Leaderboard

Hello! We're very glad to inform you that two new 10 Gbit/s full duplex servers located in Amsterdam, the Netherlands, are available: Taiyangshou and Vindemiatrix. The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. They support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor : https://airvpn.org/servers/Taiyangshou https://airvpn.org/servers/Vindemiatrix Do not hesitate to contact us for any information or issue. Kind regards & datalove AirVPN Staff

Hello! We're very glad to inform you that the Black Friday weeks have started in AirVPN! Save up to 74% when compared to one month plan price Check all plans and discounts here: https://airvpn.org/buy If you're already our customer and you wish to jump aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day. AirVPN is one of the oldest and most experienced consumer VPN on the market, operating since 2010. It never changed ownership and it was never sold out to data harvesting or malware specialized companies as it regrettably happened to several competitors. Ever since 2010 AirVPN has been faithful to its mission. AirVPN does not inspect and/or log client traffic and offers: five simultaneous connections per account (additional connection slots available if needed) state of the art and flexible inbound remote port forwarding active daemons load balancing for unmatched high performance - current 'all time high' on client side is 730 Mbit/s with OpenVPN and 2000 Mbit/s with WireGuard flexible and customizable opt-in block lists protecting you from adware, trackers, spam and other malicious sources. You can customize answers or exceptions globally, at account level or even at single device level. powerful API IPv6 full support comfortable management of your client certificates and keys AES-GCM and ChaCha20 OpenVPN ciphers on all servers Perfect Forward Secrecy with unique per-server 4096 bit Diffie-Hellman keys internal DNS. Each server runs its own DNS server. DNS over HTTPS and DNS over TLS are also supported. free and open source software client side software support to traffic splitting on an application basis on Android and Linux and on a destination basis on Windows and macOS GPS spoofing on Android application AirVPN is the only VPN provider which is actively developing OpenVPN 3 library with a fork that's currently 330 commits ahead of OpenVPN master and adds key features and bug fixes for a much more comfortable and reliable experience: https://github.com/AirVPN/openvpn3-airvpn AirVPN, in accordance with its mission, develops only free and open source software for many platforms, including Android, Linux (both x86 and ARM based systems), macOS and Windows. Promotion due to end on 2025-12-03 (UTC). Kind regards & datalove AirVPN Staff

Man im tempted to buy more time but I think im covered

We have kept the OP message to show the pervasiveness of the PRC's propaganda lackeys. We consider Taiwan (Republic of China) to be independent and autonomous from the PRC (People's Republic of China), as it is in fact. ipleak uses MaxMind and IANA databases to display results, and we are pleased that these are aligned with an anti-imperialist and democratic vision that is clearly unpalatable to the dictatorial regime of the PRC, which sees it as an obstacle to its expansionist ambitions.

