Leaderboard

Hello! We're very glad to inform you that a new 1 Gbit/s full duplex server located in Auckland (NZ) is available: Mothallah. The AirVPN client will show automatically the new server. If you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts OpenVPN connections on ports 53, 80, 443, 1194, 2018 UDP and TCP, and WireGuard connections on ports 1637, 47107 and 51820. Just like every other Air server, Mothallah supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/Mothallah Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team 

Hello! We're very glad to inform you that a new 1 Gbit/s full duplex server located in Singapore is available: Azelfafage. The AirVPN client will show automatically the new server. If you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts OpenVPN connections on ports 53, 80, 443, 1194, 2018 UDP and TCP, and WireGuard connections on ports 1637, 47107 and 51820. Just like every other Air server, Azelfafage supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/Azelfafage Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team 

One more year for me! Thanks AirVPN and keep up the good work

Even when logged into reddit.com, i now get a "You've been blocked by network security" message. Furthermore, the route checking tool shows that reddit.com is inaccessible from all AirVPN servers (HTTP 403). i don't know if the 403 is because the route checking tool can't be logged into Reddit while checking, or if something has changed recently.

I wish I knew myself. Don't really know how to troubleshoot this, either. Might be comparable, but probably not better. From the roadmap I surmise that OpenVPN 2 will still be a single-core application as multithreading is not found in the feature list, so this bottleneck will persist. Conclusive tests must be done once 2.7 is stable and rolled out to some test servers. For now, I lost interest in finding out why DCO <> non-DCO doesn't work as my OpenVPN setup is now DCO <> DCO. Still using Wireguard primarily, though.

Hello! We're very glad to inform you that Eddie Android edition 3.3.0 has been released. Eddie Android edition is a fully integrated with AirVPN, free and open source WireGuard and OpenVPN GUI client. It is based on official WireGuard library and latest OpenVPN3-AirVPN library (free and open source software library by AirVPN), allowing comfortable connections to both OpenVPN and WireGuard servers. Source code is available on GitLab: https://gitlab.com/AirVPN/EddieAndroid Eddie Android edition 3.3.0 is linked against updated libraries. It is compatible with Android 5.1 and higher versions, up to Android 16, and features revamped ergonomics and important new features. What's new full compatibility with Android 15 and 16 compatible with Android 5.1 and higher versions new, remarkably improved NetworkMonitor improvements in ergonomics for faster and more comfortable use updated OpenSSL, OpenVPN3-AirVPN and WireGuard libraries ability to start and connect during the device bootstrap on all supported Android TV and Android versions, with or without "Always on VPN" opt in ability to auto connect when the app is launched through the new option Settings > AirVPN > Start quick VPN connection at application startup. It requires an account that had logged in with "Remember me" checked updated code, SDK 16 100% compliant see the complete changelog here: https://gitlab.com/AirVPN/EddieAndroid/-/blob/master/ChangeLog.txt Main features WireGuard and OpenVPN support Battery-conscious application, with low RAM footprint Ergonomic and friendly interface Ability to start and connect the application at device bootstrap and/or at app launch, with or without "Always on VPN" GPS spoofing Traffic splitting and reverse traffic splitting on an application basis. You can define which apps must have traffic inside or outside the VPN tunnel through white and black list Localization in simplified and traditional Chinese, Danish, English, French, German, Italian, Portuguese, Russian, Spanish, Turkish Full integration with AirVPN Quick tile button Enhanced security thanks to locally stored encrypted data through optional master password (warning: this option prevents the app from automatically connecting during the startup) Quick one-tap connection and smart, fully automated server selection Smart server selection with custom settings  Manual server selection  Full Android TV compatibility including D-Pad support. Mouse emulation is not required.  Ability to generate configuration files based on the user settings for both OpenVPN and WireGuard Increased accessibility for visually impaired persons  Download link Eddie Android edition 3.3.0 APK can be downloaded here: https://airvpn.org/android/eddie A quick start guide is available at the same above linked page. Quick link to the APK: https://airvpn.org/tv Eddie Android edition is also available on the Google Play Store: https://play.google.com/store/apps/details?id=org.airvpn.eddie and on the Amazon App Store: https://www.amazon.com/Eddie-AirVPN-official-OpenVPN-GUI/dp/B07KTD6DH9 Eddie Android edition is the only VPN application developed by AirVPN for Android. Beware of imitations on the Play Store with very similar names that conceal potential scams. How to sideload Eddie Android edition on Android TV and FireOS devices https://airvpn.org/android/eddie/apk/tv/ Kind regards & datalove AirVPN Staff

