Leaderboard
Popular Content
Showing content with the highest reputation since 09/08/23 in all areas
-
37 points
ANSWERED OpenVPN Certificate has expired
hausmeister and 36 others reacted to Staff for a post in a topic
Hello! The problem affects those users who run Eddie Desktop edition with OpenVPN and never logged out for more than a year, or use OpenVPN clients with configuration files generated before 2021. Since Eddie Desktop edition re-downloads certificates and keys only when the operator logs in, locally some certificates have expired because we extend their expiration date automatically at least one year in advance (three years normally). Please try the following procedure to quickly resolve the problem: run Eddie on Eddie's main window uncheck "Remember me" log your account out log your account in (you'll need to re-enter your AirVPN credentials) try again a connection Kind regards -
10 pointsHello! Today we're starting AirVPN 14th Birthday celebrations with big discounts on longer term plans. From a two servers service located in a single country providing a handful of Mbit/s, the baby has grown up to a wide infrastructure in 23 countries on four continents! AirVPN is now one of the only three major consumers' VPNs which are still independent, i.e. not owned by big corporations with multiple fields interests, interfering in editorial publications or intersecting with products or services in conflict with privacy protection. Ever since we celebrated the past 13th birthday, AirVPN focused on a comprehensive infrastructure enhancement consisting of: line and server expansion to accommodate the significant customer growth. The infrastructure is now capable of delivering up to 694,000 Mbit/s CPU and network interface upgrades on all four continents where we operate in order to further stabilise and consolidate actual bandwidth availability thorough rewrite of remote inbound port forwarding logic to avert impending port exhaustion. The new implementation will be unveiled soon far reaching improvements to the "behind the scenes" infrastructure (backend servers) through hardware upgrades and targeted software optimisation On the software side, all AirVPN applications and libraries are still free and open source software released under GPLv3. The development of traffic splitting features on an application basis, already available in AirVPN Eddie Android and Android TV edition, has been implemented on the AirVPN Suite for Linux. The OpenVPN3-AirVPN library has undergone a remarkable round of bug fixes and improvements, while the WireGuard library is now fully supported by the Suite. If you're already our customer and you wish to stay aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day. Check the promotional prices here: https://airvpn.org/buy Promotion will end on June the 12th, 2024 (UTC). Kind regards and datalove AirVPN Staff
-
10 pointsHello! We're very glad to inform you that a new 10 Gbit/s (full duplex) server located in Los Angeles (California, USA) is available: Saclateni. Saclateni supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. The AirVPN client will show automatically the new server; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses and 4096 bit DH key not shared with any other VPN server. You can check the status as usual in our real time servers monitor: https://airvpn.org/servers/Saclateni Do not hesitate to contact us for any information or issue. Kind regards and datalove
-
7 points
Port shadow attacks fail against AirVPN
disillusioned85 and 6 others reacted to Staff for a post in a topic
Hello! Some customers have contacted the support team asking for a comment on the port shadow attack described in CVE-2021-3773 and brought into the spotlight for the umpteenth time during the Privacy Enhancing Technologies Symposium 2024: https://citizenlab.ca/2024/07/vulnerabilities-in-vpns-paper-presented-at-the-privacy-enhancing-technologies-symposium-2024/ To explain why, unlike many other VPN services, AirVPN is not vulnerable to various attacks under the generic port shadow umbrella, please download the new paper and read below while watching table 2 on page 121: in our infrastructure public entry-IP addresses and public exit-IP addresses are not the same (M6). This is an absolute protection against ATIP, connection inference, and port forwarding overwrite and also makes port scan impossible (another reason for which port scan is impossible is given by additional isolation, see the end of the message) per-host connection limit is enforced (M3) making eviction re-route extremely difficult if not impossible static private IP address is implemented (M2) with WireGuard (it can be changed by explicit key renewal user's action) and highly likely with OpenVPN as long as the user connects to the same server with the same key, another (redundant) protection against port scan In our infrastructure additional protections are in place. We prefer not to disclose them all at the moment, we will just mention the block of any communication between nodes in the same virtual network either through private or public addresses. That's why, unlike any corporate VPN with shared resources, you can't contact any service inside the VPN (except the DNS), not even your own, from a machine connected to the same VPN in our infrastructure. Decapsulation as described on the paper is doomed to fail for this isolation/compartmentalization and this is also another reason for which port scans are not possible. TL;DR AirVPN infrastructure, according to the current state of the art in remediation and mitigation by security researchers as well as paper authors, is not vulnerable to the attacks described under the port shadow umbrella in this new paper. Kind regards & datalove AirVPN Staff -
7 points
VPN servers mostly blocked by Reddit
nestegg101 and 6 others reacted to Mordo for a post in a topic
Everything still works for me on ublock origin with 1 small adjustment. I think reddit blocked anyone with a Reddit session data value of 0. i use: reddit.com#%#//scriptlet('set-cookie-reload', 'reddit_session', '1') As you can see, the only change is the last number from 0 to 1 and everything works again. -
7 points
ANSWERED OpenVPN Certificate has expired
Silicon9503 and 6 others reacted to Novak1571 for a post in a topic
I agree with your sentiment - it takes a lot of time when you're unfamiliar with this stuff and are already busy doing something else. But it is easier than it seems. To renew the certificate: - Go to https://airvpn.org/ - Sign in - Select the "Client Area" tab - Under "VPN Devices" click the "Manage" button - Click the "Details" button - Click the "Renew" button Then do what Staff says in the above post: - run Eddie - on Eddie's main window uncheck "Remember me" - log your account out - log your account in (you'll need to re-enter your AirVPN credentials) - try again a connection -
7 pointsHello ! Introduction Welcome To AirVPN! This is a guide meant to help new people. Whether you're new to VPNs in general or just new to AirVPN. I've tried to keep it fairly short, by using bullet points & spoiler tags. This hopefully also makes it more readable and less scary. I think AirVPN is a FANTASTIC VPN and while I don't own or have any stake in AirVPN myself, I'm a huge supporter of it. However, it can be quite scary and confusing to use when you first get started, so hopefully my little guide willl help you! This guide also includes links to resources provided by Air and other users, but I don't mean to take credit for these things. So please feel free to scroll to the bottom of this guide! Index: Introduction First Questions Getting Started With AirVPN After Downloading The Eddie Client [includes Troubleshooting tips] AirVPN Guides Section [Look here to find guides about: Security/Torrenting/Port-forwarding/Plex/etc.] Other Noteworthy resources Credits Why I made this guide: AirVPN was said to be very technical and thus hard to use. But since it's such a quality VPN, I don't want that to always be the main bad side to this great service. Therefore, this guide is also a response to this problem, so that newcomers can hopefully feel less overwhelmed about the idea of the air to breathe the real Internet. The Air staff clearly put in a lot of work every day and are extremely knowledgeable people, from all that I've seen. It's just that for newcomers, it can be hard and overwhelming finding all the relevant pieces of information and it can easily be too technical, so I hope my little guide will also be useful in that regard. This is also why, I collect other people's guides and put them in this guide, so that they're easier to find. However, Thank you to AirVPN, Staff and the many knowledgeable members of this community who help out people like myself quite a lot, through their contributions to the site everyday :] Feel free to leave feedback on this guide, both good and bad, if you want to, because I'll happily read it ! First Questions Do I have to be really technical to use this VPN stuff? AirVPN is one of the more technical VPNs out there and this is pretty much its only major drawback, when it gets reviewed. However, it offers unmatched attention to security and privacy. Not all reviews are entirely accurate either, sadly. Which the AirVPN Staff haven't hesitated to remark on though. So in short: No. But if you're new to VPNs in general and not a tech-savvy user, you do have to accept that you might be confused in the start. But this forum is here to help :]. Due to all the marketing and sometimes paid reviews, it can be hard to find out which VPN to trust at all. This is without even getting to the technical features. Air tends to somewhat pride itself on not overselling things however and so on the face of it, AirVPN can seem like it's no match for other, apparently bigger VPNs, but AirVPN has a lot to offer if you take a look. Will I become totally anonymous or completely secure? Please be aware that when using AirVPN or any VPN, while signed in to things such as your e-mail or other online accounts, you might get incorrect notices of being hacked. You have not been hacked most likely, it's just that when services see you log in from several different IP addresses, they get suspicious. Simply keep calm and investigate the issue. No, definitely not. But in terms of steps you can take to reach very high levels of privacy and security, this is one of the best steps you can take. Privacy and security are hard things. To achieve even higher levels involves sorting out things like your operating system, browser, various habits and using networks like Tor, in addition to a VPN like this. Security is hard. It's rarely, if ever, just a one-off solution. Often, security is as much a process, as it is about a single good product, like this VPN. However. just because a VPN doesn't do everything, it doesn't mean it's useless. A lot depends on what you're trying to do/achieve and who your "enemies" are. Yet it should be said, that AirVPN is quite extreme about security. For Air, it's "all or nothing" in many ways. AirVPN is so focused about security, that they even fix issues before they're published! However, VPNs and others technologies are becoming more and more important, as new spy laws like the UK Snoopers Charter & US Rule 41 Amendment crop up. Please check the question "What does AirVPN do to make it safe to use and does it log or track people?" further down, for more details. VPNs A & B have features X & Y, how does AirVPN compare? For this, check out the forum made specifically for that. It's often the case that features from other VPNs are either already included in AirVPN, aren't included because they're unsafe or just aren't as good as they sound. For instance, a rival VPN might say "We offer PPTP and many other secure protocols!", while Air doesn't, because Air knows PPTP is unsafe. Or they might say they offer a "multi-hop" VPN, which may or may not be useful, according to AirVPN Staff. Support for the protocol known as IKEv2 is another example of where Air doesn't support something, but has good reasons for not doing so. As a final example, you will sometimes see competitors speak of their super-secret "camouflage", "4Dstealth" or "hidden" protocols or servers. This is just marketing for gullible customers . But such aforementioned marketing can greatly confuse efforts to compare Airs product with the competitors. So if in doubt, ask the competitor who is offering "stealth"-something, what it is. If I use AirVPN, will I be able to use service XYZ with it? Please be aware that when using AirVPN or any VPN, while signed in to things such as your e-mail or other online accounts, you might get incorrect notices of being hacked. You have not been hacked most likely, it's just that when services see you log in from several different IP addresses, they get suspicious. Simply keep calm and investigate the issue. Please also be aware that it is NOT the main purpose of AirVPN to get access to geo-restricted content because it's a losing battle and Air cannot control how companies such as the BBC and Netflix act. Being able to get access to a site, generally depends on which service you want and which country it's in. AirVPN doesn't have servers in every country. In general, you can get access to everything. Although services like BBC iPlayer and Netflix actively try to block VPNs. Even services as normal as payment processors, such as PayPal don't always make things easy. This means it's not always possible for a VPN provider to do anything about it. But we do have forums to discuss and notify AirVPN on, so that AirVPN can try to solve it as best as it can. But before you post in that forum, make sure to Read This First, as it might help you & will make your posts more helpful to others. AirVPN has a very useful tool called the Route Checking tool. It allows you to test access to a website from ALL AirVPN servers. Just put in a full link in the search field and click the search button. Then press F5 or hit the refresh button in your browser. Green results usually mean there's access; red results mean the opposite. This is useful for seeing if it's only you who has a problem or only the server you're on. As well as which servers don't have a problem, so that you can switch to using those ones instead. It's most important that it's green in the "HTTP" column. There's many different HTTP Codes, so here's a list. VPNs generally slow down your connection a little. But AirVPN is so good that it's still possible to play Multiplayer games through it, without your connection slowing down too much, in my own experience. What does AirVPN do to make it safe to use and does it log or track people? AirVPN isn't just safe because it promises to be so in its marketing. Instead, it backs things up with hard technical specifications and high standards, that you can verify yourself. AirVPN is logless and can't be forced to log surreptitiously, fully supports P2P on all servers & as per #5 ignores all DMCA requests. Remotely-forwarded ports aren't logged either. Here's additional things Air does to increase its security and privacy: AirVPNs infrastructure conforms to a high degree of openness & transparency. This helps show that