Leaderboard

Hello! Today we're starting AirVPN 15th Birthday celebrations with big discounts on longer term plans. From a two servers service located in a single country providing a handful of Mbit/s, the baby has grown up to a wide infrastructure in 23 countries on four continents! AirVPN is now one of the few major consumer VPNs that is still independent. In other words, it is not owned by large corporations with diverse interests that interfere through editorial publications or conflict with privacy protection. Since our 14th birthday celebration, our customer base has grown impressively, and we would like to thank all the old and new customers who chose or confirmed AirVPN. AirVPN has focused on comprehensive enhancements, including: line and server expansion to accommodate the outstanding customer growth. The infrastructure can now deliver up to 970,000 Mbit/s. Compared to the 694,000 Mbit/s available in May 2024, this is a 39.7% increase in a single year yet another thorough rewrite of remote inbound port forwarding logic to offer greater convenience and true scalability. The new implementation was designed to meet the growing demand for remote inbound port forwarding the unlimited traffic quota for every and each customer subscription plan has never been modified On the software side: all AirVPN applications and libraries are free and open source software released under GPLv3 new, greatly improved Eddie Desktop and Eddie Android editions Eddie Android edition implements a new community request: an opt-in GPS spoofing feature integrated with the infrastructure in order to provide coordinates consistent with the location of the VPN server the device is connected to Eddie Desktop edition new version included several bug fixes and the new CLI edition is built on .NET7. Thus, it no longer needs Mono (Linux, macOS) and is built without Xamarin (macOS) the development of traffic splitting features on an application basis, already available in AirVPN Eddie Android and Android TV edition, and implemented on the AirVPN Suite for Linux last year, has been improved together with the new Suite features during the year long internal and community tests the OpenVPN3-AirVPN library is actively maintained as usual. If you're already our customer and you wish to extend your stay, any additional subscription will be added to your existing subscriptions and you won't lose any days. Check the promotional prices here: https://airvpn.org/buy Promotion will end on June the 12th, 2025 (UTC). Kind regards and datalove AirVPN Staff 

Hello! We're very glad to inform you that two new 10 Gbit/s full duplex servers located in Chicago (IL), USA, are available: Meridiana and Sadalsuud. The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard.  Meridiana and Sadalsuud support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor : https://airvpn.org/servers/Meridiana https://airvpn.org/servers/Sadalsuud Do not hesitate to contact us for any information or issue. Kind regards & datalove AirVPN Staff

Hello! We're very glad to inform you that AirVPN Suite 2.0.0 Release Candidate 2 for Linux is now available. The original post is updated to show the new download URLs. The important improvements over RC 1 are: Cuckoo's design flaw has been fixed. Now cuckoo can be run when no graphic environment is installed added check and warning to clearly inform the user when firewalld is configured to be the exclusive owner of its tables / chains / rules in case VPN is busy in a pending process (such as reconnecting) stop_connection command is not performed by Bluetit, thus avoiding potential problems a few changes to greatly improve network management during sessions based on WireGuard libxml2 is now statically linked. This pondered decision was driven by various problems caused by a few Linux distributions inconsistencies with established practices and standards linked against the new OpenVPN3-AirVPN 3.12 library Special note for firewalld users Please read here, it's very important: https://airvpn.org/forums/topic/70164-linux-network-lock-and-firewalld/ Please note that compatibility with Debian 10 and its derivatives, that reached end of long term support and end of life on June 2024, is lost even for the legacy version, mainly because the Suite is now C++20 compliant. The legacy version remains suitable for Debian 11 and its derivatives. Kind regards

Ok, thanks to Opensourcer with finding this issue. Heres how to fix. Extract the appimage ./Eddie --appimage-extract Open squashfs-root/AppRun and comment out line 15 #rm $ARGV0 Download appimage tool for repacking wget https://github.com/AppImage/AppImageKit/releases/latest/download/appimagetool-x86_64.AppImage chmod +x appimagetool-x86_64.AppImage Repack the appimage path to/appimagetool-x86_64.AppImage /path to/squashfs-root use this new appimage in gearlever On launching Eddie, the file is no longer deleted.

Happy birthday! To another 15 years and more.

The three NZ servers always seem to have quite a load on them, with at peak hours most 75%+ ... i've started defaulting to USA servers that have about a 20% load as I find I get better constant speeds, even though NZ is way closer and faster if it is less full. There were times connected to NZ where my connection suddenly goes super slow, and I realise that all of a sudden that server is really congested and my download crawls to a trickle. It would be great to get another NZ server added (or two ). I do wonder where people using NZ are coming from, I wouldn't have thought it would be as popular as it seems to be, but i'm glad it is, just need one or two more now.

