LZ1

Hello!
 
Since you used the latest experimental, it would be beneficial if you reported it in the experimentals own thread and perhaps it'll be fixed in the next iteration .

Hello!
 
Welcome to the site!
 
If you're totally lost, you could start by skimming through the New User guide linked to in my signature. So you'll get an idea about how to use Air firstly.
 
Your goal isn't quite so clear though. Ideally you would pinpoint who or what you're trying to hide from. There's a difference between some marketeers and a three-letter agency .
 
Because if you really want to take things to Edward Snowden degrees of security, then you need to look at a lot more things, such as which OS you're using and why.
 
It's up to you in which order you choose to run Air/Tor. If you want to follow the first example in the next link, you run Tor first and then Air. Otherwise it's the opposite, if I'm not mistaken: There's Pro's and Con's.
 
In the end, you could check ipleak.net to confirm what address shows up.
 
You can't be stupid when you made the smart choice of coming here

If I'm not mistaken, you can see some or all the rules here already.

How To Guide For - AirVPN Using Mint/Ubuntu Network Manager
 
Read me: There are drawbacks to using this config method:
lack of user authentication input
lack of network lock feature
lack of easy access to stats, logs, preferences and config
Not tested on Ubuntu with Wayland server
The best method is to use AirVPN client “Eddie”
**Clarified an older post from VPNuserhello**
 
Tested in Mint Cinnamon 18x, & Ubuntu 16
 
Important: The user.key file contains the VPN login information of the user. This is private information. It is important the user re-locate this file to a secure location when setup is completed. In other words... hide it
 
There is normally no need to install openvpn as recent distros come with it pre-installed. Simple check using a terminal command
+ open a terminal window
+ proceeding the $ sign, enter the following command:
apt-cache policy openvpn
+ hit enter
Terminal will list the program as installed. If not, navigate to the system’s software center or package manager and install it there or use the terminal method
 
 Configuration
 
Navigate to AirVPN webpage (airvpn.org) and log in.
+ proceed to the “config generator” page.
+ select the OS/select protocol/select servers/select ‘generate’
+ download the .openvpn, the key and server files in .zip
+ remember the saved location, likely in ~/home/Downloads folder.
 
+ navigate to the network manager applet in the panel and select ‘edit connections’ near the bottom of the drop-down menu.
+ the network connections window will open.
+ select Add from this window. When a new dialogue window opens:
+ select OpenVPN from the drop-down menu
+ select Create
+ the configuration dialogue window opens   
 
+ keyboard in the name of the VPN connection in the top box. Ex: AirVPN
+ navigate to the configuration files location (Generated Cert) that were downloaded from AirVPN website.
+ open the AirVPN.zip file and right click the .ovpn file related to a server(s) the user wants to connect to
+ select ‘open’. The file will open in the default editor
+ /highlight/right-click/open
 
Once the file is opened there will be the gateway address (IP address) located next the word “remote” along with the port number at the end. If using UDP the port is likely 443.
+ highlight the IP address only - otherwise it will result in a failed connection
+ /highlight/right-click/copy or enter it manually
+ in the Gateway field box enter the IP address or /right-click/paste without the port number (443). Remember the port number for later
 
+ under the heading Authentication
+ in Type select “Certificates (TLS)”
+ in the ‘User Certificate’ field, select the ‘browse folder’ tab and navigate to the .crt files that were downloaded from AirVPN in the ~/home/Downloads folder.
+ select the ‘user.crt’ file, hit open and the field box is automatically filled in.
+ the remaining two sections are filled in using the same method. (‘ca certificate’ -ca.crt and ‘private key’ -user.key) Simply click the browse folder icon next to the entry field and browse to the download location.
+ next: select the ‘advanced’ tab
 
+ under the General tab select “use custom gateway port” and change it to the port number (ex: 443) in the .opvn file that was previously opened in the editor.
+ also select “use LZO data compression”.
+ select the ‘security’ tab from the header
+ select the ‘TLS Authentication’ tab. (near the bottom of the window)
+ select: “use additional TLS authentication”
+ under the “key file” entry, navigate to the ta.key using the browse file icon-the same location as the .crt files (~/home/Downloads).
+ in ‘key direction’ modify to 1. Select OK
+ that window will now close but the main ‘connections’ window remains open
+ the AirVPN entry should now be in the Network connections window under the VPN category.
+ select “save” on that window
+ select “close”
+ simply choose the “vpn connection” from the network manager applet drop down menu and the VPN will connect.
+ notice the network applet in the panel begin it’s connection process with a small ‘lock’ indicator. A notification window usually appears to advise of successful or unsuccessful connection depending on system configuration.
 
