go558a83nk

I’d love to see a new 10G server in the Midwest. While it’s not a dealbreaker, it would definitely be a great addition!

Edit: One thing I want to point out is that I’ve been testing Mullvad VPN to compare speeds based on server providers. I’ve noticed that certain server providers and may experience poor routing or routing bottlenecks depending on your ISP. For example, the new New York servers on Tzulo (used by both AirVPN and Mullvad) give me terrible results—decent latency but typically only around 40 Mbps symmetrical. Meanwhile, servers from Datapacket and M247 consistently provide over symmetrical gigabit speeds on WireGuard.

I think Mullvad's approach of using multiple providers in some cities is a good idea, as it gives users the flexibility to choose servers with the best routing or latency. I don’t know for certain, but AirVPN may have their reasons (costs, contracts, security) for not choosing certain providers, and that’s completely fine. However, I think this is something they could consider if its in the realm of possibility.

Chicago servers are consistently reaching their 1 Gbps capacity, frequently throttling connections below 10 Mbps! I think there is a need for an upgrade in the region.

Chicago/Midwest region would benefit greatly from a 10 Gbps server. I see several 10 Gbps servers were added in other major cities around the US over the past year or two, but so far haven't seen any in the Midwest (US).

I've been exclusively using Chicago servers on AirVPN for several years now. I’ve noticed a decline in reliability over the past six months due to increased user demand and lack of bandwidth capacity. Switching between Chicago servers often yields no improvement. I have tried the nearest 10gbit servers in Toronto, New York and Phoenix, but have had pretty poor results. Most likely due to the fact that they are so far away.

Even during non peak times it's very rare there is enough available capacity on these 1gbit Chicago servers to saturate my 500mbps fiber home connection.

Would love to know if there are any plans in the near future for upgrading servers in this region.

I would also like to mention a post I made over a year ago, where I mentioned how I think adding Per City Load balancing functionality would greatly improve the experience in these congested areas.
Even right now as I'm writing this, I am struggling to find a Chicago server running at acceptable speeds. See the below screenshots and you can see for yourself:


With VPN on Praecipua server:

:

Without VPN: 



 

id rather them dedicate that time to finalizing/ continuing to work with openvpn DCO 

actually that log is them trying UDP entry 3 and then TCP and SSH and SSL.  none of them worked.  so, yes, chances are some software is blocking the connection.

I started using AirVPN in 2023 because I wanted port forwarding. That was the most advanced thing I did back then. Just using Eddie-UI on a Windows 10 PC.

Servers are fast, plenty of choices. Network lock works perfectly so no need to worry about leaks. Perfect for beginners and advanced users.

Since then, I have branched out a bit and as a part of my career, I have needed to start using Linux. So I have spent some time messing around on Linux. But I need to say how incredible and comprehensive AirVPN is. Honestly the team at AirVPN is the absolute best. No bulls**t from them ever. I don't think everyone understands how well they've made their service. It completely outclasses other VPN providers *Cough cough Nord*. At first I was a bit intimidated by the UI, but it's a quick learning curve for Eddie-UI. It works and gets the job done. I realise now that it's better than way, its clean and fast, no unnecessary bloat.

Just the sheer amount of control and customization is incredible. Honestly guys, thank you. Compatible with any device I could think of.

I never realised the level of control possible with AirVPN. But now that I have more niche and specific use cases, it has really proven to be so incredibly well made. Everything I want to do is possible.

So many vulnerabilities are avoided by using Air. I've never seen such top notch security. Truly thank you.

If anyone is unsure if they should get AirVPN, the answer is yes. I started out using it in the most basic form using Eddie-UI on my PC and Phone. But now I configure everything myself for certain tasks, and I am still learning something new each time.

You can use this service for the most basic needs, all the way to the most advanced. Oh and wow it's so lightweight. Can run on practically anything without any problems.

This is clearly something made by extremely knowledgeable people

To everyone at AirVPN, thank you guys. 10/10 service A+++
 

Hello I would like to give my personal recommendations to help with network censorship in Russia. I may not have time to write a authoritative, proper guide, but wanted to share this. Everything "clicked" once I read a comment how the DPI works to determine a new connection.
Preface
IP and subnet blocks came first. They completely blackhole all traffic to blocked IP addresses. The only thing you can try is IPv6 in place of IPv4. Some Air servers are blocked by IP.

