Staff

Hello!

We just had confirmation from another user that AirVPN is accessible from Egypt through the connection mode mentioned by @go558a83nk - therefore we feel to "validate" fully what @go558a83nk wrote.
We invite anyone experiencing problems from Egypt to open a ticket, the support team is available 24/7.

Kind regards
 

3 minutes ago, kbps said:

Appears that there is indeed a problem with all of the London servers. Server status page is now showing low packet loss for all of them.  This has to be related to the recent data center move. @Staff

Hello!

Yes, those servers suffer a constant ~ 20% packet loss in IPv6 only. You can safely use them with full performance in IPv4. Avoid them if you need IPv6 mainly. Datacenter technicians have been informed and we are waiting for their investigation and reply.

Kind regards
 

Hello!

We're not aware of any security concern as they are layers "on top" of well tested tunnels without known vulnerabilities. Currently Russia and China users can access AirVPN, however should the need arise we strongly recommend Tor with private bridges with various pluggable transports. We have invested a lot on Tor infrastructure (see our mission), including support for an important amount of worldwide Tor exit nodes traffic, and Tor is free for everybody. No matter the obfuscation technique employed, a country or ISP can block any VPN service (and other services operated by small or average sized companies) by harvesting and blocking its servers IP addresses, a task which, on the contrary, becomes quite difficult with Tor, where volunteers all around the world set up private Tor bridges every day.
https://bridges.torproject.org/

Kind regards
 

@spikyllama

Hello!
 

2 hours ago, spikyllama said:

- I have forwarded 5 ports: the first four I am using for outgoing connections (which I think is for uploading/seeding):

Your AirVPN account port panel pertains to inbound ports only. Outbound ports are all open by default. You need to forward only one inbound port. See also: https://airvpn.org/faq/port_forwarding/
 

2 hours ago, spikyllama said:

I have set up my Deluge settings as such: screenshot

In general binding to the VPN IP address may be a mistake: as soon as your VPN IP address changes the torrent program will no more be able to bind. Therefore you would need to change the torrent program settings every time you start a new session on a different server with OpenVPN. With WireGuard things are different but anyway keep this issue in mind and consider, if it's the case, to remove the binding to a specific VPN IP address.
 

2 hours ago, spikyllama said:

- I have disabled every checkbox (per the tracker's rules): UPnP, NAT-PMP, PEX, DHT, and LSD

Please re-enable DHT and PEX. Please re-check the whole torrent program configuration against this guide: https://airvpn.org/faq/p2p/
 

2 hours ago, spikyllama said:

When I test port, 46419 is labeled as open, and the rest show "connection refused (111)"

Perfect. The other four inbound ports don't exist in your system and connection refused means that your kernel (or a packet filtering tool) actively reset the attempted connection when receiving packets for those ports.
 

2 hours ago, spikyllama said:

This is the issue, and what shows up every single time (this was in qBit but the result is the same in Deluge): screenshot

Upload speed heavily depends on swarm requests. In well seeded torrents it may happen that bandwidth offer exceeds bandwidth demand. Additionally some peers use block lists aimed at blocking datacenter IP addresses (for example to avoid connections from copyright infringements hunters harvesting IP addresses, as they use dedicated hardware in datacenters in many cases). If you perform a speed test do you get a decent upload performance?

Kind regards
 

Version 2.23.2

• [bugfix] [macOS] Fixed an issue with disk .DMG build
• [change] [Windows] curl 8.2.1
• [change] [macOS] Preferences > WireGuard > MTU
• [bugfix] [all] Fix for exit failures
• [change] [all] OpenVPN 2.6.6
• [change] [all] Minor fixes and code cleanup, preparation to net7 upgrade

This version will be considered stable as soon as possible.
Other issues reported in tickets or in this topic are under investigation.

Hello!

Pros: in case of disconnection, Eddie will re-connect to the same server and your seeding IP address will not change on the swarm, allowing immediate re-connections by all peers that discovered you.
Cons: if the server your system is connected to goes down Eddie will not be able to re-connect (Network Lock will anyway prevent any possible traffic leak).

Kind regards
 

Hello!

