Staff

Hello, for your purpose just bind uTorrent to your VPN IP address or write a couple of rules with a firewall and use a VPN, not a proxy. If privacy is your concern, a SOCKS proxy for p2p is not the appropriate tool. A SOCKS proxy by itself is a tool for circuit-level gateways and also for circumvention, it has nothing to do with privacy or data stream protection. First, there are several real IP addresses leak problems to be considered. These attacks: http://hal.inria.fr/docs/00/47/15/56/PDF/TorBT.pdf and also the problem with UDP packets (through which a torrent client may communicate the real IP address to UDP trackers and/or to peers via DHT). Second, but maybe more important, your traffic is not encrypted, so your ISP and any Man In The Middle can see very well the whole p2p traffic you send out and receive and can profile your p2p activities, inspect the contents you share, inject forged packets, send you warnings etc. etc. It seems strange that a company advertises a SOCKS proxy as a privacy measure for torrent (or for anything else). Maybe it's a different service, in conjunction with SSH? Kind regards

Hello, if you run Linux you have the option of a much more elegant solution which has the same effect, does not need packet filtering, but at the same time does not put you under the performance and protocols limitations of a proxy: http://daniel-lange.com/archives/53-Binding-applications-to-a-specific-IP.html Just like you need to configure every single application to be tunneled over a proxy, you will need to launch every application you want to secure with an LD_PRELOAD shim to bind it to the VPN IP address. With Windows you can use ForceBindIP, unfortunately it does not work with every Windows version. Some more options (already available natively on every Air server): https://airvpn.org/ssl https://airvpn.org/ssh Of course all of the above does not make sense in comparison to securing the connection with a packet filtering tool. Also, SSL/SSH services are aimed against OpenVPN connections disruptions. @rchunter About providing an external, pure SOCKS5 server... why do you need it, what would it be useful for? Kind regards

Hello, transaction has been now cleared by PayPal and account has been automatically activated. Probably it was something related to PayPal Risk Management or security service. Kind regards

Yes, 100% correct. EDIT: of course we don't strictly need to "re-route" checkmytorrentip as well, but it was decided to do so for consistency and comfort. Kind regards

Hello, there is no time pressure to move away from RSA 2048-bit size keys. According to some experts (but not all, other experts do not agree), RSA 1024-bit keys are likely to be "breakable" with technologically possible resources in the very near future (a matter of years, or maybe months). RSA 2048-bit keys are unanimously not considered "breakable" until 2030. See references and notes in the Wikipedia article "RSA (algorithm)". Of course we are talking about properly generated RSA keys (i.e. whose prime factors are generated with a random number generator seeded with sufficient entropy) and assuming that no polynomial-time method for factoring large integers on a computer will ever be found (but it must be noted that, while such method has never been found in decades of research, it has never been proved that such method does not exist). About SHA256, SHA512 and Elliptic Curves cryptography, keep in mind that in our configuration HMAC SHA-1 (not SHA-1) is used for tunnel packets authentication, for which we just don't care about collisions, not for tunnel data channel (OpenVPN Data Channel is encrypted with AES-256-CBC cipher). In order to start to attack the underlying SHA-1, an attacker should first find the private key. Moving to Elliptic Curves cryptography (when OpenVPN will support it natively) is not a totally painless procedure, customers and users will have to upgrade their clients and re-generate every configuration file, while older systems will not be able to handle it with older OpenSSL and OpenVPN versions. See also: https://forums.openvpn.net/topic8404.html Therefore, should the need to move to HMAC SHA512 arise ("attacks always get better, they never get worse"), we will make the procedure as smooth as possible, with overlapping windows, carefully planning it in order not to cut out of the service users and customers. Kind regards

Hello! Please see here: https://airvpn.org/topic/9499-connecting-to-trackers-fails-from-different-servers/ Kind regards

Hello, please follow your ticket from the support staff. Your transaction is still pending, hopefully it's just a temporary PayPal problem. Kind regards

Hello, it's the company which operates the datacenter in Zurich where Virginis is physically located. If some IP geo-location service reports it as being in Norway, it's just a geographical IP location database error (not uncommon: maintaining an IP database in good order is a difficult task). Kind regards

Hello, OpenVPN does not interfere in any way with the system physical interfaces (WiFi, Ethernet...) settings. The fact that the problem did not arise in one year hints to some recent configuration change in your system. Please check your firewall and antivirus, and also make sure that the DHCP client service is running. Does the problem disappear if you disconnect and re-connect to your WiFi hot-spot? Kind regards

I think I understand now. So even though I see queries going to whatever DNS server (on ipleaks), they will always go through the VPN tunnel? Yes, the only exception is when DNS queries are sent to a destination inside your local network or to the entry-IP address of the OpenVPN server the system is connected to, in this case they will not be encrypted (see your routing table while connected to the VPN to understand why). This opens up the option (or the risk) to send out unencrypted DNS queries, for example when DNS queries are sent to your router which in turn forwards them to some other DNS server. However technically this is not a DNS leak, because the system complies to the settings (contrarily to Windows, where real DNS leaks can occur). Kind regards

Hello, simply because your system IS sending DNS queries to OpenDNS servers. Kind regards

