Jump to content
Not connected, Your IP: 54.227.97.219

Leaderboard


Popular Content

Showing content with the highest reputation since 11/07/21 in all areas

  1. 5 points
    Staff

    Black Friday Sale 2021

    Hello! We're very glad to inform you that the Black Friday week has just begun in AirVPN! Save up to 74% when compared to one month plan price Check all plans and discounts here: https://airvpn.org/buy If you're already our customer and you wish to jump aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day. AirVPN is one of the oldest and most experienced consumer VPN on the market, operating since 2010. It never changed ownership, it was never sold out to data harvesting or malware specialized companies as it regrettably happened to most competitors. AirVPN does not inspect and/or log client traffic, and offers: five simultaneous connections per account IPv6 full support AES-GCM and ChaCha20 OpenVPN ciphers on all servers WireGuard support on all servers Perfect Forward Secrecy with unique per-server 4096 bit Diffie-Hellman keys active daemons load balancing for unmatched high performance - current 'all time high' on client side is 730 Mbit/s with OpenVPN and 1046 Mbit/s with WireGuard even more, exclusive features, such as DNS customizable and flexible block lists to neutralize sources of ads, spam, trackers etc. AirVPN is the only VPN provider which is actively developing OpenVPN 3 library with a fork that's currently 113 commits ahead of OpenVPN master and adds key features and bug fixes for a much more comfortable and reliable experience: AirVPN, in accordance with its mission, develops only free and open source software for many platforms, including Android, Linux (both x86 and ARM based systems), macOS and Windows. Kind regards & datalove AirVPN Staff
  2. 3 points
    pmik76

    DNS Filtering

    Thank you for this amazing feature!
  3. 2 points
    Staff

    WireGuard beta testing available

    Hello! We're glad to announce the beginning of WireGuard beta testing in AirPVN infrastructure. In order to test WireGuard, go to Client Area ⇨ Preferences and activate Access to BETA Features. This will allow you to see specific guides and options pertaining to WireGuard. About privacy concerns, we wrote a FAQ answer here . Please make sure to read it. WireGuard with Eddie If you want to use Eddie, go to download page of your OS, and click Other versions ⇨ Experimental in Eddie download pages. Linux note: Eddie doesn't recognize WireGuard until it is present at kernel level. Use cat /sys/module/wireguard/version to check your WireGuard kernel module. Wireguard will be available in Preferences > Protocols window (logout and login from Eddie's main window might be necessary). WireGuard without Eddie Otherwise, for official WireGuard app/binaries, see the guides below: Windows - with official WireGuard app (GUI) ⇨ https://airvpn.org/windows/wireguard/gui/ macOS - with official WireGuard app from App Store (GUI) ⇨ https://airvpn.org/macos/wireguard/appstore/ macOS - with Homebrew, terminal ⇨ https://airvpn.org/macos/wireguard/homebrew/ Linux - with official WireGuard from your distro, terminal ⇨ https://airvpn.org/linux/wireguard/terminal/ iOS - with official WireGuard app from App Store (GUI) ⇨ https://airvpn.org/ios/wireguard/appstore/ Android - with official WireGuard app from Play Store (GUI) ⇨ https://airvpn.org/android/wireguard/playstore/ The guides above will be also shown in Download section when Beta Features option is checked. Notes: We will add other connection ports, suggestions are welcome. We automatically generate WireGuard keypair (and preshared-key), and assigned IPv4/IPv6 addresses, for any device, no action required. Kind regards & datalove AirVPN Staff
  4. 2 points
    OpenSourcerer

    New feature: DNS block lists

    Hover over that little pictogram with your mouse, will you? Default = "The air to breathe the real Internet" Customized = "The air to breathe the filtered Internet" I do admit that at the very first I asked myself what it exactly means, too, but it quickly occured to me that it's used in the same way as other boolean values on the website, on IPLeak, in Eddie. Its meaning is therefore unambiguous.
  5. 2 points
    Staff

    New feature: DNS block lists

    Hello! We're glad to introduce a new feature in AirVPN infrastructure: DNS block lists. By default, AirVPN DNS remains neutral in accordance with our mission. However, from now on you have the option to enforce block lists which poison our DNS, in order, for example, to block known sources of ads, spam, malware and so on. You can manage your preferences in your account Client Area ⇨ DNS panel https://airvpn.org/dns/. We offer only lists released with licenses which grant re-distribution for business purposes too. The system is very flexible and offers some exclusive features never seen before in other VPN services: You can activate or de-activate, anytime, any combination of lists. You can add customized exceptions and/or additional blocks. Any specified domain which must be blocked includes all of its subdomains too. Lists which can return custom A,AAAA,CNAME,TXT records are supported. You can define any combination of block lists and/or exceptions and/or additions for your whole account or only for specific certificate/key pairs of your account (Client Area ⇨ Devices ⇨ Details ⇨ DNS) Different matching methods are available for your additions and exceptions: Exact (exact FQDN), Domain (domain and its subdomains), Wildcard (with * and ? as wildcards), Contain, Start with, End with. An API to fetch every and each list in different formats (see Client Area ⇨ API ⇨ dns_lists service) is active Any change in your selected list(s), any added exception and any added block is enforced very quickly, within few tens of seconds. You don't need to disconnect and re-connect your account. You can define your own lists and discuss lists and anything related in the community forum here Essential requisite to enjoy the service is, of course, querying AirVPN DNS while your system is connected to some VPN server, which is by the way a default setup if you run any of our software. Kind regards & datalove AirVPN Staff
  6. 2 points
    Jacker@

