Staff

Hello, in your case connect over OpenVPN directly. OpenVPN over SSH or over SSL should be used only when OpenVPN direct connections are not possible or severely impaired. They should NOT be used in any other case. Kind regards

Hello, at the moment of this writing we have no information at all about the issue and we have not been warned about any problem. Supported payment processors remain the same, without any variation. Accepting cash in mail would pose serious, practical operational problems, and perhaps legal problems as well. We are anyway working to add more and more payment methods. Kind regards

Hello! Please forward remotely any port (it does not matter which) and remap it to local port 9987. Kind regards

Hello! In this case the answer is yes, as long as your system is connected. We always need to clarify because "protection" is sometimes meant by Windows users as protection against malware. AirVPN is not an antimalware tool and should never be used as such. Kind regards

Hello, this is a report we had from one of our customers (thanks jd83751) running Windows 8.1 Preview, it might be very useful for you too: "okay I fixed it. somebody helped me out on a microsoft forum. this is what they told me and just in case somebody else has this issue this is what I did. I went into the "Device Manager", looked for TAP-Windows v9 adapter and uninstalled it. after that I uninstalled OpenVPN. then I went into "Regedit" and deleted this key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\NET after that I re-installed OpenVPN and got it to work. thank you for your time and trying to help me out. hopefully the steps above will help out anyone else that has this problem. thank again for cooperating with me." Kind regards

Hello, stats are updated every 60 seconds. "Best" server means best server to connect to in the corresponding, specified area, and it is calculated with a formula based on latency, bandwidth, status and normalization parameters. Kind regards

Hello! 1. Yes: https://airvpn.org/tomato and https://airvpn.org/ddwrt You can anyway run OpenVPN automatically at your system startup, you don't need to launch it manually. 2. Your question is somehow unclear, can you please elaborate and explain what you mean with protection? Kind regards

Hello, maybe you refer to TLS re-keying? http://openvpn.net/index.php/open-source/documentation/security-overview.html "During SSL/TLS rekeying, there is a transition-window parameter that permits overlap between old and new key usage, so there is no time pressure or latency bottleneck during SSL/TLS renegotiations." Kind regards

Hello, the Air client needs administrator privileges to invoke OpenVPN with administrator privileges so that it can modify the system routing table, an essential condition to enter a VPN. Use OpenVPN directly or OpenVPN GUI if you don't like the Air client. They will need administrator privileges as well (although you might set up a method to run OpenVPN without administrator privileges and enter the VPN anyway). Kind regards

Hello, the mobile dongles we tested are all working just fine, can you please describe the one you're testing? Thanks in advance. Kind regards

I am afraid the three major open public trackers are being blocked again from Lyncis: tracker.istole.it tracker.openbittorrent.com tracker.publicbt.com I have not tried with other servers. Someone seems very determined. I can probably get by with DHT and peer exchange if it comes to it. Hello, no, it's a problem on our side, re-routing for those trackers failed. We have detected the problem and it will be fixed in a very short time. Kind regards

@trekkie.forever Good idea. You can anyway achieve the same purpose more quickly without SSH, therefore without sacrificing performance, and without firewall (see our previous post in this thread https://airvpn.org/topic/9594-airvpn-client-as-socks-proxy/?do=findComment&comment=10948 ). We are also working to study a possible implementation of IP binding in Eddie (the next client release). Kind regards

Hello, understood, but as we said a SOCKS proxy alone is not a safe solution to hide your real IP address in a p2p torrent swarm or against "p2p enemies". Offering an external SOCKS5 proxy may be or may be not a nice plus, anyway we can't advertise it for p2p and it should not be used for it. We would provide a technically inadequate service (see also NaDre's posts) for such purpose, which would be not only against our mission, but also a sort of hoax against our customers. We're not interested in providing gullible people with bad solutions, moreover deceptive advertising is something we look at with disgust. That's why we are inquiring about what a SOCKS proxy would be useful for, if there's anything that a SOCKS proxy can offer that isn't already provided (in a proper way) by AirVPN. Kind regards

Hello, yes, the problems we talked about are pertaining to SOCKS proxies alone. You can have an equivalent security against leaks already now with AirVPN, without the limitations of SOCKS + SSH. See also NaDre's messages. Kind regards

Hello, we have a report according to which OpenVPN 2.3.2 works on Windows 8.1 preview. We are not testing at the moment Windows 8.1 preview but you might like to try anyway. Kind regards

