Leaderboard

Hello! We would like to inform you that we have made every effort to ensure AirVPN full and efficient operation during the pandemic caused by SARS-CoV-2. In order to reduce hazard and safeguard health, AirVPN staff and personnel work exclusively from home and worked from home well before the current situation appeared clearly as a pandemic Each member has a landline and one or more mobile lines, when possible in different infrastructures, to maximize likelihood to stay connected to the Internet 24/7 AirVPN system is more efficiently automated and basic functioning requires no manual interventions, even for several months (if kernel upgrades hadn't been necessary, we would have had servers uptime of 4 years or more) AirVPN inner staff members have now overlapping competences. Therefore if a key member, including a founder, is forced to stop working, the other ones can carry out his/her functions Emergency funds already secured in the past in different facilities as well as banks remain unaltered and ensure AirVPN financial health for a very long time even in very harsh scenarios. However, we would like to assure you that they are not needed at all currently, quite the contrary. In the last 10 days we have experienced a substantial increase in the growth of our customer base We have been informed by our most important partners and providers of housing and hosting in Europe, America and Asia they they are, and expect to, remain fully operational Kind regards AirVPN Staff

Please stay healthy everyone!

Already did before, for anything but Netflix airvpn is absolutely awesome. I'm a long time customer and already got a 3 year subscription 😎 Plus I've already got a buddy to also sign up to your service. So far I'm very happy. Cheers 🤘

Hi to all, the latest Eddie 2.18.8 experimental released today, works with wintun, please test if interested. Go to https://openvpn.net/community-downloads/, at bottom "OpenVPN 2.5_git wintun technology preview", click the "here" link and install. If you already have the right "openvpn.exe", use it directly: Eddie will install the wintun driver when needed, and also create the adapter. Eddie -> Settings -> Advanced -> OpenVPN Custom Path -> choose your "openvpn.exe" from 2.5, if already installed probably it is "C:\Program Files\OpenVPN\bin\openvpn.exe". At this point, Eddie will use OpenVPN 2.5 (but still with standard TUN driver). Eddie -> Settings -> OVPN directives -> Custom directives, add "windows-driver wintun". At this point, Eddie will use the OpenVPN 2.5 with the newest Wintun driver.

i would apreachiate if servers from upsala can be moved towards stockholm. Stockholm server are always at higher (not "high" but almost always arround 400 mbit - atm its more like 700 mbit per server) load. For me and many others upsalla location seems quite slow (check the user connected from upsalla and stockholm) Server add in Stockholm would be great!

@pfillionqc Hello! Please make sure that UFW is disabled. It is an iptables frontend installed by default in Ubuntu. It creates custom chains and modifies rules, so you don't want it to interfere. Please allow packets to an additional bootstrap server too: -A OUTPUT -d 63.33.78.166 -j ACCEPT Also consider to drop Eddie 2.16.3 and use instead Eddie 2.18.7 beta or Hummingbird 1.0.2 Keep in mind that when you enable "Network Lock" feature your iptables rules will be overwritten by Eddie or Hummingbird and restored when the application exits, but that UFW can still cause troubles. @giganerd Those are filter table INPUT, OUTPUT and FORWARD chains' policies and it's correct that they are set to DROP. Any packet handled by any chain of the filter table that has not caused any jump in any rule is finally subjected to the default policy of the chain that's competent for that packet. Kind regards

Parse bw_max server info field as an integer New version available here: https://ellie-app.com/8jfYjngsLk3a1

@Staff Not sure what you mean about how I use the openvpn3 library. I am using the official openvpn repo described here: https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux The linked libs for my openvpn3 binary from this repo are: linux-vdso.so.1 (0x00007ffc5e1f4000) libssl.so.1.1 => /usr/lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007f08f745a000) libcrypto.so.1.1 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007f08f6f8f000) libgio-2.0.so.0 => /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 (0x00007f08f6bf0000) libgobject-2.0.so.0 => /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 (0x00007f08f699c000) libglib-2.0.so.0 => /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0 (0x00007f08f6685000) libjsoncpp.so.1 => /usr/lib/x86_64-linux-gnu/libjsoncpp.so.1 (0x00007f08f6453000) liblz4.so.1 => /usr/lib/x86_64-linux-gnu/liblz4.so.1 (0x00007f08f6237000) libstdc++.so.6 => /usr/lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007f08f5eae000) libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f08f5c96000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f08f5a77000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f08f5686000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f08f5482000) libgmodule-2.0.so.0 => /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0 (0x00007f08f527e000) libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f08f5061000) libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1 (0x00007f08f4e39000) libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007f08f4c1e000) libmount.so.1 => /lib/x86_64-linux-gnu/libmount.so.1 (0x00007f08f49ca000) libffi.so.6 => /usr/lib/x86_64-linux-gnu/libffi.so.6 (0x00007f08f47c2000) libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 (0x00007f08f4550000) libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f08f41b2000) /lib64/ld-linux-x86-64.so.2 (0x00007f08f7a62000) libblkid.so.1 => /lib/x86_64-linux-gnu/libblkid.so.1 (0x00007f08f3f65000) librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f08f3d5d000) libuuid.so.1 => /lib/x86_64-linux-gnu/libuuid.so.1 (0x00007f08f3b56000) If you need another information, pls elaborate

@SurprisedItWorks It's a recognized bug affecting especially Sony TVs. Sony is not fixing it. You would experience the same with Eddie Android edition or any other VPN application, unfortunately. @Xianders APK for Android TV should be side loaded, as the Play Store will not make it available to Android TV because Eddie opens airvpn.org web site in some menu , while Amazon Appstore makes it available for Android TV (different evaluations). Here you can find the link to download the apk: https://airvpn.org/android Kind regards

I would like to add another consideration, which I feel is important in the equation. My preference is VPNs (1 or 2) first, then before workspace I go to Virtual Machines wherein I connect via TOR. The virtual machines mask any host motherboard hardware which can also betray you with an adversary that can ping it with skill. The big factor overlooked in a "sandwich" approach is that TOR cannot automatically change the circuit route every 10 minutes or so. While I am surfing my original two VPN's are constant (although I rotate them when starting every single session so they are rarely the same two) and the TOR exit IP keeps changing automatically. The TOR entry guard is more constant (assuming you know how the guard works in TOR). I would not want to sacrifice that capability when I spend hours surfing around. ALWAYS close the TOR browser when leaving a site and going to another. My approach, you decide if there is merit for your needs.

Hello! Thank you for your article. Just a correction on the quoted part. That's not possible because the Tor exit-node does not know your "real" and/or your "VPN" IP address. In general the exit-node receives all the traffic from middle-relays, which in turn receive the traffic from Tor guards (the entry-nodes). As far as it pertains to your purposes, consider the following setup, especially when high throughput is not a priority: connect the host over "OpenVPN over Tor" run a Virtual Machine attached to the host via NAT Tor-ify everything in the VM use end-to-end encryption, exclusively use only VM traffic for any sensitive task The above setup, we think, should meet all of your requirements. Furthermore, the main fault of "OpenVPN over Tor" (fixed circuit) is completely resolved by Tor in the VM. Kind regards

Not to confuse anyone here: I use Native OpenVPN 2.5_git with wintun not Eddie.

Under "custom OpenVPN directives." section in Eddie. That is where you add your desired choices: ------------------------------- windows-driver wintun rcvbuf 562144 sndbuf 562144 ------------------------------

Add "windows-driver wintun" to .ovpn config, or Add "--windows-driver wintun" to openvpn.exe command line without the "quotes". ----------------- auth sha512 windows-driver wintun ----------------- Change the buffer like this if you want to achieve better speeds: ------------------ rcvbuf 562144 sndbuf 562144 ------------------

This is how: Speed(TAP):https://beta.speedtest.net/result/8861045841

OpenVPN 2.5_git version has been released.-->>https://openvpn.net/community-downloads/ Speedwise(Wintun):https://www.speedtest.net/result/8854742626 Waiting for the "official" OpenVPN 2.5 release in January.

