Jump to content
Not connected, Your IP:


Popular Content

Showing content with the highest reputation since 07/01/21 in Posts

  1. 4 points

    ANSWERED CBS Broadcasting Inc. (CBS)

    Website: http://www.cbs.com Watch CBS television online. Find CBS primetime, daytime, late night, and classic tv episodes, videos, and information. Status: OK Native: no servers Routing: all servers Updated: 03-Aug-18
  2. 2 points

    Happy AirVPN power user

    I don't know what to write about... Everything's fine and I love AirVPN. Sounds cheesy but it is what it is. I've been using AirVPN for half a year. Many servers to choose from, very transparent from the user's point of view - something I value. Transparency about server status and an API (admittedly I haven't used it much). From reading the forums I grasped that AirVPN has very strict (legal) criteria for choosing server locations (countries), an approach that is unique across all providers I've seen so far. Yea placing servers in China wouldn't be the best idea or many other more "democratic" as a matter of fact which were ruled out. The config generator is awesome if you're not using their open source client Eddie (bonus points again!) - plenty of flexibility. Configs? Afaik there're some providers out there who still have user/password prompt on each connection, laughable. AirVPN not only properly makes use of certificates (that's how the server knows you are you without asking for credentials) and on top of that allows you to properly distribute different access keys across your devices (in case of theft etc). Lost a device? Revoke access to that single one and done! Port-forwarding support ALONG WITH Dynamic DNS is unparalleled. Sure an advanced user probably could create an ad-hoc DDNS solution for themself, but offering it along the VPN is ingenius. The servers are very stable, the stats currently show a user has been connected since January. I've read comments where other VPNs often force reconnects etc, that just sounds wild to me. Before AirVPN I've been on a private VPN server with 24/7 uptime and that's the quality of service I got used to and wouldn't want to downgrade from (looking at those other VPN providers) The AirVPN forums are a great source of information. The staff cannot be commended enough for responding to concerns and generally being here for discussion. @OpenSourcerer is a damn community hero, this place is unimaginable without him! I myself have contributed in one form or another and will continue to. As a side note to forums: AirVPN appears to have customized the forum software for privacy. I can't assess how far it goes (hopefully "enough"), and it's a far better choice than those completely relying on Reddit - undoubtedly a useful puppet of/for the certain government. The only problem I've had was with initial payment. I bought the 1 month plan and found no clear indications it was still active (because it is a PayPal recurring payment), so before the month expired I bought the 1 year plan. I was quite surprised to see a few days later my access days to have been extended by +31d - the automatic Paypal payment kicked in and I paid a single month extra. Though I like the service so much I decided not to bother with a refund (consider it a donation hehe). You need to login in Paypal to cancel those, I wish this was made clear/er. What's unclear to me was whether/how much info is retained on payment after all the transactions... but to grossly paraphrase an official response: use crypto. Just make sure your mug shot (photo) isn't connected to the coin wallet Roses are red, AirVPN's great.
  3. 2 points
    Use entry 3 ip address of servers which supports tls-crypt and choose udp proto along with chacha20-poly1305 cipher on arm devices (like phones) or aes-gcm on processors support aes-ni instructions. (Intel, AMD, ...) for a good mixture of speed & security. About video streaming services, unfortunately, AirVPN doesn't cover them. (Some of them may work. you should try urself)
  4. 2 points
    @OpenSourcerer Just to clarify that this is not "fake news": https://www.eff.org/deeplinks/2021/06/if-not-overturned-bad-copyright-decision-will-lead-many-americans-lose-internet A moderator can not threaten an ex ante, pre determined censorship based on the source of the information, be it a web site or anything else. Before you enforce your censorship power we gave you, you must cross-check and verify. If you are not able to do so beyond a reasonable doubt, or you have not the time or will to do so, do not censor. Kind regards
  5. 1 point
    The choice of distribution is often a personal or even ideological one, but do know that the Arch family is generally aimed at either sophisticated Linux users or people who like digging deep into documentation. Still, welcome to the Linux world! Every soul switching from Windows is a win for everyone. We're glad to have you. Having that written, I don't know if Manjaro changes it, but Arch's default NetworkManager connectivity check fetches ping.archlinux.org. You could consider changing this by creating/editing /etc/NetworkManager/conf.d/20-connectivity.conf with the contents from the wiki. Could also use an URL or yours and check for certain content, but that's up to you.
  6. 1 point
    Thanks for the responses. Elevation Service was already set to Automatic start; it just always exited immediately. OpenSourcerer guided my thinking to a related solution. I completely uninstalled Eddie using Revo, which also removed all related Registry entries, then reinstalled it. Everything's working again.
  7. 1 point

    Ain, Sweden server overloaded?

    Just to provide an update: the Staff has indeed tweaked the server last week and it appears fine on monitoring Maybe more to come but it looks fixed now. Its a great example of "include your users in the process" ❤️ no bouncing of support tickets back and forth due to outsourced support haha. Probably we've all been on the internet long enough to have experienced it first hand
  8. 1 point
    WireGuard support is welcomed, but how will the privacy issues of the WG server daemon be handled, namely, the static assignment of internal IP addresses? Will AirVPN use a dynamic WG https://git.zx2c4.com/wg-dynamic/about/docs/idea.md? If not, how is AirVPN able to offer similar level of privacy for customers using WireGuard as for those using OpenVPN? How about obfuscation of WireGuard packets? Are you planning to include a self-made patch to hide the usage of WireGuard or do you trust to SSH and TLS tunneling?
  9. 1 point

    Best settings for speed and security?

    fully agreed on my netgate hardware
  10. 1 point

    Happy AirVPN power user

    Wow thanks on the DDNS correction. Sneaky trademarks. I find having reddit as an alternative (even if it were as often used as the forums) is OK. But some solely rely on reddit that I find no bueno despite being a somewhat active user. I've seen one. You aren't a smooth looking crim... professional to use official language to guard yourself off any possible criticism. As far as moderation goes: as long as you can accept mistakes and learn from them moving forward, it's fine.
  11. 1 point

    Eddie Desktop 2.21 beta released

    Hello @Clodo, Confirmed, "Don't ask elevation every run" is checked. Yes. No, an UAC prompt does not appear. The strange thing is that I only get an UAC prompt from Windows on boot if I have Eddie set to "Start with System". Any manual start of Eddie never produces an UAC prompt... I hope that this helps...
  12. 1 point
    Suggestion: Implement a system where all warnings, errors and messages that say "contact eddie staff" are logged separately. These might be considered "fatal" or "critical" errors (along with 'warnings'). It may also be worth considering an OPT-IN telemetry system, where I can review the data being sent and click a button to send that to AirVPN automatically. I think there's a lot of room to capture errors you're not hearing about to improve eddie stability. Not everyone is going to come onto a forum, register an account, provide detailed logs and engage with the devs, this software should be smart enough to present issues to the user (which it does) and get that to the devs in an error report (with OS version etc) My crashing error for example would really benefit.
  13. 1 point
    Hello to Clodo and the team. Thanks for new beta release, I have bug reports that are present even on 2.20.0 (stable). I put them in a list and have logs where relevant. I can expand further if required. OS: Windows 10 (various versions, tested on a few different devices). 1: Sometimes, on cold boot, eddie hangs with a message "waiting for deamon". When this happens I can observe via task manager "openvpn.exe" is already running, I kill this process and eddie kicks into life. There is an apparent race condition where openvpn.exe starts before eddie. 2: Eddie is leaking network traffic on boot - even though it is selected to run as a service it sometimes asks during a UAC pop-up to allow eddie to be launched (similar to a bug described above). At times, even when the pop-up does not appear (it's temperamental), I can open firefox, go to whatsmyip and it'll show my real IP. Eddie needs to work without leaking my real IP for not even 1MS - I never want my real IP leaked, and before eddie starts there are a few seconds where it can, please patch this so there is no connectivity before eddie starts. 3: When I resume from hibernate (cold boot, after several hours) I *always* get errors from Eddie that results in a crash of the entire application. I'll report the exact error next time I see it. Here are some other errors I noticed, with their relevant log entries: 1 E - Fatal error occured, please contact Eddie support: Routes, remove for interface "Local Area Connection (Wintun Userspace Tunnel #2)" failed: Exception: exit:1; out:Element not found. - at Eddie.Core.Platform.Route(Json jRoute, String action) 2 Fatal error occured, please contact Eddie support: Windows WFP, unexpected: Rule 'ipv6_block_all' already exists - at Eddie.Platform.Windows.Wfp.AddItem(String code, XmlElement xml) [The above error is repeated several times] 3 W - Windows WFP, unexpected: Rule 'dns_block_all' already exists Kind regards.
  14. 1 point

