go558a83nk

Hello!
 
We are very glad to inform you that Eddie 1.0 for Android systems has been released.
 
Eddie Android edition is a free and open source OpenVPN 3 GUI released under GPLv3. Source code is available here: https://gitlab.com/AirVPN/EddieAndroid
 
Main features:
Free and open source application based on OpenVPN 3 Only official application by AirVPN Robust, best effort prevention of traffic leaks outside the VPN tunnel Battery-conscious application Low RAM footprint Option to start and connect the application at device boot Option to define which apps must have traffic inside or outside the VPN tunnel through white and black list OpenVPN linked against mbedTLS library Android 5.1 or higher required fully localized (current available languages: English, French, Italian, Spanish, Turkish) The traffic leak prevention has proved to be stronger than the one implemented in OVPN for Android. A thorough OpenVPN error detection allows Eddie to "lock" the network in case of unrecoverable disconnection (for example when communications to the VPN server get broken).
 
Direct link to the Google Play Store: https://play.google.com/store/apps/details?id=org.airvpn.eddie
 
Direct link to download Eddie Android edition from our Eddie web site: https://eddie.website/repository/eddie/android/1.0/org.airvpn.eddie.apk
 
A quick tutorial is available here: https://airvpn.org/topic/29660-using-airvpn-with-eddie-client-for-android/
 
The APK will soon be available in F-Droid repository too.
 
This is a starting point: development of a new version which includes stricter AirVPN integration is already ongoing and we are confident to provide you with updates in a very near future.
 
Kind regards and datalove
AirVPN Staff

Hello!

We're very glad to inform you that a new 1 Gbit/s servers located in Montreal (Canada) is available: Lacerta.

The AirVPN client will show automatically this new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP.

Just like every other "second generation" Air server,  Lacerta supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt.
 
Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
You can check the server status as usual in our real time servers monitor:
https://airvpn.org/servers/Lacerta
 
Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

Hello!

We're very glad to inform you that two new 1 Gbit/s servers located in Sofia  (Bulgaria) are available: Apus and Grus.

The AirVPN client will show automatically these new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP.

Just like every other "second generation" Air server, they support OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt.
 
Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Please note that these servers replace Fornax. Fornax has been withdrawn because its datacenter did not meet anymore our technical requirements.

Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

I think this is the 2nd or 3rd time somebody has asked this.
 
I'm no expert by any means and I figured it out myself by just looking around and posting on the pfsense forums.  I'll write up something here for using an SSL tunnel.  SSH doesn't require stunnel but may require installing something like bash.  The other steps and actions are very similar.
 
You must install stunnel from the freebsd repo with a small workaround
It's recommended to install nano and screen from the pfsense repo
 
Start by browsing to https://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/  This is for 64bit systems, which I assume all are these days.  Find stunnel, and copy the link to it.
 
Open an SSH session to your pfsense machine, select 8 for the shell command line.  I use putty for this.  https://the.earth.li/~sgtatham/putty/latest/x86/putty.exe  run it and put in the ip address of your pfsense machine e.g. 192.168.1.1 with connection type SSH.
 
Via your SSH session find or create a directory on the pfsense machine to which to download stunnel
 
use fetch to download stunnel from the SSH prompt, like this -  fetch https://pkg.freebsd.org/FreeBSD:10:amd64/latest/All/stunnel-5.40,1.txz
 
use pkg to install stunnel - pkg install stunnel-5.40,1.txz
 
use pkg to install nano - pkg install nano
 
use pkg to install screen - pkg install screen
 
exit out of the shell session by typing exit at the command prompt
 
re-enter the shell session by selection option 8
 
download the config files you need from the AirVPN config generator page with your web browser.  Then we will upload them to the pfsense machine via the web GUI interface.
 
In the pfsense web GUI go to diagnostics>command prompt
 
In the upload file section upload the *.ssl files you need, for each server you may want to use.  And upload a stunnel.crt file.  If you've downloaded configs for several servers you may have many stunnel.crt files but you only need to upload one.  They're all the same.
 
Via the SSH session command line move those files you've uploaded to the pfsense machine to a permanent location.  Right now they're in the temp folder as the web GUI told you.
 
