Leaderboard

Everything still works for me on ublock origin with 1 small adjustment. I think reddit blocked anyone with a Reddit session data value of 0. i use: reddit.com#%#//scriptlet('set-cookie-reload', 'reddit_session', '1') As you can see, the only change is the last number from 0 to 1 and everything works again.

Hello! The problem affects those users who run Eddie Desktop edition with OpenVPN and never logged out for more than a year, or use OpenVPN clients with configuration files generated before 2021. Since Eddie Desktop edition re-downloads certificates and keys only when the operator logs in, locally some certificates have expired because we extend their expiration date automatically at least one year in advance (three years normally). Please try the following procedure to quickly resolve the problem: run Eddie on Eddie's main window uncheck "Remember me" log your account out log your account in (you'll need to re-enter your AirVPN credentials) try again a connection Kind regards

Hello! As reported in the very informative and well written article, provided that unfortunately the adversary has the ability to crack your local network and install inside it an evil DHCP server, an excellent mitigation is based on firewall rules exactly as they are enforced by AirVPN's Network Lock. Kill switches are ineffective as usual, nothing new here, but Network Lock greatly mitigates the problem. This mitigation is very hard to circumvent, as it would require traffic analysis first and more operations later (check "Problems with Firewall Rule Mitigations" in the article). Please note that traffic splitting MUST be avoided, otherwise firewall rules of Network Lock will have exceptions which can be in themselves a dangerous enlargement of the surface attack and that can be again exploited by TunnelVision. As a double protection, you may consider to disable DHCP option 121, an option which can be reported even as “Disable Classless Static Route”. Without DHCP option 121 the attack lacks its essential pre-requisite. Check the downsides, though. We will have the paper investigated by independent reviewers in the next days and if anything relevant on top of all of the above comes out we will publish it. Kind regards

Thanks for that and fsck Reddit

It is not legitimate and definitely not secure. a), AirVPN does not release closed-source software. b), the only languages are English and Chinese, hinting at a Chinese entity abusing the name of AirVPN. It's a case for AirVPN legal staff.

@valkyrie89 Hello! Inbound remote port forwarding is a feature divorced from the VPN p-t-p communication protocol, it all relies on NAT configuration through packet mangling, so you can use it both with OpenVPN and WireGuard. Kind regards

Hello! Yes, there are many upgrades underway throughout the infrastructure. On top of the usual, periodical system updates, we are adding an important new feature we will announce in the future (maybe as early as June, but don't take it for granted). Kind regards

Finally upgraded to DSM 7.2.1 so I edited first post with your comments. Adapted it to new AirVPN config generator look. Also added last part if you want to have faster connection to AirVPN.

Hello! You can either use the OpenVPN version packaged with Eddie, Hummingbird, or another version, as you prefer. To change OpenVPN version selected by Eddie, please install in your system the OpenVPN version you prefer; then, run Eddie and from its main window select "Preferences" > "Advanced". Beside the "OpenVPN custom path" field please click the file requester symbol to navigate through your file system and choose the proper OpenVPN binary file. Finally click "Save". Alternatively just type in the field the binary name with the complete, absolute path, and click "Save". Kind regards

According to this definition there is no censorship at all anywhere enforced by governments, not in North Korea, not in France, not in China... Please note that your definition is pure fantasy, if not insulting. Censorship is exactly suppression of speech, public communication, or other information subversive of the "common good", or against a given narrative, by law or other means of enforcement. The fact that censorship is enforced by law or by a government body does not make it less censorship. Furthermore, historically censorship was an exclusive matter of some central authority (the first well documented case is maybe the censorship rules to preserve the Athenian youth, infringed by Socrates, for which he was put to death, although the etymology comes from the Roman Office of Censor which had the duty to regulate on citizens' moral practices) and today censorship by governments is predominant. Even In modern times censorship through laws has been and is predominant and pervasive according to Britannica and many academic researches. Then you can discuss ad nauseam whether censorship by law is "right" or "wrong", whether France's censorship is "better" than China's censorship, but you can't change the definition of censorship, otherwise this discussion will become delirious. Kind regards

Well… I don't see it coming to life in the near future. That's all I can offer you. 😕

Hello! By enabling Location Services your device sends location information (including wireless access point information, cellular tower information, and precise GPS location if available) to Microsoft. It will also allow apps to use their device’s location and location history to deliver location-aware services and disclose your location to third-party entities. Frequently, this behavior is exactly what must be avoided when connected to a VPN for privacy purposes. It may weaken significantly the anonymity layer. Kind regards