Hello, for your purpose just bind uTorrent to your VPN IP address or write a couple of rules with a firewall and use a VPN, not a proxy. If privacy is your concern, a SOCKS proxy for p2p is not the appropriate tool. A SOCKS proxy by itself is a tool for circuit-level gateways and also for circumvention, it has nothing to do with privacy or data stream protection. First, there are several real IP addresses leak problems to be considered. These attacks: http://hal.inria.fr/docs/00/47/15/56/PDF/TorBT.pdf and also the problem with UDP packets (through which a torrent client may communicate the real IP address to UDP trackers and/or to peers via DHT). Second, but maybe more important, your traffic is not encrypted, so your ISP and any Man In The Middle can see very well the whole p2p traffic you send out and receive and can profile your p2p activities, inspect the contents you share, inject forged packets, send you warnings etc. etc. It seems strange that a company advertises a SOCKS proxy as a privacy measure for torrent (or for anything else). Maybe it's a different service, in conjunction with SSH? Kind regards

Hello, if you run Linux you have the option of a much more elegant solution which has the same effect, does not need packet filtering, but at the same time does not put you under the performance and protocols limitations of a proxy: http://daniel-lange.com/archives/53-Binding-applications-to-a-specific-IP.html Just like you need to configure every single application to be tunneled over a proxy, you will need to launch every application you want to secure with an LD_PRELOAD shim to bind it to the VPN IP address. With Windows you can use ForceBindIP, unfortunately it does not work with every Windows version. Some more options (already available natively on every Air server): https://airvpn.org/ssl https://airvpn.org/ssh Of course all of the above does not make sense in comparison to securing the connection with a packet filtering tool. Also, SSL/SSH services are aimed against OpenVPN connections disruptions. @rchunter About providing an external, pure SOCKS5 server... why do you need it, what would it be useful for? Kind regards

Hello, transaction has been now cleared by PayPal and account has been automatically activated. Probably it was something related to PayPal Risk Management or security service. Kind regards

Yes, 100% correct. EDIT: of course we don't strictly need to "re-route" checkmytorrentip as well, but it was decided to do so for consistency and comfort. Kind regards

Hello, there is no time pressure to move away from RSA 2048-bit size keys. According to some experts (but not all, other experts do not agree), RSA 1024-bit keys are likely to be "breakable" with technologically possible resources in the very near future (a matter of years, or maybe months). RSA 2048-bit keys are unanimously not considered "breakable" until 2030. See references and notes in the Wikipedia article "RSA (algorithm)". Of course we are talking about properly generated RSA keys (i.e. whose prime factors are generated with a random number generator seeded with sufficient entropy) and assuming that no polynomial-time method for factoring large integers on a computer will ever be found (but it must be noted that, while such method has never been found in decades of research, it has never been proved that such method does not exist). About SHA256, SHA512 and Elliptic Curves cryptography, keep in mind that in our configuration HMAC SHA-1 (not SHA-1) is used for tunnel packets authentication, for which we just don't care about collisions, not for tunnel data channel (OpenVPN Data Channel is encrypted with AES-256-CBC cipher). In order to start to attack the underlying SHA-1, an attacker should first find the private key. Moving to Elliptic Curves cryptography (when OpenVPN will support it natively) is not a totally painless procedure, customers and users will have to upgrade their clients and re-generate every configuration file, while older systems will not be able to handle it with older OpenSSL and OpenVPN versions. See also: https://forums.openvpn.net/topic8404.html Therefore, should the need to move to HMAC SHA512 arise ("attacks always get better, they never get worse"), we will make the procedure as smooth as possible, with overlapping windows, carefully planning it in order not to cut out of the service users and customers. Kind regards

Hello! Please see here: https://airvpn.org/topic/9499-connecting-to-trackers-fails-from-different-servers/ Kind regards

Hello, please follow your ticket from the support staff. Your transaction is still pending, hopefully it's just a temporary PayPal problem. Kind regards

Hello, it's the company which operates the datacenter in Zurich where Virginis is physically located. If some IP geo-location service reports it as being in Norway, it's just a geographical IP location database error (not uncommon: maintaining an IP database in good order is a difficult task). Kind regards

Hello, OpenVPN does not interfere in any way with the system physical interfaces (WiFi, Ethernet...) settings. The fact that the problem did not arise in one year hints to some recent configuration change in your system. Please check your firewall and antivirus, and also make sure that the DHCP client service is running. Does the problem disappear if you disconnect and re-connect to your WiFi hot-spot? Kind regards

I think I understand now. So even though I see queries going to whatever DNS server (on ipleaks), they will always go through the VPN tunnel? Yes, the only exception is when DNS queries are sent to a destination inside your local network or to the entry-IP address of the OpenVPN server the system is connected to, in this case they will not be encrypted (see your routing table while connected to the VPN to understand why). This opens up the option (or the risk) to send out unencrypted DNS queries, for example when DNS queries are sent to your router which in turn forwards them to some other DNS server. However technically this is not a DNS leak, because the system complies to the settings (contrarily to Windows, where real DNS leaks can occur). Kind regards