Jump to content
Not connected, Your IP: 44.192.65.228

go558a83nk

Members2
  • Content Count

    1961
  • Joined

    ...
  • Last visited

    ...
  • Days Won

    31

Reputation Activity

  1. Thanks
    go558a83nk reacted to Staff in [RESOLVED] PayPal: delayed plan activation   ...
    EDIT: problem has been resolved around 12.00 2022-06-16 UTC
     
     
    Hello!

    We're sorry to inform you that a PayPal ongoing malfunction is causing a serious issue with purchase validations and plan activation. IPN (Instant Payment Notification) is not sent, so we must validate PayPal payments manually one by one. PayPal has been notified hours ago. We apologize for the delayed activation but the problem is out of our responsibility and control. Hopefully PayPal will resolve the problem very soon. If you have paid via PayPal and you don't see your plan activation within a few hours feel free to open a ticket as we are struggling to keep the pace on the long run.

    If you are reading this message before you made a purchase, please consider to pay via Stripe, Amazon Pay or Bitcoin for a faster and automated plan activation.

    This thread will be updated as new information comes in.

    Kind regards
     
  2. Confused
    go558a83nk reacted to Staff in Two new 1 Gbit/s servers available (US)   ...
    Hello!

    We're very glad to inform you that two new 1 Gbit/s full duplex servers located in New York City are available: Haedus and Iklil. They are going to replace Dimidium and Gliese.

    The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

    The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637 UDP for WireGuard.

    Haedus and Iklil support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard.

    Full IPv6 support is included as well.

    As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

    You can check the status as usual in our real time servers monitor:
    https://airvpn.org/servers/Haedus/
    https://airvpn.org/servers/Iklil/

    Do not hesitate to contact us for any information or issue.

    Kind regards and datalove
    AirVPN Team
  3. Like
    go558a83nk reacted to Staff in AirVPN 12th birthday celebrations   ...
    Hello!

    Today we're starting AirVPN twelfth birthday celebrations offering special, strong discounts on longer term plans.
     
    From a two servers service located in a single country providing a handful of Mbit/s, the baby has grown up to a wide infrastructure in 23 countries in four continents, providing now 240,000+ Mbit/s to tens of thousands of people around the world.

    We still define it as a "baby", but AirVPN is now the oldest VPN in the market which never changed ownership, and it's one of the last that still puts ethics well over profit, a philosophy which has been rewarded by customers and users.

    During the last year, AirVPN added important features, even according to customers requests:
    integrated and full WireGuard support on all VPN servers optional lists selection to block spam, ads, trackers and other malicious sources, featuring a unique and fine grained customization which is exclusive on the nowadays market improved inbound remote port forwarding interface and implementation
    The infrastructure saw a robust power up in Tokyo, where we have now 14000 Mbit/s available (7000 Mbit/s full duplex), with more powerful hardware, and a small addition in Ireland. The VPN servers and the back service ones have had some minor security improvements as well as ordinary system updates as usual. Optimized software, and also WireGuard implementation, allowed our server to deliver high performance more smoothly, thanks to the improved balancing between threads and of course the good WireGuard scalability.
    On the software side, all AirVPN applications and libraries are still free and open source software released under GPLv3. WirteGuard has been fully integrated in the Desktop edition of Eddie, while Eddie Android edition will support it in the next version which is imminent (a public alpha release will be ready in June). All the applications are continuously developed and updated to provide an even better experience and performance.
     
    Kind regards and datalove
    AirVPN Staff 
  4. Thanks
    go558a83nk reacted to 7481217113 in No x509 Verification?   ...
    Why is this important?

    This works exactly like your browser when you access a HTTPS website. Say you visit reddit.com, when you enter the URL into your address bar, your browser connects to the Reddit servers which sends a TLS certificate over the wire for reddit.com. Your browser then checks the certificate to see if reddit.com is indeed present in the common name or SANs (subject alternative names), that it is not expired, and that it was signed by a publicly trusted certificate authority (CA). If these conditions are true the website will load. If they are not true then you will be presented with an insecure connection error.