Ah, yes, it's the DDoS protection mechanism. I analyzed it a little once:This part really needs JavaScript, otherwise you're a bot to the software. I see. I might check that out later myself.

The implementation tunnels WireGuard UDP traffic through HTTP/3 using the QUIC protocol, making encrypted VPN traffic look identical to regular web browsing.SQUIC started as Google's project to accelerate web traffic and became HTTP/3 in June 2022. The protocol uses UDP instead of TCP, eliminating handshake delays. Mullvad exploits the MASQUE tunneling spec (RFC 9298) to proxy UDP through HTTP servers. State censors (China etc.) see HTTPS web traffic while the VPN tunnel hides inside that envelopetate censors see HTTPS web traffic while the VPN tunnel hides inside that envelope. Can we get this? taken from:

I do understand that technical problems are incredibly frustrating. I feel your pain, and I try to help others get past this hurdle. I'm going to ask you to just trust the next couple points: Judging from the emotion in your post, you need a break. Just walk away from this project for 24-48 hours and give your mind and body a rest. Do something that you enjoy. When you come back to these problems with a fresh and rested mind you will be able to try again and succeed. A fresh brain is an AMAZING thing. Know that AirVPN is not the cause of these issues; you are in the right place. You are posting among torrenting LEGENDS who could use any VPN they desire, and they chose to be here. Trust that there is a good reason for that and that you made a great decision to be here. Assuming that you are now well rested, please start again by looking at my stack. This stack configuration has literally torrented hundreds of terabytes; it works! Then, check your AirVPN profile to ensure you set everything up properly and did not rush over or skip a step: When you go to the devices screen have you set up a device? In the ports screen is that device linked to the port (in the dropdown)? When making your config file did you select that device? When working correctly, the sessions screen should list your device at the top of the card when connected; does it? If you accomplish all these things and still have an issue, post again with the current status of things and I'll take another look.