 
Additional
 
To configure ‘auto start’ of AirVPN simply follow this procedure:
+ open network manager applet. Select ‘edit connection’, select the connected network and select ‘edit’ tab
+ under ‘general’ heading tab:
+ place a check-mark in ‘automatically connect to VPN...”
+ select AirVPN from drop down menu
+ select “Save”
 
+ every time the user logs in, the VPN will start with the defaulted connection. Observe the network applet in the panel there will be a “lock” positioned in or near the applet indicating a VPN connection established. 

If you want a workaround to the current 2.14.0, edit AirVPN.xml and add the following option:
and retry.

I have found a solution to my problem. For some reason process priority for AirVPN.exe was set to below normal. Changing this to normal or something above normal solved my problem.

Hello,
I don't know about Manjaro but here is one way to install the client (if that's what you're looking for).
Download the package from the Arch User Repository:
 
https://aur.archlinux.org/cgit/aur.git/snapshot/airvpn-bin.tar.gz   Extract the package, go to the folder airvpn-bin, open a terminal and type “makepkg”. If all dependencies are fulfilled, a package is being created which is called airvpn-bin-2.13.6-1-x86_64.pkg.tar.xz.
 
In the terminal you have to type the command to install the package:
 
sudo pacman -U  airvpn-bin-2.13.6-1-x86_64.pkg.tar.xz   
 
Start the client by typing “sudo airvpn” into a terminal or via your menu → internet. You could also place a starter but I prefer starting in a terminal because I can follow if everything is working well.

The Tor guard circuit issue was fixed in the latest beta version of Eddie and confirmed to work.
Now Eddie sends a NEWNYM signal to Tor, which creates a new circuit.
That should end the little conspiracy theory here

Sponsored AirVPN guard nodes is the best conspiracy theory of the month, beyond any imagination
In fact most parts of Eddie are not involved directly in the underline subsystem of Tor, but that might change in
the future, since Tor had some changes recently that might worth to take in to account in the next releases.
Stay tuned for some official announcements when this might become available.

Hello!
 
We can't tell you what's best for you, because it comes down to your preferences. But we can look at some things:
 
Network Lock is Eddie-only. So if you want that kill-switch feature for your security when the connection drops, then Shimo may not be ideal. Eddie is FOSS software and therefore free, while it appears Shimo is commercial software and not necessarily open. For the 49€ Shimo costs, you could nearly get a 1 year Air sub. It seems Shimo is free until the next release. Eddie allows for easy changing of protocols and access to Tor while using Air. Eddie works on all major platforms, while it appears Shimo is MacOS-only. Eddie only uses OpenVPN, as that is the protocol Air prefers for many reasons. Which means it's not so important if Shimo supports all sorts of other protocols. Eddie has a highly specific purpose and so it seems it's more lightweight than Shimo, as Shimo caters to business clients too and so maybe it's less bloated. Eddie is going to become a client which is open for more than just Air. I'm not sure what you mean with setapp. As far as I can see, it's a subscription service. How would it then be "free" to use Shimo, when you're paying $10 dollars a month for the ability to do so?
 
I would ask why you wouldn't just use the same money on Air and then use Eddie. As otherwise you're paying twice it seems.
 
I'm also surprised you think the interface is unpolished. Perhaps you should check out some of the competitors? I suppose you need to decide what matters most to you: functionality or a pretty UI.
 
You're not forced to use Eddie either. Many people don't.

Hello!
 
My opinion is:
 
It's not a VPN. So it can't even be in the forum "Other VPN competitors or features" really and is not a competitor for Air, as it's an anti-blocking tool, not a VPN. So this is what I'll judge it on. It's developed by Brave New Software, which is based in the US. That's strike 1 against it. It's also by the US government. Strike 2. As stated on the above news link: "“Lantern is a tool to provide access – it is not designed to prevent monitoring,” - said one of the developers. Strike 3. The lack of information, such as *what* encryption, how it's implemented and the level of it, is bad. Security is not its focus. Things like "speed" are. Even the motto "Better than a VPN" is just misleading. Better at what? It may also serve to trick non-techy users into thinking VPNs are just for getting past blocks and nothing else. But never mind the list. If we're skeptical, any US-government sponsoring should probably immediately add 10 strikes haha. It reminds me of Radio Free Asia - also sponsored by the US government. Maybe it's just me, but perhaps if the US government invested the same amount of resources into their own problems, they might in fact have some moral high ground; instead of just a foxhole. Note that many (if not most?) VPN reviewers these days count it as a con if a service is based in the US - thus I do too here.

