go558a83nk

Hello!
 
One will remain, Mesarthim.
 
 
 
Precisely. It was a bad story with Leaseweb USA, though. Our retaliation was canceling a wide battery of dozens of servers in the Netherlands, Germany and USA. Only Singapore was graced.
 
After a couple of months we received the official apologies from their mother company lawyers. In spite of the apologies an AirVPN founder decided to keep them on ice for two three years except for Leaseweb SG and some tiny servers in Leaseweb NL. Now we are trying to re-build a bridge of good relationships with them because we have seen that many things have changed.
 
Kind regards

It's good to see stuff like this in the forums.  Compared to two years ago I think Air forums have lost a lot of knowledgeable users so this is refreshing.
 
I don't think I'll have an opportunity to use this as I use pfense but I hope somebody finds it useful.

Hi! I'm looking into trying IPv6 on AirVPN, but I'm concerned regarding the following option in generated client config:
 
push-peer-info
 
 
While I do understand that it is required for passing environment variable with IPv6 enable flag, I'm worried regarding what OpenVPN documentation says about it:
 
 
 
Reading source code reveals, that it actually sends MAC address of current default route, but both documentation and source code are a little bit unclear at best on when it is being called and what type of MAC address is being sent. I'm pretty sure it has something to do with TAP interface only which is not used in AirVPN and this option does not affect privacy in any way, but still, it would be nice to get professional explanation.
 
Thanks in advance!

I was connected to another AirVPN server the other day and rarbg was telling me my IP was banned.  It wouldn't let me post comments to torrents, or vote on comments, or look past page 2 of the list of torrents.
 
But, I had no problems downloading torrent files.
 
I went to another AirVPN server and had no problems.  Obviously there are users of AirVPN who are morons and cause problems for the rest of us.

Hello!

We're very glad to inform you that four new 1 Gbit/s servers located in Germany are available: Intercrus, Serpens, Tucana and Veritate.

The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP.

Just like every other "second generation" Air server, they support OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt.
 
Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Please note that these new servers will replace three older servers in Germany, and precisely Lepus, Libertas and Perseus which will be withdrawn on July the 11th, 2018.
 
Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

Hello!
 
Why should we do that? In other words, what advantages in terms of security and/or performance do a user get from Wireguard (over OpenVPN) when deployed before an audit has been performed?
 
In terms of performance, we are concerned about this:
https://www.wireguard.com/performance/
 
The Wireguard performance is low, while the OpenVPN reported throughput is fake. Remember that we could beat in a single core of an archaic Q6600 CPU 300 Mbit/s in 2014. In 2018 (just a couple of weeks ago) we have obtained 1.7 Gbit/s on our AES-NI optimized machine with a load of 300+ clients practically in just ONE CORE of an E3-1270 @ 3.80 Ghz with a Linux kernel 4.9 and AES-256-GCM (so we could even go higher with ChaCha20 Poly305).
 
The fact that in the Wireguard web site not believable data for OpenVPN is published is a reason of concern. Then, the performance of Wireguard is not interesting, especially on a core of an i7 with ChaCha20.
 
On top of that, it is unfair to deploy to our customers a service based on a software that's not yet been tested enough in our opinion. USA Senator Wyden recently recommended Wireguard to replace everything (IPsec, OpenVPN...) in USA infrastructures and recommended to recommend Wireguard to NIST:
https://www.phoronix.com/scan.php?page=news_item&px=WireGuard-Senator-Recommends
 
Why this requirement before any serious audit when we know for sure (from the Snowden documents) that plans to insert backdoors in random number generators and other cryptography-related software, and then have that very software approved by NIST, started several years ago? This is another reason of concern that maybe makes Wireguard wide deployment premature: it is safer to check deeply the software and the ECC employed first, and then deploy to the public.
 
