LZ1 reacted to foxmulder in Looking for fast Server (EU) that goes beyond 30-40MBit ...
Setting the correct MTU with the command "mssfix" can also improve speeds significantly. You have to add it in the "OpenVPN Directives" section in the Eddie client.
See here for more information:
In my case, i determined a MTU of 1432 with the ping command, as described in the article linked above. Therefore, in entered "mssfix 1392" in the Eddie client. This improved my speeds even further, along with modifying the buffer sizes, as "LZ1" already pointed out.
LZ1 reacted to Staff in Looking for fast Server (EU) that goes beyond 30-40MBit ...
Well, it's impossible to tell, because the client uses the round trip time between the node it runs into and the VPN servers as one of the parameters for the rating, so it heavily depends on the location of the client. In our previous message, when we said that those three servers became the best servers "for the client", we were imprecise. That was true only for those who picked or white listed the Netherlands only. For anybody else, that was possible, but not certain
LZ1 got a reaction from foxmulder in Looking for fast Server (EU) that goes beyond 30-40MBit ...
As EdenSpire said: Click on the AirVPN logo in the top-left of the Eddie client, then go to Preferences & then the Advanced tab. Then set both TCP & UDP buffer size entries to 256kb, for faster speeds.
I also recommend avoiding German and Netherlands servers for a little while, as they seem to be having issues.
LZ1 reacted to Staff in Looking for fast Server (EU) that goes beyond 30-40MBit ...
You can check the "Status" page. At the moment in the Netherlands we have 3 servers down, out of 44. In Germany we have 0 servers down.
The problem arose because when those three Netherlands servers went down, the monitoring system failed in a peculiar way.
The servers obtained the highest ranking in the world and one of them became the "best" server for the client software, for the NL domain name, for the Europe domain name and for the Earth domain name. Their rating skyrocketed because their latency was low as usual, they could yell to our monitoring system that all of their bandwidth was available, that their CPU load was 0, and more (and everything was true... because nobody could get their traffic through). In reality they had problems with the OpenVPN clients, but not to prevent completely the connections (so we did not even get one of our alerts, "suspicious low amount of users in a single server").
The problem is momentarily patched but we will soon investigate to understand the reasons of this odd (and somehow funny...) failure of our monitoring systems.
LZ1 reacted to Staff in Eddie 2.11beta available ...
We're very glad to inform you that a new Eddie Air client version has been released: 2.11beta. This software has passed successfully internal alpha testing weeks ago, and finally passed internal beta testing now. It is ready for public beta testing and we consider it a Release Candidate of the 2.11 stable version. Anyway, remember that it's still a beta version, so if you don't feel adventurous you might like to stay with 2.10.3 (stable).
To download Eddie 2.11beta please select "Other versions" > "Experimental" from the download page.
UPDATE 30-Jan-17: version 2.11.15 stable has been released.
UPDATE 24-Jan-17: version 2.11.12 is available. No changes from 2.11.11, just a version revision to prepare distribution via repositories properly.
UPDATE 17-Jan-17: version 2.11.11beta RC8 has been released. Please see all the updates here:
The current Eddie status: a message from the chief developer
First of all, we apologize for the delay of this release.
We are working on two different versions of Eddie: 2.x and 3.x.
Eddie 3.x will have a new UI engine (also based on GTK+ under Linux, to drop Mono WinForms that are affected by a lot of unresolved bug) and a lot of new features. We plan to release Eddie 3.x soon, but it's not ready/stable yet, so we decided to port some of the new features back to Eddie 2.x edition.
This was the cause of the delay: a lot of features are totally rewritten (for example the OpenVPN directives manager).
We promise that next releases and bugfixes will be faster.
Biggest changes in Eddie 2.11:
- Latest versions of OpenVPN (2.3.11) and stunnel (5.32), built with OpenSSL 1.0.2h.
- A new Network Lock method under Windows (Windows Firewall not used anymore)
- A new IPv6 lock method under Windows
- A new DNS lock method under Windows
- Built with Mono 4 under GNU/Linux
- New ports/protocols available
- DPI-Aware UI under Windows. System fonts used both in Windows and Linux.
- Various bug fixes
- And so many other internal changes and minor UI updates.
Please see the changelog:
Windows users, please be aware that the new Network Lock method uses the WFP in persistent mode, so the Network Lock settings will survive even a reboot, when Network Lock is not disabled properly in Eddie. If you kill Eddie without grace, or Eddie crashes, just re-run it (even after a reboot) to cancel Network Lock. We might change this behavior according to your feedback.
