Staff

Hello! Either with our client, with any other OpenVPN wrapper, or with OpenVPN itself, the authentication method is always the same. It is based on a ta.key (used for TLS pre-auth, this is just to add some security and protection to our servers), double-certificate (ca.crt and user.crt, respectively server/CA and client certificate) and of course the client secret key user.key. By default the .ovpn configuration file generated by the Configuration Generator is embedded with keys and certificates. You can force the CG to generate split files by ticking "Advanced Mode" and "Separate certs/keys from .ovpn files". Kind regards

This. It's a service and one which I choose to actually use my PC. I really don't understand why the needs of a few should cause annoying behaviour for the majority. Nobody is asking that AirVPN bans TOR from all of their machines. On the other hand, facing really annoying stuff and asking for a solution, it's disheartening to be told "it's the world's fault, let's wait for the whole world to change their collective mind, meanwhile suck it up". To the staff: you say you know who's using TOR. I don't care *who* is using it. But I would like some numbers as part of the discussion. What percentage of users is doing it (by the way, if I understand things clearly, it's not enough to be using it to mark a server as an exit node, you need to setup a relay for it, right?)? Hello! We will not disclose any data. We are anyway working on an effective solution which will make everybody happy, including protocol discriminators and Net Neutrality purists. If everything goes well, we will be able to apply the solution in a matter of few days. Kind regards

Hello! Anyway, we just added the "Entry-IP" field for servers, and the "Best Server" by country/continent/planet. Kind regards

Hello, can you please try again now? Kind regards

Hello, a DNS leak is when a DNS query is sent out of the tunnel. It does not even reach our servers. If a DNS query reaches our server, then it has been tunneled, and we want to leave our clients the freedom to use their favorite DNS, in case they do not want to use our VPN DNS. In case they want to force the VPN DNS, the option you suggest looks just like "Force DNS", which is already implemented in Eddie. Some confusion here, you talk about "config generator section of the Client Area" and at the same time propose a "server side" feature. You propose a "Force all applications use Air's VPN server" but the iptables refers to "--dport 53", another mistake. In any case, on client side, all we can implement is done in AirVPN Client. Yes, maybe in the future we can enhance the Config Generator to create some scripts to prevent leaks, but we need to write it in every platform, not only Linux/iptables. On server side: - There isn't any 'application leak' that we can manage, because if a packet reaches our server, there isn't any leak. - There isn't any 'DNS leak', because if a DNS query reaches our server, it's already inside the VPN tunnel. Note: 'DNS Leak' normally means a DNS request sent outside the VPN tunnel. You are a Linux guy, and DNS leaks never happen in Linux. DNS leak in Windows exists because Windows sometimes sends the DNS query to the DNS server set on the standard interface (lacking also a global DNS) regardless of the VPN tunnel being estabilished or not. If a Windows executes a DNS query outside the tunnel, our server never receives it, so it's impossible to prevent Windows DNS leaks on server side. Kind regards

Hello! We are in contact with Hadar datacenter technicians, they are investigating. Kind regards

Hello, try to tick "Force DNS" in "AirVPN" -> "Preferences" -> "Advanced". Kind regards Is already ticked Hello! Good, now set your favorite public DNS on your physical network card while Eddie is NOT running. After that, "Force DNS" will set VPN DNS when the connection is on, and restore your favorite DNS when the connection is off (assuming that you do not kill Eddie abruptly but you shut it down normally). If you need references: http://www.opennicproject.org/configure-your-dns/how-to-change-dns-servers-in-windows-7 Kind regards

Hello! Please note: geo-localization is based on javascript and is not necessarily related to your IP address. Kind regards

Hello! You can resolve .airvpn.org. For example: $ dig @95.85.9.86 acrux.airvpn.org +short 37.48.81.12 Kind regards

We don't have any, we're sorry. Kind regards

Hello, might it be that the OpenVPN version you run directly is not the same version run by Eddie? Compare OpenVPN logs version output in Eddie logs with OpenVPN logs version output when you run it directly. Kind regards

There are no DNS leaks on Linux. What it could happen is that your torrent client queries its own DNS servers bypassing resolv.conf, but the query is tunneled anyway. Kind regards

Hello! We're very glad to inform you that new 1 Gbit/s servers located in Canada are available: Almach and Spica. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, Almach and Spica support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! We're very glad to inform you that new 1 Gbit/s servers located in the Netherlands are available: Botein and Mizar. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, Botein and Mizar support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Exactly! Kind regards

