Staff

@ukagorist Hello! We confirm you that there's no ticket at all related to account ukagorist.It's just a fact, you are free to believe it or not, but please consider that we have no interest in telling that there's no ticket if there was one. The account is connected and successfully exchanging data, but since 30 minutes (at the time of this writing) not 3 days. Are we talking about the same account you're using to write in the forum "ukagorist"? Can you please check? Kind regards

Hello! Can you please send us the OpenVPN logs? Kind regards

Hello, your account has no tickets at all. Additionally it is already connected and successfully exchanging data. Kind regards

Hello! We're sorry, PaySafeCard refuses VPN business. https://torrentfreak.com/paysafecard-begins-banning-vpn-providers-130825/ Kind regards

Hello! OpenVPN does not start because it can't find or open the file AirVPN_America-UDP-443.ovpn. Please make sure that the root shell current directory includes the file. Kind regards

@dwright Yes, thank you, that was the information we needed! Kind regards

@Errico Hello, exit-IP, correct. Kind regards

Hello! The problems is: Wed Sep 11 22:45:30 2013 RESOLVE: Cannot resolve host address: gb.vpn.airdns.org: No such host is known. Your DNS can't resolve that name. For our records, can you tell us which DNS your system is querying? In order to solve the problem radically please re-generate the configuration file(s) in the following way: - tick "Advanced Mode" - tick "Resolved hosts in .ovpn files" - tick "All servers for area or region" In this way the Configuration Generator will insert only IP addresses (not names) in the configuration files. Kind regards

Hello! Can you please publish the complete attempted connection logs? Kind regards

Hello, as an important side note that we forgot to mention, the airvpn.org web site does support Perfect Forward Secrecy through both Diffie-Hellman (DHE) and Elliptic Curve (ECDHE) keying, provided that you do not use an obsolete browser. It also supports TLS 1.2. You can check any web site, for example, through the SSL Labs web site to see all the features: https://www.ssllabs.com/ssltest Enter the web site you wish to check and wait for the full test to be performed. Kind regards

Hello! https://duckduckgo.com/?q=how+to+encrypt+non-system+hdd+with+truecrypt Kind regards

@superameise @NaDre It's very puzzling. There is a key information missing, and source-code-closeness does not help, that is how uTorrent IP binding works? If uTorrent is firewalled, how come that the checkmytorrentip tracker gets the ISP IPv4 address of superameise's device? If everything stated is true, the only explanation that comes to mind is that uTorrent announces to the tracker the ISP IP address, but how? We know that this can happen when connecting uTorrent to a proxy (https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea) but this situation seems completely different. First of all, however, it would be important to replicate the problem. Without certain reproducibility under controlled conditions, it's problematic even to contact uTorrent community. @superameise Just an additional information, does your ISP IP address is diplayed in any of your network cards (if in doubt type ipconfig /all from a command prompt), or is the system which runs uTorent behind a router NAT? Also, can you please check carefully if there's any value into the "IP/Hostname to report to tracker" uTorrent field? Kind regards

Hello! Yes: you need to remotely forward a port for your account (menu "Client Area"->"Forwarded Ports"). You can't forward ports lower than 2049. You can't have two different processes (running at the same time) listen to the same port (it would be a process end-point fatal ambiguity on the system). Please consult the relevant FAQs on ports and p2p for additional information. Kind regards

@Royee Not exactly, partition of trust and all the discussed topic refer to the trust that you put on us. If you can't afford to trust us, or even if you can trust us but you can't afford to trust the datacenter personnel our servers are in (*), you have the tools to strengthen the anonymity layer. About the backend servers, it's another topic, although you're right that it's actually related, and it is important as well, because in this way we do not keep any account data, including user keys, on any VPN server, and above all we can in this way keep location of the clustered database totally private and unknown to anyone, which is also an additional protection against a wide range of attacks. (*) When we founded AirVPN we thought about how the anonymity layer of a person in need to disseminate information on organized crime, or the anonymity layer of a whistleblower, could be protected even from ourselves, so that those persons were not forced to trust blindly a single entity. Kind regards

Hello! The "No route to host", code 65, may be caused by a line drop or a null-routing of the destination IP address or a firewall in your system that drops packets (for example when it sees "too much" UDP flow). Please see here (about Tunnelblick): http://code.google.com/p/tunnelblick/issues/detail?id=120 and here (about SparkLabs Viscosity): http://www.sparklabs.com/forum/viewtopic.php?f=3&t=1227 We can't verify the logs on the server side because OpenVPN logs are sent to /dev/null according to our policy. Try to connect to a TCP port to see whether the problem gets solved or not, which may be a precious hint. Kind regards