Wow what a difference that has made to my D/L speed. It has gone from 35mbit/s to 95mbit/s at a stroke, so a very happy bunny indeed here.

yes, without the quotes

Please see also here for an updated baseline guide : https://nguvu.org/pfsense/pfsense-baseline-setup/ pfSense_fan's Guide How To Set Up pfSense 2.3 for AirVPN Guide is updated to pfSense Version 2.3 This guide will work on 2 or more interfaces. Please inform me of any and all errors found! Feedback is appreciated! Please rate this post or leave a comment to share if this worked for you! Table of Contents: Step 1: Disable IPv6 System Wide Step 2: Entering our AirVPN CA, Certificate and Key General Settings and Preparation Step 3: Setting up the OpenVPN Client Step 4: Assigning the OpenVPN Interface & Setting the AirVPN Gateway Step 5: IP and Port Alias Creation to Aid Interface Setup Step 6: Setting up an AirVPN Routed Interface Step 7: General Settings, Advanced Settings and Other Tweaks Step 8: Setting up the DNS Resolver -----

Thank you very much, Clodo for your great work (especially under these shocking circumstances). All the best to you and your country kiwi

Oh yes, i also noticed that sudden surge of bandwidth usage in the last couple of days, hitting almost 100000 MBit/s! Well, that speaks for the quality of your service of course, when there is such a high demand! Thanks for your reply and the clarification. I am already looking forward to some new servers in the future! 🙃😁 Regards BB

They are a bit overloaded. Yup. The time is now. Necessary Yes. @StaffThank you if you can make this happen.

@BlueBanana Hello! Check the stats about used bandwidth on the total infrastructure day by day: As you can see, the used peak bandwidth has increased remarkably in the last days, up to 80200 Mbit/s. On the whole infrastructure, it is still slightly more than just 1/3 of the total available bandwidth (236900 Mbit/s). We will closely monitor, on top of that, used bandwidth country by country, of course. About the countries you mention, even the last peak usage does not exceed 60% of total available bandwidth in each of those countries. We are still well within the range of the quality of service ensured by the terms of service and actually most available bandwidth has not ever been used. That said, we will not hesitate to add servers when it is really necessary, of course. We are monitoring closely, as usual, peak demands country by country. Kind regards

Lately I've been thinking about the prospect of using VPN's in conjunction with the Tor proxy and done some research. I know there are both pros and cons to Tor-over-VPN and VPN--Over-Tor connections and played with the idea of using both connection types at once - something I like to call the "Sandwiched Connection" in that you layer your Tor connection between two separate VPN connections. Please correct me if I got any details wrong or missing. First, you have your plain naked internet connection without a VPN or proxy so your ISP and local network can see everything you're doing. Next, you connect to a VPN server. It masks your IP address and location from your ISP as well as encrypts your web traffic so they have no idea what you're doing. However, the company managing the VPN server will have access to your real IP address, location and web traffic that will be decrypted in their servers - making it important it is a trustworthy service provider that doesn't keep logs of your activities and allows you to create your account with a temporary email address, no personal details and paid with cryptocurrency (that is untraceable like Z-Cash and Monero). You connect to your Tor proxy. Ordinarily, the Tor entry node will know your IP address and location. Since you are using a VPN, it will only know the masked address provided by the VPN server. Not only that but the Tor proxy will further encrypt your web traffic so even the VPN provider won't know what you are doing, just like how it, in turn, hides it from your ISP. Even better? Your ISP won't even know you are using Tor in the first place. However, the Tor exit node decrypts your web traffic and has full access to it as if you were never using a VPN to begin with. If the exit node happens to be malicious or operated by any authority that doesn't like what you're doing, they could potentially call whoever is operating the entry node and/or follow the mask IP address to the VPN service provider and contact them for details concerning you. Again, a trustworthy VPN provider with a no-logs policy is important. Then comes the second VPN connection. After you connect to Tor, you connect to that second VPN server which should encrypt your web traffic from the tor exit node. Whatever company is managing that second server (it could be the same service as the first one or a different one) will only know the IP address and location provided by the Tor proxy and first VPN server but it will know your web traffic as it is being fed to their servers and decrypted. Not to mention that this "sandwiched connection" will deliver a big dent to your connection performance so it helps if you have a powerful router connected via ethernet. So at the end of the day, I figured, someone has to know what you're up to online which leaves the question "Who do you trust with your personal information?" Plus this is all just theory, as far I can tell. Has anyone ever tried putting this into practise? Can anyone provide any further insight into the "sandwiched connection"? I look forward to talking about it.

Eureka! I found the sneaky little bugger that was raising wake-from-sleep havoc with Hummingbird. It was an anti-malware program--appropriately called BlockBlock--I had installed a while back and more or less forgotten about. It's supposed to throw up a notice when any software tries to make a persistent change in the system but didn't do so in this case. After removing it, Hummingbird seems to be humming right along after sleep like it should. A question, though: in my debugging process, another successful method was to run HB with the "--network-lock off" option. IPLeak gave it a clean bill of health, so I'm wondering what network lock actually does and what the ramifications/risks are of running with it off.

@iwih2gk Hello! A few remarks to your last message. 1) MAC address is never included in IPv4 packets. Not even our VPN servers can see your network interface MAC address in IPv4. Similar safeguards are nowadays applied in modern OS for IPv6 too (IPv6 packets do have a specific allocation space for a MAC address). 2) Data passed voluntarily by a browser to a web site can be blocked or altered, either in browser configuration or through dedicated add-ons. Examples include spoofing browser user agent (which includes Operating System etc.) (**), blocking fingerprinting through canvas by generating "noise" and randomizing different fingerprints for each stream (*), and working without any previous tracking cookie by cleaning cookies at each session and working in browser "private" mode. Such safeguards should be applied even when working inside a VM, if your threat model needs them. (*) Example: Canvas Defender for Firefox. "Instead of blocking JS-API, Canvas Defender creates a unique and persistent noise that hides your real canvas fingerprint" (**) Example: User Agent Switcher and Manager for Firefox. Kind regards

Hello. I'm just trying to understand what you're saying here. So let me get it straight. You prefer to use one or two VPNs before connecting to Tor on a virtual machine. No Onion Sandwich (VPN>Tor>VPN)? The virtual machine can mask the host motherboard which can "betray" me? You mean anyone good enough can tell I am using a VM and crack right through to my host machine, is that it? If that's so, what if I used a Xen-based virtual machine? I hear they are more secure. I presume by rotating VPN's you mean switching to different VPN servers every time - that's a good practise. While the Tor Exit IP changes by itself automatically, the entry node IP doesn't which is why you suggest I reset the Tor connection between visiting different websites so I connect through a different route of Tor nodes every time, is that what you're saying? Could you clarify what capability it is you don't want to sacrifice though? I only ever dipped my toes in using the Tor browser a couple of times and never used it for a full blown browsing session so I'm really learning as much as I can before I know how to use it properly. Thanks.

Hello! @busolof Actually according to the log OpenVPN connected successfully and remained connected for several hours. Since Asus offered to replace the device, then something wrong that's specific to your own one might be the problem. Even the fact that you say that you can't upgrade to Asus Merlin is unusual. In AsusWRT routers, upgrading to Merlin is a matter of a few clicks, literally. https://blog.usro.net/how-to-install-asus-wrt-merlin-router-firmware/ We're confident that the router replacement will solve any issue. Or maybe the AX56U has some problem that makes its behavior inconsistent with the AC56U and AC68U (which is an AsusWRT router we own and which we based our tests on). @giganerd Reviewed the guide for AsusWRT and it is up to date. Kind regards

I could confirm with SSL and a different VPN, the limitations have been put in place by Vodafone Germany. AirVPN is awesome as expected and techsupport at Vodafone is straight up lying (or doesn't know the truth).

I have the same problem. Any news on this? EDIT: I installed the latest client, problems are gone. Might need to update your Eddie client. Does this work?

