Staff

@Sixer, does the issue occur to you on Canada servers as well? Can you please try? Additionally, can you please give us a magnet link, or point us to a torrent, pointing to freely sharable contents, so that we can test (from Librae and Sirius, right)? Kind regards

Hello! We're sorry, Tunnelblick can't be used to connect OpenVPN over SSH or SSL. You need to run stunnel first from one shell, and then OpenVPN from another, please see the instructions. Adding an additional SSL or SSH layer is an option we introduced for special cases, i.e. when OpenVPN connections are disrupted, as it happens in China. In every other case it should be avoided because it does not add security and hits performance. Kind regards

Hello, we have seen that some PeerGuardian blocklists block DHT bootstrapping. If you have an empty DHT nodes table (or a table with all inactive nodes- for example, in uTorrent, dht.dat), you can't bootstrap, can you please check, just in case? Kind regards

No, I agree. It's just that BC has not grown enough so that it is useful for normal people yet. Then let's become not normal! Kind regards

Hello, do you mean that your client does not support DHT? Kind regards

Hello! No. No. However, remotely forwarded ports are kept in the database, otherwise it would be impossible to reserve them to the appropriate accounts and dynamically forward them according to the server the customer's client connects to. Ports are deleted when the user un-forward them from the control panel. By default no port is remotely forwarded. The database is not on the web site servers. The current e-mail address is stored (on the db servers, not on the web site servers). This is essential to guarantee some services such as password reset, but a user is not forced to associate a real e-mail address to an account. Of course the best solution is picking an e-mail address that can't be exploited to disclose an identity. No. No. Remotely forwarded ports, if not deleted, can indeed compromise privacy under certain conditions. Even if deleted, they can expose the customer to correlation attacks, if a customer forwards them both on the VPN and on his/her system physical network interface(s) or router(s) etc (as clearly underlined in the FAQ). Before we can answer completely, we need that you elaborate your question. In particular, what crimes in which legal framework would you commit in this hypothetical scenario, which government and which force do you refer to? As clearly stated in the Terms of Service, a direct or indirect violation of any fundamental right (as enshrined in the ECHR) and some other acts (described in ToS art. 4) are a violation of our Terms of Service, REGARDLESS of the fact that the infringement is a crime or not according to the legal framework of the country which the customer infringes the ECHR from. On the other hand, a fact that is considered a crime according to some out of jurisdiction country legal framework has no relevance for us/is not our concern, since we (quite obviously) do not recognize the authority of any entity or the validity of any law that are out of jurisdiction. That matter will have to be faced by that country authorities without any cooperation from Air owners. Kind regards

Hello! Please see here (whole post, do not stop to first half): https://airvpn.org/topic/9787-the-pros-and-the-cons/?p=11501 Kind regards

Hello! The connection to the VPN server is very unstable: 10/8/2013 - 2:48 PM [server] Inactivity timeout (--ping-restart), restarting Can you please try different servers and different ports? In particular, test port 53 UDP and 80 TCP. In order to change connection port from the Air client, please click the "Modes" tab after you have picked a server, select a port/protocol and click "Enter". Check that tunneling works properly by browsing to airvpn.org and checking the central bottom box (it must be green). Also, please upgrade at your convenience to OpenVPN 2.3.2 (you can find the new package with client 1.9 and OpenVPN 2.3.2 here: https://airvpn.org/windows). Kind regards

Hello, ok, it's something 'worse' than a DNS issue, it seems that your system is not tunneling traffic or is not connected to the VPN at all. Please send us at your convenience the OpenVPN logs of an alleged connection. If you run the Air client for Win8, after you have tried a connection to a VPN server, please right-click on the Air dock icon, select "Logs", click "Copy to clipboard" and paste into your message. Kind regards

