Staff

Hello! Maybe, or maybe not, as the probability is small given the tiny time frame, but from now on you can easily avoid the hazard. Shutting down the whole daemon just to perform a re-connection is indeed a disproportionate and unnecessary action, just send commands with Goldcrest to do it. Kind regards

Hello! Thank you for your choice. Please open a ticket at your convenience and send the support team the ID of the failed transaction(s) for additional investigation. Kind regards

Hello! Yes, there is a small likelihood that leaks will occur: when you restart Bluetit, first Bluetit stops and the previous firewall rules, policy settings included, are restored. Then Bluetit starts and Network Lock rules are enforced. The time between those actions varies from system to system, but in general a few tenths of a second are required. If, during those tenths of seconds, a process manages to create a new socket and send out data, or use a pre-existing one whose communications did not "time out", you will have a leak. A safer approach is to disconnect and reconnect with Goldcrest. By using Goldcrest to send commands to Bluetit, the persistent network lock is not disabled at any stage: the rules are of course changed, but the whole process is carried out while maintaining the "drop" policy. Kind regards

Hello! So, what did you find? Had Eddie restored the system DNS settings properly or not? Yes, and the kind Pop!_OS tester had all of his problems resolved with 2.24.2 so it's worth that you mention this problem in that thread too. System report generated by Eddie and the answer to our questions may help remarkably. Thank you for your tests! Kind regards

Hello! We're sorry, this is not currently planned. Suite 2.0 is designed to offer reverse traffic splitting on an application basis only. The type of traffic splitting you request may be considered in future releases. Kind regards

Hello! Have you checked your DNS settings as recommended? If not please do it and report at your convenience. What is your Linux distribution? Kind regards

Hello! You might have renewed your keys recently. Are you running Eddie Desktop edition? If so, please try this: from Eddie's main window uncheck "Remember me" log your account out log your account in again (you will need to re-enter your AirVPN account credentials) If you run any other software with configuration files please re-generate them. Kind regards

@altae Hello! When you were connected we verified that the packets are properly forwarded to your node. For what it's worth now you are 100% sure that the server side is properly configured. As an additional test we forced packets to your node address on a wide range of high ports (port scan in TCP and UDP) and they were all filtered. On your side please re-check the firewall rules. Please check when the system is connected to the VPN just in case you run some firewall which changes rule set according to the type of the network the system is connected to. Kind regards

@Penthious Hello! It looks like a problem related to Docker (check configuration) since it disappears when the Docker is re-started. Please note that @altae did not mention Docker, and did not mention that the problem disappears after a reboot, therefore you two should have different problems. Please avoid to hijack threads and feel free to open your own. @altae Please re-check qBittorrent configuration, and in particular make sure that: you start qBittorrent after the VPN connection has been already established the "Tools" > "Preferences" > "Advanced" > "Network interface" combo box is set to the proper VPN interface (if you run WireGuard consider that the interface name changes according to the WireGuard configuration file name) the "Tools" > "Preferences" > "Advanced" > "Optional IP address to bind to" is set to "All IPv4 addresses" (if you set it to "All addresses" you might have some problem on specific versions) Kind regards

@malthusiandrill Hello! We're sorry, we do not develop software for iOS for the reasons explained in the box with yellow background here: https://airvpn.org/ios For your privacy protection purpose it's relevant to remind you that Apple software and system processes in any iOS device, by policy, are always able to bypass the VPN. Kind regards

Hello! How to change DNS settings in Windows: https://www.windowscentral.com/how-change-your-pcs-dns-settings-windows-10 How to change DNS settings in macOS: https://serverguy.com/kb/change-dns-server-settings-mac-os/ For more articles just search the web for "how to change dns settings in <your own OS>". Kind regards

Hello! In this case we have no rational explanation, unfortunately. We will update the thread if we get new, relevant information. In the meantime we would suggest that you try WireGuard. The app we tested is "OpenVPN Connect", which is the only app released by OpenVPN Technologies in the store, we think. It is this one: https://apps.apple.com/us/app/openvpn-connect-openvpn-app/id590379981 can you please check and let us know? Kind regards