Remember what happened  with the infamous Dual_EC_DRBG, we are not short on memory like some of our competitors are, and we are not trading your security for a fistful of dollars by riding the Wireguard hype. When and if Wireguard will prove to be as secure as OpenVPN, and capable to provide the same (or higher) performance, and provide obfuscation and more protocols choice, then we'll be very happy to experiment with it.
https://en.wikipedia.org/wiki/Dual_EC_DRBG#Software_and_hardware_which_contained_the_possible_backdoor
 
Kind regards

Yes, the subnets are unique for each OpenVPN daemon. You can't overlap when you connect to different servers for multi-homing from the same machine, for example. However, you have several small subnets /24 on each server, one per daemon, and you can't say in advance which subnet your system will enter because of the load balancing system which "welcomes" the clients and "assigns" them to the OpenVPN daemon running in the less loaded core (at the moment of connection).
 
The huge convenience of this implementation is that now we can break the previous throughput limits caused by the lack of "parallelization" of OpenVPN.
 
The Moore's law is being infringed and we can't expect significantly more powerful CPus (at one core level) for a long time; in computing power advancements we will probably never experience again (at least in our life) the peaks of 1996-1998;  it's time to fight the software bloat, but a fully scalable multi-core OpenVPN release is probably not coming out soon; therefore the load balancing we have implemented is an immediate break through.
 
Kind regards

Is it normal for a traceroute to a local IP address to reach the internet!?

In ten plus years of subscribing to multiple vpns I've found myself growing increasingly disgusted by all the marketing hype. The vpn world has as much marketing hype/BS as any industry I've ever seen. Any business that hypes itself inevitably winds up making gross exaggerations and, left unchecked, that inevitably leads to outright lies (PureVPN, IPVanish, and others claiming they don't log). When it comes to my personal security I have no time for hype. So for me to discover AirVPN a couple years ago was a perfect match. Zero marketing hype. In fact zero marketing at all. They don't advertise. They don't pay for "reviews," so you won't find them on those so-called "review" sites. Most of their customers appear to be seasoned vpn users who don't tolerate BS and demand first rate service. AirVPN delivers that and at a reasonable price. It's also given me the opportunity of learning far more about netsec than I ever could have elsewhere, both from Air's support staff and from other Air customers on their forums. The level of their technology and security is dramatically better than all but perhaps one or two others, but for half the money. Two things I wish they had are neural routing and multi-hop/chaining, but if they did they might have to charge what Perfect Privacy charges, which I'm unwilling to pay. As it is I find the level of security they offer with OpenVPN over Tor, OpenVPN over SSL and OpenVPN over SSH to be as good as it gets. AirVPN may not be the best suited, however, for newbies and neophytes who are looking for a minimalist plug and play solution and expect everything to work immediately without having to know anything themselves. Air is extremely feature rich offering options that even some of the most expensive vpns don't. It has features that I didn't know I needed, but now that I've used them couldn't live without. AirVPN does have excellent customer support, but they tend to be geared more for those who take security seriously and are willing to invest a little time toward that goal.

Thanks I've updated my script accordingly.
 
Last thing, I used to graph the ping to the first IP on the outside of the tunnel. I used to do that with the gateway 10.4.0.1. Is there any IP I could use to continue doing that? (an IP that would not change over time I mean)

Hi Nadre,
 
not random, they are unique (and always the same) for each OpenVPN daemon of each server. You will not find the same subnets, either in IPv4 or IPv6, in two different AirVPN servers or even daemons (that's why Gen 2 are multi-homing friendly, which is a feature frequently requested by pfSense and other systems users since when we provide five simultaneous connection slots).
 
Kind regards

Hello!
 
We inform you that IPv4 addresses of the servers mentioned in the subject have been changed. The change was mandatory to have the servers communicate in a different sub network in the same datacenter. The old IP addresses were behind a peculiar DDoS protection which was impacting performance heavily (maybe due to some sub-optimal configuration against UDP).
 
From now on the three mentioned servers should go back to the normal and expected high performance.
 
If you run Eddie, just update servers data (Eddie will do that automatically anyway, unless you explicitly disabled this function). If you don't run Eddie, please remember to generate new configuration files for those servers, if you wish to connect to them.
 
Kind regards
AirVPN Staff

Hello!
We're very glad to inform that full IPv6 support is being deployed to our VPN servers. The experimental phase ended during the first half of June and we can now reliably deploy IPv6 to any other VPN server, provided that it is in a datacenter with IPv6 infrastructure of course. This thread will be periodically updated to provide the list of VPN servers new generation setup (internally, we call this new setup "Gen 2").
 
