Staff

BBC iPlayer works perfectly from Swiss servers, at the moment of this writing. Kind regards

You can't be sure 100%, we're sorry. This problem will be fixed very soon by ipleak maintainer. Kind regards

This is obviously necessary for the pure login phase: how are you supposed to download the certificate and key that are mandatory for the connection inside the VPN? You need them before you connect. Anyway Eddie, during the login, sends out and receives data to/from port 80, implementing encryption in what externally appears as a normal http (and not https) connection. After that, everything (including OpenVPN TLS pre-auth) goes over Tor according to your configuration. A Tor connection raises the suspicion and attention toward your account by your ISP (in a country controlled by a human rights hostile regime) much more than an innocent http connection, so your whole point does not stand. On top of all the above, Eddie will re-use any data already available on the mass storage device when at least one login and authorization have been successful in the past. So just don't log your account out, and you will not need to re-log it in the service again at the next session (unless you require a certificate and key re-issuing, obviously). Kind regards

Hello! That's very puzzling, or maybe is it peculiar to *BSD? We notice the opposite, we have significant performance increase with AES-NI (in optimized GNU/Linux systems, though). Actually we can reach performance above 700 Mbit/s ONLY with AES-NI CPUs, that's why we upgraded in the last years all the servers to servers with AES-NI supporting CPUs. Kind regards

Hello! Installation of a driver should not be a paramount issue, but in order to enable the community to provide you with effective help you should specify your exact Windows version, provide full log and error messages, to begin with. Also consider to open a ticket to receive support from the tech personnel. Kind regards P.S. Also please note that in the package of our free and open source software we include the standard driver from OpenVPN, so it's not a customized driver, it's just the usual driver for the tun/tap interface used on millions of Windows machines every day.

Hello! The limit is given by the "weakest" element between network card, uplink port, line, router,,, In our case our servers, even if connected to a 10 Gbit/s port, have anyway a 1 Gbit/s network card, or have a maximum bandwidth allocation of 1 Gbit/s by contract. Or they are connected to a 1 Gbit/s port. Therefore reporting more than 1 Gbit/s would not be fair and correct toward our customers, because in reality they could never beat 1 Gbit/s. Kind regards

Hello! It's a side effect of our increasing support to IPv6. Now ipleak.net authoritative DNS will reply to IPv6 queries. ipleak.net maintainer is going to update the IPv6 database as soon as possible to show which IPv6 addresses are assigned to our servers. Kind regards

UK government has been recently defeated on the EUCJ (decisions on joined Cases C-203/15 and C-698/15, Dec-21-16 ) on a key part of this law which is not operating at the moment for what it pertains to mandatory and indiscriminate data retention. No data center and no ISP is forced to inspect and log traffic indiscriminately at the moment. UK government announced an appeal against the decision. Note that when UK will get out of the EU, and therefore will be no more bound to respect human rights as enshrined in the EU charters, any law like the mentioned one (if enforced) will frame the UK in those countries that we consider "controlled by a regime hostile to human rights" and we will act accordingly. Kind regards

Hello! We're very glad to inform you that three new 1 Gbit/s servers located in the United States are available: Aquarius (Chicago, IL), Draco and Tonatiuh (Dallas, TX). EDIT: Tonatiuh has been withdrawn on 31-Mar-2017. Reason: inability of the datacenter to meet the agreed quality of service. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, these new servers support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. With Aquarius we have completed the replacement of all the servers in that location which, except for Alkaid and Pavonis, will be withdrawn in the near future. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello, that's a message that's displayed by the web server when an account without a key (i.e. without any current or past subscription) tries to access the Configuration Generator (the CG of course can't generate anything proper when clients certificate and key are not available). This message is cryptic now because it refers to some new feature not yet implemented and lacks proper grammar because it was not meant to come out now. "Device" page is not available, it will be in the future. We apologize for any inconvenience. Kind regards

Hello! We're sorry, we are withdrawing the server. It is unavoidable because the datacenter can't sustain flood attacks, not even moderate ones. We're sorry about this but we could not know it in advance, because the provider assured us that they know very well VPN business and activities. Since moderate flood attacks are very common in "not so small" VPN service, we were convinced that a few Gbit/s for a few minutes could not bring down an entire portion of the dc (and this also tells us that they might have been not completely honest about their bandwidth capacity...). Kind regards AirVPN Staff