    WireGuard beta testing available

    Here is the link to his channel. https://m.youtube.com/watch?v=bCNnP8FDSNA It's saves a lot of head scratching 😁
  7. 2 points
    Staff

    WireGuard beta testing available

    If you youtube 'Christian Mcdonald', he explains everything in his series of videos. He's also overseeing the wireguard package for netgate, and talks about the whole process and where he wants to take it in the future. Hello! Speaking of netgate.com, we found this article on it which looks good: https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-client.html In order to fit it to AirVPN, please generate a configuration file for WireGuard and the server or country you wish from the Configuration Generator. It's a text file inside which you can find the settings/values you need. Kind regards
  8. 2 points
    Staff

    New feature: DNS block lists

    Thank you for your great feedback and the head up. Lists should have been updated every 24 hours but the procedure started failing recently. We are working on it to detect the problem and restore the normal update every 24 hours. EDIT: problem detected and fixed. Kind regards
  9. 2 points
    Well… I dug into the hummingbird and NetFilter code a bit and it looks like the dependencies on systemd/sysinit for the network lock is fairly limited. I am looking into putting a remedy to those with a couple of “if docker then … else …” and see where it leads. I think the network lock is a pretty import piece of the picture and it should work well even in a docker environment. I’ll report back here once I have anything tangible. The out coming Dockerfile will probably be a little more involved, but still pretty straight forward building hummingbird in one image and copying the produced binary from there into the target image with right entrypoint.sh
  10. 2 points
    Staff