Eddie 2.11beta for GNU Linux can be downloaded here: https://airvpn.org/linux
Eddie 2.11beta for Windows can be downloaded here: https://airvpn.org/windows
Eddie 2.11beta for OS X Mavericks, Yosemite and El Capitan only can be downloaded here: https://airvpn.org/macosx
PLEASE NOTE: Eddie 2.11.10beta package includes an OpenVPN version re-compiled by us from OpenVPN 2.4 source code with OpenSSL 1.0.2h for security reasons and to fix this bug: https://community.openvpn.net/openvpn/ticket/328
Eddie overview is available here: https://airvpn.org/software
Eddie includes a Network Lock feature: https://airvpn.org/faq/software_lock
Eddie 2.11 is free and open source software released under GPLv3. GitHub repository https://github.com/AirVPN/airvpn-client
Kind regards & datalove
LZ1 reacted to OpenSourcerer in Poor PIA ...
Ah, right. I never trusted them in the first place, so if nothing's there, nothing can break.
I will acknowledge your statement and believe it if those documents are publically viewable. So far I've not seen any of them, neither on their website nor on Reddit reporting about it nor in any news articles.
zhang is a special case, he is not an employee of Air.
LZ1 reacted to BobTool in Can't Connect to Any Server ...
I connected for the first time successfully today running on mac.
I cannot connect anymore (to any server), after shutting down the program after my first try. Every time
I try it halts upon reaching the display 'Checking route'. After then it shows 'Disconnecting',
and repeats the attempt to connect to a server ad infinitum.
Attached are my logs, any ways to fix would be greatly appreciated.
LZ1 reacted to OmniNegro in What is yor local file encryption routine? ...
If you need encrypted e-mail, use any client you want, but use GPG to encrypt the message. It is not hard, and if your recipient is half as smart as a potted plant, they can easily handle it. It does require a trivial bit of work initially to have each side make their own keys, and then to exchange public keys. But it is fully open sourced, and available on any platform I have heard of. And best of all, you can use this with a mail service that logs and offers zero encryption. It will still work just fine. And since the so called "intelligence" services around the world have been trying to break PGP for decades, I think you can rest assured that it is not going to break anytime soon. (GPG is short for GNU Privacy Guard. It is the Open Sourced compile of PGP, and is fully free to use in any way you like.)
LZ1 reacted to 4snosiucct in What is yor local file encryption routine? ...
When I surf the internet with my VPN accounts I use a Linux VM with LUKS and LVM. VM is encrypted with the virtualiation application as well as restrictions enabled on the VM. The VM has a base snapshot with all my applications configured for VPN. When I'm finished with my session, I revert to the snap shot. The VM and files are stored on an Aegis Padlock. The Padlock has a built in brute force protection to securely delete the encryption keys after 20 unsuccessful password attempts. I also have a secure wipe password that will securely delete the encryption keys if initiated. The VM itself is configured to only send and receive traffic through the VPN tunnel and to drop all traffic if the VPN connection fails.
When transporting secure information, I use Aegis Secure Key's. My personal Aegis key has a standard Veracrypt container and a hidden Veracrypt container. Contents of the outer container have a scanned copy of my DL, Passport, and a contacts list. My hidden vault has a digital copy of my birth certificate, ssl card, a couple of emergency bitcoin wallets, and AirVPN config files. The container is synced to 2 cloud accounts on a monthly basis.
As far as communications, I use Signal, Telegram, and Whatsapp (all end to end encryption) for txting/SMS, protonmail for secure end to end encryption email.
No Social Media Accounts.
LZ1 reacted to OmniNegro in What is yor local file encryption routine? ...
That article says they did not defeat the encryption at all. I will quote the important part here.
"In fact, one recent investigation by Vice News claimed that Canada's federal police has had the firm's global encryption key since 2010."
So they never had to even try. They had the key since 2010.
I am not going to bit your head off. But since you may be a bit out of your depth, let me help educate you on the sorted history of PGP/GPG.
Phil Zimmermann made PGP back in 1991 when encryption was plainly pitiful. At the time, it was strictly forbidden to "export" encryption stronger than 40 bits, because that was the amount that could be broken in an actionable amount of time. In fact, it was at the time considered to be "munitions". (Meaning weapons and ammo and such.) So allowing the world to have it would have been treason.
A number of cases have been tried around the world that depended solely on evidence claimed to be in messages encrypted with PGP. To date, not one has been decrypted without the password. AirVPN uses 4096 bit RSA as part of the encryption for the VPN. It has never been broken either. I do not think even 1024 bit RSA has ever been broken, but it is not used anymore since it is too weak relative to the trivial amount of work to make and use a larger key.
