Staff

Hello! EDIT: Eddie 2.13.2beta automatically lowers the tun/tap interface metric to fix the problems caused by the wrong DNS implementation by Microsoft. If you run Windows Creator please upgrade to Eddie 2.13. to solve the problem. https://airvpn.org/topic/13002-experimentalbeta-release/ === EDIT: After a deeper investigation the workaround published in this post might be not proper. If it does not work successfully for you, please consider to lower the metric of the tap adapter: https://airvpn.org/topic/22650-windows-10-creator-update-airvpn-dns-slow/page-3?do=findComment&comment=61332 Temporary workaround, until we release an update of Eddie 1. Disable IPv6 Control Panel\Network and Internet\Network Connections, Properties of your real (not TAP) network interface, uncheck Ipv6. 2. Disable SmartNameResolution Run this .reg file: https://airvpn.org/repository/DisableSmartNameResolution.zip Explanation The same issue occurs also on plain OpenVPN 2.4 with directive block-outside-dns From https://sourceforge.net/p/openvpn/mailman/message/35789733/ Windows 10 Anniversary Update changed the way DNS works. It used to resolve qualified names using all available adapters and IP addresses in parallel, now it still resolves addresses using all available adapters but in sequence, beginning with random adapter. This interferes with how --block-outside-dns currently works. Sometimes OS chooses VPN TAP adapter and things work as intended, sometimes the other adapter and user have to wait until DNS request times out and name resolution goes via VPN DNS. This behavior introduces significant lag for web browsing. Eddie uses the same approach than ValdikSS "block-outside-dns" directive of OpenVPN: it blocks DNS query with WFP filters. With Windows 10 Creator build (1703) DNS resolution waits for the timeout of IPv6 resolutions (blocked by Eddie) and non-tunneled resolutions (also blocked by Eddie to prevent DNS leaks). This issue will be addressed shortly by a new Eddie release. Kind regards

In this case you're probably right, we will re-check. It is possible that Air privacy and data protection legally responsible person has deliberately forced non-persistent cookies to remain in full compliance with the privacy mission and the "cookie Directive" of the EU. If so, this setting will not be changed. Kind regards

Hello, it's expected and intended if you have set your browser to delete cookies at the end of a session (which is a good idea). Kind regards

https://airvpn.org/topic/22665-kaspersky-2017-patch-e-released/ This should definitely fix any Kaspersky problem with OpenVPN usage. Kind regards

Yes, tick "Show All" in the "Servers tab" first. When "Show all" is ticked Eddie will ignore any white and black list, so that you can have them ready to be restored with a single click. Kind regards

Hello! You have various options. Pick the most appropriate one for your case. 1) Run one of the many "kill switch" programs. Make sure to pick one that is compatible with OpenVPN and remember that the protection provided by such programs is low and leaks can occur. 2) Use Network Lock and enter in Eddie field "Allowed addresses" in "AirVPN" > "Preferences" > "Network Lock" all the IP addresses of the game servers you connect to (if the game requires peer to peer connections with other game clients without passing through the game servers this solution is not applicable). 3) Define your own firewall rules. Kind regards

That's a "non-problem". Just forward remotely a random port from your account port panel and configure your Bitcoin client to listen to that port. Important note: do not remap the remotely forwarded port to a different local port (in this case it would not work properly due to how Bitcoin works). Kind regards

Hello! In your case, probably the most straightforward solution is just defining a white list will all and only the "good performance" servers you have found out from your node. You can define a servers white list in the "Servers" tab of Eddie (the Air client software). Eddie will pick servers included in the white list only. Kind regards

There is no point in using OpenVPN over SSL when UDP performance is better. OpenVPN over SSL is designed to encrypt OpenVPN fingerprint thanks to an additional tunnel. This adds an additional wrapping and an additional encryption layer (warning: the additional tunnel is not designed for high security in our system - the core security layer remains up to OpenVPN). To make things worse OpenVPN is forced to work in TCP. This means that when you send out an UDP packet in your system, this will be an UDP packet wrapped in TCP wrapped in TCP: UDP over TCP over TCP! See the difference with the efficient UDP over UDP, or TCP over UDP. OpenVPN over SSL should be used only when the remarkable performance hit caused by the massive overhead is less than performance hit caused by ISP traffic shaping/management against OpenVPN specifically (if it's against UDP, direct TCP will suffice and OpenVPN over SSL will be again inappropriate). This is the only essence and purpose of OpenVPN over SSL. A very important purpose, vital in some countries (for example Iran). So, when direct and clean OpenVPN in UDP is faster than "OpenVPN over stunnel", insisting on OpenVPN over SSL not only makes no sense, but it's also masochistic. Kind regards

Yes, for each tweet he/she attached the correct piece of text (as an image, so you might need some effort to read it properly) in which you can see that OpenVPN is unrelated. It can be, sure, but then this is not a thread for "General & Suggestions" forum, which is aimed to general topics and suggestions for AirVPN service, not other ones! Feel free to move to "Off-topic" for any IPsec related issue. Kind regards

Hello! @produs Our service is not based on IPsec. This decision was taken in 2010 (even before we opened Air) because the original co-founders did not like very much two facts: IPsec running in kernel space, and important contributions by NSA to some of the development stages. @AgentSmith The tweet just after the one you linked mentions incorrectly "OpenVPN". From the document, on the contrary, you can see that it refers to IPsec, as correctly fixed in the subsequent tweet. Just a "momentary lapse of reason" by the author of the twit, probably. Kind regards

