Jump to content
Not connected, Your IP:


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by Clodo

  1. DNS lookups are currently not used in Eddie. Eddie downloads a manifest file with the list of servers, and contacts them directly with the entry-IP address in it. I don't understand why you need to download config files: Eddie already builds them internally, and the list is updated in realtime. What you mean with 'login requirement' ? Storing login & password with the remember option is (security) the same as having .ovpn files with the user keys inside. Thinking about that. Maybe it's useful, but it's difficult to create an UI for settings options like that. Eddie removes the current iptables rules and creates new rules when Network Lock is activated under Linux. Otherwise, by default, people connects to VPN and Eddie doesn't touch the original iptables. If this kind of options is inside the Network Lock feature, it can be implemented, otherwise it's difficult to understand priority (insert or append in current iptables rules). Can be advanced options. But you use the work "Temporally"... for example, if I set disable_ipv6 to 1 and then I restore it to 0, there are a lot of issues, like route loss. For this reason, ONLY in Eddie under Linux, if IPv6 is enabled, Eddie doesn't turn it off automatically, but asks the user to do it. It's possibile to implement any kind of tweaking, but it MUST be reversible (applied only during the connection or life of the app, restored at end).
  2. As explained by zhang888, if a feature can be a benefit for all users, it can be implemented in Eddie. Otherwise, supporting an enormous list of features that only a little percent of users will use (or understand) is not a recommended approach: it requires UI, docs, testing the support in any OS & versions, and is the road to bloatware. But if someone have a necessity, it MUST be possibile to do it. So, I think that the best approach is allowing this kind of feature requests by adding specific events linked to external script, or maybe think about a plugin-system in Eddie to allow people to implement feature extensions. When a community-script or extension reaches stability and people like it, it can be moved inside the official Eddie. I think this is the best way. But it requires collaboration.
  3. After building, run the project "Deploy" to generate .deb files (will be placed in /repository/ directory). Why you need to compile and rebuild? You have special needs (like patch) or error with standard AirVPN files ?
  4. You can specify also the login and password as command-line parameters. It's explained in the docs. It's strange that xml is recreated every time. What version you have? Any error about permission in the log? About autostart, search about running a linux command with nohup or & background, but depends if you run the UI or not.
  5. I think there is a lot of confusion in that article. Tor and VPN are different products. And it's not correct to list features where Tor can 'beat' VPN and overlook features where Tor loses the comparison: - Tor is TCP only - Port forwarding is not possible in Tor - Tor is not protocol agnostics: Torrent/P2P is not recommended. - VPN has good speed with P2P - VPN has good latency in games - Several Tor exit-nodes block so many ports and are so overcrowded that Tor usage is viable only for moderate web browsing and very few other protocols. It is assumed that VPN services are used for anonymity. There are also other reasons: - bypass throttling - bypass censorship - need of port forwarding or in general a public IP - wrap UDP in TCP (ISPs which block outgoing UDP are not so rare) True. But not AirVPN, that allows OpenVPN usage and has also an open-source client (Eddie). It's really Tor that avoid this kind of Data Collection Techniques? Or it's the firefox extensions in Tor Browser Bundle? This is by design, as a neutral VPN provider, AirVPN never alter customers traffic. Honestly I did not study the paper deeply. But, after a first quick reading, the targets are guesstimate websites requested (NOT viewing traffic data), and there are a lot of assumptions in the paper, like The attacker knows all the pages the victim is going to retrieve. Same as point 2. Same as point 2. I don't understand. A shot in the dark. This campaign shows how much NSA and intelligence agencies fears VPN services and how NSA is impotent against their ciphers. That's why NSA needed a campaign to steal directly keys. True, inevitable. The attacker needs the access to the VPN node, and can only sniff the running sessions traffic on that node. AirVPN servers are clean/plain, dedicated Linux Debian stable machine with OpenVPN daemon. There isn't any database of customers, any log (not even by the OS). True by design. Tor and VPN are different product. Remember, customers can run VPN and Tor -inside- the VPN, and gain advantage of both. True, multi-hopping in the same VPN provider can be useless, for this reason AirVPN doesn't support it (but you can do it easily for didactic purposes).