Hello, the results show that you're tunneling DNS queries to OpenDNS (Linux has no DNS leaks). If you wish to use our DNS and you don't have resolvconf or openresolv packages installed, add 10.4.0.1 as first nameserver in your /etc/resolv.conf: nameserver 10.4.0.1 If you have one of them installed just follow the previously mentioned How-To. When you use our DNS you will get, in the DNS test of ipleak, the same VPN server exit-IP address (there's a very rare exception to this, in case of VPN server DNS failure you might get an Irish IP address, it's just a backup DNS for emergencies operated by us). Kind regards

Yes... and here the importance of different, independent from each other peer-reviews by specialists comes into play. Such reviews are sometimes very hard or even impossible to be performed when the source code is not available. Source code of TrueCrypt is available, unfortunately latest versions of TrueCrypt are at the moment missing these reviews, as far as we know. Kind regards

Hello! "Routing servers" are used to re-route traffic to/from geo-restricted servers (see here: https://airvpn.org/forum/10-websites-support). Thus, routing servers are never directly accessed by our clients, they just receive and send out encrypted traffic to/from some VPN server (accessed by the client), and send/receive unencrypted or encrypted traffic to/from the geo-discriminatory service requested by the client. As an important consequence, routing servers are not subject to our legal and privacy requirements for VPN servers: those requirements are fulfilled "higher in the chain", i.e. on the VPN servers. That said, we have recorded your request and we'll work on that. For future requests, we have a dedicated forum section: https://airvpn.org/forum/28-blocked-websites-warning/ Kind regards

Hello, you don't need to do anything like that (BUT: *). OpenVPN takes care of everything. Compare your routing table before, during and after a connection to an OpenVPN server. See also the routes pushed by our servers, look at the OpenVPN logs. (*) See here for some clarifications on DNS push in Linux: https://airvpn.org/topic/9608-how-to-accept-dns-push-on-linux-systems-with-resolvconf/ Also, it is assumed that you do not configure your client to actively reject OpenVPN servers routes push. If you do (directive route-nopull) for some very specific need, you can build your own routing table. Make sure that you know what you do in this case and proceed with caution (mistakes might crumble the anonymity layer). Kind regards

Hello NaDre, the links/pages you mentioned are probably: https://airvpn.org/forum/10-websites-support/ and https://airvpn.org/specs/ Kind regards

Hello, a payment made with PayPal or credit card shows that you paid to AirVPN for a subscription, but it does not say anything about HOW of even IF you used the service. As Baraka says, many additional steps would be necessary to make relevant correlations, which would be in the ability of a very powerful adversary. If you think you must face such an adversary. you should (must) subscribe through BitCoin, even better with BitCoin running behind TOR when performing a transaction. This is the article we usually link for such a debate (it goes deeper): https://airvpn.org/topic/54-using-airvpn-over-tor/?do=findComment&comment=1745 As NaDre suggests, defeating an extraordinarily strong adversary requires extraordinarily strong discipline, but under a technical point of view it's easy to "win" (nowadays). Luckily encrypted traffic is, at the moment, not a preoccupation in most countries, given the widespread usage of the Internet to perform monetary transactions, VPNs used by almost every small, average and large companies, increasing number of web servers implementing https etc. etc. But it may be actually troublesome in some country. We would not recommend for example to send/receive a significant percentage of encrypted traffic (out of total traffic) in a chinese Internet cafè. In these cases, when important data must be protected and one can't afford to "trigger encryption detection", steganography is a safe solution (and also technically simple, with modern tools), at the price of a certain overhead (which in most cases can be quite remarkable). Kind regards

Hello! nbname is the name given to port 137 in Windows system. Port 137 is used for the netbios name service. http://support.microsoft.com/kb/204279 NBName is a computer program that can be used to carry out denial-of-service attacks that can disable NetBIOS services on Windows machines. http://en.wikipedia.org/wiki/NBName See also http://forums.comodo.com/leak-testingattacksvulnerability-research/nbname-port-137-t38043.0.html Kind regards

Hello, yes, no problems. Following the guide will make removal superfluous, anyway removal will do no harm. Kind regards

Hello! It's IP in [10.4.0.0 - 10.9.255.255], or IP range starting from 10.4.0.1 and ending to 10.9.255.254. Kind regards

Hello, that hints to some Air client bug. If this is a major problem, can you please try a connection through OpenVPN GUI? Can you also tell use your exact Windows version? Kind regards

Hello, 2) It does not say anything about that (it's not a hint pointing to any direction) 3) if all packets were unroutable, connection could not even be established. If a significant percentage of packets are unroutable, connection will drop or performance will be impaired, so look at the complete logs and if you see a lot of them yes, try to change VPN server. Kind regards

Hello, problem solved. Kind regards

Hello! Please send us at your convenience the Air client logs (right-click on the Air dock icon, select "Logs", click "Copy to clipboard" and paste into your message). Kind regards

Hello, "No Route to Hosts ... Host unreachable" is a message from your TCP/IP stack issued when a packet is not routable to the wished host. A packet may be unroutable for various reasons, such as null-routing forced by your ISP or some gateway, routing loops (misconfiguration of routing in some Internet node), routing nodes failure... if you run Windows, the problem might be related also to an intermittent malfunctioning of the TCP/IP stack, normally solved with a TCP/IP stack reset ((but we're not sure: in the past years we have observed some not easily explainable Windows TCP/IP stack weird behaviors, that have in common the fact that malfunctioning is solved with a stack reset followed by a system reboot). Such problems should be momentary, and if your connection was successful it was a momentary failure. If the problem persists feel free to keep us informed, in which case please send us the complete logs. Kind regards