Jump to content
Not connected, Your IP:


Popular Content

Showing content with the highest reputation since 09/18/21 in Posts

  1. 6 points
    Hello! The current state of play as well as important clarifications. The issue occurs only in those OpenVPN clients linked against OpenSSL 3 and only to some of our users, see below Since 2017, our system generates CRT signed with SHA512 algorithm. Previously they were signed with SHA1. Regeneration of old CRT is not triggered and forced by us automatically, because it would invalidate any previous OVPN configuration file out there and lock out the user who does not follow our forum, notification e-mails etc. @rprimus you have a client CRT (user.crt) dated 2015. You and anybody else using pre-2017 user certificates: please go to your "Client Area" > "Devices" menu, renew your cert/key pair, re-download your OVPN configuration files from the Configuration Generator, use them and you will be fine. (*) The problem has never been caused by the CA certificate. Replacing the CA.crt is not mandatory, it just avoids warning message (that you can safely ignore and has nothing to do with the main issue of this thread) you may meet in Eddie Android edition, Hummingbird and Bluetit. Anyway, now even ca.crt is SHA512 signed, so you will not get anymore the mentioned warning (*) Yellow rows show certificates which use a signature based on a deprecated for security reasons hash algorithm (SHA1). They are still here to ensure backward compatibility, because we can't know whether you still use them in generated profiles. However, future OpenVPN versions might not allow them anymore. Click 'Renew' or 'Delete' to resolve the issue. After that, re-generate profile(s) with our Configuration Generator. If you run our client software Eddie, you just need to log your account out and in again from the main window. Kind regards
  2. 5 points

    AirVPN vs ProtonVPN.

    With all due respect for an old time customer like you, comparing AirVPN with ExpressVPN is an insult we can't accept. ExpressVPN has always been perfectly aware that one of its executives was an American intelligence operative who helped UAE human rights hostile government in cracking operations. We do agree with Edward Snowden when he says that you must not use ExpressVPN. Incidentally, ExpressVPN is now part of a big group that, throughout the past decade, was an adware based business with shady privacy practices. Please check: https://www.vice.com/en/article/3aq9p5/expressvpn-uae-hacking-project-raven-daniel-gericke https://twitter.com/josephfcox/status/1438127822883729412 https://twitter.com/Snowden/status/1438291654239215619 https://www.theregister.com/2021/09/14/expressvpn_bought_kape/ Kind regards
  3. 4 points

    AirVPN supports WikiLeaks in 2021 too

    Hello! We're very glad to announce that, in compliance with its mission, AirVPN proudly supports WikiLeaks https://wikileaks.org in 2021 too, with a 0.32577602 BTC donation, around 20,000 USD at the moment of the transaction. WikiLeaks is an international non-profit organization that publishes news leaks and classified media provided by anonymous sources. Since 2006, the group has released a huge amount of documents of paramount importance and public interest, with an outstanding 100% accuracy so far, which deeply changed our vision and knowledge of the world. https://www.blockchain.com/btc/tx/527abecb9e8959556fd01cba66b45890a71f643eddff3cb1d6f9d4ffd39dc15b AirVPN's mission: https://airvpn.org/mission Kind regards & datalove AirVPN Staff
  4. 3 points