You're providing an amazing service. We're definitely renewing for another 3 years. Here's to 15 more years! 🍻

Hello, I am a user from mainland China. During my usage, I've noticed that many servers with low load bandwidth usage are actually slower, such as those in Taiwan and Japan. I’d like to offer a suggestion to AirVPN. Personally, I believe the evaluation criteria for server quality should be based on CPU usage over a certain period, such as the average CPU usage over half an hour, rather than load bandwidth. I’ve frequently encountered handshake timeouts when connecting to "sulafat," even though the displayed load bandwidth isn’t high. I suspect this is most likely related to high CPU usage on the server, which causes key resolution timeouts. If I could connect to a server with relatively idle CPU resources, I think the connection quality would be much better. After all, speed is closely tied to protocol overhead. For example, if a 1 Gbit/s server is connected to 100 users using the WireGuard protocol, the server’s load bandwidth might reach up to 900 Mbit/s. However, if it’s connected to 100 users using SSL + OpenVPN TCP protocol, the load bandwidth might only be 400 Mbit/s. Clearly, the latter scenario places a higher burden on the server, yet the load bandwidth appears lower. Therefore, I believe servers with lower CPU usage offer better quality, rather than those with lower load bandwidth. Using average CPU usage as a metric seems more scientific to me. Does my point make sense? Does anyone agree with what I’m saying? Thanks.

well was a really good run, GOD bless you all 🎁

Hello! Your setup is fine and we can reach your listening software through the port that you remotely forwarded. If you need more ports please make sure to pick a free port (the proper tools on the bottom of your AirVPN account port panel will let you find free ports) or just let the system pick a free one for you by leaving the "Port number" field blank and clicking the '+' button. Kind regards

Hello! We're very glad to inform you that Hummingbird 2.0.0 Release Candidate 2 is now available for macOS, both for Intel and M1/M2/M3 based systems. The links to the latest RC 2 and the main changes have been updated in the first message of this thread. This version does not differ from RC 1: RC 2 is out just for cross platform versioning consistency. Kind regards

Hello everyone, I've been using the Eddie GUI for several years without any flaws. Recently, I added its repository to my Xubuntu 25.04 system and updated from version 2.21 to 2.24.6. The GUI has since become somewhat lagging, taking several seconds to proceed a simple mouse click. More annoyingly, version 2.24.6 interferes with some local network settings. I have a QNAP HS-264 NAS set up for access through Thunar (XFCE's file manager) via the samba protocol. Since the update, that access is halted after launching Eddie – not immediately, but within half an hour or so. I can still connect to the NAS on my internet browser, but since Eddie was the only package update I did before the problem appeared, there must be some newish inbuilt override that blocks samba. Could somebody kindly point me to a solution? I'm a Linux noob and would appreciate any help. Kind regards, B. Update: As it turned out, the installation of 2.24.6 enforced a new setting, "Ensure in session", for the network lock, even though I already had the lock deactivated in the main window. After unticking said box in the advanced settings, samba protocols are working again (even though "Allow lan/private" had been checked, but there seem to be several reports in this forum that this often doesn't solve the local network barriers.) So this was the override I was looking for, and admittingly, it's a bit confusing that there's two entirely seperate, unsynced selections for the same locking function. That only leaves the generally laggy GUI reponse as a minor issue which the mods/developers might consider looking into. I can't pinpoint it for certain, but I believe that the server latencies on display are also at least 10-15ms higher than before my 2.24.6 update, which might be due to the same decelerating problems.

Hello! It's all pre-defined by GoDaddy and nothing can be configured on our side, unfortunately. We will query GoDaddy and warn them about the issue. We own and control authoritative DNS for almost all of our domain names but not for airvpn.org. to add redundancy. Kind regards

Author of mergerfs here. There are no problems with qbittorrent and mergerfs. I and many others use qbittorrent with mergerfs for many years. What you are likely referring to is needing to ensure you have mergerfs setup for mmap support which qbittorrent, typically by default, requires. However, you can just enable necessary features to support mmap or disable usage of mmap by setting "Disk IO type" in qbittorrent to "POSIX-compliant" or "Simple pread/pwrite".

Well, most probably not. AirVPN's measure was to simply cease providing service to Italy to render themselves out of scope of Piracy Shield. All the server locations are subject to the laws of those server locations.If you're not in Italy, you're anyway free from any of the worries you stated. Italian authorities asking for info on someone who is not in Italy, or simply connected to a server not in Italy, is just plain impossible on so many levels. They can try, of course, but it'll probably never pass. Also, torrenting as the #1 reason around here to connect to the VPN might be a crime, too, but it's not terrorism justifying hunting people to the end of the world. Clearly define what you want to be protected against and ask the forums for measures you can take; there'll be tons of recommendations. But curb your paranoia, it is not productive. The prevalent recommendation even across these forums is not to use the VPN alone. Always combine with Tor if you need the safety, and harden whatever apps you want to use over it, most importantly the browser. Mass tracking is done by automated tracking measures such as browser fingerprinting against which a VPN won't help you. This tracking is done to generate money out of you, not for surveillance or some such, anyway.