Hello! We're very glad to announce that Eddie Android edition 4.0.0 Beta 1 is now available. This is a major update: for the first time Eddie Android edition features AmneziaWG complete support. Eddie Android edition is a fully integrated with AirVPN, free and open source client allowing comfortable connections to AirVPN servers and generic VPN servers offering compatible protocols. Eddie 4.0.0 aims primarily at adding, besides the already available OpenVPN and WireGuard, a thorough and comfortable AmneziaWG support. AmneziaWG is a free and open source fork of WireGuard by Amnezia inheriting the architectural simplicity and high performance of the original implementation, but eliminating the identifiable network signatures that make WireGuard easily detectable by Deep Packet Inspection (DPI) systems. It can operate in several different ways, including a fallback, "compatibility mode" with WireGuard featuring anyway various obfuscation techniques. What's new in Eddie 4.0.0 AmneziaWG support Amnezia WireGuard API updated OpenSSL, OpenVPN3-AirVPN and WireGuard libraries see the complete changelog below AmneziaWG overview From the official documentation: https://docs.amnezia.org/documentation/amnezia-wg AmneziaWG offers: Dynamic Headers for All Packet Types (compatibility with WireGuard: YES) During tunnel initialization, the library generates a set of random constants applied to each of the four WireGuard packet formats: Init, Response, Data, Under‑Load. These constants: Replace predictable WireGuard packet identifiers; Shift offsets of Version/Type fields; Modify reserved bits. As a result, no two clients have identical headers, making it impossible to write a universal DPI rule. Handshake Length Randomization (compatibility with WireGuard: NO) In WireGuard, the Init packet is exactly 148 bytes, and the Response packet is exactly 92 bytes. AmneziaWG adds pseudorandom prefixes S1 and S2 (0-64 bytes by default): len(init) = 148 + S1 len(resp) = 92 + S2 Offsets of the remaining fields are automatically adjusted, and MAC tags are recalculated accordingly. In order to keep backward compatibility with WireGuard, S1 and S2 must be set to 0. Obfuscation Packets I1-I5 (Signature Chain) & CPS (Custom Protocol Signature) (compatibility with WireGuard: partial, with fallback) Before initiating a "special" handshake (every 120 seconds), the client may send up to five different UDP packets fully described by the user in the CPS format. In this way AmneziaWG can mimic perfectly QUIC, DNS and other protocols adding powerful methods to circumvent blocks. QUIC is particularly interesting as HTTP/3 is built on it and currently, from Chrome and other compatible browsers, 50% of traffic to/from Google is QUIC traffic. Therefore, blocking QUIC may have major disruptions for any ISP. Junk‑train (Jc) (compatibility with WireGuard: YES) Immediately following the sequence of I-packets, a series Jc of pseudorandom packets with lengths varying between Jmin and Jmax is sent. These packets blur the timing and size profile of the session start, significantly complicating handshake detection. Under‑Load Packet (compatibility with WireGuard: YES) In WireGuard, a special keep-alive packet (“Under-Load”) is used to bypass NAT timeouts. AmneziaWG replaces its fixed header with a randomized one, the value of which can be set manually. This prevents DPI from filtering short ping packets, ensuring stable tunnel connections, especially on mobile networks. How to use Eddie with AmneziaWG To enable AmneziaWG mode, just tap the connection mode available in the main and other views. It will rotate between WireGuard, AmneziaWG and OpenVPN. Set it to AmneziaWG. In its default AmneziaWG mode, Eddie will use all the possible obfuscation, except protocol mimicking, that keeps WireGuard compatibility, thus allowing connections to AirVPN servers. The default settings choice was possible thanks to the invaluable support of persons living in countries where VPN blocks are widespread. Such settings have been tested as working and capable to bypass the current blocking methods in various countries. You may consider to modify them if they are ineffective to bypass "your" specific blocks. In Settings > Advanced, you will find, at the bottom of the page, a new "Custom Amnezia WG directives" item. By tapping it you will summon a dialog that will let you customize any possible AmneziaWG parameter. You can maintain backward compatibility with WireGuard in the dialog WireGuard section, or enable the full AmneziaWG support in the Amnezia section, which is not compatible (at the moment) with AirVPN WireGuard servers. This mode will be mostly valuable in a not distant future, when AirVPN servers will start to support AmneziaWG natively. You may also enable QUIC or DNS mimicking for additional obfuscation efficacy. In order to maintain WireGuard backward compatibility, with or without QUIC or DNS mimicking, you must set: S1 = S2 = 0 Hn ∈ {1, 2, 3, 4} H1 ≠ H2 ≠ H3 ≠ H4 Furthermore, do not exceed the valid limit of the J parameters (anyway Eddie will not let you do it). In this preview version, Eddie's formal control of the input data is based on the following document. We strongly recommend you read it if you need to modify manually parameters: https://github.com/amnezia-vpn/amneziawg-linux-kernel-module?tab=readme-ov-file#configuration Please do not modify In parameters if you don't know exactly what you're doing. Eddie implements QUIC and DNS mimicking and random obfuscation packets for each specific "I" parameter (by using the corresponding "Generate" button). You can enable them with a tap on the proper buttons. You may mimic QUIC and DNS even to connect to WireGuard based servers. When you enable QUIC mimicking and you maintain WireGuard backward compatibility, you add a powerful tool against blocks, because the first packets will be actual QUIC packets. AmneziaWG will fall back to WireGuard compatibility very soon. However, when DPI and SPI tools, and demultiplexers in general, identify the initial QUIC flow, most of them will be unable to detect a WireGuard flow for several minutes. This has been tested thoroughly with deep packet inspection on Linux and FreeBSD based machines by AirVPN staff. Therefore, in different blocking scenarios the QUIC mimicking increases likelihood of successful block bypass. NOTE: the same does not happen with DNS mimicking. In this case DPI / SPI tools identify the stream initially as DNS, but are much quicker (just in a few dozens of packets) to identify the stream as WireGuard's, after the initial DNS identification. If you decide to test, please report at your convenience any bug and problem in this thread. If possible generate a report from the app in a matter of seconds: by tapping the paper plane icon on the Log view bar rightmost side you will generate a full system report which will include both log and logcat and have it sent to our servers. Then you just need to send us the link the app shows you (open a ticket if you prefer to do it in private). Download link, checksum and changelog https://eddie.website/repository/Android/4.0.0-Beta1/EddieAndroid-4.0.0-Beta-1.apk This is a build debug package and side load is mandatory. $ sha256sum EddieAndroid-4.0.0-Beta-1.apk 617269290a0406237646cc0885e5b10f3916252f89fe82ba9ccb947354980fcb EddieAndroid-4.0.0-Beta-1.apk Changelog 4.0.0 (VC 37) - Release date: 26 November 2025 by ProMIND Native Library [ProMIND] updated to version 4.0.0, API 10 [ProMIND] added Amnezia WireGuard API [ProMIND] updated to OpenVPN-AirVPN 3.12 (20251126) AirVPNUser.java [ProMIND] getWireGuardProfile(): added Amnezia support ConnectAirVPNServerFragment.java [ProMIND] showConnectionInfo(): added AmneziaWG logo display [ProMIND] onCreateContextMenu(): added AmneziaWG items [ProMIND] onContextItemSelected(): added AmneziaWG items [ProMIND] added method loadVPNProfile() ConnectVpnProfileFragment.java [ProMIND] added Amnezia support EddieLibraryResult.java [ProMIND] added Amnezia WireGuard API QuickConnectFragment.java [ProMIND] onCreateView(): added AmneziaWG logo display [ProMIND] updateStatusBox(): added AmneziaWG logo display SettingsActivity.java [ProMIND] added "Custom AmneziaWG directives" setting SettingsManager.java [ProMIND] added Amnezia specific settings and methods SupportTools.java [ProMIND] removed method getVPNProfile() VPN.java [ProMIND] added methods enableAmneziaWireGuard() and isWireGuardAmneziaEnabled() VPNManager.java [ProMIND] added method isWireGuardAmneziaEnabled() VPNProfileDatabase.java [ProMIND] added AMNEZIA type WebViewerActivity.java [ProMIND] EddieWebViewClient.shouldOverrideUrlLoading(): it now properly opens android asset files WireGuardClient.java [ProMIND] added WireGuard tunnel node to constructor [ProMIND] added methods for generating Amnezia's junk settings WireGuardTunnel.java [ProMIND] added support for Amnezia WireGuard [ProMIND] added Mode enum [ProMIND] added tunnel node to constructor EddieLibrary.java [ProMIND] added Amnezia WireGuard API Kind regards & datalove AirVPN Staff

