Jump to content
Not connected, Your IP: 18.204.48.69

Leaderboard


Popular Content

Showing content with the highest reputation since 07/02/21 in Posts

  1. 4 points
    Staff

    ANSWERED CBS Broadcasting Inc. (CBS)

    Website: http://www.cbs.com Watch CBS television online. Find CBS primetime, daytime, late night, and classic tv episodes, videos, and information. Status: OK Native: no servers Routing: all servers Updated: 03-Aug-18
  2. 2 points
    Stalinium

    Happy AirVPN power user

    I don't know what to write about... Everything's fine and I love AirVPN. Sounds cheesy but it is what it is. I've been using AirVPN for half a year. Many servers to choose from, very transparent from the user's point of view - something I value. Transparency about server status and an API (admittedly I haven't used it much). From reading the forums I grasped that AirVPN has very strict (legal) criteria for choosing server locations (countries), an approach that is unique across all providers I've seen so far. Yea placing servers in China wouldn't be the best idea or many other more "democratic" as a matter of fact which were ruled out. The config generator is awesome if you're not using their open source client Eddie (bonus points again!) - plenty of flexibility. Configs? Afaik there're some providers out there who still have user/password prompt on each connection, laughable. AirVPN not only properly makes use of certificates (that's how the server knows you are you without asking for credentials) and on top of that allows you to properly distribute different access keys across your devices (in case of theft etc). Lost a device? Revoke access to that single one and done! Port-forwarding support ALONG WITH Dynamic DNS is unparalleled. Sure an advanced user probably could create an ad-hoc DDNS solution for themself, but offering it along the VPN is ingenius. The servers are very stable, the stats currently show a user has been connected since January. I've read comments where other VPNs often force reconnects etc, that just sounds wild to me. Before AirVPN I've been on a private VPN server with 24/7 uptime and that's the quality of service I got used to and wouldn't want to downgrade from (looking at those other VPN providers) The AirVPN forums are a great source of information. The staff cannot be commended enough for responding to concerns and generally being here for discussion. @OpenSourcerer is a damn community hero, this place is unimaginable without him! I myself have contributed in one form or another and will continue to. As a side note to forums: AirVPN appears to have customized the forum software for privacy. I can't assess how far it goes (hopefully "enough"), and it's a far better choice than those completely relying on Reddit - undoubtedly a useful puppet of/for the certain government. The only problem I've had was with initial payment. I bought the 1 month plan and found no clear indications it was still active (because it is a PayPal recurring payment), so before the month expired I bought the 1 year plan. I was quite surprised to see a few days later my access days to have been extended by +31d - the automatic Paypal payment kicked in and I paid a single month extra. Though I like the service so much I decided not to bother with a refund (consider it a donation hehe). You need to login in Paypal to cancel those, I wish this was made clear/er. What's unclear to me was whether/how much info is retained on payment after all the transactions... but to grossly paraphrase an official response: use crypto. Just make sure your mug shot (photo) isn't connected to the coin wallet Roses are red, AirVPN's great.
  3. 2 points
    Clodo

    Eddie Desktop 2.21 beta released

    After the testing, our Config Generator will be able to create WireGuard .conf file, usable without Eddie (wg / wg-quick or any official WireGuard app).
  4. 2 points
    Use entry 3 ip address of servers which supports tls-crypt and choose udp proto along with chacha20-poly1305 cipher on arm devices (like phones) or aes-gcm on processors support aes-ni instructions. (Intel, AMD, ...) for a good mixture of speed & security. About video streaming services, unfortunately, AirVPN doesn't cover them. (Some of them may work. you should try urself)
  5. 1 point
    Try not to kill the bird again.
  6. 1 point
    Hello! We're very glad to inform you that a new Eddie Air client version has been released: 2.21 beta. It is ready for public beta testing. How to test our experimental release: Go to download page of your OS Click on Other versions Click on Experimental Look at the changelog if you wish Download and install Please see the changelog: https://eddie.website/changelog/?software=client&format=html This version contains an almost completely rewritten code for routes management, DNS and more, so please report any difference from the latest stable release 2.20. This version implements WireGuard support. AirVPN servers will offer it, during an opt-in beta-testing phase, within September. WireGuard support is expected to work out-of-the-box (no need to install anything else but Eddie) in Windows and macOS. In Linux it works if kernel supports it (WG support by kernel is required). PLEASE CONSIDER THIS AS A BETA VERSION. Don't use it for real connections it's only for those who want to collaborate to the project as beta-testers.
  7. 1 point
    The choice of distribution is often a personal or even ideological one, but do know that the Arch family is generally aimed at either sophisticated Linux users or people who like digging deep into documentation. Still, welcome to the Linux world! Every soul switching from Windows is a win for everyone. We're glad to have you. Having that written, I don't know if Manjaro changes it, but Arch's default NetworkManager connectivity check fetches ping.archlinux.org. You could consider changing this by creating/editing /etc/NetworkManager/conf.d/20-connectivity.conf with the contents from the wiki. Could also use an URL or yours and check for certain content, but that's up to you.
  8. 1 point
    Thanks for the responses. Elevation Service was already set to Automatic start; it just always exited immediately. OpenSourcerer guided my thinking to a related solution. I completely uninstalled Eddie using Revo, which also removed all related Registry entries, then reinstalled it. Everything's working again.
  9. 1 point
    WireGuard support is welcomed, but how will the privacy issues of the WG server daemon be handled, namely, the static assignment of internal IP addresses? Will AirVPN use a dynamic WG https://git.zx2c4.com/wg-dynamic/about/docs/idea.md? If not, how is AirVPN able to offer similar level of privacy for customers using WireGuard as for those using OpenVPN? How about obfuscation of WireGuard packets? Are you planning to include a self-made patch to hide the usage of WireGuard or do you trust to SSH and TLS tunneling?
  10. 1 point
    Air4141841

    Best settings for speed and security?

    fully agreed on my netgate hardware
  11. 1 point
    Stalinium

    Happy AirVPN power user

    Wow thanks on the DDNS correction. Sneaky trademarks. I find having reddit as an alternative (even if it were as often used as the forums) is OK. But some solely rely on reddit that I find no bueno despite being a somewhat active user. I've seen one. You aren't a smooth looking crim... professional to use official language to guard yourself off any possible criticism. As far as moderation goes: as long as you can accept mistakes and learn from them moving forward, it's fine.
  12. 1 point
    Clodo

    Eddie Desktop 2.21 beta released

    Thanks. Probably Eddie UI start BEFORE the service, and try to relaunch. I'm investigating this issue, i hope a fix in the next release in few days. Thanks again.
  13. 1 point
    puff-m-d

    Eddie Desktop 2.21 beta released

    Hello @Clodo, Confirmed, "Don't ask elevation every run" is checked. Yes. No, an UAC prompt does not appear. The strange thing is that I only get an UAC prompt from Windows on boot if I have Eddie set to "Start with System". Any manual start of Eddie never produces an UAC prompt... I hope that this helps...
  14. 1 point
    Suggestion: Implement a system where all warnings, errors and messages that say "contact eddie staff" are logged separately. These might be considered "fatal" or "critical" errors (along with 'warnings'). It may also be worth considering an OPT-IN telemetry system, where I can review the data being sent and click a button to send that to AirVPN automatically. I think there's a lot of room to capture errors you're not hearing about to improve eddie stability. Not everyone is going to come onto a forum, register an account, provide detailed logs and engage with the devs, this software should be smart enough to present issues to the user (which it does) and get that to the devs in an error report (with OS version etc) My crashing error for example would really benefit.
  15. 1 point
    Hello to Clodo and the team. Thanks for new beta release, I have bug reports that are present even on 2.20.0 (stable). I put them in a list and have logs where relevant. I can expand further if required. OS: Windows 10 (various versions, tested on a few different devices). 1: Sometimes, on cold boot, eddie hangs with a message "waiting for deamon". When this happens I can observe via task manager "openvpn.exe" is already running, I kill this process and eddie kicks into life. There is an apparent race condition where openvpn.exe starts before eddie. 2: Eddie is leaking network traffic on boot - even though it is selected to run as a service it sometimes asks during a UAC pop-up to allow eddie to be launched (similar to a bug described above). At times, even when the pop-up does not appear (it's temperamental), I can open firefox, go to whatsmyip and it'll show my real IP. Eddie needs to work without leaking my real IP for not even 1MS - I never want my real IP leaked, and before eddie starts there are a few seconds where it can, please patch this so there is no connectivity before eddie starts. 3: When I resume from hibernate (cold boot, after several hours) I *always* get errors from Eddie that results in a crash of the entire application. I'll report the exact error next time I see it. Here are some other errors I noticed, with their relevant log entries: 1 E - Fatal error occured, please contact Eddie support: Routes, remove 0.0.0.0/1 for interface "Local Area Connection (Wintun Userspace Tunnel #2)" failed: Exception: exit:1; out:Element not found. - at Eddie.Core.Platform.Route(Json jRoute, String action) 2 Fatal error occured, please contact Eddie support: Windows WFP, unexpected: Rule 'ipv6_block_all' already exists - at Eddie.Platform.Windows.Wfp.AddItem(String code, XmlElement xml) [The above error is repeated several times] 3 W - Windows WFP, unexpected: Rule 'dns_block_all' already exists Kind regards.
  16. 1 point
    Clodo

    Eddie Desktop 2.21 beta released

    You need to keep "Use Hummingbir d" for now, making HB the default may occur in future release.
  17. 1 point
    puff-m-d

    Eddie Desktop 2.21 beta released

    Hello, I am having one issue with this new beta version. When I boot my system (with Eddie set to start with system), I now get an UAC prompt from Windows for Eddie-UI.exe that I must confirm. I have not seen this since the Eddie-Service-Elevated.exe was added to the Eddie package and Eddie-UI.exe was rewritten several versions back. I did a complete removal of Eddie (including profile and tunnel drivers), then did a fresh install leaving all settings at default. I still get an UAC prompt for Eddie-UI.exe from Windows at boot that must be confirmed. This seems to be a bug but of course there is always the possibility that I may be doing something wrong. Windows 10 Pro 64-bit Version 21H1 (OS Build 19043.1110)
  18. 1 point
    boblinthewild

    Eddie Desktop 2.21 beta released

    2.21 beta working perfectly on Windows 11 22000.100.
  19. 1 point
    d3adf1sh

    Strange Connection Problem?.

