go558a83nk

Hello!

We're very glad to inform you that a new 10 Gbit/s full duplex server located in Denver (CO), USA, is available: Torcular.

The AirVPN client will show automatically the new server; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard.

Torcular supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard.

Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

You can check the status as usual in our real time servers monitor .
 
Do not hesitate to contact us for any information or issue.

Kind regards & datalove
AirVPN Staff
 

I got referred to AirVPN thru a reddit post because I was unhappy with NordVPN. I'm a network architect and I am thoroughly impressed by AirVPN. OpenVPN and Wireguard options with an intuitive VPN client to boot that had me up and seeding over rates 95MB/s in under 5 minutes. Best 99 euros I've spent this year. Keep up the stellar work, you created a fanboy in me, and I am not easily impressed.  

Hello!

A very important update which improves the system dramatically has been finalized. Now you don't have to worry anymore about pools and p2p programs. Find the new features in the original message. The paragraphs that do not apply anymore appear with strike through characters. The new system is simpler, fully scalable and with zero impact on current and future users. Enjoy AirVPN!

Kind regards & datalove
AirVPN Staff
 

OK, I'm sure others have already done this but I figured out how to use Plex's system with pool 2 and that is by putting the "https://pool 2 external IP:external port" into the custom server access url option in the network settings for the plex server.

Hello!

We offer TOTP based 2FA. TOTP is an open protocol. lt has been adopted as Internet Engineering Task Force (IETF) standard RFC 6238, it is not developed by Google. Furthermore, Google software and/or related services are not required in any way to use TOTP.

TOTP (Time-based one-time password) is "the cornerstone of Initiative for Open Authentication (OATH) and is used in a number of two-factor authentication (2FA) systems". It is also supported by the Google Authenticator app, but of course you are not forced to run this app (Google Authenticator does not requite anymore your phone number, just to be precise). Here you can see a wide list of apps: https://en.wikipedia.org/wiki/Comparison_of_OTP_applications

We are confident that this information will convince you of the imbecility of your beliefs.

Kind regards
 

Are there humans anywhere else?

it wasn't me but that's really nice of somebody!

And there oozes creeping racism from these conspiracy-loving, self disciplined monk educators with the will to avoid porn but not to study seriously the matters they talk about. So typical.
     
This self proclaimed monk-educator claims a thing and the contrary of it in different messages to pollute forums. Racist monk troll alert! 😸

At least, according to annunaki legend, humans were created through crude genetic engineering by annunaki alien species who came to earth to mine gold and left earth a long time ago. To create humans, they mixed earth hominid genes with annunaki genes, using cheap genetic engineering methods. That explains why humans have many genetic defects. They didn't create humans with precise genetic engineering methods because humans were designed as a tool to mine gold for annunaki aliens. That also explains why humans spent a lot of effort in mining gold and processing it into gold bars even though they were not technologically advanced enough to actually utilize gold. Nowadays, gold is used in computer chips. People didn't have computer chips in the past. There was really no good reason to spend so much effort on producing gold bars if humans didn't have natural use cases like computer chips for gold. Because annunakis didn't want to directly control humans through brute force, they gave the concept of money and government to humans so that they can indirectly control humans through money and government. They spent a lot of effort on perfecting indirect control. After they left, the human controllers who controlled humans for annunakis kept money and government. The legend says they themselves don't use money and government to coordinate their own labor. They give the concept of money and government to slave species.

If annunaki aliens took some humans with them after they were done with humans on earth, there must be humans on other planets.

But, whether annunaki legend is real doesn't really matter at this point. I don't really care either way. What matters is the fact that I'm stuck with money and government on earth along with other earth humans. I'm still practical and try to be productive with money, but I am aware that money is a control mechanism.

Privacy is a fundamental human right enshrined in any charter of fundamental rights, including the United Nations Universal Declaration of Human Rights and the Charter of Fundamental Rights of the European Union, and a series of amendments in the US constitution (including but not limited to the 4th Amendment).

The right to privacy has been equated to the right to life (for example by the India Supreme Court) and privacy (in the form of anonymity) has been recognized as an essential requisite to freedom of expression, according to a landmark & paramount decision of the US Supreme Court in 1994.
 
It is exactly the opposite in many documented cases. The right to privacy is often perceived as a privilege for the wealthy but it is actually more crucial for financially poor individuals, as you can easily verify through the sources and reports by the UN and by many human rights advocate organizations. As far as it pertains to additional protection of privacy on the Internet through more effective data protection and a layer of anonymity, we contribute also by aiding, technically or financially, networks that are free for everyone, such as Tor, making privacy protection enhancement (small or big) affordable for more persons.
 
