Staff

Hello, we were suggesting that you can use anyway Eddie 2.5 without going back to outdated client versions which have more bugs, because you are not forced to use Eddie 2.5 network lock feature. You can just keep it not active, and use your custom or favorite type of leaks prevention. Kind regards

Hello! You can also use Eddie 2.5 because Network Lock is optional. You decide to activate it or not. In Eddie 2.5 it is disabled by default. Kind regards

Hello! We need to understand if some advanced feature of AirVPN client can be activated by default for all users without causing issues. We ask those who want to collaborate to do a little test: In Menu -> Preferences -> Advanced -> General please enable "Checking if the tunnel uses AirVPN DNS" and "Force DNS" (this last option only under Microsoft Windows) DNS Switch mode is by default set to "Automatic", please use it in "Automatic". If these settings work for you, please use them and confirm in this topic that they work for you. Otherwise, if some problem occurs, please describe here the problem. Finally, we have a question: without prejudice to the fact that it can be switched on or off anytime by users, do you prefer that by default the option "Exit confirmation" is on or off? Thanks to anyone who will collaborate! Kind regards AirVPN Staff

Hello! That's the right decision then. Try OpenVPN over SSL as well. It might work better than over SSH, because from other reports from Thailand it is possible that SSH is shaped much more than SSL to port 443. Also try the Hong Kong server, just in case. Kind regards

Hello! Yes, it is mandatory, no UDP support by SSH as you can imagine. So you have overhead by additional SSH tunnel and on top of that OpenVPN forced to work in TCP mode (which, for how OpenVPN works, will be slower and less efficient than UDP). You should never use this mode unless you absolutely need it for some reason (for example to bypass OpenVPN disruption or extreme shaping). Kind regards

Now this is getting interesting... https://twitter.com/JustusRanvier/status/511986110889619456 Kind regards

Hello! TCP and UDP are allowed in the local network. So if you use SMB (CIFS) to share folders, it should work as long as the transport protocol is UDP or TCP. However SMB could rely on NetBIOS too as transport protocol, in which case we need to investigate, can you please give us some information about that? Kind regards

Hello! Interesting... what happens if you tick "Force DNS" in the "Advanced" tab? Kind regards

Website: http://www.gazzetta.it La Gazzetta dello Sport, an Italian sport website and streaming. Status: OK Routing: All servers to IT route. Note: if you have an advertising blocker active (like Adblock or uBlock) try to disable it. This site detect use of this blocker and prevent to see the video.

Hello! To simplify things, with Debian just download the .deb package (32 or 64 bit version according to your Linux kernel). If you run Gnome or KDE or Xfce as Desktop Manager, right click on the icon and select "Open with..." -> "Package installer" or anything similar. If you don't run any of the above Desktop Managers contact us again. Also, you can anyway install everything from a shell (as root), just with apt-get and dpkg. For Debian 7 readers' reference: apt-get update apt-get install gksu mono-runtime mono-utils libmono-system-runtime2.0-cil libmono-winforms2.0-cil libmono-corlib2.0-cil openvpn stunnel4 dpkg -i <airvpn_package.deb> Kind regards

Hello! Please upgrade to Eddie 2.5 and enable the Network Lock feature. It will prevent any leak in case of unexpected VPN disconnection which may occur for a brief line drop or other imponderable causes. Kind regards

Hello! The following problem: ! 2014.09.15 19:13:35 - Checking route W 2014.09.15 19:13:45 - The operation has timed out could be caused either by a slow or failed connection. To discern the case, try to disable "Checking if the tunnel effectively works" in "AirVPN" -> "Preferences" -> "Advanced", try again a connection to a VPN server, browse to https://airvpn.org and check whether the central bottom box is green or red. We're looking forward to hearing from you. Kind regards

Hello! The Network Lock feature is meant to work globally, not on an application basis, so you just need to activate it. Please read here: https://airvpn.org/topic/12175-network-lock Kind regards

Hello! No, it is explicitly designed to allow communications within your local network. You should add rules to prevent that. However, remember that you will need anyway to allow communications with your router and with your DHCP server, if any. Kind regards

