Jump to content
Not connected, Your IP:


Popular Content

Showing content with the highest reputation since 04/11/20 in Posts

  1. 21 points

    AirVPN 10th birthday celebrations

    Hello! Today we're starting AirVPN tenth birthday celebrations! From a two servers service located in a single country providing a handful of Mbit/s, the baby has grown up to a wide infrastructure in 22 countries in three continents, providing now 240,000+ Mbit/s to tens of thousands of people around the world. In 2019 and 2020, software development enhancement has paid off: now AirVPN develops on its own an OpenVPN3 forked library which resolves various problems from the main branch and adds new features. The library is used in Hummingbird, a free and open source software for Linux and Mac, known for its speed and compactness, in Eddie Android edition and in a new software which will be announced in June. Hummingbird has been released even for ARM based Linux devices, and runs fine for example in Raspberry PI. Eddie Desktop edition has been extensively rewritten to improve performance, reliability and security. Now anything not related to the user interface is written in C++ and a lot of security hardening has been implemented. Total compatibility with macOS Catalina, Windows 10 and latest Linux distributions has been achieved, and specific packages for various, widespread Linux distributions are available for easier installation. Eddie can act as a GUI for Hummingbird in Linux and Mac, while in Windows, Eddie can also be easily configured to run OpenVPN 2.5 with the wintun driver to achieve remarkable OpenVPN performance boost and put Windows on par with other systems OpenVPN throughput ability. Furthermore, the wintun driver resolves various problems which affected TAP-Windows driver. Development for OpenBSD and FreeBSD has been unfortunately re-planned but we're glad to announce here that it will continue, starting from summer 2020. All AirVPN applications and libraries are free and open source software released under GPLv3. We think that it's somehow surprising that AirVPN not only survived, but even flourished for 10 years, in an increasingly competitive market and increasingly privacy hostile environment. No whistles and bells, no marketing fluff, no fake locations, no advertising on mainstream media, a transparent privacy policy, no trackers on the web site or in mobile applications, no bullshit of any kind in our infrastructure to sell your personal data to any personal data merchant, and above all a clear mission that is the very reason which AirVPN operates for https://airvpn.org/mission , are probably, all together, the factors which allowed such a small "miracle" and maybe make AirVPN unique. Thank you all, you users, customers, members of the community, moderators, developers: the small "miracle" happened because of you, because you saw something in AirVPN. Kind regards and datalove AirVPN Staff
  2. 17 points
    Hello! We're very glad to inform you that a new 10 Gbit/s server located in Zurich (CH) is available: Xuange. It's the first server we propose with a dedicated 10 Gbit/s line and port. As we have now circumvented several computing limits through load balancing and improved optimization, it's time to gradually test larger bandwidth. The AirVPN client will show automatically the new server. If you use any other OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other Air server, Xuange supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/Xuange Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team
  3. 10 points

    VPNs - Caught in Lying!?!

    @arteryshelby We do not log and/or inspect our customers' traffic. Since 2010 you can't produce any single case, and not even the slightest clue, in which the identity of an AirVPN customer has been disclosed through traffic log and/or inspection and/or any other invasive method. It means a lot, given that various younger VPN services have been caught lying (ascertained court cases) and that AirVPN is now the oldest still active VPN service, with the exception of a minor service which anyway changed ownership twice in the last 12 years. By the way we have never asked our customers to blindly believe in our words. We do not block Tor and we even integrate its usage in our software, so you can be even safer if you can't afford to trust us OR some datacenter. For example you can use Tor over OpenVPN, to hide Tor usage to your country and ISP, and at the same time hide your traffic real origin, destination, protocol etc. to us and the datacenter the server is connected into. Last but not least, we invest a lo of money in Tor infrastructure and in 2017, 2018 and 2019 more than 2.5% of global world Tor network traffic transited on Tor exit-nodes paid by AirVPN. It is an important achievement we're proud of, and it hints to good faith. Kind regards
  4. 8 points

    Black Friday Sale 2020

    Hello! We're very glad to inform you that the Black Friday week has just begun in AirVPN! Save up to 74% when compared to one month plan price Check all plans and discounts here: https://airvpn.org/buy If you're already our customer and you wish to jump aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day. AirVPN, one of the oldest and most experienced consumer VPN on the market, operating since 2010, does not inspect and/or log clients' traffic, offers five simultaneous connections per account, IPv6 full support, AES-GCM and ChaCha20 ciphers on all servers, Perfect Forward Secrecy with unique per-server 4096 bit Diffie-Hellman keys, active daemons load balancing for unmatched high performance and even more, exclusive features. AirVPN is the only VPN provider which is actively developing OpenVPN 3 library with a fork that's currently 91 commits ahead of OpenVPN master and adds key features and bug fixes for a much more comfortable and reliable experience: https://airvpn.org/forums/topic/44069-openvpn-3-development-by-airvpn/ AirVPN, in accordance with its mission, develops only free and open source software for many platforms, including Android, Linux (both x86 and ARM based systems), macOS and Windows. Kind regards & datalove AirVPN Staff
  5. 8 points
    Hello! We would like to inform you that we have made every effort to ensure AirVPN full and efficient operation during the pandemic caused by SARS-CoV-2. In order to reduce hazard and safeguard health, AirVPN staff and personnel work exclusively from home and worked from home well before the current situation appeared clearly as a pandemic Each member has a landline and one or more mobile lines, when possible in different infrastructures, to maximize likelihood to stay connected to the Internet 24/7 AirVPN system is more efficiently automated and basic functioning requires no manual interventions, even for several months (if kernel upgrades hadn't been necessary, we would have had servers uptime of 4 years or more) AirVPN inner staff members have now overlapping competences. Therefore if a key member, including a founder, is forced to stop working, the other ones can carry out his/her functions Emergency funds already secured in the past in different facilities as well as banks remain unaltered and ensure AirVPN financial health for a very long time even in very harsh scenarios. However, we would like to assure you that they are not needed at all currently, quite the contrary. In the last 10 days we have experienced a substantial increase in the growth of our customer base We have been informed by our most important partners and providers of housing and hosting in Europe, America and Asia they they are, and expect to, remain fully operational Kind regards AirVPN Staff
  6. 7 points
    Hello! We're very glad to inform you that a new 1 Gbit/s server located in Auckland (NZ) is available: Fawaris. We're also very pleased to be back in Oceania. The AirVPN client will show automatically the new server. If you use any other OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other Air server, Fawaris supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/Fawaris Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team
  7. 7 points

