Staff

Hello! You need to activate "Network Lock". In this way you don't need to disable IPv6 manually. Network Lock will prevent "IPv6 leaks" through ip6tables rules (as well as any other possible leak through iptables). IPv6 support in our infrastructure is planned within the end of 2017. Kind regards

It's not a rule, it's a Law of Technology By connecting to the same server with the same protocol and to the same port your internal IP address is the same. There can't be two devices with the same IP address on any network. Hello! It's a quite different technical limitation in our setup, not a big deal anyway. By the way: if you don't need remote port forwarding you can connect multiple devices, from the very same account, to the same server, but on different ports. In this way you will connect to different OpenVPN daemons working on different VP subnets bypassing the limitation. There is also another finesse which will bypass this limitation and will allow multiple connections to the same server and the same port and subnet with the same account on multiple devices, but it will not be implemented in 2017 (plans for this feature, which will require an important change, have not yet a definite deadline). Important: in order to connect to different daemons for sure, consider that different daemons listen to port 53, 80 and 443. If you pick different ports like 28439, you risk to connect to the very same daemon which listens even to other ports. Kind regards

Hello! Currently not, we're sorry. We might have great news in the future, anyway. Nowadays, a good workaround is accessing our real time servers monitor in our web site "Home" > "Status" page, direct link https://airvpn.org/status Kind regards

Hello! That's a very generic sentence. In general that's not necessarily possible. Just think about our service: OpenVPN works in routing mode, not in bridging mode, and ICMP is a protocol at Internet layer, not a transport layer protocol. So VPN configuration and topology should be analyzed first to avoid potentially wrong or even crazy assumptions. Anyway the scenario seems to assume that the adversary already knows your "real" IP address (we mean the IP address assigned to one of your devices by your ISP) so the discussion shifts to correlation attacks (aimed to show that some activity behind the VPN is indeed YOUR activity) which have been treated over-abundantly in our and other forums. For the purpose of this discussion: 1) make sure to keep Network Lock enabled in our software Eddie and 2) maintain a definite identity separation. In this way you can be confident to defeat even complex correlation attacks. If your friend wants to clarify, he/she is welcome. However, more accuracy is strictly necessary. Kind regards

Hello! We can't see the final DNS your system queries because it's configured in the router, can you please check? That DNS is poisoned. The correct resolution currently is: $ dig airvpn.org +short 5.196.64.52 Fix the issue and test again: if there is no further censorship at IP address level, the problem will be resolved. We would be grateful if you could tell us which DNS is hijacking airvpn.org (if you don't want to publish in public, please feel free to contact us in a ticket or via mail). If you need suggestions about publicly accessible DNS we would recommend OpenNIC servers for their commitment to privacy and neutrality: https://www.opennicproject.org Kind regards

Hello, can you please give us the output of the following command (while your system is not connected to the VPN): nslookup airvpn.org issued from a command line interface. This well let us know whether the name "airvpn.org" resolves into the correct IP address and which DNS your system queries. Kind regards

