Staff

Hello, we'll be looking into the issue, in the meantime please stop posting duplicate messages. Use any NON USA server for Hulu. Kind regards

Hello! It might be a DNS issue, can you please publish the output of the following commands: ping -c 4 google.com ping -c 4 8.8.8.8 ping -c 4 10.4.0.1 Kind regards

Hello! That's because we thought to leave that task to the server DNS push, that your client is free to accept or not (well, in Windows the DNS push is accepted by default, in Linux and *BSD it's not considered by default), but that's a good idea anyway, thank you. Kind regards

Hello, it's extremely trivial for a web server or a p2p client. The attacker just sends packets to the same port both to your ISP assigned IP address and to the VPN server exit-IP address and compares the result. If the victim service replies to packets on both the IP addresses (because the same inbound router port is open) and those replies are consistent (as they are, obviously) both in timing and content, then the attacker have a proof (usable in courts but also useful to criminal organizations etc.) that that service is run by you. No: the first attack condition is already that the attacker is wiretapping your line. If the service does not reply to packets to your real IP addres, no correlation proof is possible and the attack fails: it is not possible to prove that a certain service is run by you. The primary point is exactly to defeat those who are wiretapping your line. However, as a secondary but not less important point, there are more subtle attacks which allow an attacker to establish correlations even if that attacker is unable to monitor your ISP line. All of these attacks are possible only with the misconfiguration of your system, as already said over and over. Kind regards

Hello, no, totally false. The real risk is much higher. As it has been already explained, the exploit can be performed when the system is properly connected to a VPN server and properly tunneling. The consequences of the attack are that your real IP address is discovered and all the p2p activities or the activities of the service behind the VPN server are related to your REAL IP address. In order to avoid that, do NOT forward ports on your router, or at least close those ports on your physical network interface with a properly configured firewall, or bind the service to the tun/tap interface (but not all services can be bound to a specific interface). Be careful, this is NOT a fault or a problem of OpenVPN, this is a deliberate vulnerability that you voluntarily insert into your system: your system just complies to your orders and OpenVPN can't protect you against your own behavior. Kind regards

Hello, you're right, there's some confusion about it. The tutorial is correct but not entirely: some builds must be configured in that way, although TLS-Auth is "None" in our service. But if you set "None" on those builds, OpenVPN will inexplicably fail to maintain a stable connection, as if some different TLS-Auth parameter is passed to OpenVPN. We see that newest builds work just fine with the correct setting. On yet some other builds, the setting must be forced in the nvram (with a simple command). Usually this is not needed, we have met this necessity only on very old builds. So, please try to set it to "None". If it fails again, feel free to write back and we'll show how to set the proper setting directly, by bypassing the interface. Kind regards

Hello, tray icons are usually on the taskbar (the same bar where you can see the "Start" or Windows logo button). The Air client tray icon is a white cloud on a gray (or blue, if connected) sky. If the Air client tray icon is not there, expand the tray icons section by clicking the arrow symbol. If it's still not there, then the Air client is probably not running. Kind regards

@pxmjd Hello, be patient, we'll make an announcement soon. We are aware that Eddie development is terribly late with delay after delay since the announcement in April 2013, and we're working to fix the situation. In the meantime, please spend 10 seconds of your time to 'fix' the flawed DNS implementation in Windows (if you run Windows). Kind regards

Hello, we do not provide a SOCKS proxy in our service but you can connect OpenVPN over any SOCKS or http proxy. See here for an example: https://airvpn.org/tor If you need to connect an external proxy over OpenVPN, then you don't need anything special, just connect to a VPN server, then "proxify" the applications whose traffic you want to be tunneled over AirVPN over a proxy. On the contrary, if you wish OpenVPN to connect over a proxy, then you need to configure OpenVPN to connect over that proxy according to the aforementioned example. Kind regards

Hello, please enable the TUN/TAP adapter (the interface used by OpenVPN) in the Control Panel and make sure that you run only one instance of OpenVPN. The interface name is "TAP-Win32 Adapter ...". See also here: https://airvpn.org/topic/9988-airvpn-failed-to-start/?do=findComment&comment=13089 Kind regards

Hello, certificates and key are embedded in the .ovpn files. From the error message, maybe you're making some mistake during the installation of the .ovpn file. Can you please try the classical old, safe method according to the instructions? For example create a folder on the Destkop (example: "blabla"), paste one (and only one) .ovpn file inside it, rename the folder with a ".tblk" extension (so it becomes "blabla.tblk") and double click on the folder icon. Kind regards

Hello, your account needs a subscription. Accounts without a subscription can't access the Configuration Generator. Kind regards