Just in time:
https://github.com/VerSprite/research/blob/master/advisories/VS-2018-001.md
 
[VS-2018-001] Shimo VPN Client for MacOS Root Privilege Escalation Vulnerability
01-29-2018 - Contacted Shimno Support
01-29-2018 - Contacted Mailbutler GmbH at support@mailbutler.io
01-29-2018 - Received automated response from support system
02-02-2018 - No response Shimno Support
02-02-2018 - No response Mailbutler GmbH
02-07-2018 - Advisory released
 
Looks like security is not their priority/interest.

Settings to do with NAT and similar are usually disabled .

Yup....in Global Rules...add this at the top of your Rules already defined....image example

where quad.mac is the mac address of your quad tap adapter found in Network Zones->quad.mac.
and where tap.mac or tapall.mac in Network Zones->tap.mac or tapall.mac zone which contains all your tap adapter mac addresses.

@LZ1 this should fix/resolve your problem.
Regards,
Flx

Hello! And thank you for your response.
 
You are right, it must be linked to that. We are no longer in a state of emergency, but a law has been made to keep the data flowing to french services anyway (though it was partly censored by the constitutional court, I don't know what it is looking like now). Yet if this is the only reason, I find that approach a little... naive. Yes it was decreed by law in France but since Snowden leaks we know well that the US do exactly the same unofficially... Oh well I'm sure AirVPN have its reasons. (Technical counter-measures they aren't allowed to deploy in France?)
 
I saw your link and I wonder if IPv6 could allow AirVPN to give each user a unique exit IP to defeat this new blocking strategy. Though they say AirVPN allowing to bypass geoblocking isn't one of their goals but a side effect, I think this new service would be a valid addition to their objective of protecting net neutrality.
 
Other than that, good news! I found an easy way to fix the problem myself (for now at least):
- Open "mycanal.fr" in Edge with the network logger on (F12 key)
- Start a stream
- Find what connection give back an HTTP error
- Whitelist the domain in question (if it has a number, use the command line "nslookup <domain>" to try and find every numbered domains that exists)
 
For MyCanal I found that:
- hss-m001-live-aka-canalplus.akamaized.net
- hss-m002-live-aka-canalplus.akamaized.net
- hss-m003-live-aka-canalplus.akamaized.net
- hss-m004-live-aka-canalplus.akamaized.net
- hss-m005-live-aka-canalplus.akamaized.net
- hss-m006-live-aka-canalplus.akamaized.net
- hss-m007-live-aka-canalplus.akamaized.net
 
Now the website is working. The MyCanal app works too, a good thing, otherwise using a software to trace its connections would have been tedious.
 
I hope it could help someone else.

Are you using any 3rd party security software perhaps?
 
Also, ports aren't the only thing which must be configured in a torrent client. You can refer to the New User guide in my signature and go to the guides section to find links on configuring torrent clients.
 
An easy mistake for instance, would be to forget to turn off port randomization in the torrent client. Thus changing the ports constantly. Which torrent client are you using anyway?
 
There's no need to thank me so much haha. We're a community, we help each other when we can.

Hello!
 
You're doing it correctly. You selected UDP 41185 in the image. Click save. Now simply connect or re-connect to a server.
 
You can then go to the Stats tab and confirm that the chosen protocol is in use.
 
If there's any other questions, then please feel free to ask.

Hello!
 
We can't tell you what's best for you, because it comes down to your preferences. But we can look at some things:
 
Network Lock is Eddie-only. So if you want that kill-switch feature for your security when the connection drops, then Shimo may not be ideal. Eddie is FOSS software and therefore free, while it appears Shimo is commercial software and not necessarily open. For the 49€ Shimo costs, you could nearly get a 1 year Air sub. It seems Shimo is free until the next release. Eddie allows for easy changing of protocols and access to Tor while using Air. Eddie works on all major platforms, while it appears Shimo is MacOS-only. Eddie only uses OpenVPN, as that is the protocol Air prefers for many reasons. Which means it's not so important if Shimo supports all sorts of other protocols. Eddie has a highly specific purpose and so it seems it's more lightweight than Shimo, as Shimo caters to business clients too and so maybe it's less bloated. Eddie is going to become a client which is open for more than just Air. I'm not sure what you mean with setapp. As far as I can see, it's a subscription service. How would it then be "free" to use Shimo, when you're paying $10 dollars a month for the ability to do so?
 