    Eddie Desktop 2.21 beta released

    After the testing, our Config Generator will be able to create WireGuard .conf file, usable without Eddie (wg / wg-quick or any official WireGuard app).
  15. 1 point

    Eddie Desktop 2.21 beta released

    Hello, I am having one issue with this new beta version. When I boot my system (with Eddie set to start with system), I now get an UAC prompt from Windows for Eddie-UI.exe that I must confirm. I have not seen this since the Eddie-Service-Elevated.exe was added to the Eddie package and Eddie-UI.exe was rewritten several versions back. I did a complete removal of Eddie (including profile and tunnel drivers), then did a fresh install leaving all settings at default. I still get an UAC prompt for Eddie-UI.exe from Windows at boot that must be confirmed. This seems to be a bug but of course there is always the possibility that I may be doing something wrong. Windows 10 Pro 64-bit Version 21H1 (OS Build 19043.1110)
  16. 1 point
    Update* I'm able to run the new beta of Eddie 2.21.0 - all previous versions I tried were unable to elevate their priviledge. Thanks for continuing to improve Eddie, I really appreciate it.
  17. 1 point

    Eddie Desktop 2.21 beta released

    2.21 beta working perfectly on Windows 11 22000.100.
  18. 1 point

    Strange Connection Problem?.

    not sure about the wintun thing, i know it's suppose to be faster, but i'm using regular "tap" adapter and i get same speed with or without vpn just with higher latency, but i'm also only on a 180Mb connection... but if you are having issues but as far as the speed goes there's a sticky on page one i was just reading a few min ago and it was looking like there could be some isp's that are throttling vpn traffic sometimes? but there was a fix in that thread that seemed to help a few people out. Look on the first page of the troubleshooting section for a stickied entry titled " Every VPN is slow for me, despite the well-reviewed VPNs I'm trying. Is it possible my ISP is causing this? ... " also like you, i'm on win 10, and every once in a while i'll get that same thing with a "no internet" symbol in the task bar, but internet still works. but mine is usually when bringing the computer out of standby, don't think i've ever had it happen when disconnecting from air, but i'm also not using wintun, not sure if that's anything to do with it, but i do know it's a lot newer tech. but just like you if i restart it goes back to normal operation so its prob a windows bug and not an "air" problem. because i've seen it happen randomly on other pc's too that aren't running vpn. edit: just found this link in another thread talking about how to fix the "no internet" bug on win 10, if this doesn't help check out the thread on it here in troubleshooting. https://www.windowslatest.com/2020/07/18/windows-10-no-internet-connection-problem/
  19. 1 point

    Eddie Will Not Turn Off

    For anyone still experiencing the issue that Eddie freezes/is unresponsive, a workaround is to NOT minimize Eddie. It seems to crash only when minimized. The Airvpn support team has been advised and should investigate further.
  20. 1 point

    Ain, Sweden server overloaded?

    @Stalinium Hello! We might have underrated the non-linear growth of load over clients amount, which is very difficult to compute in advance because it depends not only on bandwidth required by a client, but (also) on an unknown variable, that is the amount of half.-connections established by single clients, which varies enormously over time and by single clients (different usages). We are fine tuning and resolve the issue if necessary, thank you for the head up. Kind regards
  21. 1 point

    FreeBSD setup guide

    @m1ster Hello! You can't build Hummingbird or the AirPVN Suite in FreeBSD because OpenVPN3 AirVPN library needs various modification for FreeBSD, you will not be able to even compile it at the moment. We have plans to port the AirVPN Suite to FreeBSD later this year, but first we need to adapt the library, which might be or not a trivial task, and we must release a new Eddie Android edition version before the summer is over. At the moment you only have the Linux binary compatibility mode option (try with Hummingbird, as Eddie will have too many complications due to Mono), and of course OpenVPN 2.5.2. Hummingbird and the Suite support and have always supported pf, the default FreeBSD firewall, but different directory tree and some other issue may cause trouble. https://docs.freebsd.org/en/books/handbook/linuxemu/ Anyway we assure you that FreeBSD support improvement with native applications remains our goal for 2021. Our FreeBSD users are many (25% of our Windows customers, and 20% of our Linux customers, who are currently the absolute majority), not to mention the system outstanding superiority, so stay tuned. Kind regards
  22. 1 point

    Eddie+Hummingbird DNS Warning

    You can ignore them. You'll still be able to connect to AirVPN servers and have a secure tunnel.
  23. 1 point
    Working fine here now ! Thanks a lot !
  24. 1 point
    Whatever quirks and treats you pulled out of your sleeve ... it's working now just as slick and quick as always experienced. Thank you for solving this (at least for me that is).
  25. 1 point
    You have not been able to gift a game across regions on Steam for years. The only way to save on regional pricing is by moving your account to that country and using a payment method located in said country. AirVPN is blacklisted on Steam. There are some parts on Steam you can access if you already have an account. But for example, if you are using AirVPN and try and access the Community, it will not connect. The same is true for NordVPN. There are other VPN providers that this is not an issue.
  26. 1 point

    DoubleVPN - Take down

    Perhaps there was part of the story that got skipped over? Correct me if I am wrong, but did they really make all this fanfare with media/press releases and not make a single arrest? Color me unimpressed if that is all they can muster from exhausting all of the aforementioned resources. =/
  27. 1 point


    @OpenSourcerer Personally, I think Nord has a lot reviews because they send and email after each purchase asking for them. As Nord is heavily marketed they probably rotate a lot of users - that's why they have so many reviews. There are no many users who would willingly write a positive review by themselves.
  28. 1 point


    Hey, my 2 cents. Trutpilot seems a reputable website for reviews,. Incredibly, in the VPN busines gems like Mullvad and AirVPN have less than 40 reviews, while big bluffs have hundreds or thousands. Why don't we, as a community, write more reviews about truly serious VPN services in Trustpilot? I already did for Air! What do you think?
  29. 1 point

    Using AirVPN on OPNsense

    Hi, 1. Open the .ovpn file in notepad or something and copy everything from resolv-retry infinite down to the bottom. Go to vpn -> openvpn -> clients and select your openvpn instance Set it to SSL/TLS/UDP4 (I haven't tested with anything except UDP4) Insert a hostname / port Go to Advanced Box & Paste, click save and connection should come up under vpn->openvpn->connection status
  30. 1 point
    Also post/upload the Goldcrest log output, please.
  31. 1 point
    You do realize the error message tells you what is wrong? Use a dash - instead of an underscore _.
  32. 1 point

    tls-crypt on DD-WRT: got it working!

