Staff

Hello! Note that when the client is not running there is NO Network Lock. The client restores WFP or firewall rules when it is shut down. Additionally, the rules do not survive a reboot. Both these features are intentional. If you wish a permanent Network Lock the solution is trivial, just block all the traffic with pemanent firewall rules and keep Network Lock enabled. Then, you have a particular case. If Eddie crashes, or when it is killed without grace, the Network Lock remains "active" (this is of course essential), but as usual will not survive a reboot. Kind regards

Hello! New version 2.11.3beta is now available. Version 2.11.2beta is no more available and RC. Changelog from 2.11.2beta: [bugfix] - Error "Unknown Interface ID" and related WFP errors[new] - Added CLI edition to .deb, .rpm and Mono portable[new] - Added Exit IP to title/status/tray message[new] - Added "Reset to default settings" command in Settings[new] - Windows/Linux - Added an option to start minimized[change] - Tab Settings -> Proxy renamed to "Proxy / Tor"[bugfix] - Windows - Bugfix rare situation when options are not saved at exit[change] - Dump only change option in Support Logs[new] - OS X - Options to show status/speed/server informations in status bar[bugfix] - Windows/Linux - CLI -server option fixedKind regards

We like OpenNIC project for their commitment to privacy and neutrality. As you probably know, our DNS resolves names in the OpenNIC namespace as well. Kind regards

Right, if your system implements DNS correctly. However it is necessary to consider some more subtle profiling ways that Google might have through your accounts, cookies, correlations and more. You'll need to take care of them as well. Additionally, the above is true for systems with a global DNS only, If you do that in any interface different than the tun/tap interface in a system which does not have global DNS in DNS implementation (typically Windows) then things change radically: the DNS queries will go out of the tunnel and Google Search will see you real IP address. Kind regards

You apparently didn't go through the thread, otherwise you'd notice one of my explanatory posts involving Revo Uninstaller. Also, it's essential for Windows 10 to install TAP 9.9.2_3.exe. This is a signed driver. Therefore the AirVPN software, which is not commercial software, contrarily to what you say, is in this list of approved software. We are so much pleased indeed. The driver for Windows tun/tap interface comes from OpenVPN, not from us, because Windows lacks any driver for a tun/tap interface. The Air software (Eddie) package comes bundled with the latest available driver from OpenVPN. No third-party drivers are currently considered. For example the current Eddie 2.11.2 beta includes, in its package, the new driver 9.21.2. It fixes some bugs affecting the previous driver. See also here: https://airvpn.org/topic/18625-eddie-211beta-available/ Kind regards

Hello, there are no DNS leaks in GNU/Linux. If your system queries for example OpenDNS while the system is connected to some VPN server, the DNS queries will be anyway tunneled up to the VPN servers, before going to OpenDNS servers. Nothing to do with DNS leaks which plague systems with incomplete DNS implementation (for example WIndows). However, and obviously, if your system sends the queries to the router DNS server, then the handling of such queries becomes a matter of the router, which may "forward" them out in clear text to the DNS set in the router itself. Again, this is not a GNU/Linux DNS leak. About the bonuses you get by using VPN DNS please see https://airvpn.org/specs Kind regards

Hello! Geo-location is not based on IP address only. You must consider HTML5 geo-location and other methods, especially when you use mobile devices. Or simply correlations: for example, if your system and browser are set in German (language) and the time zone matches with Berlin CET or CEST, the final service you connect to might assume that you're from Germany (in your case, it would guess successfully). So: one issue is not showing the "real" IP address (i.e. the IP address assigned to some device of yours by your ISP); one different issue is geo-location. The IP address is a single element to be considered in geo-location but it's not the only one. Kind regards

Hello! In "AirVPN" > "Preferences" > "DNS" untick "Check AirVPN DNS", set "DNS Switch Mode" to "Disabled" and add the DNS servers of your choice in the box. Kind regards

Hello! You all forgot to include the "ifconfig file" you cite. In any case, we would recommend that one, some or all of you open a ticket (please open just one ticket in total) to receive proper support from the Air support team. Here, anyway, you will receive support from the community, which is usually excellent. Kind regards

Hello! To those who have the issue about a message like Unknown interface IDor Unexpected: NetLock WFP rule doesn't exists(andeby, internet_user, LZ1) Please edit your network interface (Control Panel\Network and Internet\Network Connections) and re-enable the "Internet Protocol Version 6 (TCP/IPv6)" checkbox. Don't worry, Eddie implements IPv6 lock. And de-check the flag "Disable IPv6 at OS level if requested" under Settings -> Advanced. It's still a bug that prevents usage with IPv6 disabled, it will be fixed soon. Kind regards

