Leaderboard

Hello! Today we're starting AirVPN twelfth birthday celebrations offering special, strong discounts on longer term plans. From a two servers service located in a single country providing a handful of Mbit/s, the baby has grown up to a wide infrastructure in 23 countries in four continents, providing now 240,000+ Mbit/s to tens of thousands of people around the world. We still define it as a "baby", but AirVPN is now the oldest VPN in the market which never changed ownership, and it's one of the last that still puts ethics well over profit, a philosophy which has been rewarded by customers and users. During the last year, AirVPN added important features, even according to customers requests: integrated and full WireGuard support on all VPN servers optional lists selection to block spam, ads, trackers and other malicious sources, featuring a unique and fine grained customization which is exclusive on the nowadays market improved inbound remote port forwarding interface and implementation The infrastructure saw a robust power up in Tokyo, where we have now 14000 Mbit/s available (7000 Mbit/s full duplex), with more powerful hardware, and a small addition in Ireland. The VPN servers and the back service ones have had some minor security improvements as well as ordinary system updates as usual. Optimized software, and also WireGuard implementation, allowed our server to deliver high performance more smoothly, thanks to the improved balancing between threads and of course the good WireGuard scalability. On the software side, all AirVPN applications and libraries are still free and open source software released under GPLv3. WirteGuard has been fully integrated in the Desktop edition of Eddie, while Eddie Android edition will support it in the next version which is imminent (a public alpha release will be ready in June). All the applications are continuously developed and updated to provide an even better experience and performance. Kind regards and datalove AirVPN Staff 

I am seeing very slow DNS resolution on Lich (US) while Haedus and Iklil are solid and quick. I am using Wireguard in Eddie 2.21.6. The server page for Lich shows nothing amiss so not sure.

Hello! Thank you. We confirm that Eddie round trip times wrong values can not be related to VPN DNS. To perform the tests the system must be outside the VPN and therefore you can't use VPN DNS. Furthermore, Eddie needn't resolve names to perform the tests. You can therefore keep this issue on its own topic (already existing, we see) and split from this one. Kind regards

Hello! We might have solved the problem, please keep reporting to confirm or deny. If you still find problems please mention the VPN server name(s). @Seebarschtian Thank you! Kind regards

EDIT: problem has been resolved around 12.00 2022-06-16 UTC Hello! We're sorry to inform you that a PayPal ongoing malfunction is causing a serious issue with purchase validations and plan activation. IPN (Instant Payment Notification) is not sent, so we must validate PayPal payments manually one by one. PayPal has been notified hours ago. We apologize for the delayed activation but the problem is out of our responsibility and control. Hopefully PayPal will resolve the problem very soon. If you have paid via PayPal and you don't see your plan activation within a few hours feel free to open a ticket as we are struggling to keep the pace on the long run. If you are reading this message before you made a purchase, please consider to pay via Stripe, Amazon Pay or Bitcoin for a faster and automated plan activation. This thread will be updated as new information comes in. Kind regards

Huge chart showing VPN relationships, owners, etc. Very interesting to see how many VPNs are actually owned and controlled. The best ones (including Air) are on the top right. https://embed.kumu.io/9ced55e897e74fd807be51990b26b415#vpn-company-relationships/control-d

This issue is under investigation, will be fixed as soon as possible, please be patient.

Hello! We're very glad to inform you that two new 1 Gbit/s full duplex servers located in New York City are available: Haedus and Iklil. They are going to replace Dimidium and Gliese. The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637 UDP for WireGuard. Haedus and Iklil support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor: https://airvpn.org/servers/Haedus/ https://airvpn.org/servers/Iklil/ Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Man, I've been with AirVPN for almost 10 years now... Happy Birthday!

Great service !! Very satisfied.... Thanks a lot for all your efforts

Hello. Just to let know that with Eddie 2.21.18 I can run Hummingbird from within Eddie in OSX High Sierra, and it is working fine. For me it was a long waited feature, so thanks AirVPN team and developers. Happy birthday!!

It's an Announcement thread with Staff and dev attention, you're in the right place here

@EclecticFish @BlueBanana please wait, our fault, will be fixed as soon as possible.

Hi, I do notice some other bugs. After setting the MTU, I seem to be getting some issues whereby on disconnect due to network change, Eddie does not automatically connect back. Unlike the other member, I only set "VPN reconnection". I did not use "VPN always on and block connection without VPN" Removing the MTU seems to solve this issue. However, one issue also arise. When Eddie is connected to one of the servers, when changing from wifi to mobile data, Eddie will disconnect and it will not reconnect back. I have uploaded the log via the app. https://eddie.website/report/d0f694af/

thank you! looks like i can access those apps and services now!

Indeed, I can confirm both ProtonMail and TutaNota apps work fine now with MTU size set to 1280 bytes. I've tried with the following servers: Alruba, Hassaleh, Hyadum, Lehman, Maasym. All good!

Can confirm, the problem does not happen anymore for me. Thanks staff for the fix!

