Staff

Hello! No, usually we do not monitor the community forums. Moderators do that. Momentarily you need to look at the source code. Explanation on Network Lock with Windows Filtering Platform will be posted in the future. Kind regards

That's expected, normal, ordinary and correct. We recommend that you get informed about how ARP works. Kind regards

Please upgrade to Eddie 2.13.2beta. Kind regards

Today Stefano Rodotà left us. He was a co-writer of the Charter of Fundamental Rights of the European Union, which several years later became a binding, legal document for all EU Member States, and a member of the Council of Europe. Between 1998 and 2005 he was the first Data Protection and Privacy Authority supervisor in Italy, a country which never had such a public body, and between 1998 and 2002 he was the President of the Data Protection Supervisors coordination group in the European Union. In spite of limited funds and power, through his energy and incredibly lucid and competent vision, he sowed the seeds of public awareness on the importance of data protection and privacy and established an operative framework which has been successfully followed by his successors. Just to recall a tiny gem, without Rodotà's work the historical decisions, by courts and by the Data Protection Authority, establishing the illegal behavior of the Peppermint company in the homonym case and sentencing the beginning of the end of the copyright trolls activities in Italy and Europe, would have been much more difficult in 2008. It is impossible to mention here all the countless activities Mr. Rodota's was involved in during his life. For us he was first and foremost a Champion of freedom and fundamental rights. Goodbye Mr. Rodotà, you have been, you are and you will be a source of inspiration and strength for us in the pursuit of our mission. The AirVPN founders

Thanks, we have had enough suggestions. In practice, any country in the world has been suggested with just a few exceptions. Locking thread. Kind regards

Hello, Guido Vranken's job has been remarkably good, surely better than QuarkLabs audit funded by OSTIF donors (including AirVPN). Even the scientific and pragmatic approach of Vranken has proved to be substantially superior. It's important to know that there is no vulnerability that affects us except one: through an exploit of a vulnerability, OpenVPN daemons can have memory leaks which on the long run may cause problems to the whole system - even a crash needing a reboot. That would be of course most annoying therefore we are speeding up upgrade of OpenVPN on the servers. Kind regards

Hello! The error The requested protocol has not been configured into the system, or no implementation for it exists is thrown when IPv6 is disabled in the OpenVPN network interface. Eddie 2.13.2 (due to be released in a few days now available) will manage this situation correctly without errors. In the meantime, please enable IPv6 on OpenVPN network interface: Open Network and Sharing Center -> Change adapter settings -> right click on 'TAP-Windows Adapter V9' interface -> enable TCP/IPv6. It's fine to disable IPv6 in other networks, because AirVPN doesn't support IPv6 traffic. But there is no real reason to disable it on the tun/tap interface. Kind regards

Hello! We're very glad to inform you that six new 1 Gbit/s server located in Germany are available: Cervantes, Errai, Ogma, Lepus, Libertas. Perseus. The AirVPN client will show automatically the new server, If you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other Air server, they also support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Please note that these servers will replace older servers in Germany. Some of the older Germany servers will be withdrawn at the end of June 2017, according to our plans of hardware renewal and lines improvements. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! For a precise choice we explained several times in the past. Feel free to search the forum. This is questionable, especially since you don't specify parameters. In 2007 Schneier expressed some doubts about NSA backdoors in ECC, and we have always followed a vary conservative approach against NIST-recommended ECs. Later in 2013 the documents revealed by Snowden showed that backdoors were indeed implemented by NSA in the ellyptic curve bit generator Dual_EC_DRBG, and that a vast program to implement backdoors on various ciphers and have those very ciphers approved as standards was active in NSA. Therefore facts proved that we were right, and any conservative approach is not a bad thing. See also... the suspicions: https://crypto.stackexchange.com/questions/10263/should-we-trust-the-nist-recommended-ecc-parameters https://www.wired.com/2007/11/securitymatters-1115/ and the first paramount revelation: https://en.wikipedia.org/wiki/Dual_EC_DRBG About your last question on overhead time, this becomes very relevant in packets verification. Currently there is no reason to add a significant computational burden (which would be relevant on the server side as well) on the Data Channel by shifting from HMAC SHA1 to, for example, HMAC SHA384, even if OpenVPN supported it on the Data Channel (and it doesn't). Kind regards

Hello! We're very glad to inform you that four new 1 Gbit/s server located in Singapore are available: Auriga, Circinus, Delphinus and Hydra. The AirVPN client will show automatically the new server, If you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other Air server, they support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Please note that two of the older Singapore servers will be withdrawn at the end of June 2017, according to our plans of hardware renewal and lines improvements. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! It is disabled by default. You must have enabled it. Of course you can disable it whenever you wish. Anyway, this has nothing to do with the fact that we do not inspect, analyze or store your traffic type and/or details and/or content, obviously. Kind regards

Please see https://airvpn.org/specs

For the readers: resolved. Customer was running a competing firewall simultaneously. Kind regards

Hello! All the persons who experience this problem can test Eddie 2.13beta now. Kind regards

