Jump to content
Not connected, Your IP:


Popular Content

Showing content with the highest reputation since 12/01/21 in all areas

  1. 12 points

    Ukraine Server Future?

    Hello! Unfortunately there's nothing we can do during these grim and tragic days. Russians are actively destroying various infrastructural resources and might enter Kyiv any time. Our deepest sorrow is caused by the uncertain fate of the Ukrainian people. Who cares about a single server, but we will keep operating it, even as a symbol, as long as the infrastructure works, and it will remain displayed in the servers status page with the Ukraine flag. Kind regards
  2. 11 points
    Hello! Today we're starting AirVPN twelfth birthday celebrations offering special, strong discounts on longer term plans. From a two servers service located in a single country providing a handful of Mbit/s, the baby has grown up to a wide infrastructure in 23 countries in four continents, providing now 240,000+ Mbit/s to tens of thousands of people around the world. We still define it as a "baby", but AirVPN is now the oldest VPN in the market which never changed ownership, and it's one of the last that still puts ethics well over profit, a philosophy which has been rewarded by customers and users. During the last year, AirVPN added important features, even according to customers requests: integrated and full WireGuard support on all VPN servers optional lists selection to block spam, ads, trackers and other malicious sources, featuring a unique and fine grained customization which is exclusive on the nowadays market improved inbound remote port forwarding interface and implementation The infrastructure saw a robust power up in Tokyo, where we have now 14000 Mbit/s available (7000 Mbit/s full duplex), with more powerful hardware, and a small addition in Ireland. The VPN servers and the back service ones have had some minor security improvements as well as ordinary system updates as usual. Optimized software, and also WireGuard implementation, allowed our server to deliver high performance more smoothly, thanks to the improved balancing between threads and of course the good WireGuard scalability. On the software side, all AirVPN applications and libraries are still free and open source software released under GPLv3. WirteGuard has been fully integrated in the Desktop edition of Eddie, while Eddie Android edition will support it in the next version which is imminent (a public alpha release will be ready in June). All the applications are continuously developed and updated to provide an even better experience and performance. Kind regards and datalove AirVPN Staff 
  3. 8 points

    My review after ten years

    There has not been a review here for some time so I thought I would add my own. I have only ever used AIRVPN and I have no regrets. I am not tech savvy, I do not know about configuring DNS etc, so I rely on Eddie and for me it works brilliantly. Here is my list of good and bad: Bad: some of the answers you receive to a question are very technical and hard for an average user to understand. It does not seem to be as bad as before, but I remember when I first joined about ten years ago I asked a question and received a response by the staff that seemed like it was written by a lawyer. Sure it answered the question, but another forum member had to explain it to me. As I said, this doesn’t seem to be so much the case now, at least not in my experience. Secondly for me is the Vancouver servers are always maxed out at night, I live in British Columbia and wish to use a close server, but often I have to use the Southern USA servers. Well that is it, can I come up with something else? I could sit here and say “five eyes etc” but I won’t, to me it doesn’t matter. Good: First the cost, if you get it during sales you can obtain a three year subscription for about the cost of one and a half years, good deal. Secondly is the Eddie interface, if you have no clue what you are doing the GUI is wonderful, easy to use just select a server and go. Third is the DNS configurations, being able to block adult and gambling sites is great, I have been using other DNS servers to block this stuff but have recently discovered I can nuke it all using AIRVPN and if a site gets through you can add it easily, I have no clue how to do that with the other ones you would configure via your router. Fourth is the speed. I am on wireless and I receive speeds of about 90-95% with tcp. At first I was only receiving about 10% of my speed and wanted my money back but the staff here contacted me and asked if we could troubleshoot first, an email or two later and all was correct. Fifth is the community. If you are unsure about something you can post a question and you will receive a respectful answer, even if the question may be considered dumb (for lack of better words) to some users. So all in all I am a happy AIRVPN user and I think I am safe and secure with them. That they are run by activist and not people just wanting to make bags of cash is a stellar selling point. I hope this helps anyone who reads it and my be considering whether or not to obtain a subscription. I am more than willing to answer questions if you have any.
  4. 8 points

    New 1 Gbit/s server available (IE)

    Hello! We're very glad to inform you that a new 1 Gbit/s full duplex server located in Dublin, Ireland, is available: Minchir. The AirVPN client will show automatically the new server; if you use any other OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637 UDP for WireGuard. Minchir supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/minchir Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team
  5. 7 points
    Hello! The error here is different. OpenSSL 3 doesn't accept certificates signed through SHA1. Since 2017 we have been signing client certificates with SHA512 and you have a pair generated in 2016. We don't force the renewal to avoid sudden and unexpected disconnections to our unaware users. Thank you, you're a long time customer indeed! Please: log your AirVPN account in to the web site click "Client Area" from the upper menu click the "Devices" button click your client/key pair "Details" button click "Renew" from Eddie main window uncheck "Remember me", log your account out and then in again (you will have to re-enter your AirVPN account credentials) and the problem will get resolved. Detailed instructions here: https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/ Kind regards
  6. 7 points

    No log4j vulnerability here

    Hello! We would like to inform you that we have never used the Apache Logging Services and/or Java in general, so any Log4j vulnerability, CVE-2021-44228 included (overall CVSS score 10.0 - critical) doesn't affect AirVPN web site or anything related to AirVPN. https://nvd.nist.gov/vuln/detail/CVE-2021-44228 Kind regards and datalove AirVPN Staff
  7. 6 points

    Eddie Desktop Edition 2.21.6 released

    Eddie 2.21.6 Desktop Edition released Hello! We're very glad to inform you that a new stable release of Eddie is now available for Linux (various ARM based architectures included, making it compatible with several Raspberry Pi systems), Mac, Windows. Special thanks to all the beta testers, whose invaluable contributions and suggestions in the last 9 months have helped developers fix several bugs and improve the overall stability of the software. Eddie is a free and open source (GPLv3) OpenVPN GUI and CLI by AirVPN with many additional features such as: traffic leaks prevention via packet filtering rules DNS handling optional connections over Tor or a generic proxy customizable events traffic splitting on a destination IP address or host name basis complete and swift integration with AirVPN infrastructure with OpenVPN and WireGuard white and black lists of VPN servers ability to support IPv4, IPv6 and IPv6 over IPv4 What's new in Eddie 2.21.6 WireGuard support including thorough and swift integration with AirVPN enhanced wintun support in Windows, resolving TAP driver adapter issues and boosting performance, and now set by default as a replacement of TAP driver (which remains optionally available) updated Hummingbird 1.2.0 support in Linux and macOS for increased performance (up to 120% boost in macOS i7 and M1 systems when compared against OpenVPN 2) new ping engine updated Portable and AppImage bundles for improved Linux distributions compatibility constant monitoring of resolv.conf in Linux to mitigate and resolve DNS interference refined network interface management and driver detection in Windows bootstrap servers IPv6 address support unquoted service fix aimed at security hardening in Windows updates of all underlying linked libraries as well as dynamic link against some libraries providing enhanced robustness resolution of memory leaks in Windows starting to occur after numerous usage hours several bug fixes Operating and architectural notes Eddie GUI and CLI run with normal user privileges, while a "backend" binary, which communicates to the user interface with authentication, gains root/administrator privileges, with important security safeguards in place: strict parsing is enforced before passing a profile to OpenVPN in order to block insecure OpenVPN directives external system binaries which need superuser privileges (examples: openvpn, iptables, hummingbird) will not be launched if they do not belong to a superuser Eddie events are not run with superuser privileges: instead of trusting blindly user's responsibility and care when dealing with events, the user is required to explicitly operate to run something with high privileges, if strictly necessary Backend binary is written in C++ on all systems (Windows included), making the whole application faster. Settings, certificates and keys of your account stored on your mass storage can optionally be encrypted on all systems either with a Master Password or in a system key-chain if available. Download Eddie 2.21.6 Eddie 2.21.6 can be downloaded here: https://airvpn.org/linux - Linux version (several architectures and various distribution specific packages for easier installation) https://airvpn.org/macos - Mac version https://airvpn.org/windows - Windows version Eddie is free and open source software released under GPLv3. Source code is available on GitHub: https://github.com/AirVPN/Eddie Complete changelog can be found here. Kind regards & datalove AirVPN Staff
  8. 5 points