Eddie 2.21.6 Desktop Edition released Hello! We're very glad to inform you that a new stable release of Eddie is now available for Linux (various ARM based architectures included, making it compatible with several Raspberry Pi systems), Mac, Windows. Special thanks to all the beta testers, whose invaluable contributions and suggestions in the last 9 months have helped developers fix several bugs and improve the overall stability of the software. Eddie is a free and open source (GPLv3) OpenVPN GUI and CLI by AirVPN with many additional features such as: traffic leaks prevention via packet filtering rules DNS handling optional connections over Tor or a generic proxy customizable events traffic splitting on a destination IP address or host name basis complete and swift integration with AirVPN infrastructure with OpenVPN and WireGuard white and black lists of VPN servers ability to support IPv4, IPv6 and IPv6 over IPv4 What's new in Eddie 2.21.6 WireGuard support including thorough and swift integration with AirVPN enhanced wintun support in Windows, resolving TAP driver adapter issues and boosting performance, and now set by default as a replacement of TAP driver (which remains optionally available) updated Hummingbird 1.2.0 support in Linux and macOS for increased performance (up to 120% boost in macOS i7 and M1 systems when compared against OpenVPN 2) new ping engine updated Portable and AppImage bundles for improved Linux distributions compatibility constant monitoring of resolv.conf in Linux to mitigate and resolve DNS interference refined network interface management and driver detection in Windows bootstrap servers IPv6 address support unquoted service fix aimed at security hardening in Windows updates of all underlying linked libraries as well as dynamic link against some libraries providing enhanced robustness resolution of memory leaks in Windows starting to occur after numerous usage hours several bug fixes Operating and architectural notes Eddie GUI and CLI run with normal user privileges, while a "backend" binary, which communicates to the user interface with authentication, gains root/administrator privileges, with important security safeguards in place: strict parsing is enforced before passing a profile to OpenVPN in order to block insecure OpenVPN directives external system binaries which need superuser privileges (examples: openvpn, iptables, hummingbird) will not be launched if they do not belong to a superuser Eddie events are not run with superuser privileges: instead of trusting blindly user's responsibility and care when dealing with events, the user is required to explicitly operate to run something with high privileges, if strictly necessary Backend binary is written in C++ on all systems (Windows included), making the whole application faster. Settings, certificates and keys of your account stored on your mass storage can optionally be encrypted on all systems either with a Master Password or in a system key-chain if available. Download Eddie 2.21.6 Eddie 2.21.6 can be downloaded here: https://airvpn.org/linux - Linux version (several architectures and various distribution specific packages for easier installation) https://airvpn.org/macos - Mac version https://airvpn.org/windows - Windows version Eddie is free and open source software released under GPLv3. Source code is available on GitHub: https://github.com/AirVPN/Eddie Complete changelog can be found here. Kind regards & datalove AirVPN Staff

I can confirm, that by todays test, the DNS resolution works with minimal latency in resolving the hostnames. Even the weird nslookup response got away: >nslookup genius.com Server: UnKnown Address: fd7d:76ee:e68f:a993::1 Nicht autorisierende Antwort: Name: genius.com Addresses: 2606:4700::6812:1360 2606:4700::6812:1260 104.18.19.96 104.18.18.96 >nslookup genius.com 10.128.0.1 Server: UnKnown Address: 10.128.0.1 Nicht autorisierende Antwort: Name: genius.com Addresses: 2606:4700::6812:1260 2606:4700::6812:1360 104.18.19.96 104.18.18.96 @Staff Thank you very much for solving the problem.

@seebarschtian - Thanks for raising the ticket. I ran both tests on two machines, one of which had experienced some hesitance earlier. Both tests passed on both machines with no errors. @Staff - Thanks for working on this. Achernar DNS resolution issues early Monday afternoon but okay later. Update - Tuesday morning. DNS tests okay. No immediate lag in browsing. Reported latency errors persist, so maybe they are not DNS related? Top ten servers for best latency as reported by Eddie 2.21.8 Bottom ten:

I opened a ticket a week ago #161998. Last status was: Moved to 2nd Level Support.

I just discovered this thread and I'm glad to hear that this issue is being investigated. However, I'm a bit confused by this comment about WireGuard and OpenVPN. I am using Ubuntu Mate 22.04 and have always connected with OpenVPN. I just opened my settings to confirm that it is using OpenVPN, not wireguard, yet I am also experiencing slow DNS issues while connected to AirVPN servers.