    CHACHA20-POLY1305 on all servers

    Hello! We're very glad to announce all VPN servers progressive upgrade to Data Channel CHACHA20-POLY1305 cipher and TLS 1.3 support. UPDATE 18-Nov-2020: upgrade has been completed successfully on all AirVPN servers. The upgrade requires restarting OpenVPN daemons and some other service. Users connected to servers will be disconnected and servers during upgrade will remain unavailable for two minutes approximately. In order to prevent massive, simultaneous disconnections, we have scheduled a progressive upgrade in 15 days, starting from tomorrow 5 Nov 2020. Please see the exact schedule at the bottom of this post, in the attached PDF file. Servers marked as "OK" have been already upgraded and you can use CHACHA20-POLY1305 with them right now. When should I use CHACHA20-POLY1305 cipher on OpenVPN Data Channel? In general, you should prefer CHACHA20 over AES on those systems which do not support AES-NI (AES New Instructions). CHACHA20 is computationally less onerous, but not less secure, than AES for CPUs that can't rely on AES New Instructions. If you have an AES-NI supporting CPU and system, on the contrary you should prefer AES for higher performance. How can I use CHACHA20-POLY1305 on AirVPN? CHACHA20-POLY1035 on Data Channel is supported by OpenVPN 2.5 or higher versions and OpenVPN3-AirVPN library. In Eddie Android edition, open "Settings" > "AirVPN" > "Encryption algorithm" and select CHACHA20-POLY1305. Eddie Android edition will then filter and connect to VPN servers supporting CHACHA20-POLY1305 and will use the cipher both on Control and Data channels. In our web site Configuration Generator, after you have ticked "Advanced Mode", you can pick OpenVPN version >=2.5, and also select "Prefer CHACHA20-POLY1305 cipher if available". If you're generating a configuration file for Hummingbird, select OpenVPN3-AirVPN: the configuration file needs to be different, because some new directives of OpenVPN 2.5 are not supported in OpenVPN3, and Hummingbird is based on OpenVPN3-AirVPN. In Eddie desktop edition, upgrade to 2.19.6 version first. Then select the above mentioned option. However, most desktop computers support AES-NI, so make sure to check first, because using CHACHA20-POLY1305 on such systems will cause performance harm when you go above 300 Mbit/s (if you stay below that performance, probably you will not notice any difference). Also note that if your system does not have OpenVPN 2.5 or higher version you will not be able to use CHACHA20-POLY1305. If you wish to manually edit your OpenVPN 2.5 profile to prefer CHACHA20 on Data Channel when available: delete directive cipher add the following directive: data-ciphers CHACHA20-POLY1305:AES-256-GCM Pending Upgrade Server Schedule Kind regards and datalove AirVPN Staff
  8. 7 points
    I have a reason to believe that M247 is falsifying a few of its server locations which it sells to VPN companies such as AirVPN. Disclaimer: I am not accusing AirVPN of participating in this falsification, I believe that AirVPN staff has the integrity and honesty to only purchase servers in locations they know are correct as advertised. My hypothesis is that AirVPN was merely duped into buying thse falsified locations because M247 claimed that they were real locations and AirVPN did not have any reason to suspect anything to the contrary. I noticed recently that the M247 "Phoenix" location seems to really be located in Los Angeles, M247 "Barcelona" location seems to really be in Madrid, and the M247 "Berlin" location seems to really be in Frankfurt. Traceroute shows identical routes between each of these false locations and the real location they are in, not to mention that neither Phoenix, Barcelona, or Berlin appear on M247's list of locations on their website Disclaimer 2: All of the data below is shown as it was generated, with the only thing being edited is the redaction of my ISP's traceroute hops for protection of my privacy. Exhibit A: "Phoenix" is really Los Angeles. Traceroute and ping to Indus , allegedly in M247 Phoenix Traceroute to Indus server traceroute to indus.airservers.org (, 30 hops max, 38 byte packets [Redacted my ISP's traceroute hops] 8 * * * 9 ae-5.r01.lsanca20.us.bb.gin.ntt.net ( 73.593 ms 68.449 ms 69.689 ms 10 ce-0-1-0-0.r01.lsanca20.us.ce.gin.ntt.net ( 66.818 ms 71.847 ms 72.087 ms 11 * irb-0.agg1.lax1.us.m247.com ( 89.481 ms et-0-0-49-0.agg1.lax1.us.m247.com ( 79.797 ms 12 vlan2921.as09.lax1.us.m247.com ( 123.200 ms 71.520 ms vlan2909.as09.lax1.us.m247.com ( 74.228 ms 13 * * * 14 * * * Traceroute from Indus to Google traceroute to google.com (, 30 hops max, 60 byte packets 1 ( 69.597 ms 69.603 ms 69.595 ms 2 vlan177.as09.lax1.us.m247.com ( 69.687 ms 69.711 ms 69.778 ms 3 irb-0.agg1.lax1.us.m247.com ( 633.031 ms 633.038 ms 633.034 ms 4 ( 69.490 ms 69.452 ms 69.546 ms 5 ( 69.661 ms te-4-3-0.bb1.lax1.us.m247.com ( 69.769 ms 69.821 ms 6 ( 69.615 ms ( 67.888 ms ( 68.754 ms 7 ( 67.871 ms ( 68.216 ms ( 68.221 ms 8 ( 68.254 ms ( 68.228 ms ( 68.243 ms 9 ( 68.818 ms ( 68.598 ms 68.843 ms 10 ( 68.806 ms ( 69.010 ms ( 76.905 ms 11 ( 76.921 ms ( 80.406 ms ( 75.588 ms 12 ( 81.965 ms ( 78.518 ms 80.377 ms 13 ( 75.650 ms 75.356 ms ( 77.960 ms 14 sfo03s07-in-f14.1e100.net ( 82.906 ms ( 77.106 ms sfo03s07-in-f110.1e100.net ( 103.936 ms Ping to Indus PING ( 56(84) bytes of data. 64 bytes from icmp_seq=1 ttl=57 time=69.5 ms 64 bytes from icmp_seq=2 ttl=57 time=68.8 ms 64 bytes from icmp_seq=3 ttl=57 time=69.1 ms 64 bytes from icmp_seq=4 ttl=57 time=68.0 ms 64 bytes from icmp_seq=5 ttl=57 time=69.3 ms 64 bytes from icmp_seq=6 ttl=57 time=68.5 ms 64 bytes from icmp_seq=7 ttl=57 time=70.0 ms 64 bytes from icmp_seq=8 ttl=57 time=69.2 ms 64 bytes from icmp_seq=9 ttl=57 time=69.7 ms 64 bytes from icmp_seq=10 ttl=57 time=68.1 ms Hmm, I wonder why all the M247 router hops are all labelled as "LAX1" for a "Phoenix" location??? Now we will compare this to Groombridge, a server in M247 Los Angeles Traceroute to Groombridge traceroute to groombridge.airservers.org (, 30 hops max, 38 byte packets [Redacted my ISP's traceroute hops] 7 * * * 8 ae-2.r25.lsanca07.us.bb.gin.ntt.net ( 74.561 ms 97.764 ms * 9 ae-5.r01.lsanca20.us.bb.gin.ntt.net ( 73.048 ms 70.967 ms 73.707 ms 10 ce-0-1-0-0.r01.lsanca20.us.ce.gin.ntt.net ( 65.112 ms 73.968 ms 71.939 ms 11 irb-0.agg1.lax1.us.m247.com ( 77.359 ms * * 12 vlan2926.as15.lax1.us.m247.com ( 75.003 ms 73.769 ms ( 67.763 ms 13 * * * 14 * * * Traceroute from Groombridge to YouTube traceroute to youtube.com (, 30 hops max, 60 byte packets 1 ( 71.514 ms 71.502 ms 71.493 ms 2 vlan170.as15.lax1.us.m247.com ( 71.810 ms 71.986 ms 72.005 ms 3 * * * 4 ( 75.969 ms te-1-2-0.bb1.nyc1.us.m247.com ( 76.140 ms ( 75.971 ms 5 ( 76.149 ms 76.154 ms te-4-3-0.bb1.lax1.us.m247.com ( 75.138 ms 6 ( 78.254 ms ( 73.797 ms 73.781 ms 7 ( 73.773 ms ( 73.975 ms ( 74.551 ms 8 ( 73.937 ms ( 74.759 ms ( 74.214 ms 9 * ( 74.196 ms ( 74.648 ms 10 ( 86.701 ms * ( 72.588 ms 11 ( 80.460 ms ( 81.648 ms ( 83.700 ms 12 ( 80.580 ms ( 79.787 ms ( 81.349 ms 13 ( 80.326 ms ( 81.308 ms ( 84.462 ms 14 ( 82.598 ms sfo07s16-in-f78.1e100.net ( 80.463 ms 81.950 ms Ping to Groombridge PING groombridge.airservers.org ( 56(84) bytes of data. 64 bytes from ( icmp_seq=1 ttl=57 time=68.8 ms 64 bytes from ( icmp_seq=2 ttl=57 time=68.8 ms 64 bytes from ( icmp_seq=3 ttl=57 time=68.9 ms 64 bytes from ( icmp_seq=4 ttl=57 time=68.0 ms 64 bytes from ( icmp_seq=5 ttl=57 time=70.4 ms 64 bytes from ( icmp_seq=6 ttl=57 time=69.0 ms 64 bytes from ( icmp_seq=7 ttl=57 time=70.4 ms 64 bytes from ( icmp_seq=8 ttl=57 time=67.6 ms 64 bytes from ( icmp_seq=9 ttl=57 time=68.3 ms 64 bytes from ( icmp_seq=10 ttl=57 time=68.0 ms Hmm, looks suspiciously similar to me... Routes are both the same, ping is near-equal Exhibit B: "Barcelona" is really Madrid Traceroute and ping to Eridanus, allegedly in Barcelona Traceroute to Eridanus traceroute to eridanus.airservers.org (, 30 hops max, 38 byte packets [Redacted my ISP's traceroute hops] 7 * * * 8 be2332.ccr32.bio02.atlas.cogentco.com ( 83.833 ms 82.655 ms 83.244 ms 9 be2325.ccr32.mad05.atlas.cogentco.com ( 86.389 ms 85.839 ms 86.422 ms 10 quantum-sistemas.demarc.cogentco.com ( 110.559 ms 171.268 ms 118.386 ms 11 * * * 12 * * * Traceroute from Eridanus to YouTube traceroute to youtube.com (, 30 hops max, 60 byte packets 1 ( 89.066 ms 89.077 ms 89.072 ms 2 * * * 3 xe-1-2-3-0.bb1.mad1.es.m247.com ( 89.002 ms 88.997 ms 88.992 ms 4 mad-b1-link.telia.net ( 89.157 ms 89.176 ms 89.172 ms 5 google-ic-314668-mad-b1.c.telia.net ( 89.168 ms 89.324 ms 89.328 ms 6 * * * 7 ( 92.637 ms ( 91.657 ms ( 91.548 ms 8 ( 92.059 ms ( 91.787 ms 144.397 ms 9 ( 91.930 ms muc03s14-in-f14.1e100.net ( 91.631 ms ( 91.934 ms Hmm, I wonder why M247's router hops in the "Barcelona" location are all labelled as "MAD1" Ping to Eridanus PING ( 56(84) bytes of data. 64 bytes from icmp_seq=1 ttl=56 time=89.4 ms 64 bytes from icmp_seq=2 ttl=56 time=85.9 ms 64 bytes from icmp_seq=3 ttl=56 time=84.9 ms 64 bytes from icmp_seq=4 ttl=56 time=85.5 ms 64 bytes from icmp_seq=5 ttl=56 time=86.4 ms 64 bytes from icmp_seq=6 ttl=56 time=85.0 ms 64 bytes from icmp_seq=7 ttl=56 time=85.3 ms 64 bytes from icmp_seq=8 ttl=56 time=87.1 ms 64 bytes from icmp_seq=9 ttl=56 time=85.8 ms 64 bytes from icmp_seq=10 ttl=56 time=85.3 ms Comparing this to Mekbuda, a server in Madrid M247 Traceroute to Mekbuda [Redacted my ISP's traceroute hops] 7 * * * 8 be2332.ccr32.bio02.atlas.cogentco.com ( 83.761 ms 82.333 ms 82.102 ms 9 be2325.ccr32.mad05.atlas.cogentco.com ( 86.121 ms 85.032 ms 86.308 ms 10 quantum-sistemas.demarc.cogentco.com ( 94.879 ms 87.337 ms 88.230 ms 11 * * * 12 * * * Route from Mekbuda to Youtube traceroute to youtube.com (, 30 hops max, 60 byte packets 1 ( 87.692 ms 87.693 ms 87.686 ms 2 vlan29.bb2.mad1.es.m247.com ( 87.696 ms 87.690 ms 87.750 ms 3 xe-1-1-0-0.bb1.mad1.es.m247.com ( 87.762 ms 87.758 ms 87.753 ms 4 mad-b1-link.telia.net ( 87.956 ms 88.558 ms 87.931 ms 5 google-ic-314668-mad-b1.c.telia.net ( 87.836 ms 87.992 ms 87.988 ms 6 * * * 7 mad41s04-in-f14.1e100.net ( 86.846 ms ( 98.934 ms 98.992 ms Ping to Mekbuda PING mekbuda.airservers.org ( 56(84) bytes of data. 64 bytes from ( icmp_seq=1 ttl=56 time=87.0 ms 64 bytes from ( icmp_seq=2 ttl=56 time=88.4 ms 64 bytes from ( icmp_seq=3 ttl=56 time=86.2 ms 64 bytes from ( icmp_seq=4 ttl=56 time=88.4 ms 64 bytes from ( icmp_seq=5 ttl=56 time=86.7 ms 64 bytes from ( icmp_seq=6 ttl=56 time=85.7 ms 64 bytes from ( icmp_seq=7 ttl=56 time=85.7 ms 64 bytes from ( icmp_seq=8 ttl=56 time=87.1 ms 64 bytes from ( icmp_seq=9 ttl=56 time=88.3 ms 64 bytes from ( icmp_seq=10 ttl=56 time=88.2 ms Once again, everything is near-identical, with only a slight difference in Youtube traceroute. Exhibit C: "Berlin" is really in Frankfurt First we will test ping and traceroute to Cujam, a Berlin M247 server Traceroute to Cujam [Redacted my ISP's traceroute hops] 6 * * * 7 ae-9.r20.londen12.uk.bb.gin.ntt.net ( 73.904 ms ae-11.r20.parsfr04.fr.bb.gin.ntt.net ( 78.812 ms 75.580 ms 8 ae-1.r21.londen12.uk.bb.gin.ntt.net ( 79.099 ms ae-2.r21.parsfr04.fr.bb.gin.ntt.net ( 85.715 ms ae-1.r21.londen12.uk.bb.gin.ntt.net ( 78.384 ms 9 ae-16.r20.frnkge13.de.bb.gin.ntt.net ( 91.553 ms ae-11.r21.frnkge13.de.bb.gin.ntt.net ( 91.521 ms ae-16.r20.frnkge13.de.bb.gin.ntt.net ( 94.728 ms 10 ae-0.a00.frnkge13.de.bb.gin.ntt.net ( 92.855 ms 89.619 ms 90.740 ms 11 ae-8-501.a00.frnkge13.de.ce.gin.ntt.net ( 91.869 ms 92.824 ms 93.136 ms 12 ( 90.856 ms vlan2945.agg2.fra4.de.m247.com ( 92.015 ms ( 89.007 ms 13 vlan2925.as03.fra4.de.m247.com ( 88.304 ms vlan2901.as03.fra4.de.m247.com ( 93.828 ms vlan2925.as03.fra4.de.m247.com ( 89.713 ms 14 * * * 15 * * * Traceroute from Cujam to YouTube 1 ( 89.968 ms 89.978 ms 89.972 ms 2 ( 90.041 ms 90.036 ms 90.134 ms 3 vlan2925.agg2.fra4.de.m247.com ( 89.915 ms 89.910 ms 89.905 ms 4 ( 90.078 ms ( 89.956 ms ( 90.199 ms 5 vlan2906.bb1.ams1.nl.m247.com ( 90.252 ms 90.009 ms ( 90.176 ms 6 ( 90.171 ms no-mans-land.m247.com ( 89.888 ms ( 89.597 ms 7 no-mans-land.m247.com ( 89.851 ms ( 89.962 ms ( 89.649 ms 8 ( 90.496 ms ( 89.578 ms ( 89.598 ms 9 ( 90.067 ms ( 90.020 ms ( 90.430 ms 10 * * ( 90.872 ms 11 ( 99.430 ms * ( 97.794 ms 12 ( 98.329 ms ( 97.997 ms 97.910 ms 13 ( 97.921 ms ( 98.316 ms ( 98.802 ms 14 ( 97.839 ms 98.060 ms 98.173 ms 15 ( 98.067 ms par10s27-in-f206.1e100.net ( 97.811 ms 98.150 ms Ping to Cujam PING cujam.airservers.org ( 56(84) bytes of data. 64 bytes from ( icmp_seq=1 ttl=53 time=90.3 ms 64 bytes from ( icmp_seq=2 ttl=53 time=91.8 ms 64 bytes from ( icmp_seq=3 ttl=53 time=91.7 ms 64 bytes from ( icmp_seq=4 ttl=53 time=92.5 ms 64 bytes from ( icmp_seq=5 ttl=53 time=91.3 ms 64 bytes from ( icmp_seq=6 ttl=53 time=92.1 ms 64 bytes from ( icmp_seq=7 ttl=53 time=90.5 ms 64 bytes from ( icmp_seq=8 ttl=53 time=91.3 ms 64 bytes from ( icmp_seq=9 ttl=53 time=90.0 ms 64 bytes from ( icmp_seq=10 ttl=53 time=92.1 ms I wonder why there's no mention of "Berlin" in the traceroute hops, instead says FRA4 for Frankfurt.... Next we will compare this to Mirfak, a M247 Frankfurt server Traceroute to Mirfak [Redacted my ISP's traceroute hops] 5 * * * 6 if-ae-66-8.tcore1.l78-london.as6453.net ( 93.049 ms if-ae-66-9.tcore1.l78-london.as6453.net ( 92.427 ms if-ae-66-8.tcore1.l78-london.as6453.net ( 92.662 ms 7 * if-ae-3-2.tcore1.pye-paris.as6453.net ( 94.296 ms * 8 * * if-ae-11-2.tcore1.pvu-paris.as6453.net ( 92.280 ms 9 * if-ae-49-2.tcore2.pvu-paris.as6453.net ( 91.508 ms * 10 if-ae-55-2.tcore1.fr0-frankfurt.as6453.net ( 100.752 ms 91.321 ms 92.308 ms 11 if-ae-55-2.tcore1.fr0-frankfurt.as6453.net ( 88.325 ms ( 96.137 ms 94.877 ms 12 vlan2946.agg1.fra4.de.m247.com ( 94.155 ms ( 93.367 ms ( 91.790 ms 13 vlan2917.as11.fra4.de.m247.com ( 101.641 ms vlan2945.agg2.fra4.de.m247.com ( 90.441 ms vlan2917.as11.fra4.de.m247.com ( 93.836 ms 14 * vlan2917.as11.fra4.de.m247.com ( 94.359 ms vlan2919.as11.fra4.de.m247.com ( 96.080 ms 15 * * * 16 * * * The only difference in this traceroute is that the traffic goes through TATA instead of NTT which the Cujam server goes through, but the destination for both is the same: M247 in Frankfurt Traceroute to YouTube from Mirfak traceroute to youtube.com (, 30 hops max, 60 byte packets 1 ( 96.778 ms 96.764 ms 96.774 ms 2 vlan27.as11.fra4.de.m247.com ( 97.067 ms 97.135 ms 97.329 ms 3 vlan2917.agg1.fra4.de.m247.com ( 96.705 ms 96.704 ms 96.699 ms 4 ( 97.120 ms ( 97.724 ms ( 97.107 ms 5 ( 96.833 ms 96.835 ms vlan2906.bb1.ams1.nl.m247.com ( 96.894 ms 6 no-mans-land.m247.com ( 97.037 ms ( 95.349 ms 95.494 ms 7 no-mans-land.m247.com ( 95.615 ms ( 98.342 ms ( 96.818 ms 8 ( 96.897 ms ( 97.534 ms ( 96.712 ms 9 ( 97.041 ms ( 97.279 ms ( 96.977 ms 10 * * * 11 ( 104.649 ms * * 12 ( 104.672 ms ( 116.455 ms ( 104.324 ms 13 ( 104.748 ms 104.733 ms ( 115.898 ms 14 ( 104.245 ms 104.183 ms ( 104.074 ms 15 ams16s29-in-f46.1e100.net ( 103.791 ms 103.813 ms 102.372 ms Ping to Mirfak PING mirfak.airservers.org ( 56(84) bytes of data. 64 bytes from ( icmp_seq=1 ttl=53 time=89.3 ms 64 bytes from ( icmp_seq=2 ttl=53 time=89.8 ms 64 bytes from ( icmp_seq=3 ttl=53 time=89.1 ms 64 bytes from ( icmp_seq=4 ttl=53 time=90.6 ms 64 bytes from ( icmp_seq=5 ttl=53 time=89.6 ms 64 bytes from ( icmp_seq=6 ttl=53 time=89.2 ms 64 bytes from ( icmp_seq=7 ttl=53 time=90.0 ms 64 bytes from ( icmp_seq=8 ttl=53 time=90.0 ms 64 bytes from ( icmp_seq=9 ttl=53 time=87.6 ms 64 bytes from ( icmp_seq=10 ttl=53 time=88.9 ms Again, everything is near-identical, suggesting that these Berlin, Phoenix, and Barcelona locations are just falsified geolocation information and nothing more. With near-identical traceroutes, and ping values that don't differ by more than 1-2ms , it is extremely unrealistic that these servers are in the locations they claim to be. If you think my data is wrong/inaccurate, then feel free to repeat my experiment yourself, you will find the same thing. I would like to reiterate that I believe that AirVPN has no part in this falsification and that they have no ill will, I think they were duped/deceived by M247 to believe that the Phoenix, Berlin and Barcelona locations are actually real physical locations M247 has their servers located in. I think after these findings, AirVPN should have a long discussion with M247 staff about this falsification that took place.
  9. 6 points
    Hello! We're very glad to inform you that a server located in Stockholm (SE) has been upgraded: Ain. Server is now connected to a 10 Gbit/s line and port, while the motherboard has been replaced with a more powerful CPU. IP addresses remain the same. You don't need to re-generate configuration files, even if you don't run our software. As usual the server includes load balancing between daemons to squeeze as much bandwidth as possible from the 10 Gbit/s line. The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other Air server, Ain supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/Ain Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team
  10. 6 points

    Spooky Halloween 2020 deals

    Hello! We reluctantly have to announce gloomy news to you all: Spooky Halloween Deals are now available in AirVPN... Save up to 74% on AirVPN longer plans (*) (*) When compared to 1 month plan price Check all plans and discounts here: https://airvpn.org/plans If you're already our customer and you wish to jump aboard for a longer period any additional plan will be added on top of already existing subscriptions and you will not lose any day. Every plan gives you all the features that made AirVPN a nightmare for snoopers and a scary service for competitors: active OpenVPN 3 open source development ChaCha20 cipher on OpenVPN Data Channel for higher performance and longer battery life on tablets and smart phones IPv6 support, including IPv6 over IPv4 configurable remote port forwarding refined load balancing to squeeze every last bit per second from VPN servers free and open source software for Android, Linux, Mac and Windows easy "Configuration Generator" web interface for access through third party software guaranteed minimum bandwidth allocation GDPR compliance and very high standards for privacy protection no log and/or inspection of clients' traffic effective traffic leaks prevention by AirVPN software Tor support via AirVPN software on Linux, Mac and Windows various cryptocurrencies accepted without any intermediary crystal clear, easy to read Privacy Notice and Terms https://airvpn.org/privacy No tricks, only treats! Grim regards & datathrills AirVPN Staff
  11. 6 points

