Staff

Hello! We're very glad to inform you that a new Eddie Air client version has been released: 2.8. Please read the changelog: https://airvpn.org/services/changelog.php?software=client&format=html 2.8 version is compatible with several Linux distributions. For very important notes about environments, please read here: https://airvpn.org/forum/35-client-software-platforms-environments Eddie 2.8 includes very many bug fixes and changes meeting users' requests and preferences. Upgrade is strongly recommended. Just like previous version 2.7, it also implements direct Tor support for OpenVPN over Tor connections. Finally, Eddie makes OpenVPN over Tor easily available to Linux and OS X users: no needs for Virtual Machines, middle boxes or other special configurations. Windows users will find a more friendly approach as well. The logic of the connection of OpenVPN over Tor has been completely rewritten. This mode is not handled anymore as a generic connection to a socks proxy, but it is specifically designed for Tor and therefore solves multiple issues, especially in Linux and OS X, including the "infinite routing loop" problem (see for example http://tor.stackexchange.com/questions/1232/me-tor-vpn-how/1235#1235 ) As far as we know, Eddie is the first and currently the only OpenVPN wrapper that natively allows OpenVPN over Tor connections for multiple Operating Systems. https://airvpn.org/tor We recommend that you upgrade Eddie as soon as possible. Eddie 2.8 for Linux can be downloaded here: https://airvpn.org/linux Eddie 2.8 for Windows can be downloaded here: https://airvpn.org/windows Eddie 2.8 for OS X Mavericks and Yosemite only can be downloaded here: https://airvpn.org/macosx PLEASE NOTE: Eddie 2.8 package includes an OpenVPN version re-compiled by us with OpenSSL 1.0.1k for security reasons and to fix this bug: https://community.openvpn.net/openvpn/ticket/328 Eddie overview is available here: https://airvpn.org/software Eddie includes a Network Lock feature: https://airvpn.org/faq/software_lock Eddie 2.8 is free and open source software released under GPLv3 Kind regards & datalove AirVPN Staff

Correct. Just to add a side note that might be liked by Moony, after one connects OpenVPN over Tor, then he/she can also tunnel UDP from other applications. UDP packets are tunneled over TCP by OpenVPN, and everything is tunneled over Tor. Kind regards

Hello! In "AirVPN" -> "Preferences" -> "Routes" set the option "Not specified routes go:" to "Inside VPN tunnel". We repeat, INSIDE (because you want that all the other traffic different than "mail traffic" goes inside the tunnel). Then add the IP address(es) that you wish OUTSIDE the tunnel, i.e. IP address(es) of your IMAP, SMTP etc. servers, in the big box (by pressing the button "+"). You can not specify host names, but only host IP addresses. Click "Save" and start a connection with a VPN server. Note that routes outside the VPN tunnel will never be blocked by Network Lock. Kind regards

Thank you JasonBourne. Please upgrade to 2.8.6, still available as "Experimental". Kind regards

Hello! Yes, in some cases. To prevent that just activate "Network Lock" in the client. Kind regards

Hello, it looks more like a DNS issue. Which DNS servers are queried when you use the new router? What is the Operating System of the device which tries a connection to a VPN server (is it OS X)? What is the software that you run to connect? Can we see the whole logs of this software taken after the problem has occurred? Kind regards

Warning, the action is implemented with a NOT operator in Eddie. "NOT specified routes", for the customer's purposes, must go inside the VPN tunnel. The customer just wishes to have the traffic for a couple of IP addresses outside the tunnel, all the other traffic must flow inside. This is the most common request and that's the logic behind the implementation of an option with a 'NOT' in Eddie. Kind regards

Hello! This will be fixed soon. Network Lock is not a default setting in 2.7, you need to enable it in 'Preferences', 'Advanced'. In 2.8 it's enabled by default. Kind regards

Hello! Please see here: https://airvpn.org/tor Eddie version 2.7 or higher is required. Kind regards

Hello! You need to insert the directive "reneg-sec" in your OpenVPN client configuration (see below a paste from the OpenVPN manual). Detailed instructions vary according to the client or OpenVPN wrapper you're running. With our client Eddie you can insert the directive in "AirVPN" -> "Preferences" -> "Advanced" -> "OVPN directives". Enter "reneg-sec 1800" in the left box reserved to additional directives, click "Save" and start a connection with a VPN server. Kind regards --reneg-sec n Renegotiate data channel key after n seconds (default=3600). When using dual-factor authentication, note that this default value may cause the end user to be challenged to reauthorize once per hour. Also, keep in mind that this option can be used on both the client and server, and whichever uses the lower value will be the one to trigger the renegotiation. A common mistake is to set --reneg-sec to a higher value on either the client or server, while the other side of the connection is still using the default value of 3600 seconds, meaning that the renegotiation will still occur once per 3600 seconds. The solution is to increase --reneg-sec on both the client and server, or set it to 0 on one side of the connection (to disable), and to your chosen value on the other side.

