go558a83nk

pfsense warned me last month that some old certs were expiring so I'm not surprised that some people are seeing this results.  It's unfortunate that software (eddie) or this web site didn't warn people they were using certs about to expire.

They're also living under the assumption that government is benevolent and righteous.  Have they forgotten that the government of the very thing they detest (nazism) made illegal many things...was it ok because the government made them illegal?

sha1 being used which is for old tls-auth configs but only staff can quickly say if the entry IP is 1 or 2 and not 3 or 4.  that is to say, I'm guessing you and several others are getting tls-auth and tls-crypt things mixed up.

edit: Ok I see your post below mine that shows you used a tls-auth config.

pfsense warned me last month that some old certs were expiring so I'm not surprised that some people are seeing this results.  It's unfortunate that software (eddie) or this web site didn't warn people they were using certs about to expire.

Hello @Staff can you please tell me how the speed is calculated and what is the delay between each update. Im currently breaking the record but my downloads are always finished when it update.

They're also living under the assumption that government is benevolent and righteous.  Have they forgotten that the government of the very thing they detest (nazism) made illegal many things...was it ok because the government made them illegal?

pfsense warned me last month that some old certs were expiring so I'm not surprised that some people are seeing this results.  It's unfortunate that software (eddie) or this web site didn't warn people they were using certs about to expire.

Hello!

No, they remain in the same one. Even same rack, same switch etc.

Kind regards
 

pfsense warned me last month that some old certs were expiring so I'm not surprised that some people are seeing this results.  It's unfortunate that software (eddie) or this web site didn't warn people they were using certs about to expire.

pfsense warned me last month that some old certs were expiring so I'm not surprised that some people are seeing this results.  It's unfortunate that software (eddie) or this web site didn't warn people they were using certs about to expire.

pfsense warned me last month that some old certs were expiring so I'm not surprised that some people are seeing this results.  It's unfortunate that software (eddie) or this web site didn't warn people they were using certs about to expire.

yes, no need to change anything else.

Hello!
 
We're very glad to announce a special promotion on our long term Premium plans for the end of Summer or Winter, according to the hemisphere you live in.
 
You can get prices as low as 2.06 €/month with a three years plan, which is a 70% discount when compared to monthly plan price of 7 €.
  If you're already our customer and you wish to stay aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day.

Please check plans special prices on https://airvpn.org and https://airvpn.org/buy
All reported discounts are computed against the 7 EUR/month plan. Promotion expires on 2024-03-26 UTC.

Kind regards & datalove
AirVPN Staff

Hello!

We're very glad to inform you that two new 10 Gbit/s servers located in Alblasserdam (the Netherlands) are available: Menkent and Piautos.

The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard.

The servers support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard.

Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses and 4096 bit DH key not shared with any other VPN server.

You can check the status as usual in our real time servers monitor:
https://airvpn.org/servers/Menkent
https://airvpn.org/servers/Piautos

Do not hesitate to contact us for any information or issue.
Kind regards and datalove
 

Starting this topic as a way for me to vent and perhaps see that I'm not the only one to see crazy routing by my ISP.
 
The topic has come up in other threads, with knowledgeable people confirming my belief that ISPs relegate VPN traffic to very low priority.
 
Route testing shows that this low priority isn't based on packet inspection but simply the destination of the traffic (and, I assume, the source).  In other words, traffic both directions between us and the server is affected.
 
 
Trace to Draco, primary IP address
2  [7922] [COMCAST-22] xe-3-1-3-sur02.east.tx.houston.comcast.net (68.85.252.81) 8.8ms
 3  [7922] [COMCAST-22] ae-9-ar01.bisbee.tx.houston.comcast.net (68.85.246.65) 7.9ms
 4  [7922] [COMCAST-16] be-33662-cr02.56marietta.ga.ibone.comcast.net (68.86.92.89) 30.7ms
 5  [7922] [COMCAST-16] hu-0-12-0-6-pe01.56marietta.ga.ibone.comcast.net (68.86.89.18) 24.4ms
 6  [7922] [iBONE-CCCS-2] 50.242.148.190 30.9ms
 7  [174] [NET-154-54-0-0] be2847.ccr41.atl01.atlas.cogentco.com (154.54.6.101) 42.4ms
 8  [174] [NET-154-54-0-0] be2687.ccr41.iah01.atlas.cogentco.com (154.54.28.70) 28.8ms
 9  [174] [NET-154-54-0-0] be2441.ccr21.dfw01.atlas.cogentco.com (154.54.41.66) 30.1ms
10  [174] [NET-154-54-0-0] te0-0-0-0.agr12.dfw01.atlas.cogentco.com (154.54.31.114) 41.1ms
11  [174] [NET-154-24-0-0] te0-0-2-3.nr11.b000821-1.dfw01.atlas.cogentco.com (154.24.19.222) 37.1ms
12  [174] [COGENT-A] 38.88.50.34 35.6ms
13  [15003] [NETBLK-NOBIS-TECHNOLOGY-GROUP-06] [target] 64.120.63.90 32.1ms
 
Note it goes all the way to Atlanta, then back to Dallas through Houston on Cogent.  Why on earth do they send it to Atlanta to get on Cogent's network?  Dallas is only 4 hours drive from Houston and as you'll see from the next trace, Comcast has a connection to Cogent right in Houston.
 