    Wireguard plans

    @wireguard User "wireguard" is not an account with a valid AirVPN plan If you really wanted to show your support to AirVPN and prove that you are a customer, you would have written from an account with a valid plan. In reality, accounts like "wireguard" seem to be created with the only purpose to pump something and defame something else. From now on, write only from an account that has valid plan, to show that you are in good faith. Our plans about putting Wireguard into production in the near future have been published with a lot of details, albeit without a precise release date (and we have thoroughly explained why), so we will not write again for the nth time about them. About performance, please provide details as we do frequently. Currently we outperform Wireguard with our setup in AES-NI supporting systems, as you can see from our and our customers' tests, while Wireguard can outperform OpenVPN in CHACHA20 in non-AES-NI supporting systems. . When we put Wireguard into production, OpenVPN will stay, so investing in our own OpenVPN development is perfectly fine. Just a few reasons that make OpenVPN superior to Wireguard for many, different needs: it's faster than Wireguard in AES-NI supporting systems when it uses AES. Have a look here! it can be connected over stunnel, SSH, SOCKS5 and HTTP proxies, and Tor swiftly even for the above reason, for an ISP it's not so easy to block OpenVPN, while it's trivial to block Wireguard it supports TCP it supports dynamic IP address assignment it supports DNS push it does not hold in a file your real IP address when a connection is closed a significant part of our customers will not be able to use Wireguard effectively, simply because UDP is totally blocked in their countries or by their ISPs UDP blocking and heavy shaping are becoming more and more widespread among mobile ISPs, making Wireguard slower than OpenVPN in TCP even in mobile devices, or not working at all in mobility About Torvalds and Linux kernel, you only tell a part of the story. Wireguard was first put in some Linux kernel line when Wireguard was still in beta testing and no serious audit was performed, and not put in a kernel milestone release. A further note about battery draining you mentioned in one of your previous messages: our app Eddie Android edition and Wireguard, when used with the SAME bandwidth and the SAME cipher (CHACHA20-POLY1305), consume battery approximately in the same way, so that's yet another inessential point that does not support your arguments and show once more that our investments have been wise. Finally, let's spread a veil on your embarrassing considerations on ciphers, security, privacy and NSA. Let's underline only that CHACHA20.-POLY1305 is very strong, the cipher algorithm in itself (if implemented correctly) is not a Wireguard problem in any way. It would be a reason of deep concern if Wireguard needed OpenVPN defamation to convince us that it's a good software. Unfortunately various bogus accounts have been created with such assumption and purpose, and the hidden agenda is no more hidden. Kind regards
  12. 6 points
    Hello! We are very sorry to inform you that we are withdrawing all of our servers in Hong Kong. Because of the new legal framework allowing unlimited line wiretapping by Chinese entities without judicial overview, the painful decision is due and undelayable. Our presence in Asia will continue in Singapore and Japan, where our infrastructure is oversized, while we are considering expansion in other countries when both legal framework and infrastructure status of a country allow it. Kind regards & datalove AirVPN Staff
  13. 5 points
    Hello ! Introduction Welcome To AirVPN! This is a guide meant to help new people. Whether you're new to VPNs in general or just new to AirVPN. I've tried to keep it fairly short, by using bullet points & spoiler tags. This hopefully also makes it more readable and less scary. I think AirVPN is a FANTASTIC VPN and while I don't own or have any stake in AirVPN myself, I'm a huge supporter of it. However, it can be quite scary and confusing to use when you first get started, so hopefully my little guide willl help you! This guide also includes links to resources provided by Air and other users, but I don't mean to take credit for these things. So please feel free to scroll to the bottom of this guide! Index: Introduction First Questions Getting Started With AirVPN After Downloading The Eddie Client [includes Troubleshooting tips] AirVPN Guides Section [Look here to find guides about: Security/Torrenting/Port-forwarding/Plex/etc.] Other Noteworthy resources Credits Why I made this guide: AirVPN was said to be very technical and thus hard to use. But since it's such a quality VPN, I don't want that to always be the main bad side to this great service. Therefore, this guide is also a response to this problem, so that newcomers can hopefully feel less overwhelmed about the idea of the air to breathe the real Internet. The Air staff clearly put in a lot of work every day and are extremely knowledgeable people, from all that I've seen. It's just that for newcomers, it can be hard and overwhelming finding all the relevant pieces of information and it can easily be too technical, so I hope my little guide will also be useful in that regard. This is also why, I collect other people's guides and put them in this guide, so that they're easier to find. However, Thank you to AirVPN, Staff and the many knowledgeable members of this community who help out people like myself quite a lot, through their contributions to the site everyday :] Feel free to leave feedback on this guide, both good and bad, if you want to, because I'll happily read it ! First Questions Do I have to be really technical to use this VPN stuff? AirVPN is one of the more technical VPNs out there and this is pretty much its only major drawback, when it gets reviewed. However, it offers unmatched attention to security and privacy. Not all reviews are entirely accurate either, sadly. Which the AirVPN Staff haven't hesitated to remark on though. So in short: No. But if you're new to VPNs in general and not a tech-savvy user, you do have to accept that you might be confused in the start. But this forum is here to help :]. Due to all the marketing and sometimes paid reviews, it can be hard to find out which VPN to trust at all. This is without even getting to the technical features. Air tends to somewhat pride itself on not overselling things however and so on the face of it, AirVPN can seem like it's no match for other, apparently bigger VPNs, but AirVPN has a lot to offer if you take a look. Will I become totally anonymous or completely secure? Please be aware that when using AirVPN or any VPN, while signed in to things such as your e-mail or other online accounts, you might get incorrect notices of being hacked. You have not been hacked most likely, it's just that when services see you log in from several different IP addresses, they get suspicious. Simply keep calm and investigate the issue. No, definitely not. But in terms of steps you can take to reach very high levels of privacy and security, this is one of the best steps you can take. Privacy and security are hard things. To achieve even higher levels involves sorting out things like your operating system, browser, various habits and using networks like Tor, in addition to a VPN like this. Security is hard. It's rarely, if ever, just a one-off solution. Often, security is as much a process, as it is about a single good product, like this VPN. However. just because a VPN doesn't do everything, it doesn't mean it's useless. A lot depends on what you're trying to do/achieve and who your "enemies" are. Yet it should be said, that AirVPN is quite extreme about security. For Air, it's "all or nothing" in many ways. AirVPN is so focused about security, that they even fix issues before they're published! However, VPNs and others technologies are becoming more and more important, as new spy laws like the UK Snoopers Charter & US Rule 41 Amendment crop up. Please check the question "What does AirVPN do to make it safe to use and does it log or track people?" further down, for more details. VPNs A & B have features X & Y, how does AirVPN compare? For this, check out the forum made specifically for that. It's often the case that features from other VPNs are either already included in AirVPN, aren't included because they're unsafe or just aren't as good as they sound. For instance, a rival VPN might say "We offer PPTP and many other secure protocols!", while Air doesn't, because Air knows PPTP is unsafe. Or they might say they offer a "multi-hop" VPN, which may or may not be useful, according to AirVPN Staff. Support for the protocol known as IKEv2 is another example of where Air doesn't support something, but has good reasons for not doing so. As a final example, you will sometimes see competitors speak of their super-secret "camouflage", "4Dstealth" or "hidden" protocols or servers. This is just marketing for gullible customers . But such aforementioned marketing can greatly confuse efforts to compare Airs product with the competitors. So if in doubt, ask the competitor who is offering "stealth"-something, what it is. If I use AirVPN, will I be able to use service XYZ with it? Please be aware that when using AirVPN or any VPN, while signed in to things such as your e-mail or other online accounts, you might get incorrect notices of being hacked. You have not been hacked most likely, it's just that when services see you log in from several different IP addresses, they get suspicious. Simply keep calm and investigate the issue. Please also be aware that it is NOT the main purpose of AirVPN to get access to geo-restricted content because it's a losing battle and Air cannot control how companies such as the BBC and Netflix act. Being able to get access to a site, generally depends on which service you want and which country it's in. AirVPN doesn't have servers in every country. In general, you can get access to everything. Although services like BBC iPlayer and Netflix actively try to block VPNs. Even services as normal as payment processors, such as PayPal don't always make things easy. This means it's not always possible for a VPN provider to do anything about it. But we do have forums to discuss and notify AirVPN on, so that AirVPN can try to solve it as best as it can. But before you post in that forum, make sure to Read This First, as it might help you & will make your posts more helpful to others. AirVPN has a very useful tool called the Route Checking tool. It allows you to test access to a website from ALL AirVPN servers. Just put in a full link in the search field and click the search button. Then press F5 or hit the refresh button in your browser. Green results usually mean there's access; red results mean the opposite. This is useful for seeing if it's only you who has a problem or only the server you're on. As well as which servers don't have a problem, so that you can switch to using those ones instead. It's most important that it's green in the "HTTP" column. There's many different HTTP Codes, so here's a list. VPNs generally slow down your connection a little. But AirVPN is so good that it's still possible to play Multiplayer games through it, without your connection slowing down too much, in my own experience. What does AirVPN do to make it safe to use and does it log or track people? AirVPN isn't just safe because it promises to be so in its marketing. Instead, it backs things up with hard technical specifications and high standards, that you can verify yourself. AirVPN is logless and can't be forced to log surreptitiously, fully supports P2P on all servers & as per #5 ignores all DMCA requests. Remotely-forwarded ports aren't logged either. Here's additional things Air does to increase its security and privacy: AirVPNs infrastructure conforms to a high degree of openness & transparency. This helps show that none of Airs locations are fake, but only bare-metal & lets users compare with one another. AirVPNs encryption standards are military grade and so for all intents and purposes unbreakable. It also only uses the most secure VPN protocol too: OpenVPN. No PPTP/SSTP/L2TP/IKEv2. AirVPN doesn't use any third party tracking on its website, such as Google Analytics or Social buttons, because they leak. Instead, it uses open-source analytics Matomo, which is closed loop. AirVPNs website meets the highest SSLabs security standards: A+. AirVPN takes its mission to fight censorship and manipulation of the Internet extremely seriously. This also means being highly willing to help out journalists and human-rights defenders. AirVPN only uses FOSS (Free and Open Source Software) in its Eddie client. Therefore the software running on your system is not a security "blackbox", but can be independently verified. AirVPNs Eddie client supports a wide selection of protocols. Including SSL and SSH. As well as anonymising services such as Tor; so that you can "partition trust" and need not trust AirVPN. AirVPN fully accepts crypto-currencies. Including to the point where it accepts Bitcoin directly. No middlemen. So if done right, you can use AirVPN with Air knowing nothing about you. AirVPN explains how it doesn't need to inspect or monitor traffic in order to check for breaches of ToS. AirVPN is against security through obscurity, including in its client software Eddie and so shows all the information it can; which leads some users to erroneously think there's logging going on. AirVPN has since then expanded on this point. AirVPN uses in-house support technicians and not outsourced third-party technicians and external packages such as Zendesk. So as with #3, it's closed-loop. No leakage. AirVPN has a strict location policy, so that it doesn't just set up servers in a new, potentially unsafe or questionable, location. One which can't supply the performance required, either. AirVPN has its own DNS servers and "killswitch" feature. With Network Lock on, any accidental loss of connection from Airs servers won't leak anything about you; including WebRTC. AirVPN is run by extremely knowledgeable technical people and not just businessmen. So they're easily able to both explain, defend and attack subjects on a purely technical level. AirVPN supports the auditing of some of the crucial security software that underlies different systems and also supports other projects/groups/services such as Tor, Edri and OpenNIC. AirVPN runs this forum, which can seem like a small thing, but it's actually really important, as it allows for the open sharing of knowledge, providing of technical support and mythbusting. AirVPN already acts as a "multi-hop" VPN and takes many other measures to increase security, such as separate entry & exit IPs, Perfect Forward Secrecy and HMAC SHA1. AirVPN has a strong focus on avoiding marketing fluff and overselling. Which means you know exactly what you're getting and don't need to deal with deceptive use of technical details. AirVPN is highly consistent with staying constantly on top of any security issue. AirVPN is based in Italy and is therefore within the EU. This has a range of other benefits too. That's 20+ ways in which Air has extremely high security "by default". All made nice and easy for you to use. If you want more, there's a simple 3 step guide for that. But seriously, there's always more you can do yourself. When will AirVPN add country or server XYZ? AirVPN Staff do not usually tell the community when a new country or server will be added. They simply add them. So it's easy to miss. The Eddie client will automatically show them. AirVPN frequently adds new countries/locations. This can be seen in the announcement forum, so please try to check this and the Eddie client (if you use it) before asking. Thank you. Requests for a specific location or addition to an existing one, are fine. But demands to know when something will happen, are futile, since AirVPN follows a strict location policy. The technical specifications regarding security/encryption for the Air servers that are used, can be found here. Further, those technologies and standards allows Air to pursue its Mission. Please remember that even if a country you want hasn't been added, you may still be able to get access to the web-content of that country, thanks to Airs micro-routing feature. Here's some old posts regarding different locations, so that you may not need to ask. Please note that some, such as Japan as of 2018 & Austria, were already added: Italian Servers? Japan/Korea Servers? [staff Comment] Russian Servers? Danish Servers? Middle-East/North African Servers? Indian Servers? Panama Servers? Australian/New Zealand Servers? Latvian Servers? French & Belgian Servers?[uPDATE: French Servers Momentarily Withdrawn] Austrian Servers? Central/South American Servers? AirVPN now allows 5 connections per account instead of 3, but is it possible to buy more connections? AirVPN has increased the limit from 3 to 5 connections. Thus it's unlikely to be possible to buy more connections at any point. But you can use a modified router if you still need more than 5. If you change your router firmware(software) to something like DD-WRT or Tomato for instance, you can make all devices on your Wi-Fi/Router go through AirVPN. However running a VPN on a router is quite hardwork for most routers. So you either need high-grade commercial ones or computers like the ZBOX Nano, converted into routers. That ZBOX Nano PC would be excellent for a VPN to run on, as the hardware is very good; even more than the commercial routers. Only savvy users should consider this. Who runs AirVPN & moderates the forums? The Staff account is the Official voice of AirVPN. Private messages cannot be sent to them. Clodo & pj are the most visible AirVPN employees. Clodo is the developer of AirVPNs "Eddie" client software, while pj is a co-founder of AirVPN. Community moderators: zhang888, giganerd and LZ1. Note that we are NOT AirVPN employees, have no access to Air infrastructure and do NOT speak for Air in an official way. Instead, zhang888, giganerd and LZ1 are a part of what the Air Staff call the Air "forum Staff". Note that member profiles can't be accessed by others by default, unless you add them as friends or they made their profile public. Air itself is based in Italy and so that's where their staff will be sourced from. What are some of the "Status" page functions for & how do I use AirVPNs "Micro-routing" feature? The first page you see when you go to the Status page, is an overview of Airs servers & service. Useful for seeing if any server is down or very busy, downloads and how many users there are. The Ping Matrix shows the latency between Air servers and if there's any (severe) packet loss somewhere. No packets = no connection. The Top Users page can help you verify if others are still getting good or bad performance, compared to yourself. The Checking Route page is for seeing if Air servers can or can't connect to a website you select. Unlike the Ping Matrix. There's also the special AirVPN "Micro-routing" service. To use it, simply make sure you connect to Airs servers & DNS. (Automatic when you use Airs Eddie client). Without the micro-routing, if you want to watch French TV for example, you would have to connect to a French server. But with micro-routing, you can connect to ANY Air server and still watch French TV, as long as the TV's website is on the "Website support" list. It's possible to make requests to get sites added to these lists. Anyway, this micro-routing is very very useful ! Because it means that EVEN IF Air takes all French servers offline for some reason, you will still be able to access French content! Is it free and if not, why should I pay for it? AirVPN is not free, but you can get a short trial if you ask nicely. The Trial has unlimited data and full speed. But you can only get a refund if you have used less than 5GB. Free services don't offer many of the very nice features which let you get around website/service blocks. But it can be hard to market these features to non-technical people, because they're not always easy to explain. Yet once you try them, you will appreciate them. AirVPN has quality servers & connections, as well as guarantees a certain speed, with no limits. So it's possible to play multiplayer games through it. Free services often have to exploit their users in order to survive. This is normally done by tracking you, possibly undermining your security and selling your data to 3rd parties. If a free service is leaking your data due to poor practices and technology by accident or selling it on purpose, what's the point in using it then? VPN means Virtual Private Network. Even if a free service doesn't exploit you, you still don't have the same level of security or assurances, because how would a free service pay for that? Real security is hard and costly. Would you rather go through 5 bad free services, risking your security and privacy or would you rather take your privacy and security seriously the first time, for a small fee? If you only need a VPN 1 time, then it's probably not worth it to use a paid service. But if you know you'll need it often, it's worth the investment. Air has a very cheap 3 day plan too though. Free services often have many limits. But AirVPN is logless, allows 5 devices per account, allows P2P and other protocols, has no data/bandwidth limits & very high security. So basically, you need to be able to Trust your provider, yet why would a free service be trustworthy? They don't owe you anything. But a paid one at least does - not that all paid services are great either though. Not all services on the web offer the same level of protection either, whether free or not. Many services, paid & unpaid, lie to you about where they have servers. Fake GeoIP addresses. Since AirVPN isn't free, is it possible to buy a Lifetime subscription, as with other VPNs? Does AirVPN hold sales at all? This question has received its own dedicated topic, so please click the link below All sales related questions are answered in this dedicated thread. Getting Started With AirVPN If you run into a problem with Airs software for some reason, then please make sure to check if there's an experimental version of the Eddie client you can download. Experimental versions aren't always available. How do I start using AirVPN? There's 3 simple steps: Create Account Choose a Plan Choose your setup Creating an account: You don't need a valid e-mail address. The site software, called IPB, just needs the field to be filled with something. Remember that password recovery will NOT work without a valid address. If you can, don't use something which uniquely identifies you. So even if you name your account ninja10834, that's still better than something about your real name, location or even interests. With this account, you can also post on the forums. However in the beginning, you won't be able to post on these forums immediately. This is because a moderator has to make sure that whatever you post, is both genuine and from a person. So when you click the "post" button, your own post will NOT show up immediately; so just be patient, when asking a question. After around 5-10 posts being accepted, your account will increase in level and you will be able to post things immediately, without any supervision. There's 2 names associated with your account. The first is your login name, which cannot be changed and can't be seen by others. You would need to make a new account, to change it. The second name is your forum display name. In my case, it's LZ1. This can be changed by you at any time, but only matters in the forum. NOTE: it's your login name you use for logging into the Eddie software, together with your login password. Choose a plan: At this stage, you pick both how you wish to pay and how much. It's possible to pay in currencies known as "cryptocurrencies". These cryptocurrencies, most famously Bitcoin, have a range of benefits when it comes to things like security and privacy, if used correctly. If you want to pay using a cryptocurrency, there's some guidance on what to do, further down, in the guides section. However if you're just starting out, it's fine if you just use your credit card or whatever method which suits you. It's also possible to ask for a short trial. You can also scroll back up to the "First Questions" section and look for the information on Air's sales, if you want to wait for a discount. After paying, you will be a "Premium User" and will be able to see how many days you have left of your subscription, at the top of the screen, when you're logged into your account. Choose your setup: AirVPN provides a mobile version of its Eddie app for Android. An iOS version is NOT available due to Apple's restrictive policies. This stage is pretty straightforward. Just make sure you select the right versions and hit Download. Your OS: Find out which Windows Operating System you're running or which GNU/Linux you're running. Mac users must use either Mavericks or something newer. Your Architecture: Most will be locked into 64-bit here, as 32-bit is outdated. Your Format: Windows users should select "Installer" & MacOS users select "PKG Package Installer". Ubuntu/Linux users pick according to distro; adding a PPA will enable auto-updates of Eddie. Your User Interface: Most people should pick Graphical UI. Unless you want to run some kind of headless install, as some technical users do. Then click the big blue Download button and follow regular installation procedures. Now you will be downloading the AirVPN software. DONE. No further reading is required from here. Just open Eddie and click "Connect to Recommended Server". Unless you need a guide for something or want to know some of the finer details. This software is called a "client". This "client" is called "Eddie", because that's what AirVPN calls it. So when you hear talk of "Eddie", it's referring to the software you downloaded. If you don't want to use Eddie for some reason, there's ways of getting around it. But for new and casual users, it's recommended that you use it. If normal Installer Formats create problems, you can sometimes fix them by using the portable formats. A portable download is also useful if you want to store Eddie on a USB stick. If the latest Stable or Experimental release doesn't work for you, then you can download an earlier version, by clicking the "Other versions" link under the blue download button. How and where do I manage my AirVPN settings? You do that in the Client Area Some of the most important things in this area include: Configuration Generator Ports Referrals Number 1 is where you automatically generate the files that your VPN needs to work (if you don't use the Eddie Client, such as if you use Android), after you tick some boxes. Number 2 allows you to tell the VPN which "ports" or "virtual doors" to open, which can speed up things such as your Bittorent client (qBittorent, uTorrent, Vuze, Transmission, etc.) Even though it looks confusing, the only thing you actually need to change, is putting the right number in the "Local Port" field. So if your torrent program uses port 7634 for instance, then you put 7634 into the "Local Port" field and simply click the green add button. Then a number will automatically be generated and put into the big white box at the top. All done. Number 3 shows you the link you can share with other people. If they buy an AirVPN plan, you get 20% of what they pay. Then you can use this money to pay for your own plan. What if I need help during the process? If you need help from Air, you can easily contact them. If you're wondering why AirVPN doesn't have "Livechat" or might take a little longer to reply than other providers, then this is why. However you can also just come to these forums. If you can't post yet, then you can read the various guides which exist. In the AirVPN program called Eddie, there's a tab called "logs", which lists various information about what's happening. You can copy this and post it on the forums so we can help. But when you post your logs, MAKE SURE you post them inside "spoiler tags". If you don't use spoiler tags, you will annoy and make things more difficult for everyone, including yourself. I've used untold numbers of spoilers in this guide, as an example. What are logs, where are they and how do I use spoiler tags? When the AirVPN Eddie software is running, it creates a list of what it is doing. What's connecting, when, where, if something went wrong and so on. A log of events. So when you ask for help on these forums, we will often ask about your logs, because without logs, we do NOT know what is happening, in your specific situation . If you open the AirVPN "Eddie" client software, you will see a "Logs" tab. On the top right-hand side of the window, the 2nd button from the top, lets you copy your logs quickly. After copying the logs from Eddie, paste them into your posts when you need help. Do so by typing the short codes necessary; which we call using "Spoiler tags". This makes it much more convenient for everyone; just like this question and answer, is inside a spoiler . Please try to do it, thank you! Is there anything in my AirVPN account I should change? Go to the top-right corner of the screen and click your account username. Then click "My Settngs" in the drop-down box. Under "Profile Privacy", you might wish to un-check the checkbox, if you want others to be able to view your profile when clicking your name. Under the "Notification Options" tab and then under the header "Topics & Posts", check the box which lets you auto-follow things you reply to. This is very useful. Because then you'll get a little notification in the top-right corner, every time someone replies to a thread you made. This makes getting help more convenient. It's also good for following what's happening in threads that you post in. Remember to check the boxes on the right-hand side, so that you can choose if you want to be notified via the forum or via E-mail . You can also enable notifications for when people "like" your posts, since that can be quite encouraging! Under "Profile Settings", you might be curious about who visited your profile. So you can make it show the last 5 visitors. Everything else such as signatures, allowing others to add you as a friend and so on, are up to you. Enjoy! Is there an Experimental or Beta version of the AirVPN Eddie Client I can try? If so, where is it and why would I want to try it? Note that whenever you download the Beta/Experimental Client, you'll always receive the latest one. You can check your version number after you open Eddie and go to its "About" page. There aren't always any Experimental clients to download and new clients are continuously released. So keep an eye on the announcement section, for Beta/Experimental clients. Just because a release is called the "Stable" version, it doesn't mean the Beta/Experimental client is "Unstable". However don't be surprised if you run into issues . You can find the Beta versions [if one is available] on the download page of your OS, under "Other versions": If for some reason an Eddie client doesn't work, try downloading a "portable" version on the OS download page, under "Format". Being Beta/Experimental, you might run into some bugs. However I use the latest all the time, with no problems really. For more information on what features are added and bugs taken away, go straight to the changelog The Beta/Experimental client often includes fixes for bugs which the "Stable" version of Eddie has, as well as various extra features and changes. This helps all platforms. For example, for Windows, a prior Beta release used WFP (Windows Filtering Platform), instead of Windows Firewall, which meant it became easier to use 3rd party security software. 3rd party security software, are things such as Comodo firewall or Avast anti-virus. Things which you install yourself. In addition, it also comes with the latest software updates "out-of-the-box", such as the latest TAP drivers and OpenVPN patches, so you don't have to update them yourself. It may enable some things by default, which a current Stable version requires you to change yourself (as explained in the next section of this guide). By using the Beta, you can also help AirVPN by providing feedback, which means Air can then make things even better . Each Beta release has its own feedback thread. Just remember to describe the problem, tell us which system you use (Linux/Windows/MacOS/etc.), the client version (Go to Eddie client "About" page) and some logs in spoilers! : D. Thanks! After Downloading The Eddie Client Please remember to share your Eddie logs and use spoiler tags, when you need help from the community. How to do so, is answered in the previous section, thank you! What's "Network Lock" & should I use it? Please be aware that using Network Lock with Tor can be contradictory to try. It's not currently planned for. Please also note that it's expected that Eddie turns off Network Lock, when Eddie is shut down. Network Lock in AirVPN, is what many other VPN providers normally call a "killswitch". So this is Airs own "killswitch". Network Lock (NL) is a way for the AirVPN software to force all of your computers network communications through the AirVPN service, so that nothing "leaks out" about your identity. For new users, I don't recommend using it too soon. I recommend waiting a few days and just getting comfortable with the day-to-day running of the software and then using it later. With NL on, your internet connection will stop entirely, if you lose connection to the Air servers. This is great for preventing information from leaking & is a feature, not a bug. Why is this important? Well, I don't want to name & shame other providers, but one poster showed that his last provider leaked his real IP address during server changes. This shouldn't happen. But with NL on, this won't happen to you, because changing servers in Eddie will mean disconnecting from server A to go to server B. Thus the connection is stopped first & then resumed. No leaks. But if you want maximum security right away and aren't afraid of small technical issues, you can start using it right away. It can always be changed back.. How can I test that AirVPN is hiding my IP and DNS addresses correctly? Turning on Network Lock in the Eddie client will protect you from WebRTC leaks. You can use AirVPNs own service called ipleak.net. Make sure it's .net and NOT .com. Since ipleak.net is run by Air, it has now received its own sub-forum, where you can ask questions, give suggestions and receive information on any changes made to ipleak. Un-configured, browsers like Mozilla Firefox and Google Chrome will "leak" (show) your real IP address through a technology called "WebRTC". To stop WebRTC, scroll to the bottom of the ipleak page and read the very short and simple instructions on how to fix it. It's not overly technical, don't worry. If you torrent files, there's also a torrent on the same website, which you can download in order to test which IP other torrenters would see if you torrented a real file. It's recommended you use Free & Open Source Software(FOSS). With this client, you can make it bind itself to whichever network adapter is using the VPN, which is convenient, so that it only torrents when using a VPN. I can recommend setting ipleak.net as your browser start page, so that every time you start your browser, you'll quickly be able to see if everything is working as intended. Eddie can't connect or is very slow, what can I do? If none of the below solutions work, then it's time to ask the forums or Air support. In BOTH cases, please supply your logs, as detailed before. Otherwise no one can help you. First, please make sure your client is updated to the latest Stable or Beta release. You can see your version number in Eddie>Top Left Corner Menu>About. Head to download page if not. Please try different protocols, at Eddie>Menu>Preferences>Protocols>Uncheck "Automatic">Select a protocol, such as SSL or TCP 443> Save>re-connect to an Air server. Please try connecting to not just different servers, but different countries too. Proximity to your location does not automatically mean better connections; due to routing technicalities. If you're an online gamer, you may benefit from changing the buffer sizes, as mentioned by Staff. If you're a Linux, MacOS or Windows user and webpages aren't loading fully or there's less than optimum speed, you can try the so-called "mssfix". If it's simply a problem with connecting to airvpn.org, then please try the alternate entry: airvpn.info - note that sometimes Air comes under attack from within and so you get an error page. If Eddie, such as in its Logs, says there's problems with route checking, please refer here for a solution. Note: disabling Preferences>DNS>Check Air DNS can be tried at the same time too. If you enabled Network Lock and can't connect to the web without Eddie turned on, then please disable Network Lock or reset your firewall and/or DNS, as shown in the two posts here. If torrenting speeds are slow, then please remember to port-forward and configure your torrent client correctly. For detailed guides on this, please go to the Guides Section below. For some ISPs, such as Virgin Media, please check the Guides Section below, for specific tutorials on how to optimize speeds. In some cases, especially if you run Air directly on your router, it's possible that your computer hardware isn't new enough to handle the encryption quickly enough. For Windows users, updating or downgrading the TAP adapter may work. But this shouldn't be tried as the first thing, as it's often not necessary now. For Windows users, you can try downloading a program called TCPOptimizer. Which other steps can I take to increase my privacy and security? Using AirVPN with Tor is a strong answer, among many other good ones. Here's a further explanation of how AirVPN & Tor work, when together. There's also many other ways to handle privacy and security on multiple fronts. If you're looking for a technical challenge, you can install pfSense on a very powerful computer, to make it act like a router, so that all devices connected to your Wi-Fi will be covered by the VPN. Why not just use an expensive commercial router? Because even expensive ones struggle to handle the protocol known as "OpenVPN" efficiently enough to give excellent performance. You can change the software & hardware you use & support the organisations which try to make things better; such as the FSF/EFF. If you're a geek or networking enthusiast, you can also check out things such as the Turris Omnia router, which offers very powerful hardware & software. AirVPN Guides Section Make sure to check the date of the posts you read below. Hope you like it ! Guides, How To's & Troubleshooting Amazon devices like the Fire Stick, Fire TV Cube and others can be used with Android Eddie without sideloading, according to Staff. Mini-guide by Staff on how to test if your connection is being shaped/throttled [How-To] Use AirVPN with Network Manager on Ubuntu/Mint [How-To] AirVPN via SSL/stunnel on Android 6/7/8 [How-To] fix Virgin Media Connection Drops/Bandwidth Issues Plex Server Guidance (Until someone makes an actual Plex guide) Paying with Bitcoin/Cryptocurrency Guidance. (Until someone makes an actual Cryptocurrency guide) Mini-guides On How To Improve Torrent Speeds Mini-guide On Torrenting With Tixati Client How To Autostart AirVPN As Root With No Password (Linux) Note: security risk & What Staff Says(OSX/MacOS) How To Setup The Eddie Client On Raspberry Pi 3 How To Port-Forward & Use A Torrent Client Guide To pfSense 2.3 For AirVPN Guide to pfSense 2.1 For AirVPN Firefox Extensions Guide Guide To Setting Up VPN For Torrenting On Windows Guide - What To Do When A Site Is Blocked AirVPN Forum Styleguide How To Improve Smartphone Security How To Block Non-VPN Traffic With Windows Firewall How To Connect To AirVPN With Your Fritz!box Router Using AirVPN Through Stunnel On Android Using AirVPN Over Tor Using AirVPN on iOS Check Your TAP Driver Version Explaining The Use Of AirVPN With Tor How To Configure A Synology Device For AirVPN AirVPN & iOS Other Noteworthy Resources Links Please be aware that AirVPN, unlike most, does NOT buy or otherwise use paid-for reviews. An alternative VPN client to Eddie, for Linux. Best VPNs 2016 & AirVPNs results Advanced Networking & Computing How To Break The Internet (Cory Doctorow) (Recommended Watch) Why the OpenVPN protocol that Air uses is good Guide to all things privacy Five Eyes Countries Schneier on Encryption CGP Grey explaining Encryption 10 Myths About VPNs (Ignore the self-advertising) (Recommended Read) The Eternal Value Of Privacy (Recommended Read) Credits Thank you to: AirVPN & Staff for their excellent service and explanations. inradius for his guide on how to use Air with Network Manager on Ubuntu/Mint Omninegro for his pertinent guide on extensions. The always crazily knowledgeable and helpful zhang888, whom I owe a lot to for all his work here. Thanks man. Omniferums excellent guide on securing Windows. pfSense_fans guide on how to use the excellent pfSense firewall software. The always very friendly and helpful giganerd! NaDre for his excellent torrenting guide. neolefort for his Synology guide. sheivoko's guide on using AirVPN through stunnel on Android bigbrosbitch for starting a guide on mobile security Zensen for his guide on how to autostart Eddie on Linux with Root sagarbehere for his nice guide on how to set up Eddie on a Raspberry Pi 3 rainmakerraw for his mini-guides on improving torrent speeds and how to torrent. lewisisonfire for his guide to fixing out Virgina Media-related issues and with nice pictures too. Khariz, giganerd and ~Daniel~ for their helpful posts. I hope the guide was of use! If you find any inaccuracies, feel free to tell me. I worked hours on this tiny guide, so I want it to be perfect haha. I hope your experience with AirVPN will be a good one! Mine certainly has been. If you have any questions, feel free to ask. Thank you for reading :] P.S. I consider myself pretty savvy, but I remember being confused when I got here. So I can only imagine how it is for less savvy individuals. P.P.S. I know it lacks images, but images do evil things to my spoilers, lol.
  14. 5 points
    Hello, last year I had written a wrapper for Eddie's CLI version (in bash) to be able to use it more easily and extensively in the linux command line like the GUI, but with less resources. I have used it since then every day without problems, but now I have finally gotten to overhaul it and adjust it to Hummingbird because it is just so much faster! I also tried to make it more easy to configure (by having a separate configuration file) and added some new functionality like support (and automatic recognition) of iptables and nftables to lock down the system even without being connected to AirVPN and automatic connection at boot with a systemd unit. Again, feel free to use this as you wish, I hope someone can benefit from this. I'm happy about any improvements and corrections and will update this if I find the time. Features graphical interface in the command line to connect to AirVPN with Hummingbird (no Eddie involved) runs in background, the interface can be closed/opened anytime without affecting the running connection possibility to connect to any server with just one ovpn configuration file easily connect to a random server, to a recommended server, to the recommended server of a specific country or to a specific server sortable list of all servers including info like used bandwidth, load and number of users possibility to connect to other VPNs with openconnect lock down system by default (permanently if you want), so even without AirVPN/Hummingbird running there won't be any unwanted network traffic automatically establish connection at boot (which can later be controlled via the interface) logging of Hummingbird's output (number of days to keep logs for can be adjusted) system notifications to let you know what happens in the background Some general notes The default network lock determines, like Hummingbird itself, if iptables, iptables-legacy or nftables is available on your system and will use the first one found in that list. You can overwrite that by specifying which one to use in the configuration file. Once activated, the lock will stay in place until manually deactivated, so no internet connection will be possible unless connected to AirVPN or other whitelisted VPNs. You can make the lock permanent (or rather activate at boot) by enabling that option in the configuration file. AirVPN's network lock overwrites the default network lock, so there will be no interference. IMPORTANT: If you have any frontend firewall for iptables/nftables running, you might to disable that or read up on how it might interfere with rule changes you make directly via iptables/nft. The same thing applies if you use just Hummingbird itself. If you enable the default permanent network lock, it will write the lock rules at boot, most likely overwriting rules by firewalld or the like, but other enabled firewalls might interfere later. Also important: If you have SELinux and you want to use nftables for Hummingbird starting at boot, you have to create a SELinux exception for nft bcause otherwise it will be denied and Hummingbird starts without setting up its own lock, thus leaving you unprotected (AirVPN staff is aware of this issue). You can do that with audit2allow. Follow for example this guide to troubleshoot the problem and fix it with the solution given by sealert. Check your /etc/resolv.conf file while not running Hummingbird (because Hummingbird's network lock replaces that file temporarily) to make sure your router is not set as a nameserver (so no 192.168... address). Some routers will push themselves on that list by DHCP whenever you connect to their network. Since communication with the router is allowed in the lock rules, DNS requests will be handled by the router and sent to whatever DNS server is configured there even when network traffic should be blocked. There are ways to prevent that file from being changed by DHCP, best configure network manager for that if you use it. To connect to other VPNs, their IPs must be whitelisted and DNS requests for their domains must be allowed in the default network lock rules (netfilter_ipbatles.rulesipv4/ipv6 and/or netfilter_nftables.rules). Only edit those files with the default network lock deactivated. The rules for airvpn.org can be copied and adjusted. You can set custom options for Hummingbird in the interface or the configuration file. All the possible options can be found in the Hummingbird manual or with sudo hummingbird --help Apart from dialog I tried to only use basic system tools. The scripts will check if everything needed is present, if not they will exit. At least bash 4 is needed. The scripts rely mostly on dialog, awk and curl (and iptables/nft as described and openconnect if needed), so it should work on most systems. I wrote and tested this on Fedora 32 with Hummingbird 1.0.3. It should be possible to use any ovpn config file generated by the AirVPN's config generator. Even with the file for one specific server it should be possible to connect to any other server because the server override function is used here. I haven't tested that extensively though and just use the config file for earth. AirVPN's API seems to be a little unreliable sometimes as in not correctly reporting the connection status. Sometimes the API reports me not being connected although I am connected to an AirVPN server. This is no big deal, it just means that the connection status sometimes may be shown falsely as disconnected. If you have the default network lock activated, no traffic would be possible if you were actually disconnected. And, lastly, VERY IMPORTANT: I am still no programmer and do this only on this on the side, so even though I tried my best to make these scripts secure and error free, there might very well be some bad practice, never-ever-do-this mistakes or other hiccups in there. It works very well for me (and has for quite a while by now), but better check it yourself. UPDATE As of 2020/08/29 this project including updates, changelog and further instructions is publicly available on GitLab. There it can be more easily examined, downloaded and updated. Thus I have removed the scripts, installation instructions and the archive with all the files from this post. Check out the GitLab project for the newest version.
  15. 4 points

