Leaderboard

Hello! We have asked twice Wurren's datacenter support for investigations and interventions on intermittent Wurren malfunctions. Techies always claimed they found nothing, but we could clearly observe repeatedly a specific bandwidth choke on various (not all) IP addresses. Although the problem seems resolved and did not re-appear in the last week, we are waiting for delivery of 3 new servers in the same Kornephoros' datacenter to power up our presence in Toronto. They are currently at Canada custom, so it's likely that we will have them connected before the end of November. They feature powerful hardware and they will be connected to 10 Gbit/s full duplex lines. We are considering to decommission Wurren after the three new servers are operational. Kind regards

Hello! We reluctantly have to announce gloomy news to you all: Spooky Halloween Deals are now available in AirVPN... Save up to 74% on AirVPN longer plans (*) (*) When compared to 1 month plan price Deal will expire on 2025-11-04 UTC Check all plans and discounts here: https://airvpn.org/plans If you're already our customer and you wish to jump aboard for a longer period with this un-boo-lievable deal, any additional plan will be added on top of already existing subscriptions and you will not lose any day. Every plan gives you all the features that made AirVPN a nightmare for snoopers and a scary service for competitors. Just check this frighteningly long list of terrific features if you dare: a clear mission without compromises https://airvpn.org/mission exclusive and comfortable remote inbound port forwarding system flexible, opt-in block lists against malware and other hostile entities. Pick predefined lists, add exceptions or additional blocks, define your own lists, or just use our totally neutral DNS by default improved API functions to let you control and configure VPN features and account settings active OpenVPN 3 AirVPN library open source development WireGuard integration IPv6 support, including IPv6 over IPv4 refined load balancing to squeeze every last bit per second from VPN servers free and open source software for Android, Linux, Mac and Windows offering advanced features easy "Configuration Generator" web interface for access through third party software guaranteed minimum bandwidth allocation GDPR compliance and very high privacy protection standards no log and/or inspection of clients' traffic effective traffic leaks prevention by AirVPN software Tor support via AirVPN software on Linux, Mac and Windows various cryptocurrencies accepted without any intermediary no obligation to use our free and open source software to enter AirVPN infrastructure. Interoperability is an AirVPN priority. perfectly clear and easy to read Privacy Notice and Terms https://airvpn.org/privacy No tricks, only treats! We witch you a spooktacular Halloween AirVPN Staff

Added another 3 years, now 5 and half years as today Hope administration will add more powerful connections on eastern europe states like Romania, Serbia etc or maybe freshly new ones as Moldova,Albania, Hungary etc Cheers

While I love that you continue to support OpenVPN would you please reconsider a few WireGuard‑only 10–20 Gbit servers to quantify the uplift for users who prioritize raw speed and low latency? It’s my understanding that OpenVPN server processes are single‑threaded and CPU‑intensive. Co‑hosting OpenVPN and WireGuard on the same high‑capacity host (10–20 Gbit) can constrain aggregate throughput under load because per‑core bottlenecks caps per‑host headroom when many OpenVPN clients are active. In cities where you have multiple 20 Gbit servers like New York dedicating one to Wireguard doesn't seem unreasonable? Thank you for your consideration.

The main reason why I use Airvpn is because it has no what I call 'vpn lag', where even with low ping and bandwidth load, performance feels like you're walking through water. This is my 3rd-4th year, and I've noticed this lag on SG servers for at least the last 6 months, so much so I'd rather connect to Japan or the new Taiwan server than use SG servers. Yes, I'm getting better internet surfing performance in higher ping JP/TW Servers than lower ping SG Servers, even when load is low. Then for the the last 1 week, the load on SG and JP servers have been close to max for almost all of them. This is disappointing. Are there plans to upgrade to 10Gbit servers for this region soon?

