go558a83nk

Hello!

We're very glad to inform you that three new 1 Gbit/s servers located in Chicago (Illinois, USA) are available: Fang, Kruger and Sneden.

Note that the aforementioned servers replace Alkaid, Microscopium and Pavonis which do not meet anymore our technical requirements in terms of uptime and line reliability and will be withdrawn at the end of November.

AirVPN clients will automatically show new servers; if you use OpernVPN or some other OpenVPN frontend, you can generate all the files to access any server through our configuration/certificates/key generator (menu "Client Area" -> "Config generator").

Servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP.

Just like all the other AirVPN servers do, Fang, Kruger and Sneden support OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt.

Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols, smart load balancing between OpenVPN daemons and hardened security against various attacks with separate entry and exit-IP addresses.

You can check servers status as usual in our real time servers monitor:
https://airvpn.org/servers/Fang
https://airvpn.org/servers/Kruger
https://airvpn.org/servers/Sneden

Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

Hello!

We reluctantly have to announce gloomy news to you all: Spooky Halloween Deals are now available in AirVPN...
 

 
Save up to 74% on AirVPN longer plans (*)
(*) When compared to 1 month plan price
 
Check all plans and discounts here: https://airvpn.org/plans

If you're already our customer and you wish to jump aboard for a longer period any additional plan will be added on top of already existing subscriptions and you will not lose any day.

Every plan gives you all the features that made AirVPN a nightmare for snoopers and a scary service for competitors:
active OpenVPN 3 open source development ChaCha20 cipher on OpenVPN Data Channel for higher performance and longer battery life on tablets and smart phones IPv6 support, including IPv6 over IPv4 configurable remote port forwarding refined load balancing to squeeze every last bit per second from VPN servers free and open source software for Android, Linux, Mac and Windows easy "Configuration Generator" web interface for access through third party software guaranteed minimum bandwidth allocation GDPR compliance and very high standards for privacy protection no log and/or inspection of clients' traffic effective traffic leaks prevention by AirVPN software Tor support via AirVPN software on Linux, Mac and Windows various cryptocurrencies accepted without any intermediary crystal clear, easy to read Privacy Notice and Terms https://airvpn.org/privacy
No tricks, only treats!

Grim regards & datathrills
AirVPN Staff
 

Neither.  I'd build my own pfsense box with x86 (64bit) CPU so that openvpn is accelerated.  Neither of the routers you've mentioned are known to support very fast openvpn.  I assume you want better since you have a gigabit connection.

Answering my own question, and after lots of reading up on vpn performance, I'm going to go for the ASUS RT-AC86U - if anyone is remotely interested I'll post results up here once I've got Merlins firmware on it.

Thanks for reading.

Here you go. I paid about £155 through Amazon in the UK, installing the custom Merlin's firmware wasn't anything like as a terrifying as my last Asus. Seems Asus have embraced the whole OpenWRT thing and are well up for some modification.

Got it all installed today, not tried selective routing and am just pushing everything through the VPN currently - seems to be rocking around 140Mbps up and down, which is likely a limitation of my wireless speed. So, if you might be asking the same questions as I am...go for the Asus like I did. It's definitely an upgrade in my situation.

You may be overreacting a bit.  For example, pfsense stable is still on openvpn 2.4.6 and another VPN provider I use is still using 2.4.6 with their app.  I don't know why that is but it seems to me that devs aren't in a hurry to move to the 2.4.7 version.

Amazon Prime wasn't part of the announcement.  This thread is about Netflix. 

https://airvpn.org/devices/

Hello!

We're very glad to inform you that a new 1 Gbit/s server located in Singapore (SG) is available: Lacaille.

The AirVPN client will show automatically the new server; if you use any other OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP.

Just like every other "second generation" Air server, Lacaille supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt.

Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

You can check the server status as usual in our real time servers monitor:
https://airvpn.org/servers/Lacaille


Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

Hello!

We regret to inform you that we have been unable to contact one of our providers in Canada since 24 hours ago. All of its servers are down as well as its web sites. Affected servers are the following five:

Almach
Dheneb
Grumium
Kraz
Rana
Spica

Luckily infrastructure redundancy is so high in Canada that lack of those five servers will not impact quality of service.

