go558a83nk

Hello!

VPN DNS and "Assigned IP address" technical specifications just changed. All the changes have been reported in the https://airvpn.org/specs page.

The changed section is:
Assigned IP
Servers support both IPv4 and IPv6 tunnels and are reachable over IPv4 and IPv6 on entry-IP addresses.
DNS server address is the same as gateway, in both IPv4 and IPv6 layer.
 
Chosen IPv4 Local Address
OpenVPN: 10.{daemon}.*.*, Subnet-Mask: 255.255.255.0
WireGuard: 10.128.0.0/10 Chosen IPv6 Unique Local Address (ULA)
OpenVPN: fde6:7a:7d20:{daemon}::/48
WireGuard: fd7d:76ee:e68f:a993::/64
The new sections are:

  DoH, DoT
  Every gateway/daemon assigned to you acts as a DNS (port 53), DoH (dns-over-http, port 443), DoT (dns-over-tls, port 853).
DoH and DoT don't add any actual benefit, because plain DNS requests are encrypted inside our tunnel anyway.
However, users might need it for special configurations. In such cases, use dns.airservers.org (automatically resolved into VPN gateway address).
Our DNS returns a NXDOMAIN for "use-application-dns.net", for compatibility reasons.

Special resolutions
check.airservers.org - Gateway IPv4 and IPv6 addresses
exit.airservers.org - Exit-IPv4 and exit-IPv6 addresses
use-application-dns.net - NXDOMAIN, for DoH compatibility, ensuring Air DNS will be used (for anti-geolocation features)

Special URLs
https://check.airservers.org - Info about connected server
https://check.airservers.org/api/ - Same as above, in JSON
Use https://ipv4.airservers.org or https://ipv6.airservers.org - Same as above, specific IP layer


Kind regards and datalove
AirVPN Staff
 

No, the problem is with you unable to follow directions.

In the tutorial, the first directive in the "generate AirVPN certificates" section is to enable advanced mode.  Have you turned on advanced mode in the config generator?

This was unplanned.  Hardware replaced and circuits are operational.

I sincerely apologize to AirVPN and its awesome customers. 

John

Is the current outage unplanned?

Is the current outage unplanned?

Hello!

We see remarkable, intermittent packet loss spikes every other hour or so on most Dallas servers. We are investigating.

Kind regards
 

Hello!

We inform you that an emergency maintenance due to urgent hardware replacement will be ongoing on 2021-09-18 between 19 and 23 CEST on the Dallas datacenter. The maintenance will impact all of our VPN servers in Dallas: expected downtime is approximately 30 minutes.

Kind regards
AirVPN Staff
 

The server is not in Berlin. M247, AS9009 does not have peering in Berlin.
I checked with a looking glass run by a very nice person and it has multiple servers from different networks in Frankfurt and one server in Berlin. Apart from outsiders that have 14ms ping from allegedly FRA to FRA, most pings are ~1ms and confirm what traceroutes here show. The only lg Berlin server to Air's Cujam has got 8ms ping. That lg Berlin server is hosted on a network that's has peering at BCIX and ECIX-BER. Even if the Cujam server were 'physically in Berlin' then it doesn't matter because what matters to users is latency, alias geographic location.
Back to what M247 say themselves, all four German DCs are in Frankfurt: Ancotel (Equinix), Interxion FRA4, Telehouse Frankfurt, Global Switch Frankfurt
https://m247.com/services/host/dedicated-servers/ https://m247.com/services/cloud-hosting/ https://m247.com/services/host/colocation/
The only location in Germany on this map is Frankfurt.

I cannot thoroughly check Spain, but again AS9009 is at DE-CIX Madrid and doesn't appear to be present at DE-CIX Barcelona, two Madrid servers' pings are 0.3ms and 2ms to "Barcelona" Eridanus.

Whatever the reasons, the current descriptions are not representing the reality.

PS: Actually the entire prefix/subnet is reported as Berlin by M247. Hence the geolocation databases say it is "in Berlin", that's the definition of a "virtual location" right? Still I see how it could be useful in certain cases even though the server is not physically there. Until this is clearly indicated, it will be a shortcoming especially in terms of sincerity and transparency.

Hello!

Our first 10 Gbit/s lines dedicated only to our servers were used for the first time in Dallas, Texas, several years ago. One line is for the VPN servers and another one for the Tor nodes by Quintex. Then we had four (now six) 10 Gbit/s lines in the Netherlands. Each line was and is shared by 10 or 11 of our servers.

Then Xuange came, in Switzerland, that was the first one with an exclusive 10 Gbit/s line. Ain then followed and has been the last one at the moment.