Hello! Wrong TLS cipher: TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 Try with "None". If it does not work try with "TLS-DHE-RSA-WITH-AES-128-CBC-SHA". Both are wrong as well but for some bug in several DD-WRT builds either the first OR the second work. Kind regards

Hello! Bug fixed. However, we would recommend that you use JSON, PHP or XML. Text format is not optimally readable. Kind regards

Hello, that's expected and correct when OpenVZ is not set up correctly, it's not OpenVPN fault. Please see here to solve: https://community.openvpn.net/openvpn/ticket/324 Kind regards

Hello, were you root or not when you invoked airvpn? Kind regards

Hello! Can you please elaborate on that? Kind regards

Hello! > 1. The upload speeds are fast (which also encrypt using tunnel and openvpn processes) You're right, that shows that the bottleneck is not in the CPU. But if it was your ISP to throttle, you could not reach higher performance on the host. With OpenVPN over SSL, the symptoms point to a bottleneck caused by VMWare. If the VM is attached via NAT to the host, maybe the problem is there. What happens in bridge mode? Kind regards

Hello, you can change connection mode in Eddie menu "AirVPN" -> "Preferences" -> "Protocols". Note that Eddie runs on OS X Mavericks or Yosemite. Older OS X versions should run Tunnelblick (another free and open source OpenVPN wrapper with a nice GUI). Try OpenVPN over SSL (in Eddie "SSL Tunnel - Port 443") if anything else fails. You should also get informed whether your node (in the college network) is behind a proxy or not. Kind regards

Hello, in the VM it is maybe a bottleneck due to the CPU. An OpenVPN daemon is run only by one core in any case so even if this core is at capacity you will not see the CPU particularly stressed, unless this is a single CPU, single core system. Currently OpenVPN does not scale well on multi-processor systems, it does not support HT. Kind regards

Hello, note that your definition of PFS is wrong: https://en.wikipedia.org/wiki/Forward_secrecy#Perfect_forward_secrecy We confirm to you that our cryptographic setup satisfies the properties of PFS. From your client logs you can see that Data Channel keys (used to encrypt the traffic) are re-negotiated every hour through DHE (Diffie-Hellman Exchange). Kind regards

Hello! Yes, assuming that you run our client it is possible to do it in "AirVPN" -> "Preferences" -> "Routes". Select "Not specified routes go: inside the tunnel" and enter the IP address(es) of the web sites. Without our client the same purpose can be achieved in this way (see the last part of the post): https://airvpn.org/topic/3721-netflix/?do=findComment&comment=3724 Kind regards

Hello! Our service is based on OpenVPN which is not included by default in Windows. Kind regards

Hello, many consumers' routers CPUs can't process more than 10 Mbit/s AES-256 throughput due to their processing power. Our Data Channel cipher is AES-256-CBC. Probably bottleneck is the router CPU. Try to connect directly from your computer to make a comparison. Kind regards

Hello, if you see your real IP address in ipleak.net or you see the central bottom box in our web site home page red while your system should be in the VPN, something is not working properly. According to your description it seems that the connection is established but the traffic is not tunneled. Please publish the client logs after a connection has been allegedly established. Kind regards

Hello, to change connection mode (ports, protocol etc.) select in the client "AirVPN" -> "Preferences" -> "Protocols". Do not trust speed tests and try different connection modes just in case your ISP is throttling OpenVPN connections. Kind regards

No, you can not confirm that. You not having DNS leaks (or whatever that is) does not mean "there is NO dns leak". It just means you're not having DNS leaks. Hello! Linux queries global DNS servers that are specified. Windows queries DNS servers specified on every and each network card, even with an apparently random behavior. A DNS leak occurs when a DNS server is queried against system settings for a particular connection. This can happen if a system lacks the concept of global DNS and starts querying randomly all the DNS servers it can find anywhere configured in any network card. Since Windows lacks the concept of global DNS and Linux does not, a DNS leak by definition can occur on Windows and can not occur on Linux. On 100% of the cases, so-called DNS leaks on Linux are configuration mistakes. Kind regards