    @YLwpLUbcf77U Hello! It's not something DD-WRT specific, it's an OpenVPN working mode. TLS mode is essential to use all the OpenVPN security features, including PFS. We only operate OpenVPN in TLS mode. When OpenVPN works in TLS mode, TLS Crypt encrypts the whole Control Channel from the very beginning, while TLS Auth does not. Therefore TLS Crypt hides to DPI OpenVPN protocol fingerprint and it's much harder blocking OpenVPN in TLS Crypt mode than blocking OpenVPN in TLS Auth mode. TLS Crypt and TLS Auth are mutually incompatible, and each OpenVPN daemon working as server can only work with TLS Auth or TLS Crypt. That's why we offer different IP addresses for TLS Crypt and TLS Auth modes: Also note that TLS Auth and TLS Crypt keys are different. A more elaborated and precise description can be found here (1st answer): https://serverfault.com/questions/929484/openvpn-2-4-security-differences-between-tls-crypt-and-tls-auth Kind regards
  33. 1 point
    found the problem, /etc/resolv.conf had the router in first line.. thanks for pointing in the right direction
  34. 1 point

    Eddie disconnected, no internet

    It's not internet that's missing, it's probably just the DNS servers not being resetted, suggesting quite an ancient bug of Eddie. Try upgrading Eddie first.
  35. 1 point
    @flat4 Hello! The agreements between intelligence offices to exchange information more liberally are irrelevant for our purposes, due to the nature of our service. They do not make the situation worse. You have absolutely no additional protection from traffic monitoring by intelligence agencies according to the location of the server, as Snowden documents show. If the adversary has such vast powers, our service is insufficient by itself alone in any case and in any country, and the only level of defense (which may be very effective!) is enforcing what we call "partition of trust". https://airvpn.org/forums/topic/54-using-airvpn-over-tor/?tab=comments#comment-1745 Provided that the target device is not compromised. of course... any attacker with vast power and precise targets will save time and efforts by simply cracking the device of the target, instead of hunting packets all around the world and correlating them. Kind regards
  36. 1 point
    @monstrocity Hello! The errors and embezzlement caused by bogus copyright notices are notorious since 2008 at least. That's a decisive reason to understand how the graduated response must include the constitutional right to a due process, and that each copyright infringement claim must be validated or rejected by a court, if the alleged infringer wants to exercise her fundamental right to a due process with presumption of innocence. How bogus notices can be sent, and how a malicious user knowing your IP address can trivially cause an arbitrary amount of copyright notices to be sent to you, was well explained many years ago in the scientific paper "Why my printer received a DMCA takedown notice". http://dmca.cs.washington.edu/uwcse_dmca_tr.pdf The fact that, in spite of all the above, various companies still dream of automated graduated response and deletion of the right to a due process and the right to legal defense shows, in our opinion, the mental imbalance of certain persons and the hidden agenda to keep making money with bogus activities: business for companies which offer their services to monitor p2p swarms and automatically generate notices was quite big years ago. And it's also sad to see, when citizens defend the copyright mafia graduated response concept, how easily many citizens are inclined to renounce to fundamental, human rights. @ProphetPX The news you reported seem to be confirmed independently by TorrentFreak, which published a day earlier: https://torrentfreak.com/comcast-suspends-internet-connection-for-downloading-torrents-210630/ Kind regards
  37. 1 point

    DNS Based Adblock

    Net neutrality is something only ISPs have to obey to in regard to the end user. There is no obligation for VPNs to forward unwanted traffic against the VPN users will. Also net neutrality is regulated differently in different countries. It has been demonstrated that this has been done successfully IMHO. I never had any issues with the usual block lists... but others may have different experiences, I admit that. On Android systems with mobile one can surely use e.g. NetGuard (which I use) or others. The problem is that such apps use the native VPN function. This can only be used by one app. AirVPN can than not be used as well 😞 ...
  38. 1 point

