Staff

Hello, they are not in the VPN servers. Kind regards

Hello! As a first check, please compare your rules for port forwarding with those showed in the following guide: https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables Kind regards

I am using 2.9.2 experimental No. I am always using NL and it is leaking as well. Hello! Can you please confirm that: - "Force DNS" is ticked - "Network Lock" is active - IPv6 is enabled - no firewall other than Windows Firewall is running and under these conditions you have DNS leaks in your Windows system with Eddie 2.9.2 Experimental? Can you send us the output of the command "ipconfig /all" (issued from a command prompt) while the system is connected to the VPN with the aforementioned settings? Kind regards

Hello, what is your Operating System? Kind regards

Sources please for AirVPN having the highest rated customer service. I'm not doubting, I would just like to read the review(s). I hope I don't offend the folks at AirVPN, but TorGuard seems to be inflexible about compromising on user experience and anonymity. Again, I hope I don't offend the AirVPN staff, but TorGuard offers a server(s) in Dallas and Las Vegas. Hello! We are finalizing an agreement for a couple of 1 Gbit/s servers in Dallas. Do you know whether TorGuard allows p2p there and/or in the USA? Yes, it's nice. Kind regards

Hello! Does anybody else experience this problem with the new Sweden servers in upload? Kind regards

Hello! With CoinBase and with Bitcoincodes you can transfer directly from your client to a BitCoin account, no need to open an account and/or keep a wallet with them. Do not forget that Bitcoin transactions are not "anonymous", but you can put a very strong anonymity layer simply by always running your client in Tor. Kind regards

Hello! OpenVPN over Tor mode "works ONLY with AirVPN Client, because our software talks to Tor Control to detect and route correctly the guard(s) IP addresses. Otherwise an infinite connection loop occurs because communication between Tor and the guard node (the first node of each circuit) will fall back to the VPN (causing errors like Inactivity timeout, recv_socks_reply: TCP port read timeout expired: Operation now in progress, Assertion failed at misc.c:785)." (from https://airvpn.org/tor ). You should mimic the Air client behavior or you can connect Tor over OpenVPN, which is a configuration that's capable to provide a strong anonymity layer. In this case you just need to connect to a VPN server and then use Tor. All the applications using Tor will have their traffic tunneled over Tor over OpenVPN. Kind regards

Hello! It's possible, yes. For example, you might be querying your ISP DNS with queries over IPv6 over IPv4, or just over IPv6. Network Lock (even if IPv6 remains enabled) should prevent that, can you confirm? Maybe it is some problem in 2.8RC1. which, although candidate, then never became the final version.What about 2.8.8 stable or 2.9.2 Experimental? Kind regards

Hello, it looks correct, that service allows access only to UK IP addresses. Kind regards

EDIT: SERVER WITHDRAWN ON 16-JUN-2016. Reason: major hardware failure. Hello! We're very glad to inform you that six, new 1 Gbit/s servers located in Sweden are available: Acubens, Beid, Cumeisa, Nodus, Pherkad and Rastaban. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, Acubens, Beid, Cumeisa, Nodus, Pherkad and Rastaban support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello, good that the main problem is solved. Probably OpenVPN logs can explain what goes wrong when trying to execute update-resolv-conf script. Kind regards

Hello! It could be a DNS problem. Maybe the nameservers you have in /etc/resolv.conf can't be accessed through the VPN servers. If so, this is a very minor problem: your traffic is tunneled but your system can't resolve names. Check for names resolution and connectivity to discern the case, for example (from a command line interface): ping -c 4 8.8.8.8 ping -c 4 10.4.0.1 ping -c 4 google.com (if in doubt copy and paste the output of those commands). resolvconf is available for Arch Linux, right? If so, please see here: https://airvpn.org/topic/9608-how-to-accept-dns-push-on-linux-systems-with-resolvconf For a quick test, please edit (as root) the /etc/resolv.conf file while the system is connected to a VPN server, and add the following line: nameserver 10.4.0.1 then check whether names are resolved. Kind regards

Hello! As you may have been noticed, Zaurak is down and has been down since 9 days ago. Zaurak is not reachable in any way. All of our contact attempts with the datacenter support staff have failed so far. We receive automated replies as a receipt confirmation of our tickets, then nothing. The official web site of the housing company is reachable as usual, as well as the customers administrative panel. Unfortunately, although we understand that situation in Kiev might pose problems to business and connectivity, we repute that it would have been reasonable to expect at least some feedback after nine days. We will keep you informed. We are also planning to find an alternative Ukraine datacenter to replace the current one, in an attempt to remain with at least a server in Ukraine. We apologize for the inconvenience and we are confident that you understand that we have no control on this incident. Kind regards AirVPN Staff

Hello! 1) Packets injection by ISPs normally have the only purpose to force advertisements to you. More sinister purposes could be sought by different entities. https://en.wikipedia.org/wiki/Packet_injection 2) Unfortunately not. It is not trivial to prove packet injection. 3) We leave answers to this questions to software developers. 4) OpenVPN is extremely resistant to replay attacks and it can be used whenever end-to-end validation and encryption is not available. Otherwise, end-to-end encryption and validation normally makes replay attacks impossible to succeed. With OpenVPN, you can add (as already written both by you and us) an additional security layer, i.e. using OpenVPN with TCP as transport layer (see also the manual piece quoted here: https://airvpn.org/topic/3773-pls-help-strange-logs/?do=findComment&comment=3784 ). Kind regards

