Sakata

Sorry to bump an old thread, but is there any update to this?

Pacific Northwest USA (Seattle and Portland in particular) would be ideal places for AirVPN to add a new server or three.

I'm aware of the Vancouver servers, but having a US IP address from that region would be useful.

Most days, yeah it's not too bad from California, but it's still not as good as it could be from Las Vegas, Portland, Boise, or Seattle, especially if you're someone who lives far in the northwest (like IN Seattle). All I'm saying is that perhaps it would be a good, viable option for them and their customers. 

Whats wrong with the servers in California and Texas? Ping should only be 40-80ms there. 

Hello,

I wanted to offer my suggestion of potentially adding at least 2 servers to the northwest area of the United States, such as Seattle, Boise (which is a good center of the northwest), Las Vegas, or some other cities. 

I know that a few other VPN services offer servers in both Seattle and Las Vegas, and it would greatly benefit those of us in this area. 

Thank you

I will never trust Apple as long as I live. That's for many reasons over the years, but just as an example of why I hate them so much now...

I have just wiped a Macbook Pro ready to sell it. I made my own bootable USB installer for Catalina. I booted to recovery volume, then formatted the internal SSD, competely wiped clean

I then installed Catalina for the next owner. During the setup I decline all the crap, Siri, network setup etc. I actually ticked "this computer does not connect to the internet".
Catalina finished installing and loaded up into the fresh account. I then see it wants to install updates. How? It isn't on the internet?! YES IT IS. It has turned on WiFi and connected to my WiFi WITH a very secure password. Now I am thinking, how the F*CK does it know the password to my wifi? Where did it store that info if I formatted the internal drive? What if the new user drove to my house and sat outside, he could F*CKING connect to MY wifi?!

Someone blow up Apple, PLEASE!

@OpenSourcerer

1) Sure. That's where the kernel filtering table may save you, while a filtering method based on the API itself can't. Proof of concept to exploit the NetworkExtension exceptions exist since months it's not FUD. Of course future research might find even newer methods and Apple decision to cancel those exceptions might even be related to security considerations, more than customer's respect. But even without those possible exploits, the behavior has been highly criticized by many Apple customers and is rightly seen as not acceptable..

2) Yes, it was a very risky move by Apple, and no surprise they have moved away from that after a few months. On top of that you need to consider all the other 50 apps which may expose your real IP address involuntarily to the other end, not necessarily Apple, which is always a very bad thing  The expansion of the attack surface with such a decision was remarkably high.

Kind regards
 

I have been researching privacy stuff for years. Yes I saw a few of Knudsen's videos, pretty good basic round up especially for beginners. But there is SO much more Apple does now which he (and nobody else) covers. I honestly dont think many people realise just how sneaky Apple are being lately. In a word, BASTARDS.

Heads up: Last I heard, Apple robbed the system interfaces Little Snitch uses of its teeth. Some Apple services, including telemetry, are unblockable with this on Big Sur and up.

Hi. Running an older (2013) Mac with Mojave. Now using Eddie version 2.19.6 as instructed on home page. Eddie keeps giving me the same pop up after I log in. (attached) Had it running well before with 2.18.7, so something must have changed. Suggestions?
Thanks! Tim 

To be helpful to me, and to others, can you clarify what Arch is and what Stunnel is? And how to use it with Eddie, preferably on a Mac.

sorry,
Arch is Arch Linux a Unix-Like distribution
Stunnel

you can't use on Mac unless you install the distribution on it

for Stunnel I think may be is in mac package, check your Eddie logs

Stunnel for Mac

Hey guys.

Forgive me if this information is already available. I did have a search, but not so easy via mobile.

So I keep my network lock on with Eddie, I didn’t think it worked outside of Eddie. But Eddie has for some reason been growing unstable on my Mac. (Not over builds even, just the last couple of weeks.) takes an increasing age to boot and will hang, waiting for the raise system privileges box to ask for my password. Then sometimes hangs for over 10 minutes after with the little black Eddie boot box just still saying “Raise System privileges”.
now I can’t even get it to boot after this even after 20mins and counting.
However I can’t access the net on my laptop to more easily try downloading again or troubleshooting.
🤦🏻‍♂️ Ha.

- running on Mac OS 10.15.7


So I’m seeking advice on how to disable network lock in terminal, if anyone knows the command, until I can sort this.
As well as any extra knowledge as to my issue anyone may have?!

much appreciated!

I am trying to find a solution for the issue of blocked AirVPN servers by Amazon Prime Video. Could somebody help me out with an iptables based solution to circumvent vpn and connect directly to their (Amazons) servers (but still routing all other traffic through the vpn tunnel)? Currently I am using:
iptables -I FORWARD -i br0 -o tun1 -j ACCEPT
iptables -I FORWARD -i tun1 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o vlan2 -j DROP
iptables -I INPUT -i tun1 -j REJECT
iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE vlan2 is my virtual interface for the wan port. What would be the best option to implement a target specific routing? I am running the AirVPN client on a ddwrt router.

Generally it is better to avoid US based VPN providers.
Especially shady ones like you mentioned, where they have a single /24 IP range
which they use for many of their locations,
 
fi1.vpn.goldenfrog.com
be1.vpn.goldenfrog.com
cz1.vpn.goldenfrog.com
pt1.vpn.goldenfrog.com
pl1.vpn.goldenfrog.com
at1.vpn.goldenfrog.com
 
They are all geolocating to US, so you are going to have "at least" geolocation issues.
 
Such providers with fake locations should be avoided in any case.

You provide Remote Port Forwarding, what is it?
 
"Remote port forwarding" forwards traffic coming from the Internet to our VPN server ports to a specified local port of your client.

By default, your account has no forwarded ports, and this is good as long as you don't wish to have a service reachable from the Internet. For example, suppose that you want to run a web server behind our VPN, or that you wish to receive incoming connections to your BitTorrent client in order to improve p2p performance, or to seed a file. Without at least one remotely forwarded port, your service could not be reached from the outside, because our VPN server would reject the proper packets to your service.

Usually this is a good security measure against attacks, but it prevents your services to be reached from the Internet.

When you remotely forward an inbound port, our servers will open that port (TCP, UDP or both, according to your selection) and will properly forward incoming packets to you on that port. The service will be reachable from the exit-IP address of the VPN server your system is connected to.

You can forward up to 20 ports simultaneously. You can do that on our website, in your account "Client Area". You can't forward ports lower than 2048.

You can map a remotely forwarded port to a different local port: this is useful for a variety of cases, for example when your service listens to a port lower than 2048 or when the port is already reserved. More details about it here below.

Once you reserve an inbound remote port for your account, you have two options:

1) Leave the "Local" field empty. In this case, packets arriving to the VPN server exit-IP address port n will be forwarded to your machine IP address inbound local port with the very same number n

2) Fill in the "Local" field with a different port number x. In this case packets arriving to port n will be forwarded to your system inbound local port x.

In both cases you need to reach the service on the VPN server exit-IP address port n.


IMPORTANT: do NOT forward on your router the same ports you use on your listening services while connected to the VPN. Doing so exposes your system to correlation attacks and potentially causes unencrypted packets to be sent outside the tunnel from your client. However, if you connect a router (for example DD-WRT, Tomato based firmware router) an additional step is required, please see https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/  
NOTE: you can't reach your listening service(s) through the VPN server exit-IP address from the very same machine that's running it/them and is connected to a VPN server, or from any other machine connected to that same VPN server.