While I love that you continue to support OpenVPN would you please reconsider a few WireGuard‑only 10–20 Gbit servers to quantify the uplift for users who prioritize raw speed and low latency? It’s my understanding that OpenVPN server processes are single‑threaded and CPU‑intensive. Co‑hosting OpenVPN and WireGuard on the same high‑capacity host (10–20 Gbit) can constrain aggregate throughput under load because per‑core bottlenecks caps per‑host headroom when many OpenVPN clients are active. In cities where you have multiple 20 Gbit servers like New York dedicating one to Wireguard doesn't seem unreasonable? Thank you for your consideration.

Hi Archaon1, I'm glad I could help you. Six months ago, I was just a newbie, but thanks to the community's help, I grew rapidly. Now, I can finally help others too. That's the meaning of a community. Haha, it's really satisfying to help others. 🎉🎉🎉

Hello! After a year of using AirVPN I'm very happy with the product. Website has no bloat whatsoever and it's super easy to find what you are looking for. A huge plus goes out for having an active forum available! Much better option compared to social media idiocies. Also port forwarding has been executed greatly - many other VPN services miss that altogether but even those which support it can't match AirVPN's easy-to-use robust system. Config generator is a great plus too since I'm using both WireGuard app and WireSock depending on the situation and needs. Both run just fine and very few VPN's could match this level of usability. I sometimes have dissapointing speeds with P2P, but usually a simple server change fixes it. Overall very happy customer. Please have a beer AirVPN staff, you've deserved it!

Logbook of an old salt, written on the first day of a fresh two-year voyage aboard the proud AirVPN fleet: Brethren and sister privateers, The yearly discount chest has been opened once again, and I have filled my hold with twenty-four more months of wind. While the quartermaster counts the gold, let this weathered mariner raise a weather-beaten voice: We need a berth in Poland. One single, sturdy server flying the white-and-red banner would save an entire nation of sailors from slow death by a thousand of exceptions. Behold the enemies that lie in wait in Polish waters: The heavy galleon Poczta Polska (Polish Post) and her tender Envelo (online postage)The ironclad banks that fire broadsides the moment a foreign IP drops anchorThe judicial fortresses and their batteriesLegal archives, university libraries, and even honest merchant carracks All of them roar: “No foreign keel shall pass!” The only way to trade with them is to rip plank after plank from our own hulls – dozens, sometimes hundreds of holes in iptables so the cannonballs of “access denied” fly straight through. (Call it split-tunneling if ye be landlubbers; we call it scuttling the ship to save the cargo.) I have sailed these waters for years in the AirVPN flotilla, and the oceans grow darker every season. Ports that once welcomed us now slam the gates. The great YouTube leviathan mistakes every one of our frigates for a pirate bot and demands we strike our colours and show papers none of us will ever sign. So we dance the server hornpipe – Netherlands to Switzerland to Sweden to Canada – tacking frantically until one harbour opens its arms for a fleeting moment, only to chase us out again before the song is over. Need to see them Canadian iron beasts racing the prairie? We glide in under Japanese colours, drop anchor for a fleeting moment of peace… then, the instant the port starts sniffing at our false ensign, we cut the cable and fly before the black-list cannonade roars. This be not the fault of our admirable Admiral and the crew – ‘tis the spirit of the age trying to chain the very sea itself – but one safe haven on Polish soil would turn a gauntlet of fire into a calm inland lake for all local hands. May fair winds fill AirVPN sails forever! May the fleet grow stronger every year! Hail Poland! Hail AirVPN! Hail all ye beautiful bastards and bitches who still believe the high seas should be free! Yours in rum and packets, An old Polish privateer 🇵🇱