So I have to argue that it is secure because it has never been cracked. If you encrypt your content and I ask you the passphrase and you give it to me, then I did not crack it. I may have defeated it, but not in any way that could not apply equally well to any encryption.
Please do not hesitate to ask any questions you think of. I may be a bit crazy, but I would be very pleased to help you learn.
LZ1 reacted to OpenSourcerer in Airvpn software went down, got a warning ...
I can elaborate on that, in the hope it's interesting to know.
Spoken for movies, in Germany there are companies holding the licensing rights for all or a selection of movies of a certain film studio "on german soil". I think that's how it is in other countries as well. They also hold the rights for german synchronization of those movies. These companies are working with a bunch of law offices, well known names when it comes to file sharing, who in turn work with (in my opinion) doubtful tech companies (names you'd never hear in the wild ) which have nothing better to do than crawling through torrent sites and using DHT crawlers to find german IP addresses actively participating in sharing movies of the film studios mentioned above. When they find one, they note down every piece of information that could make the file sharer in question to confess. They ask the law office to ask the ISPs for customer information (since it's a matter of piracy, they usually cooperate). The law firm gets the information and sends out cease and desist letters to hundreds of houses a day. They just reuse the same template. The letter basically says this: You pay a fixed fine and send over a declaration to cease and desist and you're out; if you don't, you get sued.
Now in Germany, sending these letters the way they do it is a legal grey area. They are compared to spam because they're sent out rapidly with a money request in order to scare people into paying and threatening them with legal consequences if they don't. They normally append a pre-written declaration to cease and desist so you can just sign it and "all is well". Truth is, it's written in legal language and phrases your immediate loss in any case to come. Whatever is written in this letter with your signature on it, it has legal validity while the fine has no validity at all. So in Germany, you usually write a modified dec to cease and desist, saying only that you're not going to ever touch a BitTorrent client again in the future or something like that (in legal terms, of course). You don't pay the fine, they're in no position to be able to require any form of payment without a lawsuit.
After that, one can only hope they overlook your case and don't decide to act. There's a statutory period of limitations, three years, in which they can "reactivate" the case and decide to file a lawsuit if they so desire. Given the fact they sent out hundreds of letters a day, therefore generating hundreds of cases a day, it's not that bad. With every lawsuit there are costs and the law office can't pay for a hundred lawsuits a day, so they more or less cherry-pick where they think they've got the highest chance of winning, or whatever name sounds funniest, I don't know.
Today, it's not so easy for them anymore because now there's a court decision basically saying it's a shady business and the german legislation does not like it. I think they already found a way to circumvent this, so beware, Germans.
LZ1 reacted to altae in Airvpn software went down, got a warning ...
Yep, blacken everything personal and upload it please
@OP: You're probably upset because you got a (maybe) threatening letter from your ISP. What's more you probably chose to pay for a VPN service exactly for this reason. Learning that your protective measures have not worked like they should have is disappointing, I can understand your anger. Nonetheless I have to second what has already been said. Use network lock and you can avoid such difficulties. Network lock writes some rules into the firewall that block all traffic as soon as the VPN tunnel is disconnected. But it only works if you use the built in Windows firewall or iptables (under Linux). If you use a third party firewall you have to write your own rules. Your fault is not having read the faqs provided by AirVPN because these problems are very well documented.
@giganerd: It could not hurt to be a bit less harsh and a bit more polite, even under the anonymity of the www. It's totally understandable for someone to get upset if he/ she receives a warning letter from the ISP. No matter what the OPs fault might be, a forum is primarily to help each other out, not to condemn. I assume you're neither a judge nor the almighty himself so who are you to decide who deserves what? Sorry but I just had to express the feelings I had while reading your post.
Or like the French saying: C'est le ton qui fait la musique.
LZ1 reacted to rickjames in Reproducable crash when pressing windows key on arch linux ...
It's linux's way of rebelling over the fact that there's such a thing as a windows key.
LZ1 got a reaction from rickjames in Poor PIA ...
I wondered what you were talking about. I'm not sure if I'm more surprised their servers got seized or that they had real servers to begin with, lol. Where's the fake GeoIP & VPS stuff when you need it PIA? C'mon now...
Edit: By the way OP, did you mean to insinuate this being a feature of PIA? Considering the sub-forum of choice
LZ1 got a reaction from OmniNegro in EFF & FSF Support? ...
Hey the already AirVPN funded Tor Project just changed their board of directors and one thing was especially interesting in an AirVPN context:
The new board members also include three women, including Cindy Cohn, the executive director of the Electronic Frontier FoundationThe EFF !
LZ1 got a reaction from quindecim in Is anyone concerned about "Rule 41?" ...