The matter was related to the datacenter in the first inquiry, this is a shift of argument, ok. Can you please cite any piece of the law that would enforce any type of logging to a foreign company NOT providing telecommunication direct connectivity services and/or content delivery services, that can't access the servers, lines and machinery and that can't guarantee any data integrity and reliability due to unmonitored (by the foreign company) access to machinery, lines and external routers? If you can find this piece, then we will need a new legal advisor for Australia, so please feel free to answer as soon as possible. Kind regards

Hello! That was fixed, thank you for the head-up. Kind regards

How does this work with metadata retention in AU? Is your carrier not required to log every inbound and outbound packet?There is concern that correlation over a large number of such logs could unmask users. We based our decision on the Australia Attorney General's Department answers to FAQ about Data Retention in Australia. In particular, please see the answers to the frequently asked questions 1.4, 1.5 and 1.7. Relevant answers: Depending on the type of service offered, service providers may not be required to retain all of the six categories. [...] For example, if a service provider offers a wholesale service only, it is only required to retain the categories of data in the data set that are relevant to the provision of that wholesale service. [...] The data retention obligations do not require internet access service providers to keep data pertaining to the destination of a communication for internet access services. Kind regards

UPDATE: SERVER WITHDRAWN https://airvpn.org/topic/21685-new-1-gbits-server-available-au/?do=findComment&comment=57099 Hello! We're very glad to inform you that a new 1 Gbit/s server located in Australia is available: Crux. The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, Crux supports OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! With almost 200 servers, issues to at least one datacenter can occur multiple times during a year. It is really not necessary to overwhelm a forum or a Twitter account for each of these issues (except when the problem is a major problem, of course) because we have public real time servers monitor that serves the purpose better than anything else. Have a look at it, someone told us that it's spectacular. Click "Status" from our web site upper menu. You can even click each single server for detailed stats and history, with nice graphs, of that server. Kind regards

It would be quite a different option. The difference would be that network would NOT be "locked" before and during connection, but yes, such an option appears theoretically possible, because the Tor circuit would remain "fixed" and never changed for the same OpenVPN stream. Kind regards

Hello! Thank you very much. The problem is reproducible. Please let's continue here: https://airvpn.org/topic/21642-error-getting-response-stream-write-the-authentication-or-decryption-has-failed-sendfailure/ Kind regards

Hello! Thank you very much. The problem is reproducible. Please let's move here: https://airvpn.org/topic/21642-error-getting-response-stream-write-the-authentication-or-decryption-has-failed-sendfailure/ Kind regards

EDIT: THIS THREAD IS OUTDATED. THE ISSUE DOES NOT AFFECT ANYMORE EDDIE 2.12 AND LATER VERSIONS. This is a pending issue. It occurs only on some Linux distribution, probably related to Mono version. For example, in Debian 8.7.1 this error occurs when Eddie is installed as package, but it does not occur if you run Eddie portable edition. This issue is under investigation. Please be patient, in the meantime use the portable edition. UPDATE. Momentary workaround which fixes the issue: install the package mono-devel [sudo] apt-get install mono-devel [sudo] apt-get install libmono-system-core4.0-cil Kind regards

This does not make sense. You are left with your Tor connection, so no leak occurs. Actually not, in this case if the OpenVPN connection goes down the routing table is restored by OpenVPN and the machine will not tunnel anything but the traffic of applications configured to connect over Tor. Network Lock is not implemented (because Eddie can't know BEFORE the connection to Tor is established the Tor guards IP addresses), so currently we do not have any pre-packaged solution to the issue, we're sorry. Kind regards

@UncleHunto Thank you for the information. Can you also please specify your exact Manjaro version? Developers do have a testing Manjaro machine where this problem was solved since some version ago, during the beta testing. In the meantime, as you noted, you can safely disable DNS check. Kind regards

Hello, it is of course possible running an additional OpenVPN daemon with tls-crypt directive (each OpenVPN daemon has a different configuration) and listening to some new port. The main issues we need to consider are how to make Configuration Generator and Eddie to make users not running OpenVPN 2.4 to NOT choose such options in a swift, friendly and clearly understandable way, and some other deployment problems. Nothing impossible or too difficult, but we need a careful plan, because anything wrong can lead to some serious troubles, considering that at any given time we have 13000 users connected, that Configuration Generator is used every hour by a remarkable amount of users, that a new Eddie is needed, and some other problems. Each and any of these problems must be analyzed. Anyway we confirm that we're interested in tls-crypt because we agree to repute that actually it can bypass some disruption techniques against OpenVPN. Kind regards

Hello! Please makes sure, both on the system and router, that no packet filtering tool blocks ICMP. Also, please upgrade to Eddie 2.11.15. Kind regards

Hello! Can you please send us the output of the command: sudo iptables-save issued just after the problem has occurred? Kind regards