Hello! In the username please use characters included in [a-z], [A-Z] and [0-9] sets. About the password, please use passwords not longer than 32 characters. While we have foreseen longer passwords, the authentication method still shows problems with longer than 32 characters passwords. Anyway, a "good" password with just 16 characters is extremely strong already. Kind regards

Hello! Is the .NET framework on the laptop up to date? Please see here about your problem: http://support.microsoft.com/kb/915599 and possible solutions. If every Microsoft suggested bug-fixes fail and your framework is up to date, you can anyway run OpenVPN GUI instead of the Air client. Kind regards

Hello! The directive for the renegotiation time is reneg-sec. We don't know whether it's possible to assign this custom directive with Viscosity (probably so, just add it on the .ovpn file with the custom directive option in the Configuration Generator or with a text editor and test). Default in our servers is 3600 seconds. You can't go over this value but you can go below. The "overlying" RSA keys sizes (2048 bit) can't be modified by you. See the OpenVPN manual: --reneg-sec n Renegotiate data channel key after n seconds (default=3600). When using dual-factor authentication, note that this default value may cause the end user to be challenged to reauthorize once per hour. Also, keep in mind that this option can be used on both the client and server, and whichever uses the lower value will be the one to trigger the renegotiation. A common mistake is to set --reneg-sec to a higher value on either the client or server, while the other side of the connection is still using the default value of 3600 seconds, meaning that the renegotiation will still occur once per 3600 seconds. The solution is to increase --reneg-sec on both the client and server, or set it to 0 on one side of the connection (to disable), and to your chosen value on the other side. Kind regards

Hello, the DNS IP address should match with server exit-IP address. In some, rare circumstances you might see a 54... address. This happens when the "failover" DNS must be used because something is wrong on the VPN server DNS server. EXCEPTION: Singapore VPN servers use different AirVPN servers DNS servers to avoid problems inside Singapore. Kind regards

Hello, yes, that's ordinary, it might have a blacklist or a whitelist, or it might work in synergy with a proxy. For this you should try to understand your network and if your node is behind a proxy. Kind regards

@amanbe Also, please ascertain whether your node is behind a proxy or not. If so, OpenVPN can connect over a proxy but you'll need to know in advance: - proxy type - proxy IP address or reachable name - proxy listening port - proxy authentication mode (if any) - proxy credentials (if any) Kind regards AirVPN Support Team

Hello! We're very glad to inform you that three new 1 Gbit/s servers located in Germany are available: Menkib, Wezen, Seginus. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, the new servers support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! We're very glad to inform you that seven new 1 Gbit/s servers located in the Netherlands are available: Acrux, Canopus, Haedi, Nekkar, Propus, Syrma, Taygeta. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, the new servers support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

@syncswim Just a clarification because it seems there's a little confusion about IP addresses. The IP address of your node in the VPN is DHCP-pushed and it is dynamic and private, see also https://airvpn.org/specs . To be more precise a client tun interface is (with Air configuration) a point-to-point device in a /30 subnet. The IP address on the Internet your packets appear to be coming from is the VPN server exit-IP address (your node is behind a NAT) which is always the same (it is changed only under exceptional circumstances). Kind regards

@zhang888 Hello, your solution is extraordinarily elegant, congratulations. It does not seem related to syncswim problem, though... can you please elaborate? This information can be precious for every OpenWRT user. Why is it necessary on OpenWRT, are there cases for which the VPN server routes push is not processed correctly by an OpenWRT router? EDIT: ok, we see the problem. Does it occur "usually" on OpenWRT? Kind regards

Hello! Each account can establish ONE concurrent connection. EDIT: since April 2014, each account can establish THREE concurrent connections. Kind regards

Hello, can you please publish the output of the commands "ifconfig" and "route -n" (after the connection has been established)? Kind regards

Hello! The destination port is wrong (currently set to 1194). Please set it to 443 or 80 or 53. The server IP/name is wrong, there's a ":443" string that must be deleted. We don't know exactly how your device handles "reneg_sec" to renegotiate Data Channel key, i.e. the meaning of "0". By default our servers are configured to renegotiate every 3600 seconds (1 hour). Therefore: if "0" disables this feature, you had better set "3600" otherwise you will lose Perfect Forward Secrecy. Your are free to set lower values to force our servers to perform re-keying more often, but you can NOT set higher values, otherwise you will lose connections after 1 hour because our server will want to change encryption key anyway. Last but not least, your device can't resolve gb.vpn.airdns.org (but that should be due to the wrong name, ":443"), please check your device DNS or insert directly an IP address of a server in place of the name gb.vpn.airdns.org if the problem is not solved after you delete that ":443" Kind regards