    Eddie Desktop 2.19.7 released

    Hello! We're very glad to inform you that a new stable release of Eddie is now available for Linux (various ARM based architectures included), Mac, Windows. Eddie is a free and open source (GPLv3) OpenVPN GUI and CLI by AirVPN with many additional features such as: traffic leaks prevention via packet filtering rules DNS handling optional connections over Tor or a generic proxy customizable events traffic splitting on a destination IP address or host name basis complete and swift integration with AirVPN infrastructure white and black lists of VPN servers ability to support IPv4, IPv6 and IPv6 over IPv4 What's new in Eddie 2.19.7 enhanced wintun support in Windows, resolving TAP driver adapter issues and boosting performance Hummingbird 1.1.1 support in Linux and macOS for increased performance (up to 100% boost in macOS i7 systems when compared against OpenVPN 2) portable version for macOS which does not require Mono package installation nftables support by Network Lock in Linux via nft new aarch64 support through a Raspberry OS 64 bit beta specific build improved IPv6 support many bug fixes Eddie GUI and CLI now run with normal user privileges, while only a "backend" binary, which communicates with the user interface with authentication, gains root/administrator privileges, with important security safeguards in place: stricter parsing is enforced before passing a profile to OpenVPN in order to block insecure OpenVPN directives external system binaries which need superuser privileges (examples: openvpn, iptables, hummingbird) will not be launched if they do not belong to a superuser Eddie events are no more run with superuser privileges: instead of trusting blindly user's responsibility and care when dealing with events, now the user is required to explicitly operate to run something with high privileges, if necessary Backend binary is written in C++ on all systems (Windows included), making the whole application faster. Settings, certificates and keys of your account stored on your mass storage can optionally be encrypted on all systems either with a Master Password or in a system key-chain if available. Eddie 2.19.7 can be downloaded here: https://airvpn.org/linux - Linux version https://airvpn.org/macos - Mac version https://airvpn.org/windows - Windows version Eddie is free and open source software released under GPLv3. Source code is available on GitHub: https://github.com/AirVPN/Eddie Complete changelog can be found here. Kind regards & datalove AirVPN Staff
  16. 4 points