    not sure about the wintun thing, i know it's suppose to be faster, but i'm using regular "tap" adapter and i get same speed with or without vpn just with higher latency, but i'm also only on a 180Mb connection... but if you are having issues but as far as the speed goes there's a sticky on page one i was just reading a few min ago and it was looking like there could be some isp's that are throttling vpn traffic sometimes? but there was a fix in that thread that seemed to help a few people out. Look on the first page of the troubleshooting section for a stickied entry titled " Every VPN is slow for me, despite the well-reviewed VPNs I'm trying. Is it possible my ISP is causing this? ... " also like you, i'm on win 10, and every once in a while i'll get that same thing with a "no internet" symbol in the task bar, but internet still works. but mine is usually when bringing the computer out of standby, don't think i've ever had it happen when disconnecting from air, but i'm also not using wintun, not sure if that's anything to do with it, but i do know it's a lot newer tech. but just like you if i restart it goes back to normal operation so its prob a windows bug and not an "air" problem. because i've seen it happen randomly on other pc's too that aren't running vpn. edit: just found this link in another thread talking about how to fix the "no internet" bug on win 10, if this doesn't help check out the thread on it here in troubleshooting. https://www.windowslatest.com/2020/07/18/windows-10-no-internet-connection-problem/
  20. 1 point
    When I noticed that Debian moved Bullseye to "Full Freeze" I decided its close enough to stable for me. I upgraded 3 systems to Bullseye and so far its running the best of any Debian I've ever run. Been with Debian for a long time so that is a statement with merit for them on this version. Still have my critical priority OS's running Buster while I "test drive" Bullseye on non-critical work for about another week. By the way Eddie is running fine on Bullseye and with full NFT on my end. Of course this resolved the chacha20 issue and now both channels are using it well! Thank you for the link on the channel differences question. That read helped me alot.
  21. 1 point
    frisbee

    Eddie Will Not Turn Off

    For anyone still experiencing the issue that Eddie freezes/is unresponsive, a workaround is to NOT minimize Eddie. It seems to crash only when minimized. The Airvpn support team has been advised and should investigate further.
  22. 1 point
    Staff

    Ain, Sweden server overloaded?

    @Stalinium Hello! We might have underrated the non-linear growth of load over clients amount, which is very difficult to compute in advance because it depends not only on bandwidth required by a client, but (also) on an unknown variable, that is the amount of half.-connections established by single clients, which varies enormously over time and by single clients (different usages). We are fine tuning and resolve the issue if necessary, thank you for the head up. Kind regards
  23. 1 point
    monstrocity

    Eddie+Hummingbird DNS Warning

    You can ignore them. You'll still be able to connect to AirVPN servers and have a secure tunnel.
  24. 1 point
    Whatever quirks and treats you pulled out of your sleeve ... it's working now just as slick and quick as always experienced. Thank you for solving this (at least for me that is).
  25. 1 point
    You have not been able to gift a game across regions on Steam for years. The only way to save on regional pricing is by moving your account to that country and using a payment method located in said country. AirVPN is blacklisted on Steam. There are some parts on Steam you can access if you already have an account. But for example, if you are using AirVPN and try and access the Community, it will not connect. The same is true for NordVPN. There are other VPN providers that this is not an issue.
  26. 1 point
    Jack_Soft

    DoubleVPN - Take down

    Perhaps there was part of the story that got skipped over? Correct me if I am wrong, but did they really make all this fanfare with media/press releases and not make a single arrest? Color me unimpressed if that is all they can muster from exhausting all of the aforementioned resources. =/
  27. 1 point
    blueport26

    TrustPilot

    @OpenSourcerer Personally, I think Nord has a lot reviews because they send and email after each purchase asking for them. As Nord is heavily marketed they probably rotate a lot of users - that's why they have so many reviews. There are no many users who would willingly write a positive review by themselves.
  28. 1 point
    f.rollo

    TrustPilot

    Hey, my 2 cents. Trutpilot seems a reputable website for reviews,. Incredibly, in the VPN busines gems like Mullvad and AirVPN have less than 40 reviews, while big bluffs have hundreds or thousands. Why don't we, as a community, write more reviews about truly serious VPN services in Trustpilot? I already did for Air! What do you think?
  29. 1 point
    daleus

    Using AirVPN on OPNsense

    Hi, 1. Open the .ovpn file in notepad or something and copy everything from resolv-retry infinite down to the bottom. Go to vpn -> openvpn -> clients and select your openvpn instance Set it to SSL/TLS/UDP4 (I haven't tested with anything except UDP4) Insert a hostname / port Go to Advanced Box & Paste, click save and connection should come up under vpn->openvpn->connection status
  30. 1 point
    You've set an explicit interface to connect with in Preferences > Networking > Interface used to connect. This is the source of the error message. Consider resetting it to default Automatic.
  31. 1 point
    Also post/upload the Goldcrest log output, please.
  32. 1 point
    Hotty Capy

