go558a83nk

Thanks for the new servers, Staff.
 
Please note that Tegmen's entry and exit IPs are geolocated to Seychelles (SC) in Maxmind and other databases.
 
Which might be a great addition for people that like to exit from "exotic" locations. That's awesome.
 
 
//P.S.
 
In fact, this leads me to a new suggestion, for example on ipleak.net.
Just like with Nihal, which still geolocates to Portugal everywhere (Since Bitcanal is a Portugese DC),
why won't you add an additional menu where the user will be able to see what country other services like
Maxmind, Google (which includes also Youtube and others) geolocate the IP to?
 
There are APIs to do that, for example for Google:
http://lab.abhinayrathore.com/ipmapper/

Hello!

We're very glad to inform you that a new 1 Gbit/s server located in the USA is available: Etamin.
 
The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").
 
The server accepts connections on ports 53, 80, 443, 2018 UDP and TCP.
 
Just like every other Air server, Etamin supports OpenVPN over SSL and OpenVPN over SSH.
 
As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Do not hesitate to contact us for any information or issue.
 
Kind regards and datalove
AirVPN Team

Hello!
 
Nice idea; it has just been implemented.
 
Kind regards

I think it's an unnecessary pressure, to run public P2P torrents on U.S. servers.
It's kinda allowed by Air's ToS, since a real neutral provider cannot put b.s. policies like "don't do 1,2,3 on XYZ".
There are so many less known trackers and protocols you can choose from, or simply use a non-U.S. server for that.
 
Whenever you can, just avoid doing anything that can lead to a DMCA letter on a U.S. server (best example are public movie/music torrents).
Unfortunately most people have the "I paid for it, so I'll do whatever I want, that's what VPNs are for" approach, but just like running Tor exits, it's
a very unhealthy thing to do for the community in general. The amount of abuse generated by public torrents is more than you can imagine.
 
The previous 6 Leaseweb U.S. servers were probably widthrawn for this reason exactly.

Hello!

We're very glad to inform you that a new 1 Gbit/s servers located in the United Kingdom is available: Dabih.
 
The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").
 
Dabih accepts connections on ports 53, 80, 443, 2018 UDP and TCP.

Just like every other Air server, Dabih supports OpenVPN over SSL and OpenVPN over SSH.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

Hello!

We're very glad to inform you that a new 1 Gbit/s servers located in Spain is available: Brachium.
 
The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").
 
Brachium accepts connections on ports 53, 80, 443, 2018 UDP and TCP.

Just like every other Air server, Brachium supports OpenVPN over SSL and OpenVPN over SSH.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

Thanks!  This is great.  Always had problems getting good UDP speeds on Comcast, but SSL always improved it.  Assumed it was traffic shaping.  Big changes when increasing buffer sizes.  Used speedof.me - Pollux speeds are to a test server in Atlanta.  Nashira speeds are to a test server in London.
 
50/12 Comcast connection, Windows 7, i7-3520M Server/Protocol/Port/Buffer size/Download speed/Upload speed/latency (mean of 3 values, speeds in Mbps, latency in ms) No VPN - 56.65/12.31/22  Pollux UDP 80 (8192) - 8.02/11.13/37Pollux UDP 80 (262144) - 22.05/11.08/35Pollux UDP 80 (393216) - 49.72/11.05/36Pollux UDP 80 (524288) - 48.93/11.2/36Pollux UDP 80 (655360) - 50.76/10.97/34Pollux SSL 443 (8192) - 51.2/6.7/36Pollux SSL 443 (524288)- 50.22/7/35 Nashira UDP 80 (8192) - 2.12/2.08/172Nashira UDP 80 (262144) - 12.1/2.55/163Nashira UDP 80 (393216) - 12.6/2.4/166Nashira UDP 80 (524288) - 15.02/2.36/175Nashira UDP 80 (655360) - 17.18/2.57/164Nashira UDP 80 (786432) - 16.07/2.32/170Nashira SSL 443 (8192) - 11.9/1.22/166Nashira SSL 443 (524288)- 14.52/1.18/171

I haven't been able to locate another VPN provider that has a client that compares to the AirVPN client.  The one feature that I've been unable to find in other clients is the internet network lock feature.  Nobody comes close to touching the feature, at least in a cross-platform (Linux, OS X, Windows) client.  Great job AirVPN staff!  The AirVPN client will be even greater once it is loses its dependency on the Mono framework.

just another try to point in the direction of this thread.  have you tried the buffer changes ddrnewb?
 