    RT blocked from some EU servers

    Hello. Absolutely not. Censorship of any legal free speech is totally unacceptable and must be completely rejected in all cases. If you prevent other people from speaking, you are no better than the ones you claim to be protecting other people from.
  9. 5 points

    Two new 1 Gbit/s servers available (JP)

    Hello! We're very glad to inform you that two new 1 Gbit/s full duplex servers located in Tokyo, Japan, are available: Albaldah and Bharani. The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and port 1637 UDP for WireGuard. Albaldah and Bahrani support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check servers status as usual in our real time servers monitor: https://airvpn.org/servers/albaldah https://airvpn.org/servers/bharani Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team
  10. 5 points
    Hi there, I really love your service and will renew with the next big sale event. Being able to pay with crypto currencies is a must in the industry nowadays I find. I am glad you accept a variety of different currencies, especially Monero. Bitcoin payments are oftentimes prohibitively expensive due to high mining fees to get into the next block. Also they can take a long time if the mempool is overflowing with unprocessed transactions. It would be great if you could also accept payments over the lightning network which makes transactions instant and final for you, basically free for me to send and my service can be instantly activated instead of having to wait a certain amount for blocks to be mined. Integrating lightning payments is easy, free and secure. And even comes with some privacy improvements over regular Bitcoin transactions, so that nobody knows who paid you. please consider adding lightning support to make paying with Bitcoin cheaper, faster and more private while also reducing the load on the main blockchain. Resources like BTCpay Server make it easy to accept lightning payments along regular on-chain transactions all without a third party. Thank you so much, I am looking forward to opening a channel to you ! ☺️
  11. 4 points
    Huge chart showing VPN relationships, owners, etc. Very interesting to see how many VPNs are actually owned and controlled. The best ones (including Air) are on the top right. https://embed.kumu.io/9ced55e897e74fd807be51990b26b415#vpn-company-relationships/control-d
  12. 4 points

    Server replacement (LV)

    Hello! We inform you that the following servers in Latvia: Meissa Phact Schedir Shaula have become suddenly nonoperational because the upstream of our provider blocked all traffic. They should come back online within a couple of days, due to new deals with a new transit provider. However, all IP addresses will change. We have decided that this is a good moment to switch to new lines and servers: we are changing the previous 100 Mbit/s lines with 1 Gbit/s lines and ports, and replacing the hardware with more powerful CPU. The four 100 Mbit/s servers will be replaced by three 1 Gbit/s servers. Location will not change, the new servers will be in Riga. We should be able to announce the new servers in the next days. EDIT 2022/02/02: replacement has been completed. Kind regards and datalove AirVPN Staff
  13. 3 points
    Hello! We're very glad to inform you that Eddie Android edition 3.0 preview is now available. UPDATE 2022-07-08: Eddie Android edition 3.0 Alpha 2 is now available. UPDATE 2022-07-28: Eddie Android edition 3.0 Alpha 3 is now available. UPDATE 2022-09-02: Eddie Android edition 3.0 Beta 1 is now available. UPDATE 2022-09-12: Eddie Android edition 3.0 Beta 2 is now available. UPDATE 2022-10-14: Eddie Android edition 3.0 Beta 3 is now available. UPDATE 2022-11-04: Eddie Android edition 3.0 Beta 4 is now available. UPDATE 2022-11-14: Eddie Android edition 3.0 Release Candidate 1 is now available UPDATE 2022-12-01: Eddie Android edition 3.0 has been released Eddie 3.0 preview features WireGuard full integration with AirVPN, a thorough improvement on network management to provide additional robustness on network switching and re-connections, an exclusive option to access local network even when connecting over WireGuard and a dark theme. According to our tests, on most Android devices, when compared with OpenVPN3-AirVPN library or OpenVPN3 and on agnostic networks, performance is remarkably higher and battery life is approximately 15-20% longer, even when the throughput is slightly higher. You can download Eddie Android 3.0 RC 1 APK directly from our repository or from the Google Play Store: https://airvpn.org/forums/topic/29660-using-airvpn-with-eddie-client-for-android/ Please note that Eddie 3.0 is not yet available on the Amazon Store. It should be updated in a few business days. To those who will decide testing: thank you so much! Please report any bug and problem in this thread. If possible generate a report from the app. You will find a new feature: by tapping the arrow icon on the Log view bar rightmost side you will generate a full system report which will include both log and logcat and have it sent to our servers. Then you just need to send us the link the app shows you (open a ticket if you prefer to do it in private). Important: if you run Android 8 or higher version, we strongly recommend that you activate Always on VPN and Block connection without VPN (aka VPN Lockdown) from Android advanced per app VPN settings That's the most secure method to prevent traffic leaks in various circumstances. If you run Android 7 or older versions and you set Eddie to connect through WireGuard, a best effort is made to prevent leaks, but it may not be as effective as Android 8 and higher versions mentioned settings. Finally, keep in mind that Android TV suffered the Always On VPN feature amputation, therefore Eddie start & connection at bootstrap are not possible from Android TV 10 and higher versions. Older versions can still run Eddie during the bootstrap and have it connected. Furthermore, a totally effective leaks prevention is hindered when you use WireGuard on Android TV, although Eddie will always perform a best effort to prevent them. Main features (new features in bold): Free and open source WireGuard and OpenVPN GUI based on latest OpenVPN3-AirVPN library (free and open source software library by AirVPN) and official WireGuard native library full WireGuard integration with AirVPN improved network change management optional access to local network even when connecting over WireGuard (local network tunneling exemption) dark theme revamped quick connection algorithm one-tap pre-connection switch from WireGuard to OpenVPN 3 and vice-versa easy system report (log and logcat) one-tap generation and delivery to our servers ability to connect to any service via WireGuard and OpenVPN profiles OpenVPN3-AirVPN 3.8.2 library inked against OpenSSL 1.1.1r Full compatibility up to Android 13 Full compatibility with Android TV 10, 11 and 12 ChaCha20-Poly1305 and AES-GCM support on both OpenVPN Control and Data channel Robust, best effort prevention of traffic leaks outside the VPN tunnel with OpenVPN Totally effective prevention of traffic leaks outside the VPN tunnel with WireGuard and OpenVPN on Android 8 and higher versions Battery-conscious application Low RAM footprint Ergonomic and friendly interface Ability to start and connect the application at device boot Option to define which apps must have traffic inside or outside the VPN tunnel through white and black list Localization in simplified and traditional Chinese, Danish, Dutch, English, French, German, Italian, Portuguese, Russian, Spanish, Turkish Full integration with AirVPN Enhanced security thanks to locally stored encrypted data through optional master password Quick one-tap connection and smart, fully automated server selection Smart server selection with custom settings Manual server selection Ability to start and connect during device startup according to a priority list which includes automatic choice, your defined country and your defined AirVPN server Smart attempts to bypass OpenVPN blocks featuring protocol and server fail-over Full Android TV compatibility including D-Pad support. Mouse emulation is not required. Enhancements aimed at increasing accessibility and comfort to visually impaired persons AirVPN servers sorting options Customizable "Default", "Favorite" and "Forbidden" servers and countries OpenVPN/WireGuard mimetype support to import profiles from external applications Multiple OpenVPN/WireGuard profile support and management Support for custom bootstrap servers Support for favorite and forbidden countries AirVPN broadcast messages support User's subscription expiration date is shown in login/connection information The app is aware of concurrent VPN use. in case another app is granted VPN access Eddie acts accordingly and releases VPN resources Optional local networks access. In such a case, local network devices are exempted from the VPN and can be accessed within the local devices Localization override. User can choose the default language and localization within the app and have them changed live (no need to re-start the app) Favorite and forbidden lists can be emptied with a single tap Ability to directly select an AirVPN area (country, continent, planet) to connect to VPN re-connection after unexpected disconnection (VPN Lock must be disabled) VPN concurrency management Full integration with VPN traffic leaks prevention by system in Android 7 or higher version User can generate or save a profile for any AirVPN server or country and save it in the internal OpenVPN/WireGuard profile manager or export it On the fly language change allowing to switch language without re-starting application Exclusive optional VPN lock in case the device cannot take advantage of Android's VPN direct management (Android 5 and 6) Server scoring algorithm implementing the latest AirVPN balancing factors in order to determine the best server for quick connection Network name and extra information are shown along with network type Device network status management Fully compatible with Android TV 5.1 and higher versions bug fixes and general architectural improvements Kind regards & datalove AirVPN Staff
  14. 3 points

