Staff

Hello, this is possible only if your system is not tunneling traffic (for example if your system is not connected to the VPN). Another option is that your torrent client is forced to bind to your physical network interface, in which case it can bypass the tunnel. If your system were tunneling properly, it would not matter which inbound ports your system administrator blocks, they are NOT your college/corporate/office/ISP network IP address ports. In this case a port is an abstraction to designate with two bytes in a packet header an end-point of a process or task in a system. When you remotely forward a port, it means that you instruct our servers to forward packets from the server exit-IP:port to your VPN IP:port. Your physical network card IP ports are never involved in the process, they are totally different end-points (with some approximation, imagine them as a completely separate "set of ports"). On your physical network card IP address, there's only one random port used as an end-point of OpenVPN. All the traffic in your physical network card flows from/to one single port to/from one single port. Only after the incoming packets are inside your system, the underlying packets headers and payloads are decrypted, and that's when the "real end-points" (i.e. the "set of ports" of the tun adapter, the physical network card used by OpenVPN) are revealed so that they can uniquely identify a process in your system. Analogously outgoing packets are encrypted BEFORE they transit through your physical network cards and encapsulated by OpenVPN (in UDP or TCP according to the mode you have picked). Again, please make sure that your system is tunneling properly. If in doubt please feel free to send us your OpenVPN logs, your routing table (printed after a connection to a VPN server has been allegedly established) and also perform the following test: http://checkmytorrentip.com Kind regards

Hello, it's unclear, can you please elaborate? Real origin and destination ports are not visible to your system administrators and above all not blockable: since the ports are forwarded remotely on our servers, your network administrators are impotent to interfere with them. All they can see is traffic to/from one single port (the VPN server port your OpenVPN connects to: 53, 80, 443 or 2018) and one single IP address (the entry-IP address of the VPN server your OpenVPN connects to). What they can try to do is study your bandwidth pattern. BitTorrent traffic can have an identifiable up/down pattern if your data exchange pertains exclusively to a torrent client (but it's not a proof of anything, of course). Also, please make sure that your computer is really connected to a VPN server and that you do NOT forward (this is very important) ports on your router (there's an exception to this: when OpenVPN runs on the router itself). Kind regards

Hello! We're very glad to inform you that a new 100 Mbit/s server located in India is available: Izar. The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, Izar supports OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Please note that the datacenter housing this server has one of the best alleged peering in India. However, during our tests the server seemed intermittently unable to meet AirVPN quality requirements on bandwidth. We have decided to make it available because we have been unable to find any better data center in India and because this server could be useful anyway for our customers from India and nearby countries. Should the server network be unable to meet the quality standards AirVPN customers are used to, we are ready to withdraw Izar. Therefore, please do not hesitate to send us your feedback. Kind regards and datalove AirVPN Team

Hello! We're very glad to inform you that a new 1 Gbit/s server located in the USA is available: Alkaid. The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, Alkaid supports OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! We inform you that Netherlands server Corvi will be put offline on 1 AM GMT+1 Oct-22-2013 to perform ordinary maintenance and a range of tests. Please note that all the VPN clients connected to the server will be forcefully disconnected. Kind regards

Hello! Your setup list appears to be correct. Step 4 appears superfluous as Linux does not suffer DNS leaks (please see also the How-To guide https://airvpn.org/topic/9608-how-to-accept-dns-push-on-linux-systems-with-resolvconf ). Kind regards

@retiredpilot Hello, the three IP addresses you cite are all valid and point to three different frontend servers. You can access whichever you prefer, they are on sync in real time. Kind regards

Hello! CBC Canada is NOT accessible from any of our servers at the moment. Kind regards

Hello! It's the network adapter whose name starts with label "TAP-Win32 ..." Please note: just in case you see that the adapter is already enabled, please right-click and select "Disable" anyway, then select "Enable" again. This will cause an adapter reset and should fix the problem. Kind regards

Hello! As we have already told you, this is not what we experience, not even with reboots of the device in different networks (assuming of course that openvpn-connect is never shut down or put on "Disconnect" status). Are you sure that you have leaks when you change network? If so, maybe you have discovered a previously undetected openvpn-connect bug that you might like to report. In this case, here's an immediate work-around: 1) set your device DNS to VPN DNS IP addresses (10.4.0.1 etc.) https://airvpn.org/specs 2) use only configuration files which include IP addresses and not names (tick "Advanced Options" in the Configuration Generator, then tick "Resolved hosts in .ovpn files" and "All servers for area or region"). In this way your device will not be able to resolve any name until it's in the private network, while maintaining the ability to connect to any VPN server, preventing therefore leaks to all services that need DNS resolution (all of the services which you cited). Kind regards

Hello, if the service was listening to the correct port (please check), please try to shut it down and run the PortListener program, make it listen to the VPN IP (10...) and the correct port, in TCP, and perform the test again from your account Forwarded Ports panel. This first test will let us understand if TCP packets are correctly forwarded and reaching your system from the Internet. If they do not, please tell us the VPN server your system was connected to. Note: obviously PortListener must run on the same machine connected to a VPN server. Kind regards

