Jump to content
Not connected, Your IP:


  • Content Count

  • Joined

  • Last visited

  • Days Won


Reputation Activity

  1. Like
    go558a83nk reacted to Staff in OpenVPN 3 development by AirVPN   ...

    We are very glad to inform you that our OpenVPN 3 development is progressing swiftly. Today we implemented directive ncp-disable which was still unsupported in OpenVPN 3.


    The directive is instrumental to allow clients Data Channel cipher free selection between those available on server, when ncp-ciphers is declared on server side, and keep at the same time total backward compatibility. Since when we implemented ChaCha20-Poly1305 https://airvpn.org/forums/topic/43850-openvpn-3-development/ on OpenVPN 3 Data Channel, "ncp-disable" has become a priority to provide servers and clients with maximum flexibility.

    We can therefore leave total freedom to clients to pick between AES-GCM, AES-CBC and ChaCha20 while preserving full backward compatibility.

    Clients with AES-NI supporting processors will prefer AES, while clients running on CPUs without AES-NI, for example most ARM CPUs, will of course tend to prefer ChaCha20.

    We are working hard to bring you first and foremost a new Eddie Android edition beta version to let you test ChaCha20-Poly1305 on your Android devices as soon as possible. All internal tests both with ChaCha20 and ncp-disable have been fully successful so far. Fingers crossed, maybe you will see a beta release as early as next week.

    Changelog 3.3 AirVPN - Release date: 13 July 2019 by ProMIND - [ProMIND] [2019/06/02] Forked master openvpn3 repository 3.2 (qa:d87f5bbc04) - [ProMIND] [2019/06/06] Implemented CHACHA20-POLY1305 cipher for both control and data channels - [ProMIND] {2019/07/10] Implemented ncp-disable profile option

    Kind regards and datalove
    AirVPN Staff
  2. Like
    go558a83nk reacted to mwm in Hidden VPN owners unveiled: 97 VPN products run by just 23 companies   ...
    Very interesting read, if true.
  3. Confused
    go558a83nk got a reaction from Thomasalkaw in New Country: Brazil (BR) - New 1 Gbit/s server available   ...
  4. Like
    go558a83nk reacted to pcm in dnsmasq & routing   ...
    Ok, looks like shellcmd does work, I just had it setup wrong.

    route -q add `ifconfig ovpnc1 | grep "inet " | cut -d ' ' -f 4`

    as the command and setting it to run afterfilterchangeshellcmd updates the route table to use the correct gateway and interface if the VPN IP changes.

    Hopefully, this will be of value to anyone else who has run into a similar issue.
  5. Like
    go558a83nk reacted to pcm in dnsmasq & routing   ...
    First, I apologize if this has already been addressed, but I searched the forums and how-to guides and couldn't find an answer.

    I'm using pfsense with dnsmasq (DNS Forwarder).  In my General Setup, I set the DNS server to and select AirVPN as the gateway.  Unfortunately, this doesn't seem to work as the AirVPN "gateway" is the same as my AirVPN IP address.  If I look at the route table, it adds an entry for, but sets the netif to lo0 instead of the appropriate ovpnc#, resulting in DNS queries not working.

    If I set the gateway to none and manually add the route to the gateway (my AirVPN IP address with the last by replaced with .1), everything works.  Obviously, this is a routing issue, but I can't figure out how to get pfsense to correctly enter the route into the routing table.

    I know I can use unbound (DNS Resolver) and that does work.  I also know that I can push AirVPN's DNS server to clients and that also works.  However, I've been using dnsmasq for the last 18+ months with a different VPN provider without any problems.  However,  I am evaluating switching to AirVPN as I like many of its other features/functions (and cost!) much better than my current VPN provider.  As of now, everything else I've setup works great with AirVPN except for this 1 annoying issue.

    So...is anyone else using dnsmasq?  If so, how did you solve/workaround this routing issue?
  6. Like
    go558a83nk reacted to Staff in Several cryptocurrencies accepted directly   ...

    On April 2018 we made an important step forward: we began to accept Bitcoin directly, through no intermediaries at all.
    Today, we're very glad to announce that we are able to accept directly more cryptocurrencies. In alphabetical order:
    Bitcoin Bitcoin Cash Dash Dogecoin Ethereum Ethereum Classic Litecoin
    Any intermediary acting as a payment processor is no more required.
    As we wrote in 2018, we stll feel it as an additional, important step forward in privacy protection. Moreover, cutting out any intermediary is very coherent with cryptocurrencies spirit and unleashes their potential.
    Kind regards and datalove
    AirVPN Staff
  7. Like
    go558a83nk reacted to keeshux in Passepartout OpenVPN client   ...
    I'm the author of Passepartout and "adware junk" made me sincerely smile.

    The app recently went from free to paid because it's how I cover a (very) minor fraction of the costs. Not to mention the time I invest(ed) on it, which is far beyond the little money I get from the app. Also, Passepartout has been free as long as I haven't deemed it stable enough to ask people to pay for it. For one, the reviews are 100% legit.

