Staff

Also consider that we provide a Debian PPA repository, have a look at https://airvpn.org/linux/ Kind regards

Well, the EUCJ decision was the outcome of a clarification request already sent by a UK court of appeal. See also https://www.theguardian.com/world/2016/dec/21/eu-ruling-means-uk-snoopers-charter-may-be-open-to-challenge in particular last 5 paragraphs. Kind regards

The Investigatory Powers Bill scope is not applicable to our company, and it can be challenged after it has been found by the Europen Union Court of Justice incompatible with human rights and EU legal framework (EUCJ decision of December 21, 2016). After the defeat at the EUCJ, various parts of the Act pertaining to data retention are not operative and the technical implementation has been frozen. UK government announced "an appeal" against the decision. The Act provides three main lines of investigation: interception, interference and retention. The first two methods may cover datacenters in the UK, but they do not pose new challenges. The same can happen, and has happened, legally or illegally, virtually in any country in the world (see our article from 2011 about partition of trust). About retention, our policy does not change and any interferences with that will cause us to discontinue any server in the UK, just like we already did in France. When UK will finish the "Brexit" procedure, then the technical guidelines for the implementation of the Act might be unfrozen by just ignoring the EUCJ decision. However, the EUCJ decision involves infringement of human rights that are also protected by a paramount convention on human rights which the UK signed (the European Convention on Human Rights, or ECHR) which is binding to all members of the Council of Europe. The Council of Europe does not depend on the European Union (although the European Union is a very important partner of the Council of Europe). Therefore on exactly identical basis which led to the UK defeat, the law and the UK can be challenged again at the European Court of Human Rights (do not confuse this court with the European Union Court of Justice). Getting out of the EU does not affect anything about the ratification of the ECHR and the membership in the Council of Europe. Actually, the UK is a founding, original member of the Council of Europe since 1949 (and this makes even sadder how lightly a government of the Kingdom is willing to throw in the trashcan some post-WWII founding values of democracies). We'll see when and if the technical implementation of the law, in the parts pertaining to us, will be unfrozen. Before that, your argument is a theory for the future, not for now. However, we must also take into consideration illegal operations. From what happened in the past, we can not even rule out that such operations can have the support of some parts of government bodies. And history teaches that such operations could even be led by criminal organizations. For such occurrences, the only effective counter-measure is technical: partition of trust. Kind regards

Hello! We're very glad to inform you that two new 1 Gbit/s servers located in Singapore are available: Aries and Reticulum. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194 and 2018 UDP and TCP. Just like every other Air server, Aries and Reticulum support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! We're very glad to inform you that ten new 1 Gbit/s servers located in the Netherlands are available: Andromeda, Canis, Crater, Cygnus, Edasich, Horologium, Hydrus, Musica, Orion and Pyxis.. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other Air server, they support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

In this case it is 10.3.0.1, but yes this is a good way to check if your system is updating resolv.conf correctly. Hello, 10.3.0.1 is not one of our private addresses in the VPN. It is out of any of our subnets. The problem is that you don't take care of DNS push. OpenVPN will not do that for you in Linux. Please see here for some ideas: https://airvpn.org/topic/9608-how-to-accept-dns-push-on-linux-systems-with-resolvconf/ Kind regards

Hello! UDP packets and/or certain IP addresses of our servers are blocked in your system. Please check your firewall rules. Also consider to enable Network Lock to replace your rules while Eddie is running (your rules will be restored). Upgrade to Eddie 2.12.4 as well. Kind regards

Hello! Problem has been solved. Kind regards

Hello, we do not enforce any cap on bandwidth, you are just meeting physical limitations. Our servers are connected to 1 Gbit/s ports and 150 Mbit/s means 300 Mbit/s on the server. In general, our infrastructure and above all our prices/business plans are designed to reliably provide 40-160 Mbit/s per client (i.e. 20-80 on the client side) - and 16 Mbit/s (server side) in the "worst case scenario" (i.e. if everybody connects at the same time AND requires maximum bandwidth constantly). Given the current oversize (redundancy) of Air infrastructure, however, you can easily reach (as you have experienced) 300-400 Mbit/s (which translates into 150-200 Mbit/s on the client side) with some care to pick a properly "not heavily loaded" server. Consider that currently it would not make much sense to get 10 Gbit/s ports for our servers, because of computation limits in encrypting/decrypting AES-256-CBC in a single core. Kind regards

Hello! The problem has re-emerged after the past fix. We confirm that we are aware of the problem and we will be working to solve it. Kind regards

To flush iptables rules enter the command (from a root terminal): iptables -F Network Lock does not cause any problem. If you kill Eddie without grace iptables rules will remain the same and this is not only expected, but it must be so. Traffic leaks prevention must remain enforced in case of OpenVPN or Eddie crash, incorrect behavior by the user etc. In such cases you can either run and shut down properly Eddie to restore your previous rules (because Eddie does backup your system iptables rules before modifying them), or just flush the rules. Both operations are a matter of a few seconds. Kind regards

