go558a83nk

Qomui is still alive and version 0.8.0 has just been released. Among other things it adds the option to create custom connection profiles and support for custom scripts.
 
Full changelog:
 
- [new] connection profiles
- [new] support for custom scripts
- [change] configurations for Airvpn are now downloaded directly
- [change] removed minimize option if system tray not available
- [change] download new Mullvad config/certificates  
- [change] added scroll areas to some tabs
- [change] added options for profiles to tray menu
- [change] window state now recognized correctly
- [bugfix] improved stability and reliability of network detection
- [bugfix] manually imported WireGuard servers don't connect
- [bugfix] Qomui crashes when downloading Airvpn configs
- [bugfix] fixed Mullvad & Windscribe configs
 

Hello!
 
"Same thing" is frankly offensive for AirVPN. It's also astonishing that someone can have the idea to compare such profoundly different services. Power of marketing fluff aimed to gullible people, we guess.
 
Just to make a few examples, NordVPN lacks separate entry and exit IP addresses on many servers (various types of correlation attacks become possible), does not support IPv6, provides a ridiculous/non-existent servers monitor, provides fake servers locations, infringes net neutrality (does not allow any p2p protocols on a wide range of servers), does not provide dynamic remote port forwarding, does not provide DNS inside the VPN whose address matches the VPN gateway (exposing to DNS poisoning through route hijacking), is not GDPR compliant, is owned by a Lithuanian data mining company and has ties with Russian oligarchs.
 
AirVPN prices are competitive even without a special deal, check our new two years plan and anyway stay tuned for Christmas special deals.
 
Kind regards

Online Sessions: 15973 - BW: 71229 Mbit/s
 

I'm not a tech user, but search in trying to understand. I read, and wished I copied the URL's, on various blogs that:
- wireguard lists IP addresses of users on the server in the clear while connected, one of the current providers claimed to have asked Jason to code soft to counter that apparently.
- wireguard needs logs on the server linking IP to user credentials, permanently, for it to work. Err, how you do no longs on that? This could be solved by client software registering credentials anew every time a connection establishes, and allow for this to only be of temporary nature (while the connection lasts) But, that requires a client soft and adaptation to the server, so I read.
- wireguard does not allow any random server selection, credentials are server specific.
 
Credentials could be the same for all servers, imagine service providers like avpn assigning some 15000 IP addresses, one to each individual user, and then telling each of their servers IP X is user Y. Alternatively pre-allocate 15000 ip's each on 90 servers, do the match ... and do it dynamically between soft and server while the thing originally is not programmed to do that ...
 
No thanks.
 
I did try wireguard, and have to say on low level routers where openvpn gives lousy performance wireguard maxed out the connection speed and improved the connection stability, even when compared to no tunnel. That makes it very alluring, the rest is stay away from it.

Well, now we have a list of VPN's of whom never to trust, and I'd consider them compromised for daring to deploy software that has not had the scrutiny OpenVPN has over the last 20 years. Sure, WG is less LoC, but really, who cares? What we care about first and foremost is how secure the software is.
 
It's a matter of who you trust: Staff have outlined a number of points about the weaknesses in the protocol and how it's basically not ready for deployment, yet certain providers do it anyway? If that's how they operate their business (deploy shiny new thing without due care) then maybe it's worth reconsidering just how seriously they take your security.
 
I'd cancel Air if they dared deploy Wireguard for many years before it's actually ready and fully tested. The other big name provider (PIA) has also not deployed Wireguard, which is the only and correct course of action.
 
This thread should be locked, the discussion is meaningless; Wireguard isn't touching Air for a long time to come.

Hello!
 
it looks like you still miss the point. Wireguard, in its current state, not only is dangerous because it lacks basic features and is an experimental software, but it also weakens dangerously the anonymity layer. Our service aims to provide some anonymity layer, therefore we can't take into consideration something that weakens it so deeply.
 
We will gladly take Wireguard into consideration when it reaches a stable release AND offers at least the most basic options which OpenVPN has been able to offer since 15 years ago. The infrastructure can be adapted, our mission can't.
 
We provided a list of missing features causing real, objective security flaws in Wireguard (when meant to provide specific features). We will expand them here below since it looks like you missed the huge implications of the mentioned issues.
 
