Staff

In the EU, Sweden is a country with a good/excellent infrastructure. We operate servers in two datacenters in Sweden, one in Uppsala and one in Stockholm. They have completely different transit upstream and provider. Do you have no "luck" with both of them? On the other hand, if you have better connectivity even to Asia than Sweden, and you are in the EU, then you probably had better forget completely Swedish servers! Kind regards

Hello! In Android, "OpenVPN for Android" and "openvpn-connect", as well as Eddie Android edition, are configured by default to accept the DNS push from the server, so the device will use VPN DNS. However it remains to be seen whether the Netflix application will bypass maliciously the system settings to send queries directly to a specific DNS and prevent the usage. We will investigate. Kind regards

List of Generation 2 servers as of 28th of July, 2018. Total servers: 133 Acamar Achernar Achird Adhara Ain Alamak Alathfar Alchiba Alcyone Alderamin Algieba Alhena Alkaid Alkurhah Almach Alphecca Alshat Aludra Alwaid Alzirr Angetenar Aquila Ara Arkab Asterion Asterope Atria Auriga Baiten Betelgeuse Bootes Caelum Camelopardalis Capricornus Carinae Castor Cebalrai Centaurus Cephei Cervantes Chalawan Chamaeleon Chara Chow Circinus Columba Copernicus Corvus Cursa Cynosura Dabih Delphinus Diadema Diphda Edasich Enif Equuleus Eridanus Errai Fafnir Fornax Gacrux Gianfar Gienah Gomeisa Grumium Hamal Hatysa Helvetios Hercules Heze Horologium Hydra Hydrus Indus Intercrus Jabbah Kajam Kitel Kocab Lepus Libra Lupus Markab Mebsuta Mekbuda Menkab Merope Mesarthim Metallah Minkar Mirach Monoceros Musca Musica Naos Nash Nashira Nunki Ogma Orion Persei Phact Phoenix Pictor Pleione Pollux Porrima Pyxis Rana Regulus Rotanev Sabik Sadalbari Salm Sculptor Serpens Sharatan Sheliak Situla Skat Spica Subra Taurus Triangulum Tucana Turais Ursa Veritate Virgo Volans Zaniah Zuben Kind regards

Hello! You're right, Alkes is still Gen 1. It was wrongly included in a wrong Gen 2 list in this thread. Kind regards

Hello! If you have peering or routing problems with the servers with the best rating reflected by europe.vpn.airdns.org just do it. We do offer FQDNs which include all the entry-IP addresses of a certain continent or country, for example europe.airvpn.org for Europe. Or you can even select specific countries, or specific servers. If you run Eddie the task is even easier since you can define a servers white list, for example. It is obvious that we can't satisfy with our rating system the "best peering" with every single residential ISP in the world, so it's equally obvious that we have prepared alternative solutions. They are in place since 2011 and they are very well documented in the FAQ and in the guides, so you have now no excuses, stop ranting and start fixing! Kind regards

UPDATE 04-DEC-2019: Netflix USA is currently NOT accessible, we are investigating. Hello! After a remarkable amount of inquiries we have been receiving in the last couple of months, we are glad to inform you that currently we managed to restore access to Netflix USA. Remember that you need to use VPN DNS in order to be able to access that service from our servers. Access to Netflix USA is now possible from all of our servers. Please see here for more details: https://airvpn.org/topic/9223-netflix Please feel free to test. Your feedback is appreciated. Kind regards AirVPN Staff

Hello! Correct, OpenVPN 2.3.14 does support TLS 1.2. TLS 1.2 support started in OpeVPN 2.3.3: https://community.openvpn.net/openvpn/wiki/Hardening (search for As of OpenVPN 2.3.3, OpenVPN supports TLS version negotiation. Earlier versions only supported TLS 1.0 ) We're very sorry, in the previous message we considered OpenVPN 2.3.1, and not 2.3.14. About the security patches: of course nothing prevents to fork OpenVPN and recompile some old version with backports or own code to change anything you want. As a general rule we try to not modify the OpenVPN source code except when we are definitely forced to do so (for example, in the past, to fix a critical bug which prevented usage of IPv6 in some 2.3.x version, or even when we patched, many years ago, a bug related to connections of OpenVPN to a proxy: anyway patches which were submitted for acceptance or rejection). The reason because forking is a delicate matter with some software is that the main branch is always audited by a wide community, extensive usage etc., while with a fork you always take a risk to insert some vulnerability, so an audit of any fork (in our sector, where security is a top priority) should be mandatory before putting it into production. Kind regards

