Leaderboard

Hello! We're very glad to inform you that a new 10 Gbit/s full duplex server located in Los Angeles, California, is available: Revati. The AirVPN client will show automatically the new server; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. Revati supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor , by clicking the server name. Direct link: https://airvpn.org/servers/Revati Do not hesitate to contact us for any information or issue. Kind regards & datalove AirVPN Staff

Thanks a lot for your time and giving all these insights 👍 Learning a lot there.

Thanks @pit61. I've asked the staff to create a new How-To document based on this info. The old Tomato How-To is very dated and these settings worked very nicely.

Thank you very much. For the readers: the key information here and other threads where the problem could be resolved swiftly is that it does not matter how you configure it: Plex will always listen to port 32400 of the VPN interface. Therefore, AirVPN's port "re-mapping" function comes handy. Once you choose a random port for your Plex server on your AirVPN account port panel, fill the "Local" field with "32400". Reach the Plex server from the Internet on the port remotely forwarded and the VPN server will take care to forward the packets to port 32400 of your local VPN interface. Kind regards

Kornephoros is airvpns better 10gb server in canada. it almost gives me full speeds on my home server(connected via wifi) funny enough their now decommissioned wurren was a pretty crappy in my experience. i was never able to get more than 80mbit on wurren even though it was also supposedly a 10gbit server... even regular 1gbit server outperformed wurren

Maximum of 7.3 Gb/s on Terebellum. I think most users are probably not using that much bandwidth to push the 10 Gb/s servers to their max.

I think so. My VPN functions the same as before, and I'm able to connect to blocked websites.

Hello! Great news! I captured the first QUIC packet accessing bing.com using Wireshark and used that packet to create a complete CPS, with I1-I5 parameters in the following file. Using this CPS, I successfully connected to a US server and achieved good speed and stability. In my network environment, this was more effective than random CPS packets. Everyone can test this set of parameters (it needs to be accessible without a VPN to bing.com). I welcome any better optimization suggestions from everyone. Jc = 8 Jmin = 86 Jmax = 892 S1 = 0 S2 = 0 H1 = 2 H2 = 3 H3 = 4 H4 = 1 I1 = ... I2 = ... I3 = ... I4 = ... I5 = ... CPS I1-I5(bing.com-initial QUIC).txt

Hello! Please follow this message to quickly resolve the issue: https://airvpn.org/forums/topic/26548-linux-ip-6-addr-add-failed/?do=findComment&comment=72069 The OP problem might be different so your case should not be discussed here. Kind regards

May I request the addition of 10Gbps Tokyo and Singapore servers? Thank you.

Here is my working Open VPN config on a Netgear R7000 with Fresh Tomato:

I currently run a linux firewall without eddie and just use openvpn client. here is what i did to protect against dns leaks and maintain privacy. i don't use windows because of privacy concerns so i don't know how well this translates. assuming you have a layer 3/4 firewall, you can try this. the network: set the interface to start disabled on bootup. this is not necessary, but will work if you're firewall is not default. then you can set your firewall before the interface is open. nothing can leak during boot because the interface did not come up. in the firewall: set policy to block on input (inbound), output, and forward (or whatever windows equivalent is). this should be the default action in case there are no specific rules to catch particular traffic. setting this means nothing passes the firewall unless you explicitly allow it. set all rules with tracking (ct state), such that no inbound traffic is allowed unless it is a response from a request you sent out. only exception is icmp and other network diagnostic protocols like traceroute, which in my opinion should be open. icmpv6 should be selectively open since it also does network setup. log all blocked traffic on the physical interface: open source and destination port 67/68, udp, inbound and outbound so your ISP can give you an IP. configure your client to not accept the dns it will give you. open destination upd port 53 or 853 only for specific IPs, typically a public DNS that advertises no logs. this is your fall back in case vpn drops or if you connect to vpn using a domain name. your ISP will see this traffic, but it will not be destined to your ISP DNS. it will pass through and go to the server you specify. i am not yet convinced encrypted dns actually hides your dns, but i would consult with a network admin. open destination tcp/udp port 1194 (or whatever port you are using for VPN). Do not use port 443 for VPN as that is the same port for https website traffic. Note: broadly speaking, destination port 53 and 853 will not be open, blocking dns leaks. this is permanent i used to have to open port 80 for AirVPN IPs to make the initial connection, but I don't see this in my firewall anymore, so it may not be necessary. if you see this in your firewall logs when attempting a vpn connection, apply this rule in the same format as above, but make sure it is limited to only just the AirVPN IPs as this would otherwise allow normal website traffic. on the tunnel interface: open source and destination port 67/68, udp, inbound and outbound so Airvpn can give you an IP. you can use AirVPN dns, or create a rule to use the public dns of your choice like on the physical interface. open destination port 53 outbound on the 10/8 IP range, or if you have a way to limit it to just the DNS that you get with VPN, that'll work. (AirVPN will give you an IP starting with 10.) open destination port ntp outbound on the 10/8 IP range (to keep the time accurate on your devices) open destination tcp port 80,443 outbound, for website traffic. 8443 for websockets if you use things like chat/voice on a website app like discord. Ongoing: open any other ports you may be using, such as Steam IPs. Check your firewall logs any time something doesn't work, and add those ports. exhibit discernment about whether to open a port, as you may see crap trying to leak out of your network, not just dns. this is expected and is keeping your stuff private. speedtest sites like to use port 8080, so open destination port 8080 (ct state new) if you want to test your speed, and on inbound, open source port 8080 (ct state established) Note: broadly speaking, destination port 53 and 853 will not be open, blocking dns leaks. this is permanent Extra Notes: starting or stopping your vpn will not change any firewall rules. you will not have access to websites unless vpn is up. this will not work if you're using port 443 for your tunnel. the tunnel port and website port needs to be different. in some countries, this may not be possible. for every outbound destination port (ct state new) opened, there should be a corresponding inbound source port (ct state established) opened as well. traffic is 2 way, outgoing request, incoming response this may not be comprehensive. my firewall has a lot more rules and i may have missed something. view your firewall logs to see what is being blocked, and see whether you need to open it. This should absolve the need for a network lock, and maintain privacy during bootup and anytime eddie is not running. check your firewall logs for traffic on port 53 over the wan interface. these will be dns leaks you prevented. A quick note about windows: Microsoft overrides the hosts files and looks for various microsoft domains it uses for telemetry gathering. it will ignore these rules. this means the standards government hosts files are no longer being followed. this is a violation of long standing networking standards and causes people to reduce trust in the rest of the windows network setup. because of this, you should no longer trust that your firewall will not be overridden by Windows and allow dns traffic through even if you explicitly blocked it. Microsoft has admitted to running a keylogger since Windows 10. i mean ... my god. linux has come a long way in usability. you no longer have to be a hacker to run it well. i would make an attempt to convert to linux. it has been 30 years since computers were around. it is no longer acceptable to be computer-illiterate. old world literacy means you know how to use a feather quill pen. modern literacy means you know how to work your way around a computer. know the tool you use to communicate. linux is a different paradigm, but it is still just a computer. It would be great if somewhere on this site is pinned exact instructions for windows. it will help those concerned and those who don't yet know they should be. for anyone knowledgeable enough, please feel free to correct any of this if it is incorrect. share the knowledge! i don't frequent this site. admins have permission to edit this. -s

Completely disconnects in the middle of watching something wherein it will then reconnect. Slower than a dog shitting molasses in winter on sites not owned by majority shareholders of the internet. Ookla numbers do not mean fuck for this - pings the same tzulo servers as AirVPN 1 star out of 5 instead of 0 because of GUI split tunneling.

Hello! We're very glad to inform you a new 10 Gbit/s full duplex server located in Miami, Florida (USA), is available: Dziban. The AirVPN client will show automatically the new server; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator. The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. It supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor : https://airvpn.org/servers/Dziban Do not hesitate to contact us for any information or issue. Kind regards & datalove AirVPN Staff

Hello! We're very glad to inform you that a new 10 Gbit/s full duplex server located in Toronto (Ontario, Canada), is available: Kornephoros. The AirVPN client will show automatically the new server; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. Kornephoros supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor . Do not hesitate to contact us for any information or issue. Kind regards & datalove AirVPN Staff

109.202.110.35 s9.rapidgator.net last time

If you notice that the connection speed drops down again increase the Jc parameter (I recommend values 10-80) and rearrange the H1, H2, H3, H4 values (they should be the numbers from 1 to 4 but their order can be any). ТСПУ is able to detect and throttle AmneziaWG and I personally had this situation twice, and twice I had to pump up the Jc parameter. Don't set it too high though: too much junk is also abnormal and potentially can become a fingerprint. According to the recent news Roskomnadzor has set a budget of 60 billion rubles (655 000 000 USD) to significantly upgrade their wonderboxes in the next 5 years. So I guess even more fun is coming. I've already bought a cheap VPS and installed Xray (VLESS-TCP-XTLS-Vision-REALITY), sing-box (Shadowsocks with 2022-blake3-aes-128-gcm) and Cloak but don't use it much to keep the IP from prematurely getting into the black lists (if they even currently exist in Russia, but in Iran they already do). May be it's all over the top but who knows the future? For now my main method of accessing the larger data world is still the good old AirVPN.

Hello! I am a bit new to the Torrenting world, and I have set up my VPN(airvpn) and I have Qbitorrent. I have set up a port and put that port into my port for incoming connections, and I have my torrent running through Eddie(Airvpn). For some reason every time I click "Test open" under my port it says "Connection timed put(101)" Can anyone tell me what I am doing wrong?

@itsmeprivately Hello! Please try the following settings (usually they are strictly necessary to bypass China blocks): switch to OpenVPN (if you haven't already done so) by tapping the icon "VPN Type" on the main view. Each tap switches between WireGuard and OpenVPN. force connection over TCP to port 443 in the following way: open "Settings" and expand "AirVPN" by tapping on it tap "Default OpenVPN protocol", select "TCP" and tap "OK" tap "Default OpenVPN port", select "443" and tap "OK" tap "Quick connection mode", select "Use default options only" and tap "OK" Finally test again connections to various servers in various locations. Kind regards

FYI, links for Eddie for Android are broken ;)

By using Tor behind an AirVPN node, you are blacklisting dozens of websites for no reason. IRC servers such as Freenode have been blocked, and now even imgur is blocked from uploading because it thinks its Tor. Heze is a good server and its one of only two on the West Coast, so please stop running Tor behind AirVPN nodes.

Hello! This is interesting. We are gradually activating IPv6 on every server, but you have IPv6 disabled at OS level, and this causes a fatal error. For the moment, you can: - Reactivate IPv6 No good reason is known to disable IPv6 at OS level. If you are scared about IPv6 leak when connecting to servers without IPv6 support, a cleaner solution is simply blocking IPv6 traffic with ip6tables. OR - Append the following directives in your .ovpn files: pull-filter ignore "route-ipv6" pull-filter ignore "redirect-gateway ipv6" pull-filter ignore "dhcp-option DNS6" pull-filter ignore "tun-ipv6" pull-filter ignore "ifconfig-ipv6" redirect-gateway def1 bypass-dhcp This will skip IPv6 configuration of tunnel and avoid your error. We are considering related options to Config Generator. Kind regards