Jump to content
Not connected, Your IP: 3.236.204.251

Staff

Staff
  • Content Count

    8553
  • Joined

    ...
  • Last visited

    ...
  • Days Won

    1219

Posts posted by Staff


  1. Hello!

    We inform you that in the next days server Pisces will change IP addresses. We are upgrading server hardware and in this case IP address change is necessary. Server name, datacenter provider and transit provider will not change.

    If you run Eddie, the change will be automatically acknowledged. If you use some OpenVPN profile pointing specifically to Pisces, you will need to re-generate it when the switch occurs.

    Kind regards & datalove
    AirVPN Staff
     


  2. @Jamertol
     
    Quote

    I understand that if the other device has the port closed in theory it should be protected, but it does open an avenue of attack in case the other device has a bug or is badly configured.

    
    Hello!

    If a port does not exist there's physically no way to have some host process reached via that port (it seems you don't know what a port is, check it out). It's not a matter of bugs, it's a physical limitation in the code as the host lacks the information to process and assign the packet to any process.
     
    Quote

    it would be good if we could have the option to asign a port to a session, even if the default remains for the open ports to be for all sessions as it is now. I do not see how it would hurt to add the option to asign a port to a session for the ones who are interested.


    That's possible. Can you (or somebody else) make an example showing that the option would be useful and not an over-complication? We can't think of any, but If the reason is good, we can seriously think about adding the option(s).

    Kind regards
     

  3. @Jamertol

    Hello!

    "VPN Lock" option, which is enabled by default, may be the cause of what you report. It's aimed to preventing traffic leaks outside the VPN tunnel when an unrecoverable connection error occurs. If Eddie allowed automatic re-connection it would also allow potential traffic leaks. You can disable "VPN Lock" in "Settings" and have Eddie re-connect automatically with no human intervention. Note that traffic leaks become possible.

    The exclusive "VPN Lock" feature is very important in Android 8 and older versions. With any other OpenVPN based application you routinely have traffic leaks. We prefer to offer Eddie Android edition with traffic leaks prevention enabled by default at the moment.

    In Android 9 and 10 you can prevent traffic leaks through system settings. When traffic leaks are prevented by the system, "VPN Lock" option becomes useless and even uncomfortable for the reason you mention. Once you have enabled traffic leaks prevention in system settings, you can disable "VPN Lock" option safely and have Eddie re-connect automatically (no user's action is required) with no traffic leaks at all.

    Kind regards
     

  4. @giganerd

    You often have a price per star. We don't know about a price per mouse/tree or whatever :D With them, we have had absolutely no request (otherwise you would not have seen the review, as you know we don't pay for bogus reviews). The journalist even contacted us to inquire and clarify various points, some weeks ago.

     
    Quote


    "I asked AirVPN about this and the response was that an email address  wasn’t required; however, when I entered a nonsense addresses into the  email address entry box I was denied an account several times. It was  only when I used a legitimate email address that I got an account. In  practical terms an email address is required despite what the privacy  policy says."


    This is a problem of ours which we need to face. You CAN enter a non-existent e-mail address, but you can NOT enter nothing. You can not even enter a bogus address if you don't include a "@" and a dot in the chars after the @. So noneofyourbusiness@mindyourbusiness is not accepted, but nonefoyourbusiness@mind.yourownbusiness is.

    So, the conclusion of the journalist is trivially wrong in this case, but we were complicit to make him reach the wrong conclusion, our bad.

    Kind regards
     

  5. @curhen57

    Just a quick preamble to make you notice that Italy is not one of the "Five Eyes countries". However it is one of the Fourteen Eyes country.

    It's not very relevant when servers are not based in Italy (but, like any other VPN service, we do operate or own servers even in the USA, the apparent champions of illegal wiretapping!). Remember that, no matter how powerful an entity is, it can't get data that we don't have. So do not enter personal data in your VPN account, pay with anonymous methods (we accept Monero too and without intermediaries!) and so on and so forth.

    We guess we are the only VPN service in the world that accepts many different cryptocurrencies without intermediaries. An intermediary can crumble all the privacy and anonymity layer of a cryptocurrency transaction nowadays: most cc payment processors now collect your data and many do not even allow transactions if you don't send them an ID document etc.

    The majority of Tor nodes are in the Fourteen Eyes countries too. We have written a lot on how to defeat a powerful adversary (in short: jump to Tor not from your node, but from a VPN server located in a country different than the one you are living in), but of course if you are a specific target the easy way for the powerful adversary is breaking your own system, so that any encryption and all that jazz become irrelevant. It's hilarious (or maybe sad) that a lot of people worry about intelligence data exchange and co-operation while they use routinely and with peace of mind Windows, Mac, Android, iOS or some archaic Linux distribution! :D

    About NordVPN mining personal data, we were aware that they implemented several trackers usage in their Android application which collected personal information and sent it out to third parties without your consent in the past, are you aware of anything else about data mining issue with them?

     
    Quote

    what makes AirVPN safer for users from government spying in spite of it being based in a Five Eyes member country?