FINAL UPDATE: as of September the 14th 2018, all AirVPN servers have been upgraded to 2nd generation software.
 
 
New smart features:
Standard protocols/ports with IPv6 support (*), updated OpenVPN server, better cipher negotiation. You can keep using AirVPN as usual, even if you have an old OpenVPN version, on entry-IP addresses 1 and 2 of each server. Additional protocols/ports with IPv6 support (*), updated OpenVPN server, better cipher negotiation, 'tls-crypt' support (*), TLS 1.2 (*) forced on entry-IP addresses 3 and 4 of Gen 2 servers. The additional protocols/ports mentioned in this paragraph require OpenVPN 2.4 or higher versions (*) OpenVPN 2.4 or higher version is required.
 
tls-crypt plays a role even against ISPs that throttle or block OpenVPN.
 
Something more about tls-crypt can be found here: https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
Search for "--tls-crypt keyfile"
 
 
Planning the future: internal load balancing between multiple OpenVPN daemons.
 
This is a feature which will let OpenVPN squeeze the maximum bandwidth on each server, because OpenVPN runs in a single thread of a single core. By balancing the load on multiple OpenVPN daemons with a reliable algorithm, we overcome significantly this OpenVPN limitation.
 
Such bandwidth would be mostly wasted without our load balancing method simply because there are no CPUs capable to process 10 Gbit/s AES-256 encryption/decryption on multiple flows to/from multiple channels (according to our empirical tests on the field, the load does not grow linearly with the growth of connected OpenVPN clients) with just one one core.
 
Our solution is important because it's a founding prerequisite toward servers connected to 10 Gbit/s lines, even if OpenVPN multicore / multi-threading support should not become available in the near future, not to mention that it can be useful even in different environments.
 
The internal load balancing is already active on all "Gen 2" servers.
 
Kind regards and datalove
AirVPN Staff

I just found this internet resource which is interesting for AirVPN users in Asia-Pacific etc, and may help understand ping times and traceroutes and congestion.
TeleGeography Submarine Cable Map
https://www.submarinecablemap.com/
Seems to be free without subscription push.

Hello!
 
We can gladly confirm that according to the first reports tls-crypt (only on TCP) works in China and it is faster than OpenVPN over SSL. tls-crypt with UDP also works in some networks and this is the maximum OpenVPN performance. In some other networks tls-crypt with OpenVPN in UDP does not work but not because of tls-crypt in itself, but because UDP is unconditionally blocked.
 
Kind regards

Hello!

We're very glad to inform you that a new Eddie Air client version has been released: 2.14.5

Eddie 2.14.5 includes many important bug fixes and changes. You can see them all on the changelog here; https://airvpn.org/services/changelog.php?software=client&format=html.
 
As usual, Eddie is released as free and open source software under GPLv3.
 
New important features have been added. Now Eddie includes a full, seamless and integrated IPv6 support, as well as new features which will let you use our latest service additions (including IPv6 and tls-crypt).
 
Users who have only IPv4 connectivity will be able to access IPv6 services, At the same time users who have only IPv6 (and not IPv4) connectivity, will be able to use our service without limitations.
 
tls-crypt implementation provides a new, interesting way to efficiently bypass blocks and throttling against OpenVPN.
 
This version has been released GNU/Linux, OS X (Mavericks or higher is required), macOS and Windows (Vista or higher is required).

2.14.5 version is compatible with several Linux distributions. For important notes about environments, please read here:
https://airvpn.org/topic/27259-status-of-eddie-on-linux-distributions/

Due to the large amount of bug fixes and changes, as well as the addition of new features, upgrade is strongly recommended.

Just like previous versions, Eddie implements direct Tor support for OpenVPN over Tor connections. Eddie makes OpenVPN over Tor easily available to Linux, OS X and macOS users: no needs for Virtual Machines, middle boxes or other special configurations. Windows users will find a more friendly approach as well. This mode is specifically designed for Tor and therefore solves multiple issues, especially in Linux and OS X/macOS, including the "infinite routing loop" problem (see for example http://tor.stackexchange.com/questions/1232/me-tor-vpn-how/1235#1235 )

As far as we know, Eddie is the first and currently the only OpenVPN wrapper that natively allows OpenVPN over Tor connections for multiple Operating Systems. https://airvpn.org/tor This is the first stable version which sends a NEWNYM signal to Tor to ensure the use of a new circuit in every connection.
We recommend that you upgrade Eddie as soon as possible.