@giganerd @Nam5000 Hello! A clarification on our previous message about problems in Sony TVs with Android 6. OpenVPN for Android and Eddie Android edition run fine and the connection to the VPN is successful and working, traffic is properly tunneled. However, the problem with such TVs is that if you put them in standby while connected to a VPN server, the TV will reboot when it wakes up. See also: https://community.sony.co.uk/t5/android-tv/bug-android-6-0-1-reboots-after-enabling-vpn-apps/td-p/2284371 It is possible to sideload Eddie Android edition on Sony Android based TVs. Kind regards

@dbuero Hello, no, we don't throttle anything. In most cases throttling is self-inflicted, with or without awareness (strange but true). Second most common cause is traffic shaping by ISP. Kind regards

I sometimes do abit of multiplayer and using SSL with a local server I get around 40 ping which is more than adequate....

The bottom line for a "kill" switch is to activate Network Lock in Eddie client. Then if you want to "kill" your session, merely disconnect the AirVPN connection leaving Eddie running. DO NOT CLOSE OR EXIT the Eddie client. Network Lock will remain active as long as Eddie is running. You may if you wish also shutdown your computer with no issue while Eddie is running. To promote a smooth shutdown, uncheck "Exit confirmation prompt" in the Eddie Preferences UI section. Please note that if you want to ensure you do not accidentally exit Eddie leaving your connection visible, then leave the option to prompt on exit enabled. If you do, you may have to wait or manually force close Eddie during shutdown.

