Staff

Hello, the rules are correct, provided that your home network is in 192.168.0.0/16 (please check). Another rule should be added to allow DHCP, if you need it (probably so), you need to allow anything in UDP to IP 255.255.255.255 (to know why, please see how DHCP discovery works). Kind regards

Hello! One of our DNS servers run there, yes, as failover DNS. It's not a privacy risk, because DNS queries come from the VPN servers. Kind regards

Hello, that was the problem we faced even before building up AirVPN. Without entering a debate about the confusion you make between security and anonymity, an adversary needs to control different networks and must have the ability to correlate traffic in order to crumble the anonymity layer. For example an adversary with the power to wiretap simultaneously your line AND the VPN server (the server, not the datacenter lines: in this case timing correlations become necessary and the task becomes overwhelming for every single client) you're connected to has this power. Mitigation is possible by picking servers outside your country and by rotating servers, but in order to defeat completely an adversary with such power (and even some higher powers) you need partition of trust: https://airvpn.org/topic/54-using-airvpn-over-tor/?do=findComment&comment=1745 Of course, if you mix identities, and one of these identities is your real identity or can anyway be exploited to reveal your real identity, no service and no technique and no partition of trust in this world can 100% protect you. Remember that a VPN protects your line, not your behavior. A very trivial example is using a VPN connection to log in Facebook with an account which is related (or has been related at least once in the past) to your real identity. Kind regards

Hello, very interesting for us and useful to Virgin customers as well as potential Virgin customers, thank you very much for your feedback. Kind regards

Hello! Assuming that the Comodo rules are correctly set, all you wrote is just right, you are protected against any leak. Kind regards

Hello, please open a ticket at your convenience. Kind regards

Hello! Very well! That's correct: the authentication to a VPN server is not based on login/password, but on certificates and key. Kind regards

Hello! In the Configuration Generator please tick "Advanced Mode", then tick "Separate certs/keys from .ovpn files". In this way you will generate split files, otherwise the CG will embed the configuration .ovpn file with certificates and key . user.crt is the client certificate; ca.crt is the CA certificate; user.key is the client key. Kind regards

Hello! In the following example, we setup an OpenVPN over SSH connection to port 22 of server Persei with Windows Vista/7/8. 1) Log in the Air web site and go to "Client Area"->"Config Generator" 2) Tick "Windows" as Operating System and select server "Persei" 3) Tick "Advanced Mode" and tick "SSH Tunnel, port 22" 4) Tick to accept the Terms of Service and click "Generate" 5) The Generator will generate four files. Download the four files "AirVPN_US-Persei_SSH.22.ovpn", "AirVPN_US-Persei_SSH-22.bat", "sshtunnel.ppk" and "plink.exe". 6) Put (copy and paste) the aforementioned four files in the SAME directory. It can be any directory you like, just create a new one for your comfort. 7) Open a PowerShell or a command prompt, cd to the aforementioned directory (*) and type: AirVPN_US-Persei_SSH-22.bat 8) Wait until ssh connection is established (it should take just 3-4 seconds), then open another Powershell WITH administrator privileges, cd to the same directory as above and type: openvpn AirVPN_US-Persei_SSH.22.ovpn (*) this means to set the current working directory with the command cd. For example, if the directory where you pasted all the files is C:\somedirectory\someotherdirectory, the command will be: "cd C:\somedirectory\someotherdirectory" Kind regards

Hello, yes, you need the iptables rules. The forwarded ports in the web interface settings should be deleted, in order to avoid to expose your system to correlation attacks. You need them only when you want to forward ports when the router OpenVPN client is not running. Assuming that you need to forward both UDP and TCP, that's correct. Kind regards

Hello! Something is blocking OpenVPN: Mon Nov 11 11:59:27 2013 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Since you can connect with your iPod, it should not be a block from your university. For testing purposes, can you momentarily disable your firewall and try again? Kind regards

Hello, very well. Yes, the configuration (but not necessarily the date and time) stays. You might like to have your router connect to an NTP server to sync date and time at each reboot or periodically. Kind regards

Hello, how did you forward the port to the web server private IP address? A simple DNAT is necessary, please compare your solution with this: https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/ Kind regards

Hello! The most immediate problem we can see is that the date set in your router prevents authentication because in 1970 our certificates were not valid. Please set the correct date and time. Kind regards

Hello, please see here: https://airvpn.org/topic/10266-i-didnt-realize-windows-calls-home In this case everything looks horribly "wrong by design", unfortunately. By the way, the suggested patch in the article linked in the post should solve your issue. Kind regards

