Staff

Hello!

If we understand the problem correctly, it's because WireGuard tries to tunnel the whole IP address space, including the private subnets, in your current configuration (see line "AllowedIPs"). The following message explains the matter more thoroughly and shows how to solve it:
https://airvpn.org/forums/topic/55801-wireguard-access-local-network/?do=findComment&comment=217458

Kind regards
 

Hello!

Please move here:
https://airvpn.org/forums/topic/56980-japan-and-singapore-servers-mostly-blocked-by-reddit/?do=findComment&comment=227674

Kind regards
 

Hello!

We apologize for the badly written sentence full of typos and errors which make it totally cryptic.

We try a better explanation: if someone is already a customer and visits the web site through your referral link during the same month (*) he/she made a payment, you will not be counted as the legitimate referral and you will not be credited as such. The logic behind this is that the customer delivered a payment BEFORE he/she knew or used your referral link. This is a particular case of the more general scenario example written here:
 

Quote

Scenario examples:
If a user follows your referral link, and it's the first time in a month that he/she browses airvpn.org website, any account that this user will create is associated to the referral.

 

Kind regards
 
(*) Intended as the last 30 calendar days period, not the last Gregorian month from 1st to last day.

1 minute ago, firefox1970 said:

Thank you. There is nothing wirten that all Referral from last Month will not count ??
 

Hello!

Sorry, we do not understand the question. Can you please re-formulate? Or, even better, please open a ticket to the sales department (click "Contact us" on the web site, or write directly to marketing@airvpn.org) with all of your questions, even because they can offer additional fees for mid-term commitments.

Kind regards
 

Hello!

You can find the answer to your FAQ in the FAQ section ("Home" > "FAQ"), direct link: https://airvpn.org/faq/referrals/

Kind regards
 

6 hours ago, JebediahWolfe said:

How would I open a ticket?

Hello!

Please click "Contact us" button while your account is logged in to the web site, or write to support@airvpn.org (specify your username in this latter case).

Kind regards
 

@p9974839

Google Search should never be used, but if you really want it, why not just use https://startpage.com ?

Kind regards
 

Hello!

Please set a small MTU size as a first test. Try for example 1320 bytes. To do so add the following line in the WireGuard configuration [Interface] section:
MTU = 1320
 

Quote

When I speed test I get pretty good results: 450/350mbps.

Also make sure that uTP is disabled in the torrent program settings, as it will shape traffic, and check your torrent program settings against the following guide:
https://airvpn.org/faq/p2p/

Connection and torrent program must both be re-started in order to apply the changes.

If the problem persists please try a direct connection from another device, just to rule out that the bottleneck is in the pfSense box and to make a comparison. Do you see packet errors in the OpenVPN log, when connected over UDP? Last but not least, please remember to open a ticket (if you haven't already done so) for AirVPN support (here you will get community support, so you might like to get both professional and community support).

Kind regards
 

@mazenahmed

Hello!

We see two problems. Please find first problem explanation and quick solution here:
https://airvpn.org/forums/topic/56657-cant-connect-to-anything/?do=findComment&comment=225418

The 2nd problem might be a direct consequence of the first, let's see whether it gets resolved simply by fixing the DCO issue. If the 2nd problem persists please send again a system report (created with the new settings).

Kind regards

 

@Miracles

Hello!

Watch out, the mentioned data are not stored in the VPN system, but they are stored in PayPal servers and can be accessed by the account holders while entering the account. In this way it's still possible to verify through the transaction ID and deliver a refund, for example. Account holders can not delete such data and PayPal must preserve them for several years according to the legal frameworks concerning banks, payment processors, financial entities in general, anti money-laundering rules, of the countries PayPal operates in.

With that said, we confirm that it's impossible, even for the data processor, to correlate any account with any VPN usage, not even with which server the account has been used for connections and we also confirm the validity of the ToS and the Privacy Notice.

Kind regards
 

Hello!

We inform you that due to datacenter needs, Aquila VPN server (Fremont, California) has been assigned new IP addresses. If you use Aquila-specific configuration files please re-generate them. If you run Eddie (any edition), no specific action is required, Eddie will update data automatically.

Kind regards
AirVPN Staff
 

Hello!

This forum is specifically dedicated to reviews of AirVPN, please browse the various threads.

Kind regards
 

Hello!

We don't deem those tests reliable at all. Why are they performed against servers in Malaysia (Kuala Lumpur and Puchong)? That's a questionable choice for our servers in New Zealand, Japan and Singapore. Try with comparison servers and VPN servers in the same country. The only correct choice was Sydney when you were not connected to the VPN.