Hi, this probably has been answered a million times, but I started a couple days ago to have an issue with AirVPN on ones of my computers. Long story short, it started to fail the DNS check. When I try to deactivate this check, the client is connected and I can perform a certain number of non-Browser action such as pinging servers with my CMD, but anything I do with an Internet Browser fails with the DNS_Probe_Bad_Config error. I'm kinda in the lost. I tried to change my Ipv4 DNS, reinstall Eddie-UI and add a bunch of free DNS addresses in the setting, but it doesn't work. So, a little help for a long-term customer, please ? EDIT: Ok ? It seems updating to v2.18 managed to fix the issue. Maybe an update made the v2.17 incompatible in some way ? I'm keeping this open for the record, it might help some. Below, the logs from what happens when the DNS check fails: I 2020.03.08 23:41:58 - Session starting. I 2020.03.08 23:41:59 - Checking authorization ... ! 2020.03.08 23:41:59 - Connecting to Muscida (Netherlands, Alblasserdam) . 2020.03.08 23:41:59 - OpenVPN > OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 27 2018 . 2020.03.08 23:41:59 - OpenVPN > Windows version 6.2 (Windows 8 or greater) 64bit . 2020.03.08 23:41:59 - OpenVPN > library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10 . 2020.03.08 23:41:59 - Connection to OpenVPN Management Interface . 2020.03.08 23:41:59 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2020.03.08 23:41:59 - OpenVPN > Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key . 2020.03.08 23:41:59 - OpenVPN > Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication . 2020.03.08 23:41:59 - OpenVPN > Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key . 2020.03.08 23:41:59 - OpenVPN > Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication . 2020.03.08 23:41:59 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]213.152.162.156:443 . 2020.03.08 23:41:59 - OpenVPN > Socket Buffers: R=[65536->262144] S=[65536->262144] . 2020.03.08 23:41:59 - OpenVPN > UDP link local: (not bound) . 2020.03.08 23:41:59 - OpenVPN > UDP link remote: [AF_INET]213.152.162.156:443 . 2020.03.08 23:41:59 - OpenVPN > TLS: Initial packet from [AF_INET]213.152.162.156:443, sid=1f3a89f9 2ee7c9c7 . 2020.03.08 23:41:59 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3100 . 2020.03.08 23:41:59 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2020.03.08 23:41:59 - OpenVPN > VERIFY KU OK . 2020.03.08 23:41:59 - OpenVPN > Validating certificate extended key usage . 2020.03.08 23:41:59 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2020.03.08 23:41:59 - OpenVPN > VERIFY EKU OK . 2020.03.08 23:41:59 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Muscida, emailAddress=info@airvpn.org . 2020.03.08 23:42:00 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA . 2020.03.08 23:42:00 - OpenVPN > [Muscida] Peer Connection Initiated with [AF_INET]213.152.162.156:443 . 2020.03.08 23:42:01 - OpenVPN > SENT CONTROL [Muscida]: 'PUSH_REQUEST' (status=1) . 2020.03.08 23:42:01 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.24.130.1,dhcp-option DNS6 fde6:7a:7d20:1482::1,tun-ipv6,route-gateway 10.24.130.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:1482::104f/64 fde6:7a:7d20:1482::1,ifconfig 10.24.130.81 255.255.255.0,peer-id 9,cipher AES-256-GCM' . 2020.03.08 23:42:01 - OpenVPN > Pushed option removed by filter: 'redirect-gateway ipv6 def1 bypass-dhcp' . 2020.03.08 23:42:01 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified . 2020.03.08 23:42:01 - OpenVPN > OPTIONS IMPORT: compression parms modified . 2020.03.08 23:42:01 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified . 2020.03.08 23:42:01 - OpenVPN > OPTIONS IMPORT: route-related options modified . 2020.03.08 23:42:01 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified . 2020.03.08 23:42:01 - OpenVPN > OPTIONS IMPORT: peer-id set . 2020.03.08 23:42:01 - OpenVPN > OPTIONS IMPORT: adjusting link_mtu to 1625 . 2020.03.08 23:42:01 - OpenVPN > OPTIONS IMPORT: data channel crypto options modified . 2020.03.08 23:42:01 - OpenVPN > Data Channel: using negotiated cipher 'AES-256-GCM' . 2020.03.08 23:42:01 - OpenVPN > Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key . 2020.03.08 23:42:01 - OpenVPN > Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key . 2020.03.08 23:42:01 - OpenVPN > interactive service msg_channel=0 . 2020.03.08 23:42:01 - OpenVPN > ROUTE_GATEWAY 192.168.1.254/255.255.255.0 I=13 HWADDR=20:79:18:64:ba:ae . 2020.03.08 23:42:01 - OpenVPN > GDG6: remote_host_ipv6=n/a . 2020.03.08 23:42:01 - OpenVPN > NOTE: GetBestInterfaceEx returned error: �l�ment introuvable. (code=1168) . 2020.03.08 23:42:01 - OpenVPN > ROUTE6: default_gateway=UNDEF . 2020.03.08 23:42:01 - OpenVPN > open_tun . 2020.03.08 23:42:01 - OpenVPN > TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{7FBA13E2-0BA8-403B-BD75-883F67CF455C}.tap . 2020.03.08 23:42:01 - OpenVPN > TAP-Windows Driver Version 9.21 . 2020.03.08 23:42:01 - OpenVPN > Set TAP-Windows TUN subnet mode network/local/netmask = 10.24.130.0/10.24.130.81/255.255.255.0 [SUCCEEDED] . 2020.03.08 23:42:01 - OpenVPN > Notified TAP-Windows driver to set a DHCP IP/netmask of 10.24.130.81/255.255.255.0 on interface {7FBA13E2-0BA8-403B-BD75-883F67CF455C} [DHCP-serv: 10.24.130.254, lease-time: 31536000] . 2020.03.08 23:42:01 - OpenVPN > Successful ARP Flush on interface [18] {7FBA13E2-0BA8-403B-BD75-883F67CF455C} . 2020.03.08 23:42:01 - OpenVPN > do_ifconfig, tt->did_ifconfig_ipv6_setup=1 . 2020.03.08 23:42:02 - OpenVPN > NETSH: C:\WINDOWS\system32\netsh.exe interface ipv6 set address interface=18 fde6:7a:7d20:1482::104f store=active . 2020.03.08 23:42:03 - OpenVPN > NETSH: C:\WINDOWS\system32\netsh.exe interface ipv6 set dns Ethernet 2 static fde6:7a:7d20:1482::1 validate=no . 2020.03.08 23:42:03 - OpenVPN > add_route_ipv6(fde6:7a:7d20:1482::/64 -> fde6:7a:7d20:1482::104f metric 0) dev Ethernet 2 . 2020.03.08 23:42:03 - OpenVPN > C:\WINDOWS\system32\netsh.exe interface ipv6 add route fde6:7a:7d20:1482::/64 interface=18 fe80::8 store=active . 2020.03.08 23:42:03 - OpenVPN > env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2020.03.08 23:42:09 - OpenVPN > TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up . 2020.03.08 23:42:09 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 213.152.162.156 MASK 255.255.255.255 192.168.1.254 . 2020.03.08 23:42:09 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=45 and dwForwardType=4 . 2020.03.08 23:42:09 - OpenVPN > Route addition via IPAPI succeeded [adaptive] . 2020.03.08 23:42:09 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.24.130.1 . 2020.03.08 23:42:09 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4 . 2020.03.08 23:42:09 - OpenVPN > Route addition via IPAPI succeeded [adaptive] . 2020.03.08 23:42:09 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.24.130.1 . 