The Deep Packet Inspection (DPI) is a required installation for residential ISPs and (as of late) industrial networks like data centers. It works to dynamically block known protocol traffic, anything "forbidden" that's not yet in IP blocklists from above. This system was put in law many years ago. Nevertheless, the networks across the country are at various stages of rollout and their capabilities will differ. Real example: residential ISP did not block OpenVPN->Air, yet the mobile carrier did. Yet in 2024 the residential ISP upgraded their DPI system and started blocking OpenVPN too. Common methods of circumvention
Mangle traffic locally to fool the DPI systems. It will allow you to connect to servers not blocked by IP (TLS SNI name detection). Proxy/VPN server: A prerequisite is an outside server, it must not have been blocked by IP. If it's a private server and OpenVPN or Wireguard work - you're lucky. However be prepared to still get blocked by DPI any day for using a VPN protocol. There are many proxy tools, especially developed to combat the Great Firewall of China. They don't run directly on Air, so this is something for self-hosting or other services to provide. We're talking about Air, so let's get that VPN working.

Everything below requires you to find a reachable Air server (no direct IP blocks). The configuration server used by Eddie is IP blocked, so it won't work at all. I suggest you to generate all server configs in advance and see which are reachable from Russian networks. Airvpn.org seems to be reachable though.
  OpenVPN over SSH to Air
It is possible to set this up on mobile, however the connection is reset after 10-30 seconds due to a lot of traffic being pushed. I used ConnectBot and it didn't restart the SSH connection properly, anyhow OpenVPN and ConnectBot had to be reconnected manually each time --> unusable. Since both apps are easily downloadable from app stores/F-Droid, this can be enough to generate and download configs from AirVPN's website in a dire situation.
This connection type works like this: SSH connects to Air server, forwards a local port -> Air (internal_ip:internal_port) OpenVPN connects to local_ip:local_port and SSH sends the packets to Air's OpenVPN endpoint inside this tunnel Once the connection is established, it works like a regular OpenVPN on your system   OpenVPN over stunnel to Air
I haven't tried, desktop only? OpenVPN (TCP) over Tor to Air
While connecting to Tor will be another adventure, do you really need a VPN if you get Tor working for browsing? If yes, I suppose it could work. I haven't tried.  
 
OpenVPN (TCP) to Air
May start working after hours on Android, if the connection was established initially. Until then you'll see a lot of outgoing traffic but almost zero incoming traffic (NOT ZERO though!) It is unclear to me whether this is because Android keeps reconnecting after sleeping or sometimes it pushes so little traffic over the established connection that DPI forgets or clears the block for this connection only. OpenVPN (UDP) to Air
Doesn't work. Wireguard to Air
Doesn't work, it's always UDP and very easily detected. AmneziaWG client to connect to standard Wireguard Air servers
This worked for me almost flawlessly. The trick of AmneziaWG is to send random trash packets before starting the connection sequence. This is what the new parameters are and some of them are compatible with standard Wireguard servers. The DPI only checks traffic within the initial traffic size window of the connection. If it doesn't find VPN connection signatures (and it doesn't due to random data) then it whitelists the connection. Wireguard then sends its connection packets and connects to Air. Full speed ahead, no throttling. The VPN connection works!