    New technical specifications

    Hello! VPN DNS and "Assigned IP address" technical specifications just changed. All the changes have been reported in the https://airvpn.org/specs page. The changed section is: Assigned IP Servers support both IPv4 and IPv6 tunnels and are reachable over IPv4 and IPv6 on entry-IP addresses. DNS server address is the same as gateway, in both IPv4 and IPv6 layer. Chosen IPv4 Local Address OpenVPN: 10.{daemon}.*.*, Subnet-Mask: WireGuard: Chosen IPv6 Unique Local Address (ULA) OpenVPN: fde6:7a:7d20:{daemon}::/48 WireGuard: fd7d:76ee:e68f:a993::/64 The new sections are: DoH, DoT Every gateway/daemon assigned to you acts as a DNS (port 53), DoH (dns-over-http, port 443), DoT (dns-over-tls, port 853). DoH and DoT don't add any actual benefit, because plain DNS requests are encrypted inside our tunnel anyway. However, users might need it for special configurations. In such cases, use dns.airservers.org (automatically resolved into VPN gateway address). Our DNS returns a NXDOMAIN for "use-application-dns.net", for compatibility reasons. Special resolutions check.airservers.org - Gateway IPv4 and IPv6 addresses exit.airservers.org - Exit-IPv4 and exit-IPv6 addresses use-application-dns.net - NXDOMAIN, for DoH compatibility, ensuring Air DNS will be used (for anti-geolocation features) Special URLs https://check.airservers.org - Info about connected server https://check.airservers.org/api/ - Same as above, in JSON Use https://ipv4.airservers.org or https://ipv6.airservers.org - Same as above, specific IP layer Kind regards and datalove AirVPN Staff
  5. 2 points
    I just updated OpenVPN for Android to 0.7.25 (update was released on Oct 4 2021). Android 11, October 2021 security patch. I now can not connect to any AirVPN server anymore using the .ovpn files from the config generator. This is what it shows when I try to connect: OpenSSL: error:0A00018E:SSL rountines::ca md too weak OpenSSL reported a certificate with a weak hash, please the in app FAQ about weak hashes MGMT: Got unrecognized command>FATAL:Cannot load inline certificate file Cannot load inline certificate file Exiting due to fatal error Process exited with exit value 1
  6. 2 points
    Thu Oct 7 07:49:32 BST 2021 @Clodo > If you have this issue, please try to download this file: https://airvpn.org/static/keys/ca512.crt and replace CA crt in "OpenVPN for Android" config. Have verified the new signature: Signature Algorithm: sha512WithRSAEncryption however, still getting the error: OpenSSL: error:0A00018E:SSL routines::ca md too weak It appears that this is being generated from the embedded client cert: Signature Algorithm: sha1WithRSAEncryption Ref: https://github.com/schwabe/ics-openvpn/issues/1374#issuecomment-935944072 Update: from schwabe: "As for the CA. OpenSSL might also be upset by the CA sent by the server and not just the one used in the profile itself."
  7. 2 points
    The server is not in Berlin. M247, AS9009 does not have peering in Berlin. I checked with a looking glass run by a very nice person and it has multiple servers from different networks in Frankfurt and one server in Berlin. Apart from outsiders that have 14ms ping from allegedly FRA to FRA, most pings are ~1ms and confirm what traceroutes here show. The only lg Berlin server to Air's Cujam has got 8ms ping. That lg Berlin server is hosted on a network that's has peering at BCIX and ECIX-BER. Even if the Cujam server were 'physically in Berlin' then it doesn't matter because what matters to users is latency, alias geographic location. Back to what M247 say themselves, all four German DCs are in Frankfurt: Ancotel (Equinix), Interxion FRA4, Telehouse Frankfurt, Global Switch Frankfurt https://m247.com/services/host/dedicated-servers/ https://m247.com/services/cloud-hosting/ https://m247.com/services/host/colocation/ The only location in Germany on this map is Frankfurt. I cannot thoroughly check Spain, but again AS9009 is at DE-CIX Madrid and doesn't appear to be present at DE-CIX Barcelona, two Madrid servers' pings are 0.3ms and 2ms to "Barcelona" Eridanus. Whatever the reasons, the current descriptions are not representing the reality. PS: Actually the entire prefix/subnet is reported as Berlin by M247. Hence the geolocation databases say it is "in Berlin", that's the definition of a "virtual location" right? Still I see how it could be useful in certain cases even though the server is not physically there. Until this is clearly indicated, it will be a shortcoming especially in terms of sincerity and transparency.
  8. 1 point
    Hi, I worked for free on the 1st, 2nd and 3rd reading of the Telecoms Package for a grassroots organization in close contact and co-operation with several other organizations including La Quadrature du Net, EDRi, the Swedish Pirate Party and EFF Europe with Eddan Katz (International Affairs Director). I also worked against ACTA (the Anti Counterfeiting Trade Agreement) with Katz and several activists since when the very first secret discussion paper was published by Wikileaks in 2008 and up to the final and total "victory" with ACTA's rejection by the European Parliament in 2012. My main activities were legislative analysis, giving lectures in Brussels at the Commission and the Parliament sites, as well as around Europe, or having discussions with MEPs and when possible Commission personnel to defend and explain grassroots movements point of view. In 2010 I co-founded AirVPN and when it had so much success I moved to a more "fundamental", technical activism, and finally left the public activism with direct lobbying. soon after 2013, when AirVPN took 100% of my work time. Currently my activism is reflected by AirVPN activities, technical infrastructure, donations etc. Kind regards
  9. 1 point

    AirVPN vs ProtonVPN.