In general this can imply that such VPN uses the same IP address both as entry and exit. It's an awful practice when IP addresses are shared (an essential requisite to have a better anonymity layer) and port forwarding is supported: data exchange with nodes in the same VPN will occur outside the tunnel exposing the real IP address to each other. A lot of correlation attacks can therefore be successfully achieved. Kind regards

Hello! Can you please check again your system DNS settings (while Eddie is not running), just in case the problem is related to DNS and not to firewall rules? Eddie 2.10.3 is a very old version and has a bug (only in Windows) for which, under peculiar circumstances, the DNS settings of a network interface were not restored. This bug was fixed both in the 2.11 and in 2.12 versions (upgrade to Eddie 2.12.4, the latest stable release, is highly recommended). Kind regards

Hello! Packets are forwarded to your node VPN IP address. If the guest OS is attached to the host via NAT you must take care to configure port forwarding from the host properly, because it's the host that's connected to the VPN in your system. VMWare does support this option. It's correct that this topic is in off-topic, because even according to your own description this is an issue with VMWare, not with AirVPN. Kind regards

It works perfectly in all systems. Feel free to open a ticket if you have problems in your system. Kind regards

Good. So there are no problems, right? Kind regards

If ClipGrab binds to the physical network interface of your system then yes, it's possible. We provide the "Network Lock" feature to prevent traffic leaks of this (and any other) kind. Please see also: https://www.clodo.it/blog/an-alternative-approach-to-so-called-webrtc-leaks/ Kind regards

It's for the user's comfort (for example for those users who want to connect OpenVPN over a proxy and want to check whether they have proxy-fied properly or they connect directly). Kind regards

Disable Wayland please. https://airvpn.org/topic/20750-airvpn-not-working-with-fedora-25/ Kind regards

No problems! Not offended at all, quite the contrary. and we are also pleased by your nice feedback. The "wrong conclusions" in our opinion are just caused by the fact that you seem to not consider some parameters in the "quality VPNs" definition. Actually, this looks confirmed by the fact that you explicitly include in "quality VPN" a service which does not meet some of the parameters we cited (and it's not AirVPN! ), so "quality VPN" are not at all "all basically the same". Kind regards

This makes their choice a strong point. If it's a physical or a virtual server is one of the factors defining the speed but there is no written law saying a VPS cannot match the performance of a dedicated server setup. It certainly has it's drawbacks, sure enough. You're not totally right in this point, and not only because a VPS shares the uplink port with an unknown amount of other VPS running in the same host (see below for another important factor). What a VPN service provider based on OpenVPN can do to optimize the throughput once the strongest ciphers for Data and Control channels have been picked consist of many things. Probably the most important ones are: picking datacenters with redundant bandwidth as well as good transit providers to increase likelihood of good peering with consumers' ISPsavoiding overselling. AirVPN is the only consumers' VPN service in the world that has a transparent policy about the "worst case scenario" of bandwidth allocation, with precisely defined guarantees on minimum allocated bandwidth, and a tool, open to everybody, to verify such commitmentconfiguring correctly the VPN server. Please see here to see how big this challenge is when we start talking about 1 Gbit/s dedicated ports: https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linuxproviding software which tries to optimize parameters on the client side that are not handled automatically by OpenVPN, for example the socket buffers sizes in Windows like Eddie (our free and open source software) doesproviding software that makes switching protocols and double-tunneling (to circumvent some traffic management or throttling techniques that are nowadays not unusual in most "residential" networks) easy (like Eddie does) So the @larky wall of text is funny and informative, but misses (and for this reason reaches some dangerously wrong conclusion when he/she writes "[Quality VPN] they vary some in "features" and client and software used but they are all basically the same.") the most important activities that a good "VPN provider" must perform with due diligence and competence and whose effects are immediately visible, especially when you see the huge difference between a "good VPN" and a "bad VPN" in performance with identical servers in the same datacenters from the very same testing nodes and same ciphers. And this is only about performance optimization. We will save you from the horrors of security settings of some commonly defined "quality VPNs". These settings are another huge field which is key in the competition between different services like ours. Here we wish and we are proud to underline that, contrarily to most (if not all) so called "quality VPNs", we provide free and open source software client for a variety of systems. Kind regards

Hello! Fixed. Please see here: https://airvpn.org/topic/22214-eddie-2124-released/?do=findComment&comment=59540 Kind regards

@snapz , @trekkie.forever Issue about SSH connection with Eddie 2.12.4 and macOS confirmed. Officially, the fix will be in 2.13. But as an exception, to avoid releasing a new version only for this custom and little fix, we have patched the current 2.12.4 version. Please simply re-download. Nothing has been changed in Windows or Linux builds. Kind regards

Hello! Would you like to share the details if or when you have time? We have already written patches for OpenVPN in the past and we already routinely release our patched version of OpenVPN. It will take time because any new code must be thoroughly peer reviewed to prevent any risk of "injecting" unwanted vulnerabilities, but it's a potential way to go. We are also aware that "patching" something to conform to the bad behavior of something else is highly questionable. Kind regards

Yes, sorry about the typo, the correct link is the one you mentioned. Kind regards