Staff

About Tomato Firmware Tomato is a small, lean and simple replacement firmware for Linksys' WRT54G/GL/GS, Buffalo WHR-G54S/WHR-HP-G54 and other Broadcom-based routers. Official website: http://www.polarcloud.com/tomato. PrerequisiteMake sure you triple-check that your version of Tomato supports OpenVPN or you'll be sorry. I strongly recommend Toastman's build of Tomato because of its widespread feature support and stability. StepsUnder Basic->Network, configure your 3 static DNS servers. If you wish to use the AirVPN DNS set 10.4.0.1 as first DNS IP address. The Air DNS will enable you to access internal Air services, geo-routing services and bypass ICE/ICANN USA censorship (more information here). About the others, I recommend picking ones from the OpenNIC Project because many of the servers don't keep any logs, which is consistent with the Air service, plus they would allow your internet service to continue functioning in the event of a government-ordered root DNS server shutdown- https://servers.opennic.org/Under Basic->Time, make sure that the correct time zone and server is configured.Download the OpenVPN (.ovpn) file of your choosing under "Client Area -> Config Generator" after you log in the AirVPN site. In the Configuration Generator make sure to tick "Advanced Mode" and "Separate certs/keys from .ovpn files". In order to determine the IP address of the server you wish to connect to, please resolve "servername.airservers.org". For example, for Acrux resolve "acrux.airservers.org". Find the server names by looking at Status page.For the actual configuration, please see the following two screenshots of the Basic and Advanced OpenVPN Client Configuration: Under Basic, sub in your own correct protocol, IP and port in place of what I have in my own config. In the Advanced Custom Configuration text box, the options are as follows: resolv-retry infinite remote-cert-tls server comp-lzo verb 3 Under Keys, you'll need to again text edit your user.key, user.crt, ca.crt and ta.key files, copy the matching keys and certificates and paste them into the text boxes in your router config. - ta.key is the Static Key - ca.crt is the Certificate Authority certificate (in some older builds, "Server certificate") - user.crt is the Client Certificate - user.key is the Client KeyAbout certificates files (user.crt and ca.crt) content, just copy and paste from "-----BEGIN CERTIFICATE-----" (included) up to "-----END CERTIFICATE-----" (included).Save all settings.Under Status, click Start Now and count for 30 seconds. Go to https://airvpn.org and at the bottom of the screen it should show you are connected or visit https://ipleak.net for check. Tested withToastman's build of Tomato [v1.28.7500 MIPSR2Toastman-RT K26 VPN] on Asus RT-N16 router.Tomato-ND-1.28.7633-Toastman-IPT-ND-SmallVPN on Buffalo WHR-G54S Feedback For any comment or feedback, you can find the discussion here. Thanks to Baraka for this article.

Hello, thank you for your subscription! In spite of what you claim here, we replied to your ticket a few minutes after you opened it, but we never received any feedback. Please proceed to reply at your convenience. Kind regards

Hello, can you reach 10.4.0.1 in the VPN? Are you running OpenVPN directly in your server? If so have a look here: https://airvpn.org/topic/9608-how-to-accept-dns-push-on-linux-systems-with-resolvconf If resolvconf is not a viable option for you, just take care about the DNS yourself, in /etc/resolv.conf By the way, OpenVPN logs are essential to try to understand the source of the problem, feel free to post them. Kind regards

Hello! We do not log, inspect or monitor OpenVPN clients traffic. Other software procedures in our web site acquire and store (in backend servers) username and password (salted and encrypted) when a user registers in our web site. E-mail address can be stored as well, but that's optional: it's a customer's decision whether to enter a real e-mail address or not. We do not check if an e-mail address works or not. These data are stored in backend servers (never in VPN servers and/or in frontend servers) and retrieved when a customer wishes to log an account in our web site. If a user pays for a subscription, additional data are stored and linked to the account in our backend servers (again, not in VPN servers and not in frontend servers): - the start date of the subscription - the expiration date of the subscription - the generated OpenVPN client key and certificate - the payment method used for the subscription and its transaction ID Kind regards

Hello! Eddie acts correctly, it sends the proper signal to OpenVPN Management and wait for OpenVPN to comply. What you suggest would imply that Eddie forcefully kills OpenVPN, re-launches it etc. This would not be correct and could potentially cause various problems. Kind regards

we have made a topic for How-To configure Asus Router with native OpenVPN support. Model tested: RT-AC68U but it should work for all Asus routers that have OpenVPN support, for example model RT-AC87U. Kind regards

