Staff

Hello! Thank you for your subscription. You can achieve your purpose with a single "program rule" applied to utorrent.exe. See here for details: https://support.norton.com/sp/en/us/home/current/solutions/v1028140_NIS_Retail_2012_en_us The rule to insert (in Comodo format) is Block IP Out From IP Not In [10.4.0.0 - 10.9.255.255] To MAC Any Where Protocol Is Any In plain english, it means that all IPv4 packets coming from uTorrent outside the tunnel must be dropped, regardless of the destination ("MAC Any" in Comodo means every possible IP address). The IP range from 10.4.0.0 to 10.9.255.255 is the whole IP range of the virtual private network (except when you connect to port 2018, but let's leave this apart momentarily for simplicity sake, just do not connect to port 2018). The rule must be translated into a format acceptable by Norton, presumably the Norton customer support can do that in a matter of seconds (feel free to send them this message and the link https://airvpn.org/specs for further tech details). Kind regards

Hello! Thank you for your subscription. Please follow the instructions you should have received to activate any account. In case of any issue feel free to use the "Contact us" form. Kind regards

Hello! Let's make a practical example. Let's assume that, after you have installed the stunnel package, you want to connect over OpenVPN over SSL to Bootis and also that you do not select the option "Separate keys/certs from .ovpn file". After you have used the configuration generator, you will have two files, as you have noticed: AirVPN_GB-Bootis_SSL-443.ovpn AirVPN_GB-Bootis_SSL-443.ssl Put them in any directory you like. Now, open two shells: one as normal user, the other as root. If you don't have a "root shell", in the second shell elevate to root with the command "su". If you have an Ubuntu distribution su is not available by default, so you will have to use the command "sudo" (see below). In the first shell, as normal user, go to the directory where you put the files (cd ) and issue the command: stunnel AirVPN_GB-Bootis_SSL-443.ssl Now switch to the second shell, where you are root, go to the same directory and issue the command: openvpn AirVPN_GB-Bootis_SSL-443.ovpn If you have Ubuntu and you're not root on the second shell, the command is: sudo openvpn AirVPN_GB-Bootis_SSL-443.ovpn OpenVPN should connect to Bootis over SSL. Check that the connection is successfully established by browsing to our web site and making sure that the central bottom box is green and displays "Connected!". In case of issues please copy the output of both commands and paste them in a message. Kind regards

Hello! Thank you for your susbscription. The Air client is a stand-alone executable, it does not need installation. OpenVPN requires installation. Instructions for supported systems are in menu "Enter". Direct link for Windows: https://airvpn.org/windows After you have launched the Air client browse to https://airvpn.org and check the central bottom box. If your system is connected it's green, otherwise it's red. Please send us your client logs after an attempted connection: right-click on the Air dock icon, select "Logs", click on "Copy to clipboard" and paste in a message. Kind regards

Hello! Which OpenVPN client/wrapper are you running and what is your Android version? Kind regards

Hello! You should ask an accountant in your country. As far as we know this is surely possible in most EU countries. On our side, we can emit an invoice to your company, just contact us with the "Contact us" form to give us VAT ID, company name and address (and please include your payment previous invoice ID). Kind regards

Hello! Why not ask directly to your ISP? Kind regards

Hello! The problem is showed in the above quoted log line. Tunnelblick 3.2.8 is NOT fully compatible with Mac OS X 10.8.x. Please upgrade to Tunnelblick 3.3beta21b: http://code.google.com/p/tunnelblick/wiki/DownloadsEntry?tm=2 Kind regards

Hello! We have been forced by trolls to put the forum under moderation. When you enter a message, a human moderator must first approve it before it becomes accessible to anyone. Kind regards

Hello! Liability exceptions and limitations for mere conduits of data is a stronghold in western legislation and an essential pre-requisite for nowadays Internet very existance. It is a concept which was born in the Roman Empire with the cursus publicus (the first efficient mail system open to the empire employees and rich private citizens), according to which the carrier of mails, money and objects can not be held liable for the behavior of the sender or the content of the items. It is the very same principle, translated to interconnected networks, for which phone companies are not shut down when a crime is committed through their network, or for which postmen and directors of a mail service are not prosecuted for the infringing content of the packages they deliver. This concept is enshrined, specifically for the Internet, in EU, USA and Singapore legal framework. If you don't want to "occupy" the same IPv4 address of an infringing node (which is anyway a non-problem at all, why should you be worried about it?), nowadays there are not many options. One of them is not using the Internet at all, which is of course a not viable solution. Another one is setting up your own node with a dedicated IPv4 address (some ISPs that still have free IPv4 adresses offer this service, as well as all dedicated servers hosting/housing providers) and renounce to any anonymity layer. Kind regards