It's amazing how the demand rises to meet the new bandwidth right? 😅 It's a good sign though! I know this literally JUST happened and we're all so grateful you guys are so incredibly active with this stuff, but here we are again! 5494 / 6000 Mbit/s and always climbing haha. Many of us did come from the mas exodus from other VPN services abolishing absolute must-have features like port-forwarding, and honestly I feel more connected with the AirVPN staff than any of the other. I'm here to stay for that if nothing else and the feeling of community. You've successfully made a loyal cult in the best way possible. I only have one gripe and that is to say that I've never had my bandwidth saturated since I made my move here to put it nicely. I think I was coasting at a cool 40mbps just before writing this. It truly is the only thing I miss and the only thing that's missing. I wholeheartedly believe Oceania/New Zealand would strongly benefit from one of the beefier 10,000/20,000 Mbit/s servers. We have about 2.77x less active connections in Oceania than Asia does right at this moment of writing, but we have 5.33x less the bandwidth! That's a solid disparity! No one listens to and actually directly communicates with their community like you guys do. We all know it, we've all been through other providers. No one would have even considered a VPN provider would work this closely with it's users. Take this as the humble request from a loyal Australian user, who'll sadly never again enjoy a VPN server in his own country to due crazy Aussie government non-privacy laws. Please make New Zealand as strong as it needs to be. ❤️

Navigating this community and its mission has been bringing a tear to my eyes. It's difficult to describe the joy and pride I felt when I read the words "Pirate Festival in Rome" while reading the Story of this company, and it is an incredible achievement to support all those FOSS and freedom projects. With that said, why does operating 20 tor nodes cost 6k per year? Shouldn't it be like, I don't know, way less? I mean if Air is dealing with every single legal complaint, maybe it does cost that much. But aren't there more cost effective ways of operating Tor nodes?

Hi, since other VPN providers offers clients for windows with app based split tunneling... Is there some windows client app i can use with AirVPN where i can setup app-based split tunneling? please don't link me to the guide in the forum for split tunneling, i want to put all through the tunnel except some apps (and these apps should be excluded from the tunnel) best regards, Thomas

Great suggestion!

Can you view the qB log in the WebUI? Or does qbittorrent-nox log to STDERR or something? In any case, qB logs would probably help.

Happy Birthday. New member here, really liking the service.

Happy Birthday!!!

I do not get good speeds with Toronto / Montreal servers. I do not get good speeds even with Wurren (10G server in Toronto). Are there any plans to have new 10 G servers like we just got for NY?

Self-defeating attitude is puzzling. Maybe Windscribe has an infrastructure problem with metered traffic I don't know. AirVPN imposes no traffic limits and gives out 400 Gbps when 31000 users are connected on the status page. Windscribe provides only 120 Gbps when 180000 users are connected. https://windscribe.com/status/ The difference is abysmal ... an AirVPN user is using on average 9 times the bandwidth of a Windscribe user. Perhaps this is the reason for otherwise baffling behavior ?

Maybe in a banana republic where consumers can be sodomized at will. In Europe many service providers have been fined for dozens of millions EUR for false advertising on bandwidth availability and traffic consumption. Movistar, Vodafone, Deutsche Telekom, Boygues are a few famous examples of a decade or two ago. Besides you mention vexatious unfair clauses that are void in the EU if not signed each one separately or void in any case if infringing the law. Contract vagueness is also forbidden by the Unfair Contract Terms Directive whenever it leads, even indirectly, to unfair terms for the weaker party. Terms such as "reasonable", "material", "substantially", "without undue delay" are automatically void if they introduce imbalances to the detriment of consumers. Ambiguities must always be interpreted in favor of consumers. Whether Windscribe can get away or not with false "unlimited traffic" advertising as it is operating according to your claims in a banana country where consumer rights are a joke and a sodomized consumer has no effective tool to defend himself or herself has nothing to do with the objectivity of misleading or false advertising and that in Europe such dirty tricks have been sanctioned severely in the last 15-20 years. Now ISPs have learned the lesson so false advertising has dropped dramatically or disappeared altogether. However Windscribe modified extensively the tos after this incident so something was clearly wrong in the previous ones even for them in this presumed banana country. If they hadn't claimed "unlimited traffic" since the beginning they would have saved themselves this embarrassment that tarnished their image. They just had to write the truth such as "max 1 TB every 3 days and 10 TB/month" or whatever instead of this "unlimited traffic" lie.