    [ENDED] Spooky Hallowen 2022 deals

    Hello! We reluctantly have to announce gloomy news to you all: Spooky Halloween Deals are now available in AirVPN... Save up to 74% on AirVPN longer plans (*) (*) When compared to 1 month plan price Check all plans and discounts here: https://airvpn.org/plans If you're already our customer and you wish to jump aboard for a longer period any additional plan will be added on top of already existing subscriptions and you will not lose any day. Every plan gives you all the features that made AirVPN a nightmare for snoopers and a scary service for competitors. Just check this frighteningly long list of terrific features if you dare: a clear mission without compromises https://airvpn.org/mission WireGuard support exclusive and very flexible, opt-in block lists against malware and other hostile entities. Pick predefined lists, add exceptions or additional blocks, define your own lists, or just use our totally neutral DNS by default improved API functions to let you control and configure VPN features and account settings active OpenVPN 3 AirVPN library open source development IPv6 support, including IPv6 over IPv4 configurable remote port forwarding refined load balancing to squeeze every last bit per second from VPN servers free and open source software for Android, Linux, Mac and Windows easy "Configuration Generator" web interface for access through third party software guaranteed minimum bandwidth allocation GDPR compliance and very high privacy protection standards no log and/or inspection of clients' traffic effective traffic leaks prevention by AirVPN software Tor support via AirVPN software on Linux, Mac and Windows various cryptocurrencies accepted without any intermediary no obligation to use our free and open source software to enter AirVPN infrastructure. Interoperability is an AirVPN priority. perfectly clear and easy to read Privacy Notice and Terms https://airvpn.org/privacy No tricks, only treats! Grim regards & datathrills AirVPN Staff
  15. 3 points
    Hello! We're very glad to inform you that Eddie Android edition 3.0 Beta 3 is now available. The original post has been updated accordingly. New in Beta 3: objects management change in order to prevent Android GC from destroying them and causing various issues while Eddie is connected through WireGuard and swiped out latest OpenVPN3-AirVPN library, linked against OpenSSL 1.1.1r bug fixes resolving app crashes after peculiar actions minor bug fixes The first change is critically important and resolves the multiple problems reported both in the current thread and privately. When Eddie 3.0 preview up to beta 2 version is connected via WireGuard and swiped out, if you recall Eddie after some time (especially but not exclusively when the device screen had been turned off or the device had been locked), you may find it reporting incorrect status, reset and stuck connection statistics, quick connection button frozen. All the problems affect every previous Eddie 3.0 preview version, in every Android version, only with WireGuard connections, and have a single common cause which was finally found. The latest beta 3 resolves the whole issue according to our tests. If you experienced any of the above problems we warmly invite you to test again in the same conditions and report back. Find full description, download link and SHA256 signature in the first post of this very thread. Thank you very much for your tests and please report and describe any bug you find! Kind regards
  16. 3 points
    This is normal for Google. Since geoIP is such a mess, they don't completely trust what geoIP databases report. Instead they use the data they get from browsers visiting from each IP and try to guess if some IP is now being used elsewhere. Since Russia is currently heavily censoring internet access, AirVPN likely has a lot of Russian users who happen to be using NL servers. Google detects a lot of users with Russian locale are using NL node IPs -> they start offering Russian site by default. Not sure if there are workarounds for this, other than logging in. But this is not a sign of compromise, so no need to be paranoid. If Russia really was listening, they wouldn't route traffic through Russia. ;)
  17. 3 points
    To build on that, AES can even be found in ARM CPUs nowadays, especially those supporting aarch64. To answer Mr. Mas99's question about what the more secure cipher is, it's ChaCha20-Poly1305. For performance and, as written, with availability of AES instruction sets in CPUs, AES-256-GCM should be preferred. CBC should not be used. Compared to AES, ChaCha20 is more resilient against certain kinds of attacks. For example, AES can be attacked with a carefully built timing-based attack in software. Some cryptographically interesting characteristics of AES render it slightly more prone for collision attacks, too. ChaCha20 solves those problems at least. In the end, abusing this is still quite an ordeal, so AES is still a good choice. About CBC vs. GCM, both XOR ("randomize") the plaintext, but in different ways. CBC XORs the plaintext with the preceding cipherblock (hence the name Cipher Block Chaining) and encrypts that. An attacker would know the previous cipherblock, though, and the ciphertext depends on that data. GCM maintains something like a counter, an internal variable, and encrypts this, then XORs it with the plaintext. An attacker can't know this internal variable on which the ciphertext depends, therefore, GCM offers inherited security.
  18. 3 points

    AirVPN is sweet!

    Just wanted to say that out of all the VPNs I've tried, this one is the one. Lot's of control, extra features a lot of VPNs lack, and at prices that are nice. Those big VPNs are just bleh.
  19. 3 points
    For your comfort and peace of mind, check with traceroute (tracert in Windows) or mtr, and/or access various end points which tell you the IP address your packets come from. Typical speed tests sites and "what is my address" web services are perfect. Compare the IP address you get with the supposed exit-IP address of the VPN server you're connected to and verify they match. Finally, query the IANA database (with whois) for a final cross-check. Repeat multiple times for each server to minimize the likelihood that you end up to services which are accomplices of the attackers and therefore mask your IP address making you believe that you have a perfectly fine IP address while in reality your packet has come out from inside the evil Russian network. As a welcome and smart side-effect, while the attackers could do nothing with the data in transit inside their nodes because of end-to-end encryption, a re-routing of such a kind which would add an additional exit node would turn infringement notices against us exactly to zero, and alas this is not what we observe, not at all 🙄. We have never met such kind and gentle attackers, unfortunately. Kind regards 😋
  20. 3 points
    Small update regarding setting up AirVPN in DSM 7.1: 1. it runs OpenVPN 2.5.4, so no need to select OpenVPN < 2.4 in the config generator. 2. DSM 7.1 requires that one fill in a username and password - just put some random rubbish.
  21. 3 points

    ANSWERED Ubuntu 22.04.1 LTS & Eddie 2.21.8

    Thanks. It works with this solution : Please: log your AirVPN account in to the web site click "Client Area" from the upper menu click the "Devices" button click your client/key pair "Details" button click "Renew" from Eddie main window log your account out and then in again and the problem will get resolved. Great !
  22. 3 points

    VPN companies relationship mesh

    Yes, a very nice one. Apparently it is perfectly formulated, because it's 100% true and accurate, and it's not formulated here, but there. It's mentioned because Crossrider/Kape was founded by a member of Unit 8200, a cyber spy agency, and its (Crossrider's) primary business was facilitating malware and computer infections. Recently it acquired major VPNs (such as Private Internet Access, Express VPN and CyberGhost) as well as review web sites. In reality in the FT article you mention you can read the interview to Lempert (chairman of the Unit 8200 alumni association and CEO of MER mobile comms group) who claims that 8200 is focusing (the article is 7 years old) on huge data mining, which is exactly extensive surveillance of the Internet, and we could also mention the documents leaked by Snowden, which revealed how Unit 8200, referred to as ISNU, receives raw, unfiltered data of U.S. citizens, as part of a secret agreement with the NSA. https://en.wikipedia.org/wiki/File:Israel_Memorandum_of_Understanding_SIGINT.pdf Are US citizens "bad neighbors" too? Anyway. It's irrelevant whether the purposes of Kape match those of Unit 8200. Kape could be or not a puppet of 8200, you don't know and we don't know, and perhaps it's not, and still that's not the point. The relevance of a member of 8200 founding a company spreading malware and now controlling VPN is the relationships and competence acquired by that member during his/her previous job, used against citizens unconditionally, since Kape operated essentially in browser hijacking, ad injectors and other remunerative computer infections worldwide. Remember for example Gericke ("strangely", he is also ExpressVPN CIO), Adams and Baier: they used their great competence acquired while they worked for US intelligence agencies to assist UAE regime to crack journalists, activists, monarchy political opponents phones and computers, to help UAE suppress or control any possible dissident or uncomfortable journalist. Officially it was not CIA or USIC interest to do that (and actually all three of them have been charged by DoJ for that "job") but anyway they greatly succeeded in their UAE job because they were trained by and had the knowledge of and access to certain technology from their former employers. https://www.justice.gov/opa/pr/three-former-us-intelligence-community-and-military-personnel-agree-pay-more-168-million Kind regards
  23. 3 points
    Hello! Very interesting analytical and investigative work by Windscribe disclosing ties (even hidden ones) between VPN companies, publishers, review web sites. Click on node icons to read more details. Very sinister situation at a glance. Note for example how Crossrider (now Kape), well known malware company co-founded by a member of israeli Defense Forces Unit 8200, nowadays controls major VPNs and review web sites: https://embed.kumu.io/9ced55e897e74fd807be51990b26b415#vpn-company-relationships/control-d Kind regards
  24. 3 points

