Staff

Hello! The directive for the renegotiation time is reneg-sec. We don't know whether it's possible to assign this custom directive with Viscosity (probably so, just add it on the .ovpn file with the custom directive option in the Configuration Generator or with a text editor and test). Default in our servers is 3600 seconds. You can't go over this value but you can go below. The "overlying" RSA keys sizes (2048 bit) can't be modified by you. See the OpenVPN manual: --reneg-sec n Renegotiate data channel key after n seconds (default=3600). When using dual-factor authentication, note that this default value may cause the end user to be challenged to reauthorize once per hour. Also, keep in mind that this option can be used on both the client and server, and whichever uses the lower value will be the one to trigger the renegotiation. A common mistake is to set --reneg-sec to a higher value on either the client or server, while the other side of the connection is still using the default value of 3600 seconds, meaning that the renegotiation will still occur once per 3600 seconds. The solution is to increase --reneg-sec on both the client and server, or set it to 0 on one side of the connection (to disable), and to your chosen value on the other side. Kind regards

Hello, the DNS IP address should match with server exit-IP address. In some, rare circumstances you might see a 54... address. This happens when the "failover" DNS must be used because something is wrong on the VPN server DNS server. EXCEPTION: Singapore VPN servers use different AirVPN servers DNS servers to avoid problems inside Singapore. Kind regards

Hello, yes, that's ordinary, it might have a blacklist or a whitelist, or it might work in synergy with a proxy. For this you should try to understand your network and if your node is behind a proxy. Kind regards

@amanbe Also, please ascertain whether your node is behind a proxy or not. If so, OpenVPN can connect over a proxy but you'll need to know in advance: - proxy type - proxy IP address or reachable name - proxy listening port - proxy authentication mode (if any) - proxy credentials (if any) Kind regards AirVPN Support Team

Hello! We're very glad to inform you that three new 1 Gbit/s servers located in Germany are available: Menkib, Wezen, Seginus. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, the new servers support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! We're very glad to inform you that seven new 1 Gbit/s servers located in the Netherlands are available: Acrux, Canopus, Haedi, Nekkar, Propus, Syrma, Taygeta. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, the new servers support OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

@syncswim Just a clarification because it seems there's a little confusion about IP addresses. The IP address of your node in the VPN is DHCP-pushed and it is dynamic and private, see also https://airvpn.org/specs . To be more precise a client tun interface is (with Air configuration) a point-to-point device in a /30 subnet. The IP address on the Internet your packets appear to be coming from is the VPN server exit-IP address (your node is behind a NAT) which is always the same (it is changed only under exceptional circumstances). Kind regards

@zhang888 Hello, your solution is extraordinarily elegant, congratulations. It does not seem related to syncswim problem, though... can you please elaborate? This information can be precious for every OpenWRT user. Why is it necessary on OpenWRT, are there cases for which the VPN server routes push is not processed correctly by an OpenWRT router? EDIT: ok, we see the problem. Does it occur "usually" on OpenWRT? Kind regards

Hello! Each account can establish ONE concurrent connection. EDIT: since April 2014, each account can establish THREE concurrent connections. Kind regards

Hello, can you please publish the output of the commands "ifconfig" and "route -n" (after the connection has been established)? Kind regards

Hello! The destination port is wrong (currently set to 1194). Please set it to 443 or 80 or 53. The server IP/name is wrong, there's a ":443" string that must be deleted. We don't know exactly how your device handles "reneg_sec" to renegotiate Data Channel key, i.e. the meaning of "0". By default our servers are configured to renegotiate every 3600 seconds (1 hour). Therefore: if "0" disables this feature, you had better set "3600" otherwise you will lose Perfect Forward Secrecy. Your are free to set lower values to force our servers to perform re-keying more often, but you can NOT set higher values, otherwise you will lose connections after 1 hour because our server will want to change encryption key anyway. Last but not least, your device can't resolve gb.vpn.airdns.org (but that should be due to the wrong name, ":443"), please check your device DNS or insert directly an IP address of a server in place of the name gb.vpn.airdns.org if the problem is not solved after you delete that ":443" Kind regards