Trying OpenVPN makes sense in case WireGuard and/or UDP are shaped. In this latter case please make sure to test OpenVPN over TCP.

Kind regards
 

@ScanFarer

Hello!

Your analysis is correct. The maximum amount of bandwidth this month which Haedus could give was 7 Gbit/s:


One of the main reasons is that the load on the CPU increases more than linearly as the number of OpenVPN connected clients increases. Other reasons include routing, since the maximum throughput one can get is the maximum throughput that the slowest hop in the route can provide.

While more and more users switch to WireGuard, the servers will be able to deliver more bandwidth, because WireGuard scales excellently. Consider that each OpenVPN process runs in a single thread of a single core (when OpenVPN's DCO is stable things will change), forcing us to run multiple processes, while we only need to run one WireGuard process which distributes load evenly on all cores. Furthermore, WireGuard doesn't copy data from kernel to userspace and vice-versa, while OpenVPN does (again, OpenVPN's DCO running in the kernel space will do the same). Actually, Haedus can provide almost 4 Gbit/s (8 Gbit/s on the server, in practice) when the connection is performed by a single client. Increasing MTU size might also improve performance further, only provided that there's room in the frames.

From Android devices, almost everyone runs WireGuard, because Eddie Android edition is set to WireGuard by default. From desktop devices, Eddie's default is OpenVPN at the moment, so many users start with that default setting and stick to it. What to offer by default is a matter of analysis on desktop systems: WireGuard poses privacy issues and can be easily blocked, while OpenVPN is definitely and sometimes significantly slower even on most AES-NI supporting devices but offers dynamic address assignment and the invaluable abilities to connect over stunnel, SSH, SOCKS proxies, Tor (working in TCP).

Kind regards
 

Hello!

12 hours ago, Koalaman said:

Thank you for your support! 

I am now getting around constant 100mbit down via ethernet to my Pi connected to Asian servers, however not more - Is this to be expected?

Secondly, no matter what I do, my upload is atrocious, used to be better when using AirVPN Suite, but not crazy better, UP always around 2mbit.
 

Hello!

Both conditions are not expected. Now that the previous problem is resolved at least in download (yes, the upload seems even worse now, puzzling!), try to enlarge at small steps the MTU size. Start with 1340 bytes. If the performance improves, keep going up at small steps of 20 bytes maximum (1360, 1380...). As soon as performance decreases, go back to the previous step for optimum performance.

Another factor to consider is packet errors caused by the physical layer, if the device is connected via WiFi. Unfortunately WireGuard's puny log does not help in this case, so try anyway to change channel and get a stronger WiFi signal (ignore if the Pi is already connected via Ethernet):
https://www.metageek.com/training/resources/why-channels-1-6-11/

How is the upload band measured?

Kind regards
 

12 hours ago, xyz said:

Hi,
there is a new, independent, open-source Android app store being developed:
https://accrescent.app/
https://github.com/accrescent/accrescent

It doesn't require the users to create accounts, allows developer build and sign and seems to have a better approach to security than F-Droid:
https://privsec.dev/posts/android/f-droid-security-issues/

Example of app already being there:
Molly (GitHub) (Signal fork)

Please consider releasing your app on Accrescent.

Hello!

Thank you for your suggestion. In the meantime you can reliably install the APK that you can download from our official repository, for maximum safety. We are the first to recommend NOT to download any APK from unknown sources of course.

Kind regards
 

Hello!

We do not detect any malfunction in remote port forwarding system, which has been thoroughly tested in the last 13 years after all, so please open a ticket at your earliest convenience. You will be asked for more information. The current description does not allow a proper assistance, unfortunately. Side note: our port test is performed only over TCP.

Kind regards
 

Hello!

This looks like a relatively new Reddit policy, not specifically aimed at VPN, but at any IP address not assigned to residential ISPs. In this case access is granted but only after you have logged in. Just tested from all Japan servers, including Taphao, and we could access. After the login all Reddit is accessible, as far as we see. To maintain a robust anonymity layer in Reddit you need an anonymous e-mail address created with the protection of AirVPN and/or Tor, of course. Follow the instructions you have published in your screenshots to login (the login page does not block access from Tor or VPN or datacenters).

