LZ1

Notre support ne pas parle pas Français par excellence, pardon.
 
Si lu probleme avec port forwarding, regarder ici dans "search".
 
 
// No google translate, did my best French here

OSX uses pf not iptables.
But something in that report seems a little biased for me.
First of all, if leak prevention is a priority, why the test was done without network lock.
Second, the funding entity - these tests were "sponsored" by IVPN, which surprisingly gave them highest scores.
Third:
https://vpntesting.info/For-VPN-Providers.html
 
 
Sounds it can be a little rigged and you can get different results if you bribe the tester. Not something I would expect from a neutral person.

Hello !
 
I once asked them about their servers and they weren't willing to give any real information. So in terms of a comparison, Air is much more transparent than ExpressVPN is; which matters a lot in terms of security.
 
Sent to you from me with datalove

I am not sure I agree with the notion of "overkill" but I do understand why some may feel that way.  Please allow me to expand on a means of setting a little "fortress" for you.  Your paradigm (OP) is pretty good but in order to protect yourself in the event even vpn2 disconnected you may try this suggestion:
 
(caveat:  I use 5 hops regularly including vpn's and tor so this is first hand not "theory".)
 
To provide protection from tunnel breaks and even malware consider adding another VM if you have decent RAM and a high enough end computer.  It would look like this.  You connect your host and NAT is fine if you want.   Use Eddie for network lock (although I use my own personal firewall settings) and to initiate tunnel wrappers on vpn1 if desired.  Next VM in "chain" connects to host via "nat" but add another adapter in that VM and name it whatever you want.  This VM connects vpn2 ONLY with no workspace ever used on it.  Now open the next VM, which contains the workspace and is only allowed to connect to that "special" adapter you just created in the vpn2 VM in front of it.  Your workspace VM cannot connect to any adapter except your "special" one, making the possibility of jumping directly to the host vpn or even worse the ISP's IP impossible.  In this model both the host and the vpn2 VM remain CLEAN since no workspace activities happen there.  You can create a snapshot of these VM's and keep them flawlessly clean pretty easily.  Now you could, but most won't, add TBB to the workspace desktop and surprise you are at 5 hops.  Even without TOR this model is 2 vpns that remain clean and the workspace VM can be maintained pretty easily.  We can build on this basic model if desired.  Elements like a bridge vs NAT and using 100% Linux would be good starting points.  I hope this makes sense, but if not ask and someone here will be glad to help out!
 
The connecting VM's above could be pfsense or openBSD or ???? which have some amazing control properties just for what you are wanting to do.  This model can be very easy, or you can take it to any level you want depending upon your threat model.

Is it possible you guys can make the network lock have an option in settings to be permanent instead of disabling itself when you exit the client? Some of us like that only VPN connections can be made at all times.

Hello!
 
That's most likely your TAP driver 9.21 speaking, OP. If you check the Eddie log you'll see which one you have. I suggest trying a different driver, as per the stickied thread in the troubleshooting forum . (The link andeby gave you. He beat me to the punch haha).
 
Sent to you from me with datalove

Hello!
 
That's most likely your TAP driver 9.21 speaking, OP. If you check the Eddie log you'll see which one you have. I suggest trying a different driver, as per the stickied thread in the troubleshooting forum . (The link andeby gave you. He beat me to the punch haha).
 
Sent to you from me with datalove

ClamWin if you use Windows. Couple that with Clam Sentinel.
http://www.clamwin.com/
http://clamsentinel.sourceforge.net/
 
And if you use a better and far more secure OS like any of a thousand varieties of Linux or Unix, you need not even think of these malware problems. But there is still ClamAV there. Get it through your package manager for you build of Linux/Unix.
 
And for the few wondering why I suggest this AV? Frankly 99% of AV out there is its own form of malware. Clam is different in that it has no premium version, never asks you for login information, and never even has the possibility for you to pay one single (insert smallest unit of your currency here.)
 
All commercial AV will flag "cracked" executable as malware even when they are clean. Not Clam. Clam only flags real malware as malware.
 
And before we derail entirely, "cracked" executables are a good thing. I buy my games, but sometimes they do not work. Stupid DRM is what I presume is the problem first. So I change out the executable for a clean one and most of the time it works.
 
And for the Windows people, Clamwin is a passive program. You use it only when you need it. It does not feature any bloated mess of a background scanner, and does not dare to try to prevent you from doing anything. Clam Sentinel is a third party background scanner for the people that want that.

Hello !
 
I've been waiting on you to make this thread ;D. I suppose the problem is that the VPN industry has no official standards; which leaves users with the responsibility to select the best service, even though this might as well be done at random, if you don't understand any of the technical terms. As you've frequently said Zhang, a lot of VPN services are plagued by the 4 horsemen of poor practises: overselling, dishonesty, not transparent & poor technical standards.
 