Hello! We're very glad to inform you that a new Eddie Air client version has been released: 2.13.6 Eddie 2.13 includes many important bug fixes and changes. You can see them all on the changelog. As usual, Eddie is released as free and open source software under GPLv3. 2.13.6 version is compatible with several Linux distributions. For very important notes about environments, please read here: https://airvpn.org/forum/35-client-software-platforms-environments Windows 10 "Creator update" users will have a dramatic names resolution speed increase when querying the VPN DNS, because Eddie 2.13 circumvents the improper external DNS resolution method implemented by the "Creator" upgrade. Please read the changelog: https://airvpn.org/services/changelog.php?software=client&format=html Due to the large amount of bug fixes and changes upgrade is strongly recommended. Just like previous versions, Eddie implements direct Tor support for OpenVPN over Tor connections. Eddie makes OpenVPN over Tor easily available to Linux, OS X and macOS users: no needs for Virtual Machines, middle boxes or other special configurations. Windows users will find a more friendly approach as well. This mode is specifically designed for Tor and therefore solves multiple issues, especially in Linux and OS X/macOS, including the "infinite routing loop" problem (see for example http://tor.stackexchange.com/questions/1232/me-tor-vpn-how/1235#1235 ) As far as we know, Eddie is the first and currently the only OpenVPN wrapper that natively allows OpenVPN over Tor connections for multiple Operating Systems. https://airvpn.org/tor We recommend that you upgrade Eddie as soon as possible. Eddie 2.13.6 for GNU Linux can be downloaded here: https://airvpn.org/linux Eddie 2.13.6 for Windows can be downloaded here: https://airvpn.org/windows Eddie 2.13.6 for OS X Mavericks, Yosemite, El Capitan and macOS Sierra and High Sierra can be downloaded here: https://airvpn.org/macosx PLEASE NOTE: Eddie 2.13 package includes an OpenVPN version re-compiled by us from OpenVPN 2.4 source code with OpenSSL 1.0.2k for security reasons and to fix this bug: https://community.openvpn.net/openvpn/ticket/328 Eddie overview is available here: https://airvpn.org/software Eddie includes a Network Lock feature: https://airvpn.org/faq/software_lock Eddie is free and open source software released under GPLv3. GitHub repository https://github.com/AirVPN/airvpn-client Kind regards & datalove AirVPN Staff

Hello, please consider that DNS settings of the devices behind the router take precedence over the router DNS settings. You probably don't have a DNS leak, because the DNS queries are anyway tunneled by the router after they get out of your Mac, but you might like to re-configure the devices to use VPN DNS (to do so, make sure that the devices query the router address as DNS server). Kind regards

Hello, when you have such issues put all the keywords inside a good web search engine: this is generally a good start. For example, we wrote in our message "Use the ISO country code for the country" and you don't know what it is, so a good idea is looking for "iso country code list", which returns in various search engines as a first link https://en.wikipedia.org/wiki/ISO_3166-1 - there you find definition and a table with all the country codes. Consider the two letters codes, obviously. You can use "nslookup" to resolve a name into an IP address in a command line interface. For example, enter the command: nslookup nl.vpn.airdns.org You will see something like: $ nslookup nl.vpn.airdns.org Server: 10.4.0.1 Address: 10.4.0.1#53 Non-authoritative answer: Name: nl.vpn.airdns.org Address: 213.152.162.169 and you see that, at that moment, nl.vpn.airdns.org resolved into 213.152.162.169 IPv4 address. Kind regards

Android is Android, Linux is Linux. The Android kernel might be based on Linux, they share similarities, but they differ in functionality. Just for completeness sake: https://en.wikipedia.org/wiki/Android_(operating_system) The Linux kernel is almost identical between various GNU/Linux distributions and Android (which is considered a Linux distribution by the Linux Foundation). The upper layers differ significantly from most GNU/Linux distributions (in addition to the changes by Google in the Linux kernel: only some of them have been ported to the Linux kernel main branch) - as noted in the above linked article, a major difference is that the C library is different. The reason for which in our "Configuration Generator "Linux" version is recommended for "OpenVPN for Android" application was due to text formatting. Kind regards

Please test with the latest version and leave us a feedback. Please test with the latest version and leave us a feedback. Please test with the latest version and leave us a feedback. This has been resolved in 2.13.6. Kind regards

Hello! Please try the 'portable' edition of the latest experimental release: https://airvpn.org/topic/13002-experimentalbeta-release/ We just installed KaOS in our labs and we're glad to inform you that Eddie works fine. Kind regards

Hello, please make sure to check the pinned thread in this very same forum. Direct link https://airvpn.org/topic/22715-dns-issues-with-ubuntu-1704/ The problem you report might be directly or indirectly related. Kind regards