What's the catch? The AmneziaWG packet configuration must be right. This worked for me across all networks I encountered: MTU: 1320 (safe value, higher MTU will give better bandwidth, if it works at all and doesn't begin to fragment packets) Junk Packet count (Jc): 31 Junk Packet minimum size (Jmin): 20 Junk Packet maximum size (Jmax): 40 Init packet junk size (S1): none (afaik only with AmneziaWG server; delete from config or try to set 0) Response packet junk size (S2): none (afaik only with AmneziaWG server; delete from config or try to set 0) Magic header settings changeable afaik only with AmneziaWG server: Init packet magic header (H1): 1 Response packet magic header (H2): 2 Underload packet magic header (H3): 3 Transport packet magic header (H4): 4 And how would you know what numbers to set? This single insight: This means flooding small random UDP packets at the beginning is the winning strategy. That's how I optimized someone's config from "sometimes it works, sometimes it doesn't" to "works 100% of the time, everywhere". You actually don't want to blast big packets and be blocked because of it. Smaller random packets are good for mobile traffic too. How would you setup AmneziaWG to connect to Air (Android)?
Generate and download AirVPN Wireguard configs, for each individual server, try different entry IPs too. DO NOT USE THE DEFAULT (OFFICIAL) WIREGUARD PORT. We don't want long-term logging to highlight the working servers for the next round of IP blocks. Download AmneziaWG VPN client (the Android edition is actually a fork of the official Wireguard app): amnezia.org or https:// storage.googleapis .com/kldscp/amnezia.org or https://github.com/amnezia-vpn/amnezia-client/releases/ Import Air's configs in the app Apply "Junk Packet" settings from above Try to connect Try different entry IPs and servers if the connection doesn't work. See if the server IP is completely blocked either with: ping "<entry IP>" nc -zv -w 10 "<entry IP>" "<port 80 or 2018 for OpenVPN TCP>" This is GNU netcat
Keep in mind: on Android the safest way to avoid any traffic leaks is to go to system settings, Connection & sharing > VPN, or search for "VPN", click on (i) for advanced settings, Enable: "Stay Connected to VPN" & "Block All Connections not Using VPN". If you ever disconnect from VPN by using Android's system notification, you'll need to re-enable these settings.
If you switch between VPN apps (like Eddie -> AmneziaWG), I suggest to make sure these settings are always enabled like this: Turn off Wi-Fi (or mobile data) For previous VPN app disable: "Stay Connected to VPN" & "Block All Connections not Using VPN" For next VPN app enable: "Stay Connected to VPN" & "Block All Connections not Using VPN" Turn on Wi-Fi / connect using next VPN app
Thanks for reading. Big politicians are not your friends, stay strong and propagate what you truly believe in.

have you confirmed it also announces the specified IP address to DHT peers or only tracker based peers?

On Alpherg early in the morning

You should turn it off.

Hello!

We're very glad to inform you that the Black Friday weeks have started in AirVPN!

Save up to 74%
when compared to one month plan price
 
Check all plans and discounts here: https://airvpn.org/buy
 
If you're already our customer and you wish to jump aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day.

AirVPN is one of the oldest and most experienced consumer VPN on the market, operating since 2010. It never changed ownership and it was never sold out to data harvesting or malware specialized companies as it regrettably happened to several competitors. Ever since 2010 AirVPN has been faithful to its mission.

AirVPN does not inspect and/or log client traffic and offers:
five simultaneous connections per account (additional connection slots available if needed) inbound remote port forwarding with multiple pools active daemons load balancing for unmatched high performance - current 'all time high' on client side is 730 Mbit/s with OpenVPN and 2000 Mbit/s with WireGuard flexible and customizable opt-in block lists protecting you from adware, trackers, spam and other malicious sources. You can customize answers or exceptions globally, at account level or even at single device level. powerful API IPv6 full support comfortable management of your client certificates and keys AES-GCM and ChaCha20 OpenVPN ciphers on all servers Perfect Forward Secrecy with unique per-server 4096 bit Diffie-Hellman keys internal DNS. Each server runs its own DNS server. DNS over HTTPS and DNS over TLS are also supported. free and open source software client side software support to traffic splitting on an application basis on Android and Linux and on a destination basis on Windows and macOS GPS spoofing on Android application
AirVPN is the only VPN provider which is actively developing OpenVPN 3 library with a fork that's currently 245 commits ahead of OpenVPN master and adds key features and bug fixes for a much more comfortable and reliable experience:
https://github.com/AirVPN/openvpn3-airvpn

AirVPN, in accordance with its mission, develops only free and open source software for many platforms, including Android, Linux (both x86 and ARM based systems), macOS and Windows.
Promotion due to end on 2024-12-03 (UTC).

Kind regards & datalove
AirVPN Staff
 

Hello!

We inform you that due to a few problems we are forced to replace the server Kitalpha in Switzerland. A much more powerful server will replace Kitalpha in the next days and it will be connected to a 10 Gbit/s full duplex port and line. As usual, the new server will be announced in this "News" forum in due time. The new server will not only replace Kitalpha but will also provide the additional bandwidth that several users require in Switzerland. We roughly estimate that the server will be available to you by November the 25th.

Kind regards & datalove
AirVPN Staff
 

Hello!

We're very glad to inform you that a new 1 Gbit/s full duplex server located in Madrid (Spain) is available: Jishui.

