Jump to content
Not connected, Your IP:


  • Content Count

  • Joined

  • Last visited

  • Days Won


Reputation Activity

  1. Like
    go558a83nk reacted to Tommie in My Trustpilot Review of AirVPN   ...
    In ten plus years of subscribing to multiple vpns I've found myself growing increasingly disgusted by all the marketing hype. The vpn world has as much marketing hype/BS as any industry I've ever seen. Any business that hypes itself inevitably winds up making gross exaggerations and, left unchecked, that inevitably leads to outright lies (PureVPN, IPVanish, and others claiming they don't log). When it comes to my personal security I have no time for hype. So for me to discover AirVPN a couple years ago was a perfect match. Zero marketing hype. In fact zero marketing at all. They don't advertise. They don't pay for "reviews," so you won't find them on those so-called "review" sites. Most of their customers appear to be seasoned vpn users who don't tolerate BS and demand first rate service. AirVPN delivers that and at a reasonable price. It's also given me the opportunity of learning far more about netsec than I ever could have elsewhere, both from Air's support staff and from other Air customers on their forums. The level of their technology and security is dramatically better than all but perhaps one or two others, but for half the money. Two things I wish they had are neural routing and multi-hop/chaining, but if they did they might have to charge what Perfect Privacy charges, which I'm unwilling to pay. As it is I find the level of security they offer with OpenVPN over Tor, OpenVPN over SSL and OpenVPN over SSH to be as good as it gets. AirVPN may not be the best suited, however, for newbies and neophytes who are looking for a minimalist plug and play solution and expect everything to work immediately without having to know anything themselves. Air is extremely feature rich offering options that even some of the most expensive vpns don't. It has features that I didn't know I needed, but now that I've used them couldn't live without. AirVPN does have excellent customer support, but they tend to be geared more for those who take security seriously and are willing to invest a little time toward that goal.

