Staff

Hello, what happens if you disable DNS check? Select "AirVPN" > "Preferences" > "DNS", untick "Check Air VPN DNS" and click "Save". Enable Network Lock as well. That's expected, the VPN DNS is not reachable from the Internet, as you might have seen the address is in a private subnet. Kind regards

Please upgrade to Eddie 2.13.6 (latest stable release), reboot both the router and the system and test again. Kind regards

Good or bad this is how things work. If you bind a program to an interface different than the tun/tap interface you can't expect in general that the traffic of this program is tunneled or blocked, unless the previous default gateway is completely removed obviously. This is not an optimal solution for a couple of good reasons and Network Lock should be preferred. That's the basic of how WebRTC works, and that's why with Network Lock you don't only prevent WebRTC leak, but any leak caused by any "wrong" or "unintended" binding. For more clarifications please see https://www.clodo.it/blog/an-alternative-approach-to-so-called-webrtc-leaks/ Therefore, once again and hopefully for the last time: if you experienced a "WebRTC" leak either Network Lock was not on, or the firewall rules were modified after Network Lock had been enabled. When/if you manage to reproduce the issue make sure to print and store all the firewall rules. That's the first step to start troubleshooting. All the other speculations at this time are just time wasting chattering. Kind regards

This is contradictory. If you had a "WebRTC leak" then either Network Lock was NOT on, or the firewall rules had been modified after Network Lock was turned on. When/if you manage to reproduce the issue make sure to print and store all the firewall rules. That's the first step to start troubleshooting. Kind regards

The server is physically in Romania and geo-restricted to Romania services are accessible so it's some database error you can safely ignore in any case. Kind regards

Hello, "Connection refused" (error 111) in several cases means that the packets have been properly delivered to the final destination and actively rejected/dropped. Please check the firewall rules in the machine connecting to the VPN. Furthermore, if the device connecting to the VPN is not the same device running the torrent client, then you need forward packets from the tun interface of the connected device to the proper port of the IP address of the device running the torrent client. For example: https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/ Kind regards

Hello, please try https://airvpn.org Kind regards

Hello! We're very glad to inform you that a new 1 Gbit/s server located in Romania is available: Canes. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other Air server, Canes supports OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Please note that Canes replaces Phoenicis. Phoenicis has been taken down by the provider without any prior warning. We were informed with a posthumous message which provided an unsatisfactory explanation and the steps to re-activate the server. Needless to say that we're done with anybody keeping this behavior. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

We have found a comparison chart that takes into consideration some very important technical and non-technical aspects which are missing in the quoted list. https://www.comparitech.com/blog/vpn-privacy/best-vpns-privacy-and-anonymity/ There are some minor mistakes but overall it looks just fine. The aforementioned comparison chart should compensate the embarrassingly insufficient technical knowledge and the blatant lies of the person compiling the quoted list: https://airvpn.org/topic/19586-a-review-on-another-site/?do=findComment&comment=48971 Kind regards

Hello, upgrade to Eddie 2.13.6 (latest stable version). Eddie 2.10.3 is years old and is not fully compatible with macOS Sierra and High Sierra. It was programmed when Sierra did not even exist in beta version. Kind regards

It's the same. Unfortunately the user quit Eddie, so the behavior is not only expected, but also explicitly planned to avoid big issues with "netlocked" devices of noobs. The user can blame only himself/herself for the unfortunate, reported circumstances: he/she broke the law (for his/her own admission) AND he/she didn't care to get informed about how Network Lock works, AND he/she let his/her subscription expire beyond the grace period. Kind regards

Network Lock is a set of iptables rules. When you shut down Eddie, Eddie restores the previous iptables rules. This is clearly specified in the guide and in the FAQ and it's very important that you're aware of that. Note: if Eddie crashes the iptables rules will not be changed and your system will remain under Network Lock. Apparently the only one to blame here is yourself. Kind regards