About ChromeOS / ChromiumOS Chromium OS (or Chrome OS) is an operating system designed by Google that is based on the GNU/Linux kernel and uses Google Chrome web browser as its main user interface. CloudReady is the free, easy way to convert your computer to Chrome. Steps Go to Client Area > Config Generator in our web site, choose ChromeOS and other options. Download files: you need user certificate "user.p12" file and Openvpn connection "<filename>.onc" file. (If you download the ".zip" archive format that contains "user.p12" and "<filename>.onc" you must extract the archive to have the two files outside the archive as two single files on the system. See How to Unzip Files on ChromeOS.) Click your bottom-right panel, and then the gear to open the control panel. Type "certificates" in the search box and select Manage Certificates. In some version of ChromeOS the certificates menu entry is accessible only in the browser: open chrome://settings/certificates in the browser On "Your Certificates" tab, click "IMPORT AND BIND", and select the "user.p12" file. If asked, leave password empty. You should now see your certificate and “(hardware-backed)” if done correctly. Note: if "IMPORT AND BIND" is not available it's because in your device TPM chip is disabled or not available, see here. With no Bind ("hardware-backed") certificates the VPN connection cannot work. In the browser, open chrome://net-internals , and click ChromeOS at the bottom Choose File. Select the .onc file. It will look like it did nothing. Now in your bottom-right panel, you will have a VPN connection. Click to connect. If you are forced to enter a password, type anything, it doesn't matter what. Check whether connection is ok in the bottom-right panel. Many thanks to @nopcode85 for his help.

If I used Eddie then all would be good, however I use my router as a VPN client and its up to me to choose a server and enter the address into router. Hello, not necessarily: you can use names of the type .vpn.airdns.org to have some automation. Such addresses resolve into the entry-IP address of the highest rated server in a country. Use the ISO country code for the country, for example "nl.vpn.airdns.org" resolves into the IP address of the highest rated server in the Netherlands. Of course in this case you still need the mental effort to pick a country. The rating of each server is computed every 5 minutes through a formula which takes into account a variety of parameters which include those which you don't understand in the real time servers monitor. The stats are so simple to decipher and based on such basic concepts that it's worth that you spend some time to understand them: they will be useful not only to understand our servers monitor, but in an enormous variety of situations. Start with "bandwidth", "throughput" and "round trip time". Wikipedia features good articles. https://en.wikipedia.org/wiki/Throughput https://en.wikipedia.org/wiki/Round-trip_delay_time Kind regards

Hello! Added. please test now. Kind regards

Hello, we do not force anything (not even using our software) and your multiple tickets have been promptly answered. Please check. We also remind you that Eddie has nothing to do with performance you mention since it is an OpenVPN frontend. Kind regards

Hello! We can't reproduce the issue on any system, what is the exact Operating System of each one of you? Just a thought (maybe irrelevant, maybe not), be aware that some packet filtering tools (even though rarely) enforce limiting rules on ICMP, which is obviously used massively by Eddie. Please check, just in case. That said, an ancient Mono bug (if we recall it correctly, devs could be more precise about it) affected some old Eddie versions (older than 2.12) when pinging (circumvented by changing the code and using the "ping" program on each system and with the addition of some safeguards to prevent Eddie from getting stuck when many pings time out). Kind regards

Hello, the name is Eddie, not Eddy You have already received an explanation to show that you have assumed a false premise. From a false premise you unavoidably build wrong conclusions. However, you pose additional interesting arguments which are unrelated to your original one. Not at all. Before anything else, let's make it clear that law enforcement agencies are not in general our enemies, EXCEPT of course those agencies which operate under a legal framework which is incompatible with the ECHR, the Charter of Fundamental Rights of the EU - and more in general, with the EU law. Defeating them and more sinister criminal organization is of course one of the purposes of our service. What you call middle authentication servers are useless to an adversary which gets access to them. Their purpose is the authorization to access the service and NOT to negotiate the encryption keys of the Data Channel. On top of that, users data are not there (of course, this does NOT mean that we encourage to enter real name and surname in your username, or using an e-mail address that can be exploited to disclose the identity). Under this respect, and as a generic security rule, it would be wrong to store on every and each VPN server the clients credentials, data, certificates and keys. Trivially, this would expose such data to a myriad of datacenter technicians, multiplying the risk by the amount of datacenters --- and also pose some additional concerns on correlations with different servers usages, illegality of storing data outside the EU, violation of our Terms of Service and more, but the first cited reason is more than enough to close this argument. That said, let's go on to the next step, because apparently you are raising and mixing a third, different security concern. You must ask yourself what an adversary could do with a client key and certificate. Connecting to our VPN servers as if he/she was the legitimate customer, sure. Decrypting the flow of data of the legitimate user to some VPN server, even if the adversary is wiretapping the client line? Of course not. You can easily see how this is not possible, we leave that as an exercise for you (hint: check https://airvpn.org/specs ). You still have not understood the content, please re-read and study. Also feel free to elaborate an attack with which you could decrypt the flow of data between a client and a VPN server if you have access simultaneously to the three following different cases: 1) the data exchanged in the authentication procedure 1) the target Internet line 2) the data exchanged in the authentication procedure 1) the target Internet line 2) the data in the authentication procedure 3) the client certificate and key [let's disregard momentarily,for the sake of discussion, that an adversary accessing the target Internet line could save himself/herself any almost-impossible task with much simpler and more effective attacks, such as infecting with spyware the system of the target, especially when the target runs Windows/Android/iOS] Thank you for this interesting discussion. However, let's continue with the correct premises. Kind regards