Eddie 2.23.2 + Hummingbird 2.0.0 Beta 1 terminates connection in a loop at start due to ~/.config/eddie/*.tmp.ovpn file. Alpha 2 works. . Eddie version: 2.23.2 / linux_x64, System: Linux, Name: Arch Linux, Version: Linux host 6.8.9-hardened1-2-hardened #1 SMP PREEMPT_DYNAMIC * x86_64 GNU/Linux, Framework: 6.12.0 (makepkg/0cbf0e290c3 Sat Mar 9 11:37:33 UTC 2024); Framework: v4.0.30319 . Command line arguments (2): path.resources="/usr/share/eddie-ui" path.exec="/usr/bin/eddie-ui" . Raise system privileges . Collect network information . Reading options from /home/user/.config/eddie/default.profile . OpenVPN - Version: 3.3.2 - Hummingbird - WireGuard/OpenVPN3 Client 2.0.0 beta 1 - 13 May 2024 (/usr/local/bin/hummingbird) . SSH - Version: OpenSSH_9.7p1, OpenSSL 3.3.0 9 Apr 2024 (/usr/local/bin/ssh) . SSL - Version: 5.72 (/usr/bin/stunnel) I Ready . Collect information about AirVPN completed ! Activation of Network Lock - Linux nftables . Collect information about AirVPN completed I Session starting. I Checking authorization ... ! Connecting to Xuange (Switzerland, Zurich) . Routes, add 79.142.69.163/32 for interface "wlp3s0". . Routes, add 79.142.69.163/32 for interface "wlp3s0", already exists. . SSL > LOG6[ui]: Initializing inetd mode configuration . SSL > LOG5[ui]: stunnel 5.72 on x86_64-pc-linux-gnu platform . SSL > LOG5[ui]: Compiled with OpenSSL 3.2.1 30 Jan 2024 . SSL > LOG5[ui]: Running with OpenSSL 3.3.0 9 Apr 2024 . SSL > LOG5[ui]: Update OpenSSL shared libraries or rebuild stunnel . SSL > LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,OCSP,PSK,SNI . SSL > LOG6[ui]: Initializing inetd mode configuration . SSL > LOG5[ui]: Reading configuration from file /home/user/.config/eddie/c99f82f1ac630c54507010a373bede3e83fd5823b241fe155d4cf82b4d573f48.tmp.ssl . SSL > LOG5[ui]: UTF-8 byte order mark detected . SSL > LOG5[ui]: FIPS mode disabled . SSL > LOG6[ui]: Compression disabled . SSL > LOG6[ui]: Initializing service [openvpn] . SSL > LOG6[ui]: OpenSSL security level is used: 2 . SSL > LOG6[ui]: Session resumption enabled . SSL > LOG6[ui]: Configured trusted server CA: C=IT, ST=Italy, L=Perugia, O=AirVPN, OU=stunnel, CN=stunnel.airvpn.org, emailAddress=info@airvpn.org . SSL > LOG4[ui]: Service [openvpn] needs authentication to prevent MITM attacks . SSL > LOG6[ui]: DH initialization skipped: client section . SSL > LOG5[ui]: Configuration successful . SSL > LOG6[ui]: Service [openvpn] (FD=9) bound to 127.0.0.1:61863 . SSL > LOG6[ui]: Accepting new connections . SSL > LOG6[per-day]: Executing per-day jobs . SSL > LOG6[per-day]: Per-day jobs completed in 0 seconds . Hummingbird > Hummingbird - WireGuard/OpenVPN3 Client 2.0.0 beta 1 - 13 May 2024 . Hummingbird > OpenVPN core 3.9 AirVPN linux x86_64 64-bit . Hummingbird > Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved. . Hummingbird > OpenSSL 3.3.0 9 Apr 2024 . Hummingbird > WireGuard Client 1.0.0 AirVPN Linux x86_64 64-bit . Hummingbird > System and service manager in use is systemd E Hummingbird > ERROR: profile /home/user/.config/eddie/9b7c5dbb3f48811ec5344bd0d0829a2fd0bf83b650a4d99a2ebcc4f6cea4615e.tmp.ovpn not found ! Disconnecting . Sending soft termination signal . SSL > LOG5[ui]: Terminated . SSL > LOG6[ui]: Terminating 2 service thread(s) . SSL > LOG6[ui]: Service threads terminated . Routes, delete 79.142.69.163/32 for interface "wlp3s0". . Routes, delete 79.142.69.163/32 for interface "wlp3s0", not exists. . Connection terminated.

For months or years, I have not been able to to reach notepad-plus-plus.org (Notepad++) application update check or web browser,and I've come across random other sites too that I can't remember. I even opened a ticket and was dismissed because the section: 'Servers~Check Route' shows connected. I don't know if it is really representative of user-side. Here's what I have done: Checked DNS blocking settings Made sure to regenerate config files Tried different european servers and USA servers. Tried on multiple iOS devices AirVPN resolved IP for Notepad++ seems to be owned by AirVPNs service provider or Datacenter??? Windows: Manually tried various DNS servers manually on client (1.1.1.1, 8.8.8.8, 9.9.9.9, dnscrypt,....) Tried adding the valid Notepad++ IP address to the Hosts file I think that might be all of it from what I can remember ATM All these address reply to ping fine...

Pretty much the same setup, qBittorrent using Gluetun HTTP proxy trying to get airVPN port forwarding to work. Did you get anywhere with this?

Nice! I've been using 2.0.0 Beta 1 for a few hours, so far so good. The issue I reported where bluetit wouldn't connect at boot with 2.0.0 alpha 2 despite using "airconnectatboot quick" is solved on my end. I couldn't reproduce after a few reboots (using Wireguard, default). The new bluetit-suspend/bluetit.resume systemd units seem to work consistently after several resume/suspend. After running this Bash script and then suspending, it seems that there isn't any DNS leak at all: #!/usr/bin/env bash while true; do curl ifconfig.co/country >> output.txt sleep 0.5s done I did this multiple times and the output file only contains the country of the VPN server I was connected to. May I ask how the network lock somehow "survives" these: systemctl stop bluetit.service systemctl start bluetit.service considering that stopping bluetit.service manually disables the network lock? Is real IP address really not briefly exposed just before suspending and right after resuming? Will report back after a longer period of usage. Thanks.

Hello! We're glad to inform you that AirVPN Suite 2.0.0 Beta 1 is now available. What's new update of all libraries OpenVPN linked against OpenSSL 3 in every package (dynamically linked in non-legacy packages, statically linked (3.3.0) in legacy packages in order to operate on those systems still not offering OpenSSL 3) improved WireGuard support and management Goldcrest and Bluetit asynchronous connections and Network Lock suspend / resume service for Bluetit in systemd based systems rewritten network availability detection options autocompletion by pressing the TAB key on bash or zsh while entering a Goldcrest or Hummingbird command change of logic in the choice of servers in a specific country, no more using domain names (for additional safety against Tunnelcrack) ability to select whether Network Lock must allow or not communications within local network enhanced support to those IPv6-only networks, no more supporting IPv4 directly and working on IPv4->IPv6 address translation: Network Lock will now allow traffic to/from the translated addresses support for highly-hybridized systems running components causing a frequent mix up of nft and iptables rules (example: Fedora 39 and above) through Network Lock proper adjustments support for legacy 64 bit systems, both x86-64 and ARM (examples: Debian 11, Raspberry Pi OS 64 bit legacy) bug fixes The list of changes and new features is very long! Please check the various changelogs, available in the first post of this thread. Also check the new readme.md to test and use the new features. Kind regards & datalove AirVPN Staff

it would be really nice if you let us make our own custom FQDN setups too - you have already all the infrastructure in place with the AirDNS DDNS. For example, lets say i have 5 specific servers that play really nice with me, I know which of these 5 servers do this but I would like to dynamically switch based upon high ping / load. I can already accomplish disconnecting from the server on high ping, so thats not an issue. The connectivity to those other servers is. Sure I could make my own internal DNS mappings but that doesn't apply any logic relating to load, which AirVPN could do and already does do in decision making on what to serve back. How this would look like, i'd imagine something like me being able to select those servers i like in a checkbox (in the config generator?) and then being assigned a randomly generated AirDNS string like eaVsxWN.airdns.org and then I can put that into my wireguard client config and query it, and AirVPN responds with a single response of the 5 servers I selected, based upon current least load.

