Staff

Hello! We inform you that due to datacenter needs, Aquila VPN server (Fremont, California) has been assigned new IP addresses. If you use Aquila-specific configuration files please re-generate them. If you run Eddie (any edition), no specific action is required, Eddie will update data automatically. Kind regards AirVPN Staff

Hello! This forum is specifically dedicated to reviews of AirVPN, please browse the various threads. Kind regards

Hello! We don't deem those tests reliable at all. Why are they performed against servers in Malaysia (Kuala Lumpur and Puchong)? That's a questionable choice for our servers in New Zealand, Japan and Singapore. Try with comparison servers and VPN servers in the same country. The only correct choice was Sydney when you were not connected to the VPN. Trying OpenVPN makes sense in case WireGuard and/or UDP are shaped. In this latter case please make sure to test OpenVPN over TCP. Kind regards

@ScanFarer Hello! Your analysis is correct. The maximum amount of bandwidth this month which Haedus could give was 7 Gbit/s: One of the main reasons is that the load on the CPU increases more than linearly as the number of OpenVPN connected clients increases. Other reasons include routing, since the maximum throughput one can get is the maximum throughput that the slowest hop in the route can provide. While more and more users switch to WireGuard, the servers will be able to deliver more bandwidth, because WireGuard scales excellently. Consider that each OpenVPN process runs in a single thread of a single core (when OpenVPN's DCO is stable things will change), forcing us to run multiple processes, while we only need to run one WireGuard process which distributes load evenly on all cores. Furthermore, WireGuard doesn't copy data from kernel to userspace and vice-versa, while OpenVPN does (again, OpenVPN's DCO running in the kernel space will do the same). Actually, Haedus can provide almost 4 Gbit/s (8 Gbit/s on the server, in practice) when the connection is performed by a single client. Increasing MTU size might also improve performance further, only provided that there's room in the frames. From Android devices, almost everyone runs WireGuard, because Eddie Android edition is set to WireGuard by default. From desktop devices, Eddie's default is OpenVPN at the moment, so many users start with that default setting and stick to it. What to offer by default is a matter of analysis on desktop systems: WireGuard poses privacy issues and can be easily blocked, while OpenVPN is definitely and sometimes significantly slower even on most AES-NI supporting devices but offers dynamic address assignment and the invaluable abilities to connect over stunnel, SSH, SOCKS proxies, Tor (working in TCP). Kind regards

Hello! We're very glad to inform you that a new 1 Gbit/s full duplex server located in Tokyo (JP) is available: Ainalrami. The AirVPN client will show automatically the new server. If you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts OpenVPN connections on ports 53, 80, 443, 1194, 2018 UDP and TCP, and WireGuard connections on ports 1637, 47107 and 51820. Just like every other Air server, Ainalrami supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/Ainalrami Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! Both conditions are not expected. Now that the previous problem is resolved at least in download (yes, the upload seems even worse now, puzzling!), try to enlarge at small steps the MTU size. Start with 1340 bytes. If the performance improves, keep going up at small steps of 20 bytes maximum (1360, 1380...). As soon as performance decreases, go back to the previous step for optimum performance. Another factor to consider is packet errors caused by the physical layer, if the device is connected via WiFi. Unfortunately WireGuard's puny log does not help in this case, so try anyway to change channel and get a stronger WiFi signal (ignore if the Pi is already connected via Ethernet): https://www.metageek.com/training/resources/why-channels-1-6-11/ How is the upload band measured? Kind regards

Hello! Thank you for your suggestion. In the meantime you can reliably install the APK that you can download from our official repository, for maximum safety. We are the first to recommend NOT to download any APK from unknown sources of course. Kind regards

Hello! We do not detect any malfunction in remote port forwarding system, which has been thoroughly tested in the last 13 years after all, so please open a ticket at your earliest convenience. You will be asked for more information. The current description does not allow a proper assistance, unfortunately. Side note: our port test is performed only over TCP. Kind regards

