Leaderboard

Hello! We're very glad to inform you that two new 10 Gbit/s full duplex servers located in Amsterdam, the Netherlands, are available: Taiyangshou and Vindemiatrix. The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. They support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor : https://airvpn.org/servers/Taiyangshou https://airvpn.org/servers/Vindemiatrix Do not hesitate to contact us for any information or issue. Kind regards & datalove AirVPN Staff

Man im tempted to buy more time but I think im covered

We have kept the OP message to show the pervasiveness of the PRC's propaganda lackeys. We consider Taiwan (Republic of China) to be independent and autonomous from the PRC (People's Republic of China), as it is in fact. ipleak uses MaxMind and IANA databases to display results, and we are pleased that these are aligned with an anti-imperialist and democratic vision that is clearly unpalatable to the dictatorial regime of the PRC, which sees it as an obstacle to its expansionist ambitions.

Hello! We're very glad to inform you that the Black Friday weeks have started in AirVPN! Save up to 74% when compared to one month plan price Check all plans and discounts here: https://airvpn.org/buy If you're already our customer and you wish to jump aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day. AirVPN is one of the oldest and most experienced consumer VPN on the market, operating since 2010. It never changed ownership and it was never sold out to data harvesting or malware specialized companies as it regrettably happened to several competitors. Ever since 2010 AirVPN has been faithful to its mission. AirVPN does not inspect and/or log client traffic and offers: five simultaneous connections per account (additional connection slots available if needed) state of the art and flexible inbound remote port forwarding active daemons load balancing for unmatched high performance - current 'all time high' on client side is 730 Mbit/s with OpenVPN and 2000 Mbit/s with WireGuard flexible and customizable opt-in block lists protecting you from adware, trackers, spam and other malicious sources. You can customize answers or exceptions globally, at account level or even at single device level. powerful API IPv6 full support comfortable management of your client certificates and keys AES-GCM and ChaCha20 OpenVPN ciphers on all servers Perfect Forward Secrecy with unique per-server 4096 bit Diffie-Hellman keys internal DNS. Each server runs its own DNS server. DNS over HTTPS and DNS over TLS are also supported. free and open source software client side software support to traffic splitting on an application basis on Android and Linux and on a destination basis on Windows and macOS GPS spoofing on Android application AirVPN is the only VPN provider which is actively developing OpenVPN 3 library with a fork that's currently 330 commits ahead of OpenVPN master and adds key features and bug fixes for a much more comfortable and reliable experience: https://github.com/AirVPN/openvpn3-airvpn AirVPN, in accordance with its mission, develops only free and open source software for many platforms, including Android, Linux (both x86 and ARM based systems), macOS and Windows. Promotion due to end on 2025-12-03 (UTC). Kind regards & datalove AirVPN Staff

I also extended my subscription for one year. Easily the best VPN on the market and no other competitor gets even close. Thanks AirVPN staff!

Another year added. Thanks!

I think you will find after some more experimentation that, if you type in www.reddit.com, the HTTP code you get back is actually 302, a redirect to HTTPS. Which is correct and corresponds with best practices for HTTPS redirects. Typing in https://www.reddit.com instead will yield the correct result. It doesn't help that the route checker deems those redirects as errors, too, and so colors the cell's background red, so I agree in so far as one of two things could happen to remedy this: The background color should be yellow to indicate a redirect which doesn't have to be a block. But that tool is actually there to tell you "yep, works" or "nope, not from here" at a glance. Yellow as in "meh, maybe, check yourself" is beyond unhelpful. If a web server returns a 301 or 302, follow the Location header once to cater to the common case of a HTTPS redirect and print the result for that new URL. But this could produce false positive results: If a website viewed from the server returns a 302 to a webpage basically saying "sorry, you've been blocked", that webpage will of course have a green 200 return code. What a sweet dream. Check out OneDrive/Outlook, Netflix, Hulu, BBC iPlayer, etc. and maybe all those sites sitting behind a Sucuri WAF. What you could do is to keep track of the Blocked websites warning forum and update your list with every new thread and post. It'd be a help, but would demand work from you alone, continuously even. But if effective, such as thread could be pinned in this forum for visibility and be a boon for the community, I'm sure.

One more year for me! Thanks AirVPN and keep up the good work

Hello! We're very glad to inform you that a new 1 Gbit/s full duplex server located in Singapore is available: Azelfafage. The AirVPN client will show automatically the new server. If you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts OpenVPN connections on ports 53, 80, 443, 1194, 2018 UDP and TCP, and WireGuard connections on ports 1637, 47107 and 51820. Just like every other Air server, Azelfafage supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/Azelfafage Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team 

The implementation tunnels WireGuard UDP traffic through HTTP/3 using the QUIC protocol, making encrypted VPN traffic look identical to regular web browsing.SQUIC started as Google's project to accelerate web traffic and became HTTP/3 in June 2022. The protocol uses UDP instead of TCP, eliminating handshake delays. Mullvad exploits the MASQUE tunneling spec (RFC 9298) to proxy UDP through HTTP servers. State censors (China etc.) see HTTPS web traffic while the VPN tunnel hides inside that envelopetate censors see HTTPS web traffic while the VPN tunnel hides inside that envelope. Can we get this? taken from:

Your grumpy response is amusing, but perhaps not quite the spirit of helpfulness I am seeking. But I shall persist, Alex; you and I probably share a vision of an internet that is nudged into being VPN-friendly. We don't also need to be warring with each other on top of that. When I asked whether AirVPN could do something about it, what I actually meant was that AirVPN should do something about it. Specifically, if there are shared blocklists†, as I suspect, they could work with abuse teams to remove the blacklisting. I used to do some spam-fighting many years ago, with honeypots and the like, and that's exactly the kind of arms race that we had there. Reporters would report spam using the SMTP headers, it would influence various interconnected blocklists in subtle ways, and good service providers would be thus encouraged to terminate abusive accounts. I just contacted the admins of a large site, and I've mentioned their infra is emitting a high number of 429 responses, starting in the last few months, even though I've used them for many years. I've given them an example IP; I'm hopeful they'll come back to me with a concrete reason for their site's behaviour. Interestingly it makes no odds whether I am signed in, so I wonder if there could be some kind of WAF in the way. † Or they could be sharing the same large edge provider e.g. Cloudflare.

## Plex Remote Access via a AirVPN with Proxmox This guide explains how to run a Plex Media Server in a virtual machine that routes all its traffic through a separate, dedicated VPN gateway VM. This is ideal for users who want to expose Plex to the internet without revealing their home IP address. ## The "Double NAT" Problem The challenge is a "double NAT" scenario. A standard Plex setup assumes a simple path: Internet -> Your Router -> Plex. In this VPN setup, the path is more complex: Internet -> VPN Public IP -> VPN Server -> Your Alpine Gateway VM -> Your Plex VM this is some what of a guide for myself to show you how to configure the firewall rules to correctly forward traffic through this chain. when you have more than 1 NIC on a linux VM make sure you only have 1 gateway. you can have a NIC with no gateway and it will connect to LAN clients. ## 1. System Overview This setup uses two virtual machines on a Proxmox host: Alpine Linux Gateway VM: A minimal VM that connects to your VPN service (e.g., AirVPN using WireGuard) and acts as a router and firewall. Similar to Whomnix. Plex Server VM: A VM running your preferred OS (like MX Linux) that holds your Plex installation. Its internet traffic is routed exclusively through the Alpine Gateway. connects to NFS share for media. Network Layout: Proxmox Host: Connected to your main LAN. Internal Network: A private virtual bridge in Proxmox (e.g., vmbr1) using a subnet like 10.66.66.0/24. This network is for communication between VM's only, no WWW access until you connect to the alpine gateway. Alpine VM: Has two network cards. One on your LAN which connects to AirVPN (192.168.1.x, then the internal network forward packets to VM's with IP (e.g., 10.66.66.1). Plex VM: Has one network card on the internal network with a static IP (e.g., 10.66.66.70) and its gateway set to the Alpine VM's IP. (10.66.66.1) ## Step 1: Configure VPN Port Forwarding Get your forwarded port from AirVPN . This will be the first link in the chain. Log in to your VPN provider's control panel (the first image shows AirVPN's panel). Request a new port forward. Note the two ports it gives you change the Local Port diffrent from the main one: External Public Port: The port the outside world will connect to (e.g., 40516). Internal Forwarded Port: The port your gateway VM will receive traffic on (e.g., 6699). ## Step 2: Configure the Alpine Gateway VM Alpine Linux This is the most critical part. The Alpine VM must be configured to forward traffic from the VPN tunnel to your Plex VM. install wireguard and set up the AirVPN wireguard with wg-quick to auto start when booted up. This set up will use the following format. WWW 40516 --> AirVPN 6699 --> Alpine Gateway 40516 --> Plex VM 32400 ### A. Enable IP Forwarding Edit /etc/sysctl.conf and make sure this line is uncommented: net.ipv4.ip_forward=1 ### B. Create a Startup Script In Alpine, rc services are used for startup. Create a script to bring up your VPN and apply your firewall rules. Create the file: sudo nano /etc/local.d/vpn-firewall.start Paste the following script inside, adjusting interfaces and IPs as needed. #!/binbash sleep 5 ip link set eth1 up sleep 2 # Bring down the tunnel to ensure a clean state wg-quick down wg0 2>/dev/null sleep 2 # Bring up the WireGuard tunnel wg-quick up wg0 sleep 2 echo "WireGuard tunnel activated." >> /var/log/wireguard-boot.log # Flush old rules for a clean slate iptables -t nat -F PREROUTING iptables -t nat -F POSTROUTING iptables -F FORWARD echo "Applying new iptables rules..." >> /var/log/wireguard-boot.log # Rule 1: Allow established connections to return iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT # Rule 2: Masquerade (NAT) all outgoing traffic from the internal network through the WireGuard tunnel iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE # Rule 3: DNAT - This is the Plex port forward. iptables -t nat -A PREROUTING -i wg0 -p tcp --dport 6699 -j DNAT --to-destination 10.66.66.70:32400 # Rule 4: FORWARD - This allows the packet from the DNAT rule to be forwarded to the Plex VM. iptables -A FORWARD -i wg0 -o eth1 -p tcp -d 10.66.66.70 --dport 32400 -j ACCEPT echo "Firewall rules applied successfully." >> /var/log/wireguard-boot.log # Ping check host="10.128.0.1" count=1 if ping -c "$count" "$host" > /dev/null 2>&1; then echo "$(date) Ping to $host successful." >> /var/log/wireguard-boot.log else echo "$(date) Failed to ping $host. Restarting WireGuard." >> /var/log/wireguard-boot.log wg-quick down wg0 2>/dev/null && wg-quick up wg0 && sleep 3 fi echo "$(date) WireGuard setup complete." >> /var/log/wireguard-boot.log Make the script executable: sudo chmod +x /etc/local.d/vpn-firewall.start Now this script will run automatically on boot. ## Step 3: Configure Plex Remote Access ✅ Finally, tell Plex about your custom setup. In Plex, go to Settings -> Remote Access. Check the box for "Manually specify public port". Enter the External Public Port AirVPN gave you (e.g., 40516). Click Apply. Plex should briefly check the connection and then show the green "Fully accessible" message. I wouldn't trust Plex port checker use the AirVPN one as it is more robust and won't give false positives. Your Plex server is now fully accessible from outside your network through your secure VPN gateway. Once you confirm Alpine is set up properly you can now set the drive to be read only as good practice. Make sure you untick Enable Relay in network in Plex to avoid using the unreliable and slow speed network. if you have issues check you have right ports forwarded in alpine with iptables -t nat -L PREROUTING --line-numbers