Hello! We're very glad to meet your requests whenever possible. Kind regards

Hello! Thank you! Yes, that's what we meant when we wrote about "best effort against traffic leaks". It's a "best effort" because in a device where no root access is possible we can't (and nobody can) ensure a 100% safe leak prevention. At the same time we aim to reach the same, or higher, level of leak prevention provided by applications like "OpenVPN for Android" and "openvpn-connect". With Eddie 1.0 RC2 we think we are already on a better level than OpenVPN for Android under this respect, but please keep hammering Eddie and stress with no mercy every feature, including this one. Currently no command can be executed when you tap that icon, in spite of the displayed prompt. We will fix this situation either by implementing functions or removing the icon. We apologize for any inconvenience. Thank you for the report, we will be investigating this issue, If you have any additional detail on how to cause/reproduce the reported crash do not hesitate to keep us posted. Kind regards

Hello! That's a really ingenious solution! On top of that, you can now access Netflix USA from all Air VPN servers except UK servers, provided that you use VPN DNS. Can you please test? Kind regards

Hello, to access Netflix USA you can use AirVPN as well, from all servers except UK servers, from now on. Feel free to test and report back. As usual it is mandatory that you use VPN DNS to access Netflix USA. UK servers traffic is not re-routed to Netflix USA because access to Netflix UK from most of our UK servers remained possible up to now. Kind regards

Hello! It's unclear what sources for what info (because the OP posted a lot of stuff to be pondered) but the fact that Tesonet operates NordVPN can be easily verified. Start from here then go to the official register sources: https://news.ycombinator.com/item?id=17258203 Tesonet operates NordVPN and has strict business relations with ProtonVPN; Tesonet also signs the ProtonVPN Android application certificate. Tesonet core business includes data mining according to their web site. Kind regards

Hello! Eddie for Android is distributed with ARM7 and ARM8 libraries. We have never planned to publicly distribute x86 libraries but we use them for the emulator, of course. Currently there is no plan to include x86 support, we are not convinced that the remarkable increase in size of the apk would justify this support, we're sorry. You can anyway compile Eddie Android edition for x86 of course. Kind regards Hello! We're glad to inform you that x86 libraries have been included starting from Eddie 1.0 RC2. The increase in size is justified by the support provided to cases like yours. You don't need to compile Eddie anymore if you don't wish so. Kind regards

Hello! Your Eddie version (2.8.8) was released in 2015 so it's time to upgrade. It's possible that latest Eddie version resolves the problem, but if not please feel free to open a ticket. Latest Eddie stable release for Windows can be downloaded here: https://airvpn.org/windows Kind regards

Hello! As we said the method you describe is not effective. Separation of identity is. Unfortunately there is no way, not only for us but for any service, to protect a user against his/her own bad behavior. However inducing customers to use false "solutions" is unfair. Which is identity separation. We already offer five connection slots from the same account, so you can introduce yourself with as many different IP addresses as you wish and you will have your solution, provided that identity separation is enforced. In the other case you mentioned, specifically with the browsers extensions you mentioned, you may compromise yourself in any case, even with identity separation, as explained. We can't protect you against yourself and your bad habits, but we can try to raise your awareness about the risks you are not aware of. Kind regards

Hello! If you run network-manager-openvpn please consider to switch to Eddie (the free and open source Air software client) or to direct OpenVPN usage. We don't feel to recommend network-manager-openvpn because in the past it caused too many problems. You would need a script to modify your resolv.conf if network-manager-openvpn can't do that by accepting the DNS push, but a faster and easier solution might be just running Eddie, for example. What is your GNU/Linux distribution name and version? Kind regards

Hello! Since DNS leaks do not exist in GNU/Linux (or in other systems, except Windows) it's first necessary to understand what you mean with your message. The servers DNS push is not considered in OpenVPN for GNU/Linux so, if you don't take care of it, your nameservers will remain set with no modifications. Check /etc/resolv.conf file. If they are remote servers (not in your LAN) the DNS queries will be tunneled anyway. Local traffic will keep going on as usual, so if your GNU/Linux box queries your router and then your router forwards the query to some external DNS server, you have a DNS query (from the router) not in the tunnel, but that's has nothing to do with DNS leaks. If that's the issue you report, you can consider to accept DNS push. Some ideas can come from our guide https://airvpn.org/topic/9608-how-to-accept-dns-push-on-linux-systems-with-resolvconf/, otherwise you can consider to run Eddie, the AirVPN free and open source software client, which will take care of DNS push in GNU/Linux. Kind regards