    Linux: AirVPN Suite 1.1.0 released

    @cheapsheep @Staff Hello, thank you both for your help. Using "aircipher" has worked and the problem is solved. To give you more details, I was using the config from the beta versions of AirVPN Suite, which is why the older settings were used. I'll pay close attention to the new directives in case I need to modify things in the future. Thanks again for your help both of you!
  39. 1 point
    I have a reason to believe that M247 is falsifying a few of its server locations which it sells to VPN companies such as AirVPN. Disclaimer: I am not accusing AirVPN of participating in this falsification, I believe that AirVPN staff has the integrity and honesty to only purchase servers in locations they know are correct as advertised. My hypothesis is that AirVPN was merely duped into buying thse falsified locations because M247 claimed that they were real locations and AirVPN did not have any reason to suspect anything to the contrary. I noticed recently that the M247 "Phoenix" location seems to really be located in Los Angeles, M247 "Barcelona" location seems to really be in Madrid, and the M247 "Berlin" location seems to really be in Frankfurt. Traceroute shows identical routes between each of these false locations and the real location they are in, not to mention that neither Phoenix, Barcelona, or Berlin appear on M247's list of locations on their website Disclaimer 2: All of the data below is shown as it was generated, with the only thing being edited is the redaction of my ISP's traceroute hops for protection of my privacy. Exhibit A: "Phoenix" is really Los Angeles. Traceroute and ping to Indus , allegedly in M247 Phoenix Traceroute to Indus server traceroute to indus.airservers.org (, 30 hops max, 38 byte packets [Redacted my ISP's traceroute hops] 8 * * * 9 ae-5.r01.lsanca20.us.bb.gin.ntt.net ( 73.593 ms 68.449 ms 69.689 ms 10 ce-0-1-0-0.r01.lsanca20.us.ce.gin.ntt.net ( 66.818 ms 71.847 ms 72.087 ms 11 * irb-0.agg1.lax1.us.m247.com ( 89.481 ms et-0-0-49-0.agg1.lax1.us.m247.com ( 79.797 ms 12 vlan2921.as09.lax1.us.m247.com ( 123.200 ms 71.520 ms vlan2909.as09.lax1.us.m247.com ( 74.228 ms 13 * * * 14 * * * Traceroute from Indus to Google traceroute to google.com (, 30 hops max, 60 byte packets 1 ( 69.597 ms 69.603 ms 69.595 ms 2 vlan177.as09.lax1.us.m247.com ( 69.687 ms 69.711 ms 69.778 ms 3 irb-0.agg1.lax1.us.m247.com ( 633.031 ms 633.038 ms 633.034 ms 4 ( 69.490 ms 69.452 ms 69.546 ms 5 ( 69.661 ms te-4-3-0.bb1.lax1.us.m247.com ( 69.769 ms 69.821 ms 6 ( 69.615 ms ( 67.888 ms ( 68.754 ms 7 ( 67.871 ms ( 68.216 ms ( 68.221 ms 8 ( 68.254 ms ( 68.228 ms ( 68.243 ms 9 ( 68.818 ms ( 68.598 ms 68.843 ms 10 ( 68.806 ms ( 69.010 ms ( 76.905 ms 11 ( 76.921 ms ( 80.406 ms ( 75.588 ms 12 ( 81.965 ms ( 78.518 ms 80.377 ms 13 ( 75.650 ms 75.356 ms ( 77.960 ms 14 sfo03s07-in-f14.1e100.net ( 82.906 ms ( 77.106 ms sfo03s07-in-f110.1e100.net ( 103.936 ms Ping to Indus PING ( 56(84) bytes of data. 64 bytes from icmp_seq=1 ttl=57 time=69.5 ms 64 bytes from icmp_seq=2 ttl=57 time=68.8 ms 64 bytes from icmp_seq=3 ttl=57 time=69.1 ms 64 bytes from icmp_seq=4 ttl=57 time=68.0 ms 64 bytes from icmp_seq=5 ttl=57 time=69.3 ms 64 bytes from icmp_seq=6 ttl=57 time=68.5 ms 64 bytes from icmp_seq=7 ttl=57 time=70.0 ms 64 bytes from icmp_seq=8 ttl=57 time=69.2 ms 64 bytes from icmp_seq=9 ttl=57 time=69.7 ms 64 bytes from icmp_seq=10 ttl=57 time=68.1 ms Hmm, I wonder why all the M247 router hops are all labelled as "LAX1" for a "Phoenix" location??? Now we will compare this to Groombridge, a server in M247 Los Angeles Traceroute to Groombridge traceroute to groombridge.airservers.org (, 30 hops max, 38 byte packets [Redacted my ISP's traceroute hops] 7 * * * 8 ae-2.r25.lsanca07.us.bb.gin.ntt.net ( 74.561 ms 97.764 ms * 9 ae-5.r01.lsanca20.us.bb.gin.ntt.net ( 73.048 ms 70.967 ms 73.707 ms 10 ce-0-1-0-0.r01.lsanca20.us.ce.gin.ntt.net ( 65.112 ms 73.968 ms 71.939 ms 11 irb-0.agg1.lax1.us.m247.com ( 77.359 ms * * 12 vlan2926.as15.lax1.us.m247.com ( 75.003 ms 73.769 ms ( 67.763 ms 13 * * * 14 * * * Traceroute from Groombridge to YouTube traceroute to youtube.com (, 30 hops max, 60 byte packets 1 ( 71.514 ms 71.502 ms 71.493 ms 2 vlan170.as15.lax1.us.m247.com ( 71.810 ms 71.986 ms 72.005 ms 3 * * * 4 ( 75.969 ms te-1-2-0.bb1.nyc1.us.m247.com ( 76.140 ms ( 75.971 ms 5 ( 76.149 ms 76.154 ms te-4-3-0.bb1.lax1.us.m247.com ( 75.138 ms 6 ( 78.254 ms ( 73.797 ms 73.781 ms 7 ( 73.773 ms ( 73.975 ms ( 74.551 ms 8 ( 73.937 ms ( 74.759 ms ( 74.214 ms 9 * ( 74.196 ms ( 74.648 ms 10 ( 86.701 ms * ( 72.588 ms 11 ( 80.460 ms ( 81.648 ms ( 83.700 ms 12 ( 80.580 ms ( 79.787 ms ( 81.349 ms 13 ( 80.326 ms ( 81.308 ms ( 84.462 ms 14 ( 82.598 ms sfo07s16-in-f78.1e100.net ( 80.463 ms 81.950 ms Ping to Groombridge PING groombridge.airservers.org ( 56(84) bytes of data. 64 bytes from ( icmp_seq=1 ttl=57 time=68.8 ms 64 bytes from ( icmp_seq=2 ttl=57 time=68.8 ms 64 bytes from ( icmp_seq=3 ttl=57 time=68.9 ms 64 bytes from ( icmp_seq=4 ttl=57 time=68.0 ms 64 bytes from ( icmp_seq=5 ttl=57 time=70.4 ms 64 bytes from ( icmp_seq=6 ttl=57 time=69.0 ms 64 bytes from ( icmp_seq=7 ttl=57 time=70.4 ms 64 bytes from ( icmp_seq=8 ttl=57 time=67.6 ms 64 bytes from ( icmp_seq=9 ttl=57 time=68.3 ms 64 bytes from ( icmp_seq=10 ttl=57 time=68.0 ms Hmm, looks suspiciously similar to me... Routes are both the same, ping is near-equal Exhibit B: "Barcelona" is really Madrid Traceroute and ping to Eridanus, allegedly in Barcelona Traceroute to Eridanus traceroute to eridanus.airservers.org (, 30 hops max, 38 byte packets [Redacted my ISP's traceroute hops] 7 * * * 8 be2332.ccr32.bio02.atlas.cogentco.com ( 83.833 ms 82.655 ms 83.244 ms 9 be2325.ccr32.mad05.atlas.cogentco.com ( 86.389 ms 85.839 ms 86.422 ms 10 quantum-sistemas.demarc.cogentco.com ( 110.559 ms 171.268 ms 118.386 ms 11 * * * 12 * * * Traceroute from Eridanus to YouTube traceroute to youtube.com (, 30 hops max, 60 byte packets 1 ( 89.066 ms 89.077 ms 89.072 ms 2 * * * 3 xe-1-2-3-0.bb1.mad1.es.m247.com ( 89.002 ms 88.997 ms 88.992 ms 4 mad-b1-link.telia.net ( 89.157 ms 89.176 ms 89.172 ms 5 google-ic-314668-mad-b1.c.telia.net ( 89.168 ms 89.324 ms 89.328 ms 6 * * * 7 ( 92.637 ms ( 91.657 ms ( 91.548 ms 8 ( 92.059 ms ( 91.787 ms 144.397 ms 9 ( 91.930 ms muc03s14-in-f14.1e100.net ( 91.631 ms ( 91.934 ms Hmm, I wonder why M247's router hops in the "Barcelona" location are all labelled as "MAD1" Ping to Eridanus PING ( 56(84) bytes of data. 64 bytes from icmp_seq=1 ttl=56 time=89.4 ms 64 bytes from icmp_seq=2 ttl=56 time=85.9 ms 64 bytes from icmp_seq=3 ttl=56 time=84.9 ms 64 bytes from icmp_seq=4 ttl=56 time=85.5 ms 64 bytes from icmp_seq=5 ttl=56 time=86.4 ms 64 bytes from icmp_seq=6 ttl=56 time=85.0 ms 64 bytes from icmp_seq=7 ttl=56 time=85.3 ms 64 bytes from icmp_seq=8 ttl=56 time=87.1 ms 64 bytes from icmp_seq=9 ttl=56 time=85.8 ms 64 bytes from icmp_seq=10 ttl=56 time=85.3 ms Comparing this to Mekbuda, a server in Madrid M247 Traceroute to Mekbuda [Redacted my ISP's traceroute hops] 7 * * * 8 be2332.ccr32.bio02.atlas.cogentco.com ( 83.761 ms 82.333 ms 82.102 ms 9 be2325.ccr32.mad05.atlas.cogentco.com ( 86.121 ms 85.032 ms 86.308 ms 10 quantum-sistemas.demarc.cogentco.com ( 94.879 ms 87.337 ms 88.230 ms 11 * * * 12 * * * Route from Mekbuda to Youtube traceroute to youtube.com (, 30 hops max, 60 byte packets 1 ( 87.692 ms 87.693 ms 87.686 ms 2 vlan29.bb2.mad1.es.m247.com ( 87.696 ms 87.690 ms 87.750 ms 3 xe-1-1-0-0.bb1.mad1.es.m247.com ( 87.762 ms 87.758 ms 87.753 ms 4 mad-b1-link.telia.net ( 87.956 ms 88.558 ms 87.931 ms 5 