    More very important information: https://english.almayadeen.net/articles/analysis/exclusive:-expressvpn-insider-tells-all-on-companys-israelua Kind regards
  10. 1 point
    Windows will consider the OpenVPN network interface to be a "public" network. But this is not checked by default in the prompt you get when you first start a program that does networking. So a shorter and good enough way might be to: 1. Stop the torrent client. 2. Delete any firewall rules for the torrent client program. No great understanding needed for this. To start Windows Firewall you can find it the start menu, enter "WF.msc" in a command window or: right mouse-click the Windows "Start" button select "Run" enter "WF.msc" In "Inbound Rules" sort by "Program". Find your client, right-mouse click and "Delete". There is probably one entry for TCP and one for UDP. 3. Restart the torrent client. 4. When you get the prompt from Windows Firewall about whether to allow incoming connections, be sure to choose "public" in addition to "private". This will create new firewall rules for the torrent client program. EDIT: Another post about this here: https://airvpn.org/forums/topic/47259-qbittorrent-not-seeding/?tab=comments#comment-111500
  11. 1 point
    Well, as far as I can tell it's working.
  12. 1 point
    There is this. In the thread display, click on the circle on a marked as unread thread (star if you participated in it) to jump to the first unread post. This circle isn't there if there are no unread posts. Similar behavior if you click on a notification: "posted a post in X" -> brings you to the post. "reacted to your post in X" -> brings you to the reply someone reacted to. Apart from that, there are a few shortcuts for the editor, for example hold ctrl and right click for some more options. Haven't seen anything useful otherwise, even after years of usage. A useful feature are activity streams. They let you control which kinds of posts you'd like to see: What kind, from whom, in which forums, etc. Five are already there, the Unread stream being the most useful I think, the others are things like posts you created or the content you posted in. You could try looking for some kind of a manual on the developer's website (name of the board is InvisionPower Board, IP.Board or IPS). Link is in the footer of AirVPN's website (the CMS by IPS part).
  13. 1 point
    If you accuse Russia, Belarus, Kazakhstan and/or China of widespread internet censorship, you act against one of UN's best interests: Preventing hostilities. If you know that almost all sovereign states in the world are members, you may realize how very difficult it gets to release such a paper with clear and directed accusations of naughty things, knowing full well that some of those naughty countries possess the means to cripple the world, either by means of economy or warfare. So you keep a low profile when addressing countries directly. It's simply in no one's interest to do that, it's better to "suffer" the fact a naughty country does not particularly adhere to UN chartas than to chastise a member for it and risking god knows what. You also cannot expect the UN to have a clear opinion on internet censorship. Access to the internet is not a human right, let alone free-as-in-freedom access to it. Your measurement of how many times a country is mentioned is the same bogus as when some manager rates the quality of your code by how many lines you wrote. What it especially doesn't say is that UN endorses or even supports censorship, that's an entirely subjective, malicious interpretation.
  14. 1 point

    Windows 11 and AirVPN?.

