Staff

Hello! We're very glad to inform that full IPv6 support is being deployed to our VPN servers. The experimental phase ended during the first half of June and we can now reliably deploy IPv6 to any other VPN server, provided that it is in a datacenter with IPv6 infrastructure of course. This thread will be periodically updated to provide the list of VPN servers new generation setup (internally, we call this new setup "Gen 2"). FINAL UPDATE: as of September the 14th 2018, all AirVPN servers have been upgraded to 2nd generation software. New smart features: Standard protocols/ports with IPv6 support (*), updated OpenVPN server, better cipher negotiation. You can keep using AirVPN as usual, even if you have an old OpenVPN version, on entry-IP addresses 1 and 2 of each server.Additional protocols/ports with IPv6 support (*), updated OpenVPN server, better cipher negotiation, 'tls-crypt' support (*), TLS 1.2 (*) forced on entry-IP addresses 3 and 4 of Gen 2 servers. The additional protocols/ports mentioned in this paragraph require OpenVPN 2.4 or higher versions(*) OpenVPN 2.4 or higher version is required. tls-crypt plays a role even against ISPs that throttle or block OpenVPN. Something more about tls-crypt can be found here: https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage Search for "--tls-crypt keyfile" Planning the future: internal load balancing between multiple OpenVPN daemons. This is a feature which will let OpenVPN squeeze the maximum bandwidth on each server, because OpenVPN runs in a single thread of a single core. By balancing the load on multiple OpenVPN daemons with a reliable algorithm, we overcome significantly this OpenVPN limitation. Such bandwidth would be mostly wasted without our load balancing method simply because there are no CPUs capable to process 10 Gbit/s AES-256 encryption/decryption on multiple flows to/from multiple channels (according to our empirical tests on the field, the load does not grow linearly with the growth of connected OpenVPN clients) with just one one core. Our solution is important because it's a founding prerequisite toward servers connected to 10 Gbit/s lines, even if OpenVPN multicore / multi-threading support should not become available in the near future, not to mention that it can be useful even in different environments. The internal load balancing is already active on all "Gen 2" servers. Kind regards and datalove AirVPN Staff

Ok! We'll see to do something. Kind regards

Hello! A quick way to discover IPv6 supporting servers through the Configuration Generator is just selecting "Advanced Mode" and then "Connect with IPv6". Kind regards

Hello! True. Probably the market pressure is still too low for IPv6 thorough depletion. For example, we have had (and we still have) several technical issues and blackouts with IPv6 for our tests from Italy, and our IPv6 monitoring system still detects random and frequent IPv6 blackouts in many servers in various datacenters, for example in Canada, the United Stated and the Netherlands. Things might change as the IPv4 addresses shortage will hurt more and more, and maybe when some services will be reachable only on IPv6, but we have no idea when this will happen. At the moment, it's plausible that for an average Internet user (and even for many advanced users) IPv4 is sufficient for any purpose. Our care and urgency to provide full IPv6 support is based on the need to remain the most advanced VPN service and therefore satisfy the requirements of an important niche of customers who have only IPv6 access (IPv4 available only over IPv6). For them, using a VPN based on IPv4 only is not safe, or it's even impossible on some systems. Kind regards

Hello! We are very near. Now servers supporting IPv6 and tls-crypt are twelve and no specific problems are detected. We call such servers "Generation 2" servers, and you can see them in Eddie or in the Configuration Generator by selecting the proper options. When Eddie 2.14.x reaches the stable release, we will allow some more time to get out of the experimental phase and upgrade (gradually, because it requires disconnection of all clients) every server to Generation 2. Only a tiny amount of servers (less than 7-8) will not support IPv6 because the datacenter does not have an IPv6 infrastructure. They will support anyway tls-crypt Kind regards I'm curious - how can a datacenter of all places not have an infrastructure for a protocol that's been around for 20 years now? Are you able to list such servers or at least name and shame the providers? Maybe it's a sign of a larger problem but I'd have thought IPv6 is essential now IPv4 is depleted... Is it even fair to call it a 'datacenter' if it can't route packets on what is the most essential fundamental layer of networking? Hello! The servers which are in a datacenter without IPv6 infrastructure are Baiten, Porrima and Scheat (Lithuania) and Kitalpha (Switzerland). The company operating the Kitalpha datacenter wrote to us that IPv6 support is planned in a not too distant future. Kind regards

Yes, that's because all of our *.vpn.airdns.org names rpertaining to zones (countries or continents) have their records updated every 5 minutes to resolve into the entry-IP address of the best rated VPN server in that zone. However please consider that TTL is 1 hour. remote-random enters into play when you have multiple remote entries, which is another option you might consider. Kind regards