  2. Like
    go558a83nk reacted to airvpn88 in Tunnel private subnet changed   ...
    Thanks I've updated my script accordingly.
    Last thing, I used to graph the ping to the first IP on the outside of the tunnel. I used to do that with the gateway Is there any IP I could use to continue doing that? (an IP that would not change over time I mean)
  3. Like
    go558a83nk reacted to Staff in Tunnel private subnet changed   ...
    Hi Nadre,
    not random, they are unique (and always the same) for each OpenVPN daemon of each server. You will not find the same subnets, either in IPv4 or IPv6, in two different AirVPN servers or even daemons (that's why Gen 2 are multi-homing friendly, which is a feature frequently requested by pfSense and other systems users since when we provide five simultaneous connection slots).
    Kind regards
  4. Like
    go558a83nk reacted to Staff in Change of IPv4 addresses in Albireo, Azha and Dschubba   ...
    We inform you that IPv4 addresses of the servers mentioned in the subject have been changed. The change was mandatory to have the servers communicate in a different sub network in the same datacenter. The old IP addresses were behind a peculiar DDoS protection which was impacting performance heavily (maybe due to some sub-optimal configuration against UDP).
    From now on the three mentioned servers should go back to the normal and expected high performance.
    If you run Eddie, just update servers data (Eddie will do that automatically anyway, unless you explicitly disabled this function). If you don't run Eddie, please remember to generate new configuration files for those servers, if you wish to connect to them.
    Kind regards
    AirVPN Staff
  5. Like
    go558a83nk reacted to Staff in IPv6 support and new smart features   ...
    We're very glad to inform that full IPv6 support is being deployed to our VPN servers. The experimental phase ended during the first half of June and we can now reliably deploy IPv6 to any other VPN server, provided that it is in a datacenter with IPv6 infrastructure of course. This thread will be periodically updated to provide the list of VPN servers new generation setup (internally, we call this new setup "Gen 2").
    FINAL UPDATE: as of September the 14th 2018, all AirVPN servers have been upgraded to 2nd generation software.
    New smart features:
    Standard protocols/ports with IPv6 support (*), updated OpenVPN server, better cipher negotiation. You can keep using AirVPN as usual, even if you have an old OpenVPN version, on entry-IP addresses 1 and 2 of each server. Additional protocols/ports with IPv6 support (*), updated OpenVPN server, better cipher negotiation, 'tls-crypt' support (*), TLS 1.2 (*) forced on entry-IP addresses 3 and 4 of Gen 2 servers. The additional protocols/ports mentioned in this paragraph require OpenVPN 2.4 or higher versions (*) OpenVPN 2.4 or higher version is required.
    tls-crypt plays a role even against ISPs that throttle or block OpenVPN.
    Something more about tls-crypt can be found here: https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
    Search for "--tls-crypt keyfile"
    Planning the future: internal load balancing between multiple OpenVPN daemons.
    This is a feature which will let OpenVPN squeeze the maximum bandwidth on each server, because OpenVPN runs in a single thread of a single core. By balancing the load on multiple OpenVPN daemons with a reliable algorithm, we overcome significantly this OpenVPN limitation.
    Such bandwidth would be mostly wasted without our load balancing method simply because there are no CPUs capable to process 10 Gbit/s AES-256 encryption/decryption on multiple flows to/from multiple channels (according to our empirical tests on the field, the load does not grow linearly with the growth of connected OpenVPN clients) with just one one core.
    Our solution is important because it's a founding prerequisite toward servers connected to 10 Gbit/s lines, even if OpenVPN multicore / multi-threading support should not become available in the near future, not to mention that it can be useful even in different environments.
    The internal load balancing is already active on all "Gen 2" servers.
    Kind regards and datalove
    AirVPN Staff
  6. Like
    go558a83nk reacted to serenacat in Singapore ISP?   ...
    I just found this internet resource which is interesting for AirVPN users in Asia-Pacific etc, and may help understand ping times and traceroutes and congestion.
    TeleGeography Submarine Cable Map
    Seems to be free without subscription push.
  7. Like
    go558a83nk reacted to Staff in Astrill VPN - possible alternative while visiting China - your thoughts?   ...
    We can gladly confirm that according to the first reports tls-crypt (only on TCP) works in China and it is faster than OpenVPN over SSL. tls-crypt with UDP also works in some networks and this is the maximum OpenVPN performance. In some other networks tls-crypt with OpenVPN in UDP does not work but not because of tls-crypt in itself, but because UDP is unconditionally blocked.
    Kind regards
  8. Like
    go558a83nk reacted to Staff in Eddie 2.14.5 released   ...

    We're very glad to inform you that a new Eddie Air client version has been released: 2.14.5

    Eddie 2.14.5 includes many important bug fixes and changes. You can see them all on the changelog here; https://airvpn.org/services/changelog.php?software=client&format=html.
    As usual, Eddie is released as free and open source software under GPLv3.
    New important features have been added. Now Eddie includes a full, seamless and integrated IPv6 support, as well as new features which will let you use our latest service additions (including IPv6 and tls-crypt).
    Users who have only IPv4 connectivity will be able to access IPv6 services, At the same time users who have only IPv6 (and not IPv4) connectivity, will be able to use our service without limitations.
    tls-crypt implementation provides a new, interesting way to efficiently bypass blocks and throttling against OpenVPN.
    This version has been released GNU/Linux, OS X (Mavericks or higher is required), macOS and Windows (Vista or higher is required).

    2.14.5 version is compatible with several Linux distributions. For important notes about environments, please read here:

    Due to the large amount of bug fixes and changes, as well as the addition of new features, upgrade is strongly recommended.

    Just like previous versions, Eddie implements direct Tor support for OpenVPN over Tor connections. Eddie makes OpenVPN over Tor easily available to Linux, OS X and macOS users: no needs for Virtual Machines, middle boxes or other special configurations. Windows users will find a more friendly approach as well. This mode is specifically designed for Tor and therefore solves multiple issues, especially in Linux and OS X/macOS, including the "infinite routing loop" problem (see for example http://tor.stackexchange.com/questions/1232/me-tor-vpn-how/1235#1235 )

    As far as we know, Eddie is the first and currently the only OpenVPN wrapper that natively allows OpenVPN over Tor connections for multiple Operating Systems. https://airvpn.org/tor This is the first stable version which sends a NEWNYM signal to Tor to ensure the use of a new circuit in every connection.
    We recommend that you upgrade Eddie as soon as possible.