    Hi! Since yesterday im on Win11 with latest 2.21.1 Beta. Everything works flawless. I really like it !
  15. 1 point

    VPN showing no internet

    If that server on your home rack is in the same subnet as the device you use to connect to it, then It shouldn't since local networks are exempt by default. But you can always check if the option is still enabled (Preferences > Network Lock > Allow private/LAN access).
  16. 1 point
    I came to the conclusion due to the changelog mentioning: Since a CA cert is also a X.509 cert, since OpenVPN errors out with "ca md too weak" and since OpenSSL puts out this line if read with -text: I made an educated guess that it must be this. Even though it may be nonsensical when we look at CA certs. Because, where else may that be coming from? The <cert> is sha512WithRSAEncryption. I've also looked into possible options/switches to suppress this check until a more general solution is available. So far I only stumbled upon a compiler flag for OpenSSL 3 disabling this behavior altogether, but it may be useful in other use cases; probably too much collateral damage. And OpenVPN itself simply invokes OpenSSL to do its checks, the logs outline it quite clearly. Probably nothing anyone can do with a quick OpenVPN directive, either. And to lower the security level… don't know if you can do that. I found --tls-cert-profile directive in the OpenVPN manual but it mentions 1 being the lowest security level, already called "legacy"…
  17. 1 point
    Not necessary, I think. It really looks like AirVPN's CA cert must be reissued with a stronger hashing algorithm. It's the only permanent solution.
  18. 1 point
    Hello, I have managed to reproduce issues #1 (quick connect button not working) and #3 (only system app selection for blacklist). Frustratingly, I can't right now reproduce #2 (VPN does not detect loss of connectivity), even though it's possibly the most important one, and it did happen again in the meantime while I wasn't collecting logs. I also can't reproduce #4 as I can now share Eddie's log - at least that's useful! I'm attaching both the Eddie log and the logcat - the period of interest is after 17:32 UTC (in the Eddie log) and 18:32 localtime (in the logcat). The only actions I performed were trying the quick start button, which failed to connect, and then displaying the blacklist app selection list. Please let me know whether this is helpful, and if there is anything else I can provide. As the logs do contain some personally identifying information, I am emailing them separately to support. P.S.: I think it's unlikely this is relevant, but for full disclosure the phone has, since my original report, been updated to the 1 September 2021 security update.
  19. 1 point

    air-vpn on a router

    If you're using Eddie, enable Network Lock. With vanilla OpenVPN it's much more complicated. Others may answer your first question.
  20. 1 point
    Sent a ticket
  21. 1 point

    Keep getting error checking ipv4 route

    Hello and thank you for your choice! Please make sure that you're running Eddie 2.19.7 or higher version (upgrade if necessary). Then, please try the following settings: from Eddie's main window select "Preferences" > "Advanced" de-tick "Check if the VPN tunnel works" click "Save" from Eddie's main window select "Preferences" > "DNS" de-tick "Check Air VPN DNS" click "Save" from Eddie's main window enable Network Lock Try again connections to various servers. Explanation of the issue: consider that AirVPN uses mainly LetsEncrypt certificates. Then read here: https://blog.germancoding.com/2021/04/16/lets-encrypt-and-expired-root-certificates/ Now, if you run a cURL version linked against OpenSSL 1.1.0 or older versions, or against LibreSSL older than 3.2.0, or GnuTLS older than 3.6.7, the validation chain will fail (and Eddie does use libcurl and curl). It's a TLS library bug. At the moment we can not fix on our side: we would cut out all Android versions older than 7.1, and we don't want to do so . Momentarily, the above quick fix will resolve the problem on Eddie. The initial checks become useless when you keep Network Lock enabled, so you don't have to worry about safety and security. Kind regards
  22. 1 point
    Hello! Now we do not enforce any micro-routing to Binance, we have just re-checked and we have tested from Netherlands servers to confirm. Can you please re-check now? Kind regards
  23. 1 point
    Yes, Google Search can index web sites even when the web server listens to non-standard ports, according to some Google executives. https://webmasters.stackexchange.com/questions/77378/does-google-treat-different-ports-as-different-sites https://webmasters.stackexchange.com/questions/61762/does-google-crawl-and-index-sites-hosted-on-an-ip-address-only-with-no-domain-n/61767#61767 Kind regards
  24. 1 point