This is an updated version of this guide. I hope it gets moved soon to the guides section. This guide should be complete now, but please note that the IPv6 port forwarding might not be 100% complete. Any advice is appreciated. Disclaimer In general, DO NOT TRUST ME! I'm not a security expert. I do not know what I'm doing here! This guide is based on: OPNsense 24.7.12_4-amd64 FreeBSD 14.1-RELEASE-p6 OpenSSL 3.0.15 Update: 2025-03-27: I updated to the latest version and this Guide is still correct OPNsense 25.1.4_1-amd64 FreeBSD 14.2-RELEASE-p1 OpenSSL 3.0.16 It should work in previous and future versions of OPNsense, but I can't guarantee it This guide is based on the official Instructions but required modification: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html it is also based on this guide. It's however not 100% correct, so I adjusted base on the official OPNsense guide and included the IPv6 setup. This is why I started a new guide instead of altering my previous one, inspired by the original Sj0r guide. 1. Preparation (not required if you access the firewall from LAN) Some advice here… Opening the WAN interface to allow administration is not good! I am doing this because the firewall sits in my private LAN, and I'm not doing any port forwarding on my main router ! If your firewall is connected directly to the internet, do not do this! Again, in general, DO NOT TRUST ME! I'm not a security expert. I do not know what I'm doing here! Now that you know it… 1.1 Deselect “Block private networks” and “Block bogon networks” in Interfaces → WAN. After doing so: hit save and “Apply changes”. 1.2 Select "Disable reply-to" in Firewall → Settings → Advanced. Hit save at the end. 1.3 Add incoming WAN rule to allow administration. Go to Firewall → Rules → WAN Add a TCP rule from "WAN net" to "This Firewall" on HTTPs. 2. Information gathering. We'll grab some info that we need to configure the WireGuard Tunnel. 2.1 Login to the AirVPN Website. 2.2 Got to VPN Devices. 2.3 Add a new device. 2.4 Go to Config Generator. 2.5 In "Choose your OS" select "router". 2.6 In "Choose protocols" select "WireGuard. 2.7 In "Choose your device/connection" Select the device you have created in 2.3 2.8 Select your country under "By Countries". I selected Germany this time. 2.9 Scroll way down and download your config. This is an example of a WireGuard config: (the keys and IP are random and will not work, use your own) [Interface] Address = 10.10.10.10/32 PrivateKey = X72xgdx23XDomnSXmcy#S4Jc#9Y5G*vU$wg^n499yn6 MTU = 1320 DNS = 10.128.0.1 [Peer] PublicKey = VTSQ77Uk4^&RY4h%S$#9h8PR2T&xyya&yPTtk6oD^m$ PresharedKey = b7&&7bntmCS5q%&4J*mSKBAUvV4XEqHerwscvbappXQ Endpoint = nl3.vpn.airdns.org:1637 AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 15 3. Setup IPv6 base configuration on your LAN. We need to ensure that IPv6 communication is working on your LAN interface before we establish the VPN tunnel. Please note that I do not have an IPv6 address configured on my WAN interface to be distributed to LAN for security. Instead, I use a ULA address on the LAN. For those who do not know what ULA addresses are, these are the IPv6 equivalent to IPv4 private addresses like 10.x or 192.168.x. They are only routable on the LAN, and you will not be able to use them to reach an IPv6 destination on the internet. 3.1 WAN 3.1.1 Go to Interfaces → WAN The WAN interface looks like this: 3.2 LAN 3.2.1 Go to Interfaces → LAN The LAN interface looks like this in the upper section: Now we set up the IPv6 Configuration. 3.2.2 generate yourself a ULA address using this site: https://unique-local-ipv6.com/ 3.2.3 Enter the IPv6 network you have generated into the “IPv6 address” field and add “::1” at the end. Hit Save. 3.3 LAN DHCP IPv6 3.3.1 Go to Services → ISC DHCPv6 → LAN 3.3.2 In the Range section under from add your IPv6 network address from 3.2.2 and add a “::1000” to the end. In the to section, add your IPv6 network address again and this time add a “::2000” to the end. Hit Save at the bottom of the page. 3.4 Router advertisement 3.4.1 Go to Services → Router Advertisement → LAN 3.4.2 Set Router Advertisements to Managed Hit Save at the bottom of the page. 3.5 Test IPv6 configuration Now you should test if you can ping the OPNsense firewall IPv6 address from the LAN. 3.5.1 Connect a client to the LAN 3.5.2 On Linux or Windows, open a terminal and type ping -6 and the IPv6 from 3.2.1 ending with ::1 like “ping -6 fd2d:7173:d519::1”. This needs to be successful! If this is not successful, fix it! Only continue once this is successful!!! 4. WireGuard configuration. In the current Version of OPNsense you do not need to install the WireGuard plugin, this is already installed. 4.1 Peer configuration 4.1.1 in OPNsense go to VPN → WireGuard → Peers. 4.1.2 Create a peer with the following information: 4.1.3 Name: wg_airvpn_<country code>. Mine is called WG-AirVPN-DE 4.1.4 Public key: <PublicKey under heading [Peer] of your generated WG Config> 4.1.5 Pre-shared key <presharedKey under heading [Peer] of your generated WG Config> 4.1.6 Allowed IP's: 0.0.0.0/0 and ::/0 for IPv6 support 4.1.7 Endpoint Address: <Endpoint under heading [Peer] of your generated WG Config> 4.1.8 Endpoint port: 1637 (default port) 4.1.9 Keepalive interval: 15 (default interval) 4.2 Instance configuration 4.2.1 In OPNsense go to VPN → Wireguard → Settings → Instances 4.2.2 Create an instance with the following information: 4.2.3 Enable Advanced Mode. (upper left corner) 4.2.4 Name: <Endpoint Name i.e. WG-Inst-AirVPN-DE> 4.2.5 Private Key: <PrivateKey under heading [Interface] of your generated WG Config> 4.2.6 MTU: 1320 4.2.7 DNS servers <DNS Servers of your generated WG Config> 4.2.8 Tunnel Address: <Address including /32 under harding [Interface] of your generated WG Config> Please review the screenshot below. For IPv6 add the given address and instead of /128 chose /64 to reach the gateway for gateway monitoring. 4.2.9 Peers: <select peer that you created with step 4.1> 4.2.10 Disable routes: Enabled. 4.2.11 Gateway: 10.128.0.1 Hit Save 4.3 Enable WireGuard configuration Go to VPN → WireGuard → Instance and click on "Enable WireGuard" 4.4 Assign WireGuard Interface 4.4.1 in OPNsense go to Interfaces → Assignments 4.4.2 You'll find a “wg0(WireGuard - WG-Inst-AirVPN-DE)” (or similar) interface. 4.4.3 Type a Description, I've picked “[IntAirVPNDE]” and click Add. 4.5 Enable the Interface 4.5.1 Interfaces → Assignments → [IntAirVPNDE] 4.5.2 Enable: Enable the Interface. No further configuration required. Ensure the “Block private networks” and “Block bogon networks” options are not selected, as shown below. 4.6 Create a gateway - IPv4 4.6.1 In OPNsense go to System → Gateways → Configuration 4.6.2 Add a Gateway with the following information: 4.6.3 Name: GW-AirVPN-DE-v4 4.6.4 Interface: Select IntAirVPNDE as created in step 4.4 4.6.5 Address Family: IPv4 4.6.6 IP address: 10.128.0.1 4.6.7 Far Gateway: Enabled 4.6.8 Disable Gateway Monitoring: Disabled. 4.6.9 Monitor IP: 10.128.0.1 4.7 Create a gateway - IPv6 4.7.1 In OPNsense go to System → Gateways → Configuration 4.7.2 Add a Gateway with the following information: 4.7.3 Name: GW-AirVPN-DE-v6 4.7.4 Interface: Select IntAirVPNDE as created in step 4.4 4.7.5 Address Family: IPv6 4.7.6 IP address: fd7d:76ee:e68f:a993::1 (use the IPv6 DNS server from the WG Config) 4.7.7 Far Gateway: Enabled 4.7.8 Disable Gateway Monitoring: Disabled. 