Eddie 2.14.5 for GNU/Linux can be downloaded here: https://airvpn.org/linux
Eddie 2.14.5 for Windows can be downloaded here: https://airvpn.org/windows
Eddie 2.14.5 for OS X Mavericks, Yosemite, El Capitan and macOS Sierra and High Sierra can be downloaded here: https://airvpn.org/macosx

PLEASE NOTE: Eddie 2.14 package includes an OpenVPN version re-compiled by us from OpenVPN 2.4 source code with OpenSSL 1.0.2k for security reasons and to fix this bug: https://community.openvpn.net/openvpn/ticket/328

Eddie overview is available here: https://airvpn.org/software
Eddie includes a Network Lock feature: https://airvpn.org/faq/software_lock
Eddie is free and open source software released under GPLv3. GitHub repository: https://github.com/AirVPN/airvpn-client

Kind regards & datalove
AirVPN Staff

https://torrentfreak.com/ipvanish-no-logging-vpn-led-homeland-security-to-comcast-user-180505/
 

I agree.  airpvn.org is one of the slowest loading web sites I've ever used when I have to login.  It's not bad when everything is cached.

Congratulations!

Hello!

Today we're starting AirVPN eighth birthday celebrations!
 
From a two servers service located in a single country providing a handful of Mbit/s, the baby has grown up to a wide infrastructure in 20 countries in three continents, providing now 209000 Mbit/s to tens of thousands people around the world.
 
2018 is the year that's bringing full IPv6 support to the infrastructure as well as "tls-crypt", an OpenVPN feature which makes circumvention of blocks against OpenVPN, an issue which is particularly important in countries controlled by human rights hostile regimes, even more efficient than the other methods we have been providing.
 
Software related development has also been powered up, and during this year you will see the development of specific software for Android platform (which is already available as a beta version), an important addition to the already existing line up for GNU/Linux, macOS and Windows.
 
Our mission https://airvpn.org/mission has been and will be empowered by the ongoing support to projects and NGOs which aim to the protection of privacy, personal data and freedom of expression.
 
If you're curious to know something about a series of fortunate events which gave birth to AirVPN, have a look here:
https://airvpn.org/aboutus

To worthily celebrate Air's eighth birthday, we're glad to inform you that starting from now we will offer a 30% discount on all plans. Hurry up, this special offer will end on June the 11th, 23:59:59 UTC! Check the new prices here.

Kind regards and datalove
AirVPN Staff

You can use only particular apps via the vpn without having to turn on VPN for the whole system. Highly useful. For example, I'd like to have one browser using the VPN (using socks5 proxying, which all browser know ho to handle), but not my email or other internet apps.

Your title is misleading.  TLS 1.2 has been in use for some time.  tls-crypt is what's new.
 
Paste in the tls-crypt.key info into the key field, and then below it select the option for authentication and encryption.
 
Then also change the auth digest to SHA512.  that should be what you need to connect.
 
If you aren't already doing it, you should also see performance improvement using AES-256-GCM as data cipher vs CBC

I think you are referring to me. I live in a country where OpenVPN on both TCP and UDP protocols are blocked. SSL and SSH are working however
they are really slow with lots of packet loss and disconnects a lot. tls-crypt on the other hand is really working great for me and I can
utilize all my available bandwidth using tls-crypt.

Regular connections are just as safe.  SSL or SSH are needed to bypass blocks or throttles.
 
It would be interesting for you to try a tls-crypt config on your mobile if you can.  Another person has reported that that bypassed a block.

1 and 2 are tls-auth, 3 and 4 are tls-crypt.
 
The reason for having two of each is in case one is blocked by ....  ISP or something.
 
If you resolve a server name, for example, "nslookup leo.airvpn.org", it'll resolve to its #1 IP.