    Eddie Desktop 2.21 beta released

    Can confirm. F 2021.09.27 10:04:47 - Unexpected error. Please contact our support staff. - ApplicationThread - Object reference not set to an instance of an object - at Eddie.Forms.Skin.ListView.GetResourceImage (System.String name) [0x0001b] in <8c142eee0ea14e0c850a8d3322cf5428>:0 F 2021.09.27 10:04:47 - at Eddie.Forms.Skin.ListView.OnListViewDrawSubItem (System.Object sender, System.Windows.Forms.DrawListViewSubItemEventArgs e) [0x0012f] in <8c142eee0ea14e0c850a8d3322cf5428>:0 F 2021.09.27 10:04:47 - at System.Windows.Forms.ListView.OnDrawSubItem (System.Windows.Forms.DrawListViewSubItemEventArgs e) [0x00019] in <fef229f3059c47f39598bb88ddd21818>:0 F 2021.09.27 10:04:47 - at System.Windows.Forms.ThemeWin32Classic.DrawListViewSubItemOwnerDraw (System.Drawing.Graphics dc, System.Windows.Forms.ListViewItem item, System.Windows.Forms.ListViewItemStates state, System.Int32 index) [0x0003a] in <fef229f3059c47f39598bb88ddd21818>:0 F 2021.09.27 10:04:47 - at System.Windows.Forms.ThemeWin32Classic.DrawListViewItemOwnerDraw (System.Drawing.Graphics dc, System.Windows.Forms.ListViewItem item, System.Int32 index) [0x00078] in <fef229f3059c47f39598bb88ddd21818>:0 F 2021.09.27 10:04:47 - at System.Windows.Forms.ThemeWin32Classic.DrawListViewItems (System.Drawing.Graphics dc, System.Drawing.Rectangle clip, System.Windows.Forms.ListView control) [0x00057] in <fef229f3059c47f39598bb88ddd21818>:0 F 2021.09.27 10:04:47 - at System.Windows.Forms.ListView+ItemControl.OnPaintInternal (System.Windows.Forms.PaintEventArgs pe) [0x00011] in <fef229f3059c47f39598bb88ddd21818>:0 F 2021.09.27 10:04:47 - at System.Windows.Forms.Control.WmPaint (System.Windows.Forms.Message& m) [0x0006d] in <fef229f3059c47f39598bb88ddd21818>:0 F 2021.09.27 10:04:47 - at System.Windows.Forms.Control.WndProc (System.Windows.Forms.Message& m) [0x001a4] in <fef229f3059c47f39598bb88ddd21818>:0 F 2021.09.27 10:04:47 - at System.Windows.Forms.ListView+ItemControl.WndProc (System.Windows.Forms.Message& m) [0x00071] in <fef229f3059c47f39598bb88ddd21818>:0 F 2021.09.27 10:04:47 - at System.Windows.Forms.Control+ControlWindowTarget.OnMessage (System.Windows.Forms.Message& m) [0x00000] in <fef229f3059c47f39598bb88ddd21818>:0 F 2021.09.27 10:04:47 - at System.Windows.Forms.Control+ControlNativeWindow.WndProc (System.Windows.Forms.Message& m) [0x0000b] in <fef229f3059c47f39598bb88ddd21818>:0 F 2021.09.27 10:04:47 - at System.Windows.Forms.NativeWindow.WndProc (System.IntPtr hWnd, System.Windows.Forms.Msg msg, System.IntPtr wParam, System.IntPtr lParam) [0x00085] in <fef229f3059c47f39598bb88ddd21818>:0 Eddie > Preferences > Routes > + Enter a domain, a sole IP or in CIDR notation. Save, triggering the error.
  25. 1 point
    @BKK20 Exactly. The port is always added as it is an integral part of the URI, but when omitted in the URI, this is auto-completed with :80 and :443 respectively for HTTP and HTTPS, as we already told you twice. AirVPN does not allow remote inbound port forwarding of ports between 1 and 2048, as reported in the FAQ and the manual. AirVPN is not a hosting provider. You might rent a VPS or a dedicated server to run your web server or any other service, and then you may make your service reachable on any port you like. If you don't need any privacy or anonymity layer for your web server (or other service), that's a logical solution, and it's not expensive. Kind regards
  26. 1 point
    @BKK20 Step 1 is almost correct: please remember that our VPN servers have different entry and exit-IP addresses The relevant DNS record must be set to the exit-IP address. Step 2 is correct.. "after that" is not correct. The proper URI for your browser would be http://www.example.com:34567 or https://www.example.com:34567 (http or https according to your web server settings). Also remember to access your web server running behind a VPN server from a machine that's not connected to the same VPN server. Kind regards
  27. 1 point
    Bug: When using master password disabled mode, the option to select a 'key' disappears, I need to scroll to the right a few times then back before it re-appears. Also, with the master password disabled, can the app be made to connect automatically now on boot?
  28. 1 point
    Hello! We see remarkable, intermittent packet loss spikes every other hour or so on most Dallas servers. We are investigating. Kind regards
  29. 1 point