Hello! What the Network Lock feature does on your operating system is transparently explained in the answer to this FAQ: https://airvpn.org/faq/software_lock/ Network lock under Linux is performed by iptables, maybe it doesn't conflict with UFW because UFW is just an iptables frontend. Network locks are implemented as plugins, we can think about implementing different versions and leave users the choice of network lock method. We alter at runtime Windows Firewall configuration and rules, as explained in the answer to the aforementioned FAQ. Maybe this software you use doesn't expect that. We can look into that, is it this ? Kind regards

Hello! We're very glad to inform you that a new Eddie Air client version has been released: 2.5. Please read the changelogs: https://airvpn.org/services/changelog.php?software=client&format=html 2.5 version is compatible with several Linux distributions. For very important notes about environments, please read here: https://airvpn.org/forum/35-client-software-platforms-environments Network Lock feature has been implemented in version 2.5 as EXPERIMENTAL for all systems. By default it is turned off, feel free to activate and test it by clicking "AirVPN" -> "Preferences" -> "Advanced" -> "Network Lock" -> "Mode: Automatic". Important information on how it works: https://airvpn.org/topic/12175-network-lock Eddie 2.5 for Linux can be downloaded here: https://airvpn.org/linux Eddie 2.5 for Windows can be downloaded here: https://airvpn.org/windows Eddie 2.5 for OS X Mavericks can be downloaded here: https://airvpn.org/macosx PLEASE NOTE: Eddie 2.5 package, just like Eddie 2.4beta package, includes an OpenVPN version re-compiled by us with OpenSSL 1.0.1i for security reasons and to fix this bug: https://community.openvpn.net/openvpn/ticket/328 Eddie 2.5 is free and open source software released under GPLv3 Kind regards & datalove AirVPN Staff

Hello! In the "Servers" tab please tick "Lock current". Kind regards

Hello! Unfortunately not, OpenVPN does not scale well, and each instance will use one single core. This is an important limitation that will be probably overcome only in the next major release 3. Kind regards

Hello! mage1982 is right. We just wish to add that we are focused on VPN services at the moment, so we have no immediate plans to provide a public DNS service. Kind regards

Hello! That's right, there are no DNS leaks on Linux. Can we see the content of your /etc/resolv.conf file before and after a connection to a VPN server, with method "Renaming"? Maybe your system sends to your ISP IPv6 DNS queries. Kind regards

Hello, SlyFox is right, this is perfectly normal. Your router CPU processing power can't handle more than 10 Mbit/s AES-256 throughput (AES-256-CBC is the cipher of our OpenVPN Data Channel). Use a powerful enough pfSense box or connect directly from your computers (up to three simultaneous connections form different devices are possible with the same account) to bypass your router bottleneck. Kind regards

Hello! Our service is based on OpenVPN and OpenVPN connections are disrupted in most China residential lines. This is possible because OpenVPN packets headers (not payload, which are of course encrypted) have some additional information for packet re-ordering that make them discernible (with DPI) from pure TLS/SSL connections. PPTP with insecure authentication (not supported by us) is not disrupted (that's why you could use other non-OpenVPN based services, probably), maybe because it's not a problem for Chinese authorities (they can break it and decrypt the traffic flow very quickly and easily). In order to bypass the block, OpenVPN over SSL is necessary. The first SSL tunnel encrypts the OpenVPN "fingerprint" to make it not detectable. The method has been tested as successful since more than a year ago from various China areas, including Shanghai and Beijing. Unfortunately, OpenVPN over SSL is available for Linux, Windows and OS X only. It is not working on Android and iOS for limitations of the openvpn app. Anyway, many mobile networks in China do not block OpenVPN, so this is a relatively minor problem. Our client Eddie (for Linux, OS X and Windows) implements OpenVPN over SSL, that can be activated with a click. All of our VPN servers accept this connection mode. On Eddie, click "AirVPN" button, select "Preferences", click "Protocols" tab, select "SSL Tunnel - Port 443" and click "Save". As you can see from the logs, Eddie client is perfectly capable to establish a connection even if your system can't reach our web site. Please contact us in private (open a ticket) if you want to access our web site even without VPN. Kind regards

Hello! ipleak.net queries commercial MaxMind database (and we pay for it), which is wrong as well. We'll think about your suggestions and a solution! Kind regards