https://airvpn.org/topic/13652-eddie-udp-443-on-windows-vs-linux/

Hi,
 
I know this topic is old but maybe my response can help someone. I have struggled with this bug for more than 3 days. (Linux speed fine, poor Windows speed)
 
Solution (works for Windows 7 64bit Home Premium)
Goto AirVPN->Preferences->Adanced->OVPN directives
Add in left field:
 
sndbuf 65536rcvbuf 65536 you can try higher values but 65536 is minimum (I get best results using 524288 (512KB) - default value is 8192 and it's too low) After adding this 2 lines my speed are similar on Linux and Windows boxes

and for people interested there is an extension available for Firefox https://www.dnssec-validator.cz/

Just a finding: If you are a Windows user and you experience constant ups and downs with your torrent download speed - let TCPOptimizer tweak your registry values a bit.
Launch it as admin. Slide the connection speed slider to your connection speed in kbps. Select your primary network interface controller (not TAP!). Click Optimal at the bottom of the window, apply changes, confirm them and reboot if you like. How do I know this works? Had exactly the same problem just now. I installed a fresh Windows and didn't optimize TCP/IP settings yet. Truth is: A fresh Windows installation will miss many registry entries in regards to your system's TCP configuration (RcvWindow, MaxConnectionsPerServer, MaxMTU, ..). Try it out.
 
Also, if you experience "traffic shaping"-like behavior of your internet connection while connected to AirVPN, let TCPOptimizer do the magic and see if it helps you.

Hello!
 
We don't see how it would increase security. HMAC is secure, it does not really matter if the lower layer hash is SHA1 or SHA256. SHA1 attempted hash collisions by an attacker are meaningless, because before trying that the attacker should have found the HMAC keys.
 
HMAC SHA256 is not planned at the moment. We are hesitant with ECC for the problem with NIST parameters based curves. These have been created by NSA (by Jerry Solinas) and there are some doubts that must be taken into consideration about "cooked" constants, although unlikely.
 
So the real paranoid person might stay away from elliptic curves based on NIST recommended constants. Please see also:
https://crypto.stackexchange.com/questions/10263/should-we-trust-the-nist-recommended-ecc-parameters
 
Ideally, OpenSSL etc. should not use NIST curves, there's no reason to do that because there are better alternatives.
 
By the way, in a more general vision, it does appear inappropriate to think about even stronger encryption in our service, either for the Data Channel or the Control Channel.
 
Kind regards

Hello!
We just tried
 
sndbuf 8192 rcvbuf 8192 verb 5in Preferences->Advanced->OVPN directives->Custom, with OS X, and everything works fine.
Maybe you have a simple typo issue, directives "sendbuf" and "recvbuf" do not exist, but "sndbuf" and "rcvbuf" do.

"Opening utun (connect(AF_SYS_CONTROL)): No buffer space available"
is a bug that sometimes appears on some systems. It's not related to Eddie (our client), it's related to OS X / BSD and OpenVPN.

Unfortunately, we are unable to reproduce it in our labs for investigation.

Does your sndbuf/rcvbuf solution resolve the issue, or does it limit it?
Do you have ALWAYS the above error? Can you post a full log?

Eddie doesn't have in bundle a TUN driver, because Maverick and above already have it (utun). One of the Tunnelblick solution for the 'No buffer space available' is adding a custom directive
dev-node tunso that OpenVPN falls back to the older TUN driver. Maybe it could work for you if you have the older driver.

Sorry but we can't reproduce this issue, so we can only speculate.
 
Kind regards

please look for servers in the south central US.  the distance is very large to the east and west coasts.  somewhere like Austin, Houston or Dallas would be ideal and would serve many people in the central US

It's not true that you need the Eddie client to do SSH or SSL.  On capable OSs you either need to run the script to create the SSH tunnel or use stunnel to create the SSL tunnel.  Then use the corresponding ovpn config in your openvpn client which will connect to the listening port on your machine and tunnel through to Air.

If what Staff says is true regarding your OS and use of tunnelblick, that it ignores the DNS push from AirVPN (no reason to doubt it), then it means that if you set nicproject DNS manually in your OS you'll still be using nicproject DNS even when connected to VPN.  this isn't a bad thing.  All DNS requests will go through the tunnel, but will go to nicproject servers, not Air DNS.

See https://diafygi.github.io/webrtc-ips/

without noscript this site did indeed see my real WAN IP address.
I you're using Firefox, set 'media.peerconnection.enabled' to false to prevent it.

Hello!

We're very glad to inform you that a new 1 Gbit/s servers located in the USA is available: Yildun.
 
The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP.

Just like every other Air server, Yildun supports OpenVPN over SSL and OpenVPN over SSH.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

Hello!
 