As @OpenSourcerer says, prices in some locations (such as Tokyo) are too high for 10 Gbit/s and at least 600 TB traffic per month for a single server (2 Gbit/s 24/7 means you generate 600 TB in a month). Moreover, in order to beat the usual 1 Gbit/s full duplex, more powerful hardware is needed and a different software approach too.

Even so, on Xuange and Ain we could not manage to squeeze more than 3-4 Gbit/s (in total, up+down) when more than 150 clients are connected, and even the most powerful CPUs available on the market, running one OpenVPN instance per virtual core, suffer. The whole system get choked if we go up to 300 clients, which would be the minimum amount required to run those servers without losing money. Wireguard might help but it's uncertain and anyway many core customers of ours don't accept it for the notorious privacy problems, other customers can't use it for UDP blocks/shaping and so on, so we can't and we won't drop OpenVPN in any case.

EDIT: it's not only a pure AES/CHACHA20 processing power issue, but also a conntrack and packert mangling huge queue related issue, which gets intertwined with pure encryption/decryption processing power problems. - pj

For us, the cost per user to be provided with high bandwidth is remarkably higher with dedicated 10 Gbit/s single server lines, because we experimentally see that we can not put on such a server 10 times the users a 1 Gbit/s server can handle (unless we wanted to lower the quality of service, which is not on the table). Therefore, if we want to keep the same prices and at the same time we don't want to oversell, offering an infrastructure all based on a 10 Gbit/s line per server for 2.75 EUR/month (the current price for 3 years subscriptions) is not realistic.

Remember that year after year prices of AirPVN went down or remained unchanged, and today AirVPN is probably the less expensive VPN around (ruled out the free ones, as they profile you or do worse things too).

Maybe in the future, or maybe with a different pricing, migration to all "10 Gbit/s servers" could be pursued.

We're not "over-cautious" but realistic: in the last 5-6 years, while other VPN services accumulated important debts surpassing tens and tens of USD millions (think about PIA mother company, which went down for more than 30 millions in just 3 or 4 years; and other big ones, which are forced to oversell and continuously pay for favorable bogus reviews hiding overselling in order to survive) AIrVPN never ever had debts.

Who would be interested in paying more (probably x3 or even x4) to have access to 10 Gbit/s dedicated lines (one line per server) on a wide variety of AirVPN locations with the usual AirVPN quality? We might start a survey to know.

Kind regards


 

1 is the default
2 is the same server setup as 1 but a different entry IP in case the default IP is blocked by your ISP
3 is tls-crypt
4 is the same server setup as 3 but a different entry IP in case the 3 IP is blocked by your ISP

Hello,
Recently I have noticed that it looks like the Phoenix AirVPN servers (Bootes, Chalawan, Indus, Phoenix, Virgo) , Berlin AirVPN Server (Cujam) , and Barcelona AirVPN server (Eridanus) are not actually located where M247 claims they are located, and it appears M247 is misrepresenting the locations of these servers


If you go to the status page of any "Phoenix" server for example
https://airvpn.org/servers/Bootes/

you will see the latencies to other cities where AirVPN has servers, and it shows 0ms to Los Angeles, that wouldn't be physically possible if the Phoenix servers were truly located in Phoenix.
This points to the Phoenix servers truly being hosted in Los Angeles

Additionally, on a personal VPS server of mine which is located in Los Angeles, I get less than 1ms latency between my VPS in Los Angeles to the AirVPN "Phoenix" servers, which, again, points to the Phoenix servers truly being in Los Angeles, because this 1ms latency would not be physically possible between Los Angeles and Phoenix


And if you go to the status page of the "Berlin" server
https://airvpn.org/servers/Cujam/
It shows 0ms latency to Frankfurt, also not physically possible
This points to the Berlin servers really being in Frankfurt

And if you go to the status page of the "Barcelona" server
https://airvpn.org/servers/Eridanus/
It shows 0ms latency to Madrid, again, not physically possible!
This points to the Barcelona servers truly being hosted in Madrid


M247 may say that if you do a WHOIS lookup on their Phoenix IP block, the description is "M247 Phoenix" but honestly this is not proof at all, as the network admins can set whatever netname and description they want when they're creating the inetnum object in their RIR's database.