Not reproducible, we're sorry. Anyway, nothing to fix on our side, because it's OpenVPN that modifies and restores routes, not Eddie. With our service default directives, the only way we can imagine to prevent OpenVPN to do that is killing it without grace (kill -9). Since you claim you have detected this bug a year ago, you might like to contact OpenVPN community and also use the bug track system (explain an exact way to systematically reproduce the issue). We can't do that because we can't reproduce the issue in any way. Kind regards

Hello! Please make sure to run Eddie in some of your init scripts. You can also consider to run it in "command line mode". "Connect at startup" is an option that tells Eddie to connect when it starts up. For command line mode please see instructions here: https://airvpn.org/topic/11541-command-line-edition-and-syntax/ and type (in a terminal) "airvpn -cli -help" to print the manual of your version. Kind regards

Hello, disable or remove Comodo and enable Network Lock before starting a connection, then test again. Check also in https://ipleak.net Open a ticket if you can't manage to solve the problem. Kind regards

Hello, either your system was not tunneling traffic or its DNS queries went to the ISP DNS servers. Kind regards

Hello! Since August the 26th all the servers addresses are multihoming toward Cogent and Hurricane. If you still experience unusual low throughput from the USA, please specify your residential ISP. Kind regards

No confusion. If you think otherwise you have failed to read properly the message you quote. Additionally, you are the confused one. See below. That's totally irrelevant. The relevance here is that the EUCJ is treating the ECHR as a part of EU law to prevent any contradiction with the Council of Europe decisions and any inconsistency with the Charter of Fundamental Rights of the EU, posing the legal foundation to challenge data retention legal framework in the UK on the very same basis of both decisions (because UK will remain a member of the Council of Europe even when it will go out of the EU, and because the ECHR has been undersigned and much later transposed into the national legislation of the kingdom). Ad abundantiam we remind the readers that the Treaty of Lisbon established the accession of the EU and the EU Member States even to the ECHR, and not as an option, but as a duty. This has been clarified many times (last but not least by the Parliament, for example here http://www.europarl.europa.eu/thinktank/en/document.html?reference=EPRS_BRI%282017%29607298). Even if such accession is problematic in the sense that it could be deemed insufficient to protect EU citizens human rights, it does not affect the fact that the EUCJ has never found a case for which contradiction of the ECHR was necessary, and that the EU Charter is heavily based on the ECHR. No, you are totally mistaken and confused. The decisions come from the EUCJ (the Court of Justice of the European Union) upon requests of various courts of different Member States. Nothing to do with the Council of Europe. Stop trolling and read. We have provided links to the press releases of the EUCJ in our previous message. The decisions are exceptionally clear, please read them. If you have doubts, the second decision is stronger (even if the first one makes the 2006/24/EC invalid with retro-active effect, the second decision is even stronger), perhaps because the first was not well understood by some Member States legislators who played with words and tried to instill doubts just like you are doing now. You have linked an article that was written six months before the second decision was taken. Irrelevant but coherent with your apparent, not so well hidden, intent. Are you in good faith? Kind regards