Staff

It's actually seem to work fine. There are 8 users connected and about 20Mbit of traffic. https://airvpn.org/servers/Etamin/ The main status page is probably manually updated, so when the server is back online it will still show Down/Maintenance until a Staff member will update it. Hello! The main status page is automatically updated, In this case Etamin did not accept new connections for its status, but already established connections were kept. Kind regards

Hello, this is only momentary, issue will be solved soon (check also https://airvpn.org/status in the near future ). Kind regards

Hello! To comply to our transparency policy we would like to inform you that since Leaseweb NL has been a key provider of our infrastructure in Northern Europe and since Leaseweb controlling company, Ocom, has repeatedly acted in a way that has convinced us that we can't consider Leaseweb a reliable partner anymore for strategic purposes, we have been working to remove Leaseweb from our key providers. It will be downgraded to a "secondary provider" (those providers which are not a key part of the infrastructure). All the infrastructural demands and requirements previously provided by Leaseweb in the Netherlands have been and are being relocated to Sweden and to different Netherlands providers with identical connectivity features, in several cases with superior hardware. This is a very important improvement in our infrastructure and an important step to solve issues of over-dependency from a single provider, according to the golden rule of "de-centralization". Impact on our customers will be positive: infrastructure is getting more robust and resistant. Moreover, hardware is being progressively renovated to satisfy the higher required numbers of simultaneous connections caused by Air significant and important growth in the last four months. Kind regards AirVPN Staff

Hello! We're very glad to inform you that ten new 1 Gbit/s servers located in the Netherlands are available: Alrai, Garnet, Gienah, Jabbah, Maasym, Mirach, Miram, Rukbat, Sheliak and Subra. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, Alrai, Garnet, Gienah, Jabbah, Maasym, Mirach, Miram, Rukbat, Sheliak and Subra support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Together with Sweden servers and other recently added servers in the Netherlands and other European countries, these servers are part of a global replacement of Leaseweb NL servers. A separate announcement about this will follow shortly. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

We never asked for that...

Hello! Correct... there are (in OpenVPN related forums) hundreds, if not thousands, of positive feedbacks about the new driver, and very few negative ones like yours. It's somehow puzzling, we can't say much. Just as an idea, are you running some non-default network-manager? Asus, Acer and other manufacturers often pre-install their own network-managers which replace Windows default one, but such software sometimes causes a dramatic performance hit to various virtual network cards, including the tun/tap interface. Kind regards

Hello! We're very glad to inform you that a new 1 Gbit/s server located in Switzerland is available: Kitalpha. The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server acceptw connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, Kitalpha supports OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! We're very glad to inform you that six new 1 Gbit/s server located in Canada are available: Aludra, Chort, Enif, Gorgonea, Rotanev and Sharatan. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, Aludra, Chort, Enif, Gorgonea, Rotanev and Sharatan support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hi zhang888 and everybody, disclaimer: this message is written by only one person of the staff, while other persons are still investigating. We confirm that: - in VPN servers we use Diffie-Hellman 4096-bit keys - in VPN servers we do not use the same prime numbers used by millions of web sites - our web site does not support DHE_EXPORT That said, we are still investigating whether a TLS downgrade on the Control Channel is possible and, even if it was, how to affect DHE to force one of the sides to a DHE_EXPORT downgrade up to 512 bit. References which we have started from: Theory: https://weakdh.org/imperfect-forward-secrecy.pdf Practice: https://weakdh.org/logjam.html At the moment, we operate from a very conservative/paranoid approach so we are not ruling out 100% anything, but we can at the moment state that: - web site is totally secure on server side About OpenVPN in our setup: - Attack I is obviously not possible, since it requires weak DH 512-bit primes in the first place - Attack II (and therefore Attack III) appears infeasible, for different premises which are not met: "The server, in this case, only needs to support DHE_EXPORT cipher suites or use 512-bit parameters in non-export DHE ciphers. The client must be using the TLS False Start extension; that is, the client sends application data before receiving the server's Finished message in the TLS handshake." The question is whether it's possible to think about a mutant, specific attack form explicitly aimed to OpenVPN Control Channel to affect DH keys for Data Channel encryption. We will keep you updated of course. We are focusing on OpenVPN because even if you use it over SSH or stunnel, TLS+DHE downgrades on them appear to be not essential since your main "defensive" layer remains on the underlying OpenVPN. Kind regards