  6. I just tested a Win8.1 64 bit, with Windows auto-start, auto-connect, and activate Network Lock at startup. Everything works. Please: - Try to simply activate and deactivate Network lock, without connecting to VPN. You have an unexpected error E 2015.05.17 20:28:55 - Der Dienst MpsSvc auf dem Computer . kann nicht beendet werden. and we need to understand if it is always reproducible. - About problem 1, please try to connect, disconnect and give us complete logs. The logs in your ticket end after the connection, disconnection log entries are not there. - About problem 2, Eddie set automatically DNS settings only for IPv4. IPv6 is planned but currently not supported. I think if you disable IPv6, you won't have any DNS leak. - About problem 3, we can't reproduce it. Another strange error from your logs: W 2015.05.17 20:29:20 - Der Zugriff auf einen Socket war aufgrund der Zugriffsrechte des Sockets unzulässig You are sure that another running instance of the client doesn't exists? You wrote a guide about the CLI version some time ago. - About problem 4: maybe in a future version, thanks for your suggestion. Kind regards
  7. I have the same issue with OpenVPN Connect via iOS iPod. The issue is related to TCP: UDP profiles work correctly. Does anyone here use OpenVPN Connect in iOS with TCP profiles? Thanks for any feedback.
  8. It's the same issue here: https://airvpn.ch/topic/14244-openvpn-write-udpv4-operation-not-permitted-code1/ ? If yes, confirm in that topic. Thanks. I just tested this environment: Windows 7 64-bit, with a printer shared on the local network.OS X Yosemite, in the same local network. In Windows -> Eddie -> Settings -> Advanced -> Network Lock -> Allow private -> YesI can print a document in OS X using the printer attached to Windows 7 via local network. In Windows -> Eddie -> Settings -> Advanced -> Network Lock -> Allow private -> NoI cannot print a document in OS X. The document remains in the OS X print queue.The document is printed on the fly when I deactivate the Network Lock on Windows. We also use ShareMouse, a software that allows me to move cursor between physically different machines in the same local network.And, correctly, it works only with Netlock -> Allow private enabled. @tranquivox69Sorry if we don't reply to your request, the truth is that we are unable to reproduce the issue in our labs. Notes about your Inbound Rules:Any File and Printer Sharing and Network Discovery rule you use, are already covered by the generic AirVPN - In - AllowLocal and AirVPN - Out - AllowLocal rule. It's very strange that you resolve your issue by adding rules that don't change anything. We are currently testing if a Profile=Private will be better for our AllowLocal rules, but it is not related to your issue.
  9. I am doing some research about it. http://www.reddit.com/r/VPN/comments/32d94q/an_alternative_approach_to_socalled_webrtc_leaks/
  10. Interesting project. It seems that they don't have a list of hosts to block, their script mixes third parties lists.blocklists=( ## HIGHLY RECOMMENDED LISTS 'http://winhelp2002.mvps.org/hosts.zip' # anti-ad and anti-malware list (winhelp2002.mvps.org/hosts.htm) 'http://pgl.yoyo.org/as/serverlist.php?hostformat=hosts&mimetype=plaintext' # anti-ad (pgl.yoyo.org/adservers/) 'http://hosts-file.net/download/hosts.zip' # hpHosts main anti-ad and anti-malware (hosts-file.net/) 'http://www.malwaredomainlist.com/hostslist/hosts.txt' # anti-malware (www.malwaredomainlist.com/) 'http://hosts-file.net/ad_servers.asp' # anti-ads-only version of hpHosts main list (hosts-file.net) ## RECOMMENDED LISTS 'http://hosts-file.net/hphosts-partial.asp' # hpHosts inter-release (hosts-file.net/) 'http://hostsfile.org/Downloads/BadHosts.unx.zip' # anti-malware (hostsfile.org/hosts.html) 'http://hostsfile.mine.nu/Hosts.zip' # anti-ad (hostsfile.mine.nu) 'http://someonewhocares.org/hosts/hosts' # anti-ad and anti-malware (someonewhocares.org/hosts/) 'http://sysctl.org/cameleon/hosts' # anti-ad (sysctl.org/cameleon/) 'http://www.ismeh.com/HOSTS' # anti-ads for mobile devices ## OPTIONAL LISTS #'http://hosts-file.net/download/yahoo_servers.zip' # hpHosts for yahoo adservers (hosts-file.net/) #'http://abp.mozilla-hispano.org/nauscopio/hosts.zip' # supplemented version of someonewhocares.org list (https://nauscopio.wordpress.com/category/filtrado/) #'http://rlwpx.free.fr/WPFF/htrc.7z' # anti-trackers (very large) (rlwpx.free.fr/WPFF) #'http://rlwpx.free.fr/WPFF/hpub.7z' # anti-advertising (very large) (rlwpx.free.fr/WPFF) #'http://rlwpx.free.fr/WPFF/hrsk.7z' # anti-malware (very large) (rlwpx.free.fr/WPFF) #'http://rlwpx.free.fr/WPFF/hsex.7z' # anti-porn (very large) (rlwpx.free.fr/WPFF) #'http://rlwpx.free.fr/WPFF/hmis.7z' # miscellaneous sites to be blocked (rlwpx.free.fr/WPFF) ## LISTS WITH REDIRECTIONS. Enable redirects="1" to enable, and also uncomment #'http://rlwpx.free.fr/WPFF/hblc.7z' # redirections for phished sites (rlwpx.free.fr/WPFF) #'http://www.modyouri.com/adblock_hosts/hosts' # anti-ad and redirections; contains some badly formatted entries (http://modyouri.com/showthread.php?t=1) )
  11. Sorry, i can't test it, i can't install neither under VirtualBox or VmWare, kernel errors (seem this). Fails to open... please post a log.
  12. Clodo

