Staff

Hello! While on the client you see latency from your node to each VPN server, in the Status page you see the time required by your browser to get a small file from the server with an HTTP GET request. Therefore, the times you see on the Status page are much bigger than latency. However, they still have their usefulness as a relative evaluation. Kind regards

Hello! This is just a clarification that could be useful for some casual Linux user reading this thread: Linux does not suffer any WebRTC leak so no intervention at all is necessary. Kind regards

Hello! Eddie sets 10.4.0.1 as primary DNS of all the system network interfaces, do you do the same? Compare the status of the computer network interfaces with Eddie "Force DNS" method and with your method. There must be some difference to justify the different behavior. Compare all network cards with command "ipconfig /all" issued from a command prompt. Kind regards

Hello! In order to determine whether the routes check failure is correct or not try to disable the control by unticking "Check if the tunnel effectively works" in "AirVPN" -> "Preferences" -> "Advanced". Connect again, browse to airvpn.org and verify whether the central bottom box is green or red. If it's green, the check outcome was really wrong, just leave routes check disabled. In this case you might like to activate "Network Lock", to avoid having to manually check each time if the connection was successful or not. If it's red, then the routes check failed correctly and further investigation is necessary. Kind regards

Hello! We're happy to hear that. Who/what does not put IP 10.4.0.1 in where? Client Eddie can set 10.4.0.1 as primary DNS server IP address of all network interfaces by ticking "Force DNS" in "Preferences" -> "Advanced". Kind regards

I see last anwser to this topic from stuff is older than a year... Hello, please disregard this thread and read here: https://airvpn.org/topic/12636-faq-referrals/ We're going to lock this thread because it is obsolete. Kind regards

@aldebaran Hello! Since you run Eddie, if you don't want to go into details, you could just go to "AirVPN" -> "Preferences" -> "Protocols", select some OpenVPN over SSH mode, click "Save" and re-connect to some VPN server. For your purpose, we would also recommend that you test OpenVPN over SSL. In Eddie "Protocols" tab, this is called "SSL Tunnel - Port 443". Technically, OpenVPN over SSL can be less efficient than OpenVPN over SSH [sTRIKE THROUGH: INCORRECT], but in case that your ISP does not shape only port 443 (because it does not want to make the shaping appear to customers using https) and port 80 (for http) then OpenVPN over SSL can provide higher throughput than OpenVPN over SSH (we do not provide SSH to port 443). Kind regards

Hello! Confirmed. In reality, it probably never worked, it was only the old testing code that was inadequate to force the leak. As you may have already seen, now ipleak.net web site is able to force a leak with Chrome regardless WebRTC Block extension is active or not. Therefore, without firewall aid (our client Eddie Network Lock for example), we are currently unaware of any method to effectively prevent such leaks with Chrome. If one does not prevent such leaks with Network Lock or anyway methods that are out of Chrome, we think that it is very important NOT to use Chrome when inside the VPN. Kind regards

Hello! Wise words. On top of that, we would like to underline that developer has made remarkable efforts to keep the client flexible for users who are "evolving" to advanced competence, with subsequent higher requirements, but still do not feel to leave Eddie which provides several commodities that can be appreciated even by quite advanced users. About this topic, keep in mind that seven different "Events" can be defined in Eddie. Events can occur at Eddie start, Eddie shut down, Session start, Session end, VPN Pre, VPN up and VPN down. For each event, in any combination, user can tell Eddie to execute something, with or without arguments. For each event, Eddie can be instructed to wait for the event end, or go on without waiting. This is a useful addition for a very wide variety of purposes, in addition to the option to customize completely OpenVPN directives from inside Eddie as well. We are confident that "Events" provide a fair balance between advanced usage requirements and demands to not allow the client to become too heavy as well as maintaining the option to run it without installation. The quickest way to define events is through the GUI, at "AirVPN" -> "Preferences" -> "Advanced" -> "Events". Kind regards

Hello! Confirmed. Also, ipleak.net code has been updated (just like other sites did) to show that this Chrome extension does not work properly. Code update to show the leak more effectively was necessary for all sites, because the demo code was different a couple of days ago. Kind regards

Hello @Opayq, thanks for the info, it looks relevant, because it is not an expected behavior and it will need additional investigation. In the meantime your way to kill both processes is fine, perfectly legitimate. Kind regards

Hello! Yes, because our service supports remote port forwarding. You can forward ports not lower than 2048, but you can also remap remotely forwarded ports to any local port. Please see here: https://airvpn.org/topic/9161-you-provide-remote-port-forwarding-what-is-it Kind regards

Hello! It's an HTML5 feature. You have probably authorized your browser to transmit your position to web sites asking for it. This article may help, if you run Firefox, Chrome or Explorer: http://www.makeuseof.com/tag/disable-fake-location-firefox-internet-explorer-chrome If you run some other browser, just use a web search engine to find out how to disable geo-location in your browser. Kind regards

@lancelot48 Hello, the problem seems not related to Eddie. The tun interface (the virtual network interface used by OpenVPN) does not come up. Please try the following: https://airvpn.org/topic/8320-solved-connects-but-ip-doesnt-change-on-windows-server-essentials-2012/?do=findComment&comment=8321 Kind regards

Hello! Please send us the logs pertaining to the problem. You can also go back to Eddie 2.7 anytime. In the download page click "Other versions" and select "2.7" to download it, in case you don't have it anymore. You can keep simultaneously different versions, just use the portable editions and put each of them in a different directory of your choice. Kind regards