I would ask why you wouldn't just use the same money on Air and then use Eddie. As otherwise you're paying twice it seems.
 
I'm also surprised you think the interface is unpolished. Perhaps you should check out some of the competitors? I suppose you need to decide what matters most to you: functionality or a pretty UI.
 
You're not forced to use Eddie either. Many people don't.

Hello!
 
We can't tell you what's best for you, because it comes down to your preferences. But we can look at some things:
 
Network Lock is Eddie-only. So if you want that kill-switch feature for your security when the connection drops, then Shimo may not be ideal. Eddie is FOSS software and therefore free, while it appears Shimo is commercial software and not necessarily open. For the 49€ Shimo costs, you could nearly get a 1 year Air sub. It seems Shimo is free until the next release. Eddie allows for easy changing of protocols and access to Tor while using Air. Eddie works on all major platforms, while it appears Shimo is MacOS-only. Eddie only uses OpenVPN, as that is the protocol Air prefers for many reasons. Which means it's not so important if Shimo supports all sorts of other protocols. Eddie has a highly specific purpose and so it seems it's more lightweight than Shimo, as Shimo caters to business clients too and so maybe it's less bloated. Eddie is going to become a client which is open for more than just Air. I'm not sure what you mean with setapp. As far as I can see, it's a subscription service. How would it then be "free" to use Shimo, when you're paying $10 dollars a month for the ability to do so?
 
I would ask why you wouldn't just use the same money on Air and then use Eddie. As otherwise you're paying twice it seems.
 
I'm also surprised you think the interface is unpolished. Perhaps you should check out some of the competitors? I suppose you need to decide what matters most to you: functionality or a pretty UI.
 
You're not forced to use Eddie either. Many people don't.

A couple of days ago, BBC started blocking my VULTR VPS. I have tried installing new VPSes to check other IP ranges. And no luck.
 
  Or Usenet. There are some NZB indexers that are very good at finding obfuscated NZBs. For now not many DMCA type issues with these. And lots of releases available. Of course these indexers are private. So you have find a way to get invited. There's the rub.
 
I will miss being able to download straight from BBC. But I don't think it is worth the effort now to even try to find another VPS or VPN for this.

The testing group confirms it's fixed.

Hello!
 
Why did you wait so long while suffering in silence, instead of contacting support?
 
You could consider downloading the latest experimental client.
 
Otherwise you can try:
 
Disabling IPv6 on the different networking adapters, by going to their properties. Disabling and then re-enabling the TAP adapter, also in the networking section. In the TAP adapter settings there's also options for keeping it enabled at all times, which you may try. Make sure you're properly connected to your wired/wireless connection. Temporarily disabling any 3rd party security software that may be interfering. Different protocols, in the Eddie client. It would also have been helpful if you had told us what advice you had already tried, but no matter. But I commend you for attaching your logs and looking things up in the forum beforehand!
 
We'll get your problem fixed.

Hi,
 
isn't it exactly what Enigmail for Thunderbird and gpg has been doing since 2009 2001 (fixed by Staff ), and without binding you to a specific mail server, or am I missing something?
 
EDIT: no, it looks bad "The Bridge decrypts messages as they arrive in your computer and delivers them to your desktop email client. These local copies are stored on your computer, so the search features of your desktop client work normally and you can search within your encrypted emails." I would disable this option immediately (well, actually I wouldn't, because I use Enigmail or gpg directly) because if someone accesses my computer without my permission, he/she would not find sensitive e-mails in clear text, not even when the computer is on.

Hello!
 
192.168.0.0/16 is a private subnet. Devices already in the subnet are already in your private network, it would make no sense and it is would be also very challenging to route the local traffic onto the Internet just to receive it back in the very same private network. Why should you want to make a packet for your printer travel thousands of miles when it can travel a few meters and remain not exposed on the Internet?
 
If you mean, instead, that you want to access your local network from the Internet, and therefore create a VPN to share devices and resources which are inside your local network from external devices in a secured environment, then you need to setup a VPN server, so that all the devices (inside and outside your physical local network) will be connected to the same virtual private network... but this has little or nothing to do with AirVPN.
 
Kind regards

I have used ProtonMail for awhile now and love the security it brings! I was looking around on their blog and saw a story highlight ProtonMail Bridge. The app allows users to use ProtonMail with their favorite desktop application. Thoughts? I think it's pretty cool and might try it in a few days.
 
https://protonmail.com/blog/thunderbird-outlook-encrypted-email/