About AsusWRT AsusWRT is a unified firmware developed by Asus for use in their recent routers. The firmware was originally based on Tomato-RT/Tomato-USB, but has since seen many changes. Asus started using this new firmware with their recent routers (RT-AC68U, RT-AC87U), but they also started moving other routers to this new firmware. Prerequisite Asus Router with AsusWRT (native OpenVPN support). Model tested: RT-AC68U but it should work for all Asus routers that have AsusWRT. see Official website for AsusWRT model support list. [Firmware Notes]: Please upgrade the router Firmware to the latest version. "New Asus Firmware supports 4096 bits key and will work with AirVPN." Steps 1. Create configuration files from our Config Generator. Select [Router or others] and choose a server you like. Tick on [Direct, protocol UDP, port 443] and click on [Generate]. Save the openvpn config file .ovpn (Ex: AirVPN__UDP-443.ovpn) anywhere on your computer. 2. Open the Asus router webinterface and click on [VPN]. Click on [Add profile], choose [OpenVPN] tab. Enter a "description", leave username and password EMPTY. Click on [browse] and select the downloaded openvpn config file (.ovpn). Click on [upload]. Click on [OK]. That's it now you can click on [Activate] to connect to AirVPN server. 3. Make sure to setup the AirVPN DNS this way: Click on [WAN] tab. Turn [DNS server] "off" (No) and enter AirVPN's DNS 10.4.0.1 as first DNS IP address (it's DNS for Protocol UDP, Port 443 - see Specs for more details). About the secondary DNS entry, we recommend picking ones from the OpenNIC Project. The AirVPN DNS will enable you to access AirVPN geo-routing services to bypass discriminations based on IP address geo-location. 4. Visit https://ipleak.net and check whether it works. Every client (PC, Smartphone, Console, Smart TV ..) which is connected to the router now is secured by VPN and also has full access to the anti-geo-blocking service. Useful Info A custom firmware for Asus routers based on official AsusWRT called Asuswrt-Merlin is available. AsusWRT-Merlin retains all the features of the original stock AsusWRT firmware with added/enhanced features. More info on AsusWRT-Merlin website http://asuswrt.lostrealm.ca/features

Hello, what is your OS and which software do you run to connect to our service? When your system is allegedly connected to the VPN, browse to: http://ipleak.net and verify carefully all the data. Feel free to open a ticket to get proper support. In the ticket please include the connection logs of the software you use to connect. If you run our client please click "Logs" -> "Copy to clipboard" and paste everything into your message. Kind regards

Hello! It appears that OpenVPN is already running (and running fine, connected to a VPN server and tunneling traffic). Since the Air client Eddie is an OpenVPN wrapper (i.e. it "drives" OpenVPN, consider it as a layer above OpenVPN with a lot of additional commodities, which also translates your commands to OpenVPN), it will refuse to start a new OpenVPN instance if it finds that another OpenVPN instance is already running, warning you with the message "OpenVPN is already running". While the Air client is not running, open up again the task manager and terminate the process "openvpn.exe" (note: this will disconnect your system from the VPN). Then re-run Eddie. Kind regards

Website: http://www.rsi.ch/ Website: http://www.srf.ch/ Swiss public television channels (RSI, SRF). Status: OK Native: CH servers. Routing: All other servers.

@2Girls1CPU Hello, we provide a DDNS which is already included in any AirVPN account subscription and that does exactly what you're asking for: https://airvpn.org/topic/9314-what-is-dynamic-dns Kind regards I was tentative to mention AirVPN's DynDNS feature because of the prominent "Warning: DDNS doesn't work correctly with two o more connections." I suspect most users will be using two or more connections. Hello! That's very true, thanks for the clarification. Kind regards Disclaimer: DynDns is a registered trademark by Dynamic Network Services, Inc. AirVPN does not use anywhere in its service, web site, forums and support tickets the term "DynDns" to indicate or describe AirVPN DDNS.

@2Girls1CPU Hello, we provide a DDNS which is already included in any AirVPN account subscription and that does exactly what you're asking for: https://airvpn.org/topic/9314-what-is-dynamic-dns Kind regards

That's correct, when Network Lock is enabled outgoing IPv6 packets are blocked. Additionally Eddie has an option to disable IPv6 completely in Windows, it seems that it's this option that in hugomueller's system does not work as well, on top of firewall malfunction in the same system. Since the problem can't be reproduced in our testing systems and is not a problem for thousands and thousands of other systems based on Windows, we think that it's a very peculiar problem in the hugomueller's system which also seems to have additional, various internal problems. Kind regards

Hello, we have insert swiss tv (rsi.ch, srf.ch) in our anti-geo-blocking service. Can you try again and confirm that it works now ? Kind regards