Hello! We're very glad to inform you that a new Eddie Air client version has been released: 2.13beta. It is ready for public beta testing. To download Eddie 2.13beta please select "Other versions" > "Experimental" from the download page. Update 24-Jun-17: version 2.13.2beta has been released. Update 22-Jul-17: version 2.13.3beta has been released Update 18-Aug-17: version 2.13.4beta has been released Update 19-Aug-17: version 2.13.5beta has been released Update 24-Sep-17: version 2.13.6beta has been released Update 02-Oct-17: version 2.13.6 has been promoted to "Stable" This version features several bug fixes and updated software in the package (OpenVPN 2.4.3 for example). Windows edition lowers the tun interface metric to patch the problematic DNS implementation in Windows 10 "Creator". Please see the changelog: https://eddie.website/changelog/?software=client&format=html Do not hesitate to write in this thread if you decide to test Eddie 2.13beta and you find some glitch or bug. Kind regards & datalove Air Staff

Hello, that was a bug affecting 2.10.3 and 2.11.x, but it has been fixed in 2.12.4. Can you please describe exactly the IP addresses combination/setup that causes the issue? A system report generated by Eddie will let us see the exact Eddie configuration and could provide precious clues. Click "Logs" tab, click the life belt icon and paste into your message. Kind regards

Problem solved: customer did not allow Eddie to run with root privileges.

Database error, as already explained. In ipleak.net we query MaxMind and other databases. All of them are in general inaccurate. You're wrong. The servers reported in Atlanta are in Atlanta. Refer to the real time servers monitor to know the location of each server. ping is not very relevant because you wrongly assume that geographical proximity is equivalent to network and/or ICMP proximity. Verify with traceroute that the servers are in Atlanta. Kind regards

Hello! Of course if you have a malware which modifies without your knowledge the firewall rules, then anything is possible, even much worse things. Our service will NOT protect compromised systems in any way. Also please do not forget that our service purpose is NOT protection of your system against malware. Kind regards

Hello, connect to your router via telnet or ssh and issue command "ifconfig". Kind regards

Hello, 10.4.0.1 is always accessible regardless the port you connect to and the protocol you connect with. It is the only always reachable address and it is the main address of any DNS server of each VPN server. Each subnet is a /16 so your reference to "249 servers IP" makes no sense (we underline just in case this is bringing confusion). However, it is recommended (and this will happen by default if you run Eddie or anyway accept the DNS push from the server) to use the same IP address for the VPN gateway and the VPN DNS server. Having these addresses match prevents an attack based on DNS hijacking described in some research papers. So, if you connect to port 80 with protocol UDP, we would recommend to set the DNS server address to 10.8.0.1 (even if 10.4.0.1 would work anyway) because the VPN gateway would be 10.8.0.1. Also please see https://airvpn.org/specs to know exactly which subnet you will enter. This knowledge is not strictly necessary: if you accept DNS push, you will always have VPN gateway and DNS addresses match. Kind regards

Hello! If the notice is not a hoax, then your traffic was not tunneled. Enable Network Lock to prevent any possible leak, including leaks caused by unexpected VPN disconnections and leaks caused by the torrent client itself when it is misconfigured (example: UPnP enabled, or any other option causing the software to bind to the physical network interface). https://airvpn.org/topic/9170-do-you-allow-p2p-how-can-i-optimize-performance-of-emule-and-bittorrent-with-airvpn/ https://airvpn.org/topic/12175-network-lock/ Kind regards

Hello! A probable reason for the warning you get is that you have the same gateway for two different network interfaces. In such cases some OpenVPN versions will abort the connection phase. According to your description and to the fact that you have Network Lock enabled, we have no reasons to suspect that you can have any traffic leak outside the tunnel anyway. If you don't need two network interfaces with the same default gateway (in most cases there is no reason for that), the quickest way to get rid of the warning is just disabling the one that you don't need. For example, if you connect to your router via Ethernet, you can disable the WiFi card. Enjoy AirVPN! Kind regards

Hello! Today we're starting AirVPN seventh birthday celebrations! From a two servers service located in one single tiny country providing a handful of Mbit/s, the baby has grown up to a wide infrastructure in 18 countries in three continents, providing now 197000 Mbit/s to tens of thousands people around the world. 2017 is an important year, not only because not all VPN services have flourished or even survived for seven years, but also because 2017 is the year we planned to enhance the growing child with full IPv6 support as well as tls-crypt obfuscation. Software related development will be powered up, with some very exciting news you will get in the next months. If you're curious to know something about a series of fortunate events which gave birth to AirVPN, have a look here: https://airvpn.org/aboutus To worthily celebrate Air's seventh birthday, we're glad to inform you that starting from now we will offer a 25% discount on all plans. Hurry up, celebrations as well as this special offer will end on June the 6th, 23:59:59 UTC! Kind regards and datalove AirVPN Staff

Hello! Yes, the attacks you talk about, usually based on timing attacks in low latency networks, are not meant to be prevented by separate entry and exit-IP addresses. The correlation attacks which are prevented by separate entry and exit-IP addresses are different. When two nodes of a same VPN connect to each other via a public address which is also the VPN gateway public address they will start exchanging data in clear text outside the tunnel (this is quite obvious, check your routing table to understand exactly why). When that IP address is shared between the nodes connected to the VPN server, this opens up the way to a wide variety of correlation attacks to discover the real IP addresses of the nodes connected to a VPN server. The adversary does not need to control or wiretap all the relevant network segments, it just needs to enter the VPN as a normal user, forward ports remotely and study the proper way to start the attack on the target or targets (the attacker will need to convince the target or targets to connect to any of the services he/she controls behind the VPN). This is not an OpenVPN (or other VPN software) vulnerability, it's just how routing works. Incredibly, even nowadays you can find VPN services around the world which do not take care of all the above and, even more incredibly, famous "VPN reviews" sites do not even talk about this issue. Kind regards