4.7.9 Monitor IP: fd7d:76ee:e68f:a993::1 (same as 4.7.6) 5. Alias Create at least one alias for the DNS configuration to prevent DNS leaks. You might want to create a separated alias for clients you want to run through the VPN, but as I do not need this, I skip it. The idea of how to set this up is similar. Please note for DNS leaks, there are multiple ways to prevent DNS leaks. I tested mine using ipleak.net and dnsleaktest.com. There is also a complete section about dealing with DNS leaks in the OPNSense guide. 5.1 Alias setup 5.1.1 Create the DNS alias. Firewall → Aliases 5.1.2 Click add 5.1.3 Enable: selected 5.1.4 Name: VPN_DNS_Server 5.1.5 Type: Host(s) 5.1.6 Content: 10.4.0.1, 10.128.0.1, 10.5.0.1, 10.7.0.1, fd7d:76ee:e68f:a993::1 5.2 Forward all DNS queries to the VPN DNS servers This might collide if you got clients on your LAN which should not go through the VPN, so this might need adjustments then. 5.2.1 Go to Firewall → NAT → Port Forward and click "+" to add a new rule. 5.2.2 Interface: LAN 5.2.3 TCP/IP Version: IPv4+IPv6 5.2.4 Protocol: TCP/UPD 5.2.5 Source: LAN net 5.2.6 Destination: Any 5.2.7 Destination port range: from: DNS to: DNS 5.2.8 Redirect target IP: VPN_DNS_Server (the Alias created in 5.1) 5.2.9 Redirect target port: DNS 5.2.10 Description: Redirect DNS requests from LAN to VPN DNS servers 5.2.11 NAT reflection: Disabled 5.2.12 Filter rule association: None 6. Outbound NAT 6.1 Switch to hybrid rules 6.1.1 Go to Firewall → NAT → Outbound 6.1.2 Select "Hybrid outbound NAT rule generation" 6.1.3 Click Save then apply the change 6.2 Add IPv4 outbound rule 6.2.1 Click the "+" to add a new rule 6.2.2 Interface: IntAirVPNDE (the interface created in 4.4) 6.2.3 TCP/IP Version: IPv4 6.2.4 Protocol: Any 6.2.5 Source address: LAN net 6.2.6 Source port: Any 6.2.7 Destination address: Any 6.2.8 Destination port: Any 6.2.9 Translation / target: Interface address 6.2.10 Pool Options: Default 6.2.11 Description: LAN to AirVPN-DE IPv4 6.3 Add IPv6 outbound rule 6.3.1 Click the "+" to add a new rule 6.3.2 Interface: IntAirVPNDE (the interface created in 4.4) 6.3.3 TCP/IP Version: IPv6 6.3.4 Protocol: Any 6.3.5 Source address: LAN net 6.3.6 Source port: Any 6.3.7 Destination address: Any 6.3.8 Destination port: Any 6.3.9 Translation / target: Interface address 6.3.10 Pool Options: Default 6.3.11 Description: LAN to AirVPN-DE IPv6 7. LAN to VPN firewall rule With this rule, we point all LAN clients through the VPN. 7.1 IPv4 LAN to VPN rule 7.1.1 Go to Firewall → Rules → LAN and click on the "+" to add a new rule 7.1.2 Action: Pass 7.1.3 Quick: Apply the action immediately on match. (make sure it's enabled, as shown in the screenshot) 7.1.4 Interface: LAN 7.1.5 Direction: In 7.1.6 TCP/IP Version: IPv4 7.1.7 Protocol: Any 7.1.8 Source: LAN net 7.1.9 Destination: Any 7.1.10 Description: LAN to VPN IPv4 7.1.11 Gateway: GW-AirVPNDE-v4 - 10.128.0.1 (Created in 4.6) 7.2 IPv6 LAN to VPN rule 7.2.1 Go to Firewall → Rules → LAN and click on the "+" to add a new rule 7.2.2 Action: Pass 7.2.3 Quick: Apply the action immediately on match. (make sure it's enabled, as shown in the screenshot) 7.2.4 Interface: LAN 7.2.5 Direction: In 7.2.6 TCP/IP Version: IPv6 7.2.7 Protocol: Any 7.2.8 Source: LAN net 7.2.9 Destination: Any 7.2.10 Description: LAN to VPN IPv6 7.2.11 Gateway: GW-AirVPNDE-v6 - fd7d:76ee:e68f:a993::1 (Created in 4.7) 7.3 Block all other traffic rule This ensures that all other traffic is blocked. It's not really needed but gives me a better feeling. It will collide if you got clients on your LAN which do not run through the VPN. 7.3.1 Go to Firewall → Rules → LAN and click on the “+” to add a new rule 7.3.2 Action: Block 7.3.3 Quick: Apply the action immediately on match. (make sure it's enabled, as shown in the screenshot) 7.3.4 Interface: LAN 7.3.5 Direction: In 7.3.6 TCP/IP Version: IPv4 + IPv6 7.3.7 Protocol: Any 7.3.8 Source: LAN net 7.3.9 Destination: Any 7.3.10 Description: Block all other traffic LAN to VPN IPv6 7.3.11 Gateway: default Make sure these new rules are on top of the LAN firewall rules. If they are not, traffic might go through other rules and not through the VPN. 8. Port Forwarding for applications like BitTorrent If you want to make one or more clients reachable from the internet, like you need to do when you are doing file-sharing, follow the below to make it work for Pv4 and IPv6. Please note that this is confirmed to working with IPv4, but I'm not 100% sure how to make this fully work with IPv6. You can use an IPv6 port testing tool to confirm that the port is indeed open, but not many IPv6 clients really manage to connect to me. There must be something else I'm missing here. Please help me to get this right so we can complete this guide. So far, this functionality is limited. Ensure that you got the Port Forwarding properly configured in the AirVPN Member section. You need a port from the :1 pool and this port needs to be forwarded to the device configured in 2.3 8.1 Setup IPv4 Firewall rule for incoming connections 8.1.1 Go to Firewall → Rules → IntAirVPNDE 8.1.2 Action: Pass 8.1.3 Quick: Apply the action immediately on match. (make sure it's enabled, as shown in the screenshot) 8.1.4 Interface: IntAirVPNDE 8.1.5 Direction: In 8.1.6 TCP/IP Version: IPv4 8.1.7 Protocol: TCP/UDP 8.1.8 Destination: *the IPv4 address of your client*/32 8.1.9 Destination port range: *your port* 8.1.10 Description: YourRule IPv4 8.1.11 Advanced features: Enabled 8.1.12 reply-to: GW-AirVPN-DE-v4 10.128.0.1 8.2 Setup IPv6 Firewall rule for incoming connections This is equal to the 8.1 setup. Differences are marked bold: 8.2.1 Go to Firewall → Rules → IntAirVPNDE 8.2.2 Action: Pass 8.2.3 Quick: Apply the action immediately on match. (make sure it's enabled, as shown in the screenshot) 8.2.4 Interface: IntAirVPNDE 8.2.5 Direction: In 8.2.6 TCP/IP Version: IPv6 8.2.7 Protocol: TCP/UDP 8.2.8 Destination: *the IPv6 address of your client*/128 8.2.9 Destination port range: *your port* 8.2.10 Description: YourRule IPv6 8.2.11 Advanced features: Enabled 8.2.12 reply-to: GW-AirVPN-DE-v6 fd7d:76ee:e68f:a993::1 8.3 Port Forwarding IPv4 8.3.1 Go to Firewall → NAT → Port Forward, click “*” to create a new rule 8.3.2 Interface: IntAirVPNDE 8.3.3 TCP/IP Version: IPv4 8.3.4 Protocol: TCP/UDP 8.3.5 Destination: This Firewall 8.3.6 Destination port range: The port range from 8.1.9 and the Member section 8.3.7 Redirect target IP: Same as 8.1.8 8.3.8 Redirect target port: same as 8.3.6 8.3.9 Description: YourPortForward 8.3.10 NAT reflection: Disabled 8.3.11 Filter rule association: None 8.4 Port Forwarding IPv6 same as 8.3 just with the IPv6 adjustments 8.4.1 Go to Firewall → NAT → Port Forward, click “*” to create a new rule 8.4.2 Interface: IntAirVPNDE 8.4.3 TCP/IP Version: IPv6 8.4.4 Protocol: TCP/UDP 8.4.5 Destination: This Firewall 8.4.6 Destination port range: The port range from 8.2.9 and the Member section 8.4.7 Redirect target IP: Same as 8.2.8 8.4.8 Redirect target port: same as 8.4.6 8.4.9 Description: YourPortForward 8.4.10 NAT reflection: Disabled 8.4.11 Filter rule association: None That should be it. Please tell me if you got any issue.