    AirVPN Servers blacklisted

    Hello! The main reason of complaints and black list presence of IP addresses are attacks via HTTP(S) and spam mails. A server with blocked outbound ports 80 and 443 blocked would be avoided by anyone, we think, while we might consider to block outbound ports 465 and 587 (outbound port 25 is already blocked on all servers) and renounce to our fight to defend net neutrality. This will require however a mission as well as Terms of Service modification, as noted by @OpenSourcerer , so it's not a viable solution for the current management administration and the contracts with our current users. Out there you can already find tons of VPNs which violate net neutrality by inspecting your traffic and blocking (or shaping) applications, protocols and ports. Or you can just use your own ISP. The peculiarity of AirVPN is that it doesn't enforce that rubbish.. If one asks for traffic inspection, ports blocking and so on and so forth to get a "cleaner" IP address, then he/she probably "deserves" a pervasive surveillance and must take into account that his/her personal information and his/her behavior will be sooner or later used against him/her, as it already happened to millions and millions of people around the world in the last years. Kind regards
  25. 3 points

    ANSWERED Server issue?

    I am seeing very slow DNS resolution on Lich (US) while Haedus and Iklil are solid and quick. I am using Wireguard in Eddie 2.21.6. The server page for Lich shows nothing amiss so not sure.
  26. 3 points
    EDIT: problem has been resolved around 12.00 2022-06-16 UTC Hello! We're sorry to inform you that a PayPal ongoing malfunction is causing a serious issue with purchase validations and plan activation. IPN (Instant Payment Notification) is not sent, so we must validate PayPal payments manually one by one. PayPal has been notified hours ago. We apologize for the delayed activation but the problem is out of our responsibility and control. Hopefully PayPal will resolve the problem very soon. If you have paid via PayPal and you don't see your plan activation within a few hours feel free to open a ticket as we are struggling to keep the pace on the long run. If you are reading this message before you made a purchase, please consider to pay via Stripe, Amazon Pay or Bitcoin for a faster and automated plan activation. This thread will be updated as new information comes in. Kind regards
  27. 3 points
    tray-icon under Linux will be reactivated at the next release (experimental), under testing, expected next week. Please have patience.
  28. 3 points

    RT blocked from some EU servers

    As someone who has worked internationally, I get my news from multiple sources: DW(Germany), The National(UAE), Global Times (China), Citizens Free Press (US), along with several others. THEY ALL HAVE PROPAGANDA. So what's important to me is to "triangulate" on the truth as much as possible. It's pretty easy to detect most of the bulls$^&t, but there is some sneaky stuff out there that no one will know unless you're on the inside. Anyway, the point is that there's no single source of "truth". It's best to gather as many of what appears to be the facts, and make your own mind up. All of that said, I had rt.com as one of my news sources too, so I'm bummed I can't see it now.
  29. 3 points

    Does VPN node country matter?

    There's no limitation on which servers are "allowed" to be torrented over, something I didn't quite understand with other competitors. Just pick one, everyone works.
  30. 3 points

    Auth Failed

    @PortlyNinja @tgiby3 Hello! Each time you renew your client key and certificate in your account "Devices" panel you need to log your account out and in again from Eddie main window, as you might have read in the instructions. In this way you force Eddie to download the new pairs. If Eddie sends an expired certificate you will get AUTH_FAILED from the VPN server, and not from the infrastructure, so no message is visible in the Client Area, in spite of the wrong suggestion by Eddie, we're sorry. The TAP driver is the driver which handles the virtual network interface used by OpenVPN. Only administrators, according to system default settings and ordinary practice in the last decades, can install system drivers. Windows lacks any such driver so it needs this additional installation of some third-party tun/tap driver for the tun/tap interfaces .The wintun driver, which is supported by OpenVPN 2.5 and higher versions, and by Eddie, is a more modern driver to drive the tun/tap interfaces. If you have issues caused by the TAP driver, including poor performance, try the wintun driver. You can activate it from Eddie's "Preferences" > "Advanced" window: check "Use wintun driver", click "Save" and re-start Eddie. Kind regards
  31. 3 points

    New 1 Gbit/s server available (IE)

    That's very true. I don't have any problem with M247 as a company, it's just that it would be nice to support AS diversity to help get around blocks. AS 9009 is commonly blocked due to the abuse that often comes from it.
  32. 3 points

    AirVPN vs ProtonVPN.

    With all due respect for an old time customer like you, comparing AirVPN with ExpressVPN is an insult we can't accept. ExpressVPN has always been perfectly aware that one of its executives was an American intelligence operative who helped UAE human rights hostile government in cracking operations. We do agree with Edward Snowden when he says that you must not use ExpressVPN. Incidentally, ExpressVPN is now part of a big group that, throughout the past decade, was an adware based business with shady privacy practices. Please check: https://www.vice.com/en/article/3aq9p5/expressvpn-uae-hacking-project-raven-daniel-gericke https://twitter.com/josephfcox/status/1438127822883729412 https://twitter.com/Snowden/status/1438291654239215619 https://www.theregister.com/2021/09/14/expressvpn_bought_kape/ Kind regards
  33. 3 points
    Wow, a guide! Thank you very much for the work you put into it. I'll probably test it out one of these days. This is false. It is available and working as intended on Linux. This is true, though. But in all fairness, most directives in OpenVPN refer to v4 only. One thing came to mind when I read this:
  34. 3 points
    AIRVPN DOES NOT RECOGNIZE ANYMORE VERISIGN, AFILIAS AND ICANN AUTHORITY. OUR COMMITMENT AGAINST UNITED STATES OF AMERICA UNFAIR AND ILLEGAL DOMAIN NAMES SEIZURES. The United States of America authorities have been performing domain names seizures since the end of 2010. The seizures have been performed against perfectly legal web-sites and/or against web-sites outside US jurisdiction. Administrators of some of those web-sites had been previously acquitted of any charge by courts in the European Union. The domain name seizures affect the world wide web in its entirety since they are performed bypassing the original registrar and forcing VeriSign and Afilias (american companies which administer TLDs like .org, .net, .info and .com) to transfer the domain name to USA authorities property. No proper judicial overview is guaranteed during the seizure. Given all of the above, we repute that these acts: - are a violation of EU citizens fundamental rights, as enshrined in the European Convention on Human Rights; - are an attack against the Internet infrastructure and the cyberspace; - are a strong hint which shows that decision capacities of USA Department of Justice and ICE are severely impaired; and therefore from now on AirVPN does not recognize VeriSign, Afilias and/or ICANN authority over domain names. AirVPN refuses to resolve "seized" domain names to the IP address designated by USA authorities, allowing normal access to the original servers' websites / legitimate Ip addresses. In order to fulfil the objective, we have put in place an experimental service which is already working fine. If you find anomalies, please let us know, the system will surely improve in time. Kind regards AirVPN admins
  35. 3 points

    VPNs - Caught in Lying!?!

