Staff

Absolutely not, we confirm once again that the problem was never on our side. Not only for logical inferences, because such a gigantic problem would have caused a massive amount of complaints by the 15000 users that at any given time are connected to our servers, but because your own description clearly shows that the problem is in your local network segment or local equipment. Kind regards

Hello! We're very glad to inform you that five new 1 Gbit/s servers located in the United States are available: Antlia, Octans, Pavo, Sagittarius and Scorpius. They are all in Atlanta, Georgia. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other Air server, these new servers support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! DNS leaks do not exist in GNU/Linux. In Ubuntu 17, NetworkManager might be configured to modify frequently resolv.conf and overwrites changes made by Eddie. Make sure to disable this feature by adding in /etc/NetworkManager/NetworkManager.conf the following line in the [main] section: dns=none The above should solve the problem. Kind regards

That's the problem. Please do not specify such route outside the VPN. Local addresses traffic is already not tunneled, obviously, and adding those exclusions on Eddie "Routes" window will create an inconsistent route which will actually make traffic "looping" to your local devices. Kind regards

DNS leaks do not exist in GNU/Linux. In Ubuntu 17, NetworkManager might be configured to modify frequently resolv.conf and overwrites changes made by Eddie. Make sure to disable this feature by adding in /etc/NetworkManager/NetworkManager.conf the following line in the [main] section: dns=noneKind regards

Hello! If the problem persists please try the following setup in Eddie (preferably 2.12.4): - untick "Check if the tunnel works" in "AirVPN" > "Preferences" > "Advanced" - untick "Check Air VPN DNS" in "AirVPN" > "Preferences" > "DNS" - untick "Enable Pinger / Latency tests" in "AirVPN" > "Preferences" > "Advanced" - enable Network Lock Please feel free to keep us posted. Kind regards

Hello! EDIT: Eddie 2.13.2beta automatically lowers the tun/tap interface metric to fix the problems caused by the wrong DNS implementation by Microsoft. If you run Windows Creator please upgrade to Eddie 2.13. to solve the problem. https://airvpn.org/topic/13002-experimentalbeta-release/ === EDIT: After a deeper investigation the workaround published in this post might be not proper. If it does not work successfully for you, please consider to lower the metric of the tap adapter: https://airvpn.org/topic/22650-windows-10-creator-update-airvpn-dns-slow/page-3?do=findComment&comment=61332 Temporary workaround, until we release an update of Eddie 1. Disable IPv6 Control Panel\Network and Internet\Network Connections, Properties of your real (not TAP) network interface, uncheck Ipv6. 2. Disable SmartNameResolution Run this .reg file: https://airvpn.org/repository/DisableSmartNameResolution.zip Explanation The same issue occurs also on plain OpenVPN 2.4 with directive block-outside-dns From https://sourceforge.net/p/openvpn/mailman/message/35789733/ Windows 10 Anniversary Update changed the way DNS works. It used to resolve qualified names using all available adapters and IP addresses in parallel, now it still resolves addresses using all available adapters but in sequence, beginning with random adapter. This interferes with how --block-outside-dns currently works. Sometimes OS chooses VPN TAP adapter and things work as intended, sometimes the other adapter and user have to wait until DNS request times out and name resolution goes via VPN DNS. This behavior introduces significant lag for web browsing. Eddie uses the same approach than ValdikSS "block-outside-dns" directive of OpenVPN: it blocks DNS query with WFP filters. With Windows 10 Creator build (1703) DNS resolution waits for the timeout of IPv6 resolutions (blocked by Eddie) and non-tunneled resolutions (also blocked by Eddie to prevent DNS leaks). This issue will be addressed shortly by a new Eddie release. Kind regards

In this case you're probably right, we will re-check. It is possible that Air privacy and data protection legally responsible person has deliberately forced non-persistent cookies to remain in full compliance with the privacy mission and the "cookie Directive" of the EU. If so, this setting will not be changed. Kind regards

Hello, it's expected and intended if you have set your browser to delete cookies at the end of a session (which is a good idea). Kind regards

https://airvpn.org/topic/22665-kaspersky-2017-patch-e-released/ This should definitely fix any Kaspersky problem with OpenVPN usage. Kind regards

Yes, tick "Show All" in the "Servers tab" first. When "Show all" is ticked Eddie will ignore any white and black list, so that you can have them ready to be restored with a single click. Kind regards

Hello! You have various options. Pick the most appropriate one for your case. 1) Run one of the many "kill switch" programs. Make sure to pick one that is compatible with OpenVPN and remember that the protection provided by such programs is low and leaks can occur. 2) Use Network Lock and enter in Eddie field "Allowed addresses" in "AirVPN" > "Preferences" > "Network Lock" all the IP addresses of the game servers you connect to (if the game requires peer to peer connections with other game clients without passing through the game servers this solution is not applicable). 3) Define your own firewall rules. Kind regards

