Staff

Hello! The most common usage is establishing up to 3 connections to up to 3 different servers from up to three different (either real or virtual) machines. Kind regards

@zhang888 You entered a logical flaw. In order to maintain a high privacy environment and a strong anonymity layer it is mandatory that we agree that logging is not a marketing term, but it means to keep a file to record past events so that they can be rebuilt in ANY arbitrary moment in the future. If you extend the meaning of logging as you are doing, then the RAM image itself would mean "logging", or more generally any state at any given moment of any kind of a limited Turing machine would be a log. According to your definition every type of limited Turing machine logs and every state is a log (even if that state is destroyed in time) and the concepts of "anonymity layer" and "privacy" do not exist anymore as soon as any limited Turing machine or a computer is used, while on real world it is clear the difference (given the flow of time as we perceive it) between keeping information that can be used in any arbitrary moment in the future and NOT keeping them. Amongst other things, what here is relevant is that keeping a temporary information (for example, 1 byte) about whether a "connection" is established or not (which is mandatory to make Internet working) is not only totally irrelevant for privacy, but also and above all completely equivalent regardless of the value of that byte, from which the absurdity of your conclusion derives: there is no difference according to your definition in allowing n connections from one account, for each possible value of n, including n=1 and n=3. Such philosophical discussion is completely irrelevant for our mission and for the purposes of our customers, for whom the concept of "anonymity" and "privacy" are preserved when no information can be rebuilt in an arbitrary future moment even if it is known that they were using a VPN service, but it can imply a real nice philosophical discussion that you are free to open in "Off Topic", but please not in this topic, thanks in advance. Kind regards

Hello! Thank you for your feedback. 1) Client, DDNS handling and port checks need an update. We are already working on it and a solution will come out very soon (a matter probably of days). 2) We don't use any RADIUS or other kind of software for authentication purposes. There is no change about privacy and no additional monitoring. Internal details: - Each AirVPN server runs simply OpenVPN daemons - When a new connection is received, after the cryptographic validations, the VPN server contacts indirectly a backend server to notify the connection. This updates a centralized 'active sessions' table in our db, data queried by our website pages for real time stats. Previously, if our backend server already had a session from a user, it replied to OpenVPN server to reject the connection Now, if our backend server already sees 3 sessions from the same user, it tells OpenVPN server to reject the connection. Technically, there isn't any architectural change. It is a 'political' change. Kind regards

Hello! No, wait, the download of keys and certificates is NOT in the clear. It's encrypted via HTTPS with TLS up to 1.2 and Perfect Forward Secrecy (with DHE or ECDHE key exchange). Just don't use Internet Explorer 6 or 8 otherwise you will lose FS and TLS 1.2. Kind regards

Hello! We're glad to inform you that from now on: every account can establish 3 simultaneous connections to DIFFERENT AirVPN servers EDIT 29-Nov-17. This thread is obsolete, now limit of concurrent connections is FIVE. Please see https://airvpn.org/topic/24167-five-simultaneous-connections-per-account/ No impact on quality of service will occur: the guaranteed allocated bandwidth pertains to accounts, regardless of the number of established connections. If you establish 2 or 3 connections with the same account, we guarantee the SAME allocated bandwidth as before, NOT the double or the triple of it. No price increase has been planned for this new feature. As specified above, you can NOT connect the same account twice or thrice to the same AirVPN server. Each connection must go to a different AirVPN server. We're confident that allowing 3 connections per account at the same price will meet fully the requirements expressed by several customers. Please do not hesitate to contact us for any further information. Kind regards & datalove AirVPN Staff

Hello! Crucis is under maintenance and we'll make an announcement soon about it. Kind regards

Hello! We're glad to inform you that in a short time we'll release an Air client version supporting connections of OpenVPN over SSL/SSH. Kind regards

Hello! We're glad to inform you that upgrade completed successfully! Kind regards

UPGRADE IS IN PROGRESS. You can already download the new configuration files (which include new keys and certificates) if you wish so. Kind regards

Tunnelblick users need to re-generate certificates, configuration files and keys, just like users of any other OpenVPN wrapper (except the Air client) need to do. Kind regards

Hello! It's a warning, not an error. The system warns you that the key is accessible by a whole group. Just change the ownership and flags (if necessary) of the file to fix it. For example, make it readable only by root. Kind regards

Hello! Because the service could use different methods than your IP address to detect which country you're in. For example the service can (in HTML5) just ask your browser which country you're in and your browser (if authorized) will tell it. Kind regards

Hello! 2048 bit keys, currently. So what...? The Control Channel cipher is HMAC SHA1, not SHA1. SHA1 is the underlying hash verification. Deprecation has nothing to do with it. It is well known that SHA1 should never be used as a security cipher and OpenVPN does not use it. In HMAC SHA1 we don't even have to care at all about SHA1 hash collisions. In order to inject forged packets in your traffic flow, an attacker should first break every single upper layer, starting from HMAC which is extremely robust, and THEN try hash collisions. Kind regards