Hello all, This is collection from different tutorials which I will refer here, but usually changed since some things changed. Setting up VPN on Synology is modified neolefort tutorial from here and reconnect script if from sundi which you can find here, which probably modified this script, plus my iptables for blocking Synology on router level when VPN fails. Other contributions: foobar666 - you no longer need to enter variables manually _sinnerman_ - fixed script for DS 6.1 I'm doing this mostly because I usually forget things I managed to solve after year or two, so this is way to have constant reminder how it was solved and also help others. 1. Get your certificates from AirVPN. Go to the https://airvpn.org/generator/ page to generate the configuration file. (1) SELECT the Advanced Mode (under "Config generator" title ) (2) SELECT LINUX OS (3) Under "Protocols" section select one with protocol UDP, port 443 and tls-auth in the right column (at the time of writing, it was in middle of the list). You can choose any combination of protocol/port, but then also change iptables accordingly if you are using failsafe script. Don't choose any combination which has tls-crypt in the right column. (4) Under "Advanced - OpenVPN only" section (right part of page), toggle "Separate keys/certs from .ovpn file" button and change/leave OpenVPN version to 2.5 (This works in DSM 7.2.1. For older versions you will maybe have to select OpenVPN version 2.4). (5) SELECT 1 SERVER (refer to section "by single servers") OR COUNTRY OR ANYTHING ELSE YOU WANT In original tutorial, neolefort said to choose 1 server, because in that case you will get IP instead of xxx.airvpn.org domain. Choosing 1 server is safe because it doesn't need working DNS when you want to connect to VPN. If you choose anything else, you need working DNS on your router when establishing VPN connection. (6) Click "GENERATE" at the bottom. (7) Page will reload with links on top to your files, save them to you computer. Following files will be generated: -AirVPN_XXXXX_UDP-443.ovpn -ca.crt -user.crt -user.key -ta.key 2. Setup AirVPN on Synology. - Login as admin or with user from Administrator group. - Open Control panel. - Go "Network" and click on tab "Network Interface" - Click on button "Create" - "Create VPN profile" - Choose "OpenVPN (via importing .ovpn file)" - Click "Advanced options" so it shows all options - Profile name: anything you want, but please keep is short and if you can without spaces " ", for example "AirVPN". - User name: LEAVE EMPTY (for DSM 7+ just put anything here) - Password: LEAVE EMPTY (for DSM 7+ just put anything here) - Import .ovpn file: click button and import your AirVPN_XXXXX_UDP-443.ovpn - CA certificate: click button and import your ca.crt - Client certificate: click button and import your user.crt - Client key: click button and import your user.key - Certificate revocation: LEAVE EMPTY - TLS-auth key: click button and import your ta.key - Click "Next" - Select all options and click "Done" Now you have working OpenVPN link on your Synology. You just need to start it from "Control panel" - "Network" - "Network Interface". If you want to make your connection faster, you can remove some ciphers. Look for this line in .ovpn file: data-ciphers AES-256-GCM:AES-256-CBC:AES-192-GCM:AES-192-CBC:AES-128-GCM:AES-128-CBC And change it to this: data-ciphers AES-128-GCM Then save file and create new connection with it. After some testing I found out AES-128-GCM is fastest from all other mentioned in settings. You can also test other ciphers your self and leave one you find fastest. EXTRAS!!! 