Staff

Hello! We're very glad to inform you that four new 1 Gbit/s servers located in the United Kingdom are available: Alshain, Asterion, Asterope and Chow. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The new servers accept connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, Alshain, Asterion, Asterope and Chow support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello, from your message it looks like separation of entry and exit-IP addresses should be a countermeasure to the cited threat model, but it isn't. Even if both IP addresses were in separate /24 subnets, the linked investigation could have been successful anyway. Given the threat model you provided, the countermeasures should be different. You should assume an even less favorable scenario: such an adversary can actively wiretap, with competent authorization obtained in a short time (or even illegally: the threat model for a powerful criminal organization is probably similar) any server in any datacenter in some country (in your case, especially USA and Canada). In any case, when actions in our infrastructure infringe our Terms of Service, and in particular when they infringe human rights, we reserve the right to do anything in our power to put an end to such actions and track down the infringer. Kind regards

Prevention of all those correlation attacks which would cause two clients connected to the same VPN server to exchange data in the clear. The reason for which this can happen in every OpenVPN service where entry and exit-IP addresses are the same will be obvious if you study the routing table of an OpenVPN "client". Doing so will also suggest various techniques to "cause" an OpenVPN client to send data in the clear to another OpenVPN client. There are some other nice side effects, but when we planned this "system" we were thinking almost exclusively of the above. Kind regards

That's normal. Just re-run Eddie and this time shut it down properly. Kind regards

if we understand it correctly, this is irrelevant (out of the scope of "IP separation"). Entry and exit-IP addresses are different to prevent some specific correlation attacks. They are doomed to fail (as long as the attacker does not control both your line and our servers lines, of course), regardless of the fact that the attacker knows or not all the IP addresses of our servers. Kind regards

None of the Swiss servers performs splendidly from various USA providers, and that's all in all acceptable. We would like to receive feedback from users in Europe. In North America we have created a huge bandwidth redundancy both in USA and Canada with widely diversified transit providers to satisfy performance requirements from our customers in North America. From North America, customers willing to connect in Europe should rather look at our servers in the Netherlands directly connected to AMS-IX: https://airvpn.org/topic/19014-servers-re-location-netherlands/ and https://airvpn.org/topic/17799-five-new-1-gbits-servers-available-nl/ Kind regards

Is AirVPN going to do anything about it? i mean i would like a server that can deliver a bit more than 2mbits per second. At least 20mbits has been the minimum requirement for me to use it. Kitalpha can do it, but it dips well down into the 12-14 mbit range too long to maintain a 4k video. Please continue publishing your feedback with Arneb if you wish so. We are keeping an eye on it. As you know, we have been operating this server for three months before publishing it, and we did it only when some problems we detected were resolved. Now, if the peering of this server is bad for a significant majority of customers, we can withdraw it. Note that the internal tests we performed just a few days ago were fine. We have been already searching for a more valid replacement and perhaps we are on the right track. Kind regards

Hello! We're glad to inform you that starting from Friday October 21st 2016 @ 23:59h CEST to Saturday October 22nd 2016 @ 04:00h CEST the Netherlands servers listed below will be relocated in a new cage. The expected downtime is four hours from the beginning of the relocation of each server. Alchiba Alcyone Alshat Alterf Atik Celaeno Diphda Elnath Gianfar Hassaleh Hyadum Kajam Merga Nash Salm Situla Skat Talitha Tarazed Zibal This will allow to add AMS-IX and Telia direct connectivity as well as some extra peering to all of the aforementioned servers. After the re-location, therefore, we will have all the 44 servers in the Netherlands with direct AMS-IX and Telia connectivity. Additionally, the uplink capacity to each public switch will be increased to 40 Gbit/s (currently it is 20 Gbit/s per switch). Kind regards AirVPN Staff

Various reports confirm what we experience in our testing machines: it works correctly. Can you make sure that you're running Eddie 2.11.5beta? Kind regards

Hello! Your OpenVPN client correctly aborts the connection because our certificate is not valid in 1969. Kind regards

Confirmed: entry and exit-IP addresses have been different since 2011. They matched in some early beta version of the service, but at that time the service was limited to internal personnel - it was not public. Kind regards

If Network Lock was on the case deserves investigation. Theoretically, if you look at the pf rules set by "Network Lock", it just can't happen. Could you publish the complete pf rules while Network Lock is on and the problem occurs? Kind regards

Thanks for your input, I found this also in german legislation. Though it's paradox since circumventing copy protection is forbidden by §95 UrhG, and §69 UrhG allows this for interoperability. The latter also seems to be a direct copy of the EU text. Probably it's the transposition (implementation of the Directive in national laws). A word-by-word transposition is generally very good. Commissioners and Directors of the DGs have often underlined the issue of imprecise transpositions (which can happen even NOT in good faith). Changing even a few words in the transposition can cause significant differences for national courts and law interpretation (we know something about it very well in Italy, sadly). Copy protection circumvention prohibition is inapplicable in so many cases, for example when it prevents the effective exercise of some constitutional right of a citizen as well as human rights, of course. The case of interoperability of software is probably a gray area, because right to interoperability, in several cases, could be very hard to be proved as a part of a constitutional right of any kind, and that could have been the reason for which an explicit authorization by law was felt as necessary. Kind regards