Hello! Well, with Tor over Air you don't put your trust on AirVPN. Our servers will see only traffic encrypted by Tor and only to/from various Tor guards (at least for your applications using Tor). So it's quite a good partition of trust. If you don't use end-to-end encryption you put a lot, really a lot, of your trust on the Tor exit-nodes operators, watch out. Tor over OpenVPN with end-to-end encryption is really good and, as we have seen from leaked documents, it is a "huge", huge problem even for NSA. Kind regards

Hello! No, the VPN servers are not compromised. It's that web site that's compromised. You can easily verify that. First of all, have a look here: https://sitecheck.sucuri.net/results/www.lsri.uic.edu Then, look at how that page appears in Google cache (it appears with scam links): https://webcache.googleusercontent.com/search?q=cache:-hOXCMK9BA0J:www.lsri.uic.edu/faculty-staff+&cd=1&hl=en&ct=clnk&gl=it The above shows that it's not a problem in our VPN servers and that it's not an injection in the middle. So, that's what we think (and we are very very probably right) has happened to that web site. Someone infected their web server with SEO spam, and they configured the php / js / whatever file to show the scam links and pages only to some destinations in some list which includes Google bot, dedicated servers... In this way the scam is indexed and the rank is increased. This enhances the likelihood that the scam will remain for a long time before the web site operators even realize that their server has been compromised. From an Italian ISP we can see the scam links, from other ISPs we can't. Also, most of our VPN servers don't see the scam links (so they are not included). That's a quite subtle tactics for the purposes of the attackers. Is there anyone willing to link this thread to that web site operators? We'll also do the same as soon as possible. Kind regards

@sheivoko Adding a "Con" to VPN over Tor: all the system traffic will flow indefinitely on the same Tor circuit (for an important reason Tor does not change circuit for the same TCP stream - incidentally it is this feature that makes OpenVPN over Tor a viable option). Kind regards

@Verby The DD-WRT OpenVPN client logs you posted in your previous message showed a successful connection. Please proceed to test as we told you to, in order to verify whether the traffic is properly tunneled or not. When/if something goes wrong open a ticket. Kind regards

Hello! That's correct. UDP is connectionless, so when a client loses the connection to the VPN server and is unable to notify the server, the server has no way to know that the client is no more there. The VPN server will assume that the client is no more connected after the ping timeout and the system will accordingly free up the connection slot. With TCP this problem does not occur because the server almost-immediately knows of a client disconnection, even if not explicitly notified about it by the OpenVPN client. Now that you have managed to connect your DD-WRT router to our service, you could connect your iPad to your router and have its traffic tunneled "transparently". Regardless of the amount of the devices connected to the router, our system will only see one connection, thus only one connection slot will be "busy" for your account. About the strange logs from OpenVPN in DD-WRT (connection/disconnection series warned by the OpenVPN management) that could be just a glitch of the OpenVPN management. To determine whether it's the case, browse (with your iPad connected to the DD-WRT router, while the router is allegedly tunneling traffic) to airvpn.org and verify whether the central bottom box is green or red. If it's green then the traffic is properly tunneled (airvpn.org sees your connection coming from one of the exit-IP addresses of the Air VPN servers). If it's red something is wrong, in this case feel free to open a ticket and send us at your convenience the screenshots of the DD-WRT OpenVPN client configuration panel and/or re-check configuration with our instructions https://airvpn.org/ddwrt Kind regards

Actually it was not at all a problem of notices. See here for the whole story, if you are curious: https://airvpn.org/topic/10166-new-100-mbits-server-available-izar-in-experimental All the other datacenters in India we have inquired pose the same or similar problems: they can't meet our technical requirements, we're sorry. Kind regards

@wakaflockaflame Hello, just as a side note (quite irrelevant for the core of the important arguments you raise) we would like to add that you can access Netflix USA from Swiss servers (provided that your system queries the VPN DNS server). Kind regards

Hello! Unfortunately Netflix Canada blocks ALL of our Canadian servers. So we decided that Netflix USA is maybe better than no Netflix at all in Canada. Kind regards

Hello, we have inserted tvcatchup.com in UK routing. Kind regards

Hello, Issue for Wilmaa online TV has been fixed. Kind regards

@eyes878 Warning, that procedure would work only on Windows, which handles sockets in a very peculiar (and somehow dangerous) way. In every other operating system you must also take care about the so called "infinite routing loop problem": communication between Tor and the guard node (the first node of each Tor circuit) will fall back into the VPN. Eddie for Linux and OS X resolves this problem by talking to Tor Control to detect and route correctly the guard(s) IP addresses (Eddie adds specific routes to the Tor guard to prevent the infinite loop). Kind regards