3. Setting up external access to your Synology. First what you will notice is, "I CAN'T ACCESS MY SYNOLOGY FROM OUTSIDE OF MY LAN!!!!!!! OMG OMG OMG!!!!" I will not explain port fowards on your router here, if you don't know how to make one, learn! (1) You can port forward trough AirVPN webpage and access your Syno via VPN exit IP. This sometimes works, most of times it doesn't since Syno has some ports you cannot change. Anyway, change your default HTTP / HTTPS port on Syno to your forwarded AirVPN port and you should be fine. But forget about Cloudstation and similliar things. (2) If you want to access Syno via you ISP IP (WAN), then problem is, your Syno is receiving your connection, but it's replying trough VPN. That's a security risk and those connections get droped. But there is solution! - Access "Control panel" - "Network" - "General" - Click "Advanced Settings" button - Mark "Enable multiple gateways" and click "OK" and then "Apply" You're done! It's working now (if you forwarded good ports on your router). 4. Prevent leaks when VPN connection on Synology fails. There will be time, when you VPN will fail, drop, disconnect, and your ISP IP will become visible to world. This is one of ways you can prevent it, on router level. For this you need Tomato, Merlin, DD-WRT or OpenWRT firmware on your router. I will tell you steps for Tomato router. If you are using different firmware, then you need to learn alone how to input this code into your router. Since Shibby version 129 for ARM routers, syntax of iptables changed and depending on which version of iptables you are using, apply that code. - Login to your router (usually just by entering 192.168.1.1 into your browser, if your IP is different, find out which is your gateway IP). - Click on "Administration" - Click on "Scripts" - Choose tab "Firewall" For Shibby v129 for ARM and later (iptables 1.4.x) us this: #Use this order of commands because it executes in reverse order. #This command will execute last, it kills all UDP requests. iptables -I FORWARD -p udp -s 192.168.1.100 -j REJECT #This command will execute second and will block all TCP source ports except those needed for web access or services iptables -I FORWARD -p tcp -s 192.168.1.100 -m multiport ! --sports 5000,5001,6690 -j REJECT #This command will execute first and will ACCEPT connection to your VPN on destination port 443 UDP iptables -I FORWARD -p udp -s 192.168.1.100 -m multiport --dports 443 -j ACCEPT For earlier Shibby versions and later for MIPS routers: #Use this order of commands because it executes in reverse order. #This command will execute last, it kills all UDP requests. iptables -I FORWARD -p udp -s 192.168.1.100 -j REJECT #This command will execute second and will block all TCP source ports except those needed for web access or services iptables -I FORWARD -p tcp -s 192.168.1.100 -m multiport --sports ! 5000,5001,6690 -j REJECT #This command will execute first and will ACCEPT connection to your VPN on destination port 443 UDP iptables -I FORWARD -p udp -s 192.168.1.100 -m multiport --dports 443 -j ACCEPT Port TCP 5000 = HTTP for for Synology web access (change to your if it's not default) Port TCP 5001 = HTTPS for for Synology web access (change to your it's not default) Port TCP 6690 = Cloud Station port Port UDP 443 = AirVPN connection port which you defined in step 1 of this tutorial. If you are using TCP port, then you need to change "-p udp" to "-p tcp" in that line. If you need more ports, just add them separated by comma ",". If you want port range, for example 123,124,125,126,127, you can add it like this 123:127. Change IP 192.168.1.100 to your Synology LAN IP. Be careful NOT TO assign those ports to your Download Station on Synology. This isn't perfect, you can still leak your IP through UDP 443, but since torrent uses mostly TCP, those chances are minimal. If you use TCP port for VPN, then those chances increase. If you really want to be sure nothing leaks even on UDP 443 (or your custom port), you need to choose 1 (ONE) AirVPN server. You need to find that server entry IP and change last IPTABLES rule to something like this: iptables -I FORWARD -p udp -s 192.168.1.100 -d 123.456.789.123 -m multiport --dports 443 -j ACCEPT Where 123.456.789.123 is AirVPN server entry IP. This will allow UDP 443 only for that server, rest will be rejected by router. These are all my opinions, from my very limited knowledge, which may be right and may be wrong. 