    Eddie 2.14.5 for GNU/Linux can be downloaded here: https://airvpn.org/linux
    Eddie 2.14.5 for Windows can be downloaded here: https://airvpn.org/windows
    Eddie 2.14.5 for OS X Mavericks, Yosemite, El Capitan and macOS Sierra and High Sierra can be downloaded here: https://airvpn.org/macosx

    PLEASE NOTE: Eddie 2.14 package includes an OpenVPN version re-compiled by us from OpenVPN 2.4 source code with OpenSSL 1.0.2k for security reasons and to fix this bug: https://community.openvpn.net/openvpn/ticket/328

    Eddie overview is available here: https://airvpn.org/software
    Eddie includes a Network Lock feature: https://airvpn.org/faq/software_lock
    Eddie is free and open source software released under GPLv3. GitHub repository: https://github.com/AirVPN/airvpn-client

    Kind regards & datalove
    AirVPN Staff
  9. Like
    go558a83nk reacted to ZPKZ in Is IPVANISH a good vpn?   ...
  10. Like
    go558a83nk got a reaction from JemTheWire in Everything works great except for accessing your site. (airvpn.org)   ...
    I agree.  airpvn.org is one of the slowest loading web sites I've ever used when I have to login.  It's not bad when everything is cached.
  11. Like
    go558a83nk got a reaction from Staff in AirVPN 8th birthday celebrations   ...
  12. Like
    go558a83nk reacted to Staff in AirVPN 8th birthday celebrations   ...

    Today we're starting AirVPN eighth birthday celebrations!
    From a two servers service located in a single country providing a handful of Mbit/s, the baby has grown up to a wide infrastructure in 20 countries in three continents, providing now 209000 Mbit/s to tens of thousands people around the world.
    2018 is the year that's bringing full IPv6 support to the infrastructure as well as "tls-crypt", an OpenVPN feature which makes circumvention of blocks against OpenVPN, an issue which is particularly important in countries controlled by human rights hostile regimes, even more efficient than the other methods we have been providing.
    Software related development has also been powered up, and during this year you will see the development of specific software for Android platform (which is already available as a beta version), an important addition to the already existing line up for GNU/Linux, macOS and Windows.
    Our mission https://airvpn.org/mission has been and will be empowered by the ongoing support to projects and NGOs which aim to the protection of privacy, personal data and freedom of expression.
    If you're curious to know something about a series of fortunate events which gave birth to AirVPN, have a look here:

    To worthily celebrate Air's eighth birthday, we're glad to inform you that starting from now we will offer a 30% discount on all plans. Hurry up, this special offer will end on June the 11th, 23:59:59 UTC! Check the new prices here.