Our software is free and open source, while we repute at the moment not acceptable to provide external companies with root access to our servers to perform audits which can not anyway guarantee future avoidance of traffic logging or transmission to third parties. On the contrary, we deem very useful anything related to penetration tests. Such tests are frequently performed by independent researchers and bounty hunters and we also have a bounty program.

Kind regards
 

Hello!

The entire business model is based on avoiding pause & resume options to offer the best prices you can find in the world on equal grounds.
Additionally, as @Air4141841 noticed in part, some options OP advertised for competitors were available in AirVPN well before such competitors even existed.

@rock3716
And actually the competitor you tried to advertise offers prices which are between 19% and 100% higher than our prices, according to the plan you pick.

Due to multiple abuses in this thread correctly detected by community members, we once again remind you that explicit or hidden, surreptitious, shadowed advertising is forbidden and may cause permanent bans.

Kind regards
 

@brianperplexis

Hello!
 

Quote

W 2023.10.14 08:28:23 - Authorization failed. Look at the client area to discover the reason.
. 2023.10.14 08:28:23 - OpenVPN > AUTH: Received control message: AUTH_FAILED
. 2023.10.14 08:28:23 - OpenVPN > SIGTERM received, sending exit notification to peer

We noticed that you deleted the old key(s) and created a new one. When you do so, you need, from Eddie's main window, to log your account out and in again. That's the only way to force Eddie to re-download keys (Eddie will not do it automatically) and you must do it every time you renew your client key(s). Please uncheck "Remember me", log your account out, then log your account in again (you will need to re-enter your credentials) finally test again connections.

Kind regards
 

@TooLittleTime

Hello and thank you for your tests!

We are unable to reproduce the issue at the moment, can you please tell us whether you see the same when you run Hummingbird (with Bluetit not running at all)?

Kind regards
 

Hello!

Unfortunately we will not operate in Australia because of the infamous anti-encryption law, we're sorry, but yes, we are going to seriously consider more bandwidth in New Zealand.

Kind regards
 

29 minutes ago, bnrrteterstnjrsj45 said:

Only one server. Still. 

Hello!

DCO code is in highly experimental phase and subject to radical changes. Still.

** NOTE **
ovpn-dco is currently under heavy development, therefore neither its userspace API
nor the code itself is considered stable and may change radically over time.

Kind regards
 

Hello!

Tor is free for everyone and we strongly encourage to use and support it. AirVPN has supported Tor since 2010, and TorProject multiple times in the last 8 years. Currently AirVPN provides a valuable support to 4% of the Tor exit nodes worldwide traffic in Quintex Alliance Consulting datacenters, which is a remarkable amount if you think of AirVPN size. AirVPN also offers the ability with a few clicks to build tunnels over OpenVPN over Tor which are a starting point to add further anonymity layers. Or you can simply connect to Tor after you have connected to our VPN servers for a paramount anonymity layer enhancement.

Tor however does not support UDP, so all UDP based applications are cut out, and p2p is very problematic on the Tor network. Furthermore, if you need a quick inbound remote port forwarding to bypass your ISP NAT or just have some privacy for a service of yours which must be reachable from the Internet, with Tor you would need to setup an entire onion service which will be accessible only from Tor network, while with AirVPN it's a matter of a few clicks. That's when AirVPN comes into play. In the mentioned cases AirVPN becomes handy or even irreplaceable, just think how more and more VPN services have suddenly dropped the, sometimes vital, remote port forwarding support. We just ask as a courtesy not to run Tor exit nodes behind VPN servers for obvious reasons.

On the other hand no VPN can provide something on par with Tor anonymity layer and the synergy between Tor and AirVPN is probably the "way to go", as some of our old customers told us recently. As @OpenSourcerer replied to your question, in general you should rely on Tor for multi-hopping and to strengthen the anonymity layer, and not on chaining VPN servers, in most threat models. Chaining VPN servers is usually too weak to be a suitable solution for any threat model except maybe those which foresee a very trivial adversary. Multi-hopping on different VPNs could even (paradoxically) LOWER your anonymity layer as you need to keep different subscriptions, different accesses, and any mistake can be exploited to add correlations.