First of all, it's Michigan, a state in the US, not some country, and second, the article also goes into that, stating that the ISPs lack tech to reliably identify VPNs without invasive DPI, which might be a violation of the 4th Amendment. Also, it's a proposed bill, if I read it right, so the statement "will ban vpns soon" is not exactly correct as of today. Relax and calm down first. Anyway, OpenVPN over SSH or SSL or AmneziaWG would probably bypass any of these restrictions, and these have been live for years now.

this is actually a post....... Ich bin ein Berliner

@Ptwifty Hello! This is a regrettable attempt to irritate AirVPN customers as retaliation by Eddie for not granting him certain benefits after almost 15 years of service. We will have to suppress these attempts at rebellion with a firm and unyielding hand. Joking aside, it seems that you have defined Sheratan as the only server to which Eddie can connect. From your description, you say that you have defined a blacklist with a single server, but in reality you have defined a whitelist with that single server. Please re-check your lists in the "Servers" window. Kind regards

@Bohdan Kushnirchuk Hello! How to solve: To grant Terminal full disk access (except some specific critical directories) on macOS, follow these steps: Open System Settings (or System Preferences): On macOS Ventura and later, click the Apple menu at the top-left of your screen, then choose System Settings. On macOS Monterey or earlier, choose System Preferences. Go to Privacy & Security: In System Settings (Ventura and later), select Privacy & Security in the left-hand menu. In System Preferences (Monterey and earlier), click Security & Privacy, then go to the Privacy tab. Select Full Disk Access: In the Privacy & Security or Security & Privacy tab, scroll down and click Full Disk Access in the left menu. Unlock Settings: At the bottom-left of the window, you might need to click the lock icon and enter your admin password to make changes. Add Terminal: Once the lock is open, click the + button beneath the list of apps with Full Disk Access. In the file chooser window that pops up, go to Applications > Utilities, and select Terminal. Click Open to add it to the list. Restart Terminal: Close the Terminal app if it’s open, then reopen it to apply the changes. 2. Open the terminal and change ownership of the relevant files: sudo chown root /Applications/Eddie.app/Contents/MacOS/* Kind regards

You're either a troll or completely unhelpful. Next time read the post. This isn't a problem particular to AirVPN, and since I have tried literally everything I can think of and spent several hundred dollars in the process of doing so, I am seeking help on the possible causes. Preferably from people who know what they are talking about. I'll take your style advice in consideration 🙄

AIRVPN DOES NOT RECOGNIZE ANYMORE VERISIGN, AFILIAS AND ICANN AUTHORITY. OUR COMMITMENT AGAINST UNITED STATES OF AMERICA UNFAIR AND ILLEGAL DOMAIN NAMES SEIZURES. The United States of America authorities have been performing domain names seizures since the end of 2010. The seizures have been performed against perfectly legal web-sites and/or against web-sites outside US jurisdiction. Administrators of some of those web-sites had been previously acquitted of any charge by courts in the European Union. The domain name seizures affect the world wide web in its entirety since they are performed bypassing the original registrar and forcing VeriSign and Afilias (american companies which administer TLDs like .org, .net, .info and .com) to transfer the domain name to USA authorities property. No proper judicial overview is guaranteed during the seizure. Given all of the above, we repute that these acts: - are a violation of EU citizens fundamental rights, as enshrined in the European Convention on Human Rights; - are an attack against the Internet infrastructure and the cyberspace; - are a strong hint which shows that decision capacities of USA Department of Justice and ICE are severely impaired; and therefore from now on AirVPN does not recognize VeriSign, Afilias and/or ICANN authority over domain names. AirVPN refuses to resolve "seized" domain names to the IP address designated by USA authorities, allowing normal access to the original servers' websites / legitimate Ip addresses. In order to fulfil the objective, we have put in place an experimental service which is already working fine. If you find anomalies, please let us know, the system will surely improve in time. Kind regards AirVPN admins

That’s a really solid breakdown, and it honestly explains why people get tripped up with TikTok mods and similar apps. Back in the XDA and GitHub days, trust came from the community, not from some shiny website repeating “safe” fifteen times. What you said about real modders avoiding those polished download pages is spot on. I was chatting with someone at SEO Discovery about this kind of thing recently, and they mentioned how those overly SEO-optimized sites tend to target people who don’t know the difference between a genuine project and a sketchy clone. Your experience pretty much lines up with that.