Hello! We can gladly confirm that according to the first reports tls-crypt (only on TCP) works in China and it is faster than OpenVPN over SSL. tls-crypt with UDP also works in some networks and this is the maximum OpenVPN performance. In some other networks tls-crypt with OpenVPN in UDP does not work but not because of tls-crypt in itself, but because UDP is unconditionally blocked. Kind regards

We're sorry, no, we don't understand it. Why not, this is perfectly possible and you can keep as many accounts as you wish. Kind regards

We thank you very much for your links and interpretations. Our policy in general does not change, not even for UK. Kind regards

Hello! In the last examples "remote-random" is redundant. remote-random does not make sense when you use a single "remote" directive. Just for information. Check the manual here: https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage Search for "--remote-random": --remote-random When multiple --remote address/ports are specified, or if connection profiles are being used, initially randomize the order of the list as a kind of basic load-balancing measure. Kind regards

The lack of existence of any court proceeding trying to force Air to disclose something is just another strong clue that this "something" does not exist. We challenge you to find anything in court or not which proves that Air keeps any log, in spite of the fact that Air is much older than PIA and provides technical tools which are just science fiction in PIA infrastructure. Did you know that indiscriminate data retention of users traffic (metadata included) has been judged as an infringements of human rights by the European Union Court of Justice twice, while in the USA, where PIA operates, data retention is not mandatory and not forbidden? The matter deserves many more considerations, because it must be clear that data retention is contrary to the interests of AirVPN, even under a cynical, purely marketing based, point of view. Please read carefully here when you have time: https://airvpn.org/topic/26206-rebuttal-of-article-dont-use-vpn-services/ Kind regards

No, that's not true, so the whole argument falls. No, it's not correct, but at the end of the day you could anyway think of something very convoluted to tell the world that you are an AirVPN customer, and we can't do anything about that. Not that we can do anything even if you do so in a very direct way. Kind regards

Most servers still don't support IPV6 nor tls-crypt. There are only twelve "generation two" servers out of 219 servers that currently support them. That's only 5.47% of the total AirVPN network It will probably take months before the full network updates unless @staff proves me wrong. Hello! The final step of the upgrade in itself is not very time consuming, see the previous message to NaDre, however what we can't foresee is whether unexpected problems will come out now that Gen 2 servers will be massively used, and if they do (of course we are confident they will not), how much time we would need to resolve them. Kind regards

Hello! Exactly. As you may have read in the announcement of the IPv6 experimental phase, such phase could not be closed before the release of some stable release of Eddie 2.14. Now that we have a stable Eddie which fully supports IPv6, the 12 servers will provide us with a massive amount of connections and therefore we will receive meaningful feedbacks is something goes wrong. If nothing goes wrong then the migration will continue as programmed and most of our infrastructure will support IPv6 (not all, because we still have 2 datacenters that do not support IPv6). Note that all servers are already "gen 2" ready (meaning that they have both full IPv6 support from the datacenter AND enough IPv4 addresses to support all the different, new connection modes regardless of IPv6), so the time consuming procedure in this phase is the testing, not the final steps of the migration in themselves, even because the critical ones (including pre-planning, requests to datacenters for IPv6 support, deployment of new configurations) were performed between late 2016 and the beginning of 2018. Kind regards

Hello and thank you! Please see here: https://build.openvpn.net/doxygen/html/group__tls__crypt.html IPv6 is not necessary for tls-crypt. IPv6 and tls-crypt are often cited together by us only because the upgrade to IPv6 of servers also includes upgrade to tls-crypt support, and vice-versa, but that's only an internal method of working. Kind regards

Hello! Yes, this is planned for the near future. We are preparing a new release, with a new ID, which we plan to publish on F-Droid as well. In the meantime, please use the direct link to download the apk from our servers. You can find it in the first post of this thread. Kind regards

Hello! We're glad to inform you that the official AUR packages are those whose maintainer is Eddie.website Currently, Eddie 2.14.5 is the first version that AirVPN distributes directly as an AUR package as well. See also https://airvpn.org/linux Kind regards

Hello! Send a system report pasted into a ticket to the support team, maybe something can be tried. Kind regards