Hello! Apparently your problem has a 'different nature'. Whenever you experience problems in connecting, please check servers availability: https://airvpn.org/status and your account details (menu "Member Area"->"Your details") where you can find the reason of the last failed connection. Your account is successfully connected to some Air server since about 2 hours ago. Kind regards

Hello! Perfectly safe. Since IPv4 addresses shortage hundreds of ISPs in the world use NAT and shared IP-addresses. Every day tens of millions of citizens in the world share IPv4 addresses. For the VPN anonymity layer, sharing an IP address is a very significant advantage. Kind regards

Hello! Maybe your ISP mail service is reserved to those directly connected to the ISP network? Kind regards

Hello! You have no packet loss and no packet fragmentation. You have very poor performance with different servers in different countries and datacenters connected to different tier1 providers. The problem is therefore not on our side. There are various options to consider: 1) "bad" peering of your ISP (or maybe the ISP of your ISP) with all major tier1 providers 2) an unconditional cap from your ISP 3) some problem in your system Point 1 is quite hard to determine. About point 2, you could ask directly to your ISP if they perform bandwidth management / port shaping with OpenVPN connections. You could also try a connection over OpenVPN over SSL and SSH to see if there's difference in performance https://airvpn.org/ssl https://airvpn.org/ssh About point 3, the quickest way to ascertain that is just testing a connection in your network with any other different machine. There are some (rare) cases in which we have seen that Windows had been customized by the hardware manufacturer (for example Asus and Acer) with a custom network-manager which causes severe bottleneck problems with OpenVPN (the problem is maybe related to any virtual tun network interface). If it's your case, try to remove that and use the default Windows network-manager to see if there's any difference in performance. Kind regards

Hello! Can you please try a connection (at least one hour long if possible) directly from one of your computers in order to see whether the instability is due to the DD-WRT router OpenVPN client or not? Kind regards

Hello! Can you please try to connect to port 53 UDP and port 80 TCP of various servers to make a performance comparison? Kind regards

Hello! Yes, routers ports have nothing to do with remotely forwarded ports. When your computer is in the VPN all packets go to and come from the same port (in our service, either 53, 80, 443 or 2018). In your case, you have yellow tokens which show that your system is reachable on real IP:port. This shows that your housing router has those ports opened, contrarily to your assumption, and that your game client listens to your physical interface. Try to bind it to the tun/tap adapter with ForceBindIP: http://www.r1ch.net/stuff/forcebindip Kind regards

Hello! Either because, at the very moment of the check, the service is not listening to those ports, it is not replying or it is not running. Kind regards

Hello! You can download the Air client and OpenVPN appropriate package here: https://airvpn.org/windows Install OpenVPN. Make sure you authorize the installer to install any driver. Download Comodo Personal Firewall here: https://personalfirewall.comodo.com Install Comodo and make sure that Windows firewall is disabled. Kind regards

Hello! "Yellow" token in your case means that your service could be reached via TCP and not UDP. Probably it listens to TCP port only. [EDIT] Wrong, in your case it shows that your service is reachable on the real IP. "Gray" token means that the service was either not running or not listening to the specified local port. Kind regards

Hello! Thanks for your subscription. You need to remotely forward 5 ports (menu "Member Area"->"Forwarded ports"), all of them both TCP and UDP. Remap the first port to local port 80, the 2nd to local port 3074, the 3rd to local port 88 etc. You don't need the access the housing router. Kind regards

Hello! Probably 1.0.3 is the OpenVPN GUI version. Latest client version is currently 1.8, latest OpenVPN version is currently 2.3.0. Can you please send us the logs of the Air client just after the problem occurs? Kind regards

Hello! OpenVPN Data Channel uses AES-256-CBC cipher. RSA keys are 2048 bit long. Packet authentication is performed through HMAC SHA 160 bit. TLS keys are renegotiated every 60 minutes with overlapping windows. During SSL/TLS rekeying, there is a transition-window parameter that permits overlap between old and new key usage, so there is no time pressure or latency bottleneck during SSL/TLS renegotiations. Client/server authentication is performed through double certificate and key. Cryptocat encrypts your chat end-to-end and it does not hide your IP address. As you say a VPN is a totally different service, encrypting everything from/to the server to/from the client. Out of this tunnel data are decrypted (of course) but your real IP address is no more in the packets. Nothing prevents you to use additional end-to-end encryption layers in addition to the VPN, especially if you need to protect your data while they transit out of the tunnel. Kind regards

Hello! It works even for virtual interfaces like the tun/tap adapter. Kind regards

Hello! Yes, of course, this is one of the most basic features of the service. Kind regards