We're glad and proud to inform you that the new client Eddie 2.9 is almost ready to be released.
 
In the meantime, you might like to test Eddie 2.9 Experimental, which is already available. Eddie 2.9 Experimental has already passed successfully the alpha testing and has almost completed beta testing. You're very welcome to test it, if you feel a little adventurous: the version you find available for download is also a very serious 2.9 release candidate.
 
In order to download it, after you have entered the download page for your system click "Other versions" and click "Experimental".
 
This version includes bug fixes, important changes and many options required by you.
 
Here is the changelog:
https://airvpn.org/services/changelog.php?software=client&format=html
 
[new] Windows - Option to disable IPv6 [new] OS X - Option to disable IPv6 [new] Network Lock option for Private network [new] Network Lock option for ping [new] Options to use custom DNS servers [new] UI - Command-line in logs tab [change] New explicit option for Network Lock activation when client starts up [new] UI - Network Lock icon on top-right corner [bugfix] Whitelist/Blacklist no more reverted with 'Refresh servers' button [change] SSL local certificate verification [bugfix] VPN Up script bugfix [bugfix] Windows - XP TAP driver detection [change] Windows - DNS Force & Check active by default [change] Windows - DNS Force occurs now after the VPN connection is established, not before [bugfix] Windows - DNS Force also on TAP interface. [bugfix] Linux - Network Lock via ip6tables blocks IPv6 [change] UI - Misc layout improvements [change] UI - GitHub link in About [change] OS X - PF rules changes [change] Linux - iptables rules changes [change] UI - New advanced tab for DNS [change] New method to Check DNS [change] Disabled auto-redirect auth for security reasons [change] Authentication for AirVPN credentials through POST requests, to avoid issue with long-url [change] Authentication servers connections through IP addresses only, to avoid DNS detection Kind regards

I have heard rumors for the past few months that the copyright/censorship powers were starting to pressure and threaten Leaseweb USA about P2P traffic, this must then be a result of that pressure

Hello!

We're very glad to inform you that two new 1 Gbit/s servers located in the USA are available: Acamar and Cursa.
 
The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP.

Just like every other Air server, Acamar and Cursa support OpenVPN over SSL and OpenVPN over SSH.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

to be clear, if you are using an openvpn client, such as AirVPN's eddie, on your computer, then it's bad to open ports on you router.
 
but, if you run VPN from your router, then you do need to forward ports in the router.

go558a83nk:
YoutubeCenter https://github.com/kkapsner/CanvasBlocker/issues/7
Random Agent Spoofer (only if RAS is also set to block canvas) https://github.com/kkapsner/CanvasBlocker/issues/16
There shouldn't be too many other issues but I found it odd that it would affect other extensions at all. For example, using NoScript obviously doesn't stop other extensions using JavaScript internally.

Microsoft turning bugs into backdoors before fixing them:
http://techrights.org/2013/06/15/nsa-and-microsoft/

Stealth Windows updates:
https://www.informationweek.com/microsoft-updates-windows-without-user-permission-apologizes/d/d-id/1059183?

Apple circumventing its own security measures (i.e. supposedly encrypted backups), using undocumented iOS functions:
http://arstechnica.com/security/2014/07/undocumented-ios-functions-allow-monitoring-of-personal-data-expert-says/

HP's root backdoor to storage devices:
http://news.dice.com/2013/07/11/hp-keeps-installing-secret-backdoors-in-enterprise-storage/

"undocumented test interfaces" remote backdoors in Cisco routers:
http://www.csoonline.com/article/2136221/network-security/cisco-confirms-undocumented-backdoor.html

Undocumented, hardcoded backdoor accounts in Barracuda network appliances:
http://www.networkcomputing.com/network-security/barracuda-security-equipment-contains-hardcoded-backdoors/d/d-id/1108344?

Google's GTalkService / Google Play (remote app installation):
https://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-google-android/
https://jon.oberheide.org/blog/2010/06/28/a-peek-inside-the-gtalkservice-connection/
https://www.duosecurity.com/blog/when-angry-birds-attack-android-edition

Samsung Galaxy backdoor, allowing remote file i/o (disputed):
https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor

Hardware vendors providing HDD firmware source code to NSA & friends:
http://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20150216
The last one is not a built-in backdoor, but arguably even worse:
Enabling the agencies to craft undetectable firmware modifications.


Using proprietary software always means losing control over your hardware. The scary thing is: the most important kind of software - firmware - is almost always proprietary and / or inaccessible to the user. It's not going to get better anytime soon: Potential for CPU microcode backdoors