Hello, we don't monitor and/or inspect (with or without logging) the traffic of any OpenVPN client. The information that you report shows that PureVPN did. If you can't afford to trust our words please apply partition of trust. The fact that we don't block OpenVPN connections over Tor node or any socks or http proxy should say something about our honesty. Furthermore, the fact the you don't have any official statement after seven years of AirVPN activity and hundreds of thousands rotating customers about any compromised customers identity (and you have such information about HideMyAss, PureVPN and other services) should be also taken into serious consideration. Kind regards

Hello, except for this which sounds obscure to say the least: Dynamic: The algorithm learns and reacts if routing changes this is a procedure we implemented for geo-routing years ago. We strictly apply this feature only to services which would be otherwise unreachable, because this procedure adds a forced hop, so it's a good way to slow the clients performance down. Apparently that's a terrible feature: probably their users will like to keep it always off. Kind regards

Hello! What Eddie version are you running? Can you also test Eddie 2.13.6, if you haven't already done so, and report at your convenience? Kind regards

Hello! You need to activate "Network Lock". In this way you don't need to disable IPv6 manually. Network Lock will prevent "IPv6 leaks" through ip6tables rules (as well as any other possible leak through iptables). IPv6 support in our infrastructure is planned within the end of 2017. Kind regards

It's not a rule, it's a Law of Technology By connecting to the same server with the same protocol and to the same port your internal IP address is the same. There can't be two devices with the same IP address on any network. Hello! It's a quite different technical limitation in our setup, not a big deal anyway. By the way: if you don't need remote port forwarding you can connect multiple devices, from the very same account, to the same server, but on different ports. In this way you will connect to different OpenVPN daemons working on different VP subnets bypassing the limitation. There is also another finesse which will bypass this limitation and will allow multiple connections to the same server and the same port and subnet with the same account on multiple devices, but it will not be implemented in 2017 (plans for this feature, which will require an important change, have not yet a definite deadline). Important: in order to connect to different daemons for sure, consider that different daemons listen to port 53, 80 and 443. If you pick different ports like 28439, you risk to connect to the very same daemon which listens even to other ports. Kind regards

Hello! Currently not, we're sorry. We might have great news in the future, anyway. Nowadays, a good workaround is accessing our real time servers monitor in our web site "Home" > "Status" page, direct link https://airvpn.org/status Kind regards

Hello! That's a very generic sentence. In general that's not necessarily possible. Just think about our service: OpenVPN works in routing mode, not in bridging mode, and ICMP is a protocol at Internet layer, not a transport layer protocol. So VPN configuration and topology should be analyzed first to avoid potentially wrong or even crazy assumptions. Anyway the scenario seems to assume that the adversary already knows your "real" IP address (we mean the IP address assigned to one of your devices by your ISP) so the discussion shifts to correlation attacks (aimed to show that some activity behind the VPN is indeed YOUR activity) which have been treated over-abundantly in our and other forums. For the purpose of this discussion: 1) make sure to keep Network Lock enabled in our software Eddie and 2) maintain a definite identity separation. In this way you can be confident to defeat even complex correlation attacks. If your friend wants to clarify, he/she is welcome. However, more accuracy is strictly necessary. Kind regards

Hello! We can't see the final DNS your system queries because it's configured in the router, can you please check? That DNS is poisoned. The correct resolution currently is: $ dig airvpn.org +short 5.196.64.52 Fix the issue and test again: if there is no further censorship at IP address level, the problem will be resolved. We would be grateful if you could tell us which DNS is hijacking airvpn.org (if you don't want to publish in public, please feel free to contact us in a ticket or via mail). If you need suggestions about publicly accessible DNS we would recommend OpenNIC servers for their commitment to privacy and neutrality: https://www.opennicproject.org Kind regards

Hello, can you please give us the output of the following command (while your system is not connected to the VPN): nslookup airvpn.org issued from a command line interface. This well let us know whether the name "airvpn.org" resolves into the correct IP address and which DNS your system queries. Kind regards

