LZ1

Hello!
 
That is quite dramatic indeed. Did you try with SSL 443? Sometimes there's a good boost to be had, due to ISP shaping being absent.
 
Did you try Eddie>Preferences>Networking>Increase buffer sizes to 512kb? (256kb became the default a few releases ago)

Hello!
 
Did you experiment with different locations and protocol combinations? It's important to try connecting to locations outside your own country as well.

There's new betas released routinely. Betas end when Stable ones release and then it repeats. Look at the changelog. We don't know, but the next Beta release is coming quite soon. I don't know if they didn't answer you at all. Maybe they're busy; I don't know how long you waited. But they couldn't tell you anything more than a rough release date anyway.. Edit: Welcome to AirVPN by the way

LZ1 ok
right about now the funk soul brother

@prbtwl
 
Please see https://airvpn.org/topic/26209-how-to-manage-client-certificatekey-pairs : "in Eddie, you will need to log your account out and then in again to force Eddie to pick a different key (new or old)". Eddie 2.13.6 or higher is required.
 
Kind regards

The AirVPN Staff has resolved the issue.
 
Thank you very much! On a few more years with AirVPN!

Hello !
 
AirVPN is just legendary haha!
 

Hello and thank you for your patience!

We are working to solve the problem as soon as possible.
 
In the meantime, please simply disable the DNS check from inside Eddie. Select "AirVPN" > "Preferences" > "DNS" and untick "Check Air VPN DNS". Click "Save" and start a new connection. That's all. DNS check is a redundant option so you can keep it disabled safely while we work to fix the issue.
 
Side note: you are running an archaic Eddie version (2.11.15). Latest stable version is 2.13.6, you might like to upgrade.
 
Kind regards
 

Hello!
 
That post belongs in the beta thread, as you're using the beta client. But you mentioned it yourself in that thread already.
 
There's no solution yet - at least nothing by Staff. Likely because they're working on the next beta release as we speak and will address it during or after that release .

Hello!
 
Welcome to AirVPN!
 
We're associated with the question on these boards, so naturally we're susceptible to being biased and so I won't pretend to be impartial, but I'll try to be fair of course.
 
I took a browse through what I think to be their site and I think there's a world of difference:    
 