2020.03.08 23:42:09 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4 . 2020.03.08 23:42:09 - OpenVPN > Route addition via IPAPI succeeded [adaptive] . 2020.03.08 23:42:09 - OpenVPN > add_route_ipv6(::/3 -> fde6:7a:7d20:1482::1 metric -1) dev Ethernet 2 . 2020.03.08 23:42:09 - OpenVPN > C:\WINDOWS\system32\netsh.exe interface ipv6 add route ::/3 interface=18 fe80::8 store=active . 2020.03.08 23:42:09 - OpenVPN > env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2020.03.08 23:42:09 - OpenVPN > add_route_ipv6(2000::/4 -> fde6:7a:7d20:1482::1 metric -1) dev Ethernet 2 . 2020.03.08 23:42:09 - OpenVPN > C:\WINDOWS\system32\netsh.exe interface ipv6 add route 2000::/4 interface=18 fe80::8 store=active . 2020.03.08 23:42:09 - OpenVPN > env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2020.03.08 23:42:09 - OpenVPN > add_route_ipv6(3000::/4 -> fde6:7a:7d20:1482::1 metric -1) dev Ethernet 2 . 2020.03.08 23:42:09 - OpenVPN > C:\WINDOWS\system32\netsh.exe interface ipv6 add route 3000::/4 interface=18 fe80::8 store=active . 2020.03.08 23:42:09 - OpenVPN > env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2020.03.08 23:42:10 - OpenVPN > add_route_ipv6(fc00::/7 -> fde6:7a:7d20:1482::1 metric -1) dev Ethernet 2 . 2020.03.08 23:42:10 - OpenVPN > C:\WINDOWS\system32\netsh.exe interface ipv6 add route fc00::/7 interface=18 fe80::8 store=active . 2020.03.08 23:42:10 - OpenVPN > env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2020.03.08 23:42:10 - Interface Ethernet 2 metric changed from Automatic to 3, layer IPv4 . 2020.03.08 23:42:10 - Interface Ethernet 2 metric changed from Automatic to 3, layer IPv6 . 2020.03.08 23:42:10 - DNS leak protection with packet filtering enabled. . 2020.03.08 23:42:10 - DNS IPv4 of a network adapter forced (Ethernet 2, from manual (10.5.130.1) to 10.24.130.1) . 2020.03.08 23:42:10 - DNS IPv6 of a network adapter forced (Ethernet 2, from automatic to fde6:7a:7d20:1482::1) W 2020.03.08 23:42:10 - Routes, add 213.152.162.154 for gateway 10.24.130.1 failed: 'route' n'est pas reconnu en tant que commande interne W 2020.03.08 23:42:10 - ou externe, un programme ex‚cutable ou un fichier de commandes W 2020.03.08 23:42:10 - Routes, add 2a00:1678:2470:5:3568:e603:2b4d:aeb6 for gateway fde6:7a:7d20:1482::1 failed: 'netsh' n'est pas reconnu en tant que commande interne W 2020.03.08 23:42:10 - ou externe, un programme ex‚cutable ou un fichier de commandes . 2020.03.08 23:42:10 - Flushing DNS I 2020.03.08 23:42:10 - Checking route IPv4 I 2020.03.08 23:42:11 - Checking route IPv6 I 2020.03.08 23:42:11 - Checking DNS . 2020.03.08 23:42:23 - Checking DNS failed: . 2020.03.08 23:42:23 - Checking DNS (2° try) . 2020.03.08 23:42:37 - Checking DNS failed: . 2020.03.08 23:42:37 - Checking DNS (3° try) . 2020.03.08 23:42:51 - Checking DNS failed: E 2020.03.08 23:42:51 - Checking DNS failed. . 2020.03.08 23:42:51 - OpenVPN > Initialization Sequence Completed ! 2020.03.08 23:42:51 - Disconnecting . 2020.03.08 23:42:51 - Sending management termination signal . 2020.03.08 23:42:51 - Management - Send 'signal SIGTERM' . 2020.03.08 23:42:51 - OpenVPN > MANAGEMENT: CMD 'e7596dca56bbadcf74b75c6128267e9392cdf16e6702e795a387f4873676eb28' . 2020.03.08 23:43:00 - Sending management termination signal . 2020.03.08 23:43:00 - Management - Send 'signal SIGTERM' . 2020.03.08 23:43:00 - OpenVPN > MANAGEMENT: CMD 'signal SIGTERM' . 2020.03.08 23:43:00 - OpenVPN > SIGTERM received, sending exit notification to peer . 2020.03.08 23:43:05 - OpenVPN > C:\WINDOWS\system32\route.exe DELETE 213.152.162.156 MASK 255.255.255.255 192.168.1.254 . 2020.03.08 23:43:05 - OpenVPN > Route deletion via IPAPI succeeded [adaptive] . 2020.03.08 23:43:05 - OpenVPN > C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.24.130.1 . 2020.03.08 23:43:05 - OpenVPN > Route deletion via IPAPI succeeded [adaptive] . 2020.03.08 23:43:05 - OpenVPN > C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.24.130.1 . 2020.03.08 23:43:05 - OpenVPN > Route deletion via IPAPI succeeded [adaptive] . 2020.03.08 23:43:05 - OpenVPN > delete_route_ipv6(::/3) . 2020.03.08 23:43:05 - OpenVPN > C:\WINDOWS\system32\netsh.exe interface ipv6 delete route ::/3 interface=18 fe80::8 store=active . 2020.03.08 23:43:05 - OpenVPN > env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2020.03.08 23:43:05 - OpenVPN > delete_route_ipv6(2000::/4) . 2020.03.08 23:43:05 - OpenVPN > C:\WINDOWS\system32\netsh.exe interface ipv6 delete route 2000::/4 interface=18 fe80::8 store=active . 2020.03.08 23:43:05 - OpenVPN > env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2020.03.08 23:43:05 - OpenVPN > delete_route_ipv6(3000::/4) . 2020.03.08 23:43:05 - OpenVPN > C:\WINDOWS\system32\netsh.exe interface ipv6 delete route 3000::/4 interface=18 fe80::8 store=active . 2020.03.08 23:43:05 - OpenVPN > env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2020.03.08 23:43:05 - OpenVPN > delete_route_ipv6(fc00::/7) . 2020.03.08 23:43:05 - OpenVPN > C:\WINDOWS\system32\netsh.exe interface ipv6 delete route fc00::/7 interface=18 fe80::8 store=active . 2020.03.08 23:43:05 - OpenVPN > env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2020.03.08 23:43:06 - OpenVPN > Closing TUN/TAP interface . 2020.03.08 23:43:06 - OpenVPN > delete_route_ipv6(fde6:7a:7d20:1482::/64) . 2020.03.08 23:43:06 - OpenVPN > C:\WINDOWS\system32\netsh.exe interface ipv6 delete route fde6:7a:7d20:1482::/64 interface=18 fe80::8 store=active . 2020.03.08 23:43:06 - OpenVPN > NETSH: C:\WINDOWS\system32\netsh.exe interface ipv6 delete address Ethernet 2 fde6:7a:7d20:1482::104f store=active . 2020.03.08 23:43:06 - OpenVPN > NETSH: C:\WINDOWS\system32\netsh.exe interface ipv6 delete dns Ethernet 2 all . 2020.03.08 23:43:07 - OpenVPN > TAP: DHCP address released . 2020.03.08 23:43:07 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting . 2020.03.08 23:43:07 - Connection terminated. . 2020.03.08 23:43:07 - DNS IPv4 of a network adapter restored to original settings (Ethernet 2, to 10.5.130.1) . 2020.03.08 23:43:07 - DNS IPv6 of a network adapter restored to original settings (Ethernet 2, to automatic) . 2020.03.08 23:43:07 - DNS leak protection with packet filtering disabled. . 2020.03.08 23:43:07 - Interface Ethernet 2 metric restored from 3 to Automatic, layer IPv4 . 2020.03.08 23:43:07 - Interface Ethernet 2 metric restored from 3 to Automatic, layer IPv6 I 2020.03.08 23:43:09 - Cancel requested. ! 2020.03.08 23:43:09 - Session terminated. . 2020.03.08 23:43:44 - Updating systems & servers data ... . 2020.03.08 23:43:44 - Systems & servers data update completed

I've just realized I haven't praised Humminbirg yet. I'm loving it so far. Thanks!

nftables fails with a "Segmentation fault", but disabling it entirely as you've mentioned allows hummingbird to connect. Thanks for the help! That said, I would imagine I would want some sort of network lock? It may not be necessary with the container setup I have. I'll have to do some testing.

