Staff

Hello! You have probably missed in the instructions the part where they say to tick "Advanced Mode" and then tick "Separate certs/keys from .ovpn files", in the Configuration Generator. In this way you will have separate configuration, certificates and key files. By default the CG generates .ovpn files embedded with certificates and key. Kind regards

Hello! It seems that some previously loaded kext is conflicting with Tunnelblick kexts. Please see here for a fix: https://groups.google.com/forum/#!topic/tunnelblick-discuss/ivhHZ9Ilkow or directly here: https://code.google.com/p/tunnelblick/wiki/cCommonProblems#An_OpenVPN_log_entry_says_%22Tunnelblick:_openvpnstart_status Kind regards

Hello, in the Air client login window you must enter your AirVPN credentials (username and password with which you registered and subscribed on our web site), not your Windows account credentials. Kind regards

Hello! From this error: it appears that some previously loaded kexts are conflicting with Tunnelblick kexts: please see here http://code.google.com/p/tunnelblick/wiki/cCommonProblems#An_OpenVPN_log_entry_says_%22Tunnelblick:_openvpnstart_status for a fix. Kind regards

Hello, yes, the ports are reported, as you can see. Apparently you have no need to remotely forward ports: it's onenote.exe that established the connections, it does not listen for incoming connections (and it's quite logical). We're glad to know that the problem is solved. Kind regards

@chrobak77 Please see the answer to your ticket. Kind regards

Hello, each VPN server has a name (from a real star or constellation), and Puppis is one of them. Please see the servers monitor by clicking "Status" on the upper menu of our web site. Your account is not connected at the moment of this writing to any VPN server. Kind regards

Hello, is the listening port reported on MS One Note manual? If not, launch the program and issue the command "netstat -a -b" from a command prompt to see it, or use TCPView by Mark Russinovich http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx Kind regards

Hello, outbound port 25 is blocked (a necessary decision to let our servers survive). Not a big deal, because you should never use SMTP without SSL/TLS, VPN or not. Maybe you connect to the working mail server on some other port (for example 465 or 587 for SMTP over SSL) and to the non-working mail server on port 25. Kind regards

I've tried a number of different sites, notably Google's DNS servers and this one here http://censurfridns.dk. Can you recommend any DNS suppliers that work a little better with AirVPN? Also, this may sound like a real noob question, but I have the DNS set in the static ip address config, is this the correct place to put this info and if not, where should I be designating it? Thanks for your reply! Hello, Google DNS (as well as OpenNIC and any other public DNS we have tested) have no problems in resolving our names and this suggests that your ISP is hijacking DNS queries (please see below). For example: dig @8.8.8.8 asia.vpn.airdns.org ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @8.8.8.8 asia.vpn.airdns.org ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52404 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;asia.vpn.airdns.org. IN A ;; ANSWER SECTION: asia.vpn.airdns.org. 300 IN A 119.81.1.125 ;; Query time: 647 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Fri Jan 3 02:09:04 2014 ;; MSG SIZE rcvd: 53 It might be that your DNS queries are hijacked in any case REGARDLESS of the DNS server you try to reach. This occurs with some ISPs around the world (for example Vodafone) AND it might occur with several ISPs in China. In this case, please do not use names at all. Insert directly the entry-IP address of the server you wish to connect to. For example, instead of asia.vpn.airdns.org, insert the entry-IP address of one of the Singapore servers. Kind regards

Hello. I understand - but this information does not help me solve my problem :-( Rgds Hello, but it should. Compare the answer on the other thread you have opened. Let's try to keep one problem in one thread. Kind regards

I am using my ASUS DD-WRT router with OpenVPN client inside. But I am ready to try AirVPN client at my PC if it helps me to investigate how to continue... Hello, in this case you have to remember to properly forward packets to the appropriate device behind the router through a DNAT (for every and each port you wish to forward), because the devices connected to the router are behind the router NAT itself. Please see this guide https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables Kind regards

Hello, can you tell us which DNS the Raspberry PI queries to resolve names? Kind regards

Hello, unfortunately we don't know MS One Note, anyway as it was written in the previous message you can remap any remotely forwarded port to any other local port. You can do that in your "Forwarded ports" panel, accessible by clicking "Client Area" from the upper menu and then clicking "Forwarded ports" from the left tabs. Kind regards

Yes, of course: since the exit-IP address is shared (a dedicated IP address per client might easily crumble the anonymity layer) this is unavoidable. You can anyway remap any remotely forwarded port to any local port. Alternatively just configure your service to listen to the appropriate port or create a basic port re-mapping. Kind regards

Hello, for more accuracy please use a more accurate IP geo-location database. MaxMind is not bad, amongst those we have tested (see it working on ipleak.net for example), but keep in mind that maintaining a "geo-IP" database in good order is not easy. Anyway, to know the exact locations of our servers please see our servers monitor by clicking "Status" from the upper menu of the web site. Kind regards

Hello, for a complete setup please see also our guide https://airvpn.org/topic/3405-windows-comodo-prevent-leaks Kind regards

Hello, for your and other persons privacy needs we accept Bitcoin since years. This thread pertains to a completely different problem, please do not hijack it. Kind regards

Hello, maybe you have a disconnection without notification in UDP mode. When this happens, the client can't communicate to the Air server that it's going to disconnect. Since UDP is connectionless, the server has therefore no way to know that the client disconnected and will believe the client is in the PN until the timeout (60 seconds). Subsequently, during this time frame the system will believe that the account is still logged in. Kind regards

Hello, it seems an OpenVPN 2.2.1 bug which shows up every time default route does not use a gateway (such as in PPP): https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/771148 In the link above you will also find a workaround. Kind regards

Hello, it's difficult to provide definite numbers about performance hit. Consider roughly at least a 10-15% loss due to double overhead (OpenVPN will have to run in TCP mode instead of UDP, and there's the additional overhead by SSL/SSH). It's not a matter of security. The additional encryption layer (RC4-128) is not significant compared to OpenVPN data channel encryption (AES-256-CBC), its only purpose is to encapsulate and encrypt the OpenVPN "fingeprint" so that your ISP can't see that you're running OpenVPN (we repeat: useful only when your ISP discriminate against OpenVPN). DPI is anyway defeated even with OpenVPN alone: it's not that through DPI your ISP can see your real packets headers and payload. If your ISP does not disrupt or dramatically cap OpenVPN we strongly recommend that OpenVPN is NOT tunneled over SSL or SSH. Kind regards

Hello, OpenVPN packets have a typical fingerprint (basically due to additional information on the packets headers for error correction) which make OpenVPN protocol different from pure SSL/TLS. Usage of OpenVPN is perfectly normal and widespread, therefore it's not a reason of concern unless your ISP decides to cap or disrupt OpenVPN connections (as it happens in China). In this case, you can use OpenVPN over SSL/SSH to encapsulate OpenVPN packets inside SSL or SSH tunnel (you can find the instructions by clicking "Enter" from the upper menu of our web site). In case your ISP does not perform this discrimination, you should connect directly with OpenVPN for better performance. Kind regards

@pete.rose Hello, sometimes the TLS re-keying fails. Through DHE OpenVPN re-negotiate TLS keys every 60 minutes (Perfect Forward Secrecy). Sometimes this re-keying fails from your system, but most times it succeeds, making the problem very hard to detect. First of all, please check that the system clock and date are correctly set. Kind regards

Hello! You just need to drop packets from the "uninvited" IP addresses with a firewall running on the same device where OpenVPN is running. Kind regards

@magpies1 Each time we check (just like now) we see your account REALLY connected and REALLY exchanging data (even at a good, sustained rate). On your control panel, however, you can also see this: Last attempted connection failed 6h 55m 21s ago. Reason: Already logged on 'some server'. Now, 6h55m ago your account was already connected (to the same server you continued to try to connect to with the same account) and exchanging data. Please keep in mind the one concurrent connection is allowed from the same account. Please also make sure that you're not running multiple OpenVPN instances. Kind regards