No native Linux client and apparently none other, which is FOSS(Free and Open Source Software). Instead, they rely on Network Manager and this is only on Ubuntu-derived systems it seems. Their product is segregated into basic and pro, instead of one-size-fits all.  Which means not all users get access to the same features. The personal one only supplies broken protocols, such as L2TP. They disallow the sharing of an account. So if you set up their product on a router and thus extended use of their product to other people's devices in your home, you would be breaching their ToS. They say you must use WiTopia "reasonably" in their ToS and say it's in their sole discretion to determine what that is. Otherwise they may suspend your account. Their product is subject to US export controls(!) and so you may not use it in certain countries such as Iran, Cuba, Sudan, Syria and others. Which is otherwise where human-rights activists need it most. They use Google Analytics on their website, while thinking that in their privacy policy, that an opt-out plugin is the solution for it, instead of just not using Google in the first place. They accept DMCA claims. It's seemingly not possible to setup their product on your own router, so you must buy one of their pre-configured routers. Which is an issue for many reasons, if this is accurate. "Full Support for openVPN SSL, L2TP/IPsec, Cisco IPsec, PPTP, and 4D Stealth™" I thought they were joking with 4D Stealth, but they repeat it on their purchasing page, so... Stating they're a "We’re a pure privacy and security service provider with nothing to compromise that standard." And yet they use Google. But also if not, that's a tall claim, which has little real meaning. Their client appears to use Google maps for its server lists. Their clients "Low Profile Mode" makes little sense to me: "For those of you who truly want to be off the grid. Low Profile Mode disables the client’s location detection features as well as updates. We don’t recommend this as it lessens the functionality and experience in our opinion, but we thought we’d provide the option just the same." They only offer AES-256 at certain locations. If you want the maximum out of their product, like access to the OpenVPN protocol, you must buy at least a 6 month subscription. While their "basic" lineup makes a monthly subscription lineup possible. There's only 2 payment methods. Credit Card or Paypal. No cryptocurrencies. They self-certify the EU-US safe-harbor agreement. Including in their privacy policy. But that agreement died in 2015 thanks to a lawsuit and the link on their checkout page is dead anyway. Even their link on their privacy policy page to their own certification is dead. SSL labs couldn't connect to witopia.net to make an assessment and the same is true for hpersonalvpn.com/ (the part of witopia which doesn't deal with secure email). Their latest reviews, which they show on their frontpage, are from 2011. While their newest testimonials are from 2008 and 2007(!). They don't support custom router configurations and it seems most would need to buy routers from witopia, for it to be fully supported.  In their comparison chart, the Encryption field is blank for the non-Pro subscription. So what does that mean, that there's no encryption for L2TP/PPTP/IPSEC? There's a clear attempt to upsell. Their client doesn't appear to be supply any kind of killswitch or similar additional security. As such, their only fix for WebRTC leaks was to tell users to install addons or change about:config. If their blog is any indication, they last deployed a server in 2013/2014. But they're using an image overlaid with their own logo, of serverracks belonging to none other than Facebook. They don't seem to do remote port-forwarding. They don't do free trials due to scammers and spammers that "that dirty up our network and IP address space"(?). So they ask you to trust them to honor their 30-day money back guarantee. No DNS micro-routing by the looks of it. No talk of support for IPv6 anywhere. No apparent live stats on their infrastructure, how its doing, how other users are performing or anything. Their "Quick Connect" client feature suggests the client knows your location and can't function if it doesn't(!). One can wonder if this location is then shared with 3rd parties. They also assume proximity = better connection. Mirroring the prior bullets point by point, Air by contrast:
Native Linux client and it's all FOSS. While using Air through Network Manager is possible, but not recommended. Air has no tiered usage. So all premium users get the same things and only OpenVPN is supported. Air is fine with account sharing I think. Certainly no limitation if done through a router. Air accepts any degree of usage, so you can download as much as you want. Only free trials may see a limit of some sort. Air is not subject to any controls. Certainly not US export controls. Air uses no 3rd party tracking on the site. Only internal analytics, using Piwik (Now Matomo). So both the analytics and support is on a closed-loop. Air rejects DMCA claims flat out. It's easily possible to use Air with a router. Indeed many do, with custom firewalling and other hardware too, to get the best performance. Air doesn't use words like "Stealth", because the only thing stealth features hide, is what they actually do. There's no need either, as there's SSL, SSH and Tor. Air tries to avoid overselling. Air doesn't use any Google maps in their client or similar notorious companies. Air has no "low-profile mode" because it's not needed. Network Lock does the job and well. Air uses the same high encryption across the board and the website is equally good too. All users get the same protocols and you can also buy a subscription which only lasts 3 days. Air supports many payment methods, including a whole host of cryptocurrencies. Including, recently, without any middle men. So it's possible to use Air completely anonymously if done right. Air is in Europe and therefore subscribes to a lot of European law already, with no need for anything export-related. Airs site gets A+ ratings on SSL labs. Air has recurring reviews in all sorts of places. If not from this year, then the last and without any affiliate marketing. As well as an active forum and announcement section. Air doesn't sell any hardware or email related stuff, but supports router configurations and many mobile ones too. Air has an entire page almost entirely dedicated to encryption alone. Air has Network Lock in its client, which helps as a killswitch on 3 different platforms and for that reason and others, Air didn't find the WebRTC debacle to be an issue. Air is really careful with where it sets up a server, announces new locations frequently and doesn't use images. Certainly not ones from the inside of a Facebook datacenter . Air has remote port-forwarding. Which helps with many applications - not least torrenting, which Air supports fully. Air has free trials. Especially on the basis of human rights-related activity. Air has micro-routing, which is useful for getting access to different online content, regardless of location. So unlike Witopia, you don't need to connect to UK to access UK content. Full IPv6 being implemented. Pretty much as open as can be, on infrastructure, with information on every server and its performance. Airs Eddie client doesn't need to know your location (and doesn't) to connect to somewhere automatically, as it simply calculates the best route based on different metrics each time. Actual performance, customer service quality and general trustworthiness I can't really say anything about. I've made the comparisons I care to make, that one can see from a website. There's always lots of technical details one could compare too, such as if there's entry and exit IPs, if Perfect Forward Secrecy is supported, key sizes, cipher suites, APIs and so on. But it's meaningless to most people.
 
Some drawbacks for Air is the lack of an Air client on mobile, despite of course being able to use other clients, but Staff seem to be playing with the idea of releasing one sometime in the future. Other drawbacks could include only supporting one protocol and not supplying the famed 24/7 support. Being too technical has also been a criticism; which I then tried to help, by making the guide you can see in my signature. I can't think of much else that Air is really missing.
 
I also want to point out:
 
Faster support doesn't necessarily mean it's better. The techs you get in contact with aren't necessarily that knowledgeable. Being able to connect to more locations, doesn't necessarily mean all those locations are real, bare-metal ones. I actually doubt they are,for Witopia. (How can they not be allowed to export to Iran/Syria etc. but have Russian servers?) The privacy policies between the two pretty much couldn't be more different. Here's Witopia's and here's Airs. One is general. The other is specific.  
But since you're still with Witopia, could you ask their support what their 4D Stealth technology is all about? It would be interesting if they supply any details.