While privacy is very precisely defined universally (and coded in law as one of the most important human rights in many countries), morality poses problems even with its definition. Codes of conduct endorsed by a society or a group (such as a religion), or accepted by an individual for her own behavior, are multiple, and many of them are mutually incompatible.

Large groups of people endorse a "supreme, universal" morality that's totally refused by other groups. Some groups define "morality" as something that it's not even defined as "morality" by another group. Some groups claim that "morality" is something defined by some external, powerful entity, given to us through revelation and the interpretation of this revelation by selected persons, while other groups do not even agree about the existence of such external entity.

That's why many of the most famous "educators" you mention, in the course of history have been incensed as heroes of their times by some groups, while other groups have defined them, at the same time or later in history, as bloodthirsty monsters, crazy lunatics or anyway people against morality. Even your invitation to avoid a perfectly legal action in all Western countries shows that your "morality" is incompatible with the "morality" of many other individuals and groups.

Kind regards
 

it wasn't me but that's really nice of somebody!

There seems to be a disconnect somewhere.  You talk of needing to forward ports on the router in an AirVPN forum.  Therefore, I assume that you'll be running openvpn on the router.  This is because the only reason to forward ports on the router while using AirVPN is if the router itself is the openvpn client for your whole "house".
 
If you are just going to use the Eddie client then DO NOT forward ports on the router.  You'll be decreasing your security if you do.
 
If you are asking if you can run some other kind of VPN on the router, the answer is yes.  But, AirVPN only provides openvpn.  You would have to find another VPN provider if you want to use the other VPN options Asus has.

https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/?hl=tomato
 
that's how to open ports for Asus also.

Thanks. This works.

Migrated from OpenVPN to test some Wireguard speeds this weekend.
pfSense 24.11, IPSec-MB enabled, Xeon-d 2100, CPU load ~40%. Limited by Frontier's fibre gigabit connection. 

Hello!

We're very glad to inform you that a new 1 Gbit/s full duplex server located in Auckland (NZ) is available: Theemin.

The AirVPN client will show automatically the new server. If you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The server accepts OpenVPN connections on ports 53, 80, 443, 1194, 2018 UDP and TCP, and WireGuard connections on ports 1637, 47107 and 51820.

Just like every other Air server, Theemin supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, tls-crypt and WireGuard.
Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

You can check the server status as usual in our real time servers monitor:
https://airvpn.org/servers/Theemin

Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

I’d love to see a new 10G server in the Midwest. While it’s not a dealbreaker, it would definitely be a great addition!

Edit: One thing I want to point out is that I’ve been testing Mullvad VPN to compare speeds based on server providers. I’ve noticed that certain server providers and may experience poor routing or routing bottlenecks depending on your ISP. For example, the new New York servers on Tzulo (used by both AirVPN and Mullvad) give me terrible results—decent latency but typically only around 40 Mbps symmetrical. Meanwhile, servers from Datapacket and M247 consistently provide over symmetrical gigabit speeds on WireGuard.

I think Mullvad's approach of using multiple providers in some cities is a good idea, as it gives users the flexibility to choose servers with the best routing or latency. I don’t know for certain, but AirVPN may have their reasons (costs, contracts, security) for not choosing certain providers, and that’s completely fine. However, I think this is something they could consider if its in the realm of possibility.

Chicago servers are consistently reaching their 1 Gbps capacity, frequently throttling connections below 10 Mbps! I think there is a need for an upgrade in the region.

Chicago/Midwest region would benefit greatly from a 10 Gbps server. I see several 10 Gbps servers were added in other major cities around the US over the past year or two, but so far haven't seen any in the Midwest (US).

I've been exclusively using Chicago servers on AirVPN for several years now. I’ve noticed a decline in reliability over the past six months due to increased user demand and lack of bandwidth capacity. Switching between Chicago servers often yields no improvement. I have tried the nearest 10gbit servers in Toronto, New York and Phoenix, but have had pretty poor results. Most likely due to the fact that they are so far away.

Even during non peak times it's very rare there is enough available capacity on these 1gbit Chicago servers to saturate my 500mbps fiber home connection.

Would love to know if there are any plans in the near future for upgrading servers in this region.