google-ic-314668-mad-b1.c.telia.net ( 87.836 ms 87.992 ms 87.988 ms 6 * * * 7 mad41s04-in-f14.1e100.net ( 86.846 ms ( 98.934 ms 98.992 ms Ping to Mekbuda PING mekbuda.airservers.org ( 56(84) bytes of data. 64 bytes from ( icmp_seq=1 ttl=56 time=87.0 ms 64 bytes from ( icmp_seq=2 ttl=56 time=88.4 ms 64 bytes from ( icmp_seq=3 ttl=56 time=86.2 ms 64 bytes from ( icmp_seq=4 ttl=56 time=88.4 ms 64 bytes from ( icmp_seq=5 ttl=56 time=86.7 ms 64 bytes from ( icmp_seq=6 ttl=56 time=85.7 ms 64 bytes from ( icmp_seq=7 ttl=56 time=85.7 ms 64 bytes from ( icmp_seq=8 ttl=56 time=87.1 ms 64 bytes from ( icmp_seq=9 ttl=56 time=88.3 ms 64 bytes from ( icmp_seq=10 ttl=56 time=88.2 ms Once again, everything is near-identical, with only a slight difference in Youtube traceroute. Exhibit C: "Berlin" is really in Frankfurt First we will test ping and traceroute to Cujam, a Berlin M247 server Traceroute to Cujam [Redacted my ISP's traceroute hops] 6 * * * 7 ae-9.r20.londen12.uk.bb.gin.ntt.net ( 73.904 ms ae-11.r20.parsfr04.fr.bb.gin.ntt.net ( 78.812 ms 75.580 ms 8 ae-1.r21.londen12.uk.bb.gin.ntt.net ( 79.099 ms ae-2.r21.parsfr04.fr.bb.gin.ntt.net ( 85.715 ms ae-1.r21.londen12.uk.bb.gin.ntt.net ( 78.384 ms 9 ae-16.r20.frnkge13.de.bb.gin.ntt.net ( 91.553 ms ae-11.r21.frnkge13.de.bb.gin.ntt.net ( 91.521 ms ae-16.r20.frnkge13.de.bb.gin.ntt.net ( 94.728 ms 10 ae-0.a00.frnkge13.de.bb.gin.ntt.net ( 92.855 ms 89.619 ms 90.740 ms 11 ae-8-501.a00.frnkge13.de.ce.gin.ntt.net ( 91.869 ms 92.824 ms 93.136 ms 12 ( 90.856 ms vlan2945.agg2.fra4.de.m247.com ( 92.015 ms ( 89.007 ms 13 vlan2925.as03.fra4.de.m247.com ( 88.304 ms vlan2901.as03.fra4.de.m247.com ( 93.828 ms vlan2925.as03.fra4.de.m247.com ( 89.713 ms 14 * * * 15 * * * Traceroute from Cujam to YouTube 1 ( 89.968 ms 89.978 ms 89.972 ms 2 ( 90.041 ms 90.036 ms 90.134 ms 3 vlan2925.agg2.fra4.de.m247.com ( 89.915 ms 89.910 ms 89.905 ms 4 ( 90.078 ms ( 89.956 ms ( 90.199 ms 5 vlan2906.bb1.ams1.nl.m247.com ( 90.252 ms 90.009 ms ( 90.176 ms 6 ( 90.171 ms no-mans-land.m247.com ( 89.888 ms ( 89.597 ms 7 no-mans-land.m247.com ( 89.851 ms ( 89.962 ms ( 89.649 ms 8 ( 90.496 ms ( 89.578 ms ( 89.598 ms 9 ( 90.067 ms ( 90.020 ms ( 90.430 ms 10 * * ( 90.872 ms 11 ( 99.430 ms * ( 97.794 ms 12 ( 98.329 ms ( 97.997 ms 97.910 ms 13 ( 97.921 ms ( 98.316 ms ( 98.802 ms 14 ( 97.839 ms 98.060 ms 98.173 ms 15 ( 98.067 ms par10s27-in-f206.1e100.net ( 97.811 ms 98.150 ms Ping to Cujam PING cujam.airservers.org ( 56(84) bytes of data. 64 bytes from ( icmp_seq=1 ttl=53 time=90.3 ms 64 bytes from ( icmp_seq=2 ttl=53 time=91.8 ms 64 bytes from ( icmp_seq=3 ttl=53 time=91.7 ms 64 bytes from ( icmp_seq=4 ttl=53 time=92.5 ms 64 bytes from ( icmp_seq=5 ttl=53 time=91.3 ms 64 bytes from ( icmp_seq=6 ttl=53 time=92.1 ms 64 bytes from ( icmp_seq=7 ttl=53 time=90.5 ms 64 bytes from ( icmp_seq=8 ttl=53 time=91.3 ms 64 bytes from ( icmp_seq=9 ttl=53 time=90.0 ms 64 bytes from ( icmp_seq=10 ttl=53 time=92.1 ms I wonder why there's no mention of "Berlin" in the traceroute hops, instead says FRA4 for Frankfurt.... Next we will compare this to Mirfak, a M247 Frankfurt server Traceroute to Mirfak [Redacted my ISP's traceroute hops] 5 * * * 6 if-ae-66-8.tcore1.l78-london.as6453.net ( 93.049 ms if-ae-66-9.tcore1.l78-london.as6453.net ( 92.427 ms if-ae-66-8.tcore1.l78-london.as6453.net ( 92.662 ms 7 * if-ae-3-2.tcore1.pye-paris.as6453.net ( 94.296 ms * 8 * * if-ae-11-2.tcore1.pvu-paris.as6453.net ( 92.280 ms 9 * if-ae-49-2.tcore2.pvu-paris.as6453.net ( 91.508 ms * 10 if-ae-55-2.tcore1.fr0-frankfurt.as6453.net ( 100.752 ms 91.321 ms 92.308 ms 11 if-ae-55-2.tcore1.fr0-frankfurt.as6453.net ( 88.325 ms ( 96.137 ms 94.877 ms 12 vlan2946.agg1.fra4.de.m247.com ( 94.155 ms ( 93.367 ms ( 91.790 ms 13 vlan2917.as11.fra4.de.m247.com ( 101.641 ms vlan2945.agg2.fra4.de.m247.com ( 90.441 ms vlan2917.as11.fra4.de.m247.com ( 93.836 ms 14 * vlan2917.as11.fra4.de.m247.com ( 94.359 ms vlan2919.as11.fra4.de.m247.com ( 96.080 ms 15 * * * 16 * * * The only difference in this traceroute is that the traffic goes through TATA instead of NTT which the Cujam server goes through, but the destination for both is the same: M247 in Frankfurt Traceroute to YouTube from Mirfak traceroute to youtube.com (, 30 hops max, 60 byte packets 1 ( 96.778 ms 96.764 ms 96.774 ms 2 vlan27.as11.fra4.de.m247.com ( 97.067 ms 97.135 ms 97.329 ms 3 vlan2917.agg1.fra4.de.m247.com ( 96.705 ms 96.704 ms 96.699 ms 4 ( 97.120 ms ( 97.724 ms ( 97.107 ms 5 ( 96.833 ms 96.835 ms vlan2906.bb1.ams1.nl.m247.com ( 96.894 ms 6 no-mans-land.m247.com ( 97.037 ms ( 95.349 ms 95.494 ms 7 no-mans-land.m247.com ( 95.615 ms ( 98.342 ms ( 96.818 ms 8 ( 96.897 ms ( 97.534 ms ( 96.712 ms 9 ( 97.041 ms ( 97.279 ms ( 96.977 ms 10 * * * 11 ( 104.649 ms * * 12 ( 104.672 ms ( 116.455 ms ( 104.324 ms 13 ( 104.748 ms 104.733 ms ( 115.898 ms 14 ( 104.245 ms 104.183 ms ( 104.074 ms 15 ams16s29-in-f46.1e100.net ( 103.791 ms 103.813 ms 102.372 ms Ping to Mirfak PING mirfak.airservers.org ( 56(84) bytes of data. 64 bytes from ( icmp_seq=1 ttl=53 time=89.3 ms 64 bytes from ( icmp_seq=2 ttl=53 time=89.8 ms 64 bytes from ( icmp_seq=3 ttl=53 time=89.1 ms 64 bytes from ( icmp_seq=4 ttl=53 time=90.6 ms 64 bytes from ( icmp_seq=5 ttl=53 time=89.6 ms 64 bytes from ( icmp_seq=6 ttl=53 time=89.2 ms 64 bytes from ( icmp_seq=7 ttl=53 time=90.0 ms 64 bytes from ( icmp_seq=8 ttl=53 time=90.0 ms 64 bytes from ( icmp_seq=9 ttl=53 time=87.6 ms 64 bytes from ( icmp_seq=10 ttl=53 time=88.9 ms Again, everything is near-identical, suggesting that these Berlin, Phoenix, and Barcelona locations are just falsified geolocation information and nothing more. With near-identical traceroutes, and ping values that don't differ by more than 1-2ms , it is extremely unrealistic that these servers are in the locations they claim to be. If you think my data is wrong/inaccurate, then feel free to repeat my experiment yourself, you will find the same thing. I would like to reiterate that I believe that AirVPN has no part in this falsification and that they have no ill will, I think they were duped/deceived by M247 to believe that the Phoenix, Berlin and Barcelona locations are actually real physical locations M247 has their servers located in. I think after these findings, AirVPN should have a long discussion with M247 staff about this falsification that took place.
  40. 1 point
    @ProphetPX Hello! The "graduated response" in the United States (aka "three strikes") was a voluntary agreement between ISPs and copyright holders to terminate the line of an alleged copyright infringer for several months or one year, without court order and inaudita altera parte (no right to defense ex ante) and put him/her in a black list so that he/she can't re-connect to the Internet with any other provider while he/she serves his/her sentence for the alleged, unproven behavior. The agreement was followed by most if not all ISPs from 2011 to 2017, causing tens of thousand of controversial disconnections. However, it had no impact at all on on the amount of copyright infringements and it was abandoned in 2017. Sony attempt might aim at transforming the abandoned voluntary agreement into an obligation by law as it is in France, New Zealand and South Korea for example, by eroding, through a legal precedent, the safe harbor liability exemptions in the USA for ISPs. The graduated response is totally ineffective against those who protect their traffic behind serious VPN services. https://en.wikipedia.org/wiki/Graduated_response https://en.wikipedia.org/wiki/Online_Copyright_Infringement_Liability_Limitation_Act Kind regards
  41. 1 point