Hello! You need OpenVPN over SSL. Pure OpenVPN works only intermittently on most residential lines. In our client Eddie go to "AirVPN" -> "Preferences" -> "Protocols", select "SSL Tunnel - Port 443", click "Save" and try to connect to some VPN servers. Kind regards

Windows Firewall only turns off Network Discovery on a Public connection by default, not for a 'Home / Work' connection. This is not a mobile computer - it is a desktop which is part of a home network connected to a router with it's own firewall and thus is not connected to anything other than my own broadband service. So, for me, Network Discovery is essential. Hello! This is not what Microsoft says. Microsoft says that " Windows Firewall blocks Network Discovery by default", period. http://windows.microsoft.com/en-us/windows/enable-disable-network-discovery#1TC=windows-7 We remember that, but so far we have been unable to reproduce the issue on any of our Windows testing machine and at this moment we can't confirm the problem. Additional investigation will be necessary. Kind regards

@zalbard Could you please disable IPv6 and try again? http://support.microsoft.com/kb/929852 Kind regards

Hello! First of all it must be said that Windows Firewall blocks Network Discovery by default, so the Network Lock plugin for Windows is coherent with this (in our opinion) wise setting. Network Discovery may potentially allow leaks by sending some information in cleartext to the nearest gateway (obviously out of the tunnel) so it does not appear very compatible with a true "Network Lock", in particular when your system is connected to a public hot-spot. Additionally, in the past Microsoft had to fix important vulnerabilities related to ND so it might be safer to rely on it only when security is not required at all. Kind regards

Hello! Normally "shutdown -h now" for halt and "shutdown -r now" for reboot are what you want. shutdown -r or -h changes init level and calls shut down scripts which normally will try to kill all processes with grace. They will send a "kill -9" only if processes survive to the 'kill with grace' attempt. The quickest solution to isolate your system before you run Eddie is just something like iptables -P OUTPUT DROP iptables -A OUTPUT -i lo -j ACCEPT # to allow loopback just in case... etc . and make it permanent (some init script). WARNING: do NOT do it on some machine which you have only remote access to! When you run Eddie, activate Network Lock. It will write essential rules to allow DHCP and communications to your router, so your computer will get out of the isolation. When you shut down Eddie it will restore previous rules (i.e again complete isolation). Kind regards

Hello! You can do that just like you do with any other process lacking an interactive user interface: an ordinary kill as root ("sudo kill "). Detect the PID as usual ("ps aux | grep airvpn"). You need to kill the process with grace (i.e. NOT with "-9" option). It will shut down OpenVPN as well. Root privileges are required because the client runs with them. Kind regards

Hello, Windows NT 6.1 has been assigned various marketing names, including "Windows 7" in seven different "flavors". https://en.wikipedia.org/wiki/Windows_NT#Releases About the logs, we see this issue: . 2015.02.02 11:14:25 - OpenVPN > RESOLVE: Cannot resolve host address: localhost: The requested name is valid, but no data of the requested type was found. Can you please make sure that in your hosts file you have this entry: 127.0.0.1 localhost If it's not there, please add it. If you need support to edit the hosts file please see here: http://www.howtogeek.com/howto/27350/beginner-geek-how-to-edit-your-hosts-file Kind regards

just so mac users don't believe they are safe from this. according to ipleak site my firefox and chromium installations on OSX both leaked my IPs. just saying! Hello! Please provide at your convenience more info: OS X version, tested browsers in particular, thank you! Kind regards

EDIT: a deeper study of improperly called "WebRTC leak" has brought up how the initial approach by a wide part of communities discussing it has been totally wrong, has missed the core reasons and has proposed "solutions" which are questionable. Please see here to get a more balanced and informed view of the so called "problem". http://www.clodo.it/blog/an-alternative-approach-to-so-called-webrtc-leaks WARNING: the following post was written hours after "WebRTC leak" hit the news. It is now to be considered outdated. It is also inappropriate when it uses the word "vulnerability". However, the way to prevent applications to talk outside the tunnel is the same, enable Network Lock or set proper firewall rules. It is absolutely nothing new, just like the whole fabricated "WebRTC leak" affair. ============================================================================ Hello! Browsers supporting WebRTC run in a Windows-environment can seriously compromise the security of VPN-tunnels by allowing the true IP address of the user to be read. https://en.wikipedia.org/wiki/WebRTC#Concerns WebRTC is supported in the following browsers: https://en.wikipedia.org/wiki/WebRTC#Support According to our tests we can at this moment confirm that Linux and OS X appear to be not affected. EDIT: OS X users please see here, according to this report OS X is vulnerable as well. https://airvpn.org/topic/13490-vpn-security-flaw-does-this-affect-airvpn/?do=findComment&comment=24757 You can test your system here: http://ipleak.net Windows users can fix the vulnerability in one of the following ways: - by enabling "Network Lock" in our free and open source client Eddie - by configuring a firewall to prevent leaks. In our "How-To" section we have guides for Comodo and Windows Firewall - by disabling WebRTC on the browser (WARNING: you can't do that in Google Chrome desktop edition, you'll need an extension). This page seems quite accurate https://www.browserleaks.com/webrtc#webrtc-disable EDIT: in the above linked page, the extension recommended for Chrome does not really prevent leaks - by running a browser which does not support WebRTC Kind regards AirVPN Support Team

Hello! When we have gathered all the data, we will make an announcement. In the meantime, last night we activated a check on ipleak.net pertaining to the issue. Note: only Windows systems with Firefox and Chrome with WebRTC peer connections enabled and Network Lock disabled seem to be affected so far, but we are still investigating. Kind regards