Hello, because the traffic is still encrypted by your OpenVPN 'client' when it passes through the TOR nodes. It is decrypted by our VPN server and then sent out on the Internet. Remember that OpenVPN has the ability to connect to a VPN server over a socks or an http proxy. Example for outgoing packets: your cleartext packets headers and payloads are encrypted and then encapsulated in TCP or UDP by your OpenVPN. Before getting out of your system, they are again encrypted and encapsulated by TOR. When they reach the TOR exit-node, only the encryption layer by TOR is no more. The OpenVPN encryption is still there. See above. Yes, this the solution. It introduces other problems (see http://forum.dee.su/topic/vpn-tor-more-anonymity) so you must evaluate the purpose of this solution. The main purposes are solving the TOR exit-node problem you cited, hiding your IP address to our VPN servers (partition of trust, to defeat an adversary that's wiretapping a VPN server) and hiding to the final node (but not to your ISP!) the fact that you're using TOR. Additionally, this is a "starting point" for more sophisticated forms of partition of trust. Imagine for example to connect a host over OpenVPN over TOR. Then run a Virtual Machine in that same host and connect to a VPN service, or to TOR, or to another proxy, that VM (itself connected via NAT to the host machine). You will have an additional partition of trust which might be desirable in extremely critical data transfer, when low performance is considered an acceptable price to pay. Kind regards

Hello, side note: in 2010, when AirVPN was being born, we discarded PPTP (that was an obvious choice) and after a careful evaluation we picked OpenVPN and discarded IPsec as well. There are even additional considerations about IPsec, on top of those that you have kindly reported, which convinced us to prefer OpenVPN. Kind regards

Hello! Please see the above link on partition of trust. Even if we said (and beware, we're not claiming that) that this can't happen with our system and our providers, you would anyway have to trust us and we would anyway have to trust our provider. With partition of trust, you distribute trust between N parties, so that if N-1 parties betray the trust, your anonymity layer is NOT compromised, effectively solving the trust problem in a drastic and effective way. We faced this problem in 2010, at the birth of AirVPN. Kind regards

Hello! It does not matter at all, just use lynx. Most of our site pages are perfectly readable in text mode. And the menus are perfectly selectable without a mouse and a pointer. Example: lynx https://airvpn.org/status No, it's the DNS record that is updated (if necessary). OpenVPN will not disconnect without a command from you. Yes, please generate a file with the remote-random directive in the following way: - click "Advanced Mode" - tick "Resolved hosts in .ovpn file" - tick "All servers for area or region" In this way a configuration file that will cause OpenVPN to rotate randomly (at each connection) between all the servers of the selected area will be generated (for this operation: yes, you will need a graphical environment - then upload the configuration to your server). Kind regards

Hello! No, it wouldn't be compromised. If someone in any way could get in possession of your user.key, it could NOT decrypt your tunneled traffic. See also https://airvpn.org/topic/9949-us-and-uk-spy-agencies-defeat-privacy-and-security-on-the-internet in order to know why. That said: PKCS#12 is not currently supported. Kind regards

Hello, thank you, unfortunately that web site requires registration to read the link you provided and currently registrations are closed, but we'll keep an eye on it just in case they re-open registrations. Kind regards

Hello! Yes, it's an additional encryption layer. Unnecessary as you said, if the magic of the attacker could decrypt OpenVPN ciphers before we're all dead, instead of million of years, the additional SSL would be no match as well. Kind regards

Let's continue here (this forum section is not the proper place, for clarity purposes): https://airvpn.org/topic/9958-importance-of-partition-of-trust-for-critical-data-exchanges Kind regards

Hello! Yes, only physical servers. Your report is important, what is the Dutch provider? Do you have any additional reference to the case? And of course nobody can be 100% sure that a sufficiently powerful entity wiretaps your machinery, regardless of any kind of service or provider, not even if you run your own datacenter. Encrypting the OS on the server is not a solution, because the adversary can put two boxes on incoming and outgoing connections and correlate any traffic flow simply through timing (similarly to any timing correlation attack in any low latency network). Also see the importance of partition of trust, strictly related to the issue (and capable to defeat the aforementioned adversary, provided that this adversary is not also capable to monitor at the same time the relevant TOR circuit you have established or the external service you have picked - an extremely low probability): https://airvpn.org/topic/54-using-airvpn-over-tor/?do=findComment&comment=1745 Kind regards

Hello! We don't use VPS or cloud servers for our VPN servers. Kind regards