Staff

This scenario resembles an attempted packet injection by some MITM analyzing traffic outside the VPN server (when it is not encrypted by OpenVPN). Again what you describe is impossible. OpenVPN has a packet authentication system which would have rejected the forged, injected packet. The most plausible explanation, if Network Lock was really enabled and firewall rules were not modified, is that it never happened and you misinterpreted something. If we discard this last explanation then the fact that your system is compromised must be taken into serious consideration. Kind regards

Hello! Sorry, but that's simply not true. Also note that ping (ICMP) is not even at the transport layer (it's at the Internet layer). And please do not confuse incoming packets reaching one of your system ephemeral inbound ports as a consequence of an already opened socket etc., with incoming connections to a listening service (if any). Anyway you can have TCP incoming connections with remote port forwarding (you can also have UDP packets forwarded, so the system is not limited to incoming connections over TCP). By default, an Air VPN client has no forwarded ports, so it can not receive any incoming connection, and it can not receive forwarded UDP packets. It's physically impossible, if you have not forwarded remotely any port. You can remap any remotely forwarded port to any local port. If you receive unsolicited packets from the Internet and you have not forwarded any port in your account panel, such packets have reached your ISP-assigned IP address and have nothing to do with the VPN server. Do not forward ports in your router or keep Network Lock enabled to prevent that. Kind regards

Hello! We are working to provide full IPv6 support and IPv6 is already configured in various VPN servers, so in ipleak.net DNS fields you will see both VPN DNS server IPv4 and IPv6 addresses. Kind regards

Hello! It can't come from the VPN server because incoming packets are not forwarded to clients, except those directed to the remotely forwarded port (to the proper client VPN IP address). By default no inbound port is forwarded to a client. Kind regards

That's a normal DNS query respecting the system settings. It has nothing to do with DNS leaks. A DNS leak is a totally different thing which affects only Windows (which does not have a DNS implementation, lacking the concept of global DNS). Kind regards

Hello! AirVPN is the 4th OSTIF top donor: https://ostif.org/top-ostif-donors/ We contributed specifically for the OpenVPN audit. We're glad to see that the audit completed quickly and that no serious security vulnerabilities have been found client-side. Even server-side, the only two security issues are not particularly worrying. A denial of service can be triggered by a client sending at least 196 GB in a certain way, while another denial of service can be caused by having the tls-auth key. Let's remember anyway that the bug bounty remains open. Our upgrade schedules sever-side remain unchanged, as well as Air client software release cycle. Each new release of our software is packaged with the latest OpenVPN version and keep in mind that you can configure the software to use any OpenVPN version you prefer. Kind regards

Hello! This is impossible. There are no DNS leaks on GNU/Linux. The error message seems quite explicative, you don't have the permission necessary to save the file. Please make sure to edit the file with root privileges. Kind regards

No. See also https://curia.europa.eu/jcms/upload/docs/application/pdf/2016-12/cp160145en.pdf for any doubt. No, it's false. It's not the first time that this "reviewer" posts false and potentially defamatory claims against AirVPN, and probably not in good faith as shown in the following post: https://airvpn.org/topic/19586-a-review-on-another-site/?do=findComment&comment=48971 As you can see, the "reviewer" does not hesitate to perform low level tricks (replacing a lie with another lie, stating that a fact is "an opinion of his") when he's nailed down to his lies with incontrovertible facts. The site also includes tons of mistakes about AirVPN, all of them damaging us, stating lower features than those that we really provide. Just to make a few examples, in the table it says that e-mail address is required (false), that we have 138 VPN servers (meaning that the web site has not been updated for a very long time, because we offer 205 servers currently) and some other "horrors" which hint to a bad combination of technical incompetence and lack of good faith. They are all dedicated servers with dedicated ports and IPMI etc. access restricted to VPN or a specific, limited pool of addresses. Kind regards

Hello! We're very glad to inform you that a new 1 Gbit/s server located in Singapore is available: Triangulum. The AirVPN client will show automatically the new server, If you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other Air server, Triangulum supports OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello, if you run Windows 10 "Creator" please see https://airvpn.org/topic/22650-windows-10-creator-update-airvpn-dns-slow/ Kind regards

We need to partially fix the support team statement here, we're sorry. Some of the data you enter, including the name, but NOT including the credit card number, is transmitted by the credit card processor to the Air management only (and not to employees or other persons, obviously). Kind regards

DNS leaks on GNU/Linux are impossible because they do not exist. A DNS leak is a DNS query sent in clear text (not in the tunnel) against the custom settings of the machine. It is a definition specifically created for Windows, which does not have a DNS implementation (it lacks the concept of global DNS so it sends out DNS queries to any DNS server of any network interface, even in random order in latest Windows 10 "Creator") and it makes no sense to extend it on systems with a proper DNS implementation and which respect settings. That said, we see that you already found a possible reason for the issue (which is quite a different thing than a DNS leak). Please update this thread at your convenience to report whether it solved the problem or not. Kind regards