This is how I configured AirVPN on a Raspberry Pi 3B for our small home network. With this configuration I was able to use our full download speed of 100 Mbit updating the steam library on a saturday night (ger to ger - frankfurth exit node) I took the time to write this down: a) In the hope someone with actual knowledge might look over it and tell me my divine mistake .. go on, .. won't bite.. promise ! b) it helps people getting their OpenWRT / AirVPN I use LUCI, the OpenWRT browser GUI. I started with a clean base install, updated it and configured the pppoe uplink according to the guides on openwrt.org Then I installed the following packages : openvpn-openssl vpnbypass luci-app-vpnbypass luci-app-openvpn Your Router Menu should now have a new Menu Item : VPN with OpenVPN and VPN Bypass as menu items. (reload F5) Next I created a new Interface in the Network config : Add new Interface .. In the General TAB -->> Name: vpntunnel, Proto: unmanaged, Device -> custom : tun0 In the advanced TAB -->> deselect "Use DNS servers advertised by peer" , Use custom DNS servers : 10.4.0.1 (enter IP and hit +) save + save and apply ! .. it should look something like this. The new tun device throws an error since nothing is connected yet, that's fine for now. Next I created a firewall rule in Network Firewall : Add In the General TAB -->> Name : vpnfirewall , input : reject, output, accept, forward : reject. Masqerading : yes , MSS clamping : yes, covered Network : vpntunnel , allowed destination : unspecified, allowed source : LAN save + save and apply ! .. Next I generated the OpenVPN config : https://airvpn.org/generator/ Select -->> Router , OpenVPN UPD 443 and your country and hit generate. You will get a file with ovpn as suffix. This single file contains everything you need to establish a connection via VPN !! Next I uploaded that file to my router via VPN -> OpenVPN in my router menu. Give it a Name, select the ovpn file and hit upload After enabling and starting the configuration it should look something like this : https://ipleak.net/ now should show only VPN ip addresses. (DNS and exit node.) for your whole LAN network. Mission accomplished. additionally there is the VPN Bypass plugin in case you want to exclude certain local hosts , ports, networks from you VPN connetion. It's usage is simple as a dream ... Here are my network, dhcp, vpn, and firewall config for verification : /etc/config/network config interface 'loopback' option device 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config globals 'globals' option ula_prefix 'fd4f:b73d:0b1f::/48' config device option name 'br-lan' option type 'bridge' list ports 'eth0' config interface 'lan' option device 'br-lan' option proto 'static' option netmask '255.255.255.0' option ip6assign '60' option ipaddr '10.1.1.1' config interface 'WAN' option proto 'pppoe' option ipv6 'auto' option username 'username@provider.de' option password '12345678' option device 'eth1.7' config device option type '8021q' option ifname 'eth1' option vid '7' option name 'eth1.7' option acceptlocal '1' config interface 'vpntunnel' option proto 'none' option device 'tun0' option peerdns '0' list dns '10.4.0.1' /etc/config/dhcp config dnsmasq option domainneeded '1' option boguspriv '1' option filterwin2k '0' option localise_queries '1' option rebind_protection '1' option rebind_localhost '1' option local '/lan/' option domain 'lan' option expandhosts '1' option nonegcache '0' option authoritative '1' option readethers '1' option leasefile '/tmp/dhcp.leases' option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto' option nonwildcard '1' option localservice '1' option ednspacket_max '1232' config dhcp 'lan' option interface 'lan' option start '100' option limit '150' option leasetime '12h' option dhcpv4 'server' option force '1' option master '1' list ra_flags 'none' config dhcp 'wan' option interface 'wan' option ignore '1' config odhcpd 'odhcpd' option maindhcp '0' option leasefile '/tmp/hosts/odhcpd' option leasetrigger '/usr/sbin/odhcpd-update' option loglevel '4' /etc/config/openvpn config openvpn 'airvpnger' option config '/etc/openvpn/airvpnger.ovpn' option enabled '1' /etc/config/firewall config defaults option input 'ACCEPT' option output 'ACCEPT' option forward 'REJECT' option synflood_protect '1' config zone option name 'lan' option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT' list network 'lan' config zone option name 'wan' option input 'REJECT' option output 'ACCEPT' option forward 'REJECT' option masq '1' option mtu_fix '1' list network 'wan' list network 'wan6' list network 'WAN' config forwarding option src 'lan' option dest 'wan' config rule option name 'Allow-DHCP-Renew' option src 'wan' option proto 'udp' option dest_port '68' option target 'ACCEPT' option family 'ipv4' config rule option name 'Allow-Ping' option src 'wan' option proto 'icmp' option icmp_type 'echo-request' option family 'ipv4' option target 'ACCEPT' config rule option name 'Allow-IGMP' option src 'wan' option proto 'igmp' option family 'ipv4' option target 'ACCEPT' config rule option name 'Allow-DHCPv6' option src 'wan' option proto 'udp' option src_ip 'fc00::/6' option dest_ip 'fc00::/6' option dest_port '546' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-MLD' option src 'wan' option proto 'icmp' option src_ip 'fe80::/10' list icmp_type '130/0' list icmp_type '131/0' list icmp_type '132/0' list icmp_type '143/0' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Input' option src 'wan' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' list icmp_type 'router-solicitation' list icmp_type 'neighbour-solicitation' list icmp_type 'router-advertisement' list icmp_type 'neighbour-advertisement' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Forward' option src 'wan' option dest '*' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-IPSec-ESP' option src 'wan' option dest 'lan' option proto 'esp' option target 'ACCEPT' config rule option name 'Allow-ISAKMP' option src 'wan' option dest 'lan' option dest_port '500' option proto 'udp' option target 'ACCEPT' config rule option name 'Support-UDP-Traceroute' option src 'wan' option dest_port '33434:33689' option proto 'udp' option family 'ipv4' option target 'REJECT' option enabled 'false' config include option path '/etc/firewall.user' config zone option name 'vpnfirewall' option input 'REJECT' option output 'ACCEPT' option forward 'REJECT' option mtu_fix '1' list network 'vpntunnel' option masq '1' config forwarding option src 'lan' option dest 'vpnfirewall'