Hello, i'm using airvpn to open my plex server for friends (ds-lite double-nat issue) with wireguard which works really well. The issue i'm facing is that sometimes, when the current server has a very high utilization (maxed out network speed), the vpn speed goes down and nobody is able to stream. After switchting the server (e.g. wg-quick down/up), everything works fine again. My question is, is there an solution possible with wireguard? If not, i'm thinking about querying the current server with the API and restart wireguard when the current server reaches near 100%, but that would drop the connection if a movie is played. Thanks, happy to hear some ideas. paprika

I also just joined https://theldu.net and I'm unable to access it through AirVPN. I'm currently using the Praecipua server and that's the only server I've tried but according to the thread in their forum using different servers won't help and almost no one has been able to access the site through AirVPN. In that forum thread it looks like the people who have had success accessing the site have used a different DNS server.

Refer to.

https://www.leviathansecurity.com/blog/tunnelvision Apparently this affects both OpenVPN and WireGuard protocols. Technically it's not a vulnerability but it was easier for the title...

Hello! On the systems, of course! It is possible to disable it on the router too but that's ineffective in any case. If you don't control the router you just can't do it, as you correctly point out, but even if you control the router and then the rogue DHCP server is installed in your local network but it's a machine different from your router, it makes no difference that you disabled it on your own DHCP server (apart from the fact that if the attacker gains control of your router, he/she can re-enable all DHCP options). Kind regards

Hello! The problem is Android-related and not VPN client related. However, Eddie has an option which will prevent this leak, "VPN Lock". Please note that this option will not allow Eddie to re-connect and/or re-configure the tunnel, which is the exact reason for which leaks are prevented. When Google solves this Android problem you can then disable "VPN lock" and rely again on Android built-in leaks prevention. Please note that "VPN Lock" is disabled by default, so you must activate it from the "Settings" > "VPN" view. We totally agree with Mullvad when they write, in the article you linked,"Depending on your threat model this might mean that you should avoid using Android altogether for anything sensitive". Remember also that an overwhelming amount of evidence suggests that iOS and Android were designed to be primarily profiling and surveillance devices, so it's an antimony to use such a device to enhance privacy or create a layer of anonymity. Kind regards

Probably stems from your ignorance about these platforms, but usually @name refers to a user on your instance, @name@notmine.tld to a user on the instance notmine.tld. The latter is not necessarily a Misskey instance, it can be any ActivityPub-speaking software including Mastodon, Pleroma, PeerTube and of course Misskey itself. The feed works according to this drawing, a toot being a post on Misskey: Short explanation: If you register on sushi.ski, which is the fourth-biggest Misskey instance, you can view posts from @inu on your instance, sushi.ski (full name would be @inu@sushi.ski) @neko@misskey.io from misskey.io and even @opensorcerer@nerdculture.de, which is my account on an instance of another software entirely. So the notion that one needs to register on misskey.io to view misskey.io posts stems directly from being familiar with how centralized social networks like Facebook and Twitter always worked. The only little "downside" to this structure is that, if you are not on misskey.io and you view the federated timeline, you will be seeing posts from all instances in sight of your instance; that is, all instances in which there is at least one user from your instance who follows a user from that instance. But since misskey.io is the biggest instance, you will probably see a bit more from there, no matter where you register. In any case, your personal timeline will always be populated by those you follow, no matter their instance. And as explained, that timeline can have people from your own, other or instances from other softwares entirely. The magic of decentralized social networking.

Hello! We will consider seriously the suggestion, thank you. Kind regards

@Greyzy Hello! The solution is relatively simple when you use a subnet calculator: you must tell WireGuard that some subnet (in this case your local network) must NOT fall into the VPN tunnel through the AllowedIPs directive. The AllowedIPs directive in the WireGuard *.conf file lists the set of IP addresses that the local host should route to the remote peer through the WireGuard tunnel. By constructing from the global address space the complementary set of the range of your subnetwork you will solve the problem. Please read the following thread for more complete explanations and definite solution: https://airvpn.org/forums/topic/55801-wireguard-access-local-network/?tab=comments#comment-217411 Kind regards

Hello! The correct FQDN for the various servers is <server name>.airservers.org. However it resolves into IP address 1 only. Each VPN server has 4 entry-IP addresses for various connection modes, but we do not offer domain names for each IP address. For example entry-IP address 1 accepts OpenVPN in TLS Auth mode (for backward compatibility with old OpenVPN versions) and WireGuard, entry-IP address 3 accepts OpenVPN in TLS Crypt mode and WireGuard, and so on. For every detail you can check the "Specs" page "Protocols and entry-IP addresses of each VPN server" section: https://airvpn.org/specs You can use the API to get all the entry IP addresses of all the servers. API instructions and an API navigator are available in your AirVPN account "Client Area" > "API" panel. To make an example based on your request, let's say that you need to know all the info about Teegarden. A first raw search can be performed through the API and filtered accordingly, please see below. The first example shows everything the API can say about Teegarden, the second example prints the THIRD entry IPv4 and IPv6 addresses. Kind regards $ curl -s "https://airvpn.org/api/status/" | grep -A17 -i teegarden "public_name": "Teegarden", "country_name": "United States", "country_code": "us", "location": "Los Angeles", "continent": "America", "bw": 637, "bw_max": 2000, "users": 102, "currentload": 31, "ip_v4_in1": "37.120.132.90", "ip_v4_in2": "37.120.132.92", "ip_v4_in3": "37.120.132.93", "ip_v4_in4": "37.120.132.94", "ip_v6_in1": "2a0d:5600:8:3e:b389:fbfa:508a:1eca", "ip_v6_in2": "2a0d:5600:8:3e:604e:24d0:570c:230f", "ip_v6_in3": "2a0d:5600:8:3e:eceb:3b20:e697:db07", "ip_v6_in4": "2a0d:5600:8:3e:878b:13a8:3b47:98ed", "health": "ok" $ curl -s "https://airvpn.org/api/status/" | grep -A18 -i teegarden | grep in3 | awk -F '"' '{print $4}' 37.120.132.93 2a0d:5600:8:3e:eceb:3b20:e697:db07

Thank you for the explanation. But I can't seem to figure out how to get started with Python, I still have to do some research there.

@blank90 Hello! As @SurprisedItWorks wrote you may rely on https://ipleak.net, or you can also use the AirVPN API. Check your "Client Area" > "API" panel for instructions and commands through the API navigator. With a single fetch you can get all the data of all the servers, for example. Kind regards

In case you face such a situation again or others are curious: At ipleak.net there is a small window at the top where you can enter an IP address you wish to know more about. It will identify an Air server.

Awesome, this is what I had figured. I got it working eventually by having the Eddie client using a different DNS, which isn't ideal. My guess is I am still setting something up wrong because @Staff made it pretty clear it should work and I have no reason to not believe that.

