Staff

Hello! onion.to is a gateway from the WWW to onion. You don't need TOR to access it. Kind regards

Hello! Please feel free to contribute to this: https://airvpn.org/forum/21-database Without a shared IP address an anonymity layer would be seriously weakened. With a shared IP address, abuse by someone can have consequences for everybody. We have to draw a fair balance, but we can't renounce to shared-IP addresses, because one of the most important and basic features of our service is providing a strong anonymity layer. Kind regards

Hello and welcome aboard! The first thing you can try is a connection to ports 53 UDP and 80 TCP to make a performance comparison test. Some ISPs cap bandwidth on some ports. Kind regards

Hello! Does the server have a bind option? If so, can you please check it, just in case it is bound to your physical interface? When the system is connected to the VPN, the rat server should listen to the tun interface (the virtual network adapter used by OpenVPN). In most cases this is done automatically, but several servers and services allow an explicit bind, so it's worth a check. Kind regards

Hello! If the port checker (any port checker) does not receive any reply, it will indicate the port as "stealth" (or "closed"). If it receives a refusal reply it will indicate it as "closed". You need to have your listening service running and replying while you perform the test. Our servers simply forward packets to your OpenVPN client, they never take the liberty to reply in your place. Kind regards

Hello! What service is listening to port 2105? Kind regards

Hello! Can you please try port 53 UDP and report if the problem is the same? The kind of network lock you met is in our experience commonly caused by something that wrongly interprets the normal OpenVPN UDP flow as an attack. When you're connected to the VPN over UDP, all the incoming traffic is UDP, as you know, so this might trigger the security systems of packet filtering tools etc. This would explain also why you don't have problems with TCP. We have noted this behavior with some Internet security suites for Windows, can you please check in your system? Kind regards

Hello! Can you please make sure that the service(s) behind the VPN server are running and listening to the correct ports when the test is performed? Kind regards

Hello! Can you please make an example (an onion site address and an Air VPN server from which you can reach it without TOR)? Kind regards

Hello! Thank you for the suggestion. Can we ask why you would be willing to use a torrent proxy? It's a delicate argument, because there are security risks to consider. Some torrent client, like uTorrent, BitSpirit, and libTorrent, write an IP address directly into the packets sent to the swarm peers. So when they run in a machine where an OpenVPN client has established a tunnel in routed mode all is fine but when they are behind a proxy they write your REAL IP address inside the packets. See also here: https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea Kind regards

Hello! Thank you, we're glad to hear your appreciation about the new system. About the issue, you are right. The system still needs some fine-tuning, we are working on it. Kind regards

Hello! Thank you, we are aware of the problem and we're working to fix it. [EDIT: fixed] Kind regards

Hello! The selection is governed by randomness (remote-random OpenVPN directive). For additional information please see here (search for "remote-random"): https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage Kind regards

Why don't you add many more servers locations? A new server location must comply to every AirVPN requirement. Contrarily to some of our competitors, we don't add locations just to have "one more country flag", in disrespect of service quality and customers' security. We take every care in order to provide high quality of service and high security. The servers datacenters must comply to our requirements for privacy, bandwidth, traffic, peering, net neutrality and usage policy. All these factors together restrict significantly the range of viable choices. The privacy requirements alone cuts out entire countries, while several other countries are discarded because they have an insufficient infrastructure. This is the only way to keep the service in line with our vision and our quality and security standards. Under a security point of view, picking a server outside the country you live in is a superior choice: an adversary with the ability to monitor your Internet line will have more difficulties in re-building your connections paths and enlarge its monitoring powers into different jurisdictions. Under a performance point of view, geographical proximity does not always imply network proximity. Also, we can't ensure 1 Gbit/s for every and each location. A better way to select a server to get higher performance is determining, through our servers monitor, the servers with the lowest relative latency and pick, between them, those not at capacity. If you need a particular location to bypass geo-IP-location based restrictions, first have a look here. If the service you're interested in is included in our anti-blocking system, you will probably get higher comfort and performance from a connection to the network-nearest server to you. An example: if you are in Europe and you wish to access Hulu, it is likely that connection to an European server, instead of a connection to an USA server, will result in a better performance (especially if your ISP is not a tier1) and at the same time will allow you to access European services more swiftly. If the service is not included in our anti-blocking system and/or it is in a country where we do not have servers, ask for it: routing anti-geo-IP-location based restrictions servers are not bound to our requirements for privacy legal framework etc., so we will evaluate your request without prejudice deriving by our strict requirements.

Do you accept Bitcoin? Yes. Just select "Bitcoin" at the checkout to pay with Bitcoin. No intermediary is involved in the transaction: you will pay directly to us. Note: you can significantly increase privacy and also add a strong anonymity layer if you always run your Bitcoin client behind Tor.

How many simultaneous connections can I establish from a single account? Each account can establish up to 5 (five) connections to different VPN servers. Additionally, if all the devices are on the same network, you can use a Tomato / DD-WRT / pfSense / Fritz!Box router or a computer configured to act as a "gateway/host" through connection sharing to access a VPN server from all of your devices with a single account. If you need more than 5 connections simultaneously from different networks, you need additional accounts subscriptions.

