate reddit without getting banned?

Hello, Are there any plans to add at least one Greek server in order to resolve the various restrictions in the Greek TV services? (https://airvpn.org/topic/16138-greek-tv-geographical-restrictions) ? If it can be solved in another way then great Thank you

I'd like to add a third vote for a Greek server (though I of course understand 3 votes in 6 years don't amount to much 🙂). One use case is media, but a second (arguably more important) one is that Greek government websites (basically anything under *.gov.gr), or rather the Akamai CDN they use, seem to implement some rate limiting that makes them basically unusable from (at least some) foreign IPs (but that's across several years and different ISPs). Currently I have to resort to occasionally paying a separate VPN provider for both of these use cases, which as a loyal Air customer of nearly a decade now I would much prefer not to have to do. A rerouting server as mentioned above could perhaps be suitable for both of these cases, though I'm not sure what that would entail exactly.

According to this definition there is no censorship at all anywhere enforced by governments, not in North Korea, not in France, not in China... Please note that your definition is pure fantasy, if not insulting. Censorship is exactly suppression of speech, public communication, or other information subversive of the "common good", or against a given narrative, by law or other means of enforcement. The fact that censorship is enforced by law or by a government body does not make it less censorship. Furthermore, historically censorship was an exclusive matter of some central authority (the first well documented case is maybe the censorship rules to preserve the Athenian youth, infringed by Socrates, for which he was put to death, although the etymology comes from the Roman Office of Censor which had the duty to regulate on citizens' moral practices) and today censorship by governments is predominant. Even In modern times censorship through laws has been and is predominant and pervasive according to Britannica and many academic researches. Then you can discuss ad nauseam whether censorship by law is "right" or "wrong", whether France's censorship is "better" than China's censorship, but you can't change the definition of censorship, otherwise this discussion will become delirious. Kind regards

Hello! Please check your setup against the following guide: https://airvpn.org/faq/p2p/ On top of that, we have noticed a malfunction in some qBittorrent version (for example 4.5.5) in FreeBSD and Linux related to binding. If you set Tools > Preferences > Advanced > Optional IP addresses to bind to into All addresses, qBittorrent will reply only to IPv6 packets. If that's your case too, set that combo box to All IPv4 addresses. For additional safety you can also set the Network interface combo box (available in the same advanced menu) to your VPN interface. Always run qBittorrent only after a VPN connection has been successfully established. Kind regards

The Problem VPN speeds are significantly decreased despite trying to account for all variables I can think of. Significantly decreased in this case means that absolute best I can temporarily get is 250/250 out of my 500/500 connection as measured with iperf3. However, "real life" use with bittorrent and usenet is much slower. i have consistently had a max upload speed of less than 500 kB/s with transmission. downloading from usenet which normally can max out my connection is stuck at 5 to 6 MB/s (it's about 60 MB/s on same device and network w/o VPN ie ~ 480 mbps on my 500 plan). I am absolutely stumped, any advice is very much appreciated. Steps I have taken Confirmed expected speed w/ iperf3 when vpn is disconnected. I tested between local machines, with remote public iperf3 servers, and between iperf3 docker container and remote public iperf3 servers (~ 1 gbps locally on gigabit ports, and ~500/500 mbps externally with my 500/500 plan as expected both directly on host and in docker). i also tested with iperf3 in gluetun container with vpn activated (best result was 180/150, most much lower) Tried different servers in different geographical regions, including my home country Tried OpenVPN vs Wireguard Tried using specific ports like 53 to bypass potential ISP throttling Tried TCP only for same reasons Disabled all ipv6 Tried adjusting MTU for wireguard Tried LSIO wireguard docker image, gluetun docker image, and regular (non-docker) wg Tried with and without VPN port forwarding (with gluetun) disabled UFW because at this point, why not right? Tried all of the above with several different VPN providers (Proton, OVPN, AirVPN) and spun up my own wireguard vpn server on two different VPS providers with same result I have swapped out my older router with a brand new one since the 500/500 is an upgrade from my previous 250/~25 connection and I have many devices connected. I got a slight improvement from 450 mbps down without VPN to 500+. No discernible improvement with VPN connection. Suspecting potential VPN throttling from my new ISP, I have even got a second ISP to try things with. both are 500/500 and provide speeds as advertised. i even tried gluetun on a different computer. the second computer i tried had 11th gen i9 with 32gb ram and was debian 11 (from an older PC running current LTS ubuntu server). same issue Since everything is "working" (successful tunnel connection), I have no idea what I can provide in terms of logs or whatever to help resolve this.

Mr. veryhadu, watch your language. You are being very provocative for no apparent reason. Mr. mackerel's original post actually is something of an example to follow when asking for troubleshooting help: It describes the exact problem and what have been tried, and would've provided logs if the issue was easier to trace with them. Very few other posts boast this level of detail. So you're really barking up the wrong tree here. Though, Mr. mackerel, setting --verb to 4 or 5 could maybe help. The config generator and Eddie default is 3, omitting some technical information. You could try setting this to 4, then connect and do something causing this throughput. Maybe someone is attentive enough to spot something.

With news of Mullvad and now IVPN removing port forwarding, can we have assurance from staff that AirVPN is not planning to remove port forwarding?

Hello AirVPN Staff and others. I would very much like to have an API call for creating and removing port forwardings, including requesting a random port. This would allow users to have a different port open for every session started. Setting up a port to be forwarded is already pretty simple, but it does still require having a web browser running and logging in to Air. This may be a small obstacle, but an obstacle nonetheless. I strongly suspect many people will set up a port forwarding only once, and then using the same port for all future sessions, and this has some negative implications for privacy. It is already possible to have this functionality when talking to Air's web server through a browser and clicking buttons manually, so I'm making the assumption it will not be too difficult to do the same through an official HTTP-based API. Does this make sense? I'd love to hear what you think.