Yes, the addition of the AmneziaWG protocol can solve the connection problems for most people at present, and I hope that AmneziaWG can be used for a long time. If in the future, when the existing protocol can no longer connect, I believe that AirVPN will add a new protocol to solve the connection problem. I will always believe in your technology and capabilities, and I believe that you will always let us breathe real internet. I will always love you, AirVPN. Keep it up!😘😘😘

Hello! Not anymore, and even less in the near future. HTTP/3 is quickly spreading. Today, HTTP/3 is used by 36.5% of all the websites, including major web sites inside countries that enforce blocks against VPN. Furthemore, blocking UDP as such is no more realistic, not even in China, where UDP has become an instrumental protocol for many companies in any sector (video streaming, video conference, VoIP, marketing, social media marketing, regime propaganda and more), for regime aligned or regime owned activities. In China you have a near 100% success rate and no shaping (apart from the normal shaping for anything outside China) with the current Amnezia "weak obfuscation" (no CPS) implementation, i.e. at the moment you don't even need QUIC mimicking (which is anyway available and very effective). Currently, bypassing blocks via UDP than via TCP is more efficient in China. At the moment there is nothing more effective than mimicking QUIC with the signature / fingerprint of an existing web site that's not blocked, and you have this option right now. We see > 95% success rate, which is better than the success rates of SSH (not exceeding 75%), shadowsocks and XRay, V2Ray etc (but a lot faster!). The success rate is similar to any VPN protocol over HTTP/2, but, again, dramatically faster. We're glad to know it. It is also very flexible. Thanks to CPS, you may mimic any transport layer protocol built on UDP, for example DNS, QUIC, SIP. Kind regards

Good morning! First of all, congratulations on the amazing work behind AirVPN. I'm writing to request the option to connect to a server through the API. There is an option to disconnect, but the option to automatically connect to a server does not seem to be available. I was wondering if it would be possible to add this functionality. Best regards, and thank you in advance.

With IPv6 allowing practically infinite IPs it should be possible to assign a dedicated IPv6 address to each connection, allowing incoming connections to any port to be forwarded. This would be a great way to circumvent the port forwarding restrictions on IPv4 that exist because multiple clients have to share the same exit IP, and I think would make for a nice optional feature.

These are the AmneziaWG parameters I use in China. This set of parameters can reliably bypass the GFW. Staff can take a look. Jc = 20; Jmin = 50; Jmax = 1000; S1 = 0; S2 = 0; H1 = 3; H2 = 1; H3 = 4; H4 = 2;

Great! Eddie finally supports AmneziaWG, and UDP finally has a masquerade protocol. Another protocol has been added to the list of protocols for bypassing China's Great Firewall.

Signed up! 🤙

No, take it away.

Read Finanztip's article on internet providers first, it's got most of that info. No such thing with DSL or Fiber. Though, you should care about latency as it impacts the throughput. Well, I've been using Telekom for more than a decade now (with a short two year pause when I lived in Hannover where I had to use Vodafone Kabel DE, it was enough to never subscribe to them again). Never had problems with VPN connections with Telekom.

@oilers You know I was playing around with transmission and have come to the same conclusion - just stay with what works! qBittorrent it is!!!

Absolutely stay with qbittorrent. It still functions perfectly well on MacOS, and you can still bind it to the VPN to avoid leaks which you cannot do with other clients.

as far as i know its all leased after stringent vetting process. servers have been discontinued at times in places which the safety and quality can't be reasonably assured.

That's because the AirVPN team didn't write a forums software from scratch, they picked an existing software and adapted it to the special needs of their infrastructure. A gender field in users' profiles is not a special need, given that 98% of people around here don't bother changing profile settings, let alone edit their profile. IP.Board is a "generic" forums software which can be used in many environments. In some of them contact info, birthdays and genders make sense. In some of them, including airvpn.org, they don't.

Ich hatte noch nicht mal Zeit, mich da voll reizufuchsen. Egal wird schon hinhauen😎 2 Jahre.

Renewed for another 3 years

The gender is a more or less unnecessary piece of information around here. Even if you wanted to provide your pronouns, no one would be able to see this preference when replying in a thread. It's not in the quick info dialog when hovering over the poster's name, and by default profiles are inaccessable to all, so no one would be able to see that info in the first place. You could use the Location field to enter those, it's visible directly under your name, but that'd be displayed with a Location label, see the example on the left under my name (and compare it with how I formatted it in the profile). You must also be advised that this version on IP.Board comes from a different internet era altogether (~10 years ago, I believe), one that didn't have the custom of providing pronouns, or having a variety of genders to identify as. So, you may treat Not telling simply as virtually equivalent to non-binary.