Hello all, This is collection from different tutorials which I will refer here, but usually changed since some things changed. Setting up VPN on Synology is modified neolefort tutorial from here and reconnect script if from sundi which you can find here, which probably modified this script, plus my iptables for blocking Synology on router level when VPN fails. Other contributions: foobar666 - you no longer need to enter variables manually _sinnerman_ - fixed script for DS 6.1 I'm doing this mostly because I usually forget things I managed to solve after year or two, so this is way to have constant reminder how it was solved and also help others. 1. Get your certificates from AirVPN. Go to the https://airvpn.org/generator/ page to generate the configuration file. (1) SELECT the Advanced Mode (under "Config generator" title ) (2) SELECT LINUX OS (3) Under "Protocols" section select one with protocol UDP, port 443 and tls-auth in the right column (at the time of writing, it was in middle of the list). You can choose any combination of protocol/port, but then also change iptables accordingly if you are using failsafe script. Don't choose any combination which has tls-crypt in the right column. (4) Under "Advanced - OpenVPN only" section (right part of page), toggle "Separate keys/certs from .ovpn file" button and change/leave OpenVPN version to 2.5 (This works in DSM 7.2.1. For older versions you will maybe have to select OpenVPN version 2.4). (5) SELECT 1 SERVER (refer to section "by single servers") OR COUNTRY OR ANYTHING ELSE YOU WANT In original tutorial, neolefort said to choose 1 server, because in that case you will get IP instead of xxx.airvpn.org domain. Choosing 1 server is safe because it doesn't need working DNS when you want to connect to VPN. If you choose anything else, you need working DNS on your router when establishing VPN connection. (6) Click "GENERATE" at the bottom. (7) Page will reload with links on top to your files, save them to you computer. Following files will be generated: -AirVPN_XXXXX_UDP-443.ovpn -ca.crt -user.crt -user.key -ta.key 2. Setup AirVPN on Synology. - Login as admin or with user from Administrator group. - Open Control panel. - Go "Network" and click on tab "Network Interface" - Click on button "Create" - "Create VPN profile" - Choose "OpenVPN (via importing .ovpn file)" - Click "Advanced options" so it shows all options - Profile name: anything you want, but please keep is short and if you can without spaces " ", for example "AirVPN". - User name: LEAVE EMPTY (for DSM 7+ just put anything here) - Password: LEAVE EMPTY (for DSM 7+ just put anything here) - Import .ovpn file: click button and import your AirVPN_XXXXX_UDP-443.ovpn - CA certificate: click button and import your ca.crt - Client certificate: click button and import your user.crt - Client key: click button and import your user.key - Certificate revocation: LEAVE EMPTY - TLS-auth key: click button and import your ta.key - Click "Next" - Select all options and click "Done" Now you have working OpenVPN link on your Synology. You just need to start it from "Control panel" - "Network" - "Network Interface". If you want to make your connection faster, you can remove some ciphers. Look for this line in .ovpn file: data-ciphers AES-256-GCM:AES-256-CBC:AES-192-GCM:AES-192-CBC:AES-128-GCM:AES-128-CBC And change it to this: data-ciphers AES-128-GCM Then save file and create new connection with it. After some testing I found out AES-128-GCM is fastest from all other mentioned in settings. You can also test other ciphers your self and leave one you find fastest. EXTRAS!!! 3. Setting up external access to your Synology. First what you will notice is, "I CAN'T ACCESS MY SYNOLOGY FROM OUTSIDE OF MY LAN!!!!!!! OMG OMG OMG!!!!" I will not explain port fowards on your router here, if you don't know how to make one, learn! (1) You can port forward trough AirVPN webpage and access your Syno via VPN exit IP. This sometimes works, most of times it doesn't since Syno has some ports you cannot change. Anyway, change your default HTTP / HTTPS port on Syno to your forwarded AirVPN port and you should be fine. But forget about Cloudstation and similliar things. (2) If you want to access Syno via you ISP IP (WAN), then problem is, your Syno is receiving your connection, but it's replying trough VPN. That's a security risk and those connections get droped. But there is solution! - Access "Control panel" - "Network" - "General" - Click "Advanced Settings" button - Mark "Enable multiple gateways" and click "OK" and then "Apply" You're done! It's working now (if you forwarded good ports on your router). 4. Prevent leaks when VPN connection on Synology fails. There will be time, when you VPN will fail, drop, disconnect, and your ISP IP will become visible to world. This is one of ways you can prevent it, on router level. For this you need Tomato, Merlin, DD-WRT or OpenWRT firmware on your router. I will tell you steps for Tomato router. If you are using different firmware, then you need to learn alone how to input this code into your router. Since Shibby version 129 for ARM routers, syntax of iptables changed and depending on which version of iptables you are using, apply that code. - Login to your router (usually just by entering 192.168.1.1 into your browser, if your IP is different, find out which is your gateway IP). - Click on "Administration" - Click on "Scripts" - Choose tab "Firewall" For Shibby v129 for ARM and later (iptables 1.4.x) us this: #Use this order of commands because it executes in reverse order. #This command will execute last, it kills all UDP requests. iptables -I FORWARD -p udp -s 192.168.1.100 -j REJECT #This command will execute second and will block all TCP source ports except those needed for web access or services iptables -I FORWARD -p tcp -s 192.168.1.100 -m multiport ! --sports 5000,5001,6690 -j REJECT #This command will execute first and will ACCEPT connection to your VPN on destination port 443 UDP iptables -I FORWARD -p udp -s 192.168.1.100 -m multiport --dports 443 -j ACCEPT For earlier Shibby versions and later for MIPS routers: #Use this order of commands because it executes in reverse order. #This command will execute last, it kills all UDP requests. iptables -I FORWARD -p udp -s 192.168.1.100 -j REJECT #This command will execute second and will block all TCP source ports except those needed for web access or services iptables -I FORWARD -p tcp -s 192.168.1.100 -m multiport --sports ! 