Jump to content
Not connected, Your IP: 54.234.191.202

Staff

Staff
  • Content Count

    9221
  • Joined

    ...
  • Last visited

    ...
  • Days Won

    1371

Posts posted by Staff


  1. @pnnl

    Hello!

    You can now connect to port 47107 too, on all servers. WireGuard testing on server side can be considered successfully complete. We will probably advertise WireGuard support as a stable one when Eddie 2.21 is released (currently it's in beta testing).

    Kind regards
     

  2. 4 hours ago, Pwbkkee said:

    Network Lock apparently does not prevent my Debian 11.1 system from querying my router's DNS resolver and receiving valid responses from it. After establishing a VPN connection with Goldcrest, and after Goldcrest has reported the removal of my router's IP address (192.168.1.1) from the network filter,
    ...
    dig @192.168.1.1 -q airvpn.org -t A +dnssec +multiline +tcp returns a complete and valid response.


    Hello!

    That's correct and expected because Network Lock does not and must not block communications with your router, otherwise your system would be completely isolated from the network. Please note that while a connection is active, your system can't query the router DNS server, because Bluetit sets VPN DNS (provided that you do not disable this feature) - and actually you need to specify in dig a specific address.

    It's up to you to prevent such situation when the VPN connection is not active. The "problem" is that your system gateway address is also your system DNS server address. Act accordingly by configuring properly DNS settings of either your system, your router or both.

    Network Lock might make an effort to prevent some communications with your router by blocking destination port 53 to your router. That's however a questionable solution and currently it's not adopted, maybe we could implement it as an option in the future. Anyway it would not work in Hummingbird but only in Bluetit, given the different network lock and persistent network lock: logic when Hummingbird drops the connection, it cancels Network Lock, while Bluetit does not, when persistent Network Lock is enabled (consider to enable it anyway).

    Kind regards
     

  3. @lex.luthor

    Hello!
    Nov 24 11:12:45 betelgeuse bluetit: WARNING: Cannot resolve nl3.ipv6.vpn.airdns.org (Temporary failure in name resolution)
    Apparently your local DNS has problems with AAAA.

    Try to connect in IPv4 by re-setting "airipv6" to off (default value) in bluetit.rc. If your ISP does not support IPv6, you can anyway tunnel IPv6 over IPv4 (set "air6to4" to on).

    Kind regards
     

  4. Hello!

    We're very glad to inform you that the Black Friday week has just begun in AirVPN!
     

    Save up to 74%

    when compared to one month plan price

     

    Check all plans and discounts here: https://airvpn.org/buy


    If you're already our customer and you wish to jump aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day.

    AirVPN is one of the oldest and most experienced consumer VPN on the market, operating since 2010. It never changed ownership, it was never sold out to data harvesting or malware specialized companies as it regrettably happened to most competitors. 

    AirVPN does not inspect and/or log client traffic, and offers:

    • five simultaneous connections per account
    • IPv6 full support
    • AES-GCM and ChaCha20 OpenVPN ciphers on all servers
    • WireGuard support on all servers
    • Perfect Forward Secrecy with unique per-server 4096 bit Diffie-Hellman keys
    • active daemons load balancing for unmatched high performance - current 'all time high' on client side is 730 Mbit/s with OpenVPN and 1046 Mbit/s with WireGuard
    • even more, exclusive features, such as DNS customizable and flexible block lists to neutralize sources of ads, spam, trackers etc.


    AirVPN is the only VPN provider which is actively developing OpenVPN 3 library with a fork that's currently 113 commits ahead of OpenVPN master and adds key features and bug fixes for a much more comfortable and reliable experience:

    AirVPN, in accordance with its mission, develops only free and open source software for many platforms, including Android, Linux (both x86 and ARM based systems), macOS and Windows.


     

    giphy.gif

     


    Kind regards & datalove
    AirVPN Staff


  5. 31 minutes ago, inc said:

    Another mystery, using either Wireguard or Hummingbird I can check using IP/DNS that I am connected to Airvpn but when I go to Ookla speed test it shows my real IP and ISP (Three uk) is this right It never used to show that it used to show  ISP: M247 Ltd has some thing changed or have I changed a setting somewhere over the last week trying to get Wireguard working.


    Hello!

    It doesn't sound right but from your description it might be some cached page. Hummingbird enables Network Lock by default so everything should be fine (provided you did not disable Network Lock manually) but to stay on the safe side please open a ticket for a cross-check (it's off topic here).

    Kind regards
     

  6. 13 hours ago, Daniel15 said:

    I'd love to know this too. With OpenVPN you get hardware accelerated algorithms, but it runs entirely in userland so there's a lot more context switching. WireGuard is not hardware-accelerated, however it's in kernel code so there's less switching between userland and kernel mode. With a large number of connections, I'm curious as to whether the reduction in context switching offsets the lack of hardware acceleration for the encryption algorithms.

    Hello!

    You are correct. Furthermore, OpenVPN runs in a single thread of a single core, so we need to run multiple instances (one per virtual CPU) to get more performance at server level (of course a client remains connected to the same instance during the whole session life), while WireGuard scales well. We will not publish at the moment meaningful statistics, unfortunately, because our servers run at the same time multiple OpenVPN instances and WireGuard, and clients connect in a wide mixture of modes. Any data set would not have relevance or reliability.

    Kind regards
     

  7. 1 hour ago, misam said:

    Public Report – VPN by Google One: Technical Security & Privacy Assessment

    https://research.nccgroup.com/2021/04/08/public-report-vpn-by-google-one-technical-security-privacy-assessment/


    We don't see how any assessment of any kind would make any difference when NSA has inner access to Google infrastructure, as we all know since 2013 when the PRISM program, revealed by the documents leaked by Snowden, provided proof of that. On top, of course, of all the ties between Google, the CIA and the State Department disclosed by Wikileaks (check also Julian Assange's "When Google met Wikileaks" and the excerpt https://wikileaks.org/google-is-not-what-it-seems/).