    Kind regards and datalove
    AirVPN Staff
  13. Like
    go558a83nk reacted to alexrt in socks5 proxy via ssh   ...
    You can use only particular apps via the vpn without having to turn on VPN for the whole system. Highly useful. For example, I'd like to have one browser using the VPN (using socks5 proxying, which all browser know ho to handle), but not my email or other internet apps.
  14. Like
    go558a83nk got a reaction from securvark in Setting Up OpenVPN on pfSense for TLS 1.2 servers   ...
    Your title is misleading.  TLS 1.2 has been in use for some time.  tls-crypt is what's new.
    Paste in the tls-crypt.key info into the key field, and then below it select the option for authentication and encryption.
    Then also change the auth digest to SHA512.  that should be what you need to connect.
    If you aren't already doing it, you should also see performance improvement using AES-256-GCM as data cipher vs CBC
  15. Like
    go558a83nk reacted to amires in SSL is blocked, anyway to bypass this block?   ...
    I think you are referring to me. I live in a country where OpenVPN on both TCP and UDP protocols are blocked. SSL and SSH are working however
    they are really slow with lots of packet loss and disconnects a lot. tls-crypt on the other hand is really working great for me and I can
    utilize all my available bandwidth using tls-crypt.
  16. Like
    go558a83nk got a reaction from Mad_Max in SSL is blocked, anyway to bypass this block?   ...
    Regular connections are just as safe.  SSL or SSH are needed to bypass blocks or throttles.
    It would be interesting for you to try a tls-crypt config on your mobile if you can.  Another person has reported that that bypassed a block.
  17. Like
    go558a83nk got a reaction from iampd in Explanation of Protocols Tab Under Settings   ...
    1 and 2 are tls-auth, 3 and 4 are tls-crypt.
    The reason for having two of each is in case one is blocked by ....  ISP or something.
    If you resolve a server name, for example, "nslookup leo.airvpn.org", it'll resolve to its #1 IP.
  18. Like
    go558a83nk reacted to securvark in [Opinion] Best solution against DNS leak on pfSense   ...
    Oke, some may disagree with this solution, but I have had a MAJOR struggle to stop DNS leaks to my WAN and this (I believe!) fixed my issue.
    Please, if you believe I am missing something, or providing incorrect information, feel free to correct!
    I've tested this extensively with packet dumps on my WAN connection, pfSense "seemingly random" sends DNS queries to the default gateway, regardless of any settings. Sometimes, mutliple test queries from pfSense and clients in the LAN would not trigger a single packet to be sent out over the default gateway, and then suddenly, for whatever reason, I see queries over the WAN for a DNS query test I was doing. Just one, after which it was quiet again for a few queries. Moreover, it leaks your internal domain as well by appending the local domain suffix to a domain I am testing. Example:
    12:40:48.313250 IP (tos 0x0, ttl 64, id 15226, offset 0, flags [none], proto UDP (17), length 67) > [udp sum ok] 51473+ [1au] A? google.com. ar: . OPT UDPsize=4096 OK (39)12:40:48.341439 IP (tos 0x0, ttl 64, id 24297, offset 0, flags [none], proto UDP (17), length 67) > [udp sum ok] 41295+ [1au] AAAA? google.com. ar: . OPT UDPsize=4096 OK (39)12:40:48.368481 IP (tos 0x0, ttl 64, id 17792, offset 0, flags [none], proto UDP (17), length 67) > [udp sum ok] 38162+ [1au] CNAME? google.com. ar: . OPT UDPsize=4096 OK (39)12:40:48.404360 IP (tos 0x0, ttl 64, id 37382, offset 0, flags [none], proto UDP (17), length 81) > [udp sum ok] 3273+ CNAME? google.com.internal.mydomain.com. (53)Also, sometimes pfSense (DNS Resolver, actually), queries root servers directly over the default gateway. I haven't figured out why or when. Again, this seems to happen randomly.
    I've read everything I could find, I've set gateways for DNS servers to VPN gateways and I've tested VPN gateway addresses as DNS servers (the private range IP's, for example). I tried creating port forwards for DNS and "catch" the DNS queries and forward them to the VPN gateway. Things would look oke for a few minutes and I thought I fixed it, but then suddenly, for no apparent reason, I see packets flying out over the default gateway or I see root server queries out of the blue. I got so tired of this ... .
    Enough, the solution:
    Disable DNS forwarding in DNS Resolver.
    Remove ALL DNS servers under General Setup.
    In DNS Resolver, enable DNSCrypt.
    In DNS Resolver, under Advanced, tick the following options:
    These actually don't help hiding your DNS queries, they are simply "advised" to enable.
    - Hide Identity
    - Hide Version
    - Prefetch Support
    - Prefetch DNS Key Support
    - Harden DNSSEC Data
    In DNS Resolver, make it listen to LAN and localhost only (unless you know you require another interface as well).
    In DNS Resolver, make WAN (no VPN, but only your direct internet connection) the ONLY outgoing interface for queries (trust me on this one).
    Then, in the custom config box, place the following text:
    name: "."
    forward-ssl-upstream: yes
    Save and apply.
    Double check you have removed ALL DNS servers from General Settings and you have disabled DNS Query Forwarding in DNS Resolver.
    In the above custom config box, you basically told DNS Resolver to forward ALL queries ("." is a wildcard) to or at port 853 and enable SSL/TLS on that link.
    Any public DNS server that supports DNS over TLS will do. Adjust the IP and port in forward-addr: to reflect your DNS server of choice.
    At this point I can hear you scream behind your PC: but this will send out all my DNS queries out over the default gateway!
    Yes, you are correct. Except, nothing will recognizable and not even with packet sniffers or DPI will they be able to see which domains you are trying to resolve. No spying eyes are possible on your queries since they are encrypted over TLS.
    The IP addresses above are Cloudflare servers. They guarantee anonymity and apply no DNS blacklisting or filtering.
    Another incredible plus with this setup, is that this is EXTREMELY FAST! Most of my queries resolve within 10ms, this is insanely fast. Querying google public DNS directly typically does 40ms from my location. Running DNS over VPN sometimes does 400ms or even more. I can NOTICABLY see a difference in response in my web browser.
    Please enjoy! And again, comments, corrections are more than welcome!
    Funny result from ipleak.net:
    DNS Address - 0 servers, 100 errors.
    It doesn't even see which DNS servers I am using.
  19. Like
    go558a83nk reacted to Staff in Servers Draco and Brachium withdrawal announcement   ...
    We inform you the the following servers have been withdrawn:
    Reason: datacenter was unable to meet our requirements. This server will not be replaced since we are already operating with an extremely strong presence in Dallas with our own servers and lines and two different top tier2 transit providers.
    Reason: datacenter (Sologigabit) does not want us as customers anymore. Some dizzy and defamatory delirium about illegality of VPN "resellers" [sic] business [sic] was provided as a justification. This server will be replaced by a different server in Spain in a few days. EDIT: Brachium has been replaced by Taurus
    Kind regards
    AirVPN Staff
  20. Like
    go558a83nk got a reaction from Mad_Max in SSL is blocked, anyway to bypass this block?   ...
    Regular connections are just as safe.  SSL or SSH are needed to bypass blocks or throttles.
    It would be interesting for you to try a tls-crypt config on your mobile if you can.  Another person has reported that that bypassed a block.
  21. Like
    go558a83nk reacted to amires in How effective is tls-crypt in bypassing ISP VPN blocks?   ...
    I live in a country which the government censors the internet. Recently they started blocking all kinds of VPN. None of the AirVPN's UDP/TCP/SSH/SSL protocols works anymore however tls-crypt is working perfectly.
  22. Like
    go558a83nk reacted to corrado in Alternative AirVPN client with provider-independent double-hop support (GNU/Linux)   ...
    I added an additional feature that allows applications to bypass an existing OpenVPN tunnel. This can be useful if you want to use services that block OpenVPN servers such as Netflix without compromising your other internet traffic. You can easily add applications that you don't want to use the OpenVPN tunnel to Qomui and start them from there. If you are interested how this works have a look at https://serverfault.com/questions/669430/how-to-bypass-openvpn-per-application/761780#761780. Essentially, running an application outside the OpenVPN tunnel works by putting it in a network control group. This allows classifying and identifying network packets from processes in this cgroup in order to route them differently.
    Have a look at the screenshots to get an idea