This guide will explain how to setup OpenVPN in a way such that only select programs will be able to use the VPN connection while all other life continues as usual. Please read this notice before applying the guide Advantages: fail-free "kill switch" functionality (actually better than 98% of VPNs out there) continue using another VPN as primary or don't reroute any other traffic at all nobody, not even peers on LAN, will be able to connect to your torrent client (the only way: through the VPN connection) - eliminating unintended leaks Disadvantage: the apps will still use your default DNS for hostname lookups (secure your DNS separately!) See two more drawings at the end. The guide is applicable to all VPN providers who don't restrict their users to use the OpenVPN client. The method however is universally applicable. It was made with examples from Windows, but with Linux/BSD you will only need little tweaking to do. Specifically, net_gateway placeholder may not available and that's all there is to it. Android clients are probably too limited for this task and lack options we need. - Since there'll be a lot of text, sections titled in (parantheses) are entirely optional to read. The other guide by NaDre is old (2013), hard to read and pursues a slightly different approach. A Staff member actually posted a good first comment there, that's what we're gonna do. (Preface) The BitTorrent as a network is entirely public. Through the decentralized technology called DHT, everyone in the world can find out what torrents you are presumably participating in (this does not apply to private trackers who disable DHT). Clearly this creates an unhealthy atmosphere for privacy of users, e.g. one could find out the OS distribution one is using for a more targetted attack etc. Sometimes the ISPs are outright hostile to peer-to-peer technologies due to the traffic and bandwidth these are consuming. Instead of upgrading dated infrastructure, they cripple their users instead. There are many reasons to use a VPN, that was but a limited selection. ("Split-tunneling") This has become somewhat a marketing term nowadays, but actually explains the nature of the traffic flow well. In this guide only the programs set to use the VPN connection will use it, nothing else. All your traffic goes past the VPN while torrent client traffic (or any other selected program) uses only the VPN connection. ("Kill switch") We'll literally nail it using software settings of your program (the torrent client). This is a marketing-loaded name. In short: if the VPN connection is not available, no traffic ought to be sent bypassing it. In most cases where you have a VPN redirect all your system traffic - you should not rely on it as a feature. The OpenVPN software on Windows is not 100% proof, based on empirical evidence (reconnects and startup/shutdown phases) and some other VPN providers do no better (based on comments and stories). The only bulletproof solution: the VPN tunnel is set up on an intermediary device your PC is connected to - your end device (the PC) has no chance whatsoever to bypass the tunnel in that case. If the VPN provider uses a firewall under the hood, that's good too but with this guide you will not need a firewall nor rely on the VPN software. ("Dual-hop") With the knowledge and methods from this guide you will be able to daisy-chain multiple VPN servers. In essence, your traffic passes PC->VPN1->VPN2->Destination. This was not intended for this guide nor with AirVPN, it's finicky and I wouldn't recommend it myself without a real need and skills to automate the setup and configuration. How it will work Many users (aka mostly idiots on Reddit) are running in circles like qBittorrent is the only client (or probably the only application in the universe, unconfirmed) that can be set to use a certain VPN. Here's the technicality: this is called 'binding' - you can 'bind to IP' which will force the app to use a specific IP address and nothing else. If it cannot use the IP (when VPN is disconnected) then it will not be able to do any networking at all. The OS will deny any communication with the internet: boom! Here's your praised 'kill switch' and 'split-tunneling', 2-in-1. This is the next best bulletproof solution (the only better alternative is to use an intermediary VPN device, as any software could choose a different interface now to communicate with the internet). In a broader sense, you want to 'bind to a network interface' - your client will use any available IPs from the VPN interface - making it ready for IPv4 and IPv6. Oh and you don't need to change the IP once the VPN connection changes to another server. The OS handles the rest. Examples of programs that can bind to user-defined addresses include: (Windows) ping, tracert (IPv6-only, WTF?), curl and wget, and many others, including your favorite torrent client You will find guides online how to do that in your client or just look in settings. (Linux-specific differences of the guide) If you are a Linux/*nix user, there're some minor changes to the quick guide below: * Create custom VPN interface: Create with ip tuntap command. The below line will create 5 interfaces "tun-air1" etc. for YOUR user. Specifying your user allows OpenVPN to drop root rights after connection and run under your user (security). AirVPN allows up to 5 connections. If you have no use for this, create only one. user="$(whoami)"; for i in {1..5}; do sudo ip tuntap add dev "tun-airvpn$i" mode tun user "$user" group "$user"; done Check their existance with ip -d a -- the interfaces will not be shown under /dev/tun* ALTERNATIVE: openvpn --mktap/--mktun. See manual with man openvpn * Select custom VPN interface: This config part differs from Windows, very confusing. Steps: 1. Replace "dev-node" in config with "dev" 2. Add "dev-type tun" or "tap". Example of config: # if you have these defined multiple times, last entries override previous entries dev tun-airvpn1 # previously dev-node dev-type tun # previously "dev tun" on Windows There're no more