none of Airs locations are fake, but only bare-metal & lets users compare with one another. AirVPNs encryption standards are military grade and so for all intents and purposes unbreakable. It also only uses the most secure VPN protocol too: OpenVPN. No PPTP/SSTP/L2TP/IKEv2. AirVPN doesn't use any third party tracking on its website, such as Google Analytics or Social buttons, because they leak. Instead, it uses open-source analytics Matomo, which is closed loop. AirVPNs website meets the highest SSLabs security standards: A+. AirVPN takes its mission to fight censorship and manipulation of the Internet extremely seriously. This also means being highly willing to help out journalists and human-rights defenders. AirVPN only uses FOSS (Free and Open Source Software) in its Eddie client. Therefore the software running on your system is not a security "blackbox", but can be independently verified. AirVPNs Eddie client supports a wide selection of protocols. Including SSL and SSH. As well as anonymising services such as Tor; so that you can "partition trust" and need not trust AirVPN. AirVPN fully accepts crypto-currencies. Including to the point where it accepts Bitcoin directly. No middlemen. So if done right, you can use AirVPN with Air knowing nothing about you. AirVPN explains how it doesn't need to inspect or monitor traffic in order to check for breaches of ToS. AirVPN is against security through obscurity, including in its client software Eddie and so shows all the information it can; which leads some users to erroneously think there's logging going on. AirVPN has since then expanded on this point. AirVPN uses in-house support technicians and not outsourced third-party technicians and external packages such as Zendesk. So as with #3, it's closed-loop. No leakage. AirVPN has a strict location policy, so that it doesn't just set up servers in a new, potentially unsafe or questionable, location. One which can't supply the performance required, either. AirVPN has its own DNS servers and "killswitch" feature. With Network Lock on, any accidental loss of connection from Airs servers won't leak anything about you; including WebRTC. AirVPN is run by extremely knowledgeable technical people and not just businessmen. So they're easily able to both explain, defend and attack subjects on a purely technical level. AirVPN supports the auditing of some of the crucial security software that underlies different systems and also supports other projects/groups/services such as Tor, Edri and OpenNIC. AirVPN runs this forum, which can seem like a small thing, but it's actually really important, as it allows for the open sharing of knowledge, providing of technical support and mythbusting. AirVPN already acts as a "multi-hop" VPN and takes many other measures to increase security, such as separate entry & exit IPs, Perfect Forward Secrecy and HMAC SHA1. AirVPN has a strong focus on avoiding marketing fluff and overselling. Which means you know exactly what you're getting and don't need to deal with deceptive use of technical details. AirVPN is highly consistent with staying constantly on top of any security issue. AirVPN is based in Italy and is therefore within the EU. This has a range of other benefits too. That's 20+ ways in which Air has extremely high security "by default". All made nice and easy for you to use. If you want more, there's a simple 3 step guide for that. But seriously, there's always more you can do yourself. When will AirVPN add country or server XYZ? AirVPN Staff do not usually tell the community when a new country or server will be added. They simply add them. So it's easy to miss. The Eddie client will automatically show them. AirVPN frequently adds new countries/locations. This can be seen in the announcement forum, so please try to check this and the Eddie client (if you use it) before asking. Thank you. Requests for a specific location or addition to an existing one, are fine. But demands to know when something will happen, are futile, since AirVPN follows a strict location policy. The technical specifications regarding security/encryption for the Air servers that are used, can be found here. Further, those technologies and standards allows Air to pursue its Mission. Please remember that even if a country you want hasn't been added, you may still be able to get access to the web-content of that country, thanks to Airs micro-routing feature. Here's some old posts regarding different locations, so that you may not need to ask. Please note that some, such as Japan as of 2018 & Austria, were already added: Italian Servers? Japan/Korea Servers? [staff Comment] Russian Servers? Danish Servers? Middle-East/North African Servers? Indian Servers? Panama Servers? Australian/New Zealand Servers? Latvian Servers? French & Belgian Servers?[uPDATE: French Servers Momentarily Withdrawn] Austrian Servers? Central/South American Servers? AirVPN now allows 5 connections per account instead of 3, but is it possible to buy more connections? AirVPN has increased the limit from 3 to 5 connections. Thus it's unlikely to be possible to buy more connections at any point. But you can use a modified router if you still need more than 5. If you change your router firmware(software) to something like DD-WRT or Tomato for instance, you can make all devices on your Wi-Fi/Router go through AirVPN. However running a VPN on a router is quite hardwork for most routers. So you either need high-grade commercial ones or computers like the ZBOX Nano, converted into routers. That ZBOX Nano PC would be excellent for a VPN to run on, as the hardware is very good; even more than the commercial routers. Only savvy users should consider this. Who runs AirVPN & moderates the forums? The Staff account is the Official voice of AirVPN. Private messages cannot be sent to them. Clodo & pj are the most visible AirVPN employees. Clodo is the developer of AirVPNs "Eddie" client software, while pj is a co-founder of AirVPN. Community moderators: zhang888, giganerd and LZ1. Note that we are NOT AirVPN employees, have no access to Air infrastructure and do NOT speak for Air in an official way. Instead, zhang888, giganerd and LZ1 are a part of what the Air Staff call the Air "forum Staff". Note that member profiles can't be accessed by others by default, unless you add them as friends or they made their profile public. Air itself is based in Italy and so that's where their staff will be sourced from. What are some of the "Status" page functions for & how do I use AirVPNs "Micro-routing" feature? The first page you see when you go to the Status page, is an overview of Airs servers & service. Useful for seeing if any server is down or very busy, downloads and how many users there are. The Ping Matrix shows the latency between Air servers and if there's any (severe) packet loss somewhere. No packets = no connection. The Top Users page can help you verify if others are still getting good or bad performance, compared to yourself. The Checking Route page is for seeing if Air servers can or can't connect to a website you select. Unlike the Ping Matrix. There's also the special AirVPN "Micro-routing" service. To use it, simply make sure you connect to Airs servers & DNS. (Automatic when you use Airs Eddie client). Without the micro-routing, if you want to watch French TV for example, you would have to connect to a French server. But with micro-routing, you can connect to ANY Air server and still watch French TV, as long as the TV's website is on the "Website support" list. It's possible to make requests to get sites added to these lists. Anyway, this micro-routing is very very useful ! Because it means that EVEN IF Air takes all French servers offline for some reason, you will still be able to access French content! Is it free and if not, why should I pay for it? AirVPN is not free, but you can get a short trial if you ask nicely. The Trial has unlimited data and full speed. But you can only get a refund if you have used less than 5GB. Free services don't offer many of the very nice features which let you get around website/service blocks. But it can be hard to market these features to non-technical people, because they're not always easy to explain. Yet once you try them, you will appreciate them. AirVPN has quality servers & connections, as well as guarantees a certain speed, with no limits. So it's possible to play multiplayer games through it. Free services often have to exploit their users in order to survive. This is normally done by tracking you, possibly undermining your security and selling your data to 3rd parties. If a free service is leaking your data due to poor practices and technology by accident or selling it on purpose, what's the point in using it then? VPN means Virtual Private Network. Even if a free service doesn't exploit you, you still don't have the same level of security or assurances, because how would a free service pay for that? Real security is hard and costly. Would you rather go through 5 bad free services, risking your security and privacy or would you rather take your privacy and security seriously the first time, for a small fee? If you only need a VPN 1 time, then it's probably not worth it to use a paid service. But if you know you'll need it often, it's worth the investment. Air has a very cheap 3 day plan too though. Free services often have many limits. But AirVPN is logless, allows 5 devices per account, allows P2P and other protocols, has no data/bandwidth limits & very high security. So basically, you need to be able to Trust your provider, yet why would a free service be trustworthy? They don't owe you anything. But a paid one at least does - not that all paid services are great either though. Not all services on the web offer the same level of protection either, whether free or not. Many services, paid & unpaid, lie to you about where they have servers. Fake GeoIP addresses. Since AirVPN isn't free, is it possible to buy a Lifetime subscription, as with other VPNs? Does AirVPN hold sales at all? This question has received its own dedicated topic, so please click the link below All sales related questions are answered in this dedicated thread. Getting Started With AirVPN If you run into a problem with Airs software for some reason, then please make sure to check if there's an experimental version of the Eddie client you can download. Experimental versions aren't always available. How do I start using AirVPN? There's 3 simple steps: Create Account Choose a Plan Choose your setup Creating an account: You don't need a valid e-mail address. The site software, called IPB, just needs the field to be filled with something. Remember that password recovery will NOT work without a valid address. If you can, don't use something which uniquely identifies you. So even if you name your account ninja10834, that's still better than something about your real name, location or even interests. With this account, you can also post on the forums. However in the beginning, you won't be able to post on these forums immediately. This is because a moderator has to make sure that whatever you post, is both genuine and from a person. So when you click the "post" button, your own post will NOT show up immediately; so just be patient, when asking a question. After around 5-10 posts being accepted, your account will increase in level and you will be able to post things immediately, without any supervision. There's 2 names associated with your account. The first is your login name, which cannot be changed and can't be seen by others. You would need to make a new account, to change it. The second name is your forum display name. In my case, it's LZ1. This can be changed by you at any time, but only matters in the forum. NOTE: it's your login name you use for logging into the Eddie software, together with your login password. Choose a plan: At this stage, you pick both how you wish to pay and how much. It's possible to pay in currencies known as "cryptocurrencies". These cryptocurrencies, most famously Bitcoin, have a range of benefits when it comes to things like security and privacy, if used correctly. If you want to pay using a cryptocurrency, there's some guidance on what to do, further down, in the guides section. However if you're just starting out, it's fine if you just use your credit card or whatever method which suits you. It's also possible to ask for a short trial. You can also scroll back up to the "First Questions" section and look for the information on Air's sales, if you want to wait for a discount. After paying, you will be a "Premium User" and will be able to see how many days you have left of your subscription, at the top of the screen, when you're logged into your account. Choose your setup: AirVPN provides a mobile version of its Eddie app for Android. An iOS version is NOT available due to Apple's restrictive policies. This stage is pretty straightforward. Just make sure you select the right versions and hit Download. Your OS: Find out which Windows Operating System you're running or which GNU/Linux you're running. Mac users must use either Mavericks or something newer. Your Architecture: Most will be locked into 64-bit here, as 32-bit is outdated. Your Format: Windows users should select "Installer" & MacOS users select "PKG Package Installer". Ubuntu/Linux users pick according to distro; adding a PPA will enable auto-updates of Eddie. Your User Interface: Most people should pick Graphical UI. Unless you want to run some kind of headless install, as some technical users do. Then click the big blue Download button and follow regular installation procedures. Now you will be downloading the AirVPN software. DONE. No further reading is required from here. Just open Eddie and click "Connect to Recommended Server". Unless you need a guide for something or want to know some of the finer details. This software is called a "client". This "client" is called "Eddie", because that's what AirVPN calls it. So when you hear talk of "Eddie", it's referring to the software you downloaded. If you don't want to use Eddie for some reason, there's ways of getting around it. But for new and casual users, it's recommended that you use it. If normal Installer Formats create problems, you can sometimes fix them by using the portable formats. A portable download is also useful if you want to store Eddie on a USB stick. If the latest Stable or Experimental release doesn't work for you, then you can download an earlier version, by clicking the "Other versions" link under the blue download button. How and where do I manage my AirVPN settings? You do that in the Client Area Some of the most important things in this area include: Configuration Generator Ports Referrals Number 1 is where you automatically generate the files that your VPN needs to work (if you don't use the Eddie Client, such as if you use Android), after you tick some boxes. Number 2 allows you to tell the VPN which "ports" or "virtual doors" to open, which can speed up things such as your Bittorent client (qBittorent, uTorrent, Vuze, Transmission, etc.) Even though it looks confusing, the only thing you actually need to change, is putting the right number in the "Local Port" field. So if your