It's a shame when a VPN providers website design is better than their service, isn't it haha.
 
You once said something to the effect of that VPS servers are not in themselves the problem; the problem is when you're not honest to your customers about using them. Perhaps that's worth adding
 
I'd love to co-opt a guide with you on determining if a VPN service is good, but I don't know if anyone would even read it lol. I mention this because you state that one should double & triple-check a providers reputation, but I think many people aren't sure what to really look for, except superficial indicators such as "download speed" or number of countries covered; wherein it's quite possible to find 5-10 comments saying " yea it's really good!".
 
Thanks for the link.
 
Sent to you from me with datalove

So, without further ado, I recommend you to read this thread:
 
https://www.reddit.com/r/VPN/comments/4x2t3g/nordvpn_issue_servers_down_and_other_servers/
 
 
While I have nothing against that particular service, or any other competitive services for that matter,
I am against the approach of some VPN providers picking as many exits as they can, even in countries
where they cannot physically own a dedicated server, and advertising that as a truly dedicated fair-share
VPN node.
If you read my posts before, I used to expose such marketing tricks in the past and I will try to do that in
the future, since if the VPN providers cannot be transparent enough, it's the community power that will
force them to be more transparent, or expose such bad practices.
 
This is a great example why datacenters and countries should be picked, and thoroughly tested carefully
before offering the node to the public, as well as why it doesn't mean that the more flags you have in the
statistics page, the more it means your provider is better, or has better country coverage.
 
Most VPN providers that rely on VPS services and not real servers will fail one day or another, so the real
take-away you should have from this story is, double and triple check the reputation of your VPN, before you sign up.

You're most welcome .
 
Beyond the tips already provided in my guide in the troubleshooting section or trying out the latest TAP driver, no not really, unless you want try out more involved things.
 
I don't know which driver you installed, but as giganerd shows on around page 3 or 4 of that thread, there's a newer version out - compared to if you just went by what was shown on page 1. Please feel free to test different ones to find out what's suitable for you. The latest experimental version of Eddie already comes with the newest one automatically as well.
 
Depending on what you're trying to accomplish, it's also good to take a closer look at which servers you use. Giganerd for instance, has found that specific servers work particularly well for him, due to his ISP or some such having closer ties to certain other ISPs/countries. BGP routes.
 
You can do a speedtest by downloading a Linux distro, such as Ubuntu, if you want a perhaps more realistic take on your speeds; as opposed to only using the AirVPN speedtest . However if you're torrenting for instance, you should definitely look into some port forwarding, as it'll most definitely help your speeds. Since you're new, it's worth mentioning that not all VPNs accept torrenting/P2P, but AirVPN does and it also rejects any DMCA requests, so you're safe.
 
There's of course many more tweaks you can try; all of varying levels of difficulty. For instance, maybe your router isn't so good or perhaps there's other things interfering with your connection. That's up to you to find out and get involved with, if you desire. But feel free to ask around if you need help.
 
Welcome to AirVPN
 
Sent to you from me with datalove

Hello !
 
It seems you still have TAP driver version 9.21, so I recommend trying out other versions. Simply go to the top of the troubleshooting forum, to find the thread that mentions TAP drivers in the title.
 
Big +1 for posting logs in spoilers!
 
Sent to you from me with datalove

Hello!
 
In general that's correct, but remapping ports will make torrent clients unreachable because they announce to trackers and DHT their internal settings configured port (of course) while the VPN server will listen to a different port. So, in this particular case, remotely forwarded port and local port must have the same number.
 
For people running a torrent client behind the VPN, a good solution against various menaces inferred in this thread would be changing the listening port at each session. It takes a few seconds in the account control panel in our web site, and no "ports history" is ever recorded. Obviously if your threat model involves only private copyright trolls and similarly deranged persons, that would be not even be necessary.
 
Kind regards

P.S. We changed the topic title because the previous one was demented.

You provided too little information to answer this question.
A firewall can do various tasks, everything from security (whitelist/blacklist) to connectivity (forwarding/bridging).
What do you want to accomplish?
 
If the goal is making your machine unreachable from outside, that is already done as soon as you connect to the VPN.
If the goal is making sure no traffic can go out bypassing the VPN connection, network lock takes care of that part.

Hello!
 
We can reproduce this issue and at a first glance it might be a Mono 4 bug. To circumvent it, do not try to connect to any server until the "latency tests" are complete. To see the status of such tests click the "Stats" tab and look at "Pinger stats". If they are stuck at 2 or 1 to go, double click on "Pinger Stats" and you should see that the tests are re-started and completed in very few seconds.
 
The developers have worked hard to circumvent the numerous bugs in Mono 4 (especially. but not only, in WinForms) but some intrinsic bugs are impossible to bypass completely. For this reason, the developers have planned a massive migration to GTK+ (especially for the UI) for Eddie "branch" 3, at least in GNU/Linux.
 