differences. In-depth explanation: If you try to use dev-node like for Windows, you will see: OpenVPN log: ERROR: Cannot open TUN/TAP dev /dev/tun-airvpn1: No such file or directory (errno=2) Example strace of error: openat(AT_FDCWD, "/dev/tun-airvpn1", O_RDWR) = -1 ENOENT (No such file or directory) OpenVPN cannot find the TUN/TAP with the name? No, on Linux/*nix/*BSD dev-node has a totally different meaning. Dev-node specifies where the control interface with the kernel is located. On Linux it's usually /dev/node/tun, for the "mknode" command. If OpenVPN can't detect it for some reason, then you'd need to use dev-node. Finally you can start OpenVPN from terminal: sudo openvpn --config 'path/to/config.ovpn' --user mysystemusername --group mysystemusergroup Windows Quick Guide Go to the folder where you installed OpenVPN and its exe files: 'C:\Program Files\OpenVPN\' Open CMD inside the 'bin' folder: Hold Shift + Right Click the 'bin' folder -> 'Open Command Window here' We will use tapctl.exe to create a new VPN network interface solely for use with AirVPN (to look around: run "tapctl.exe" or "tapctl.exe help") C:\Program Files\OpenVPN\bin>tapctl create --name AirVPN-TAP {FDA13378-69B9-9000-8FFE-C52DEADBEEF0} C:\Program Files\OpenVPN\bin> A TAP interface is created by default. I have not played enough with Wireguard's TUN to recommend it. You can check it out, it will be under adapters in your Windows network settings Important: Configure your app/torrent client to use this 'AirVPN-TAP' interface. This is what ensures your traffic never leaks. It may appear under a different name, in such case find out which one it is in the output of 'ipconfig /all' (enter this into CMD) If your client does not allow to bind to a general interface but a specific IP (poor decision) then connect to the VPN first to find out the local IP within the VPN network. In this case with AirVPN you may only use one single server or you'll have to constantly change the IP in settings. Generate AirVPN configs where you connect to the server via IPv4! This is important Add these to the .ovpn config files (either under 'Advanced' on the config generator page or manually to each config file) # NOPULL START route-nopull # IF YOU DO NOT USE ANOTHER VPN THAT TAKES OVER ALL YOUR TRAFFIC, USE "net_gateway" (just copy-paste all of this) # net_gateway WILL BE AUTOMATICALLY DETERMINED AND WILL WORK IF YOU CONNECT THROUGH OTHER NETWORKS LIKE A PUBLIC WIFI # personally, due to a second VPN, I had to specify my router IP explicitly instead of net_gateway: 192.168.69.1 # "default"/"vpn_gateway"/"remote_host"/"net_gateway" are allowed placeholders for IPv4 route remote_host 255.255.255.255 net_gateway route 10.0.0.0 255.0.0.0 vpn_gateway route 0.0.0.0 0.0.0.0 default 666 route-ipv6 ::/0 default 666 dev-node AirVPN-TAP # END OF NOPULL Test if the configuration works. Full tests, don't leave it up to chance. In-depth explanation of the OpenVPN config route-nopull rejects any networking routes pushed to you by the server, we will write our own route remote_host 255.255.255.255 <router IP> we tell our system that, to reach remote_host (the AirVPN server IP), it must send traffic to <router IP>. The subnet mask 255.255.255.255 says that this only applies to this single IP set <router IP> to be net_gateway (only for Windows users, check availability on other platforms) <router IP> may be any of the OpenVPN placeholders too, for example "net_gateway" should work universally (you avoid hard-coding the router IP and if it ever changes: wondering years later why the config no longer works) <router IP> is "192.168.1.1" in my case, for my home router that connects me to the internet. route 10.0.0.0 255.0.0.0 vpn_gateway we tell our system that all 10.x.x.x traffic will be sent to the AirVPN server the internal VPN network with AirVPN is always on the 10.0.0.0 - 10.255.255.255 network range. The subnet mask reflects that. However this may interfere with other VPNs if you ever need to be connected to both at once. I will not go into detail on this. What you need to do is to be more specific with 10.x.x.x routes in this config, i.e. instead of /8 subnet, only route the specific /24 subnet of the current VPN server (AirVPN uses a /24 subnet for your connections on each VPN server -> 10.a.b.0 255.255.255.0) vpn_gateway is one of OpenVPN placeholders route 0.0.0.0 0.0.0.0 default 666 allow routing of ANY traffic via the VPN we set the metric to 666, metric defined as path cost (historically) so setting it to a high value will make sure no normal connection runs through it, unless specifically bound to the VPN IP. route-ipv6 ::/0 default 666 same for IPv6. How many can claim they have working VPN IPv6 setup? Welcome in the future. IPv6 is over 20 years old at this point anyhow. dev-node AirVPN-TAP (Windows-only) tell OpenVPN to ONLY use this network interface to create the VPN tunnel on. Nothing should interfere with our setup now That's all, folks! Note: Somehow on Windows my AirVPN connection receives a wrong internal IP that doesn't enable networking at first. In my case I need to wait 1-3 minutes until OpenVPN reconnects itself based on ping timeout: after the reconnect I receive another IP and everything starts to work. I do not know whether it's an OpenVPN or a Windows bug. One last note: using multiple VPNs Actually this will work, that's how I roll. As long as both VPNs don't clash by using the same 10.0.0.0/8 subnet. If this happens, you will need to change Line 5 to point to a more specific (aka smaller) subnet tailored to your AirVPN server. Specifying a 10.x.x.0/24 subnet for routing will surely do (subnet mask: 255.255.255.0). Just be aware that you cannot practically use the same IP range in both networks at the same time (well, you'd need to bind the application you are using to either interface, which you cannot do with a browser or the printing service in case of internal resources). (The story of broken net_gateway) For this placeholder, OpenVPN attempts to determine your 'default gateway', i.e. the router all