Do you allow p2p? How can I optimize performance of eMule and BitTorrent with AirVPN? Yes, p2p is allowed, as well as any other protocol. Currently p2p is a set of the most efficient protocols to share and access information on the Internet. We do not discriminate against any protocol. To obtain the best performance with a BitTorrent client or an eMule client, log your account in our web site and proceed to remotely forward a port from the menu "Client Area"->"Forwarded ports". Pick a port or let the system choose an available one for you. Pick "TCP & UDP". Remember the port number. Then, configure the "Port used for incoming connections" (also called "Listening port") in your BitTorrent client so that it matches the port number you have just forwarded remotely. On eMule, go to "Options"->"Connection" tab. Write in both fields of "Client ports" the number of the port that you have forwarded. Disable UPnP, NAT-PMP and any possible automatic port mapping feature that can modify the listening port. If you run uTorrent or any other software with bandwidth management, make sure to disable such management (such as uTP in uTorrent). In this way your clients will be able to accept incoming connections from the Internet, enhancing performance in several cases and making initial seeding possible. This procedure can be performed just once and for all, as long as you don't wish to change port(s) on your clients. On BitTorrent clients, make sure to disable the option to pick random ports at every startup. If you forward a port for a p2p torrent client, do NOT remap it to a different local port and make sure that the torrent client port matches the remotely forwarded port number, otherwise your client will communicate to trackers (if you use them) and DHT the wrong port: torrent clients will communicate to trackers and DHT the port number you have configured in them. As a result, you will get no incoming packets from the swarm and the torrent client network status token will remain yellow. IMPORTANT: do NOT forward on your router the same ports you use on your Bittorrent or eMule client (or any other listening service) while connected to the VPN. Doing so exposes your system to correlation attacks and potentially causes uncencrypted packets to be sent outside the tunnel from your client.

Which speed can I expect when I am connected to the VPN? Speed may vary according to several conditions which are intrinsic to how the Internet works. We guarantee on our servers, switches and lines an allocated minimum bandwidth of 4 Mbit/s per account (worst case scenario), while the upper limit is 500 Mbit/s on 1 Gbit/s servers. Please note that this is the bandwidth which is "allocated" for each account: the bandwidth you can obtain depends also on your provider conditions, peering and several further conditions. Please contact us to test speed from your ISP connection.

Are there traffic limits for an account? No, there are no traffic limits.

Do you keep session logs or any other kind of logs that can be used to track identity and Net activity? No, we don't keep logs of that kind.

I have heard the some VPNs providers do not really protect privacy. What is your policy? First of all we kindly invite you to read carefully our Terms of Service and Privacy Notice, available on the bottom of every website page. Furthermore, you might be interested in reading our statement pertaining to the issue here.

What is a VPN? VPN is an acronym of Virtual Private Network. Our VPN extends the private network across the Internet. It enables your computer (the "client") to send and receive data across the Internet through dedicated nodes ("the VPN servers") as if those data were an integral part of the private network. This is achieved through a point-to-point OpenVPN (in routing mode) connection. The connection is encrypted and each packet is authenticated both by your client and our servers, so that nobody (including your ISP) between your computer and the VPN server can see the data you transmit and receive, the real origin and destinations of such data, and, last but not least, can inject forged packets into your stream of data. The picked encryption cipher meets higher-than-military security requirements. Additionally, when your client has established a point-to-point encrypted connection (often referred to as "the tunnel"), your data will "get to the Internet" without any reference to your real IP address, which is simply no more inside the packets. Anybody on the Internet will therefore see your packets as coming from our VPN servers exit-IP addresses, not from your real IP address, protecting you against privacy intruders and other malignant entities, such as sniffers in public WiFi hot-spots, hi-jackers, profilers and disturbed "copyright trolls". You don't need to configure applications to use "the tunnel", because our servers perform a set of route and default gateway pushes that your client accepts: your applications are "tunneled" transparently. OpenVPN encapsulates your packets inside an UDP or TCP stream, therefore all same or higher layer protocols are supported, making a VPN a profoundly different and highly superior solution to any http or socks proxy.

Is it possible for a router to connect to AirVPN service? You need a router which supports the OpenVPN client. Routers where you can flash DD-WRT, Tomato and Merlin firmwares can support OpenVPN. If you don't have a compatible router, don't worry, you can as usual connect with any computer or device which runs Linux, Windows, Android or MacOSX.

How can I prevent leaks in case of unexpected VPN disconnection? We strongly recommend that you set the proper firewall rules. Different solutions are deprecated for security reasons. We provide instructions for Comodo, pf, ipfw and iptables. The rules can be easily adapted for any other good firewall. On the forum announcements section you can find the links to the instructions for each firewall.If you run the free and open source Air software client "Eddie", you can enable "Network Lock" option: https://airvpn.org/topic/12175-network-lock/ In this case, you don't need any instruction for any firewall.

What is the difference between TCP and UDP ports? Which port should I choose? UDP is a connectionless protocol, so during the handshake it is not always possible to do an effective error correction. As a result, when there's high ping or low quality line during the OpenVPN login, the handshake may fail, although you could see no significant problem after (if) the connection is established. TCP is capable of handling these problems. On the other hand, UDP is more efficient once the connection is established. If you experience problems with VoIP video/audio conversations when connected to the VPN through a TCP port, a typical case for which a difference may be visible (VoIP over TCP - for example UDP over TCP - is clearly inferior to VoIP over UDP because TCP implements ARQ, UDP does not), then go for an UDP connection. In general, you should always try an UDP connection if your ISP allows it and you don't experience any problem during the handshake. A particular case is a connection over TOR or over an http-proxy. In this case, TCP is mandatory. Variety of ports (53, 80, 443) is an additional option to try to bypass country or ISPs blocks, or bandwidth management.