Staff

Hello, yes, you need to allow packets from 10.4.0.0/16 to any 10.5.0.0/16 to any ... 10.9.0.0/16 to any and packets from any to 10.4.0.0/16, 10.5.0.0/16 etc. Kind regards

Hello, you can't specify multiple IP addresses with the not (!) operator (! not allowed with multiple source or destination IP addresses)So, you might simply DROP everything in OUTPUT (default policy): iptables -P OUTPUT DROP but ACCEPT all packets to the entry-IP addresses of the VPN servers you wish to connect to, to the IP range of your home network and to allow DHCP: iptables -A OUTPUT -o eth+ -d a.b.c.d,e.f.g.h,...,w.x.y.z -j ACCEPT # in this rule we use the "," operator to specify multiple IP addresses in just one line, but you can split the rule in multiple lines if you prefer so iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT iptables -A OUTPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT Kind regards

Hello, please see: https://airvpn.org/topic/9171-i-have-two-or-more-computers-at-home-do-i-need-to-use-two-or-more-different-airvpn-account-for-simultaneous-access/ Also, have a look at https://airvpn.org/ddwrt and https://airvpn.org/tomato Can you please tell us your router brand and model? We'll check if it is Tomato or DD-WRT compatible. If you have already tried that, resulting in unacceptable performance, you might evaluate to setup a computer as a host, sharing Internet connection, in order to allow all the devices in your home network to tunnel their traffic transparently. Kind regards

Hello, yes, it's a DNS problem. First, please try a Winsock sockets and TCP IP stack reset, then reboot the system. Please see here: https://airvpn.org/topic/8320-solved-connects-but-ip-doesnt-change-on-windows-server-essentials-2012/?do=findComment&comment=8321 If the reset does not solve the issue, force 10.4.0.1 as primary (preferred) DNS in your physical network card (WiFi or Ethernet). In order to do that, please see http://www.sevenforums.com/tutorials/15037-dns-addressing-how-change-windows-7-a.html Kind regards

Hello! Let's check whether it's a DNS problem. While connected to any VPN server, could you please open a command prompt and send us the output of the following commands: ipconfig /flushdns ping 10.4.0.1 ping google.com ping 8.8.8.8 Kind regards

Hello I have managed to get SSL and SSH working (although only on port 22 for SSH) and the connection is significantly faster. Thank you. Hello! Excellent. Additionally, you might like to contact BT customer service. Several months ago they had major issues with OpenVPN when they implemented some new system, but then they claimed they solved all the problems. Actually we have had BT customers that had problems at the beginning, but then BT managed to solve their problems. It's worth that you contact them because anyway you can get higher performance with direct OpenVPN connections over UDP than OpenVPN over SSH. Kind regards

Hello! Can you please tell us your OS? About the logs, if you use Windows and the Air client, you can find them by right-clicking the Air client dock icon and selecting "Logs". After that please click "Copy to clipboard" and paste into your message. Kind regards

Hello, no, we're sorry, it's not possible. Kind regards

Hello, this is a guide to prevent ANY leak on Windows 7/8 with Windows Firewall published by Omniferum. It is particularly simple to follow and well written, and it provides also a very comfortable "VPN flipper". Thank you Omniferum! Warning: the setup works on Windows 7 and Windows 8 with the default Windows Firewall. It has NOT been tested on any other Windows version. It will NOT work on Windows XP (whose firewall is completely different and very limited, Windows XP users might like to use Comodo Firewall). It is NOT suitable if you have any other firewall running on your system (remember, you must never run two firewalls simultaneously). Important: the VPN flipper script will NOT work if your Windows is not in English language, because the system Firewall rules names change (incredible but true!) according to the language (thanks to Esamu for the information). UPDATE 14-May-14: issue fixed. Original thread updated on May the 14th, 2014: https://airvpn.org/topic/9609-blocking-non-vpn-traffic-with-windows-firewall Kind regards

