Staff

Hello! What service is listening to port 2105? Kind regards

Hello! Can you please try port 53 UDP and report if the problem is the same? The kind of network lock you met is in our experience commonly caused by something that wrongly interprets the normal OpenVPN UDP flow as an attack. When you're connected to the VPN over UDP, all the incoming traffic is UDP, as you know, so this might trigger the security systems of packet filtering tools etc. This would explain also why you don't have problems with TCP. We have noted this behavior with some Internet security suites for Windows, can you please check in your system? Kind regards

Hello! Can you please make sure that the service(s) behind the VPN server are running and listening to the correct ports when the test is performed? Kind regards

Hello! Can you please make an example (an onion site address and an Air VPN server from which you can reach it without TOR)? Kind regards

Hello! Thank you for the suggestion. Can we ask why you would be willing to use a torrent proxy? It's a delicate argument, because there are security risks to consider. Some torrent client, like uTorrent, BitSpirit, and libTorrent, write an IP address directly into the packets sent to the swarm peers. So when they run in a machine where an OpenVPN client has established a tunnel in routed mode all is fine but when they are behind a proxy they write your REAL IP address inside the packets. See also here: https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea Kind regards

Hello! Thank you, we're glad to hear your appreciation about the new system. About the issue, you are right. The system still needs some fine-tuning, we are working on it. Kind regards

Hello! Thank you, we are aware of the problem and we're working to fix it. [EDIT: fixed] Kind regards

Hello! The selection is governed by randomness (remote-random OpenVPN directive). For additional information please see here (search for "remote-random"): https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage Kind regards

Why don't you add many more servers locations? A new server location must comply to every AirVPN requirement. Contrarily to some of our competitors, we don't add locations just to have "one more country flag", in disrespect of service quality and customers' security. We take every care in order to provide high quality of service and high security. The servers datacenters must comply to our requirements for privacy, bandwidth, traffic, peering, net neutrality and usage policy. All these factors together restrict significantly the range of viable choices. The privacy requirements alone cuts out entire countries, while several other countries are discarded because they have an insufficient infrastructure. This is the only way to keep the service in line with our vision and our quality and security standards. Under a security point of view, picking a server outside the country you live in is a superior choice: an adversary with the ability to monitor your Internet line will have more difficulties in re-building your connections paths and enlarge its monitoring powers into different jurisdictions. Under a performance point of view, geographical proximity does not always imply network proximity. Also, we can't ensure 1 Gbit/s for every and each location. A better way to select a server to get higher performance is determining, through our servers monitor, the servers with the lowest relative latency and pick, between them, those not at capacity. If you need a particular location to bypass geo-IP-location based restrictions, first have a look here. If the service you're interested in is included in our anti-blocking system, you will probably get higher comfort and performance from a connection to the network-nearest server to you. An example: if you are in Europe and you wish to access Hulu, it is likely that connection to an European server, instead of a connection to an USA server, will result in a better performance (especially if your ISP is not a tier1) and at the same time will allow you to access European services more swiftly. If the service is not included in our anti-blocking system and/or it is in a country where we do not have servers, ask for it: routing anti-geo-IP-location based restrictions servers are not bound to our requirements for privacy legal framework etc., so we will evaluate your request without prejudice deriving by our strict requirements.

Do you accept Bitcoin? Yes. Just select "Bitcoin" at the checkout to pay with Bitcoin. No intermediary is involved in the transaction: you will pay directly to us. Note: you can significantly increase privacy and also add a strong anonymity layer if you always run your Bitcoin client behind Tor.

How many simultaneous connections can I establish from a single account? Each account can establish up to 5 (five) connections to different VPN servers. Additionally, if all the devices are on the same network, you can use a Tomato / DD-WRT / pfSense / Fritz!Box router or a computer configured to act as a "gateway/host" through connection sharing to access a VPN server from all of your devices with a single account. If you need more than 5 connections simultaneously from different networks, you need additional accounts subscriptions.