This step is not necessary but should help with performance.  I edit the .ssl files to use the least CPU intensive TLS 1.2 cipher.  By default it'll use a stronger cipher but this isn't the real security later, openvpn is.  This is just meant to defeat DPI.  Since your machine will be crunching SSL for stunnel and openvpn, choosing a weaker cipher here will save you some clock cycles.  In the permanent directory to which you've moved the .ssl and stunnel.crt files use nano to edit...
 
e.g. nano AirVPN_the_server_you_chose.ssl   under the line "options = NO_SSLv2" paste another line (no quotes) "ciphers = DHE-RSA-AES128-SHA256"  type ctrl+o to save the changes.  type ctrl+x to exit out of nano
 
run stunnel using screen so that it runs in the background.  like this - screen -dmS tunnel stunnel AirVPN_the_server_you_chose.ssl    the options -dmS are important, and so is the letter case.  "tunnel" is the name of the screen session, you can call that whatever you want.
 
Look via your web GUI of the pfense machine at Status>system logs to see that stunnel is running properly.
 
If it is, then proceed to editing your openvpn client by going to vpn>openvpn>clients and editing your AirVPN client so that it goes through stunnel.
 
The edits you must make to the openvpn client are: protocol must be TCP, interface must be localhost, server must be 127.0.0.1, server port must be 1413, and you must add to custom options from the corresponding .ovpn file (same server as the .ssl file you started with stunnel) the line "route server_IP_address 255.255.255.255 net_gateway" (without quotes).  Just open the .ovpn file for the server you chose with wordpad to copy and paste the line.
 
If "explicit-exit-notify x" is in your custom options remove it as that option won't work with a TCP tunnel.
 
click save to save the changes to the openvpn client and it should connect.  Again you can look in system logs to see more stunnel actions, and look at your openvpn status and logs, all via the web GUI.

The new Dallas servers are phenomenal thus far, thank you!

It's been a while since my last "review" - 2.5 years to be somewhat exact. My first one even dates back to 2014. Both are interesting reads if you want to know more about my story and how I used AirVPN over the years - along with my experiences with AirVPN, of course.


I quite can't believe it myself that I'm still here after five years. It's not like I expected Air to fail miserably, but I sure expected that after 3-4 years maybe the time will come to try something new because AirVPN wouldn't be able to satisfy me for some reason..
But no, I'm still here. And it's not because other VPN providers looked less promising (there was a brief moment when I really wanted to try out IVPN for a change), it's because AirVPN beautifully adapts to problems and trends in the market while staying true to their mission and not breaking anything in the process! The company's strategy is well thought out, both in handling technical challenges and managing users, and I actually enjoy being here. I can wholeheartedly say that I trust AirVPN's decision-making and it's a no-brainer for me to entrust them with "handling" my traffic, because I cannot fully trust my ISP.
 
[h2]What happened since the last review?
 
A year or so ago I was more or less forced to subscribe to Vodafone Cable because I moved to another city and the DSL lines are not as fast here as I expected them to be. It was sad to terminate my subscription to Deutsche Telekom (referred to as DTAG from here) because of this - OpenVPN works extremely well over their network and I was able to reach both my maximum upload and download throughput. And their network is rock-solid, you pay for some numbers and you actually get it in full, no strings attached. I am more than ready to pay slightly higher prices for bullshit-free network access like this. Only downside is that the Snowden leaks revealed NSA's direct access to DTAG customers' traffic... which is just another good reason to always be protected connected.
 
Now, Vodafone is a more cheeky fella. I compare them to Verizon a bit (or was it Virgin?), that one provider who injects (or did inject) advertisements into customers' traffic. I really believe they will start doing this as well one rainy day, so surfing via AirVPN is a must for me, so as to not give them any data to train some AI. Unfortunately, this comes with a price: bad packet ID warnings are a common sight, but they seem to appear irregularly and roughly correspond to the times when I think I don't get the throughput I subscribed to. I think there's some packet reordering happening in the background - rerouting traffic over other nodes or lines, who knows.
 
[h2]Throughput / Server quality and features
 
With AirVPN via Vodafone I was rarely able to reach some 40 MiB/s in download, but 20-30 MiB/s is more common and stable (till the next bad packet ). I see the same symptoms with upload throughput: 50 Mbit/s ordered, I rarely get it uploading on torrents, and I didn't determine numbers by other means.
Recently I noticed that specific server/port combinations can reach stable 5 MiB/s. But there are moments when a few simple bad packet ID warnings manage to disrupt even this.  Upload throughput fluctuates  apart from that between as low as 500 KiB/s and 3 MiB/s. There is a new development here, see below.
I use vanilla OpenVPN on Linux with the most recent three servers in Germany, namely Intercrus, Serpens and Tucana, all ports except 53, rotating by route-random. In my ovpn file I made a few comments on some servers:
On Intercrus, qBittorrent has a steady 5 MiB/s upload and downloads from my favorite Debian repo with 30 MiB/s more often than any other server. Tucana works extremely well on UDP/41185. Adhara and Cervantes are prone to low throughput. Errai and Ogma are "good", whatever I wanted to tell myself with this. In short: Most german servers can handle 40 MiB/s in download and definitely can hit 5 MiB/s in upload.
 