    Linux: AirVPN Suite 1.1.0 released

    @Staff Hi! Thanks for the detailed explanation! It looks like timing is perfect: Bluetit service starts at the same second as Network-Online becomes active and connecting to AirVPN server takes only 2 seconds. This time I had my real IP address along with the ability to visit absolutely any website through the browser within a minute and a half from the moment I entered the user's password and the desktop appeared (yes, I counted it using a stopwatch 😀). I can access the Internet directly through the provider (without VPN connection yet) immediately at the moment the desktop appears (at the same moment any website is successfully loaded in my browser). It looks like network-online.target is a little late on average from a minute to two: while the real Internet access is already available, the service is still inactive for a short period of time. Here are the results of the commands: [hotcapy@hotcapy-desktop ~]$ sudo systemctl status network-online.target [sudo] password for hotcapy: ● network-online.target - Network is Online Loaded: loaded (/usr/lib/systemd/system/network-online.target; static) Active: active since Thu 2021-07-08 16:44:58 +07; 29s ago Docs: man:systemd.special(7) https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget июл 08 16:44:58 hotcapy-desktop systemd[1]: Reached target Network is Online. [hotcapy@hotcapy-desktop ~]$ sudo journalctl | grep bluetit июл 08 16:44:58 hotcapy-desktop bluetit[4049]: Starting Bluetit - AirVPN OpenVPN 3 Service 1.1.0 - 4 June 2021 июл 08 16:44:58 hotcapy-desktop bluetit[4049]: OpenVPN core 3.7 AirVPN linux x86_64 64-bit июл 08 16:44:58 hotcapy-desktop bluetit[4049]: Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved. июл 08 16:44:58 hotcapy-desktop bluetit[4051]: Bluetit daemon started with PID 4051 июл 08 16:44:58 hotcapy-desktop bluetit[4051]: External network is reachable via gateway 10.21.10.88 through interface enp37s0 июл 08 16:44:58 hotcapy-desktop systemd[1]: bluetit.service: Supervising process 4051 which is not our child. We'll most likely not notice when it exits. июл 08 16:44:58 hotcapy-desktop audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=bluetit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' июл 08 16:44:58 hotcapy-desktop bluetit[4051]: Successfully connected to D-Bus июл 08 16:44:58 hotcapy-desktop bluetit[4051]: Reading run control directives from file /etc/airvpn/bluetit.rc июл 08 16:44:58 hotcapy-desktop bluetit[4051]: IPv6 is available in this system июл 08 16:44:58 hotcapy-desktop bluetit[4051]: System country set to R2 by Bluetit policy. июл 08 16:44:58 hotcapy-desktop bluetit[4051]: WARNING: networklockpersist directive found in /etc/airvpn/bluetit.rc. networklock directive is ignored. июл 08 16:44:58 hotcapy-desktop bluetit[4051]: Bluetit successfully initialized and ready июл 08 16:44:58 hotcapy-desktop kernel: audit: type=1130 audit(1625737498.647:91): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=bluetit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' июл 08 16:44:58 hotcapy-desktop bluetit[4051]: Enabling persistent network filter and lock июл 08 16:44:58 hotcapy-desktop bluetit[4051]: Network filter and lock are using nftables июл 08 16:44:58 hotcapy-desktop bluetit[4051]: Successfully loaded kernel module nf_tables июл 08 16:44:58 hotcapy-desktop bluetit[4051]: Network filter successfully initialized июл 08 16:44:58 hotcapy-desktop bluetit[4051]: Persistent network filter and lock successfully enabled июл 08 16:44:58 hotcapy-desktop bluetit[4051]: Starting AirVPN boot connection июл 08 16:44:58 hotcapy-desktop bluetit[4051]: AirVPN Manifest updater thread started июл 08 16:44:58 hotcapy-desktop bluetit[4051]: AirVPN Manifest update interval is 15 minutes июл 08 16:44:58 hotcapy-desktop bluetit[4051]: AirVPN Manifest update suspended: AirVPN boot connection initialization in progress июл 08 16:44:58 hotcapy-desktop bluetit[4051]: Persistent Network Lock and Filter is enabled июл 08 16:44:58 hotcapy-desktop bluetit[4051]: Updating AirVPN Manifest июл 08 16:44:58 hotcapy-desktop bluetit[4051]: AirVPN bootstrap servers are now allowed to pass through the network filter июл 08 16:44:58 hotcapy-desktop bluetit[4051]: Waiting for a valid AirVPN Manifest to be available июл 08 16:44:59 hotcapy-desktop bluetit[4051]: AirVPN Manifest successfully retrieved from server июл 08 16:44:59 hotcapy-desktop bluetit[4051]: Logging in AirVPN user Hotty Capy июл 08 16:45:00 hotcapy-desktop bluetit[4051]: AirVPN user Hotty Capy successfully logged in июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Selected user key: Desktop июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Starting connection to AirVPN server Xuange, Zurich (Switzerland) июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Starting VPN Connection июл 08 16:45:00 hotcapy-desktop bluetit[4051]: OpenVPN3 client successfully created and initialized. июл 08 16:45:00 hotcapy-desktop bluetit[4051]: TUN persistence is enabled by Bluetit policy июл 08 16:45:00 hotcapy-desktop bluetit[4051]: TUN persistence is enabled. июл 08 16:45:00 hotcapy-desktop bluetit[4051]: TCP queue limit set to 8192 by Bluetit policy июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Negotiable Crypto Parameters (NCP) is enabled by Bluetit policy июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Connection timeout set to 0 by Bluetit policy июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Compression mode set to 'no' by Bluetit policy июл 08 16:45:00 hotcapy-desktop bluetit[4051]: TLS minumum version set to 'tls_1_2' by Bluetit policy июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Proxy HTTP basic auth isdisabled by Bluetit policy июл 08 16:45:00 hotcapy-desktop bluetit[4051]: CIPHER OVERRIDE: AES-256-GCM июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Successfully set OpenVPN3 client configuration июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Network lock set to 'nftables' by Bluetit policy июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Ignore DNS push is disabled by Bluetit policy июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Starting OpenVPN3 connection thread июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Connection statistics updater thread started июл 08 16:45:00 hotcapy-desktop bluetit[4051]: OpenVPN core 3.7 AirVPN linux x86_64 64-bit июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Frame=512/2048/512 mssfix-ctrl=1250 июл 08 16:45:00 hotcapy-desktop bluetit[4051]: UNUSED OPTIONS июл 08 16:45:00 hotcapy-desktop bluetit[4051]: EVENT: RESOLVE июл 08 16:45:00 hotcapy-desktop bluetit[4051]: WARNING: NetworkManager is running on this system and may interfere with DNS management and cause DNS leaks июл 08 16:45:00 hotcapy-desktop bluetit[4051]: WARNING: systemd-resolved is running on this system and may interfere with DNS management and cause DNS leaks июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Local IPv4 address 10.21.10.1 июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Local IPv6 address fe80::2d8:61ff:fe19:ea0a июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Local interface enp37s0 июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Setting up network filter and lock июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Allowing system DNS 1.1.1.1 to pass through the network filter июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Allowing system DNS 1.0.0.1 to pass through the network filter июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Adding IPv4 server 79.142.69.162 to network filter июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Network filter and lock successfully activated июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Contacting 79.142.69.162:443 via UDP июл 08 16:45:00 hotcapy-desktop bluetit[4051]: EVENT: WAIT июл 08 16:45:00 hotcapy-desktop bluetit[4051]: net_route_best_gw query IPv4: 79.142.69.162/32 июл 08 16:45:00 hotcapy-desktop bluetit[4051]: sitnl_route_best_gw result: via 10.21.10.88 dev enp37s0 июл 08 16:45:00 hotcapy-desktop bluetit[4051]: net_route_add: 79.142.69.162/32 via 10.21.10.88 dev enp37s0 table 0 metric 0 июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Connecting to [79.142.69.162]:443 (79.142.69.162) via UDPv4 июл 08 16:45:00 hotcapy-desktop bluetit[4051]: EVENT: CONNECTING июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Tunnel Options:V4,dev-type tun,link-mtu 1522,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Peer Info: июл 08 16:45:00 hotcapy-desktop bluetit[4051]: VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org CA/emailAddress=info@airvpn.org, signature: RSA-SHA1 июл 08 16:45:00 hotcapy-desktop bluetit[4051]: VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=Xuange/emailAddress=info@airvpn.org, signature: RSA-SHA512 июл 08 16:45:00 hotcapy-desktop bluetit[4051]: SSL Handshake: peer certificate: CN=Xuange, 4096 bit RSA, cipher: TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Session is ACTIVE июл 08 16:45:00 hotcapy-desktop bluetit[4051]: EVENT: WARN TLS: received certificate signed with SHA1. Please inform your admin to upgrade to a stronger algorithm. Support for SHA1 signatures will be dropped in the future июл 08 16:45:00 hotcapy-desktop bluetit[4051]: EVENT: GET_CONFIG июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Sending PUSH_REQUEST to server... июл 08 16:45:00 hotcapy-desktop bluetit[4051]: OPTIONS: июл 08 16:45:00 hotcapy-desktop bluetit[4051]: PROTOCOL OPTIONS: июл 08 16:45:00 hotcapy-desktop bluetit[4051]: EVENT: ASSIGN_IP июл 08 16:45:00 hotcapy-desktop bluetit[4051]: VPN Server has pushed IPv4 DNS server 10.10.6.1 июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Setting pushed IPv4 DNS server 10.10.6.1 in resolv.conf июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Setting pushed IPv4 DNS server 10.10.6.1 for interface enp37s0 via systemd-resolved июл 08 16:45:00 hotcapy-desktop bluetit[4051]: net_iface_mtu_set: mtu 1500 for tun0 июл 08 16:45:00 hotcapy-desktop bluetit[4051]: net_iface_up: set tun0 up июл 08 16:45:00 hotcapy-desktop bluetit[4051]: net_addr_add: 10.10.6.199/24 brd 10.10.6.255 dev tun0 июл 08 16:45:00 hotcapy-desktop bluetit[4051]: net_route_add: 0.0.0.0/1 via 10.10.6.1 dev tun0 table 0 metric 0 июл 08 16:45:00 hotcapy-desktop bluetit[4051]: net_route_add: 128.0.0.0/1 via 10.10.6.1 dev tun0 table 0 metric 0 июл 08 16:45:00 hotcapy-desktop bluetit[4051]: TunPersist: saving tun context: июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Connected via tun июл 08 16:45:00 hotcapy-desktop bluetit[4051]: LZO-ASYM init swap=0 asym=1 июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Comp-stub init swap=0 июл 08 16:45:00 hotcapy-desktop bluetit[4051]: EVENT: CONNECTED 79.142.69.162:443 (79.142.69.162) via /UDPv4 on tun/10.10.6.199/ gw=[10.10.6.1/] июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Connected to AirVPN server Xuange, Zurich (Switzerland) июл 08 16:45:00 hotcapy-desktop bluetit[4051]: Server has pushed its own DNS. Removing system DNS from network filter. июл 08 16:45:01 hotcapy-desktop bluetit[4051]: System DNS 1.1.1.1 is now rejected by the network filter июл 08 16:45:01 hotcapy-desktop bluetit[4051]: System DNS 1.0.0.1 is now rejected by the network filter So the problem is definitely in my system, not in Bluetit service. Edit: yes, here is the command output obtained right after turning on the computer and successfully accessing the AirVPN website (before Bluetit service started): [hotcapy@hotcapy-desktop ~]$ sudo systemctl status network-online.target [sudo] password for hotcapy: ○ network-online.target - Network is Online Loaded: loaded (/usr/lib/systemd/system/network-online.target; static) Active: inactive (dead) Docs: man:systemd.special(7) https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget
  33. 1 point
    Staff

    tls-crypt on DD-WRT: got it working!

    @YLwpLUbcf77U Hello! It's not something DD-WRT specific, it's an OpenVPN working mode. TLS mode is essential to use all the OpenVPN security features, including PFS. We only operate OpenVPN in TLS mode. When OpenVPN works in TLS mode, TLS Crypt encrypts the whole Control Channel from the very beginning, while TLS Auth does not. Therefore TLS Crypt hides to DPI OpenVPN protocol fingerprint and it's much harder blocking OpenVPN in TLS Crypt mode than blocking OpenVPN in TLS Auth mode. TLS Crypt and TLS Auth are mutually incompatible, and each OpenVPN daemon working as server can only work with TLS Auth or TLS Crypt. That's why we offer different IP addresses for TLS Crypt and TLS Auth modes: Also note that TLS Auth and TLS Crypt keys are different. A more elaborated and precise description can be found here (1st answer): https://serverfault.com/questions/929484/openvpn-2-4-security-differences-between-tls-crypt-and-tls-auth Kind regards
  34. 1 point
    found the problem, /etc/resolv.conf had the router in first line.. thanks for pointing in the right direction
  35. 1 point
    OpenSourcerer

    Eddie disconnected, no internet

    It's not internet that's missing, it's probably just the DNS servers not being resetted, suggesting quite an ancient bug of Eddie. Try upgrading Eddie first.
  36. 1 point
    Kenwell