Hello! Only if Network Lock option is enabled you can safely switch servers "on the fly", because Network Lock will prevent any possible traffic leak outside the VPN tunnel. Kind regards

Hello everyone! We hereby publish the Community Forum policy in response to requests for clarification as apparently the generic invitations to comply to Netiquette are not sufficient. We will spread this information throughout the platform if necessary. This document pertains only to Community forums and not to AirVPN forums for official AirVPN communications and guides, where only AirVPN staff can open new threads. The Community Forums are managed and maintained by AirVPN, inside its own infrastructure, and are intended to be an environment to: improve AirVPN services through community driven suggestions provide an old style, relaxed platform for customers to get technical help in addition to the core assistance provided by the professional AirVPN customer care and support team. Community forum is open to everybody, including non-AirVPN customers, and moderated by AirVPN staff. Community moderators may be appointed by AirVPN staff on a voluntary basis to improve moderation. Messages posted on the forums and authors must comply with the following rules: Message content and author's behavior must respect Netiquette rules as described here: https://www.britannica.com/topic/netiquette Content must be rigorously on topic. The topic is specified in the description of each forum or made explicit in the name itself. Any form of explicit or surreptitious advertising for third party companies or private activities is prohibited. Moderators have the task to enforce compliance with the above rules. Messages that violate the rules can be deleted. When possible, moderators will inform the author about the infringement. Authors of two or more messages whose content violates the rules can have their accounts temporarily prevented from posting in the forum. If the author of a message reputes that a moderator made a mistake in the moderation actvity, communication with the moderator is encouraged. If the author is still unsatisfied by communication with the moderator, AirVPN staff can be contacted at info@airvpn.org. The staff undertakes to examine author's' complaints within a reasonable time not exceeding 30 days. Kind regards and datalove AirVPN Staff

You mean with python ? I've created different python lists, for each iptables and ip6tables chains. In each list I've put all the rules that I want to add. So the python script checks the rules in each chain and compares with the corresponding python list and then corrects what needs to be corrected. (The script also creates some required ipsets and be careful not to add duplicate rules, which iptables allows without warning..). The script runs every 30 minutes. By the way with the iptables of the UDM includes the geoip module. So you can block countries per port/services, which the UDM interface does not allow! (With the UDM interface you can block countries, in IN, in OUT, or both, but it’s for the whole WAN connection, we can’t do it on a service basis). So I take the opportunity to do it via an iptables rules. For example I block some countries on the qBt port of the airvpn: iptables -A FORWARD -d 10.0.12.12/32 -i wgclt4 -p udp -m udp --dport 45781 -m geoip --source-country CN,RU,BY,DZ,CF,GA,GH,CI,ZA -j BLOCK_BAD_COUNTRIES_QBT

I agree with your sentiment - it takes a lot of time when you're unfamiliar with this stuff and are already busy doing something else. But it is easier than it seems. To renew the certificate: - Go to https://airvpn.org/ - Sign in - Select the "Client Area" tab - Under "VPN Devices" click the "Manage" button - Click the "Details" button - Click the "Renew" button Then do what Staff says in the above post: - run Eddie - on Eddie's main window uncheck "Remember me" - log your account out - log your account in (you'll need to re-enter your AirVPN credentials) - try again a connection

I would highly like it if AirVPN upgraded their servers to 10Gbps as quite often the NZ servers are very busy. No wonder why it is hard to get max speeds if they are this busy. I have sometimes seen them like 1800Mbps bandwidth throughput. Don't get me wrong, AirVPN is a good service, I just feel they need more Bandwidth in some locations like NZ because in NZ we have super fast Fibre connection speeds, some households have 1Gbps or more and that can easily use all bandwidth on the VPN server.

Looks like the old.reddit method doesn't work anymore but found a great solution if you're a ublock origin or adguard user. copy/paste of reddit comment so blocked users can see it. Go to your uBlock Origin / AdGuard filter settings page and add this custom filter (in uBlock Origin it's under the "My filters" tab): reddit.com#%#//scriptlet('set-cookie-reload', 'reddit_session', '0') This will automatically create the reddit_session cookie as described in the post above. You have to make sure that you are using the latest uBlock Origin or AdGuard extension, because the cookie filter syntax has only been added recently to uBlock Origin. (The above filter only works with uBO version 1.53.0 or higher) Here are some more techy details about the cookie filter: It will create a session cookie, which will only last until the browser is closed. (This is good because see 2. and 3.) You will not be able to log-in to reddit while the cookie is set. (Also applies to manual method in the original post) If you want to log-in to reddit, you will have to remove or comment out the custom filter, then close and re-open your browser. Doing this will clear the session cookie and prevent your adblocker from automatically creating the fake session cookie again. You can comment out custom filters by prefixing them with an exclamation mark, e. g.: !reddit.com#%#//scriptlet('set-cookie-reload', 'reddit_session', '0') The cookie value is set to '0', this is a limitation of the new cookie filter syntax. Can't make it empty as of now unfortunately. It works fine with the value set to '0' though. reddit comment

I know this is a year and a half later but you just cannot see what we see being on the outside. France heavily censors their online content. Of course being INSIDE a propagandized country, you wouldn't see it. However, I'll give you an example. When Rumble wanted to stream in France, France demanded the censor a bunch of their content based on "disinformation" which was really just videos questioning the COVID jab and other political topics. No matter what you believe, if you can't at least TALK about something, that's called censorship.

