Staff

Hello! Can you please re-post it? That pastebin page content has been deleted. Would you like to open a ticket with logs, at your convenience, citing your message in the thread? We would like to put you in touch with some developer, directly. We have tried with multiple combinations and in different ways, but we never managed to reproduce the issue... Kind regards

chattr acts on file system flags, so if a file is flagged immutable, root user passing through OS r/w can't change it until the flag is reset. That said your report clearly shows a potential bug (minor, not critical). Do you have some procedure to reproduce it with a certain degree of regularity? Currently we can't find a way to do it in Debian 7 and 8. Kind regards

Hello! There are no DNS leaks on Linux. What Eddie version are you running ("AirVPN" > "About") and which ArchLinux version? In Eddie 2.11.1 Mono caused in some Fedora systems to cache the resolv.conf file for a couple of minutes, so new DNS were queried only after that time. However, this issue had been fixed. Probably the best course of action is that you open a ticket so that we put in you touch directly with the developers. In the ticket, please include a system report taken WHILE the problem is occurring, and a system report after the problem has ceased. To send us a system report click "Logs" tab, click the safe belt icon and paste into your message. Kind regards

That's correct and expected: Network Lock is a set of iptables and ip6tables rules enforced when Eddie starts. Such rules are not permanent and on top of that Eddie will explicitly restore previous ip*tables rules when you shut it down. The easiest way is to set proper iptables rules at the very beginning of your init. See also https://airvpn.org/topic/12175-network-lock/ Kind regards

LZO should be enabled. The reason is that on some DD-WRT firmware interfaces (as well as in some network-manager-openvpn versions for Linux, we suspect), setting LZO to "Disabled" will not originate "comp-lzo no" directive. The comp-lzo directive could be totally omitted. This will cause connection failure when our servers push "comp-lzo no". You need "comp-lzo yes" or "comp-lzo no" (it doesn't matter which, it will be overridden by VPN server) to be fully compatible with our service. Kind regards

Eddie for Windows 7 can run with .NET framework 2, while Eddie for Windows 8/10 needs .NET framework 4. Which Eddie version are you running? Note that the inactivity timeouts occur on the OpenVPN flow, not on Eddie's. We see at least two important problems in those logs, on top of something interfering with UDP anbd/or OpenVPN packets (or just line instability): routes and outdated tun/tap driver (manual installation? you disabled auto-update in Eddie options?). Please feel free to open a ticket, this thread is probably not appropriate (because troubleshooting does not seem to involve Eddie beta bugs). Kind regards

That's impossible. Even if you insert a third-party nameserver in the resolv.conf file, the DNS query will be tunneled. If the local router is also a DNS server and forwards DNS queries in the clear, then again this is not a DNS leak by Linux (Linux has just sent some traffic inside the local network, traffic which is, must be and is compelled to stay outside the tunnel). A DNS leak occurs when a DNS query to some DNS server on the Internet is NOT tunneled in spite of the routing table. This can't happen on Linux, unless explicitly configured to do so. However, DNS leaks can happen in Windows, because there is no DNS implementation there (there is something that emulates a DNS implementation in some circumstance but in reality it's something very different, and very alien). We can't support you to solve a problem that does not exist.. If you open a ticket you'll get full support, but of course on the problem that you really have, not on the problem that you think you have. Don't worry, the support tickets are handled without this joking spirit. Kind regards

Currently not reproducible, we're sorry. As long as it's not reproducible, it does not exist for us: if you want to help us reproduce the problem (which is probably on your system for the current knowledge we have) please open a ticket. Kind regards

There are no DNS leaks on Linux.