torrent program uses port 7634 for instance, then you put 7634 into the "Local Port" field and simply click the green add button. Then a number will automatically be generated and put into the big white box at the top. All done. Number 3 shows you the link you can share with other people. If they buy an AirVPN plan, you get 20% of what they pay. Then you can use this money to pay for your own plan. What if I need help during the process? If you need help from Air, you can easily contact them. If you're wondering why AirVPN doesn't have "Livechat" or might take a little longer to reply than other providers, then this is why. However you can also just come to these forums. If you can't post yet, then you can read the various guides which exist. In the AirVPN program called Eddie, there's a tab called "logs", which lists various information about what's happening. You can copy this and post it on the forums so we can help. But when you post your logs, MAKE SURE you post them inside "spoiler tags". If you don't use spoiler tags, you will annoy and make things more difficult for everyone, including yourself. I've used untold numbers of spoilers in this guide, as an example. What are logs, where are they and how do I use spoiler tags? When the AirVPN Eddie software is running, it creates a list of what it is doing. What's connecting, when, where, if something went wrong and so on. A log of events. So when you ask for help on these forums, we will often ask about your logs, because without logs, we do NOT know what is happening, in your specific situation . If you open the AirVPN "Eddie" client software, you will see a "Logs" tab. On the top right-hand side of the window, the 2nd button from the top, lets you copy your logs quickly. After copying the logs from Eddie, paste them into your posts when you need help. Do so by typing the short codes necessary; which we call using "Spoiler tags". This makes it much more convenient for everyone; just like this question and answer, is inside a spoiler . Please try to do it, thank you! Is there anything in my AirVPN account I should change? Go to the top-right corner of the screen and click your account username. Then click "My Settngs" in the drop-down box. Under "Profile Privacy", you might wish to un-check the checkbox, if you want others to be able to view your profile when clicking your name. Under the "Notification Options" tab and then under the header "Topics & Posts", check the box which lets you auto-follow things you reply to. This is very useful. Because then you'll get a little notification in the top-right corner, every time someone replies to a thread you made. This makes getting help more convenient. It's also good for following what's happening in threads that you post in. Remember to check the boxes on the right-hand side, so that you can choose if you want to be notified via the forum or via E-mail . You can also enable notifications for when people "like" your posts, since that can be quite encouraging! Under "Profile Settings", you might be curious about who visited your profile. So you can make it show the last 5 visitors. Everything else such as signatures, allowing others to add you as a friend and so on, are up to you. Enjoy! Is there an Experimental or Beta version of the AirVPN Eddie Client I can try? If so, where is it and why would I want to try it? Note that whenever you download the Beta/Experimental Client, you'll always receive the latest one. You can check your version number after you open Eddie and go to its "About" page. There aren't always any Experimental clients to download and new clients are continuously released. So keep an eye on the announcement section, for Beta/Experimental clients. Just because a release is called the "Stable" version, it doesn't mean the Beta/Experimental client is "Unstable". However don't be surprised if you run into issues . You can find the Beta versions [if one is available] on the download page of your OS, under "Other versions": If for some reason an Eddie client doesn't work, try downloading a "portable" version on the OS download page, under "Format". Being Beta/Experimental, you might run into some bugs. However I use the latest all the time, with no problems really. For more information on what features are added and bugs taken away, go straight to the changelog The Beta/Experimental client often includes fixes for bugs which the "Stable" version of Eddie has, as well as various extra features and changes. This helps all platforms. For example, for Windows, a prior Beta release used WFP (Windows Filtering Platform), instead of Windows Firewall, which meant it became easier to use 3rd party security software. 3rd party security software, are things such as Comodo firewall or Avast anti-virus. Things which you install yourself. In addition, it also comes with the latest software updates "out-of-the-box", such as the latest TAP drivers and OpenVPN patches, so you don't have to update them yourself. It may enable some things by default, which a current Stable version requires you to change yourself (as explained in the next section of this guide). By using the Beta, you can also help AirVPN by providing feedback, which means Air can then make things even better . Each Beta release has its own feedback thread. Just remember to describe the problem, tell us which system you use (Linux/Windows/MacOS/etc.), the client version (Go to Eddie client "About" page) and some logs in spoilers! : D. Thanks! After Downloading The Eddie Client Please remember to share your Eddie logs and use spoiler tags, when you need help from the community. How to do so, is answered in the previous section, thank you! What's "Network Lock" & should I use it? Please be aware that using Network Lock with Tor can be contradictory to try. It's not currently planned for. Please also note that it's expected that Eddie turns off Network Lock, when Eddie is shut down. Network Lock in AirVPN, is what many other VPN providers normally call a "killswitch". So this is Airs own "killswitch". Network Lock (NL) is a way for the AirVPN software to force all of your computers network communications through the AirVPN service, so that nothing "leaks out" about your identity. For new users, I don't recommend using it too soon. I recommend waiting a few days and just getting comfortable with the day-to-day running of the software and then using it later. With NL on, your internet connection will stop entirely, if you lose connection to the Air servers. This is great for preventing information from leaking & is a feature, not a bug. Why is this important? Well, I don't want to name & shame other providers, but one poster showed that his last provider leaked his real IP address during server changes. This shouldn't happen. But with NL on, this won't happen to you, because changing servers in Eddie will mean disconnecting from server A to go to server B. Thus the connection is stopped first & then resumed. No leaks. But if you want maximum security right away and aren't afraid of small technical issues, you can start using it right away. It can always be changed back.. How can I test that AirVPN is hiding my IP and DNS addresses correctly? Turning on Network Lock in the Eddie client will protect you from WebRTC leaks. You can use AirVPNs own service called ipleak.net. Make sure it's .net and NOT .com. Since ipleak.net is run by Air, it has now received its own sub-forum, where you can ask questions, give suggestions and receive information on any changes made to ipleak. Un-configured, browsers like Mozilla Firefox and Google Chrome will "leak" (show) your real IP address through a technology called "WebRTC". To stop WebRTC, scroll to the bottom of the ipleak page and read the very short and simple instructions on how to fix it. It's not overly technical, don't worry. If you torrent files, there's also a torrent on the same website, which you can download in order to test which IP other torrenters would see if you torrented a real file. It's recommended you use Free & Open Source Software(FOSS). With this client, you can make it bind itself to whichever network adapter is using the VPN, which is convenient, so that it only torrents when using a VPN. I can recommend setting ipleak.net as your browser start page, so that every time you start your browser, you'll quickly be able to see if everything is working as intended. Eddie can't connect or is very slow, what can I do? If none of the below solutions work, then it's time to ask the forums or Air support. In BOTH cases, please supply your logs, as detailed before. Otherwise no one can help you. First, please make sure your client is updated to the latest Stable or Beta release. You can see your version number in Eddie>Top Left Corner Menu>About. Head to download page if not. Please try different protocols, at Eddie>Menu>Preferences>Protocols>Uncheck "Automatic">Select a protocol, such as SSL or TCP 443> Save>re-connect to an Air server. Please try connecting to not just different servers, but different countries too. Proximity to your location does not automatically mean better connections; due to routing technicalities. If you're an online gamer, you may benefit from changing the buffer sizes, as mentioned by Staff. If you're a Linux, MacOS or Windows user and webpages aren't loading fully or there's less than optimum speed, you can try the so-called "mssfix". If it's simply a problem with connecting to airvpn.org, then please try the alternate entry: airvpn.info - note that sometimes Air comes under attack from within and so you get an error page. If Eddie, such as in its Logs, says there's problems with route checking, please refer here for a solution. Note: disabling Preferences>DNS>Check Air DNS can be tried at the same time too. If you enabled Network Lock and can't connect to the web without Eddie turned on, then please disable Network Lock or reset your firewall and/or DNS, as shown in the two posts here. If torrenting speeds are slow, then please remember to port-forward and configure your torrent client correctly. For detailed guides on this, please go to the Guides Section below. For some ISPs, such as Virgin Media, please check the Guides Section below, for specific tutorials on how to optimize speeds. In some cases, especially if you run Air directly on your router, it's possible that your computer hardware isn't new enough to handle the encryption quickly enough. For Windows users, updating or downgrading the TAP adapter may work. But this shouldn't be tried as the first thing, as it's often not necessary now. For Windows users, you can try downloading a program called TCPOptimizer. Which other steps can I take to increase my privacy and security? Using AirVPN with Tor is a strong answer, among many other good ones. Here's a further explanation of how AirVPN & Tor work, when together. There's also many other ways to handle privacy and security on multiple fronts. If you're looking for a technical challenge, you can install pfSense on a very powerful computer, to make it act like a router, so that all devices connected to your Wi-Fi will be covered by the VPN. Why not just use an expensive commercial router? Because even expensive ones struggle to handle the protocol known as "OpenVPN" efficiently enough to give excellent performance. You can change the software & hardware you use & support the organisations which try to make things better; such as the FSF/EFF. If you're a geek or networking enthusiast, you can also check out things such as the Turris Omnia router, which offers very powerful hardware & software. AirVPN Guides Section Make sure to check the date of the posts you read below. Hope you like it ! Guides, How To's & Troubleshooting Amazon devices like the Fire Stick, Fire TV Cube and others can be used with Android Eddie without sideloading, according to Staff. Mini-guide by Staff on how to test if your connection is being shaped/throttled [How-To] Use AirVPN with Network Manager on Ubuntu/Mint [How-To] AirVPN via SSL/stunnel on Android 6/7/8 [How-To] fix Virgin Media Connection Drops/Bandwidth Issues Plex Server Guidance (Until someone makes an actual Plex guide) Paying with Bitcoin/Cryptocurrency Guidance. (Until someone makes an actual Cryptocurrency guide) Mini-guides On How To Improve Torrent Speeds Mini-guide On Torrenting With Tixati Client How To Autostart AirVPN As Root With No Password (Linux) Note: security risk & What Staff Says(OSX/MacOS) How To Setup The Eddie Client On Raspberry Pi 3 How To Port-Forward & Use A Torrent Client Guide To pfSense 2.3 For AirVPN Guide to pfSense 2.1 For AirVPN Firefox Extensions Guide Guide To Setting Up VPN For Torrenting On Windows Guide - What To Do When A Site Is Blocked AirVPN Forum Styleguide How To Improve Smartphone Security How To Block Non-VPN Traffic With Windows Firewall How To Connect To AirVPN With Your Fritz!box Router Using AirVPN Through Stunnel On Android Using AirVPN Over Tor Using AirVPN on iOS Check Your TAP Driver Version Explaining The Use Of AirVPN With Tor How To Configure A Synology Device For AirVPN AirVPN & iOS Other Noteworthy Resources Links Please be aware that AirVPN, unlike most, does NOT buy or otherwise use paid-for reviews. An alternative VPN client to Eddie, for Linux. Best VPNs 2016 & AirVPNs results Advanced Networking & Computing How To Break The Internet (Cory Doctorow) (Recommended Watch) Why the OpenVPN protocol that Air uses is good Guide to all things privacy Five Eyes Countries Schneier on Encryption CGP Grey explaining Encryption 10 Myths About VPNs (Ignore the self-advertising) (Recommended Read) The Eternal Value Of Privacy (Recommended Read) Credits Thank you to: AirVPN & Staff for their excellent service and explanations. inradius for his guide on how to use Air with Network Manager on Ubuntu/Mint Omninegro for his pertinent guide on extensions. The always crazily knowledgeable and helpful zhang888, whom I owe a lot to for all his work here. Thanks man. Omniferums excellent guide on securing Windows. pfSense_fans guide on how to use the excellent pfSense firewall software. The always very friendly and helpful giganerd! NaDre for his excellent torrenting guide. neolefort for his Synology guide. sheivoko's guide on using AirVPN through stunnel on Android bigbrosbitch for starting a guide on mobile security Zensen for his guide on how to autostart Eddie on Linux with Root sagarbehere for his nice guide on how to set up Eddie on a Raspberry Pi 3 rainmakerraw for his mini-guides on improving torrent speeds and how to torrent. lewisisonfire for his guide to fixing out Virgina Media-related issues and with nice pictures too. Khariz, giganerd and ~Daniel~ for their helpful posts. I hope the guide was of use! If you find any inaccuracies, feel free to tell me. I worked hours on this tiny guide, so I want it to be perfect haha. I hope your experience with AirVPN will be a good one! Mine certainly has been. If you have any questions, feel free to ask. Thank you for reading :] P.S. I consider myself pretty savvy, but I remember being confused when I got here. So I can only imagine how it is for less savvy individuals. P.P.S. I know it lacks images, but images do evil things to my spoilers, lol.
