Staff

Hello, outbound port 25 is blocked (a necessary decision to let our servers survive). Not a big deal, because you should never use SMTP without SSL/TLS, VPN or not. Maybe you connect to the working mail server on some other port (for example 465 or 587 for SMTP over SSL) and to the non-working mail server on port 25. Kind regards

I've tried a number of different sites, notably Google's DNS servers and this one here http://censurfridns.dk. Can you recommend any DNS suppliers that work a little better with AirVPN? Also, this may sound like a real noob question, but I have the DNS set in the static ip address config, is this the correct place to put this info and if not, where should I be designating it? Thanks for your reply! Hello, Google DNS (as well as OpenNIC and any other public DNS we have tested) have no problems in resolving our names and this suggests that your ISP is hijacking DNS queries (please see below). For example: dig @8.8.8.8 asia.vpn.airdns.org ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @8.8.8.8 asia.vpn.airdns.org ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52404 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;asia.vpn.airdns.org. IN A ;; ANSWER SECTION: asia.vpn.airdns.org. 300 IN A 119.81.1.125 ;; Query time: 647 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Fri Jan 3 02:09:04 2014 ;; MSG SIZE rcvd: 53 It might be that your DNS queries are hijacked in any case REGARDLESS of the DNS server you try to reach. This occurs with some ISPs around the world (for example Vodafone) AND it might occur with several ISPs in China. In this case, please do not use names at all. Insert directly the entry-IP address of the server you wish to connect to. For example, instead of asia.vpn.airdns.org, insert the entry-IP address of one of the Singapore servers. Kind regards

Hello. I understand - but this information does not help me solve my problem :-( Rgds Hello, but it should. Compare the answer on the other thread you have opened. Let's try to keep one problem in one thread. Kind regards

I am using my ASUS DD-WRT router with OpenVPN client inside. But I am ready to try AirVPN client at my PC if it helps me to investigate how to continue... Hello, in this case you have to remember to properly forward packets to the appropriate device behind the router through a DNAT (for every and each port you wish to forward), because the devices connected to the router are behind the router NAT itself. Please see this guide https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables Kind regards

Hello, can you tell us which DNS the Raspberry PI queries to resolve names? Kind regards

Hello, unfortunately we don't know MS One Note, anyway as it was written in the previous message you can remap any remotely forwarded port to any other local port. You can do that in your "Forwarded ports" panel, accessible by clicking "Client Area" from the upper menu and then clicking "Forwarded ports" from the left tabs. Kind regards

Yes, of course: since the exit-IP address is shared (a dedicated IP address per client might easily crumble the anonymity layer) this is unavoidable. You can anyway remap any remotely forwarded port to any local port. Alternatively just configure your service to listen to the appropriate port or create a basic port re-mapping. Kind regards

Hello, for more accuracy please use a more accurate IP geo-location database. MaxMind is not bad, amongst those we have tested (see it working on ipleak.net for example), but keep in mind that maintaining a "geo-IP" database in good order is not easy. Anyway, to know the exact locations of our servers please see our servers monitor by clicking "Status" from the upper menu of the web site. Kind regards

Hello, for a complete setup please see also our guide https://airvpn.org/topic/3405-windows-comodo-prevent-leaks Kind regards

Hello, for your and other persons privacy needs we accept Bitcoin since years. This thread pertains to a completely different problem, please do not hijack it. Kind regards

Hello, maybe you have a disconnection without notification in UDP mode. When this happens, the client can't communicate to the Air server that it's going to disconnect. Since UDP is connectionless, the server has therefore no way to know that the client disconnected and will believe the client is in the PN until the timeout (60 seconds). Subsequently, during this time frame the system will believe that the account is still logged in. Kind regards

Hello, it seems an OpenVPN 2.2.1 bug which shows up every time default route does not use a gateway (such as in PPP): https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/771148 In the link above you will also find a workaround. Kind regards

Hello, it's difficult to provide definite numbers about performance hit. Consider roughly at least a 10-15% loss due to double overhead (OpenVPN will have to run in TCP mode instead of UDP, and there's the additional overhead by SSL/SSH). It's not a matter of security. The additional encryption layer (RC4-128) is not significant compared to OpenVPN data channel encryption (AES-256-CBC), its only purpose is to encapsulate and encrypt the OpenVPN "fingeprint" so that your ISP can't see that you're running OpenVPN (we repeat: useful only when your ISP discriminate against OpenVPN). DPI is anyway defeated even with OpenVPN alone: it's not that through DPI your ISP can see your real packets headers and payload. If your ISP does not disrupt or dramatically cap OpenVPN we strongly recommend that OpenVPN is NOT tunneled over SSL or SSH. Kind regards