This guide will explain how to setup OpenVPN in a way such that only select programs will be able to use the VPN connection while all other life continues as usual. Please read this notice before applying the guide Advantages: fail-free "kill switch" functionality (actually better than 98% of VPNs out there) continue using another VPN as primary or don't reroute any other traffic at all nobody, not even peers on LAN, will be able to connect to your torrent client (the only way: through the VPN connection) - eliminating unintended leaks Disadvantage: the apps will still use your default DNS for hostname lookups (secure your DNS separately!) See two more drawings at the end. The guide is applicable to all VPN providers who don't restrict their users to use the OpenVPN client. The method however is universally applicable. It was made with examples from Windows, but with Linux/BSD you will only need little tweaking to do. Specifically, net_gateway placeholder may not available and that's all there is to it. Android clients are probably too limited for this task and lack options we need. - Since there'll be a lot of text, sections titled in (parantheses) are entirely optional to read. The other guide by NaDre is old (2013), hard to read and pursues a slightly different approach. A Staff member actually posted a good first comment there, that's what we're gonna do. (Preface) The BitTorrent as a network is entirely public. Through the decentralized technology called DHT, everyone in the world can find out what torrents you are presumably participating in (this does not apply to private trackers who disable DHT). Clearly this creates an unhealthy atmosphere for privacy of users, e.g. one could find out the OS distribution one is using for a more targetted attack etc. Sometimes the ISPs are outright hostile to peer-to-peer technologies due to the traffic and bandwidth these are consuming. Instead of upgrading dated infrastructure, they cripple their users instead. There are many reasons to use a VPN, that was but a limited selection. ("Split-tunneling") This has become somewhat a marketing term nowadays, but actually explains the nature of the traffic flow well. In this guide only the programs set to use the VPN connection will use it, nothing else. All your traffic goes past the VPN while torrent client traffic (or any other selected program) uses only the VPN connection. ("Kill switch") We'll literally nail it using software settings of your program (the torrent client). This is a marketing-loaded name. In short: if the VPN connection is not available, no traffic ought to be sent bypassing it. In most cases where you have a VPN redirect all your system traffic - you should not rely on it as a feature. The OpenVPN software on Windows is not 100% proof, based on empirical evidence (reconnects and startup/shutdown phases) and some other VPN providers do no better (based on comments and stories). The only bulletproof solution: the VPN tunnel is set up on an intermediary device your PC is connected to - your end device (the PC) has no chance whatsoever to bypass the tunnel in that case. If the VPN provider uses a firewall under the hood, that's good too but with this guide you will not need a firewall nor rely on the VPN software. ("Dual-hop") With the knowledge and methods from this guide you will be able to daisy-chain multiple VPN servers. In essence, your traffic passes PC->VPN1->VPN2->Destination. This was not intended for this guide nor with AirVPN, it's finicky and I wouldn't recommend it myself without a real need and skills to automate the setup and configuration. How it will work Many users (aka mostly idiots on Reddit) are running in circles like qBittorrent is the only client (or probably the only application in the universe, unconfirmed) that can be set to use a certain VPN. Here's the technicality: this is called 'binding' - you can 'bind to IP' which will force the app to use a specific IP address and nothing else. If it cannot use the IP (when VPN is disconnected) then it will not be able to do any networking at all. The OS will deny any communication with the internet: boom! Here's your praised 'kill switch' and 'split-tunneling', 2-in-1. This is the next best bulletproof solution (the only better alternative is to use an intermediary VPN device, as any software could choose a different interface now to communicate with the internet). In a broader sense, you want to 'bind to a network interface' - your client will use any available IPs from the VPN interface - making it ready for IPv4 and IPv6. Oh and you don't need to change the IP once the VPN connection changes to another server. The OS handles the rest. Examples of programs that can bind to user-defined addresses include: (Windows) ping, tracert (IPv6-only, WTF?), curl and wget, and many others, including your favorite torrent client You will find guides online how to do that in your client or just look in settings. (Linux-specific differences of the guide) If you are a Linux/*nix user, there're some minor changes to the quick guide below: * Create custom VPN interface: Create with ip tuntap command. The below line will create 5 interfaces "tun-air1" etc. for YOUR user. Specifying your user allows OpenVPN to drop root rights after connection and run under your user (security). AirVPN allows up to 5 connections. If you have no use for this, create only one. Note: User-owned tunnel interfaces allow to be used by your non-root $user account, but there're issues with running OpenVPN without elevated permissions as $user user="$(whoami)"; for i in {1..5}; do sudo ip tuntap add dev "tun-airvpn$i" mode tun user "$user" group "$user"; done Check their existance with ip -d a -- the interfaces will not be shown under /dev/tun* ALTERNATIVE: openvpn --mktap/--mktun. See manual with man openvpn * Select custom VPN interface: This config part differs from Windows, very confusing. Steps: 1. Replace "dev-node" in config with "dev" 2. Add "dev-type tun" or "tap". Example of config: # if you have these defined multiple times, last entries override previous entries dev tun-airvpn1 # previously dev-node dev-type tun # previously "dev tun" on Windows There're no more differences. In-depth explanation: If you try to use dev-node like for Windows, you will see: OpenVPN log: ERROR: Cannot open TUN/TAP dev /dev/tun-airvpn1: No such file or directory (errno=2) Example strace of error: openat(AT_FDCWD, "/dev/tun-airvpn1", O_RDWR) = -1 ENOENT (No such file or directory) OpenVPN cannot find the TUN/TAP with the name? No, on Linux/*nix/*BSD dev-node has a totally different meaning. Dev-node specifies where the control interface with the kernel is located. On Linux it's usually /dev/node/tun, for the "mknode" command. If OpenVPN can't detect it for some reason, then you'd need to use dev-node. Finally you can start OpenVPN from terminal: sudo openvpn --config 'path/to/config.ovpn' --user mysystemusername --group mysystemusergroup PS: There're issues when running OpenVPN under your current $user. I think the problem was that it couldn't remove added routes after a disconnect. Instead run OpenVPN as root (isn't a good advice but it's what works) Windows Quick Guide Go to the folder where you installed OpenVPN and its exe files: 'C:\Program Files\OpenVPN\' Open CMD inside the 'bin' folder: Hold Shift + Right Click the 'bin' folder -> 'Open Command Window here' We will use tapctl.exe to create a new VPN network interface solely for use with AirVPN (to look around: run "tapctl.exe" or "tapctl.exe help") C:\Program Files\OpenVPN\bin>tapctl create --name AirVPN-TAP {FDA13378-69B9-9000-8FFE-C52DEADBEEF0} C:\Program Files\OpenVPN\bin> A TAP interface is created by default. I have not played enough with Wireguard's TUN to recommend it. You can check it out, it will be under adapters in your Windows network settings Important: Configure your app/torrent client to use this 'AirVPN-TAP' interface. This is what ensures your traffic never leaks. It may appear under a different name, in such case find out which one it is in the output of 'ipconfig /all' (enter this into CMD) If your client does not allow to bind to a general interface but a specific IP (poor decision) then connect to the VPN first to find out the local IP within the VPN network. In this case with AirVPN you may only use one single server or you'll have to constantly change the IP in settings. Generate AirVPN configs where you connect to the server via IPv4! This is important Add these to the .ovpn config files (either under 'Advanced' on the config generator page or manually to each config file) # NOPULL START route-nopull # IF YOU DO NOT USE ANOTHER VPN THAT TAKES OVER ALL YOUR TRAFFIC, USE "net_gateway" (just copy-paste all of this) # net_gateway WILL BE AUTOMATICALLY DETERMINED AND WILL WORK IF YOU CONNECT THROUGH OTHER NETWORKS LIKE A PUBLIC WIFI # personally, due to a second VPN, I had to specify my router IP explicitly instead of net_gateway: 192.168.69.1 # "default"/"vpn_gateway"/"remote_host"/"net_gateway" are allowed placeholders for IPv4 route remote_host 255.255.255.255 net_gateway route 10.0.0.0 255.0.0.0 vpn_gateway route 0.0.0.0 0.0.0.0 default 666 route-ipv6 ::/0 default 666 dev-node AirVPN-TAP # END OF NOPULL Test if the