Kind regards

I love AirVPN. I just paid for a year after trying a few different VPNs for a month each. The one time I had an issue with the service, their tech support was incredibly helpful and helped me fix the issue right away.

Yes, that's what AMS-IX is, except the "non-profit" part. Someone with a nice sense of humor probably wrote this wiki page.

Hello !
 
Maybe you should check out this previous topic: https://airvpn.org/topic/16841-port-forwarding-safe/
 
That's what I'm thinking. I knew I had linked to it in my guide, so I went digging lol. In the security section.

 
Sent to you from me with datalove

As you can see, our datacenters technical requirements are quite high.
 
Kind regards

Hello !
 
Maybe you should check out this previous topic: https://airvpn.org/topic/16841-port-forwarding-safe/
 
That's what I'm thinking. I knew I had linked to it in my guide, so I went digging lol. In the security section.

 
Sent to you from me with datalove

This happens sometimes, the solution would be just using another server from the 160 available ones.
Google never explains what "unusual traffic" means, so there is nothing much to fix. But they lift those
blocks usually after a few hours/days, so it's entirely up to them.
 
Another great search engine without such BS is called DuckDuckGo.com, you should try it.

One issue some people may not have taken into account. The forwarded port need not be unique. I am struggling to find the right words to explain this. So bear with a little example.
 
If you forward port 12345, that is on your side only. On AirVPNs side it can be any port. It is just port 12345 to you when air passes it to you or passes it from you. (It is stamped on the packet, but not an inflexible rule that it must be that port everywhere, or else every network would fail as soon as it has a conflict.)
 
So to you it may be 12345, but to AirVPN, it may be 60012 or 4354 or any other number. The VPN still knows to route it to 12345 for you, but it still goes via the designated port for the VPN tunnel, despite the rule you made for forwarding it to you. For instance, if you have Eddie setup to use UDP 443 to establish the connection, your 12345 content still arrives on UDP 443. Once it arrives, your side just pretends it is for 12345. This works, but no-one in between the sender and receiver has to even know about it other than AirVPN. And even that last part is debatable since the VPN encapsulates the packets in new packets, and until they are received, no system other than sender and receiver have any idea what port it belongs to.
 
So what dangers does port forwarding present? None at all more than using different ports in different applications like you already do.

Hello !
 
Maybe you should check out this previous topic: https://airvpn.org/topic/16841-port-forwarding-safe/
 
That's what I'm thinking. I knew I had linked to it in my guide, so I went digging lol. In the security section.

 
Sent to you from me with datalove

Well I think that's silly, unless.... You take a look at the media landscape. I don't think it's unreasonable, for instance, to have reservations against how the big media companies act. After all, if this entire copyright issue was an isolated one, then maybe it wouldn't matter. But the fact of the matter is, it affects societies around the world quite a lot, when lobbyists from the Entertainment Industry affect new laws in countries across the world. Leading to, in no particular order, things such as:
​Increased surveillance. Both on the internet and off. Meaning it increasingly becomes a human rights issue, as surveillance impacts democracy, which impacts how we live. ​Increased restrictions on devices which we are supposed to own, because we bought them & when we didn't buy them, we use them; such as the software in all manner of trains, vehicles, powergrids and more. DRM, in other words, which if nothing else, makes "closedness" acceptable and even expected, instead of openness. ​Increased levels of resources expended by societies to police these things. Meaning that you're diverting likely limited resources away from dangerous crime, to copyright crime. Such as when a guy in Sweden was apparently arrested for running  a free Swedish subtitling website, where volunteers could add subtitles for various movies. You'd think this would be in the interest of the rights holders, as it's basically free-localization and thus more people can get word of their movies and perhaps move to buy them. But nope. ​Increased or potentially increased, levels of corruption; it's very easy to pay off a Politician or some other high-up figure to back the cause of the Entertainment Industry. ​Decreased ease with which people from all over the world can get access to culture, knowledge & different points of view. After all, soon you might require a login for the web; they'd surely like that. ​ ​Decreased user-friendliness, such as when DRM becomes so restrictive that pirates have an easier time playing a game than someone who actually bought it. ​Increased risk for the users. The Sony example is good; Sony shipped CDs which had malware on them, in an attempt to control its property. ​So I have to say, whether ideologically rooted or not, there's at least some pragmatically-oriented things which become objectively worse, if everyone simply complies with the wishes of the Entertainment Industry and their copyright wishes; at least for everyone else who doesn't happen to be a part of the 10% perhaps. It's not just about movies or songs or games. It's fundamentally more about who has control over how we choose to live. How for instance, can it be, that it's so difficult to get access to hardware which doesn't spy on you or is otherwise closed? Well I'm sure that one of the reasons is that the rights of corporations are valued more than the rights of individuals and societies. So I think while "piracy" gets a lot of attention, the issue is larger still and is just another cog in a larger battle.