@calcu007 Hello! Quite puzzling, as we can't reproduce the problem. Have you also tested with the configuration file for OpenVPN 2.6 "no DCO" we recommended? Kind regards

Hello! Is it 5-10% of a single core or the whole CPU? Can you tell us your Operating System name and version and the Eddie version? Kind regards

@calcu007 Hello! Please use a configuration file generated for OpenVPN 2.6 without DCO and you should resolve the problem. In the Configuration Generator please enable "Advanced" mode and then select "2.6 no-dco" from the "OpenVPN profile" combo box on the right. Generate and import the configuration file as usual. If the workaround doesn't work please consider to switch to WireGuard if possible. Instructions are available here: https://airvpn.org/ios/wireguard/appstore/ You might gain performance as a nice side effect. Can you please tell us the OpenVPN app version you're running? We failed to reproduce the problem with any configuration profile and we run openvpn-connect 3.4.1 linked against Ovpn 3.8.3. Kind regards

@LateStageCap1t4l12m Hello! You can disconnect from the VPN by ordering a disconnection to the program you run to connect to the VPN. For example, if you run Eddie, the Air client software, you may click the "Disconnect" button in the main window or, in the Android edition, the "power" button in the main view. If you run another program please read the manual of that program. If you experience any issue please mention your Operating System name and version as well as the connecting software name and version. Kind regards

New version 2.24.2, primarily containing bug fixes related to the Linux build. [bugfix] [windows] Shortcut .lnk for all users [bugfix] [linux] Fixed a systemd-resolved issue that caused wrong "DNS of the interface x switched to VPN DNS - via systemd-resolved" [bugfix] [linux] An issue with tray-icon at exit [bugfix] [linux] A concurrency issue that caused the application not to close [bugfix] [linux] Dependency to mono-runtime-common (only on .deb packages) [bugfix] [linux] Minor fixes [bugfix] [linux] Arch build in AUR

@ctss36pwwon Hello! OK that's fine, a mistake can be made by anyone and anyway we were genuinely interested in knowing the basis of your allegations, since M247 provides something like 20% of our global bandwidth, which is a remarkable amount. Glad to know that there's no basis, then. Sarcasm is welcome here except when it serves the purpose to write defamation in disguise. Please keep in mind that errare humanum est, perseverare autem diabolicum. Usually we leave the moderation to the community moderators but throughout the years we were forced to chime in for annoying and potential defamatory cases, so we prefer when possible a moderate prevention. Do you have the HN link we asked for, regarding the mega-leak you mentioned? Thank you for your great feedback. Kind regards

Hello! Assuming that in your setup it's the router the device connecting to some VPN server and sharing the VPN traffic with any device behind, please consider that the DNS settings of each device "take precedence". If the device is configured to query Norton Connect Safe DNS, the DNS queries from that device will be encrypted and tunneled by the router (together with all the traffic from that device) and reach the Norton DNS from our VPN servers. Norton DNS will see queries coming from the exit-IP address of our VPN servers. Kind regards

@ctss36pwwon Stating that the claim you made toward M247 is not a claim toward M247 does not improve things much. It shows that you wrote without any clue or proof of what you wrote. That's a very different thing, and let's get that straight, because once again you seem to be writing without any evidence or even a clue as to what you're writing, and jumping to assumptions and conclusions that are patently false or impossible. The event you mischievously suggest as potentially possible in our infrastructure would only be actually possible if: we had any employee with access to the customers' database the customer entered personal information in spite of the fact that AirVPN does not require it Point 1 is not met because AirVPN does not have any employee with access to the database (please read the privacy notice and terms). Furthermore, if the user or customer follows the recommendations, the database contains no personal data at all. That's very interesting and shows how better and different AirVPN is, please feel free to provide a link if possible. We found an article on The Register: https://www.theregister.com/2020/07/17/ufo_vpn_database/ In this article the leak allegedly comes from Kind regards

