Staff

Hello! As we said the method you describe is not effective. Separation of identity is. Unfortunately there is no way, not only for us but for any service, to protect a user against his/her own bad behavior. However inducing customers to use false "solutions" is unfair. Which is identity separation. We already offer five connection slots from the same account, so you can introduce yourself with as many different IP addresses as you wish and you will have your solution, provided that identity separation is enforced. In the other case you mentioned, specifically with the browsers extensions you mentioned, you may compromise yourself in any case, even with identity separation, as explained. We can't protect you against yourself and your bad habits, but we can try to raise your awareness about the risks you are not aware of. Kind regards

Hello! If you run network-manager-openvpn please consider to switch to Eddie (the free and open source Air software client) or to direct OpenVPN usage. We don't feel to recommend network-manager-openvpn because in the past it caused too many problems. You would need a script to modify your resolv.conf if network-manager-openvpn can't do that by accepting the DNS push, but a faster and easier solution might be just running Eddie, for example. What is your GNU/Linux distribution name and version? Kind regards

Hello! Since DNS leaks do not exist in GNU/Linux (or in other systems, except Windows) it's first necessary to understand what you mean with your message. The servers DNS push is not considered in OpenVPN for GNU/Linux so, if you don't take care of it, your nameservers will remain set with no modifications. Check /etc/resolv.conf file. If they are remote servers (not in your LAN) the DNS queries will be tunneled anyway. Local traffic will keep going on as usual, so if your GNU/Linux box queries your router and then your router forwards the query to some external DNS server, you have a DNS query (from the router) not in the tunnel, but that's has nothing to do with DNS leaks. If that's the issue you report, you can consider to accept DNS push. Some ideas can come from our guide https://airvpn.org/topic/9608-how-to-accept-dns-push-on-linux-systems-with-resolvconf/, otherwise you can consider to run Eddie, the AirVPN free and open source software client, which will take care of DNS push in GNU/Linux. Kind regards

Thank you! You might like to upgrade to RC2 now. Keep us posted! Kind regards

Hello! We're very glad to inform you that two new 1 Gbit/s servers located in Sweden are available: Copernicus e Lupus. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). Just like every other "second generation" Air server, they support OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Please note that these new servers will replace five servers in Atlanta, and precisely Antlia, Octans, Pavo, Sagittarius and Scorpius which will be withdrawn soon because the company operating in the datacenter they are located is ceasing operations, unfortunately. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! The first three things that come to mind are that you can't use tls-crypt with OpenVPN 2.3.x and we also detected some severe IPv6 bugs in those versions. Last but not least at all, you can't use TLS 1.2 with 2.3.14 (which supports only SSL 3 and TLS 1.0). TLS 1.2 is supported in OpenVPN 2.3.3 or higher versions. If the problem is only client side, you can easily upgrade, but if the problem is in their servers, and they do not offer any server with the above features (such as our 90 "Gen 2" servers), it might be a bad symptom of insufficient care toward security. Kind regards

Hello! We're very glad to inform you that Eddie Android Edition 1.0 RC2 (VC 5) has just been released. The main changes from RC1 are various bug fixes (including an important problem occurring under Android 8.x) and a more robust detection and handling of network and OpenVPN statuses with the purpose to reach the best effort against traffic leaks outside the VPN, of course within the bounds enforced by limited privileges in the system. Eddie 1.0 RC2 is also packaged with x86 support, we had a request for x86 support some time ago and we're glad to satisfy it. You can find additional information in the changelog which is attached to this message. As usual Eddie is free and open source software released under GPLv3. Check the first post in this thread for source code URL and some more details. You can participate to the tests by joining the testing community in the Google Play Store here https://play.google.com/apps/testing/org.airvpn.eddie Alternatively, if you don't want to access (or you have no access to) the Google Play Store, the apk can be downloaded from our Eddie web site here: https://eddie.website/repository/eddie/android/1.0rc2/org.airvpn.eddie.apk Please keep testing and stress Eddie as much as you can! Any single report is important. With RC2 we feel we are remarkably nearer to a 1.0 stable release, but only extensive tests outside our internal team will prove us right or wrong. Thanks so much to all the past and future testers! Kind regards ChangeLog.txt

