Staff

Hello! UDP packets and/or certain IP addresses of our servers are blocked in your system. Please check your firewall rules. Also consider to enable Network Lock to replace your rules while Eddie is running (your rules will be restored). Upgrade to Eddie 2.12.4 as well. Kind regards

Hello! Problem has been solved. Kind regards

Hello, we do not enforce any cap on bandwidth, you are just meeting physical limitations. Our servers are connected to 1 Gbit/s ports and 150 Mbit/s means 300 Mbit/s on the server. In general, our infrastructure and above all our prices/business plans are designed to reliably provide 40-160 Mbit/s per client (i.e. 20-80 on the client side) - and 16 Mbit/s (server side) in the "worst case scenario" (i.e. if everybody connects at the same time AND requires maximum bandwidth constantly). Given the current oversize (redundancy) of Air infrastructure, however, you can easily reach (as you have experienced) 300-400 Mbit/s (which translates into 150-200 Mbit/s on the client side) with some care to pick a properly "not heavily loaded" server. Consider that currently it would not make much sense to get 10 Gbit/s ports for our servers, because of computation limits in encrypting/decrypting AES-256-CBC in a single core. Kind regards

Hello! The problem has re-emerged after the past fix. We confirm that we are aware of the problem and we will be working to solve it. Kind regards

To flush iptables rules enter the command (from a root terminal): iptables -F Network Lock does not cause any problem. If you kill Eddie without grace iptables rules will remain the same and this is not only expected, but it must be so. Traffic leaks prevention must remain enforced in case of OpenVPN or Eddie crash, incorrect behavior by the user etc. In such cases you can either run and shut down properly Eddie to restore your previous rules (because Eddie does backup your system iptables rules before modifying them), or just flush the rules. Both operations are a matter of a few seconds. Kind regards

In general this can imply that such VPN uses the same IP address both as entry and exit. It's an awful practice when IP addresses are shared (an essential requisite to have a better anonymity layer) and port forwarding is supported: data exchange with nodes in the same VPN will occur outside the tunnel exposing the real IP address to each other. A lot of correlation attacks can therefore be successfully achieved. Kind regards

Hello! Can you please check again your system DNS settings (while Eddie is not running), just in case the problem is related to DNS and not to firewall rules? Eddie 2.10.3 is a very old version and has a bug (only in Windows) for which, under peculiar circumstances, the DNS settings of a network interface were not restored. This bug was fixed both in the 2.11 and in 2.12 versions (upgrade to Eddie 2.12.4, the latest stable release, is highly recommended). Kind regards

Hello! Packets are forwarded to your node VPN IP address. If the guest OS is attached to the host via NAT you must take care to configure port forwarding from the host properly, because it's the host that's connected to the VPN in your system. VMWare does support this option. It's correct that this topic is in off-topic, because even according to your own description this is an issue with VMWare, not with AirVPN. Kind regards

It works perfectly in all systems. Feel free to open a ticket if you have problems in your system. Kind regards

Good. So there are no problems, right? Kind regards

If ClipGrab binds to the physical network interface of your system then yes, it's possible. We provide the "Network Lock" feature to prevent traffic leaks of this (and any other) kind. Please see also: https://www.clodo.it/blog/an-alternative-approach-to-so-called-webrtc-leaks/ Kind regards

It's for the user's comfort (for example for those users who want to connect OpenVPN over a proxy and want to check whether they have proxy-fied properly or they connect directly). Kind regards

Disable Wayland please. https://airvpn.org/topic/20750-airvpn-not-working-with-fedora-25/ Kind regards

No problems! Not offended at all, quite the contrary. and we are also pleased by your nice feedback. The "wrong conclusions" in our opinion are just caused by the fact that you seem to not consider some parameters in the "quality VPNs" definition. Actually, this looks confirmed by the fact that you explicitly include in "quality VPN" a service which does not meet some of the parameters we cited (and it's not AirVPN! ), so "quality VPN" are not at all "all basically the same". Kind regards