Hello! Yes, and re-tries to connect, but of course you might prefer to set up your system to prevent any leak in case of unexpected VPN disconnection. There are many guides to do that, on the How-To section and on the forum, from firewall rules and scripts to configure firewalls, to simple 30-seconds-solutions. If you need some guidance, do not hesitate to ask. Kind regards

Hello, well, not really: VPN 1 knows your real IP address but receives and sends totally encrypted traffic to/from a single end-point. VPN 2 can see your traffic (if not encrypted end-to-end) but does not know neither your identity (well, at least with services which accept Bitcoin etc.) nor your real IP address. Or vice-versa, of course. This increases the anonymity layer strength, no doubts. However, remember that you are partitioning trust between two parties only, which can know each other. With the addition of TOR, you not only perform partition of trust with 4 parties, but you also establish new circuits, so that the parties are not known in advance, and each party ignores at least one other party (for example, with TOR over VPN: VPN server does not know TOR relay and TOR exit-node; TOR exit-node does not know VPN server and TOR entry, etc.). Therefore, once again everything goes down to the basic questions: who can your adversary be? What is the value of your information, in terms of resources that an adversary can reasonably be ready to spend to disclose your identity? True, this depends on which country you live in. If TOR usage triggers investigations, maybe it's better to try TOR over VPN. Kind regards

Hello! It's a false positive, anyway you are not forced to use the Air client for Windows to connect to our services. You can connect via OpenVPN or any OpenVPN GUI/wrapper. The Configuration Generator can generate all you need (certificates, key, configuration) to run them to connect to our servers. Kind regards

Hello, questions specifically directed to AirVPN founders are not answered in this message, of course. You can refer to the Terms of Service in the meantime. We are not aware that any datacenter where our servers are located performs traffic logging and we have some evidence that they do not (and they are not obliged to do so, not that it means much). Anyway, this kind of logging is not the real issue here. The real issue is whether traffic logging is assisted by timing correlations on the VPN server, otherwise the logging would be ineffective to produce anything valid (unless there's only one client connected to the server). You can imagine wiretapping boxes put on the servers ends, methods of undetectable servers control that do not leave trace and that would make correlations easy etc., assuming that a datacenter is willing to spend on such things. If you feel that it's the case, there's no claim in this world that can convince you or anybody else that this is not happening: just perform partition of trust. You have absolutely no other option to the best of our knowledge. https://airvpn.org/topic/54-using-airvpn-over-tor/?do=findComment&comment=1745 Kind regards

Hello! It might be a DNS issue. Your torrent client can work perfectly without resolving names. Once your system is connected to a VPN server, can you please open a command line, issue the following commands and send us the output? If on Linux or OS X: traceroute google.com ping 10.4.0.1 If on Windows, from a command prompt with administrator privileges: ipconfig /flushdns tracert google.com ping 10.4.0.1 Kind regards

Hello! Yes, it's a false positive, anyway you are not forced to use it, you can run OpenVPN or any OpenVPN wrapper/GUI to connect to our servers. Kind regards

Hello! Maybe the subnet is different, i.e. the IP addresses range of the second house network is different from your own home network, can you please check when you can? For example, in your house it could be somewhere in 192.168.0.0/16 while on other networks it could be somewhere in 172.16.0.0/12. Please have also a look here: http://en.wikipedia.org/wiki/IP_address#IPv4_private_addresses Also, please feel free to send us the client logs pertaining to failed connection attempts and the output of "ipconfig /all" (when you are not in your home network). Kind regards

Hello! All elements point to no risk or hazard. At the moment, it was "just" a DNS nameservers change and subsequent DNS hijack. See also here: http://leasewebnoc.com/en/networkstatus/leaseweb-com-issues We are of course following developments (if any) very closely. Please note that the Air servers passwords do not match with the passwords displayed in the Leaseweb control panel, and that there's no console access from it, therefore if the attackers had obtained access to Leaseweb customers' panels (and there are absolutely NO indications that this could have happened), they could not enter the servers, but they could reboot, erase them, perform IP null-routing. The fact they did not do any of those things (at the moment) shows that they don't have the will or the ability to do so. Kind regards