configuration works. Full tests, don't leave it up to chance. In-depth explanation of the OpenVPN config route-nopull rejects any networking routes pushed to you by the server, we will write our own route remote_host 255.255.255.255 <router IP> we tell our system that, to reach remote_host (the AirVPN server IP), it must send traffic to <router IP>. The subnet mask 255.255.255.255 says that this only applies to this single IP set <router IP> to be net_gateway (only for Windows users, check availability on other platforms) <router IP> may be any of the OpenVPN placeholders too, for example "net_gateway" should work universally (you avoid hard-coding the router IP and if it ever changes: wondering years later why the config no longer works) <router IP> is "192.168.1.1" in my case, for my home router that connects me to the internet. route 10.0.0.0 255.0.0.0 vpn_gateway we tell our system that all 10.x.x.x traffic will be sent to the AirVPN server the internal VPN network with AirVPN is always on the 10.0.0.0 - 10.255.255.255 network range. The subnet mask reflects that. However this may interfere with other VPNs if you ever need to be connected to both at once. I will not go into detail on this. What you need to do is to be more specific with 10.x.x.x routes in this config, i.e. instead of /8 subnet, only route the specific /24 subnet of the current VPN server (AirVPN uses a /24 subnet for your connections on each VPN server -> 10.a.b.0 255.255.255.0) vpn_gateway is one of OpenVPN placeholders route 0.0.0.0 0.0.0.0 default 666 allow routing of ANY traffic via the VPN we set the metric to 666, metric defined as path cost (historically) so setting it to a high value will make sure no normal connection runs through it, unless specifically bound to the VPN IP. route-ipv6 ::/0 default 666 same for IPv6. How many can claim they have working VPN IPv6 setup? Welcome in the future. IPv6 is over 20 years old at this point anyhow. dev-node AirVPN-TAP (Windows-only) tell OpenVPN to ONLY use this network interface to create the VPN tunnel on. Nothing should interfere with our setup now That's all, folks! Note: Somehow on Windows my AirVPN connection receives a wrong internal IP that doesn't enable networking at first. In my case I need to wait 1-3 minutes until OpenVPN reconnects itself based on ping timeout: after the reconnect I receive another IP and everything starts to work. I do not know whether it's an OpenVPN or a Windows bug. One last note: using multiple VPNs Actually this will work, that's how I roll. As long as both VPNs don't clash by using the same 10.0.0.0/8 subnet. If this happens, you will need to change Line 5 to point to a more specific (aka smaller) subnet tailored to your AirVPN server. Specifying a 10.x.x.0/24 subnet for routing will surely do (subnet mask: 255.255.255.0). Just be aware that you cannot practically use the same IP range in both networks at the same time (well, you'd need to bind the application you are using to either interface, which you cannot do with a browser or the printing service in case of internal resources). (The story of broken net_gateway) For this placeholder, OpenVPN attempts to determine your 'default gateway', i.e. the router all your internet traffic passes through. It normally works, but may not be supported on other platforms (Linux, sigh). However it has one unintended side-effect: if you already have a VPN that reroutes all your traffic, net_gateway will make all AirVPN traffic go through the first VPN: Your traffic -> VPN1 -> Internet Torrent traffic -> VPN1 -> AirVPN -> Internet That's the unintended dual-hop. Surely you can extend that scheme to 3,4,n-hops if you fiddle enough with routing, subnet masks and correct order. I'm not responsible for headaches We avoid that behavior with Line 4 from our config - the remote_host line forces the AirVPN traffic to go straight to the internet (through your LAN router). One more thing: net_gateway is not available for IPv6 routes in OpenVPN. That's why it currently only works with a IPv4 connection to the VPN server. (Crash course: Subnet masks) You've seen the weird number 255.0.0.0 above. You should refer to other pages for a proper explanation, but basically this is a very simple way for computers to determine the range of IP addresses that are part of a network (a subnet). What's simple for computers is very hard to grasp for us humans. 255 means there are NO changes allowed to the first set of IP numbers. I.e. the 10 in 10.0.0.0 always stays a 10. 0 means all numbers can be used. I.e. the zeroes in 10.0.0.0 can be (0-255), lowest address is 10.0.0.1 and the last address is 10.255.255.254 (technically, 10.0.0.0 is the first and the last 10.255.255.255 is reserved for 'broadcast') Any number in between denotes ... a range in between. 2^(32-prefix)=number. Number is the amount of available addresses and prefix is called the subnet prefix. Both are meant to describe the same thing. For 10.0.0.0/26 or 10.0.0.0 with subnet mask of 255.255.255.192 you get addresses in range 10.0.0.0-10.0.0.64 -- 2^(32-26) = 64. Similarly you can convert the subnet mask into the prefix number and work from there; or eyeball it: 256-192 = 64. (Two ways to accomplish routing) If you have two equal routes, e.g. 0.0.0.0 goes through VPN with metric 666 0.0.0.0 goes through LAN router with metric 10 then obviously the default route for a packet will travel through (2) - because it's a cheaper path. Unless an application specifies to talk only on the VPN interface. However a different rule applies whenever a more specific route exists 0.0.0.0/0 goes through VPN2 with metric 666 0.0.0.0/0 goes through LAN router with metric 10 0.0.0.0/1 goes through VPN1 with metric 30 128.0.0.0/1 goes through VPN1 with metric 30 Here the routes (3) and (4) cover the entire addressing space, just like 0.0.0.0/0. However because they are more specific, they'll be preferred for all traffic because these routes are more selective. This is how OpenVPN does override system routing with VPN routing by default. This is also what the other guide attempted as well, by pushing four {0,64,128,192}.0.0.0/2 routes. Since that was more specific, it would in return override the 0,128 routes and so on. We can calculate how many multi-hops we would be able to do with this method: IPv4 has 32 bits, we will not touch the last 8 bits of the subnets. That leaves us then with 24 bits or 24 maximum amount of hops. Theoretically. The routing table would be outright f---- to look at. This method is a bit more 'secure' in a way because you don't need to rely on overriding a certain metric value, you just slap a more specific route on top and it's automatically made default. Also you don't need to override the default gateway (router) and all that junk. However with my preferred method (first) you can quite easily do DIY dual-hop routing: 0.0.0.0/0 goes through VPN2 with metric 666 0.0.0.0/0 goes through LAN router with metric 10 0.0.0.0/1 goes through VPN1 with metric 30 128.0.0.0/1 goes through VPN1 with metric 30 <VPN2-IP>/32 goes through VPN1 with metric (any) Such a setup will make sure that all traffic destined for the internet (hits 3 and 4) will go through VPN1. If a program specifies the VPN2 network interface, then VPN2 will be reached via VPN1 first (you->VPN1->VPN2). This is quite 'quizzacious' to set up/control. Not part of this guide. As a part of this guide we told the system to route VPN2 via router on LAN. Yet you could indeed chain multiple VPNs this way and force the VPN1 to not only catch all traffic but also be chained via multiple VPNs itself so you would not need to manually set programs. I've seen scripts online for that purpose. Although be aware of MTU issues due to encapsulation. Troubleshooting tips TEST. SERIOUSLY, TEST YOUR SETUP BEFORE ENGAGING YOUR DATA CANNONS! A couple hours now are infinitely many times more worth than a 'leaked' mistake and headaches later on. https://ipleak.net/ - tests your client's default connection route. It would not tell you if your client is alternatively available on LAN for example. If you followed this guide and set up your client correctly, it will not be available on LAN etc. See the images below: 'without interface binding' (most newbie users) and 'with interface binding' (this guide) Wireshark to inspect how the traffic is actually flowing. Follow online tutorials, you only need to select the right network interfaces and filter traffic by port/IP (tcp/udp and your local or VPN IP) curl to send network requests. Like ifconfig.co / ifconfig.io will respond with the IP address it sees you as: curl --interface <your computer IP> http://ifconfig.co curl --interface 192.168.1.42 http://ifconfig.co # for IPv4 or IPv6, default route curl -4 http://ifconfig.co curl -6 http://ifconfig.co > route -4 print and > route -6 print on Windows. To compare the outputs, you can use Notepad++ with the compare plugin (you need two documents open, one in left and another in right pane before comparing). PS: AirVPN configuration generator does not support #comment lines. Please fix. Sorry Linux users, maybe another time I will write something tailored to you. But I believe you are smart cookies and will adapt the OS-specific steps to fulfill this guide's goal.