    NFC Ring

    I don't know, sorry. Maybe have inventary problems about size and models. NFC ring works also with doorlock: http://www.samsungdigitallife.com/DeadboltType.php inviato dal tapacoso
  13. Clodo

    NFC Ring

    I order my ring three months ago, received some days ago. inviato dal tapacoso
  14. Clodo

    NFC Ring

    In a smartphone, the normal security about unlocking is very low: PINs have only few chars. Gesture provides low security as well. The problem is that people can't use a typable password: if the phone is locked and a call is incoming, user needs to digit the password to answer the call. An interesting solution I tested successfully: NFC Ring. http://nfcring.com/ Note that it requires a smartphone with NFC reader. The ring stores two NFC: in one of them I put a long password that I use to unlock my phone, just with a touch of the ring behind the phone. The other NFC tag can contain, for example, a bitcoin address. https://youtu.be/bqvQ0pZhEBY Enjoy!
  15. Very very interesting, thanks for sharing it. I split the discussion about UK blacklist in a separate topic, to leave this topic dedicated to your project. https://airvpn.org/topic/11456-uk-blacklist/
  16. Thanks for the info. Your DNS and don't reply from our server, probably can be queried only by TalkTalk customers. Doesn't matter, from your feedback no DNS block are applied by TalkTalk/UK. Maybe there are little differences between your manual HTTP request and the request done by Firefox. I found that: https://www.yuri.org.uk/~murble/talktalktpb/readme.txt A simple 'host' in lowercase don't trigger the rule... We can't do any further test from our side. The only thing maybe that you run a NeuMon probe. The probe will periodically do a DNS resolve and an HTTP request on websites that our service monitor (around 461188 domains). NO data are saved, result are stored in memory and sended in realtime to our service. We can't check all domains of the internet to obtain an exhaustive censorship list, our list contains top domains, domain blocked by other country, torrent/p2p websites, pornographic website. We want to be clear: our probe will do HTTP request also on pedo-pornographic websites. Read the link above for a FAQ. This simply because we don't have a 'category' in our lists. NeuMon site can mark as 'blocked' any http request from your probe that redirect to www.siteblocked.org. This allow us to obtain a list. That list will NOT be public, but our team may look it. And can be available to you, if you want to search some interesting/strange/wrong block. A quote from Wikipedia: Our project aim to do this scrutiny, or at least quantify the volume of censorship. Note: our probe need to run on a 'standard' ISP customers network. No VPN, no Google DNS, no custom /etc/hosts, not talking to a router that do this kind of thing. Normally we use a dedicated RPI connected to the ISP router. Feel free to add a post or contact me in PM if your are interested to run our probe. Thanks again for your info and pcap/wireshark dump.
  17. Some question, if you want to reply (here or via private message, as you like). - Your internet line type, your ISP, and your DNS (check our http://ipleak.net/ detection). - The UK blacklist is public? You know some sites in that blacklist, or where i can obtain an updated list? - Blacklist are only via DNS, or is also an IP block? - You know if different UK ISP use different lists or different censorship methods? If the block are via DNS, for a sample blacklisted domain: - You can give us a resolve details? 'dig sample.org' from Linux. - You see a banner/reason about the censorship? This will mean that redirection are on a specific IP (that i need to know) of a server that host the banner, not a generic block (here in Italy most blocked website are resolved to or simply not resolved). I'm interested in study/research the UK censorship. Maybe the DNS of your ISP can be queried from outside ISP customers (rare, but possible...). I can check it with a simple 'dig @ukdns.foo sampleblocked.foo', where ukdns.foo is one of your DNS IP that our http://ipleak.net detect. If i can query directly your ISP DNS, i can collect result direcly from our NeuMon servers, otherwise maybe you are interested to run our probe (GitHub link)? (we donate to you a RPI of course ).
  • Create New...