Leaderboard

Recently, the Tor Project announced a membership program. As Air has always been a strong supporter of the Tor Project, maybe you can also consider the membership? This can help secure its independecy while also making AirVPN known to a wider audience. Many NGOs still struggle as the pandemic has decreased their donations. Here is the link to the announcement: https://blog.torproject.org/tor-project-membership-program

Hello! We're very glad to announce all VPN servers progressive upgrade to Data Channel CHACHA20-POLY1305 cipher and TLS 1.3 support. UPDATE 18-Nov-2020: upgrade has been completed successfully on all AirVPN servers. The upgrade requires restarting OpenVPN daemons and some other service. Users connected to servers will be disconnected and servers during upgrade will remain unavailable for two minutes approximately. In order to prevent massive, simultaneous disconnections, we have scheduled a progressive upgrade in 15 days, starting from tomorrow 5 Nov 2020. Please see the exact schedule at the bottom of this post, in the attached PDF file. Servers marked as "OK" have been already upgraded and you can use CHACHA20-POLY1305 with them right now. When should I use CHACHA20-POLY1305 cipher on OpenVPN Data Channel? In general, you should prefer CHACHA20 over AES on those systems which do not support AES-NI (AES New Instructions). CHACHA20 is computationally less onerous, but not less secure, than AES for CPUs that can't rely on AES New Instructions. If you have an AES-NI supporting CPU and system, on the contrary you should prefer AES for higher performance. How can I use CHACHA20-POLY1305 on AirVPN? CHACHA20-POLY1035 on Data Channel is supported by OpenVPN 2.5 or higher versions and OpenVPN3-AirVPN library. In Eddie Android edition, open "Settings" > "AirVPN" > "Encryption algorithm" and select CHACHA20-POLY1305. Eddie Android edition will then filter and connect to VPN servers supporting CHACHA20-POLY1305 and will use the cipher both on Control and Data channels. In our web site Configuration Generator, after you have ticked "Advanced Mode", you can pick OpenVPN version >=2.5, and also select "Prefer CHACHA20-POLY1305 cipher if available". If you're generating a configuration file for Hummingbird, select OpenVPN3-AirVPN: the configuration file needs to be different, because some new directives of OpenVPN 2.5 are not supported in OpenVPN3, and Hummingbird is based on OpenVPN3-AirVPN. In Eddie desktop edition, upgrade to 2.19.6 version first. Then select the above mentioned option. However, most desktop computers support AES-NI, so make sure to check first, because using CHACHA20-POLY1305 on such systems will cause performance harm when you go above 300 Mbit/s (if you stay below that performance, probably you will not notice any difference). Also note that if your system does not have OpenVPN 2.5 or higher version you will not be able to use CHACHA20-POLY1305. If you wish to manually edit your OpenVPN 2.5 profile to prefer CHACHA20 on Data Channel when available: delete directive cipher add the following directive: data-ciphers CHACHA20-POLY1305:AES-256-GCM Pending Upgrade Server Schedule Kind regards and datalove AirVPN Staff

Last year it was announced on November 26: https://airvpn.org/forums/topic/45704-black-friday-week-sale-2019/?tab=comments#comment-102672 That was Tuesday before Thanksgiving.