Hello, yes, the forum board does not log IP addresses. Kind regards

Hello, what is vulnerability 5906907 according to Kaspesrky? Kind regards

Hello! .airvpn.org resolves into all the possible entry-IP addresses of VPN servers on that country, so the choice is random and performed by your OS. For a more accurate selection you can use .vpn.airdns.org (for example "de.vpn.airdns.org") which resolves into one IP address, i.e. the IP address of the VPN server with the best rating in that country. For the most accurate selection according to latency our client Eddie is recommended, or you should look at the real time servers monitor on our web site (click "Status" from the upper menu of our web site). About the rating method please see here (the last part of the post): https://airvpn.org/topic/12671-upgrades-for-eddie/?do=findComment&comment=21663 Kind regards

Hello, try to tick "Force DNS" in "AirVPN" -> "Preferences" -> "Advanced". Kind regards

Hello! Our apologies, we fixed a little bug in our TOR detection system. Now ipleak.net reports correctly if an IP address is associated to a Tor Exit (exit versus 8.8.8.8). Take for example Pallas, the information about the relay is public: https://atlas.torproject.org/#search/37.48.80.175 We inevitably know which AirVPN users are, because they forward the ORPort and DirPort to do that. We remind you that AirVPN already powers two Relays and funds TorServers.net (1000 EUR every other month) to power an Exit node. Note: it's disappointing that TorServers.net has our Exit node down at the moment. We are investigating about this, and also thinking about the option to run ourselves one or more Tor Exit node. We are evaluating whether to send a private notification to all AirVPN users that are running a Tor exit node behind one of our servers with a link to this topic. Kind regards

Hello! It seems all right, probably the tun/tap interface DNS servers are set to accept DHCP-push, which is fine. Kind regards

Hello, what happens if you try a connection in TCP? With our client Eddie you can change connection mode in "AirVPN" -> "Preferences" -> "Protocols". In your laptop, try for example port 443, protocol TCP. Have a check to antivirus software (if any) as well, just in case it's blocking openvpn.exe Kind regards

Hello, although many ipleak.net data are cached over time, Tor detection is always in real time. Currently (at the time of this writing) there are no servers marked as Tor exit nodes. We are monitoring when a server is marked as Tor exit node for further investigation. Kind regards

Hello! Some additional considerations on the whole discussion. It seems somehow paradoxical that some of our customers explicitly ask for Net Neutrality violation when they look exactly for a service capable to respect Net Neutrality with no discriminations against any protocol. As soon as Net Neutrality respect brings inconveniences created by third-parties, we are somehow invited to send such respect into the trashcan. We tend to think that it would be more appropriate and honest to focus energy and protests against those services whose administrators actively contribute to destroy the open Internet, with Tor indiscriminate bans, huge blacklists which block millions of IP addresses just because they are 'used as NAT' or because they are used to operate dedicated servers. It seems unquestionable that the concept behind such actions is an Internet where end-to-end principle and privacy are deemed as negative features to be fought. Remember our philosophy and mission: banning a server of ours because it's a source of problems appears as a very questionable action. It is the same error that some services do with Tor: to hit someone, they ban innocent users who love their privacy or who are forced to use Tor to bypass censorship in their country. If our servers or a Tor node are performing vulnerability scan, service needs to fix the vulnerability, not blame who caught it red handed. If our servers or a Tor node are wasting a service resource, service operators need to learn how to configure well their systems. If a service can't afford a method to manage spam, it should close the discussion system, it would be better for all. For all of the above, AirVPN will never violate Net Neutrality, and so we'll never commit any action to help "incompetent services". Kind regards AirVPN Staff

Case study: Currently (04/12/2014 00:49) users on Riguel cannot edit Wikipedia. The Riguel exit IP is 95.211.186.118. MaxMind - https://www.maxmind.com/en/home considers that IP address as Anonymous Proxy. whatismyipaddress.com - http://whatismyipaddress.com/geolocation-providers uses MaxMind database. Wikipedia has its own project to detect proxy. http://en.wikipedia.org/wiki/Wikipedia:WikiProject_on_open_proxies We entered the Riguel exit IP in the unblock requests area, and this message has been displayed: Conclusion: Wikipedia prevents Riguel users to edit articles only because MaxMind considers Riguel as a proxy. No Tor or other reason in this case. Kind regards