    Wireguard plans

    @Flx The first message was approved by some moderator in the wrong thread, not a big deal. Then we moved the message on its own thread, this one. Then user "wireguard" posted more messages which were all approved by some moderator. @Brainbleach Of course. We were replying to "wireguard" who invites surreptitiously to punish AirVPN because AirVPN uses and develops actively OpenVPN: "Needless to say, investing in AirVPN means investing in OpenVPN, and that's not acceptable to me at this point," . He/she also kept claiming that "it's time to retire OpenVPN" (sic), that OpenVPN is a "truly disgusting hack" (sic) and so on,. showing his/her embarrassing ignorance and lack of good faith. Nothing to do with your messages. Funny how bogus account writers are so eager to become from time to time AirVPN software lead developers, general managers for AirVPN strategies, marketing directors and more. 😀 We wanted to prove beyond any reasonable doubt that his/her claim are unreasonable and based on wrong assumptions and terrible omissions, showing how Wireguard can not replace OpenVPN for a significant percentage of our customers and how our OpenVPN development has been beneficial for many users around the world. That said, we claimed that Wireguard needed to be developed and tested further years ago, so at the time our claim was totally reasonable. We also claimed years ago that the problem was not with CHACHA20 which to the best of nowadays knowledge is a very robust and secure cipher. Now the problems are different because Wireguard is asked to offer something which it was not designed for, i.e. providing some kind of anonymity layer. Such problems include lack of DNS push, lack of dynamic IP address assignment (with subsequent problems with client key-private address static correspondence, a very tough legal problem for us but above all for our customers), need of keeping client real IP address stored in a file. We have resolved them one by one with external software and internal work around. Once the problems are resolved in a robust way, which means testing thoroughly the adopted work-around, we can offer Wireguard, not earlier. Kind regards
  17. 4 points

    New 1 Gbit/s server available (AT)

    Hello! We're very glad to inform you that a new 1 Gbit/s server located in Vienna (AT) is available: Beemim. The AirVPN client will show automatically the new server; if you use any other OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other "second generation" Air server, Beemim supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/Beemim/ Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team
  18. 3 points

    Hummingbird 1.1.0 released

    Hello! We're very glad to inform you that we have just released Hummingbird 1.1.0, featuring: both SystemV-style init and systemd support for Linux update to the latest OpenVPN3-AirVPN and asio libraries Hummingbird is AirVPN's free and open source OpenVPN 3 client based on AirVPN's OpenVPN 3 library fork. Hummingbird is available for: Linux x86-64 (reasonably recent distribution on par with Debian 9 libraries and kernel is required) Linux ARM 32 (example: Raspbian for Raspberry Pi) Linux ARM 64 (example: Ubuntu 19 and 20 for Raspberry Pi) macOS (Mojave or higher version required - please read important notes for Mac users at the end of the announcement) Main features: Lightweight and stand alone binary No heavy framework required, no GUI Tiny RAM footprint Lightning fast Based on OpenVPN 3 library fork by AirVPN with tons of critical bug fixes from the main branch, new ciphers support and never seen before features ChaCha20-Poly1305 cipher support on both Control and Data Channel providing great performance boost on ARM, Raspberry PI and any Linux-based platform not supporting AES-NI. Note: ChaCha20 support for Android had been already implemented in our free and open source Eddie Android edition robust leaks prevention through Network Lock based either on iptables, nftables or pf through automatic detection proper handling of DNS push by VPN servers, working with resolv.conf as well as any operational mode of systemd-resolved additional features For a thorough Hummingbird overview please consult https://airvpn.org/hummingbird/readme/ Hummingbird 1.1.0 adds support to Linux systems based on SystemV-style init https://en.wikipedia.org/wiki/Init#SYSV too, while the previous versions supported Linux systemd based systems only. Therefore, we gladly achieve compatibility with 35 additional Linux distributions: https://distrowatch.com/search.php?ostype=All&category=All&origin=All&basedon=All&notbasedon=None&desktop=All&architecture=All&package=All&rolling=All&isosize=All&netinstall=All&language=All&defaultinit=SysV&status=Active#simple We think it's important to support Init Freedom: https://devuan.org/os/init-freedom because systemd is POSIX incompatible and because, as the UNIX Veteran Admin collective noticed in 2014 when they announced a Debian fork: This situation prospects a lock in systemd dependencies which is de-facto threatening freedom of development and has serious consequences for Debian, its upstream and its downstream. You can download Hummingbird for Linux (all flavors) and macOS respectively here: https://airvpn.org/linux and here: http://airvpn.org/macos Important notes for macOS users From now on we provide both a signed, code-hardened, notarized version and a non-notarized version of Hummingbird for macOS. The notarized version is available essentially for those users who prefer it, but it is not recommended. The notarized version will run without blocks by Apple's Gatekeeper, but will let Apple correlate your real IP address, Apple ID and other data potentially disclosing your identity to the fact that you run, and when you did it for the first time, an application by AirVPN. If that's not acceptable for you, just download the tarball package .tar.gz (it is NOT notarized and NOT signed with our Apple developer ID on purpose) and include it in the exceptions to run non-notarized programs. In the future this could not be allowed anymore, but at the moment it is. For a more thorough explanations on important privacy issues caused by Apple and notarization please see for example here https://lapcatsoftware.com/articles/notarization-privacy.html and here https://lapcatsoftware.com/articles/catalina-executables.html Kind regards & datalove AirVPN Staff
  19. 3 points
    Hello! We're very glad to introduce a new software suite for Linux which is ready for public beta testing. The suite includes the well known Hummingbird software, updated to the latest OpenVPN AirVPN library, and introduces for the first time a D-Bus controlled, real daemon, Bluetit, as well as a command line client, Goldcrest, to interact with Bluetit. UPDATE 11-Dec-2020: version 1.0.0 Beta 3 has been released. UPDATE 23-Dec-2020: version 1.0.0 RC 1 has been released New architecture The client-daemon architecture we introduce for the first time in our software offers a more robust security model and provides system administrators with a fine-grained, very flexible access control. Bluetit is fully integrated with AirVPN. The daemon is accessed through a D-Bus interface by providing specific methods and interface in order to give full support to OpenVPN connection and AirVPN functionality, including - but not limited to - quick automatic connection to the best AirVPN server for any specific location as well as any AirVPN server or country. New OpenVPN 3 library features Starting from version 1.0 beta 2, Hummingbird and Bluetit are linked against a new version of our OpenVPN 3 library which supports directive data-ciphers: it can be used consistently with OpenVPN 2.5 syntax in OpenVPN profiles. The directive allows OpenVPN 3 based software to negotiate a common Data Channel cipher with the OpenVPN server,, updating therefore our library to ncp-like negotiation with OpenVPN 2 branch. Hummingbird and Bluetit are already linked against the new library version, while Eddie Android edition will be updated in the near future. The new library also includes a different handling of IV_CIPHERS variable, fixing OpenVPN main branch issues causing a plethora of problems with OpenVPN 2.5. The implementation, at the same time, takes care of full backward compatibility with OpenVPN versions older than 2.5. ncp-disable directive, which to date has never been implemented in the main branch, is still supported, in order to further enhance backward compatibility with both OpenVPN profiles and servers, as well as connection flexibility with servers running older than 2.5 OpenVPN versions. Please note that if you enforce a specific Data Channel cipher by means of Bluetit configuration file, Hummingbird line option, or Goldcrest configuration file and/or line option, the enforced Data Channel cipher will override data-ciphers profile directive. Changelog 3.6.6 AirVPN by ProMIND - [ProMIND] [2020/11/02] openvpn/ssl/proto.hpp: IV_CIPHERS is set to the overridden cipher only (both from client and/or OpenVPN profile) in order to properly work with OpenVPN 2.5 IV_CIPHERS specifications. The old method of cipher overriding by means of negotiable crypto parameters is still supported in order to maintain compatibility with OpenVPN < 2.5.0 - [ProMIND] [2020/11/24] added "data-ciphers" directive to profile config .ovpn files in order to comply to OpenVPN 2.5 negotiable data cipher specifications. In case "data-ciphers" is found in the .ovpn files IV_CIPHERS is assigned to the algorithms found in "data-ciphers". In this specific case, "cipher" directive is used as a fallback cipher and, if not already specified in "data-ciphers", is appended to IV_CIPHERS Coming soon When we get out of the beta testing, we plan to document Bluetit interface to let anyone write a custom client and talk with the daemon. Furthermore, Goldcrest will evolve in the near future and will include an ncurses based TUI which will be very comfortable when you don't want to rely on command line options while a new Bluetit client, based on Qt, will be developed in the future, for those who prefer a GUI. Notes on systemd-resolved Version 1.0.0 beta 2 and subsequent versions fix a serious issue on systemd based systems running concurrently systemd-resolved and network-manager, for example Fedora 33 in its default configuration. In Fedora 33 systemd-resolved comes pre-configured to work in "on-link" mode and network-manager works together with it. This very peculiar, Windows-like setup finally kills Linux global DNS handling, adding to it those so far missing DNS leaks which made every Windows user nightmares more colorful. Any Microsoft system lacking the very concept of global DNS is now emulated, for an outstanding 30 years back time travel.. However, Hummingbird and Bluetit take care of preventing the brand new DNS leaks potentially caused by such smart setup, giving back Fedora + VPN users more peaceful nights. Also note that systemd-resolved comes pre-configured with fallback DNS (Google DNS is a systemd-resolved default fallback DNS, smart choices pile up!) which will be queried if each interface DNS server fails some resolution. In such a case, if and only if you have Network Lock enabled DNS leaks will be prevented. Supported systems The suite is currently available for Linux x86-64, i686 (32 bit distributions), arm7l (for example Raspbian and other ARM 32 bit based systems) and aarch64 (ARM 64 bit). Please note that the source code will be published with the stable release as usual. The software will be licensed under GPLv3. Overview and main features AirVPN’s free and open source OpenVPN 3 suite based on AirVPN’s OpenVPN 3 library fork Version 1.0.0 Beta 2 - Relase date 27 November 2020 Bluetit: lightweight D-Bus controlled system daemon providing full connectivity to AirVPN servers and generic OpenVPN servers Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN servers Hummingbird: lightweight and standalone client for generic OpenVPN server connection Linux i686, x86-64, arm7l and arm64 (Raspberry) support Full integration with systemd, SysVStyle-init and chkconfig No heavy framework required, no GUI Tiny RAM footprint Lightning fast Based on OpenVPN 3 library fork by AirVPN version 3.6.6 with tons of critical bug fixes from the main branch, new cipher support and never seen before features ChaCha20-Poly1305 cipher support on both Control and Data Channel providing great performance boost on ARM, Raspberry PI and any Linux based platform not supporting AES-NI. Note: ChaCha20 support for Android had been already implemented in our free and open source Eddie Android edition Robust leaks prevention through Network Lock based either on iptables, nftables or pf through automatic detection Proper handling of DNS push by VPN servers, working with resolv.conf as well as any operational mode of systemd-resolved additional features Full documentation: README.md Download links: Linux x86-64: https://eddie.website/repository/AirVPN-Suite/1.0-RC1/AirVPN-Suite-x86_64-1.0.0-RC-1.tar.gz Linux x-86-64 sha512 check file: https://eddie.website/repository/AirVPN-Suite/1.0-RC1/AirVPN-Suite-x86_64-1.0.0-RC-1.tar.gz.sha512 Linux i686: https://eddie.website/repository/AirVPN-Suite/1.0-RC1/AirVPN-Suite-i686-1.0.0-RC-1.tar.gz Linux i686 sha512 check file: https://eddie.website/repository/AirVPN-Suite/1.0-RC1/AirVPN-Suite-i686-1.0.0-RC-1.tar.gz.sha512 Linux arm7l: https://eddie.website/repository/AirVPN-Suite/1.0-RC1/AirVPN-Suite-armv7l-1.0.0-RC-1.tar.gz Linux arm7l sha512 check file: https://eddie.website/repository/AirVPN-Suite/1.0-RC1/AirVPN-Suite-armv7l-1.0.0-RC-1.tar.gz.sha512 Linux aarch64: https://eddie.website/repository/AirVPN-Suite/1.0-RC1/AirVPN-Suite-aarch64-1.0.0-RC-1.tar.gz Linux aarch64 sha512 check file: https://eddie.website/repository/AirVPN-Suite/1.0-RC1/AirVPN-Suite-aarch64-1.0.0-RC-1.tar.gz.sha512 Please report bugs and any problem in this thread, thank you! Kind regards AirVPN Staff
  20. 3 points

    Apple Silicon version?