    ANSWERED Devices connecting to same server

    Hi, you can, but it should work either way. Kind regards
  30. 1 point

    ANSWERED Devices connecting to same server

    @cannac In the meantime you can efficiently resolve the problem by editing the connection scheme in /etc/airvpn/connection_priority.txt (as root, with any text editor). Find the line: DEFAULT -> NL,California and change it into (for your specific case): DEFAULT -> US,NL on all devices. Then differentiate the white lists in each device bluetit.rc file according to the previous suggestion (subsets with empty intersection). Kind regards
  31. 1 point
    Add all possible IPs ebay-kleinanzeigen.de resolves to as exceptions. In Eddie in Preferences > Routes, in vanilla OpenVPN via multiple route directives, one for each IP (or simply the whole network, depends). route <IP> <netmask> net_gateway .
  32. 1 point

    ANSWERED Devices connecting to same server

    @cannac Hello! In reality the problems are caused by a much more subtle cause and a bug: Bluetit uses a global connection zone list, when the country is undetermined. When you enter a country with lowercase ISO code, Bluetit does not understand it, and doesn't know where you are. Therefore it consults default connection list, which includes the Netherlands and California. In your white list, you have included at least a California server (Aquila), thus Bluetit finds at least one valid server to connect to. On the contrary, when you entered "country US", Bluetit knew that your node is in the USA: the quick connection mode excluded all the servers in the US (in accordance with the safety rule which prescribes to avoid connections to servers located in the same country your client is too), and again no valid server was found in the white list. The above will be changed in the next release where the white lists will take priority in any case for the quick connection mode, regardless of the fact that Bluetit knows or not the country of your node. Kind regards
  33. 1 point

    ipleak uses Google Maps

    For the moment, we made the map visible with user confirmation, so there isn't anymore any request outside ipleak.net domain Thanks for the feedback
  34. 1 point
    @Stalinium Thank you. "Renew" is correct and accurate while "Regenerate" is inaccurate if not wrong. See also OpenSourcerer message. That said you all are right, English is not the first language of any member of the AirVPN staff and only one founder has a University doctoral preparation in English language (in scientific English, not in English literature), but he can't read and fix every and each document written by the whole staff. We promise we will do our best to improve. Kind regards
  35. 1 point
    @BKK20 Hello! DNS doesn't provide port numbers and DNS records do not listen to anything. It's some running software which "listens". And it's the client the one which picks the destination port to try. In a browser, if the port number is not specified, normally :80 for HTTP and :443 for HTTPS are added to complete the URL. The client must always specify the port as well, it's a mandatory field in TCP and UDP packets. Separate name and port with a colon. Example: http://somename.org:12345 As an additional option, you can also "re-map" your remotely forwarded port(s) to different port numbers. In this way packets reaching remote VPN server port will be forwarded to your node on another port number. Kind regards
  36. 1 point

    ANSWERED Devices connecting to same server

    @Staff My issue in my last comment has been solved. It appears that for airwhiteserverlist to work, country must be set with an ISO code that is all lower case. Otherwise I get the Error described above. Thank you for your time and help! This thread can now be closed.
  37. 1 point
    A bit of psychological support. Stalinium, you are not the only one. I had precisely the same experience and the same reservations about the terminology maybe a year ago when I first pushed that button. I am sympathetic though to English clearly not being the first language of at least most of the Air staff. It shows in their posts in general. I can nearly always comprehend just fine, but sometimes the wording feels peculiar. It's to be expected, and I'm certainly happier having them in Italy than in one of the English-dominant surveillance states. Long live Italian! OpenSourcerer, thanks for your patience. Much appreciated. As to what we expected to happen from "renew," think about OpenVPN's periodic internal key renewal. From the point of view of us mere users, it's a mysterious, behind-the-scenes thing that magically improves security. The first time I hit "renew," that's what my clueless nanobrain was thinking: magic, security, a button to push now and then. Having to redo configs encouraged me to study up and aim for microbrain status.
  38. 1 point

