go558a83nk

I hope this isn't a common belief.  The VPN is only encrypting between client and server and vice versa.  Your data after it exits Air's server or before it enters Air's server isn't encrypted by the VPN.
 
Even in this example above, if connected to two servers in the same datacenter, the data is decrypted/encrypted as it passes from one Air server to the next.  If not in the same datacenter then it certainly enters the "internet" decrypted.

There is a new project that might be more useful.
At least it is fully customizable and easy to understand and integrate.
 
 
https://ffprofile.com
 

people, please read the original message carefully.  Staff say the severs contain no "sensitive information".  I'm sure that means certs and keys are NOT compromised. 

The main advantage this sort of router would have over pfSense on any old system is very low power usage and no noise. Other than that, you can build a Raspberry Pi to do what you want if you have the patience to get everything configured as you like.
 
*Edit* I should point out the router is much more potent than you may think. It is a dual core 1.6 Ghz CPU. Not a single core.

As of today ,you can upload your public key ;to be part of the DNS structure.This gives more convenience and eas of use for end to end encryption.Its also a spam stopper.
Read the blog please :https://posteo.de/en/blog

Hello!
 
We're very glad to inform you that six new 1 Gbit/s server located in Canada are available: Agena, Avior, Mintaka, Saiph, Sargas, Tyl.
 
The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator").
 
The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP.
 
Just like every other Air server, Agena, Avior, Mintaka, Saiph, Sargas and Tyl support OpenVPN over SSL and OpenVPN over SSH.
 
As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Do not hesitate to contact us for any information or issue.
 
Kind regards and datalove
AirVPN Team

Hello!

We're very glad to inform you that five new 1 Gbit/s servers located in the Netherlands are available: Ancha, Caph, Kocab, Muscida, Pleione.
 
The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP.

Just like every other Air server, Ancha, Caph, Kocab, Muscida and Pleione support OpenVPN over SSL and OpenVPN over SSH.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team
 

Hi,
 
I am an original founder of AirVPN and I am aware of this "problem" since about 2002 when I started using OpenVPN. I don't understand "so much ado about nothing". It's not even a vulnerability, it's simply how the Internet works.
 
Articles like this one http://0x27.me/2015/11/26/Practical-Exploitation-of-Portfail.html could have been nice like thirteen or fourteen years ago, but now...?
 
Maybe it's just a a sad picture of how unprofessional nowadays VPN services have become, or maybe it's only that IT culture and knowledge have still a long way to go. To a techie eye, these articles are very detrimental for consumers' VPN services. They could cast a shadow of lack of professionalism on the whole industry. AirVPN personnel competence standards have always been and will always be at a (much) higher level than these articles might make you think.
 
Ciao!

This could be a valid point, hence why you should use unique names here that are not associated with any other identities online.
Then, combining a strong password, no adversary should be able to know that you are actually you.
 
I mean, if they don't already have some prior info about you like infected machine or so. But then, 2FA will do little to help you.
Personally I think 2FA will just make people link their real mail accounts to their VPN accounts, and phones, and this is not very
good practice in general. If you want to solve the issue just use a very strong password, and then the only attack vector will be
attacking Air's servers directly, in which case passwords/2FA would be useless anyway.
 
Hope this made your threat model a little more clear.

Hello!
 
It's a correlation attack through some social engineering support. A solution is having separate entry and exit-IP addresses on each VPN server, just like in AirVPN.
 
The astounding information in the article, if true, is that nine [five, fixed by pj] providers have not taken care of that. The attack in itself is very trivial and is quite common knowledge in consumers' VPN industry. Perhaps the five providers cited in the article are not "VPN industry", but amateurish services?
 
Kind regards

Signed up for the free trial earlier today and am delighted to report no problems at all.
 
I am using a Linuxmint system and the client was a breeze to download and use, this is not always the case with third party Linux software but this does exactly what it says on the tin.
 
Will certainly be signing up for the full package

Hello!

We're very glad to inform you that a new 1 Gbit/s server located in the Czech Republic is available: Alioth.
 
The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").
 
Alioth accepts connections on ports 53, 80, 443, 2018 UDP and TCP.

Just like every other Air server, Alioth supports OpenVPN over SSL and OpenVPN over SSH.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

can only do so much and not be a hermit with zero technology.
 
I run the whole house through VPN but not much else.  there's plenty of me out there in social media, etc.

you must forward ports in the router since you are using the router as your openvpn client.
 
https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/

I would install Kodi and some addons such as phoenix, genesis, and more. 

just look at the openvpn log, it says what cipher is used.

Hello!
 
Ok, anyway, if you prefer so, probably you have noticed that since some weeks ago you can use (provided that your OpenVPN and OpenSSL or PolarSSL supports it) the following TLS cipher:
 
DHE-RSA-AES256-GCM-SHA384
 
with TLS 1.2.
 