This makes their choice a strong point. If it's a physical or a virtual server is one of the factors defining the speed but there is no written law saying a VPS cannot match the performance of a dedicated server setup. It certainly has it's drawbacks, sure enough. You're not totally right in this point, and not only because a VPS shares the uplink port with an unknown amount of other VPS running in the same host (see below for another important factor). What a VPN service provider based on OpenVPN can do to optimize the throughput once the strongest ciphers for Data and Control channels have been picked consist of many things. Probably the most important ones are: picking datacenters with redundant bandwidth as well as good transit providers to increase likelihood of good peering with consumers' ISPsavoiding overselling. AirVPN is the only consumers' VPN service in the world that has a transparent policy about the "worst case scenario" of bandwidth allocation, with precisely defined guarantees on minimum allocated bandwidth, and a tool, open to everybody, to verify such commitmentconfiguring correctly the VPN server. Please see here to see how big this challenge is when we start talking about 1 Gbit/s dedicated ports: https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linuxproviding software which tries to optimize parameters on the client side that are not handled automatically by OpenVPN, for example the socket buffers sizes in Windows like Eddie (our free and open source software) doesproviding software that makes switching protocols and double-tunneling (to circumvent some traffic management or throttling techniques that are nowadays not unusual in most "residential" networks) easy (like Eddie does) So the @larky wall of text is funny and informative, but misses (and for this reason reaches some dangerously wrong conclusion when he/she writes "[Quality VPN] they vary some in "features" and client and software used but they are all basically the same.") the most important activities that a good "VPN provider" must perform with due diligence and competence and whose effects are immediately visible, especially when you see the huge difference between a "good VPN" and a "bad VPN" in performance with identical servers in the same datacenters from the very same testing nodes and same ciphers. And this is only about performance optimization. We will save you from the horrors of security settings of some commonly defined "quality VPNs". These settings are another huge field which is key in the competition between different services like ours. Here we wish and we are proud to underline that, contrarily to most (if not all) so called "quality VPNs", we provide free and open source software client for a variety of systems. Kind regards

Hello! Fixed. Please see here: https://airvpn.org/topic/22214-eddie-2124-released/?do=findComment&comment=59540 Kind regards

@snapz , @trekkie.forever Issue about SSH connection with Eddie 2.12.4 and macOS confirmed. Officially, the fix will be in 2.13. But as an exception, to avoid releasing a new version only for this custom and little fix, we have patched the current 2.12.4 version. Please simply re-download. Nothing has been changed in Windows or Linux builds. Kind regards

Hello! Would you like to share the details if or when you have time? We have already written patches for OpenVPN in the past and we already routinely release our patched version of OpenVPN. It will take time because any new code must be thoroughly peer reviewed to prevent any risk of "injecting" unwanted vulnerabilities, but it's a potential way to go. We are also aware that "patching" something to conform to the bad behavior of something else is highly questionable. Kind regards

Yes, sorry about the typo, the correct link is the one you mentioned. Kind regards

Hello! The SSH configuration files are fine, to connect please follow the instructions here: https://airvpn.org/ssl We don't know about Viscosity, but Tunnelblick does not support OpenVPN over proxy or SSH or stunnel connections, we're sorry. Developers have anyway been informed about the issue in Eddie 2.12.4 and if the bug is confirmed it will be fixed very soon. Kind regards

Hello! This message pertains ONLY Windows + Kaspersky users. If you are a Kaspersky user and you're experiencing low performance and similar issues with any VPN connection (AirVPN or any other) please read here: https://airvpn.org/topic/22207-kaspersky-users-read-here Kind regards AirVPN Staff