Hello! We're very glad to inform you that a new Eddie Air client version has been released: 2.14.5 Eddie 2.14.5 includes many important bug fixes and changes. You can see them all on the changelog here; https://airvpn.org/services/changelog.php?software=client&format=html. As usual, Eddie is released as free and open source software under GPLv3. New important features have been added. Now Eddie includes a full, seamless and integrated IPv6 support, as well as new features which will let you use our latest service additions (including IPv6 and tls-crypt). Users who have only IPv4 connectivity will be able to access IPv6 services, At the same time users who have only IPv6 (and not IPv4) connectivity, will be able to use our service without limitations. tls-crypt implementation provides a new, interesting way to efficiently bypass blocks and throttling against OpenVPN. This version has been released GNU/Linux, OS X (Mavericks or higher is required), macOS and Windows (Vista or higher is required). 2.14.5 version is compatible with several Linux distributions. For important notes about environments, please read here: https://airvpn.org/topic/27259-status-of-eddie-on-linux-distributions/ Due to the large amount of bug fixes and changes, as well as the addition of new features, upgrade is strongly recommended. Just like previous versions, Eddie implements direct Tor support for OpenVPN over Tor connections. Eddie makes OpenVPN over Tor easily available to Linux, OS X and macOS users: no needs for Virtual Machines, middle boxes or other special configurations. Windows users will find a more friendly approach as well. This mode is specifically designed for Tor and therefore solves multiple issues, especially in Linux and OS X/macOS, including the "infinite routing loop" problem (see for example http://tor.stackexchange.com/questions/1232/me-tor-vpn-how/1235#1235 ) As far as we know, Eddie is the first and currently the only OpenVPN wrapper that natively allows OpenVPN over Tor connections for multiple Operating Systems. https://airvpn.org/tor This is the first stable version which sends a NEWNYM signal to Tor to ensure the use of a new circuit in every connection. We recommend that you upgrade Eddie as soon as possible. Eddie 2.14.5 for GNU/Linux can be downloaded here: https://airvpn.org/linux Eddie 2.14.5 for Windows can be downloaded here: https://airvpn.org/windows Eddie 2.14.5 for OS X Mavericks, Yosemite, El Capitan and macOS Sierra and High Sierra can be downloaded here: https://airvpn.org/macosx PLEASE NOTE: Eddie 2.14 package includes an OpenVPN version re-compiled by us from OpenVPN 2.4 source code with OpenSSL 1.0.2k for security reasons and to fix this bug: https://community.openvpn.net/openvpn/ticket/328 Eddie overview is available here: https://airvpn.org/software Eddie includes a Network Lock feature: https://airvpn.org/faq/software_lock Eddie is free and open source software released under GPLv3. GitHub repository: https://github.com/AirVPN/airvpn-client Kind regards & datalove AirVPN Staff

Hello! In this case your network disrupts SSH. Try also "OpenVPN over SSL" to port 443, it's worth a try. Kind regards

Hello! gksu dependency has been removed on the .deb package of Eddie 2.14.x. Kind regards

Hello! Please see here: https://airvpn.org/ssh Eddie, the AirVPN client software, usage is recommended whenever possible, it will make things simpler. You can change connection mode by selecting an "OpenVPN over SSH" tunnel in "AirVPN" > "Preferences" > "Protocols" window. Kind regards

Hello! We do provide IPv6 traffic leaks prevention in our software. Such feature will be soon redundant because IPv6 full support in our infrastructure will be completed soon. Currently the following servers support IPv6: Algieba Atria Castor Cebalrai Chamaleon Chara Errai Gacrux Gianfar Mesarthim Minkar and full IPv6 deployment is imminent. Kind regards

Hello! In Spain we have two different providers. In general M247 provides us with services in Europe, Singapore and Japan. We rely on M247 for about 23% of our infrastructure in Europe, which is 50% less than our bandwidth redundancy in Europe, so we have no critical point here. About Japan, we have just begun to operate there with a server, so it's too soon to make general considerations. You have no reasons to worry. About "network diversity" mentioned by another user, we are customers of 27 different providers, so nobody should complain about that. Last but not least we have been working with M247 since 2015 and we have never had any critical issue. Kind regards

Hello! Can you please point us to the draft law you mention, in the part where it would force datacenter operators to apply blocks at datacenter level? That would significantly help our legal advisors because just a few months ago we were re-assured that no mandatory filtering tool will exist for transit providers etc., but only for "residential" ISPs. That for the legal part. About the technical part, we faced an identical problem in Singapore some years ago (censorship enforced in datacenters too). You should have never noticed any block to sites from Singapore servers since according to our mission we did our best to bypass any censorship and preserve end to end principle, keeping our infrastructure content agnostic. We are not saying that this will be always technically possible anyway, only that we will do our best to fulfill the mission. https://airvpn.org/mission Kind regards