    @arteryshelby We do not log and/or inspect our customers' traffic. Since 2010 you can't produce any single case, and not even the slightest clue, in which the identity of an AirVPN customer has been disclosed through traffic log and/or inspection and/or any other invasive method. It means a lot, given that various younger VPN services have been caught lying (ascertained court cases) and that AirVPN is now the oldest still active VPN service, with the exception of a minor service which anyway changed ownership twice in the last 12 years. By the way we have never asked our customers to blindly believe in our words. We do not block Tor and we even integrate its usage in our software, so you can be even safer if you can't afford to trust us OR some datacenter. For example you can use Tor over OpenVPN, to hide Tor usage to your country and ISP, and at the same time hide your traffic real origin, destination, protocol etc. to us and the datacenter the server is connected into. Last but not least, we invest a lo of money in Tor infrastructure and in 2017, 2018 and 2019 more than 2.5% of global world Tor network traffic transited on Tor exit-nodes paid by AirVPN. It is an important achievement we're proud of, and it hints to good faith. Kind regards
  36. 2 points

    Linux: AirVPN Suite 1.2.0 available

    Hello! We're very glad to inform you that AirVPN Suite version 1.2.0 is now available. Check supported systems below UPDATE 15 Feb 22: Release Candidate 1 is available UPDATE 08 Mar 22: Release Candidate 2 is available UPDATE 17 Mar 22: Release Candidate 3 is available 24 Mar 22: Production release is available The suite includes: Bluetit: lightweight, ultra-fast D-Bus controlled system daemon providing full connectivity and integration to AirVPN servers, or generic OpenVPN servers. Bluetit can also enforce Network Lock and/or connect the system to AirVPN during the bootstrap Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN servers Hummingbird: lightweight and standalone binary for generic OpenVPN server connections What's new in 1.2.0 bug fix: white and black lists are now handled more properly by quick connection mode with new logical approach bug fix: comma in password is now parsed correctly when entered in bluetit.rc bug fix: Hummingbird network restore function works properly when hummingbird.lock file is missing but DNS and firewall rules have their backup copies to be recovered bug fixes in --pause, --resume, --reconnect options refinements in logging in automatic network lock mode, nftables takes precedence over iptables if nft userland utility exists DNS handling improvements with certain systemd-resolved wortking modes added support for zstd and gzip compressed kernel modules IPv6 bootstrap servers enhanced support update of all support libraries, including OpenVPN-AirVPN Please check the changelog at the end of this post for detailed information. Thank you very much for your tests and please report any bug, glitch, malfunction etc. in this thread! Packages Please note that the Suite is no more built for i686 systems (32 bit architecture). If you need the Suite for such systems please run 1.1.0 release in the meantime and contact us in this thread or through a ticket. Packages can be downloaded from our web site page https://airvpn.org/linux/suite/ AirVPN Suite is released under GLPv3. Source code and repository: https://gitlab.com/AirVPN/AirVPN-Suite AirVPN Suite changelog Changelog for AirVPN Suite Version 1.2.0 - 22 March 2022 [ProMIND] production release Version 1.2.0 RC 3 - 17 March 2022 [ProMIND] updated to OpenVPN3 AirVPN 3.8.1 [ProMIND] vpnclient.hpp: changed references of ClientAPI::OpenVPNClient class to ClientAPI::OpenVPNClientHelper to conform to the new OpenVPN3 client class names [ProMIND] vpnclient.hpp: added private members event_error and event_fatal_error to reflect client's event errors [ProMIND] vpnclient.hpp: added public methods eventError() and eventFatalError() [ProMIND] vpnclient.hpp: get_connection_stats() added topology, cipher, ping and ping_restart values from OpenVPN3 options Version 1.2.0 RC 2 - 8 March 2022 [ProMIND] vpnclient.hpp: added methods init(), initSupportedDataCiphers(), isDataCipherSupported() and getSupportedDataCiphers() [ProMIND] vpnclient.hpp: added cipher member to struct EventData [ProMIND] vpnclient.hpp: added getPushedDns() method [ProMIND] airvpntools.cpp: added normalizeBoolValue() method for the normalization of "simple" bools to extended values conforming to Suite's option parser and to be used to extend OpenVPN3 "simple" bool options [ProMIND] logger.hpp: flushLog() is now synchronized and thread safe by using a semaphore Version 1.2.0 RC 1 - 15 February 2022 [ProMIND] Updated to OpenVPN 3.7.2 AirVPN Version 1.2.0 Beta 1 - 7 February 2022 [ProMIND] updated to OpenVPN 3.7.1 AirVPN and latest support libraries and support projects [ProMIND] vpnclient.hpp: added methods openVPNInfo(), openVPNCopyright() and sslLibraryVersion() [ProMIND] vpnclient.hpp: added event management (subscription, unsubscription, raising) via callback functions for all native ClientEvent::Type [ProMIND] loadmod.c: added support for gz and zstd modules [ProMIND] netfilter.cpp: changed firewall priority scheme into nftables, iptables-legacy, iptables, pf [ProMIND] netfilter.cpp: added workaround for iptables modules in order to comply to kernel 5.15.x [ProMIND] netfilter.cpp: init(): in case netlock is set to iptables, force the initial loading of system rules by adding and then immediately removing two IPv4 and IPv6 "fake rules" in order to have netlock work in distributions running under kernel 5.15.x and iptables 1.8.7 [ProMIND] dnsmanager.cpp: systemHasResolved() method renamed as systemHasSystemdResolved() [ProMIND] dnsmanager.cpp: added systemHasResolvectl() method [ProMIND] optionparser.cpp: added description and order members to OptionConfig and Option structures [ProMIND] airvpntools.cpp: added automatic support and selection for AirVPN IPv6 bootstrap servers [ProMIND] airvpnserverprovider.cpp: getFilteredServerList() includes all AirVPN server. Those not meeting the connection priority scheme are sent to the bottom of the list with the highest possible penalty. This is needed in case the country black list includes all of the connection priority scheme's countries *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog for Bluetit Version 1.2.0 - 22 March 2022 [ProMIND] production release Version 1.2.0 RC 3 - 17 March 2022 [ProMIND] do not check for supported ciphers in OpenVPN config file in case eval.cipher is empty [ProMIND] establish_openvpn_connection() returns false in case of client's event error or fatal error [ProMIND] connection and connection stats threads are now stopped by dedicated functions stop_connection_thread() and void stop_connection_stats_thread() respectively [ProMIND] improved error management at connection time Version 1.2.0 RC 2 - 8 March 2022 [ProMIND] Added list_data_ciphers dbus method [ProMIND] Added list_pushed_dns dbus method [ProMIND] Check and validate requested data cipher according to VpnClient's supported ciphers [ProMIND] Shows server information summary at the end of connection process via VpnClient connected event [ProMIND] Normalized (extended) bool values for options allowuaf, compress and network-lock Version 1.2.0 RC 1 - 15 February 2022 [ProMIND] Same as Beta 1 Version 1.2.0 Beta 1 - 7 February 2022 [ProMIND] White and black lists are now properly checked when connecting to an AirVPN server or country [ProMIND] In case there are white lists defined, quick connection will ignore the connection scheme priority [ProMIND] Added "africa" and "oceania" to continent/country connection process [ProMIND] Added SSL library version to startup log [ProMIND] Removed ipv6 option and replaced with allowuaf option (Allow Unused Address Families) in order to comply to the new OpenVPN3 specifications [ProMIND] Added DBus method ssl_library_version [ProMIND] btcommon.hpp: added normalized client options and descriptions [ProMIND] add_airvpn_bootstrap_to_network_lock(): added support for AirVPN IPv6 bootstrap servers *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog for Goldcrest Version 1.2.0 - 22 March 2022 [ProMIND] production release Version 1.2.0 RC 3 - 17 March 2022 [ProMIND] Update connection statistics to the latest Bluetit specifications Version 1.2.0 RC 2 - 8 March 2022 [ProMIND] Added --list-data-ciphers option [ProMIND] Added server information summary to statistics output [ProMIND] Normalized (extended) bool values for options allowuaf, compress and network-lock Version 1.2.0 RC 1 - 15 February 2022 [ProMIND] Reassigned short option "Q" to long option "air-key-load" Version 1.2.0 Beta 1 - 7 February 2022 [ProMIND] Removed ipv6 command line option and replaced with allowuaf option (Allow Unused Address Families) in order to comply to the new OpenVPN3 specifications [ProMIND] Added OpenVPN copyright information and SSL library information to the welcome message [ProMIND] Changed usage() in order to use the new normalized option format *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog for Hummingbird Version 1.2.0 - 22 March 2022 [ProMIND] production release Version 1.2.0 RC 3 - 17 March 2022 [ProMIND] updated to OpenVPN3 AirVPN 3.8.1 [ProMIND] do not check for supported ciphers in OpenVPN config file in case eval.cipher is empty [ProMIND] changed references of ClientAPI::OpenVPNClient class to ClientAPI::OpenVPNClientHelper to conform to the new OpenVPN3 client class names [ProMIND] replaced calls to removed OpenVPN client's eval_config_static() with ClientAPI::OpenVPNClientHelper::eval_config() Version 1.2.0 RC 2 - 8 March 2022 [ProMIND] Added --list-data-ciphers option [ProMIND] Check and validate requested data cipher according to VpnClient's supported ciphers [ProMIND] Normalized (extended) bool values for options allowuaf, compress and network-lock Version 1.2.0 RC 1 - 15 February 2022 [ProMIND] Updated to OpenVPN 3.7.2 AirVPN Version 1.2.0 Beta 1 - 7 February 2022 [ProMIND] updated to OpenVPN 3.7.1 AirVPN and latest support libraries and support projects [ProMIND] Added SSL library version to version message [ProMIND] Removed ipv6 command line option and replaced with allowuaf option (Allow Unused Address Families) in order to comply to the new OpenVPN3 specifications [ProMIND] Added OpenVPN and copyright information and SSL library information to the welcome message [ProMIND] Fixed recover network procedure. It now properly checks the existence of network backup file Kind regards and datalove AirVPN Staff