The AirVPN client will show automatically the new server. If you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The server accepts OpenVPN connections on ports 53, 80, 443, 1194, 2018 UDP and TCP, and WireGuard connections on ports 1637, 47107 and 51820.

Just like every other Air server, Jishui supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, tls-crypt and WireGuard.
Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

You can check the server status as usual in our real time servers monitor:
https://airvpn.org/servers/Jishui

Do not hesitate to contact us for any information or issue.


Kind regards and datalove
AirVPN Team
 

This is honestly one of the most inspiring things I've read lately. It solidifies why we're all here, either as a customer, contributor, or whatever. I have used nord for the last few years and never thought twice about it. After recent life changes I decided to take the time to invest into my understanding of networking, the internet, etc. On top of future proofing myself I want to learn how to be less reliant on services that I can't trust to not sell every last ounce of privacy I have left. This is some next level community support, I love to see it, and hope nothing but the best for you and those who helped / continue to help every day.

make sure to try wireguard if you haven't already

Wireguard in Eddie

Hello!

We're very glad to inform you that three new 10 Gbit/s full duplex servers located in Phoenix, Arizona, are available: Gunibuu, Kambalia, Sheratan. They have replaced Chalawan, Indus, Phoenix and Virgo with more powerful hardware and higher overall bandwidth.

The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard.

The servers support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard.

Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

You can check the status as usual in our real time servers monitor by clicking the names of the servers.
 
Do not hesitate to contact us for any information or issue.
 


Kind regards & datalove
AirVPN Team
 

Whoever just helped me, I am literally crying. That was so nice. Jeez.

Hello!

We're very glad to inform you that four new 10 Gbit/s full duplex servers located in New York City are available: Muliphein, Paikauhale, Terebellum, Unukalhai. They have replaced Haedus, Iklil and Lich with more powerful hardware and higher overall bandwidth.

The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard.

The servers support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard.

Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

You can check the status as usual in our real time servers monitor by clicking the names of the servers.
 
Do not hesitate to contact us for any information or issue.


Kind regards and datalove
AirVPN Team

This is indeed great news!  Well done AirVPN!
 

Does it include Saclateni, which was recently deployed late of last year?  If so, are the new servers more powerful than Saclateni?  And will each of these servers have full-duplex bandwidth of 20 Gbps?
 
As you can see from the attached screenshot, connecting to Saclateni from Anaheim, CA, it shows similar latency (~ 8-9 ms) to other servers (Groombridge and Teegarden) in Los Angeles, CA.  However, it's always puzzled me why I'd get similarly low latency (~ 8-9 ms) to other servers (Bootes, Chalawan, Indus, and Virgo) in Phoenix, AZ.  How is it possible?  It defies the laws of physics!  Anaheim, CA to Los Angeles, CA is a shorter distance than to Phoenix, AZ.  And latency is definitely affected by distance.  Unless these ISPs figure out a way to tunnel packets through a worm hole!  I call shenanigans! 😁
 

Hello!

We're very glad to inform you that in the coming days, according to our infrastructure expansion and improvement plan, all the servers in Los Angeles, New York City and Phoenix will be replaced.

The new servers will have much more powerful hardware and all of them will be connected to a 10 Gbit/s (full duplex) port with guaranteed bandwidth. Therefore, the infrastructure in the mentioned locations will be entirely upgraded to new 10 Gbit/s servers, with 3 servers in LA, 3 servers in Phoenix and 4 servers in New York City. The current servers will be decommissioned on November the 1st.

Please note that all the new servers will have new IP addresses. Connectivity will be very similar, with the notable addition of GTT and Zayo as fiber and tier1 transit providers.

Kind regards and datalove
AirVPN Staff
 

I must say I'm disappointed... AirVPN stopped using the gif of the child throwing money out the window on their deal posts. You can't break tradition AirVPN team!

Good note. By code it seems to be trackers only. In libtorrent's http_tracker_connection.cpp:
[…] if (!m_ses.settings().anonymous_mode) { if (!settings.announce_ip.empty()) { url += "&ip=" + escape_string( settings.announce_ip.c_str(), settings.announce_ip.size()); […] m_tracker_connection->get(url, seconds(timeout) , tracker_req().event == tracker_request::stopped ? 2 : 1 , &m_ps, 5, settings.anonymous_mode ? "" : settings.user_agent , bind_interface() […] I don't think nodes establish connections via HTTP between each other. So yeah, good note. Probably doesn't work the way I imagined. And the docs do mention the necessity for the tracker to accept the ip parameter. That's why.
 