Two years ago Reddit started to prevent users to post more than a comment every 10 minutes if the connection came from a datacenter IP address ("if you are accessing from an hosting provider" hints to any non-residential IP address). The behavior you report seems quite new and we confirm that it happens even from dedicated servers completely unrelated from our VPN activities. However the system is still coughing because, on the other hand, as @mazurka7 correctly wrote, some VPN servers are not subjected to this filter.

Kind regards

@benfitita

Hello!
You might check what happens with WireGuard when you have multiple addresses for a single host in the hosts file. gethostbyname or getaddrinfo will return all the addresses, same identical effect as multiple A records in DNS for a qualified domain name. So if you think that DNS resolution can be good for this use case, then you don't need DNS and FQDN, but you can just edit the hosts file. It remains to be seen which address WireGuard picks when the resolution returns an array or a linked list of addresses.

Kind regards
 

On 10/27/2023 at 9:01 AM, netterfeger187 said:

So, I once activated Network Lock to just try it out and to know what it is. I then shut down my PC as I had to go somewhere. Now when I start my PC, I don't have access to the WWW until I start AirVPN (and close it). Network Lock is deactivated but it still does this. Can someone help me?

Hello!

Network Lock is not persistent (it's a set of firewall rules which will be lost when you reboot the system) so it's possible that the problem is related to DNS settings and not to Network Lock. Keep in mind that VPN DNS are accessible only from inside the VPN, so if they are still set then your system can't resolve names.

If Eddie failed to restore DNS settings (for example if it suffered a dirty shut down) you may re-run Eddie and shut it down properly. Since Eddie keeps a safety backup of system settings, it should restore the previous DNS properly. If even the safety backup was lost (for example you uninstalled Eddie) you can easily set DNS from the system settings. We recommend Quad9 (9.9.9.9) for privacy and neutrality commitment.

If you run Windows:
https://www.windowscentral.com/how-change-your-pcs-dns-settings-windows-10

If you run macOS:
https://support.apple.com/guide/mac-help/change-dns-settings-on-mac-mh14127/mac

Kind regards

Hello!

It might be an unfortunate combination of events: Eddie 2.21.8 is unable to manage properly DNS changes when systemd-resolved runs in on-link mode or anyway any mode which bypasses resolv.conf, therefore your system DNS are not changed properly and you keep querying the usual system DNS most times. Then, one of your system DNS seems poisoned, and your school network administrators may try to act as a man in the middle to monitor your traffic (not so unusual in schools, although it is an abhorrent practice which will expose students to various tremendous attacks, and not only by the school personnel). However, if you have not installed their root certificates, the browsers can't get fooled and you will get those security errors you noticed.

You might like to upgrade to Eddie 2.23.2:
https://airvpn.org/forums/topic/56428-eddie-desktop-223-beta-released/

This new beta version added full support with proper DNS management for every systemd-resolved working mode. Then, please do not disable route check and DNS check. You must be absolutely sure that you bypass your school DNS and you must also be sure that the tunnel is established. Enable Network Lock as well (before you start a connection) from Eddie's main window.

When you start using Eddie 2.23.2 feel free to report again to re-check the whole situation.

Some more documentation about possible man in the middle attacks performed by corporate and school networks through the installation and acceptance of root certificates and monitoring proxies:
https://security.stackexchange.com/questions/104576/my-college-is-forcing-me-to-install-their-ssl-certificate-how-to-protect-my-pri

Note how a VPN will protect you against those attacks and therefore the network administrators might try to block VPN usage.

Kind regards
 

Hello!

A new server in Auckland has just been added.
https://airvpn.org/forums/topic/56975-new-1-gbits-server-available-nz/

Kind regards
 

9 minutes ago, ScanFarer said:

3 hours ago, Staff said:

 

Agree with what was said here. I do, however, get 1Gbps full-duplex through my ISP on a residential line; it's about 1.25Gbps up and down. There have been points where I've used more than 100TB a month, and I still get peak speeds 24/7. I'm sure that in some areas where a PON is oversubscribed, you will see dips in speeds, but I guess I am pretty lucky, considering I've used petabytes of data within a year. I'm sure my ISP has some kind of traffic shaping in place, but I guess there aren't as many bandwidth-hungry users in my area. The funny thing is that I am using one of the biggest ISPs in the US, and they don't explicitly say anything about fair use as far as traffic and bandwidth consumption.

Hello!

Sounds great. With a dedicated IP address, it would be suitable for a full featured dedicated server, extremely competitive against any datacenter! 
How much do you pay per month, out of curiosity?

Kind regards
 

Hello!