    Hello! Sure, porting our software to ARM based Mac machines is an option we are seriously considering because during 2021 (and maybe 2022) Mac Apple will abandon development of x86-64 based computers completely. Stay tuned. Kind regards
  21. 3 points

    How to use wintun driver in Windows

    IMPORTANT: This guide does not apply to Eddie 2.19.5 and higher versions. Procedure is now simple and automated. Starting from Eddie 2.19.5, wintun driver support can be achieved simply by ticking "Use wintun driver" in Eddie "Preferences" > "Advanced" window. OpenVPN 2.5 or higher version is required. If you run Eddie 2.19.5 or higher versions you can ignore this guide. Hello! Although wintun driver is not yet in stable form, it already resolves many issues caused by the TAP-Windows driver, including the infamous bandwidth bottleneck which has always plagued Windows tun/tap virtual network interface. Dramatic performance boost has been observed multiple times on various Windows systems. If you have problems with TAP driver installation or you experience poor performance, or you have stability issues, or sometimes your tun/tap interface mysteriously does not come up and requires a reset, consider to drop the TAP-Windows driver and migrate to wintun driver. Starting from OpenVPN 2.5 tech preview, OpenVPN can use the wintun driver. Here you can find all the instructions as well as integrating OpenVPN 2.5 with wintun and Eddie Windows edition, AirVPN free and open source software for Windows. wintun driver is only for Windows. Other systems do not need it at all. Please make sure that no antivirus or packet filtering tool interfere. 1) Install OpenVPN 2.5 tech preview with wintun driver. https://build.openvpn.net/downloads/snapshots/openvpn-install-2.5_git-I607-Win10.exe (Windows 10) Please make sure that the installer installs the wintun driver too. 2) Configure Eddie to run the new OpenVPN you have installed: from Eddie's main window select "Preferences" > "Advanced" in "OpenVPN custom path" select the proper OpenVPN binary file you have installed in point 1, through the file requester (by default and assuming that your HDD is C, it will be C:/Program Files/openvpn/bin/openvpn.exe) click "Save" 3) Configure Eddie to send a directive to OpenVPN to use the wintun driver: select "Preferences" > "OVPN Directives" from Eddie's main window in the directives field enter the following line: windows-driver wintun press ENTER at the end of the line click "Save" Kind regards
  22. 3 points
    Oh wow... . 2020.11.04 21:00:21 - OpenVPN > open_tun . 2020.11.04 21:00:21 - OpenVPN > wintun device [Local Area Connection] opened It worked ! First time ever on my computer. --- Edit: Wrong thread, now I see the other ones about Eddie 2.19.5, but... well, here it is, it works ! Microsoft Windows [Version 10.0.19042.572] ( aka 20H2 ), WinTUN driver installed and connection to AirVPN was blazing fast ! Typing this message through the VPN 😉
  23. 3 points

    Eddie Desktop 2.19beta released

    Version 2.19.5 (Wed, 04 Nov 2020 11:22:24 +0000) [bugfix] Minor bugfixes [bugfix] Occasionally wrong order in DNS restoring [change] OpenVPN 2.5.0 - Hummingbird 1.1.0 [change] Minor changes The primary objective of this version is OpenVPN 2.5.0. Other issues are still under investigation, thx. AUR (Arch repository) will be updated ASAP.
  24. 3 points
    Hey all! I ran into an issue the other day when setting up AirVPN where I found alot of the AirVPN IP's appear to be blocked by my ISP. In my quest to resolve this issue, I ended up creating a script that uses fping and dig to get all the IPs for a region, check that they work, and add those to your AirVPN configuration. I figured this script might be helpful to some, so I'd share it here. You can download it here: https://gist.github.com/zikeji/144247cb20793a5a7c65653e5f7c572b A simple one line to download it and set the executable bit: wget https://gist.githubusercontent.com/zikeji/144247cb20793a5a7c65653e5f7c572b/raw/a414cc4f6828904992f18e0a0bdecf6cf5e4f85c/airvpn_remotes.sh -q -O airvpn_remotes.sh && chmod +x airvpn_remotes.sh Warning: Remember, for your safety ALWAYS review a downloaded script before executing it! The command's help output: airvpn_remotes.sh Description: Use dig and fping generate multiple remotes for an AirVPN config, replacing existing remote(s), and ignoring IPs that aren't responding. Remotes are placed in order of lowest ping to highest. Usage: airvpn_remotes.sh [--port=<int>] [--query=<fqdn>] [--ipv4] [--ipv6] [--remote-random] [--in-place] [input-file] airvpn_remotes.sh -h | --help Options: -h, --help Show this screen. -p <int>, --port=<fqdn> Override the port supplied on each remote line [default: 443]. -q <fqdn>, --query=<fqdn> Supply the DNS record you wish to query to use the IPs from [default: ca.all.vpn.airdns.org]. -s <ns>, --server=<ns> The name server you wish to query the records against [default: ns1.airvpn.org]. -c <int>, --count=<int> Change the amount of pings ran by fping for more accurate ping sorting [default: 4]. -4, --ipv4 Only query IPv4. -6, --ipv6 Only query IPv6. -r, --remote-random Add remote-random to the AirVPN config (this will cause OpenVPN to randomize the server order when connecting). -i<ext>, --in-place=<ext> Edit the file in place (makes backup if extension supplied), ignored if no input file is supplied. The first non-option argument is the name of the input file; if no input file is specified, then the standard input is read. All other non-option arguments after the first are ignored. You'll need to ensure dig and fping are installed on your distribution before you can use it. Additionally, if your system doesn't support IPv6 it'll only return IPv4 be default (because naturally pinging the IPv6 addresses will fail). And finally, I've only tested the script on Ubuntu 20.04, but hopefully you don't run into trouble. By default the script checks the DNS record AirVPN maintains for all of CA's servers. You can find out more about the records option here: https://airvpn.org/faq/servers_ip/ The help file should be pretty clear as to how to use the script, but I'll provide an example. I want to update my AirVPN.ovpn file with new remotes that'll be executed randomly and only include IPv4 remotes, and I want them from the Netherlands. Additionally, instead of connecting in order I want it to connect to a random server defined in the config. Since I use port 1194 instead of port 443, I also want each remote to use port 1194 instead of the default. I also want it to backup my original config before overwriting it. I would run: ./airvpn_remotes.sh -r4 -qnl.all.vpn.airdns.org -p1194 -iold AirVPN.ovpn Which would remove any lines from my AirVPN conf that are a remote or a remote-random and add the new remotes, sorted by lowest ping first (which is irrelevant because we're also adding remote-random). Hopefully this script might be useful for someone else as well!
  25. 3 points

    Hummingbird 1.0.3 released

    Hello! We're glad to inform you that Hummingbird 1.0.3 has just been released. Hummingbird is a free and open source software by AirVPN for: Linux x86-64 Linux ARM 32 (example: Raspbian for Raspberry Pi) Linux ARM 64 macOS (Mojave or higher version required) - please do not miss important notes on macOS below based on OpenVPN3-AirVPN 3.6.4 library supporting CHACHA20-POLY1305 cipher on OpenVPN Data Channel and Control Channel. Hummingbird is very fast and has a tiny RAM footprint. AES-CBC and AES-GCM are supported as well. Version 1.0.3 uses OpenVPN3-AirVPN 3.6.4 library which had major modifications: IPv6 compatibility has been improved override logic has been improved a critical bug related to a main branch regression for TCP connections has been fixed Important: if you build Hummingbird please make sure to align to AirVPN library 3.6.4. You can't build Hummigbird 1.0.3 with library versions older than 3.6.4. Hummingbird is not aimed to Android but you can have CHACHA20-POLY1305 on Android too: please run our software Eddie Android edition, which uses our OpenVPN3-AirVPN library. Important notes for macOS users From now on we provide both a notarized version and a non-notarized version of Hummingbird for macOS. The notarized version is available essentially for those users who required it, but it is not recommended. The notarized version will run without blocks by Apple's Gatekeeper, but will let Apple correlate your real IP address, Apple ID and other data potentially disclosing your identity to the fact that you run, and when you did it for the first time, an application by AirVPN. If that's not acceptable for you, just download the tarball package .tar.gz (it is NOT notarized and NOT signed with our Apple developer ID on purpose) and include it in the exceptions to run non-notarized programs. In the future that could be no more allowed, but at the moment it is. For a more thorough explanations on important privacy issues caused by Apple and notarization please see for example here https://lapcatsoftware.com/articles/notarization-privacy.html and here https://lapcatsoftware.com/articles/catalina-executables.html Notes for Linux users x86-64 version requires a reasonably recent distribution (at least on par with Debian 9 kernel and libraries) based on systemd. A version compatible with SysVInit is anyway planned armv7l version (32 bit) has been tested in Raspberry Pi 3 and 4 with Raspbian 10. It will not run in Raspbian 9 (libraries are too old) aarch64 version (for 64 bit ARM) has been tested in Raspberry Pi4 with Ubuntu 19 and Ubuntu 20 for ARM 64 bit TCP queue limit If you connect over TCP, Hummingbird will set by default a minimum TCP outgoing queue size of 512 packets to avoid TCP_OVERFLOW errors. If you need a larger queue in TCP, the following option is now available from command line, in addition to profile directive tcp-queue-limit: --tcp-queue-limit n where n is the amount of packets. Legal range is 1-65535. We strongly recommend you to allow at least 512 packets as queue limit (default value). Larger queues are necessary when you connect in TCP and need a lot of open connections with sustained (continuous) but not necessarily high throughput, for example if you run a BitTorrent software. In such cases you can enlarge the queue as much as you need, until you stop getting TCP_OVERFLOW. It's not uncommon from our community as well as our internal tests to set 4000 packets queue limit to prevent any TCP overflow. If you connect over UDP, you can ignore all of the above. Network Lock Network Lock prevents traffic leaks outside the VPN tunnel through firewall rules. Hummingbird 1.0.3 widens --network-lock option arguments. The following arguments are now accepted: on | off | iptables | nftables | pf (default: on). If you specify on argument, or you omit --network-lock option, Hummingbird will automatically detect and use the infrastructure available on your system. Hummingbird picks the first available infrastructure between iptables-legacy, iptables, nftables and pf. Note: command line options, when specified, override profile directives, when options and profile directives have the same purpose. Binaries download URL https://gitlab.com/AirVPN/hummingbird/-/tree/master/binary Complete instructions https://airvpn.org/hummingbird/readme/ Hummingbird source code https://gitlab.com/AirVPN/hummingbird OpenVPN3-AirVPN library source code https://github.com/AirVPN/openvpn3-airvpn OpenVPN3-AirVPN library Changelog Changelog 3.6.4 AirVPN - Release date: 23 May 2020 by ProMIND - [ProMIND] [2020/05/23] completely changed the logics controlling overrides (server, port and protocol) client/ovpncli.cpp: parse_config() Properly assigned serverOverride, portOverride and protoOverride to eval.remoteList client/ovpncli.cpp: parse_config() In case serverOverride is set, remoteList is cleared and recreated with just one item containing serverOverride client/ovpncli.cpp: parse_config() In case portOverride or protoOverride is set, all the items in remoteList are changed accordingly openvpn/client/remotelist.hpp: Added public method set_transport_protocol_override() to assign the override protocol to all items in remoteList openvpn/client/cliopt.hpp: ClientOptions() now calls remote_list->set_transport_protocol_override() instead of remote_list->handle_proto_override() Hummingbird Changelog Changelog 1.0.3 - 3 June 2020 - [ProMIND] Removed --google-dns (enable Google DNS fallback) option - [ProMIND] Improved flushing logics for pf - [ProMIND] Updated to OpenVPN3-airvpn 3.6.4 *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0.2 - 4 February 2020 - [ProMIND] Updated to OpenVPN3-AirVPN 3.6.3 - [ProMIND] Added --tcp-queue-limit option - [ProMIND] --network-lock option now accepts firewall type and forces hummingbird to use a specific firewall infrastructure *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0.1 - 24 January 2020 - [ProMIND] Updated to OpenVPN3-AirVPN 3.6.2 *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 - 27 December 2019 - [ProMIND] Production release *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 RC2 - 19 December 2019 - [ProMIND] Better management of Linux NetworkManager and systemd-resolved in case they are both running - [ProMIND] Log a warning in case Linux NetworkManager and/or systemd-resolved are running *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 RC1 - 10 December 2019 - [ProMIND] Updated asio dependency *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 beta 2 - 6 December 2019 - [ProMIND] Updated to OpenVPN 3.6.1 AirVPN - [ProMIND] macOS now uses OpenVPN's Tunnel Builder - [ProMIND] Added --ignore-dns-push option for macOS - [ProMIND] Added --recover-network option for macOS *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 beta 1 - 28 November 2019 - [ProMIND] Added a better description for ipv6 option in help page - [ProMIND] --recover-network option now warns the user in case the program has properly exited in its last run - [ProMIND] NetFilter class is now aware of both iptables and iptables-legacy and gives priority to the latter *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 alpha 2 - 7 November 2019 - [ProMIND] DNS resolver has now a better management of IPv6 domains - [ProMIND] DNS resolver has now a better management of multi IP domains - [ProMIND] Minor bug fixes *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 alpha 1 - 1 November 2019 - [ProMIND] Initial public release Kind regards & datalove AirVPN Staff
  26. 3 points
    Hello! We updated right now the footer and specs page with the new address. There are some points where our CMS still redirects to SSL version, we are working to fix all of them, please be patient. Kind regards
  27. 3 points
    @HannaForest @philips @giganerd Hello! We made a Onion v3 address. The hidden service is provided by a dedicated server through http (no certificate warning), and we added HTTP-header "onion-location" that recommends the .onion version. Kind regards
  28. 3 points

    Hummingbird boot script

    Hi, if you use systemd you can set up a unit to do the job: I will assume you have a ovpn file with which you already run hummingbird: /path_to_your_file/hummingbird_boot.ovpn And hummingbird executable at a known place. If installed it can be checked running: $ which hummingbird /usr/bin/hummingbird I will assume this location. The systemd unit is nothing but a text file with some directives. You can create it as root with your preferred editor, place it in /etc/systemd/system and name it as you wish. in this case: /etc/systemd/system/airvpn.service (based on a suggestion in https://aur.archlinux.org/packages/hummingbird-bin/ ) [Unit] Description = AirVPN Client (hummingbird) Wants = network-online.target After = network-online.target [Service] ExecStart = /usr/bin/hummingbird /path_to_your_file/hummingbird_boot.ovpn Restart = always [Install] WantedBy = multi-user.target Note: make sure it is owned by root, in case you edited as your user and then sudo copied it. At this point you are all set, now you can use it as any other service: Make it run in that moment: $ sudo systemctl start airvpn Set it to start at every boot: $ sudo systemctl enable airvpn Restart while running: $ sudo systemctl restart airvpn Stop it: $ sudo systemctl stop airvpn Unset it to boot every time: $ sudo systemctl disable airvpn Check it's status: $ sudo systemctl status airvpn Access its logs: $ journalctl -u airvpn I think those are the more used ones. Haven't tried it in a raspberry but it works in some other systems.
  29. 3 points
    This provides me with an opportunity to say Thank you to AirVPN as well. I've been on this ride for nearly seven years now and I've seriously grown to fully trust AirVPN with whatever I do on the internet, in terms of both tech and ideology and the stability of both. Doesn't matter if I'm downloading with BitTorrent, playing a game or two or simply browsing the internet, it feels like nothing changed in terms of throughput or latency, while knowing that those activites are safer to use from a privacy point of view and that AirVPN will not sell me out. Now, I know that experiences vary and someone somewhere in the world don't enjoy the same quality of the service as I do – I live in Central Europe, after all. Problems are there to be solved, and that is what the AirVPN community does, which I personally see among the strong points of AirVPN: Despite the efforts of everyone to stay private and anonymous, even to the point of complete paranoia and exaggeration, there's still something I'd describe as the "AirVPN community spirit". When I started using AirVPN in 2013, and a short while after also spontaneously deciding to contribute to the forums, I didn't think how far this dedication would go. Well, here we are. Even though I was trying to help others, it would be a lie to say that I didn't learn anything myself. Through the forums I was able to pick up bits and pieces, read further manuals and how-tos, try things out myself, then pick up some more bits, read further, test deeper. The AirVPN community gave me some interesting hints and insights I wouldn't have gotten any other way and also influenced me on some of the more incisive decisions of mine. A humble example would be the decision to ditch Windows altogether, something that largely came from the community, and from the day I did that I not only learned more about the finer things of I.T., I was even able to directly translate what I learned into my job. Knowledge earned me respect, respect earned me.. well, nothing bad, you can be sure of that. Did I say that I never expected the decision to get involved here to turn out this way? As of today, AirVPN is the reference I compare the rest of the VPN providers to. Thank you again for the great service and may the next ten years be as good as the last and better!
  30. 3 points


    https://restoreprivacy.com/wireguard/ AirVPN has also chimed in over WireGuard’s implications for anonymity, as explained in their forum: Wireguard, in its current state, not only is dangerous because it lacks basic features and is an experimental software, but it also weakens dangerously the anonymity layer. Our service aims to provide some anonymity layer, therefore we can’t take into consideration something that weakens it so deeply. We will gladly take Wireguard into consideration when it reaches a stable release AND offers at least the most basic options which OpenVPN has been able to offer since 15 years ago. The infrastructure can be adapted, our mission can’t. In their forums, AirVPN further explained why WireGuard simply does not meet their requirements: Wireguard lacks dynamic IP address management. The client needs to be assigned in advance a pre-defined VPN IP address uniquely linked to its key on each VPN server. The impact on the anonymity layer is catastrophic; Wireguard client does not verify the server identity (a feature so essential that it will be surely implemented when Wireguard will be no more an experimental sofware); the impact on security caused by this flaw is very high; TCP support is missing (third party or anyway additional code is required to use TCP as the tunneling protocol, as you suggest, and that’s a horrible regression when compared to OpenVPN); there is no support to connect Wireguard to a VPN server over some proxy with a variety of authentication methods. Despite these concerns, many VPN services are already rolling out full WireGuard support. Other VPNs are watching the project and are interested in implementing WireGuard after it has been thoroughly audited and improved. In the meantime, however, as AirVPN stated in their forum: “We will not use our customers as testers.”
  31. 2 points
    Enchanted netherite armor, straight outta hell. Cut the salt, please. You too, Mr. go558a83nk. Yes. To get the tls-crypt address, use nl3.vpn.airdns.org. For more DNS tricks, refer to the server IP FAQ entry. I too believe this to be the reason why it doesn't seem to work, give it a try.
  32. 2 points
    It's more than necessary, maybe not for regular users but for those who are building networks for users to use. Whoever told you that v6 is unnecceary is probably such an user him/herself. Those leaks you mentioned are nothing but VPN configuration errors and don't appear outside the VPN context – why should they, after all. Every IP host needs a globally unique IP. When the internet was an infant, designed as a research network, 255^4 - 2 IP addresses were probably enough for a second lifetime of the earth, they said. But the core belief was still that every participant in this network needed a unique IP to be directly addressable. Nothing changed with IPv6, every participant still needs a unique IP. And thus NAT was born: The idea that multiple devices of the same network/house/company/whatever can use the internet through a machine in the middle which will forward their requests and return the answers. Pro: 100+ hosts need just one public IP. Con: You get to deal with port forwarding and other stuff. That's what AirVPN's "privacy" is all about: You use the internet as if you were the AirVPN server. It's pseudonymous, not anonymous. The IPv6 challenge for VPN providers is that IPv6 does not need NAT anymore as it was explicitly made to tackle this IPv4 address space exhaustion. There's no such thing as a v6 address exhaustion (yet), so we can again afford to assign public IPs to all hosts out there. The engineers wanted it to be as easy as possible, so they used the MAC address of the interfaces to automatically build part of that IPv6 address. The problem: This MAC address is supposed to be globally unique as well (it's not exactly, but still). Another problem is that by the time v6 started to be more or less widely adopted, the online ad train was already speeding and looking for more data points to use in the targeting algorithms. A unique IP which is not changed even after a reconnect is almost equivalent to finding the Holy Grail in targeted advertising. That's what gets people around communities like this spooked. And thus the v6 Privacy Extensions were born which are now the default on all platforms: The hosts themselves simply randomize this address, and no one really needs to know how they do it as long as the address is in fact addressable. Makes them less of a target for those ads, and in my humble opinion that should be enough, but people are still spooked by the addressing possibility by MAC so they avoid it in a privacy context. Not to mention the loudest argument of them all: "I can't memorize those long addresses!" Now, IPv6 can be configured to be NATed, just like v4. AirVPN did just that: v6 is NATed like v4 so your exit IPv6 address is that of the AirVPN server, not an address calculated by your own machine. It works and is what happens if you don't disable IPv6.
  33. 2 points

