Leaderboard

Hello! We inform you that all of our Lithuanian servers are being withdrawn and dismissed. The datacenter provider, Cherry Servers, has just asked for a block of all outbound ports except a few ones they called "standard ports" (sic) to prevent any possible future "copyright infringement" (to be noted: no infringement in the past has ever been proved). It is clearly an unacceptable request for us, and we guess for everyone, and it also reveals the true face of Cherry Servers datacenter as an enemy of the Internet. For us, it's also an option to finally get rid of the last servers still not supporting IPv6. Cherry Servers was one of our last providers still lacking IPv6 support, a fact that should have given us a "head up!" about Cherry Servers poor commitment to providing decent services. We will be actively looking for an alternative datacenter. We will be looking for datacenters where the concept of mere conduit is understood, and IPv6 infrastructure is available. In the meantime keep in mind that we offer several servers in the Baltic region as well as other, nearby countries. Kind regards

Hello! UPDATE 29-Nov-19: macOS, Linux x86-64 bit and Raspbian beta versions now available. UPDATE 06-Dec-19: beta 2 version has been released UPDATE 10-Dec-19: Release Candidate 1 has been released UPDATE 19-Dec-19: Release Candidate 2 has been released UPDATE 27-Dec-19: version 1.0 has been released UPDATE 24-Jan-20: version 1.0.1 has been released We are very glad to introduce Hummingbird, a new client software for: Linux x86-64 bit Linux Raspbian 32 bit (frequently installed in Raspberry PI) Linux ARM 64 bit (tested under Raspberry 4 Ubuntu 19.10) Mac (minimum required version macOS Mojave) based on our own AirVPN OpenVPN 3 library. The software meets various demands by many users. Furthermore, it will evolve in to an integrated client and daemon targeting Linux, Mac, OpenBSD and FreeBSD platforms. Main features: lightweight and stand alone binary no heavy framework required, no GUI tiny RAM footprint (less than 3 MB currently) lightning fast based on OpenVPN 3 library fork by AirVPN with tons of critical bug fixes from the main branch, new ciphers support and never seen before features ChaCha20-Poly1305 cipher support on both Control and Data Channel providing great performance boost on Raspberry PI and any Linux-based platform not supporting AES-NI. Note: ChaCha20 support for Android had been already implemented in our free and open source Eddie Android edition https://airvpn.org/forums/topic/44201-eddie-android-edition-24-released-chacha20-support/ robust leaks prevention through Network Lock based either on iptables, nftables or pf through automatic detection proper handling of DNS push by VPN servers, working with resolv.conf as well as any operational mode of systemd-resolved additional features Versions for FreeBSD and OpenBSD will follow in the future. Source code is available here: https://gitlab.com/AirVPN/hummingbird In the above repository you can also find binaries, general instructions, usage instructions and build instructions. Linux x86-64 64 bit version: https://eddie.website/repository/hummingbird/1.0.1/hummingbird-linux-x86_64-1.0.1.tar.gz Raspberry 64 bit / Linux ARM 64 bit version: https://eddie.website/repository/hummingbird/1.0.1/hummingbird-linux-aarch64-1.0.1.tar.gz Raspbian 32 bit version: https://eddie.website/repository/hummingbird/1.0.1/hummingbird-linux-armv7l-1.0.1.tar.gz macOS version: https://eddie.website/repository/hummingbird/1.0.1/hummingbird-macos-1.0.1.tar.gz How to install AirVPN client for Linux x86_64, Raspberry and macOS Requirements ------------ Linux x86-64, ARM 32 or ARM 64 bit CPU A reasonably recent Linux distribution tar sha512sum (optional) Raspberry Linux Raspbian distribution or Linux ARM 64 bit distribution tar sha512sum (optional) Mac macOS Mojave or higher version tar shasum (optional) otool (optional) Linux x86-64 Installation ------------------ Download hummingbird-linux-x86_64-1.0.1.tar.gz [optional] Download hummingbird-linux-x86_64-1.0.1.tar.gz.sha512 This file is required to check the integrity of the above tar archive. It is not mandatory but it is strongly advised to download this file and check the tar archive [optional] Open a terminal window [optional] Check the integrity of the tar archive by issuing this command: "sha512sum --check hummingbird-linux-1.0.1-x86_64.tar.gz.sha512" (without quotes) [optional] Make sure the command responds with "hummingbird-linux-x86_64-1.0.1.tar.gz: OK" Change your current directory to a convenient place, such as your home directory. This can be done by issuing the command "cd ~" (without quotes) Extract the tar archive by issuing this command on your terminal window: tar xvf hummingbird-linux-1.0.1.tar.gz A new directory will be created: hummingbird-linux-1.0.1 Move into the new directory with command "cd hummingbird-linux-1.0.1" (without quotes) [optional] Check the integrity of the binary file hummingbird-linux-1.0.1. Issue this command from your terminal window: sha512sum --check hummingbird.sha512" (without quotes) [optional] Make sure the command responds with "hummingbird-linux-1.0.1: OK" [optional] Check dynamic library availability. Issue the command "ldd hummingbird" and make sure all the required dynamic libraries are available. No line of the output must contain "not found" the Linux client is now ready to be used and possibly copied to a different directory of your system. Please note the client needs root privileges. Your user must therefore be included in your system's "sudoers" (depending on specific Linux distribution) Raspberry/Raspbian/Linux ARM 32 bit Installation ------------------------------- Download hummingbird-armv7l-1.0.1.tar.gz [optional] Download hummingbird-linux-armv7l-1.0.1.tar.gz.sha512 This file is required to check the integrity of the above tar archive. It is not mandatory but it is strongly advised to download this file and check the tar archive [optional] Open a terminal window [optional] Check the integrity of the tar archive by issuing this command: "sha512sum --check tar xvf hummingbird-armv7l-1.0.1.tar.gz.sha512" (without quotes) [optional] Make sure the command responds with "hummingbird-armv7l-1.0.1.tar.gz: OK" Change you current directory to a convenient place, such as your home directory. This can be done by issuing the command "cd ~" (without quotes) Extract the tar archive by issuing this command on your terminal window: tar xvf hummingbird-armv7l-1.0.1.tar.gz A new directory will be created: hummingbird-armv7l-1.0.1 Enter the new directory with command "cd hummingbird-armv7l-1.0.1" (without quotes) [optional] Check the integrity of the binary file hummingbird. Issue this command from your terminal window: "sha512sum --check hummingbird.sha512" (without quotes) [optional] Make sure the command responds with "hummingbird: OK" [optional] Check dynamic library availability. Issue the command "ldd hummingbird" and make sure all the required dynamic libraries are available. No line of the output must contain "not found" the Raspberry/Raspbian client is now ready to be used and possibly copied to a different directory of your system. Please note the client needs root privileges. Your user must therefore be included in your system's "sudoers" Raspberry/Linux ARM 64 bit Installation ------------------------------- Download hummingbird-linux-aarch64-1.0.1.tar.gz [optional] Download hummingbird-linux-aarch64-1.0.1.tar.gz.sha512 This file is required to check the integrity of the above tar archive. It is not mandatory but it is strongly advised to download this file and check the tar archive [optional] Open a terminal window [optional] Check the integrity of the tar archive by issuing this command: "sha512sum --check hummingbird-linux-aarch64-1.0.1.tar.gz.sha512" (without quotes) [optional] Make sure the command responds with " hummingbird-linux-aarch64-1.0.1.tar.gz: OK" Change you current directory to a convenient place, such as your home directory. This can be done by issuing the command "cd ~" (without quotes) Extract the tar archive by issuing this command on your terminal window: "tar xvf a hummingbird-linux-aarch64-1.0.1.tar.gz" (without quotes) A new directory will be created: hummingbird-linux-aarch64-1.0.1 Enter the new directory with command "cd hummingbird-linux-aarch64-1.0.1" (without quotes) [optional] Check the integrity of the binary file hummingbird. Issue this command from your terminal window: "sha512sum --check hummingbird.sha512" (without quotes) [optional] Make sure the command responds with "hummingbird: OK" [optional] Check dynamic library availability. Issue the command "ldd hummingbird" and make sure all the required dynamic libraries are available. No line of the output must contain "not found" the Raspberry/Raspbian client is now ready to be used and possibly copied to a different directory of your system. Please note the client needs root privileges. Your user must therefore be included in your system's "sudoers" macOS installation -------------------- Download hummingbird-macos-1.0.1.tar.gz [optional] Download hummingbird-macos-1.0.1.tar.gz.sha512 This file is required to check the integrity of the above tar archive. It is not mandatory but it is strongly advised to download this file and check the tar archive [optional] Open a terminal window [optional] Check the integrity of the tar archive by issuing this command: "shasum -a 512 -c hummingbird-macos-1.0.1.tar.gz.sha512" (without quotes) [optional] Make sure the command responds with "hummingbird-macos-1.0.1.tar.gz: OK" Change your current directory to a convenient place, such as your home directory. This can be done by issuing the command "cd ~" (without quotes) Extract the tar archive by issuing this command on your terminal window: "tar xvf hummingbird-macos-1.0.1.tar.gz" (without quotes) A new directory will be created: hummingbird-macos-1.0.1 Move into the above directory by entering command "cd hummingbird-macos-1.0.1" (without quotes) [optional] Check the integrity of the binary file hummingbird-macos-1.0.1. Issue this command from your terminal window: "shasum -a 512 -c hummingbird.sha512" (without quotes) [optional] Make sure the command responds with "hummingbird: OK" [optional] Check dynamic library availability. Issue the command "otool -L hummingbird" and make sure all the required dynamic libraries are available. No line of the output must contain "not found". "otool" is distributed with Xcode the Mac client is now ready to be used and possibly copied to a different directory of your system. Please note the client needs root privileges. Note on Checksum Files We do strongly suggest you to check the integrity both of the distribution tar.gz file and the hummingbird binary in order to make sure you are installing a binary created