I would also like to mention a post I made over a year ago, where I mentioned how I think adding Per City Load balancing functionality would greatly improve the experience in these congested areas.
Even right now as I'm writing this, I am struggling to find a Chicago server running at acceptable speeds. See the below screenshots and you can see for yourself:


With VPN on Praecipua server:

:

Without VPN: 



 

id rather them dedicate that time to finalizing/ continuing to work with openvpn DCO 

actually that log is them trying UDP entry 3 and then TCP and SSH and SSL.  none of them worked.  so, yes, chances are some software is blocking the connection.

I started using AirVPN in 2023 because I wanted port forwarding. That was the most advanced thing I did back then. Just using Eddie-UI on a Windows 10 PC.

Servers are fast, plenty of choices. Network lock works perfectly so no need to worry about leaks. Perfect for beginners and advanced users.

Since then, I have branched out a bit and as a part of my career, I have needed to start using Linux. So I have spent some time messing around on Linux. But I need to say how incredible and comprehensive AirVPN is. Honestly the team at AirVPN is the absolute best. No bulls**t from them ever. I don't think everyone understands how well they've made their service. It completely outclasses other VPN providers *Cough cough Nord*. At first I was a bit intimidated by the UI, but it's a quick learning curve for Eddie-UI. It works and gets the job done. I realise now that it's better than way, its clean and fast, no unnecessary bloat.

Just the sheer amount of control and customization is incredible. Honestly guys, thank you. Compatible with any device I could think of.

I never realised the level of control possible with AirVPN. But now that I have more niche and specific use cases, it has really proven to be so incredibly well made. Everything I want to do is possible.

So many vulnerabilities are avoided by using Air. I've never seen such top notch security. Truly thank you.

If anyone is unsure if they should get AirVPN, the answer is yes. I started out using it in the most basic form using Eddie-UI on my PC and Phone. But now I configure everything myself for certain tasks, and I am still learning something new each time.

You can use this service for the most basic needs, all the way to the most advanced. Oh and wow it's so lightweight. Can run on practically anything without any problems.

This is clearly something made by extremely knowledgeable people

To everyone at AirVPN, thank you guys. 10/10 service A+++
 

Hello I would like to give my personal recommendations to help with network censorship in Russia. I may not have time to write a authoritative, proper guide, but wanted to share this. Everything "clicked" once I read a comment how the DPI works to determine a new connection.
Preface
IP and subnet blocks came first. They completely blackhole all traffic to blocked IP addresses. The only thing you can try is IPv6 in place of IPv4. Some Air servers are blocked by IP.

The Deep Packet Inspection (DPI) is a required installation for residential ISPs and (as of late) industrial networks like data centers. It works to dynamically block known protocol traffic, anything "forbidden" that's not yet in IP blocklists from above. This system was put in law many years ago. Nevertheless, the networks across the country are at various stages of rollout and their capabilities will differ. Real example: residential ISP did not block OpenVPN->Air, yet the mobile carrier did. Yet in 2024 the residential ISP upgraded their DPI system and started blocking OpenVPN too. Common methods of circumvention
Mangle traffic locally to fool the DPI systems. It will allow you to connect to servers not blocked by IP (TLS SNI name detection). Proxy/VPN server: A prerequisite is an outside server, it must not have been blocked by IP. If it's a private server and OpenVPN or Wireguard work - you're lucky. However be prepared to still get blocked by DPI any day for using a VPN protocol. There are many proxy tools, especially developed to combat the Great Firewall of China. They don't run directly on Air, so this is something for self-hosting or other services to provide. We're talking about Air, so let's get that VPN working.

Everything below requires you to find a reachable Air server (no direct IP blocks). The configuration server used by Eddie is IP blocked, so it won't work at all. I suggest you to generate all server configs in advance and see which are reachable from Russian networks. Airvpn.org seems to be reachable though.
  OpenVPN over SSH to Air
It is possible to set this up on mobile, however the connection is reset after 10-30 seconds due to a lot of traffic being pushed. I used ConnectBot and it didn't restart the SSH connection properly, anyhow OpenVPN and ConnectBot had to be reconnected manually each time --> unusable. Since both apps are easily downloadable from app stores/F-Droid, this can be enough to generate and download configs from AirVPN's website in a dire situation.
This connection type works like this: SSH connects to Air server, forwards a local port -> Air (internal_ip:internal_port) OpenVPN connects to local_ip:local_port and SSH sends the packets to Air's OpenVPN endpoint inside this tunnel Once the connection is established, it works like a regular OpenVPN on your system   OpenVPN over stunnel to Air
I haven't tried, desktop only? OpenVPN (TCP) over Tor to Air
While connecting to Tor will be another adventure, do you really need a VPN if you get Tor working for browsing? If yes, I suppose it could work. I haven't tried.  
 