Hello! Network Lock, which has been implemented for the first time "in history" of software for VPN by AirVPN in 2011/2012, covers all the limited cases foreseen by a kill switch and many more for which a kill switch is impotent. A kill switch features a very modest subset of Network Lock abilities to prevent traffic leaks outside the tunnel which are covered in any case by Network Lock with a more effective method (firewall rules). In other words, a kill switch is a totally wrong approach to prevent traffic leaks outside the tunnel, and anyway its limited abilities to fulfill leak prevention are fully covered by Network Lock. Kind regards

@wintermute1912 If traffic passes through the tun interface it's in the tunnel, so even if you want to reach 3rd parties DNS servers, the queries and their replies are tunneled, it's not a DNS leak. Even worse: in this way you will never find DNS leaks, even if they are really occurring. To verify effectively you need to check traffic from the physical network interface. Unencrypted DNS queries from the physical network interface, if not blocked by the firewall, hint to DNS leaks for real. Kind regards

Don't use Deluge. For whatever reason which I have not had time to properly investigate it gives you away and you get replay attacks. The following torrent clients run fine for me: qbittorrent (latest version installed via PPA: https://www.qbittorrent.org/download.php Transmission (native install on Ubuntu 16.04.5) rtorrent (probably the safest but text based interface only) Also change the TCP port you have mapped quite frequently. And check you're not getting DNS leaks: sudo tcpdump -i tun0 -n "port 53" If you see any other IP address than the AirVPN DNS server you have leaks

@dbuero Outstanding throughput for Windows, congratulations! You did not mention in this thread that you were running Windows, so we assumed that you ran a different system, sorry, we could have made you save a lot of time. Finally Windows should have a driver for a virtual network interface that allows throughput more in line to what you can get with other systems. Eddie 2.18 beta 8 has been planned to support Wintun. We are also following OpenVPN Linux kernel module (currently closed source, but they could decide to release it under some open source license during 2020). Although our servers can already reach line capacity, higher than 1 Gbit/s throughput is achieved only via multiple OpenVPN daemons, one per core. Spread the word about the performance you can get now with AirVPN and Windows! Kind regards

Hello! Yes, it absolutely is. Just ensure you're connected to a location which is good for your specific situation/location and perhaps even using the UDP protocol.

Hello I have been using Airvpn for gaming (unlock voice-chat) for almost 2 years now. It works great. it adds around 5 to 10 latency only, and the best thing is. There are no ping spikes at all. Nevertheless, you can get the free trail for 3 days and try the vpn with your game.

https://restoreprivacy.com/wireguard/ AirVPN has also chimed in over WireGuard’s implications for anonymity, as explained in their forum: Wireguard, in its current state, not only is dangerous because it lacks basic features and is an experimental software, but it also weakens dangerously the anonymity layer. Our service aims to provide some anonymity layer, therefore we can’t take into consideration something that weakens it so deeply. We will gladly take Wireguard into consideration when it reaches a stable release AND offers at least the most basic options which OpenVPN has been able to offer since 15 years ago. The infrastructure can be adapted, our mission can’t. In their forums, AirVPN further explained why WireGuard simply does not meet their requirements: Wireguard lacks dynamic IP address management. The client needs to be assigned in advance a pre-defined VPN IP address uniquely linked to its key on each VPN server. The impact on the anonymity layer is catastrophic; Wireguard client does not verify the server identity (a feature so essential that it will be surely implemented when Wireguard will be no more an experimental sofware); the impact on security caused by this flaw is very high; TCP support is missing (third party or anyway additional code is required to use TCP as the tunneling protocol, as you suggest, and that’s a horrible regression when compared to OpenVPN); there is no support to connect Wireguard to a VPN server over some proxy with a variety of authentication methods. Despite these concerns, many VPN services are already rolling out full WireGuard support. Other VPNs are watching the project and are interested in implementing WireGuard after it has been thoroughly audited and improved. In the meantime, however, as AirVPN stated in their forum: “We will not use our customers as testers.”

It's not a Denial of Service per sé, it's just a nuisance for the users.

For those running Windows 10 and don't want to run the persistent command but still want the IPV6 by default, you can do so via Eddie. Open up Preferences, Go To Events, open the VPN Up (or anything above it, I don't know if it matters) option. For file name navigate to C:/Windows/System32/netsh.exe For argument type: interface ipv6 set prefixpolicy fc00::/7 37 1 store=active I have "Wait end of process" disabled, but I don't know if that matters. Click Save. Reconnect to an AirVPN server. You should now have IPV6 by default any time you connect to a server, and upon reboot, it will reset back to normal. It would probably be idea if the VPN Down option had something resetting the Netsh settings, but I don't know how to do that. Also Microsoft apparently says Netsh might be removed in the future for a powershell option so... ¯\_(ツ)_/¯

https://netflix.com Watch Movies & TV Shows Online or Streaming right to your TV via Xbox, Wii, PS3 & many other devices. Only $7.99/mo. Status: NOT ACCESSIBLE Native: none. Routing: All servers Last update: February the 1st, 2020

At the moment I've got no native IPv6 connection at my disposal to test my hypothesis but I don't think that the problem lies at the application level. The apparent preference for IPv4 does not only seem to prevail in browsers but also in other applications like SSH. If I'm correct, SSH should prefer IPv6 over IPv4 on a native IPv6 connection, if one URL is pointing to multiple DNS entries (A + AAAA in this case). When a connection to a Gen2 server is established (via an IPv4 connection in my case), SSH always prefers IPv4 in my testing. An IPv6 connection to this specific URL can be forced with ssh -6 ... but this shouldn't be the default behavior of SSH. What determines which connection should be preferred? RFC3484 describes the ranking of competing connections. The resulting /etc/gai.conf on my Arch Linux system looks like this: # All lines have an initial identifier specifying the option followed by # up to two values. Information specified in this file replaces the # default information. Complete absence of data of one kind causes the # appropriate default information to be used. The supported commands include: # # reload <yes|no> # If set to yes, each getaddrinfo(3) call will check whether this file # changed and if necessary reload. This option should not really be # used. There are possible runtime problems. The default is no. # # label <mask> <value> # Add another rule to the RFC 3484 label table. See section 2.1 in # RFC 3484. The default is: # #label ::1/128 0 #label ::/0 1 #label 2002::/16 2 #label ::/96 3 #label ::ffff:0:0/96 4 #label fec0::/10 5 #label fc00::/7 6 #label 2001:0::/32 7 # # This default differs from the tables given in RFC 3484 by handling # (now obsolete) site-local IPv6 addresses and Unique Local Addresses. # The reason for this difference is that these addresses are never # NATed while IPv4 site-local addresses most probably are. Given # the precedence of IPv6 over IPv4 (see below) on machines having only # site-local IPv4 and IPv6 addresses a lookup for a global address would # see the IPv6 be preferred. The result is a long delay because the # site-local IPv6 addresses cannot be used while the IPv4 address is # (at least for the foreseeable future) NATed. We also treat Teredo # tunnels special. # # precedence <mask> <value> # Add another rule to the RFC 3484 precedence table. See section 2.1 # and 10.3 in RFC 3484. The default is: # #precedence ::1/128 50 #precedence ::/0 40 #precedence 2002::/16 30 #precedence ::/96 20 #precedence ::ffff:0:0/96 10 # # For sites which prefer IPv4 connections change the last line to # #precedence ::ffff:0:0/96 100 Which reflects the expected behavior described by the RFC standard. The man-page for this has been implemented in kernel 4.16 (very recently). When I apply the little knowledge I have on IPv6, the ULA each OpenVPN connections gets assigned is part of: label fc00::/7 6 and thus very low in the ranking of the competing connections. Hopefully I could point you in the right direction. If not I'm sorry. I don't understand all of it but this seems plausible to me.