The RSA keys are of course the same (4096 bit) as well as DH keys (4096 bit).
 
If you feel that HMAC SHA1 is not adequate for the Control Channel (but we see no reasons for that) you can use the above cipher.
 
Kind regards

1) Mint 17.x is easy to use for Linux beginners
2) Yes.  I suggest you use VirtualBox as your VM type.  Creating shared folders (shared between the host and guest OS) is easy in the VirtualBox settings for the VM.  In the guest OS you'll find the shared folders in /media
3) In VirtualBox you can create snapshots of your VM in a healthy state and use that snapshot if you have problems later.
4) To bypass the VPN running on your host OS you'll need to setup the network type for the linux guest as bridged adapter in the "attached to" setting.  NAT is default.

I use an Asus AC68 with merlin firmware as VPN client and I've never had your experience.  If it's slow or throttled it is with either the router or Eddie.
 
one thing to look at on the router is the status page with the CPU usage graph.  make sure that both cores are being used when you're downloading something and openvpn is having to work hard.  what that shows is that kernel work is done on one core while openvpn is running on the other core.
 
if only one core is being used then try switching to another openvpn client in the web GUI as programming sometimes has different clients mapped to different cores.  or you can just change core affinity using taskset via an SSH session.

The airline hijacking attacks of September 11, 2001 was so low-tech and so simple in design that it was, in a word some software programmers like to use to describe programming code with which they are impressed, elegant in that it was too pedestrian to warrant imagination much less suspicion.  Only the hyper-active fantasizing of adolescent thinking could devise a post-mortem scenario that would conclude the efficacy of the plan's success hinged on the clandestine participation of a government the size of a small country staffed by people with the willingness and capability to keep their collective mouths shut while thousands of their countrymen, some of whom could have potentially been relatives, would be sacrificed to the slaughter.  Not possible...not possible at all.  There exists far too many whistleblowers motivated by political ideology to subscribe to such a notion.  What happened on that date in the United States happened as it was witnessed, whether witnessed in person or live on-screen.

At least this is one of the few providers in UA that has the same goals as Air.
And full network neutrality and transparency. There are no "real" Gigabit providers in UA, most of them will share a 1Gbit port over 10 servers
with best effort, where you can forget about the common 95 percentile rule.
 
When it comes to this DC, only thing I can do is thank Air staff and Cali, an amazing admin (the owner of the small datacenter in UA called URDN)
that did everything to protect neutrality even during the hard times in UA and hard times from Spamhaus trolls for keeping his customers connected.
 
Great news.

Any update on a replacement for Etamin in Dallas? I really miss that server =(

wow, Furud will be happy to share the load.

I have a workstation that runs 1440p on debian with no issues what so ever using only intel onboard. Its also tied into a hd tv and plays anything and everything via xbmc like a dream. Nvidia has even better support and a nice control panel. My gaming pc runs a nvidia gtx780 and games wonderfully.
 
The issue is most likely in your xorg.conf. That or mint just being a fluffy mess.
And if you're using a laptop that has onboard intel as well as nvidia it can get a little tricky. Not all distros have the driver support to pick up this type of multiple hardware setup. People not running setups like this normally have 0 issues.
 
@xorg
Using Xorg -configure will leave you with a completely worthless and often broken xorg.conf. Better off not running Xorg -configure or try backing up then deleting the xorg.conf currently in use.
 
There's a few tricks when only using intel onboard as well, or for when there's nvidia hardware next to the onboard intel. Essentially you only add in the driver section after installing the appropriate intel driver 'if the hardware isn't recognized'
Section "Device"         Identifier  "Intel Graphics"         Driver      "intel"         Option      "AccelMethod" "sna"         BusID       "PCI:0:2:0" EndSection  You'll need to find out your BusID:
BusID       "PCI:0:2:0"
Often looking in your current xorg.conf will show you whats where.
 
For the most part though none of the above is needed unless you have some oddball hardware. And some distros have more up2date versions of xorg providing better hardware support.
 
All in all even if modification of the xorg.conf is needed, its about 100x less work than attempting to make windows even somewhat secure.

The entire WebRTC leak thing was very overhyped over the past year, and many less-honest VPN providers jumped aboard and used this is a marketing/sales pitch.
In reality, if you are connected to the VPN already, and your WebRTC test reports 10.4.x.x IP (which is probably Air's internal IP) there is nothing bad in that.
 
The problem arises in very rare cases, when no NAT device is present, for example when you connect an ethernet port from your cable modem to your LAN adapter directly,
and your ISP assings you public IPs by defailt. In this case, your reported WebRTC IP would be not internal, but external, potentially exposing your original IP address.
But this setup is very rare these days, most people have Wi-Fi's, which automatically implies usage of a router with NAT mechanism.
 
The danger of growing Mobile ISPs that assign routable IPv6 addresses, which all VPN providers not yet support, is much higher than WebRTC.