  37. 2 points
    Never mind, everything works as expected. Turns out I had manually added a country to my whitelist by accident and never noticed it... until now. Sorry
  38. 2 points
    This guide will explain how to setup OpenVPN in a way such that only select programs will be able to use the VPN connection while all other life continues as usual. Please read this notice before applying the guide Advantages: fail-free "kill switch" functionality (actually better than 98% of VPNs out there) continue using another VPN as primary or don't reroute any other traffic at all nobody, not even peers on LAN, will be able to connect to your torrent client (the only way: through the VPN connection) - eliminating unintended leaks Disadvantage: the apps will still use your default DNS for hostname lookups (secure your DNS separately!) See two more drawings at the end. The guide is applicable to all VPN providers who don't restrict their users to use the OpenVPN client. The method however is universally applicable. It was made with examples from Windows, but with Linux/BSD you will only need little tweaking to do. Specifically, net_gateway placeholder may not available and that's all there is to it. Android clients are probably too limited for this task and lack options we need. - Since there'll be a lot of text, sections titled in (parantheses) are entirely optional to read. The other guide by NaDre is old (2013), hard to read and pursues a slightly different approach. A Staff member actually posted a good first comment there, that's what we're gonna do. (Preface) The BitTorrent as a network is entirely public. Through the decentralized technology called DHT, everyone in the world can find out what torrents you are presumably participating in (this does not apply to private trackers who disable DHT). Clearly this creates an unhealthy atmosphere for privacy of users, e.g. one could find out the OS distribution one is using for a more targetted attack etc. Sometimes the ISPs are outright hostile to peer-to-peer technologies due to the traffic and bandwidth these are consuming. Instead of upgrading dated infrastructure, they cripple their users instead. There are many reasons to use a VPN, that was but a limited selection. ("Split-tunneling") This has become somewhat a marketing term nowadays, but actually explains the nature of the traffic flow well. In this guide only the programs set to use the VPN connection will use it, nothing else. All your traffic goes past the VPN while torrent client traffic (or any other selected program) uses only the VPN connection. ("Kill switch") We'll literally nail it using software settings of your program (the torrent client). This is a marketing-loaded name. In short: if the VPN connection is not available, no traffic ought to be sent bypassing it. In most cases where you have a VPN redirect all your system traffic - you should not rely on it as a feature. The OpenVPN software on Windows is not 100% proof, based on empirical evidence (reconnects and startup/shutdown phases) and some other VPN providers do no better (based on comments and stories). The only bulletproof solution: the VPN tunnel is set up on an intermediary device your PC is connected to - your end device (the PC) has no chance whatsoever to bypass the tunnel in that case. If the VPN provider uses a firewall under the hood, that's good too but with this guide you will not need a firewall nor rely on the VPN software. ("Dual-hop") With the knowledge and methods from this guide you will be able to daisy-chain multiple VPN servers. In essence, your traffic passes PC->VPN1->VPN2->Destination. This was not intended for this guide nor with AirVPN, it's finicky and I wouldn't recommend it myself without a real need and skills to automate the setup and configuration. How it will work Many users (aka mostly idiots on Reddit) are running in circles like qBittorrent is the only client (or probably the only application in the universe, unconfirmed) that can be set to use a certain VPN. Here's the technicality: this is called 'binding' - you can 'bind to IP' which will force the app to use a specific IP address and nothing else. If it cannot use the IP (when VPN is disconnected) then it will not be able to do any networking at all. The OS will deny any communication with the internet: boom! Here's your praised 'kill switch' and 'split-tunneling', 2-in-1. This is the next best bulletproof solution (the only better alternative is to use an intermediary VPN device, as any software could choose a different interface now to communicate with the internet). In a broader sense, you want to 'bind to a network interface' - your client will use any available IPs from the VPN interface - making it ready for IPv4 and IPv6. Oh and you don't need to change the IP once the VPN connection changes to another server. The OS handles the rest. Examples of programs that can bind to user-defined addresses include: (Windows) ping, tracert (IPv6-only, WTF?), curl and wget, and many others, including your favorite torrent client You will find guides online how to do that in your client or just look in settings. (Linux-specific differences of the guide) If you are a Linux/*nix user, there're some minor changes to the quick guide below: * Create custom VPN interface: Create with ip tuntap command. The below line will create 5 interfaces "tun-air1" etc. for YOUR user. Specifying your user allows OpenVPN to drop root rights after connection and run under your user (security). AirVPN allows up to 5 connections. If you have no use for this, create only one. Note: User-owned tunnel interfaces allow to be used by your non-root $user account, but there're issues with running OpenVPN without elevated permissions as $user user="$(whoami)"; for i in {1..5}; do sudo ip tuntap add dev "tun-airvpn$i" mode tun user "$user" group "$user"; done Check their existance with ip -d a -- the interfaces will not be shown under /dev/tun* ALTERNATIVE: openvpn --mktap/--mktun. See manual with man openvpn * Select custom VPN interface: This config part differs from Windows, very confusing. Steps: 1. Replace "dev-node" in config with "dev" 2. Add "dev-type tun" or "tap". Example of config: # if you have these defined multiple times, last entries override previous entries dev tun-airvpn1 # previously dev-node dev-type tun # previously "dev tun" on Windows There're no more differences. In-depth explanation: If you try to use dev-node like for Windows, you will see: OpenVPN log: ERROR: Cannot open TUN/TAP dev /dev/tun-airvpn1: No such file or directory (errno=2) Example strace of error: openat(AT_FDCWD, "/dev/tun-airvpn1", O_RDWR) = -1 ENOENT (No such file or directory) OpenVPN cannot find the TUN/TAP with the name? No, on Linux/*nix/*BSD dev-node has a totally different meaning. Dev-node specifies where the control interface with the kernel is located. On Linux it's usually /dev/node/tun, for the "mknode" command. If OpenVPN can't detect it for some reason, then you'd need to use dev-node. Finally you can start OpenVPN from terminal: sudo openvpn --config 'path/to/config.ovpn' --user mysystemusername --group mysystemusergroup PS: There're issues when running OpenVPN under your current $user. I think the problem was that it couldn't remove added routes after a disconnect. Instead run OpenVPN as root (isn't a good advice but it's what works) Windows Quick Guide Go to the folder where you installed OpenVPN and its exe files: 'C:\Program Files\OpenVPN\' Open CMD inside the 'bin' folder: Hold Shift + Right Click the 'bin' folder -> 'Open Command Window here' We will use tapctl.exe to create a new VPN network interface solely for use with AirVPN (to look around: run "tapctl.exe" or "tapctl.exe help") C:\Program Files\OpenVPN\bin>tapctl create --name AirVPN-TAP {FDA13378-69B9-9000-8FFE-C52DEADBEEF0} C:\Program Files\OpenVPN\bin> A TAP interface is created by default. I have not played enough with Wireguard's TUN to recommend it. You can check it out, it will be under adapters in your Windows network settings Important: Configure your app/torrent client to use this 'AirVPN-TAP' interface. This is what ensures your traffic never leaks. It may appear under a different name, in such case find out which one it is in the output of 'ipconfig /all' (enter this into CMD) If your client does not allow to bind to a general interface but a specific IP (poor decision) then connect to the VPN first to find out the local IP within the VPN network. In this case with AirVPN you may only use one single server or you'll have to constantly change the IP in settings. Generate AirVPN configs where you connect to the server via IPv4! This is important Add these to the .ovpn config files (either under 'Advanced' on the config generator page or manually to each config file) # NOPULL START route-nopull # IF YOU DO NOT USE ANOTHER VPN THAT TAKES OVER ALL