Hello! If magnet: is not a registered service, please just copy the magnet link and paste it into KTorrent, or register the magnet protocol (please see the KTorrent wiki for details, assuming that you run Gnome). About the port, can you please make sure that both ports are correctly set (i.e. they match the remotely forwarded ports)? Kind regards

Hello, it seems that Putty is either not running or not listening to port 1412. Can you please make sure that you execute the script file (the .bat file) from a command prompt? Also, can you please send us the output? Kind regards

@fasi72 Hello, there's no attachment in your message, can you please try again? Also, what is your OS, and which server are you trying to connect over SSH? Kind regards

Hello! That's interesting, we have not done anything in the last days about trackers. From which server(s) have you noticed that the mentioned trackers are only intermittently reachable? Anyway, as a side question, why do you need public trackers? They are not only useless (thanks to DHT+PEX) but also harmful. Kind regards

Hello! Bitcoin is important for a variety of reasons. First, as you correctly note, to add an important anonymity layer, provided that the Bitcoin payment is supported by connections to the VPN servers performed over OpenVPN over a proxy or over TOR etc (and the Bitcoin transaction itself is performed behind TOR). Second, Bitcoin provides a really global transaction exchange system for anyone with Internet access: there are several countries from which it is very hard, and sometimes impossible, to deliver a payment abroad in foreign currency via credit cards, bank transfers or any payment processor (including PayPal). There are also countries where it is almost impossible to have one of the credit cards commonly accepted in western countries. Last but not least, there may be cases in some countries when, even if you are theoretically free to do so, and where privacy is recognized as a fundamental right, you don't want anyway to let anybody know that you purchase a foreign service aimed to privacy enhancement. Yes, we do, otherwise we could not grant any refund (but these data are not kept neither in VPN servers, nor in the web site servers, this is important). Our "no questions asked" refund policy has been with us since AirVPN birth and will not go away. Anyway, remember that transactions data remain (and are not deletable) both on your and our PP accounts, just like for any transaction performed through a bank or financial institution, so you're just right, the list could be obtained simply through a proper request to PP. No value at all in a perfect world, you are right, since using a VPN service is perfectly legal (exception: in Iran only authorized and registered VPN services are legal), but we don't live in a perfect world, even if we did not consider the aforementioned exceptions. Kind regards

Hello! Yes, in most cases it will be faster. Additionally you will have no protocol limitations like in TOR. However, it's not as secure as TOR over VPN, or VPN over TOR. As usual, it depends on the balance between security and performance that you want to achieve. Such balance can be correctly evaluated only by yourself, carefully, according to the sensitiveness of the data you need to receive or impart. Probably the easiest way to connect over a VPN over a VPN is through a VM attached via NAT (important!) to the host machine. The host connects to VPN1. The VM connects to VPN2. On the VM all the traffic will be tunneled over VPN2 over VPN1. This solution has also some nice side-effects, the usual advantages of running a VM: disasters and attacks isolation, portability, option to keep the virtual disk encrypted with the assurance that no unencrypted data can be written without your knowledge outside the virtual machine disk. Kind regards

Hello, please have a look at the servers monitor (click "Status" from the upper menu), direct link https://airvpn.org/status As you have seen, databases about IP geo-location are inaccurate: 3 different databases return three different answers for the same IP address. Kind regards

Hello! The problem is caused by OpenDNS: Oct 5 23:59:00 kaytsai nm-openvpn[4570]: UDPv4 link remote: [AF_INET]67.215.66.132:443 67.215.66.132 is the server IP address to which OpenDNS hijacks our *.airdns.org names, as if they did not exist. Please see here for more information and quick solutions: https://airvpn.org/topic/10000-connection-timeout/?do=findComment&comment=12480 Kind regards