With which .NET framework? It's hard to provide exact numbers, but on our (few) Windows 7 x64 testing machines the user interface is roughly 100% faster, which is a remarkable improvement (up to 2 times faster in most user interface operations). Kind regards

Hello, the problem must be in how you and your friends try to access the service. How do you do it? We did it without problems, as we told you, at .airdns.org: You should have seen two unauthorized access attempts from user "airvpnwashere" in your service logs. Kind regards

Hello! We can reach your service (well, we did not pass the authentication, but that's not important ). Everything seems configured correctly: we reached it even using your *.airdns.org name. Notes: probably useless to say that your forwarded port is not 12345, but just in case... check the listening port (when you try to access the service from the outside). Also remember that you can't access a service behind some VPN server from any device connected to that same VPN server. Kind regards

Hello, an unexpected behavior can derive from two firewalls running at the same time: two softwares with the same privileges modifying the OS filtering table together... Network Lock in Eddie 2.10 sets Windows Firewall rules, so the outcome when it runs in competition with Bitdefender is unpredictable and can lead to all sorts of problems, including security problems. Eddie 2.11.xbeta uses Windows Filtering Platform, so you might be able to use concurrently even a third-party firewall with Network Lock, as long as this firewall does not manipulate WFP rules and does not set incompatible rules evaluated after the WFP rules. Kind regards

Hello, can you please check whether your /etc/resolv.conf file has the "immutable" flag set? If so, nothing can change it with ordinary r/w operations (not even root) until you clear the flag with chattr. Kind regards

IMPORTANT NOTE: point 2 is optional, point 3 is MANDATORY. Actually point 2 can be ignored. Point 1 is included in point 3. Kind regards

It does exactly as you say (of course you need to re-run it to give it chance to fix the situation). However it does not do that when one or both DNS servers were missing (in the original settings of the physical network interface). This is the bug which has been fixed in 2.11. Kind regards

We are reflecting on this carefully due to OSTIF comments. Below you find quoted the passages that in our opinion deserve further consideration. https://ostif.org/openvpn-audit-updates-news-and-more/ Kind regards

Hello! 1) Make sure to download only Eddie 2.11.9beta (Eddie 2.10.3 stable is not compatible with Mono 4 and will not install in Mint 18). https://airvpn.org/topic/18625-eddie-211beta-available/ 2) If you downloaded the .deb package, right-click on it and select "Open with" > "Installer" (menu item names may slightly change according to your file manager). Alternatively install it with dpkg (and resolve dependencies with apt-get) or install it in one pass with gdebi. If you downloaded a tarball extract everything in one single directory you created for the purpose. Kind regards

Hello! Please try to set HTTP proxy in Eddie interface (and not with a custom directive), use at least one Outside VPN Tunnel route also from Eddie interface, connect to server, and post the filtered Stats->Generated OVPN and the system report (Logs > life belt icon > paste). Kind regards

Australia, Turkey, United Kingdom, Singapore are not mid-eastern countries and could be considered "western" countries for their alleged lifestyle and purposes (Turkey has been negotiating entering the EU since years and years ago, and they should know that a basic founding principles of the EU is the protection of human rights) or for their actual or theoretical legal framework based on protection of human rights (Singapore, Australia, United Kingdom) that have historically been promoted for the first time by western countries (and by United Kingdom itself in times that many forget too soon and too easily). Kind regards

Hello! Let's go from theory to practice, to see how applicable and not applicable is this law. So let's assume that an activity of a Netherlands server is allegedly infringing US laws. How do the investigators determine the identity of the computer who committed the alleged crime, to install spyware on it? They don't know anything about this user, just that he/she is somewhere on Earth. They could try to get a court order to install spyware on that server, or they could try to find out the computer of the owner of the datacenter or of the Air owner to install a spyware on them. Very hard, if not impossible, to obtain a court order authorizing that, but anyway even if they did, and even if they could successfully manage to infect the computer of the dc owner, the VPN server and the computer of Air owner, how could that help the investigation? How could that retrieve any information usable in a court for the original case? Kind regards

Hello! We're very glad to inform you that a new 1 Gbit/s server located in Austria is available: Alderamin. The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, Alderamin supports OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! We're very glad to inform you that two new 1 Gbit/s servers located in Switzerland are available: Achernar and Sirrah. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, Achernar and Sirrah support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! We're very glad to inform you that two new 1 Gbit/s servers located in Czech Republic are available: Centaurus and Turais. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, Centaurus and Turais support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! We're very glad to inform you that two new 1 Gbit/s servers located in Belgium are available: Capricornus and Columba. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, Capricornus and Columba support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team