YOUR TRAFFIC, USE "net_gateway" (just copy-paste all of this) # net_gateway WILL BE AUTOMATICALLY DETERMINED AND WILL WORK IF YOU CONNECT THROUGH OTHER NETWORKS LIKE A PUBLIC WIFI # personally, due to a second VPN, I had to specify my router IP explicitly instead of net_gateway: # "default"/"vpn_gateway"/"remote_host"/"net_gateway" are allowed placeholders for IPv4 route remote_host net_gateway route vpn_gateway route default 666 route-ipv6 ::/0 default 666 dev-node AirVPN-TAP # END OF NOPULL Test if the configuration works. Full tests, don't leave it up to chance. In-depth explanation of the OpenVPN config route-nopull rejects any networking routes pushed to you by the server, we will write our own route remote_host <router IP> we tell our system that, to reach remote_host (the AirVPN server IP), it must send traffic to <router IP>. The subnet mask says that this only applies to this single IP set <router IP> to be net_gateway (only for Windows users, check availability on other platforms) <router IP> may be any of the OpenVPN placeholders too, for example "net_gateway" should work universally (you avoid hard-coding the router IP and if it ever changes: wondering years later why the config no longer works) <router IP> is "" in my case, for my home router that connects me to the internet. route vpn_gateway we tell our system that all 10.x.x.x traffic will be sent to the AirVPN server the internal VPN network with AirVPN is always on the - network range. The subnet mask reflects that. However this may interfere with other VPNs if you ever need to be connected to both at once. I will not go into detail on this. What you need to do is to be more specific with 10.x.x.x routes in this config, i.e. instead of /8 subnet, only route the specific /24 subnet of the current VPN server (AirVPN uses a /24 subnet for your connections on each VPN server -> 10.a.b.0 vpn_gateway is one of OpenVPN placeholders route default 666 allow routing of ANY traffic via the VPN we set the metric to 666, metric defined as path cost (historically) so setting it to a high value will make sure no normal connection runs through it, unless specifically bound to the VPN IP. route-ipv6 ::/0 default 666 same for IPv6. How many can claim they have working VPN IPv6 setup? Welcome in the future. IPv6 is over 20 years old at this point anyhow. dev-node AirVPN-TAP (Windows-only) tell OpenVPN to ONLY use this network interface to create the VPN tunnel on. Nothing should interfere with our setup now That's all, folks! Note: Somehow on Windows my AirVPN connection receives a wrong internal IP that doesn't enable networking at first. In my case I need to wait 1-3 minutes until OpenVPN reconnects itself based on ping timeout: after the reconnect I receive another IP and everything starts to work. I do not know whether it's an OpenVPN or a Windows bug. One last note: using multiple VPNs Actually this will work, that's how I roll. As long as both VPNs don't clash by using the same subnet. If this happens, you will need to change Line 5 to point to a more specific (aka smaller) subnet tailored to your AirVPN server. Specifying a 10.x.x.0/24 subnet for routing will surely do (subnet mask: Just be aware that you cannot practically use the same IP range in both networks at the same time (well, you'd need to bind the application you are using to either interface, which you cannot do with a browser or the printing service in case of internal resources). (The story of broken net_gateway) For this placeholder, OpenVPN attempts to determine your 'default gateway', i.e. the router all your internet traffic passes through. It normally works, but may not be supported on other platforms (Linux, sigh). However it has one unintended side-effect: if you already have a VPN that reroutes all your traffic, net_gateway will make all AirVPN traffic go through the first VPN: Your traffic -> VPN1 -> Internet Torrent traffic -> VPN1 -> AirVPN -> Internet That's the unintended dual-hop. Surely you can extend that scheme to 3,4,n-hops if you fiddle enough with routing, subnet masks and correct order. I'm not responsible for headaches We avoid that behavior with Line 4 from our config - the remote_host line forces the AirVPN traffic to go straight to the internet (through your LAN router). One more thing: net_gateway is not available for IPv6 routes in OpenVPN. That's why it currently only works with a IPv4 connection to the VPN server. (Crash course: Subnet masks) You've seen the weird number above. You should refer to other pages for a proper explanation, but basically this is a very simple way for computers to determine the range of IP addresses that are part of a network (a subnet). What's simple for computers is very hard to grasp for us humans. 255 means there are NO changes allowed to the first set of IP numbers. I.e. the 10 in always stays a 10. 0 means all numbers can be used. I.e. the zeroes in can be (0-255), lowest address is and the last address is (technically, is the first and the last is reserved for 'broadcast') Any number in between denotes ... a range in between. 2^(32-prefix)=number. Number is the amount of available addresses and prefix is called the subnet prefix. Both are meant to describe the same thing. For or with subnet mask of you get addresses in range -- 2^(32-26) = 64. Similarly you can convert the subnet mask into the prefix number and work from there; or eyeball it: 256-192 = 64. (Two ways to accomplish routing) If you have two equal routes, e.g. goes through VPN with metric 666 goes through LAN router with metric 10 then obviously the default route for a packet will travel through (2) - because it's a cheaper path. Unless an application specifies to talk only on the VPN interface. However a different rule applies whenever a more specific route exists goes through VPN2 with metric 666 goes through LAN router with metric 10 goes through VPN1 with metric 30 goes through VPN1 with metric 30 Here the routes (3) and (4) cover the entire addressing space, just like However because they are more specific, they'll be preferred for all traffic because these routes are more selective. This is how OpenVPN does override system routing with VPN routing by default. This is also what the other guide attempted as well, by pushing four {0,64,128,192}.0.0.0/2 routes. Since that was more specific, it would in return override the 0,128 routes and so on. We can calculate how many multi-hops we would be able to do with this method: IPv4 has 32 bits, we will not touch the last 8 bits of the subnets. That leaves us then with 24 bits or 24 maximum amount of hops. Theoretically. The routing table would be outright f---- to look at. This method is a bit more 'secure' in a way because you don't need to rely on overriding a certain metric value, you just slap a more specific route on top and it's automatically made default. Also you don't need to override the default gateway (router) and all that junk. However with my preferred method (first) you can quite easily do DIY dual-hop routing: goes through VPN2 with metric 666 goes through LAN router with metric 10 goes through VPN1 with metric 30 goes through VPN1 with metric 30 <VPN2-IP>/32 goes through VPN1 with metric (any) Such a setup will make sure that all traffic destined for the internet (hits 3 and 4) will go through VPN1. If a program specifies the VPN2 network interface, then VPN2 will be reached via VPN1 first (you->VPN1->VPN2). This is quite 'quizzacious' to set up/control. Not part of this guide. As a part of this guide we told the system to route VPN2 via router on LAN. Yet you could indeed chain multiple VPNs this way and force the VPN1 to not only catch all traffic but also be chained via multiple VPNs itself so you would not need to manually set programs. I've seen scripts online for that purpose. Although be aware of MTU issues due to encapsulation. Troubleshooting tips TEST. SERIOUSLY, TEST YOUR SETUP BEFORE ENGAGING YOUR DATA CANNONS! A couple hours now are infinitely many times more worth than a 'leaked' mistake and headaches later on. https://ipleak.net/ - tests your client's default connection route. It would not tell you if your client is alternatively available on LAN for example. If you followed this guide and set up your client correctly, it will not be available on LAN etc. See the images below: 'without interface binding' (most newbie users) and 'with interface binding' (this guide) Wireshark to inspect how the traffic is actually flowing. Follow online tutorials, you only need to select the right network interfaces and filter traffic by port/IP (tcp/udp and your local or VPN IP) curl to send network requests. Like ifconfig.co / ifconfig.io will respond with the IP address it sees you as: curl --interface <your computer IP> http://ifconfig.co curl --interface http://ifconfig.co # for IPv4 or IPv6, default route curl -4 http://ifconfig.co curl -6 http://ifconfig.co > route -4 print and > route -6 print on Windows. To compare the outputs, you can use Notepad++ with the compare plugin (you need two documents open, one in left and another in right pane before comparing). PS: AirVPN configuration generator does not support #comment lines. Please fix. Sorry Linux users, maybe another time I will write something tailored to you. But I believe you are smart cookies and will adapt the OS-specific steps to fulfill this guide's goal.
  39. 2 points
    About 2+ years ago I paid for Air VPN upon the recommendation of many people. I've used 10+ VPNs and this one is my favorite so far. I saw the Halloween deal and decided to buy another 3 years, which is only like $65. I would have topped off another 9+ years if I wasn't trying to save some money. Air VPN for the win!
  40. 2 points