Related to our service, we would like to add the following 2015 thread: https://airvpn.org/topic/15566-the-nsa-sure-breaks-a-lot-of-unbreakable-crypto-this-is-probably-how-they-do-it/ Kind regards

No, because they detect abnormal patterns. Also, while it can ease your life, it's generally still an illegal act because modifying software is forbidden in almost every closed-source EULA. Do not forget this. If there was an EULA article forbidding the action described by OmniNegro, the article would be void in the EU. Article 6 of Directive 2009/24/EC covers this act to underline that it remains perfectly legal and that it can't be forbidden by any Member State when the specified conditions are met (the case with OmniNegro is exactly the case defined by the article). The fact that we need an article in an EU Directive to specify that such an action can't be forbidden unilaterally by a private business entity is perhaps a consequence of the attempts of the so called "copyright industry" to interfere with the private, inviolable sphere of a citizen. Actually, the right to force a code to inter-operate properly with your own machinery/software combination can also be seen as a special case of issues of great importance in every day life, including (but not limited to, of course) health care and public safety issues. Kind regards

There's nothing to fix, the password prompt is correct, intentional and must NOT be removed. See what happened with Viscosity. Probably some users here wrote without even reading the previous messages. Topic locked. Kind regards

Hello, "comp-lzo no" is correct. The reported issue appears as a mis-interpretation of network-manager-openvpn. "comp-lzo no" for OpenVPN does not mean that LZO must be forcefully disabled. If this directive is omitted, you will not be able to accept properly a comp-lzo yes or no push. On the other hand we strongly recommend to not use network-manager-openvpn and we will not tweak a correct configuration just to fix a bad behavior. Kind regards

Thank you for the head-up, we fixed the problem. Kind regards

Undoubtedly QoS can play an important role in shaping your VPN traffic and your suggestion is precious, but you're wrong about the CPU: even the latest generation routers for consumers mount ARM CPUs which are not able (on a single core, because OpenVPN runs only in one core) to beat 50 Mbit/s of AES-256 encryption/decryption in the best case scenario (in real life usage the performance is usually worse due to the other tasks the CPU must perform and distribute the load amongst). Kind regards

New version 2.11.5beta is now available. Changelog from 2.11.3beta: [bugfix] Improved Windows position/size management (now work with 'run' shortcuts properties) [bugfix] CIDR notation in route IP [change] Improved ordering of directives in generated ovpn config file [new] Automatic "max-routes" directive, or ordering it if manually specified. [change] Option "Force all interfaces for DNS" now enabled by default. [bugfix] Countries bandwidth [change] Linux - man page improvements, and switched to group 8. [bugfix] Privileges request not required on CLI help/man [new] Linux - Added man-page in RPM [change] Linux / OS X - Check DNS fixed on some OS (for example Fedora 24) [change] Linux - DNS renaming method improved with symlink [new] Linux - DNS renaming, recovering if /etc/resolv.conf is missing [bugfix] Linux - Detect and workaround Pinger bug that occur only if hostname is misconfigured [bugfix] OS X - Tor Browser 6.x compatibility [bugfix] Windows XP - Unable to load DLL 'LibPocketFirewall.dll' [bugfix] Whitelist/blacklist from command-line. [new] Added total session bytes read/write statistics [bugfix] Windows - VPN bytes read/write statistics reset at VPN connection [new] Additional providers draft support

It's really slow, because it suffered packet loss as you might have already seen from the real time servers monitor. We are investigating. At the moment of this writing the problem solved by itself, but we will keep monitoring the situation. Kind regards

Hello! We're very glad to inform you that two new 100 Mbit/s servers located in Hong Kong are available: Alnilam and Phecda. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, Alnilam and Phecda support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! Our forum is compatible/registered with TapaTalk. We have around one thousand people who are using TapaTalk to browse the forum. When Google Search crawler fetches our website for mobile results, URLs point to mobiquo/smartbanner for two reasons: - show a "This website is available with TapaTalk" and - show search results formatted to be opened with TapaTalk directly OR browser. A Google search with an Android with TapaTalk installed: is here, the linked page is opened directly by TapaTalk if installed. A Google search with an Android device without TapaTalk installed: That's why the mobiquo/smartbanner URL exists. About the blank-page; a click in "Open on airvpn.org" if the TapaTalk is installed, or any link if not installed, returns a blank page. This is an issue, we are investigating about that. It occurs only on mobile browsers. Kind regards

Upgrade to Eddie 2.11.x beta which includes new tun/tap driver 9.21.2. Not only it solves a lot of issues, it is also more efficient and is able to provide a much better throughput. Eddie 2.11 will install the new driver automatically. Kind regards

Both. A copy of each reply content from every ticket is also sent via e-mail (courtesy e-mail). Kind regards