    Eddie Desktop 2.19.7 released

    me too, but only on my laptop. My PC works just fine with version 2.19.7. Both have Windows 10 Pro 20H2 fully updated. Both have TAP-Windows 9.24.2 installed. Both use ESET Internet Security. In Computer Settings-> Services and Applications-> Services-> Eddie Elevation Service, I'm unable to start it on my laptop. One difference: my PC runs on AMD Ryzen 7 3700X 8-Core and my laptop runs on Intel Core-i7-6700HQ CPU. PROBLEM SOLVED!! ... The Eddie Elevation Service was present even when Eddie had been de-installed, and it was not possible to start this service manually. Installing OpenVPN did not help so I de-installed it too. By this time TAP-Windows 9.24.2 had disappeared. I then deleted the following key manually in the Registry Editor: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EddieElevationService. (There are cleaner ways to remove Services.) After that, installing Eddie 2.19.7 worked perfectly. Note that before this I had been using Eddie 2.18.9 (and earlier versions) for ages without a problem.
  34. 2 points

    ANSWERED Canada Servers are not overloaded

    Maybe you already know it. When a country consistently has more than 65-70% allocated (used) bandwidth, we consider the expansion. When a country has consistently more than 90% allocated bandwidth, expansion is mandatory. Currently Canada is around 55% while Sweden less than 50%. However, in Sweden, we have much stronger demand in Stockholm (better peering with various residential ISPs) than Uppsala. If you consider Stockholm as an area of its own, or equivalently Sweden as a country relying essentially on Stockholm, then you have consistently 70% allocated bandwidth. That's why expansion in Stockholm is now under evaluation with higher priority than Canada. Kind regards
  35. 2 points
    Hello, after I posted some suggestions for Eddie's CLI version in this thread and received some helpful information there, I set out to write my own little interface in bash for it to implement the suggestions. Being no programmer it turned out to be quite a project for me, and I would like to share it here in case anybody else prefers to run Eddie in the terminal rather than as a full GUI application. This script still uses Eddie itself, it's just a wrapper to make it as easy to use in the command line as it is as a desktop application. Screenshots are attached. Some features and advantages: uses less resources (top shows usually 0.3% CPU usage compared to 4-5% for the desktop version) can be exited without disconnecting interactive, sortable server list option to connect to another VPN with openconnect (since I need to do that from time to time, but it should be easy to add other connection methods as well) option to lock down the system's network traffic by default, so even without Eddie running with its own network lock there will be no leaks What to watch out for: The default network lock works with direct rules in firewalld because I'm using Fedora. It should be easy to change it to use iptables directly on other distributions since firewalld's direct rules are just a way to directly manipulate iptables. Once activated, the lock will stay in place until manually deactivated (also surviving reboots), so no internet connection will be possible unless connected to AirVPN or other whitelisted VPNs. AirVPN's network lock overwrites the default network lock, so there will be no interference. Check your /etc/resolv.conf file while not running Eddie (because Eddie's network lock replaces that file temporarily) to make sure your router is not set as a nameserver (so no 192.168... address). Some routers will push themselves on that list by DHCP whenever you connect to their network. Since communication with the router is allowed in the lock rules, DNS requests will be handled by the router and sent to whatever DNS server is configured there even when network traffic should be blocked. There are ways to prevent that file from being changed by DHCP, best configure network manager for that if you use it. To connect to other VPNs, their IPs must be whitelisted and DNS requests for their domains must be allowed in the default network lock rules. The rules for airvpn.org can be copied and adjusted. I haven't yet included an option to pass command line arguments to Eddie. So if you need to set more advanced options like black-/whitelists, use of certain protocols etc., you need to set them manually in the connect_server function. All the possible options can be found in 'man eddie-ui'. You need to insert your own API key in line 5. It can be found in your account under Client Area -> API. Without this, connections will still work, but user info and connection status in the main window will not be properly updated. I tried to only use basic system tools. The script relies mostly on dialog, awk and curl (and firewalld as described and openconnect if needed), so it should work on most systems, but I'm not sure. And, lastly, VERY IMPORTANT: As I said, I'm no programmer and new to this, so even though I tried my best to make this script secure and error free, there might very well be some bad practice, never-ever-do-this mistakes or other hiccups in there. It works well for me, but better check it yourself. Feel free to use this as you wish, I hope someone can benefit from this. I'm happy about any improvements and corrections and will update this if I find the time. UPDATE: A new version which uses Hummingbird and has been improved in many aspects (including automatic connection at boot) can be found here. #!/bin/bash # an interactive shell script to control the command line version of the AirVPN Eddie client and openconnect more comfortably PROFILE_PATH="$HOME/.airvpn/default.xml" API_KEY="<your api key>" DIALOG_OK=0 DIALOG_CANCEL=1 DIALOG_EXTRA=3 DIALOG_ESC=255 HEIGHT=0 WIDTH=0 BACKTITLE="VPN Control" FORMAT="text" URL="https://airvpn.org/api/" PID=$$ function check_sudo { # check if user has sudo privileges sudo -vn &> /dev/null # gain sudo privileges for commands that need it (better than running everything with sudo) if [ $? = "1" ] then unset EXIT_STATUS_SUDO PASS_PROMPT="Establishing VPN connections and changing network traffic rules requires root privileges. Please enter your password:" until [ "$EXIT_STATUS_SUDO" = "0" ] do dialog \ --backtitle "$BACKTITLE" \ --title "Password Needed" \ --output-fd 1 \ --insecure \ --passwordbox "$PASS_PROMPT" 11 35 | xargs printf '%s\n' | sudo -Svp '' &> /dev/null EXIT_STATUS_PIPE=( "${PIPESTATUS[@]}" ) EXIT_STATUS_DIALOG="${EXIT_STATUS_PIPE[0]}" EXIT_STATUS_SUDO="${EXIT_STATUS_PIPE[2]}" EXIT_SUDO_TEST="${EXIT_STATUS_PIPE[2]}" PASS_PROMPT="The password you entered is incorrect. Please try again:" case $EXIT_STATUS_DIALOG in $DIALOG_CANCEL|$DIALOG_ESC) return 1 ;; esac done # keep sudo permission until script exits or permissions are revoked (e.g. when computer goes to sleep) while [ "$EXIT_SUDO_TEST" = "0" ]; do sudo -vn; EXIT_SUDO_TEST=$?; sleep 60; kill -0 "$PID" || exit; done &> /dev/null & fi return 0 } function get_list { SERVICE_NAME="status" ARGS="{ \"format\":\"$FORMAT\", \"service\":\"$SERVICE_NAME\" }" timeout --signal=SIGINT 10 curl -s -d "$ARGS" -X POST "$URL" > "/tmp/.eddie_server_list.txt" } function sort_list { # pipe server status list to awk, filter out unnecessary stuff, # combine lines that relate to same server into single lines which are saved as array, # loop through array to format info, # print array and sort according to options, # add numbers to list for menu LIST=$(awk -F '[.]' \ 'BEGIN{OFS=";"} \ /^servers/ && !/ip_/ && !/country_code/ {c=$2; \ if (c in servers) servers[c]=servers[c] OFS $3; \ else servers[c]=$3; \ for (k in servers) gsub(/;bw=/, " :", servers[k]); \ for (k in servers) gsub(/;bw_max=/, "/", servers[k]); \ for (k in servers) gsub(/;currentload=/, " :", servers[k]); \ for (k in servers) gsub(/;health=/, "%:", servers[k]); \ for (k in servers) gsub(/;.*=/, ":", servers[k]); \ for (k in servers) gsub(/^.*=/, "", servers[k])} \ END{ \ for (c in servers) print servers[c]}' "/tmp/.eddie_server_list.txt" | sort -t ":" $1 | awk -F '[;]' 'BEGIN{OFS=":"} {print v++";"$1}') } function get_userinfo { SERVICE_NAME="userinfo" ARGS="{ \"format\":\"$FORMAT\", \"service\":\"$SERVICE_NAME\", \"key\":\"$API_KEY\" }" # filter specific lines, save values to variables after protecting whitespace read U_LOGIN U_EXP U_CONNECTED U_DEVICE U_SERVER_NAME U_SERVER_COUNTRY U_SERVER_LOCATION U_TIME <<< $( \ timeout --signal=SIGINT 10 curl -s -d "$ARGS" -X POST "$URL" | \ awk -F '[=]' \ 'BEGIN{ORS=";"} \ /^user.login|^user.expiration_days|^user.connected|^sessions.*device_name|^connection.server_name|^connection.server_country=|^connection.server_location|^connection.connected_since_date/ \ {print $2}' | \ sed 's/\ /\\\ /g' | sed 's/;/\ /g' \ ) if [ "$U_CONNECTED" = "1" ] then U_CONNECTED="connected" U_SERVER_FULL="$U_SERVER_NAME ($U_SERVER_LOCATION, $U_SERVER_COUNTRY)" U_TIME=$(date -d "$U_TIME UTC" +"%m/%d/%Y %H:%M:%S") else U_CONNECTED="not connected" U_SERVER_FULL="--" U_TIME="--" fi } function connect_server { if [ "$KILLED" = "true" ] then # create pipes to process status of client if [ ! -p "/tmp/.eddie_fifo1" ] then mkfifo "/tmp/.eddie_fifo1" fi if [ ! -p "/tmp/.eddie_fifo2" ] then mkfifo "/tmp/.eddie_fifo2" fi # run eddie in background and detached from current window, pipe output to named pipe (sudo eddie-ui --cli --netlock --connect --server="$1" --profile="$PROFILE_PATH" | tee "/tmp/.eddie_fifo2" &> "/tmp/.eddie_fifo1" &) cat "/tmp/.eddie_fifo2" | dialog --backtitle "$BACKTITLE" --title "Connecting to AirVPN..." --progressbox 20 80 & timeout --signal=SIGINT 60 grep -q -m 1 "Initialization Sequence Completed" "/tmp/.eddie_fifo1" INIT_EXIT=$? pkill -f cat.*eddie_fifo2 if [ $INIT_EXIT = "0" ] then get_userinfo else U_CONNECTED="error during connection attempt" U_SERVER_FULL="--" U_TIME="--" fi else U_CONNECTED="error during disconnection" U_SERVER_FULL="--" U_TIME="--" fi } function disconnect_server { # check for running instance of eddie pgrep -f mono.*eddie-ui &> /dev/null if [ $? = 0 ] then # kill process and wait for confirmation from process output if [ -p "/tmp/.eddie_fifo1" -a -p "/tmp/.eddie_fifo2" ] then sudo pkill -2 -f mono.*eddie-ui & cat "/tmp/.eddie_fifo1" | dialog --backtitle "$BACKTITLE" --title "Disconnecting AirVPN..." --progressbox 20 80 & timeout --signal=SIGINT 10 grep -q -m 1 "Shutdown complete" "/tmp/.eddie_fifo2" else # in case connection was started without this script sudo pkill -2 -f mono.*eddie-ui sleep 5 fi # give some time to completely close process, without sleep it's too early for new connection sleep 3 pgrep -f mono.*eddie-ui &> /dev/null if [ $? = 1 ] then KILLED1="true" else KILLED1="false" fi else KILLED1="true" fi # check for running instance of openconnect pgrep -f "openconnect.*--" &> /dev/null if [ $? = 0 ] then sudo pkill -2 -f "openconnect.*--" sleep 1 pgrep -f "openconnect.*--" &> /dev/null if [ $? = 1 ] then KILLED2="true" # somehow openconnect doesn't receive SIGINT and shuts down improperly, # so vpnc can't restore resolv.conf by itself sudo cp "/var/run/vpnc/resolv.conf-backup" "/etc/resolv.conf" else KILLED2="false" fi else KILLED2="true" fi if [ "$KILLED1" = "true" -a "$KILLED2" = "true" ] then KILLED="true" else KILLED="false" fi } function define_lock { if [ "$1" = "activate" ] then GAUGE_TITLE="Activating Network Lock" RULE_ACTION="add-rule" elif [ "$1" = "deactivate" ] then GAUGE_TITLE="Deactivating Network Lock" RULE_ACTION="remove-rule" else return 1 fi GAUGE_BODY="$1" IPRULES=(\ #allow loopback "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter INPUT 0 -i lo -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 0 -o lo -j ACCEPT" \ #allow lan (out) and broadcasting/dhcp "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 0 -s -d -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter INPUT 0 -s -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 0 -d -j ACCEPT" \ # allow tun device to communicate (so any VPN connection should be possible, also without Air, but respective DNS requests must be allowed) "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter FORWARD 0 -o tun+ -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter FORWARD 0 -i tun+ -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 998 -o tun+ -j ACCEPT" \ # optional masquerade rule (NAT/ports) "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 nat POSTROUTING 0 -o tun+ -j MASQUERADE" \ # allow ipv4 only to airvpn.org for status update # allow DNS query to resolve hostname (hex string reads "06 airvpn 03 org" - numbers are counting bits), # restrict packet length to length of this specific request package (might change?) to avoid hijacking # of query (very unlikely I guess, but who cares if we're already being paranoid for the fun of it), # whitelist destination IP for TCP handshake "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 1 -p udp --dport 53 -m string --hex-string '|06 61697276706e 03 6f7267|' --algo bm -m length --length 0:126 -m recent --set -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 1 -p tcp --dport 53 -m string --hex-string '|06 61697276706e 03 6f7267|' --algo bm -m length --length 0:126 -m recent --set -j ACCEPT" \ # add rules for other domains you wish to allow DNS requests to here (packet length can be determined with e.g. wireshark) and adjust array index # # allow SYN request to whitelisted IP to initiate handshake, remove IP from whitelist "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 1 -p tcp --syn --dport 53 -m recent --remove -j ACCEPT" \ # allow outgoing connection to Air's IP "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 1 -d -j ACCEPT" \ # add rules for other IPs you wish to allow connections to here # # allow communication "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter INPUT 1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT" \ # drop outgoing ipv4 (if not specifically allowed by other rules) "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 999 -j DROP" \ # block incoming ipv4 "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter INPUT 999 -j DROP" \ # drop all ipv6 "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv6 filter OUTPUT 0 -j DROP" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv6 filter INPUT 0 -j DROP" \ # reload and restart firewalld to activate permanent rule changes "sudo firewall-cmd --reload" \ "sudo systemctl restart firewalld"\ ) toggle_lock } function toggle_lock { PERCENTAGE_STEP=$(awk -v rules="${#IPRULES[@]}" 'BEGIN {print 100/rules}') PERCENTAGE=0 COUNTER=0 # initial window dialog --backtitle "$BACKTITLE" \ --title "$GAUGE_TITLE" \ --mixedgauge "Applying iptable rules to $GAUGE_BODY the default network lock..." 35 80 "$(awk -v per="$PERCENTAGE" 'BEGIN {printf "%.0f", per}')" \ "Allow Loopback IN" "${RESULT[0]}" \ "Allow Loopback OUT" "${RESULT[1]}" \ "Allow LAN OUT" "${RESULT[2]}" \ "Allow DHCP IN" "${RESULT[3]}" \ "Allow DHCP OUT" "${RESULT[4]}" \ "Allow tun out FORWARD" "${RESULT[5]}" \ "Allow tun in FORWARD" "${RESULT[6]}" \ "Allow tun out OUT" "${RESULT[7]}" \ "tun masquerade" "${RESULT[8]}" \ "Allow DNS via UDP to airvpn.org" "${RESULT[9]}" \ "Allow DNS via TCP to airvpn.org" "${RESULT[10]}" \ "Allow connection initiation" "${RESULT[11]}" \ "Allow traffic to airvpn.org" "${RESULT[12]}" \ "Allow established connections" "${RESULT[13]}" \ "Block IPv4 OUT" "${RESULT[14]}" \ "Block IPv4 IN" "${RESULT[15]}" \ "Block IPv6 OUT" "${RESULT[16]}" \ "Block IPv6 IN" "${RESULT[17]}" \ "activate changes" "${RESULT[18]}" \ "restart firewalld" "${RESULT[19]}" for i in "${IPRULES[@]}" do RESULT["$COUNTER"]=$(eval $i) (( COUNTER++ )) PERCENTAGE=$(awk -v per="$PERCENTAGE" -v per_step="$PERCENTAGE_STEP" 'BEGIN {print per+per_step}') # progress window dialog --backtitle "$BACKTITLE" \ --title "$GAUGE_TITLE" \ --mixedgauge "Applying iptable rules to $GAUGE_BODY the default network lock..." 35 80 "$(awk -v per="$PERCENTAGE" 'BEGIN {printf "%.0f", per}')" \ "Allow Loopback IN" "${RESULT[0]}" \ "Allow Loopback OUT" "${RESULT[1]}" \ "Allow LAN OUT" "${RESULT[2]}" \ "Allow DHCP IN" "${RESULT[3]}" \ "Allow DHCP OUT" "${RESULT[4]}" \ "Allow tun out FORWARD" "${RESULT[5]}" \ "Allow tun in FORWARD" "${RESULT[6]}" \ "Allow tun out OUT" "${RESULT[7]}" \ "tun masquerade" "${RESULT[8]}" \ "Allow DNS via UDP to airvpn.org" "${RESULT[9]}" \ "Allow DNS via TCP to airvpn.org" "${RESULT[10]}" \ "Allow connection initiation" "${RESULT[11]}" \ "Allow traffic to airvpn.org" "${RESULT[12]}" \ "Allow established connections" "${RESULT[13]}" \ "Block IPv4 OUT" "${RESULT[14]}" \ "Block IPv4 IN" "${RESULT[15]}" \ "Block IPv6 OUT" "${RESULT[16]}" \ "Block IPv6 IN" "${RESULT[17]}" \ "activate changes" "${RESULT[18]}" \ "restart firewalld" "${RESULT[19]}" done # final window to show results dialog --backtitle "$BACKTITLE" \ --title "$GAUGE_TITLE" \ --mixedgauge "Applying iptable rules to $GAUGE_BODY the default network lock..." 35 80 "$(awk -v per="$PERCENTAGE" 'BEGIN {printf "%.0f", per}')" \ "Allow Loopback IN" "${RESULT[0]}" \ "Allow Loopback OUT" "${RESULT[1]}" \ "Allow LAN OUT" "${RESULT[2]}" \ "Allow DHCP IN" "${RESULT[3]}" \ "Allow DHCP OUT" "${RESULT[4]}" \ "Allow tun out FORWARD" "${RESULT[5]}" \ "Allow tun in FORWARD" "${RESULT[6]}" \ "Allow tun out OUT" "${RESULT[7]}" \ "tun masquerade" "${RESULT[8]}" \ "Allow DNS via UDP to airvpn.org" "${RESULT[9]}" \ "Allow DNS via TCP to airvpn.org" "${RESULT[10]}" \ "Allow connection initiation" "${RESULT[11]}" \ "Allow traffic to airvpn.org" "${RESULT[12]}" \ "Allow established connections" "${RESULT[13]}" \ "Block IPv4 OUT" "${RESULT[14]}" \ "Block IPv4 IN" "${RESULT[15]}" \ "Block IPv6 OUT" "${RESULT[16]}" \ "Block IPv6 IN" "${RESULT[17]}" \ "activate changes" "${RESULT[18]}" \ "restart firewalld" "${RESULT[19]}" sleep 2 unset RESULT check_lock } function check_lock { # check for success (not really though, needs improvement) LOCK_RULES=$( sudo firewall-cmd --direct --permanent --get-all-rules | wc -l ) if [ "$LOCK_RULES" -gt 16 ] then LOCK_ACTIVE="active" else LOCK_ACTIVE="inactive" fi } function yesno { dialog \ --backtitle "$BACKTITLE" \ --title "$1" \ --clear \ --yesno "$2" \ $HEIGHT $WIDTH EXIT_STATUS=$? } check_sudo if [ $? = "1" ] then clear exit fi get_userinfo # if currently connected by openconnect, set status to unknown (connection could have been established outside of this script) pgrep openconnect &> /dev/null if [ $? = 0 ] then U_CONNECTED="connected (openconnect)" U_SERVER_FULL="unknown" U_TIME="unknown" fi check_lock while true; do exec 3>&1 selection=$(dialog \ --cr-wrap \ --backtitle "$BACKTITLE" \ --title "Main Menu" \ --clear \ --cancel-label "Quit" \ --menu "This is a control script for VPN connections, primarily for Eddie, the AirVPN client.\nThis script can be exited and re-entered without affecting a running connection.\n\nUser: $U_LOGIN\nDays Until Expiration: $U_EXP\n\nDefault Network Lock: $LOCK_ACTIVE\n\nStatus: $U_CONNECTED\nServer: $U_SERVER_FULL\nConnected Since: $U_TIME\n\nPlease select one of the following options:" $HEIGHT $WIDTH 6 \ "0" "Connect to Recommended Server" \ "1" "Connect to Specific Server" \ "2" "Connect via openconnect" \ "3" "Disconnect" \ "4" "Refresh User Info" \ "5" "Toggle Default Network Lock" \ 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) yesno "Quit" "Exit Script?" case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) break ;; esac ;; esac case $selection in 0 ) check_sudo if [ $? = "0" ] then disconnect_server connect_server "" fi ;; 1 ) while true; do exec 3>&1 SERVER_SORT=$(dialog \ --backtitle "$BACKTITLE" \ --title "Sort Server List" \ --no-collapse \ --ok-label "sort ascending" \ --extra-button \ --extra-label "sort descending" \ --menu "Please choose how you want to sort the server list." \ 14 0 7 \ "1" "Name" \ "2" "Country" \ "3" "Location" \ "4" "Continent" \ "5" "Bandwidth" \ "6" "Users" \ "7" "Load" \ 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) break ;; $DIALOG_EXTRA) SERVER_SORT_OPTION="r" ;; $DIALOG_OK) SERVER_SORT_OPTION="" ;; esac if [ "$SERVER_SORT" = "5" -o "$SERVER_SORT" = "6" -o "$SERVER_SORT" = "7" ] then SERVER_NUM_OPTION="n" else SERVER_NUM_OPTION="" fi if [ ! -f "/tmp/.eddie_server_list.txt" ] then get_list fi while true do sort_list "-k$SERVER_SORT,$SERVER_SORT$SERVER_SORT_OPTION$SERVER_NUM_OPTION" IFS=$';\n' exec 3>&1 SERVER_NMBR=$(dialog \ --backtitle "$BACKTITLE" \ --title "Server List" \ --colors \ --no-collapse \ --extra-button \ --extra-label "Refresh List" \ --column-separator ":" \ --menu "Choose a server from the list to connect to it. (Press ESC to go back.)\n\n\Zb # Name Country Location Continent Bandwidth Users Load Health\ZB" \ 40 102 31 $LIST 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- IFS=$' \t\n' case $EXIT_STATUS in $DIALOG_CANCEL) break 2 ;; $DIALOG_ESC) break ;; $DIALOG_EXTRA) get_list ;; $DIALOG_OK) check_sudo if [ $? = "0" ] then SELECTED_SERVER=$(printf -- '%s\n' "${LIST[@]}" | grep "^$SERVER_NMBR;" | cut -d ";" -f 2 | cut -d ":" -f 1) disconnect_server connect_server "$SELECTED_SERVER" break 2 fi ;; esac done done ;; 2 ) exec 3>&1 # adjust field lengths if necessary CONNECT_INFO=$(dialog \ --backtitle "$BACKTITLE" \ --title "VPN via openconnect" \ --insecure \ --mixedform "Please provide your login credentials to connect to a VPN via openconnect:\n(Leave unneeded fields blank and type options as in command line, separated by space.)" $HEIGHT $WIDTH 6 \ "Server:" 1 1 "" 1 21 25 0 0 \ "Group:" 2 1 "" 2 21 25 0 0 \ "User:" 3 1 "" 3 21 25 0 0 \ "Password:" 4 1 "" 4 21 25 0 1 \ "Additional Options:" 5 1 "" 5 21 25 0 0 \ 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) check_sudo if [ $? = "0" ] then disconnect_server if [ "$KILLED" = "true" ] then if [ ! -p "/tmp/.eddie_fifo1" ] then mkfifo "/tmp/.eddie_fifo1" fi ALT_SERVER=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 1) ALT_GROUP=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 2) ALT_USER=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 3) ALT_PASS=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 4) ALT_OPTS=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 5) echo "$ALT_PASS" | (sudo openconnect $ALT_OPTS --authgroup=$ALT_GROUP --user=$ALT_USER --passwd-on-stdin $ALT_SERVER &> "/tmp/.eddie_fifo1" &) timeout --signal=SIGINT 3 cat "/tmp/.eddie_fifo1" | dialog --backtitle "$BACKTITLE" --title "Connecting via openconnect..." --timeout 5 --programbox 20 80 U_CONNECTED="connected" U_SERVER_FULL="$ALT_SERVER" U_TIME=$(date +"%m/%d/%Y %H:%M:%S") else U_CONNECTED="error during disconnection" U_SERVER_FULL="--" U_TIME="--" fi fi ;; esac ;; 3 ) check_sudo if [ $? = "0" ] then disconnect_server if [ "$KILLED" = "true" ] then get_userinfo else U_CONNECTED="error during disconnection" U_SERVER_FULL="--" U_TIME="--" fi if [ -p "/tmp/.eddie_fifo1" ] then rm "/tmp/.eddie_fifo1" fi if [ -p "/tmp/.eddie_fifo2" ] then rm "/tmp/.eddie_fifo2" fi fi ;; 4 ) get_userinfo ;; 5 ) pgrep -f mono.*eddie-ui &> /dev/null if [ $? = 0 ] then dialog --backtitle "$BACKTITLE" --title "Toggle Network Lock" --timeout 3 --msgbox "You need to be disconnected to change network traffic rules." 10 35 else if [ "$LOCK_ACTIVE" = "inactive" ] then yesno "Toggle Network Lock" "Are you sure you want to activate the default network lock and block all connections while not connected to (any) VPN?" case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) check_sudo if [ $? = "0" ] then define_lock "activate" fi ;; esac else yesno "Toggle Network Lock" "Are you sure you want to deactivate the default network lock and allow all connections, even when not connected to a VPN?" case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) check_sudo if [ $? = "0" ] then define_lock "deactivate" fi ;; esac fi fi ;; esac done clear
  36. 2 points
    solved. I'm unable to replicate the issue now, as this seems like an issue only at initial setup. When eddie was first run, the 'main window' is automatically shown in order to provide login credentials. This window is NOT able to be brought to focus by using the gui/mouse. No amount of clicking on the window (even quitting the program or restarting the computer) would give the window focus. Only by going to the menu bar and selecting the option 'Show main window' will give the window focus and allow me to enter the credentials. Once this was done I was able to get logged in/connected. Now, the 'main window' does not show automatically on launch. The only way to get to the window is with the menu bar selection. FYI this is the last series of intel i5 macbook prior to the M1 release running Big Sur 11.1
  37. 2 points