@Staff When enabled in goldcrest.rc, IPv6 is falsely detected as unsupported: $ sudo goldcrest -O -S Mesarthim 2020-11-20 10:35:48 Reading run control directives from file /root/.config/goldcrest.rc Goldcrest 1.0.0 Beta 1 - 18 November 2020 2020-11-20 10:35:48 Bluetit - AirVPN OpenVPN 3 Service 1.0.0 Beta 1 - 18 November 2020 2020-11-20 10:35:48 OpenVPN core 3.6.6 AirVPN linux x86_64 64-bit 2020-11-20 10:35:48 Bluetit is ready 2020-11-20 10:35:48 Bluetit options successfully reset 2020-11-20 10:35:48 ERROR: IPv6 is not available in this system $ip -o -6 a 1: lo inet6 ::1/128 scope host \ valid_lft forever preferred_lft forever 2: enp39s0 inet6 2003:[…]/64 scope global temporary dynamic \ valid_lft 6843sec preferred_lft 1443sec 2: enp39s0 inet6 2003:[…]/64 scope global dynamic mngtmpaddr noprefixroute \ valid_lft 6843sec preferred_lft 1443sec 2: enp39s0 inet6 fe80::433c:773a:8904:118d/64 scope link noprefixroute \ valid_lft forever preferred_lft forever Failing if air-ipv6 and/or ipv6 are set to on. goldcrest.rc: # # goldcrest runcontrol file # # air-server Mesarthim # air-tls-mode <auto|auth|crypt> air-ipv6 on air-user OpenSourcerer air-password <that's my password, eh!> air-key <that's my key name, eh!> # cipher <cipher_name> proto udp # server <server_ip|server_url> port 443 # tcp-queue-limit <n> # ncp-disable <yes|no> network-lock off ignore-dns-push yes #ipv6 on # timeout <seconds> # compress <yes|no|asym> # proxy-host <host_ip|host_url> # proxy-port <port> # proxy-username <proxy_username> # proxy-password <proxy_password> # proxy-basic <yes|no> # alt-proxy <yes|no> # persist-tun <on|off>

@wireguard User "wireguard" is not an account with a valid AirVPN plan If you really wanted to show your support to AirVPN and prove that you are a customer, you would have written from an account with a valid plan. In reality, accounts like "wireguard" seem to be created with the only purpose to pump something and defame something else. From now on, write only from an account that has valid plan, to show that you are in good faith. Our plans about putting Wireguard into production in the near future have been published with a lot of details, albeit without a precise release date (and we have thoroughly explained why), so we will not write again for the nth time about them. About performance, please provide details as we do frequently. Currently we outperform Wireguard with our setup in AES-NI supporting systems, as you can see from our and our customers' tests, while Wireguard can outperform OpenVPN in CHACHA20 in non-AES-NI supporting systems. . When we put Wireguard into production, OpenVPN will stay, so investing in our own OpenVPN development is perfectly fine. Just a few reasons that make OpenVPN superior to Wireguard for many, different needs: it's faster than Wireguard in AES-NI supporting systems when it uses AES. Have a look here! it can be connected over stunnel, SSH, SOCKS5 and HTTP proxies, and Tor swiftly even for the above reason, for an ISP it's not so easy to block OpenVPN, while it's trivial to block Wireguard it supports TCP it supports dynamic IP address assignment it supports DNS push it does not hold in a file your real IP address when a connection is closed a significant part of our customers will not be able to use Wireguard effectively, simply because UDP is totally blocked in their countries or by their ISPs UDP blocking and heavy shaping are becoming more and more widespread among mobile ISPs, making Wireguard slower than OpenVPN in TCP even in mobile devices, or not working at all in mobility About Torvalds and Linux kernel, you only tell a part of the story. Wireguard was first put in some Linux kernel line when Wireguard was still in beta testing and no serious audit was performed, and not put in a kernel milestone release. A further note about battery draining you mentioned in one of your previous messages: our app Eddie Android edition and Wireguard, when used with the SAME bandwidth and the SAME cipher (CHACHA20-POLY1305), consume battery approximately in the same way, so that's yet another inessential point that does not support your arguments and show once more that our investments have been wise. Finally, let's spread a veil on your embarrassing considerations on ciphers, security, privacy and NSA. Let's underline only that CHACHA20.-POLY1305 is very strong, the cipher algorithm in itself (if implemented correctly) is not a Wireguard problem in any way. It would be a reason of deep concern if Wireguard needed OpenVPN defamation to convince us that it's a good software. Unfortunately various bogus accounts have been created with such assumption and purpose, and the hidden agenda is no more hidden. Kind regards

@sooprtruffaut Hello and thank you! Watch out! Source code is not available during beta testing. As usual we will make it available with the stable release. Raspberry Pi OS 64 bit actually has old libraries and the suite will not run in it, we're sorry. When Raspberry OS 64 bit beta testing is over, we plan to support it as well. Kind regards