Staff

Hello! We're very glad to inform you that a new 1 Gbit/s server located in Romania is available: Ruchbah. The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, Ruchbah supports OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! Exactly, starting from Bernstein and Lange criticism and proposals, there appear to be plenty of good options. Thanks! But between 2010 and 2014 we anyway used 2048 bit DH, we never implemented 1024 DH in the public service. Kind regards

Hello! Not immediately, some radical changes are needed in our setup: https://community.openvpn.net/openvpn/ticket/307 https://community.openvpn.net/openvpn/ticket/410 That would be optional not to risk to break compatibility with a potentially massive percentage of our customers who do not run OpenVPN supporting/patched for ECDHE. However, at the moment this would seem unnecessary for logjam, because we use our DH group with 4096 bit prime: http://sourceforge.net/p/openvpn/mailman/message/34132515 We are hesitant with Elliptic Curves Cryptography, because we would start to use curves based on parameters recommended by NIST, which are the curves "created" by Solinas (NSA). More details on our hesitations: https://airvpn.org/topic/14086-about-updating-the-hash-message-authentication-code/?do=findComment&comment=26950 Therefore: since logjam does not seem to affect our service, we can evaluate to postpone ECC support to OpenVPN 2.4. When it will be released, we could count on generic OpenVPN ECC support (i.e. with no patches to apply), in any case after our doubts are solved, Alternatively, we could add optional ECDHE support before OpenVPN 2.4 release (keeping good old discrete log cryptography available for compatibility) but only when we can trust NSA curves (or when OpenSSL does not use NSA curves group). Kind regards

Hello, our policy stands for Etamin as well: no protocols discriminations. Is anybody else experiencing this problem? Kind regards

Hello! To all those experiencing the problem, can you please test Eddie 2.10 Experimental for Linux? It includes also a bugfix which could solve the issue. You can download that version in the usual Linux download page. Click "Other versions" then select "Experimental". We'll be looking forward to your feedback. Kind regards

Hi! Actually Eddie adds two important parameters to the formula for the servers rating: latency from the node in which it runs, and failed connection(s) to a VPN server (if any) again from the node it runs in. Eddie choice therefore can differ from the equivalent (same area) resolution of *.vpn.airdns.org, and choices of different Eddies in different systems for the same area can be different as well. Kind regards

Hello, all the original staff is still here. You can write to info (at airvpn dot org) attaching your public gpg key. Info will reply with its public gpg key. Kind regards

Hello! Could you please test and answer to the previous post? It would be an important information for us. https://airvpn.org/topic/14304-intermittent-connectivity-issue-with-eddie-airvpn-client-v292/?do=findComment&comment=28014 Kind regards

Hello! OpenVPN does not allow more than 64 "remote" entries in configuration files, but our Configuration Generator does not take that into account, it's a bug which needs to be fixed. In the meantime do NOT tick "All servers for area/region" under "Resolved hosts", or select a maximum of 64 servers. Kind regards

Hello! So it's not that the ISP blocks customers ports, it blocks non paying customers ones! Use a proxy for apt. http://askubuntu.com/questions/53146/how-do-i-get-add-apt-repository-to-work-through-a-proxy Kind regards

Hello! Ubuntu packages can be obtained with connections to port 443, for example with apt-get. Are you sure that your ISP blocks outbound port 443? Can you browse to https web sites, such as airvpn.org? Kind regards

Hello! Actually we think that zhang888 is totally right. On top of that, we would like to add that, even if an add-on were totally reliable for some browser, solving the so called "WebRTC leak" at browser level could be a false or partial solution. We would recommend solutions at firewall level, like our Eddie "Network Lock". Please see here for explanations of the above and for further considerations: http://www.clodo.it/blog/an-alternative-approach-to-so-called-webrtc-leaks Kind regards

Hello, another test please... while disconnected from the VPN, with Network Lock off, go to "AirVPN" -> "Preferences" -> "Advanced" -> "General". Set the "Servers list update every:" combo box to "Never". Click "Save". Then, activate Network Lock and try to connect to a VPN server. Is the connection successful? Is it stable? If so, after you're sure that the connection is stable (for example after 30 minutes or so), go to "Servers" tab. Click the button with a white circular arrow in a green field, "Refresh the servers list". Does it cause again the problem immediately? Can you also tell us your exact distribution name and version? Kind regards

Hello! Is the problem mitigated or does it remain the same if you de-activate Network Lock? Kind regards