and fully supported by AirVPN. Hummingbird is an open source project and, as such, its source code can be downloaded, forked and modified by anyone who wants to create a derivative project or build it on his or her computer. This also means the source code can be tampered or modified in a malicious way, therefore creating a binary version of hummingbird which may act harmfully, destroy or steal your data, redirecting your network traffic and data while pretending to be the "real" hummingbird client genuinely developed and supported by AirVPN. For this reason, we cannot guarantee forked, modified and custom compiled versions of Hummingbird to be compliant to our specifications, development and coding guidelines and style, including our security standards. These projects, of course, may also be better and more efficient than our release, however we cannot guarantee or provide help for the job of others. You are therefore strongly advised to check and verify the checksum codes found in the .sha512 files to exactly correspond to the ones below, that is, the checksum we have computed from the sources and distribution files directly compiled and built by AirVPN. This will make you sure about the origin and authenticity of the hummingbird client. Please note the files contained in the distribution tarballs are created from the very source code available in the master branch of the official hummingbird's repository. Checksum codes for Version 1.0 The checksum codes contained in files hummingbird-<os>-<arch>-1.0.1.tar.gz.sha512 and hummingbird.sha512 must correspond to the codes below in order to prove they are genuinely created and distributed by AirVPN. Linux x86_64 hummingbird-linux-x86_64-1.0.1.tar.gz: f2cbc2acded6335c996271d9e86818a0375f4f46712b9edb7147494038bff48a1e72f666b319790a8250298e437a87dd8173313156da0497529c0eace3924fea hummingbird: bbfb5951a54c1bfd271d7a56ac52a8674a31f295a699698332996c7e49a194974b61526accff0936a7512986c26c92489cd2c0c731999fcb224eaf118bc91a89 Linux ARM32 hummingbird-linux-armv7l-1.0.1.tar.gz: ad5ef28d6904089f474c065ca01dae222e35b2eb999a24de13481f2e4f41228c9fe5c7cb1e623c24b5498339f1c033f7b47717bd3f42e6467f42477129102b88 hummingbird: 3ed0d105a1fece008793575945836d7e2dc38b79698856dfaeb1ffadf871004bf6f8dfd101561322c661df8192a5a8861d39266e89dad2d5db0947cb4d7f675f Linux ARM64 hummingbird-linux-aarch64-1.0.1.tar.gz: 1c1042ae91fac572a3835ee03b97633a597d4f9abfba8c1ef8a65f3dcdae854c9cec254fead542d629e501449d6db44d7450da810328dfc2328ed4784eb8b1f1 hummingbird: af218c2f53d62feead87fc6731e2b8fad4a6f884fe65103045cb3eafc7eb4f63b76737e2d2176c1fbf6647c1fd3ecad95311c4a000117531055c3cf65926516c macOS hummingbird-macos-1.0.1.tar.gz: ecf4c9123fb974561dc4a49676cd4a76c887b74553e380c23f5b879995d4f95c9028c4882a6cce5870c5223dbd2aee1aab39ee06d754774ec708d9050c6ffc23 hummingbird: b389e95c7362290d0349035a018d57d496433ed4d7eab5f6f62e5bb92764615db04c5375362bf8f5c6582ecb775f04d3c4fd261633ab8a1a93b79dccdebe464c Running the Hummingbird Client Run hummingbird and display its help in order to become familiar with its options. From your terminal window issue the following command: sudo ./hummingbird --help After having entered your root account password, hummingbird responds with: Hummingbird - AirVPN OpenVPN 3 Client 1.0 - 27 December 2019 usage: ./hummingbird [options] <config-file> [extra-config-directives...] --help, -h : show this help page --version, -v : show version info --eval, -e : evaluate profile only (standalone) --merge, -m : merge profile into unified format (standalone) --username, -u : username --password, -p : password --response, -r : static response --dc, -D : dynamic challenge/response cookie --cipher, -C : encrypt packets with specific cipher algorithm (alg) --proto, -P : protocol override (udp|tcp) --server, -s : server override --port, -R : port override --ncp-disable, -n : disable negotiable crypto parameters --network-lock, -N : enable/disable network filter and lock (on|off, default on) --gui-version, -E : set custom gui version (text) --ignore-dns-push, -i : ignore DNS push request and use system DNS settings --ipv6, -6 : combined IPv4/IPv6 tunnel (yes|no|default) --timeout, -t : timeout --compress, -c : compression mode (yes|no|asym) --pk-password, -z : private key password --tvm-override, -M : tls-version-min override (disabled, default, tls_1_x) --tcprof-override, -X : tls-cert-profile override (legacy, preferred, etc.) --proxy-host, -y : HTTP proxy hostname/IP --proxy-port, -q : HTTP proxy port --proxy-username, -U : HTTP proxy username --proxy-password, -W : HTTP proxy password --proxy-basic, -B : allow HTTP basic auth --alt-proxy, -A : enable alternative proxy module --dco, -d : enable data channel offload --cache-password, -H : cache password --no-cert, -x : disable client certificate --def-keydir, -k : default key direction ('bi', '0', or '1') --force-aes-cbc, -f : force AES-CBC ciphersuites --ssl-debug : SSL debug level --google-dns, -g : enable Google DNS fallback --auto-sess, -a : request autologin session --auth-retry, -Y : retry connection on auth failure --persist-tun, -j : keep TUN interface open across reconnects --peer-info, -I : peer info key/value list in the form K1=V1,K2=V2,... --gremlin, -G : gremlin info (send_delay_ms, recv_delay_ms, send_drop_prob, recv_drop_prob) --epki-ca : simulate external PKI cert supporting intermediate/root certs --epki-cert : simulate external PKI cert --epki-key : simulate external PKI private key --recover-network : recover network settings after a crash or unexpected exit Open Source Project by AirVPN (https://airvpn.org) Linux and macOS design, development and coding: ProMIND Special thanks to the AirVPN community for the valuable help, support, suggestions and testing. Hummingbird needs a valid OpenVPN profile in order to connect to a server. You can create an OpenVPN profile by using the config generator available at AirVPN website in your account's Client Area Start a connection: sudo ./hummingbird your_openvpn_file.ovpn Stop a connection: Type CTRL+C in the terminal window where hummingbird is running. The client will initiate the disconnection process and will restore your original network settings according to your options. Start a connection with a specific cipher: sudo ./hummingbird --ncp-disable --cipher CHACHA20-POLY1305 your_openvpn_file.ovpn Please note: in order to properly work, the server you are connecting to must support the cipher specified with the --cipher option. If you wish to use CHACHA20-POLY1305 cipher, you can find AirVPN servers supporting it in our real time servers monitor: they are marked in yellow as "Experimental ChaCha20". Disable the network filter and lock: sudo ./hummingbird --network-lock off your_openvpn_file.ovpn Ignore the DNS servers pushed by the VPN server: sudo ./hummingbird --ignore-dns-push your_openvpn_file.ovpn Please note: the above options can be combined together according to their use and function. Network Filter and Lock Hummingbird's network filter and lock natively uses iptables, nftables and pf in order to provide a "best effort leak prevention". Hummingbird will automatically detect and use the infrastructure available on your system. Please note: Linux services firewalld and ufw may interfere with the hummingbird's network filter and lock and you are strongly advised to not issue any firewall related command while the VPN connection is active. DNS Management in Linux Hummingbird currently supports both resolv.conf and systemd-resolved service. It is also aware of Network Manager, in case it is running. While the client is running, you are strongly advised to not issue any resolved related command (such as resolvectl) or change the resolv.conf file in order to make sure the system properly uses DNS pushed by the VPN server. Please note: DNS system settings are not changed in case the client has been started with --ignore-dns-push. In this specific case, the connection will use your system's DNS. Furthermore, please note that if your network interfaces are managed by Network Manager, DNS settings might be changed under peculiar circumstances during a VPN connection, even when DNS push had been previously accepted. DNS Management in macOS DNS setting and management is done through OpenVPN3 native support Recover Your Network Settings In case hummingbird crashes or it is killed by the user (i.e. kill -9 `pidof hummingbird` ) as well as in case of system reboot while the connection is active, the system will keep and use all the network settings determined by the client; therefore, your network connection will not work as expected, every connection is refused and the system will seem to be "network locked". To restore and recover your system network, you can use the client with the --recover-network option. sudo ./hummingbird --recover-network Please note: in case of crash or unexpected exit, when you subsequently run hummingbird it will warn you about the unexpected exit and will require you to run it again with the --recover-network option. It will also refuse to start any connection until the network has been properly restored and recovered. Changelog -------- Changelog.txt URL: https://gitlab.com/AirVPN/hummingbird/blob/master/Changelog.txt Changelog 1.0.1 - 24 January 2020 - [ProMIND] Updated to OpenVPN3-AirVPN 3.6.2 *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 - 27 December 2019 - [ProMIND] Production release *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 RC2 - 19 December 2019 - [ProMIND] Better management of Linux NetworkManager and systemd-resolved in case they are both running - [ProMIND] Log a warning in case Linux NetworkManager and/or systemd-resolved are running *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 RC1 - 10 December 2019 - [ProMIND] Updated asio dependency *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 beta 2 - 6 December 2019 - [ProMIND] Updated to OpenVPN 3.6.1 AirVPN - [ProMIND] macOS now uses OpenVPN's Tunnel Builder - [ProMIND] Added --ignore-dns-push option for macOS - [ProMIND] Added --recover-network option for macOS *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 beta 1 - 28 November 2019 - [ProMIND] Added a better description for ipv6 option in help page - [ProMIND] --recover-network option now warns the user in case the program has properly exited in its last run - [ProMIND] NetFilter class is now aware of both iptables and iptables-legacy and gives priority to the latter *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 alpha 2 - 7 November 2019 - [ProMIND] DNS resolver has now a better management of IPv6 domains - [ProMIND] DNS resolver has now a better management of multi IP domains - [ProMIND] Minor bug fixes *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 alpha 1 - 1 November 2019 - [ProMIND] Initial public release Kind regards and datalove AirVPN Staff