your internet traffic passes through. It normally works, but may not be supported on other platforms (Linux, sigh). However it has one unintended side-effect: if you already have a VPN that reroutes all your traffic, net_gateway will make all AirVPN traffic go through the first VPN: Your traffic -> VPN1 -> Internet Torrent traffic -> VPN1 -> AirVPN -> Internet That's the unintended dual-hop. Surely you can extend that scheme to 3,4,n-hops if you fiddle enough with routing, subnet masks and correct order. I'm not responsible for headaches We avoid that behavior with Line 4 from our config - the remote_host line forces the AirVPN traffic to go straight to the internet (through your LAN router). One more thing: net_gateway is not available for IPv6 routes in OpenVPN. That's why it currently only works with a IPv4 connection to the VPN server. (Crash course: Subnet masks) You've seen the weird number 255.0.0.0 above. You should refer to other pages for a proper explanation, but basically this is a very simple way for computers to determine the range of IP addresses that are part of a network (a subnet). What's simple for computers is very hard to grasp for us humans. 255 means there are NO changes allowed to the first set of IP numbers. I.e. the 10 in 10.0.0.0 always stays a 10. 0 means all numbers can be used. I.e. the zeroes in 10.0.0.0 can be (0-255), lowest address is 10.0.0.1 and the last address is 10.255.255.254 (technically, 10.0.0.0 is the first and the last 10.255.255.255 is reserved for 'broadcast') Any number in between denotes ... a range in between. 2^(32-prefix)=number. Number is the amount of available addresses and prefix is called the subnet prefix. Both are meant to describe the same thing. For 10.0.0.0/26 or 10.0.0.0 with subnet mask of 255.255.255.192 you get addresses in range 10.0.0.0-10.0.0.64 -- 2^(32-26) = 64. Similarly you can convert the subnet mask into the prefix number and work from there; or eyeball it: 256-192 = 64. (Two ways to accomplish routing) If you have two equal routes, e.g. 0.0.0.0 goes through VPN with metric 666 0.0.0.0 goes through LAN router with metric 10 then obviously the default route for a packet will travel through (2) - because it's a cheaper path. Unless an application specifies to talk only on the VPN interface. However a different rule applies whenever a more specific route exists 0.0.0.0/0 goes through VPN2 with metric 666 0.0.0.0/0 goes through LAN router with metric 10 0.0.0.0/1 goes through VPN1 with metric 30 128.0.0.0/1 goes through VPN1 with metric 30 Here the routes (3) and (4) cover the entire addressing space, just like 0.0.0.0/0. However because they are more specific, they'll be preferred for all traffic because these routes are more selective. This is how OpenVPN does override system routing with VPN routing by default. This is also what the other guide attempted as well, by pushing four {0,64,128,192}.0.0.0/2 routes. Since that was more specific, it would in return override the 0,128 routes and so on. We can calculate how many multi-hops we would be able to do with this method: IPv4 has 32 bits, we will not touch the last 8 bits of the subnets. That leaves us then with 24 bits or 24 maximum amount of hops. Theoretically. The routing table would be outright f---- to look at. This method is a bit more 'secure' in a way because you don't need to rely on overriding a certain metric value, you just slap a more specific route on top and it's automatically made default. Also you don't need to override the default gateway (router) and all that junk. However with my preferred method (first) you can quite easily do DIY dual-hop routing: 0.0.0.0/0 goes through VPN2 with metric 666 0.0.0.0/0 goes through LAN router with metric 10 0.0.0.0/1 goes through VPN1 with metric 30 128.0.0.0/1 goes through VPN1 with metric 30 <VPN2-IP>/32 goes through VPN1 with metric (any) Such a setup will make sure that all traffic destined for the internet (hits 3 and 4) will go through VPN1. If a program specifies the VPN2 network interface, then VPN2 will be reached via VPN1 first (you->VPN1->VPN2). This is quite 'quizzacious' to set up/control. Not part of this guide. As a part of this guide we told the system to route VPN2 via router on LAN. Yet you could indeed chain multiple VPNs this way and force the VPN1 to not only catch all traffic but also be chained via multiple VPNs itself so you would not need to manually set programs. I've seen scripts online for that purpose. Although be aware of MTU issues due to encapsulation. Troubleshooting tips TEST. SERIOUSLY, TEST YOUR SETUP BEFORE ENGAGING YOUR DATA CANNONS! A couple hours now are infinitely many times more worth than a 'leaked' mistake and headaches later on. https://ipleak.net/ - tests your client's default connection route. It would not tell you if your client is alternatively available on LAN for example. If you followed this guide and set up your client correctly, it will not be available on LAN etc. See the images below: 'without interface binding' (most newbie users) and 'with interface binding' (this guide) Wireshark to inspect how the traffic is actually flowing. Follow online tutorials, you only need to select the right network interfaces and filter traffic by port/IP (tcp/udp and your local or VPN IP) curl to send network requests. Like ifconfig.co / ifconfig.io will respond with the IP address it sees you as: curl --interface <your computer IP> http://ifconfig.co curl --interface 192.168.1.42 http://ifconfig.co # for IPv4 or IPv6, default route curl -4 http://ifconfig.co curl -6 http://ifconfig.co > route -4 print and > route -6 print on Windows. To compare the outputs, you can use Notepad++ with the compare plugin (you need two documents open, one in left and another in right pane before comparing). PS: AirVPN configuration generator does not support #comment lines. Please fix. Sorry Linux users, maybe another time I will write something tailored to you. But I believe you are smart cookies and will adapt the OS-specific steps to fulfill this guide's goal.