Hello! We're very glad to inform you that a new Eddie Air client version has been released: 2.13.6 Eddie 2.13 includes many important bug fixes and changes. You can see them all on the changelog. As usual, Eddie is released as free and open source software under GPLv3. 2.13.6 version is compatible with several Linux distributions. For very important notes about environments, please read here: https://airvpn.org/forum/35-client-software-platforms-environments Windows 10 "Creator update" users will have a dramatic names resolution speed increase when querying the VPN DNS, because Eddie 2.13 circumvents the improper external DNS resolution method implemented by the "Creator" upgrade. Please read the changelog: https://airvpn.org/services/changelog.php?software=client&format=html Due to the large amount of bug fixes and changes upgrade is strongly recommended. Just like previous versions, Eddie implements direct Tor support for OpenVPN over Tor connections. Eddie makes OpenVPN over Tor easily available to Linux, OS X and macOS users: no needs for Virtual Machines, middle boxes or other special configurations. Windows users will find a more friendly approach as well. This mode is specifically designed for Tor and therefore solves multiple issues, especially in Linux and OS X/macOS, including the "infinite routing loop" problem (see for example http://tor.stackexchange.com/questions/1232/me-tor-vpn-how/1235#1235 ) As far as we know, Eddie is the first and currently the only OpenVPN wrapper that natively allows OpenVPN over Tor connections for multiple Operating Systems. https://airvpn.org/tor We recommend that you upgrade Eddie as soon as possible. Eddie 2.13.6 for GNU Linux can be downloaded here: https://airvpn.org/linux Eddie 2.13.6 for Windows can be downloaded here: https://airvpn.org/windows Eddie 2.13.6 for OS X Mavericks, Yosemite, El Capitan and macOS Sierra and High Sierra can be downloaded here: https://airvpn.org/macosx PLEASE NOTE: Eddie 2.13 package includes an OpenVPN version re-compiled by us from OpenVPN 2.4 source code with OpenSSL 1.0.2k for security reasons and to fix this bug: https://community.openvpn.net/openvpn/ticket/328 Eddie overview is available here: https://airvpn.org/software Eddie includes a Network Lock feature: https://airvpn.org/faq/software_lock Eddie is free and open source software released under GPLv3. GitHub repository https://github.com/AirVPN/airvpn-client Kind regards & datalove AirVPN Staff

Hello, please consider that DNS settings of the devices behind the router take precedence over the router DNS settings. You probably don't have a DNS leak, because the DNS queries are anyway tunneled by the router after they get out of your Mac, but you might like to re-configure the devices to use VPN DNS (to do so, make sure that the devices query the router address as DNS server). Kind regards

Hello, when you have such issues put all the keywords inside a good web search engine: this is generally a good start. For example, we wrote in our message "Use the ISO country code for the country" and you don't know what it is, so a good idea is looking for "iso country code list", which returns in various search engines as a first link https://en.wikipedia.org/wiki/ISO_3166-1 - there you find definition and a table with all the country codes. Consider the two letters codes, obviously. You can use "nslookup" to resolve a name into an IP address in a command line interface. For example, enter the command: nslookup nl.vpn.airdns.org You will see something like: $ nslookup nl.vpn.airdns.org Server: 10.4.0.1 Address: 10.4.0.1#53 Non-authoritative answer: Name: nl.vpn.airdns.org Address: 213.152.162.169 and you see that, at that moment, nl.vpn.airdns.org resolved into 213.152.162.169 IPv4 address. Kind regards

Android is Android, Linux is Linux. The Android kernel might be based on Linux, they share similarities, but they differ in functionality. Just for completeness sake: https://en.wikipedia.org/wiki/Android_(operating_system) The Linux kernel is almost identical between various GNU/Linux distributions and Android (which is considered a Linux distribution by the Linux Foundation). The upper layers differ significantly from most GNU/Linux distributions (in addition to the changes by Google in the Linux kernel: only some of them have been ported to the Linux kernel main branch) - as noted in the above linked article, a major difference is that the C library is different. The reason for which in our "Configuration Generator "Linux" version is recommended for "OpenVPN for Android" application was due to text formatting. Kind regards