Trace to Draco, alternate IP address
2  [7922] [COMCAST-22] xe-3-1-2-sur03.east.tx.houston.comcast.net (68.85.251.245) 7.7ms
 3  [7922] [COMCAST-22] ae-18-ar01.bearcreek.tx.houston.comcast.net (68.85.246.69) 8.6ms
 4  [7922] [COMCAST-16] be-33662-cr02.dallas.tx.ibone.comcast.net (68.86.92.61) 15.6ms
 5  [7922] [COMCAST-16] be-12493-pe01.houston.tx.ibone.comcast.net (68.86.84.158) 20.4ms
 6  [7922] [CBC-COMCAST-1] 173.167.59.42 20.5ms
 7  [174] [NET-154-24-0-0] te0-0-1-0.rcr12.iah02.atlas.cogentco.com (154.24.26.89) 21.0ms
 8  [174] [NET-154-54-0-0] be2145.ccr41.iah01.atlas.cogentco.com (154.54.1.85) 24.1ms
 9  [174] [NET-154-54-0-0] be2441.ccr21.dfw01.atlas.cogentco.com (154.54.41.66) 20.1ms
10  [174] [COGENT-NB-0000] te0-0-0-0.agr11.dfw01.atlas.cogentco.com (66.28.4.50) 21.0ms
11  [174] [NET-154-24-0-0] te0-0-2-0.nr11.b000821-1.dfw01.atlas.cogentco.com (154.24.15.50) 21.7ms
12  [174] [COGENT-A] 38.88.50.34 24.2ms
13  [15003] [NETBLK-NOBIS-TECHNOLOGY-GROUP-06] [target] 64.120.63.92 20.4ms
 
Amazingly, the trace gets to Dallas in the 4th hop, but then heads right back to Houston to get on Cogent's network.  It makes zero sense unless you realize that Comcast are doing this crap on purpose.  I have rarely seen a route that heads directly to the VPN server upon reaching Dallas, finding Cogent's network there instead of having to get back to Houston.
 
Understand that this is normal, everyday behavior.  I have another VPN provider with servers in Dallas and Atlanta.  Amazingly, all the Atlanta servers route through Dallas, and all the Dallas servers route through Atlanta.  So, the routes are available, but purposely screwed up.
 
Finally, check this out.
 
Instead of tracing the route to Draco, I instead trace the route to Cogent's router at 38.88.50.34, seen in hop 12 above.  Check out the premium routing I get now.
 
 2  [7922] [COMCAST-22] xe-3-1-3-sur03.east.tx.houston.comcast.net (68.85.251.249) 10.2ms
 3  [7922] [COMCAST-22] ae-18-ar01.bearcreek.tx.houston.comcast.net (68.85.246.69) 9.1ms
 4  [7922] [COMCAST-16] be-33662-cr02.dallas.tx.ibone.comcast.net (68.86.92.61) 14.1ms
 5  [7922] [COMCAST-16] be-12495-pe03.1950stemmons.tx.ibone.comcast.net (68.86.85.194) 13.7ms
 6  [7922] [iBONE-CCCS-3] 50.248.118.246 13.0ms
 7  [174] [NET-154-54-0-0] be2763.ccr21.dfw01.atlas.cogentco.com (154.54.28.73) 14.1ms
 8  [174] [NET-154-54-0-0] te0-0-0-0.agr12.dfw01.atlas.cogentco.com (154.54.31.114) 13.8ms
 9  [174] [NET-154-24-0-0] te0-0-2-3.nr11.b000821-1.dfw01.atlas.cogentco.com (154.24.19.222) 15.2ms
10  [174] [COGENT-A] [target] 38.88.50.34 13.6ms
 

Hello!

We're very glad to inform you that 6 new 1 Gbit/s (full duplex) servers located in Miami, Florida (USA), are available: Aladfar, Ascella, Chertan, Elkurud, Giausar, Meleph.

The servers supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard.

The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard.

Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses and 4096 bit DH key not shared with any other VPN server.

You can check the status as usual in our real time servers monitor:
https://airvpn.org/servers/Aladfar
https://airvpn.org/servers/Ascella
https://airvpn.org/servers/Chertan
https://airvpn.org/servers/Elkurud
https://airvpn.org/servers/Giausar
https://airvpn.org/servers/Meleph

Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Staff

Hello!

We're very glad to inform you that a new 1 Gbit/s (full duplex) server located in Kyiv, Ukraine, is available: Altais.

Altais supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Altais will replace Alcor in the same location.

The AirVPN client will show automatically the new server; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard.

Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses and 4096 bit DH key not shared with any other VPN server.

You can check the status as usual in our real time servers monitor:
https://airvpn.org/servers/Altais

Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Staff

Hello!
 