Hello! This looks like a relatively new Reddit policy, not specifically aimed at VPN, but at any IP address not assigned to residential ISPs. In this case access is granted but only after you have logged in. Just tested from all Japan servers, including Taphao, and we could access. After the login all Reddit is accessible, as far as we see. To maintain a robust anonymity layer in Reddit you need an anonymous e-mail address created with the protection of AirVPN and/or Tor, of course. Follow the instructions you have published in your screenshots to login (the login page does not block access from Tor or VPN or datacenters). Two years ago Reddit started to prevent users to post more than a comment every 10 minutes if the connection came from a datacenter IP address ("if you are accessing from an hosting provider" hints to any non-residential IP address). The behavior you report seems quite new and we confirm that it happens even from dedicated servers completely unrelated from our VPN activities. However the system is still coughing because, on the other hand, as @mazurka7 correctly wrote, some VPN servers are not subjected to this filter. Kind regards

I assume you use wireguard VPN client. From the UDM CLI, run the command: ifconfig | grep -A1 wgclt It will give you every WG tunnel interface and the ip associated. This ip is the tunnel IP that you can also find in the VPN client configuration through the web interface of the UDM. So you can identify the wgclt interface used for your AirVPN connection. This is the one you must use for your iptables rules. (From the UDM CLI) give the output of : iptables -t nat -S PREROUTING iptables -S FORWARD

@Undated8198 Hello, we have no plans to remove port forwarding, quite the contrary: we are currently deploying resources to delay port exhaustion and find alternative, but comfortable, procedures to keep offering this service in anticipation of port exhaustion. As you can see we already limited to new customers the amount of bookable ports, in order to preserve advertised features to those who are already our customers. We are committed to avoid retro-active modifications of the service for pre-existing customers, when such modifications would be detrimental for the service or anyway betraying an advertised feature. Kind regards

Hello! There's a part of an old urban legend here. Eddie's source code is available on GitHub (including the current 2.22.2 which is still considered "beta", according to the unorthodox release cycle of Eddie), anyway the essence of the urban legend is assuming that a license enforces restrictions on future releases of a certain work on the copyright holders themselves. The copyright holders are not restricted on future development or re-arrangement of a work of mind by any previous license since they are the "legal owners" (according to the international treaties which overlap intellectual monopoly with intellectual property and the EU legal framework on intellectual monopolies). On subsequent releases, the license of the current work always defines and/or restricts the rights of third parties, and not the rights of the legal owners. At the same time, the license we agreed to pick grants third parties that no retroactive restrictions are possible. If Eddie's developer decided to distribute an Eddie version without source code he would have the legal right to do so, provided that Eddie does not include third-party code licensed with restrictions against closed source code. It doesn't happen because of AirVPN mission (and Eddie's developer is also an AirVPN co-founder), but legally it would be Eddie's developer right. An identical right is reserved to AirVPN Suite developers, and exercised on both senses. If you notice, when a Suite alpha or beta version is made available to community testers, the OpenVPN3-AirVPN library against which the Suite is linked is always open source, while the proprietary preview code is closed. It is then re-licensed and opened (usually under GPLv3 but we're not ruling out different, more permissive licenses, for the parts we have exclusive rights on) only when the development team considers the software as "stable". Even in this case, releasing a copyrighted software as a preview does not prevent the developers to re-license and open it in the future (so far to make it open source under GPL). You did not miss anything. Eddie 2.22.2 is still the latest "experimental", but the testing work is over. If nothing serious comes out (fingers crossed) you will see a new stable release very soon. Kind regards

wow ok thanks for confirming my fears. how the hell did we get here... this bill needs to die.

