Staff

It's incorrect and you're right. We prevented displaying the IP address on the web site client area some time ago. Kind regards

Hello! This is currently not possible but it is planned. It will take time though, it's not for the very near future. Some privileges modulation and drop could be implemented in Eddie 3, the next major branch. However, this change has not yet been approved for Eddie 3, we can't guarantee it will not be postponed. Kind regards

Version 2.12.2 (Thu, 02 Mar 2017 11:52:35 +0000) [change] Proxy with Tor - Continue in any case if Guard IP can't be determined.[bugfix] Windows - Error "The given key was not present in the dictionary." when installing OpenVPN driver[bugfix] Windows - WFP issue under Vista (netsh wfp unavailable)[bugfix] Windows - WFP better rule about IPv6 block[bugfix] Proxy none auth conflict@puff-m-d - Your issue is fixed in the new version.@5YmkoLQZ - Still under investigation@blaHbluBB, @Keksjdjdke, @techocity - Please retry with the new version. Otherwise, please report your OS and if you normally use a proxy or not, thanks.

We have opened a subforum for all people using Eddie with other providers, including AirVPN competitors. If anyone is interested in experimenting this 'alpha' feature of Eddie, please read the pinned topic, and report here any feedback/issue. Thanks.

This is correct, expected and appropriate. This looks like either a problem in your system or in your line (for example, if the disconnection is caused by a real, momentary uplink outage) - but if you find a reliable way to reproduce the issue please feel free to publish it. We do not think that 150-200 systems out of 25-35000 (the amount of machines where Eddie runs almost every day) can justify your words. Quite the contrary. Even if we sum up all the tickets pertaining to problems with Eddie of all of our customers we have a rate of complaints lower than 0.3% in any fixed time frame, maybe 0.6% in specific periods of the year. It all depends on points of view but for a technical service like ours a range between 99.4% to 99.7% of "no complaining with Eddie at all" customers is a percentage that's simply outstanding, even fantastic. And then, of those 0.3-0.6%, in an overwhelming majority of cases the problem is in the system of the customer, not in Eddie. If you find any bug remember to include log, system report and a reliable way to reproduce the bug. Otherwise your words are useless and your time is wasted. Kind regards

Hello! UPDATE 16-03-17: EDDIE 2.12.4 HAS BEEN PROMOTED TO "STABLE VERSION" We're very glad to inform you that a new Eddie Air client version has been released: 2.12beta. It is ready for public beta testing and we consider it a Release Candidate of the 2.12 stable version. Anyway, remember that it's still a beta version, so if you don't feel adventurous you might like to stay with 2.11.15 (latest stable release). To download Eddie 2.12beta please select "Other versions" > "Experimental" from the download page. Latest release: 2.12.4 (Sun, 12 Mar 2017 19:39:02 +0000) This version features several bug fixes and a completely new way to handle http and https requests, now exclusively managed by curl. Please see the changelog: https://eddie.website/changelog/?software=client&format=html Do not hesitate to write in this thread if you decide to test Eddie 2.12beta and you find some glitch or bug. Kind regards & datalove Air Staff

In the near future there will be NO shift from HMAC SHA1 to HMAC SHA512. There is no reason for it. The change has been on some servers from SHA1 to SHA512 for VPN keys. All the other servers will be upgraded in a few weeks. Again, this has nothing to do with OpenVPN Data and Control channels authentication cipher, which is HMAC SHA, not SHA. Kind regards

Hello, the following paper is extremely important, because provides mathematical proof that HMAC is a PRF under the sole assumption that the compression function is a PRF. As long as the assumption holds true, as it is until now, after 10 years the paper was written, there is really no reasonable argumentation to grade "security" of HMAC SHA2 over HMAC SHA1. Or even HMAC MD5! https://cseweb.ucsd.edu/~mihir/papers/hmac-new.pdf Kind regards

Totally wrong. You can't access another user account. You can use the connection slots of that account (which, from a key, you obviously don't know anything of). And what's the point to perform a huge job, spend up to 800'000 USD, when you can have three connection slots for 54 EUR per year? When a collision successful attack will cost less than 54 EUR, then it will become more attractive than a regular subscription. For that time, though, all of our servers (and not only some) and clients will have already keys and certificates signed with SHA512. Actually, the upgrade will be completed in a matter of a few weeks, even if currently it is technically useless. About OpenVPN Data and Control channels authentication ciphers, it is HMAC SHA1, which is not SHA1. See zhang answer and link for more details.

Hello, new WFP based Network Lock does not "break port forwarding". It just sets WFP rules without touching the Windows Firewall. If you set Network Lock to work with Windows Firewall, Windows Firewall rules will be modified. Therefore, if you have Windows Firewall rules blocking incoming packets to the torrent client, Network Lock based on WFP will not modify them, obviously. Kind regards

AirVPN uses SHA1 to hash clients VPN keys and servers keys. Nothing else. Authentication digests for OpenVPN Data and Control Channel are HMAC SHA1 (or HMAC SHA384) where the mentioned problem is obviously irrelevant, not applicable. Some servers keys already use SHA512. A complete migration is due in some week. User will soon be able to regenerate directly a brand new set of features on devices management, currently under testing. It would cost around $500,000-$800,000 to replicate the computational effort Google did to find one SHA1 collision. Even if anyone wants to try it, the worst damage he/she can do is using the VPN access subscription of the targeted user. A regular subscription is astronomically cheaper. It would not even affect the ability to decrypt targeted user data or log in website. Not realistic. Kind regards

