Staff

Hello! Please see here: https://airvpn.org/topic/4821-losing-contact-with-airvpn/?do=findComment&comment=4828 Kind regards

Hello! Yes, please first enable Chromium logging: http://www.chromium.org/for-testers/enable-logging then send us the logs (only those generated when the tab crashes). Also, when you select "About Chromium", what is the displayed version? Kind regards

Hello! Please right-click on the Air dock icon, select "Logs", click "Copy to clipboard" and paste in your message. Kind regards

Hello! OpenVPN has the ability to connect over a socks 4/5 or http proxy. Connections may or may not require authentication, according to how the proxy is configured. You need to connect over a proxy if you're behind a proxy (according to your questions, very probably you are not). You might like to connect over a proxy, even if you're not behind a proxy, in special cases (a didactic example is here https://airvpn.org/tor). Please spend 2 minutes to read the instructions in the configuration generator page. If you click on "More help" on the configuration generator page, you will see the answers to your questions. FAQ are also an important resource for more details. FAQ are available here: https://airvpn.org/forum/24-frequently-asked-questions Kind regards

This guide shows how to set rules to prevent leaks in case of unexpected VPN disconnection and provides you with clear scripts ready to be used with basic modifications on Red Hat Enterprise Linux and RHEL rebuilds such as Oracle Linux, Scientific Linux, X/OS, CentOS etc. THANKS TO JESSEZ - ORIGINAL POST BY JESSEZ (minor editing & clean-up by Air staff) This method requires the ipset package: sudo yum install ipsetRHEL 6 and rebuilds (Oracle Linux, Scientific Linux and CentOS) do not have a kmod-ipset that I could find. The ip_set module has to be loaded manually as neither netfilter, iptables nor conntrack call the module themselves. As far as I know some Linux distros do have a kmod for ip_set so that would make usage of sysconfig/ipset.conf not necessary and also could cause a boot-time error (fatal nor not). The ip_set module has to be loaded and a script run to load the ip_set script (creates and contains the AirVPN server IP addresses) so that there is a table to be read by the time iptables_restore runs (otherwise iptables_restore throws the error that no ipset "airvpn" exists). So there are 3 files. The first and the second file can be found attached to this message. The last one is a system file that needs a modification. 1 /etc/sysconfig/ipset.conf This script tests whether the ip_set module is already loaded. If not it loads it into the kernel (modprobe). ipset.conf.txt 2 /etc/sysconfig/ipset-airvpn.sh This file creates and fills the ip_set table of AirVPN server addresses. I haven't listed the servers, so that no-one can just open the file and get the server IPs. Add the ones you want where the a.b.c.d 's are. Add or subtract lines as necessary. I think I added enough buffers so that all the servers should be able to go into the table (which lives in RAM while the system is up and is lost at shutdown/re-start). After running the script use: sudo ipset -L airvpn -to make sure all the servers you added to the script are there (It's easiest just to count the lines if you know how many servers you added in the first place), if not, change the part: hashsize 65536 to the next larger: hashsize 131072 (doing this obviously eats up RAM, so don't change it unless you need to) and note that the hashsize can start at 1024 and can only be a power of 2 (1024, 2048, 4096, ..., 131072...) If you're only using one or two servers and you need to save RAM, just change it down, re-run the script and issue the command sudo ipset -L airvpn again to check that all the desired servers are listed. Keep doubling the hashsize until they are. If anyone is wondering about the -exist option, it's there so that in case of accidental duplication of an IP address the script won't fail. iptables-airvpn_2013-01-19.txt 3 /etc/init.d/iptables This is the system file, so be careful; add 2 new lines that become line 55 and line 56: # Load /etc/sysconfig/ipset-airvpn.sh to make the airvpn table sh /etc/sysconfig/ipset-airvpn.sh Ok, that should be it, iptables and the "airvpn" ipset table should now survive a reboot with no errors. Test by rebooting, and trying Internet access of any and /or several kind(s) before starting a VPN connection when the desktop is up. If it's working you will have no Internet before starting a VPN connection, and you will be able to connect to any of the servers you added to ipset-airvpn.sh without OpenVPN throwing an error (probably: write UDPv4 []: Operation not permitted (code=1)). Note: rename the attached files according to the names given above. Put the files in the appropriate folders as listed above. Regards, jz

Hello! We don't detect any problem with Chromium: Version 26.0.1410.43 Debian 7.0 (189671) Which Chromium version crashes in your system when you click the "Forums" tab? The differences you detect with YouTube videos are also quite puzzling (we do not detect any difference between Iceweasel (Debian), Firefox (Debian), Chrome (Windows) and Chromium (Debian)), just for information do you play them "in Flash" or "in HTML5"? Kind regards

Hello! Normally the opposite is true (UDP over UDP is much better for streaming). Have you checked in the logs if your system experiences packet loss or packet fragmentation? If in doubt do not hesitate to send us your client logs (taken after some minutes your system is connected) for a check. Kind regards

Hello! The icon should be blue. Can you please send us the client logs? NOTE: our VPN servers are not virtual, they are all real, dedicated servers, with dedicated bandwidth. EDIT: please test with Windows firewall disabled. It's important to know that an application "authorized" by the Windows firewall on some network, will not be automatically authorized on any other network. Probably your Windows firewall is just dropping incoming packets for uTorrent. Kind regards

Hello! Sorry, they should not show up, you apparently have a DNS leak. Please fix it following our guides. For the records, we are building a knowledge base to understand why our customers are willing to use OpenVPN over SSL, which should be avoided if not strictly necessary (like it is in China and Iran, where anyway OpenVPN over SSH may be better), if it's all right with you, would you please tell us why you need to connect over OpenVPN over SSL? Feel free not to answer or to answer only in private. Kind regards