    Kind regards
     

  8. @postergus

    Hello!

    Thank you for your great feedback!

    Goldcrest offers the option to drive Bluetit with a fine grained access control (typically to any user in the group airvpn), instead of having to gain root privileges. It's a paramount security enhancement which is not underestimated by any serious UNIX administrator.

    About the competition for DNS settings between Bluetit, systemd-resolved and Network Manager, there is no easy solution to implement in Bluetit, as each of the hundreds Linux distributions may work differently. Furthermore it would be probably dangerous (if possible at all) that Bluetit tried to block DNS operations by root processes or other daemons.

    Just to say, systemd-resolved alone has several working modes: modes which bypass resolv.conf file and modes which don't. It's plausible that the best course of action is that each system administrator, according to her or his needs as well as system status, performs a fine-tuning.

    Kind regards
     

  9. @XV-8774

    Hello!

    We have detected the same problem on a few Samsung devices running Android 10 and 11. Although the cause of the lack of "traffic-through" is currently unknown, (and we don't know why only certain Samsung devices are affected) we verified that Eddie 2.5 alpha 3 resolves the problem. Please see here to download the apk (you need to uninstall Eddie 2.4 first, and then side-load Eddie 2.5 alpha 3):
    https://airvpn.org/forums/topic/49705-eddie-android-edition-25-alpha-is-available/

    Eddie 2.5 beta 1 public availability is imminent, currently we are testing it internally.

    Please let us know whether Eddie 2.5 resolves the problem for you too.

    Kind regards
     

  10. Hello!

    To help us troubleshooting DNS block list issues with WireGuard, please activate at your convenience the DNS List "Air ADV", and try from terminal (Linux and macOS)
    # dig ad-delivery.net @10.128.0.1
    or in Windows
    # nslookup ad-delivery.net 10.128.0.1

    Then publish the output.

    Kind regards


     


  11. 14 hours ago, mazurka7 said:

    I seem to remember that it was possible at one time to send screenshots to Support via Contact form in the course of opening a ticket. That option has disappeared. Hence my query in this forum since I have no idea if it had been deliberately disabled. If that were the case, it would be for completely inconceivable reasons (to me) as screenshots are one of the most useful things requested and submitted in technical support.

    Can the Staff kindly comment on this and provide a way for users to  submit screenshots to Support?


    Hello!

    The issue is unexpected and not deliberate, we will investigate.

    In the meantime, please do not attach files, just copy and paste text into your message. In particular, do not send screenshots which in many cases are useless and cause only a waste of time for obvious reasons. Should attaching screenshots be absolutely unavoidable, attach them to an e-mail to support@airvpn.org

    Kind regards
     

  12. 2 hours ago, autone said:
    Yes. I can confirm it works as advertised now. 👍

    Thank you, we're very glad to know it. We have not changed anything on our side so the cause of the problem remains unknown. If it wasn't on your side, the problem might re-appear. Open a ticket if it does to let us investigate more properly.

    Kind regards
     

  13. @Zebby

    Hello!

    The forum for the community is moderated and moderators can warn an account with points for posts infringing community forum policy.

    Kind regards
     

  14. Hello!

    We're glad to inform you that Eddie 2.5 Alpha 3 is now available. It includes the ability to start and connect during bootstrap (if Master Password is disabled) according to a priority list which includes automatic choice, your defined country and your defined server, on top of the usual ability to start and connect at bootstrap via a profile. The feature is available in Android versions from 5.1 to 12, and in Android TV versions from 5.1 to 9. The feature is lost in Android TV 10 and 11 due to unavailable operations on Android systems lacking "Always on VPN" option.

    Eddie 2.5 Alpha 3 is now linked against OpenSSL 1.1.1l and also features several bug fixes, including bugs reported in this thread. The first post has been updated to show the correct URL of the latest apk and its checksum.

    Please keep testing and report malfunctions and bugs, thank you in advance!

    Kind regards
     


  15. @spinmaster

    Hello!

    It's a bug in the Configuration Generator coming from the times when the name earth3.airpvn.org existed. Now it doesn't exist anymore. Please modify it into earth3.vpn.airdns.org or earth3.all.vpn.airdns.org. The first name resolves into the entry-IP address 3 of the "best" Earth server, the latter into entry-IP addresses 3 of all VPN servers.

    We will fix the bug, in the meantime you can simply edit with any text editor your ovpn file. Thank you for having found and pointed the bug out.

    Kind regards


     

  16. Quote

    I'm not following. UDP ports are blocked by an institution level firewall,


    @monstrocity

    Hello!

    That's irrelevant for the problem @autone mentioned. Regardless of the tunnel transport layerl, inbound packet forwarding must work both with TCP and UDP, and both with WireGuard and OpenVPN. The fact that you can't use WireGuard is related to a possible UDP block but has nothing to do with the packet forwarding problem inside the tunnel experienced by @autone with WireGuard only. We invite @autone to open a ticket if the problem persists. In this way we can check in real time what happens with packet forwarding.

    Kind regards
     

  17. @msbntt
    @OpenSourcerer

    Hello!

    Investigation on this case and a few similar ones will start soon. It's a rare issue as far as we can see and it's confirmed.

    @msbntt
    Please try now. If you still can't connect we will compensate the fact that you can't access the service until the problem is resolved. If you have urgent need to connect and still you can't now, please open a ticket and we will give you a disposable account for the time being necessary to resolve the bug.

    Kind regards
     
×
×
  • Create New...