    Zone-based DNS Suggestion for US

    Is it possible that DNS recommends servers in the United States based on zone? Since it's a big country and connection quality varies for users around the world, I was thinking about having 3 A records for east, center & west (for example east.us3.vpn.airdns.org, central.us3.vpn.airdns.org, ... or east3.us.vpn.airdns.org, central3.us.vpn.airdns.org, ...) and each record is updated every 5 min with lightest server in that zone ... NY, FL & PA states for east, TX, IL & GA for center and CA & AZ for west.
  42. 1 point

    AirVPN 11th birthday celebrations

    Hello! Today we're starting AirVPN eleventh birthday celebrations offering special discounts on longer term plans. It seems like it was only yesterday that we celebrated the 10th milestone birthday, and here we are, one year later already. From a two servers service located in a single country providing a handful of Mbit/s, the baby has grown up to a wide infrastructure in 22 countries in four continents, providing now 240,000+ Mbit/s to tens of thousands of people around the world. We still define it as a "baby", but AirVPN is now the oldest VPN in the market which never changed ownership, and it's one of the last that still puts ethics well over profit, a philosophy which has been rewarded by customers and users. 2020 (and 2021 so far) have been harsh years for the mankind but we have no rights to complain too much because AirVPN was only marginally touched by those terrible repercussions which affected many other business sectors in general. In spite of that, we could not maintain our promise to deliver native software for FreeBSD and we apologize for the failure. However, releasing software for FreeBSD, specifically AirVPN Suite, remains one of our goals, so stay tuned. On the other hand, Eddie desktop edition, AirVPN Suite for Linux, Hummingbird for Linux and macOS, and OpenVPN 3 AirVPN library were updated substantially and swiftly. Moreover, Eddie Android edition development has been recently re-opened to provide a new version updated to new requirements and specifications of Android 11 during 2021. Hummingbird was natively released for M1 based Apple Mac systems too, allowing a dramatic performance boost (up to +100% in >100 Mbit/s lines). Behind the scenes, infrastructure had some paramount improvements. The whole network in the Netherlands has been enlarged with additional redundancy and several servers around the world have had hardware upgrades. In Sweden and Switzerland we started operating servers connected to exclusive 10 Gbit/s lines and ports, and we optimized the environment to obtain more bandwidth from the OpenVPN processes. We managed to beat the previous 1.7 Gbit/s barrier. The performance on the customer side has improved and reached new peaks of excellence, as you can see here: https://airvpn.org/forums/topic/48234-speedtest-comparison/?do=findComment&comment=130191 Furthermore, the infrastructure has become fully Wireguard capable and throughout 2021 we will start offering Wireguard connections, in addition to OpenVPN ones, in an hardened environment which mitigates the numerous privacy problems posed by Wireguard. Last but not least we re-started operations in a fourth continent, Oceania, with a new server in New Zealand. All AirVPN applications and libraries are free and open source software released under GPLv3. It's worth quoting literally what we wrote last year for AirVPN birthday: Kind regards and datalove AirVPN Staff
  43. 1 point
    Eddie works well with both my MS Windows 10 Home and Pro edition on two separate PCs. Have you considered doing a complete uninstall including removing any remaining AirVPN and Eddie leftover folders? Perhaps a registry clean up would help as well though I'm not sure Windows adds any Eddie items to the registry. I would also suggest a reboot after the uninstall. There is also consideration of doing a Network reset in Windows before doing a clean Eddie install. Though this may be inconvenient, it may also be the "fix".
  44. 1 point
    You're welcome.
  45. 1 point

    OMV + Transmission-OpenVPN + AirVPN

    Hello everyone, I had the same problem as you but at the end I ended up using qBitorrent-VPN from Markus McNugen. As I am on a Raspberry Pi, I used a fork (someone was really kind to make one!) but the normal repo should work also with the information provided on the GitHub page linked above if you're on another architecture. Here are the steps : So I created this folder : .../config/qBitorrentvpn/ & then the folder openvpn inside : .../config/qBitorrentvpn/openvpn/ I dropped in this folder (.../openvpn/) the following files got from AirVPN in the config generator : The .ovpn, ca.crt, ta.key, user.crt, user.key. To get these files from AirVPN, here are the steps and the options that must be chosen : Go to Config Generator Advanced Mode: Checked API Reference: Unchecked Select "Linux" IP Layer: IPv4 only Connect with IP layer: IPv4 Protocols: UDP/443 Bundle executables: No OpenVPN version: >=2.4 Separatekeys/certs from .ovpn file: Checked Proxy: None Choose servers: for example "Switzerland" Then, Generate. On the download page, download the zip file. Drop all the files included in the zip file (.crt, .key, .ovpn, ...) into your .../qBitorrent/openvpn/ folder Open the .ovpn file with notepad (or other software) and add this line at the end : auth-user-pass Still in the same folder (.../qBitorrent/openvpn/) create a text file (.txt if you're on Windows) that you will call auth-user-pass credentials.conf which will contain the following lines : username password Replace of course the username by your AirVPN username and the password by your AirVPN password. If you're on Windows (might be different on MacOS/Linux distro), delete the .txt at the end of the file so it is a .conf Now you can run the docker run command and it should be working. (for some reasons I did not succeed to run a docker-compose.yml via Portainer) docker run --privileged -d \ -v /srv/dev-disk-by-label-mediadisk/databases/downloads/:/downloads \ -v /srv/dev-disk-by-label-mediadisk/config/qbitorrentvpn/:/config \ -e "VPN_ENABLED=yes" \ -e "LAN_NETWORK=" \ -e "NAME_SERVERS=," \ -e "VPN_USERNAME=XXXXX" \ -e "VPN_PASSWORD=XXXXX" \ -e "PUID=XXX" \ -e "PGID=XXX" \ -p 8080:8080 \ -p 8999:8999 \ -p 8999:8999/udp \ --sysctl net.ipv6.conf.all.disable_ipv6=0 \ --name qbittorrent-openvpn \ chrisjohnson00/qbittorrent-openvpn:latest Replace the XXX by the corresponding inputs from your raspberry and AirVPN login. Hope this will help people !
  46. 1 point
    Great run through, thanks for putting together. Had Airvpn working via cmd line but eddie is flawless in Opensuse 15.2&KDE.
  47. 1 point


    A newcomer, it seems. I'd give them a bit more time to develop everything. So far: Server country selection is mostly sound – if you ignore things like UAE and Brazil. Support for all relevant protocols, which is nice. Wireguard caveats are in privacy policy instead of FAQ, which is weird, but okay, it's there. Moving on. Closed source software. Yellow flag. No Linux means general focus on revenue. Didn't check any of them; how should I, anyway? Microsoft and Google crash reporting services in software. Yellow flag. Would've appreciated something open sourcey and selfhosted like sentry.io. Mention of a warrant canary again. Still not sure if they work.. I think an expert would choose a firewall over application-based killswitch functionality any day, this hasn't happened here. A bit sad, but maybe driven by the general VPN user base always looking at a killswitch feature in a VPN service app, and not understanding that firewalls are more robust, even if somewhat more difficult to setup and troubleshoot. Trifle: Some of the FAQ answers are not updated or even checked for spelling, grammar and logic. On Static or Dedicated IP address? for example both dynamic and static addresses are ruled out, even with a lexical syntax error, creating the potential for confusion. Then, privacy policy: "We log your usage, and if we think you're naughty, we will contact you. If we couldn't reach you, we will terminate access. If we could, your answers can and will be used against you." Sounds liberating, still want to torrent with WeVPN? We can say that a working mail is required. But above all I found this one downright hilarious: At least they're aware how that guy ranks VPN services, they're happy to provide him with a template. Same rules apply: I can simply set up a new VPN service, promise him everything and more and it'd be the best in the market!
  48. 1 point