    The OpenVPN client, by default, does NOT verify that the server you are connecting to is the server that you expect it to be (ie. the hostname you connect to is in the certificate’s common name). The only thing it does is verify is:

    The certificate has been issued/signed by the Certificate Authority that is trusted inside the <ca> block in the config
    The certificate is not expired

    Unless x509 verification is in place, the client will trust ANY server that presents a certificate that was generated by the Certificate Authority as long as it’s not expired. With that in mind, a breach of a single server, regardless of the unique certificate being deployed there, gives the attacker the ability to impersonate ANY other server for that VPN provider.
  5. Like
    go558a83nk reacted to Staff in No x509 Verification?   ...
    Hello!

    WireGuard does not support authentication via certificate at all. OpenVPN does, and we have it implemented of course, but not with specific fields. If we implemented it we would force all of our customer to change certificate every time they change server, which is not a viable solution in most router and pfSense machines. Totally unacceptable.

    You must also consider that in order to impersonate a server, not only would the attacker need to steal the secret WireGuard key or the various OpenVPN certificate/key pairs, but she would also need to cage the target and hijack route via IP addresses, because the target can not be actively reached (forbidden in OpenVPN settings). Also, DH keys are unique in each VPN server, so the attacker can't even try an impersonation from another server while the connection is ongoing to a real server.

    Kind regards
     
  6. Like
    go558a83nk reacted to Staff in Privacy Notice and Terms   ...
    Addendum: Piwik main options have been always remained unused by us, so why keep it when it can cast such doubts even in a long time customer like you? Therefore it has been disabled, so anybody with doubts like yours can now have peace of mind and usual confidence in every field handled by AirVPN.
     
    Kind regards
    AirVPN founders
  7. Thanks
    go558a83nk got a reaction from mazurka7 in AirVPN DNS setup in Asus router problem   ...
    *if* you're using IP address in the VPN server field instead of a domain then putting 10.4.0.1 in the WAN DNS setting might be OK.  Because there's no domain to resolve the router doesn't need to reach 10.4.0.1 prior to connection.
  8. Thanks
    go558a83nk got a reaction from mazurka7 in AirVPN DNS setup in Asus router problem   ...
    If you're using merlin asus and set the openvpn config in policy routing mode there's an option to not allow traffic if the VPN goes down.

    I'd use policy routing mode, set the DNS option in the openvpn config to exclusive and not put AirDNS in the WAN settings.
  9. Thanks
    go558a83nk got a reaction from mazurka7 in AirVPN DNS setup in Asus router problem   ...
    for Asus merlin set WAN DNS to something other than the VPN DNS (10.4.0.1) and in the openvpn configuration set the DNS setting to exclusive.  Then it'll switch to VPN DNS when the VPN connects.

    10.4.0.1 won't work unless you're connected to VPN because 10.4.0.1 is only accessible through the VPN not from public.
  10. Like
    go558a83nk reacted to wunderbar in RT blocked from some EU servers   ...
    Hello.
    Absolutely not. Censorship of any legal free speech is totally unacceptable and must be completely rejected in all cases.
    If you prevent other people from speaking, you are no better than the ones you claim to be protecting other people from.
  11. Like
    go558a83nk reacted to Staff in Ukraine Server Future?   ...
    Hello!

    Unfortunately there's nothing we can do during these grim and tragic days. Russians are actively destroying various infrastructural resources and might enter Kyiv any time. Our deepest sorrow is caused by the uncertain fate of the Ukrainian people. Who cares about a single server, but we will keep operating it, even as a symbol, as long as the infrastructure works, and it will remain displayed in the servers status page with the Ukraine flag.

    Kind regards
     
  12. Like
    go558a83nk reacted to Staff in Server replacement (LV)   ...
    Hello!

    We inform you that the following servers in Latvia:
    Meissa Phact Schedir Shaula
    have become suddenly nonoperational because the upstream of our provider blocked all traffic. They should come back online within a couple of days, due to new deals with a new transit provider. However, all IP addresses will change. We have decided that this is a good moment to switch to new lines and servers: we are changing the previous 100 Mbit/s lines with 1 Gbit/s lines and ports, and replacing the hardware with more powerful CPU. The four 100 Mbit/s servers will be replaced by three 1 Gbit/s servers. Location will not change, the new servers will be in Riga.