-
6 pointsHello! We're very glad to inform you that two new 10 Gbit/s servers located in Alblasserdam (the Netherlands) are available: Menkent and Piautos. The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. The servers support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses and 4096 bit DH key not shared with any other VPN server. You can check the status as usual in our real time servers monitor: https://airvpn.org/servers/Menkent https://airvpn.org/servers/Piautos Do not hesitate to contact us for any information or issue. Kind regards and datalove
-
6 points
ANSWERED OpenVPN Certificate has expired
ragingwire and 5 others reacted to go558a83nk for a post in a topic
pfsense warned me last month that some old certs were expiring so I'm not surprised that some people are seeing this results. It's unfortunate that software (eddie) or this web site didn't warn people they were using certs about to expire. -
6 pointsHello! We're very glad to inform you that a new 3 Gbit/s (full duplex) server located in Denver, CO (USA) is available: Sadachbia. Sadachbia supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. The AirVPN client will show automatically the new server; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637 and 47107 UDP for WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses and 4096 bit DH key not shared with any other VPN server. You can check the status as usual in our real time servers monitor: https://airvpn.org/servers/Sadachbia Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Staff
-
6 pointsHello! We're very glad to inform you that a new 1 Gbit/s full duplex server located in Auckland (NZ) is available: Tianguan. The AirVPN client will show automatically the new server. If you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts OpenVPN connections on ports 53, 80, 443, 1194, 2018 UDP and TCP, and WireGuard connections on ports 1637, 47107 and 51820. Just like every other Air server, Tianguan supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/Tianguan Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team
-
6 points
Google "Unaddressed Abuse Complaints"
LightlySalted and 5 others reacted to Staff for a post in a topic
Hello! Google Search should never be used for privacy reasons (Google profiling techniques are so advanced that you risk to create a correlation between your real identity and your VPN identity at the tiniest error) and ethical reasons, but you can rely on startpage.com if you really need Google Search. Startpage will proxy your queries to Google Search and serve you back Google reply, therefore an additional protection layer stands between your node and Google and you usually avoid captchas. A very good search engine offering privacy protection commitment is Brave Search: https://search.brave.com Kind regards -
5 points
ANSWERED No Servers in France ?
caffeine0030 and 4 others reacted to Staff for a post in a topic
According to this definition there is no censorship at all anywhere enforced by governments, not in North Korea, not in France, not in China... Please note that your definition is pure fantasy, if not insulting. Censorship is exactly suppression of speech, public communication, or other information subversive of the "common good", or against a given narrative, by law or other means of enforcement. The fact that censorship is enforced by law or by a government body does not make it less censorship. Furthermore, historically censorship was an exclusive matter of some central authority (the first well documented case is maybe the censorship rules to preserve the Athenian youth, infringed by Socrates, for which he was put to death, although the etymology comes from the Roman Office of Censor which had the duty to regulate on citizens' moral practices) and today censorship by governments is predominant. Even In modern times censorship through laws has been and is predominant and pervasive according to Britannica and many academic researches. Then you can discuss ad nauseam whether censorship by law is "right" or "wrong", whether France's censorship is "better" than China's censorship, but you can't change the definition of censorship, otherwise this discussion will become delirious. Kind regards -
5 points
Termination of service in Italy
tranquivox69 and 4 others reacted to foDkc4UySz for a post in a topic
Exactly. A business migration to an "offshore, sovereign nation" might seem like the best solution here, but it's just a hammer putting an angle to the nail. Sure, (Corporation, et al) Taxes might be lower elsewhere, but the proposed unregulated, dynamic blacklist system being implemented in Italy, applies globally to AirVPN's and all Italian resident-customers. If AirVPN were to still be a registered Italian business, and somehow implement technological bypasses of the blacklist to reallow Italian resident-customers, then even a layman could see an argument for detrimental culpability subject to their own business registation laws, if they wish to continue operating out of Italian jurisdiction. I'm certain that the Owners, Staff, Lawyers of AirVPN, being at least of Italian business registration since inception, are taking this legislative battle to heart. Many others will too: I'd bet there'll be an EU review into the frameworks implementation sooner rather than later, once it's filtering impact and resonance are actualised. @Staff Will do whatever they feel is most legal, and best feasible. But there's one reason why we're customers: A "VPN operated by activists in defense of net neutrality, privacy and against censorship." That time is now. -
5 points
[ENDED] 2023 Black Friday Sale
nexsteppe and 4 others reacted to Staff for a post in a topic
Hello! We're very glad to inform you that the Black Friday week has started in AirVPN! Save up to 74% when compared to one month plan price Check all plans and discounts here: https://airvpn.org/buy If you're already our customer and you wish to jump aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day. AirVPN is one of the oldest and most experienced consumer VPN on the market, operating since 2010. It never changed ownership and it was never sold out to data harvesting or malware specialized companies as it regrettably happened to several competitors. Ever since 2010 AirVPN has been faithful to its mission. AirVPN does not inspect and/or log client traffic and offers: five simultaneous connections per account remote port forwarding WireGuard support on all servers flexible and customizable opt-in block lists protecting you from adware, trackers, spam and other malicious sources. You can customize answers or exceptions globally, at account level or even at single device level. powerful API IPv6 full support comfortable access to your client certificates and keys management AES-GCM and ChaCha20 OpenVPN ciphers on all servers Perfect Forward Secrecy with unique per-server 4096 bit Diffie-Hellman keys active daemons load balancing for unmatched high performance - current 'all time high' on client side is 730 Mbit/s with OpenVPN and 1046 Mbit/s with WireGuard internal DNS. Each server runs its own DNS server. DNS over HTTPS and DNS over TLS are also supported. free software support to traffic splitting on an application basis on Android and Linux (alpha testing) and on a destination basis on Windows and macOS AirVPN is the only VPN provider which is actively developing OpenVPN 3 library with a fork that's currently 190 commits ahead of OpenVPN master and adds key features and bug fixes for a much more comfortable and reliable experience: https://github.com/AirVPN/openvpn3-airvpn AirVPN, in accordance with its mission, develops only free and open source software for many platforms, including Android, Linux (both x86 and ARM based systems), macOS and Windows. Promotion due to end on 2023-12-03 (UTC). Kind regards & datalove AirVPN Staff -
5 pointsHello! We reluctantly have to announce gloomy news to you all: Spooky Halloween Deals are now available in AirVPN... Save up to 74% on AirVPN longer plans (*) (*) When compared to 1 month plan price Check all plans and discounts here: https://airvpn.org/plans If you're already our customer and you wish to jump aboard for a longer period any additional plan will be added on top of already existing subscriptions and you will not lose any day. Every plan gives you all the features that made AirVPN a nightmare for snoopers and a scary service for competitors. Just check this frighteningly long list of terrific features if you dare: a clear mission without compromises https://airvpn.org/mission WireGuard support exclusive and very flexible, opt-in block lists against malware and other hostile entities. Pick predefined lists, add exceptions or additional blocks, define your own lists, or just use our totally neutral DNS by default improved API functions to let you control and configure VPN features and account settings active OpenVPN 3 AirVPN library open source development IPv6 support, including IPv6 over IPv4 configurable remote port forwarding refined load balancing to squeeze every last bit per second from VPN servers free and open source software for Android, Linux, Mac and Windows easy "Configuration Generator" web interface for access through third party software guaranteed minimum bandwidth allocation GDPR compliance and very high privacy protection standards no log and/or inspection of clients' traffic effective traffic leaks prevention by AirVPN software Tor support via AirVPN software on Linux, Mac and Windows various cryptocurrencies accepted without any intermediary no obligation to use our free and open source software to enter AirVPN infrastructure. Interoperability is an AirVPN priority. perfectly clear and easy to read Privacy Notice and Terms https://airvpn.org/privacy No tricks, only treats! We witch you a spooktacular Halloween! Grim regards & datathrills AirVPN Staff
-
4 pointsHello! We're very glad to inform you that a new Eddie Air client version has been released: 2.24 beta. It is ready for public beta testing. How to test our experimental release: Go to download page of your OS Click the button Switch to EXPERIMENTAL Download and install This is a new version of Eddie Desktop (Windows / Linux / MacOS). We know there is still 2.21.8 as stable, and 2.22.x and 2.23.x series never reached the stable version. We hope that this version 2.24.x will be tested and reach a stable release. Internally (in terms of development and code) it represents a significant step forward for us: the CLI editions are compiled with dotnet 7, without Mono, Xamarin and any dependency on NetFramework (Windows) or Mono (Linux, MacOS). All CLI projects can be opened in Visual Studio Code and debugged on any OS (macOS, Linux, Windows) without the need to use Xamarin, Visual Studio or Visual Studio for Mac. A new UI is in the works that will finally remove the dependency on Mono and Xamarin, but we don't have a release date to announce yet. The MacOS CLI is new (previously there was only the UI, or the UI with "-cli"), and it's also native for arm64. Overall, there has been a significant effort to clean up and modernise the code, and to prepare our build/deploy scripts for the new UI as well. We understand that there are still tickets or posts that we haven't responded to yet, but we preferred to complete this step first. Main changelog: [new] WireGuard is now the default communication protocol [new] All CLI editions can be compiled and debugged with VSCode and .NET7 [new] [macOS] CLI-only edition, built with .NET7, without Xamarin [new] New commandline only option "elevated.method" [change] OpenVPN 2.6.9 [change] [linux] CLI edition, built with .NET7, without Mono [change] [linux] .deb and .rpm, removed Mono dependency [change] [linux] .deb package tries to initialize elevated service at install/uninstall, .rpm package still missing this feature. [change] [windows] CLI edition, built with .NET7 [change] [all] Better management of SIGTERM signal [change] [all] Don't check if app dir is writable for portable-mode, now managed by presence of "portable.txt". [bugfix] [linux] terminal issue with sudo elevation [deprecation] [all] -cli mode for UI. Use CLI edition directly, now available in all supported platform. [deprecation] [windows] Vista builds [deprecation] [windows] Windows Firewall Network Lock mode [deprecation] [linux] x86 builds [deprecation] [linux] Portable Mono builds
-
4 points
Been using for years
Mister85 and 3 others reacted to boe_jiden123 for a post in a topic
This is by far the most resilient vpn I use. There are so many features and the VPN auto connected. There are many servers to choose from and the speeds are very fast! 😁 5/5. -
4 pointsHello! We're very glad to inform you that two new 3 Gbit/s (full duplex) server located in San José, CA (USA) are available: Bunda and Imai. They support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses and 4096 bit DH key not shared with any other VPN server. You can check the status in our real time servers monitor: https://airvpn.org/servers/Bunda https://airvpn.org/servers/Imai Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Staff
-