Hello! You have probably a redirection/hijack malware in your system. Try to remove it and also add to your hosts file the line: 95.211.138.143 airvpn.org Feel free to keep us informed. Kind regards

Hello! Instructions for Windows, Linux and OS X can be found here: https://airvpn.org/ssh Remember that OpenVPN over SSH should be used only when absolutely necessary, for example when a direct OpenVPN connection is not possible (China residential and mobile lines, Iran). When a direct OpenVPN connection is possible and not throttled, OpenVPN over SSH should not be used. Kind regards AirVPN Support Team

Hello, your system can't resolve nl.vpn.airdns.org (which is not used by the Air client). Can you please tell us if nl.vpn.airdns.org is resolved by your system now? Commands: tracert nl.vpn.airdns.org ping nl.vpn.airdns.org Kind regards

We received a notification of solved problem from auto24955520: "I think the problem was upgrading my tunnelblk. Basically I looked through the preferences, and for some reason the OpenVPN version was still on default, an old version. I changed it to the latest, v2.3.2, deleted the profiles and created a new one. And it works fine now." Kind regards

Hi, of course, of course. It's planned in the next client release (Eddie). Kind regards

Hi, actually there's a guide: https://airvpn.org/topic/9549-guide-to-setting-up-vpn-just-for-torrenting-on-windows-thanks-to-nadre/ see section "Routing Table Change to Block Outgoing Native Traffic" It does not depend on firewall. Kind regards

Hello, you need to edit your hosts file because the Air client needs airvpn.org resolution (when your system is disconnected from the VPN, it can't resolve names via DNS, because 10.4.0.1 and 10.5.0.1 are private IP addresses). Add the lines: 95.211.138.143 airvpn.org 212.117.180.25 airvpn.org Kind regards

@NaDre Hello, it was explained here: Kind regards

@stefeman You're typing the wrong file name, please type the correct file name. If in doubt issue command "ls" to see the list of the files in the current directory. Press TAB for auto-completion help while typing the filename. Kind regards

Hello, it's difficult to say something useful without logs, anyway try to install configuration files by keeping one and only one configuration per folder. Make sure to rename the folder with a ".tblk" extension only AFTER you have pasted the .ovpn configuration file inside it. Kind regards

@johndough Yes. Just to explain more to the readers, the client, without any server co-operation, can either disable TLS renegotiation (NOT recommended at all) or set any TLS re-keying period NOT HIGHER than the server setting. It's not possible that the client set a TLS re-negotiation (if active) to more than the time value set on the server. Our servers are set to 60 minutes, so you can't have TLS re-negotiations higher than 60 minutes. Kind regards

Hello, there is a GMail option to disable that warning and allow any IP address, and even an option to authorize certain IP addresses (so you could put there the exit-IP addresses of the VPN servers you connect to). Please consult the GMail guides at your convenience. Once you have authorized an IP address, it will be authorized regardless of the device you use to access the mail server. Kind regards

Hello, the unsolvable problem for NSA in this case is that our customers client keys for OpenVPN Data Channel encryption are re-negotiated at each new connection AND every 60 minutes (essentially the core of Perfect Forward Secrecy). Customers can also lower the TLS re-keying interval on the client side. Kind regards

Hello, these log entries: show that there was no communication between your node and the VPN server: no routing to the server was possible. Kind regards

Hello, please run the PortListener and report the server names where you experience the problem at your convenience. Kind regards

@tangomega Ok, it was wrongly understood that OpenVPN was running in a DD-WRT router. Our fault, you were very clear in your description. Your idea on how to fix the issue is just fine, please see also here: http://wandin.net/dotclear/index.php?post/2009/01/08/OpenVPN-MTU-Size http://openvpn.net/archive/openvpn-users/2004-11/msg00044.html Alternatively, just connect over TCP, but this might not be the ideal solution due to performance hit. Kind regards