 
It's not a matter to "cover their asses" as you say.
 
First, it's a matter of security. If you followed some basic IT security principle, you would know how wrong and dangerous a claim like the one quoted here above is. If you are really in the position to certify that "Wireguard is fine", then do it officially. If you can't do it officially, your words must be considered irrelevant, because they go against the claims of the very Wireguard developers themselves.
 
Second, it is a matter of lacking features that are essential for any service which aims to provide a decent layer of anonymity.
 
Wireguard, in its current state, does not meet our requirements. Here below, once again, some points which need to be considered and addressed:
 
Wireguard lacks dynamic IP address management. The client needs to be assigned in advance a pre-defined VPN IP address uniquely linked to its key on each VPN server. The impact on the anonymity layer is catastrophic; Wireguard client does not verify the server identity (a feature so essential that it will be surely implemented when Wireguard will be no more an experimental sofware); the impact on security caused by this flaw is very high; TCP support is missing (third party or anyway additional code is required to use TCP as the tunneling protocol, as you suggest, and that's a problematic regression when compared to OpenVPN); there is no support to connect Wireguard to a VPN server over some proxy with a variety of authentication methods.  
Kind regards

Hello!

We're very glad to inform you that two new 1 Gbit/s servers located in Vancouver (Canada) are available: Telescopium and Titawin.

The AirVPN client will show automatically the new servers; if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

Servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP.

Just like every other "second generation" Air server, Telescopium and Titawin support OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt.

Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

You can check the server status as usual in our real time servers monitor:
https://airvpn.org/servers/Telescopium
https://airvpn.org/servers/Titawin

Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

1 is the default
2 is the same server setup as 1 but a different entry IP in case the default IP is blocked by your ISP
3 is tls-crypt
4 is the same server setup as 3 but a different entry IP in case the 3 IP is blocked by your ISP

1 is the default
2 is the same server setup as 1 but a different entry IP in case the default IP is blocked by your ISP
3 is tls-crypt
4 is the same server setup as 3 but a different entry IP in case the 3 IP is blocked by your ISP

Hi go558a83nk. No special scripts or settings. Some details. In bridge with IPV4 only. Asus Merlin with protocol 3/443/TCP. The OVPN script that comes with AIR. I run 3 separate VPN clients with adaptive Qos. When I downloaded protocol 3 with GCM, the speed increased around 10/12MB’s. At this speed, the RT-AC86U has approx. 77% of load on proc 2 and 50% on proc 1. After some try and error it turns out that client 1, 3, 5 are the fasted and use proc 2 for EAS-NI and proc 1 for background programs. Client 2 and 4 chokes with approx. 110mb’s down at 90% load on proc 1 for EAS-NI and proc 2 for background programs. Maybe that’s the trick on the 86. Today I will enable a 400/40 line a look how that turns out. I don’t think the 86 will come close to 400 on VPN, but we’ll see. I can post my findings if you like.

Thats why i love AIRVPN on a 200/20 line, with a RT-AC86U 

Hello!

We're very glad to inform you that the Black Friday week has just begun in AirVPN!
 
Save up to 67.5%
 
Check all plans and discounts here: https://airvpn.org/plans

If you're already our customer and you wish to jump aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day.

And that's not all! AirVPN offers five simultaneous connections per account, IPv6 full support and many more, exclusive smart features:
https://airvpn.org/topic/28153-ipv6-support-and-new-smart-features/


Kind regards & datalove
AirVPN Staff
 

Hello!
 
Yes, the attacks you talk about, usually based on timing attacks in low latency networks, are not meant to be prevented by separate entry and exit-IP addresses.
 
The correlation attacks which are prevented by separate entry and exit-IP addresses are different. When two nodes of a same VPN connect to each other via a public address which is also the VPN gateway public address they will start exchanging data in clear text outside the tunnel (this is quite obvious, check your routing table to understand exactly why).
 
When that IP address is shared between the nodes connected to the VPN server, this opens up the way to a wide variety of correlation attacks to discover the real IP addresses of the nodes connected to a VPN server. The adversary does not need to control or wiretap all the relevant network segments, it just needs to enter the VPN as a normal user, forward ports remotely and study the proper way to start the attack on the target or targets (the attacker will need to convince the target or targets to connect to any of the services he/she controls behind the VPN).
 