We will update this thread with future developments, as soon as we receive any kind of information.

Kind regards
AirVPN Staff
 

The Android app seems to require a master password - this looks to (very often) block reconnection attempts (esp. overnight) leaving the phone without a VPN connection.

Is there a way to remove this requirement? Seems other VPN providers do not need it.

Thanks

On my Shield TV the difference in speed was a matter of 45mbit/s vs 35mbit/s.  Not that significant a speed increase with chacha20.  This using the same speedtest server, same VPN server, same port and protocol.  Only thing that changed was stream cipher.  AES-256-GCM vs chacha20.  But, perhaps my speed from that VPN server just never will be that high anyway.

Hello!
 
AirVPN is very proud to introduce for the first time ever OpenVPN 3 support for ChaCha20-Poly1305 cipher with Eddie Android edition 2.4.

The new implementation means remarkably higher performance and longer battery life for your Android device.

CPUs that do not support AES New Instructions, typically ARM CPUs mounted on most Android devices, are much faster to encrypt and decrypt a stream of data with ChaCha20 than AES. At the same time, ChaCha20 offers the same security when compared to AES.
https://en.wikipedia.org/wiki/Salsa20#ChaCha_variant

You can test right now the new cipher. We have prepared four test servers running OpenVPN 2.5 and supporting ChaCha20 in Canada, the Netherlands and Singapore. When you pick ChaCha20 as cipher in Settings, Eddie will filter properly Air VPN servers to let you connect to them.
 
The outstanding feature has been made possible by AirVPN implementation on "OpenVPN AirVPN" of new directives, never supported before by OpenVPN 3, as well as a brand new, rationally re-engineered class for AEAD ciphers, which currently includes both AES-GCM and ChaCha20. Development of OpenVPN 3 will go on during the next months. Here's the current status:
 
Eddie Android edition available languages are: Chinese (simplified), Chinese (traditional), Danish, Dutch, English, French, German, Italian, Portuguese, Spanish, Russian, Turkish.

Eddie for Android is free and open source software released under GPLv3. We invite you to check from independent 3rd parties lack of trackers code signatures, for example here: https://reports.exodus-privacy.eu.org/en/reports/search/org.airvpn.eddie

You can download Eddie Android 2.4 apk directly from our repository:
https://eddie.website/repository/eddie/android/2.4/org.airvpn.eddie.apk

You can also download it from the Google Play Store:
https://play.google.com/store/apps/details?id=org.airvpn.eddie

and in Amazon Appstore:
https://www.amazon.com/Eddie-AirVPN-official-OpenVPN-GUI/dp/B07KTD6DH9/ref=sr_1_1?keywords=eddie+airvpn
 
Source code is available in GitLab:
https://gitlab.com/AirVPN/EddieAndroid/
 
How to enable ChaCha20 on the Data Channel

Open "Settings" view, then open "AirVPN". Locate "Encryption Algorithm", tap it and set "CHACHA20-POLY1305", then tap "OK".

 
New in version 2.4:
 