Sadly not quite the whole truth.
Edward Snowden revealed the world-wide spying conducted by many Western countries There's many ways to side-step any such rules, whether constitutional or not The FBI and other similar institutions have proven time and again that they're willing to spy on anyone and everything The problem is manifold. For instance, how do you hold an organisation accountable for its actions, if its actions are kept secret? Ah, you just make it mandatory to get a warrant, right?
Well, the FISA court solved that problem for a lot of cases; it's a rubber-stamp closed-court system, wherein virtually all warrants are granted. Nothing is turned down.
How do you prevent legal-loophooles and "whoopsie" mistakes? For instance, if the NSA collects data on you, it could simply say it was an accident; but how
can you be sure the data is deleted? And then there's other loopholes; what do you think "cooperation" means in an intelligence context for instance? Sharing of information.
In other words, one of their favoured ways of bypassing local restrictions on data-collection, is to simply have an agency from a different country and thus outside the local jurisdiction,
do the collecting. Then the collected information is simply shared. Both agencies can then claim they didn't collect information on their own citizens, while also claming they're working together with others.
In short, you don't have to commit crimes to be spied on. In fact, it's a bit of a catch 22. Because if you don't do anythig to resist, you can be sure you'll be spied on. While if you do do somethingto resist,
such as using a VPN, you could just as well be flagged as suspicious and thereby warranting even more surveillance. This is the whole problem: mass-surveillance. You spy on everybody in order to make
sure nothing slips through the net, but in doing so, you end up compromising essential human rights and democratic liberties, which SHOULD be protected. It's a huge problem. So please, don't have
the false sense of security that you're protected because of laws X, Y and Z
LZ1 got a reaction from cm0s in Zero Days ...
zhang have you ever heard the joke: If you don't know your TLAs then you will be engaging in CLAs?
Aka, if you don't know your Three Letter Acronyms, you'll be engaging in Career Limiting Activities. Hahaha.
Thanks for the info zhang.
Thanks for the post OP - was a good doc.
LZ1 reacted to zhang888 in Zero Days ...
I did not quite understand the question. Can you please form it according to some basic format i.e.
1) The symptom / the issue, as it see on your side - 1/2 lines.
2) The way you would like to have it set - 2/3 lines.
3) Some steps you tried to get this done - 1/2 lines.
Regarding how ISPs can tunnel into your network bypassing your VPN, is for example the DOCSIS protocol,
the only one that is used for cable modems all over the world. In this way, when your modem boots up, it
sends and receives information from your ISP on the coax interface, allowing them to SNMP to the device
as well, and many ISPs have their CMTS (big cable routers) SNMP to the subscriber modems once in a while
and check the settings. Mostly for debugging though, I cannot say it is done for the purpose to invade privacy.
They mostly check the uptime of the modem services, the signal strength, the firmware version, and in case
something is wrong the first step is usually sending a firmware upgrade package and a reboot, then calling up
a cable technician to your home.
If you ever had a call from your ISP, telling that a technician has to arrive and fix your line, that is probably an
automatic alert your modem sent, again over the DOCSIS protocol to your cable provider.
ADSL has something similar and it is called TR-069.
What you have to do in order to avoid this, is using your ISP CPE as a modem only, and connecting a separate
router to your devices, while using your modems LAN as a separate router's WAN.
There is no way for you to reliably disable DHCP on devices you don't fully control, and in fact are not truly yours,
as I believe you have to return this device if you plan to switch your ISP, so it's their right to do so.
LZ1 reacted to T-BagOP in Only nine of the 29 Windows VPN clients that someone tested didn't leak ...
Yeah, was on PIA for a month; they were pretty shit. Only managed to reach 80Mb/s of my 200Mb/s connection and that is if I was lucky.
AirVPN I get AT LEAST 120Mb/s on any Dutch VPN, right now at 6am I hit 199Mb/s on UDP Port 80 on Alshat. Also PIA's killswitch is a joke, it never worked and my IP leaked several times.
LZ1 got a reaction from OmniNegro in Poor PIA ...
Well as it happens, there's so many loopholes. They don't, for instance, have to *collect* it themselves, if they merely let one of their "intelligence partners" - another country - do the hard work. Then they simply swap datasets and call it "cooperation". It's a nifty way of side-stepping the law. There's many others. Often "oversight", not so much law, is what is mentioned as the counter-balance to all this collection. However as has been proven, oversight is often lacking and even if and when it's not, it won't mean things won't go wrong. Edward Snowden for instance, tried to tell his superiors about how wrong all the collection of data really was and he was silenced in a variety of ways. So while I get what you mean about there being differences, I think those differences are only skin-deep.