Well, might be that a bit risky, don't you think? For instance, what happens when you receive DMCA complaints (probably you just remove the torrent), but what if they go beyond that.... Don't you are more responsible with the content that you seed because you purchase the server directly from the datacenter, instead having a 3rd party that takes a bitt of risk themselves by offering this kind of services. Hello, seedboxes are dedicated to share files that are not necessarily protected by restrictive copyright. Ideally a DMCA complaint in the USA should be received only if there is a copyright infringement (yes, we know there are so many mistakes with wrong notices and copyright trolls around, but that's another story). Given the initial message of this thread, it should not be assumed that a seedbox is used in any illegal way. For clarity purposes we should keep this thread focused on technical usages (or installation) of seedboxes and reviews of services, while a voluntary infringing usage of seedboxes should be discussed elsewhere. Kind regards

Hello! It's not completely clear what you want to achieve. Perhaps some clarifications are necessary. First of all, it must be clear what a port (in networking) is. Wikipedia provides an outstanding, great, precise definition in article http://en.wikipedia.org/wiki/Port_%28computer_networking%29 : "In computer networking, a port is an application-specific or process-specific software construct serving as a communications endpoint in a computer's host operating system. The purpose of ports is to uniquely identify different applications or processes running on a single computer and thereby enable them to share a single physical connection to a packet-switched network like the Internet. In the context of the Internet Protocol, a port is associated with an IP address of the host, as well as the type of protocol used for communication. The protocols that primarily use ports are the Transport Layer protocols, such as the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) of the Internet Protocol Suite. A port is identified for each address and protocol by a 16-bit number, commonly known as the port number. The port number, added to a computer's IP address, completes the destination address for a communications session. That is, data packets are routed across the network to a specific destination IP address, and then, upon reaching the destination computer, are further routed to the specific process bound to the destination port number. Note that it is the combination of IP address and port number together that must be globally unique. Thus, different IP addresses or protocols may use the same port number for communication; e.g., on a given host or interface UDP and TCP may use the same port number, or on a host with two interfaces, both addresses may be associated with a port having the same number." Therefore, a port is said to be "open" when all the following conditions are met: 1) it exists 2) packets to it are not dropped or rejected by any packet filtering tool 3) the process identified by the port replies Condition 1 seems trivial but please think about it. If there is no process identified by the host by a certain endpoint, there is no endpoint at all. The port does not exist, period. In common language this is one of the cases for which we say that "a port is closed". When you remotely forward a port on our system, the VPN server will take care to forward packets to your VPN IP address:port number so you will be able to have listening services (i.e. processes identified by a unique endpoint) behind our NAT. Thus: - if your service does not run, our servers forward packets but your system will not reply because it does not know which process it should send the packets to: "the port is closed". - if your service runs, but a packet filtering tool on your system rejects or drops packets, the port does exist but it is again "closed" - if your service runs and your packet filtering tool does not reject or drop packets it, but the port is not forwarded on our system, the VPN servers will drop the incoming packets from the Internet: the port is once again "closed" (from the external "Internet point of view") - if your service runs, your packet filtering tool does not intercept packets to it, and the port is remotely forwarded on our system, the port is "open" The problem you cite with Windows is probably due to the fact that by default a lot of processes (identified by an endpoint on the host) run without the user awareness, therefore a lot of ports "are open" by default. If the process associated to the port has one or more vulnerabilities, it may become the target of an attack: by sending packets to that port (i.e. by communicating with the vulnerable processes) an attacker could exploit such vulnerabilities for various purposes, including taking root control of the machine where such process runs (with privileges escalation, or with some intentional overflow just to make two random examples). Hence the basic rule: not running processes that you do not need is the first, simplest way to "close a port", even before than setting up a packet filtering tool. When you're connected to our service, by default "all ports are closed". This means that the VPN server will not forward anything to your VPN IP. However, this does not mean that ALL of your host ports "are closed". For example, if your computer is behind a router NAT (very common case), AND you have processes running on the computer and listening to the physical network card AND you forward ports on your router matching the same endpoint of those processes, packets can reach those processes through that other forwarded ports. In general, when you are connected to a VPN server you should not forward ports on the router. Not only it is useless, because the VPN tunnel bypasses your router NAT as well as your ISP NAT (if any), but it is also potentially dangerous. In particular if you forward the SAME port numbers both on the VPN and on your router, and you have a process listening to those ports, correlation attacks become possible. Kind regards