Hello! The same base frequency is not by itself an issue provided that you use different channels that do not overlap the slice frequency. Each channel has normally a 20 MHz slice frequency. Unfortunately every channel overlaps with "near" channels, so if you experience issues you might need some trial-and-error procedure. However, the problem is treated here for a more scientific approach. Also, some useful tools are suggested. You can find additional articles facing the problem more properly for your country (the example article is specific to UK) through a web search engine. http://www.expertreviews.co.uk/networks/1401371/how-to-extend-wi-fi-range-increase-speed-and-fix-problems/page/0/1 EDIT: an additional nice article https://www.howtogeek.com/197268/how-to-find-the-best-wi-fi-channel-for-your-router-on-any-operating-system/ Kind regards

Hello! We're very glad to inform you that a new 1 Gbit/s server located in the United States is available: Aquila. It is located in Fremont, California. The AirVPN client will show automatically the new server, If you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other Air server, Aquila supports OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! Can you please try again now? Kind regards

Hello! Please open a ticket. from your description something went wrong apparently. Kind regards

Error in the entries of the db you're querying. Kind regards

Hello, nslookup is a little tool that queries a nameserver. To frame correctly the problem you need to know how Windows DNS implementation is faulty. Windows never had a global DNS concept (source and core reason of the "DNS leaks") and things got worse with Windows 10, which started to query all the nameservers of all network interfaces at once and resolve the name with the first which answered. Windows 10 "Creator" features an additional deterioration of the already rickety DNS implementation. Windows 10 Anniversary Update changed the way DNS works. It used to resolve a qualified name using all available adapters and IP addresses in parallel, now it still resolves names using all available adapters but in sequence, beginning with random adapter and waiting for the answer of each of them. You can easily see how the above implementation will not work correctly in a variety of situations, including a system which is connected to a VPN with internal name servers and which does not want DNS queries outside the tunnel ("DNS leaks"), for example with the "block-outside-dns" directive of OpenVPN (emulated by Eddie for Windows to prevent DNS leaks, for example). Lowering the metric of the tun adapter appears to be the correct solution at the moment. We don't know how the PIA software client deals with DNS leaks because it's a closed source software but from the description the observed behavior is just a rudimentary or clumsy DNS leak prevention which is not as effective as the one implemented in Eddie or in OpenVPN "block-outside-dns" by ValdikSS. For additional information please see also: https://airvpn.org/topic/22650-windows-10-creator-update-airvpn-dns-slow Kind regards

Hello! It may have some different meanings, which anyway do not change the outcome (server not accessible). A line might be saturated by a flood attack exceeding the upstream port(s) capacity, an IP address could be unreachable, etc. In this specific case our 1 Gbit/s port has been suddenly capped without explanation to 100 Mbit/s and we put the server down with the mentioned reason while we wait for a resolution of the problem by the datacenter (which has been of course timely warned about the issue). Kind regards

Absolutely not, we confirm once again that the problem was never on our side. Not only for logical inferences, because such a gigantic problem would have caused a massive amount of complaints by the 15000 users that at any given time are connected to our servers, but because your own description clearly shows that the problem is in your local network segment or local equipment. Kind regards

Hello! We're very glad to inform you that five new 1 Gbit/s servers located in the United States are available: Antlia, Octans, Pavo, Sagittarius and Scorpius. They are all in Atlanta, Georgia. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other Air server, these new servers support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! DNS leaks do not exist in GNU/Linux. In Ubuntu 17, NetworkManager might be configured to modify frequently resolv.conf and overwrites changes made by Eddie. Make sure to disable this feature by adding in /etc/NetworkManager/NetworkManager.conf the following line in the [main] section: dns=none The above should solve the problem. Kind regards

That's the problem. Please do not specify such route outside the VPN. Local addresses traffic is already not tunneled, obviously, and adding those exclusions on Eddie "Routes" window will create an inconsistent route which will actually make traffic "looping" to your local devices. Kind regards

DNS leaks do not exist in GNU/Linux. In Ubuntu 17, NetworkManager might be configured to modify frequently resolv.conf and overwrites changes made by Eddie. Make sure to disable this feature by adding in /etc/NetworkManager/NetworkManager.conf the following line in the [main] section: dns=noneKind regards

Hello! If the problem persists please try the following setup in Eddie (preferably 2.12.4): - untick "Check if the tunnel works" in "AirVPN" > "Preferences" > "Advanced" - untick "Check Air VPN DNS" in "AirVPN" > "Preferences" > "DNS" - untick "Enable Pinger / Latency tests" in "AirVPN" > "Preferences" > "Advanced" - enable Network Lock Please feel free to keep us posted. Kind regards