@StaliniumComodo config files Windows 7 and Windows 10 are already posted(last-link below) @OpenSorcerer request to re-post them. Have a lot of fun

@Stalinium To unconfuse you'll also need some firewall rule set for Wireguard.exe such as this:

2.21.8 tries to detect the default gateway at startup, hence those who enable the network later will run into issues. This is fixed in 2.22.0 ready to be released as experimental version, we are only waiting for confirmation. About ping issue, honestly I haven't found a solution yet: we never reproduce the issue (in this video https://www.clodo.it/files/temp/ping.mp4 i have OS ping both in Linux and Windows, and Eddie in both OS always matches the outcome). Still under investigation, we need to identify the reason and reproduce it, in order to fix. It's normal that, when connected to a VPN server, ping results are not populated or updated. Ping aims at finding the best server to connect to, therefore collecting results when you are connected to a server is useless. Those who allegedly experience the ping issue should confirm it WITHOUT ever trying to connect (open Eddie only), and should specify the OS (apparently there's no macOS user with this issue?). Thanks

I too am perplexed by the "allow detected DNS" setting. I've been wondering what it does since I first noticed it about 5 years ago?

All the best, keep growing and add more cool features!

I updated to 2.21.8 and now the issue is gone. Update was from 2.20.0

Happy Birthday AirVPN!! Extended for 2 more years

Got another 3 years. The speed and reliability of Airvpn are great and the staff continues to improve the product. I looking forward to the new version of the Eddie client for Android with WireGuard support.

I'd love to get to know the action plan when M247 starts asking questions… will you break down half your server fleet?

Great service and team! Thanks a lot!!

Hi, ALL UK Servers are being blocked from: - Entering competitions on Gleam.io - Entering the UK national lottery on national-lottery.co.uk - Using Amazon Prime Video for movies and TV shows - Shopping website argos.co.uk (a huge brick & mortor + online store in the UK) is either is blocked immidiately, or blocked when attempting to search an item (varies on servers wether insta-blocked or blocked on search) - Shopping webite Etsy.com is blocked, giving a blank white screen. These are the ones I have stumbled upon so far, but every single UK server fails on these sites. Tested on both Firefox & Microsoft Edge.

Hello! For some reason we will probably investigate, when ExpressVPN driver and software are installed OpenVPN and WireGuard on their own don't work properly anymore: We don't know whether it's a highly customized driver which creates incompatibilities or it's just an interface lock problem caused by some Express process still running and interfering in the background. Anyway, we have noticed that by removing anything Express related, both OpenVPN and WireGuard work again just fine. Kind regards

Happy birthday!!

Happy Birthday and thanks for trying to stay ethical. These days, especially in tech, it seems to be a hard thing to do. It is the main reason I stick with AirVPN.

I too am experiencing the issue wherein Eddie hangs at " Checking Route IPv4" . It keeps trying different servers as each one times out. This is occurring on two machines, MX linux 21.1 and Mint 20.3 This began since ver 2.21.? Currently still happening on 2.21.8 The only way to connect, is to exit Eddie completely, let the machine connect to my ISP in sans VPN, then run Eddie and connect to an AirVPN server. This is not a solution because I have to initiate a connect to the internet in the clear before running Eddie. I hope my post is not considered hijacking this thread. I am contributing to the same presented.

Happy Birthday AirVPN , lang may yer lum reek. 🍾

Happy b day air vpn!

Happy B-day!

@EclecticFish @BlueBanana fixed, please perform an "apt-get update" or re-download the .deb.

This, or add an exception for the IPs of problematic domains. IP removal is a cat-and-mouse game.

Wow, a guide! Thank you very much for the work you put into it. I'll probably test it out one of these days. This is false. It is available and working as intended on Linux. This is true, though. But in all fairness, most directives in OpenVPN refer to v4 only. One thing came to mind when I read this:

I hate to revive such an old thread, but I wanted to share what fixed it in case it helps anyone in the future. I have a separate OpenVPN server running on my pfSense box that I use for remote access purposes. For some reason, this was conflicting with AirVPN, and I solved my problem by deleting all of the rules under Firewall -> Rules -> OpenVPN (my OpenVPN server, not AirVPN).