Updated native library to OpenVPN 3.3 AirVPN ChaCha20-Poly1305 support on both OpenVPN Control and Data channels Support by OpenVPN 3 AirVPN of ncp-disable directive integrated in the app according to the cipher suite picked by the user For new features complete list, please see the changelog at the bottom of this post   Main features:
  Free and open source OpenVPN GUI based on "OpenVPN 3.3 AirVPN" Complete ChaCha20, AES-GCM and AES-CBC support The only Android application officially developed by AirVPN Robust, best effort prevention of traffic leaks outside the VPN tunnel Battery-conscious application Low RAM footprint Ergonomic and friendly interface Ability to start and connect the application at device boot Option to define which apps must have traffic inside or outside the VPN tunnel through white and black list Localization in simplified and traditional Chinese, Danish, English, French, German, Italian, Portuguese, Russian, Spanish, Turkish Full integration with AirVPN Enhanced security thanks to locally stored encrypted data through master password Quick one-tap connection and smart, fully automated server selection Smart server selection with custom settings Manual server selection Smart attempts to bypass OpenVPN blocks featuring protocol and server fail-over Full Android TV compatibility including D-Pad support. Mouse emulation is not required. Enhancements aimed to increase accessibility and comfort to visually impaired persons AirVPN servers sorting options Customizable "Favorite" and "Forbidden" servers and countries OpenVPN mimetype support to import profiles from external applications Multiple OpenVPN profile support. The app now imports and manages multiple OpenVPN profiles Support for custom bootstrap servers Support for favorite and forbidden countries AirVPN broadcast messages support User's subscription expiration date is shown in login/connection information The app is aware of concurrent VPN use. In case another app is granted VPN access, Eddie acts accordingly and releases VPN resources Optional local networks access. In such case, local network devices are exempted from the VPN and can be accessed within the local devices Localization override. User can choose the default language and localization from one of the available ones Favorite and forbidden lists can be emptied with a single tap VPN Lock can now be disabled or enabled from settings VPN reconnection in case of unexpected OpenVPN disconnection. (It requires VPN Lock to be disabled) User can generate an OpenVPN profile for any AirVPN server or country and save it in OpenVPN profile manager Server scoring algorithm implementing the latest AirVPN balancing factors in order to determine the best server for quick connection Network name and extra information are shown along with network type Device network status management
Kind regards & datalove
AirVPN Staff

Changelog 2.4 (VC 26) - Release date: 30 July 2019 by ProMIND  [ProMIND] Production release
Changelog 2.4 RC 1 (VC 25) - Release date: 26 July 2019 by ProMIND [ProMIND] OpenVPN 3.3 AirVPN fork synchronized to master OpenVPN branch [ProMIND] Native library dependencies updated to the latest releases [ProMIND] Minor bug fixes
ConnectAirVPNServerFragment.java [ProMIND] connectServer(): pendingServerConnection is now properly cleared. This prevents a double call from onAirVPNLogin event (user login + user credentials loaded from AirVPN server) in case of a pending server connection going on
Changelog 2.4 beta 1 (VC 24) - Release date: 19 July 2019 by ProMIND [ProMIND] Updated native library to "OpenVPN 3.3 AirVPN" supporting CHACHA20-POLY1305 cipher and ncp-disable profile option (forked from OpenVPN:master 3.2 qa:d87f5bbc04) [ProMIND] Updated default manifest to V256

airvpn_server_listview_item.xml [ProMIND] added a new layout for showing server's warning_open field

AirVPNServerProvider.java  [ProMIND] Added cipher filter according to user settings

AirVPNServerSettingsActivity.java [ProMIND] Added encryption algorithm option for AirVPN servers

AirVPNServer.java [ProMIND] Added class members to comply to Manifest V256

AirVPNServerGroup.java [ProMIND] New class for manifest V256 handling

AirVPNUser.java [ProMIND] getOpenVPNProfile(): profile generator uses "cipher" and "ncp-disable" according to the user settings [ProMIND] getPasswordDialog(): soft keyboard is shown by default [ProMIND] loginDialog(): soft keyboard is shown by default

CipherDatabase.java [ProMIND] New class for manifest V256 handling

ConnectAirVPNServerFragment.java [ProMIND] Show a warning in yellow in case server has a warning_open status [ProMIND] Servers are now filtered according to selected encryption [ProMIND] searchDialog(): soft keyboard is shown by default
ConnectionInfoFragment.java [ProMIND] Added cipher name and digest to info box

OpenVPNTunnel.java [ProMIND] Added method getProtocolOptions()

QuickConnectFragment.java [ProMIND] Show user selected encryption in status box

SettingsActivity.java [ProMIND] Added encryption algorithm option for AirVPN servers

SettingsManager.java [ProMIND] Added methods getAirVPNCipher() and setAirVPNCipher()

SupportTools.java [ProMIND] Changed AIRVPN_SERVER_DOCUMENT_VERSION to 256 [ProMIND] editOptionDialog(): soft keyboard is shown by default

VPN.java [ProMIND] Added class members cipherName and digest

Hello!