4 pointsHello! We're very glad to inform you that 6 new 1 Gbit/s (full duplex) servers located in Miami, Florida (USA), are available: Aladfar, Ascella, Chertan, Elkurud, Giausar, Meleph. The servers supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses and 4096 bit DH key not shared with any other VPN server. You can check the status as usual in our real time servers monitor: https://airvpn.org/servers/Aladfar https://airvpn.org/servers/Ascella https://airvpn.org/servers/Chertan https://airvpn.org/servers/Elkurud https://airvpn.org/servers/Giausar https://airvpn.org/servers/Meleph Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Staff
-
4 points
Termination of service in Italy
tranquivox69 and 3 others reacted to Staff for a post in a topic
Hello! We were easy prophets in this case. The catastrophic blackout referred to in the article is a concrete example of the risk we denounced, a violation of fundamental rights, a confirmation of the wisdom of our decision and a demonstration of the irresponsible and odious frivolity of decisions taken by private actors. Our infrastructure must not be polluted by repugnant decisions taken by private entities that seem to have little or no technical competence and that, so far, enjoy impunity for any mistake, no matter how serious. Kind regards -
4 points
Termination of service in Italy
Stalinium and 3 others reacted to Riddick for a post in a topic
I feel for the Italians, but how can you challenge a corrupt government "this is all part of the plan" not country specific but world-wide ! One small step for Italy, one giant leap for World domination -
4 pointsHello! We're very glad to inform you that a new 3 Gbit/s (full duplex) server located in Raleigh, NC (USA) is available: Polis. Polis supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. The AirVPN client will show automatically the new server; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses and 4096 bit DH key not shared with any other VPN server. You can check the status as usual in our real time servers monitor: https://airvpn.org/servers/Polis Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Staff
-
4 points
[ENDED] 2023 Black Friday Sale
comet-e and 3 others reacted to S.O.A. for a post in a topic
I've been with AirVPN since 2013, and it gives me a laugh every time there is a sale they're still using the same gif. 😄 -
4 points
Eddie Desktop 2.23 beta released
Monotremata and 3 others reacted to Staff for a post in a topic
Version 2.23.2 [bugfix] [macOS] Fixed an issue with disk .DMG build [change] [Windows] curl 8.2.1 [change] [macOS] Preferences > WireGuard > MTU [bugfix] [all] Fix for exit failures [change] [all] OpenVPN 2.6.6 [change] [all] Minor fixes and code cleanup, preparation to net7 upgrade This version will be considered stable as soon as possible. Other issues reported in tickets or in this topic are under investigation. -
4 points
ANSWERED Stuck in a broken route, never connects
Stolen Compass and 3 others reacted to Staff for a post in a topic
Hello! The Express VPN interface causes a critical error to OpenVPN: Tell Eddie to ignore any alien interface: Select from Eddie's main window Preferences > Networking, write eddie in the "VPN interface name" field click Save. You may also consider to switch to WireGuard to bypass the alien interface. You can do it in Preferences > Protocols window. Uncheck Automatic, select a WireGuard connection mode and click Save. Kind regards -
4 points
ANSWERED [SOLVED] OPNSense WireGuard configuration
MysticAnimated and 3 others reacted to theocean for a post in a topic
In case this helps anyone in future - When creating a port forward for a Wireguard interface in OPNSense, the automatic firewall that is created doesn't work. To fix this, go to the wireguard interface firewall rules. Create a new rule that's the same as the automatic firewall rule, except click "Advanced features: Show/Hide" and set "reply-to" to the wireguard interface. Then go back to the port forward rule and set "Filter rule association" to "None" to remove the original (broken) firewall rule. -
4 points
How-to: AirVPN on Synology DSM6 and DSM7 complete guide
arcado and 3 others reacted to Mikester for a post in a topic
OK, I was in contact with AirVPN support who were asking for the version of OpenVPN (it's 2.5.8 in DSM 7.2) and also for the OpenVPN log. I couldn't find it and, while googling the subject, came across a post by someone having similar problems with a different VPN provider. This worked for me: - Go to the config generator - Select Router - Don't click on Advanced, just select UDP 443 (I believe that's selected by default) - Select your server/country/whatever you like - Generate the ovpn file In DSM: - Create a VPN profile - Give it a name - Enter your AirVPN credentials - Select the ovpn file you just generated - Click the checkboxes in the next screen - Click Connect and it should connect... worked here anyway. This had been driving me nuts for a few hours. I even tried another VPN (free trial) which didn't work, so I was really wondering if the server's VPN module was broken! -
4 pointsHello! The main reason of complaints and black list presence of IP addresses are attacks via HTTP(S) and spam mails. A server with blocked outbound ports 80 and 443 blocked would be avoided by anyone, we think, while we might consider to block outbound ports 465 and 587 (outbound port 25 is already blocked on all servers) and renounce to our fight to defend net neutrality. This will require however a mission as well as Terms of Service modification, as noted by @OpenSourcerer , so it's not a viable solution for the current management administration and the contracts with our current users. Out there you can already find tons of VPNs which violate net neutrality by inspecting your traffic and blocking (or shaping) applications, protocols and ports. Or you can just use your own ISP. The peculiarity of AirVPN is that it doesn't enforce that rubbish.. If one asks for traffic inspection, ports blocking and so on and so forth to get a "cleaner" IP address, then he/she probably "deserves" a pervasive surveillance and must take into account that his/her personal information and his/her behavior will be sooner or later used against him/her, as it already happened to millions and millions of people around the world in the last years. Kind regards
-
3 points
Linux: AirVPN Suite 2.0.0 beta available
B3NJAMIN and 2 others reacted to Staff for a post in a topic
Hello! We're very glad to inform you that AirVPN Suite version 2.0.0 alpha 1 is now available. UPDATE 2023-11-24: version 2.0.0 alpha 2 is now available. UPDATE 2024-05-14: version 2.0.0 beta 1 is now available. AirVPN Suite 2.0.0 introduces AirVPN's exclusive per app traffic splitting system as well as some bug fixes, revised code in order to pave the way towards the final and stable release, WireGuard support, and the latest OpenVPN3-AirVPN 3.9 library. Please see the respective changelogs for a complete list of preliminary changes for each component of the suite. If you feel adventurous and you wish to test this beta version, please feel free to report any glitch, bug and problem in this very thread. The 2.0.0 Beta 1 Suite includes: Bluetit: lightweight, ultra-fast D-Bus controlled system daemon providing full connectivity and integration to AirVPN servers, or generic OpenVPN and WireGuard servers. Bluetit can also enforce Network Lock and/or connect the system to AirVPN during the bootstrap Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN and WireGuard servers Hummingbird: lightweight and standalone binary for generic OpenVPN and WireGuard server connections Cuckoo: traffic split manager, granting full access and functionality to AirVPN's traffic split infrastructure WARNING: this is beta software in its development stage and may have bugs which may also cause critical and unstable conditions. This software is used at the whole risk of the user and it is strongly advised not to use it in production or critical systems or environments. WireGuard support WireGuard support is now available in Bluetit and Hummingbird. OpenVPN or WireGuard selection is controlled by Bluetit run control file option airvpntype or by Goldcrest option -f (short for --air-vpn-type). Possible values: openvpn, wireguard. Default: openvpn. The option is documented in the 1.3.0 manual as well. Bluetit run control file (/etc/airvpn/bluetit.rc) option: airvpntype: (string) VPN type to be used for AirVPN connections. Possible values: wireguard, openvpn. Default: openvpn Goldcrest option: --air-vpn-type, -f : VPN type for AirVPN connection <wireguard|openvpn> Suspend and resume services for systemd based systems For your comfort, the installation script can create suspend and resume services in systemd based systems, according to your preferences. allowing a more proper management of VPN connections when the system is suspended and resumed. The network connection detection code has also been rewritten to provide more appropriate behaviour. Asynchronous mode A new asynchronous mode (off by default) is supported by Bluetit and Goldcrest, allowing asynchronous connections. Network Lock can be used accordingly in asynchronous connections. Please consult the readme.md file included in every tarball for more information and details. Word completion on bash and zsh Auto completion is now available by pressing the TAB key when entering any Goldcrest or Hummingbird option and filename on a bash or zsh interpreter. Auto completion files are installed automatically by the installation script. AirVPN's VPN traffic splitting AirVPN Suite version 2.0.0 introduces traffic splitting by using a dedicated network namespace, therefore completely separating the VPN traffic from unencrypted and "out of the tunnel" traffic. The VPN traffic is carried out in the default (main) namespace, ensuring all system data and traffic to be encrypted and tunneled into the VPN by default. No clear and unencrypted data are allowed to pass through the default namespace. Any optional unencrypted data or clear network traffic must be explicitly requested by an authorized user with the right to run cuckoo, the AirVPN traffic split manager tool. AirVPN's traffic splitting is enabled and controlled by Bluetit and by means of run control directives. The system has been created in order to minimize any tedious or extensive configuration, even to the minimal point of telling Bluetit to enable traffic splitting with no other setting. In order to enable and control AirVPN's traffic splitting, the below new run control directives for /etc/airvpn/bluetit.rc have been introduced: allowtrafficsplitting: (on/off) enable or disable traffic splitting (unencrypted and out of the tunnel traffic) Default: off trafficsplitnamespace: (string) name of Linux network namespace dedicated to traffic splitting. Default: aircuckoo trafficsplitinterface: (string) name of the physical network interface to be used for traffic splitting. All the unencrypted and out of the tunnel data will pass through the specified network device/interface. In case this directive is not used and unspecified, Bluetit will automatically use the main network interface of the system and connected to the default gateway. Default: unspecified trafficsplitnamespaceinterface: (string) name of the virtual network interface to be associated to the Linux network namespace dedicated to traffic splitting. Default: ckveth0 trafficsplitipv4: (IPv4 address|auto) IPv4 address of the virtual network interface used for traffic splitting. In case it is set to 'auto', Bluetit will try to automatically assign an unused IPv4 address belonging to the system's host sub-network (/24) Default: auto trafficsplitipv6: (IPv6 address|auto) IPv6 address of the virtual network interface used for traffic splitting. In case it is set to 'auto', Bluetit will try to automatically assign an unused IPv6 address belonging to the system's host sub-network (/64) Default: auto trafficsplitfirewall: (on/off) enable or disable the firewall in Linux network namespace dedicated to traffic splitting. The firewall is set up with a minimal rule set for a very basic security model. Default: off AirVPN's traffic splitting is designed in order to minimize any further configuration from the system administrator. To actually enable traffic splitting, it is just needed to set "allowtrafficsplitting" directive to "on" and Bluetit will configure the traffic split namespace with the default options as explained above. When needed, the system administrator can finely tune the traffic splitting service by using the above directives. At this early alpha stage, it is advised not to change the network namespace name but leave it to its default value "aircuckoo" to let cuckoo tool properly work. Power and limitations The adopted solution offers a remarkable security bonus in terms of isolation. For example, it gets rid of the dangerous DNS "leaks in" typical of cgroups based traffic splitting solutions. However, the dedicated namespace needs an exclusive IP address. If the system is behind a NAT (connected to a home router for example) this is not a problem, but if the system is not behind any NAT, i.e. it is assigned directly a public IP address, you will need another public IP address for the network namespace dedicated to traffic splitting. You will need to manually set the other public IP address on the trafficsplitipv4 or trafficsplitipv6 directive as the guessing abilities of Bluetit may work only within a private subnet. Please keep this limitation in mind especially if you want to run the Suite with per app traffic splitting on a dedicated or virtual server in some datacenter, as