  23. Like
    go558a83nk reacted to corrado in Alternative AirVPN client with provider-independent double-hop support (GNU/Linux)   ...
    I have written an alternative client for AirVPN that I would like to share with you. Just as Eddie, it supports other providers, too, as long as OpenVPN config files are provided. For AirVPN and Mullvad it offers a convenient update function that just requires you to enter your credentials in order to download the latest server configurations. Furthermore, it allows you to choose among the plethora of protocols offered by AirVPN (including OpenVPN over SSL/SSH) except the experimental ones (I might add support for those in the future, once they become available for all servers).
    Qomui (Qt OpenVPN management UI) as I have named it, is written in Python and PyQt and should run on any GNU/Linux distribution. It allows you to easily create double-hop connections. In other words, you can route your requests via two OpenVPN servers. This feature works provider-independent. For example, you could choose a Mullvad server for the first hop, and AirVPN for the second (I have successfully tested this with AirVPN, Mullvad and ProtonVPN). Thereby, it avoids a major downside of similar offers by some providers, namely the fact that if one provider controls all "hops" he or she could potentially still see, log or inspect all your traffic. In the latter case, you would gain little in terms of privacy. With the ability to "mix" providers, Qomui does not suffer from the same problem and hence offers some tangible benefits. Obviously, you would still have to sacrifice some speed/bandwith, though.
    Depending on your DE (looking at you, Gnome!), Qomui will also display a systray icon that shows the country of the server you are currently connected to. Additional features include protection against DNS leaks and a firewall that optionally blocks all outgoing network connections except for the OpenVPN server you have chosen. Since it is never recommended to run graphical applications as root, which is a major flaw of most OpenVPN clients, all commands that require root privileges are handled by a background service that can be controlled via systemd. The following screenshot gives you an idea of what Qomui looks like (on Arch/Arc Dark Theme).