Hello! Yes, it is definitely possible. We will think about it. To the best of our knowledge M247 does not collect information about our customers and this practice, when involving personal data, without explicit consent would be a criminal offense in most jurisdictions M247 operates in. We have contractual agreements which do not allow M247 to do it, but please substantiate your claim now. On one hand we are interested in checking thoroughly your claim, on the other hand we host these forums for the community so we would like to put in place a little protection against any retaliation for libel or defamation, not to mention the right of reply to a company (whose customers we have been for years) especially in case of allegations of criminal offenses as well as statements damaging to reputation. We expect your expeditious reply (or corrections if necessary). Kind regards

Hello! No, you did not understand correctly at all.. we have no power or authority to conduct investigations. Investigations can be carried out by the relevant authorities using the proper procedures, and what we can do is to cooperate with the relevant authorities and only in accordance with the orders of the competent courts. We can't see how infringing privacy (which is a fundamental right), net neutrality and enforcing censorship can help the good guys and/or support crime prevention. We challenge you to publish a proper impact assessment and/or research which shows how the "good guys" are protected by censorship, blocks and general violations of privacy and net neutrality. On the contrary, reports and studies on blanket and indiscriminate privacy violations by various bodies and police forces around the world show the opposite, i.e. that data retention is ineffective in fighting serious crime and at the same time is incompatible with fundamental rights, in particular (as pointed out in 2019 by the EU Council too in official document) the rights to privacy, protection of personal data, non-discrimination and presumption of innocence. Indeed, such considerations led the Court of Justice of the European Union to strike down the Data Retention Directive with retroactive effect, and also to prohibit the EU Member State from enforcing a blanket data retention obligation on Internet Service Providers. The Court of Justice declares the Data Retention Directive to be invalid https://curia.europa.eu/jcms/upload/docs/application/pdf/2014-04/cp140054en.pdf The Members States may not impose a general obligation to retain data on providers of electronic communications services https://curia.europa.eu/jcms/upload/docs/application/pdf/2016-12/cp160145en.pdf The Court of Justice confirms that EU law precludes national legislation requiring a provider of electronic communications services to carry out the general and indiscriminate transmission or retention of traffic data and location data for the purpose of combating crime in general or of safeguarding national security https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-10/cp200123en.pdf As for the protection provided by a layer of anonymity, which is an additional and specific method of enhancing privacy, both the United Nations Special Rapporteur and the United States Supreme Court have recognised it as one of the essential tools for exercising freedom of expression. You can find the links on the same AirVPN mission page you mentioned. In 14 years no AirVPN user has ever had his/her identity compromised due to AirVPN behavior or technical failure but of course any server can be wiretapped without AirVPN knowledge, legally or illegally. In order to defeat adversaries who have the power to eavesdrop on servers through black boxes (external to the server: these boxes can't see the traffic content of course, but they can correlate incoming packets to outgoing packets, which is in some cases a relevant information), we have written repeatedly, please check here: https://airvpn.org/forums/topic/54-using-airvpn-over-tor/?do=findComment&comment=1745 Kind regards

Hello! It is not possible to force Eddie to block specific apps traffic. It is possible to configure Eddie to have specific apps traffic inside or outside the VPN tunnel (traffic splitting on an application basis). If it is not possible to kill or uninstall the apps which you want to block, you could consider removing network access permission, through Android settings, from those apps which must be blocked (Android 10 or higher version required). However, please consider that this is a setting which has been eradicated from Android by some Android device manufacturers (presumably to aid and abet profiling and data harvesting). Quick guide: https://www.digitalcitizen.life/how-block-internet-access-specific-apps-android/ Kind regards

Hello! Please let us and the community know in case Plex support or community find a solution to this problem, thanks in advance! The OP had his problem suddenly solved without an explanation. Kind regards

Hello! We're very glad to know it! Alas, it is still inexplicable that previously it worked only for a limited time or it did not work at all, and now it works reliably. It could be something to do with how Plex picks the preferred network interface, who knows, but from lsof it was clear that it listens on all interfaces. Maybe their support team can shed some light on this strange incident. Kind regards P.S. The new lsof output is consistent with the previous one, no changes.