they are most of the times NOT behind any NAT. Introducing Cuckoo, the AirVPN traffic splitting manager tool Traffic splitting is implemented in AirVPN Suite by using a separate and independent network namespace, directly communicating with the system's default gateway through a virtual interface associated to a physical network interface available in the system. This ensures a true separation of traffic between tunneled and encrypted VPN data from the unencrypted and clear data to be channeled out of the VPN tunnel. The unencrypted traffic will never pass through the default namespace - which is under the VPN control - including, and most importantly, DNS requests. To generate unencrypted and out of the tunnel traffic, any software having this need must be run inside the traffic split namespace. In order to do so, AirVPN Suite 2.0.0 introduces a new tool meant to be specifically used for this purpose: Cuckoo. The tool can be used by users belonging to the airvpn group only. It cannot be used by root or any user belonging to the root group. Additionally, in order to fully use the cuckoo tool, the user must also have special capabilities enabled, notably CAP_SYS_ADMIN, CAP_NET_ADMIN and CAP_NET_RAW. The installation script will set these capabilities to the "airvpn" user only. In case you need to let other users of the airvpn group use the cuckoo tool, you can simply duplicate the corresponding line in /etc/security/capability.conf and adapt it to your needs. Note that in many distributions all of the above will not be necessary but keep it in mind if you find some issue and please feel free to report it. At this current alpha stage cuckoo supports "aircuckoo" namespace only, that is the default namespace configured by Bluetit. This preliminary alpha version does not provide any option and it is meant to simply run an application inside the traffic split namespace only. The usage is straightforward: cuckoo program [program options] The traffic split namespace uses its own routing, network channels and DNS. It will not interfere or communicate in any way with the default namespace where the VPN is running and using its own encrypted tunnel. As for DNS, the traffic split namespace will use default system DNS settings. Programs started with cuckoo are regular Linux processes and, as such, can be managed (that is stopped, interrupted, paused, terminated and killed) by using the usual process control tools. The programs started by cuckoo are assigned to the user who started cuckoo. As a final note, in order to work properly, the following permissions must be granted to cuckoo and they are always checked at each run. Owner: root Group: airvpn Permissions: -rwsr-xr-x (owner can read, write, execute and setuid; group can read and execute, others can read and execute) Note on Web Browsers Firefox and Chromium will not be able to resolve names in the aircuckoo namespace, not even when you run a unique instance of them inside the network namespace itself, in some Ubuntu systems. We are investigating this behavior. Brave, Opera and Konqueror are not affected by this problem, but please consider that due to how browser instances are tied to each other, you might get unexpected behavior if you run the same browser in both namespaces from the same user. For example, if the browser has been started in the default namespace while there is an active AirVPN connection, the traffic will flow to the connected AirVPN server and from the associated VPN IP address from any future apparent instance launched by the same user, and vice-versa. The second instance may detect the first, delegate the task to it and exit, so you will have a new window but not another instance. In order to circumvent the issue, at this stage you may tale care to run programs in the aircuckoo namespace via cuckoo only from airvpn account, and programs whose traffic must be tunneled from your ordinary account. In other words, to add security, do not add your ordinary account to the airvpn group if you plan to use traffic splitting, so your ordinary account will not be able to run cuckoo by accident. Download AirVPN Suite 2.0.0 beta 1: ARM 64 bit: https://eddie.website/repository/AirVPN-Suite/2.0-Beta1/AirVPN-Suite-aarch64-2.0.0-beta-1.tar.gz https://eddie.website/repository/AirVPN-Suite/2.0-Beta1/AirVPN-Suite-aarch64-2.0.0-beta-1.tar.gz.sha512 ARM 64 bit legacy: https://eddie.website/repository/AirVPN-Suite/2.0-Beta1/AirVPN-Suite-aarch64-legacy-2.0.0-beta-1.tar.gz https://eddie.website/repository/AirVPN-Suite/2.0-Beta1/AirVPN-Suite-aarch64-legacy-2.0.0-beta-1.tar.gz.sha512 ARM 32 bit: https://eddie.website/repository/AirVPN-Suite/2.0-Beta1/AirVPN-Suite-armv7l-2.0.0-beta-1.tar.gz https://eddie.website/repository/AirVPN-Suite/2.0-Beta1/AirVPN-Suite-armv7l-2.0.0-beta-1.tar.gz.sha512 ARM 32 bit legacy: https://eddie.website/repository/AirVPN-Suite/2.0-Beta1/AirVPN-Suite-armv7l-legacy-2.0.0-beta-1.tar.gz https://eddie.website/repository/AirVPN-Suite/2.0-Beta1/AirVPN-Suite-armv7l-legacy-2.0.0-beta-1.tar.gz.sha512 x86-64: https://eddie.website/repository/AirVPN-Suite/2.0-Beta1/AirVPN-Suite-x86_64-2.0.0-beta-1.tar.gz https://eddie.website/repository/AirVPN-Suite/2.0-Beta1/AirVPN-Suite-x86_64-2.0.0-beta-1.tar.gz.sha512 x86-64 legacy: https://eddie.website/repository/AirVPN-Suite/2.0-Beta1/AirVPN-Suite-x86_64-legacy-2.0.0-beta-1.tar.gz https://eddie.website/repository/AirVPN-Suite/2.0-Beta1/AirVPN-Suite-x86_64-legacy-2.0.0-beta-1.tar.gz.sha512 Changelogs Changelog for Bluetit Version 2.0.0 beta 1 - 13 May 2024 - [ProMIND] WireGuard is now the default VPN for AirVPN connection - [ProMIND] added client option --mtu - [ProMIND] added run control directive wireguardmtu - [ProMIND] added mode to client options - [ProMIND] removed options for unsupported profiles with credentials - [ProMIND] function check_if_root() renamed to is_root() - [ProMIND] added is_hummingbird_running() function - [ProMIND] D-Bus connection methods now check whether hummingbird is running - [ProMIND] Added server D-Bus keys vpn_status to connection_stats - [ProMIND] Added D-Bus command "remove_wireguard_device" - [ProMIND] Added BLUETIT_STATUS_WIREGUARD_DEVICE_EXISTS macro in btcommon.h - [ProMIND] Added wireguard_device_exists() function - [ProMIND} bluetit_status(): added check for existing WireGuard devices - [ProMIND] Added command line option "remove-wireguard-device" to be used in case a crash or unexpected exit and there is a WireGuard device still active - [ProMIND] Added remove_wireguard_device() function - [ProMIND] airvpn_server_save(): added check for south and north america continents - [ProMIND] airvpn_create_profile(): added use_country_fqdn argument - [ProMIND] Added air-sort and air-rsort options - [ProMIND] Added air-limit option - [ProMIND] btcommon.h renamed to btmacro.h - [ProMIND] Added server D-Bus key load to airvpn_country_info and airvpn_country_list datasets - [ProMIND] Manifest update interval is now set according to Manifest "next_update" element - [ProMIND] Added server D-Bus key continent_code and continent_name to airvpn_server_info and airvpn_server_list datasets - [ProMIND] Fixed bug in formal check for "country" and "aircountry" rc directives - [ProMIND] Added --async option for asynchronous connections - [ProMIND] Options --air-info and --air-list can now be used regardless of Bluetit connection status - [ProMIND] Added function vpn_connection_mode() - [ProMIND] Added macros VPN_MODE_BOOT, VPN_MODE_SYNCHRONOUS, VPN_MODE_ASYNCHRONOUS and VPN_MODE_DISCONNECTED - [ProMIND] Added server D-Bus keys airvpn_user_name, airvpn_user_key and vpn_connection_mode to connection_stats dataset *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 2.0.0 alpha 2 - 24 November 2023 - [ProMIND] implemented WireGuard connection - [ProMIND] replaced all OPENVPN_LOG call with Logger::log - [ProMIND] added function is_country_allowed - [ProMIND] function start_openvpn_connection renamed to start_vpn_connection() - [ProMIND] added WireGuard support to start_vpn_connection - [ProMIND] function stop_openvpn_connection renamed to stop_vpn_connection() - [ProMIND] added WireGuard support to stop_vpn_connection() - [ProMIND] D-Bus command set_openvpn_profile renamed to set_vpn_profile in order to support both OpenVPN and WireGuard connections - [ProMIND] added set_wireguard_profile() function - [ProMIND] added establish_wireguard_connection() and reconnect_wireguard() functions - [ProMIND] function reconnect_openvpn() renamed to reconnect_vpn() - [ProMIND] added WireGuard support to reconnect_vpn() *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 2.0.0 alpha 1 - 15 September 2023 - [ProMIND] updated to OpenVPN3 AirVPN 3.9 - [ProMIND] create_daemon(): replaced sprintf with snprintf - [ProMIND] create_daemon(): replaced sprintf with snprintf - [ProMIND] airvpn_server_save(): added generator tag - [ProMIND] airvpn_key_save(): added generator tag - [ProMIND] added run control directives allowtrafficsplitting, trafficsplitnamespace, trafficsplitinterface, trafficsplitnamespaceinterface, trafficsplitipv4, trafficsplitipv6 and trafficsplitfirewall - [ProMIND] start_openvpn_connection(): added log display of local interfaces/addresses - [ProMIND] recover_network(): delete traffic split namespace, in case it does exist. *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog for Cuckoo Version 2.0.0 beta 1 - 13 May 2024 *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 2.0.0 alpha 2 - 24 November 2023 - [ProMIND] Minor development maintenance release *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 2.0.0 alpha 1 - 15 September 2023 - [ProMIND] Initial alpha development release Changelog for Goldcrest Version 2.0.0 beta 1 - 13 May 2024 - [ProMIND] normalization of run control file options with Bluetit's client option macros - [ProMIND] removed options for unsupported profiles with credentials - [ProMIND] added auto completion scripts for bash and zsh - [ProMIND] added support for Bluetit's "remove-wireguard-device" option - [ProMIND] added support for Bluetit's "air-sort" and "air-limit" options - [ProMIND] added support for Bluetit's new D-Bus datasets fields - [ProMIND] added support for Bluetit async option - [ProMIND] show_connection_stats(): added support for vpn_connection_mode, airvpn_user_name and airvpn_user_key - [ProMIND] added Bluetit async option in run control file - [ProMIND] --network-lock option can now be used in async mode (set network lock on and off) *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 2.0.0 alpha 2 - 24 November 2023 - [ProMIND] show_connection_stats(): added WireGuard support - [ProMIND] show_connection_stats(): added new 2.0 stat fields *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 2.0.0 alpha 1 - 15 September 2023 *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog for Hummingbird Version 2.0.0 beta 1 - 13 May 2024 - [ProMIND] function read_profile() renamed to read_openvpn_profile() - [ProMIND] function worker_thread() renamed to openvpn_worker_thread() - [ProMIND] function start_connection_thread() renamed to start_openvpn_connection_thread() - [ProMIND] added function wireguard_client() - [ProMIND] added function finalize_connection() - [ProMIND] added option mode - [ProMIND] normalized log activity. Added function hblog() - [ProMIND] function clean_up() renamed to clean_up_and_exit() - [ProMIND] added function parse_options() - [ProMIND] added function bluetit_lock_file_exist() - [ProMIND] init_check(): improved check for Bluetit connection - [ProMIND] clean_up_and_exit() renamed to cleanup_and_exit() - [ProMIND] added auto completion scripts for bash and zsh - [ProMIND] added "remove-wireguard-device" option - [ProMIND] Added wireguard_device_exists() function *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 2.0.0 alpha 2 - 24 November 2023 - [ProMIND] initial compliance to 2.0 classes and architecture *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 2.0.0 alpha 1 - 15 September 2023 - [ProMIND] updated to OpenVPN3 AirVPN 3.9 - [ProMIND] --eval option prints ClientAPI::EvalConfig.reouteList data *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog for AirVPN Suite Version 2.0.0 beta 1 - 13 May 2024 - [ProMIND] updated install.sh and uninstall.sh scripts for suspend and resume services airvpnmanifest - [ProMIND] searchServer(): pattern is now searched in continent code and name as well airvpnserver - [ProMIND] method getContinent() renamed to getContinentCode() - [ProMIND] method setContinent() renamed to setContinentCode() - [ProMIND] added method getContinentName() - [ProMIND] implemented boolean comparison methods for std::sort airvpnserverprovider - [ProMIND] getFilteredServerList(): added handling for continents in country white and black lists - [ProMIND] method compareServerScore() moved to AirVPNServer class airvpntools - [ProMIND] added method directoryExists() - [ProMIND] added method startsWith() - [ProMIND] method getLoad() renamed to getTrafficLoad() - [ProMIND] split() fixed bug in case string does not contain delimiter - [ProMIND] SERVER_READ_TIMEOUT is now set to 15 seconds - [ProMIND] requestAirVPNDocument(): vector bootServerList is now shuffled before starting the document request countrycontinent - [ProMIND] Added method realCountryName() - [ProMIND] Added constants EARTH, AFRICA, AMERICA, NORTH_AMERICA, SOUTH_AMERICA, ASIA, EUROPE and OCEANIA dnsmanager - [ProMIND] All binary paths are now searched