Hello! We're very glad to inform you that a new 1 Gbit/s server located in Siauliai (LT) is available: Tarf. The AirVPN client will show automatically the new server; if you use any other OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other "second generation" Air server, Tarf supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/Tarf Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

@Air4141841 Hello! key-direction 1 when you use TLS Auth key (i.e. you connect to entry-IP addresses 1 and 2). Omit it when you use TLS Crypt (i.e. you connect to entry-IP addresses 3 and 4), because it's not pertaining to TLS Crypt. For an explanation, look for secret file [direction] and –key-direction in the manual https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/ If you run OpenVPN 2.4 or higher version, TLS Crypt is recommended because it encrypts the whole Control Channel, with the important side effect to make OpenVPN "fingerprint" not detectable by Deep Packet Inspection (some ISPs, when they detect OpenVPN "fingerprint", enforce traffic shaping). Kind regards

@inc Hello! A GUI is planned, when the Hummingbird "backend" will run as a daemon. We are already working on it, right now. At the moment you can see the information you need on the standard output, and rightly so! Hummingbird 1 "branch" must remain a light and stand alone binary with no graphic requirement of any kind. If you need a GUI at the moment please run Eddie. The problem you mention looks like a failure to DHE. Do you notice a similar problem with OpenVPN 2.x or not? Kind regards