Hello! A replay attack can come from someone inside the ISP network, not necessarily by the ISP personnel or network configuration. There's nothing to laugh about, if they do it again tell them that even giant ISPs like Comcast inject packets for marketing purposes or any other reason: https://www.techdirt.com/articles/20140908/07191228453/comcast-using-packet-injection-to-push-its-own-ads-via-wifi-apparently-oblivious-to-security-concerns.shtml The problem with many ISPs attacking their own customers with packet injection began at least EIGHT years ago: https://www.eff.org/wp/detecting-packet-injection so the person who laughed when you reported your case has provided a strong proof of his/her utter incompetence. Description you provide in point 1 is interesting. If it was packet injection attempt you would exactly experience that. What is your ISP (don't tell if you don't wish so)? Kind regards

I don't blame anyone here because a vast amount of users are more than satisfied with their speed (hrrhrr, including me ), and some of them subscribed to 100 Mbit plans (unfortunately, not including me ). I was pointing at those who fail to reach these speeds. One particular case highly interests me because that person downloaded with full speed on Linux and failed to do so on Windows. So I assume reasoned this shaping thing has something to do with Windows, it's (TCP/IP stack) (default) configuration, the hardware drivers and/or the driver's configuration. Going to drill down on that... Hello! Have you seen this: https://airvpn.org/topic/13652-eddie-udp-443-on-windows-vs-linux/?do=findComment&comment=27068 ? Kind regards

Hello! Problem solved, can you try again? Kind regards

Hello! Problem is under investigation by the competent person. CoinBase warned about a "wrong payment" (the paid BTC amount does not match the required amount) but let us check about this claim. Kind regards

Hello @ghostp ! 1) The Automatic mode in Eddie at the moment always picks protocol UDP, port 443 2) You can't get the mentioned logs entries when OpenVPN works in TCP because a first error correction is performed at TCP transport layer. See the already linked messages for more insights about that. Note that when over SSL or SSH, OpenVPN must work in TCP (stunnel and ssh do not and can not support UDP) 3) The fact that you don't experience packet loss without VPN is interesting. Two possible explanations: either you are not detecting correctly packet loss (how did you verify that?) or you are really subjected to replay attacks - in which case OpenVPN is doing its job correctly, in UDP. In the latter case, the fact that you get packet authentication failures with every and each VPN server in several different datacenters would seem to imply that the replay attack is performed in some point inside your ISP network (it's possible: injecting forged packets is not rocket science once someone is in your same network). It would be an attack specifically aimed against you. In this case, when you don't use VPN and you don't use end-to-end encryption and authentication, the attack would succeed, but it could be hard (if not impossible) for you to recognize forged injected packets. Kind regards

Hello, changing NS implies to become authoritative, requires stable DNS with fail-over and load-balancing, manual reconfiguration of all the domain stuff (like DNSSEC) etc. It may be done in the future, but currently DANE is unsupported by major browsers on client-side and unused by an overwhelming majority of persons even when some add-on for their browser is available. Interesting stuff, but it does not justify the work of changing NS records at the moment, we're sorry. Kind regards

Hello! We enabled IPv6 on airvpn.org . We enabled DNSSEC on airvpn.org. Now https://en.internet.nl/domain/airvpn.org/results returns a 100% score. Unfortunately, our registrar GoDaddy does not support TLSA record required by DANE protocol. http://comments.gmane.org/gmane.ietf.dane/907 At the moment, we can't do anything, neither change GoDaddy. We will try to request this feature to GoDaddy. In the future, we will study about the option to add DNSSEC on airdns.org (DDNS domain linked to port-forwarding etc. which is on our authoritative DNS), but it seems a bit complex. TLSA will be added for sure when GoDaddy supports it. Please, push freely. We always read all the topics/posts, but we might forget something if we have other priorities. Pushing doesn't cost nothing. Kind regards

Hello! Apparently you have performed all the necessary steps. On the router, if you're forwarding with iptables you can compare with this guide (for Tomato and DD-WRT, maybe you can find it useful for your router too): https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables Maybe not related but you never know: you must access Plex from a different machine, not from the very same machine that's running it and that's connected to the VPN. Make sure that you access it on the VPN server exit-IP address, correct port (the port you have remotely forwarded in your port panel in our web site). Kind regards

Hello! Try with Eddie 2.9.2 Experimental for OS X Mavericks/Yosemite. In the usual OS X download page https://airvpn.org/macosx click "Other versions" then select "Experimental". In "AirVPN" -> "Preferences" -> "Network Lock" tick "Allow lan/private", click "Save" and test. According to our tests on Yosemite systems everything works fine, feel free to let us have your feedback. Kind regards

Hello! PiWick fully respects users' privacy (and our privacy as well!) and is open source. It is fully compliant to any EU directive on privacy and data protection and it goes even further. About performance, of course you can't normally expect more than what you already get without VPN. Feel free to open a ticket to try to improve performance. Kind regards