Very useful. Even for someone coming from Kepler 452b. Kind regards

The Investigatory Powers Bill scope is not applicable to our company, and it can be challenged after it has been found by the Europen Union Court of Justice incompatible with human rights and EU legal framework (EUCJ decision of December 21, 2016). After the defeat at the EUCJ, various parts of the Act pertaining to data retention are not operative and the technical implementation has been frozen. UK government announced "an appeal" against the decision. The Act provides three main lines of investigation: interception, interference and retention. The first two methods may cover datacenters in the UK, but they do not pose new challenges. The same can happen, and has happened, legally or illegally, virtually in any country in the world (see our article from 2011 about partition of trust). About retention, our policy does not change and any interferences with that will cause us to discontinue any server in the UK, just like we already did in France.. Kind regards

BBC iPlayer works perfectly from Swiss servers, at the moment of this writing. Kind regards

You can't be sure 100%, we're sorry. This problem will be fixed very soon by ipleak maintainer. Kind regards

This is obviously necessary for the pure login phase: how are you supposed to download the certificate and key that are mandatory for the connection inside the VPN? You need them before you connect. Anyway Eddie, during the login, sends out and receives data to/from port 80, implementing encryption in what externally appears as a normal http (and not https) connection. After that, everything (including OpenVPN TLS pre-auth) goes over Tor according to your configuration. A Tor connection raises the suspicion and attention toward your account by your ISP (in a country controlled by a human rights hostile regime) much more than an innocent http connection, so your whole point does not stand. On top of all the above, Eddie will re-use any data already available on the mass storage device when at least one login and authorization have been successful in the past. So just don't log your account out, and you will not need to re-log it in the service again at the next session (unless you require a certificate and key re-issuing, obviously). Kind regards

Hello! That's very puzzling, or maybe is it peculiar to *BSD? We notice the opposite, we have significant performance increase with AES-NI (in optimized GNU/Linux systems, though). Actually we can reach performance above 700 Mbit/s ONLY with AES-NI CPUs, that's why we upgraded in the last years all the servers to servers with AES-NI supporting CPUs. Kind regards

Hello! Installation of a driver should not be a paramount issue, but in order to enable the community to provide you with effective help you should specify your exact Windows version, provide full log and error messages, to begin with. Also consider to open a ticket to receive support from the tech personnel. Kind regards P.S. Also please note that in the package of our free and open source software we include the standard driver from OpenVPN, so it's not a customized driver, it's just the usual driver for the tun/tap interface used on millions of Windows machines every day.

Hello! The limit is given by the "weakest" element between network card, uplink port, line, router,,, In our case our servers, even if connected to a 10 Gbit/s port, have anyway a 1 Gbit/s network card, or have a maximum bandwidth allocation of 1 Gbit/s by contract. Or they are connected to a 1 Gbit/s port. Therefore reporting more than 1 Gbit/s would not be fair and correct toward our customers, because in reality they could never beat 1 Gbit/s. Kind regards

Hello! It's a side effect of our increasing support to IPv6. Now ipleak.net authoritative DNS will reply to IPv6 queries. ipleak.net maintainer is going to update the IPv6 database as soon as possible to show which IPv6 addresses are assigned to our servers. Kind regards

UK government has been recently defeated on the EUCJ (decisions on joined Cases C-203/15 and C-698/15, Dec-21-16 ) on a key part of this law which is not operating at the moment for what it pertains to mandatory and indiscriminate data retention. No data center and no ISP is forced to inspect and log traffic indiscriminately at the moment. UK government announced an appeal against the decision. Note that when UK will get out of the EU, and therefore will be no more bound to respect human rights as enshrined in the EU charters, any law like the mentioned one (if enforced) will frame the UK in those countries that we consider "controlled by a regime hostile to human rights" and we will act accordingly. Kind regards

Hello! We're very glad to inform you that three new 1 Gbit/s servers located in the United States are available: Aquarius (Chicago, IL), Draco and Tonatiuh (Dallas, TX). EDIT: Tonatiuh has been withdrawn on 31-Mar-2017. Reason: inability of the datacenter to meet the agreed quality of service. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, these new servers support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. With Aquarius we have completed the replacement of all the servers in that location which, except for Alkaid and Pavonis, will be withdrawn in the near future. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello, that's a message that's displayed by the web server when an account without a key (i.e. without any current or past subscription) tries to access the Configuration Generator (the CG of course can't generate anything proper when clients certificate and key are not available). This message is cryptic now because it refers to some new feature not yet implemented and lacks proper grammar because it was not meant to come out now. "Device" page is not available, it will be in the future. We apologize for any inconvenience. Kind regards

Hello! We're sorry, we are withdrawing the server. It is unavoidable because the datacenter can't sustain flood attacks, not even moderate ones. We're sorry about this but we could not know it in advance, because the provider assured us that they know very well VPN business and activities. Since moderate flood attacks are very common in "not so small" VPN service, we were convinced that a few Gbit/s for a few minutes could not bring down an entire portion of the dc (and this also tells us that they might have been not completely honest about their bandwidth capacity...). Kind regards AirVPN Staff

The matter was related to the datacenter in the first inquiry, this is a shift of argument, ok. Can you please cite any piece of the law that would enforce any type of logging to a foreign company NOT providing telecommunication direct connectivity services and/or content delivery services, that can't access the servers, lines and machinery and that can't guarantee any data integrity and reliability due to unmonitored (by the foreign company) access to machinery, lines and external routers? If you can find this piece, then we will need a new legal advisor for Australia, so please feel free to answer as soon as possible. Kind regards