5000,5001,6690 -j REJECT #This command will execute first and will ACCEPT connection to your VPN on destination port 443 UDP iptables -I FORWARD -p udp -s 192.168.1.100 -m multiport --dports 443 -j ACCEPT Port TCP 5000 = HTTP for for Synology web access (change to your if it's not default) Port TCP 5001 = HTTPS for for Synology web access (change to your it's not default) Port TCP 6690 = Cloud Station port Port UDP 443 = AirVPN connection port which you defined in step 1 of this tutorial. If you are using TCP port, then you need to change "-p udp" to "-p tcp" in that line. If you need more ports, just add them separated by comma ",". If you want port range, for example 123,124,125,126,127, you can add it like this 123:127. Change IP 192.168.1.100 to your Synology LAN IP. Be careful NOT TO assign those ports to your Download Station on Synology. This isn't perfect, you can still leak your IP through UDP 443, but since torrent uses mostly TCP, those chances are minimal. If you use TCP port for VPN, then those chances increase. If you really want to be sure nothing leaks even on UDP 443 (or your custom port), you need to choose 1 (ONE) AirVPN server. You need to find that server entry IP and change last IPTABLES rule to something like this: iptables -I FORWARD -p udp -s 192.168.1.100 -d 123.456.789.123 -m multiport --dports 443 -j ACCEPT Where 123.456.789.123 is AirVPN server entry IP. This will allow UDP 443 only for that server, rest will be rejected by router. These are all my opinions, from my very limited knowledge, which may be right and may be wrong. 5. Auto reconnection when VPN is down. Since when you made your VPN connection on your Synology, you checked "Reconnect" option, Syno will try to reconnect automaticly when connection fails. But in some cases, your network will be offline long enough and Syno will stop trying to reconnect, or will hang with VPN connection established, but not working. In those cases you can use this auto reconnect script. This is reconnect script. Just select all script text and copy it. #VPN Check script modified Sep 11, 2016 #Script checks if VPN is up, and if it is, it checks if it's working or not. It provides details like VPN is up since, data #received/sent, VPN IP & WAN IP. #If VPN is not up it will report it in the log file and start it #Change LogFile path to your own location. #Save this script to file of your choosing (for example "synovpn_reconnect"). Store it in one of your Synology shared folders and chmod it: "chmod +x /volume1/shared_folder_name/your_path/synovpn_reconnect" #Edit "/etc/crontab" and add this line without quotes for starting script every 10 minutes: "*/10 * * * * root /volume1/shared_folder_name/your_path/synovpn_reconnect" #After that restart cron with: "/usr/syno/sbin/synoservicectl --restart crond" #!/bin/sh DATE=$(date +"%F") TIME=$(date +"%T") VPNID=$(grep "\[.*\]" /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "[" | cut -f 1 -d "]") VPNNAME=$(grep conf_name /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "=") LogFile="/volume1/filmovi/Backup/airvpn/check_airvpn_$DATE.log" PUBIP=$(curl -s -m 5 icanhazip.com) #PUBIP=$(curl -s -m 5 ipinfo.io/ip) #PUBIP=$(curl -s -m 5 ifconfig.me) CHECKIP=$(echo $PUBIP | grep -c ".") start_vpn() { echo "VPN is down. Attempting to (re)start now." >> $LogFile # /usr/syno/bin/synovpnc kill_client --protocol=openvpn --name=$VPNNAME /usr/syno/bin/synovpnc kill_client /bin/kill `cat /var/run/ovpn_client.pid` 2>/dev/null sleep 35 echo 1 > /usr/syno/etc/synovpnclient/vpnc_connecting echo conf_id=$VPNID > /usr/syno/etc/synovpnclient/vpnc_connecting echo conf_name=$VPNNAME >> /usr/syno/etc/synovpnclient/vpnc_connecting echo proto=openvpn >> /usr/syno/etc/synovpnclient/vpnc_connecting /usr/syno/bin/synovpnc reconnect --protocol=openvpn --name=$VPNNAME >> $LogFile } sleep 6 echo "======================================" >> $LogFile echo "$DATE $TIME" >> $LogFile if ifconfig tun0 | grep -q "00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00" then if [ "$CHECKIP" == 1 ] then IPADDR=$(/sbin/ifconfig tun0 | grep 'inet addr' | cut -d: -f2 | awk '{print $1}') RXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f2 | awk '{print $1,$2,$3}') TXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f3 | awk '{print $1,$2,$3}') UPTIME=$(cat /var/log/messages | grep "$IPADDR" | awk '{print $1}' | tail -1) UPTIME=$(date -d"$UPTIME" +"%Y/%m/%d %H:%M:%S") echo "VPN is up since: $UPTIME" >> $LogFile echo "Session Data RX: $RXDATA" >> $LogFile echo "Session Data TX: $TXDATA" >> $LogFile echo "VPN IP is: $IPADDR" >> $LogFile echo "WAN IP is: $PUBIP" >> $LogFile else start_vpn fi else start_vpn fi exit 0 (1) Login to you Synology DSM web interface as admin. - As admin go to "Control panel" - "Task Scheduler" (you need to enable advanced mode in top right corner of control panel for this) - Click "Create" button near top of page, then select "Scheduled Task" and then "User-defined script" (2) New popup window will open. - under "Task:" enter task name - under "User:" select "root" if it's not already selected - switch to "Schedule" tab and select how often you want this task to run, my settings are: - "Run of following days" - "Daily" - "First run time" - 00:00 - "Frequency" - "Every 10 minutes" - "Last run time" - 23:50 - switch to "Task settings" tab - paste script you copied into empty box under "User-defined script" title - press OK and you're done I tested this on DSM 6.2.2 and it works without problems for now. Still, I'm keeping old instructions in next post, if someone wants to do it like that. Tip: If you don't want logfile, you can comment out those lines, or remove ">> $LogFile" code from whole script. That's all. If you entered everything correctly, you should be fine and ready to go! Comments are welcome. If you find mistakes, please correct me.