    [Proposal] [Implemented] OISD

    Hello! We're glad to inform you that OISD full and extra lists are now available. Kind regards
  11. 2 points
    This guide will explain how to setup OpenVPN in a way such that only select programs will be able to use the VPN connection while all other life continues as usual. Please read this notice before applying the guide Advantages: fail-free "kill switch" functionality (actually better than 98% of VPNs out there) continue using another VPN as primary or don't reroute any other traffic at all nobody, not even peers on LAN, will be able to connect to your torrent client (the only way: through the VPN connection) - eliminating unintended leaks Disadvantage: the apps will still use your default DNS for hostname lookups (secure your DNS separately!) See two more drawings at the end. The guide is applicable to all VPN providers who don't restrict their users to use the OpenVPN client. The method however is universally applicable. It was made with examples from Windows, but with Linux/BSD you will only need little tweaking to do. Specifically, net_gateway placeholder may not available and that's all there is to it. Android clients are probably too limited for this task and lack options we need. - Since there'll be a lot of text, sections titled in (parantheses) are entirely optional to read. The other guide by NaDre is old (2013), hard to read and pursues a slightly different approach. A Staff member actually posted a good first comment there, that's what we're gonna do. (Preface) The BitTorrent as a network is entirely public. Through the decentralized technology called DHT, everyone in the world can find out what torrents you are presumably participating in (this does not apply to private trackers who disable DHT). Clearly this creates an unhealthy atmosphere for privacy of users, e.g. one could find out the OS distribution one is using for a more targetted attack etc. Sometimes the ISPs are outright hostile to peer-to-peer technologies due to the traffic and bandwidth these are consuming. Instead of upgrading dated infrastructure, they cripple their users instead. There are many reasons to use a VPN, that was but a limited selection. ("Split-tunneling") This has become somewhat a marketing term nowadays, but actually explains the nature of the traffic flow well. In this guide only the programs set to use the VPN connection will use it, nothing else. All your traffic goes past the VPN while torrent client traffic (or any other selected program) uses only the VPN connection. ("Kill switch") We'll literally nail it using software settings of your program (the torrent client). This is a marketing-loaded name. In short: if the VPN connection is not available, no traffic ought to be sent bypassing it. In most cases where you have a VPN redirect all your system traffic - you should not rely on it as a feature. The OpenVPN software on Windows is not 100% proof, based on empirical evidence (reconnects and startup/shutdown phases) and some other VPN providers do no better (based on comments and stories). The only bulletproof solution: the VPN tunnel is set up on an intermediary device your PC is connected to - your end device (the PC) has no chance whatsoever to bypass the tunnel in that case. If the VPN provider uses a firewall under the hood, that's good too but with this guide you will not need a firewall nor rely on the VPN software. ("Dual-hop") With the knowledge and methods from this guide you will be able to daisy-chain multiple VPN servers. In essence, your traffic passes PC->VPN1->VPN2->Destination. This was not intended for this guide nor with AirVPN, it's finicky and I wouldn't recommend it myself without a real need and skills to automate the setup and configuration. How it will work Many users (aka mostly idiots on Reddit) are running in circles like qBittorrent is the only client (or probably the only application in the universe, unconfirmed) that can be set to use a certain VPN. Here's the technicality: this is called 'binding' - you can 'bind to IP' which will force the app to use a specific IP address and nothing else. If it cannot use the IP (when VPN is disconnected) then it will not be able to do any networking at all. The OS will deny any communication with the internet: boom! Here's your praised 'kill switch' and 'split-tunneling', 2-in-1. This is the next best bulletproof solution (the only better alternative is to use an intermediary VPN device, as any software could choose a different interface now to communicate with the internet). In a broader sense, you want to 'bind to a network interface' - your client will use any available IPs from the VPN interface - making it ready for IPv4 and IPv6. Oh and you don't need to change the IP once the VPN connection changes to another server. The OS handles the rest. Examples of programs that can bind to user-defined addresses include: (Windows) ping, tracert (IPv6-only, WTF?), curl and wget, and many others, including your favorite torrent client You will find guides online how to do that in your client or just look in settings. (Linux-specific differences of the guide) If you are a Linux/*nix user, there're some minor changes to the quick guide below: * Create custom VPN interface: Create with ip tuntap command. The below line will create 5 interfaces "tun-air1" etc. for YOUR user. Specifying your user allows OpenVPN to drop root rights after connection and run under your user (security). AirVPN allows up to 5 connections. If you have no use for this, create only one. user="$(whoami)"; for i in {1..5}; do sudo ip tuntap add dev "tun-airvpn$i" mode tun user "$user" group "$user"; done Check their existance with ip -d a -- the interfaces will not be shown under /dev/tun* ALTERNATIVE: openvpn --mktap/--mktun. See manual with man openvpn * Select custom VPN interface: This config part differs from Windows, very confusing. Steps: 1. Replace "dev-node" in config with "dev" 2. Add "dev-type tun" or "tap". Example of config: # if you have these defined multiple times, last entries override previous entries dev tun-airvpn1 # previously dev-node dev-type tun # previously "dev tun" on Windows There're no more differences. In-depth explanation: If you try to use dev-node like for Windows, you will see: OpenVPN log: ERROR: Cannot open TUN/TAP dev /dev/tun-airvpn1: No such file or directory (errno=2) Example strace of error: openat(AT_FDCWD, "/dev/tun-airvpn1", O_RDWR) = -1 ENOENT (No such file or directory) OpenVPN cannot find the TUN/TAP with the name? No, on Linux/*nix/*BSD dev-node has a totally different meaning. Dev-node specifies where the control interface with the kernel is located. On Linux it's usually /dev/node/tun, for the "mknode" command. If OpenVPN can't detect it for some reason, then you'd need to use dev-node. Finally you can start OpenVPN from terminal: sudo openvpn --config 'path/to/config.ovpn' --user mysystemusername --group mysystemusergroup Windows Quick Guide Go to the folder where you installed OpenVPN and its exe files: 'C:\Program Files\OpenVPN\' Open CMD inside the 'bin' folder: Hold Shift + Right Click the 'bin' folder -> 'Open Command Window here' We will use tapctl.exe to create a new VPN network interface solely for use with AirVPN (to look around: run "tapctl.exe" or "tapctl.exe help") C:\Program Files\OpenVPN\bin>tapctl create --name AirVPN-TAP {FDA13378-69B9-9000-8FFE-C52DEADBEEF0} C:\Program Files\OpenVPN\bin> A TAP interface is created by default. I have not played enough with Wireguard's TUN to recommend it. You can check it out, it will be under adapters in your Windows network settings Important: Configure your app/torrent client to use this 'AirVPN-TAP' interface. This is what ensures your traffic never leaks. It may appear under a different name, in such case find out which one it is in the output of 'ipconfig /all' (enter this into CMD) If your client does not allow to bind to a general interface but a specific IP (poor decision) then connect to the VPN first to find out the local IP within the VPN network. In this case with AirVPN you may only use one single server or you'll have to constantly change the IP in settings. Generate AirVPN configs where you connect to the server via IPv4! This is important Add these to the .ovpn config files (either under 'Advanced' on the config generator page or manually to each config file) # NOPULL START route-nopull # IF YOU DO NOT USE ANOTHER VPN THAT TAKES OVER ALL YOUR TRAFFIC, USE "net_gateway" (just copy-paste all of this) # net_gateway WILL BE AUTOMATICALLY DETERMINED AND WILL WORK IF YOU CONNECT THROUGH OTHER NETWORKS LIKE A PUBLIC WIFI # personally, due to a second VPN, I had to specify my router IP explicitly instead of net_gateway: 192.168.69.1 # "default"/"vpn_gateway"/"remote_host"/"net_gateway" are allowed placeholders for IPv4 route remote_host 255.255.255.255 net_gateway route 10.0.0.0 255.0.0.0 vpn_gateway route 0.0.0.0 0.0.0.0 default 666 route-ipv6 ::/0 default 666 dev-node AirVPN-TAP # END OF NOPULL Test if the configuration works. Full tests, don't leave it up to chance. In-depth explanation of the OpenVPN config route-nopull rejects any networking routes pushed to you by the server, we will write our own route