Hello! This might help: http://help.smugmug.com/customer/portal/articles/84385-how-do-i-install-the-godaddy-root-certificate-in-windows- Kind regards

Hello! Yes, that's correct. Only AFTER the end of the upgrade. Kind regards

UPGRADE COMPLETED SUCCESSFULLY Hello! We're glad to inform you that a major system upgrade will take place during Sunday, 13 April 2014, 21:00:00 - Sunday, 13 April 2014, 22:00:00 UTC This upgrade has a triple, important purpose: close any possible exploitation chance, regardless of how unlikely it could be, deriving from past "Heartbleed" vulnerability, bring AirVPN in an even higher security environment and open the road for an important new feature of the service: 3 simultaneous connections per account on different servers (details will be provided soon after the major upgrade which takes precedence). The upgrade in details switch to 4096 bit size RSA and DH keysimplementation of additional OpenVPN TLS-Auth layerre-generation of certificates and keysgeneral optimizationDuring the upgrade all the VPN clients will be forcefully disconnected and will not be able to reconnect. The upgrade will take approximately 30 minutes. Disconnections will occur on all servers from-to: Sunday, 13 April 2014, 21:00:00 - Sunday, 13 April 2014, 22:00:00 UTC that is: Sunday, 13 April 2014, 14:00:00 - Sunday, 13 April 2014, 15:00:00 PDT Sunday, 13 April 2014, 16:00:00 - Sunday, 13 April 2014, 17:00:00 CDT Sunday, 13 April 2014, 17:00:00 - Sunday, 13 April 2014, 18:00:00 EDT Sunday, 13 April 2014, 23:00:00 - Monday, 14 April 2014, 00:00:00 CEST Monday, 14 April 2014, 06:00:00 - Monday, 14 April 2014, 07:00:00 JST Click here to find your town: http://www.timeanddate.com/worldclock/fixedtime.html?msg=Switch+to+4096+bit+size+keys&iso=20140413T23&p1=215&ah=1 Mandatory actions After the upgrade, customers running the Air client for Windows will need to shut down and restart the Air client. It is assumed that customers have already downloaded the new package for Windows which includes OpenVPN with non-vulnerable OpenSSL, available here https://airvpn.org/windows and installed the new OpenVPN version. Customers running any other OpenVPN wrapper or OpenVPN will need to re-download configuration, certificates and keys files. Additional information for customers running manually configured wrappers: the "TLS-Cipher" or equivalent name in your configuration becomes: TLS-DHE-RSA-WITH-AES-256-CBC-SHAin Tomato, DD-WRT, pfSense, Fritz!Box etc., the client certificate, the server certificate, the client key and the TLS key must be pasted again (after they have been generated and downloaded from the Configuration Generator as usual) in the appropriate fields of your configurationPlease do not hesitate to contact us for any further information. Kind regards AirVPN Staff

Hello! Of course. It appears that you have not followed https://airvpn.org/topic/11298-openssl-heartbleed-bug-tlsssl-vulnerability/?do=findComment&comment=16461 in the last three days but we strongly recommend that you do that. Of course. Please follow our recommendation. It is premature to allow generation of new private keys as long as the old certificate is not revoked (revocation ordered on 8-Apr, so it should go into effect real soon now) and anyway client private key leak is not such a big deal. Stay tuned, an important announcement is due in a few hours. EDIT: announcement published https://airvpn.org/topic/11319-major-system-upgrade/ Kind regards

Hello! Please post the logs taken just after a connection has been allegedly established. Please right-click on the Air tray icon, select "Logs", click "Copy to clibpoard" and paste into your message. Kind regards

Hello, it's worth checking whether you have some packet filtering tool that might "think" that the UDP traffic is a flood attack. When you connect OpenVPN in UDP mode, all the traffic to your system is UDP only. This may trigger security systems which start to drop packets. Please check your router as well. Kind regards

Hello, yes, TLS Auth shall be implemented. Stay tuned. Kind regards

Hello! Please follow the main thread on the issue or see "News and announcement". https://airvpn.org/topic/11298-openssl-heartbleed-bug-tlsssl-vulnerability/?do=findComment&comment=16461 Kind regards

Hello! The Air client is an OpenVPN wrapper. We are preparing a new package with the new OpenVPN (just released, see NaDre message) which includes a non-vulnerable OpenSSL version. Kind regards

Even nicer: https://www.ssllabs.com/ssltest/analyze.html?d=airvpn.org Kind regards

Hello! The attacker should perform attacks against your node, not ours. Assuming that the attacker knows your real IP address, then the attacker can try to exploit the Heartbleed vulnerability. Please upgrade to Tunnelblick 3.4beta22 build 3789 which implements OpenSSL 1.0.1g. http://code.google.com/p/tunnelblick/wiki/RlsNotes About Android and iOS, openvpn-connect does not use OpenSSL, it employs PolarSSL which (as far as we know) is not affected by this vulnerability. Kind regards

Hello! Please read here: https://airvpn.org/topic/11298-openssl-heartbleed-bug-tlsssl-vulnerability/?do=findComment&comment=16461 Kind regards