Hello! We're sorry, only when we have a signed contract... telling anything during the negotiations, even if not in early stages, would be unfair for all parties, including you. Kind regards

FINAL UPDATE 19 SEP 2018 Migration has been completed and tests have been successful. All the mentioned servers are now available and connectivity is very good from major USA residential ISPs. IPv4 addresses remain the same, while IPv6 addresses have been changed. The servers operate in a new Dallas datacenter. EDIT 18 Sep 2018: migration has been completed to a new Dallas datacenter and servers have passed the tests. All the 10 servers will be again available soon. Hello! We regret to inform you that we will soon start a migration and potential relocation of the following servers currently located in Dallas: Chamaeleon Equuleus Helvetios Leo Mensa Pegasus Ran Scutum Volans Vulpecula The reason is that Cogent (our transit provider in Dallas) will not renew the contract on the current 10 Gbit/s line. Unfortunately they let us know very late, just a few days before the natural expiration and normal renewal of the contract itself. It's not a price problem, they do not want to renew with us and/or with our counselor in the USA. The mentioned servers are our property but disconnecting, packaging, moving (or shipping), reconnecting and reconfiguring may take a long time (probably a month or more). Therefore, we have decided to set up a small battery of new servers, five in Phoenix and five in Dallas itself, that will run during all the time which will be necessary to complete the migration. Such servers are being connected and set up in different datacenters as we write and after a brief 24/48 hours testing period we will make them available. All the new, mentioned servers have 1 Gbit/s ports. We deeply apologize for the inconvenience and at the same time we are confident that you can understand that this sudden and unexpected issue was and is totally out of our control. Kind regards and datalove AirVPN Staff

Hello! Currently you can use tls-crypt on entry-IP addresses 3 and 4 of about 90 servers. Support on the whole infrastructure will be completed in the near future. Please see also https://airvpn.org/topic/28153-ipv6-support-and-new-smart-features/page-3?do=findComment&comment=75733 Kind regards

Yes, DSL is too old, it was a bad example. Anyway you already found an alternative that's good. The fingerprint is mainly (or even exclusively) determined by the browser, in your examples. So using TBB is an excellent solution, as well as a fine tuning of the browser. About fingerprints of the kind you mention, a thread developed in our forum and was carried on by the community: Various solutions, but the Tor Browser still remains probably the most secure (and easiest). https://airvpn.org/topic/20156-avoid-browser-fingerprint/ If a human right is potentially at stake, no general "overkill" / limitation rule can be claimed, the matter remains up to each person considerations. Kind regards

Hello! The bottom half of the diagram you mention summarizes the route of the traffic of an application NOT configured to connect to Tor, in a machine where OpenVN is connected to our servers over Tor. Tor Browser connects to Tor by default, so its traffic route (again in a machine with OpenVPN connected over Tor to some Air VPN server) is summarized in the higher half of the diagram. If you configure Tor Browser to NOT connect to Tor, then its traffic will be summarized in the lower half of the diagram. Yes, with any application NOT configured to connect to Tor. Kind regards

Hello, we have taken care to definitely improve precisely this aspect (on top of other ones) with the upcoming RC2. A preRC2 has been extensively tested internally and if there are no last minute problems it will be made available on 26th of July. Check the main thread about Eddie Android edition (and the Google Play Store will let you know when a new version is available, if you downloaded Eddie from the Play Store): https://airvpn.org/topic/26549-eddie-android-edition Anyway, please note that "automatic reconnection" you mention is meant to reconnect Eddie at the Android device (re)boot if it was turned off or restarted when Eddie was still running and connected. Thank you very much for your tests and please keep testing the new version and feel free to keep reporting back, the more testers the better: we consider the feedback as a paramount resource on the road to deliver a good stable version. When you report anything, please add if you don't mind your exact device model and Android version. Kind regards