Do you allow p2p? How can I optimize performance of eMule and BitTorrent with AirVPN? Yes, p2p is allowed, as well as any other protocol. Currently p2p is a set of the most efficient protocols to share and access information on the Internet. We do not discriminate against any protocol. To obtain the best performance with a BitTorrent client or an eMule client, log your account in our web site and proceed to remotely forward a port from the menu "Client Area"->"Forwarded ports". Pick a port or let the system choose an available one for you. Pick "TCP & UDP". Remember the port number. Then, configure the "Port used for incoming connections" (also called "Listening port") in your BitTorrent client so that it matches the port number you have just forwarded remotely. On eMule, go to "Options"->"Connection" tab. Write in both fields of "Client ports" the number of the port that you have forwarded. Disable UPnP, NAT-PMP and any possible automatic port mapping feature that can modify the listening port. If you run uTorrent or any other software with bandwidth management, make sure to disable such management (such as uTP in uTorrent). In this way your clients will be able to accept incoming connections from the Internet, enhancing performance in several cases and making initial seeding possible. This procedure can be performed just once and for all, as long as you don't wish to change port(s) on your clients. On BitTorrent clients, make sure to disable the option to pick random ports at every startup. If you forward a port for a p2p torrent client, do NOT remap it to a different local port and make sure that the torrent client port matches the remotely forwarded port number, otherwise your client will communicate to trackers (if you use them) and DHT the wrong port: torrent clients will communicate to trackers and DHT the port number you have configured in them. As a result, you will get no incoming packets from the swarm and the torrent client network status token will remain yellow. IMPORTANT: do NOT forward on your router the same ports you use on your Bittorrent or eMule client (or any other listening service) while connected to the VPN. Doing so exposes your system to correlation attacks and potentially causes uncencrypted packets to be sent outside the tunnel from your client.

Which speed can I expect when I am connected to the VPN? Speed may vary according to several conditions which are intrinsic to how the Internet works. We guarantee on our servers, switches and lines an allocated minimum bandwidth of 4 Mbit/s per account (worst case scenario), while the upper limit is 500 Mbit/s on 1 Gbit/s servers. Please note that this is the bandwidth which is "allocated" for each account: the bandwidth you can obtain depends also on your provider conditions, peering and several further conditions. Please contact us to test speed from your ISP connection.

Are there traffic limits for an account? No, there are no traffic limits.

Do you keep session logs or any other kind of logs that can be used to track identity and Net activity? No, we don't keep logs of that kind.

I have heard the some VPNs providers do not really protect privacy. What is your policy? First of all we kindly invite you to read carefully our Terms of Service and Privacy Notice, available on the bottom of every website page. Furthermore, you might be interested in reading our statement pertaining to the issue here.

What is a VPN? VPN is an acronym of Virtual Private Network. Our VPN extends the private network across the Internet. It enables your computer (the "client") to send and receive data across the Internet through dedicated nodes ("the VPN servers") as if those data were an integral part of the private network. This is achieved through a point-to-point OpenVPN (in routing mode) connection. The connection is encrypted and each packet is authenticated both by your client and our servers, so that nobody (including your ISP) between your computer and the VPN server can see the data you transmit and receive, the real origin and destinations of such data, and, last but not least, can inject forged packets into your stream of data. The picked encryption cipher meets higher-than-military security requirements. Additionally, when your client has established a point-to-point encrypted connection (often referred to as "the tunnel"), your data will "get to the Internet" without any reference to your real IP address, which is simply no more inside the packets. Anybody on the Internet will therefore see your packets as coming from our VPN servers exit-IP addresses, not from your real IP address, protecting you against privacy intruders and other malignant entities, such as sniffers in public WiFi hot-spots, hi-jackers, profilers and disturbed "copyright trolls". You don't need to configure applications to use "the tunnel", because our servers perform a set of route and default gateway pushes that your client accepts: your applications are "tunneled" transparently. OpenVPN encapsulates your packets inside an UDP or TCP stream, therefore all same or higher layer protocols are supported, making a VPN a profoundly different and highly superior solution to any http or socks proxy.

Is it possible for a router to connect to AirVPN service? You need a router which supports the OpenVPN client. Routers where you can flash DD-WRT, Tomato and Merlin firmwares can support OpenVPN. If you don't have a compatible router, don't worry, you can as usual connect with any computer or device which runs Linux, Windows, Android or MacOSX.

