Staff

Hello, the first problem is weird and we still need to investigate it. The second issue is not a problem, it is expected and normal behavior. Eddie wants administrator privileges. Kind regards

@LBDude @snaggle @wer Hello, please re-download the .rpm package for openSUSE or Fedora. We think we have found the problem and fixed it. Kind regards

Hello! This: W 2014.10.19 00:52:30 - Tunnel not ready, interface status: Down is probably a bug fixed in Eddie 2.5 (see the changelog). Please upgrade to Eddie 2.7 stable. Kind regards

@LBDude @snaggle @wer Hello, we're going to check the .rpm package for Fedora and openSUSE. Do you confirm that the problem is in the .rpm package, while you can run the portable version? Kind regards

Hello! You did not buy "AirVPN 3.4.1(4054)", you're running Tunnelblick 3.4.1build 4054. Tunnelblick is a free and open source OpenVPN wrapper. Yosemite is on preview so it could be normal. Instead of Tunnelblick try to run our client Eddie 2.7: in the Yosemite preview of about 10 days ago it was running just fine. Our dear Eddie is free and open source as well. Kind regards

Hello! We're very glad to inform you that a new Eddie Air client version has been released: 2.7. Please read the changelogs: https://airvpn.org/services/changelog.php?software=client&format=html 2.7 version is compatible with several Linux distributions. For very important notes about environments, please read here: https://airvpn.org/forum/35-client-software-platforms-environments Eddie 2.7 includes important bug fixes. It also implements direct TOR support for OpenVPN over TOR connections. Finally, Eddie makes OpenVPN over TOR easily available to Linux and OS X users: no needs for Virtual Machines, middle boxes or other special configurations. Windows users will find a more friendly approach as well. The logic of the connection of OpenVPN over TOR has been completely rewritten. This mode is not handled anymore as a generic connection to a socks proxy, but it is specifically designed for TOR and therefore solves multiple issues, especially in Linux and OS X, including the "infinite routing loop" problem (see for example http://tor.stackexchange.com/questions/1232/me-tor-vpn-how/1235#1235 ) As far as we know, Eddie is the first and currently the only OpenVPN wrapper that natively allows OpenVPN over TOR connections for multiple Operating Systems. https://airvpn.org/tor We recommend that you upgrade Eddie as soon as possible. Eddie 2.7 for Linux can be downloaded here: https://airvpn.org/linux Eddie 2.7 for Windows can be downloaded here: https://airvpn.org/windows Eddie 2.7 for OS X Mavericks and Yosemite only can be downloaded here: https://airvpn.org/macosx PLEASE NOTE: Eddie 2.7 package includes an OpenVPN version re-compiled by us with OpenSSL 1.0.1j for security reasons and to fix this bug: https://community.openvpn.net/openvpn/ticket/328 Eddie overview is available here: https://airvpn.org/software Eddie includes a Network Lock feature: https://airvpn.org/faq/software_lock Eddie 2.7 is free and open source software released under GPLv3 UPDATE Eddie 2.7 and 2.6 for OS X had a digital signature which is no more recognized because of a change in Apple logic. Eddie 2.7 has been digitally re-signed and the package has been re-uploaded. It's anyway useless to re-download it if you already did. Kind regards & datalove AirVPN Staff

Hello! Network Lock works with plug-ins for Eddie. Currently, Eddie programmers have coded the plug-in for the Windows Firewall and no other firewall for Windows. It means that if you use Network Lock in Windows, you should disable any other firewall. Eddie is free and open source, maybe someone might like to program additional Network Lock plug-ins, or maybe we will plan one day to code more of them. Kind regards

Read this http://googleonlinesecurity.blogspot.fr/2014/10/this-poodle-bites-exploiting-ssl-30.html Anything to worry about concerning airvnp connections using openvpn over SSL? Hello! Not at all. About the web site, SSL 3.0 is not supported https://www.ssllabs.com/ssltest/analyze.html?d=airvpn.org About OpenVPN, the external layers are on TLS, not SSL. About OpenVPN over SSL, even if your stunnel negotiated with SSL 3.0, the underlying security provided by OpenVPN layers ensures no problems. Kind regards

Hi, we're glad to know it. This is questionable... for security reasons Network Lock should remain active until the Eddie user explicitly turns it off or shuts down the client, because if a session is terminated abnormally but Eddie, for any reason that we have not foreseen, should not detect the anomaly, releasing the lock would be dangerous. Thank you! Kind regards

Hello! Since Eddie 2.5beta this option is implemented and its name is "Network Lock". It is implemented with plug-ins. In Linux, the available plug-in needs iptables, so all Linux systems which have iptables can use it. Eddie 2.6 is a stable version (no more beta) but the "Network Lock" option is still marked as "experimental", however no problems at all have been detected so far with iptables plug-in. See also: https://airvpn.org/topic/12175-network-lock As usual, we recommend to follow "News and announcements" forum to remain up-to-date with constant AirVPN development in all fields. https://airvpn.org/forum/9-news-and-announcement Updates are also published through "AirVPN" accounts in Twitter and Facebook. Kind regards

Hello, yes, if we had a house in the USA that would be a trivial solution, with a good residential line with high bandwidth. Kind regards