Hello!
 
This is Airs policy regarding placement.
 
So it's therefore not based on how many users there are. But German servers are not full and it's misleading to say so. As of now, not 1 has reached even 50% load.
 
But I completely agree that we should consider naming it Germoney on April 1st or something.
 
Welcome.
 
Please:
Don't write in full caps. Please supply logs, in your own thread, instead of hijacking this one. If you don't know how or where, then do refer to the link in my signature, thank you. Wild guess: You're using Eddie, so go to Eddie's Menu>Preferences>DNS>Uncheck "Check Air DNS" and Preferences>Advanced>Uncheck "Check if Air tunnel works". Hit save. Re-connect. If you want official Air support, this is where to get it.

Hello!
 
If you trust the comments, it's not a particularly good thing. To me it seems hyped. Somewhere along the line, it's probably also trying to capitalize on the recent data breaches/scandals.

Solved (well the networking side) this myself, posted here in case it helps other people or you land here from a search.
 
1) Grab the port number(s) you want and a ddns name so you can access it by name not IP (also if you change vpn server) let's say 12345 and mycamera1
 
2) Your camera has an internal IP of 192.168.1.50 and listens on port 80
 
3) On Tomato, VPN is tun11, check this is enabled for forwarding by running this command, it should return 1:
 
cat /proc/sys/net/ipv4/conf/tun11/forwarding if not you need to enable by typing
 
echo '1' | sudo tee /proc/sys/net/ipv4/conf/tun11/forwarding  
4) Put these in your routers Settings/Administration/Scripts/Firewall (first one was already there, is a killswitch)
 
iptables -I FORWARD -i br0 -o `nvram get wan_iface` -j DROP iptables -I FORWARD -i tun11 -p udp -d 192.168.1.50 --dport 80 -j ACCEPT iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.50 --dport 80 -j ACCEPT iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 12345 -j DNAT --to-destination 192.168.1.50:80 iptables -t nat -I PREROUTING -i tun11 -p udp --dport 12345 -j DNAT --to-destination 192.168.1.50:80 You can now acess it from a browser here
 
http://mycamera1.airdns.org:12345
 
If you have more than one camera, then you just grab extra port numbers (12346, 12347, ...) and ddns (mycamera2, mycamera3, .. ) and forward to each internal I.P. (192.168.1.51, 192.168.1.52, .. ) all can listen on port 80.
 
Enjoy!

Confirmed bug. Eddie have some issue on network \\ path. Copy to local disk, or map the network path on a disk letter, or wait a new release that fix this issue.
Thanks for the report.

Hello!
 
There's a Staff answer on the same issue here.
 
And something related here.

Hello!
 
I don't know which article you read, but it sounds a lot like a recent FUD article that Staff/Paolo recently rebutted.
 
 
Air changes your IP, so Google sees things coming from an Air IP, not yours. So in those terms, you're hidden. It's not really important that Google can see what is being done on their own products, but whether you can be uniquely identified or not. Which you can be to an extent, if you don't take the precautions you mentioned - including other ones, such as using some quality addons which block all manner of ads, trackers, scripts and whatnot.
 
FYI, there's no WebRTC leak if you use Network Lock. It was quite a hyped problem, but mainly affected Airs competitors, but not Air itself.
 
 
I assume you mean your ISP. In which case it's correct that Air hides what you're doing, from your ISP. Especially so, as Air also supplies their own DNS, so that your queries aren't being sent to your ISP DNS. But the ISP can still see that you're using a product like Air, unless you take additional steps such as using a second VPN or protocols like SSH and SSL, which Eddie supplies.
 
But you know, there's a fairly straightforward answer if this bothers you: don't use Google . There's many other search engines you could use instead.
 
Besides all that, there's plenty other things you could do.

See the second half of this post:
 
https://airvpn.org/topic/14158-question-run-airvpn-as-non-primary-network-adapter/?p=27398
 
 I find this to be much less effort than using namespaces/cgroups or container software built on these. Overkill.
 
You could do without the "redirect-gateway", "route ..." and "...buf .." stuff. In fact if you want to have two connections you should drop that stuff. So long as the addresses that are used on each interface are different, there should be no conflict since each interface has its own routing table. So just this:

script-security 2 up ./common/up.sh route-nopullAnd you could use "--config ..." on the command command-line (you can have a second one) to do the include for the extra commands, if you do not want to edit the files from AirVPN. 
You have to bind each program that is to use a VPN connection to the address of the VPN interface. The script to start the program could retrieve the address from the output of "ip rule list table 10001".
 