We are very glad to inform you that our OpenVPN 3 development is progressing swiftly. Today we implemented directive ncp-disable which was still unsupported in OpenVPN 3.

https://github.com/AirVPN/openvpn3-airvpn

The directive is instrumental to allow clients Data Channel cipher free selection between those available on server, when ncp-ciphers is declared on server side, and keep at the same time total backward compatibility. Since when we implemented ChaCha20-Poly1305 https://airvpn.org/forums/topic/43850-openvpn-3-development/ on OpenVPN 3 Data Channel, "ncp-disable" has become a priority to provide servers and clients with maximum flexibility.

We can therefore leave total freedom to clients to pick between AES-GCM, AES-CBC and ChaCha20 while preserving full backward compatibility.

Clients with AES-NI supporting processors will prefer AES, while clients running on CPUs without AES-NI, for example most ARM CPUs, will of course tend to prefer ChaCha20.

We are working hard to bring you first and foremost a new Eddie Android edition beta version to let you test ChaCha20-Poly1305 on your Android devices as soon as possible. All internal tests both with ChaCha20 and ncp-disable have been fully successful so far. Fingers crossed, maybe you will see a beta release as early as next week.

UPDATE: Eddie Android edition with ChaCha20 support on both Data and Control Channel is now available 
https://airvpn.org/forums/topic/44201-eddie-android-edition-24-beta-1-released-chacha20-support/

https://github.com/AirVPN/openvpn3-airvpn
Changelog 3.3 AirVPN - Release date: 13 July 2019 by ProMIND - [ProMIND] [2019/06/02] Forked master openvpn3 repository 3.2 (qa:d87f5bbc04) - [ProMIND] [2019/06/06] Implemented CHACHA20-POLY1305 cipher for both control and data channels - [ProMIND] {2019/07/10] Implemented ncp-disable profile option

Kind regards and datalove
AirVPN Staff
 

Very interesting read, if true.
https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/

https://bgp.he.net/AS268581

Ok, looks like shellcmd does work, I just had it setup wrong.

Using:
route -q add 10.4.0.1 `ifconfig ovpnc1 | grep "inet " | cut -d ' ' -f 4`

as the command and setting it to run afterfilterchangeshellcmd updates the route table to use the correct gateway and interface if the VPN IP changes.

Hopefully, this will be of value to anyone else who has run into a similar issue.

First, I apologize if this has already been addressed, but I searched the forums and how-to guides and couldn't find an answer.

I'm using pfsense with dnsmasq (DNS Forwarder).  In my General Setup, I set the DNS server to 10.4.0.1 and select AirVPN as the gateway.  Unfortunately, this doesn't seem to work as the AirVPN "gateway" is the same as my AirVPN IP address.  If I look at the route table, it adds an entry for 10.4.0.1, but sets the netif to lo0 instead of the appropriate ovpnc#, resulting in DNS queries not working.

If I set the gateway to none and manually add the route to the gateway (my AirVPN IP address with the last by replaced with .1), everything works.  Obviously, this is a routing issue, but I can't figure out how to get pfsense to correctly enter the route into the routing table.

I know I can use unbound (DNS Resolver) and that does work.  I also know that I can push AirVPN's DNS server to clients and that also works.  However, I've been using dnsmasq for the last 18+ months with a different VPN provider without any problems.  However,  I am evaluating switching to AirVPN as I like many of its other features/functions (and cost!) much better than my current VPN provider.  As of now, everything else I've setup works great with AirVPN except for this 1 annoying issue.

So...is anyone else using dnsmasq?  If so, how did you solve/workaround this routing issue?

Hello!

On April 2018 we made an important step forward: we began to accept Bitcoin directly, through no intermediaries at all.
 
Today, we're very glad to announce that we are able to accept directly more cryptocurrencies. In alphabetical order:
 
Bitcoin Bitcoin Cash Dash Dogecoin Ethereum Ethereum Classic Litecoin
Any intermediary acting as a payment processor is no more required.
 
As we wrote in 2018, we stll feel it as an additional, important step forward in privacy protection. Moreover, cutting out any intermediary is very coherent with cryptocurrencies spirit and unleashes their potential.
 