For additional proof other than the "Berlin" , "Barcelona", and "Phoenix" that Air has from M247,



Here is M247's full list of locations according to their website

You can see that neither Berlin, Phoenix, or Barcelona is on this list.


https://m247.com/services/host/dedicated-servers/

From the website, their locations:

Europe:
Amsterdam, NL
Belgrade, RS
Brussels, BE
Bucharest, RO
Budapest, HU
Copenhagen, DK
Dublin, IE
Frankfurt, DE
London, UK
Manchester, UK
Madrid, ES
Milan, IT
Oslo, NO
Paris, FR
Prague, CZ
Sofia, BG
Stockholm, SE
Warsaw, PL
Vienna, AT
Zurich, CH

North America:
Dallas, TX, USA
Los Angeles, CA, USA
Miami, FL, USA
New York Metro Area, USA (Secaucus, NJ)
Montreal, QC, CA

Asia and Middle East:
Dubai, UAE
Hong Kong, HK
Singapore, SG
Tokyo, JP

Oceania:
Sydney, AU



Based on this information it is clear to see that M247 is misrepresenting the locations of AirVPN's Phoenix, Berlin, and Barcelona servers,


From being a customer of Air for as long as I have, I can tell that the Air staff are honest and they have provided and continue to provide a great and true service, this is extremely evident for example by looking at how AirVPN left France because of the concerning legal framework there, and why AirVPN does not operate in Poland or Italy for similar reasons, even though other VPNs gladly operate services in those countries. It's clear as day to see that AirVPN is not deceptive or untruthful at all, so I am absolutely not accusing Air at all of participating in this misrepresentation, it just seems to me like Air was duped by M247 into buying these servers that are reported to be in a different location than the one they are truly in.


So given that the 5 Phoenix AirVPN servers , the 1 Berlin server, and 1 Barcelona server are falsely geolocated, it would be good idea for Staff to replace those servers with ones that are actually in the reported locations, or just change the reported location of those servers in Eddie to reflect the true locations.

 
 

Hello!

We inform you that all of our VPN servers in Maidenhead will cease operations on 03 September 2021. They will be replaced by servers in London featuring more modern hardware. Unfortunately, both technical and non-technical reasons force us to leave the current dc in Maidenhead.

Servers in London are anyway located just 40 Km from Maidenhead and they will be announced and available in the next days.

The new machines will keep the same names in order to support the old FQDN used by OpenVPN client profiles. Since the datacenter seems to have put offline already a server before the natural expiration date, we could put the new servers online before the mentioned 03 September date. When new servers are turned on, older ones with the same name will be disconnected from the infrastructure. This thread will be updated, if necessary, accordingly.

The replacement servers are five, while the replaced ones are six. That's because we might be adding in the future another datacenter in UK in a different location.

Kind regards
AirVPN Staff

no way.  then they couldn't truthfully say to law they don't know who did what from a server IP because they know it belongs to you.

I don't know what to write about... Everything's fine and I love AirVPN. Sounds cheesy but it is what it is. I've been using AirVPN for half a year.

Many servers to choose from, very transparent from the user's point of view - something I value. Transparency about server status and an API (admittedly I haven't used it much). From reading the forums I grasped that AirVPN has very strict (legal) criteria for choosing server locations (countries), an approach that is unique across all providers I've seen so far. Yea placing servers in China wouldn't be the best idea or many other more "democratic" as a matter of fact which were ruled out.
The config generator is awesome if you're not using their open source client Eddie (bonus points again!) - plenty of flexibility. Configs? Afaik there're some providers out there who still have user/password prompt on each connection, laughable. AirVPN not only properly makes use of certificates (that's how the server knows you are you without asking for credentials) and on top of that allows you to properly distribute different access keys across your devices (in case of theft etc). Lost a device? Revoke access to that single one and done!

Port-forwarding support ALONG WITH Dynamic DNS is unparalleled. Sure an advanced user probably could create an ad-hoc DDNS solution for themself, but offering it along the VPN is ingenius.
The servers are very stable, the stats currently show a user has been connected since January. I've read comments where other VPNs often force reconnects etc, that just sounds wild to me. Before AirVPN I've been on a private VPN server with 24/7 uptime and that's the quality of service I got used to and wouldn't want to downgrade from (looking at those other VPN providers)

The AirVPN forums are a great source of information. The staff cannot be commended enough for responding to concerns and generally being here for discussion. @OpenSourcerer is a damn community hero, this place is unimaginable without him! I myself have contributed in one form or another and will continue to. As a side note to forums: AirVPN appears to have customized the forum software for privacy. I can't assess how far it goes (hopefully "enough"), and it's a far better choice than those completely relying on Reddit - undoubtedly a useful puppet of/for the certain government.