EDIT: in light of the news about Kaspersky Patch D, this message can be ignored for the rest of the thread. It pertains to a different Kaspersky problem which causes similar symptoms, but that's nowadays probably totally unrelated to the problem discussed in this thread caused by Patch D of Kaspersky. The solution that's described below applies to markoomg and Gary Ashton's problem and probably not to the other users in this thread. Just for the readers' comfort, from the ticket we see that markoomg problems has been solved. It was caused by a Kaspersky feature, an injection of a javascript script in every web site page performed by Kaspersky itself. This potentially catastrophic security problem has been noted since 2015. See here for example: http://blog.oratronik.org/?p=457 https://www.reddit.com/r/privacy/comments/3frjqw/psa_kaspersky_injects_remote_javascript_into_all/ However, we ignore why only now this has become a problem in browsing. We have an abnormally high amount of tickets about the very same problem, all of them caused by Kaspersky, and all of them written in the last 24/48 hours (nothing before that, so the question is: did something change in Kaspersky default settings?). Kind regards

Then you would need a Master Password to decrypt the normal password, so what is the purpose? Just do not tick "Remember" and the password will not be written at all in the xml file fulfilling your request in an equivalent (or even better) way. A different approach would be encrypting the whole AirVPN.xml file, This could make some sense actually, probably we will discuss in the future about this option. Kind regards

Quite the opposite, it's a good idea. Without remote port forwarding your torrent software can't be contacted. It can only actively initiate connections toward some client which allows incoming connections, therefore performance is impaired and initial seeding is impossible. If all peers in a swarm did not accept incoming connections torrenting would not work at all in that swarm. Kind regards

Hello! We're very glad to inform you that a new Eddie Air client version has been released:2.12.4. Eddie 2.12 includes important bug fixes and many changes meeting users' requests and preferences. Furthermore, some parts have been rewritten to make handling of additional commodities more efficient. For example, curl is now used for any HTTP and HTTPS request, and stunnel "verify" parameter has been again set to 0, to increase likelihood to "bypass" restrictive proxy/firewalls in "OpenVPN over SSL" mode, referring the whole security layer to OpenVPN. 2.12 version is compatible with several Linux distributions. For very important notes about environments, please read here: https://airvpn.org/forum/35-client-software-platforms-environments Please read the changelog: https://airvpn.org/services/changelog.php?software=client&format=html Upgrade is strongly recommended. Just like previous versions, Eddie implements direct Tor support for OpenVPN over Tor connections. Eddie makes OpenVPN over Tor easily available to Linux and OS X users: no needs for Virtual Machines, middle boxes or other special configurations. Windows users will find a more friendly approach as well. This mode is not handled anymore as a generic connection to a socks proxy, but it is specifically designed for Tor and therefore solves multiple issues, especially in Linux and OS X, including the "infinite routing loop" problem (see for example http://tor.stackexchange.com/questions/1232/me-tor-vpn-how/1235#1235 ) As far as we know, Eddie is the first and currently the only OpenVPN wrapper/frontend that natively allows OpenVPN over Tor connections for multiple Operating Systems. https://airvpn.org/tor We recommend that you upgrade Eddie as soon as possible. Eddie 2.12 for GNU Linux can be downloaded here: https://airvpn.org/linux Eddie 2.12 for Windows can be downloaded here: https://airvpn.org/windows Eddie 2.12 for OS X Mavericks, Yosemite, El Capitan and macOS Sierra can be downloaded here: https://airvpn.org/macosx PLEASE NOTE: Eddie 2.12 package includes an OpenVPN version re-compiled by us from OpenVPN 2.4 source code with OpenSSL 1.0.2k for security reasons and to fix this bug: https://community.openvpn.net/openvpn/ticket/328 Eddie overview is available here: https://airvpn.org/software Eddie includes a Network Lock feature: https://airvpn.org/faq/software_lock Eddie 2.12.x is free and open source software released under GPLv3. GitHub repository https://github.com/AirVPN/airvpn-client Kind regards & datalove AirVPN Staff