5. Auto reconnection when VPN is down. Since when you made your VPN connection on your Synology, you checked "Reconnect" option, Syno will try to reconnect automaticly when connection fails. But in some cases, your network will be offline long enough and Syno will stop trying to reconnect, or will hang with VPN connection established, but not working. In those cases you can use this auto reconnect script. This is reconnect script. Just select all script text and copy it. #VPN Check script modified Sep 11, 2016 #Script checks if VPN is up, and if it is, it checks if it's working or not. It provides details like VPN is up since, data #received/sent, VPN IP & WAN IP. #If VPN is not up it will report it in the log file and start it #Change LogFile path to your own location. #Save this script to file of your choosing (for example "synovpn_reconnect"). Store it in one of your Synology shared folders and chmod it: "chmod +x /volume1/shared_folder_name/your_path/synovpn_reconnect" #Edit "/etc/crontab" and add this line without quotes for starting script every 10 minutes: "*/10 * * * * root /volume1/shared_folder_name/your_path/synovpn_reconnect" #After that restart cron with: "/usr/syno/sbin/synoservicectl --restart crond" #!/bin/sh DATE=$(date +"%F") TIME=$(date +"%T") VPNID=$(grep "\[.*\]" /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "[" | cut -f 1 -d "]") VPNNAME=$(grep conf_name /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "=") LogFile="/volume1/filmovi/Backup/airvpn/check_airvpn_$DATE.log" PUBIP=$(curl -s -m 5 icanhazip.com) #PUBIP=$(curl -s -m 5 ipinfo.io/ip) #PUBIP=$(curl -s -m 5 ifconfig.me) CHECKIP=$(echo $PUBIP | grep -c ".") start_vpn() { echo "VPN is down. Attempting to (re)start now." >> $LogFile # /usr/syno/bin/synovpnc kill_client --protocol=openvpn --name=$VPNNAME /usr/syno/bin/synovpnc kill_client /bin/kill `cat /var/run/ovpn_client.pid` 2>/dev/null sleep 35 echo 1 > /usr/syno/etc/synovpnclient/vpnc_connecting echo conf_id=$VPNID > /usr/syno/etc/synovpnclient/vpnc_connecting echo conf_name=$VPNNAME >> /usr/syno/etc/synovpnclient/vpnc_connecting echo proto=openvpn >> /usr/syno/etc/synovpnclient/vpnc_connecting /usr/syno/bin/synovpnc reconnect --protocol=openvpn --name=$VPNNAME >> $LogFile } sleep 6 echo "======================================" >> $LogFile echo "$DATE $TIME" >> $LogFile if ifconfig tun0 | grep -q "00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00" then if [ "$CHECKIP" == 1 ] then IPADDR=$(/sbin/ifconfig tun0 | grep 'inet addr' | cut -d: -f2 | awk '{print $1}') RXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f2 | awk '{print $1,$2,$3}') TXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f3 | awk '{print $1,$2,$3}') UPTIME=$(cat /var/log/messages | grep "$IPADDR" | awk '{print $1}' | tail -1) UPTIME=$(date -d"$UPTIME" +"%Y/%m/%d %H:%M:%S") echo "VPN is up since: $UPTIME" >> $LogFile echo "Session Data RX: $RXDATA" >> $LogFile echo "Session Data TX: $TXDATA" >> $LogFile echo "VPN IP is: $IPADDR" >> $LogFile echo "WAN IP is: $PUBIP" >> $LogFile else start_vpn fi else start_vpn fi exit 0 (1) Login to you Synology DSM web interface as admin. - As admin go to "Control panel" - "Task Scheduler" (you need to enable advanced mode in top right corner of control panel for this) - Click "Create" button near top of page, then select "Scheduled Task" and then "User-defined script" (2) New popup window will open. - under "Task:" enter task name - under "User:" select "root" if it's not already selected - switch to "Schedule" tab and select how often you want this task to run, my settings are: - "Run of following days" - "Daily" - "First run time" - 00:00 - "Frequency" - "Every 10 minutes" - "Last run time" - 23:50 - switch to "Task settings" tab - paste script you copied into empty box under "User-defined script" title - press OK and you're done I tested this on DSM 6.2.2 and it works without problems for now. Still, I'm keeping old instructions in next post, if someone wants to do it like that. Tip: If you don't want logfile, you can comment out those lines, or remove ">> $LogFile" code from whole script. That's all. If you entered everything correctly, you should be fine and ready to go! Comments are welcome. If you find mistakes, please correct me.

