Staff

Hello! Well, yes, actually our service is aimed to those who have Internet access... even a limited one, even behind a NAT, but anyway some Internet access. If your 3G provider does not provide Internet access, as Visentinel suspects, the matter gets complex. Maybe not impossible... first of all, what are the symptoms of the failed connection? Can you please post the logs of an attempted connection to a VPN server, just to begin to get an idea? Do you have any technical detail about what kind of connection you have (for example, are you behind a proxy?)? We are very curious about this case. In most EU countries 3G providers provide (more or less) thorough Internet access which always makes an OpenVPN connection possibile. Kind regards

Hello! Yes, as you correctly write, the most immediate solution without traffic-splitting would be to remotely forward ports on our system and optionally use our DDNS service for increased flexibility. Our DDNS updates your names records according to the VPN server your account connects to, so that they always resolve into the exit-IP address of that VPN server. You can have a maximum of 20 names. Limitation: DDNS will not work with multiple and simultaneous connections from the same account. Kind regards

Hello! BBC iPlayer is currently working just fine on every and each server. Just make sure that you use the VPN DNS. Should you find a specific server from which you can't access BBC contents, first make sure that your system queries the VPN DNS, and only after that specify the server(s) in this thread. Kind regards

Hello, it works just fine. Please make sure that you use VPN DNS, otherwise you will not be able to access BBC programs and iPlayer, not even from UK servers. Kind regards

Routing isn't a simple job. Normally if a TV has its own IP range (for example BBC) we route the entire range to an accepted exit-routing-server. But in many cases it isn't so simple, many services use distributed CDN systems (like Akamai), so we need to investigate (we do it by manually analysing traffic with WireShark) and route specific domain gateway used by CDN. So, it's possible that sometimes we miss some route. It might be occurring for example if CDN uses different gateways for Flash and Silverlight, and we test/discover only Flash. Or, simply, if CDN changes something. We just added some routing rules for BBC.UK, we just tested ./get_iplayer --type=livetv --get "BBC Two" from Castor and now it works. If you still have issues with get_iplayer, please provide us with the exact command-line, which may include a specific codec mode.

Hello! Thanks for the report! Not yet: this function is not implemented in Eddie 2.1beta. Only "Force DNS" is (which anyway is more interesting for Windows users). The "any leak" prevention will be probably implemented with the next release (as you can see the release cycle of Eddie is pushed fast). Eddit No, not really... Eddie implements several, new censorship circumvention features, and in particular cases very restrictive rules can block some or all of them. On the other hand it's also a way to test how good is Eddie in bypassing censorship, blocks etc., but if you're not in a censorship-fan network you would not need such features anyway. Kind regards

Hello, which Ubuntu version? What happens if you install OpenVPN manually (sudo apt-get install openvpn) ? Kind regards

Hello! Yes, this is the right place. This is a known issue in openSUSE, as you can see in openSUSE environment report, because in openSUSE resolvconf or openresolv are not installed and not available in repositories. When such packages are not installed, you must not tick "Force DNS" in Eddie, because with that option OpenVPN relies on update-resolv-conf script, which in turn relies on resolvconf. Linux does not leak DNS queries, it just uses the DNS you set, sending the queries to the VPN server (encrypted) or to your router (unencrypted) in full compliance with the settings, routing table included. We define a DNS leak as such when the system does not comply to your settings, like in Windows (where the concept of global DNS is missing), and this is not the case with Linux. As a temporary workaround you can manually edit (as root) your /etc/resolv.conf file and insert the following line as first nameserver: nameserver 10.4.0.1 This will force usage of VPN DNS when connected to a VPN server to port 53, 80 or 443, either in UDP or TCP. When not connected to a VPN server, your system will use the other nameservers. Kind regards

Hello! Please see here, now Ubuntu is supported. https://airvpn.org/topic/11598-eddie-21beta-available/ Kind regards

Hello! We're very glad to inform you that a new Eddie Air client version has been released: 2.1beta. It addresses a lot of issues after the public first beta testing phase of 2.0beta. Please read the changelogs: https://airvpn.org/services/changelog.php?software=client&format=html The 2.1beta version is compatible with several Linux distributions. For very important notes about environments, please read here: https://airvpn.org/forum/35-client-software-platforms-environments Planned next steps: Network Leak Protection implementation, OS X version. Eddie 2.1beta Linux can be downloaded here: https://airvpn.org/linux_ex Eddie 2.1beta Windows can be downloaded here: https://airvpn.org/windows_ex Eddie 2.1beta is free and open source software released under GPLv3 Kind regards & datalove AirVPN Staff

Hello, apparently you might follow two methods: whitelisting (you block everything and you allow only the browser) or blacklisting (you block all the applications that you want). In reality, whitelisting might be harder: there are system processes that must be able to reach the VPN server (for example svchost.exe, ping.exe...). We do not know unfortunately the complete list of Windows system processes which must be enabled. In general, if you connect to VPN servers ports 53, 80 or 443, in order to block an application only in the VPN, but leaving it able to communicate outside the VPN, you just need to block, for that application, outgoing packets coming from IP in range [10.4.0.1 - 10.9.255.254], any protocol. Kind regards

Hello! We remind you that April projects funding poll is open and will close on May the 29th. Which project shall we fund? AirVPN community has selected the candidate projects during April and the community will decide the one to be funded! Feel free to express your preference here https://airvpn.org/topic/11569-poll-april-projects-funding Kind regards AirVPN Staff

Hello! The client will not start under Ubuntu. A version running under Ubuntu is currently in testing. Everything is going well at the moment, so if no other issue rises up, the next Eddie release will include these changes and will run in Ubuntu distros as well. Kind regards

Hello! Which server are you connecting stunnel to? From this line: Section stunnel: SSL server needs a certificate it might be a server-side problem. Also, try with "stunnel4" instead of "stunnel" Kind regards

Hello! Does the problem occur on Pollux only? Kind regards

Hello! Maybe so, but first please define a captive portal and elaborate. The more information the better. Kind regards

Hello, we do not understand your point, that's a verification for suspect transactions to make sure that the credit cards data and the data you provide will match in order to prevent common frauds on the online environment. Without such verifications for each even slightly suspect transaction there would be no option for merchants to accept credit cards online: the number of frauds would be overwhelming. If you want to hide your identity in the transaction phase to the payment processor you need to pay with Bitcoin, not with your credit card. If you want to abort the transaction just do not provide the require data. Kind regards

We're going to start with the April poll with a new option, let's see how it goes. Only persons who have contributed to our forums with at least 5 posts are allowed to vote. We have some perplexity whether to allow only premium users to vote: - Some people could use different accounts for VPN and forum posts. - The information whether a forum member is a premium member or not is NOT public. We want to avoid to disclose this information with this kind of distinction. If the community wants to know, for transparency purposes, who voted an option, that would become a privacy problem.

Only persons who have contributed to our forums with at least 5 posts are allowed to vote. Anyone can vote with a single or multiple choice. Who votes for what is NOT a public information. We can change this if the community prefers so.

Hello! The problem is here: It's not Eddie's problem, see here for a quick fix: http://askubuntu.com/a/172157 Kind regards

Hello! Noted. We confirm the problem on Fedora: we will be investigating soon. Thanks for the report. Kind regards

Hello! If you click the "Logs" tab, do the logs open? If so, if you click on the icon "Copy to clipboard" or "Save to file", what happens? EDIT. network-manager-openvpn usage is currently deprecated by us, see the instructions to know the reasons (here https://airvpn.org/topic/11432-using-airvpn-with-ubuntu-network-manager and here https://airvpn.org/topic/11432-using-airvpn-with-ubuntu-network-manager ) Kind regards

Hello! We expected a notice like that It is not a bug, it is intentional and it does not pose any security concern. It looks like plain http, but it is NOT. What data can you see? Use Wireshark for example. You can see an HTTP request, with two parameters. These parameters are encrypted with AES 256, over a RSA 4096 bit pre-authentication, preventing any possible MITM attack. We don't use the similar layer implemented in HTTPS, we re-built it, so https become only an additional, useless layer. If you want to look at the code on GitHub, all the connections to our authentication servers are managed by this class: https://github.com/AirVPN/airvpn-client/blob/master/src/Core/AirExchange.cs In order: - Generation of AES 256 key (note: new one for each http request) - Encryption of the AES 256 key with "AirVPN Software Public Key" (RSA 4096 bit). This is the param "S" in HTTP request - Encryption of the data with AES. This is the param "D" in HTTP request - Our server receives the request. Only our server has the RSA Private Key, so only our server can decrypt/obtain the AES key. - Our server replies with data encrypted with the AES key, that only the client knows so that it can decrypt data. Our only missing feature (planned) is an implementation about revoking the public key on client-side. Thanks for the report. Kind regards

Hello! You're not missing anything, we confirm the issue on openSUSE, we're investigating. Kind regards

Hi, which servers (always specify names please)? Kind regards