I won't go into the server's security too much because whatever AirVPN offers should be "industry standard" by now. AirVPN offers little choice on the encryption parameters used - it's always AES-256 with RSA-4096 keys. It's solely there to ensure the max of achievable security across all users and their devices. Use the maximum - it's in the interest of AirVPN and you.
 
[h2] A few remarks on the different client softwares
Eddie is so feature-rich, it's almost the go-to OpenVPN client on PC. It runs on all major platforms and can handle itself and some nasty OS situations. Needs more support for external ovpn configs and it needs to drop Mono. Like, now. Please? There's an Android app now, and it uses OpenVPN 3. Mr. Schwabe's client does, too, via setting, and I can tell v3 connects blazing fast and gives more thorough log output. The decision to go with v3 was not a bad one. Unfortunately, this thing is written with Xamarin, using C#, therefore it depends on MonoDroid. Please? We were promised Eddie 3 on GTK+ and Eddie-Android without Mono. The community is awesome (more on that later ). So awesome, it gave birth to Qomui by fellow forum member corrado - an alternative Qt-based AirVPN client for Linux. I don't use any of these - vanilla on Linux and Mr. Schwabe's client on Android do the job for me. I help test Eddie on Android when I have some free time, though.
 
[h2] The community
 
is awesome. Seriously. These forums are a gold mine if you look for knowledge, wisdom, might and magic about pretty much any topic related to (Air)VPN and general computer tech. As I said a few times in the past, the decision to create these forums for AirVPN users might just be one of the more important factors why AirVPN is held in high regard, even if regularly being called out as being "more technical that others". Honestly, you can ask some dumb question and you will not be called dumb - people who love talking to newbies like you will be there. Or, you can ask a very thorough question with lots of tech words in it and concepts one must work with to understand and you will be treated more professionally - people who love minds like yours will be there to advise you. Of course there's a nag here and there, but they are such a rarity that I almost believe writing this is not necessary. But still.
 
Staff is a book chapter for itself. Regularly active on the forums, managing the flood of support tickets, raising an undead army of community forum moderators. You can generally count on their posts to be helpful in their own special way.
And yes, you read right: Some of the moderators here were regular users like me and you! And through their engagement with the community and good, helpful practice they got "promoted" to forum moderators. I've known most of them for some time now and they all deserved it very much. If something like that can happen, you know that Staff is not afraid of their users - they encourage contact among them.
 
[h2] Anything more to say?
 
I must realize I'm not the most thorough writer of "reviews". Generally, I let my mind speak for me. So there are definitely some things I, willingly or unwillingly, didn't mention. If you want to find out everything about AirVPN as a VPN provider, you might just register and, I don't know, see for yourself?! You will not regret this.
 
I thank you for your time.
 
Update:
 
I replaced my DOCSIS modem and the throttling is gone! Now I reach stable 4 to 5 MB/s upload throughput! It doesn't seem to have much to do with my ISP in the end. Some uncontrollable feature of the modem, I guess, and no, I am not willing to look deeper.

Not quite. You create keys with your own names so that you can, for instance, connect to AirVPN on a device you are not going to use for long. So you generate a new key pair and use this to generate a config. When you no longer use it you delete the pair and this key can no longer be used to connect to AirVPN with your account.
 
A Certificate Revocation List by definition is a list of keys with a still ongoing validity which are marked invalid out of any reason by the issuer or owner before its time of validity expired. Your AirVPN keys are valid indefinitely, so a revocation makes little sense. Instead, you just delete the key from the database so that connecting with a deleted key leads nowhere.
 
 
It creates key pairs for you to use on different devices, for different purposes or some other reason.
 
 
Do not give in to any kind of paranoid thinking, like this. You do not generate the key pairs on your web browser, you request a generation on the server. Even then you are not simply presented with your key afterwards. You need to generate a config, only then the key will be bundled with it.
 