Kind regards and datalove
AirVPN Staff

I'm the author of Passepartout and "adware junk" made me sincerely smile.

The app recently went from free to paid because it's how I cover a (very) minor fraction of the costs. Not to mention the time I invest(ed) on it, which is far beyond the little money I get from the app. Also, Passepartout has been free as long as I haven't deemed it stable enough to ask people to pay for it. For one, the reviews are 100% legit.

It's a strange world where one's guilt is being paid for his hard work.

Anyway, I believe that AirVPN users would love an integration with Passepartout.

We agree, when AES-NI are supported. Note that some processors do support AES-NI but the system doesn't use them (examples: AES-NI disabled at BIOS level; OpenSSL or other SSL library not properly compiled).

Also see https://tools.ietf.org/html/rfc8439#appendix-B
(however note that the comparison is made between AES-128-GCM and ChaCha20 but a more correct comparison would be with AES-256-GCM because of the 256 bit key size of ChaCha20).

Not only the appendix but also important considerations in the introduction and later.

Kind regards
 

Hello!

We're very glad to inform you that AirVPN has begun to actively contribute to OpenVPN 3 development.

Our first goal has been adding support for ChaCha20 cipher with Poly1305 as authenticator on OpenVPN 3 Data Channel.

ChaCha20 is a stream cipher developed by Daniel J. Bernstein which combines strength and remarkable performance. https://en.wikipedia.org/wiki/Salsa20#ChaCha20_adoption

When compared with AES-GCM, ChaCha20 offers significant computational relief to all AES-NI non supporting processors, such as ARM processors.

ARM processors, routinely used on very many tablets, smart phones, media centers, smart TVs and routers, will get great benefits from OpenVPN with ChaCha20. Our tests show that CPU load caused by ChaCha20 on recent ARM 64 bit processors is at least 50% less than AES-256-GCM, on equal terms, which translates into dramatic performance boost and longer battery life (if you have ever tested Wireguard on an ARM based device you know what we mean).

OpenVPN 3 is a client library. However, OpenVPN 2.5, which is currently in beta testing and includes all the necessary servers features, supports ChaCha20 on the Data Channel. Therefore, making OpenVPN 3 with ChaCha20 available to our users and allowing a real life test will be a matter of days. We will progressively release beta clients for Android, Linux, OpenBSD and FreeBSD, in this order. We are considering a porting to OpenIndiana as well.

Internal alpha testing has concluded successfully. We have already pulled a merge request to OpenVPN 3 main branch, to let the whole community take advantages from our code, and let OpenVPN developers merge the new code into the main branch if they wish so. https://github.com/OpenVPN/openvpn3/pull/78

Implementation has been designed, developed and programmed for AirVPN by ProMIND, who is also Eddie Android edition developer.

Stay tuned, more will come!

UPDATE: https://airvpn.org/forums/topic/44069-openvpn-3-development-by-airvpn/

The above linked topic is now the central thread to discuss anything related to OpenVPN 3 development and testing.

Kind regards and datalove
AirVPN Staff

Looks like pfsense openvpn directives.  They really have nothing to do with being unable to torrent. 

If the VPN works properly with other activities then there's surely just something wrong with your torrent client setup.  Even if port forwarding isn't setup properly you should still be able to download.

The issue has been already explained: the keys and the internal IP addresses are all on the server, and they are on every and each server. They can be used to correlate specific targets and disclose their identities, while on our current setup that's not possible.  It makes a world of difference when you consider threat models in which VPN users are specifically targeted. Maybe you don't understand the importance of this menace because you wrote:
 
which is correct in our setup, but incorrect in Wireguard setup. The attacker CAN get the internal IP address via WebRTC for example and:
1) in our setup he/she does not correlate the internal IP address with the client key
2) in Wireguard setup he/she does

Once that's done the attacker may obtain legally (via a court order) the payment data of the user because it can ask us which user is linked to a single IP address (and also the user key for subsequent forensic evidence). Since the VPN IP address is static and unique, we would be of course forced to comply.

We wish to underline for the last time that the problem has been acknowledged by developers and we had been told that it would be resolved.

Kind regards