OpenVPN (TCP) to Air
May start working after hours on Android, if the connection was established initially. Until then you'll see a lot of outgoing traffic but almost zero incoming traffic (NOT ZERO though!) It is unclear to me whether this is because Android keeps reconnecting after sleeping or sometimes it pushes so little traffic over the established connection that DPI forgets or clears the block for this connection only. OpenVPN (UDP) to Air
Doesn't work. Wireguard to Air
Doesn't work, it's always UDP and very easily detected. AmneziaWG client to connect to standard Wireguard Air servers
This worked for me almost flawlessly. The trick of AmneziaWG is to send random trash packets before starting the connection sequence. This is what the new parameters are and some of them are compatible with standard Wireguard servers. The DPI only checks traffic within the initial traffic size window of the connection. If it doesn't find VPN connection signatures (and it doesn't due to random data) then it whitelists the connection. Wireguard then sends its connection packets and connects to Air. Full speed ahead, no throttling. The VPN connection works!

What's the catch? The AmneziaWG packet configuration must be right. This worked for me across all networks I encountered: MTU: 1320 (safe value, higher MTU will give better bandwidth, if it works at all and doesn't begin to fragment packets) Junk Packet count (Jc): 31 Junk Packet minimum size (Jmin): 20 Junk Packet maximum size (Jmax): 40 Init packet junk size (S1): none (afaik only with AmneziaWG server; delete from config or try to set 0) Response packet junk size (S2): none (afaik only with AmneziaWG server; delete from config or try to set 0) Magic header settings changeable afaik only with AmneziaWG server: Init packet magic header (H1): 1 Response packet magic header (H2): 2 Underload packet magic header (H3): 3 Transport packet magic header (H4): 4 Example: [Interface] ... other default values, including MTU ... Jc=31 Jmin=20 Jmax=40 H1=1 H2=2 H3=3 H4=4
And how would you know what numbers to set? This single insight: This means flooding small random UDP packets at the beginning is the winning strategy. That's how I optimized someone's config from "sometimes it works, sometimes it doesn't" to "works 100% of the time, everywhere". You actually don't want to blast big packets and be blocked because of it. Smaller random packets are good for mobile traffic too. How would you setup AmneziaWG to connect to Air (Android)?
Generate and download AirVPN Wireguard configs, for each individual server, try different entry IPs too. DO NOT USE THE DEFAULT (OFFICIAL) WIREGUARD PORT. We don't want long-term logging to highlight the working servers for the next round of IP blocks. Download AmneziaWG-Android VPN client (the Android edition is actually a fork of the official Wireguard app aka "AmneziaWG". Don't download their regular all-in-one client aka "AmneziaVPN"!): amnezia.org or https:// storage.googleapis .com/kldscp/amnezia.org or https://github.com/amnezia-vpn/amneziawg-android/releases Import Air's configs in the app Apply "Junk Packet" settings from above Try to connect Try different entry IPs and servers if the connection doesn't work. See if the server IP is completely blocked either with: ping "<entry IP>" nc -zv -w 10 "<entry IP>" "<port 80 or 2018 for OpenVPN TCP>" This is GNU netcat
Keep in mind: on Android the safest way to avoid any traffic leaks is to go to system settings, Connection & sharing > VPN, or search for "VPN", click on (i) for advanced settings, Enable: "Stay Connected to VPN" & "Block All Connections not Using VPN". If you ever disconnect from VPN by using Android's system notification, you'll need to re-enable these settings.
If you switch between VPN apps (like Eddie -> AmneziaWG), I suggest to make sure these settings are always enabled like this: Turn off Wi-Fi (or mobile data) For previous VPN app disable: "Stay Connected to VPN" & "Block All Connections not Using VPN" For next VPN app enable: "Stay Connected to VPN" & "Block All Connections not Using VPN" Turn on Wi-Fi / connect using next VPN app
Android battery optimization: Finally, go to app's settings (or Settings-Battery then app list somewhere) and make sure the AmneziaWG app is "not optimized" for battery. This way it will not be interrupted in the background and potentially drop connection until the screen is awake. -- https://dontkillmyapp.com/ for guides and more info

Thanks for reading. Big politicians are not your friends, stay strong and propagate what you truly believe in.

have you confirmed it also announces the specified IP address to DHT peers or only tracker based peers?

On Alpherg early in the morning

You should turn it off.