Hello! Given the reputation of Daniel J. Bernstein, concerns about the specific employed ECC are not relevant. However, remember that Wireguard is not ready for production and you must not use it when security of your data is a priority. Wireguard developers are very honest about it, so use it at your own risk. From the official web site: We can't propose to our customers something based on experimental code that has not undergone a proper security auditing and those who do are clearly not protecting their customers' interests. Sooner or later Wireguard will reach a mature, stable release and will be audited and peer reviewed. That will be the right time to consider to put it into production. Kind regards

Hello and thank you! Cash payments are impossible to handle manually (we should correlate any received cash with some precise account and activate it manually... humanly impossible), and very risky for the buyer. We accept cryptocurrencies which are designed to provide a strong layer of anonymity at transaction level itself. We think of ZCash and Monero. About getting coins, you really don't need to mine them. The obvious method to get them is exactly the same you employ for fiat money: you offer a good or a service. It should be quite easy to earn coins for many months of AirVPN subscription in this way. Alternatively consider services like LocalBitcoins which can be perfect for your purposes (for small amounts: we don't feel to recommend them for relevant transactions) Kind regards

Hello! Please see also here: https://airvpn.org/faq/udp_vs_tcp/ Kind regards

Hello! Can you please publish the original Kaspersky reply (or send it to us privately in a ticket) where they declare what you reported here? It might help us. Kind regards

Hello! Can you post (or send it to us privately in a ticket) the original reply from Kaspersky stating that the bug will be fixed within 2019? It might help us. Kind regards

Hello! Using the Tor Browser sounds like an excellent solution for your purposes, because you just need to separate identity with certain web sites. On VM performance, you might test a very light Operating System with some guest integration by the virtualization software, before considering the purchase of new hardware. About light systems, check out DragonFly BSD (a FreeBSD fork) or something like "Damn Small Linux". https://www.dragonflybsd.org http://www.damnsmalllinux.org Avoid Windows at all costs. Kind regards

Hello! On your Android or iOS device you need to re-generate a configuration file and import it as a profile in your application (openvpn-connect, OpenVPN for Android...). Try the following settings: - click "Advanced Mode" in the Configuration Generator - select protocol TCP, port 443, entry-IP address 3 - proceed as usual to download / import the profile On entry-IP addresses 3 and 4 of our VPN servers you have OpenVPN working with "tls-crypt". It means that the whole Control Channel of OpenVPN is encrypted. This connection mode has showed great abilities to bypass a wide variety of blocks. In this case we also suggest TCP because, according to the reports we have been receiving from China in the last years, it is not uncommon that UDP gets entirely blocked on mobile lines. UPDATE: with our software Eddie Android edition, you will not need the Configuration Generator anymore in Android. Eddie will try by itself anti-blocking connection modes. If you don't wish to wait (Eddie may need up to 1 minute to find the proper way to circumvent China blocks). go to the "Settings" view and please set: Custom protocol option to TCPCustom port to 443Custom TLS mode to tls-cryptQuick connection mode to Use custom settingsEddie will connect to port 443, with protocol TCP, using tls-crypt. Kind regards

Hello! Please make sure that the router firmware is up to date. The condition you report might be caused by a router bug which is triggered by sustained UDP throughput. In spite of the fact that only some torrent software causes the issue (which does not fit in the explanation), it's worth anyway a try. Kind regards

Hello! "Probably" is not "surely" (but we wrote "apparently"). Anyway, it doesn't matter: you have no leaks, and this is the important point. Note how you can have IPv6 connectivity over our service even if your ISP does not support IPv6. Kind regards

Hello! No, you don't. The IP addresses of any new server are added automatically in the rating system, so the qualified name of each country may resolve (if the server reaches the best rating) into those IP addresses. The configuration file, when the needed settings are the same, remains the same. Kind regards

Hello! Thank you. Yes, it's planned for all the servers. Kind regards

Hello! We're very glad to inform you that five new 1 Gbit/s servers located in Atlanta (Georgia, USA) are available: Hercules, Libra, Musca, Sculptor and Ursa. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other "second generation" Air server, they support OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Please note that these new servers will replace five servers in Atlanta, and precisely Antlia, Octans, Pavo, Sagittarius and Scorpius which will be withdrawn soon because the company operating in the datacenter they are located is ceasing operations, unfortunately. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team