    AirVPN is the oldest VPN around (between the mainstream ones) operating since 2010 (and at least an AirVPN founder had experience with VPN and Tor since late 90ies).

    During these 10 years, can you mention about AirVPN a single case of identity disclosure imputable to AirVPN logging or storing personal information? There are cases for various "no logging" VPNs around, but we challenge you to find one about AirVPN. About local data mining (enforced by many VPN software, unfortunately, what a shame) can you find any line of code in our software (it's open source, so anyone can check), now or in the past, aimed at sending personal information to ourselves or any third party?

    Kind regards

     

  6. @curhen57

    Hello!

    Combining Tor over OpenVPN provides you with remarkable benefits. Some examples:
    • you tunnel efficiently UDP, which Tor alone can't handle
    • you tunnel at least over the VPN any system process with high privileges binding without your knowledge
    • you hide your Tor traffic to your ISP and government (really relevant but only in some countries)
    • you exit from the VPN server to enter a Tor circuit (Tor circuits are re-built normally, the fixed circuit problem is relevant in OpenVPN over Tor)
    • you can split traffic to balance load, aggregate bandwidth etc.
    • you can use protocols which are not welcome, not recommended, not usable or too sluggish on Tor network (one example on the next point)
    • you can use BitTorrent (and any other software which behaves similarly or relies on STUN) without risking your real IP address is revealed, as it may happen (and it happened) with Tor alone https://blog.torproject.org/bittorrent-over-tor-isnt-good-idea?page=0
    Quote

    using a VPN with Tor would basically help third parties correlate your browsing traffic to your VPN's IP address.


    This is false with Tor over OpenVPN for very obvious reasons (speaking of which, if it was true then the correlation would be absolutely identical and successful with your ISP IP address!).

    With OpenVPN over Tor of course you have a fixed circuit because Tor does not change circuit for the same TCP stream and that's an issue to seriously consider. Therefore OpenVPN over Tor may be a starting point to use Tor over itself and establish "dynamic" circuits (a new one for each stream) over a VPN tunnel over a fixed Tor circuit. In this way you have all the advantages given by Tor while our VPN servers do not come to know neither your real IP address nor your real traffic origin and destination (the price to pay is another performance hit). Anyway use it only if you understand perfectly what you are doing, otherwise rely on Tor over OpenVPN and forget about OpenVPN over Tor.
     
    Quote

    There are other interesting points that bear discussion such as web traffic being decrypted once leaving a VPN server (Is even AirVPN lying about encrypting our web traffic?) and such.


    That's the most astonishing thing since sliced bread. 😱 Anyway it is exactly what would happen after a Tor exit node, or after your ISP nearest DSLAM, just to say, if you hadn't end-to-end encryption. The external, first encryption layer of Tor or OpenVPN or your router MUST be wiped out, otherwise how would the final recipient understand your data? By the way HTTP is disappearing so it does not apply much to web traffic. We think that nowadays lack of end-to-end encryption should not be tolerated, and actually we see important steps toward that.

    That said, we strongly support Tor (during 2018 and 2019, more than 2.5% of the global worldwide Tor traffic transited through exit-nodes financed by us) and we recommend to use it with and without VPN. Tor network access remains totally free for anyone especially thanks to those people who run at their expenses (money, time, legal issues) Tor exit nodes, just like AirVPN staff does.


    Kind regards

  7. @Flx

    No reboots have been recorded and no daemons have been restarted. However some Amanah servers have suffered a line blackout at ~ 3.30 AM (UTC) for several minutes. We also see that the problem was sorted out just before 4 AM.

    During the blackout they could not communicate at all. It might be the problem you mention. Check the real time server monitor and when you mention time remember to specify time zone. No communications from Amanah so far.

    Kind regards
     

  8. Hello!

    Eddie's guides have been moved to the FAQ answers which in turn point here:
    https://eddie.website

    FAQ section is linked in the web site top menu and in the welcome e-mail (but of course it's not mandatory to enter a valid e-mail address, so if you did not you have not received the welcome e-mail).

    Another guide which you might find useful is the one linked in our welcome e-mail. It's the first, pinned guide in the How-To section:
    https://airvpn.org/forums/topic/18339-guide-to-getting-started-links-for-advanced-users/

    1. The welcome e-mail and the guide both stress the purpose and the importance of Network Lock. In general yes, we would recommend to activate Network Lock, but actually some special cases may require its de-activation, or its partial activation. About servers selection, that's up to you. If you leave the choice to Eddie, it will do its best to pick a good server. for your node, according to the rule you will find in above documentation. As usual, a human choice can be more fine tuned.

    2. It should do so when you minimize the window, except in desktop environments where system tray and tray icons are not supported. What is your system?

    3. In all systems except Windows sockets are reset when the default gateway changes. In Windows, which is insecure by design, you should take care to start applications after you have established a VPN connection, unless you run Eddie with Network Lock enabled, which will block any possible traffic leak outside the tunnel.

    4. If Network Lock is enabled, you will know immediately. :) Otherwise a manual check is required, by browsing on https://airvpn.org home page for example.