My bet is that these users are sharing their accounts, which is against the ToS. What I am guessing is happening is Windscribe is seeing suspiciously high data usage from multiple locations on one account which is flagging these users. Unsurprisingly when the user gets banned, they only tell the most favorable version of their story. Vagueness is fine. Courts will look at things such as reasonableness and if Windscribe is acting in good faith to determine the the validity of it. More important users already agree to 1. indemnify themselves for any claims (have fun paying all of windscribes legal fees and getting nothing even if you do win) 2. accept that their access can be terminated for any reason (a very vague and common clause in any ToS) 3. severability (even if the court determines their definition of "abuse" is to vague and nullifies it, the rest of the ToS can still be upheld) so it wouldn't matter anyway.

@Bohdan Kushnirchuk Hello! How to solve: To grant Terminal full disk access (except some specific critical directories) on macOS, follow these steps: Open System Settings (or System Preferences): On macOS Ventura and later, click the Apple menu at the top-left of your screen, then choose System Settings. On macOS Monterey or earlier, choose System Preferences. Go to Privacy & Security: In System Settings (Ventura and later), select Privacy & Security in the left-hand menu. In System Preferences (Monterey and earlier), click Security & Privacy, then go to the Privacy tab. Select Full Disk Access: In the Privacy & Security or Security & Privacy tab, scroll down and click Full Disk Access in the left menu. Unlock Settings: At the bottom-left of the window, you might need to click the lock icon and enter your admin password to make changes. Add Terminal: Once the lock is open, click the + button beneath the list of apps with Full Disk Access. In the file chooser window that pops up, go to Applications > Utilities, and select Terminal. Click Open to add it to the list. Restart Terminal: Close the Terminal app if it’s open, then reopen it to apply the changes. 2. Open the terminal and change ownership of the relevant files: sudo chown root /Applications/Eddie.app/Contents/MacOS/* Kind regards