    New 10 Gbit/s server available (CH)

    This new Xuange server works really well and fast as well as stably! I've been using it all day on my Smartphone and computer. I have noticed that this connection is much faster than I what the other Servers in the Air! I will always use this server in the future. Thank you for this new server, and Merry Christmas everyone!
  38. 2 points

    Black Friday Sale 2020

    It's a "Christmas secret" every year. But according to last 2y it should last until 4th December.
  39. 2 points

    NetworkLock on macOS 11

    @jeuia3e9x74uxu6wk0r2u9kdos @korsko @Overkill Hello! Both AirVPN software for macOS, Eddie and Hummingbird, enforce Network Lock via pf rules, therefore nothing changes and leaks prevention stays as effective as usual even in macOS Big Sur. Kind regards
  40. 2 points
    Clodo, thanks. 2.19.6. is working great, stay safe🤗 Just 1 thing. Should in settings networking layer inside tunnel ipv4 if issue is deteced be ticked. It isn't by default! ipv6 is. Thanks
  41. 2 points
    After installing the Wintun adapters on my Win10 desktop PC a while back my dl speed rose from around 30-45Mbps to around 110-120Mbps on my then 200Mbps Virgin Media broadband. A month ago I upgraded to the VM 500Mbps package and at first I could only get 180-200Mbps D/L speed. I immediately blamed Virgin but when I solved it it was nothing to do with Virgin but my Linksys router. I run the VM SH3.0 in modem mode into my Linksys EA7500 router. I have one cat7 ethernet cable running from the router to my PC and another running to the Samsung tv in my living room. Other than that I have my wifes laptop, mobile and the Virgin Tivo box running on the Linksys Wi-Fi. In the Linksys settings there is a box in the prioritization options which you need to set with your broadband subscription speed x 1024. In my case when I had the VM 200Mbps package it was set at 204,800. When I remembered this I went into the Linksys settings and changed to 512,000 and hey presto I was getting 380 - 400Mbps straight away. I have also found that the server you choose to connect to at AirVPN and the time of day also has a bearing on your connection speed, which is why I have a preferred list of Air servers which have given me excellent d/l speeds in the past and do an online speedtest each time I connect to ensure I get a good connection. Something else is that I only use AirVPN a couple of hours in the early mornings and an occasional Sat/Sun afternoon, perhaps if you are using AirVPN 24/7 these results will not match I don't know but I am quite happy getting 50-75% of my broadband connection via AirVPN and 100% the rest of the time all things considered.
  42. 2 points

    Spooky Halloween 2020 deals

    Thank you! Added two more years to my sub!
  43. 2 points
    Thank you so much guys!
  44. 2 points
    I noticed your post right after I posted mine. I'm getting the same result as you, and have sent a support request through the client area while also posting here. I got a reply that my request has been forwarded to the Eddie developers. If I get a response from the Eddie developers before one is posted here I will pass the info on.
  45. 2 points

    Wireguard response from Mullvad

    When Wireguard AirVPN wave of servers will be available? Any updates?
  46. 2 points

    AirVPN 10th birthday celebrations

    @Neighbour80 Thank you! Firefox is developed mainly in C, C++, Rust and Javascript. It's not that a language is inherently "problematic from a security standpoint", the matter is more complex and, really, off-topic here, but you can enjoy 40-years old discussions that are still ongoing on the good and bad points of C++ since 1986 on BBS, and on specialized developers' forums. 🤩 Kind regards
  47. 2 points

    sale of .org domain to Ethos Capital

    Victory! ICANN Rejects .ORG Sale to Private Equity Firm Ethos Capital By Karen Gullo and Mitch Stoltz | April 30, 2020 https://www.eff.org/deeplinks/2020/04/victory-icann-rejects-org-sale-private-equity-firm-ethos-capital
  48. 2 points

    Eddie 2.18.9 Desktop released

    Came here to say that this tip of yours has been working for three days straight now. I had found it in the 2.19 beta thread. Thanks a lot!
  49. 2 points
    If you recently have had problems connecting Eddie (could be due to newer win 10 updates), try recommendations in this Microsoft-link: https://support.microsoft.com/en-us/help/929852/guidance-for-configuring-ipv6-in-windows-for-advanced-users The download alternative "Prefer ipv4 over ipv6" worked for me. hensel
  50. 2 points

    Using AirVPN with Asus router

    About AsusWRT AsusWRT is a unified firmware developed by Asus for use in their recent routers. The firmware was originally based on Tomato-RT/Tomato-USB, but has since seen many changes. Asus started using this new firmware with their recent routers (RT-AC68U, RT-AC87U), but they also started moving other routers to this new firmware. Prerequisite Asus Router with AsusWRT (native OpenVPN support). Model tested: RT-AC68U but it should work for all Asus routers that have AsusWRT. see Official website for AsusWRT model support list. [Firmware Notes]: Please upgrade the router Firmware to the latest version. "New Asus Firmware supports 4096 bits key and will work with AirVPN." Steps 1. Create configuration files from our Config Generator. Select [Router or others] and choose a server you like. Tick on [Direct, protocol UDP, port 443] and click on [Generate]. Save the openvpn config file .ovpn (Ex: AirVPN__UDP-443.ovpn) anywhere on your computer. 2. Open the Asus router webinterface and click on [VPN]. Click on [Add profile], choose [OpenVPN] tab. Enter a "description", leave username and password EMPTY. Click on [browse] and select the downloaded openvpn config file (.ovpn). Click on [upload]. Click on [OK]. That's it now you can click on [Activate] to connect to AirVPN server. 3. Make sure to setup the AirVPN DNS this way: Click on [WAN] tab. Turn [DNS server] "off" (No) and enter AirVPN's DNS as first DNS IP address (it's DNS for Protocol UDP, Port 443 - see Specs for more details). About the secondary DNS entry, we recommend picking ones from the OpenNIC Project. The AirVPN DNS will enable you to access AirVPN geo-routing services to bypass discriminations based on IP address geo-location. 4. Visit https://ipleak.net and check whether it works. Every client (PC, Smartphone, Console, Smart TV ..) which is connected to the router now is secured by VPN and also has full access to the anti-geo-blocking service. Useful Info A custom firmware for Asus routers based on official AsusWRT called Asuswrt-Merlin is available. AsusWRT-Merlin retains all the features of the original stock AsusWRT firmware with added/enhanced features. More info on AsusWRT-Merlin website http://asuswrt.lostrealm.ca/features
  • Create New...