Hello, OpenVPN packets have a typical fingerprint (basically due to additional information on the packets headers for error correction) which make OpenVPN protocol different from pure SSL/TLS. Usage of OpenVPN is perfectly normal and widespread, therefore it's not a reason of concern unless your ISP decides to cap or disrupt OpenVPN connections (as it happens in China). In this case, you can use OpenVPN over SSL/SSH to encapsulate OpenVPN packets inside SSL or SSH tunnel (you can find the instructions by clicking "Enter" from the upper menu of our web site). In case your ISP does not perform this discrimination, you should connect directly with OpenVPN for better performance. Kind regards

@pete.rose Hello, sometimes the TLS re-keying fails. Through DHE OpenVPN re-negotiate TLS keys every 60 minutes (Perfect Forward Secrecy). Sometimes this re-keying fails from your system, but most times it succeeds, making the problem very hard to detect. First of all, please check that the system clock and date are correctly set. Kind regards

Hello! You just need to drop packets from the "uninvited" IP addresses with a firewall running on the same device where OpenVPN is running. Kind regards

@magpies1 Each time we check (just like now) we see your account REALLY connected and REALLY exchanging data (even at a good, sustained rate). On your control panel, however, you can also see this: Last attempted connection failed 6h 55m 21s ago. Reason: Already logged on 'some server'. Now, 6h55m ago your account was already connected (to the same server you continued to try to connect to with the same account) and exchanging data. Please keep in mind the one concurrent connection is allowed from the same account. Please also make sure that you're not running multiple OpenVPN instances. Kind regards

Hello! Yes, there are several ways, you can find many of them in our How-To section ("Forums"->"How-To"), according to your OS, as specified in the welcome e-mail as well. Kind regards

Hello! The directive has nothing to do with that, please see the OpenVPN manual: --explicit-exit-notify [n] In UDP client mode or point-to-point mode, send server/peer an exit notification if tunnel is restarted or OpenVPN process is exited. In client mode, on exit/restart, this option will tell the server to immediately close its client instance object rather than waiting for a timeout. The n parameter (default=1) controls the maximum number of attempts that the client will try to resend the exit notification message. OpenVPN will not send any exit notifications unless this option is enabled. You can prevent leaks without firewall rules anyway, please see here https://airvpn.org/topic/9797-blocking-non-vpn-traffic-without-firewall-using-routing-router Kind regards

Hello! We're sorry, you can't do that with the Air client. You can either run OpenVPN as a service or OpenVPN GUI at the startup. Kind regards

@magpies1 Hello, your account is really connected to some VPN server and exchanging data since before you wrote the message, can you please check? Kind regards

Hello! We're sorry, the referral program is momentarily closed for new referrers, it will be re-opened in the near future. Kind regards

Hello, we have never revealed any data of any user (and of course we can't give away information that we don't have), however that's not relevant since you say that it's an old thing from when you did not use a VPN. The account you're writing from is not subscribed to our service, but we assume that this is intentional to increase your privacy, and not just a message from a troll. About your other question on encrypted drives, it depends on what encryption and program have been used to encrypt the media. If strong encryption and a good key were employed, and the adversary could not intercept (for example with a keylogger hidden in the computer) the key/password, then it's nearly impossible to decrypt in less than million of years. About using a VPN, it's impossible to decrypt your data for adversaries monitoring your line, BUT you must keep in mind that a VPN protects your line, not your computer. If an adversary has installed spyware on your computers (and from what you say you MUST take into consideration this option) then the encryption on the line is irrelevant, because the adversary takes data directly from the computer, when they are not encrypted. The above are just technical information, about your last question we think that you should contact a good lawyer (if you haven't already done so). Kind regards

Hello! Disclaimer: we don't know this router. From information and technical specifications gathered from the www (therefore NOT from our direct experience) it seems that there's apparently no way to run OpenVPN in it. If that is confirmed, you will need to connect directly from your computer. Kind regards

Hello, Bitcoin is not anonymous by itself (as it is, it just adds a significant privacy layer) and has not been designed with this purpose. The purposes of Bitcoin are different and much more radical. You should add an anonymity layer (for example simply running the client over TOR), an operation which should take no more than a minute, if you wish anonymous transactions. The "hole in Bitcoin" according to the article's author refers to energy consumption to generate blocks and economics, with the totally arbitrary assumption that 1 BTC=220 USD. This assumption has a fundamental flaw in it, and anyway it is wrong today, so all the article calculations are questionable. Furthermore they are not much pertinent to those people who need a highly private (or even anonymous) subscription to an online service. Kind regards