Hello! This looks like a relatively new Reddit policy, not specifically aimed at VPN, but at any IP address not assigned to residential ISPs. In this case access is granted but only after you have logged in. Just tested from all Japan servers, including Taphao, and we could access. After the login all Reddit is accessible, as far as we see. To maintain a robust anonymity layer in Reddit you need an anonymous e-mail address created with the protection of AirVPN and/or Tor, of course. Follow the instructions you have published in your screenshots to login (the login page does not block access from Tor or VPN or datacenters). Two years ago Reddit started to prevent users to post more than a comment every 10 minutes if the connection came from a datacenter IP address ("if you are accessing from an hosting provider" hints to any non-residential IP address). The behavior you report seems quite new and we confirm that it happens even from dedicated servers completely unrelated from our VPN activities. However the system is still coughing because, on the other hand, as @mazurka7 correctly wrote, some VPN servers are not subjected to this filter. Kind regards

@benfitita Hello! You might check what happens with WireGuard when you have multiple addresses for a single host in the hosts file. gethostbyname or getaddrinfo will return all the addresses, same identical effect as multiple A records in DNS for a qualified domain name. So if you think that DNS resolution can be good for this use case, then you don't need DNS and FQDN, but you can just edit the hosts file. It remains to be seen which address WireGuard picks when the resolution returns an array or a linked list of addresses. Kind regards

Hello! Network Lock is not persistent (it's a set of firewall rules which will be lost when you reboot the system) so it's possible that the problem is related to DNS settings and not to Network Lock. Keep in mind that VPN DNS are accessible only from inside the VPN, so if they are still set then your system can't resolve names. If Eddie failed to restore DNS settings (for example if it suffered a dirty shut down) you may re-run Eddie and shut it down properly. Since Eddie keeps a safety backup of system settings, it should restore the previous DNS properly. If even the safety backup was lost (for example you uninstalled Eddie) you can easily set DNS from the system settings. We recommend Quad9 (9.9.9.9) for privacy and neutrality commitment. If you run Windows: https://www.windowscentral.com/how-change-your-pcs-dns-settings-windows-10 If you run macOS: https://support.apple.com/guide/mac-help/change-dns-settings-on-mac-mh14127/mac Kind regards

Hello! It might be an unfortunate combination of events: Eddie 2.21.8 is unable to manage properly DNS changes when systemd-resolved runs in on-link mode or anyway any mode which bypasses resolv.conf, therefore your system DNS are not changed properly and you keep querying the usual system DNS most times. Then, one of your system DNS seems poisoned, and your school network administrators may try to act as a man in the middle to monitor your traffic (not so unusual in schools, although it is an abhorrent practice which will expose students to various tremendous attacks, and not only by the school personnel). However, if you have not installed their root certificates, the browsers can't get fooled and you will get those security errors you noticed. You might like to upgrade to Eddie 2.23.2: https://airvpn.org/forums/topic/56428-eddie-desktop-223-beta-released/ This new beta version added full support with proper DNS management for every systemd-resolved working mode. Then, please do not disable route check and DNS check. You must be absolutely sure that you bypass your school DNS and you must also be sure that the tunnel is established. Enable Network Lock as well (before you start a connection) from Eddie's main window. When you start using Eddie 2.23.2 feel free to report again to re-check the whole situation. Some more documentation about possible man in the middle attacks performed by corporate and school networks through the installation and acceptance of root certificates and monitoring proxies: https://security.stackexchange.com/questions/104576/my-college-is-forcing-me-to-install-their-ssl-certificate-how-to-protect-my-pri Note how a VPN will protect you against those attacks and therefore the network administrators might try to block VPN usage. Kind regards

Hello! A new server in Auckland has just been added. https://airvpn.org/forums/topic/56975-new-1-gbits-server-available-nz/ Kind regards

Agree with what was said here. I do, however, get 1Gbps full-duplex through my ISP on a residential line; it's about 1.25Gbps up and down. There have been points where I've used more than 100TB a month, and I still get peak speeds 24/7. I'm sure that in some areas where a PON is oversubscribed, you will see dips in speeds, but I guess I am pretty lucky, considering I've used petabytes of data within a year. I'm sure my ISP has some kind of traffic shaping in place, but I guess there aren't as many bandwidth-hungry users in my area. The funny thing is that I am using one of the biggest ISPs in the US, and they don't explicitly say anything about fair use as far as traffic and bandwidth consumption. Hello! Sounds great. With a dedicated IP address, it would be suitable for a full featured dedicated server, extremely competitive against any datacenter! How much do you pay per month, out of curiosity? Kind regards