    Kind regards

     


  9. Hello!

    Probably the least difficult solution is using a Virtual Machine. Connect the host to a VPN server over Tor (OpenVPN over Tor). Then run a VM and attach the VM to the host via NAT (very important to achieve your purpose). Connect the VM to a different VPN server. Use your VM only to connect to the final services on the Internet.

    Traffic from the VM will be tunneled over OpenVPN over Tor over OpenVPN. The final services will not see a Tor exit-node IP address (instead they will see VPN server exit-IP address), while your ISP will not see that you connect to a VPN or that you run OpenVPN, it will see that you're using Tor.

    Things to consider carefully:

    • if VPN traffic is "problematic" for your ISP or country, probably Tor traffic will be even more "problematic"
    • performance will be hit seriously

    Kind regards
     

  10. 4 hours ago, rubenluger said:

    pluzz.france.tv doesn't seem to work anymore. any chance of fixing that?

    Cheers, and thanks for a great service!


    Hello and thank you!

    Can you please check the URL? The FQDN does not exist at the moment.
    https://isitup.org/pluzz.france.tv

    $ drill @8.8.8.8 pluzz.france.tv
    ;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 23313
    ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; pluzz.france.tv.     IN      A

    ;; ANSWER SECTION:

    ;; AUTHORITY SECTION:
    france.tv.      1799    IN      SOA     a3-66.akam.net. hostmaster.akamai.com. 1560960371 43200 7200 604800 7200

    ;; ADDITIONAL SECTION:

    ;; Query time: 60 msec
    ;; SERVER: 8.8.8.8
    ;; WHEN: Tue Sep  1 14:25:13 2020
    ;; MSG SIZE  rcvd: 104

    Kind regards
     

  11. @giganerd

    Yes, NL servers in Alblasserdam (i.e all of them) are connected to AMS-IX with 40 Gbit/s. The IANA database (for the readers: this is the only database that counts because https://en.wikipedia.org/wiki/Internet_Assigned_Numbers_Authority) is also correct, entries of NL servers IP addresses show the Netherlands, without changes since 2016 (so there is apparently no explanation for such gross errors in poorly maintained databases? puzzling). If you find errors in whois please warn us.

    Example:

    $ whois 109.202.107.14
    % IANA WHOIS server
    % for more information on IANA, visit http://www.iana.org
    % This query returned 1 object

    refer:        whois.ripe.net

    inetnum:      109.0.0.0 - 109.255.255.255
    organisation: RIPE NCC
    status:       ALLOCATED

    whois:        whois.ripe.net

    changed:      2009-01
    source:       IANA

    # whois.ripe.net

    inetnum:        109.202.104.0 - 109.202.107.255
    netname:        GLOBALLAYER
    descr:          Global Layer network
    country:        NL
    admin-c:        GL6540-RIPE
    tech-c:         GL6540-RIPE
    remarks:        INFRA-AW
    status:         ASSIGNED PA
    mnt-by:         GLOBALLAYER
    created:        2013-04-08T16:29:12Z
    last-modified:  2016-03-29T20:47:41Z
    source:         RIPE

    person:         Global Layer
    address:        Postbus 190
    address:        2950AD Alblasserdam
    address:        Netherlands
    phone:          +31 78 20 20 228
    nic-hdl:        GL6540-RIPE
    mnt-by:         GLOBALLAYER
    created:        2011-08-04T20:36:25Z
    last-modified:  2017-10-30T22:14:45Z
    source:         RIPE

    % Information related to '109.202.107.0/24AS49453'

    route:          109.202.107.0/24
    descr:          Global Layer network
    origin:         AS49453
    mnt-by:         GLOBALLAYER
    created:        2016-03-17T11:39:02Z
    last-modified:  2016-03-17T11:39:02Z
    source:         RIPE

    % This query was served by the RIPE Database Query Service version 1.97.2 (HEREFORD)

    Kind regards
     

  12. 14 hours ago, iwih2gk said:
    Staff,
    I wanted to thank you and the other Admins here that foster an atmosphere where members come in and help each other when those learning new skills need help.  This is why I know I speak for many members ------- we will NEVER leave Airvpn.  Great place to learn and keep yourself safe online.

    Thank you!

    As a small addition to your kind words, for you and all the readers interested in practical examples to set up permanent Network Lock rules with nft and MUCH more, you can:
    Kind regards
     

  13. @kaassouffle

    Hello!

    Eddie 2.18.9 does not run in Mojave, because of Apple notarization, we're sorry, Your alternative is good (Eddie 2.16.3 is not notarized), or you may consider even Eddie 2.19.4 beta (which runs just fine in Mojave).

    We provide Eddie 2.19.4 in two builds: one for Catalina, and one for Mavericks, Yosemite, El Capitan, Sierra, High Sierra and Mojave.

    Please see the Mac download page and click the button just below "If you run older than macOS Catalina systems, please download latest Eddie 2.19 beta version" - then download and install as usual.

    Kind regards

     

×
×
  • Create New...