at construction time - [ProMIND] Added DNSManagerException class execproc.c - [ProMIND] Added function exec_error_description() - [ProMIND] Added function exec_cmd_error_description() - [ProMIND] Added function exec_cmd_args_error_description() loadmod.c - [ProMIND] Added function is_module_loaded() netfilter - [ProMIND] All binary paths are now searched at construction time - [ProMIND] Added method isNftUsingIptables() - [ProMIND] Added iptables-nft support to iptablesSave() and iptablesRestore() methods - [ProMIND] Added method isPfEnabled() - [ProMIND] Added methods allowPrivateNetwork() and isPrivateNetworkAllowed() - [ProMIND] Added local and service IPv6 network classes to the default initialization of netfilter - [ProMIND] setup(): added optional argument for private network management network - [ProMIND] struct Gateway: added isDefault field - [ProMIND] method scanDefaultGateway() renamed to scanGateway() - [ProMIND] added method getGatewayFromRouteTable() - [ProMIND] added method getGateway() - [ProMIND] removed member defaultGateway - [ProMIND] added members IPv4Gateway and IPv6Gateway openvpnclient - [ProMIND] implemented OpenVpnClient::acc_event() in order to comply to new master specifications. Event is ignored. - [ProMIND] Added private network option for constructors using a private NetFilter optionparser - [ProMIND] added mode to OptionConfig and Option structures - [ProMIND] added function getOptionsForMode() - [ProMIND] added function getInvalidOptionsForMode() trafficsplit - [ProMIND] added methods removeNamespaceDirectory(), namespaceConfigurationExists(), isDirty() and recover() - [ProMIND] removed methods removeDefaultNamespaceDirectory(), defaultNamespaceConfigurationExists() - [ProMIND] added methods getIPv4Gateway(), setIPv4Gateway(), getIPv6Gateway() and setIPv6Gateway() wireguardclient - [ProMIND] added method setEndPointPort() - [ProMIND] added method removeDevice() - [ProMIND] added methods createInterfaceDevice(), setDeviceConfiguration(), getDeviceList(), changeWgFilesOwnership() ands restoreWgFilesOwnership() (macOS support) - [ProMIND] Added private network option for constructors using a private NetFilter - [ProMIND] Implemented event management - [ProMIND] Improved handshake timeout management vpnclient - [ProMIND] Added private network option for constructors using a private NetFilter *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 2.0.0 alpha 2 - 24 November 2023 execproc.c - [ProMIND] added macros EXEC_MODE_VECTOR, EXEC_MODE_VECTOR_PATH, EXEC_MODE_VECTOR_PATH_ENV and EXEC_MODE_DEFAULT - [ProMIND] added functions exec_set_mode(), exec_set_environ() and exec_reset() - [ProMIND] do_execute(): added mode and environment handling - [ProMIND] execute_process(), execute_process_args(): call exec_reset() before returning - [ProMIND] get_exec_path(): renamed to exec_get_path() and added an extra argument to specify a colon separated search path airvpntools - [ProMIND] method architecture() now uses GCC macros only - [ProMIND] added method platform() dnsmanager - [ProMIND] addAddressToResolvDotConf() now requires IPAddress type logger - [ProMIND] added overloaded log metoths for std::ostringstream network - [ProMIND] added methods setupInterface(), enableInterface() and setInterfaceMtu() - [ProMIND] added method setIPAddress() to Interface class - [ProMIND] scanLocalIpAddresses() renamed to scanLocalInterfaces() - [ProMIND] Interface: added method getAddressCount() openvpnclient - [ProMIND] added inheritance from vpnclient class - [ProMIND] get_connection_stats(): added timestamp item - [ProMIND] function openVPNInfo() renamed to getInfo() - [ProMIND] function openVPNCopyright() renamed to getCopyright() wireguardclient - [ProMIND] added inheritance from vpnclient class - [ProMIND] implemented connection management methods vpnclient - [ProMIND] new class *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 2.0.0 alpha 1 - 15 September 2023 - [ProMIND] updated to OpenVPN3 AirVPN 3.9 - [ProMIND] updated install.sh and uninstall.sh scripts - [ProMIND] updated bluetit.rc template - [ProMIND] updated nsswitch.conf template - [ProMIND] added cuckoo tool to the project airvpntools - [ProMIND] formatTransferRate(): replaced sprintf with snprintf - [ProMIND] formatDataVolume(): replaced sprintf with snprintf - [ProMIND] formatTime(): replaced sprintf with snprintf execproc.c - [ProMIND] execute_process(): added stderr redirection to char *error argument - [ProMIND] do_execute(): renamed parent_pipe and child_pipe to stdin_pipe and stdout_pipe respectively - [ProMIND] do_execute(): added stderr_pipe array - [ProMIND] do_execute(): added stderr redirection to char *error argument localnetwork - [ProMIND] Class renamed to Network netfilter - [ProMIND] translateItemToNFTables(): added dormant flag to table creation - [ProMIND] added method getSystemFirewallBackend() - [ProMIND] added TARGET_IPTABLES_LEGACY and TARGET_UNKNOWN members - [ProMIND] added method itemToCommandRule() network - [ProMIND] added method interfaceExists() - [ProMIND] added overloaded method incrementIpAddress() - [ProMIND] added new public class Interface - [ProMIND] removed old interface and IP address collection in favor of class Interface - [ProMIND] removed methods scanIpAddresses() and scanInterfaces() - [ProMIND] default gateway is now evaluated at object construction and stored in member defaultGateway - [ProMIND] struct Gateway member address is now defined as IPAddress - [ProMIND] added excludeIpAddresses() and worker methods to compute a route by excluding an IP address range - [ProMIND] added getIpAddressNetmask(), getIpAddressHostmask() and getIpAddressNetwork() methods - [ProMIND] added internetChecksum() method - [ProMIND] added getNextUnusedIpAddress() method and worker methods - [ProMIND] added LocalNetworkException class openvpnclient - [ProMIND] profileNeedsResolution(): added check for ClientAPI::EvalConfig.reouteList - [ProMIND] resolveProfile(): added resolution for ClientAPI::EvalConfig.reouteList - [ProMIND] onResolveEvent(): removed log display of local interfaces/addresses - [ProMIND] saveSystemDNS(): replaced deprecated inet_ntoa() with inet_ntop() - [ProMIND] added new method getSystemDnsTable() trafficsplit - [ProMIND] new class *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Kind regards & Datalove AirVPN Staff -
3 points
More tunneling options
Silicon9503 and 2 others reacted to zimbabwe for a post in a topic
You know, it's sort of sad to think that you must fall into the darkness just because you are not belonging to the "overwhelming majority of the world". China, Russia, Belarus, Venezuela, Turkmenistan, Egypt, Turkey. Who's next? I know we are all the "third world" but we are people and want the information! If no one will lend us a hand from the greater world, where life is still okay, we won't ever make it out of the darkness. -
3 pointsThis HOWTO describes how to connect to AirVPN with a Wireguard VPN tunnel from OPNsense. This is the first draft of this howto, i might add (more) screenshots later on. Version: 0.1 Date: 20231029 What we are going to achieve We'll create a single Wireguard VPN Tunnel, IPv4 Only. Traffic to the tunnel will be NATted Requirements OPNsense firewall is up-and-running and updated. This howto is based on version 23.7.7_1 You have basic knowledge on using OPNsense i.e. firewall rules, NAT, routing, gateways and aliases. AirVPN Premium Access Step 1. Information gathering We'll grab some info that we need to configure the Wireguard Tunnel. Go to the Client Area. Got to VPN Devices. Add a device or edit your existing device. Note your Public Key and IPv4 under the heading "Wireguard" Go back to the Client Aerea. Go to Config Generator Select "router" under "Choose your OS" Select "Wireguard under "Choose protocols" Select your country under "By Countries". I selected Netherlands Scroll way down and download your config. This is an example of a Wireguard config: (the keys and IP are random and will not work, use your own) [Interface] Address = 10.45.95.123/32 PrivateKey = X72xgdx23XDomnSXmcy#S4Jc#9Y5G*vU$wg^n499yn6 MTU = 1320 DNS = 10.128.0.1 [Peer] PublicKey = VTSQ77Uk4^&RY4h%S$#9h8PR2T&xyya&yPTtk6oD^m$ PresharedKey = b7&&7bntmCS5q%&4J*mSKBAUvV4XEqHerwscvbappXQ Endpoint = nl3.vpn.airdns.org:1637 AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 15 Step 2. Create the Tunnel configuration Peer configuration: in OPNsense go to VPN|Wireguard|Settings|Peers. Create a peer with the following information: Name: wg_airvpn_<country code>. mine is called wg_airvpn_nl Public key: <PublicKey under heading [Peer] of your generated WG Config> Pre-shared key <presharedKey under heading [Peer] of your generated WG Config> Allowed IP's: 0.0.0.0/0 Endpoint Address: <Endpoint under heading [Peer] of your generated WG Config> Endpoint port: 1637 (default port) Keepalive interval: 15 (default interval) Instance configuration: in OPNsense go to VPN|Wireguard|Settings|Instances Create an instance with the following information: Enable Advanced Mode. Name: <Endpoint Name i.e. nl.vpn.airdns.org> Public Key: <Public Key as noted with step 1.4> Private Key: <PrivateKey under heading [Interface] of your generated WG Config> Listen Port: 1637 MTU: 1320 Tunnel Address: <Address including /32 under harding [Interface] of your generated WG Config> Peers: <select peer that you created with step 2.2> Disable routes: Enabled. Step 3. Make an exception on your WAN interface in OPNsense go to Firewall|Rules Select your WAN interface, mine is called WAN_PPPOE Create a Pass rule for IPv4/UDP port 1647 to your WAN-address. Step 4. Assign Wireguard Interface in OPNsense go to Interfaces|Assignments You'll find a "wg1(Wireguard - nl.vpn.airdns.org)" (or similiar) interface. bind it to an interface with a name of your choice. mine is called WAN_WG1 as is is the first site-to-site Wireguard tunnel on my WAN interface. Step 5. Create a gateway. Remember we disabled the routes for the WG instance configuration? Because of that we need to create a gateway. In OPNsense go to System|Gateways|Single Add a Gateway with the following information: Name: WAN_WG_GW Description: Interface WAN_WG1 Gateway Interface: Select WAN_WG1 as created in step 4. Address Family: IPv4 IP address: Dynamic (leave empty) Far Gateway: Enabled (this i am not sure of but for now i'm happy it works) Disable Gateway Monitoring: enabled Step 6. Aliases We set up some aliases. This will make it more easy to redirect some hosts or networks to the Wireguard tunnel. in OPNsense, go to Firewall|Aliases Create host entries for the specific hosts you'll redirect Create network entries for the specific network(s) you'll redirect. Create a Network Group Entry with the host and network entries to group them together. My alias is called networkgroup_wireguard Step 7. Create Outbound NAT for Wireguard. (In my setup, i use Manual Outbound Rule Generation because i like to have control) In OPNsense go to Firewall|NAT|Outbound Create a new Outbound NAT rule with the following information: Interface: WAN_WG1 TCP/IP version: IPv4 Protocol: Any Source Address: <alias networkgroup_wireguard from step 6> Translation /target WAN_WG1 address Description: Wireguard VPN Outbound NAT rule Step 8. Create Outbound Redirect rule. In this example we create 2 rules on our LAN interface, one for redirecting to WG, the other to prevent leaks. In OPNsense go to Firewall|Rules Select your LAN interface add an outbound Pass rule: Action: Pass Source: Networkgroup_wireguard Destination: Any (in my case i use an inverted network group called networkgroup_local where all my local vlans are grouped together) Gateway: WAN_WG1_GW (the gateway you created in step 5.) Add an outbound block rule below that: Action: Block Source: Networkgroup_wireguard Destination: Any Gateway: default Your WG VPN tunnel should now work. Test with https://ipleak.net The following steps are more advanced and i'm still finetuning/experimenting with the settings. your experience may vary. Step 9. Prevent VPN leakage I'm new to OPNsense and i am not sure what the default setting is, but from my pfSense experience i know the following setting is important when you want to make sure your VPN does not leak when for instance the tunnel is down. In OPNsense go to Firewall|Settings|Advanced Under "Gateway Monitoring" enable "Skip Rules when gateway is down" Step 10. MTU/MSS optimization For now i have set thte MTU according to the default setting of AirVPN. I want it to be higher but for now i'm just happy it works. My settings are as follows: In the properties of the WAN_WG1 interface i set the MTU to 1320 and the MSS to 1280. I created a normalize rule (Firewall|Settings|Normalization) with the following settings. this should enable me to clamp the MSS to 1280 for the wireguard group but leave the MSS to the desired setting (1452) as defined on my LAN interface for the rest of the hosts on my LAN; Interface: LAN Direction, Protocol: Any Source: networkgroup_wireguard Max MSS: 1280
-
3 pointsLots of slow, maxed out servers, lots with high packet loss. What is going on?
-
3 points
-
3 pointsHello! Please try the following procedure to quickly resolve the problem: run Eddie on Eddie's main window uncheck "Remember me" log your account out log your account in (you'll need to re-enter your AirVPN credentials) try again a connection Kind regards
-
3 points
Best settings for Wireguard speed in Australia?