It's also important to note that these keys do not enable someone to decrypt your traffic. They are merely there for user identification against the AirVPN servers. The most harm someone can do to you is being constantly connected with five clients. You delete the key, the "bad user" gets thrown out.

Hello!
 
We inform you that the following servers are being withdrawn:
 
Fornax (Sofia, Bulgaria).
Reason: not meeting our technical requirements anymore.
Replacement: yes, 2 1 Gbit/s servers in Sofia in a different datacenter within 2 days (already operative, now testing)
 
Ara, Corvus, Fafnir, Monoceros, Pictor (Dallas, TX, USA)
Reason: they were temporary servers to support the migration of our main 10 Dallas servers. Migration completed, temp servers dismissed.
Replacement: yes, migration complete, the previous 10 servers in Dallas are now up and running https://airvpn.org/topic/28871-completed-migration-announcement-for-10-dallas-servers/
 
Antlia, Octans, Pavo, Sagittarius and Scorpius (Atlanta, GE, USA)
Reason: company shutting down operations.
Replacement: yes, 5 1 Gbit/s servers, already available since 31 Jul 2018 https://airvpn.org/topic/28854-five-new-1-gbits-servers-available-us
 
Kind regards and datalove
AirVPN Staff

FINAL UPDATE 19 SEP 2018
 
Migration has been completed and tests have been successful. All the mentioned servers are now available and connectivity is very good from major USA residential ISPs. IPv4 addresses remain the same, while IPv6 addresses have been changed. The servers operate in a new Dallas datacenter.
 
 
 
EDIT 18 Sep 2018: migration has been completed to a new Dallas datacenter and servers have passed the tests. All the 10 servers will be again available soon.
 
 
 
Hello!
 
We regret to inform you that we will soon start a migration and potential relocation of the following servers currently located in Dallas:
 
Chamaeleon
Equuleus
Helvetios
Leo
Mensa
Pegasus
Ran
Scutum
Volans
Vulpecula
 
The reason is that Cogent (our transit provider in Dallas) will not renew the contract on the current 10 Gbit/s line. Unfortunately they let us know very late, just a few days before the natural expiration and normal renewal of the contract itself. It's not a price problem, they do not want to renew with us and/or with our counselor in the USA.
 
The mentioned servers are our property but disconnecting, packaging, moving (or shipping), reconnecting and reconfiguring may take a long time (probably a month or more).
 
Therefore, we have decided to set up a small battery of new servers, five in Phoenix and five in Dallas itself, that will run during all the time which will be necessary to complete the migration. Such servers are being connected and set up in different datacenters as we write and after a brief 24/48 hours testing period we will make them available. All the new, mentioned servers have 1 Gbit/s ports.
 
We deeply apologize for the inconvenience and at the same time we are confident that you can understand that this sudden and unexpected issue was and is totally out of our control.
 
Kind regards and datalove
AirVPN Staff

Hello!
 
We inform you that on September the 18th, 2018, starting at 10.00 AM CEST, we will be performing special maintenance on our infrastructure. The maintenance aims to prepare a future migration to an updated forum board.
 
Expected maintenance time: from 10.00 AM to 11.00 AM CEST
 
Impact: all AirVPN web sites will be inaccessible. Only a courtesy page will be served. VPN servers and services will remain unaffected.
 
Kind regards
 

Hello!
We hope to provide you with a substantial update within the end of the September.
 
Kind regards

If you feel you're seeing a bug then create a support ticket.

OK, that's the entry IP 3, tls-crypt, so you need to change tls key usage mode to authentication and encryption.
 
Also, I assume you put the tls key from this new config in the proper field, not the other key from a tls-auth config?

The focus of this live system are online activities where you cannot use TAILS because it uses Linux or because TOR is mandatory there, which some sites do not like

The first version of the Win8.1SE x86 LiveSystem seems to have had errors, because a user reported that he had a warning on the desktop after booting, which might have been due to his hardware. Two other users have reported that they did not have the PortableApps.com menu. Since a new version of GPG4Win (Kleopatra) was released shortly after the upload, I decided to do a completely new ISO again. The ISO was tested on three different computers with two different USB sticks (which only affected the loading time) and worked everywhere. Finally, the uploaded files were downloaded again and created a stick of these files and tested to make sure that the uploaded files are OK.

Also the manual was supplemented with the point, how one makes a portable from a new GPG4Win version and how it is then to be integrated.