    We should be able to announce the new servers in the next days.
    EDIT 2022/02/02: replacement has been completed.

    Kind regards and datalove
    AirVPN Staff
     
  13. Like
    go558a83nk reacted to thetechdude in Logging for DNS   ...
    There are a few misconceptions here.  There is a difference between logging DNS queries temporarily and logging VPN traffic.  It's possible to enable logs on DNS for like 5 minutes and then turn it off.  Let's say I'm trying to go to a site that Easylist, or any other list, blocks.  Wouldn't it be nice to know that, so that you could then make an exclusion?  This is something that every other DNS filtering service allows; ControlD, NextDNS, AdGuard Home, etc.  So, what I'm asking for is nothing new or scandalous in any way.
  14. Like
    go558a83nk reacted to Staff in New 1 Gbit/s server available (IE)   ...
    Hello!

    We're very glad to inform you that a new 1 Gbit/s full duplex server located in Dublin, Ireland, is available: Minchir.

    The AirVPN client will show automatically the new server; if you use any other OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

    The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637 UDP for WireGuard.

    Minchir supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard.

    Full IPv6 support is included as well.

    As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

    You can check the server status as usual in our real time servers monitor:
    https://airvpn.org/servers/minchir

    Do not hesitate to contact us for any information or issue.

    Kind regards and datalove
    AirVPN Team
  15. Like
    go558a83nk got a reaction from Jacker@ in PFsense OpenVPN is no longer connecting   ...
    looks like this is all confusion around which entry IP are tls-crypt and which are tls-auth.  tls-auth entry points use sha1.  tls-crypt entry points use sha512 and tls encryption+auth.

    so, keep an eye on which config you make.  details matter.
  16. Like
    go558a83nk reacted to Staff in When will AirVPN implement tls-crypt-v2?   ...
    @ciudad

    Hello!

    It's not planned at the moment because it's more comfortable for us the current single tls-crypt key. tls-crypt 2 doesn't change anything for the client, while on the server side, in our specific case, it would be useless because we maintain tls-auth for backward compatibility,. Any denial attempt would remain potentially possible via tls-auth, hence we would have a complication for nothing. However  when we drop tls-auth (we're afraid not in the near future because of the amount of old OpenVPN versions connecting to our service) then tls-crypt-2 will become attractive indeed.. 

    Kind regards
     
  17. Like
    go558a83nk got a reaction from Staff in speedtest comparison   ...
    Really thrilled with the wireguard speed.  That's me on Mensa.  https://i.gyazo.com/277f20acfb21cea8c41a8db164713063.png
  18. Like
    go558a83nk reacted to Nummer1 in My review   ...
    It has been a few months since i've last used this VPN, but my experience was great. This vpn might look complicated but its really not and you won't regret getting it.
    Even back a few months it was awsome, probably my favourite out of the ones i've used, great VPN.
  19. Like
    go558a83nk got a reaction from Oblivion 2013 in [COMPLETED] WireGuard beta testing available   ...
    don't open a port on your router for eddie.  it's not needed for anything if everything's going through the VPN tunnel.
  20. Like
    go558a83nk got a reaction from Air4141841 in My ISP upgraded me from 100 to 1000mbps, need help optimizing cable speeds   ...
    you might want to just use wireguard on pfsense.   No doubt it'll be faster for you.  This is the video I used to help me setup wireguard. 

    https://www.youtube.com/watch?v=wYe7FzZ_0X8
  21. Like
    go558a83nk reacted to blueport26 in Tom Spark review   ...
    I like and use AirVPN but I don't trust him/his reviews. It's not hidden knowledge that the whole VPN review market is a bidding war between which company pays more.
    Here's my (salty) opinion.
    Although he uses a fixed script for each review and assigns points fairly, no matter which VPN he reviews he mentions his top scorers at least once per video. I have a feeling that the point of every non "S tier" review is to redirect customers, like "hey you know AirVPN is cool and has some promising features but check this two VPNs I'm affiliated with, they're the best".
    The review script is odd. He values <1h customer support response higher than all the privacy points combined. Speed test results may depend on the time of day, location and server load, so one day the score may be 50 and another 40 points or lower.