This is not an OpenVPN (or other VPN software) vulnerability, it's just how routing works.
 
Incredibly, even nowadays you can find VPN services around the world which do not take care of all the above and, even more incredibly, famous "VPN reviews" sites do not even talk about this issue.
 
Kind regards

For anyone who likes programming with Python, I started a project called AirPy on Github, https://github.com/Delphae/AirVPN
 
AirPy is a Python wrapper around the AirVPN API which everybody can use, which some of you already heard of.
The API is very useful to determine your connection, your server connected to and your user info
Take a look at https://airvpn.org/api/ to learn more about the free to use API of AirVPN.
But the output is in JSON, XML and so on.
To use the output in a Python program, in a Python console or in Jupyter I have created the AirPy module.
 
I started it, just for fun. And to get familiar with Python and Object Oriented Programming (I learned programming the old school way: procedures and functions :-))
 
On Github you will find the AirPy code as well as an example, in Python, how to use the AirPy module.
 
 
Import the AirPy module with your personal API key and set the default country
from AirPy import Airvpn APIKEY = "7de2aa122b7a42b9882d2f5b1e8ff30168ca6468" air = Airvpn(APIKEY,'nl') # when you are located in the Netherlands air = Airvpn(APIKEY,'gb') # when you are located in the UK, and so on  
Examples  
 
print (air.user) print (air.user.connected) print (air.user.login) print (air.connection) print (air.connection.server_name) print (air.sessions[0]) servers = air.servers() for server in servers: print (server) print (air.best()) print (air.rand())  
So, if you think it is useful, use it. If you want to contribute, please do.
If you have suggestions and improvements, do not hesitate to write them in this post.

The swedish servers were least used, and thus the region system sends you there.  You'll be much happier just using a single server that works well for you.
 
The real tragedy is people banging their head on a wall because they don't understand how things work.

How can I get VPN servers entry-IP addresses?
 
AirVPN servers have at least 4 entry-IP addresses (4 IPv4 and equivalent 4 IPv6 addresses). Different entry-IP addresses provide different tunnel protocols or abilities, please see https://airvpn.org/specs

We have Fully Qualified Domain Names that resolve into one of the recommended server entry-IP addresses or ALL entry-IP addresses, in both cases according to geographical location. Such FQDNs are used automatically by our Configuration Generator.

The recommended server is updated every 5 minutes, to balance users between servers.

Available FQDNs which resolve into the entry-IP address you need are explained below:
  {name [entry-IP address number]}.vpn.airdns.org - to obtain the best entry-IPv4 address for specified name. {name [entry-IP address number]}.ipv6.vpn.airdns.org - to obtain the best entry-IPv6 address for specified name. {name [entry-IP address number]}.all.vpn.airdns.org - to obtain all IPv4 and IPv6 entry addresses for the specified name which can be an ISO two-letters country code (ISO-3166), a continent ('europe', 'america',' asia', 'oceania', 'africa'), or 'earth' {server name}.airservers.org for entry-IPv4 address 1 of a specific server. Note that resolution by server name is limited, so use the Configuration Generator or contact us if you need specific addresses you can't obtain via DNS. You can see server names in the real time servers monitor in our web site page https://airvpn.org/status
[entry-IP number] is the entry-IP address number (2, 3  4), and it is optional. Don't valorize it in order to obtain the first entry-IP address, otherwise suffix the country code with the proper digit (e.g. 'be' for Belgium recommended/best rated server first entry-IP address, 'be3' for Belgium recommended server third entry-IP address).
Examples
nl.vpn.airdns.org resolves into the recommended server first entry-IPv4 for country NL (the Netherlands) nl.ipv6.vpn.airdns.org resolves into the recommended server entry-IPv6 address for country NL (the Netherlands) ca3.vpn.airdns.org  resolves into the recommended server third entry-IPv4 address (tls-crypt connection) for country CA (Canada) europe.all.vpn.airdns.org resolves into all the first entry addresses of all VPN servers in continent Europe. alshat.airservers.org resolves into the first entry address of server whose name is "Alshat".   Command line examples

Obtain every first entry address (both IPv4 and IPv6) for all servers in Switzerland, asking directly our authoritative DNS server. Windows: nslookup ch.all.vpn.airdns.org dns1.airvpn.org Linux: dig ANY ch.all.vpn.airdns.org @dns1.airvpn.org +short

   

Looks like you did something wrong around the TLS key.
 
