go558a83nk

Of those I've been a customer of Air and PIA.  I typically use my router for VPN but when I've used apps on my windows 7 machine I've had more trouble with Air leaking DNS than with PIA's app.  PIA has a DNS leak protection switch that works perfectly every time that I've used it.

Edit: if you're talking about WebRTC leak then you should make another column.  DNS leaks and WebRTC protection are completely and totally different.

Edit2: you make negative remarks for the use of google DNS and yet you're using a google doc spreadsheet and have a gmail address.

 

that router can't run openvpn fast.  other routers can.  look for an Asus AC56 or AC68 or AC87 and use merlin-asuswrt firmware.

 

Define 'fast'? I'd expect 150 Mbps plus, which I doubt anything other than a custom built pfSense box could achieve. 

sorry, the routers I mentioned can't run it that fast.   50mb/s maybe a little higher is possible.

that router can't run openvpn fast.  other routers can.  look for an Asus AC56 or AC68 or AC87 and use merlin-asuswrt firmware.

 

Get ready for some controversy...

IMO PIA is NSA

Said same thing on Reddit too.

 

Edit: I have nothing to back this up, just saying do you honestly believe they can do all they advertise within US Jurisdiction.

 

There are a lot of VPN companies based in USA.  Are they all NSA?  I don't see where PIA advertises to do anything more than the average VPN.

By the way, PIA dynamically routes traffic from their USA gateways through Toronto when it's not the common WWW ports (80, 443, etc) to avoid legal problems as much as possible.  And only a few of their servers offer port forwarding (none in the USA), for further separation from potential legal trouble.

the AC56 has the same CPU so it can. and the AC87 certainly can with its faster CPU.

several other brands with similar CPU can also do it.  but, one thing to note is that merlin firmware for Asus may have some openvpn optimizations.

also, I've seen some data that indicate that Astrill's applet for routers delivers impressive speeds when using their routerpro option.

sorry, but routers can do openvpn faster than what is stated in this thread.  My own Asus AC68 will do 35mbit/s, my max line speed.  I'm sure it could go faster if my ISP allowed it.

granted, it can't be an old, cheap router.  But, newer routers with ARM chips are certainly capable of very useful speeds.

 

I don't have any opinion on CanvasBlocker but there are a couple of problems with it:

• it interferes with other extensions instead of only affecting websites
• the author makes it unnecessarily difficult to work with the code  (but it's technically open source and also free-software licensed!)

I don't use any extension to prevent canvas fingerprinting. Instead, I

• block scripts with NoScript (canvas fingerprinting requires JavaScript)
• use Tor Browser, which asks you whether to allow canvas image extraction (without the need to block scripts)

what other extensions does canvasblocker interfere with?  I've begun to use it and need to know what to look out for

did you see what Staff wrote about QoS on your windows machine?

if your router is blocking outgoing connections then maybe.  but this would be very unusual. 

if you're using the Eddy client you should not forward or open ports on your router at all.

This isn't related to AirVPN specifically but VPN in general.

Today I was helping a friend get openVPN setup on a router. Main purpose is to be able to access Hulu from our location.

He also has 3 ISP lines into his apartment, two different ISP. He has a subscription to another VPN service - not Air.

I get the VPN running and soon enough Hulu is accessible.

Then we switch the router to use a different ISP, trying to see which ISP has better bandwidth to USA.

The VPN connects to the exact same server. However, Hulu blocks us.

We switch back to the first ISP, connect to the same VPN server again, and Hulu works!

So my conundrum is how the ISP make any difference in this situation.

Can ISP tag traffic in a way such that Hulu can see it's ABC ISP traffic even after exiting a VPN?

some openvpn options are only operable on non-windows.  fast-io and mtu-disc come to mind.

so I'm not surprised to see differences even though those two options are probably not enabled by default.

1) SSH and SSL use common ports so it's unlikely  they'll be throttled.  They are probably throttling you based on deep packet inspection (DPI), not an overall throttle of the port.  DPI is able distinguish an openvpn connection but they cannot see the encrypted payload.

2) SSH and SSL tunnels trick DPI becase they look like SSL or SSH, not openvpn.  Here you have an openvpn tunnel inside an SSH or SSL tunnel, so they are certainly as safe and encrypted.

latency is a description of the path from you to the server.  Air has nothing to do with that path, but only the server.

this is why we use VPN.

doesn't the network lock accomplish this?

Yes, it is known that the RTC testing site was updated to show the vulnerability still exists for chrome users.  My advice is to uninstall anyting related to google. :-)  but if you won't do that, use script safe.

are you posting this from off campus since you say port 80 and all other ports are "locked" on campus?

I see Air now include the WebRTC check on ipleak.net. 

Hello,

 

I just purchased the 3 day subscription to try out AirVPN. I used PayPal, the charge went through OK, but it still says Under Review? How long until i get my credentials to log in? Thanks!

your credentials for input into the Eddy app are what you signed up with.  or, if you download config files, certs and keys are included such that make username and password usage unnecessary

I appreciate the responses so far. Are the Advanced Members that have been responding part of the AirVPN staff? If not, I would also really like to hear directly from AirVPN about this.

 

Update:

 

FYI: Disabling SIP ALG on my Netgear WINR200V4 router did not fix the problem.

 

However, adding the WebRTC Block Extension from the Chrome Store seems to fix the problem on Chrome (Windows 8.1).

what was your problem?  was your real ISP IP address showing up?  if only the VPN IP address was showing up then there's really no problem.  of course, you can still block it (in Chrome ) or shut it off (Firefox) if you desire.

Ah, thanks. I see now I do have that GUI option for disabling SIP passthrough.  I'll do that.  It was set to enabled. 

Well, interesting development.  I rebooted my router and Win 7 machine and tested connections to 4 different VPN companies from my router and this test only showed the VPN WAN each time.  So, I don't know what caused the "leak" in previous tests.  I'll have to keep an eye on it.

I happen to be testing two other VPN companies right now for a replacement for one I've had for a while. I plan on keeping Air for the foreseeable future.

I wanted to test their configs because they use other openvpn options dealing with routes and topology etc that Air doesn't use.

OK, did the test with Eddy 2.8 on my win 7 64k machine.

with network lock OFF, it could still see my ISP WAN address, and also saw AirVPN address.

with network lock ON, it could only see AirVPN address.

regarding my router, Asus AC68, UPnP has always been turned off by my choice.  But, not sure what setting would control ALG.  Anybody know?

go558a83nk, even without any firewalling, I have yet to understand how exactly WebRTC/STUN is able to figure out your WAN while a VPN tunnel is established and set as the one and only route - i will do some testing on this tomorrow; in any case, if your firewall:

- denies all incoming traffic

- denies all outgoing traffic except to AirVPN entry server(s)

 

then there's no way for any application, including browser/WebRTC, to obtain your WAN address. They can phone home but it'll either happen via VPN or it'll fail. AirVPN's Eddie client comes with a similar "network lock" feature.

I run VPN on my router and it was able to see VPN and ISP IP addresses. :-(