Staff

Hello, some quick suggestions: you should allow also packets to/from 255.255.255.255 for those users who use DHCP. Comment "allow all on tun+" is not totally correct, FORWARD is dropped. But it should be accepted. Communication inside the local network is not allowed, which will bring big trouble at reboot (since rules are made persistent): no communication with a router etc. Kind regards

Hello! No, when Eddie is shut down the firewall is restored to original setting. This is intentional. Furthermore if Eddie crashes the firewall is not restored to original settings, so "Network Lock" remains enabled, which is good under a security point of view. Kind regards

Hello! The tun interface (the virtual network interface used by OpenVPN) does not come up. Try this: https://airvpn.org/topic/8320-solved-connects-but-ip-doesnt-change-on-windows-server-essentials-2012/?do=findComment&comment=8321 If all of the above does not fix the problem, try to upgrade to OpenVPN 2.3.6. It's available here: https://openvpn.net/index.php/open-source/downloads.html If you run the Eddie installed version after the upgrade Eddie will use the new OpenVPN version. If you run Eddie portable version, after the installation of OpenVPN (that you should perform anyway so you'll have the tun/tap interface driver up to date) you'll need to paste the new openvpn.exe in Eddie directory. Kind regards

Hello, various Eddie screenshots are available here: https://airvpn.org/software Kind regards

Hello! Assuming that you're running our client Eddie, please click "Logs" tab, click "Copy to clipboard" icon and paste into your message. Kind regards

Hello! Either with our client, with any other OpenVPN wrapper, or with OpenVPN itself, the authentication method is always the same. It is based on a ta.key (used for TLS pre-auth, this is just to add some security and protection to our servers), double-certificate (ca.crt and user.crt, respectively server/CA and client certificate) and of course the client secret key user.key. By default the .ovpn configuration file generated by the Configuration Generator is embedded with keys and certificates. You can force the CG to generate split files by ticking "Advanced Mode" and "Separate certs/keys from .ovpn files". Kind regards

This. It's a service and one which I choose to actually use my PC. I really don't understand why the needs of a few should cause annoying behaviour for the majority. Nobody is asking that AirVPN bans TOR from all of their machines. On the other hand, facing really annoying stuff and asking for a solution, it's disheartening to be told "it's the world's fault, let's wait for the whole world to change their collective mind, meanwhile suck it up". To the staff: you say you know who's using TOR. I don't care *who* is using it. But I would like some numbers as part of the discussion. What percentage of users is doing it (by the way, if I understand things clearly, it's not enough to be using it to mark a server as an exit node, you need to setup a relay for it, right?)? Hello! We will not disclose any data. We are anyway working on an effective solution which will make everybody happy, including protocol discriminators and Net Neutrality purists. If everything goes well, we will be able to apply the solution in a matter of few days. Kind regards

Hello! Anyway, we just added the "Entry-IP" field for servers, and the "Best Server" by country/continent/planet. Kind regards

Hello, can you please try again now? Kind regards

Hello, a DNS leak is when a DNS query is sent out of the tunnel. It does not even reach our servers. If a DNS query reaches our server, then it has been tunneled, and we want to leave our clients the freedom to use their favorite DNS, in case they do not want to use our VPN DNS. In case they want to force the VPN DNS, the option you suggest looks just like "Force DNS", which is already implemented in Eddie. Some confusion here, you talk about "config generator section of the Client Area" and at the same time propose a "server side" feature. You propose a "Force all applications use Air's VPN server" but the iptables refers to "--dport 53", another mistake. In any case, on client side, all we can implement is done in AirVPN Client. Yes, maybe in the future we can enhance the Config Generator to create some scripts to prevent leaks, but we need to write it in every platform, not only Linux/iptables. On server side: - There isn't any 'application leak' that we can manage, because if a packet reaches our server, there isn't any leak. - There isn't any 'DNS leak', because if a DNS query reaches our server, it's already inside the VPN tunnel. Note: 'DNS Leak' normally means a DNS request sent outside the VPN tunnel. You are a Linux guy, and DNS leaks never happen in Linux. DNS leak in Windows exists because Windows sometimes sends the DNS query to the DNS server set on the standard interface (lacking also a global DNS) regardless of the VPN tunnel being estabilished or not. If a Windows executes a DNS query outside the tunnel, our server never receives it, so it's impossible to prevent Windows DNS leaks on server side. Kind regards

Hello! We are in contact with Hadar datacenter technicians, they are investigating. Kind regards

Hello, try to tick "Force DNS" in "AirVPN" -> "Preferences" -> "Advanced". Kind regards Is already ticked Hello! Good, now set your favorite public DNS on your physical network card while Eddie is NOT running. After that, "Force DNS" will set VPN DNS when the connection is on, and restore your favorite DNS when the connection is off (assuming that you do not kill Eddie abruptly but you shut it down normally). If you need references: http://www.opennicproject.org/configure-your-dns/how-to-change-dns-servers-in-windows-7 Kind regards

Hello! Please note: geo-localization is based on javascript and is not necessarily related to your IP address. Kind regards

Hello! You can resolve .airvpn.org. For example: $ dig @95.85.9.86 acrux.airvpn.org +short 37.48.81.12 Kind regards

We don't have any, we're sorry. Kind regards

Hello, might it be that the OpenVPN version you run directly is not the same version run by Eddie? Compare OpenVPN logs version output in Eddie logs with OpenVPN logs version output when you run it directly. Kind regards

There are no DNS leaks on Linux. What it could happen is that your torrent client queries its own DNS servers bypassing resolv.conf, but the query is tunneled anyway. Kind regards

Hello! We're very glad to inform you that new 1 Gbit/s servers located in Canada are available: Almach and Spica. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, Almach and Spica support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! We're very glad to inform you that new 1 Gbit/s servers located in the Netherlands are available: Botein and Mizar. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, Botein and Mizar support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Exactly! Kind regards

Hello, yes, the forum board does not log IP addresses. Kind regards

Hello, what is vulnerability 5906907 according to Kaspesrky? Kind regards

Hello! .airvpn.org resolves into all the possible entry-IP addresses of VPN servers on that country, so the choice is random and performed by your OS. For a more accurate selection you can use .vpn.airdns.org (for example "de.vpn.airdns.org") which resolves into one IP address, i.e. the IP address of the VPN server with the best rating in that country. For the most accurate selection according to latency our client Eddie is recommended, or you should look at the real time servers monitor on our web site (click "Status" from the upper menu of our web site). About the rating method please see here (the last part of the post): https://airvpn.org/topic/12671-upgrades-for-eddie/?do=findComment&comment=21663 Kind regards

Hello, try to tick "Force DNS" in "AirVPN" -> "Preferences" -> "Advanced". Kind regards

Hello! Our apologies, we fixed a little bug in our TOR detection system. Now ipleak.net reports correctly if an IP address is associated to a Tor Exit (exit versus 8.8.8.8). Take for example Pallas, the information about the relay is public: https://atlas.torproject.org/#search/37.48.80.175 We inevitably know which AirVPN users are, because they forward the ORPort and DirPort to do that. We remind you that AirVPN already powers two Relays and funds TorServers.net (1000 EUR every other month) to power an Exit node. Note: it's disappointing that TorServers.net has our Exit node down at the moment. We are investigating about this, and also thinking about the option to run ourselves one or more Tor Exit node. We are evaluating whether to send a private notification to all AirVPN users that are running a Tor exit node behind one of our servers with a link to this topic. Kind regards