remote_host 255.255.255.255 <router IP> we tell our system that, to reach remote_host (the AirVPN server IP), it must send traffic to <router IP>. The subnet mask 255.255.255.255 says that this only applies to this single IP set <router IP> to be net_gateway (only for Windows users, check availability on other platforms) <router IP> may be any of the OpenVPN placeholders too, for example "net_gateway" should work universally (you avoid hard-coding the router IP and if it ever changes: wondering years later why the config no longer works) <router IP> is "192.168.1.1" in my case, for my home router that connects me to the internet. route 10.0.0.0 255.0.0.0 vpn_gateway we tell our system that all 10.x.x.x traffic will be sent to the AirVPN server the internal VPN network with AirVPN is always on the 10.0.0.0 - 10.255.255.255 network range. The subnet mask reflects that. However this may interfere with other VPNs if you ever need to be connected to both at once. I will not go into detail on this. What you need to do is to be more specific with 10.x.x.x routes in this config, i.e. instead of /8 subnet, only route the specific /24 subnet of the current VPN server (AirVPN uses a /24 subnet for your connections on each VPN server -> 10.a.b.0 255.255.255.0) vpn_gateway is one of OpenVPN placeholders route 0.0.0.0 0.0.0.0 default 666 allow routing of ANY traffic via the VPN we set the metric to 666, metric defined as path cost (historically) so setting it to a high value will make sure no normal connection runs through it, unless specifically bound to the VPN IP. route-ipv6 ::/0 default 666 same for IPv6. How many can claim they have working VPN IPv6 setup? Welcome in the future. IPv6 is over 20 years old at this point anyhow. dev-node AirVPN-TAP (Windows-only) tell OpenVPN to ONLY use this network interface to create the VPN tunnel on. Nothing should interfere with our setup now That's all, folks! Note: Somehow on Windows my AirVPN connection receives a wrong internal IP that doesn't enable networking at first. In my case I need to wait 1-3 minutes until OpenVPN reconnects itself based on ping timeout: after the reconnect I receive another IP and everything starts to work. I do not know whether it's an OpenVPN or a Windows bug. One last note: using multiple VPNs Actually this will work, that's how I roll. As long as both VPNs don't clash by using the same 10.0.0.0/8 subnet. If this happens, you will need to change Line 5 to point to a more specific (aka smaller) subnet tailored to your AirVPN server. Specifying a 10.x.x.0/24 subnet for routing will surely do (subnet mask: 255.255.255.0). Just be aware that you cannot practically use the same IP range in both networks at the same time (well, you'd need to bind the application you are using to either interface, which you cannot do with a browser or the printing service in case of internal resources). (The story of broken net_gateway) For this placeholder, OpenVPN attempts to determine your 'default gateway', i.e. the router all your internet traffic passes through. It normally works, but may not be supported on other platforms (Linux, sigh). However it has one unintended side-effect: if you already have a VPN that reroutes all your traffic, net_gateway will make all AirVPN traffic go through the first VPN: Your traffic -> VPN1 -> Internet Torrent traffic -> VPN1 -> AirVPN -> Internet That's the unintended dual-hop. Surely you can extend that scheme to 3,4,n-hops if you fiddle enough with routing, subnet masks and correct order. I'm not responsible for headaches We avoid that behavior with Line 4 from our config - the remote_host line forces the AirVPN traffic to go straight to the internet (through your LAN router). One more thing: net_gateway is not available for IPv6 routes in OpenVPN. That's why it currently only works with a IPv4 connection to the VPN server. (Crash course: Subnet masks) You've seen the weird number 255.0.0.0 above. You should refer to other pages for a proper explanation, but basically this is a very simple way for computers to determine the range of IP addresses that are part of a network (a subnet). What's simple for computers is very hard to grasp for us humans. 255 means there are NO changes allowed to the first set of IP numbers. I.e. the 10 in 10.0.0.0 always stays a 10. 0 means all numbers can be used. I.e. the zeroes in 10.0.0.0 can be (0-255), lowest address is 10.0.0.1 and the last address is 10.255.255.254 (technically, 10.0.0.0 is the first and the last 10.255.255.255 is reserved for 'broadcast') Any number in between denotes ... a range in between. 2^(32-prefix)=number. Number is the amount of available addresses and prefix is called the subnet prefix. Both are meant to describe the same thing. For 10.0.0.0/26 or 10.0.0.0 with subnet mask of 255.255.255.192 you get addresses in range 10.0.0.0-10.0.0.64 -- 2^(32-26) = 64. Similarly you can convert the subnet mask into the prefix number and work from there; or eyeball it: 256-192 = 64. (Two ways to accomplish routing) If you have two equal routes, e.g. 0.0.0.0 goes through VPN with metric 666 0.0.0.0 goes through LAN router with metric 10 then obviously the default route for a packet will travel through (2) - because it's a cheaper path. Unless an application specifies to talk only on the VPN interface. However a different rule applies whenever a more specific route exists 0.0.0.0/0 goes through VPN2 with metric 666 0.0.0.0/0 goes through LAN router with metric 10 0.0.0.0/1 goes through VPN1 with metric 30 128.0.0.0/1 goes through VPN1 with metric 30 Here the routes (3) and (4) cover the entire addressing space, just like 0.0.0.0/0. However because they are more specific, they'll be preferred for all traffic because these routes are more selective. This is how OpenVPN does override system routing with VPN routing by default. This is also what the other guide attempted as well, by pushing four {0,64,128,192}.0.0.0/2 routes. Since that was more specific, it would in return override the 0,128 routes and so on. We can calculate how many multi-hops we would be able to do with this method: IPv4 has 32 bits, we will not touch the last 8 bits of the subnets. That leaves us then with 24 bits or 24 maximum amount of hops. Theoretically. The routing table would be outright f---- to look at. This method is a bit more 'secure' in a way because you don't need to rely on overriding a certain metric value, you just slap a more specific route on top and it's automatically made default. Also you don't need to override the default gateway (router) and all that junk. However with my preferred method (first) you can quite easily do DIY dual-hop routing: 0.0.0.0/0 goes through VPN2 with metric 666 0.0.0.0/0 goes through LAN router with metric 10 0.0.0.0/1 goes through VPN1 with metric 30 128.0.0.0/1 goes through VPN1 with metric 30 <VPN2-IP>/32 goes through VPN1 with metric (any) Such a setup will make sure that all traffic destined for the internet (hits 3 and 4) will go through VPN1. If a program specifies the VPN2 network interface, then VPN2 will be reached via VPN1 first (you->VPN1->VPN2). This is quite 'quizzacious' to set up/control. Not part of this guide. As a part of this guide we told the system to route VPN2 via router on LAN. Yet you could indeed chain multiple VPNs this way and force the VPN1 to not only catch all traffic but also be chained via multiple VPNs itself so you would not need to manually set programs. I've seen scripts online for that purpose. Although be aware of MTU issues due to encapsulation. Troubleshooting tips TEST. SERIOUSLY, TEST YOUR SETUP BEFORE ENGAGING YOUR DATA CANNONS! A couple hours now are infinitely many times more worth than a 'leaked' mistake and headaches later on. https://ipleak.net/ - tests your client's default connection route. It would not tell you if your client is alternatively available on LAN for example. If you followed this guide and set up your client correctly, it will not be available on LAN etc. See the images below: 'without interface binding' (most newbie users) and 'with interface binding' (this guide) Wireshark to inspect how the traffic is actually flowing. Follow online tutorials, you only need to select the right network interfaces and filter traffic by port/IP (tcp/udp and your local or VPN IP) curl to send network requests. Like ifconfig.co / ifconfig.io will respond with the IP address it sees you as: curl --interface <your computer IP> http://ifconfig.co curl --interface 192.168.1.42 http://ifconfig.co # for IPv4 or IPv6, default route curl -4 http://ifconfig.co curl -6 http://ifconfig.co > route -4 print and > route -6 print on Windows. To compare the outputs, you can use Notepad++ with the compare plugin (you need two documents open, one in left and another in right pane before comparing). PS: AirVPN configuration generator does not support #comment lines. Please fix. Sorry Linux users, maybe another time I will write something tailored to you. But I believe you are smart cookies and will adapt the OS-specific steps to fulfill this guide's goal.
  12. 2 points
    Hello! A message from the dev: in the next Eddie release a command line flag "-nosplash" will be added to skip the splash window. Kind regards
  13. 2 points
    Staff