    [ENDED] Spooky Hallowen 2022 deals

    just bought for 2 more years, thank you for yours great service!
  41. 2 points
    Actually an interesting question. I've never seen a list of available instruction sets in Apple's Bionic chips. All I know is, they're ARM with a big/little CPU design (that is, part high-clocking CPUs for performance, part low-clocking CPUs for economy) and the newer devices have an ARMv8 CPU. I'd assume with the latter that AES is part of it, so the choice of AES makes sense. You could put this to the test yourself, I think. Connect with both OpenVPN and Wireguard, download something being connected to the same server and keep an eye on CPU usage. That's the idea, can't really help you further than that. I'd correct this to "AES is for devices with AES-supporting CPUs", which is PCs from ~2010 and embedded devices from ~2020. For instance, my phone is aarch64 supporting the AES set, too, so I prefer an AES cipher over ChaCha20. Since I very rarely use a VPN on my phone, I don't have extensive insight on which is better (and for what). But I tend to agree that ChaCha20 is better suited on older models, both security and performance-wise.
  42. 2 points
    Hello! You connect to entry-IP addresses. Such addresses never sends out clients packets to the Internet, so they will never be seen by any destination service. Your outgoing packets are sent out by exit-IP addresses. Therefore it's just the very usual MB nonsense; they tend to include entire IP addresses ranges when one single IP address in the range is reported by someone as a source of malicious activity. For example in 2012 MB blocked hundreds and hundreds of web sites in a Luxembourg datacenter (including our web site) because in the /21 range of those web servers ONE web site was suspected to host a virus. So they blocked 2048 addresses because of ONE single dubious address.. Enough said... Kind regards
  43. 2 points

    ANSWERED Server issue?

    Hello! We might have solved the problem, please keep reporting to confirm or deny. If you still find problems please mention the VPN server name(s). @Seebarschtian Thank you! Kind regards
  44. 2 points
    That's exactly the reason I simply don't install NoScript any more. It got old trying to find out which script sources provide functionality and which ones provide analytics. Sometimes one doesn't work without the other, that's where uMatrix usually came in handy, but that's an even bigger source of work. And I don't want to work, I want to surf the web. So my current approach is to simply let them eat cake. Use Librewolf with a slightly different policy config, periodically purge website data and cookies, things like that. Don't know about "essential" but if you're all about sending as little data as possible: uBlock Origin as your AdBlock Plus-compatible, open source request blocker. Obviously. uMatrix if you want absolute and unyielding control of all requests. Keep in mind, this is work everytime you visit a website. CanvasBlocker, so you can enjoy Canvas without having a unique signature. Sends a random one everytime it's used. Some may suggest Decentraleyes or similar so you don't use Google APIs everytime a website needs jQuery or such. Caused more problems than it solved for me. SmartReferer which lets you define global and per-site rules which referer is sent to websites (aka where you came from). Some websites need you to come from the same site, like driver downloads from AMD, they prevent direct linking to the files with that. Privacy Redirect, to use Invidious for YouTube, Nitter for Twitter, Bibliogram for Instagram and other substitutes. Only ever worked with YouTube and Twitter for me, almost all Bibliogram instances are permablocked by Instagram. SkipRedirect, maybe. Some websites direct you to an intermediate page before directing you to your actual destination (I'm also looking at you, AirVPN). This addon skips this. It's possible because most intermediate pages are like "https://my.page/intermediate.php?url=https://the.actual.page/destination.php". Addon extracts the url= parameter and connects you there instead. NeatURL, which removes common (and your custom) URL parameters like campaign trackers (utm_* and others) before the request is sent. Hundreds more, probably.
  45. 2 points

    Does VPN node country matter?

    I know you're nervous and you want to be extra careful but, really, it's fine. All servers fulfill AirVPN's requirements on privacy and technology. If an US server is by geographic distance and/or latency the "best" for you, use it. Define "riskier". All connections are encrypted. Sometimes people may quote a benefit of connecting to servers outside the country you're in. In my humble opinion it's a recommendation based way too much on what feels secure rather than what actually is, and a false sense of security is much worse than no security at all.
  46. 2 points

    ANSWERED DNS stops working

    I am experiencing intermitting DNS problems, where noting gets resolved anymore. I am using Eddie 2.21.3beta and Wireguard. I have to connect to another server for DNS to work again. Which server doesn'tmatter, as after some time to problem reoccurs and I have to connect to yet another server to get it working again for some time. Rinse and repeat so to say. I have no idea if it is either Eddie, Wireguard or something else related.
  47. 2 points
    You should get different interface addresses if you configure multiple different "devices" in AirVPN's UI here: https://airvpn.org/devices/. Each device has a details button to view the VPN IP for that device. Two AirVPN devices should work fine on the same physical device, just remember to use different adapter names if on Linux (eg. wg0 for the first one and wg1 for the second one).
  48. 2 points
    I agree with your point but @SomerwhatSane raises a valid concern. I hope AirVPN isn't putting "all their eggs" in one basket, so to speak. I understand there are a few M247 servers and, god forbid anything happens to them, a backup may be needed. Perhaps likely something you have considered anyway and I suspect/hope they are well funded and protected as a few other providers utilize their services as well - they seem quite important for the privacy mission. Anyway thanks for the new server, it is indeed nice to get one from a reputable supplier and a new country too :).
  49. 2 points
    Did you add a new "device" here: https://airvpn.org/devices/? Then ensure you select different devices for each config you download. Each device has its own WireGuard IP - You can see it by clicking the "Details" button. For the first error, you might need to change the /10 to /32 to avoid it. It shouldn't break anything since you're not going to be contacting other VPN users over the VPN (and I don't think that even works).
  50. 2 points

    Cheap and uncensored Webhosting

    @rock3716 It's an interesting case for us too. It's a very odd behavior by the provider, because it poses mere conduit problems (*). If a hosting provider intervenes to censor the content published by a customer without solicitation by a court order or at least a communication by a third party, it means they have editorial control, so they might be held liable (secondary liability) for the content published by their customers. In the reply, they clearly admit that they intervene against disinformation and misinformation, and suggest that a crime has been committed ("endangering public health"), as if they were omniscient to decide what disinformation and misinformation are, and they have the ability to monitor all the content of all of their customers. A safer approach for them would have been reporting to the competent authorities to decide whether something infringes the law or not, ensure to the publisher of the content the right to a defense, and optionally make the content unavailable while the case is ongoing. because of a third party warning, and not for their ability to check everything in their infrastructure uploaded by customers. Tons of things must be verified, but if the reports and the reply are authentic and not fake, the provider is walking on a slippery slope: apparently it is naively operating to hog editorial control, a catastrophe for any hosting/housing provider etc. (*) Directive 2000/31/EC has been transposed not only in the 27 EU Member States, but also in iceland, Norway and Liechtenstein.. Kind regards
  • Create New...