I can confirm this works on Homatics Dune HD Homatics Box R 4K Plus. It needs to be done through real USB connection. ADB TV was not working for me.

Specs, section Assigned IPs: For the entry IPs, use a DNS query: $ dig a in +short de3.all.vpn.airdns.org 141.98.102.245 141.98.102.189 141.98.102.181 185.189.112.21 37.46.199.68 141.98.102.237 37.46.199.52 185.189.112.29 83.143.245.53 37.120.217.245 141.98.102.229 37.46.199.84 185.104.184.45 185.189.112.13 $ dig aaaa in +short de3.all.vpn.airdns.org 2001:ac8:20:98:ba0a:dabc:45a8:c67c 2a00:dd0:aaaa:7:e021:9b15:8027:f809 2001:ac8:36:3:2935:d57f:fc05:83e0 2001:ac8:20:96:226a:3a84:c3d8:dba8 2001:ac8:20:2b:d428:2f9d:4c0a:77b8 2001:ac8:20:225:1b06:18f:a622:b2af 2001:ac8:20:97:dad1:f205:28f1:bff5 2001:ac8:20:2a:818d:602e:cf31:f199 2001:ac8:20:99:fbf6:b62a:86df:b560 2001:ac8:20:2c:8efe:ed7:7e97:6f97 2001:ac8:20:5:623e:50fc:8023:a65 2a00:dd0:aaaa:9:2a94:d040:418f:de4a 2001:ac8:20:9a:13e6:576a:41cb:a5f 2a00:dd0:aaaa:8:486b:fb23:5878:32ea .

On the Download page, click the Other versions button and select 2.21.8.

But you'd be supporting a good cause.

You shouldn't, please read the announcement, thanks! 😋 Kind regards

Hello, Are there any plans to add at least one Greek server in order to resolve the various restrictions in the Greek TV services? (https://airvpn.org/topic/16138-greek-tv-geographical-restrictions) ? If it can be solved in another way then great Thank you

Another year added. Thanks!

Your grumpy response is amusing, but perhaps not quite the spirit of helpfulness I am seeking. But I shall persist, Alex; you and I probably share a vision of an internet that is nudged into being VPN-friendly. We don't also need to be warring with each other on top of that. When I asked whether AirVPN could do something about it, what I actually meant was that AirVPN should do something about it. Specifically, if there are shared blocklists†, as I suspect, they could work with abuse teams to remove the blacklisting. I used to do some spam-fighting many years ago, with honeypots and the like, and that's exactly the kind of arms race that we had there. Reporters would report spam using the SMTP headers, it would influence various interconnected blocklists in subtle ways, and good service providers would be thus encouraged to terminate abusive accounts. I just contacted the admins of a large site, and I've mentioned their infra is emitting a high number of 429 responses, starting in the last few months, even though I've used them for many years. I've given them an example IP; I'm hopeful they'll come back to me with a concrete reason for their site's behaviour. Interestingly it makes no odds whether I am signed in, so I wonder if there could be some kind of WAF in the way. † Or they could be sharing the same large edge provider e.g. Cloudflare.

Dark mode on this site would be nice. Strange that there is no dark theme aleready? I use a huge screen and its like flood-lights when i open this page lol opening airvpn.org:

Use 'Policy table' not Object networking. Then create a NAT rule. I would prefer that they catch up with the competition on the basics (Like supporting IPv6 in VPNs), rather than reinventing yet another way to manage firewall rules 😕

## Plex Remote Access via a AirVPN with Proxmox This guide explains how to run a Plex Media Server in a virtual machine that routes all its traffic through a separate, dedicated VPN gateway VM. This is ideal for users who want to expose Plex to the internet without revealing their home IP address. ## The "Double NAT" Problem The challenge is a "double NAT" scenario. A standard Plex setup assumes a simple path: Internet -> Your Router -> Plex. In this VPN setup, the path is more complex: Internet -> VPN Public IP -> VPN Server -> Your Alpine Gateway VM -> Your Plex VM this is some what of a guide for myself to show you how to configure the firewall rules to correctly forward traffic through this chain. when you have more than 1 NIC on a linux VM make sure you only have 1 gateway. you can have a NIC with no gateway and it will connect to LAN clients. ## 1. System Overview This setup uses two virtual machines on a Proxmox host: Alpine Linux Gateway VM: A minimal VM that connects to your VPN service (e.g., AirVPN using WireGuard) and acts as a router and firewall. Similar to Whomnix. Plex Server VM: A VM running your preferred OS (like MX Linux) that holds your Plex installation. Its internet traffic is routed exclusively through the Alpine Gateway. connects to NFS share for media. Network Layout: Proxmox Host: Connected to your main LAN. Internal Network: A private virtual bridge in Proxmox (e.g., vmbr1) using a subnet like 10.66.66.0/24. This network is for communication between VM's only, no WWW access until you connect to the alpine gateway. Alpine VM: Has two network cards. One on your LAN which connects to AirVPN (192.168.1.x, then the internal network forward packets to VM's with IP (e.g., 10.66.66.1). Plex VM: Has one network card on the internal network with a static IP (e.g., 10.66.66.70) and its gateway set to the Alpine VM's IP. (10.66.66.1) ## Step 1: Configure VPN Port Forwarding Get your forwarded port from AirVPN . This will be the first link in the chain. Log in to your VPN provider's control panel (the first image shows AirVPN's panel). Request a new port forward. Note the two ports it gives you change the Local Port diffrent from the main one: External Public Port: The port the outside world will connect to (e.g., 40516). Internal Forwarded Port: The port your gateway VM will receive traffic on (e.g., 6699). ## Step 2: Configure the Alpine Gateway VM Alpine Linux This is the most critical part. The Alpine VM must be configured to forward traffic from the VPN tunnel to your Plex VM. install wireguard and set up the AirVPN wireguard with wg-quick to auto start when booted up. This set up will use the following format. WWW 40516 --> AirVPN 6699 --> Alpine Gateway 40516 --> Plex VM 32400 ### A. Enable IP Forwarding Edit /etc/sysctl.conf and make sure this line is uncommented: net.ipv4.ip_forward=1 ### B. Create a Startup Script In Alpine, rc services are used for startup. Create a script to bring up your VPN and apply your firewall rules. Create the file: sudo nano /etc/local.d/vpn-firewall.start Paste the following script inside, adjusting interfaces and IPs as needed. #!/binbash sleep 5 ip link set eth1 up sleep 2 # Bring down the tunnel to ensure a clean state wg-quick down wg0 2>/dev/null sleep 2 # Bring up the WireGuard tunnel wg-quick up wg0 sleep 2 echo "WireGuard tunnel activated." >> /var/log/wireguard-boot.log # Flush old rules for a clean slate iptables -t nat -F PREROUTING iptables -t nat -F POSTROUTING iptables -F FORWARD echo "Applying new iptables rules..." >> /var/log/wireguard-boot.log # Rule 1: Allow established connections to return iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT # Rule 2: Masquerade (NAT) all outgoing traffic from the internal network through the WireGuard tunnel iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE # Rule 3: DNAT - This is the Plex port forward. iptables -t nat -A PREROUTING -i wg0 -p tcp --dport 6699 -j DNAT --to-destination 10.66.66.70:32400 # Rule 4: FORWARD - This allows the packet from the DNAT rule to be forwarded to the Plex VM. iptables -A FORWARD -i wg0 -o eth1 -p tcp -d 10.66.66.70 --dport 32400 -j ACCEPT echo "Firewall rules applied successfully." >> /var/log/wireguard-boot.log # Ping check host="10.128.0.1" count=1 if ping -c "$count" "$host" > /dev/null 2>&1; then echo "$(date) Ping to $host successful." >> /var/log/wireguard-boot.log else echo "$(date) Failed to ping $host. Restarting WireGuard." >> /var/log/wireguard-boot.log wg-quick down wg0 2>/dev/null && wg-quick up wg0 && sleep 3 fi echo "$(date) WireGuard setup complete." >> /var/log/wireguard-boot.log Make the script executable: sudo chmod +x /etc/local.d/vpn-firewall.start Now this script will run automatically on boot. ## Step 3: Configure Plex Remote Access ✅ Finally, tell Plex about your custom setup. In Plex, go to Settings -> Remote Access. Check the box for "Manually specify public port". Enter the External Public Port AirVPN gave you (e.g., 40516). Click Apply. Plex should briefly check the connection and then show the green "Fully accessible" message. I wouldn't trust Plex port checker use the AirVPN one as it is more robust and won't give false positives. Your Plex server is now fully accessible from outside your network through your secure VPN gateway. Once you confirm Alpine is set up properly you can now set the drive to be read only as good practice. Make sure you untick Enable Relay in network in Plex to avoid using the unreliable and slow speed network. if you have issues check you have right ports forwarded in alpine with iptables -t nat -L PREROUTING --line-numbers

I'd like to add a third vote for a Greek server (though I of course understand 3 votes in 6 years don't amount to much 🙂). One use case is media, but a second (arguably more important) one is that Greek government websites (basically anything under *.gov.gr), or rather the Akamai CDN they use, seem to implement some rate limiting that makes them basically unusable from (at least some) foreign IPs (but that's across several years and different ISPs). Currently I have to resort to occasionally paying a separate VPN provider for both of these use cases, which as a loyal Air customer of nearly a decade now I would much prefer not to have to do. A rerouting server as mentioned above could perhaps be suitable for both of these cases, though I'm not sure what that would entail exactly.