    WireGuard beta testing available

    Thank you, we're very glad to know it. We have not changed anything on our side so the cause of the problem remains unknown. If it wasn't on your side, the problem might re-appear. Open a ticket if it does to let us investigate more properly. Kind regards
  14. 1 point
    fschaeck

    Hummingbird unofficial Docker image

    I just committed fixes to https://gitlab.com/fschaeckermann/hummingbird.git that now make the hummingbird client run in an Alpine Linux container as well. The produced image of Dockerfile.alpine is merely 23.6MB in size… good enough for a service container with a single purpose I guess. Next is to look closer at what happens with IPv6 in a docker container. There seems to be some kind of permission problem…
  15. 1 point
    Daniel15

    WireGuard beta testing available

    You're downloading an OpenVPN config, not a Wireguard one. Enable the beta setting here: https://airvpn.org/preferences/ then select Wireguard in the config generator.
  16. 1 point
    That is a difficult thing to do because it may not be their fault entirely. If they want to use OpenVPN bundled with Synology because it's what they can reasonably do with their skillset, they are locked to OpenVPN 2.3, believe it or not. Synology doesn't seem to be updating much on their Linux-based NAS boxes.
  17. 1 point
    maxhawk

    WireGuard beta testing available

    Looks like speedtest run from LInux CLI: https://www.speedtest.net/apps/cli FWIW here's what I'm getting with 4 cores dedicated to my VPN VM. I've seen higher numbers with different servers. Server: Cox - Wichita - Wichita, KS (id = 16623) ISP: Quintex Alliance Consulting Latency: 25.00 ms (0.32 ms jitter) Download: 635.78 Mbps (data used: 698.7 MB ) Upload: 570.65 Mbps (data used: 577.7 MB ) Packet Loss: 0.0%
  18. 1 point
    @ciudad Hello! It's not planned at the moment because it's more comfortable for us the current single tls-crypt key. tls-crypt 2 doesn't change anything for the client, while on the server side, in our specific case, it would be useless because we maintain tls-auth for backward compatibility,. Any denial attempt would remain potentially possible via tls-auth, hence we would have a complication for nothing. However when we drop tls-auth (we're afraid not in the near future because of the amount of old OpenVPN versions connecting to our service) then tls-crypt-2 will become attractive indeed.. Kind regards
  19. 1 point
    Duck1