Hello! We're very glad to inform you that a new 1 Gbit/s full duplex server located in Auckland (NZ) is available: Tianguan. The AirVPN client will show automatically the new server. If you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts OpenVPN connections on ports 53, 80, 443, 1194, 2018 UDP and TCP, and WireGuard connections on ports 1637, 47107 and 51820. Just like every other Air server, Tianguan supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/Tianguan Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

@Koalaman Hello! Maybe connecting to Singapore (as it happened in your example) is not ideal from some Australia ISP. Can you please test specifically Japan, New Zealand and California (we mention California because there's a direct connection via a submarine cable between Australia and California, worth a try anyway). Also please set MTU to 1320 bytes in the [Interface] section of your WireGuard configuration file and check whether performance improves or not. MTU = 1320 You can edit the configuration file with any text editor. Re-run WireGuard to apply the change. Note: Bleutit 2.0.0 alpha 2 already sets WireGuard interface MTU to 1320 bytes by default (next release will let you set a custom value as well). Kind regards

Hello! Impossible, unless you have a dedicated line with a very high price. Nowadays residential ISPs sell 10 or 1 Gbit/s asymmetric lines where the peak bandwidth is "best effort", as the the broadband capacity is shared. That's why you don't pay 7-800+ USD/month for a Gigabit (1-10) unmetered line and that's why traffic "management" is widespread. In various European countries, and as far as we know this happens even on many USA ISPs infrastructure, the traffic gets shaped if you consume more than a dozen TB per month, according to a practice graciously renamed as "fair use", "acceptable use", "quality of service", and you never get the nominal peak bandwidth on peak hours. Your line is capable of, say, 1 or 2 or 10 Gbit/s, but your upstream can not provide the nominal peak to all the connected lines (and therefore customers). Overselling is perfectly normal and it's not a shady practice because the ISP never tells you that you have guaranteed allocated bandwidth with your contract (quite the opposite, in fact, with the "fair use" contract clauses). On the contrary, on datacenters you can connect a dedicated server to dedicated lines with hundreds of TB per month and failover, or even unmetered. Those lines are connected to upstream devices which can guarantee 24/7 the nominal peak bandwidth for the dedicated server. A 1 Gbit/s full duplex line constantly at capacity will cause ~ 648000 GB (~632 TB) per month and for such usage the prices are not even remotely close to the prices offered by residential ISPs. @cccthats3cs Exactly. Our infrastructure must respect the minimum allocated bandwidth according to the binding advertisement on the home page. 4+4 Mbit/s might look not much to the untrained eye, but it's huge, much higher than what most residential ISPs offer through broadband global sharing, and higher than most VPN competitors. However, all of this has a price and your considerations are indeed correct. Express, one of the biggest VPN in the world (maybe the biggest ever since it was acquired by Kape) publicly declare (compare Yahoo Finance or Forbes) more than 4 million customers, of which 1/4 connect at the same time, and each customer has 8 connection slots. That VPN offers about 3000 dedicated servers with shared or dedicated lines, for a total of ~40000 Gbit/s, therefore it guarantess "only" ~2.5+2.5 Mbit/s per connection (not binding, as they are not mentioned or advertised anywhere), which is less than AirVPN's 4+4. Even 2.5+2.5 is anyway good (especially if you compare it with that Windscribe's 0.596 Mbit/s), but it must be mentioned that AirVPN's prices are lower than Express' prices, with or without promotions. As a curiosity calculation, our infrastructure offers 612000 Mbit/s and at any given time 22000 connection slots are used at most, so assuming that the connections were ideally, evenly divided into all world areas and that all the users asked for maximum bandwidth at the same time (worst case scenario!) and that they had no peering, routing or any other type of problem (yes, a very ideal world), they would get 27 Mbit/s (up + down), which is very remarkable and higher than what advertised. To offer more, we think that a price increase would be mandatory. Kind regards