Hello! Ok, in the first case it was probably your firewall to drop packets. Once you have disabled the firewall, can you please make sure that the service listening to the forwarded port is running when the test is performed? Kind regards

Hello! It's not even your device fault, it's an expected behavior. That's why we told you that the "trick" is to never shut down openvpn-connect: after the "bootstrap", i.e. after the first connection/tunnel establishment, you should have no more "leaks" for ever, not even after a reboot, as long as you do NOT shut down openvpn-connect. Kind regards

Hello! Please make sure that the working directory of the command prompt (or PowerShell) you launch the script from is the directory where all the files are located ("cd" to it). Also make sure that the .ovpn files contain IP addresses, not names (in the Configuration Generator they are generated by ticking "Advanced Mode", "Resolved hosts in .ovpn files" and "All servers for area or region"). Kind regards

Hello! Can you please try connections to different ports? In particular, please try 53 UDP. Kind regards

Hello! Everything seems fine from Crucis (the Italy server), can you please re-check? Kind regards

Hello, actually the option to pay with credit cards as a PayPal guest from the Netherlands seems 'erratic'. Some persons can access the option without problems, some other persons report that they don't even see the option to pay with a credit card. From our systems in the Netherlands this option was and is available, but it must be taken into consideration that we check it only now and then. Kind regards

Hello! Please note that this solution will prevent the system to use our anti-geo-IP-based censorship system (for example to watch BBC from any server in the world). Kind regards

Hello, Absolutely not, we have tested and re-tested it on a dozen of different Android 4.2 and 4.3 tablets. If you experience this, there's something wrong in your device or something we're missing. openvpn-connect will not allow any packet out until the VPN connection is established. You can easily verify that with a packet sniffer. "Seamless tunnel" is exactly what you want. Five seconds is a perfectly normal time for an OpenVPN connection to be established. The "trick" to make openvpn-connect behave exactly how you wish is to never shut it down (just like you do with any other VPN application installed by default) and tick "Reconnect on reboot". Adding a trusted & secure VPN (i.e. encrypted tunnel), even if you connect to web sites over SSL/TLS, makes actually a lot of sense, for a series of important reasons: you avoid encrypted cookies exploits, you make BEAST etc. attacks impotent, you don't let your hot-spot administrators know what you are doing and which addresses you contact over the Internet, you prevent hi-jacks and other malicious attacks, you avoid DNS poisoning and you bypass protocol and destination IP censorship performed by the hot-spot (if any). We run only OpenVPN because it's the most secure VPN solution and because it provides some flexibility and options (needed in certain countries) that are not easily implementable with any other tunneling protocol. Under a security point of view, the paramount advantages of OpenVPN over IPsec are that the first runs in the user space, while the second in the kernel space, and that IPsec has been allegedly declared to be an NSA target for easy breaking, maybe through backdoors (according to these allegations, IPsec has been polluted by NSA since years ago). Kind regards

Hello, can you please make sure that you're using the VPN DNS server (10.4.0.1)? If you use DNS outside the USA, some services might not work, because some of them do not check only the country IP address, but perform a wide range of additional checks. So you acted just fine to delete cookies and cache, but please also check that HTML5 geo-location in your browser is disabled as well. Kind regards

Hello! You're not missing anything: if your Android device is configured to send out unencrypted login and password as soon as it connects to any WiFi network, it will do so. However, we miss how it is possible, as far as we know all the services you cite allow secure authentication (over SSL/TLS). In any case, you already have cited the solution. In openvpn-connect "Settings", make sure that the option: "Seamless tunnel - Block Internet while VPN is paused or reconnecting" is ticked and do not turn on WiFi if openvpn-connect is not running (i.e. first you run openvpn-connect, THEN you turn on the WiFi). You might also like to tick "Reconnect on reboot". Kind regards

Hello, it's a "feature", Tunnelblick accepts only ONE .ovpn file per folder. Also, we're glad to inform you that the DNS problem with OpenDNS has been solved. Kind regards

Hello! Make sure to delete supercookies (aka Flash cookies) and disable HTML5 geo-location in your browser. Please note that if you connect to USA, Canada or UK VPN servers, it's correct that YouTube provides pages in English language. Also, YouTube and other Google services may have a feature that auto-selects the language set in your browser. Kind regards

Hello! It would be the same with L2TP or any other protocol. You can establish a VPN connection only AFTER you are connected to a network, obviously. This is true for any system, not only Android. If your device is correctly set up you don't compromise anything. Anyway, we're sorry, we have no plans to offer PPTP/L2TP/SSTP or IPsec Kind regards

Hello! Thank you, we're glad to know that you managed to solve the problem. For the readers: OpenVPN versions with installer older that I003 will NOT install properly on Windows 7 and Windows 8.x after 21-Aug-2013 due to a TUN/TAP driver certificate signature error. Windows 7/8 users must install OpenVPN 2.3.2 (or later) with installer I003 (or later). This version is the current latest OpenVPN available version, both on the official OpenVPN site and our package for Windows. Kind regards