Also, is your local network really 192.168.0.0?  What is your DHCP server subnet?

I second pfSense via nguvu.org guides. He has helped a massive amount in getting my pfsense up and running and making me feel much more secure. I run home automation & security cams in my home and did not want anything phoning home to Asia nor make it easy to hack my systems.
 
The beauty of pfSense to me was that it did not not require special or expensive hardware. I run it on an i3 (AES-NI) w/4GB and some intel NICs. Probably cost $100 USD on ebay. I spent more on the managed switch and APs.

Hello,
 
Is there currently a Discord or IRC channel? I think it would be cool to have a place to just chat about VPN/Security/Networking/AirVPN,

Hello!
We're very glad to inform you that a new 1 Gbit/s server located in New York City (NY, USA) is available: Lich.

The AirVPN client will show automatically this new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP.

Just like every other "second generation" Air server, Lich supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt.

Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

You can check the server status as usual in our real time servers monitor:
https://airvpn.org/servers/lich

Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

Hello!

We're very glad to inform you that two new 1 Gbit/s servers located in Zurich (Switzerland) are available: Dorado and Sextans.

The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP.

Just like every other "second generation" Air server, Dorado and Sextans support OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt.

Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Dorado and Sextans replace Kitalpha which will be dismissed within Nov 17th, 2018.  EDIT: by popular acclaim good old Kitalpha will NOT be canceled.

You can check the servers status as usual in our real time servers monitor:
https://airvpn.org/servers/dorado
https://airvpn.org/servers/sextans
 
Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

Hello!

We're very glad to inform you that a new 1 Gbit/s servers located in Vancouver (Canada) is available: Pisces.

The AirVPN client will show automatically this new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP.

Just like every other "second generation" Air server, Pisces supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt.

Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

You can check the server status a usual in our real time servers monitor:
https://airvpn.org/servers/Pisces

Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

Hello!
 
We are very glad to inform you that Eddie 1.0 for Android systems has been released.
 
Eddie Android edition is a free and open source OpenVPN 3 GUI released under GPLv3. Source code is available here: https://gitlab.com/AirVPN/EddieAndroid
 
Main features:
Free and open source application based on OpenVPN 3 Only official application by AirVPN Robust, best effort prevention of traffic leaks outside the VPN tunnel Battery-conscious application Low RAM footprint Option to start and connect the application at device boot Option to define which apps must have traffic inside or outside the VPN tunnel through white and black list OpenVPN linked against mbedTLS library Android 5.1 or higher required fully localized (current available languages: English, French, Italian, Spanish, Turkish) The traffic leak prevention has proved to be stronger than the one implemented in OVPN for Android. A thorough OpenVPN error detection allows Eddie to "lock" the network in case of unrecoverable disconnection (for example when communications to the VPN server get broken).
 
Direct link to the Google Play Store: https://play.google.com/store/apps/details?id=org.airvpn.eddie
 
Direct link to download Eddie Android edition from our Eddie web site: https://eddie.website/repository/eddie/android/1.0/org.airvpn.eddie.apk
 
A quick tutorial is available here: https://airvpn.org/topic/29660-using-airvpn-with-eddie-client-for-android/
 
The APK will soon be available in F-Droid repository too.
 
This is a starting point: development of a new version which includes stricter AirVPN integration is already ongoing and we are confident to provide you with updates in a very near future.
 
Kind regards and datalove
AirVPN Staff

Hello!

We're very glad to inform you that a new 1 Gbit/s servers located in Montreal (Canada) is available: Lacerta.

The AirVPN client will show automatically this new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP.

Just like every other "second generation" Air server,  Lacerta supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt.
 
Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
You can check the server status as usual in our real time servers monitor:
https://airvpn.org/servers/Lacerta
 
Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

Hello!

We're very glad to inform you that two new 1 Gbit/s servers located in Sofia  (Bulgaria) are available: Apus and Grus.

The AirVPN client will show automatically these new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP.

Just like every other "second generation" Air server, they support OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt.
 
Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Please note that these servers replace Fornax. Fornax has been withdrawn because its datacenter did not meet anymore our technical requirements.

Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team