    ANSWERED Devices connecting to same server

    @cannac Hello! A solution which might meet your needs is partitioning the US Air VPN servers set into three empty intersection subsets, one per device, compiling airwhitserverlist directive with a unique subset in each device, and finally restarting the three connections via Goldcrest on the US country basis. and finally defining the connection mode in bluetit.rc as quick. If the connection mode is not defined as quick Bluetit ignores white and black lists but it does not warn you. A warning in the log and a clarification on the documentation will be implemented. By doing so you will never have two or more devices connecting to the same server. when the air-connect command for the same country is issued by different clients in different devices. If Bluetit connects during the machine bootstrap, remember to send disconnect first: enabled persistent network lock by directive networklockpersist ensures no traffic leak outside the VPN tunnel. In a future Bluetit version we might implement a new Bluetit run control file directive defining a white list for automatic connection at bootstrap so that you will not need to send a connection order via a client later on. Kind regards
  39. 1 point
    Moved to off-topic as support with qB is requested. Correlation != Causation. Please try upgrading qB to latest version first. qB offers an official PPA for this. Test it with the newest version and if unsuccessful, come back here.
  40. 1 point
    Can decline that, M247 never had physical locations on these POPs, they were virtual from the beginning. True but it worked before M247 was so heavily used. You can find a provider if you want, you just have to search, but its more convinient for Air to aggregate at one provider (one invoice.. one support team.. more discount..).But there are also other big provider which doesnt give a damn about DMCA and still provide multiple locations, datapacket (cdn77) for example where IVPN has quite a few servers. I just dont like the concentration of M247..
  41. 1 point
    Would the use of a VPN, such as AirVPN or ProtonVPN (in this case, I believe the users did not use the bundled service) or TOR prevent this situation? In the transparency report; the state over 700 cases of this nature out of 3000+ Legal orders. In which ProtonMail's parent corporation representation states they fought and denied hundreds more improper orders sent on by the Swiss authorities. Interestingly, most do not understand email is not a secure service by default, and ProtonMail's whole thing is encryption, because ultimately such as any VPN or service will know the originating IP of a user. The company was required to log, after legal request, which from a financial point of view, I believe is true because it costs money to data mine without any benefit, unlike Google for example. Also, when does an IP equal an individual? There must be more to the story. More reasons to use AirVPN imo, vs protonvpn because: no ZenDesk, no outsourced customer service, no outsourced payment processors, no parent company holdings as far as I know. Also I love the openess of your code, and willing to work with outsiders, such as the CLI wrapper. The activism also I agree with. So important: I created this account with the ability to use no linking information to anything, including a random string with @ and .com
  42. 1 point

    Eddie Desktop 2.21 beta released

  43. 1 point


    Similarly, any person or business who must say they're good, or long for validation of their belief they're good, can't be truly good. Take NordVPN for example: They've got hundreds of reviews because their discount codes are everywhere on the net, on YouTube and Twitch and on blogs and "VPN review sites". It's obscene how omnipresent the names of NordVPN and ExpressVPN are, no wonder it draws in people. And with people come such reviews. I think Staff wouldn't mind.
  44. 1 point
    Thanks for that. That helped me too
  45. 1 point
    Well, reading all posts on this forum could be time consuming... But I have read all the posts on this thread, and found no solution. Now, the good news is : I found one by myself. In case it could help someone, here it is : I just installed windows updates, ( I omitted doing that for a long time, including .NET framework v. 4.xx), Then, the required network adapter was installed without problem. I guess older versions of .NET framework triggered the fail. I wish this can be useful for other people, too.
  46. 1 point

    Running out of ports

    So it appears that mullvad has run out of ports for client port forwarding. https://mullvad.net/en/blog/2021/2/10/unfortunate-port-shortage/ What will be Air's position when it finally happens here?
  47. 1 point

    No new servers in a while?