We owe you a lifetime supply of the finest non-industrial beers. Kind regards

We don't understand this discussion so you might like to clarify things between you three (no flames please). We do however understand this point, once again you claim that port forwarding does not work on LA servers, so we would like to confirm once again that port forwarding works just fine on Los Angeles servers. Kind regards

Hello! The tun/tap interface (virtual network interface used by OpenVPN) does not come up... please try this: https://airvpn.org/topic/8320-solved-connects-but-ip-doesnt-change-on-windows-server-essentials-2012/?do=findComment&comment=8321 Also, upgrading to Eddie 2.9.2 might help with Windows Vista/7/8, because it will use a new driver for the interface which fixes various problems in Windows Vista/7/8. Kind regards

Hello, Tor proxy (just like any socks or http proxy) does not support UDP. OpenVPN will necessarily work in TCP. Please see also https://airvpn.org/tor Kind regards

Hello, do you get this error message even if you shut down Eddie with its own "Exit" option? Kind regards

Ok, great! What is your firmware? Did you compile stunnel by yourself for your router or is it an already available version? Kind regards

Hello! Since our servers will accept a variety of ciphers for SSL this is possible by configuring stunnel. However, configuring parameters for stunnel is currently not implemented in Eddie. Please see for example: https://www.stunnel.org/pipermail/stunnel-users/2013-February/004112.html Anyway, you probably don't need to bother about that. Nowadays computer CPUs are so powerful that they are not loaded at capacity by the current stunnel and OpenVPN ciphers you're using (well, it also depends on how much load they have from other tasks...). Kind regards

Hello! By default, all of your system traffic is routed inside the VPN tunnel once your system is connected to the VPN itself. If we understand correctly the problem, you would need to have only some traffic to certain web sites routed outside tunnel, so that those web sites see your real IP address and your traffic is not encrypted by the tunnel (i.e. not tunneled at all)? If so (but please make sure that we understood correctly!) you can do so in Eddie client menu "AirVPN" -> "Preferences" -> "Routes". Make sure that the combo box "Not specified routes go:" is set to "Inside the VPN tunnel". Then add in the window (by clicking the "+" icon) all the IP addresses of those web sites for which you wish the traffic is not tunneled. Action for them is "Outside the VPN tunnel". WARNING: all traffic to those IP addresses will not be tunneled. Not only "web traffic". Kind regards

Hello! Currently not, it's not meant as an alternative to Network Lock. In case of server switch or unexpected disconnection Eddie restores default gateway and nameservers, and only after that it tries a new connection. Kind regards

Hello! Because that's the date of the last changes, bugfixes and addition of new features. In April Eddie 2.9.2 Experimental exited the alpha testing and entered the beta testing. A few days ago beta testing was closed and Eddie 2.9.2 Experimental was promoted to stable. Kind regards

Hello! It's a bug (or more than one bug) in Mono. In the future, Eddie developer will consider to drop Mono and develop a GTK version. However at the moment this is not planned, we'll need a specific resource allocation for this task. Kind regards

Hello! IPv6 detection bug with error "Could not find a part of the path "/proc/sys/net/ipv6/conf/all/disable_ipv6" on some distributions will be fixed in version 2.10. Can you please elaborate? Can you show the logs about that and/or elaborate? Eddie for Linux can't disable IPv6. With "None" option it will not show the warning message. Eddie will set "None" in "IPv6" combo box after it has displayed the warning message. Thank you! Kind regards

They are the very same version, totally identical byte by byte. Kind regards

Hello! Important: please note that under Linux Eddie can't disable IPv6 (it can do that only in WIndows and OS X). If you activate "Network Lock" Eddie will set ip6tables to block outgoing IPv6 packets. This thread is followed by Eddie developer, so the bug(s) you've found are being noticed. Kind regards

Thank you very much for your quick reply. Unfortunately, I have an unattended client and I do need to save the login details since at times nobody is around during startup. Are there any plans to implement this or have there not been enough requests? At the very least, Eddie could set more restrictive file permissions on the profile automatically, that would be fairly simple, although I would prefer the more secure way of using the specific OS APIs to handle this. Hello! No requests at all but this the correct way hands down, you're right. Kind regards

Hello! Thank you for your great feedback! Yes, just like browsers if you don't use a master password to encrypt all other passwords. This option is not currently available in Eddie. EDIT: the AirVPN.xml file although belonging to root:root is actually readable by every user, you're right. This needs to be fixed. You might like to not tick "Remember" in the login window: in this way the client will not store username and password and you can enter them anytime you run Eddie. Kind regards