    If you are interested, you can download Qomui from github:  https://github.com/corrad1nho/qomui
    Of course, I'd be happy for any kind of feedback. If you find bugs or Qomui does not run properly or not at all on your machine, please let me know. I'm happy to help!
    At last, a big thank you to AirVPN and its amazing community. The fact that you rely more on explaining technical details than empty promises, has helped me to learn a lot. It is also one of the main reason why I chose AirVPN. Commendably, Eddie is also released as open-source software. Only Mullvad does that, too, to my knowledge. Why doesn't every provider do that? You are selling a service, not software! Why would I trust in proprietary software? Funnily, I have never really used Eddie, though, since I was accustomed to manually adding config files to NetworkManager as my first provider did not offer a GNU/Linux client. My interest in features such as OpenVPN over SSL made me look into more convenient solutions, though. Ultimately I decided to write my own program as I wanted to learn some Python and this provided a perfect practical challenge. I have actually used Qomui daily on multiple machines during the past few months and constantly tried to improve it. So I'd thought it'd be about to time to share it (it's an alpha release, though).
    Have a nice weekend!
  24. Like
    go558a83nk reacted to VeNoMouS in The dynamic DNS doesn't update the DNS entry anymore   ...
    Unfortunately, the issue is still not fixed. I've been trying since noon to get your DNS entry to change - without success.
    More information on my recent attempts can be found in the ticket I've created yesterday.
    I've screened 4 websites on which I resolved the DNS name and my forwarded ports tab to make sure that the error isn't on my side and to prove that I've been connected for hours without any other connection.
    I don't know what you changed but something went horribly wrong. A few days ago I was able to connect to private services from other users in the same virtual private network. That's a huge security issue.
    Some of these services were clearly not meant for the public.
  25. Like
    go558a83nk reacted to geofox in Disable communication with other user   ...
    Hi there,
    New to AirVPN, I have a question about security. (Sorry if it was answered elsewhere, I couldn’t find it).
    While testing (on iOS), it seems that everyone connected on the same server is able to see and communicate with each other.
    In the picture joined to this topic, I’ve launched a scan and a lot of client appeared. Some even have web services open to everyone. The first one I tried should not have been open to the public as it seems that the owner of this computer was not aware that whilst connected to the VPN, its service was on the VPN subnet and not only in his LAN anymore. I’ve stopped there and not checked other client (and won’t do anymore).
    I was a customer of another VPN provider and it seems that each client was unable to see/communicate with each other. (Their servers were probably configured to disallow that behavior).
    Please note that I’ve used the config generator and uses OpenVPN Connect on iOS.
    Is that behavior on AirVPN intended? If so, is there a configuration available in the OpenVPN config file/app to disallow communication with other clients ?
    Thanks and sorry for my english.

  • Create New...