The only problem I've had was with initial payment. I bought the 1 month plan and found no clear indications it was still active (because it is a PayPal recurring payment), so before the month expired I bought the 1 year plan. I was quite surprised to see a few days later my access days to have been extended by +31d - the automatic Paypal payment kicked in and I paid a single month extra. Though I like the service so much I decided not to bother with a refund (consider it a donation hehe). You need to login in Paypal to cancel those, I wish this was made clear/er. What's unclear to me was whether/how much info is retained on payment after all the transactions... but to grossly paraphrase an official response: use crypto. Just make sure your mug shot (photo) isn't connected to the coin wallet

Roses are red,
AirVPN's great.

Hi,

1. Open the .ovpn file in notepad or something and copy everything from resolv-retry infinite down to the bottom.

Go to vpn -> openvpn -> clients and select your openvpn instance
Set it to SSL/TLS/UDP4 (I haven't tested with anything except UDP4)
Insert a hostname / port
Go to Advanced Box & Paste, click save and connection should come up under vpn->openvpn->connection status

@monstrocity

Hello!

The errors and embezzlement caused by bogus copyright notices are notorious since 2008 at least. That's a decisive reason to understand how the graduated response must include the constitutional right to a due process, and that each copyright infringement claim must be validated or rejected by a court, if the alleged infringer wants to exercise her fundamental right to a due process with presumption of innocence.

How bogus notices can be sent, and how a malicious user knowing your IP address can trivially cause an arbitrary amount of copyright notices to be sent to you, was well explained many years ago in the scientific paper "Why my printer received a DMCA takedown notice".
http://dmca.cs.washington.edu/uwcse_dmca_tr.pdf

The fact that, in spite of all the above, various companies still dream of automated graduated response and deletion of the right to a due process and the right to legal defense shows, in our opinion, the mental imbalance of certain persons and the hidden agenda to keep making money with bogus activities: business for companies which offer their services to monitor p2p swarms and automatically generate notices was quite big years ago. And it's also sad to see, when citizens defend the copyright mafia graduated response concept, how easily many citizens are inclined to renounce to fundamental, human rights.

@ProphetPX

The news you reported seem to be confirmed independently by TorrentFreak, which published a day earlier:
https://torrentfreak.com/comcast-suspends-internet-connection-for-downloading-torrents-210630/

Kind regards
 

@OpenSourcerer

Just to clarify that this is not "fake news":
https://www.eff.org/deeplinks/2021/06/if-not-overturned-bad-copyright-decision-will-lead-many-americans-lose-internet
 
A moderator can not threaten an ex ante, pre determined censorship based on the source of the information, be it a web site or anything else. Before you enforce your censorship power we gave you, you must cross-check and verify. If you are not able to do so beyond a reasonable doubt, or you have not the time or will to do so, do not censor.

Kind regards
 

I  sampled about 6 different VPN's when I started a Soulseek server. I needed a VPN that supported Port Forwarding. I went with AirVPN because of it's reliability, and have not regretted it yet. Very very rarely has Eddie had issues connecting....maybe 2 time a year it gets hung up and I have to restart it. But otherwise it stays connected and people download from me 24/7.

would appreciate the help

so i cant add a ca file as everyone may know in pfsenses stunnel package manager under services without a certificate, meaning i need you guys to add a private key to the stunnel.crt file per config generator so i can create a proper certificate for my ca , need this to get stunnel proper encrypted thanks

Hi,

[no!]
Other than me there was only one other user who commented on using AirVPN.
I want more people to know about our AirVPN and its awesome service.

Should we/staff do something to make AirVPN more popular?
Should staff contact the famous youtubers for testing out AirVPN to make it more popular?

You're not artificially being throttled by Air.  That's just the way things are with openvpn with limitations by CPU, network, internet, etc.  A client on the usual 1gbit/s server will see only about 500mbit/s download max because the server throughput limit is 1gbit/s inbound and outbound combined. 

Air does have at least 1 server that's 10gbit/s.  Try it to see if it's any better for you.

The guide is for a tls-crypt setup where those settings are what work.  What you're missing is that you need to connect to an entry IP 3 or 4.  The guide actually says " please double check you select an appropriate ‘tls-crypt, tls1.2’ end point. This is a common source of problems."

No, the problem is with you unable to follow directions.

In the tutorial, the first directive in the "generate AirVPN certificates" section is to enable advanced mode.  Have you turned on advanced mode in the config generator?

Hello!

We're very glad to inform you that a new 1 Gbit/s server located in Auckland (NZ) is available: Fawaris. We're also very pleased to be back in Oceania.

The AirVPN client will show automatically the new server. If you use any other OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP.

Just like every other Air server, Fawaris supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3 and tls-crypt.

Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

You can check the server status as usual in our real time servers monitor:
https://airvpn.org/servers/Fawaris

Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team