Hello, that's an unexpected issue. Please have a look here, it should help you fix the issue quickly: https://airvpn.org/topic/14829-can-only-connect-to-the-internet-browser-through-airvpn/?do=findComment&comment=30509 Also, make sure that you're running Eddie latest stable release (currently 2.12.4) and that you always shut down Eddie properly (menu "AirVPN" > "Exit") to let it restore your previous system settings. Kind regards

Hello, please follow this thread for latest updates on the issue and also momentary workaround: https://airvpn.org/topic/22207-kaspersky-users-read-here/ Note how Kaspersky is fully aware of the critical bug and that an experimental patch (available only upon request at the moment) seems to be effective in fixing it. Although with a slow pace, things are moving toward a final resolution. We underline again that the whole problem has been created by Kaspersky "Patch D" bug and that our service and/or OpenVPN are completely unrelated to the source of the problem. Kind regards

There's no huge button if you're already connected to a server. In order to enable the feature that prevents your IP from leaking, you have to do something that causes your IP to leak (disconnect). Do you see my conundrum? No conundrum here. If you have already connected to a server without Network Lock it means that you had previously disabled "Network Lock at startup" AND you decided to NOT click the button before connecting to a VPN server. The option is already persistent. The Network Lock in itself is not, and for very good reasons, persistent: previous system firewall rules will be restored either when Network Lock is explicitly disabled or when the software is properly shut down. Thread locked, it is based on nothing and the presumed problem is imaginary. Kind regards

Not domain names, but IP addresses (even in CIDR notation). Menu "AirVPN" > "Preferences" > "Routes". Effective at the next VPN connection. Kind regards

Hello! We're very glad to inform you that a new 1 Gbit/s server located in Bulgaria is available: Fornax. The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194 and 2018 UDP and TCP. Just like every other Air server, Fornax supports OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

@ShareVPN It already works in that way. A prepaid gift voucher is in EUR, not in Bitcoin. If you buy it in Bitcoin, USD or any other currency, conversion to EUR is immediate, and the gift voucher can be redeemed exactly for the intended plan (unless our prices change, of course, but that would be a very exceptional circumstance). Kind regards

Yes.

Absolutely not. We don't use them. Kind regards

Also consider that we provide a Debian PPA repository, have a look at https://airvpn.org/linux/ Kind regards

Well, the EUCJ decision was the outcome of a clarification request already sent by a UK court of appeal. See also https://www.theguardian.com/world/2016/dec/21/eu-ruling-means-uk-snoopers-charter-may-be-open-to-challenge in particular last 5 paragraphs. Kind regards

The Investigatory Powers Bill scope is not applicable to our company, and it can be challenged after it has been found by the Europen Union Court of Justice incompatible with human rights and EU legal framework (EUCJ decision of December 21, 2016). After the defeat at the EUCJ, various parts of the Act pertaining to data retention are not operative and the technical implementation has been frozen. UK government announced "an appeal" against the decision. The Act provides three main lines of investigation: interception, interference and retention. The first two methods may cover datacenters in the UK, but they do not pose new challenges. The same can happen, and has happened, legally or illegally, virtually in any country in the world (see our article from 2011 about partition of trust). About retention, our policy does not change and any interferences with that will cause us to discontinue any server in the UK, just like we already did in France. When UK will finish the "Brexit" procedure, then the technical guidelines for the implementation of the Act might be unfrozen by just ignoring the EUCJ decision. However, the EUCJ decision involves infringement of human rights that are also protected by a paramount convention on human rights which the UK signed (the European Convention on Human Rights, or ECHR) which is binding to all members of the Council of Europe. The Council of Europe does not depend on the European Union (although the European Union is a very important partner of the Council of Europe). Therefore on exactly identical basis which led to the UK defeat, the law and the UK can be challenged again at the European Court of Human Rights (do not confuse this court with the European Union Court of Justice). Getting out of the EU does not affect anything about the ratification of the ECHR and the membership in the Council of Europe. Actually, the UK is a founding, original member of the Council of Europe since 1949 (and this makes even sadder how lightly a government of the Kingdom is willing to throw in the trashcan some post-WWII founding values of democracies). We'll see when and if the technical implementation of the law, in the parts pertaining to us, will be unfrozen. Before that, your argument is a theory for the future, not for now. However, we must also take into consideration illegal operations. From what happened in the past, we can not even rule out that such operations can have the support of some parts of government bodies. And history teaches that such operations could even be led by criminal organizations. For such occurrences, the only effective counter-measure is technical: partition of trust. Kind regards

Hello! We're very glad to inform you that two new 1 Gbit/s servers located in Singapore are available: Aries and Reticulum. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194 and 2018 UDP and TCP. Just like every other Air server, Aries and Reticulum support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! We're very glad to inform you that ten new 1 Gbit/s servers located in the Netherlands are available: Andromeda, Canis, Crater, Cygnus, Edasich, Horologium, Hydrus, Musica, Orion and Pyxis.. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other Air server, they support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

In this case it is 10.3.0.1, but yes this is a good way to check if your system is updating resolv.conf correctly. Hello, 10.3.0.1 is not one of our private addresses in the VPN. It is out of any of our subnets. The problem is that you don't take care of DNS push. OpenVPN will not do that for you in Linux. Please see here for some ideas: https://airvpn.org/topic/9608-how-to-accept-dns-push-on-linux-systems-with-resolvconf/ Kind regards