EDIT:
 
You mentioned "custom routing" in your OP. If you mean that you intend to add routes so that an interface is chosen based on destination, this can be very hard to make work if the destination has multiple addresses and varies its DNS response depending on circumstances, such as for a content provider like Netflix.
 
Firefox does not allow you to bind to an interface. But you can install SQUID (an HTTP proxy) which will let you bind to an interface, and even specify what DNS to use. Then set up a separate Firefox profile that uses SQUID.

Old thread, but still relevant.  I'd like to add something in case anyone in future finds it helpful.  
 
If you are on Windows 10, have tried all of the above, have bound your connection in qbittorrent to the AirVPN connection, but are still unconnectable to your tracker/canyouseeme, and the TCP Test in AirVPN Client Area is not green, you have 1 more step to take
 
Open the Windows Defender Security Area  Select "Firewall & Network Protection" Select "Allow an app through the firewall" Select "qbittorrent" Select "Change Settings" and make sure both Private and PUBLIC are selected (by default, the AirVPN network is created as a Public Network)  
Run your tests again, all should work 

Hello!
 
I don't know which article you read, but it sounds a lot like a recent FUD article that Staff/Paolo recently rebutted.
 
 
Air changes your IP, so Google sees things coming from an Air IP, not yours. So in those terms, you're hidden. It's not really important that Google can see what is being done on their own products, but whether you can be uniquely identified or not. Which you can be to an extent, if you don't take the precautions you mentioned - including other ones, such as using some quality addons which block all manner of ads, trackers, scripts and whatnot.
 
FYI, there's no WebRTC leak if you use Network Lock. It was quite a hyped problem, but mainly affected Airs competitors, but not Air itself.
 
 
I assume you mean your ISP. In which case it's correct that Air hides what you're doing, from your ISP. Especially so, as Air also supplies their own DNS, so that your queries aren't being sent to your ISP DNS. But the ISP can still see that you're using a product like Air, unless you take additional steps such as using a second VPN or protocols like SSH and SSL, which Eddie supplies.
 
But you know, there's a fairly straightforward answer if this bothers you: don't use Google . There's many other search engines you could use instead.
 
Besides all that, there's plenty other things you could do.

It's quite possible they're throttling. It's possible to tweak traffic shaping to only happen in certain conditions; hence one possible reason why you initially had good regular speeds, but then had issues with torrenting. It's bad practice, but some ISPs do it. Here's some supporting information on SSL and SSH as well, if you're technically inclined. I'm glad it worked anyway - enjoy yourself & welcome to AirVPN  !

Hello!
 
We will put this issue on the table of the lead Eddie programmer with high priority. At the moment there are no hotkeys to select the buttons you mentioned and we will seek for a solution that can be quickly implemented, if possible even in the next release which is imminent.
 
Kind regards

Thank you.
 
When I downloaded the Beta client 2.14.2 on Windows 8, I also started getting this error:
 
 
What worked was turning off Network Lock and reconnecting. I couldn't find any other solution to it. You may want to post in the Beta client thread about that error, so it gets addressed.
 
Update: Go to your device manager, find the TAP adapter and click uninstall. Including any drivers when the prompt shows a tickbox. Then, while Network Lock is enabled, connect to a location. Then Eddie will install the tunnel driver for you . Works for me.
 
I was getting this too. Please go to Control Panel>Network & Internet>Network & Sharing Center>Change Adapter Settings>TAP Adapter Properties>Configure>Advanced>Media Status>Set to Always Connected>Click OK. If there's then further issues with this, a quick fix is to disable and re-enable the TAP adapter.
 
You may be able to remedy this by going to Eddies menu>Preferences>Advanced>Microsoft Only>Disable IPv6 at OS level.
 
By the way @Staff if you're reading, do you think it would be good to install TAP utilities by default in the future?
At one point the logs stated that we "Should be able to go to Start>All Programs>Utilities>TAP Windows>Add new TAP adapter" and do stuff. But for me at least, it wasn't possible to find any "Utilities" or TAP stuff in Windows, until I went into Eddie's download folder and installed "TAP utilities" during the installation process. After that, Windows immediately found TAP-related stuff.

Hello!
 
The fix is to not use ad-infested "shareware freemium junk" as a wise man once said, but only FOSS software. So please consider switching to something such as qBittorent.
 
Guides on configuring it can likewise be found in the link in my signature.

Thank you for the detailed response. Yes that's asymmetric. Did you try changing the protocols?
 
Remember to re-connect to a location, after making a protocol change, for it to take effect.
 
Also, is this a wired or wireless connection?

Staff did mention making the auto-selection more intelligent in the future, but I can't find the post for you at this moment sorry.  Otherwise there's the usual FAQ on how Eddie selects. I don't think setting the scoring rule to speed makes any difference, as that's only for how things are ordered in the list.