Customers who are not residents of Italy and purchased the service from outside Italy should not suffer any unintended suspension, even if they are transiting through Italy (for example for tourism). Should any problem arise please contact the support team.
 
We will carefully explore different, feasible options when necessary, and this is one of them.
 
This is because the authority will seek to enforce blocks on any company offering services to residents of Italy, regardless of whether the service is offered from another country and jurisdiction. See, for example, the request for DNS poisoning filed to Quad9, a non-Italian company that operates DNS servers outside Italy but accessible to residents of Italy. It is remarkable to note that Quad9 challenged a similar request from Sony in court, and won.

Kind regards


 

https://nguvu.org/pfsense/pfsense-multi-vpn-wan/

yes, you can have multiple clients and use the firewall rules choose which one gets used or create a gateway group with the 3.

Hello!

We're very glad to inform you that a new 3 Gbit/s (full duplex) server located in Raleigh, NC (USA) is available: Polis.

Polis supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard.

The AirVPN client will show automatically the new server; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard.

Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses and 4096 bit DH key not shared with any other VPN server.

You can check the status as usual in our real time servers monitor:
https://airvpn.org/servers/Polis

Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Staff
 

Hello!

@cccthats3cs

Thank you very much, those documents are interesting indeed.

All the matter is indeed a risk which we warned our users about according to their threat model since AirVPN's birth. The described investigation techniques may be instrumental to bring to justice criminals without enforcing provider to blanket data retention, and therefore they show once again the correctness of the Court of Justice of the European Union which forbade repeatedly EU Member States to oblige any ISP to perform blanket data retention. We're also pleased to see that
AirVPN made no technical mistake instrumental to the suspect's incrimination and that a "trap and trace" device had to be physically installed outside AirVPN servers Unfortunately the same methods might also be used by powerful crime organizations or agencies of regimes hostile to human rights to find out and suppress activists, "dissidents" and limit freedom of expression and information.

For this reason we wrote extensively about how to defeat easily such powerful adversaries (provided of course that your system is pristine, not compromised, an essential pre-requisite). In 2012 we published this for example:
https://airvpn.org/forums/topic/54-using-airvpn-over-tor/?tab=comments#comment-1745

Multiple times we warned about the danger of "black boxes" and it's not incidental that "OpenVPN over Tor", for example, has been implemented in our mainstream software since 2011 or 2012 and it is advertised in the home page while Tor is also listed in the "Download" > "Other technologies" section.

Kind regards
 

I was digging around CourtListener RECAP - a free archive of US court cases containing some public court records from PACER that have been uploaded to it by CourtListener RECAP users - and decided to search for AirVPN.
I found several hits in the case United States v. Klyushin (https://www.courtlistener.com/docket/61629108/united-states-v-klyushin/) and the very basic gist of this case is that Klyushin was convicted of hacking into a few financial firms to do insider trading.
If you go to the CourtListener page linked above you can access all the PACER court documents that have been uploaded to RECAP. Just to clear up any misunderstandings these are all public federal court records that have been freely made available through RECAP.

The most interesting of the documents from the case is #183 (https://www.courtlistener.com/docket/61629108/183/united-states-v-klyushin/) which is a transcript of day 4 of the jury trial. (PDF attached to this post.)
Within this transcript it is stated:
1. IP address 185.228.19.147 (incorrectly said 288 here, but 228 elsewhere) belongs to DediPath, and was used by AirVPN (pg. 132).
2. A "pen register" or "trap and trace" was placed on this IP address which is a "caller ID of who is communicating with that IP address" (pg. 133).
3. The pen register was authorized by a federal judge (pg. 133).
4. The pen register was active on that IP address from January 28th, 2020, to February 23rd, 2020 (pg. 135).
5. The pen register records were from DediPath, the transcript does not state any involvement or knowledge by AirVPN (pg. 138).

Document #217 (https://www.courtlistener.com/docket/61629108/217/united-states-v-klyushin/) is a transcript of day 9 of the jury trial. (Also attached to this post.)
It provides confirmation of point 5 above and offers more detail on what the pen register captures:
1. The pen register was "sent to the company that hosted the destination IP" meaning DediPath directly (pg. 38).
2. The pen register captured headers only, meaning timestamps of packets, inbound and outbound, and directionality, but not any content of packets (pg. 38-39).

This is quite interesting as I have seen this sort of tap hypothesized as something that could be used to log VPN servers, without the provider's knowledge (no matter what provider) - but up until now I was only aware that it was possible, not that it had actually been done.
gov.uscourts.mad.232574.183.0.pdf gov.uscourts.mad.232574.217.0.pdf

Hello!

For the purpose of domain name resolutions, VPN server scores are computed on the following variables: average ping (between VPN servers themselves); average load; average users; known issues; ISP reliability. In the case of Xuange, currently it does not achieve the "best" score in Europe or in Switzerland because the amount of connected users is sufficiently high to outweigh the amount of free bandwidth.

Kind regards
 

too many USA servers but the servers are busy?  sounds like there aren't enough USA servers then. ;)