    Wireguard plans

    @Flx The first message was approved by some moderator in the wrong thread, not a big deal. Then we moved the message on its own thread, this one. Then user "wireguard" posted more messages which were all approved by some moderator. @Brainbleach Of course. We were replying to "wireguard" who invites surreptitiously to punish AirVPN because AirVPN uses and develops actively OpenVPN: "Needless to say, investing in AirVPN means investing in OpenVPN, and that's not acceptable to me at this point," . He/she also kept claiming that "it's time to retire OpenVPN" (sic), that OpenVPN is a "truly disgusting hack" (sic) and so on,. showing his/her embarrassing ignorance and lack of good faith. Nothing to do with your messages. Funny how bogus account writers are so eager to become from time to time AirVPN software lead developers, general managers for AirVPN strategies, marketing directors and more. 😀 We wanted to prove beyond any reasonable doubt that his/her claim are unreasonable and based on wrong assumptions and terrible omissions, showing how Wireguard can not replace OpenVPN for a significant percentage of our customers and how our OpenVPN development has been beneficial for many users around the world. That said, we claimed that Wireguard needed to be developed and tested further years ago, so at the time our claim was totally reasonable. We also claimed years ago that the problem was not with CHACHA20 which to the best of nowadays knowledge is a very robust and secure cipher. Now the problems are different because Wireguard is asked to offer something which it was not designed for, i.e. providing some kind of anonymity layer. Such problems include lack of DNS push, lack of dynamic IP address assignment (with subsequent problems with client key-private address static correspondence, a very tough legal problem for us but above all for our customers), need of keeping client real IP address stored in a file. We have resolved them one by one with external software and internal work around. Once the problems are resolved in a robust way, which means testing thoroughly the adopted work-around, we can offer Wireguard, not earlier. Kind regards
  49. 1 point
    Hello! DISCLAIMER: this post has been written by an AirVPN co-founder (Paolo) and merges the information and the points of view elaborated by the Air founders in more than seven years. Other Air VPN staff members might add additional comments in the future. We have been asked via Twitter to reply to the following post: https://gist.github.com/joepie91/5a9909939e6ce7d09e29 We see that the issues raised by the aforementioned article may be of general interest, so we have decided to post a detailed rebuttal here, meant to fix the remarkable amount of technical misunderstandings and errors which have led the writer to astonishingly wrong conclusions and worrying generalizations. The rebuttal is based on AirVPN only; we can not and we do not want to write in the name of any other service, since most of the considerations you will read here may or may not (and sometimes we know that they will not) apply to other "VPN services". Anyway, it is our right to reply as if the writer were talking about us too, because he/she repeatedly claims that ALL VPN services act in the same way. A "VPN in this sense" is NOT a proxy. Our service encrypts and tunnels all of the client system TCP and UDP traffic to and from the VPN server. Moreover, our service, when used with our free and open source software, also makes additional steps to prevent traffic leaks outside the VPN tunnel. A proxy tunnels (and not necessarily encrypts) only TCP traffic (proxies can not support UDP), and only the traffic of those applications which are configured to connect to a proxy. UDP traffic, system traffic and traffic of applications which may be started by the system and that you failed to configure (or that you can't even configure in Windows, in some cases) are not necessarily tunneled to the proxy. Not even your system DNS queries are necessarily tunneled over the proxy. If we were really interested in logging our clients traffic, we would not allow connections to and from Tor, proxies and other VPNs. We have always made very clear how to bypass the problem of "trust us" when you can't really afford to do that, and our answer has always been "partition of trust". Please see for example our post dated March 2012 (!) about it: https://airvpn.org/topic/54-using-airvpn-over-tor/?do=findComment&comment=1745 There's more. We work under a legal framework where the safe harbors for the mere conduits are very rigidly and clearly defined (specifically, by the 2000/31/EC, the E-Commerce Directive, articles 12, 13, 14 and 15). https://eur-lex.europa.eu/legal-content/en/ALL/?uri=CELEX:32000L0031 The liability exemption for the mere conduit status would not exist if we were not mere conduits. If we inspected traffic and/or modified traffic (e.g. through content injection) and/or selected source and destination of the communications, we would not be mere conduits and we would lose the legal protection on liability exemptions. We have also two decisions of the Court of Justice of the European Union which clearly define indiscriminate data retention as infringing the fundamental rights of the citizens of the EU: https://curia.europa.eu/jcms/upload/docs/application/pdf/2014-04/cp140054en.pdf https://curia.europa.eu/jcms/upload/docs/application/pdf/2016-12/cp160145en.pdf Therefore: under a legal point of view, logging and/or monitoring and/or inspecting and/or modifying the content of our customers traffic without the customers explicit and written consent would be a criminal infringement, also subject to civil prosecution by the customers themselvesunder a business point of view, that would be simply suicidal (more on this later) It is enigmatic how the writer can make such claims. We charge less than 10 USD per month for our services and we can pay a whole legal firm, 250 servers (physical, bare metal servers), the whole staff, including a tiny team of programmers. We also regularly donate money to organizations and projects whose activities are compatible with AirVPN mission. https://airvpn.org/mission https://airvpn.org/status We're not here only for the money, but if the writer wants to talk about money, so be it. He/she may rest assured that we have planned seriously a business model which remains robust if not rock solid. It is obvious that we must keep our business model solid, because our infrastructure has become large and we have duties toward the people working with us and toward our customers. At the same time we never forget that our customers have transformed into reality the dream to build a rather big project based on and aimed to privacy protection in a time when the whole world was going to the opposite direction. By changing now direction and pointing to a business based on privacy infringements and personal data commerce would not only betray our beliefs and mission and customers, but we would become a goldfish in an ocean of sharks, we could not even think to compete. After 7 years, we have the right and knowledge to claim that a privacy protection mission is not incompatible with the price the writer mentions and with a strictly agnostic network where no traffic inspection or monitoring is enforced. We can also claim confidently that any business plan based on data protection and privacy infringements not declared in the terms of service would crash dramatically in the short-term in the EU: remember the legal framework we live in and feel free to do your own research on real cases and incidents in the recent past. Last but not least, please do your own math and compute the costs to store and "hand a customer traffic data over": they imply costs of losing the mere conduit status, added to the costs of civil lawsuits from that and potentially other tens of thousands customers. Then compare them to the "costs" (in reality benefits) of no monitoring at all added to the peace of mind to strictly act in a legal/lawful way. Given all of the above, you can easily discern that the quoted assumption is false for AirVPN. The logical, unavoidable conclusion is that AirVPN best interest, even under a purely cynical, business point of view, is to NOT log (in the most extensive sense of the term) customers traffic and not commerce with their data. This is partially, only partially, true. HideMyAss was really risking to go out of serious privacy protection business soon after the incident occurred: check the massive uproar caused by the event. The AVG acquisition, with the disruptive marketing power of AVG, has probably covered the issue, but the old HideMyAss management hurried to sell the whole Privax company. Who knows, maybe just in time, maybe before the value could be hit too seriously by the incident. We can't know for sure, and the writer can't as well. Anyway, if the writer wants to claim that marketing is powerful, we agree (what a discovery!). The logical jump from HMA incident to the assumption that every service does what HMA did is long. Do not forget that what HMA did would pose a huge amount of legal problems to us, as explained. HideMyAss targeted the same persons who are happily using the new Facebook VPN. We respect the intelligence of our customers and we don't have the arrogance to think that we can change people mind and competence all over the world in a few years (or ever), and we don't even think that we can oppose the marketing power. More importantly, that's a problem pertaining to HideMyAss. It is not only unfair, but even defamatory to surreptitiously imply that the behavior (good or bad) of certain services is the same behavior of any other service, in the same field or not. We have been providing AirVPN services since 2011, when we offered the service as a beta version totally free. Now we challenge the writer of the article to provide any single proof that any single user identity has been compromised by us through a betrayal of our terms of service and our mission and/or through traffic logging or inspection and/or by any infringement of the EU legal framework on privacy and personal data protection. False. We provide our users with any tool to never make their "real" IP address appear to our servers. We have also integrated AirVPN over HTTP proxy, AirVPN over SOCKS proxy, and AirVPN over Tor usage in our free and open source software. We don't even block connections from competitor VPN servers. Finally, we accept not only Bitcoin, but Monero and ZCash as well, which are designed to provide a robust anonymity layer on the transactions. If you really don't trust us, you can easily make your IP address never visible to our servers. This is particularly important even if you trust us, but you can't afford (for the sensitivity of the data you need to transmit, for example) to assume that our servers are not monitored by hostile entities, an event that can happen with ANY service, not only VPN services. The fact that we have made every human effort to provide effective and easily usable protections against such occurrences is a proof of our interest in the protection of our customers privacy. This is ambiguous, because we would need the writer to define security scope and context exactly. Is he/she referring to integrity and security of data between your node and our servers? Or security of your system? Surely, our service is not meant as a security tool to protect against virus and spyware, and this is clearly stated at the very beginning of our Terms of Service. AirVPN can't do anything if your system is compromised. However, the above does not imply in any way that our service is a glorified proxy. See the reasons we mentioned above and verify how a loose security mention does not change anything. Additionally, while OpenVPN is the core of our service, it is complemented by an important series of features aimed to protect privacy and data in all of those cases which OpenVPN alone has not been designed for. Even if you don't run our free and open source software, we and our community have made any effort to provide guides and insights on how to get the most from our service to integrate it in a comprehensive environment aimed to protect your data and identity. We are very grateful to our community for the invaluable contributions throughout the years. If we were a "malicious VPN provider", does the writer really think that we would have allowed our forums to become a golden source of information for privacy, identity and data protection? Do you really think that we would have been provided monetary support to TorProject, OpenBSD, European Digital Rights, Tor infrastructure, etc. etc.? A part of this has been widely rebutted in our previous reply. Here it will be sufficient to add that even if you don't use end-to-end encryption, even if you don't use Tor on top of an AirVPN connection, a MITM who sniffs the packets in any point between the VPN server and the final destination (including the final destination itself of course) will see those packets coming from the VPN server exit-IP address, NOT from your real IP address and NOT from the entry-IP address of the VPN server you connect to. This is a paramount point which is incompetently (intentionally?) ignored by the writer. It is so important that in some extreme cases it makes the difference between imprisonment and freedom, or even between life and death. Imagine the case of a whistleblower giving out relevant information via VoIP or other applications relying on UDP to a self proclaimed journalist who then betrays the confidentiality of the source, or even to a serious journalist who is unaware of the fact that his/her computer is compromised, or that his/her line is wiretapped. The whistleblower can't use a proxy reliably. The journalist, or the wiretapping entity, can trace the source IP address and the identity of the whistleblower can be disclosed (just to make a trivial example which does not require any wiretapping or compromised system, think of Skype exploit, for which any party could discover the IP address of the other party). In most of these cases, end-to-end encryption would have been irrelevant for the whistleblower. Whenever the source can't trust the destination integrity, whether the recipient is in good faith or not, our service makes a vital difference. True. We have never said or written the contrary. In addition to changing IP address, which is anyway important in spite of the writer claims, further steps are strictly necessary to prevent profiling, from "separation of identities" to script blocking, from browser fingerprint changes to system settings obfuscation. Our community has widely covered this issue and provided precious suggestions. Here the writer makes a totally irrational shift: first he/she wants to make you think that our service is just a "glorified proxy", then he/she wants to insinuate that our service is useless because it is not some sort of supernatural system capable to protect users from their own behavior and from every possible tracking system which exploits the user system, not the service. The first case is true, and it is very important. However, it is totally false that you can safely rely on a proxy for the second case purpose. Many applications, including torrent software, can: bind to the physical network interface, or do some dangerous UPnPuse UDP (not supported by a proxy)send DNS queries out of the proxyinclude the assigned "real" IP address inside their layer of communications, example: https://blog.torproject.org/bittorrent-over-tor-isnt-good-ideaIn the aforementioned cases, correct usage of our service will fulfill the purpose to never disclose your real IP address and/or the UDP traffic and/or the DNS queries. A proxy will not and you can be potentially tracked back, either by copyright trolls or any hostile entity. Additionally, our service has many more use cases: tunneling UDP traffic (not available with a proxy or Tor)circumventing censorship based on IP addresses blockcircumventing censorship based on DNS poisoningpreventing injection of forged packets (not necessarily available with a proxy even in TCP, and surely not when you need UDP flow integrity)using Tor anyway when Tor usage is blocked or triggers interest of ISP or any hostile entity about youprotecting your identity when the final recipient of your communications is compromised (not available with end-to-end encryption alone, and not available with Tor when you need UDP, imagine if you need to stream a video in real time which requires source identity protection)making your services (web sites, torrent clients, FTP servers for example) reachable from the Internet when your ISP does not allow port forwarding (not available with a proxy), without exposing your IP addresshaving a static exit-IP addressbypassing various types of traffic shapingtunneling simultaneously the traffic of all the devices in your local network, even with remote port forwarding, and even those which can't run OpenVPN provided that you have a device acting as a gateway to the VPN (typical examples a pfSense box or a DD-WRT / AsusWRT / Merlin / Tomato etc. router or any computer configured to work as a router)and maybe you can see more use cases which we have missed here. The fact that the writer omitted all of the above says a lot about his/her competence and/or good faith. This is hilarious, and not only because the whole point of the writer's post ends up into advertising LowEndBox. We will not insult our readers' intelligence with an explanation of why that is a terrible idea when you seek more privacy and some anonymity layer in your interactions with the Internet. Draw your own conclusions. Kind regards and datalove Paolo AirVPN co-founder
  50. 1 point