Hello! We are very glad to announce new features aimed to improve your experience with our service. The web site menus have been rationalized for a quicker and easier access, while several web pages have been completely rewritten to improve clarity and effectiveness. We have added a page which we feel particularly important: the mission page. In it, you will find a complete overview of our mission https://airvpn.org/mission to understand "why we do what we do". Thanks to the excellent and fast growth of AirVPN customers base, of which we are very proud, we have been able since some months ago to fulfill an additional task: "Support when possible a range of projects and NGOs whose aim is compatible with AirVPN mission statement". In the same "Mission" page you will find projects, initiatives, NGOs that we gladly decided to support, as well as side projects that are managed directly by us. Whenever possible, we will continue such support and also expand it to other projects. In a separate article we will explain the reasons of our choices for each supported project. We have published a new forum https://airvpn.org/forum/32-no-profit where you can suggest a project that covers our mission. Let's examine now the additional features of the web site and the service. In the servers status page https://airvpn.org/status you can now see a list of the latest issues occurred on the service. The list of issues is displayed on the top. It can be very helpful to backtrack possible issues you experienced with the service or with specific servers. The list is updated automatically by our monitoring system. A completely new page has been added, the "Checking routes". In this page you can instruct every and each VPN server to perform a routing check to any destination. The results will be displayed within 60 seconds and cached for 10 minutes. Output includes several, relevant data. You can use this tool for troubleshooting, routing evaluation, name resolution verification, HTTP answers (in case of web sites) blocks discovery, target latency time and more. Last but not least, we have implemented a series of "backend" modifications which in some cases you can't directly see but you will benefit from. In particular, the handling of the clustered database has been improved, the queue tasks of the VPN servers have been optimized and the monitoring system has been remarkably powered up. An additional part of the monitoring system has been made public, allowing an organized and fancy view of several stats for every and each VPN server. We are confident that the new stuff will be useful and appreciated. We will be very glad to receive comments and feedbacks about it! Enjoy AirVPN! Kind regards & datalove AirVPN Staff

Hello! We have had a momentary problem with PayPal, promptly solved by competent intervention of PayPal business customers care. Everything looks fine now, we apologize for any inconvenience! Kind regards

https://www.stunnel.org/ The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. Stunnel uses the OpenSSL library for cryptography, so it supports whatever cryptographic algorithms are compiled into the library. Stunnel can benefit from FIPS 140-2 validation of the OpenSSL FIPS Object Module, as long as the building process meets its Security Policy. A scanned FIPS 140-2 Validation Certificate document is available for download on the NIST web page. The Windows binary installer is compiled with FIPS 140-2 support. The FIPS mode of operation is no longer enabled by default since stunnel 5.00. 30/01/2014, Funded with 1000€ (1355 USD).

Hello, since you are in the USA and you're a Comcast customer, probably the choice of a UK server is not optimal for your purpose. Please try a server in Canada. Kind regards

Hello! You need to run OpenVPN directly: you can use the executable we compiled for OS X directly from the original OpenVPN source code (tested on Mountain Lion), available here https://airvpn.org/topic/9325-development-of-os-x-airvpn-client/?do=findComment&comment=9555 Kind regards

Hello, sporadic bad packets IDs in UDP mode can be totally normal. If they are very frequent, they are a symptom of either a poor line quality or a replay attack https://airvpn.org/topic/3773-pls-help-strange-logs/?do=findComment&comment=3784 Kind regards

Hello! Please try UDP mode to ports 53 and 80. Furthermore, disable "NAT-PMP Port Mapping" in uTorrent. Kind regards

Hello, can you please publish the Air client logs taken just after a connection has been allegedly established? Please right-click on the Air tray icon (a white cloud), select "Logs", click "Copy to clipboard" and paste into your message. Kind regards

Hello, it is explicitly forbidden by the Terms of Service, article 4, point 6. Kind regards

Hello! It should be openvpn_if="tun"but that does not really matter, it will be overridden by the configuration file. Maybe it's just a DNS issue, what is the content of resolv.conf? Also, please read here:https://airvpn.org/topic/9608-how-to-accept-dns-push-on-linux-systems-with-resolvconf You can quickly determine whether it's a DNS issue by trying the following commands: ping -c 4 10.4.0.1 ping -c 4 google.com ping -c 4 8.8.8.8 so that you can immediately see whether the traffic is tunneled and/or names are resolved or not. If in doubt do not hesitate to post the output of the aforementioned commands. Finally, keep in mind that our service does not support IPv6. Of course. This is correct: the authentication is based on double certificate and secret key (embedded in the .ovpn file) not on login/password. Kind regards

Hello, that's just fine. The 54... IP address you see is used by one of our failover servers. On this one, a frontend web server runs as well. That's why you can see our web site. Kind regards

Hello, the section "News & Announcements" is dedicated to that. Kind regards

Hello, as we said this feature will be implemented on the next client version. We're very near to a first alpha-release. Under a technical and security point of view it's a bad defect, not a good thing, that you must rely on a proprietary software from the same provider of the VPN service you use. You should always be able to choose to connect to a service with some software that does not come from the service provider itself. It's also not true that you need script files to prevent leaks, you can just use one (ONE) command that you can issue in 2 seconds or configure carefully firewall rules (which is a task that has some very important, good side effects on your network know-how). Kind regards

Hello, the .NET framework version that's required by the Air client is specified in the instructions for Windows (menu "Enter"->"Windows" in our web site). To keep the minimal amount of software in the VM, do not install the framework and do not run the Air client, the OpenVPN GUI is just fine. Kind regards