Finally, I simplified the access to the MultiRes option for users with a large monitor by now having an icon in the systray.
Win8.1SE_x86.7z.001
SHA1 D537D5B9214C37D2FD0F4695893323B03A426428
http://mirr.re/d/GAX

Win8.1SE_x86.7z.002
SHA1 D537935EE5E65DB91150FC570D96431C01A2F48F
http://mirr.re/d/GAj

Win8.1SE_x86.7z.003
SHA1 F3D2B6025ED8546403CDDC5A717080372740CFF6
http://mirr.re/d/GAi

Win8.1SE_x86.7z.004
SHA1 ECD7E07E3CBD252947BCD1538EDA896CE915267F
http://mirr.re/d/GAm

DP_WLAN-WiFi_17061.7z
SHA1 BBF886745AFE0350D056CBB9F969C8ED82DA9D8F
http://mirr.re/d/GAV

Win8.1SE x86 LiveSystem Manual-English.pdf
http://mirr.re/d/GAD

Win8.1SE_x86.ISO
SHA1 BD989B987A43A4F7C62B277404DEF3A390496334

I started with AirVPN almost two years ago. At first, I tried the usual high profile VPN providers. They all had fancy slick clients but performance was atrocious. I was resigning myself to accept that if I was going to use a VPN, my bandwidth would be slashed.
 
I then came across thatoneprivacysite.net and came across AirVPN. After trying AirVPN during the trial period, I found
 
I did not have to compromise performance, the staff was technical and not just another call centre, there is loads of information to get you started It works great with pfSense Since then, I have stayed with them because they have never disappointed me.
 
Thank you for this great service and for helping in protecting my privacy.

Sorry you're getting no help on this.  I don't use the app so I'm unfamiliar with its details and behaviors.  Otherwise I'd help.

The Dallas location has been in suck VPN mode for several days. And it still is as of 2018-08-28 at 2200 CDT.  I known I can use other locations, but I get much lower latency from Dallas, when it works.
 
I get 16ms pings from Dallas and the lowest from Chicago or anywhere else is 65 or much higher and way, way up out there.  The latency is slow enough that my wife asks me to check it for her. Never a good sign for the professional (retired) in house IT guy when your wife thinks your network solution sucks or there is somthing wrong with the network.
 
I have been an AirVPN Member Since 14 Jun 2013. I have faith that AirVPN will fix Dallas or get some other Southern USA servers going.  They have never once in my five years and two months and two weeks not done exactly what they stated they would do or were doing. I do not have any skin in the game. I pay full price like all 'normal' customers, but you do not need another VPN if you are on AirVPN.
 
PS: Note to AirVPN... Go Fix Dallas.
 
MVirgilStone59
 

Use entry IP 3 or 4 in your config generator choices.
 
P.S. tls-crypt was working prior to this update for openvpn connect on iOS.

To whom it might be of interest...
 
Problem is solved. Got a AC86U with 1.8Ghz dual core CPU and AES instruction set and the latency problem is gone.
 
openvpn / openssl does shut down datalink during tls rekeying on slow cpu.

Hello!
 
We have multiple plans for the USA, including the East Coast.
 
First and foremost we must complete the migration of the 10 Dallas servers you probably remember, from Cogent to another tier2 or tier1 provider.
 
Kind regards

Hello!
 
We regret to inform you that the following servers located in Atlanta (Georgia, USA) are being withdrawn:
Albireo - Azha - Dschubba
 
Reason: they are no more compliant to our technical requirements about uptime and allocated bandwidth.
 
Kind regards
AirVPN Staff

Yeah, I see that now.   But, I know I've seen Staff comment on this topic in the past and I'm just repeating what they said to the best my memory serves me.  Shrug.  I'll look for the past discussion.
 
https://airvpn.org/topic/26051-config-generator-using-deprecated-openvpn-commands/?hl=comp-lzo&do=findComment&comment=70698
 
That's one of the threads I was thinking of.  Looks like I remembered wrong. comp-lzo no must be specified or else there might be connection failure on some devices.

comp-lzo is in configs because some devices don't seem to work with "comp-lzo no" in the config.  But, AirVPN servers push a message that includes "comp-lzo no", which disables compression.

comp-lzo is in configs because some devices don't seem to work with "comp-lzo no" in the config.  But, AirVPN servers push a message that includes "comp-lzo no", which disables compression.

comp-lzo is in configs because some devices don't seem to work with "comp-lzo no" in the config.  But, AirVPN servers push a message that includes "comp-lzo no", which disables compression.