    Status of Eddie on Linux distributions

    Last update: 16 May 2018 - Related to version: Eddie 2.14.4 Any Linux distribution has at least:a different graphics server (X11, Wayland)a different desktop environment (GNOME, KDE, LXTE etc.)a package manager with a specific format (deb, rpm, tar.xf etc.)a different packaging signature for trust and securitya different method to obtain administrative privileges, required by advanced features of Eddie (also because OpenVPN requires them)a different set of packages used by our client, that sometimes have different names (for example 'stunnel4' under Debian, 'stunnel' for Fedora)maybe a different DNS management.We are working at our best to support every kind of configuration managed by our source code directly, when possible. Tested without known issuesDebian (tested 7/8/9)Ubuntu (18.04 GNOME tested)Ubuntu Mate (18.04 tested)Devuan (tested Ascii)MintArch (XFCE tested)Fedora (28 tested) With minimal issuesopenSUSE (Tumbleweed KDE tested) openSUSE (Tumbleweed GNOME tested) Works, with no tray icon.Elementary Works, but tray icon, web and folder links don't work. Fatal issues None known. Tech notesSometimes Tray icon works, but it is not shown because the desktop environment hides it. For example, latest GNOME may require a separate shell extension (generally TopIcons).Currently Eddie 2.x under Linux requires root privileges (like GParted or Synaptic Manager). Elevation is generally obtained with a polkit policy file (pkexec) if installed, otherwise fallback methods are used when available (gksu, kdesu, beesu etc.). When the UI runs as root, there are four -optional- actions that are performed as normal user: tray icon, notifications, open web links and open file folders. If it is not possible to act as a normal user, such actions are not performed at all. A totally separated UI (as a normal user) vs. root-actions (as root user, service or separate process) is currently under development. Needed improvementsMinimal lintian warnings on .deb editionGeneral info details on .deb edition (for example, reporting Proprietary as License, not true.)General info details on .rpm edition (for example, reporting Proprietary as License, not true.)Create official package for AUR and other distributions.Create packages also for CLI-only edition.Create packages based on direct source compilation.Procedures to include Eddie in official/standard repository
  • Create New...