    DoubleVPN - Take down

    Hi. To give you a bit more inside of this story i stumbled upon this dutch police website. Its in Dutch so google just translated the Police website: https://www.politie.nl/nieuws/2021/juni/30/klap-voor-communicatie-criminelen-doublevpn-uit-de-lucht.html A hit for communication criminals: DoubleVPN off the air A large-scale international action by the police and the judiciary has dealt another blow to communication between criminals. DoubleVPN has been taken off the air. This company provided VPN services (Virtual Private Network); secure and shielded internet connections that provided a safe haven for cybercriminals to attack their victims. In many European countries, including the Netherlands and Germany, as well as in the United States and Canada, DoubleVPN servers were seized yesterday and the infrastructure was shut down. The DoubleVPN websites now show a splash page from the police and the judiciary: cybercrime facilitators are not anonymous. The large, international investigation into DoubleVPN was led by the National Unit of the Dutch police, under the authority of the National Public Prosecutor's Office. Within this investigation, Team High Tech Crime (THTC) of the National Unit, National Criminal Investigation Service, worked together with foreign partners in the fight against (inter)national serious crime. Important partners from the very beginning were Germany, the United States, the United Kingdom and Canada. Later on, Italy, Bulgaria, Sweden and Switzerland also joined. Europol and Eurojust played an important coordinating role during the investigation. Hacking Authority In this investigation, the Dutch police and the Public Prosecution Service have used their hacking powers to penetrate DoubleVPN's infrastructure. In the Netherlands, the police and the judiciary are legally authorized to enter computers secretly and remotely for the purpose of investigating serious crimes. The Digital Intrusion Team (DIGIT) of the National Unit, Specialist Operations Service, is the only team that has this authority. The team consists of employees of the (regional) police units, the Royal Netherlands Marechaussee and the Fiscal Intelligence and Investigation Service. Ransomware and Phishing DoubleVPN was a small VPN provider, but very important to cybercriminals. It has been discussed a lot on various forums. The service also advertised itself on these forums; especially on Russian- and English-language underground cybercriminal forums. DoubleVPN was used by ransomware spreaders and phishing fraudsters, among others. The service offered customers maximum anonymity by offering not only single, but also double, triple and even quad VPN connections. The cheapest VPN connection cost €22 per month. Money laundering and participation in a criminal organization DoubleVPN is suspected of being a criminal organization. The company is also suspected of money laundering and complicity in or involvement in the crimes committed by its customers using DoubleVPN's services. Think of hacking, selling and/or spreading malware, such as ransomware and selling the data that DoubleVPN's customers received by hacking. Global joining of forces “Criminal facilitators like DoubleVPN have a global reach. Their servers are located in almost all countries. Combating these types of criminals can therefore only be successful if we join forces internationally and make use of each other's knowledge, skills and networks. The National Unit continuously plays an important role in this type of international investigation because of its specializations in the field of cyber, intelligence and tactics," said Andy Kraag, head of the National Investigation Service of the National Unit. “This research shows once again that cybercrime facilitators are not untouchable.” No safe harbor “The people behind DoubleVPN think they can remain anonymous when facilitating large-scale cybercrime operations, but they are certainly not,” said public prosecutor Wieteke Koorn. “By taking legal action and breaking into their infrastructure digitally, we make one thing very clear: there is no safe harbor for these types of criminals. These criminal acts harm the digitized society. They affect the trust of citizens and companies in digital technology. For that reason, we have to stop their behavior.” What is a Virtual Private Network? A VPN service encrypts internet traffic from the user's IP address to the VPN service. To the outside world, this means that the internet traffic does not seem to come from the user, but from the IP address of the VPN service. The IP address of the user is thus protected. In this way, an ISP or a network administrator does not know which websites a user is visiting. A secure VPN internet connection is legal. Individuals and companies use it because they want to communicate confidentially with each other. Abuse of VPN internet connections for criminal activities is of course punishable by law.
  37. 1 point
    @flat4 Hello! The agreements between intelligence offices to exchange information more liberally are irrelevant for our purposes, due to the nature of our service. They do not make the situation worse. You have absolutely no additional protection from traffic monitoring by intelligence agencies according to the location of the server, as Snowden documents show. If the adversary has such vast powers, our service is insufficient by itself alone in any case and in any country, and the only level of defense (which may be very effective!) is enforcing what we call "partition of trust". https://airvpn.org/forums/topic/54-using-airvpn-over-tor/?tab=comments#comment-1745 Provided that the target device is not compromised. of course... any attacker with vast power and precise targets will save time and efforts by simply cracking the device of the target, instead of hunting packets all around the world and correlating them. Kind regards
  38. 1 point
    @monstrocity Hello! The errors and embezzlement caused by bogus copyright notices are notorious since 2008 at least. That's a decisive reason to understand how the graduated response must include the constitutional right to a due process, and that each copyright infringement claim must be validated or rejected by a court, if the alleged infringer wants to exercise her fundamental right to a due process with presumption of innocence. How bogus notices can be sent, and how a malicious user knowing your IP address can trivially cause an arbitrary amount of copyright notices to be sent to you, was well explained many years ago in the scientific paper "Why my printer received a DMCA takedown notice". http://dmca.cs.washington.edu/uwcse_dmca_tr.pdf The fact that, in spite of all the above, various companies still dream of automated graduated response and deletion of the right to a due process and the right to legal defense shows, in our opinion, the mental imbalance of certain persons and the hidden agenda to keep making money with bogus activities: business for companies which offer their services to monitor p2p swarms and automatically generate notices was quite big years ago. And it's also sad to see, when citizens defend the copyright mafia graduated response concept, how easily many citizens are inclined to renounce to fundamental, human rights. @ProphetPX The news you reported seem to be confirmed independently by TorrentFreak, which published a day earlier: https://torrentfreak.com/comcast-suspends-internet-connection-for-downloading-torrents-210630/ Kind regards
  39. 1 point
    I have a reason to believe that M247 is falsifying a few of its server locations which it sells to VPN companies such as AirVPN. Disclaimer: I am not accusing AirVPN of participating in this falsification, I believe that AirVPN staff has the integrity and honesty to only purchase servers in locations they know are correct as advertised. My hypothesis is that AirVPN was merely duped into buying thse falsified locations because M247 claimed that they were real locations and AirVPN did not have any reason to suspect anything to the contrary. I noticed recently that the M247 "Phoenix" location seems to really be located in Los Angeles, M247 "Barcelona" location seems to really be in Madrid, and the M247 "Berlin" location seems to really be in Frankfurt. Traceroute shows identical routes between each of these false locations and the real location they are in, not to mention that neither Phoenix, Barcelona, or Berlin appear on M247's list of locations on their website Disclaimer 2: All of the data below is shown as it was generated, with the only thing being edited is the redaction of my ISP's traceroute hops for protection of my privacy. Exhibit A: "Phoenix" is really Los Angeles. Traceroute and ping to Indus , allegedly in M247 Phoenix Traceroute to Indus server traceroute to indus.airservers.org (193.37.254.26), 30 hops max, 38 byte packets [Redacted my ISP's traceroute hops] 8 * * * 9 ae-5.r01.lsanca20.us.bb.gin.ntt.net (129.250.6.49) 73.593 ms 68.449 ms 69.689 ms 10 ce-0-1-0-0.r01.lsanca20.us.ce.gin.ntt.net (128.241.6.1) 66.818 ms 71.847 ms 72.087 ms 11 * irb-0.agg1.lax1.us.m247.com (77.243.185.149) 89.481 ms et-0-0-49-0.agg1.lax1.us.m247.com (77.243.185.145) 79.797 ms 12 vlan2921.as09.lax1.us.m247.com (193.9.115.167) 123.200 ms 71.520 ms vlan2909.as09.lax1.us.m247.com (193.9.115.169) 74.228 ms 13 * * * 14 * * * Traceroute from Indus to Google traceroute to google.com (172.217.5.110), 30 hops max, 60 byte packets 1 10.32.6.1 (10.32.6.1) 69.597 ms 69.603 ms 69.595 ms 2 vlan177.as09.lax1.us.m247.com (193.37.254.1) 69.687 ms 69.711 ms 69.778 ms 3 irb-0.agg1.lax1.us.m247.com (193.9.115.168) 633.031 ms 633.038 ms 633.034 ms 4 37.120.220.170 (37.120.220.170) 69.490 ms 69.452 ms 69.546 ms 5 72.14.204.180 (72.14.204.180) 69.661 ms te-4-3-0.bb1.lax1.us.m247.com (82.102.29.110) 69.769 ms 69.821 ms 6 10.252.217.158 (10.252.217.158) 69.615 ms 72.14.204.180 (72.14.204.180) 67.888 ms 10.23.211.158 (10.23.211.158) 68.754 ms 7 10.252.234.254 (10.252.234.254) 67.871 ms 142.250.228.74 (142.250.228.74) 68.216 ms 10.252.234.254 (10.252.234.254) 68.221 ms 8 108.170.247.244 (108.170.247.244) 68.254 ms 108.170.237.114 (108.170.237.114) 68.228 ms 108.170.247.244 (108.170.247.244) 68.243 ms 9 108.170.247.211 (108.170.247.211) 68.818 ms 108.170.247.148 (108.170.247.148) 68.598 ms 68.843 ms 10 108.170.230.123 (108.170.230.123) 68.806 ms 108.170.230.133 (108.170.230.133) 69.010 ms 172.253.75.217 (172.253.75.217) 76.905 ms 11 172.253.75.217 (172.253.75.217) 76.921 ms 172.253.70.153 (172.253.70.153) 80.406 ms 74.125.253.148 (74.125.253.148) 75.588 ms 12 142.250.234.59 (142.250.234.59) 81.965 ms 108.170.243.1 (108.170.243.1) 78.518 ms 80.377 ms 13 108.170.236.61 (108.170.236.61) 75.650 ms 75.356 ms 108.170.243.1 (108.170.243.1) 77.960 ms 14 sfo03s07-in-f14.1e100.net (172.217.5.110) 82.906 ms 108.170.236.63 (108.170.236.63) 77.106 ms sfo03s07-in-f110.1e100.net (172.217.5.110) 103.936 ms Ping to Indus PING 193.37.254.26 (193.37.254.26) 56(84) bytes of data. 64 bytes from 193.37.254.26: icmp_seq=1 ttl=57 time=69.5 ms 64 bytes from 193.37.254.26: icmp_seq=2 ttl=57 time=68.8 ms 64 bytes from 193.37.254.26: icmp_seq=3 ttl=57 time=69.1 ms 64 bytes from 193.37.254.26: icmp_seq=4 ttl=57 time=68.0 ms 64 bytes from 193.37.254.26: icmp_seq=5 ttl=57 time=69.3 ms 64 bytes from 193.37.254.26: icmp_seq=6 ttl=57 time=68.5 ms 64 bytes from 193.37.254.26: icmp_seq=7 ttl=57 time=70.0 ms 64 bytes from 193.37.254.26: icmp_seq=8 ttl=57 time=69.2 ms 64 bytes from 193.37.254.26: icmp_seq=9 ttl=57 time=69.7 ms 64 bytes from 193.37.254.26: icmp_seq=10 ttl=57 time=68.1 ms Hmm, I wonder why all the M247 router hops are all labelled as "LAX1" for a "Phoenix" location??? Now we will compare this to Groombridge, a server in M247 Los Angeles Traceroute to Groombridge traceroute to groombridge.airservers.org (37.120.132.82), 30 hops max, 38 byte packets [Redacted my ISP's traceroute hops] 7 * * * 8 ae-2.r25.lsanca07.us.bb.gin.ntt.net (129.250.3.189) 74.561 ms 97.764 ms * 9 ae-5.r01.lsanca20.us.bb.gin.ntt.net (129.250.6.49) 73.048 ms 70.967 ms 73.707 ms 10 ce-0-1-0-0.r01.lsanca20.us.ce.gin.ntt.net (128.241.6.1) 65.112 ms 73.968 ms 71.939 ms 11 irb-0.agg1.lax1.us.m247.com (77.243.185.149) 77.359 ms * * 12 vlan2926.as15.lax1.us.m247.com (89.44.212.37) 75.003 ms 73.769 ms 217.138.223.35 (217.138.223.35) 67.763 ms 13 * * * 14 * * * Traceroute from Groombridge to YouTube traceroute to youtube.com (216.58.195.78), 30 hops max, 60 byte packets 1 10.15.134.1 (10.15.134.1) 71.514 ms 71.502 ms 71.493 ms 2 vlan170.as15.lax1.us.m247.com (37.120.132.81) 71.810 ms 71.986 ms 72.005 ms 3 * * * 4 37.120.220.198 (37.120.220.198) 75.969 ms te-1-2-0.bb1.nyc1.us.m247.com (77.243.185.18) 76.140 ms 37.120.220.198 (37.120.220.198) 75.971 ms 5 72.14.204.180 (72.14.204.180) 76.149 ms 76.154 ms te-4-3-0.bb1.lax1.us.m247.com (82.102.29.110) 75.138 ms 6 10.252.173.62 (10.252.173.62) 78.254 ms 72.14.204.180 (72.14.204.180) 73.797 ms 73.781 ms 7 209.85.254.86 (209.85.254.86) 73.773 ms 10.252.50.62 (10.252.50.62) 73.975 ms 108.170.247.193 (108.170.247.193) 74.551 ms 8 108.170.237.114 (108.170.237.114) 73.937 ms 108.170.247.193 (108.170.247.193) 74.759 ms 108.170.247.243 (108.170.247.243) 74.214 ms 9 * 108.170.247.244 (108.170.247.244) 74.196 ms 108.170.234.124 (108.170.234.124) 74.648 ms 10 209.85.254.229 (209.85.254.229) 86.701 ms * 108.170.234.27 (108.170.234.27) 72.588 ms 11 216.239.58.214 (216.239.58.214) 80.460 ms 142.250.234.56 (142.250.234.56) 81.648 ms 172.253.70.155 (172.253.70.155) 83.700 ms 12 108.170.242.241 (108.170.242.241) 80.580 ms 66.249.94.28 (66.249.94.28) 79.787 ms 108.170.242.241 (108.170.242.241) 81.349 ms 13 72.14.239.97 (72.14.239.97) 80.326 ms 108.170.242.241 (108.170.242.241) 81.308 ms 72.14.239.43 (72.14.239.43) 84.462 ms 14 72.14.239.43 (72.14.239.43) 82.598 ms sfo07s16-in-f78.1e100.net (216.58.195.78) 80.463 ms 81.950 ms Ping to Groombridge PING groombridge.airservers.org (37.120.132.82) 56(84) bytes of data. 64 bytes from 82.132.120.37.in-addr.arpa (37.120.132.82): icmp_seq=1 ttl=57 time=68.8 ms 64 bytes from 82.132.120.37.in-addr.arpa (37.120.132.82): icmp_seq=2 ttl=57 time=68.8 ms 64 bytes from 82.132.120.37.in-addr.arpa (37.120.132.82): icmp_seq=3 ttl=57 time=68.9 ms 64 bytes from 82.132.120.37.in-addr.arpa (37.120.132.82): icmp_seq=4 ttl=57 time=68.0 ms 64 bytes from 82.132.120.37.in-addr.arpa (37.120.132.82): icmp_seq=5 ttl=57 time=70.4 ms 64 bytes from 82.132.120.37.in-addr.arpa (37.120.132.82): icmp_seq=6 ttl=57 time=69.0 ms 64 bytes from 82.132.120.37.in-addr.arpa (37.120.132.82): icmp_seq=7 ttl=57 time=70.4 ms 64 bytes from 82.132.120.37.in-addr.arpa (37.120.132.82): icmp_seq=8 ttl=57 time=67.6 ms 64 bytes from 82.132.120.37.in-addr.arpa (37.120.132.82): icmp_seq=9 ttl=57 time=68.3 ms 64 bytes from 82.132.120.37.in-addr.arpa (37.120.132.82): icmp_seq=10 ttl=57 time=68.0 ms Hmm, looks suspiciously similar to me... Routes are both the same, ping is near-equal Exhibit B: "Barcelona" is really Madrid Traceroute and ping to Eridanus, allegedly in Barcelona Traceroute to Eridanus traceroute to eridanus.airservers.org (185.183.106.2), 30 hops max, 38 byte packets [Redacted my ISP's traceroute hops] 7 * * * 8 be2332.ccr32.bio02.atlas.cogentco.com (154.54.85.246) 83.833 ms 82.655 ms 83.244 ms 9 be2325.ccr32.mad05.atlas.cogentco.com (154.54.61.134) 86.389 ms 85.839 ms 86.422 ms 10 quantum-sistemas.demarc.cogentco.com (149.6.150.130) 110.559 ms 171.268 ms 118.386 ms 11 * * * 12 * * * Traceroute from Eridanus to YouTube traceroute to youtube.com (216.58.211.46), 30 hops max, 60 byte packets 1 10.16.134.1 (10.16.134.1) 89.066 ms 89.077 ms 89.072 ms 2 * * * 3 xe-1-2-3-0.bb1.mad1.es.m247.com (212.103.51.62) 89.002 ms 88.997 ms 88.992 ms 4 mad-b1-link.telia.net (213.248.95.33) 89.157 ms 89.176 ms 89.172 ms 5 google-ic-314668-mad-b1.c.telia.net (62.115.61.14) 89.168 ms 89.324 ms 89.328 ms 6 * * * 7 142.250.239.26 (142.250.239.26) 92.637 ms 72.14.233.124 (72.14.233.124) 91.657 ms 142.250.62.202 (142.250.62.202) 91.548 ms 8 108.170.234.221 (108.170.234.221) 92.059 ms 74.125.242.178 (74.125.242.178) 91.787 ms 144.397 ms 9 108.170.253.225 (108.170.253.225) 91.930 ms muc03s14-in-f14.1e100.net (216.58.211.46) 91.631 ms 108.170.253.225 (108.170.253.225) 91.934 ms Hmm, I wonder why M247's router hops in the "Barcelona" location are all labelled as "MAD1" Ping to Eridanus PING 185.183.106.2 (185.183.106.2) 56(84) bytes of data. 64 bytes from 185.183.106.2: icmp_seq=1 ttl=56 time=89.4 ms 64 bytes from 185.183.106.2: icmp_seq=2 ttl=56 time=85.9 ms 64 bytes from 185.183.106.2: icmp_seq=3 ttl=56 time=84.9 ms 64 bytes from 185.183.106.2: icmp_seq=4 ttl=56 time=85.5 ms 64 bytes from 185.183.106.2: icmp_seq=5 ttl=56 time=86.4 ms 64 bytes from 185.183.106.2: icmp_seq=6 ttl=56 time=85.0 ms 64 bytes from 185.183.106.2: icmp_seq=7 ttl=56 time=85.3 ms 64 bytes from 185.183.106.2: icmp_seq=8 ttl=56 time=87.1 ms 64 bytes from 185.183.106.2: icmp_seq=9 ttl=56 time=85.8 ms 64 bytes from 185.183.106.2: icmp_seq=10 ttl=56 time=85.3 ms Comparing this to Mekbuda, a server in Madrid M247 Traceroute to Mekbuda [Redacted my ISP's traceroute hops] 7 * * * 8 be2332.ccr32.bio02.atlas.cogentco.com (154.54.85.246) 83.761 ms 82.333 ms 82.102 ms 9 be2325.ccr32.mad05.atlas.cogentco.com (154.54.61.134) 86.121 ms 85.032 ms 86.308 ms 10 quantum-sistemas.demarc.cogentco.com (149.6.150.130) 94.879 ms 87.337 ms 88.230 ms 11 * * * 12 * * * Route from Mekbuda to Youtube traceroute to youtube.com (216.58.215.142), 30 hops max, 60 byte packets 1 10.21.198.1 (10.21.198.1) 87.692 ms 87.693 ms 87.686 ms 2 vlan29.bb2.mad1.es.m247.com (185.93.182.161) 87.696 ms 87.690 ms 87.750 ms 3 xe-1-1-0-0.bb1.mad1.es.m247.com (82.102.29.25) 87.762 ms 87.758 ms 87.753 ms 4 mad-b1-link.telia.net (213.248.95.33) 87.956 ms 88.558 ms 87.931 ms 5 google-ic-314668-mad-b1.c.telia.net (62.115.61.14) 87.836 ms 87.992 ms 87.988 ms 6 * * * 7 mad41s04-in-f14.1e100.net (216.58.215.142) 86.846 ms 74.125.242.177 (74.125.242.177) 98.934 ms 98.992 ms Ping to Mekbuda PING mekbuda.airservers.org (185.93.182.170) 56(84) bytes of data. 64 bytes from 185.93.182.170 (185.93.182.170): icmp_seq=1 ttl=56 time=87.0 ms 64 bytes from 185.93.182.170 (185.93.182.170): icmp_seq=2 ttl=56 time=88.4 ms 64 bytes from 185.93.182.170 (185.93.182.170): icmp_seq=3 