10.4.0.1 is reachable from all subnets in the VPN network. So it's a reliable address. In fact, I've been using static 10.4.0.1 for some years now and for 1.5 years I've been connecting to different ports as well (which affects the subnet).

telemus +1 re political and legal analysis. In addition, the surveillance and "legal" control of communications and internet is within the new "super-department" of Home Affairs. In analogy to the USA, this combines CIA (ASIO), FBI (AFP), DEA (AFP), ICE (ex Customs, Immigration, Border Protection), Homeland Security (AFP), and sundry, within the Hidden/Secret/Deep State of the Federal government department, with vicious penalties for whistleblowing/disclosure to the public of any corrupt or illegal or ideological or party political doings. The USA has good reasons for the partition and separation and legally defined boundaries of government power. This consolidation of hidden power has been pushed by the far right quasi fascist faction of the ruling Liberal National Party, which has a centre-right tradition. The centre-right faction includes Prime Minister Turnbull and some cabinet, but is largely controlled by the far right faction and "donors" and Murdoch (Fox) media and backroom party management. Home Affairs is run by a high school graduate ex low level police officer who took to politics called Peter Dutton. Resembles and often referred to as "potato head". Intends to become PM and Big Boss. Latest notable activity was: "Dutton was quoted as saying that white South African farmers may “deserve special attention” from Australia because of land seizures and violence. “ https://www.washingtonpost.com/news/worldviews/wp/2018/03/16/australia-looks-into-resettling-white-south-african-farmers-who-say-they-are-persecuted/?utm_term=.d2aafbf15638 You can get paid for being an ignorant racist pig brain. So comments like this require a VPN and other infosec. Because of the patchwork peering and poor performance of ISPs, and wholesale carriers with international cable such as Telstra/Vocus/iiNet/Optus, even though Eddie shows Reticulum 133ms and Antares 138ms to Air in Singapore, for access to non Australian sources SG is better connected with less peak hour congestion and ping and DNS delays and better CDN service than most ISPs in AU. My ISP uses Vocus via Perth for these Air servers. The Air servers in M247 datacenter such as Hydra are routed via LA USA so 380ms. Might be better for clients in India, Pakistan, Malaysia etc. So Air server performance in AU depends on one's ISP relation to wholesalers and will vary.

Hi there. I've lived in Australia for a while. The internet is rubbish: expensive, unreliable, often slow and compromised (data retention). I had better internet in China! Airvpn does not have a server in Australia. There are posts in the forum on why not, but they revolve round the exorbitant cost (cost of living is often higher than the Scandi countries, without access to Europe and the culture. Beaches kind of do not make up for that.) And the data retention / surveillance state. This has been turned into a fine art in Australia. On the whole, Airvpn works well, but some of its servers have been blacklisted, by for instance Netflix or the BBC. You might need for those sites to get another VPN - but I would urge you to stick with Airvpn for all other activities. Why? Several reasons. Australia does not have a bill of rights, or even guaranteed freedom of speech (some political speech is protected, sort of). Politicians learned long ago they could simply lie to the voters, scare them or ignore the voters' criticisms - so overt control of the press was not required. In any case, one half of the press landscape is controlled by Murdoch. So, they do not need to, in any case. It is easy for the authorities to obtain a warrant, merely by saying they suspect X of doing Y - even if they do not have a lot of evidence. The judiciary is compliant. There is data retention too. The Federal Police (kind of like a cheap FBI) were caught accessing journalists data, without warrant. It was an "accident", they said. [see: http://www.zdnet.com/article/ombudsman-finds-australian-federal-police-unaware-of-journalist-metadata-requirements/; https://www.theguardian.com/australia-news/2017/apr/28/federal-police-admit-accessing-journalists-metadata-without-a-warrant; https://www.theregister.co.uk/2017/11/28/australian_federal_police_did_not_delete_metadata_as_promised/; https://www.theguardian.com/world/2016/apr/14/federal-police-admit-seeking-access-to-reporters-metadata-without-warrant]. So, all the promises that the data would be used only in extreme cases were hollow. As predicted. The other problem is that unlike the US, where information illegally obtained, and anything flowing from it, can't be used in court (the doctrine of the fruit of the poisoned tree) - no such prohibition exists in Australia. It is up to the judge. So, information can be used even if there was no valid warrant. Additionally, the domestic intelligence service is largely unaccountable; for instance, its evidence to court proceedings and coronal inquests is usually not published (and so cannot be tested) - unlike the US. And indeed, all records of those courts are usually not available publicly, on grounds of "privacy". [Contrast with the US and what happened in the lead up to 9/11. such public disclosure would not occur in Australia.] So, in short, if you live in Australia, you should be using a good quality VPN . They are not yet illegal - but there have been discussions from time to time of making them so. And stay off social media.

In addition to our monthly support to OONI (listed in Friends and Sponsors footer) and our relay nodes Coral and Violet, our friend John Ricketts (@aquintex) built 20 exit-nodes with a potential 2 Gbit/s bandwidth. This month we started to help funding John's initiative, with a recurring monthly donation of 500€. Its consensus grows quickly: https://www.quintex.com/torgraph.html. A great congratulation to John for his effort to the Tor (and net neutrality) mission.