You could even double-hop with AirVPN servers with quick virtualization, or triple-hop with virtualization and a router, as any account can establish multiple concurrent connections, but we're the first to strongly deprecate this behavior for all the mentioned reasons.

Remember that when you support monetarily AirVPN (i.e you don't use it only with the free access), you support Tor network too.

Kind regards
 

@itzik_gerbi

For your comfort we paste here the answer you received from the support team. As AirVPN staff, we would also like to add that both Eddie and the Suite are free and open source software under GPLv3.
 

6 hours ago, OpenSourcerer said:

Never heard of coupons for 1 month. All discounts start with the 3-month plan usually. Unfortunately you just missed the End of Season Sale; the next would be Black Friday next month, I believe.

Hello!

Probably Halloween promotion will be confirmed and therefore it will come first. And you're right, free trials of 1 month never existed.

Kind regards
 

Hello!

Some context for the readers as well: Eddie 2.23.1 added full support with proper DNS management for every systemd-resolved working mode. Any older version will misbehave whenever systemd-resolved is running (various working modes are not supported).
AirVPN Suite added full support with proper DNS management for every systemd-resolved working mode in 2022 (1.2.0 or higher version).

Kind regards
 

@WildWereWolf

Hello!

It would be a very good idea to remain locked out from remote machines accessible only through remote desktop or ssh, and not IPMI interface.  

It is also an intrusive and permanent change of system settings which in the past was refused by the majority of our customers. Anyway, you can easily implement the feature in your Mint box with the proper three or four firewall rules (the support team already showed them to you when you asked for an iptables example). The solution is so fast (it takes literally a minute or less) that we don't see why you just don't implement it, end of the story.
You may also consider the AirVPN Suite with its feature networklockpersist and Eddie's feature Enable Network Lock at startup - however they are not exactly the same because first Bluetit daemon or Eddie process must be raised up, and then network lock is enforced, therefore providing an additional protection against "locking out". AirVPN Suite manual is here.

Kind regards
 

Hello!

You can (Eddie 2.21.8 or higher version required). Please note that the domain name(s) must be resolved with your system DNS, before a VPN connection is started, and therefore Network Lock must allow this exception - Eddie will warn you if this condition is not met. Also note that this is not always a 100% reliable configuration for those services which rely on CDN serving content dynamically.

Kind regards
 

13 hours ago, P.Bear said:

I know this is to avoid spam. But this technique only makes sense when implemented correctly. On this forum, this is not the case. As I said in my previous post, sometimes you have to wait 7 hours for a post to be validated, in the middle of the day! It obviously lacks moderators. (not your fault)
And this is my 5th post and I still have the same message. Even though I complained. So you obviously don’t have the ability to check me off as not a bot to stop this limit. That’s ridiculous. Hopefully airVPN has better VPN servers admins than their web developers 😅

@Mytob I will try to help you with pleasure, but it will be too complicated here clearly. @PBear06 on telegram for example, if you want.

Hi,
the limit is exactly 5 messages, from now on your messages will not be subjected to moderator's approval. This community forum is by the community for the community as a gift from AirVPN, open to everyone, not restricted to AirVPN customers. If you don't like a gift, just refuse it and live happy, or become part of the community and help make this forum an even better place. It must be said anyway that in 13 years only 3-4 people complained about the messages approval time and the massive usage of this forum shows that it is appreciated by most people and even by non AirVPN customers, so after all this gift is fine and the community is able to manage properly the whole thing.

Kind regards
 

On 9/16/2023 at 6:36 PM, Mokmok12 said:

when is the end date please?
 

Hello!

It will end on Sunday 24 Sep 2023 23:59 CEST.

Kind regards
 

16 hours ago, Stalinium said:

I have a similar issue using a custom namespaced setup with Wireguard but in a different way. Firefoxes' DNS lookups inside the namespace will work until the computer goes to sleep. After waking up Firefox will be unable to resolve any hosts until Fx is restarted. I have not tried loading websites per IP, maybe Firefox actually loses all connectivity in this case. Arch Linux.
Just a guess, did you put a per-namespace resolv.conf file where it belongs? Somewhere around mans/arch wiki or systemd text there was a proposal of a standard to have per network namespace resolver configuration. Maybe Firefox when it doesn't run DoH looks at the wrong resolv.conf and tries to contact the local DNS resolver from another namespace.