That's a "non-problem". Just forward remotely a random port from your account port panel and configure your Bitcoin client to listen to that port. Important note: do not remap the remotely forwarded port to a different local port (in this case it would not work properly due to how Bitcoin works). Kind regards

Hello! In your case, probably the most straightforward solution is just defining a white list will all and only the "good performance" servers you have found out from your node. You can define a servers white list in the "Servers" tab of Eddie (the Air client software). Eddie will pick servers included in the white list only. Kind regards

There is no point in using OpenVPN over SSL when UDP performance is better. OpenVPN over SSL is designed to encrypt OpenVPN fingerprint thanks to an additional tunnel. This adds an additional wrapping and an additional encryption layer (warning: the additional tunnel is not designed for high security in our system - the core security layer remains up to OpenVPN). To make things worse OpenVPN is forced to work in TCP. This means that when you send out an UDP packet in your system, this will be an UDP packet wrapped in TCP wrapped in TCP: UDP over TCP over TCP! See the difference with the efficient UDP over UDP, or TCP over UDP. OpenVPN over SSL should be used only when the remarkable performance hit caused by the massive overhead is less than performance hit caused by ISP traffic shaping/management against OpenVPN specifically (if it's against UDP, direct TCP will suffice and OpenVPN over SSL will be again inappropriate). This is the only essence and purpose of OpenVPN over SSL. A very important purpose, vital in some countries (for example Iran). So, when direct and clean OpenVPN in UDP is faster than "OpenVPN over stunnel", insisting on OpenVPN over SSL not only makes no sense, but it's also masochistic. Kind regards

Yes, for each tweet he/she attached the correct piece of text (as an image, so you might need some effort to read it properly) in which you can see that OpenVPN is unrelated. It can be, sure, but then this is not a thread for "General & Suggestions" forum, which is aimed to general topics and suggestions for AirVPN service, not other ones! Feel free to move to "Off-topic" for any IPsec related issue. Kind regards

Hello! @produs Our service is not based on IPsec. This decision was taken in 2010 (even before we opened Air) because the original co-founders did not like very much two facts: IPsec running in kernel space, and important contributions by NSA to some of the development stages. @AgentSmith The tweet just after the one you linked mentions incorrectly "OpenVPN". From the document, on the contrary, you can see that it refers to IPsec, as correctly fixed in the subsequent tweet. Just a "momentary lapse of reason" by the author of the twit, probably. Kind regards

Hello, that's an unexpected issue. Please have a look here, it should help you fix the issue quickly: https://airvpn.org/topic/14829-can-only-connect-to-the-internet-browser-through-airvpn/?do=findComment&comment=30509 Also, make sure that you're running Eddie latest stable release (currently 2.12.4) and that you always shut down Eddie properly (menu "AirVPN" > "Exit") to let it restore your previous system settings. Kind regards

Hello, please follow this thread for latest updates on the issue and also momentary workaround: https://airvpn.org/topic/22207-kaspersky-users-read-here/ Note how Kaspersky is fully aware of the critical bug and that an experimental patch (available only upon request at the moment) seems to be effective in fixing it. Although with a slow pace, things are moving toward a final resolution. We underline again that the whole problem has been created by Kaspersky "Patch D" bug and that our service and/or OpenVPN are completely unrelated to the source of the problem. Kind regards

There's no huge button if you're already connected to a server. In order to enable the feature that prevents your IP from leaking, you have to do something that causes your IP to leak (disconnect). Do you see my conundrum? No conundrum here. If you have already connected to a server without Network Lock it means that you had previously disabled "Network Lock at startup" AND you decided to NOT click the button before connecting to a VPN server. The option is already persistent. The Network Lock in itself is not, and for very good reasons, persistent: previous system firewall rules will be restored either when Network Lock is explicitly disabled or when the software is properly shut down. Thread locked, it is based on nothing and the presumed problem is imaginary. Kind regards

Not domain names, but IP addresses (even in CIDR notation). Menu "AirVPN" > "Preferences" > "Routes". Effective at the next VPN connection. Kind regards

Hello! We're very glad to inform you that a new 1 Gbit/s server located in Bulgaria is available: Fornax. The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194 and 2018 UDP and TCP. Just like every other Air server, Fornax supports OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

@ShareVPN It already works in that way. A prepaid gift voucher is in EUR, not in Bitcoin. If you buy it in Bitcoin, USD or any other currency, conversion to EUR is immediate, and the gift voucher can be redeemed exactly for the intended plan (unless our prices change, of course, but that would be a very exceptional circumstance). Kind regards

Yes.

Absolutely not. We don't use them. Kind regards