Staff

Hello, can you please test iPlayer now? The problem should have been solved. Note: some slowdown will still be possible, but that could be a different problem totally unrelated to our infrastructure (attacks against BBC streaming servers will make iPlayer service extremely slow or unavailable, as it has already happened intermittently since Dec the 31st). Kind regards

Having to re-install the driver periodically is atypical. It is not what we can reproduce. It might be a different problem. Make sure that no software in your system uninstalls the driver or anyway interferes with network settings. Also scan for malware. Kind regards

Hello! Don't worry, since you had Network Lock on UPnP did not expose your system to correlations. Kind regards

Hello, the system will forward all the ports you have specified in your control port panel to the VPN IP address of each connection established by your account. If we understand your question correctly, you just need to forward remotely two ports and connect your different PCs to different VPN servers. Both ports will be forwarded to your VPN IP address on each of both servers (then you will have the applications on two PCs listening to the appropriate port on each). Note: you could even forward just one port and have the two applications on your PCs listen to the same port (assuming, again, that you connect each PC to a different VPN server). Do NOT forward ports on your router ("router" intended as a separate box outside your PCs) for this purpose. It is not only useless (because the router does not see anything about the underlying, "real" packet content, as you correctly note in another message of yours) but also would expose your system to correlation attacks. Kind regards

Good question, I connect to Air servers using the included OpenVPN client on Asuswrt Merlin with UPnP off. Are there any further precautions needed and what about those on dd-wrt, tomato or even pfsense? Note these rules (on the guide about how to forward ports in DD-WRT etc.): https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables iptables -I FORWARD -i tun1 -p udp -d destIP --dport port -j ACCEPT iptables -I FORWARD -i tun1 -p tcp -d destIP --dport port -j ACCEPT iptables -t nat -I PREROUTING -i tun1 -p tcp --dport port -j DNAT --to-destination destIP iptables -t nat -I PREROUTING -i tun1 -p udp --dport port -j DNAT --to-destination destIP Bold is ours to make the answer to your question clearer. Kind regards

Hello! 1) It's not that Network Lock "mitigates" the issue, it does solve it entirely at its root. 2) Again, this is much ado about nothing. According to our instructions, it's since 2010 that we instruct how to avoid correlations of these kinds (disable UPnP for example: 5 years ago it was already written in our proto web site). Those VPNs teams that show much concern and exploit sensationalism are just sending a message to gullible and inexperienced people. All the other persons can clearly see that this sensationalism hints to a lack of competence about the most basic and trivial routing concepts. See also this nice article, which treats so called "Port Fail" in addition to other issues (including the one treated in this thread). Another “critical” “VPN” “vulnerability” and why Port Fail is bullshit https://medium.com/@ValdikSS/another-critical-vpn-vulnerability-and-why-port-fail-is-bullshit-352b2ebd22e2#.vgjazzmz8 and how the Great ValdikSS (author of the article and probably reading us) could get (according to his own words which we feel to share) a total of 7300 USD for "such a bullshit issue" (from les incompétents, we would be tempted to add). Kind regards

Hello! We have fixed the issue. Kind regards

Hello! The forums are moderated and the following posts (if coming from not subscribed clients) are deleted before publication: - posts containing ads - posts containing clear spam (typically generated by spambots with pills ads and stuff like that) - posts containing insults, wrong information etc. or violating our netiquette (forums are meant to provide technical support on AirVPN from the community to the community) Since you are not writing from an account that has a subscription to AirVPN, maybe your post was deleted for one of the above reasons. Kind regards

Hello, it was not a problem even at the time of paper publication. Please see https://airvpn.org/topic/14231-ipv6-leakage-and-dns-hijacking Topic locked. Kind regards

Hello! Eddie 2.10.3 is available for OS X. That's just a mistake in the package which will be fixed in the next release. Check in Eddie menu "AirVPN" -> "About" to verify that you're really running Eddie 2.10.3. Kind regards

Hello, "DNS queries leaks" are not directly related to VPN servers, It's a phenomenon which can occur in presence of flawed DNS implementation. For example, Windows lacks the concept of global DNS and system process svchost.exe will rely on every and each DNS server on all the network interfaces to send out DNS queries. Anyway, our client will take care of Windows DNS leaks, or you can just do it yourself with our guides (see the "How-To" section). It takes just a minute. Between very few good tools, hundreds of junk HIPS, firewalls and packet filtering tools are available for Windows. Eddie developer designed Eddie with plug-ins for the Network Lock features. Anybody can create a plug-in for any piece of junk or valuable tool available for Windows. Our solutions proposes Windows Firewall because it's available on every system, because it does not add the risk to get uninvited junk, and because it is not realistic and not worth the effort for us to design plug-ins for all the existing filtering tools (most of which are junkware). Yes, Network Lock available plug-ins for Windows are (as far as we know) currently only for Windows Firewall. Please take the rules set by Network Lock and translate them into your firewall. You might also take the Comodo guide as an example (again, it's in the "How-To" forum). Alternatively get rid of your firewall and use the Windows Firewall. Yes. It's not a matter of integrity, it's just that you would have two programs with high privileges competing to modify concurrently the OS packet filtering tables. The outcome is unpredictable. Kind regards