Hello!

Yes, of course, we take care of both resolv.conf and nsswitch.conf inside the aircuckoo namespace (/etc/netns/aircuckoo/nsswitch.conf) in order to

1. prevent the feared and dangerous "DNS leaks inside then tunnel" which affect other traffic splitting implementations based on cgroups and
2. cover various distributions, including systems where systemd-resolved runs.

In our "reversed" traffic splitting implementation, the aircuckoo namespace apps must query the system DNS.
Per network namespace resolver configuration seems an established feature, or do you mean something else with the proposal you mention? Or do you imply that systemd-resolved may cause additional problems we have not taken into account?

For your specific problem, we have no immediate suggestion unfortunately, we would just recommend that you check (for example with Wireshark) what happens to Firefox packets after the system woke up. We're also unsure whether this article may help you, probably not but we link it anyway just in case:
https://philipdeljanov.com/posts/2019/05/31/dns-leaks-with-network-namespaces/

Feel free to keep us posted, and we'll do the same, as the different outcome with / behavior of Firefox in different distributions is under investigation and we need to clarify the issue carefully.

Kind regards
 

@andy097

Hello!

The IPv4 route check is successful while the IPv6 route check fails. Let's see whether the latter is a false positive by Eddie or not. Try to disable route check as well as DNS check, respectively in "Preferences" > "Advanced" (uncheck "Check if the VPN tunnel works") and in "Preferences" > "DNS" (uncheck "Check Air VPN DNS"). Enable Network Lock and try again connections. Verify both your IPv4 and IPv6 connectivity (if everything is fine, you should be able to reach IPv4 sites as well ass IPv6 only sites, like ipv6.google.com).

Kind regards
 

On 9/21/2023 at 11:45 AM, revsplus said:

Glad to see this preview. Questions: shall we see a port to FreeBSD of the whole Suite? Can we expect app based traffic splitting on Windows?

Hello!

We're terribly sorry, the port to FreeBSD is currently frozen. We will re-consider it anyway in the future, but only after the Suite 2 stable version for Linux is released. As far as it pertains to Windows, we will leave the answer to the Eddie Windows edition developer.

Kind regards
 

9 hours ago, ARandomGuy said:

Is it just me or is it a severe problem? I mean, if cuckoo just forces an app to run in a specific network namespace with no other process isolation whatsoever then not only browsers but also any program checking whether another instance of itself is already running in order to share resources or opt for delegations will cause all sort of troubles to the unaware user. Was the first instance launched in the root namespace or in the cuckoo namespace? Was another instance running because it started at boot? How the user is supposed to remember and track all the instances and know which programs check for another instance of themselves when starting?

Waiting for developers answers and hoping that, if I'm correct, this unhappy preview is just a bump in the road, after all it's only alpha 1.

Hello and thank you for your tests!

Of course, as you say, this is an early preview, an alpha 1, so we can and we will improve the software. With the understanding the the highest security level is reached only by renouncing to traffic splitting or by splitting traffic only through boosted virtualization via a proper hypervisor, our solution aims at offering a fair balance between a very light implementation and a safe environment. If we pushed on virtualization too much, then the user might as well use directly pushed solutions of non-Linux third-party components and software suites, such as VirtualBox or Docker. It's not in our vision to burden the AirVPN Suite at those levels, as the Suite is thought to remain the most lightweight piece of software we release.

In the current default setup, you have a minimum of two separate login users in any Linux box: airvpn and your usual user. By default, only airvpn can run cuckoo. If you consider not to add your current user to the airvpn group, you can safely rely on the fact that the types of processes you mention launched by your current user will never be affected by processes started by airvpn user and vice-versa. In this way it's almost impossible to cause a confusion by distraction and, for example, using a browser outside the tunnel while you think that it's inside.

It's also obvious that a decent concentration level is always required, but that's required even with full virtualization, because no security model can save you from the distraction to assume wrongly that a specific VM is connected to the VPN while in reality it is not. So nothing new, traffic splitting was, is and will be requiring some attention, no matter how you achieve it. Stay tuned for the alpha 2, we are working on it.

Kind regards