I love the fact that existing customers always get to take advantage of the same offers new users get, thank you!

Hey there, Taiwan is a provincial administrative region of China, an inalienable part of China’s territory. But when I checked my IP on ipleak.net, I saw Taiwan was shown with those outdated flags, which is totally wrong. These flags don’t reflect the fact that Taiwan belongs to China. Using them misrepresents Taiwan’s status and goes against the One - China principle. It’s really important to fix this mistake. Please correct the display and stop using such wrong flags. Let’s make sure the info about Taiwan is right, in line with the One - China principle. Thanks for handling this!

We have kept the OP message to show the pervasiveness of the PRC's propaganda lackeys. We consider Taiwan (Republic of China) to be independent and autonomous from the PRC (People's Republic of China), as it is in fact. ipleak uses MaxMind and IANA databases to display results, and we are pleased that these are aligned with an anti-imperialist and democratic vision that is clearly unpalatable to the dictatorial regime of the PRC, which sees it as an obstacle to its expansionist ambitions.

Hi, I've been using AirVPN for about an hour and so far I love it, huge improvement over my previous VPN. I mostly use it for torrenting with Qbittorrent. I enabled port forwarding and am getting really good speeds so far. However, I am confused by the server selection. I live in the midwest US and it automatically chooses a server in Canada every time I connect. Should I just trust that this is the best option? I don't understand the ratings or how to sort by fastest bandwidth. I would prefer to just use auto select, set and forget, but am I missing out on a faster server closer to me? Also, random other question-- why is the client called Eddie? Thanks! I'm really happy to have found a decent VPN, hopefully I'll be with AirVPN for a long time!

@Undated8198 Hello, we have no plans to remove port forwarding, quite the contrary: we are currently deploying resources to delay port exhaustion and find alternative, but comfortable, procedures to keep offering this service in anticipation of port exhaustion. As you can see we already limited to new customers the amount of bookable ports, in order to preserve advertised features to those who are already our customers. We are committed to avoid retro-active modifications of the service for pre-existing customers, when such modifications would be detrimental for the service or anyway betraying an advertised feature. Kind regards

With news of Mullvad and now IVPN removing port forwarding, can we have assurance from staff that AirVPN is not planning to remove port forwarding?

Hello! We have no plans to operate VPN servers in France (and in Italy) for the mandatory data retention framework still enforced in disdain of three different legally binding decisions of the CJEU (see below). France is in breach and Italy is too, but the Commission hesitates to open infraction procedures. Since the decisions pertain to the the preservation of a fundamental human right enshrined in the EU Charter of Fundamental Rights and in the European Convention on Human Rights, it does not seem inappropriate to consider that both France and Italy are committing one of the worst breaches a EU Member State can be guilty of. We might challenge with a casus belli the (il)legal framework in France, but we are already committed in other EU countries and we can't open potentially multiple legal battle fronts. The Court of Justice declares the Data Retention Directive to be invalid https://curia.europa.eu/jcms/upload/docs/application/pdf/2014-04/cp140054en.pdf The Members States may not impose a general obligation to retain data on providers of electronic communications services https://curia.europa.eu/jcms/upload/docs/application/pdf/2016-12/cp160145en.pdf The Court of Justice confirms that EU law precludes national legislation requiring a provider of electronic communications services to carry out the general and indiscriminate transmission or retention of traffic data and location data for the purpose of combating crime in general or of safeguarding national security https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-10/cp200123en.pdf Kind regards

This is by design, see for example: Huh? Of course it does – for supported websites and services. And offering double hop between servers of the same VPN provider does not add anything to privacy, safety or security, it just caters to unnecessary paranoia. The solid recommendation is to use Tor as it is designed to route traffic through multiple nodes. Much more thorough and battle-tested as when AirVPN would implement something akin to it.

AmneziaWG to AirVPN no longer works on Beeline, I cannot find any settings which would work. Obviously they learned how to block it. That means other ISPs may follow soon. May be if AirVPN used AmneziaWG on the server side we could try the fake packet parameters (S1 and S2) but as it's not gonna happen we're out of luck. We're pushed more and more to buy and set up our own servers with XRay/SingBox just to use the full Internet, or use the shady services offered in Telegram. It's no longer a privacy question, it's for the sakes of information access. As long as it works we want it because we need it.