ttl=56 time=86.2 ms 64 bytes from 185.93.182.170 (185.93.182.170): icmp_seq=4 ttl=56 time=88.4 ms 64 bytes from 185.93.182.170 (185.93.182.170): icmp_seq=5 ttl=56 time=86.7 ms 64 bytes from 185.93.182.170 (185.93.182.170): icmp_seq=6 ttl=56 time=85.7 ms 64 bytes from 185.93.182.170 (185.93.182.170): icmp_seq=7 ttl=56 time=85.7 ms 64 bytes from 185.93.182.170 (185.93.182.170): icmp_seq=8 ttl=56 time=87.1 ms 64 bytes from 185.93.182.170 (185.93.182.170): icmp_seq=9 ttl=56 time=88.3 ms 64 bytes from 185.93.182.170 (185.93.182.170): icmp_seq=10 ttl=56 time=88.2 ms Once again, everything is near-identical, with only a slight difference in Youtube traceroute. Exhibit C: "Berlin" is really in Frankfurt First we will test ping and traceroute to Cujam, a Berlin M247 server Traceroute to Cujam [Redacted my ISP's traceroute hops] 6 * * * 7 ae-9.r20.londen12.uk.bb.gin.ntt.net (129.250.6.146) 73.904 ms ae-11.r20.parsfr04.fr.bb.gin.ntt.net (129.250.4.195) 78.812 ms 75.580 ms 8 ae-1.r21.londen12.uk.bb.gin.ntt.net (129.250.2.183) 79.099 ms ae-2.r21.parsfr04.fr.bb.gin.ntt.net (129.250.3.46) 85.715 ms ae-1.r21.londen12.uk.bb.gin.ntt.net (129.250.2.183) 78.384 ms 9 ae-16.r20.frnkge13.de.bb.gin.ntt.net (129.250.3.13) 91.553 ms ae-11.r21.frnkge13.de.bb.gin.ntt.net (129.250.5.26) 91.521 ms ae-16.r20.frnkge13.de.bb.gin.ntt.net (129.250.3.13) 94.728 ms 10 ae-0.a00.frnkge13.de.bb.gin.ntt.net (129.250.2.25) 92.855 ms 89.619 ms 90.740 ms 11 ae-8-501.a00.frnkge13.de.ce.gin.ntt.net (213.198.52.62) 91.869 ms 92.824 ms 93.136 ms 12 37.120.220.131 (37.120.220.131) 90.856 ms vlan2945.agg2.fra4.de.m247.com (193.27.15.241) 92.015 ms 37.120.220.116 (37.120.220.116) 89.007 ms 13 vlan2925.as03.fra4.de.m247.com (83.97.21.17) 88.304 ms vlan2901.as03.fra4.de.m247.com (82.102.29.155) 93.828 ms vlan2925.as03.fra4.de.m247.com (83.97.21.17) 89.713 ms 14 * * * 15 * * * Traceroute from Cujam to YouTube 1 10.11.102.1 (10.11.102.1) 89.968 ms 89.978 ms 89.972 ms 2 37.120.217.241 (37.120.217.241) 90.041 ms 90.036 ms 90.134 ms 3 vlan2925.agg2.fra4.de.m247.com (83.97.21.16) 89.915 ms 89.910 ms 89.905 ms 4 37.120.220.130 (37.120.220.130) 90.078 ms 193.27.15.240 (193.27.15.240) 89.956 ms 37.120.220.130 (37.120.220.130) 90.199 ms 5 vlan2906.bb1.ams1.nl.m247.com (37.120.128.248) 90.252 ms 90.009 ms 37.120.128.253 (37.120.128.253) 90.176 ms 6 37.120.128.253 (37.120.128.253) 90.171 ms no-mans-land.m247.com (185.206.226.71) 89.888 ms 37.120.128.253 (37.120.128.253) 89.597 ms 7 no-mans-land.m247.com (185.206.226.71) 89.851 ms 10.252.43.30 (10.252.43.30) 89.962 ms 10.252.45.126 (10.252.45.126) 89.649 ms 8 108.170.252.1 (108.170.252.1) 90.496 ms 108.170.235.248 (108.170.235.248) 89.578 ms 10.252.73.190 (10.252.73.190) 89.598 ms 9 108.170.252.83 (108.170.252.83) 90.067 ms 108.170.252.18 (108.170.252.18) 90.020 ms 108.170.252.65 (108.170.252.65) 90.430 ms 10 * * 209.85.252.77 (209.85.252.77) 90.872 ms 11 216.239.50.187 (216.239.50.187) 99.430 ms * 209.85.252.149 (209.85.252.149) 97.794 ms 12 108.170.230.210 (108.170.230.210) 98.329 ms 72.14.238.52 (72.14.238.52) 97.997 ms 97.910 ms 13 108.170.244.161 (108.170.244.161) 97.921 ms 108.170.235.98 (108.170.235.98) 98.316 ms 108.170.244.225 (108.170.244.225) 98.802 ms 14 108.170.232.125 (108.170.232.125) 97.839 ms 98.060 ms 98.173 ms 15 108.170.234.51 (108.170.234.51) 98.067 ms par10s27-in-f206.1e100.net (216.58.198.206) 97.811 ms 98.150 ms Ping to Cujam PING cujam.airservers.org (37.120.217.242) 56(84) bytes of data. 64 bytes from 37.120.217.242 (37.120.217.242): icmp_seq=1 ttl=53 time=90.3 ms 64 bytes from 37.120.217.242 (37.120.217.242): icmp_seq=2 ttl=53 time=91.8 ms 64 bytes from 37.120.217.242 (37.120.217.242): icmp_seq=3 ttl=53 time=91.7 ms 64 bytes from 37.120.217.242 (37.120.217.242): icmp_seq=4 ttl=53 time=92.5 ms 64 bytes from 37.120.217.242 (37.120.217.242): icmp_seq=5 ttl=53 time=91.3 ms 64 bytes from 37.120.217.242 (37.120.217.242): icmp_seq=6 ttl=53 time=92.1 ms 64 bytes from 37.120.217.242 (37.120.217.242): icmp_seq=7 ttl=53 time=90.5 ms 64 bytes from 37.120.217.242 (37.120.217.242): icmp_seq=8 ttl=53 time=91.3 ms 64 bytes from 37.120.217.242 (37.120.217.242): icmp_seq=9 ttl=53 time=90.0 ms 64 bytes from 37.120.217.242 (37.120.217.242): icmp_seq=10 ttl=53 time=92.1 ms I wonder why there's no mention of "Berlin" in the traceroute hops, instead says FRA4 for Frankfurt.... Next we will compare this to Mirfak, a M247 Frankfurt server Traceroute to Mirfak [Redacted my ISP's traceroute hops] 5 * * * 6 if-ae-66-8.tcore1.l78-london.as6453.net (80.231.130.194) 93.049 ms if-ae-66-9.tcore1.l78-london.as6453.net (80.231.130.21) 92.427 ms if-ae-66-8.tcore1.l78-london.as6453.net (80.231.130.194) 92.662 ms 7 * if-ae-3-2.tcore1.pye-paris.as6453.net (80.231.154.142) 94.296 ms * 8 * * if-ae-11-2.tcore1.pvu-paris.as6453.net (80.231.153.49) 92.280 ms 9 * if-ae-49-2.tcore2.pvu-paris.as6453.net (80.231.153.21) 91.508 ms * 10 if-ae-55-2.tcore1.fr0-frankfurt.as6453.net (80.231.245.7) 100.752 ms 91.321 ms 92.308 ms 11 if-ae-55-2.tcore1.fr0-frankfurt.as6453.net (80.231.245.7) 88.325 ms 195.219.50.23 (195.219.50.23) 96.137 ms 94.877 ms 12 vlan2946.agg1.fra4.de.m247.com (193.27.15.243) 94.155 ms 37.120.220.116 (37.120.220.116) 93.367 ms 37.120.220.118 (37.120.220.118) 91.790 ms 13 vlan2917.as11.fra4.de.m247.com (212.103.51.191) 101.641 ms vlan2945.agg2.fra4.de.m247.com (193.27.15.241) 90.441 ms vlan2917.as11.fra4.de.m247.com (212.103.51.191) 93.836 ms 14 * vlan2917.as11.fra4.de.m247.com (212.103.51.191) 94.359 ms vlan2919.as11.fra4.de.m247.com (212.103.51.151) 96.080 ms 15 * * * 16 * * * The only difference in this traceroute is that the traffic goes through TATA instead of NTT which the Cujam server goes through, but the destination for both is the same: M247 in Frankfurt Traceroute to YouTube from Mirfak traceroute to youtube.com (172.217.17.46), 30 hops max, 60 byte packets 1 10.27.230.1 (10.27.230.1) 96.778 ms 96.764 ms 96.774 ms 2 vlan27.as11.fra4.de.m247.com (141.98.102.177) 97.067 ms 97.135 ms 97.329 ms 3 vlan2917.agg1.fra4.de.m247.com (212.103.51.190) 96.705 ms 96.704 ms 96.699 ms 4 37.120.128.148 (37.120.128.148) 97.120 ms 193.27.15.242 (193.27.15.242) 97.724 ms 37.120.128.148 (37.120.128.148) 97.107 ms 5 37.120.128.253 (37.120.128.253) 96.833 ms 96.835 ms vlan2906.bb1.ams1.nl.m247.com (37.120.128.248) 96.894 ms 6 no-mans-land.m247.com (185.206.226.71) 97.037 ms 37.120.128.253 (37.120.128.253) 95.349 ms 95.494 ms 7 no-mans-land.m247.com (185.206.226.71) 95.615 ms 10.252.45.190 (10.252.45.190) 98.342 ms 10.252.45.158 (10.252.45.158) 96.818 ms 8 216.239.47.244 (216.239.47.244) 96.897 ms 108.170.252.65 (108.170.252.65) 97.534 ms 142.250.46.244 (142.250.46.244) 96.712 ms 9 108.170.252.18 (108.170.252.18) 97.041 ms 108.170.251.144 (108.170.251.144) 97.279 ms 108.170.252.18 (108.170.252.18) 96.977 ms 10 * * * 11 209.85.244.158 (209.85.244.158) 104.649 ms * * 12 216.239.42.171 (216.239.42.171) 104.672 ms 216.239.42.102 (216.239.42.102) 116.455 ms 216.239.43.37 (216.239.43.37) 104.324 ms 13 216.239.42.171 (216.239.42.171) 104.748 ms 104.733 ms 216.239.43.37 (216.239.43.37) 115.898 ms 14 108.170.236.135 (108.170.236.135) 104.245 ms 104.183 ms 108.170.236.137 (108.170.236.137) 104.074 ms 15 ams16s29-in-f46.1e100.net (172.217.17.46) 103.791 ms 103.813 ms 102.372 ms Ping to Mirfak PING mirfak.airservers.org (141.98.102.234) 56(84) bytes of data. 64 bytes from 234.102.98.141.in-addr.arpa (141.98.102.234): icmp_seq=1 ttl=53 time=89.3 ms 64 bytes from 234.102.98.141.in-addr.arpa (141.98.102.234): icmp_seq=2 ttl=53 time=89.8 ms 64 bytes from 234.102.98.141.in-addr.arpa (141.98.102.234): icmp_seq=3 ttl=53 time=89.1 ms 64 bytes from 234.102.98.141.in-addr.arpa (141.98.102.234): icmp_seq=4 ttl=53 time=90.6 ms 64 bytes from 234.102.98.141.in-addr.arpa (141.98.102.234): icmp_seq=5 ttl=53 time=89.6 ms 64 bytes from 234.102.98.141.in-addr.arpa (141.98.102.234): icmp_seq=6 ttl=53 time=89.2 ms 64 bytes from 234.102.98.141.in-addr.arpa (141.98.102.234): icmp_seq=7 ttl=53 time=90.0 ms 64 bytes from 234.102.98.141.in-addr.arpa (141.98.102.234): icmp_seq=8 ttl=53 time=90.0 ms 64 bytes from 234.102.98.141.in-addr.arpa (141.98.102.234): icmp_seq=9 ttl=53 time=87.6 ms 64 bytes from 234.102.98.141.in-addr.arpa (141.98.102.234): icmp_seq=10 ttl=53 time=88.9 ms Again, everything is near-identical, suggesting that these Berlin, Phoenix, and Barcelona locations are just falsified geolocation information and nothing more. With near-identical traceroutes, and ping values that don't differ by more than 1-2ms , it is extremely unrealistic that these servers are in the locations they claim to be. If you think my data is wrong/inaccurate, then feel free to repeat my experiment yourself, you will find the same thing. I would like to reiterate that I believe that AirVPN has no part in this falsification and that they have no ill will, I think they were duped/deceived by M247 to believe that the Phoenix, Berlin and Barcelona locations are actually real physical locations M247 has their servers located in. I think after these findings, AirVPN should have a long discussion with M247 staff about this falsification that took place.
  40. 1 point
    ®yan