Its now a B-B rating. Hello! Sorry for the delay. It was downgraded to B rating due to a new DH size limit for A rating. We upgraded our ejabberd to 15.10 and applied a 2048 bit DH key (4096 bit sizes have compatibility issues). Now it's again A-A rating. Kind regards

Hello! Actually it is, but the inefficiency is negligible in terms of overall performance and under any other aspect. We confirm that everything is kept in RAM. Basically usage of RAM disks is involved but we are not willing to enter into details, sorry. Kind regards

Hello! We can confirm the issue and we can confirm that Eddie developer is aware of it. Currently the easy solution is using Eddie portable version, which includes the necessary libraries (the old ones) statically compiled and linked. Kind regards

Very sensible...BUT... not so good for me! I tried to buy a sub (Ihave liked almost everything I have read from/about you). All went well until 'Avangate', who, for some reason could not charge either my credit or debit card (from one of the major banks in scandinavia). I got no help from mailing either them or you. I feel you really should have a European agency in addition to 'Avangate' in America. Avangate is in Europe. Kind regards

Hello! Please see here: https://airvpn.org/topic/16283-experimental-netflix-italy A special greeting to all Italian people working abroad. Kind regards AirVPN Staff

EXPERIMENT CLOSED - PLEASE IGNORE THIS THREAD Hello! We have now experimentally made Netflix Italy available from our CH VPN servers Kitalpha and Virginis. This is a transitory solution before a new geo-routing systems is implemented which will provide all of our clients with much greater flexibility. Plans for the new geo-routing system have been already evaluated and practical implementation tests will start in the near future. As usual, your system needs to query our VPN DNS in order to use the geo-routing service. Please see also here: https://airvpn.org/forum/10-websites-support Kind regards & datalove AirVPN Staff

Hello! Thank you for your nice feedback. That's not realistic with the current pricing. Maybe with the next gen AirVPN, with 10 Gbit/s lines and more powerful CPUs, but necessarily prices would skyrocket (residentials ISPs promising 100 Mbit/s bandwidth for a few dollars per month are just selling a marketing fabricated fantasy). We would like to underline anyway that we do NOT cap anything, so the 160 Mbit/s limit you experience is not due to some explicit throttling, but to the physical limits of the infrastructure: a VPN server must provide 320 Mbit/s to give a client 160 Mbit/s. On 1 Gbit/s lines that means a 32% occupation of the total available bw. Kind regards

Hello, we have insert rpg.net site in our anti-geo-blocking service for NL Servers. Kind regards

Hello, currently there are no blocks, but things could evolve because we see that Netflix is performing changes in its systems in these days and the changes could be not over. At the moment of this writing we do not detect any problem. Additionally, we have an update: now CA servers will access Netflix CA, no more Netflix USA. We would recommend to use VPN DNS. Kind regards

Hello, we are investigating on the problem. There is no need to get upset and insult each other. Topic will remain locked for some hours to let everybody cool down. Kind regards

Hello! Canadian servers access Netflix USA because Netflix Canada blocks them. Therefore we have decided that Netflix USA from CA servers was better than no Netflix at all. It remains to be seen how your iPhone can access Canada Netflix. A possible explanation, although unlikely, is that Netflix Canada lifted the block against our servers AND your iPhone is NOT using the VPN DNS. Very unlikely but worth a check, we'll do. Kind regards

Hello, these forums are available to AirVPN community (as reported in the forums description) and AirVPN staff can read and/or reply to a topic as a courtesy or not. Moderators read all the messages. This is not the place to receive support from the support team: for that, you can open a ticket. Thread locked. Kind regards

Hello! 1) HMAC SHA384 is already available as authentication cipher in the Control Channel. 2) RSA keys size is already 4096 bit, as a well as DH ones. 3) There is no reason to switch from HMAC SHA as authentication cipher in the Data Channel, but we don't rule out a switch in the future. 4) There is currently no plan to switch from AES-256 to AES-128 either on the Data Channel or the Control Channel. https://airvpn.org/specs Kind regards

Hello! We're very glad to inform you that five new 1 Gbit/s servers located in the Netherlands are available: Ancha, Caph, Kocab, Muscida, Pleione. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, Ancha, Caph, Kocab, Muscida and Pleione support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team