How can I prevent leaks in case of unexpected VPN disconnection? We strongly recommend that you set the proper firewall rules. Different solutions are deprecated for security reasons. We provide instructions for Comodo, pf, ipfw and iptables. The rules can be easily adapted for any other good firewall. On the forum announcements section you can find the links to the instructions for each firewall.If you run the free and open source Air software client "Eddie", you can enable "Network Lock" option: https://airvpn.org/topic/12175-network-lock/ In this case, you don't need any instruction for any firewall.

What is the difference between TCP and UDP ports? Which port should I choose? UDP is a connectionless protocol, so during the handshake it is not always possible to do an effective error correction. As a result, when there's high ping or low quality line during the OpenVPN login, the handshake may fail, although you could see no significant problem after (if) the connection is established. TCP is capable of handling these problems. On the other hand, UDP is more efficient once the connection is established. If you experience problems with VoIP video/audio conversations when connected to the VPN through a TCP port, a typical case for which a difference may be visible (VoIP over TCP - for example UDP over TCP - is clearly inferior to VoIP over UDP because TCP implements ARQ, UDP does not), then go for an UDP connection. In general, you should always try an UDP connection if your ISP allows it and you don't experience any problem during the handshake. A particular case is a connection over TOR or over an http-proxy. In this case, TCP is mandatory. Variety of ports (53, 80, 443) is an additional option to try to bypass country or ISPs blocks, or bandwidth management.

You provide Remote Port Forwarding, what is it? "Remote port forwarding" forwards traffic coming from the Internet to our VPN server ports to a specified local port of your client. By default, your account has no forwarded ports, and this is good as long as you don't wish to have a service reachable from the Internet. For example, suppose that you want to run a web server behind our VPN, or that you wish to receive incoming connections to your BitTorrent client in order to improve p2p performance, or to seed a file. Without at least one remotely forwarded port, your service could not be reached from the outside, because our VPN server would reject the proper packets to your service. Usually this is a good security measure against attacks, but it prevents your services to be reached from the Internet. When you remotely forward an inbound port, our servers will open that port (TCP, UDP or both, according to your selection) and will properly forward incoming packets to you on that port. The service will be reachable from the exit-IP address of the VPN server your system is connected to. You can forward up to 20 ports simultaneously. You can do that on our website, in your account "Client Area". You can't forward ports lower than 2048. You can map a remotely forwarded port to a different local port: this is useful for a variety of cases, for example when your service listens to a port lower than 2048 or when the port is already reserved. More details about it here below. Once you reserve an inbound remote port for your account, you have two options: 1) Leave the "Local" field empty. In this case, packets arriving to the VPN server exit-IP address port n will be forwarded to your machine IP address inbound local port with the very same number n 2) Fill in the "Local" field with a different port number x. In this case packets arriving to port n will be forwarded to your system inbound local port x. In both cases you need to reach the service on the VPN server exit-IP address port n. IMPORTANT: do NOT forward on your router the same ports you use on your listening services while connected to the VPN. Doing so exposes your system to correlation attacks and potentially causes unencrypted packets to be sent outside the tunnel from your client. However, if you connect a router (for example DD-WRT, Tomato based firmware router) an additional step is required, please see https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/ NOTE: you can't reach your listening service(s) through the VPN server exit-IP address from the very same machine that's running it/them and is connected to a VPN server, or from any other machine connected to that same VPN server.

Hello! We have identified the problem and we'll work to fix the bug in the next days. The problem arises only if you access your forwarded ports panel just after you have switched one or more VPN servers (i.e. if you connect to 2 or more servers in less than 2-3 minutes). It will take some time to fix the bug. In the meantime, if you meet again the problem, all you have to do is waiting 2-3 minutes without switching servers, or avoid to access the port forwarding panel for 2-3 minutes since your last server switch. We apologize for the inconvenience. Kind regards

Hello! Your question has been already answered in the previous post. Kind regards

Hello! We're looking into the issue, thank you for the warning. Kind regards

Hello! As you can see, we have deeply modified our system: new forum, new account processor, new support implementation and more. The forum enables you to use several functions that were previously unavailable, including the repeatedly required PMs between members, while the new account processor is much more flexible, eliminates some irritating defects of the previous one and offers additional features. The new support system allows us to follow and handle your requests and tickets more quickly and effectively. Don't hesitate to post your feedback if you wish so! Kind regards AirVPN Team