Thank you! You might like to upgrade to RC2 now. Keep us posted! Kind regards

Hello! We're very glad to inform you that two new 1 Gbit/s servers located in Sweden are available: Copernicus e Lupus. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). Just like every other "second generation" Air server, they support OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Please note that these new servers will replace five servers in Atlanta, and precisely Antlia, Octans, Pavo, Sagittarius and Scorpius which will be withdrawn soon because the company operating in the datacenter they are located is ceasing operations, unfortunately. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! The first three things that come to mind are that you can't use tls-crypt with OpenVPN 2.3.x and we also detected some severe IPv6 bugs in those versions. Last but not least at all, you can't use TLS 1.2 with 2.3.14 (which supports only SSL 3 and TLS 1.0). TLS 1.2 is supported in OpenVPN 2.3.3 or higher versions. If the problem is only client side, you can easily upgrade, but if the problem is in their servers, and they do not offer any server with the above features (such as our 90 "Gen 2" servers), it might be a bad symptom of insufficient care toward security. Kind regards

Hello! We're very glad to inform you that Eddie Android Edition 1.0 RC2 (VC 5) has just been released. The main changes from RC1 are various bug fixes (including an important problem occurring under Android 8.x) and a more robust detection and handling of network and OpenVPN statuses with the purpose to reach the best effort against traffic leaks outside the VPN, of course within the bounds enforced by limited privileges in the system. Eddie 1.0 RC2 is also packaged with x86 support, we had a request for x86 support some time ago and we're glad to satisfy it. You can find additional information in the changelog which is attached to this message. As usual Eddie is free and open source software released under GPLv3. Check the first post in this thread for source code URL and some more details. You can participate to the tests by joining the testing community in the Google Play Store here https://play.google.com/apps/testing/org.airvpn.eddie Alternatively, if you don't want to access (or you have no access to) the Google Play Store, the apk can be downloaded from our Eddie web site here: https://eddie.website/repository/eddie/android/1.0rc2/org.airvpn.eddie.apk Please keep testing and stress Eddie as much as you can! Any single report is important. With RC2 we feel we are remarkably nearer to a 1.0 stable release, but only extensive tests outside our internal team will prove us right or wrong. Thanks so much to all the past and future testers! Kind regards ChangeLog.txt

Hello! We're sorry, only when we have a signed contract... telling anything during the negotiations, even if not in early stages, would be unfair for all parties, including you. Kind regards

FINAL UPDATE 19 SEP 2018 Migration has been completed and tests have been successful. All the mentioned servers are now available and connectivity is very good from major USA residential ISPs. IPv4 addresses remain the same, while IPv6 addresses have been changed. The servers operate in a new Dallas datacenter. EDIT 18 Sep 2018: migration has been completed to a new Dallas datacenter and servers have passed the tests. All the 10 servers will be again available soon. Hello! We regret to inform you that we will soon start a migration and potential relocation of the following servers currently located in Dallas: Chamaeleon Equuleus Helvetios Leo Mensa Pegasus Ran Scutum Volans Vulpecula The reason is that Cogent (our transit provider in Dallas) will not renew the contract on the current 10 Gbit/s line. Unfortunately they let us know very late, just a few days before the natural expiration and normal renewal of the contract itself. It's not a price problem, they do not want to renew with us and/or with our counselor in the USA. The mentioned servers are our property but disconnecting, packaging, moving (or shipping), reconnecting and reconfiguring may take a long time (probably a month or more). Therefore, we have decided to set up a small battery of new servers, five in Phoenix and five in Dallas itself, that will run during all the time which will be necessary to complete the migration. Such servers are being connected and set up in different datacenters as we write and after a brief 24/48 hours testing period we will make them available. All the new, mentioned servers have 1 Gbit/s ports. We deeply apologize for the inconvenience and at the same time we are confident that you can understand that this sudden and unexpected issue was and is totally out of our control. Kind regards and datalove AirVPN Staff

Hello! Currently you can use tls-crypt on entry-IP addresses 3 and 4 of about 90 servers. Support on the whole infrastructure will be completed in the near future. Please see also https://airvpn.org/topic/28153-ipv6-support-and-new-smart-features/page-3?do=findComment&comment=75733 Kind regards

Yes, DSL is too old, it was a bad example. Anyway you already found an alternative that's good. The fingerprint is mainly (or even exclusively) determined by the browser, in your examples. So using TBB is an excellent solution, as well as a fine tuning of the browser. About fingerprints of the kind you mention, a thread developed in our forum and was carried on by the community: Various solutions, but the Tor Browser still remains probably the most secure (and easiest). https://airvpn.org/topic/20156-avoid-browser-fingerprint/ If a human right is potentially at stake, no general "overkill" / limitation rule can be claimed, the matter remains up to each person considerations. Kind regards