Avsynthe and 2 others reacted to Andrew109 for a post in a topic
I would highly like it if AirVPN upgraded their servers to 10Gbps as quite often the NZ servers are very busy. No wonder why it is hard to get max speeds if they are this busy. I have sometimes seen them like 1800Mbps bandwidth throughput. Don't get me wrong, AirVPN is a good service, I just feel they need more Bandwidth in some locations like NZ because in NZ we have super fast Fibre connection speeds, some households have 1Gbps or more and that can easily use all bandwidth on the VPN server. -
3 points
VPN servers mostly blocked by Reddit
jazz adams and 2 others reacted to Mordo for a post in a topic
Looks like the old.reddit method doesn't work anymore but found a great solution if you're a ublock origin or adguard user. copy/paste of reddit comment so blocked users can see it. Go to your uBlock Origin / AdGuard filter settings page and add this custom filter (in uBlock Origin it's under the "My filters" tab): reddit.com#%#//scriptlet('set-cookie-reload', 'reddit_session', '0') This will automatically create the reddit_session cookie as described in the post above. You have to make sure that you are using the latest uBlock Origin or AdGuard extension, because the cookie filter syntax has only been added recently to uBlock Origin. (The above filter only works with uBO version 1.53.0 or higher) Here are some more techy details about the cookie filter: It will create a session cookie, which will only last until the browser is closed. (This is good because see 2. and 3.) You will not be able to log-in to reddit while the cookie is set. (Also applies to manual method in the original post) If you want to log-in to reddit, you will have to remove or comment out the custom filter, then close and re-open your browser. Doing this will clear the session cookie and prevent your adblocker from automatically creating the fake session cookie again. You can comment out custom filters by prefixing them with an exclamation mark, e. g.: !reddit.com#%#//scriptlet('set-cookie-reload', 'reddit_session', '0') The cookie value is set to '0', this is a limitation of the new cookie filter syntax. Can't make it empty as of now unfortunately. It works fine with the value set to '0' though. reddit comment -
3 points
ANSWERED Eddie-UI.exe using a lot of CPU
OpenSourcerer and 2 others reacted to matts9 for a post in a topic
I may have had similar issue as OP. For me the CPU usage of Eddie-UI.exe was in range od 0.5%-3% constantly (even when Eddie was hidden in the tray). Since Eddie is open-source and I'm a .NET engineer (I troubleshot a lot of app performance problems at work) I sat one Saturday afternoon and found that the issue was in the method call that gets network interfaces from system. The fix is a couple lines of code - store NetworkInterface objects in process memory (monitor for changes) and call GetIPv4Statistics() on them instead if creating new ones every time. I'm running with this custom Eddie build for over a year now without observing regressions and the CPU usage is stable at 0.0-0.1% in background After seeing this topic I re-tested with and without the patch on version 2.24.2. The results are visible on the screenshots. @Staff Feel free to test this patch [git apply file.patch] I'm using Windows - haven't tested other platforms BR network-interface-get-improvement.patch -
3 pointsHello! We inform you that the following servers are being withdrawn: Servers: 1+1 Gbit/s Alkes, Merope, Sabik (Los Angeles, California) Reason: not meeting our requirements anymore for hardware and lines. Replacement: yes, two 3+3 Gbit/s servers in San Jose (California), planned for January the 14th 2024 or earlier, on top of the new (already active) 10 Gbit/s server in Los Angeles (Saclateni). Servers: 1+1 Gbit/s Pollux (Jacksonville, Florida) Reason: not meeting our requirements anymore for hardware and line. Replacement: yes, one 3+3 Gbit/s servers in Raleigh (North Carolina, planned for January the 16th 2024 or earlier) + expansion in Miami planned for the near future. Kind regards and datalove AirVPN Staff
-
3 points
Pen register (connection logging) on AirVPN server Jan/Feb 2020
kbps and 2 others reacted to cccthats3cs for a post in a topic
I was digging around CourtListener RECAP - a free archive of US court cases containing some public court records from PACER that have been uploaded to it by CourtListener RECAP users - and decided to search for AirVPN. I found several hits in the case United States v. Klyushin (https://www.courtlistener.com/docket/61629108/united-states-v-klyushin/) and the very basic gist of this case is that Klyushin was convicted of hacking into a few financial firms to do insider trading. If you go to the CourtListener page linked above you can access all the PACER court documents that have been uploaded to RECAP. Just to clear up any misunderstandings these are all public federal court records that have been freely made available through RECAP. The most interesting of the documents from the case is #183 (https://www.courtlistener.com/docket/61629108/183/united-states-v-klyushin/) which is a transcript of day 4 of the jury trial. (PDF attached to this post.) Within this transcript it is stated: 1. IP address 185.228.19.147 (incorrectly said 288 here, but 228 elsewhere) belongs to DediPath, and was used by AirVPN (pg. 132). 2. A "pen register" or "trap and trace" was placed on this IP address which is a "caller ID of who is communicating with that IP address" (pg. 133). 3. The pen register was authorized by a federal judge (pg. 133). 4. The pen register was active on that IP address from January 28th, 2020, to February 23rd, 2020 (pg. 135). 5. The pen register records were from DediPath, the transcript does not state any involvement or knowledge by AirVPN (pg. 138). Document #217 (https://www.courtlistener.com/docket/61629108/217/united-states-v-klyushin/) is a transcript of day 9 of the jury trial. (Also attached to this post.) It provides confirmation of point 5 above and offers more detail on what the pen register captures: 1. The pen register was "sent to the company that hosted the destination IP" meaning DediPath directly (pg. 38). 2. The pen register captured headers only, meaning timestamps of packets, inbound and outbound, and directionality, but not any content of packets (pg. 38-39). This is quite interesting as I have seen this sort of tap hypothesized as something that could be used to log VPN servers, without the provider's knowledge (no matter what provider) - but up until now I was only aware that it was possible, not that it had actually been done. gov.uscourts.mad.232574.183.0.pdf gov.uscourts.mad.232574.217.0.pdf -
3 pointsHello! Thank you very much. Sabik, Merope and Alkes IP addresses are already located in Los Angeles, in the IANA / ARIN databases, so any geo-location database which reports otherwise is poorly maintained. However, we have decided (breaking news 🙂 ) that those servers will be withdrawn in early 2024 and replaced by more powerful hardware in the LA area (please follow the "News" forum in the next weeks). Kind regards
-
3 pointsHello! In 2019 we pushed a commit with a major new feature for OpenVPN3 library but it was refused by the maintainer (Arne Schwabe) for stylistic reasons. In the opinion of some of us it's their (OpenVPN3 maintainers) style to be ugly, but OK it's a matter of personal tastes so the text format and spacing was changed accordingly and a new commit was ready. The new commit was again refused, this time because the source code included tags mentioning the source code author "ProMIND". We couldn't fully understand why the author should not be mentioned in the source code itself, moreover the tags were useful for another purpose, but fine, all tags were removed and a new commit was ready. The new commit was again refused, this time because the identity of the source code author ProMIND was not certified. In general we do not disclose the identity of our employees and collaborators, much less force them to certify it with any third party, and leave to them the choice to disclose real identity and certify it. The request was strange and we asked for some clarification. It came out, even from other OpenVPN community members, that the requirement was related to a specific contractual agreement mentioned here: https://github.com/OpenVPN/openvpn3/blob/master/CLA.rst At that point we did not like the situation: please note that a new problem was mentioned only after each new commit was proposed, while it would have been fair that all problems were mentioned at the same time, obviously, since the very beginning. And we did not like anymore to allow OpenVPN Inc. to re-license under any new license our or ProMIND's code, which is under GPLv3, according to the mentioned contributor's agreement, specifically part II, (e) clause: "(e) I understand that OpenVPN Inc. may relicense this project, this contribution, and any modification to it under any license. [...]". Therefore we did not waste additional time on the matter and we went on with our fork without further ado. At this very moment we have no merging/commit plans. On a lighter tone, this thread dated 2019 is funny in the last part: https://airvpn.org/forums/topic/43850-openvpn-3-development/ because one of the AirVPN community moderators defended OpenVPN style and Schwabe refusals, and wrote: "If you had contributed to the Linux kernel like that, Linus would tear you to tiny bits." Ironically, after that message was written, Linus Torvalds examined OpenVPN code and he was horrified. Kind regards
-
3 pointsHello! Unfortunately we will not operate in Australia because of the infamous anti-encryption law, we're sorry, but yes, we are going to seriously consider more bandwidth in New Zealand. Kind regards
-
3 points
AirVPN Eddie client for tvOS 17+
spinmaster and 2 others reacted to go558a83nk for a post in a topic
Air doesn't even have an app for iOS for reasons so I think it's nearly impossible that they'll make an app for tvOS. -
3 points
Future of US AirVPN servers after Restrict ACT bill S. 686
ScanFarer and 2 others reacted to Staff for a post in a topic
Not only TikTok. For example the Bitcoin network can not be controlled so a transaction from an American citizen could potentially go to a citizen of a country that's "a menace" for the USA (definition of enemy and menace is discretionary, the used language seems fine tuned to allow scope enlargement at will without judiciary supervision). Since that's not controllable, we find it potentially possible that operators might be required to block "the Bitcoin network". What's worse, according to a preliminary interpretation of the text, if in some way (difficult but personal and house search, pre-selected through the usual monitoring performed by USA ISPs, can help...) it can be proved that a USA citizen has used some tool like Tor or VPN to access any of the blocked network / services etc., that citizen will be prosecuted: civil liability up to a million of dollars, and criminal behavior subjected to up to 20 years in jail - which, if we're not mistaken, is worse than in China, Russia, and various countries controlled by human rights hostile regimes. Kind regards -
3 pointsHello! Please see our previous reply in this thread and also the following one, where we explain more thoroughly our point of view and some facts: https://airvpn.org/forums/topic/50724-two-new-1-gbits-servers-available-us/?do=findComment&comment=216468 Just a brief addition: your above quoted sentence imply that protecting privacy in an agnostic network means supporting net abusers, which is an inadmissible and shameful idea that we strongly reject. This concept is one of the "moral" or "ethical" justifications to pervasive surveillance in virtually all countries controlled by human rights hostile regimes, and in a few "Western" countries too: since someone somewhere someday might commit a crime via the Internet, let's enforce blanket data retention and pervasive packet inspection for everyone, so Internet will be a "safe place" for the "law abiding, conforming" citizen. Your consideration has been and is the founding argument for power groups having the hidden agenda to expunge the right to privacy from the list of fundamental rights. Consider that one of the strictly necessary conditions for any dictatorship to survive is the effective suppression of the right to privacy. Kind regards
-
3 pointsHello! We have no plans to operate VPN servers in France (and in Italy) for the mandatory data retention framework still enforced in disdain of three different legally binding decisions of the CJEU (see below). France is in breach and Italy is too, but the Commission hesitates to open infraction procedures. Since the decisions pertain to the the preservation of a fundamental human right enshrined in the EU Charter of Fundamental Rights and in the European Convention on Human Rights, it does not seem inappropriate to consider that both France and Italy are committing one of the worst breaches a EU Member State can be guilty of. We might challenge with a casus belli the (il)legal framework in France, but we are already committed in other EU countries and we can't open potentially multiple legal battle fronts. The Court of Justice declares the Data Retention Directive to be invalid https://curia.europa.eu/jcms/upload/docs/application/pdf/2014-04/cp140054en.pdf The Members States may not impose a general obligation to retain data on providers of electronic communications services https://curia.europa.eu/jcms/upload/docs/application/pdf/2016-12/cp160145en.pdf The Court of Justice confirms that EU law precludes national legislation requiring a provider of electronic communications services to carry out the general and indiscriminate transmission or retention of traffic data and location data for the purpose of combating crime in general or of safeguarding national security https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-10/cp200123en.pdf Kind regards
-
3 points
eMule and AirVPN on Windows 10
LeMike and 2 others reacted to snelephant for a post in a topic
I discovered a simple quirk of setting up eMule (P2P) on Windows 10 that causes port forwarding to fail with AirVPN. This tip that may save others a lot of time. During setup eMule creates an inbound rule in Windows firewall that applies to private networks in scope. This makes sense if using eMule without a VPN. However, Windows treats the AirVPN as a public network. Consequently port forwarding with eMule and AirVPN will not work using the default inbound rule created during eMule setup. The solution is to edit the scope of the eMule inbound rule in Windows firewall to apply to both private and public profiles. The latter is the important one. This is simple to do: In Windows Firewall, right click on the inbound rule for eMule, select Properties, Advanced. Under Profiles check both Private and Public. I am not a security expert so feel free to chime in if this setting raises any concerns. This may also apply to earlier versions of Windows. -
3 points
ANSWERED AirVPN does not recognize ICANN authority anymore
asy287 and 2 others reacted to OpenSourcerer for a post in a topic
Not only the internet. They give themselves the right to invade any country in the world who doesn't play under their rules. -
3 points
ANSWERED AirVPN does not recognize ICANN authority anymore
Estar-Afilado and 2 others reacted to GMPSQ for a post in a topic
The United States is an enemy of the Internet. More and more our technology and communications are captured illegaly and stored for many years and then used against us in court. The government seems to sincerely believe that it owns the Internet and regulary hacks into foreign servers to retrieve data, seizes domain names, etc. and any citizen who can be considered a hacker under broad laws will be thrown in prison. My warning as a US citizen is to watch out, encrypt, keep everything secure, keep data offshore, and avoid any US-influenced entities such as ICANN. Thank you AirVPN for the great continued service. I've been using multiple VPN connections almost constantly for the past year everywhere and as far as I can see that will continue