    It's a strange world where one's guilt is being paid for his hard work.

    Anyway, I believe that AirVPN users would love an integration with Passepartout.
  8. Like
    go558a83nk reacted to Staff in OpenVPN 3 development   ...
    We agree, when AES-NI are supported. Note that some processors do support AES-NI but the system doesn't use them (examples: AES-NI disabled at BIOS level; OpenSSL or other SSL library not properly compiled).

    Also see https://tools.ietf.org/html/rfc8439#appendix-B
    (however note that the comparison is made between AES-128-GCM and ChaCha20 but a more correct comparison would be with AES-256-GCM because of the 256 bit key size of ChaCha20).

    Not only the appendix but also important considerations in the introduction and later.

    Kind regards
  9. Like
    go558a83nk reacted to Staff in OpenVPN 3 development   ...

    We're very glad to inform you that AirVPN has begun to actively contribute to OpenVPN 3 development.

    Our first goal has been adding support for ChaCha20 cipher with Poly1305 as authenticator on OpenVPN 3 Data Channel.

    ChaCha20 is a stream cipher developed by Daniel J. Bernstein which combines strength and remarkable performance. https://en.wikipedia.org/wiki/Salsa20#ChaCha20_adoption

    When compared with AES-GCM, ChaCha20 offers significant computational relief to all AES-NI non supporting processors, such as ARM processors.

    ARM processors, routinely used on very many tablets, smart phones, media centers, smart TVs and routers, will get great benefits from OpenVPN with ChaCha20. Our tests show that CPU load caused by ChaCha20 on recent ARM 64 bit processors is at least 50% less than AES-256-GCM, on equal terms, which translates into dramatic performance boost and longer battery life (if you have ever tested Wireguard on an ARM based device you know what we mean).

    OpenVPN 3 is a client library. However, OpenVPN 2.5, which is currently in beta testing and includes all the necessary servers features, supports ChaCha20 on the Data Channel. Therefore, making OpenVPN 3 with ChaCha20 available to our users and allowing a real life test will be a matter of days. We will progressively release beta clients for Android, Linux, OpenBSD and FreeBSD, in this order. We are considering a porting to OpenIndiana as well.

    Internal alpha testing has concluded successfully. We have already pulled a merge request to OpenVPN 3 main branch, to let the whole community take advantages from our code, and let OpenVPN developers merge the new code into the main branch if they wish so. https://github.com/OpenVPN/openvpn3/pull/78

    Implementation has been designed, developed and programmed for AirVPN by ProMIND, who is also Eddie Android edition developer.

    Stay tuned, more will come!

    UPDATE: https://airvpn.org/forums/topic/44069-openvpn-3-development-by-airvpn/

    The above linked topic is now the central thread to discuss anything related to OpenVPN 3 development and testing.

    Kind regards and datalove
    AirVPN Staff
  10. Thanks
    go558a83nk got a reaction from giganerd in unable to bittorrent download ubuntu   ...
    Looks like pfsense openvpn directives.  They really have nothing to do with being unable to torrent. 

    If the VPN works properly with other activities then there's surely just something wrong with your torrent client setup.  Even if port forwarding isn't setup properly you should still be able to download.
  11. Thanks
    go558a83nk reacted to Staff in Just wanted to add my 5 cents   ...
    The issue has been already explained: the keys and the internal IP addresses are all on the server, and they are on every and each server. They can be used to correlate specific targets and disclose their identities, while on our current setup that's not possible.  It makes a world of difference when you consider threat models in which VPN users are specifically targeted. Maybe you don't understand the importance of this menace because you wrote:
    which is correct in our setup, but incorrect in Wireguard setup. The attacker CAN get the internal IP address via WebRTC for example and:
    1) in our setup he/she does not correlate the internal IP address with the client key
    2) in Wireguard setup he/she does

    Once that's done the attacker may obtain legally (via a court order) the payment data of the user because it can ask us which user is linked to a single IP address (and also the user key for subsequent forensic evidence). Since the VPN IP address is static and unique, we would be of course forced to comply.

    We wish to underline for the last time that the problem has been acknowledged by developers and we had been told that it would be resolved.

    Kind regards
  12. Like
    go558a83nk reacted to Staff in New 1 Gbit/s server available (BR)   ...

    We're very glad to inform you that a new 1 Gbit/s server located in São Paulo, BR, is available: Lalande.

    The AirVPN client will show automatically the new server. If you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

    The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP.

    Just like every other "second generation" Air server, Lalande supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt.

    Full IPv6 support is included as well.

    As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

    You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/lalande

    Do not hesitate to contact us for any information or issue.

    Kind regards and datalove
    AirVPN Team
  13. Like
    go558a83nk got a reaction from pekUpsecte0 in TLS 1.3 supported on AirVPN web servers   ...
    Any change to https://airvpn.org/specs/ with this new capability?

    LOL, I misread.  Nevermind! 
  14. Thanks
    go558a83nk got a reaction from LuianaTok in TLS 1.3 supported on AirVPN web servers   ...
    Looks like I'm not the only one to "misread".