We have kept the OP message to show the pervasiveness of the PRC's propaganda lackeys. We consider Taiwan (Republic of China) to be independent and autonomous from the PRC (People's Republic of China), as it is in fact. ipleak uses MaxMind and IANA databases to display results, and we are pleased that these are aligned with an anti-imperialist and democratic vision that is clearly unpalatable to the dictatorial regime of the PRC, which sees it as an obstacle to its expansionist ambitions.

Hello, I am a user from Mainland China. Over long connections, both SSH and SSL get blocked and the connection is reset, so none of the Eddie-supported protocols can maintain a long-term connection. Only the AmneziaWG protocol can sustain long connections without speed degradation—and it’s even faster and more stable than standard WireGuard. However, switching servers with AmneziaWG is somewhat cumbersome. I would like to ask: could future versions of Eddie support the AmneziaWG protocol? I believe it could completely replace standard WireGuard. This would be a huge benefit for AirVPN users behind the firewall. The AmneziaWG protocol’s source code is open-source on GitHub under the MIT license and supports free commercial use. I strongly hope Eddie can add support for AmneziaWG. Thank you!

Account is more than 6 months old with a lot of karma. The moment I opened the app with VPN enabled I was instantly logged out with the error account doesn't exist. Not sure what gives. Anyone have any tips on how to navigate reddit without getting banned?

Hi, I was just wondering if there's any possibility of setting up a Polish server? A law is due to be passed in Poland that would fine Big Tech firms $2.2 million every time they unconstitutionally censor lawful speech online. Under its provisions, social media services will not be allowed to remove content or block accounts if they do not break Polish law. This sounds like a win win to me as long as your IP originates in Poland. Given the ever increasing censorious nature of social media etc, it's definitely time for a Polish server. Thanks.