It's actually seem to work fine. There are 8 users connected and about 20Mbit of traffic. https://airvpn.org/servers/Etamin/ The main status page is probably manually updated, so when the server is back online it will still show Down/Maintenance until a Staff member will update it. Hello! The main status page is automatically updated, In this case Etamin did not accept new connections for its status, but already established connections were kept. Kind regards

Hello, this is only momentary, issue will be solved soon (check also https://airvpn.org/status in the near future ). Kind regards

Hello! To comply to our transparency policy we would like to inform you that since Leaseweb NL has been a key provider of our infrastructure in Northern Europe and since Leaseweb controlling company, Ocom, has repeatedly acted in a way that has convinced us that we can't consider Leaseweb a reliable partner anymore for strategic purposes, we have been working to remove Leaseweb from our key providers. It will be downgraded to a "secondary provider" (those providers which are not a key part of the infrastructure). All the infrastructural demands and requirements previously provided by Leaseweb in the Netherlands have been and are being relocated to Sweden and to different Netherlands providers with identical connectivity features, in several cases with superior hardware. This is a very important improvement in our infrastructure and an important step to solve issues of over-dependency from a single provider, according to the golden rule of "de-centralization". Impact on our customers will be positive: infrastructure is getting more robust and resistant. Moreover, hardware is being progressively renovated to satisfy the higher required numbers of simultaneous connections caused by Air significant and important growth in the last four months. Kind regards AirVPN Staff

Hello! We're very glad to inform you that ten new 1 Gbit/s servers located in the Netherlands are available: Alrai, Garnet, Gienah, Jabbah, Maasym, Mirach, Miram, Rukbat, Sheliak and Subra. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, Alrai, Garnet, Gienah, Jabbah, Maasym, Mirach, Miram, Rukbat, Sheliak and Subra support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Together with Sweden servers and other recently added servers in the Netherlands and other European countries, these servers are part of a global replacement of Leaseweb NL servers. A separate announcement about this will follow shortly. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

We never asked for that...

Hello! Correct... there are (in OpenVPN related forums) hundreds, if not thousands, of positive feedbacks about the new driver, and very few negative ones like yours. It's somehow puzzling, we can't say much. Just as an idea, are you running some non-default network-manager? Asus, Acer and other manufacturers often pre-install their own network-managers which replace Windows default one, but such software sometimes causes a dramatic performance hit to various virtual network cards, including the tun/tap interface. Kind regards

Hello! We're very glad to inform you that a new 1 Gbit/s server located in Switzerland is available: Kitalpha. The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server acceptw connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, Kitalpha supports OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! We're very glad to inform you that six new 1 Gbit/s server located in Canada are available: Aludra, Chort, Enif, Gorgonea, Rotanev and Sharatan. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, Aludra, Chort, Enif, Gorgonea, Rotanev and Sharatan support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hi zhang888 and everybody, disclaimer: this message is written by only one person of the staff, while other persons are still investigating. We confirm that: - in VPN servers we use Diffie-Hellman 4096-bit keys - in VPN servers we do not use the same prime numbers used by millions of web sites - our web site does not support DHE_EXPORT That said, we are still investigating whether a TLS downgrade on the Control Channel is possible and, even if it was, how to affect DHE to force one of the sides to a DHE_EXPORT downgrade up to 512 bit. References which we have started from: Theory: https://weakdh.org/imperfect-forward-secrecy.pdf Practice: https://weakdh.org/logjam.html At the moment, we operate from a very conservative/paranoid approach so we are not ruling out 100% anything, but we can at the moment state that: - web site is totally secure on server side About OpenVPN in our setup: - Attack I is obviously not possible, since it requires weak DH 512-bit primes in the first place - Attack II (and therefore Attack III) appears infeasible, for different premises which are not met: "The server, in this case, only needs to support DHE_EXPORT cipher suites or use 512-bit parameters in non-export DHE ciphers. The client must be using the TLS False Start extension; that is, the client sends application data before receiving the server's Finished message in the TLS handshake." The question is whether it's possible to think about a mutant, specific attack form explicitly aimed to OpenVPN Control Channel to affect DH keys for Data Channel encryption. We will keep you updated of course. We are focusing on OpenVPN because even if you use it over SSH or stunnel, TLS+DHE downgrades on them appear to be not essential since your main "defensive" layer remains on the underlying OpenVPN. Kind regards

We owe you a lifetime supply of the finest non-industrial beers. Kind regards

We don't understand this discussion so you might like to clarify things between you three (no flames please). We do however understand this point, once again you claim that port forwarding does not work on LA servers, so we would like to confirm once again that port forwarding works just fine on Los Angeles servers. Kind regards