Hello, your last post was approved almost immediately and a full reply was given, please see https://airvpn.org/topic/9366-i-love-airvpn/page-2?do=findComment&comment=13261 These messages are being merged into the same topic. Kind regards

Hello, puzzling. The first thing that would come to mind is an RST packet from your ISP (see https://grepular.com/Punching_through_The_Great_Firewall_of_TMobile just out of curiosity) but we think it's unlikely (the ISP would send an RST packet only when the data throughput gets higher thanks to p2p...?). What happens if you try UDP? Kind regards

Hello, if you run Windows 7/8, OpenVPN 2.2.2 should be upgraded to 2.3.2. The TUN/TAP interface does not come up. Please check that no program (such as antivirus) is blocking OpenVPN. If the problem persists please try a TCP/IP stack and Winsock catalog reset, then reboot the system. Please see the following post for instructions on the reset and a check list: https://airvpn.org/topic/8320-solved-connects-but-ip-doesnt-change-on-windows-server-essentials-2012/?do=findComment&comment=8321 If the problem still persists, please uninstall OpenVPN 2.2.2 and install OpenVPN 2.3.2. Kind regards

@Rayban The quickest way is connecting from your computer to make a comparison with same ports and servers. Your router CPU should be able to sustain an AES-256 throughput of about 7-9 Mbit/s. The TCP overhead might have caused the slower performance you report (2.9 Mbit/s), but there can be other factors which are difficult to determine. Also, do not rely on speedtest.net, there's too much bias, take measurements on the ground, with actual Internet usage (download large files from different hosts, perform several tests with the VPN server internal speedtest etc.). Again, the optimal performance of the router when encrypting/decrypting on the fly small blocks of data should be from 7 to 9 Mbit/s with AES-256-CBC cipher. Anyway, testing a connection from a computer (disabling OpenVPN on the router) can show whether the 2.9 Mbit/s bottleneck (assuming that 2.9 Mbit/s is a correct bw detection) is in Tomato. Remember to test by connecting to port 53 UDP as well. Kind regards

Strange, I am hoping this is not the case. Perhaps they meant something else because that's not what they said a few years ago: https://airvpn.org/topic/54-using-airvpn-over-tor/?p=920 https://airvpn.org/topic/54-using-airvpn-over-tor/?p=934 If they did say that, this is one of my dislikes/fears of this great provider growing to much: https://airvpn.org/topic/10034-ill-try-to-be-honest-for-those-looking-into-a-vpn-provider/?p=12604 Hello, there is no contradiction. We confirm that we can't be held responsible for external proxies or any other service that we do not operate. The fact that when possible we try to provide support for external services, programs or we teach basic things unrelated to our service in private is a courtesy which goes well beyond the scope of any customer service and has nothing to do with the size and the growth rate of AirVPN. Under no circumstance a courtesy must be considered a duty. Kind regards

Hello, Virgin Media infrastructure is insufficient to deliver the nominal peak bandwidth to all of their customers at the same time, so they perform traffic shaping on protocol-discriminatory basis, see their statement: http://help.virginmedia.com/system/selfservice.controller?CMD=VIEW_ARTICLE&ARTICLE_ID=3103 This is typical practice of every ISP which operates an infrastructure which, due to heavy overselling, is totally inadequate to support on a regular basis the nominal, "promised" peak bandwidth to every customer at the same time. You might like to try OpenVPN over SSL to port 443, and OpenVPN over SSH to port 80, just to see if they shape those protocols less than OpenVPN. Kind regards

Hello, please try to connect to different ports and protocols (in particular test port 53 UDP), and try different servers. Also, test a connection from your computer, to check whether the bottleneck is in Tomato. Kind regards

Hello, theoretically yes, Java applets can read all the system network cards. If your system is behind another NAT (for example a router) your real IP address is not included on any of the network cards so the risk is minimal. However, some other potential security issues must be taken into consideration, so make sure to run always the latest available Java version, and disable Java every time it is not strictly necessary (which should not be a big deal, since Java usage on the www has shrunk a lot in the last years). To some readers: Java must not to be confused with Javascript, they are totally different things. Kind regards

Hello, please make sure that in OpenVPN you use TCP (the proxy does not support UDP). Kind regards

Hello, as a first check, please make sure that in OpenVPN you select the TCP mode (the http proxy does not support UDP) and try port 80 or 443 (as VPN connection port - port 8080 for the proxy looks correct because it responds). Kind regards