Hello, Eddie doesn't do anything with the tun/tap driver, it is "handled" indirectly by OpenVPN (in the sense that when OpenVPN brings up/accesses the tun interface, the OS relies on the tun/tap driver). We'll check your report with the programmers. Kind regards

Hello! Problem identified, a fix is ongoing. Next client release 2.7 will include the fix. Kind regards

Hello! Can you post the logs pertaining to the problem? In Windows, if you run Eddie, please click "Logs" tab, click "Copy to clipboard" icon and paste into your message. Kind regards

Hello, we do not detect this behavior. Eddie turns off the firewall only if it had to be activated by Eddie itself. Kind regards

Hello! The route check fails. Please try to un-tick "Check if the tunnel effectively works" in "AirVPN" -> "Preferences" -> "Advanced". Connect again and check whether the tunnel works manually by browsing to https://airvpn.org and checking the color of the central bottom box (it is green and displaying "Connected!" if traffic is tunneled properly). If everything is fine, then you might like to enable "Network Lock", because the initial route checking will no more be performed. Kind regards

Hello! 1. Please upgrade to Eddie 2.6. The issue should have been fixed in it. 2. Please upgrade to Eddie 2.6. The issue should have been fixed in it. 3. That's correct and intentional. 4. You need to enter administrator password anyway. A glitch on connection at program startup has been fixed in Eddie 2.6, please upgrade. 5. Ok. The route checking needs some investigation under Windows. 6. Please upgrade to Eddie 2.6. The issue should have been fixed in it. Please upgrade to Eddie 2.6. This option has been implemented in it. Yes, as you are surealy aware, you're running a beta version. Please upgrade to Eddie 2.6, which is the first stable release BUT implements experimental plug-ins (all the Network Lock plug-ins are experimental). Additionally, Eddie is being actively developed. Kind regards

Hello, it is not simple to implement it in our service, there are serious issues. Anyway our reports from China are very good, there is no need at the moment to add anything else, especially something so problematic like the proposed patch. Kind regards

@Sinta First of all please check the firewall in your router as well. Please try different ports, just in case your ISP hijacks UDP packets to port 53 (Vodafone does that, to force their DNS usage). Also try TCP, in case your ISP blocked outgoing UDP packets to certain ports. Kind regards

Hello! It is not possible to go over 3600 seconds because our servers WANT to re-negotiate TLS keys at least every hour. This is intentional because we wish to provide Perfect Forward Secrecy. We wouldn't be worried about entropy limitations for re-keying with your Broadcom processor, why are you? Are we missing something? Kind regards

Hello! Very interesting. It comes out that "the personal iOS hotspot feature, as for the USB/bluetooth tethering and MyWi, binds the traffic on a the 3G interface. OpenVPN changes the routing and uses the PPP interface, so the packets coming from the shared clients are bound to the 3G but the system route is going to the PPP interface, so it doesn't work." (by the author of GuizmoVPN app: http://www.guizmovpn.com/index.php?option=com_agora&task=topic&id=119&p=1&Itemid=15#p438 ). Kind regards

Hello! Confirmed, Eddie seems to be working very nicely in Yosemite preview. This is a good sign: probably it will work as it is in Yosemite official release. Eddie core 2.6 is no more beta, it is a stable release, BUT Network Lock plug-ins are experimental. Kind regards

Hello! We cut the ads. Some possible attempts you can try are explained in reply to your ticket.Actually it looks like you could manage to bypass incoming traffic shaping. Maybe outgoing traffic different than a whitelist of protocols (we mean protocols at application layer) is shaped unconditionally by your ISP. Kind regards

Hi, yes, we'll consider it. Kind regards

Hi, this is a an important question. We have recorded a dramatic increase of clients requiring connections to NL servers in the past weeks and months. With the increase of single connected clients (consider that since April a user can connect simultaneously three clients and also consider that Air user base has grown up considerably during this year), we must take into account different variables to a server load in addition to available bandwidth. CPUs of our servers not only must handle TLS auth and OpenVPN AES-256 encryption/decryption, but also SSH and OpenSSL additional tunnels. There is, so far, no scientific study which determines how the CPU load increases (under the same provided bandwidth) with the increase of connected clients in an OpenVPN server, but empirically it might be not linear (example: 50 clients requiring 1 Mbit/s each stress CPU more than one client requiring 50 Mbit/s does). So, we could have a server that has a line and a port of 1 Gbit/s, but whose CPU gets at capacity before that limit (for example already at 650 Mbit/s). Therefore, in order to respect our commitment to always provide at least 4 Mbit/s per client in at least one server in the world, we add servers before this limit is reached. In the particular case of the Netherlands, we have decided to go beyond our warrant, because customers clearly appear to be very interested in this country. With the current configuration and considering the average numbers of clients connected to Netherlands servers with an excess prudential margin of 20%, we are now able to provide more than 4 Mbit/s per client in the Netherlands alone, even keeping into account potential aforementioned overhead. In the "Top 10 Users Speed", right now, we can see that the topmost 4 clients are all in the Netherlands, ranging from 65 Mbit/s to 40 Mbit/s each. Kind regards