Hello!

p2p is allowed on pool 2 but it can be really used only by those programs that let you configure which IP address to announce (non existing, as far as we know). More in general, pool 2 is not suitable for any program which announces itself autonomously. In AirVPN infrastructure, the VPN traffic reaches the Internet through one exit IP address, but "pool 2" is the set of ports of another IP address (let's name it exit IP address 2, in brief exit 2). If a program receives an unsolicited incoming packet from the Internet through exit 2, it will reply properly. This happens whenever you advertise on your own how to reach your service (a web or FTP server, a game server, and so on).

However, with p2p programs, it's the program itself which must advertise. DHT or a tracker will record the address they receive the advertisement (of the port etc.) from, and they will say to other peers that your p2p program is reachable on exit 1, with its pool 1 ports; however, if you have remotely forwarded a pool 2 port, peers would never be able to reach your program, because they would send packets to a port of another IP address (exit 1, the address recorded by DHT and/or trackers). The problem could be resolved by manual setting (see for example https://userpages.umbc.edu/~hamilton/btclientconfig.html#BTConfig ) when you need to seed only - additional tests are required.

This is an important limitation that might be overcome in the future, for example by letting the user pick which exit IP address its traffic must go to the Internet through. In the meantime, by using pool 2 (and when necessary additional pools) for anything different from p2p and crypto wallets, port exhaustion problem is solved (in most cases only 1 forwarded port is needed for p2p).

Kind regards
 

Hello!

We're very glad to announce a remarkable expansion of our inbound remote port forwarding system aimed at avoiding once and for all the port exhaustion problem.
The comfort and the growth problem
In the AirVPN "Port Forwarding" service, unlike some of our competitors we grant that assigned ports are not server specific. We also ensure that they remain permanently reserved to an account for as long as any valid plan is active. This unique system offers unparalleled comfort as you don't have to worry about server switches, zone selections and program re-configurations. However, ports are only 65536, because the space reserved for them in a TCP/IP packet header is 2 bytes, and the inconvenience of the great comfort brought by the AirVPN service is that the port exhaustion is nearing as more and more users decide to use the service.
 
 
A "no compromise" solution
Our goal was to avoid port exhaustion while maintaining maximum comfort. We are introducing a new system specifically designed to achieve this goal.

Now we allocate not only a port number, but a port number associated with a port pool. For example a port on pool :1 can be assigned to a user, and the same port number in pool :2 can be assigned to another user.
Existing assigned port will come from the first pool (:1). Currently we offer two pools, but more pools can be added whenever necessary. With this method, port exhaustion is postponed indefinitely while the comfort of the service is preserved.

In the following example you can see the pool (:1, :2 for now) specified right after the port number. The account has port 24860 reserved in both pools.
    How it works
Each Air VPN server sends out clients' VPN traffic through a shared exit IP address.
From now on, AirVPN servers feature multiple exit IP addresses, each of which is linked to a specific port pool. Therefore we can determine which pool a port/address is associated with and route traffic accordingly.
  The implications for AirVPN users and customers
The obvious good impact is that port availability increases dramatically. The new system is not difficult at all and extremely similar to the previous one: simply use DDNS (*) names with port forwarding, and not the direct IP address. Your account name(s) based on AirVPN's DDNS will always resolve into the correct server's exit-IP address related to the pool of your assigned port.
If you prefer to rely on IP addresses or anyway you don't want to define domain names through AirVPN's DDNS, you can find the correct IP address used by clicking the Test Open button available in your AirVPN account port panel. Please note that this IP address could change over time, so domain names defined by DDNS are a more comfortable solution.
There is only a modest caveat (which could be resolved in the future), please see below.
 
Caveat
Any setup not involving manual communication on how to connect to a service, as it happens with a p2p program, does not need domain names at all. If a program transmits autonomously how it can be reached (typical examples: some blockchain wallet programs, all torrent programs), at this stage please make sure you forward a port from pool 1 for those programs. For p2p programs that allow manual announcement configuration of the IP address, you can also use pool 2.

(*) DDNS is a service offered automatically for free to all accounts and included on every and each AirVPN plan.

Kind regards & datalove
AirVPN Staff
 

Hello!

It's ISO 3166 used by Eddie.

Kind regards