Hello! We're very glad to inform you that two new 10 Gbit/s full duplex servers located in New York City, USA, are available: Sadalmelik and Unurgunite. The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard.  Sadalmelik and Unurgunite support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor : https://airvpn.org/servers/Sadalmelik https://airvpn.org/servers/Unurgunite Do not hesitate to contact us for any information or issue. Kind regards & datalove AirVPN Staff

Hello! The unlimited traffic has nothing to do with slowing or not slowing down servers. The bandwidth allocation per connection slot as well as the amount of simultaneous connections inside the tunnel originated by each slot are crucial factors in this case and both those variables have been addressed in AirVPN ever since a decade ago. There's no need to limit the traffic in a given time frame for the purpose you mention; in fact, it would be ineffective. Kind regards

The article windscribe published says they do warn. But, some people have no email associated with their account. In that case it may seem like there's no warning but I think they'll give accounts a second chance in that case.

AirVPN use has gone up so much over the last year or so that I think they're struggling to keep up with demand.

Ho Canada... Severs are pretty much sutured all day long, worst during weekends.

I'm using the portable Linux version on Debian 12. I spent about an hour fighting with Eddie today trying to upgrade to the latest version. It turned out that it wasn't connecting to a server because it was defaulting to WireGuard whereas the old version I was using defaulted to OpenVPN. I had to dig in to the configurations to find that there is a command-line option '--mode.type="openvpn"' . This should be an obvious GUI option to avoid users the headache. Also, I'm not sure why WireGuard isn't working, but I don't see it bundled in the portable zip, that could be the reason?

Sorry, what do you want to say?

How am I supposed to edit this? If I uncheck "Automatic" all I can seem to be able to do is to highlight individual rows, but there aren't any other options. Drag, Right click, middle click, double click, del button don't do anything.

Resolve servername_exit.airservers.org

Hi @OpenSourcerer, no, I`m not Sj0rs. If you scroll a bit down in his guide you wil lsee I "enhanced" his guide with Pictures, mentioning that this is based on his guide. As you can see his Guide does not have any IPv6 setup and as this was requested I thought it would be good to include it. While testing on my own how to acceive it, I found several "misconfiguratins" in his guide. Therefore I thought it might be good to create a complete new one. And to be boldly honest, yes the old guide should be marked as "deprecated" once I got the time to finish this guide. (Hope to do this today). Same as, if someone writes another guide adding value to the config can superseed my guide. Sj0rs has not ever replyed in his own guide, so I think he won`t even care what happes with his guide. He didn`t even bother to add pictures when asked nicely in the forum. If you feel it`s rude from me putting up a guide, let me know I can spend my time with other things then. My Setup is like 99% working so no need for me to post this here, I just wanted to give something back to the community as some of the guidance I`ve found in this forum.