Hello! When you connect to an Air VPN server, routes are pushed so that all the client traffic is tunneled. If you wish some application NOT to be tunneled, you can bind it to your physical network card (in your case, the WiFi card). If an application lacks the bind ability, you could bind it with ForceBindIP in Windows. Kind regards

Hello! Actually there's a problem with IDENT, the IRC server will try to contact your daemon on port 113 (the IRC server can't know the remotely forwarded port on our system) and we don't allow remote forwarding of low ports. There are some security issues with the ident protocol and no ident daemon runs on any VPN server, we need to think about it. Is this a serious issue, for example your favorite IRC server(s) will not let your client in when it does not receive a reply from an ident daemon? Kind regards

Hello! You're right, something happened on the image hosting service (we see that the images were not uploaded on our servers, but they were just fine some time ago... something went wrong when we migrated to the new system). As a temporary, quick work-around, refer to the pictures here: http://www.pixhost.org/show/3984/15431130_1-tomato_config_basic.png http://www.pixhost.org/show/3984/15431131_2-tomato_config_adv.png or to the guide in the "Enter" menu https://airvpn.org/tomato to get the parameters you miss for the configuration. Feel free to contact us for any doubt in any field. EDIT: the pics in the original post have been fixed. Kind regards

Hello! We inform you that a planned maintenance on server CASTOR (NL) will begin on 21-May-2013 at 11.00 AM CET+1. The server needs some tests and software maintenance and upgrades. The expected maintenance time is a few hours. Please take note that during the maintenance we will need to shut down OpenVPN, therefore all clients will be disconnected. We strongly recommend that clients connected to Castor switch to any other AirVPN server before the maintenance starts. List of available servers: https://airvpn.org/status Kind regards

Hello! Please report the IRC servers. Kind regards

Hello! Your very same problem has been reported by 4 additional users. We have performed tests with VISA and MasterCard and everything is fine, we could not manage to reproduce the problem in any way, unfortunately. We also continue receiving payments regularly. Therefore the problem is puzzling, to say the least. Our reports to PayPal customer service are ineffective, because in almost every case a payment through a credit card works swiftly (at least with VISA and MasterCard, both credit cards and prepaid cards). It might be related to some credit cards only, or some PayPal malfunctioning, or some increase of PayPal risk management system threshold - although in this case an error message would be expected (all the credit cards transactions are completely handled by PayPal servers, we never come to know credit cards data). We should be able to provide a new credit card payment option with a different payment processor in the very near future. At the moment, we also accept Liberty Reserve and Bitcoin, if this may help you. Also, have a look at http://www.tipandtrick.net/credit-card-cannot-be-used-for-paypal-payment-error It's not the same issue, because in the reported cases no error message is returned, but it might provide some helpful hints anyway. Kind regards

Hello! 1. If the RDP responds both on the VPN server exit-IP address AND to your ISP IP address, the worst case scenario is a correlation attack: an adversary with the ability to monitor/wiretap your line may understand that the RDP listening on the VPN server is the same RDP listening on your real IP address. 2. The RDP software is bound to your physical interface (or to your "real" IP address) or to all interfaces (or all IP addresses). If you don't wish that, you have various options: bind the service only to the interface (or the IP address) you wish the service listen toclose the port (via a software firewall for example, or not forwarding it remotely on our servers in case you don't wish it to be reachable on the VPN exit-IP address) on the interface or IP address to which you want the service NOT reachableKind regards AirVPN Support Team

Hello! Frankly we are not documented about what you say (it's very hard to keep following every and each draft law pertaining to privacy, data protection etc. in 14 countries). We'll investigate, thank you! Kind regards AirVPN Support Team

Hello! Correct. We'll post a more elaborate explanation about Windows DNS leaks. The client needs to resolve airvpn.org to show you the list of servers and more. You can put 10.5.0.1 as secondary DNS of your physical network card(s) in order to prevent DNS leaks, then have airvpn.org resolved through the hosts. Edit the hosts file, add the lines: 85.17.207.151 airvpn.org 212.117.180.25 airvpn.org Side note: due to Windows limitations, should you need to use OpenDNS IN the tunnel, or in general to send out encrypted DNS queries inside the tunnel to some DNS of your choice, you will need to force OpenDNS IP addresses (or your favorite DNS IP addresses) in the TUN/TAP network adapter. Kind regards

Hello! Yes, you can add as many as you wish. Kind regards

Hello! Yes, except under extraordinary circumstances (DNS not working properly, therefore backup DNS showing up). Kind regards

Thanks for the report. It is covered by NBC Universal routing. This company creates many websites, maybe for each channel or show, and often with the same infrastructure and geo-location checking. So, there are many sites already routed that we simply don't know, therefore not all of them are in our report database. Community feedback is much appreciated. Thanks again. Kind regards

Website: http://www.syfy.com/ Official site. Syfy is a media destination for imagination-based entertainment. Shows include Being Human, Face Off, Ghost Hunters, Warehouse 13, SmackDown, Eurkea, Haven, Sanctuary, Lost Girl and Original Movies. Status: OK Native: US servers. Routing: All other servers. Covered by NBCUniversal routing

Hello! We're very glad to inform you that a new 1 Gbit/s server located in the USA is available: Diadem. The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, Diadem supports OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! We're very glad to inform you that a new 100 Mbit/s server located in Spain is available: Algol. The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 2018 UDP and TCP. Just like every other Air server, Algol supports OpenVPN over SSL and OpenVPN over SSH. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! Yes, that's the meaning. Kind regards