    Zone-based DNS Suggestion for US

    Is it possible that DNS recommends servers in the United States based on zone? Since it's a big country and connection quality varies for users around the world, I was thinking about having 3 A records for east, center & west (for example east.us3.vpn.airdns.org, central.us3.vpn.airdns.org, ... or east3.us.vpn.airdns.org, central3.us.vpn.airdns.org, ...) and each record is updated every 5 min with lightest server in that zone ... NY, FL & PA states for east, TX, IL & GA for center and CA & AZ for west.
  41. 1 point
    @LZ1 Thanks for this awesome guide! If someone reading these guides through torbrowser, can you open the drop-downs when using .onion? Unfortunately i can't.
  42. 1 point
    Staff

    AirVPN 11th birthday celebrations

    Hello! Today we're starting AirVPN eleventh birthday celebrations offering special discounts on longer term plans. It seems like it was only yesterday that we celebrated the 10th milestone birthday, and here we are, one year later already. From a two servers service located in a single country providing a handful of Mbit/s, the baby has grown up to a wide infrastructure in 22 countries in four continents, providing now 240,000+ Mbit/s to tens of thousands of people around the world. We still define it as a "baby", but AirVPN is now the oldest VPN in the market which never changed ownership, and it's one of the last that still puts ethics well over profit, a philosophy which has been rewarded by customers and users. 2020 (and 2021 so far) have been harsh years for the mankind but we have no rights to complain too much because AirVPN was only marginally touched by those terrible repercussions which affected many other business sectors in general. In spite of that, we could not maintain our promise to deliver native software for FreeBSD and we apologize for the failure. However, releasing software for FreeBSD, specifically AirVPN Suite, remains one of our goals, so stay tuned. On the other hand, Eddie desktop edition, AirVPN Suite for Linux, Hummingbird for Linux and macOS, and OpenVPN 3 AirVPN library were updated substantially and swiftly. Moreover, Eddie Android edition development has been recently re-opened to provide a new version updated to new requirements and specifications of Android 11 during 2021. Hummingbird was natively released for M1 based Apple Mac systems too, allowing a dramatic performance boost (up to +100% in >100 Mbit/s lines). Behind the scenes, infrastructure had some paramount improvements. The whole network in the Netherlands has been enlarged with additional redundancy and several servers around the world have had hardware upgrades. In Sweden and Switzerland we started operating servers connected to exclusive 10 Gbit/s lines and ports, and we optimized the environment to obtain more bandwidth from the OpenVPN processes. We managed to beat the previous 1.7 Gbit/s barrier. The performance on the customer side has improved and reached new peaks of excellence, as you can see here: https://airvpn.org/forums/topic/48234-speedtest-comparison/?do=findComment&comment=130191 Furthermore, the infrastructure has become fully Wireguard capable and throughout 2021 we will start offering Wireguard connections, in addition to OpenVPN ones, in an hardened environment which mitigates the numerous privacy problems posed by Wireguard. Last but not least we re-started operations in a fourth continent, Oceania, with a new server in New Zealand. All AirVPN applications and libraries are free and open source software released under GPLv3. It's worth quoting literally what we wrote last year for AirVPN birthday: Kind regards and datalove AirVPN Staff
  43. 1 point
    Eddie works well with both my MS Windows 10 Home and Pro edition on two separate PCs. Have you considered doing a complete uninstall including removing any remaining AirVPN and Eddie leftover folders? Perhaps a registry clean up would help as well though I'm not sure Windows adds any Eddie items to the registry. I would also suggest a reboot after the uninstall. There is also consideration of doing a Network reset in Windows before doing a clean Eddie install. Though this may be inconvenient, it may also be the "fix".
  44. 1 point
    You're welcome.
  45. 1 point
    ptitdo

    OMV + Transmission-OpenVPN + AirVPN

    Hello everyone, I had the same problem as you but at the end I ended up using qBitorrent-VPN from Markus McNugen. As I am on a Raspberry Pi, I used a fork (someone was really kind to make one!) but the normal repo should work also with the information provided on the GitHub page linked above if you're on another architecture. Here are the steps : So I created this folder : .../config/qBitorrentvpn/ & then the folder openvpn inside : .../config/qBitorrentvpn/openvpn/ I dropped in this folder (.../openvpn/) the following files got from AirVPN in the config generator : The .ovpn, ca.crt, ta.key, user.crt, user.key. To get these files from AirVPN, here are the steps and the options that must be chosen : Go to Config Generator Advanced Mode: Checked API Reference: Unchecked Select "Linux" IP Layer: IPv4 only Connect with IP layer: IPv4 Protocols: UDP/443 Bundle executables: No OpenVPN version: >=2.4 Separatekeys/certs from .ovpn file: Checked Proxy: None Choose servers: for example "Switzerland" Then, Generate. On the download page, download the zip file. Drop all the files included in the zip file (.crt, .key, .ovpn, ...) into your .../qBitorrent/openvpn/ folder Open the .ovpn file with notepad (or other software) and add this line at the end : auth-user-pass Still in the same folder (.../qBitorrent/openvpn/) create a text file (.txt if you're on Windows) that you will call auth-user-pass credentials.conf which will contain the following lines : username password Replace of course the username by your AirVPN username and the password by your AirVPN password. If you're on Windows (might be different on MacOS/Linux distro), delete the .txt at the end of the file so it is a .conf Now you can run the docker run command and it should be working. (for some reasons I did not succeed to run a docker-compose.yml via Portainer) docker run --privileged -d \ -v /srv/dev-disk-by-label-mediadisk/databases/downloads/:/downloads \ -v /srv/dev-disk-by-label-mediadisk/config/qbitorrentvpn/:/config \ -e "VPN_ENABLED=yes" \ -e "LAN_NETWORK=192.168.1.0/24" \ -e "NAME_SERVERS=9.9.9.9,149.112.112.112" \ -e "VPN_USERNAME=XXXXX" \ -e "VPN_PASSWORD=XXXXX" \ -e "PUID=XXX" \ -e "PGID=XXX" \ -p 8080:8080 \ -p 8999:8999 \ -p 8999:8999/udp \ --sysctl net.ipv6.conf.all.disable_ipv6=0 \ --name qbittorrent-openvpn \ chrisjohnson00/qbittorrent-openvpn:latest Replace the XXX by the corresponding inputs from your raspberry and AirVPN login. Hope this will help people !
  46. 1 point
    Great run through, thanks for putting together. Had Airvpn working via cmd line but eddie is flawless in Opensuse 15.2&KDE.
  47. 1 point
    OpenSourcerer

    Wevpn

    A newcomer, it seems. I'd give them a bit more time to develop everything. So far: Server country selection is mostly sound – if you ignore things like UAE and Brazil. Support for all relevant protocols, which is nice. Wireguard caveats are in privacy policy instead of FAQ, which is weird, but okay, it's there. Moving on. Closed source software. Yellow flag. No Linux means general focus on revenue. Didn't check any of them; how should I, anyway? Microsoft and Google crash reporting services in software. Yellow flag. Would've appreciated something open sourcey and selfhosted like sentry.io. Mention of a warrant canary again. Still not sure if they work.. I think an expert would choose a firewall over application-based killswitch functionality any day, this hasn't happened here. A bit sad, but maybe driven by the general VPN user base always looking at a killswitch feature in a VPN service app, and not understanding that firewalls are more robust, even if somewhat more difficult to setup and troubleshoot. Trifle: Some of the FAQ answers are not updated or even checked for spelling, grammar and logic. On Static or Dedicated IP address? for example both dynamic and static addresses are ruled out, even with a lexical syntax error, creating the potential for confusion. Then, privacy policy: "We log your usage, and if we think you're naughty, we will contact you. If we couldn't reach you, we will terminate access. If we could, your answers can and will be used against you." Sounds liberating, still want to torrent with WeVPN? We can say that a working mail is required. But above all I found this one downright hilarious: At least they're aware how that guy ranks VPN services, they're happy to provide him with a template. Same rules apply: I can simply set up a new VPN service, promise him everything and more and it'd be the best in the market!
  48. 1 point
    Staff