    A bit off-topic:
    There was a civil war/drama between some VPNs, mainly *cough*Windscribe*cough* and him. I was following their discord channel some time ago. Previously he was promoting them as one of the best VPNs, but when they announced shutdown of affiliate program he started throwing blames (telling a company that they should keep it - continue paying him). Since then he moved them to the bottom of the tier list .


     
  22. Thanks
    go558a83nk got a reaction from Jacker@ in [COMPLETED] WireGuard beta testing available   ...
    You need to create another "device" which will allow you to generate configs with a different tunnel IP address.  https://airvpn.org/devices/ 

    As far as changing the /10 to /32 I do that in the interface settings of the wireguard tunnel.  First I setup tunnel and peer for wireguard handshake, then setup interface and gateway for that wireguard tunnel.
  23. Like
    go558a83nk reacted to Strathe in Astounding Speed Improvement with WireGuard Beta   ...
    I just enrolled in the WireGuard Beta and decided to run benchmarks to check if there was any performance difference compared with OpenVPN.

    Specs:
    Ubuntu 20.04 LTS with OpenVPN 2.5.1, WireGuard. CPU has AES-NI but weak single-core performance. 1 Gbps line.

    Methodology:
    1. Find a server with low load.
    2. Connect to it via OpenVPN 2.51 with cipher AES-256-CBC and additional directives --fragment 0 --mssfix 0 --rcvbuf 0 --sndbuf 0.
    3. Load 10 well-seeded Linux torrents (Ubuntu, Fedora, Arch Linux, etc.)
    4. Observe average and top speeds.
    5. Repeat immediately afterwards using WireGuard with the same AirVPN server and torrents.

    Results:
    OpenVPN: 350 Mbps average, 410 Mbps peak
    WireGuard: 800 Mbps average, 1064 Mbps peak

    I cannot believe how much faster WireGuard is. Literally a 2.5 times improvement in speed free of charge, and my 1 Gbps line is now the bottleneck.
  24. Like
    go558a83nk reacted to Staff in New feature: DNS block lists   ...
    Hello!

    We're glad to introduce a new feature in AirVPN infrastructure: DNS block lists.

    By default, AirVPN DNS remains neutral in accordance with our mission. However, from now on you have the option to enforce block lists which poison our DNS, in order, for example, to block known sources of ads, spam, malware and so on.

    You can manage your preferences in your account Client Area ⇨ DNS panel https://airvpn.org/dns/.

    We offer only lists released with licenses which grant re-distribution for business purposes too.

    The system is very flexible and offers some exclusive features never seen before in other VPN services:
    You can activate or de-activate, anytime, any combination of lists. You can add customized exceptions and/or additional blocks. Any specified domain which must be blocked includes all of its subdomains too. Lists which can return custom A,AAAA,CNAME,TXT records are supported. You can define any combination of block lists and/or exceptions and/or additions for your whole account or only for specific certificate/key pairs of your account (Client Area ⇨ Devices ⇨ Details ⇨ DNS) Different matching methods are available for your additions and exceptions: Exact (exact FQDN), Domain (domain and its subdomains), Wildcard (with * and ? as wildcards), Contain, Start with, End with. An API to fetch every and each list in different formats (see Client Area ⇨ API ⇨ dns_lists service) is active Any change in your selected list(s), any added exception and any added block is enforced very quickly, within few tens of seconds. You don't need to disconnect and re-connect your account. You can define your own lists and discuss lists and anything related in the community forum here
    Essential requisite to enjoy the service is, of course, querying AirVPN DNS while your system is connected to some VPN server, which is by the way a default setup if you run any of our software.

    Kind regards & datalove
    AirVPN Staff
  25. Thanks
    go558a83nk got a reaction from Staff in [COMPLETED] WireGuard beta testing available   ...
    I got this on my pfsense box just now . Very nice. . May have even been a little limited by my traffic shaper

    https://www.speedtest.net/result/12249912075.png
×
×
  • Create New...