--------------------------------------------------------- SECURE YOUR WINDOWS VPN CONNECTION This script will allow your Windows OS to flip between secure VPN traffic and normal traffic mode. -Secure VPN mode: Allows 'only' secure VPN traffic, this script also prevents the 'DNS leak' problem you might have read about. -Normal traffic mode: Your normal internet I wrote this for people with little know-how of computers but need security without complication. This is a simple script that you double-click to flip between 'normal internet' mode and 'Secure VPN Mode'. When in 'Secure VPN Mode' your computer completely prevents DNS leaks and will deny ALL internet traffic that is not VPN. It still allows LAN access so your servers/network's existing setup won't be affected by it. Requirements: -My windows batch script -Your VPN's .ovpn files -You need to the DNS servers of your VPN (Note: Not all VPN's provide them, but all the good ones do) -Windows Vista/7/8/10 (These are the OS' that come default installed/enabled with Windows Firewall) --------------------------------------------------------- STEP 1 - Download your .ovpn file(s) from your VPN provider STEP 2 - Place those .ovpn files into your OpenVPN config directory This folder is usually: C:\Program Files\OpenVPN\config STEP 3 - Creating the .bat file -Create an empty .txt file and open it up -Copy and paste everything in the code box below into the empty .txt file -Edit the line near the top that says SET YOUR_VPN_PRIMARY_DNS= <- Put YOUR VPN's DNS address after the equal sign (AirVPN is 10.4.0.1 - this is what I use, so I left it as the default) -Save the file -Rename the .txt file extension to .bat (e.g. FirewallFlip.txt -> FirewallFlip.bat) BATCH FILE - FIREWALL FLIPPER @ECHO OFF SETLOCAL ENABLEDELAYEDEXPANSION SETLOCAL ENABLEEXTENSIONS REM ------------------- REM MANDATORY VARIABLES REM ------------------- REM This section is required to prevent DNS leaks REM Example VPN DNS servers: AirVPN's are 10.4.0.1 and 10.5.0.1 REM THIS VARIABLE CANNOT BE BLANK AND MUST BE CHANGED TO YOUR VPN'S DNS SERVER SET YOUR_VPN_PRIMARY_DNS=10.4.0.1 REM ------------------ REM OPTIONAL VARIABLES REM ------------------ REM Put the filename of your preferred OVPN server here REM Leave blank to let this script select one at random for you REM Example filename you would enter here: AirVPN_America_UDP-443.ovpn SET YOUR_PREFERRED_OVPN= REM Enter your backup/secondary DNS here SET YOUR_VPN_SECONDARY_DNS=10.5.0.1 REM Your preferred public DNS servers (e.g. Google is 8.8.8.8 and OpenDNS is 10.5.0.1) REM These are usually superior to the ones your ISP provides you with REM If you clear these values then your ISP DNS will be used SET YOUR_PUBLIC_PRIMARY_DNS=8.8.8.8 SET YOUR_PUBLIC_SECONDARY_DNS=208.67.220.220 REM Basic error check IF NOT DEFINED YOUR_VPN_PRIMARY_DNS ( ECHO WARNING ECHO ------- ECHO You have not set the YOUR_VPN_PRIMARY_DNS variable in this script ECHO. ECHO Open %~nx0 and edit the necessary line ECHO. ECHO This script CANNOT continue until you do so ECHO. ECHO Press any key to exit... PAUSE >NUL 2>NUL GOTO :EOF ) REM Finding your OpenVPN Installation IF EXIST "C:\Program Files (x86)\OpenVPN" SET OpenVPN=C:\Program Files (x86)\OpenVPN IF EXIST "C:\Program Files\OpenVPN" SET OpenVPN=C:\Program Files\OpenVPN IF NOT DEFINED OpenVPN ( ECHO Your OpenVPN installation was not found, press any key to exit... PAUSE >NUL 2>NUL GOTO :EOF ) REM Basic error check IF NOT EXIST "%OpenVPN%\config\*.ovpn" ( ECHO ****************************************************************** ECHO This script cannot continue because it could not find the .ovpn ECHO files required in: "%OpenVPN%\config" ECHO. ECHO Please copy your .ovpn files into the above directory for this ECHO script to work. ECHO ****************************************************************** PAUSE GOTO :EOF ) SET "FIREWALL_FLIP_BACKUP_FOLDER=%OpenVPN%\FIREWALL_FLIP_BACKUP" IF NOT EXIST "%FIREWALL_FLIP_BACKUP_FOLDER%" MD "%FIREWALL_FLIP_BACKUP_FOLDER%" REM Finding the network adapter used by OpenVPN FOR /F "tokens=1-3 delims='{" %%a IN ('"%OpenVPN%\bin\openvpn.exe" --show-adapters ^| findstr {') DO ( SET VPN_ADAPTER=%%a SET VPN_ADAPTER_GUID={%%c ) REM Checking config file limit FOR /F "tokens=1 delims= " %%a IN ('DIR "%OpenVPN%\config\*.ovpn" ^| findstr File^(s^)') DO ( IF %%a GTR 50 ( ECHO You have %%a config files in your OpenVPN config folder ECHO. ECHO OpenVPN only supports a maximum of 50, so you will need to delete some ECHO. ECHO This script has made no modifications to the system ECHO Press any key to exit... PAUSE >NUL 2>NUL GOTO :EOF ) ) REM Checking if any of the addresses aren't full resolved FOR %%a IN ("%OpenVPN%\config\*.ovpn") DO ( FOR /F "tokens=2-3 delims= " %%b IN ('findstr "remote " "%%a" ^| findstr \.') DO ( ECHO %%b | findstr [a-z] && SET OVPN_FORMATTED=NO ) ) IF "!OVPN_FORMATTED!" EQU "NO" ( ECHO ******************************************************************** ECHO Could not find IP addresses for some, or all, of your .ovpn file^(s^) ECHO. ECHO Would you like this script to automatically format your .ovpn files? ECHO. ECHO REQUIRES INTERNET CONNECTION ECHO ******************************************************************** CHOICE IF !ERRORLEVEL! EQU 1 ( FOR %%f IN ("%OpenVPN%\config\*.ovpn") DO ( SET "OVPN_BACKUP_FILE=%OpenVPN%\FIREWALL_FLIP_BACKUP\Backup_%%~nxf" REM Create backup of your .ovpn file IF NOT EXIST "!FIREWALL_FLIP_BACKUP_FOLDER!" MD "!FIREWALL_FLIP_BACKUP_FOLDER!" >NUL 2>NUL IF NOT EXIST "!OVPN_BACKUP_FILE!" ( COPY /Y "%%f" "!OVPN_BACKUP_FILE!" >NUL 2>NUL ) ELSE ( ECHO A backup of "%%f" already exists, do you wish to overwrite it? CHOICE IF !ERRORLEVEL! EQU 1 ( COPY /Y "%%f" "!OVPN_BACKUP_FILE!" >NUL 2>NUL ) ) REM Get your VPN server name and port FOR /F "tokens=2-3 delims= " %%a IN ('findstr "remote " "%%f" ^| findstr \.') DO ( SET VPN_SERVER_NAME=%%a SET VPN_SERVER_PORT=%%b ) ECHO !VPN_SERVER_NAME! | findstr [a-z] >NUL 2>NUL && ( REM Resolve the server name to an IP FOR /F "tokens=2 delims=[]" %%a IN ('ping -n 1 !VPN_SERVER_NAME! ^| findstr [') DO ( SET VPN_SERVER_IP=%%a ) REM Replace the VPN server name with its direct IP >"%%f" ( FOR /F "usebackq tokens=*" %%a IN ("!OVPN_BACKUP_FILE!") DO ( IF "%%a" EQU "remote !VPN_SERVER_NAME! !VPN_SERVER_PORT!" ( ECHO remote !VPN_SERVER_IP! !VPN_SERVER_PORT! ) ELSE ( ECHO %%a ) ) ) ) ) ) ELSE ( ECHO. ECHO This script has made no modifications to the system. ECHO Press any key to exit... PAUSE >NUL 2>NUL GOTO :EOF ) ) REM If you haven't set the variable YOUR_PREFERRED_OVPN this bit of code will select one at random from the OpenVPN config folder where all your .ovpn files are stored. IF DEFINED YOUR_PREFERRED_OVPN GOTO :CURRENT_STATE IF "!YOUR_PREFERRED_OVPN!" EQU "" ( FOR /F "tokens=1 delims= " %%a IN ('DIR "%OpenVPN%\config\*.ovpn" ^| findstr /C:" File(s)"') DO SET /A "rand=%RANDOM% %% %%a+1" FOR %%f IN ("%OpenVPN%\config\*.ovpn") DO ( SET /A num+=1 IF !num! EQU !rand! SET "YOUR_PREFERRED_OVPN=%%~nxf" ) ) :CURRENT_STATE REM Check what state the firewall is in (VPN ONLY or ALLOW ALL) CLS FOR /F "tokens=2 delims=," %%a IN ('netsh advfirewall show allprofiles firewallpolicy') DO SET state=%%a IF "%state%" EQU "BlockOutbound" GOTO :VPN_TO_ALL IF "%state%" EQU "Ausgehend blockieren" GOTO :VPN_TO_ALL IF "%state%" EQU "AllowOutbound" GOTO :ALL_TO_VPN IF "%state%" EQU "Ausgehend zulassen" GOTO :ALL_TO_VPN ECHO Your firewall state cannot be determined... ECHO. ECHO This script has made no modifications to the system. ECHO Press any key to exit... PAUSE >NUL 2>NUL GOTO :EOF :VPN_TO_ALL ECHO. ECHO -------------------------------------------------- ECHO ^|The firewall currently allows "ONLY VPN" traffic^| ECHO -------------------------------------------------- ECHO. ECHO Do you wish to allow "ALL" traffic? CHOICE IF !ERRORLEVEL! EQU 1 ( CLS ECHO ------------------------------------------------ ECHO Configuring your computer to allow "ALL" traffic ECHO ------------------------------------------------ ECHO. REM Firewall .wfw backup file IF NOT EXIST "%FIREWALL_FLIP_BACKUP_FOLDER%\PRE_VPN_FIREWALL_RULES_BACK.wfw" ( ECHO. ECHO. ECHO ******************************************************************************* ECHO The firewall rules backup this script made could not be found... ECHO. ECHO Something has happened to the file: ECHO "%FIREWALL_FLIP_BACKUP_FOLDER%\PRE_VPN_FIREWALL_RULES_BACK.wfw" ECHO ******************************************************************************* ECHO. ECHO Would you like to automatically reset your windows firewall to default rules? ECHO This is perfectly safe to do, but it will reset your firewall prompts. REM Reset windows firewall if rules backup not found CHOICE IF !ERRORLEVEL! EQU 1 ( netsh advfirewall reset >NUL 2>NUL ) ELSE ( ECHO. ECHO This script has made no modifications to the system. ECHO Press any key to exit... PAUSE >NUL 2>NUL GOTO :EOF ) ) REM Delete all current firewall rules netsh advfirewall firewall delete rule name=all >NUL 2>NUL ECHO All firewall rules cleared ECHO. REM Terminate OpenVPN taskkill /f /im openvpn* >NUL 2>NUL ECHO OpenVPN Terminated ECHO. REM Identify all NIC's and set their DNS ECHO. ECHO. ECHO Sanitizing and configuring your network adaptors ECHO ------------------------------------------------ ECHO. FOR /F "tokens=2 delims=, skip=2" %%a IN ('"wmic nic where PhysicalAdapter=TRUE get netconnectionid /format:csv"') DO ( SET "adapter=%%a" SET dnsprimary=!YOUR_PUBLIC_PRIMARY_DNS! SET dnssecondary=!YOUR_PUBLIC_SECONDARY_DNS! CALL :ADAPTER_CONFIG ) REM Import your backup firewall rules IF EXIST "%FIREWALL_FLIP_BACKUP_FOLDER%\PRE_VPN_FIREWALL_RULES_BACK.wfw" netsh advfirewall import "%FIREWALL_FLIP_BACKUP_FOLDER%\PRE_VPN_FIREWALL_RULES_BACK.wfw" >NUL 2>NUL REM