    WireGuard beta testing available

    Some *killer* speeds with Wireguard: Server: Clouvider Ltd - Los Angeles, CA (id = 35056) ISP: HugeServer Networks, LLC Latency: 12.48 ms (0.81 ms jitter) Download: 688.44 Mbps (data used: 904.8 MB ) Upload: 35.42 Mbps (data used: 44.7 MB ) Packet Loss: 0.0%
  20. 1 point
    Obvious

    WireGuard beta testing available

    Ubuntu 21.10 here, Wireguard DNS adblocking is perfectly working which I tested over many days. As you can see the advertisement domains are blocked towards 127.0.0.1 ( the computer itself) and in microseconds instead of milliseconds. Good work! ubuntu@ubuntu:~$ ping doubleclick.net PING doubleclick.net (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.073 ms 64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.032 ms 64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.063 ms 64 bytes from localhost (127.0.0.1): icmp_seq=4 ttl=64 time=0.057 ms ^C --- doubleclick.net ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3056ms rtt min/avg/max/mdev = 0.032/0.056/0.073/0.015 ms
  21. 1 point
    And you are right, the ISP is Amanah Tech because that's whom the data centers belong to. It's a hosting and colocation provider, which means other organizations can rent servers there. These are marked by the org field in some IP API responses: { "isp" : "Amanah Tech Inc.", "org" : "McAfee, Inc. - Plano", "as" : "AS32489 Amanah Tech Inc.", "query" : "184.75.215.242" } I wouldn't try honestly. Best thing you can do is not to use it privately. I made a small Bash function for such lookups. ip-api () { curl -s http://ip-api.com/$1 } IP-API.com
  22. 1 point
    Hello! Of course, absence of evidence is not evidence of absence, but at least you can't find any proof that any identity of our customers has ever been disclosed, while such cases are notorious for various competitors. While science can't prove that there are no pink donkeys, because scientific inquiry can't bring evidence of absence, the scientific method forces you to bring a proof, specifically at least one pink donkey., to show that they exist. Now, either you bring some proof for your insinuations, or you are just another trolltard. Not at all, or at least "not necessarily",. You can still access our onion web site, or even access our regular web site through Tor, which is a much stronger clue against your fears than any audit can provide because an audit which is paid by the audited can not be trusted. Can you tell us what good the excellent audits performed on ExpressVPN (who hired CIA intelligence agent who worked for UAE government to crack activists and journalists devices) or PIA and CyberGhost (which are owned by an adware and malware specialized Israeli company) brought to customers? This shows your ignorance on how Tor works, shame on you. The power of Tor is mainly due to the fact that you don't need an audit of every single Tor relay and that end-to-end encryption has wiped out Tor malicious exit nodes which could intercept your unencrypted communications and take advantage from them even though the exit-node does not know where they come from. Please get informed before you publish such nonsense. Kind regards
  23. 1 point
    @Innovathrorr Your post was moved into this thread. No matter how similar, issues don't need to have the same cause. This one definitely doesn't share it That IP belongs to McAfee. McAfee belongs to Intel. It's kind of a long shot, but since it's a corporate PC, the theft protection (or some other feature of the Trusted Platform Module) might be active which might or might not prevent changing the routing table to prevent thiefs from blocking the connection to Intel or the company via VPN. Something like that. But it's quite likely the TPM prevents something. Might be just a software, though. I don't know all the software you're running
  24. 1 point
    Daniel15

    WireGuard beta testing available

    I just tried this out and I'm seeing much better performance compared to OpenVPN. I was seeing ~110-130Mbps with OpenVPN, but I'm getting effectively full speed (~500Mbps, so ~1000Mbps on the VPN server) with Wireguard. AirVPN Server: Merope (Los Angeles) Client system: VPS with 3 vCores, Intel Xeon E5-2680 v2 processor (fair share CPU usage, not dedicated) Located in Los Angeles, ~0.6ms ping from client system to VPN server VPN client is running in Docker: dperson/openvpn-client for OpenVPN, linuxserver/wireguard for Wireguard. Tested using Speedtest.net CLI (https://www.speedtest.net/apps/cli) OpenVPN: Server: Cox - Wichita - Wichita, KS (id = 16623) ISP: HugeServer Networks, LLC Latency: 42.60 ms (0.21 ms jitter) Download: 111.92 Mbps (data used: 189.0 MB ) Upload: 124.83 Mbps (data used: 221.8 MB ) Packet Loss: 0.0% Result URL: https://www.speedtest.net/result/c/d2c0f532-2013-4e90-ae96-796f813dd7b8 WireGuard: Server: Cox - Wichita - Wichita, KS (id = 16623) ISP: HugeServer Networks, LLC Latency: 42.22 ms (0.22 ms jitter) Download: 493.41 Mbps (data used: 794.9 MB ) Upload: 395.14 Mbps (data used: 492.3 MB ) Packet Loss: 0.0% Result URL: https://www.speedtest.net/result/c/f0668420-b38d-468e-9220-516b6d6cbbab I haven't tried with one of the 10Gbps servers yet, but I do have a VPS in Switzerland so I might try that out and see what speeds I can achieve
  25. 1 point
    waterfall

    Mac OS Monterrey

    Yes, I can confirm, it solved the problems. The deleted .plist files are recreated on restart automatically, but I am sure you already know that. However, I also made a few other fine tunings: 1: I changed the Desktop from my own pictures to the Apple desktop background. Monterrey OS seemed to want to log me off at random otherwise. 2: I noticed I would get locked up when running another Mac with Tunnelblck (since that old MacPro Nehalem workhorse is too old for Eddie) and active data exchanges were ongoing, so I thought maybe my ISP was throttling the connection and changed Eddie beta protocols on my Macbook Air from Automatic to Port 80. No problems since then. Of course, Monterrey seems buggy and Apple is not as nimble and responsive a corporation as they once used to be, so I expect I will be continuing the fine tuning.
  26. 1 point
    Edit: WIP: https://github.com/whiteowl3/hummingbird-docker/
  27. 1 point
    Hi! I resolved the issue. I downloaded OpenVPN and during installation, it installed the TUN driver. So now everything is back to normal. Thanks for your input.
  28. 1 point
    securvark

    WireGuard beta testing available

    I am very interested in server cpu load and utilisation statistics. For clients with 1 (and max 5) connections it doesn't really matter and wireguard is very well optimised. On a server with several hundreds of connections it might be a different story since OpenVPN encryption can use hardware accelerated cryptography. Is this something you can share?
  29. 1 point
    Jacker@

    WireGuard beta testing available

    Yes, I have changed mine to /32. No problem.
  30. 1 point
    spinmaster

    [Proposal] [Implemented] OISD

    I'd like to propose adding the (very popular) OISD Blocklist. This list is also used by other free DNS "Adblock" services like Adhole.org, AhaDNS.com, etc. OISD (https://oisd.nl/) OISD is a pre-filtered blocklist consisting of lots of other popular blocklists. Domains which do not resolve from these blocklists are filtered out on a daily basis. OISD is focusing on functionality and not overblocking. License: ? I couldn't find any licensing information on the website. Raw URL: https://dbl.oisd.nl/ or (alternatively) https://hosts.oisd.nl/
  31. 1 point
    Ok. Thanks for the information. Then, I will ask directly to AirVPN to make this possible because I think is quite basic.
  32. 1 point
    Staff

    WireGuard beta testing available

    Hello! To help us troubleshooting DNS block list issues with WireGuard, please activate at your convenience the DNS List "Air ADV", and try from terminal (Linux and macOS) # dig ad-delivery.net @10.128.0.1 or in Windows # nslookup ad-delivery.net 10.128.0.1 Then publish the output. Kind regards
  33. 1 point
    Nummer1

    My review

    It has been a few months since i've last used this VPN, but my experience was great. This vpn might look complicated but its really not and you won't regret getting it. Even back a few months it was awsome, probably my favourite out of the ones i've used, great VPN.
  34. 1 point
    I'll contact the support team. I don't want this issue to remain. Thanks for your help anyway.
  35. 1 point
    autone

    WireGuard beta testing available

    Yes. I can confirm it works as advertised now. 👍
  36. 1 point
    @spinmaster Hello! It's a bug in the Configuration Generator coming from the times when the name earth3.airpvn.org existed. Now it doesn't exist anymore. Please modify it into earth3.vpn.airdns.org or earth3.all.vpn.airdns.org. The first name resolves into the entry-IP address 3 of the "best" Earth server, the latter into entry-IP addresses 3 of all VPN servers. We will fix the bug, in the meantime you can simply edit with any text editor your ovpn file. Thank you for having found and pointed the bug out. Kind regards
  37. 1 point
    Ah yes, the xenophobic approach. You should learn about v6 and adopt it, there's nothing to mistrust there. All you've heard are probably very old arguments against it.
  38. 1 point
    go558a83nk

    WireGuard beta testing available

    I opened UDP port 1637 on the router that's behind a W10 machine, and WG worked fine through Eddie. I'm not sure if that port needs to be open or not on your end - worth a shot if nothing else works. don't open a port on your router for eddie. it's not needed for anything if everything's going through the VPN tunnel.
  39. 1 point
    Xirinacs

    Eddie Desktop 2.21 beta released

    It works perfectly for me in Windows 10 (without WireGuard) and so far I have not experienced any problems. But I had to install Eddie with administrator privileges. Regards
  40. 1 point
    bob1324

    Eddie Desktop 2.21 beta released

    Hi, I also have an Unexpected: NetLock WFP rule. Windows 10 pro and 2.21.2beta.error eddie.txt
  41. 1 point
    cqs

    WireGuard beta testing available

    Generated an Android profile for Nahn and Wireguard refused to import it until it got renamed to Nahn.conf
  42. 1 point
    Baymond

    [SOLVED] ipv6 error 1

    If the above solution does not work try checking ALL of your Windows adapters in Windows Network and Internet. Jog the adapter settings (Disable/Enable) and make make sure they are enabled, especially the "Wintun Userspace Tunnel" adapter that (on mine) shows the red x as "Unplugged" but when right clicked is still enabled.....strange. This has solved my occasional connection issues with the Eddie Client set to : "Inside Tunnel if supported, otherwise blocked" (Layer IPv6 in networking). Hope this helps some folks.
  43. 1 point
    Stalinium