Hello! Please try again to delete the following file. Make sure that Eddie is NOT running when you do it. Check with the Task Manager. C:\Users\tmth\AppData\Local\Eddie\default.profile Then re-start Eddie. The symptoms all hint to a corrupt configuration file but if the problem persists even after you have deleted that file (Eddie rebuilds a new one with default settings if the file is not found) please consider to send a complete system report: https://airvpn.org/forums/topic/50663-youve-been-asked-for-a-support-filesystem-report-–-heres-what-to-do/ Kind regards

@readchaoschild Hello! Since Fortinet anti-AirVPN filters essentially rely on blocks of our bootstrap servers, it is usually possible to bypass the block by running OpenVPN directly. You will have to renounce to Eddie and test a connection to port 443 over protocol TCP, with tls-crypt mode. The Configuration Generator will generate the file you need. Specific instructions for all desktop systems in order to use OpenVPN directly or an OpenVPN wrapper are avaialble in the respective OS pages: https://airvpn.org/download Worth a test, let us know... Kind regards

@Koalaman Hello! Please try a connection over WireGuard and check whether performance improves. Note: AirVPN Suite 1.3 and older versions don't support WireGuard. The support has been added on the latest 2.0.0 alpha 2. You might test the latest Suite preview (if you feel adventurous) or you can try WireGuard userspace utilities directly, or you can run Eddie Linux edition. Please see here for the latest Suite 2.0.0 preview version: https://airvpn.org/forums/topic/56704-linux-airvpn-suite-200-preview-available/ @zman3000 Since the problem in your case appeared suddenly, please open a ticket (to get official AirVPN support) and a thread of your own (for community support). In general, check here for the performance you can expect in AirVPN when no adverse conditions (for example traffic shaping by the ISP, MTU size problems etc. etc.) are met: https://airvpn.org/status/ Watch the "Top User Speed" table. Moreover, by checking the status page you can also have immediate and updated information on the infrastructure status, so you'll know whether some problem is affecting the infrastrucutre and/or specific servers. A screenshot of the table we mentioned to have a photo of the status of the infrastructure soon after you published the message: Kind regards

Hello! Yes, a generic message, there are no unaddressed complaints in AirVPN. Kind regards

Hello! The screenshot you published shows that it's not a block but a verification that the user is human through the usual Public Turing test. It may happen when there are numerous, concurrent connections from the same IP address, it's not a case of a black listed IP address. Google should never be used, VPN or not, anyway you can also rely on https://startpage.com which will act as a proxy to Google Search, therefore adding some additional privacy layer between you and Google Search. Kind regards

@ms2738 On AirVPN, ads blocking features and much more were implemented in 2021, go figure what level of corruption and inaccuracy these infamous "reviews" sites have reached... https://airvpn.org/forums/topic/49876-new-feature-dns-block-lists/ Avoid to link them here, it's just advertising them and the usual VPN they get money and bribes from. Also consider that many "review" sites belong to editorial groups which in turn belong to Kape, which in turn owns Express, PIA, Cyberghost and ZenMate: https://embed.kumu.io/9ced55e897e74fd807be51990b26b415#vpn-company-relationships/kape-vpns In particular, that's exactly the case of what you linked: the web site you linked belongs to Kape. AirVPN is one of the very very few independent VPNs which still experience periods of explosive growth, so it's obvious that we are targeted and defamed. Add on top of this that we refuse to pay ransoms to lift or delete bad reviews, or to pay for reviews altogether, and you have the picture. By the way, in the face of scullions, corrupt scoundrels and the mentioned picture, AirVPN thrives. Kind regards

Hello! We're glad to inform you that we have an agreement and we are going to configure the new server. When the configuration is complete, we just need a day or two to test and then the server will be available. Kind regards

EDIT: the promotion has been re-activated to honor the 1st declaration in the original message. Hello! We apologize for any inconvenience; due to a misunderstanding and a typo the promotion ended almost 24 hours earlier than announced here. Please open a ticket to get the discount. Any other reader still wanting the discount can open a ticket and obtain it. Kind regards