Re-enable program firewall access request notifications netsh advfirewall set allprofiles settings inboundusernotification enable >NUL 2>NUL REM Register with the network properly ipconfig /registerdns >NUL 2>NUL netsh winsock reset >NUL 2>NUL ipconfig /renew >NUL 2>NUL REM Enable ALL traffic firewall rules netsh advfirewall set allprofiles firewallpolicy BlockInbound,AllowOutbound >NUL 2>NUL CLS ECHO ------------------------------------------- ECHO Your computer should now allow "ALL" traffic ECHO ------------------------------------------- GOTO :VERIFICATION ) ECHO. ECHO This script has made no modifications to the system. ECHO Press any key to exit... PAUSE >NUL 2>NUL GOTO :EOF :ALL_TO_VPN ECHO. ECHO -------------------------------------------------- ECHO ^|The firewall currently allows "ALL" traffic^| ECHO -------------------------------------------------- ECHO. ECHO Do you wish to allow "ONLY VPN" traffic? CHOICE IF !ERRORLEVEL! EQU 1 ( CLS ECHO ----------------------------------------------------- ECHO Configuring your computer to allow "ONLY VPN" traffic ECHO ----------------------------------------------------- ECHO. REM Creating VPN_SERVER_IP SET /P 1=Generating list of VPN server IP's... <NUL FOR /F "tokens=*" %%a IN ('DIR /b "%OpenVPN%\config\*.ovpn"') DO ( FOR /F "tokens=1-3 delims= " %%b IN ('findstr "remote " "%OpenVPN%\config\%%a" ^| findstr \.') DO ( IF DEFINED VPN_SERVER_IP ( IF %%c NEQ !lastip! SET VPN_SERVER_IP=!VPN_SERVER_IP!,%%c ) ELSE ( SET VPN_SERVER_IP=%%c ) SET lastip=%%c ) ) ECHO Done REM Backup all firewall rules SET /P 1=Backing up current firewall rules... <NUL netsh advfirewall export "%FIREWALL_FLIP_BACKUP_FOLDER%\PRE_VPN_FIREWALL_RULES_BACK.wfw" >NUL 2>NUL IF NOT EXIST "%FIREWALL_FLIP_BACKUP_FOLDER%\PRE_VPN_FIREWALL_RULES_BACK.wfw" ( ECHO ERROR ECHO. ECHO This script has made no modifications to the system. ECHO Press any key to exit... PAUSE >NUL 2>NUL GOTO :EOF ) ECHO Done REM Enable VPN traffic firewall rules SET /P 1=Configuring new firewall rules... <NUL netsh advfirewall set allprofiles firewallpolicy BlockInbound,BlockOutbound >NUL 2>NUL REM Delete all current firewall rules (filtering method used to retain file/network sharing functionality) netsh advfirewall firewall delete rule name=all >NUL 2>NUL REM FOR /F "tokens=2 delims=:" %%a IN ('netsh advfirewall firewall show rule name^=all ^| findstr /C:"Rule Name:" ^| findstr /v "@"') DO ( REM REM Trim all extra spaces REM FOR /F "tokens=* delims= " %%b IN ("%%a") DO SET "RULE_NAME=%%b" REM REM Filter out all firewall rules that aren't the microsoft local subnet ones REM FOR /F "tokens=* delims= " %%b IN ('@ECHO !RULE_NAME! ^| findstr /v /b /L "File and Printer Sharing" ^| findstr /v /b /L "Network Discovery"') DO netsh advfirewall firewall delete rule name="!RULE_NAME!" >NUL 2>NUL REM ) REM Create VPN only rules netsh advfirewall firewall add rule name="VPN_LOCALNETWORK_INBOUND" dir=in action=allow remoteip=LocalSubnet >NUL 2>NUL netsh advfirewall firewall add rule name="VPN_LOCALNETWORK_OUTBOUND" dir=out action=allow remoteip=LocalSubnet >NUL 2>NUL netsh advfirewall firewall add rule name="VPN_RESOLUTION_OUTBOUND" dir=out action=allow remoteip=!VPN_SERVER_IP! >NUL 2>NUL netsh advfirewall firewall add rule name="VPN_DHCP" dir=out action=allow program="%%SystemRoot%%\system32\svchost.exe" localip=0.0.0.0 localport=68 remoteip=255.255.255.255 remoteport=67 protocol=UDP >NUL 2>NUL REM Disable program requesting firewall access notifications (just in case you aren't connected to the VPN and you are asked by something and accidentally allow it) netsh advfirewall set allprofiles settings inboundusernotification disable >NUL 2>NUL ECHO Done REM Identify all NIC's and set their DNS to the secure VPN DNS ECHO. ECHO. ECHO Sanitizing and configuring your network adaptors ECHO ------------------------------------------------ ECHO. FOR /F "tokens=2 delims=, skip=2" %%a IN ('"wmic nic where PhysicalAdapter=TRUE get netconnectionid /format:csv"') DO ( SET "adapter=%%a" SET dnsprimary=!YOUR_VPN_PRIMARY_DNS! SET dnssecondary=!YOUR_VPN_SECONDARY_DNS! CALL :ADAPTER_CONFIG ) REM Register with the network properly ipconfig /registerdns >NUL 2>NUL netsh winsock reset >NUL 2>NUL ipconfig /renew >NUL 2>NUL CLS ECHO ------------------------------------------------ ECHO Your computer should now allow "ONLY VPN" traffic ECHO ------------------------------------------------ GOTO :VERIFICATION ) ECHO. ECHO This script has made no modifications to the system. ECHO Press any key to exit... PAUSE >NUL 2>NUL GOTO :EOF :VERIFICATION ECHO. ECHO. ECHO VERIFICATION STEPS ECHO ------------------ REM Automatic firewall verification FOR /F "tokens=2 delims=," %%a IN ('netsh advfirewall show allprofiles firewallpolicy') DO IF "%%a" EQU "%state%" ( ECHO Your firewall state did not successfully switch over, do you want to run this script again? CHOICE IF !ERRORLEVEL! EQU 1 ( GOTO :CURRENT_STATE ) ELSE ( GOTO :EOF ) ) ECHO Firewall - passed automatic verification REM Automatic DNS verification netsh interface ipv4 show dns | findstr \. | findstr !dnsprimary! >NUL 2>NUL || GOTO :VERIFICATION_FAILURE IF DEFINED dnssecondary netsh interface ipv4 show dns | findstr \. | findstr !dnssecondary! >NUL 2>NUL || GOTO :VERIFICATION_FAILURE ECHO DNS - passed automatic verification ECHO ------------------ ECHO. IF !dnsprimary! EQU !YOUR_VPN_PRIMARY_DNS! ( SET ovpnlog=!YOUR_PREFERRED_OVPN:ovpn=log! taskkill /f /im openvpn* >NUL 2>NUL DEL /F /Q "%OpenVPN%\log\!ovpnlog!" >NUL 2>NUL ECHO. SET /P 1=Connecting to your VPN and waiting for IP to be assigned: <NUL START "" "%OpenVPN%\bin\openvpn-gui.exe" --connect !YOUR_PREFERRED_OVPN! >NUL 2>NUL :VPN_IP_LOOP findstr "CONNECTED,SUCCESS" "%OpenVPN%\log\!ovpnlog!" >NUL 2>NUL || GOTO :VPN_IP_LOOP FOR /F "tokens=4 delims=," %%a IN ('findstr "CONNECTED,SUCCESS" "%OpenVPN%\log\!ovpnlog!"') DO ( SET VPN_ASSIGNED_IP=%%a ) ECHO !VPN_ASSIGNED_IP! ECHO. SET /P 1=Granting your assigned VPN IP access to the internet... <NUL FOR /F "tokens=2-4 delims=,." %%a IN ('wmic nicconfig get DHCPServer^,SettingID /format:csv ^| findstr "!VPN_ADAPTER_GUID!"') DO ( SET VPN_IP_POOL_RANGE=%%a.%%b.0.0-%%a.%%b.255.254 ) netsh advfirewall firewall add rule name="VPN_INTERNET_OUTBOUND" dir=out action=allow localip=!VPN_IP_POOL_RANGE! >NUL 2>NUL ECHO Done ECHO. ECHO. ECHO ------------------------------------------------------------------- ECHO ^|Visit www.ipleak.net to verify that you are connected to your VPN^| ECHO ------------------------------------------------------------------- ECHO. PAUSE GOTO :EOF ) ELSE ( PAUSE ) GOTO :EOF :VERIFICATION_FAILURE ECHO There was an error setting your DNS, press any key to see your current DNS servers... PAUSE >NUL 2>NUL netsh interface ipv4 show dns ECHO ------------------------------------------------------------ ECHO The DNS listed should be: !dnsprimary! -OR- !dnssecondary! ECHO ------------------------------------------------------------ ECHO. ECHO IF THE DNS SERVERS DO NOT MATCH WHAT THEY SHOULD BE, CHANGE THEM MANUALLY ECHO IF YOU DON'T DO THIS: ECHO --------------------- ECHO YOUR VPN CONNECTION WILL NOT BE SECURE ECHO -AND/OR- ECHO YOUR REGULAR INTERNET MODE WILL NOT WORK ECHO. PAUSE GOTO :EOF :ADAPTER_CONFIG REM This section resets and configures your network adapters as necessary SET /P 1=­apter%... <NUL ipconfig /release >NUL 2>NUL ipconfig /flushdns >NUL 2>NUL netsh interface ipv4 set dns "­apter%" static %dnsprimary% primary validate=no >NUL 2>NUL IF DEFINED dnssecondary netsh interface ipv4 add dns "­apter%" !dnssecondary! index=2 validate=no >NUL 2>NUL ECHO DoneSTEP 4Now you just double click the .bat file whenever you want to switch between VPN secure or normal internet mode. If double-clicking doesn't start the script you can right click it and select 'open'. SPECIAL NOTES -This script creates a backup of your original .ovpn files under the folder FIREWALL_FLIP_BACKUP in your OpenVPN Installation directory. This script resolves the IP's of the hostnames in the VPN files so if you feel there is something wrong with this script you can still just go back to your originals. -The changes made by this script are permanent, until you run it again. This means that reboots or any sort of system hiccup will not affect it. WARNING If you start fiddling with your network adapters or windows firewall yourself you will most likely compromise what this script has set out to do. Only do so if you know what you're doing.

Install from Google Play Store OpenVPN Connect, the official OpenVPN client for Android developed by OpenVPN Technologies, Inc. Launch your internet browser. NOTE: don't use the default Android browser because it has an unresolved bug. Chrome and Opera have been tested by us and work. Log in the AirVPN website and create the configuration files from our Config Generator. Choose Linux as platform (only direct TCP and UDP connections are supported) and finally click then "Generate" button to download it. Downloaded .ovpn files may be imported directly into the application but the behavior depends on many factors (employed browser, files manager, Android version, etc). For simplicity's sake, we assume in this guide that you saved .ovpn generated files under the Download's directory in the Android filesystem. Launch OpenVPN Connect and click on the top right menu button: Click on the "Import" button: Click on "Import Profile from SD card": Browse your *.ovpn files: Select your configuration of choice: Confirm the import by clicking the "Select" button: Click on the "Connect" button to connect: Confirm Android security prompt dialog: Wait for the connection's bootstrap process: The VPN tunnel is now established: When you need to disconnect from the VPN click on the "Disconnect" button: