Staff

Hello! No flames please. Especially no flames for nothing. Under a technical point of view, having 4096 bit RSA keys instead of 2048 RSA bit keys does not worsen or improve performance of the Data Channel. The Data Channel cipher was and remains AES-256-CBC. 4096 bit sized RSA keys, in comparison to 2048 bit ones, slow down the first handshake of about 1-5 seconds (according to the CPU power), which is totally negligible. The additional security provided by RSA-4096 is well worth this barely noticeable difference. Even the TLS re-keying, which occurs every hour, will take some seconds more, but you can't notice that, because OpenVPN TLS re-keying occurs with overlapping windows (until the new key pair is negotiated, the previous one is used). After the TLS Auth (2048 bit) and the initial negotiation with RSA 4096, your system never uses RSA to encrypt or decrypt or authenticate packets: the ciphers to be taken into consideration for performance are those of the Data Channel (in our case AES-256-CBC, unchanged) and those of the Control Channel (in our case HMAC, again unchanged, and probably negligible if compared to AES-256-CBC and the volume of data of the Data Channel). The fact that the CPU is 5 degrees hotter should not depend on RSA keys size. Although the temperature difference does not seem worrying, if an investigation is led it should consider different causes. Kind regards

Hello! Any packet with destination our server exit-IP:port is forwarded to your system VPN IP:port. In IPv4 MAC addresses are NOT included in packets, your computer network card MAC address never gets out of your local network. Kind regards

Hi, this is some other problem, it's not related to DNS: from your logs the resolution is correct. At the moment we can only confirm you that there are no problems at all to connect to port 443, in UDP, to the NL servers (including Grafias, whose entry-IP is showed in your logs). Might it be a block by your ISP or by some system firewall to port 443 UDP? Kind regards It isn't a firewall issue as the problem is replicated across two devices running Linux and Mac OS X Mavericks respectively. I can connect sometimes and not at other times (it just disconnects then refuses to reconnect for a while). Also two other users are suggesting the exact same issue today, so it's not just me. I find it highly unlikely Virgin Media would be blocking access to some AirVPN servers, only some times. Plus I have now experienced a disconnection and failure to reconnect over port 80 also. Strange. EDIT: I have now managed to reconnect to NL over port 443 UDP. It would seem that an ISP block is very unlikely. Remember I didn't start this thread, I only replied to it. Currently the top two threads listed in the applet at the side of the forum are both about this issue, from two other different users. Hello! There are around 800 clients currently connected to port 443 UDP of some NL server, globally. We have performed connections to 443 UDP from different ISPs (from Italy) to all the NL servers. No problem on our side has been detected. Maybe it's just a routing problem or some other problem between Virgin and Leaseweb (and optionally from the Solex1's ISP). Hopefully momentary. It must be said that this problem may overlap with the DNS issue. They might be two different problems that sometimes overlap, giving the feeling of erratic behavior. Kind regards

Hi, this is some other problem, it's not related to DNS: from your logs the resolution is correct. At the moment we can only confirm you that there are no problems at all to connect to port 443, in UDP, to the NL servers (including Grafias, whose entry-IP is showed in your logs). Might it be a block by your ISP or by some system firewall to port 443 UDP? Kind regards

Hello! The problem with Google DNS has suddenly disappeared now, without any intervention from our side. We'll keep an eye on it. Kind regards

Sadly true... Anyway, OpenSSL should be getting soon enough money from the CII (currently made of Google, Microsoft, IBM, Facebook, Amazon, The Linux Foundation, Bloomberg, HP, Huawei and Salesforce). Funds to hire permanently two additional developers have been already delivered and many more should be arriving soon.According to some online articles CII should be funding soon OpenSSH (by OpenBSD Foundation) and NTP. See for example http://threatpost.com/openssl-receives-funding-for-developers-will-undergo-security-audit/106349 Kind regards

Hello! Eddie for OS X is not available at the moment. We're running internally an alpha version which is not ready to be released. Eddie for Linux is available here: https://airvpn.org/linux_ex (if you run different distros, other than your current Ubuntu, make sure to read the platforms/environments notes here: https://airvpn.org/forum/35-client-software-platforms-environments ). About your case with OS X: Tunnelblick takes care about the VPN server DNS push, EXCEPT when "ServerAddresses" is set manually (as it was in your case, according to the logs). Kind regards

Hello! Do you have resolvconf installed? If so, there are several ways to force Ubuntu to use one and only one (or two, three...) nameserver, regardless of DHCP and anything else, and without having to uninstall resolvconf, have a look here: http://askubuntu.com/a/310407 Ignore other messages in the thread marked with bad ratings (0, -1, -2), they offer incorrect solutions. Kind regards

Hello! Can you open a command line in your system, issue the following commands and send us the output? traceroute airvpn.org (in Windows: "tracert airvpn.org") ping airvpn.org Kind regards

Hello! In OS X 10.9.x, each network card has it own DNS. This is a DNS implementation that causes exactly the bad problems Windows is affected and that you're experiencing. In Eddie 2.2 for OS X a "forced VPN DNS" option is planned. In the meantime, in order to prevent DNS leaks you should make sure that no network card DNS is set to query the router. The VPN DNS server IP address, reachable regardless of the port you connect to, is 10.4.0.1. Kind regards

Hello! The instructions are the same, just like for 2.0beta, at the usual announced link https://airvpn.org/software (only direct link, not available in web site menus at the moment). Kind regards

Hello! DNS leaks are impossible on Linux. Your system is explicitly configured to send DNS queries to your ISP DNS servers, and that's not a DNS leak: Linux just does what it is ordered to do. In order to use VPN DNS with OpenVPN (resolvconf required): https://airvpn.org/topic/9608-how-to-accept-dns-push-on-linux-systems-with-resolvconf Alternatively, run Eddie 2.1beta (resolvconf required again): https://airvpn.org/linux_ex As another option, in case you don't want resolvconf, just set yourself the appropriate nameservers in /etc/resolv.conf Kind regards

Those services are supported by our system as means to perform payments. If you do not have Bitcoins and you want to exchange them with a government currency, that's a totally different subject that has nothing to do with this argument, and we don't see how you can purchase Bitcoins via a bank transfer without using your bank account coordinates. Additionally, as we already wrote, all the older methods to pay with Bitcoin are still available as usual. Kind regards

Hello, the "dilemma" will be no more when Eddie will have total leaks prevention as built-in function which can be activated with a click. This is planned and will probably be added in the next release, during the 1st week of June. About your other considerations, it's sufficient to say that we don't force any usage of proprietary software and that Eddie is open source, which is very important for peer-reviews. Kind regards

Hello! Yes, we have problems with them both. About Zaurak, we lost every contact with the datacenter in Kiev about 48 hours ago. We can't do much more than waiting for them to re-appear... About Sador, we are looking for another datacenter in Spain. The current datacenter does not meet anymore our requirements. Kind regards

Hello! If we understand them correctly it's ok that Eddie can't work, because you block all traffic except traffic to some VPN servers. In these cases Eddie could work only if it had already stored information on how to reach those VPN servers and had already stored keys and certificates. Kind regards

Hello! Correct. Make it "anonymous" (more properly, put it behind a strong anonymity layer) by connecting the Bitcoin client to the TOR network using dedicated wallets for different purposes. Kind regards

Hello! Your premises are false. First of all BitPay and Coinbase do not require any personal identification. Second, independent reseller bitcoincodes.com as usual sells AirVPN coupons as it always did. Kind regards

Hello! There are no problems with RAI. All the RAI channels are visible from any server. Unfortunately there are problems in Linux due to some factors. Please see here for a possible solution: http://www.paolodistefano.name/joomla/software-e-applicazioni/linux-sito-rai-con-laddon-raismth-per-firefox.html Kind regards

Hello! Can you show us the content of your /etc/resolv.conf file while the system is connected to a VPN server? You're right in stating that DNS leaks can't occur on Linux, so: either the Virgin Media DNS server IP address is in the resolv.conf file, or your resolv.conf file keeps your router nameserver, and the router in turn sends the query to Virgin DNS. In any case, you can fix the issue either by accepting DNS push from our servers (see https://airvpn.org/topic/9608-how-to-accept-dns-push-on-linux-systems-with-resolvconf - resolvconf is necessary) or running Eddie 2.1beta for Linux (resolvconf necessary again). Kind regards

Hello! Just to understand better this bug: the server you highlight or double-click is in the whitelist, in the blacklist or in no lists ("Undefined")? Does the same happen if you right-click the server and select "Connect now" from the contextual menu? Kind regards

Hello! With Google you can get a lot of results (around 495,000) and articles of that time (on Wired and all major italian magazines and newspapers), for example: https://www.google.com/search?q=festa+dei+pirati+roma+2010 You can also find some videos still on YouTube. Most of the articles are in Italian language, though. You might use an automatic translator. Kind regards

Hello! Tickets without a reply from a customer are closed after 2 days BUT they are not locked, they can be re-opened anytime by the customer himself/herself with a simple reply. Kind regards

EDIT: problem solved on all servers Hello! We are currently experiencing issues on our VPN server to accept connections over OpenVPN over SSL. The problem is preventing connections of OpenVPN over SSL only. We have detected the cause of the issue and we are working to solve it. Thank you for your patience, we apologize for the inconvenience. Kind regards AirVPN Staff

Hello, in Debian 7, Eddie 2.1beta works very well. Otherwise run OpenVPN directly. Kind regards