    Happy AirVPN power user

    I don't know what to write about... Everything's fine and I love AirVPN. Sounds cheesy but it is what it is. I've been using AirVPN for half a year. Many servers to choose from, very transparent from the user's point of view - something I value. Transparency about server status and an API (admittedly I haven't used it much). From reading the forums I grasped that AirVPN has very strict (legal) criteria for choosing server locations (countries), an approach that is unique across all providers I've seen so far. Yea placing servers in China wouldn't be the best idea or many other more "democratic" as a matter of fact which were ruled out. The config generator is awesome if you're not using their open source client Eddie (bonus points again!) - plenty of flexibility. Configs? Afaik there're some providers out there who still have user/password prompt on each connection, laughable. AirVPN not only properly makes use of certificates (that's how the server knows you are you without asking for credentials) and on top of that allows you to properly distribute different access keys across your devices (in case of theft etc). Lost a device? Revoke access to that single one and done! Port-forwarding support ALONG WITH Dynamic DNS is unparalleled. Sure an advanced user probably could create an ad-hoc DDNS solution for themself, but offering it along the VPN is ingenius. The servers are very stable, the stats currently show a user has been connected since January. I've read comments where other VPNs often force reconnects etc, that just sounds wild to me. Before AirVPN I've been on a private VPN server with 24/7 uptime and that's the quality of service I got used to and wouldn't want to downgrade from (looking at those other VPN providers) The AirVPN forums are a great source of information. The staff cannot be commended enough for responding to concerns and generally being here for discussion. @OpenSourcerer is a damn community hero, this place is unimaginable without him! I myself have contributed in one form or another and will continue to. As a side note to forums: AirVPN appears to have customized the forum software for privacy. I can't assess how far it goes (hopefully "enough"), and it's a far better choice than those completely relying on Reddit - undoubtedly a useful puppet of/for the certain government. The only problem I've had was with initial payment. I bought the 1 month plan and found no clear indications it was still active (because it is a PayPal recurring payment), so before the month expired I bought the 1 year plan. I was quite surprised to see a few days later my access days to have been extended by +31d - the automatic Paypal payment kicked in and I paid a single month extra. Though I like the service so much I decided not to bother with a refund (consider it a donation hehe). You need to login in Paypal to cancel those, I wish this was made clear/er. What's unclear to me was whether/how much info is retained on payment after all the transactions... but to grossly paraphrase an official response: use crypto. Just make sure your mug shot (photo) isn't connected to the coin wallet Roses are red, AirVPN's great.
  44. 1 point
    Hayden_

    AirVPN 11th birthday celebrations

    My plan expires in 18 days, but I just extended it by 3 years. Thank you AirVPN!
  45. 1 point
    cambell

    AirVPN 11th birthday celebrations

    I am good, no need to buy. Happy b day.Your subscription will expirein 4182 days (ma. 8 nov. 2032 11:58
  46. 1 point
    Ventuquies

    Unable to start (No socket)

    Hi guys, I had this issue whenever I shutdown my computer without exiting eddie in a regular way and I hated to need to restart the computer to fix it. Solution for me: Kill the "openvpn.exe" task -> Eddie seems released, can be started normally again and no "no socket" issue Kind regards, Vent
  47. 1 point
    monk09

    Eddie won't connect, keeps retrying

    Mine worked fine for a few weeks then I had the same issue as you it sounds like. Support suggested this and it has generally worked:
  48. 1 point
    Not only the internet. They give themselves the right to invade any country in the world who doesn't play under their rules.
  49. 1 point
    The United States is an enemy of the Internet. More and more our technology and communications are captured illegaly and stored for many years and then used against us in court. The government seems to sincerely believe that it owns the Internet and regulary hacks into foreign servers to retrieve data, seizes domain names, etc. and any citizen who can be considered a hacker under broad laws will be thrown in prison. My warning as a US citizen is to watch out, encrypt, keep everything secure, keep data offshore, and avoid any US-influenced entities such as ICANN. Thank you AirVPN for the great continued service. I've been using multiple VPN connections almost constantly for the past year everywhere and as far as I can see that will continue
  50. 1 point
    Jinsong

    Socks5 proxy

    What he means is if AirVPN were to offer SOCKS proxy servers as a separate service in addition to the VPN. This would be useful for clients who only need the service on an application-level basis. It could also be useful for bypassing certain geo-location restrictions while remaining connected to a particular VPN server. For example, let's say you are downloading a torrent via the NL server but want to visit a US-only site at the same time. Normally you'd have to stop what you're doing, log out of the VPN and change servers, but in this case you could just change the browser's proxy settings and do both simultaneously. You could also make the argument that chaining a VPN + SOCKS proxy could (theoretically) enhance your anonymity by creating multi-jurisdictional hops, although in this case it's somewhat irrelevant since both services would be under the administration of the same provider (AirVPN) anyway. Of course, a proxy (by itself) doesn't encrypt traffic like a VPN does, so it's not really as good from a privacy standpoint. Also, there's a potential security issue because client authentication data (usernames and passwords) would have to be stored on EACH proxy-hosting server, as opposed to OpenVPN which only needs one central authentication server for storing users' login credentials. Still, it is a good idea -- one that has already been implemented by a handful of competitors in the VPN space, so it might be something for AirVPN to consider as a value-added service.
×
×
  • Create New...