Hello, Are there any plans to add at least one Greek server in order to resolve the various restrictions in the Greek TV services? (https://airvpn.org/topic/16138-greek-tv-geographical-restrictions) ? If it can be solved in another way then great Thank you

I'd like to add a third vote for a Greek server (though I of course understand 3 votes in 6 years don't amount to much 🙂). One use case is media, but a second (arguably more important) one is that Greek government websites (basically anything under *.gov.gr), or rather the Akamai CDN they use, seem to implement some rate limiting that makes them basically unusable from (at least some) foreign IPs (but that's across several years and different ISPs). Currently I have to resort to occasionally paying a separate VPN provider for both of these use cases, which as a loyal Air customer of nearly a decade now I would much prefer not to have to do. A rerouting server as mentioned above could perhaps be suitable for both of these cases, though I'm not sure what that would entail exactly.

According to this definition there is no censorship at all anywhere enforced by governments, not in North Korea, not in France, not in China... Please note that your definition is pure fantasy, if not insulting. Censorship is exactly suppression of speech, public communication, or other information subversive of the "common good", or against a given narrative, by law or other means of enforcement. The fact that censorship is enforced by law or by a government body does not make it less censorship. Furthermore, historically censorship was an exclusive matter of some central authority (the first well documented case is maybe the censorship rules to preserve the Athenian youth, infringed by Socrates, for which he was put to death, although the etymology comes from the Roman Office of Censor which had the duty to regulate on citizens' moral practices) and today censorship by governments is predominant. Even In modern times censorship through laws has been and is predominant and pervasive according to Britannica and many academic researches. Then you can discuss ad nauseam whether censorship by law is "right" or "wrong", whether France's censorship is "better" than China's censorship, but you can't change the definition of censorship, otherwise this discussion will become delirious. Kind regards

Hello! Please check your setup against the following guide: https://airvpn.org/faq/p2p/ On top of that, we have noticed a malfunction in some qBittorrent version (for example 4.5.5) in FreeBSD and Linux related to binding. If you set Tools > Preferences > Advanced > Optional IP addresses to bind to into All addresses, qBittorrent will reply only to IPv6 packets. If that's your case too, set that combo box to All IPv4 addresses. For additional safety you can also set the Network interface combo box (available in the same advanced menu) to your VPN interface. Always run qBittorrent only after a VPN connection has been successfully established. Kind regards

You're either a troll or completely unhelpful. Next time read the post. This isn't a problem particular to AirVPN, and since I have tried literally everything I can think of and spent several hundred dollars in the process of doing so, I am seeking help on the possible causes. Preferably from people who know what they are talking about. I'll take your style advice in consideration 🙄

Hello AirVPN Staff and others. I would very much like to have an API call for creating and removing port forwardings, including requesting a random port. This would allow users to have a different port open for every session started. Setting up a port to be forwarded is already pretty simple, but it does still require having a web browser running and logging in to Air. This may be a small obstacle, but an obstacle nonetheless. I strongly suspect many people will set up a port forwarding only once, and then using the same port for all future sessions, and this has some negative implications for privacy. It is already possible to have this functionality when talking to Air's web server through a browser and clicking buttons manually, so I'm making the assumption it will not be too difficult to do the same through an official HTTP-based API. Does this make sense? I'd love to hear what you think.