    When I first started using Airvpn, total bandwidth (as displayed at the top of the page) was around 50xxxMbit/s from memory. Now it's currently up at 68xxx Mbit/s. Are there any plans for a commensurate increase in the number of servers; perhaps even the addition of some more countries in high b/w areas (Europe)? I know the likely response will be that the existing servers still have some headroom, but as utilisation increases, performance does suffer.
  48. 1 point
    Thank you! You pushed me into the right direction: While I was still waiting for the activation code from the merlin board, I searched for openwrt + IPv6 + VPN and found an entry in the board of PerfectPrivacy. I hope you do not mind me linking them here. Also the website is in German but I assume that will not be an issue for you: Issues with Merlin-VPN For future reference: There are two ways to fix this: A clever user over at the board of PP suggested to add the following lines to the configuration down at the VPN section of the router: pull-filter ignore "ifconfig-ipv6" pull-filter ignore "route-ipv6" Alternatively go to the IPv6 section of the router and switch it ON to "native". I noticed #1 connecting a tad faster than #2, so I went with that. Also I do not have a clue why switching IPv6 ON to then NOT use it actually works but ...hey... as long as it does the trick?
  49. 1 point


    Honestly, I think Tixati is the best client out there. I understand the whole open-source argument, but the client is so paper thin that you can reverse engineer the darn thing without much effort. They make little effort in preventing you from doing so (they just don't supply the code directly on a github or whatever). It's clean, it's concise, it has a low footprint, you can directly Bind the TAP adapter, and you don't have to mess with all these port settings and garbage that many clients require you to use. It just works right out of the box, bindable to the adapter, and no leaks. I have meticulously checked for any kind of leaks, and as far as I can tell, I've never so much as leaked a single packet. Very impressed, despite it not being "open source". That's just my two cents. Never had a moment of inconvenience out of it.
  50. 1 point

    Using AirVPN with Asus router

    About AsusWRT AsusWRT is a unified firmware developed by Asus for use in their recent routers. The firmware was originally based on Tomato-RT/Tomato-USB, but has since seen many changes. Asus started using this new firmware with their recent routers (RT-AC68U, RT-AC87U), but they also started moving other routers to this new firmware. Prerequisite Asus Router with AsusWRT (native OpenVPN support). Model tested: RT-AC68U but it should work for all Asus routers that have AsusWRT. see Official website for AsusWRT model support list. [Firmware Notes]: Please upgrade the router Firmware to the latest version. "New Asus Firmware supports 4096 bits key and will work with AirVPN." Steps 1. Create configuration files from our Config Generator. Select [Router or others] and choose a server you like. Tick on [Direct, protocol UDP, port 443] and click on [Generate]. Save the openvpn config file .ovpn (Ex: AirVPN__UDP-443.ovpn) anywhere on your computer. 2. Open the Asus router webinterface and click on [VPN]. Click on [Add profile], choose [OpenVPN] tab. Enter a "description", leave username and password EMPTY. Click on [browse] and select the downloaded openvpn config file (.ovpn). Click on [upload]. Click on [OK]. That's it now you can click on [Activate] to connect to AirVPN server. 3. Make sure to setup the AirVPN DNS this way: Click on [WAN] tab. Turn [DNS server] "off" (No) and enter AirVPN's DNS as first DNS IP address (it's DNS for Protocol UDP, Port 443 - see Specs for more details). About the secondary DNS entry, we recommend picking ones from the OpenNIC Project. The AirVPN DNS will enable you to access AirVPN geo-routing services to bypass discriminations based on IP address geo-location. 4. Visit https://ipleak.net and check whether it works. Every client (PC, Smartphone, Console, Smart TV ..) which is connected to the router now is secured by VPN and also has full access to the anti-geo-blocking service. Useful Info A custom firmware for Asus routers based on official AsusWRT called Asuswrt-Merlin is available. AsusWRT-Merlin retains all the features of the original stock AsusWRT firmware with added/enhanced features. More info on AsusWRT-Merlin website http://asuswrt.lostrealm.ca/features
  • Create New...