Leaderboard

Hello! Some customers have contacted the support team asking for a comment on the port shadow attack described in CVE-2021-3773 and brought into the spotlight for the umpteenth time during the Privacy Enhancing Technologies Symposium 2024: https://citizenlab.ca/2024/07/vulnerabilities-in-vpns-paper-presented-at-the-privacy-enhancing-technologies-symposium-2024/ To explain why, unlike many other VPN services, AirVPN is not vulnerable to various attacks under the generic port shadow umbrella, please download the new paper and read below while watching table 2 on page 121: in our infrastructure public entry-IP addresses and public exit-IP addresses are not the same (M6). This is an absolute protection against ATIP, connection inference, and port forwarding overwrite and also makes port scan impossible (another reason for which port scan is impossible is given by additional isolation, see the end of the message) per-host connection limit is enforced (M3) making eviction re-route extremely difficult if not impossible static private IP address is implemented (M2) with WireGuard (it can be changed by explicit key renewal user's action) and highly likely with OpenVPN as long as the user connects to the same server with the same key, another (redundant) protection against port scan In our infrastructure additional protections are in place. We prefer not to disclose them all at the moment, we will just mention the block of any communication between nodes in the same virtual network either through private or public addresses. That's why, unlike any corporate VPN with shared resources, you can't contact any service inside the VPN (except the DNS), not even your own, from a machine connected to the same VPN in our infrastructure. Decapsulation as described on the paper is doomed to fail for this isolation/compartmentalization and this is also another reason for which port scans are not possible. TL;DR AirVPN infrastructure, according to the current state of the art in remediation and mitigation by security researchers as well as paper authors, is not vulnerable to the attacks described under the port shadow umbrella in this new paper. Kind regards & datalove AirVPN Staff

Hello! This guide could be exactly what you're looking for: https://airvpn.org/forums/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/ Please consider that direct access to iptables is available on Asus WRT Merlin but not Asus WRT. Upgrade (if your router supports it and you haven't already applied it) is easy and fast through the Asus control panel. Kind regards

It took me about 5 hours, but I've found a combination that brought Wireguard back online in router. However there is still a problem with cellular provider. Cannot find a way to connect via eddie, wireguard or openvpn (ios and android). The old ssh manual for android is not working either.

Hello! We're glad to know that you managed to solve the problem. Yes, for some reason their customer care could explain, Radmin interface blocks UDP connections. Eddie should not pick this interface for OpenVPN. For the readers: you can also tell Eddie to ignore any other interface by entering a valid name in Preferences > Networking > VPN interface name field (for example eddie) but, when Radmin runs, this solution could be insufficient. Kind regards

I agree with your sentiment - it takes a lot of time when you're unfamiliar with this stuff and are already busy doing something else. But it is easier than it seems. To renew the certificate: - Go to https://airvpn.org/ - Sign in - Select the "Client Area" tab - Under "VPN Devices" click the "Manage" button - Click the "Details" button - Click the "Renew" button Then do what Staff says in the above post: - run Eddie - on Eddie's main window uncheck "Remember me" - log your account out - log your account in (you'll need to re-enter your AirVPN credentials) - try again a connection