    Wireguard plans

    @Flx The first message was approved by some moderator in the wrong thread, not a big deal. Then we moved the message on its own thread, this one. Then user "wireguard" posted more messages which were all approved by some moderator. @Brainbleach Of course. We were replying to "wireguard" who invites surreptitiously to punish AirVPN because AirVPN uses and develops actively OpenVPN: "Needless to say, investing in AirVPN means investing in OpenVPN, and that's not acceptable to me at this point," . He/she also kept claiming that "it's time to retire OpenVPN" (sic), that OpenVPN is a "truly disgusting hack" (sic) and so on,. showing his/her embarrassing ignorance and lack of good faith. Nothing to do with your messages. Funny how bogus account writers are so eager to become from time to time AirVPN software lead developers, general managers for AirVPN strategies, marketing directors and more. 😀 We wanted to prove beyond any reasonable doubt that his/her claim are unreasonable and based on wrong assumptions and terrible omissions, showing how Wireguard can not replace OpenVPN for a significant percentage of our customers and how our OpenVPN development has been beneficial for many users around the world. That said, we claimed that Wireguard needed to be developed and tested further years ago, so at the time our claim was totally reasonable. We also claimed years ago that the problem was not with CHACHA20 which to the best of nowadays knowledge is a very robust and secure cipher. Now the problems are different because Wireguard is asked to offer something which it was not designed for, i.e. providing some kind of anonymity layer. Such problems include lack of DNS push, lack of dynamic IP address assignment (with subsequent problems with client key-private address static correspondence, a very tough legal problem for us but above all for our customers), need of keeping client real IP address stored in a file. We have resolved them one by one with external software and internal work around. Once the problems are resolved in a robust way, which means testing thoroughly the adopted work-around, we can offer Wireguard, not earlier. Kind regards
  49. 1 point
    Hello! DISCLAIMER: this post has been written by an AirVPN co-founder (Paolo) and merges the information and the points of view elaborated by the Air founders in more than seven years. Other Air VPN staff members might add additional comments in the future. We have been asked via Twitter to reply to the following post: https://gist.github.com/joepie91/5a9909939e6ce7d09e29 We see that the issues raised by the aforementioned article may be of general interest, so we have decided to post a detailed rebuttal here, meant to fix the remarkable amount of technical misunderstandings and errors which have led the writer to astonishingly wrong conclusions and worrying generalizations. The rebuttal is based on AirVPN only; we can not and we do not want to write in the name of any other service, since most of the considerations you will read here may or may not (and sometimes we know that they will not) apply to other "VPN services". Anyway, it is our right to reply as if the writer were talking about us too, because he/she repeatedly claims that ALL VPN services act in the same way. A "VPN in this sense" is NOT a proxy. Our service encrypts and tunnels all of the client system TCP and UDP traffic to and from the VPN server. Moreover, our service, when used with our free and open source software, also makes additional steps to prevent traffic leaks outside the VPN tunnel. A proxy tunnels (and not necessarily encrypts) only TCP traffic (proxies can not support UDP), and only the traffic of those applications which are configured to connect to a proxy. UDP traffic, system traffic and traffic of applications which may be started by the system and that you failed to configure (or that you can't even configure in Windows, in some cases) are not necessarily tunneled to the proxy. Not even your system DNS queries are necessarily tunneled over the proxy. If we were really interested in logging our clients traffic, we would not allow connections to and from Tor, proxies and other VPNs. We have always made very clear how to bypass the problem of "trust us" when you can't really afford to do that, and our answer has always been "partition of trust". Please see for example our post dated March 2012 (!) about it: https://airvpn.org/topic/54-using-airvpn-over-tor/?do=findComment&comment=1745 There's more. We work under a legal framework where the safe harbors for the mere conduits are very rigidly and clearly defined (specifically, by the 2000/31/EC, the E-Commerce Directive, articles 12, 13, 14 and 15). https://eur-lex.europa.eu/legal-content/en/ALL/?uri=CELEX:32000L0031 The liability exemption for the mere conduit status would not exist if we were not mere conduits. If we inspected traffic and/or modified traffic (e.g. through content injection) and/or selected source and destination of the communications, we would not be mere conduits and we would lose the legal protection on liability exemptions. We have also two decisions of the Court of Justice of the European Union which clearly define indiscriminate data retention as infringing the fundamental rights of the citizens of the EU: https://curia.europa.eu/jcms/upload/docs/application/pdf/2014-04/cp140054en.pdf https://curia.europa.eu/jcms/upload/docs/application/pdf/2016-12/cp160145en.pdf Therefore: under a legal point of view, logging and/or monitoring and/or inspecting and/or modifying the content of our customers traffic without the customers explicit and written consent would be a criminal infringement, also subject to civil prosecution by the customers themselvesunder a business point of view, that would be simply suicidal (more on this later) It is enigmatic how the writer can make such claims. We charge less than 10 USD per month for our services and we can pay a whole legal firm, 250 servers (physical, bare metal servers), the whole staff, including a tiny team of programmers. We also regularly donate money to organizations and projects whose activities are compatible with AirVPN mission. https://airvpn.org/mission https://airvpn.org/status We're not here only for the money, but if the writer wants to talk about money, so be it. He/she may rest assured that we have planned seriously a business model which remains robust if not rock solid. It is obvious that we must keep our business model solid, because our infrastructure has become large and we have duties toward the people working with us and toward our customers. At the same time we never forget that our customers have transformed into reality the dream to build a rather big project based on and aimed to privacy protection in a time when the whole world was going to the opposite direction. By changing now direction and pointing to a business based on privacy infringements and personal data commerce would not only betray our beliefs and mission and customers, but we would become a goldfish in an ocean of sharks, we could not even think to compete. After 7 years, we have the right and knowledge to claim that a privacy protection mission is not incompatible with the price the writer mentions and with a strictly agnostic network where no traffic inspection or monitoring is enforced. We can also claim confidently that any business plan based on data protection and privacy infringements not declared in the terms of service would crash dramatically in the short-term in the EU: remember the legal framework we live in and feel free to do your own research on real cases and incidents in the recent past. Last but not least, please do your own math and compute the costs to store and "hand a customer traffic data over": they imply costs of losing the mere conduit status, added to the costs of civil lawsuits from that and potentially other tens of thousands customers. Then compare them to the "costs" (in reality benefits) of no monitoring at all added to the peace of mind to strictly act in a legal/lawful way. Given all of the above, you can easily discern that the quoted assumption is false for AirVPN. The logical, unavoidable conclusion is that AirVPN best interest, even under a purely cynical, business point of view, is to NOT log (in the most extensive sense of the term) customers traffic and not commerce with their data. This is partially, only partially, true. HideMyAss was really risking to go out of serious privacy protection business soon after the incident occurred: check the massive uproar caused by the event. The AVG acquisition, with the disruptive marketing power of AVG, has probably covered the issue, but the old HideMyAss management hurried to sell the whole Privax company. Who knows, maybe just in time, maybe before the value could be hit too seriously by the incident. We can't know for sure, and the writer can't as well. Anyway, if the writer wants to claim that marketing is powerful, we agree (what a discovery!). The logical jump from HMA incident to the assumption that every service does what HMA did is long. Do not forget that what HMA did would pose a huge amount of legal problems to us, as explained. HideMyAss targeted the same persons who are happily using the new Facebook VPN. We respect the intelligence of our customers and we don't have the arrogance to think that we can change people mind and competence all over the world in a few years (or ever), and we don't even think that we can oppose the marketing power. More importantly, that's a problem pertaining to HideMyAss. It is not only unfair, but even defamatory to surreptitiously imply that the behavior (good or bad) of certain services is the same behavior of any other service, in the same field or not. We have been providing AirVPN services since 2011, when we offered the service as a beta version totally free. Now we challenge the writer of the article to provide any single proof that any single user identity has been compromised by us through a betrayal of our terms of service and our mission and/or through traffic logging or inspection and/or by any infringement of the EU legal framework on privacy and personal data protection. False. We provide our users with any tool to never make their "real" IP address appear to our servers. We have also integrated AirVPN over HTTP proxy, AirVPN over SOCKS proxy, and AirVPN over Tor usage in our free and open source software. We don't even block connections from competitor VPN servers. Finally, we accept not only Bitcoin, but Monero and ZCash as well, which are designed to provide a robust anonymity layer on the transactions. If you really don't trust us, you can easily make your IP address never visible to our servers. This is particularly important even if you trust us, but you can't afford (for the sensitivity of the data you need to transmit, for example) to assume that our servers are not monitored by hostile entities, an event that can happen with ANY service, not only VPN services. The fact that we have made every human effort to provide effective and easily usable protections against such occurrences is a proof of our interest in the protection of our customers privacy. This is ambiguous, because we would need the writer to define security scope and context exactly. Is he/she referring to integrity and security of data between your node and our servers? Or security of your system? Surely, our service is not meant as a security tool to protect against virus and spyware, and this is clearly stated at the very beginning of our Terms of Service. AirVPN can't do anything if your system is compromised. However, the above does not imply in any way that our service is a glorified proxy. See the reasons we mentioned above and verify how a loose security mention does not change anything. Additionally, while OpenVPN is the core of our service, it is complemented by an important series of features aimed to protect privacy and data in all of those cases which OpenVPN alone has not been designed for. Even if you don't run our free and open source software, we and our community have made any effort to provide guides and insights on how to get the most from our service to integrate it in a comprehensive environment aimed to protect your data and identity. We are very grateful to our community for the invaluable contributions throughout the years. If we were a "malicious VPN provider", does the writer really think that we would have allowed our forums to become a golden source of information for privacy, identity and data protection? Do you really think that we would have been provided monetary support to TorProject, OpenBSD, European Digital Rights, Tor infrastructure, etc. etc.? A part of this has been widely rebutted in our previous reply. Here it will be sufficient to add that even if you don't use end-to-end encryption, even if you don't use Tor on top of an AirVPN connection, a MITM who sniffs the packets in any point between the VPN server and the final destination (including the final destination itself of course) will see those packets coming from the VPN server exit-IP address, NOT from your real IP address and NOT from the entry-IP address of the VPN server you connect to. This is a paramount point which is incompetently (intentionally?) ignored by the writer. It is so important that in some extreme cases it makes the difference between imprisonment and freedom, or even between life and death. Imagine the case of a whistleblower giving out relevant information via VoIP or other applications relying on UDP to a self proclaimed journalist who then betrays the confidentiality of the source, or even to a serious journalist who is unaware of the fact that his/her computer is compromised, or that his/her line is wiretapped. The whistleblower can't use a proxy reliably. The journalist, or the wiretapping entity, can trace the source IP address and the identity of the whistleblower can be disclosed (just to make a trivial example which does not require any wiretapping or compromised system, think of Skype exploit, for which any party could discover the IP address of the other party). In most of these cases, end-to-end encryption would have been irrelevant for the whistleblower. Whenever the source can't trust the destination integrity, whether the recipient is in good faith or not, our service makes a vital difference. True. We have never said or written the contrary. In addition to changing IP address, which is anyway important in spite of the writer claims, further steps are strictly necessary to prevent profiling, from "separation of identities" to script blocking, from browser fingerprint changes to system settings obfuscation. Our community has widely covered this issue and provided precious suggestions. Here the writer makes a totally irrational shift: first he/she wants to make you think that our service is just a "glorified proxy", then he/she wants to insinuate that our service is useless because it is not some sort of supernatural system capable to protect users from their own behavior and from every possible tracking system which exploits the user system, not the service. The first case is true, and it is very important. However, it is totally false that you can safely rely on a proxy for the second case purpose. Many applications, including torrent software, can: bind to the physical network interface, or do some dangerous UPnPuse UDP (not supported by a proxy)send DNS queries out of the proxyinclude the assigned "real" IP address inside their layer of communications, example: https://blog.torproject.org/bittorrent-over-tor-isnt-good-ideaIn the aforementioned cases, correct usage of our service will fulfill the purpose to never disclose your real IP address and/or the UDP traffic and/or the DNS queries. A proxy will not and you can be potentially tracked back, either by copyright trolls or any hostile entity. Additionally, our service has many more use cases: tunneling UDP traffic (not available with a proxy or Tor)circumventing censorship based on IP addresses blockcircumventing censorship based on DNS poisoningpreventing injection of forged packets (not necessarily available with a proxy even in TCP, and surely not when you need UDP flow integrity)using Tor anyway when Tor usage is blocked or triggers interest of ISP or any hostile entity about youprotecting your identity when the final recipient of your communications is compromised (not available with end-to-end encryption alone, and not available with Tor when you need UDP, imagine if you need to stream a video in real time which requires source identity protection)making your services (web sites, torrent clients, FTP servers for example) reachable from the Internet when your ISP does not allow port forwarding (not available with a proxy), without exposing your IP addresshaving a static exit-IP addressbypassing various types of traffic shapingtunneling simultaneously the traffic of all the devices in your local network, even with remote port forwarding, and even those which can't run OpenVPN provided that you have a device acting as a gateway to the VPN (typical examples a pfSense box or a DD-WRT / AsusWRT / Merlin / Tomato etc. router or any computer configured to work as a router)and maybe you can see more use cases which we have missed here. The fact that the writer omitted all of the above says a lot about his/her competence and/or good faith. This is hilarious, and not only because the whole point of the writer's post ends up into advertising LowEndBox. We will not insult our readers' intelligence with an explanation of why that is a terrible idea when you seek more privacy and some anonymity layer in your interactions with the Internet. Draw your own conclusions. Kind regards and datalove Paolo AirVPN co-founder
  50. 1 point
    We very strongly recommend to not apply this solution for security reasons. Kind regards
×
×
  • Create New...