You may well know that it's a DDoS protection mechanism. You may also be as far as knowing that aek_v is version (currently 14, as seen in your screenshot; your blur is ineffective, I'm afraid) and aek_url is where to redirect the browser after a successful check. Now, the /entry webpage has some JavaScript code there which I didn't read too closely. But it suggests that the browser is to run some calculations, the result of which will be checked against what the server calculated. The aek_id might identify the calculation on the server against which the result of the browser is checked. If they match, you may pass. I assume this checks whether JavaScript runs and whether it runs correctly (as in, it's not a dummy/stub) on the client. DDoS against web servers is usually not done by normal browsers but by automated programs mimicking them. As such, they don't usually run JavaScript. So those bots keep attacking the shell of a clam (that checking server) and the pearl inside is safe (AirVPN forums). Edit: I found a related Stack Exchange question about CloudFront's protection mechanism (the infamous Checking your browser, you will be redirected in five seconds page).

Hello! NEWS We have a name for the software! Stable version of Hummingbird has just been released! Please check the first post in this thread for updated links, instructions and changelog. Kind regards

@tlc Hello! Look: $ dig @208.67.222.222 airvpn.org +short 5.196.64.52 $ dig @208.67.222.220 airvpn.org +short 5.196.64.52 which is correct. However 208.67.222.123 considers airvpn.org an adult only web site or a porn site. Just another proof of how idiotic censorship is, how web site filtering is exploited by hidden political agenda eventually, and how stupid the persons who gladly look for censorship and delegate their choices to a third party are. Kind regards

@hawkflights Hello! Can you please tell us your exact Linux distribution version? @colorman Hello! TLS Crypt encrypts the whole OpenVPN Control Channel. Therefore DPI can't detect anymore any typical OpenVPN "fingerprint", thus can't trigger traffic shaping against OpenVPN, or similar. TLS Crypt in an agnostic network does not improve or affect negatively performance, as most of the time is spent on encryption and decryption of the Data Channel. Therefore, if you experience a better throughput with TLS crypt, a plausible explanation is that your ISP enforces traffic shaping. @inc Hello! Should the re-keying errors re-appear, can you tell us your exact Linux distribution version? @funkoholic Hello! Connection over Tor is not planned for the next major release, which is focused on creating an Hummingbird daemon and two different frontends, one of them in Qt, without adding major new features at least for the first release cycle. Connection over Tor is a special case of the more general connection over a SOCKS proxy, with the addition of communications with Tor to obtain the Tor entry-node IP address and route it outside the VPN, preventing the infinite routing loop problem. Hence, we need to review the code of the library pertaining to connections over a proxy, which we did not touch. Kind regards

There is one thing you absolutely need to do: Bind qBittorrent to your TAP adapter! In Advanced section, look for a "Bind to interface" setting and select the TAP adapter from the drop-down menu when you're connected. This causes qBittorrent to only use the TAP adapter when talking to the outside world, and if that adapter is not in a connected state it won't be able to talk. Easy. It's like a kill switch: If the connection dies, all connections of qB die. If you reconnect, qB will reconnect to peers. In Speed section, set your max upload to whatever your uplink is you're subscribed to, -10%. The "problem" you might be facing is that a connection between computers is a two-way street. When you're downloading packets, you're also sending packets back which ACKnowledge that you received the package. As your download throughput increases, so does the amount of ACKs sent back. Plus, if other clients download from you, the bottleneck is perfected. If you carelessly ignore the max upload setting, you allow the torrent client to fill your uplink with packets.

@airdev Hello! Why is a cryptographic "verification" required on OpenVPN 3 library? mbedTLS and OpenSSL libraries are there to play their role. We have not implemented proprietary ciphers or proprietary algorithms to mimic a cipher which would need, indeed, a thorough review. If you need audits on CHACHA20 consult the proper literature. If you need audits on CHACHA20 implementation in mbedTLS and OpenSSL, consult the respective library audits. OpenVPN 3 AirVPN included with Hummingbird is linked against mbedTLS 2.16.3 but you can build it and link it against OpenSSL if you prefer so. Why did nobody ask for audits about CHACHA20 implementation in OpenSSL, as OpenVPN 2.5 has been using it since almost a year and by default it is linked against OpenSSL? AirVPN servers providing CHACHA20 run OpenVPN 2.5. If OpenVPN 3 AirVPN library fork were either unreliable or incomplete it would simply not work with OpenVPN 2.5. But, surprise surprise, it works great. Last but not least, audit yourself. Build it by yourself and monitor everything. nmap is your friend. Wireshark is too. Let's fix some lies and misleading claims. First, OpenVPN 3 linked against updated mbedTLS and OpenSSL libraries went under testing with AirVPN's Eddie Android edition in spring 2018. Second, we forked OpenVPN 3 only after OpenVPN 3 main branch maintainer refused our pull requests. When we pulled a commit request we had already tested extensively the content of the commits. Verify yourself that we forked only after the pull request was refused and note WHY it was refused. Of course, on the basis of the refusal, we did not waste time with them anymore to pull more requests while we fixed more and more bugs and implemented new features. Specifically, CHACHA20 implementation was completed in April 2019 and tested for 3 months before we committed a pull request for it. Thus, when it was integrated into Eddie Android edition, it had been thoroughly tested internally, and then it went into public beta testing, exactly like we routinely do and like the best practices recommend. The public beta testing ended successfully at the end of July 2019. Third, CHACHA20-POLY1305 have both been under heavy scrutiny since 2008 or so. Fourth, mbedTLS and OpenSSL are also audited, and anyway what other library would you suggest to link OpenVPN 3 AirVPN against? No OpenVPN 3 fork supports CHACHA20 as far as we know and OpenVPN 3 main branch does not even run correctly in Linux. Again, build it and see how miserably it fails. Also, OpenVPN 3 is a library, OpenVPN 2 is not. If you want CHACHA20 without OpenVPN AirVPN, you can run OpenVPN 2.5 beta, and renounce to have a C++ library. Or simply use the OpenVPN 3 library main branch and renounce to everything (it will not even run). You will have then the marvelous joy to (not) run the software of the "highest standards" OpenVPN development team, which does not even know that in C you need to initialize data structures. You have no idea how many crashes OpenVPN causes because of that endemic error spread throughout the whole source code. OpenVPN 3 team was unable to implement CHACHA20 in Data Channel after many years of development. They did not resolve 10 years old reported bugs. They systematically ignore / forget to initialize data structures. They use "goto" in C. They still have a non-working version for Linux. We can't waste time with them anymore in commits (which have been all refused anyway) and/or bug fixing. we must fix and implement ourselves, but we'll do our best to keep our fork aligned with (and of course ahead) the main branch within the possible range, see also the loyal sync work with the master performed by fork maintainer. Kind regards

In your qBittorrent settings "Enabled prtotcol" should be only "TCP" and not "TCP and µTP", because using µTP could slow your speeds down. You should also bind qBittorrent to your VPN interface in the "Advanced settings". Then it shouldn't leak your real IP: Provided that you have Eddies' Network Lock enabled, there should be no IP leak. Before starting your torrent client, check your connection with http://ipleak.net Regards BB P.S.: Have you enabled IPv6 in Eddie? You seem to have a Dual - Stack connection, so it is mandatory to enable IPv6 in Eddie. If you don't need IPv6, you can consider disabling it altogether. It really isn't needed for torrents in my opinion. It could furthermore be a security risk if not configured properly in the VPN.

You didn't set a maximum upload throughput value. This should be set to your max upload which is still an unknown after looking at all your content posted here. Next, try setting the max connections value to 100. Then, if you have uTP enabled, disable it. Could be in the Network tab of the settings. Your video reminded me of my own problems with a very narrow uplink of just 450 kbit/s many years ago, which is only 40 kB/s. Such a rekey would also disconnect me. It got better after I got a wider uplink from my provider. To support that, in your last screenshot with your speedtest there seems to be a problem with upload in general. Can you do a speedtest on Ookla, please?

Hello! Thanks for the link. Nice that they talk about it, while it's sad to see that some people "suspect" about something weird when the code is open and a simple diff will tell you everything, even in relation to the bug fixes and new features. If you read our forum you already know why the major changes and critical bug fixes are not in the main branch: AirVPN commits have been refused with pathetic motivations which have NEVER been technical reasons. Arne Schwabe even talked about coding standards when the code he (or OpenVPN 3 maintainers) approved previously is infested by "goto" (!!!), "break", wrong indentations and totally crazy stuff, while AirVPN code is very elegant even according to the Art of Computer Programming books. Therefore, now OpenVPN 3 library is bugged, obsolete, without CHACHA20 support and unusable in Linux (just verify the critical bug in re-connections inside a session, which has been patched by us), while OpenVPN 3 AirVPN fork has CHACHA20 support (in Data Channel too), ncp-disable, a new class to handle AEAD ciphers, and works nicely in Android, Linux x86-64 - ARM 32 - ARM 64 and macOS. Kind regards

Thanks for those links Lee47. I think I might set up a monitor. Having trawled various forums looking into this (and for the benefit of anyone looking into this in the future), my understanding is that certain configurations of traffic going through the hub (a certain number of connections perhaps?) triggers the CPU into going into some 'high priority maintenance mode' for a time. When this occurs, traffic throughput drops to about 15%, packet loss occurs, latency goes up etc. It's an inherent problem with devices using this Intel Puma 6 chipset and this is why it happens in both router mode and modem mode. Supposedly it was a lot worse in the past (especially with regard to latency) but has been improved with firmware updates over time. Someone said they had some positive results by wrapping their VPN traffic inside a SSH tunnel. They thought maybe the hub treated those packets differently and made it less likely to trigger this fault on the device. Others said it happened less often in router mode so they set it up like that and put up with the double NATing. Perhaps the other VPN provider is sending traffic in a particular way which just-so-happens to not trigger this issue as much?

I am going to stop conversing with you as this is a circular conversation and it seems that you would like to be confrontational for no good reason, you keep repeating all these unfounded accusations such as I "snitched" on another user or that I published someone's "personal information". when I did not make any mention of any other user or users at all and the only "information" mentioned was the servers which were being used as tor nodes. Please do show me exactly how I have "snitched" on others and exactly whose information I have allegedly publicized. I also find it a bit strange that you keep insisting that I want AirVPN to block any protocol, as I am all for net neutrality and If I wanted block protocols I would use my home internet without VPN, but obviously this is not the case. Lastly I would like to clarify that I never attempted to chase after or identify anyone running these servers , nor do I wish to, ,just listed the VPN servers affected so other users can be aware. I have no ill will towards anyone at all because of what protocols they are using, and no desire for protocols to be censored/blocked, if that is what you got from my post then you have misunderstood it. The most anyone can ask is for the operators of the exits in question to be informed about the effects of running them . Anyway, unless you would like to say something constructive, I'm going to leave you to it. Good day, sir

In all honesty, I read the domain only and went on browsing in that forum to see what it's all about. You drew the attention to it. Now justify yourself! (Don't) I once found myself searching the internet for the most obvious things, things you'd normally know about, like what trees are or as low as sexual intercourse. Does that mean I'm weird? In my eyes, this simply means that I'm more curious than most. If Wikipedia teaches us one thing, it's surely the amount of (scientific) viewpoints you can have on something. Is there anything that we associate more closely with intelligence than curiosity? Every intelligent species on Earth is attracted to the unknown. Our methodologies are full of riddles and mysteries and divine knowledge. Even the word 'apocalypse'. Even the word 'apocalypse' means 'revelation'. It seems like our ancestors always imagined that even at the very end we would solve one last mystery. Alexandra Drennan, The Talos Principle

We can agree on not posting any "updates" here because they are next to useless for the problem at hand. We can also agree on Net Neutrality as a principle to uphold. Sure it's sometimes stressing, as this recent demonstration has shown, but hey, so is democracy! Would you put someone in the pillory because that person does not share your opinion? No, you wouldn't. So why are we chasing after Tor exit operators? We shouldn't. They will continue doing their thing unless we address them directly with arguments, as we would do in a working democracy. That thread I linked gained so much traction on AirVPN back then, we noticed a drop in exit node flags. Our call even reached the Tor entry page which can be admired there to this day.

This is very exciting to me. I've been trying to find a good openvpn cli for Docker (with network lock, reconnects, etc), and upon initial testing I think this might be it. The Eddie cli has always been painful and unreliable in Docker. This doesn't appear to be a great desktop solution, though I did set it up to run in a tmux session at boot. It's nice to have a status icon either via Eddie or Gnome's vpn interface. That said, this is a great addition to my VPN client arsenal.

Hello! Netflix USA and only USA is accessible from AirVPN servers as usual if and only if your system queries AirVPN DNS (which happens by default with our software). EXCEPTION: the following servers can not reach Netflix USA at the moment;: Kruger Sneden Fang Nahn Sham Also note that Netflix application has been reported as maliciously bypassing system DNS or exploiting other techniques to disclose your real location. You will be blocked if you are not in the USA in Netflix' app belief, but it's not a fault of our system. Deleting application's cache and then running it only and uniquely when the device is connected to the VPN has been reported as solving the problem in various cases. @giganerd Connecting through a VPN to stream Netflix USA when you are in the USA makes sense in any case (check the wars of major USA ISPs/transit providers against Netflix to get paid by Netflix in order to not block its traffic). Unfortunately Netflix at the end of the day sided with those who have contributed to dismantle the Internet and Net Neutrality in some countries of the world and in this sense it's just another enemy of that very same infrastructure and technology that made its fortunes. Kind regards

Running 1.0 on Arch Linux, so far so good. What would be the recommended way to automatically run $ sudo ./hummingbird your_openvpn_file.ovpn at startup? Thanks.

@AirVPNconsumer @containermalt Hello! Please test Hummingbird binary now available on GitLab, it has been rebuilt in a different environment and now it requires older libraries. Please keep us informed. EDIT: the binary is now available in our repository too and replaces the previous build. https://gitlab.com/AirVPN/hummingbird/tree/master/binary Kind regards P.S. Radical solution is simply building Hummingbird directly in your system (detailed instructions on GitLab).

same problem on openSUSE 15.1 ldd hummingbird ./hummingbird: /usr/lib64/libstdc++.so.6: version `GLIBCXX_3.4.26' not found (required by ./hummingbird) linux-vdso.so.1 (0x00007fffd21f7000) libstdc++.so.6 => /usr/lib64/libstdc++.so.6 (0x00007ff4a24d8000) libm.so.6 => /lib64/libm.so.6 (0x00007ff4a21a0000) libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007ff4a1f88000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007ff4a1d6a000) libc.so.6 => /lib64/libc.so.6 (0x00007ff4a19b0000) /lib64/ld-linux-x86-64.so.2 (0x00007ff4a2862000) * tested on openSUSE Tumbleweed (virtualbox), no problems there! * After update to gcc9 (9.2.1+r279103 ) it works! That is the version on Tumbleweed.

There's no hard preference at all. I torrented all the time on German and Swiss servers and it was fine. You can really use whatever is best for you.

I have just downloaded and successfully tested the RC2 on a PureOS 10 (debian 10 testing derivative) system. Works wonderfully and super fast on server Chamaeleon (US) with a cha-cha-20 cipher. Thank you very much for the hard work you put into this.

Hello! Transparency report. NGOs, persons or entities in general whose public activities are compatible with our mission and that we decided to help, according to the limits set by our resources and the commitments to our customers, during the first half of 2019, in alphabetical order AccessNow, for the steadfast activity aimed to defend and extend the digital rights of users at risk around the world. Caitlin Johnstone, for her commitment to totally independent journalism, for publishing non-copyrighted articles and for her fight against censorship in the pursuit of truth. Chelsea Manning (through her legal defense fund), for having put freedom of expression and the right to access and make information public pertaining to war crimes on a level higher than her personal safety and freedom with exceptional courage and moral integrity. Electronic Frontier Foundation, for outstanding support of civil liberties and fundamental rights in the digital and non-digital world through correct and precise information, pro bono legal activities and support inside and outside courts, and development of valuable open source software tools. Mastodon, for the ongoing development of an open source software project which has the potential to significantly enhance freedom of expression and privacy in a "social network" environment Tor nodes and Tor Project, for their effective and invaluable ability to enhance privacy and bypass censorship in the digital world, through open source software, in ways easily available to any Internet-connected citizen in the world. WikiLeaks, for having revolutionized the world of journalism with unprecedented courage, through a nonprofit organization, in spite of the enormous risks derived by such a disruptive activity. Please consult our mission web page for details and additional information, as well as other entities supported by AirVPN in periods earlier than 2019: https://airvpn.org/mission NOTE During the first half of 2019, Amnesty International, for its long standing activities in protection of the right to a due and fair process, freedom of expression and other human rights, had been taken into serious consideration and donations had been planned. However, new events have caused concern and disappointment to AirVPN founders. AirVPN founders deem that Amnesty International decision to not consider Chelsea Manning and Julian Assange as prisoners of conscience is unfair and factually wrong. AirVPN founders also deem that Amnesty International decision to not pursue any active work in defense of Manning and Assange requires a serious re-consideration about the compatibility of Amnesty International activities with AirVPN mission. https://www.wsws.org/en/articles/2019/05/23/assa-m23.html In the course of 2019, in case Amnesty is not going to change the aforementioned decisions, donation funds for Amnesty will be re-allocated to support different NGOs or entities. Kind regards and datalove AirVPN

hummingbird woks inside eddie 2.18.6 portable on plasma manjaro

Thanks for the Info . Gonna wait for the next release... Great community here

Linux Mint 19.3 user here on Eddie 2.18.6 Beta with TCP 443 enabled - unable to use UDP as it's blocked by default. I placed the hummingbird binary in /usr/lib/eddie-ui directory and checked the advanced setting to "use hummingbird if available". When Eddie pings my server list, I get an ERROR: TCP_OVERFLOW message. Functionality does not seem to be significantly affected by this error. Initial impressions indicate throughput and responsiveness are faster via hummingbird OpenVPN 3 vs OpenVPN 2.4.4. eddie.log

Hello! We confirm the issue on iOS with some browsers, but Safari behaves correctly. We are going to investigate the problem. In iOS, please use Safari to download ovpn files from the Configuration Generator in the meantime. Kind regards

Linux user here. I'm using virgin's m500 service with a superhub 3, had it for literally a week. I was previously with another VPN provider and noticed Virgin were throttling the openvpn connection I was using and said provider had no real information on what was going wrong and how I should fix this. Through various attempts at googling I found some posts mentioning that if you run openvpn over stunnel on port 443 you should be able to evade this which is what led me to airvpn. I followed one of the tutorials on here and did a stunnel (443)/openvpn/port forward implementation. Raw : ISP: Virgin Media Latency: 18.65 ms (0.27 ms jitter) Download: 547.18 Mbps (data used: 807.1 MB) Upload: 36.84 Mbps (data used: 36.6 MB) With airvpn : ISP: *** Latency: 26.50 ms (26.09 ms jitter) Download: 24.78 Mbps (data used: 43.3 MB) Upload: 32.97 Mbps (data used: 54.6 MB) To be fair to airvpn I do occasionally hit 80Mbps but it's not consistent. I've not yet managed to max out my connection but it's a marked improvement on where it was before. I have a stand alone linux machine which I run transmission on which has stunnel/openvpn running constantly. Like I say, I've only been with Virgin for about a week so I'm still researching the best way to do this.

Yes, the settings do look good! Have a nice day! BB

Yesterday I created another ovpn file using same servers but with UDP tlscrypt, tls 1.2 and have not had error message for 24 hours.

@inc @hawkflights Hello! The remote, destination server connection is always logged. Of course it may report exclusively an IP address and not an FQDN with its resolution: that depends on the profile. In case of Air VPN servers, the CN can be either the server name or a generic "server" string (we need to make that consistent, yes). A full integration with the AirVPN "bootstrap" servers will come with the future frontend(s) directing the daemon we mentioned in our previous message (you may have a sort of idea by looking at Eddie Android edition source code). We will disclose an estimated release date of the Hummingbird daemon beta version soon. Your request has been well understood: in Linux several community members asked us to drop Mono and required software "10x" faster than Eddie, and we think that we have made some important steps in the right direction, according to the general feedback (thanks!). Remember, furthermore, that even Eddie 2.18.5 piece running as root is completely written in C++ and does not require Mono (Eddie GUI does). Please keep reporting the problem (we still think it has to do with the re-keying), and also a comparison with OpenVPN 2 from the very same system of yours, if you can and if possible. Kind regards

This requires an actual team. (No offense at Staff) Right now I know of only two people more or less actively coding on the clients. One is finalizing the 2.18.x versions, the other writes Hummingbird 3.x and Eddie for Android. A beta can be stable, too, which is largely what Eddie 2.18.x is now, despite the name.

Guys, do yourself a major favor IF you are using TOTP. Don't skip the process of backing up your Authy/Google code before using it. When I set TOTP (prefer U2F) I create a snapshot and back it up to a remote file. IF you ever lose your phone, etc.... you can simply import the QR code back into the next phone and you are good to go. It takes me a few seconds to prepare in advance for such an instance. They happen all the time, just read around on the internet and you will see people screaming that Google Auth and Authy are terrible. Its not either, just clueless folks losing their access and having no backup.

@gmini Hello! Is it so difficult to read the documentation of those programs that one runs? µTP and protocols in general can be set in "Connection" > "Protocols" or "Enabled Protocol" combo box. Kind regards

Works great on my Mac. Thank you!

this has to be a joke.

Hello! We're very glad to inform you that the Black Friday week has just begun in AirVPN! Save up to 74% when compared to one month plan price Check all plans and discounts here: https://airvpn.org/plans If you're already our customer and you wish to jump aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day. And that's not all: AirVPN offers five simultaneous connections per account, IPv6 full support, AES-GCM and ChaCha20 encryption ciphers and even more, exclusive features: https://airvpn.org/topic/28153-ipv6-support-and-new-smart-features/ AirVPN is the only VPN provider which is actively developing OpenVPN 3 library with key features: https://airvpn.org/forums/topic/44069-openvpn-3-development-by-airvpn/ Any doubt or question? Please check the following, awesome guide first: https://airvpn.org/forums/topic/45694-airvpn-sales-things-to-know/

Dear AirVPN Staff Pretty Please tell us how long does the promo last. I would also appreciate it in all future promotions-countdown clock would be a nice touch in future. It wont hurt you to tell us. We all want to know so bad. After all many of us have to prepare our crypto wallets which can sometimes take a while.

Hello! We are glad to inform you that we have released a new version of OpenVPN-AirVPN library which is essential to our imminent release of a client for macOS which will be added to the clients for Linux 64 bit and Raspbian: https://github.com/AirVPN/openvpn3-airvpn/blob/master/CHANGELOG.txt Kind regards AirVPN Staff Changelog 3.6.1 AirVPN - Release date: 28 November 2019 by ProMIND - [ProMIND] [2019/11/28] openvpn/tun/builder/base.hpp: Added virtual method ignore_dns_push() to TunBuilderBase class - [ProMIND] [2019/11/28] openvpn/tun/client/tunprop.hpp: added DNS push ignore to method add_dhcp_options() *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 3.3.2 AirVPN - Release date: 10 October 2019 by ProMIND - [ProMIND] [2019/09/04] fixed bug in openvpn/tun/linux/client/tunsetup.hpp: changed if(conf->txqueuelen) to if(conf->txqueuelen > 0) which made linux connection to fail - [ProMIND] [2019/09/04] openvpn/tun/linux/client/tuncli.hpp: added initialization to TunLinux::Config::txqueuelen - [ProMIND] [2019/09/10] openvpn/tun/linux/client/tunsetup.hpp: removed remove_cmds->execute(os) call in establish which prevented reconnection to work properly - [ProMIND] [2019/09/10] openvpn/tun/linux/client/tunsetup.hpp: removed connected_gw member and related code which prevented reconnection to work properly - [ProMIND] [1019/10/10] openvpn/client/cliopthelper.hpp: added method getRemoteList(). Returns remoteList member with list of profile's remote entries - [ProMIND] [2019/10/10] client/ovpncli.hpp: added RemoteEntry structure to reflect profile's remote entries - [ProMIND] [2019/10/10] client/ovpncli.hpp: added remoteList member - [ProMIND] [2019/10/10] client/ovpncli.cpp: OpenVPNClient::parse_config now assigns remoteList member with values of ParseClientConfig.getRemoteList() *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 3.3.1 AirVPN - Release date: 31 August 2019 by ProMIND - [ProMIND] [2019/08/06] Added cipher override to client configuration - [ProMIND] [2019/08/06] Added ncp disable override to client configuration *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 3.3 AirVPN - Release date: 13 July 2019 by ProMIND - [ProMIND] [2019/06/02] Forked master openvpn3 repository 3.2 (qa:d87f5bbc04) - [ProMIND] [2019/06/06] Implemented CHACHA20-POLY1305 cipher for both control and data channels - [ProMIND] {2019/07/10] Implemented ncp-disable profile option

Hello! @giganerd Bug detected and fixed, a new testing version is almost ready to be deployed. Thanks! @QueenSasha Thank you, actually speed, efficiency and low RAM footprint have been a priority in OpenVPN 3.3 AirVPN design. Glad to hear that you get remarkable performance boost in Raspberry. Our OpenVPN 3 development goes on and is aimed as usual to bug fixing and new features implementation. Developer will answer soon to your technical questions, in the meantime feel free to keep us posted if you find any glitch or bug. @usr32 Great comparison thank you! We are surprised that you could beat AES with ChaCha20 in an AES-NI supporting machine. Can you please specify the whole architecture? We would like to make some verifications with OpenVPN 3+mbedTLS for AES-NI support in specific archs. @GJElde So you made an OpenVPN text configuration file +x and you tried to run it? @maxandjim Thank you, we will investigate asap. Kind regards

Hello! We proudly announce that today AirVPN has become an Electronic Frontier Foundation "Super Major Donor". The Electronic Frontier Foundation is the leading nonprofit organization defending civil liberties in the digital world. Founded in 1990, EFF champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development. We work to ensure that rights and freedoms are enhanced and protected as our use of technology grows. https://www.eff.org Check our mission page: https://airvpn.org/mission Kind regards and datalove AirVPN Staff

This manual is primarily intended for LibreELEC/CoreELEC/OpenELEC users, from version 7, there OpenVPN is already integrated. But in general it should work with Linux and Windows, but OpenVPN may have to be installed there first. For more information, see also: https://github.com/Zomboided/service.vpn.manager/wiki/01.-Installation This manual is based on the unofficial build of kszaq LibreELEC 8.2.3.1 with Kodi (Krypton) 17.6 and "VPN Manager for openVPN" 4.9.9. After I've tried for hours to get openVPN working in LibreELEC in order to be able using Zattoo (HIQ) via switzerland-airVPN-server, here a small HOW TO, so hopefully it would be easier for others. 1. Use the Config Generator in client area in order to create a configuration file. Select as operating system Linux (I did) or RPiSelect as protocol udp (recomended), Port 443Select nothing else, no advanced mode, no proxySelect a server (for me it has to be one from switzerland) by single server! I have experienced, that if you choose "by country", sometimes it won't work (probably because one or more servers, which are then automatically selected, are not recognized as swiss servers). You can test the single servers with your already working system to see whether they should be recognized for what they are. One server is enough, because later only one server can be used for automatic connection establishment in the VPN Manager anyway. But you can also create several server-files, if you want (and later mark the files in green, you'll see it in one of the next steps.).Create and downlaod the .ovpn file(s).2. Download the zomboided repository on your PC. With this you can download later on the service-vpn-manager (to manage openvpn) and its updates. You can get it from here: https://github.com/Zomboided/repository.zomboided.plugins And maybe interesting: https://github.com/Zomboided/service.vpn.manager/wiki There you can read, what it does and how it works. 3. Copy the two files (zomboided repo and .ovpn file) in the download-folder of Kodi (your OE/LE/CE machine). For connecting your PC with your device you can use e.g. SAMBA. An other way is e.g. to copy the files to an USB-Stick and work with this. 4. Now go into your Kodi menu. Enable install from unknown sources (for more informations take a look at the Wiki-link above -> installation)Install the zomboided repository via Systems/Addons/InstallGo to the new installed zomboided repository and install the "vpn manager for openvpn".Now a wizard wants to start -> don't use it! (For me it did't work!) Instead change directly in this window into settings.In the new window (settings) you can see on the left the first entry "VPN configuration". It should be already selected.Move to right, just have a look at "Protocol (udp recomended)" and change it to udp, if necessary. Don't change anything else (don't care about all the things like username or password!), but scroll directly down to "user defined import wizard", select this.Confirm the next dialog box with OK.Next dialog box should be: "Any existing user defined settings and files will be deleted. Do you want to continue?" -> YesNext dialog box: "Select all files needed ...", you can choose between files and directory -> choose "files"Navigate to the folder you have stored the .ovpn file, select it (it turns green) and click OK.(I'm not sure about this point. I recently had a device, the next steps (from "Now in the settings window again...") did not work. So maybe you'd better move on to the next to steps.) Next dialog box: "Update the .ovpn files ...?" -> NoNext dialog box: "Update the .ovpn files ...?" -> YesNext dialog box: "Rename the .ovpn files ...?" -> YesNext dialog box: "Import wizard finished ..." -> OKNow in the settings window again, go down on left side to "VPN connections".Go right to "First vpn connection ..." and click it. Wait a moment ...In the new dialog box: Heading "select first vpn profile", you should find something like "AIR_VPN_..._UDP..." or maybe just an IP-Adress -> select it and click OKNow you should get a new dialog box with: "Connected to a VPN ..." - gratulation, that's it!To make sure you don't forget, now go in the settings menu and click OK to save the settings you have made so far!Just a few more tips: Now you can go back to the settings menu and familiarize yourself a little bit. For example you should have a look at the "monitor" menu option on the left. There you can define, among other things, whether openVPN should connect automatically at system startup or even before the Kodi startup.An other interesting thing for example is the "Add-on Filter". There for example, you can define addons that should only work over a VPN connection. For example, if you only need a VPN connection when you start a specific addon like Zattoo HIQ, you can put this addon into the filter and the VPN Manager will automatically establish the openVPN connection when the addon is started. And it will not allow Internet access for the addon until the VPN connection is established. That's really very useful, I think!The VPN Manger is a great addon, once you have managed to feed it with data in the right way! Some passages are translated with www.DeepL.com/Translator

Well... I decided to bit the bullet and go for 4.3.4 and AirVPN works a treat. No scripts to update, just installed QVPN Client on QNAP, generated a .ovpn from Client Area of AirVPN (Linux) and loaded on QNAP (didn't get asked for password as I guess it reads that in the ovpn file. All hunky dory. I actually just used the IPv4 version despite my claims above and when checking on ipleak.net shows I'm as secure as a hidden bug in a rug... Now my only issue is updating all the apps on QNAP as the upgrade changes the firmware architecture from x86 to x64.

All: I understand this is a 2 year old thread, but I feel that it is appropriate that I provide my input here. I am also a customer of Shaw in 2018. At this time I subscribed to a Shaw 150 Mbps offering in my area. In practice I can achieve a recorded speed of 90 at best. I called to receive some compensation for this issue, but that's besides the point. At this time, if I connect to AirVPN through Canadian or U.S. servers, the speed test results in 1-5 Mbps. If I connect to the Netherlands, the speed test results in some where between 19-25 Mbps. I agree with the OP that there is definitely something shady going on with Shaw in general. But I am told from friends that their experience with Telus and VPNs are also similarly challenged. I have tried other protocols, but the speed result is usually 1-5 Mbps. I understand that there are other smaller outfits in the market, such as Teksavvy. But, these outfits have a long lead time before anyone can show up at the door. I have enough personal difficulty with the idea of letting some third party service guy from Telus show up at my door. Hence I chose Shaw since the at home service visit is carried out by a Shaw employee. EDIT: March 4, 2018 - From my experience I note that streaming video can be slow at times. Once I have a VPN up, the stream becomes much better. EDIT: June 24, 2018 - At this stage, my speed without VPN has not improved. But, AirVPN speed increased to an all time observed high of 50 Mbps. Shaw has recently received negative publicity for mistreating its customers with a pay-to-pay argument surrounding their invoices. I am contemplating competitors such as Teksavvy. As of this writing, Teksavvy has won CRTC battles enabling customers who wish to switch to simply change modems instead of necessitating a technician to visit the residence. EDIT: June 25, 2018 - After receiving a Teksavvy modem and testing the internet speed, I have observed a new all time high of 120 Mbps. My only conclusion from this is that Shaw is deliberately throttling customer speeds and making any excuse conceivable.

Hello! We regret to inform you that the server Thuban (FR) has been withdrawn due to inability of the datacenter to meet our technical requirements. Currently, we have decided to momentarily drop France. The current legal framework on data retention can be interpreted as an obligation to extend logging of various traffic information by the datacenters, since it covers "hosting providers". Although this obligation, according to our inquiries, has remained quite theoretical so far at datacenter levels, we deem appropriate to not expose our customers to such risks. We will add in the next days servers in Belgium, where data retention laws have been canceled since last year and the legal framework on data protection and privacy does not infringe human rights. Kind regards AirVPN Staff

Hi, I've finally, after much mucking about, managed to sort out my speed issues and am now running at around 75 percent of my actual speed when connected to a U.S. west coast server from Australia with a ping of around 165. What I did was download the experimental client from AirVPN, then once installed, I uninstalled the windows driver and installed the latest one by downloading the latest OpenVPN client, which is 2.3.7 from their website. Then install OpenVPN, but make sure you only check the tap driver, unless you're happy to have the full client installed. Once this is done, go back to AirVPN and try connecting to a server near you and see if your speed has increased. Also, as a point of reference, for me, I find that the best protocol for me in terms of speed are UDP port 2018, so maybe try that one as well prior to connecting up. Hope this helps.

I need to use the client in a hostile network Some hostile country might block our authentication/information servers or VPN servers. To bypass the block, first login to the service from a friendly network access, with the "Remember" option ticked. The client will save your credentials. After that, launch the client and enter the service from the hostile network without touching the login credentials. If the client still fails (it tries to retrieve information from many different mirrors located in different countries), you are informed that you can still connect with the latest available information. In this case, the servers list may not be updated. The client will automatically search for a working server. At the first connection to any server, the client automatically updates other information (like the servers list itself). This feature is also a warranty in case our authentication servers are under attack.