Mullvad is only going to have Wireguard in the new year. Do most people using Air use WG or Openvpn? Does Air have stats on which protocol is used more? I hope AirVPN never drops OpenVPN support, there are older devices like routers etc that we can't use WG on. Mullvd drops port forwarding, then openvpn, hmm something fishy?! I notice Air's membership has doubled since Mull and IVPN dropped port-forwarding!!

Hi, I would like to set up split-tunneling by using the "routes" tab within the Eddie client (Windows). I want all traffic to be sent outside of the tunnel, except for my torrent client qBittorrent like it is described in this forum post. Unfortunately, the comment by the staff member did not include an explanation with steps how to do this exactly. I want to be sure that I am doing it correctly, so just guessing or trial and error is not an option, as I am worried about exposing my IP address if I do not set it up correctly. I was not able to find an explanation for this as all the other forum posts that I found only explained how to do it with using external software and not the Eddie client. My knowledge about networking is somewhat limited. So how exactly do I either exclude all traffic except from the tunnel except for the one specified? And how do I know which IP addresses I need to include for qBittorrent? are there multiple or just one? If someone knows how to see which one(s) it is in the "execution log" within qBittorrent please let me know. Adding these details in case they make a difference: I have port forwarding set up and use wireguard as a protocol and I have the Web-UI enabled to use with Prowlarr. I don't know if I am using IPv4 and/or IPv6.

Thanks, I ended up putting putting a Jffs script here and that seems to have worked. /jffs/scripts/nat-start Are your options better?

Hello, I recently understood how the split-tunnel works using Eddie for Linux, and I was thinking that a good use case would be to exclude google.com from the tunnel so that I don't get their captchas everytime I need to use it for search (it's not my go-to search engine, but sometimes I have to use it), but then to keep my traffic protected by the VPN when I open the search results. So, I wanted to ask other users in which scenarios do you use Eddie UI's split tunneling feature. For home banking? e-shopping? Just want to hear some ideas. Thank you all.

Hello! When you check "Don't ask elevation every run", Eddie creates a systemd unit (you don't need to create it manually) and therefore after you reboot the system, even if you run Eddie from your DE, no password should be asked, except the keyring password, or the Master Password if you enabled it. Might it be that you were prompted for that password? If you reproduce the issue, can we see a screenshot showing this password prompt? Kind regards

Hi, In settings i've checked "Don't ask elevation every run". But i don't know how to create service, or rather what to put in the service to make it work. And is it possible to tell the qbittorrent service to start up after Eddie-UI? If so, could someone please help me? Thanks !

This setting creates the unit. You don't need to do anything yourself. You can check whether it exists with: $ systemctl list-unit-files eddie* .

Future readers will be delighted to have said script.

I want to use a split tunnel, that is, specific applications are excluded from the VPN. https://github.com/tool-maker/VPN_just_for_torrents/wiki/Running-OpenVPN-on-Linux-without-VPN-as-Default-Gateway This option is unusable. I have the desire to explicitly set certain applications outside the VPN. Please update this system to include split tunneling like Private Internet Access does.

Hello! We have no plans to operate VPN servers in France (and in Italy) for the mandatory data retention framework still enforced in disdain of three different legally binding decisions of the CJEU (see below). France is in breach and Italy is too, but the Commission hesitates to open infraction procedures. Since the decisions pertain to the the preservation of a fundamental human right enshrined in the EU Charter of Fundamental Rights and in the European Convention on Human Rights, it does not seem inappropriate to consider that both France and Italy are committing one of the worst breaches a EU Member State can be guilty of. We might challenge with a casus belli the (il)legal framework in France, but we are already committed in other EU countries and we can't open potentially multiple legal battle fronts. The Court of Justice declares the Data Retention Directive to be invalid https://curia.europa.eu/jcms/upload/docs/application/pdf/2014-04/cp140054en.pdf The Members States may not impose a general obligation to retain data on providers of electronic communications services https://curia.europa.eu/jcms/upload/docs/application/pdf/2016-12/cp160145en.pdf The Court of Justice confirms that EU law precludes national legislation requiring a provider of electronic communications services to carry out the general and indiscriminate transmission or retention of traffic data and location data for the purpose of combating crime in general or of safeguarding national security https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-10/cp200123en.pdf Kind regards

I am running a number of services on my Ubuntu machine that I don't want or need to go through the tunnel. They are proxied using Nginx. However, as soon as I start eddie-cli, I lose external access to Nginx. I assume that's to do with the port forwarding, etc. Is there a way to tell eddie (or using routes or iptables?) to leave the Nginx out? I tried tell Nginx to bind to eno1 instead of tun0, but that didn't make a difference. I do need rutorrent to accept incoming connections via a port forwarded by airvpn. I assume (not sure if I'm correct) that I need eddie running for that to work?