Hello! Yes, we'll do it on the next release. Kind regards

Hey wait, when one does not use profiling cookies, he/she is not obliged to ask the user for permission to install cookies. But it is good to inform the user that profiling cookies are not used at all. Kind regards

Hello! It is almost offensive to read the above when we are the only service in the world in our field that publishes a real time servers monitor that can be cross-checked to verify we are not lying about our commitment against overselling. The reality is the exact opposite of what you said. We work to squeeze up to the last bit/s on each server line. The issue is challenging even with our AES-NI supporting processors, because we are working with a software (OpenVPN) that can run only in a single core of a CPU (per daemon), and in a semi-complex environment, in which the load on the CPU does not grow linearly (or in some other predictable way, at the moment we did not find any) with the amount of clients per daemon. Just so you have an idea about the above problems (probably other services will not even tell you they exist) have a look here: https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux After that, consider that our cipher for the payload of both Data and Control Channel is AES-256. When you have done your homework, come back here and probably your messages will be fairer. Kind regards

Previous 2.11 was working because the old beta used Windows Firewall by default, the new beta use another new method (WFP). You have an unexpected situation, Eddie doesn't always detect TAP ID to inform WFP to allow the network in NL mode. This is the issue of @internet_user, LZ1, and andeby. We are looking for a solution, but at the moment it doesn't occur on any of our lab machines. Ok, it will be done in the next build. Eddie opens link in the default browser. Does anyone else have this issue? It's on "Automatic" by default... Sounds good. Kind regards

Hello, we don't use cookies to track / profile a user, but we do use cookies on the web site. Without cookies no logging based on username and password would be possible and additional features would not be available. It would be a watered down WWW and alternative approaches should be tried. Kind regards

Thank you both very much, our monitoring system failed to detect the problem. We will investigate soon. Kind regards

We have several frontend servers strategically deployed around the world for any occurrence. We can change airvpn.org DNS records according to needs. Kind regards

Good, so it should be some other problem, not a specific regression of 2.11.2 (good for 2.11.2 we mean!). Maybe it's just a DNS issue, unrelated to Network Lock, that you have since you used Eddie 2.10.3 (it had a bug for which under peculiar circumstances it did not restore properly previous DNS settings in Windows interfaces). So a plausible explanation is that you have the impression you have no connectivity, but in reality you have it. It's only that the system can't resolve names. Kind regards

Hello! Understood and we repeat that it's not how Network Lock is expected to work. Is this happening with Eddie 2.11.2, or did you have this behavior on Eddie 2.10.3 as well? Kind regards

Hello, no, we're sorry, the remote-random directive will have no effect on the Air client, because the client picks a single server anyway. It picks the highest rated server (in the white list, if one is defined). You can anyway define your own white lists and of course pick manually a VPN server. Yes, that's already implemented since a long ago. You have score, latency, load and number of users. You can re-order your list (or white list) per each of these column, by clicking on the column labels. Kind regards

@LZ1 Network Lock is "not active" if Eddie is not running, unless it crashed. When you shut down the software, previous firewall rules (or WFP settings) are restored. This is precisely consistent on all system and with all previous Eddie versions, nothing has changed. Sockets buffers size are set on system defaults on all OS, except in Windows, where the size picked by the system is not acceptable (too small). See the changelog. The menu button is lighted off. When the mouse pointer slides over it turns on. Kind regards

Hello! New version 2.11.2beta is now available. Version 2.11.0beta is no more available and RC. Changelog from 2.11.0beta: [bugfix] OS X - Application Signature[change] Windows - Bundled with TAP version 9.21.2[bugfix] Countries list bugfixes.[change] Windows - Message about upgrading TAP driver[bugfix] Routes -> Outside the VPN tunnel now works[bugfix] Windows/Linux - UI glitch on Network Lock settings with the "Outside the VPN tunnel" settings.[bugfix] Windows/Linux - Minimal UI fixes[bugfix] Linux - Privileges detection on some platform (ArchLinux for example)[bugfix] Windows - WFP mode fixes about Win7/Vista compatibility issues[bugfix] Windows - WFP mode now set by default.[new] Windows/Linux - Column reorder / saving position, width, sorting for servers/areas/logs listKind regards

Hello, the domain name of this "kat" has been seized (before any due process in any jurisdiction, as far as we understand), but were the servers seized as well? Does anyone have the correct, old IP address or addresses? Kind regards

Right. Of course: making clients reachable from the Internet is the very purpose of remote port forwarding. As a side note, what you say can not be done by a client of the VPN server (because you can't communicate with nodes in a VPN if you are connected to the same VPN) but can be done by anybody else on the Internet. Also, it must be assumed that the clients that forwarded ports are in that moment connected to that VPN server, obviously. Kind regards

Hello, the higher the score the better. The lower the latency the better. Kind regards