According to this definition there is no censorship at all anywhere enforced by governments, not in North Korea, not in France, not in China... Please note that your definition is pure fantasy, if not insulting. Censorship is exactly suppression of speech, public communication, or other information subversive of the "common good", or against a given narrative, by law or other means of enforcement. The fact that censorship is enforced by law or by a government body does not make it less censorship. Furthermore, historically censorship was an exclusive matter of some central authority (the first well documented case is maybe the censorship rules to preserve the Athenian youth, infringed by Socrates, for which he was put to death, although the etymology comes from the Roman Office of Censor which had the duty to regulate on citizens' moral practices) and today censorship by governments is predominant. Even In modern times censorship through laws has been and is predominant and pervasive according to Britannica and many academic researches. Then you can discuss ad nauseam whether censorship by law is "right" or "wrong", whether France's censorship is "better" than China's censorship, but you can't change the definition of censorship, otherwise this discussion will become delirious. Kind regards

Hello! The problem affects those users who run Eddie Desktop edition with OpenVPN and never logged out for more than a year, or use OpenVPN clients with configuration files generated before 2021. Since Eddie Desktop edition re-downloads certificates and keys only when the operator logs in, locally some certificates have expired because we extend their expiration date automatically at least one year in advance (three years normally). Please try the following procedure to quickly resolve the problem: run Eddie on Eddie's main window uncheck "Remember me" log your account out log your account in (you'll need to re-enter your AirVPN credentials) try again a connection Kind regards

Hello! Please check your setup against the following guide: https://airvpn.org/faq/p2p/ On top of that, we have noticed a malfunction in some qBittorrent version (for example 4.5.5) in FreeBSD and Linux related to binding. If you set Tools > Preferences > Advanced > Optional IP addresses to bind to into All addresses, qBittorrent will reply only to IPv6 packets. If that's your case too, set that combo box to All IPv4 addresses. For additional safety you can also set the Network interface combo box (available in the same advanced menu) to your VPN interface. Always run qBittorrent only after a VPN connection has been successfully established. Kind regards

The Problem VPN speeds are significantly decreased despite trying to account for all variables I can think of. Significantly decreased in this case means that absolute best I can temporarily get is 250/250 out of my 500/500 connection as measured with iperf3. However, "real life" use with bittorrent and usenet is much slower. i have consistently had a max upload speed of less than 500 kB/s with transmission. downloading from usenet which normally can max out my connection is stuck at 5 to 6 MB/s (it's about 60 MB/s on same device and network w/o VPN ie ~ 480 mbps on my 500 plan). I am absolutely stumped, any advice is very much appreciated. Steps I have taken Confirmed expected speed w/ iperf3 when vpn is disconnected. I tested between local machines, with remote public iperf3 servers, and between iperf3 docker container and remote public iperf3 servers (~ 1 gbps locally on gigabit ports, and ~500/500 mbps externally with my 500/500 plan as expected both directly on host and in docker). i also tested with iperf3 in gluetun container with vpn activated (best result was 180/150, most much lower) Tried different servers in different geographical regions, including my home country Tried OpenVPN vs Wireguard Tried using specific ports like 53 to bypass potential ISP throttling Tried TCP only for same reasons Disabled all ipv6 Tried adjusting MTU for wireguard Tried LSIO wireguard docker image, gluetun docker image, and regular (non-docker) wg Tried with and without VPN port forwarding (with gluetun) disabled UFW because at this point, why not right? Tried all of the above with several different VPN providers (Proton, OVPN, AirVPN) and spun up my own wireguard vpn server on two different VPS providers with same result I have swapped out my older router with a brand new one since the 500/500 is an upgrade from my previous 250/~25 connection and I have many devices connected. I got a slight improvement from 450 mbps down without VPN to 500+. No discernible improvement with VPN connection. Suspecting potential VPN throttling from my new ISP, I have even got a second ISP to try things with. both are 500/500 and provide speeds as advertised. i even tried gluetun on a different computer. the second computer i tried had 11th gen i9 with 32gb ram and was debian 11 (from an older PC running current LTS ubuntu server). same issue Since everything is "working" (successful tunnel connection), I have no idea what I can provide in terms of logs or whatever to help resolve this.

Seconded. I'm using the pro++ https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/pro.plus.txt as it seems a better compromise for my usage.

Hello AirVPN Staff and others. I would very much like to have an API call for creating and removing port forwardings, including requesting a random port. This would allow users to have a different port open for every session started. Setting up a port to be forwarded is already pretty simple, but it does still require having a web browser running and logging in to Air. This may be a small obstacle, but an obstacle nonetheless. I strongly suspect many people will set up a port forwarding only once, and then using the same port for all future sessions, and this has some negative implications for privacy. It is already possible to have this functionality when talking to Air's web server through a browser and clicking buttons manually, so I'm making the assumption it will not be too difficult to do the same through an official HTTP-based API. Does this make sense? I'd love to hear what you think.