    My friends, this applies to *web* servers.
  15. Like
    go558a83nk reacted to uniteroast in I liked the trial so much I skipped out on my old VPN with 4 months left   ...
    I'm not sure if we're allowed to mention the names of other VPNs here in the context of speaking negatively about them so I won't name the one I was using. I had 4 months of subscription time on it left. The servers were very fast. But that's where the positives end. Servers disconnected often a few times a day, even though connecting to them again immediately worked perfectly fine, and in fact the thing that made me start looking for a new VPN was that the day I started looking, every single server would stop working 5-10 minutes after connecting. I switched servers about 20 times before throwing my hands up and saying "this is ridiculous" and starting my search. Their customer service and Android/Windows clients were also terrible, rarely worked 100% properly. And it was extremely expensive at $100 a year.

    I eventually ended up at AirVPN after doing some research for several hours. Bought the 2 day trial because of course it's never a good idea to pay a significant amount of money for a service without knowing how well it works for you. I had to contact support about an issue on the Eddie Android client after the first day, and they were very helpful and responded quickly. Servers NEVER disconnect, and there are tons of servers around the US and Canada including several in the city I plan to move to soon. Speed tests are not insane but plenty good for me, 100Mbps (normally 120-180 without a VPN) most of the day, more than good enough for 4k60 streaming and fast downloads. Bought a year and have a feeling I will add another year by the time this one expires.
  16. Like
    go558a83nk reacted to manyana in Coming home to Air   ...
    I've just returned to Air after not using any vpn for a few years.  The speeds are faster than they used to be, despite me being on a much slower local adsl line than before.  Eddie .deb works great and is even better than before!  And I see familiar faces on the forum... it just feels like coming home  💟 

    A big thank you Air team and all who help here on the forum.  I love Air and I love the dependability I found on returning - everything works just like it used to  💟
  17. Confused
    go558a83nk got a reaction from Thomasalkaw in New Country: Brazil (BR) - New 1 Gbit/s server available   ...
  18. Like
    go558a83nk got a reaction from pekUpsecte0 in TLS 1.3 supported on AirVPN web servers   ...
    Any change to https://airvpn.org/specs/ with this new capability?

    LOL, I misread.  Nevermind! 
  19. Confused
    go558a83nk got a reaction from Thomasalkaw in New Country: Brazil (BR) - New 1 Gbit/s server available   ...
  20. Thanks
    go558a83nk got a reaction from kiltedscotsman in Howto: Setup airvpn on DD-WRT, refreshed guide.   ...
    Try moving your static key into the static key section, not tls-auth section, especially since you're not using tls-auth but tls-crypt.
  21. Like
    go558a83nk reacted to YLwpLUbcf77U in AirVPN’s Twitter…   ...
    I know Air cares a lot about protecting *against* (edit:  forgot an important word here) censorship across the world, but is it necessary to turn their company Twitter into a 24/7 ‘Free Assange’ machine? I like to follow it for finding out new info about VPN servers and things of that matter. Up until a few weeks ago, it was relatively dormant and only seemed to tweet when there was new things about the company*. Now it’s almost turning into an echo chamber for the “anti-MSM” crowd.
    (*yes, you may be run by activists, but you are a business. Don’t forget that).

    As a business owner who does do a lot of social, one of the most important pieces of advice I can give is to separate the politics from your company unless there’s a 1000% connection between the two. I don’t think Assange was an AirVPN user and whether or not you agree with his treatment as of late, it probably doesn’t impact the AirVPN service in any way. I’m also sure there are many other instances of freedom of speech being trampled upon that don’t involve him yet do involve presumably innocent people being jailed for speaking the truth. Whoever is running that Twitter should make a separate personal account and use that as his soapbox as it could lead to potential new users deciding to use a less political VPN provider.

  22. Like
    go558a83nk got a reaction from jldus in Update on Netflix USA access   ...
    Please look into your Netflix situation.  I just attempted to watch a video but the speed that could be sustained was so slow the video was unwatchable.  Playback on other video streaming services that worked through the VPN were quite speedy.  Vudu, for example, burst to 300mbit/s to buffer.  Curiousity Stream buffered at 100mbit/s.  Your netflix setup could only manage 5mbit/s.  Not near enough for a 4k stream.

  23. Haha
    go558a83nk got a reaction from KelIntava in Does custom DNS Server expose real IP ?   ...
    You seem to understand things properly.
  24. Haha
    go558a83nk got a reaction from MatIncord in How To Set Up pfSense 2.3 for AirVPN   ...
    I'm already on 2.3 Release via upgrade from 2.2.6.  I'm just hesitant to do a clean install because everything seems to be working.  That's why I asked how you're testing DNS and if the tunables problem was important.
  25. Confused
    go558a83nk got a reaction from Franfaila in Asus AC86U and OpenVPN over SSL   ...
    Yes though I don't know if you need to install entware for just SSH tunnel.
    I've done it in the past with an old asus router with merlin and entware.  SSL tunnel too.
  • Create New...