Hello! In Eddie Android edition you can split traffic on an application basis. You can define "white" and "black" lists of apps. If a black list is defined, the apps included in the black list will have their traffic routed outside the VPN. Any other app will have its traffic routed into the VPN. If you define a white list, only the apps in the white list will have their traffic routed inside. Any other device traffic will be routed outside the VPN. Traffic splitting will work both on WireGuard and on OpenVPN. In Eddie Desktop edition for Linux, Mac and Windows you can split traffic on a destination basis (IP addresses, IP addresses range, or host names). You can tell Eddie to send the traffic outside the VPN tunnel only for specific destinations, or you can tell Eddie to send all the traffic outside the tunnel except for specific destinations. Traffic splitting will work both on WireGuard and OpenVPN. AirVPN Suite for Linux does not offer any traffic splitting ability, but we are considering to implement an app based traffic splitting feature in the near future. Kind regards

Hello ! When a website is blocked or things aren't working so well somehow, that sucks. But posting a new topic will not automatically help. So before posting a new thread/topic, I recommend that you try these things first, to help yourself and everyone else out: Things To Try First Try check out the AirVPN Route Checking tool. Put the name of the website, such as www.netflix.com into the search field. Click search. Then refresh the page & look at the HTTP column.Try and change the server that you're using; especially to servers from other countries, rather than just servers from the same country you were first connected to, as sometimes the servers of 1 country are all having issues. Especially if the Route Checking tool shows a red color in the HTTP colum or codes like 403. The HTTP Codes mean different things.Try check out ipleak.net and make sure that the IP & DNS address fields only show 1 address each: those from AirVPN. Otherwise your ISP could be blocking you.For Windows, try going to your Control Panel>>Internet Connections>>Change Adapter Settings>>Right Click each adapter>>Properties>>Untick IPv6>>Click Ok. Similar steps for MacOS/Linux.Try use the AirVPN forum search field in the top right corner, to see if a similar thread exists already. It's better and easier if all the same posts are in the same thread.Try click the "Most Viewed" button, on the horizontal blue line, under the black "Start New Topic" button, in order to see the most viewed threads easily & quickly.Try and check that your ISP or country isn't listed here. Because these ISPs block various things.Try and check if the website is listed here. Sites listed here should be automatically unblocked, regardless of which server you use. (This is called "Micro-routing").Try and see if the content you want, is available via a torrent site, if you wish. You could then use qBittorent to download it using P2P technology, which AirVPN fully allows. (Not all VPNs do) Does AirVPN Care About Blocked Sites? Yes! AirVPN Staff routinely reply to all kinds of different threads on these forums. This includes replies to threads about Netflix. Moderators do too!However due to there being a lot of new threads, they don't always reply to each one. Especially if the thread already exists; such as the many threads about Netflix.This is why it's important to keep all posts about the same website, in the same threads, instead of just making a new thread, which won't get any attention.But the problem is, that AirVPN or even any other VPN provider, can't always do anything about blocks. That's the truth. Because sites like Netflix actively try to block VPNs.It's in AirVPNs Mission Statement to fight all kinds of blocks or attempts at censorship; so it's not because Air isn't trying to fix things. When You Post A Thread, Consider This If you absolutely have to post, then please include: a link to the blocked website, the AirVPN server you used, any error messages you got & any replies from support staff from the blocked site.You get bonus points if you also tell us that you already tried the route checking tool and other things listed in the first section. . Double the bonus if you post in an existing thread instead.Posting also doesn't guarantee that the problem will be fixed. But if you follow the suggestions here, then you will make fixing the problem both quicker and easier for Air & everyone else :]. If you have questions or suggestions, please do not be afraid of posting them here or sending me a PM. If you're new to VPNs, then please feel free to check out my New User guide. Please do provide feedback on this thread if it helped you or is missing something! Thank you for reading !

I discovered a simple quirk of setting up eMule (P2P) on Windows 10 that causes port forwarding to fail with AirVPN. This tip that may save others a lot of time. During setup eMule creates an inbound rule in Windows firewall that applies to private networks in scope. This makes sense if using eMule without a VPN. However, Windows treats the AirVPN as a public network. Consequently port forwarding with eMule and AirVPN will not work using the default inbound rule created during eMule setup. The solution is to edit the scope of the eMule inbound rule in Windows firewall to apply to both private and public profiles. The latter is the important one. This is simple to do: In Windows Firewall, right click on the inbound rule for eMule, select Properties, Advanced. Under Profiles check both Private and Public. I am not a security expert so feel free to chime in if this setting raises any concerns. This may also apply to earlier versions of Windows.

Not only the internet. They give themselves the right to invade any country in the world who doesn't play under their rules.

Introduction This is a guide on how to host a Minecraft server through AirVPN. Please note that this guide assumes that you already have at least a basic understanding on how to set up and run a Minecraft server. AirVPN is a good tool for people who want to run Minecraft servers and either don’t know how to port forward or can’t for any reason. It is also useful for some ISPs that block most inbound ports, making it impossible to run a Minecraft server without a VPN tool. I found AirVPN useful to help me run a server at my university because my university is its own ISP and they don’t allow any inbound ports aside from standard ones like HTTP. Step #1 Set up the server normally. If you are running it on the same computer that you are playing on you should be able to join the server locally (IP 127.0.0.1). If you don’t know how to get this far the Minecraft wiki has a very good, albeit technical, guide on setting up a server here. Step #2 Forward a port with AirVPN. You can do this by logging into your account on airvpn.org and clicking the “Client Area” tab then going to the “Forwarding ports” tab on the left side of the screen. Once there you can fill in the form as shown above to reserve a port. Things to note: The box at the top is the inbound port you want to use and you have to find a free one. The actual number of the port doesn’t matter, any will work fine. Just make sure to note which one you picked!Unless you have changed the Minecraft server port you should set your local port to 25565, the default port.DDNS is useful if you want players to players to be able to join a URL, which is easier to remember, than an IP address. In the example above you would connect to myserver.airdns.org (note that it might take up to an hour for the name servers to update and in the meantime you would need to use the IP)Step #3 Connect to an AirVPN server and note your exit-IP (the exit-ip is different for each server). If you are not using the DNS service or are waiting for the name servers to update you will need this for players to connect. You can find the exit-IP of the server you are currently connected to by checking your client area on the AirVPN site or the application on your computer. You may be finished now, you can check and see if players can connect to your server at <Server exit-IP>:<Your Port>. For example, if my server exit IP were 94.100.23.163 and my port was 22222 you would have people connect to 94.100.23.163:22222 If players can’t connect keep following the last two steps. Step #4 Find the IP of your AirVPN adapter. On Windows this can be done by opening command prompt (Press + R then type “cmd” and press Ok) and typing in “ipconfig.” You should see something that looks like the picture above. Look for an entry that starts with 10.*.*.* if you have two, like I do, check https://airvpn.org/specs/ to see which one matches with one of the entries on the table. You can see that because 10.247.*.* doesn’t appear on the table Local Area Connection 2 is my AirVPN connection because 10.4.*.* does. Note the whole Address, in my case 10.4.3.194, we will need this for the next step. Step #5 Open your Minecraft server config file (named “server.PROPERITES” in your Minecraft server directory) with notepad. Set “server-ip=” to the IP you got from step 4. Congratulations, people should now be able to connect to your server from around the world. If you had to do Step 4 and 5 for it to work then unfortunately you have to repeat those two steps every time you reconnect to an AirVPN server as that IP changes each time you connect. Enjoy!