Staff

Hello! Remember that you lose the Network Lock feature in this case. Hummingbird 2.0.0 preview for macOS is almost ready and it will let you run WireGuard through wg userspace tool in macOS with Network Lock, if you need it. Stay tuned on the "News" forum. Kind regards

Hello! We too. Same thing, the linked article is correct. Talking about per app traffic splitting we don't, but maybe the community does. You can also consider virtualization or emulation, for example with UTM which runs well in Apple Silicon (it is a QEMU wrapper). https://mac.getutm.app/ Yes, it will be considered for Eddie Desktop edition. Kind regards

Hello! We mean that the VPN servers do not run any OpenVPN process offering connections to clients without encryption (see also https://airvpn.org/specs ). You're welcome. AirVPN infrastructure is based on OpenVPN and WireGuard and in all of AirVPN software you're free to pick either WireGuard or OpenVPN to connect (or you can run any other program which lets you drive either WireGuard or OpenVPN). Choose the one which can provide you with the best performance. Kind regards

Hello! For the readers, we paste here the reply by the support team. Thank you for having opened a ticket on top of your message in the community forum. Kind regards --- Hello and thank you for your choice! Error 111 means that the packet reached your system and it was "actively rejected", i.e. the connection was reset. That's why the packet sender can claim that the connection was "refused". The two main causes of the problem are: 1) a packet filtering tool rejecting the packets (instead of dropping them with no reply or active reset, which would cause error 110). Please check the firewall running in the same machine where the listening service also runs and make sure that it does not block incoming packets. 2) the OS is configured to reset incoming connections to a non-existing port. A port (an end point ID for processes) does not exist when it is not createdt for some process. In other words, if no program is "listening to the correct port", and the system is configured to reset connections to ports which don't exist, you will get error 111 - Connection refused. Please make sure that the listening program: - is really running - is listening to the correct port of the correct interface - does not bind to the physical network interface (just in case it offers the option to bind to a specific interface) because the packets will reach it through the virtual network interface, and not the physical one - has been launched after the connection to the VPN has been already and successfully established - has the option of UPnP disabled (this option would cause a bind to the physical network interface, if UPnP is supported by the upstream/router) Kind regards AirVPN Support Team

Hello! We do not provide proxy services, but only VPN, we're sorry. Small and quick didactic off topic here: using a proxy for a torrent program is a terrible idea, see here why: https://blog.torproject.org/bittorrent-over-tor-isnt-good-idea/ It's simply too dangerous, don't do it. If you need to tunnel only the torrent traffic you can rely on traffic splitting on an application basis. We offer it natively on our Linux and Android software, while on other systems you can rely on third party software, for example WireSock or TunnlTo in Windows. Alternatively, please consider containers or hard virtualization as a safer and much more robust solution. Last but not least Gluetun for Linux has built-in AirVPN support. Kind regards

Hello! Unfortunately the system functionalities which are necessary to start and connect a VPN app during the device bootstrap were removed (remember that in Android Eddie can't have root access). This happened since Android TV 9, if we're not mistaken. The removal of the user option "Always on VPN" does not allow anymore to connect the system to an OpenVPN or WireGuard based VPN during the bootstrap. Some say (but we have not enough elements to support the claim) that this is a malicious castration of the system aimed at forcing the device to exchange data from the real IP address at least during the bootstrap to aid and abet user's profiling and to enhance marketing strategies of the manufacturer or Google itself. Kind regards

@ms2738 Hello! That's correct. We would expect that OpenVPN with AES on Data Channel would be faster than WireGuard (which relies on CHACHA20-POLY1305 for payload encryption) on Intel Mac, because Intel CPUs support AES-NI while M1/M2 do not, but experimentally we see that WireGuard may beat OpenVPN 2 in any case on an agnostic network. On Mac OpenVPN3-AirVPN is remarkably faster than OpenVPN 2 thanks to our optimizations, but even so OpenVPN3-AirVPN struggles to beat WireGuard performance on any Mac. Please experiment and also consider that tests are on a level playing field only when the network is really neutral. For example, if an ISP shapes UDP, then OpenVPN may easily win by using TCP (while WireGuard can work only in UDP). A major blow to OpenVPN is provided by the VPN server itself, unfortunately. While WireGuard scales perfectly and is indeed "multithreading", each OpenVPN process in our servers runs in a single core of a single thread. Besides, in VPN servers you see the CPU load increasing with a more than linear growth with the amount of connected clients, while with WireGuard the CPU load increases linearly or less than linearly with the requested bandwidth, and only secondarily with the amount of connected clients. In the VPN servers we have the kernel modules for WireGuard, while with OpenVPN enormous amounts of data are continuously copied from/to kernel space to/from userspace. We're sorry, while OpenVPN would allow tunnels without encryption, we do not support the feature. For the purposes of our service, it would be a potentially risky option which might backfire. WireGuard can not even be configured to use no encryption. Kind regards

Hello! Unfortunately that's not an option which can resolve anything, except for a few cases. Apart from the problems due to IPv4 space exhaustion, an IP address is listed as related to a VPN (in general to an anonymization service) in a matter of hours. Additionally, some services (LoL apparently is one of them) refuse connections from IP addresses which are not assigned to ISPs offering residential access. Last but not least, IP addresses are added in black lists even for the slightest dubious occurrence (for example a port scan). As you may have tested too, LoL does not work with any major VPN. In some cases, which of course don't include your bank or any financial service which already knows your identity and your habits and usually block VPN with the idea to mitigate frauds, it's up to you to choose whether using a service is worth privacy waiver. Kind regards

Hello! Socket buffers are essential both for TCP and UDP. In general it is a feature of sockets, in the OS TCP/IP stack in general, not something peculiar to OpenVPN. Buffers are essential in both connection-oriented sockets (TCP, SCTP...) and conectionless sockets (UDP). In general all sockets including raw sockets (those sockets which are used at IP layer) have two buffers, a read (aka receive) buffer and a write (aka send) buffer. A program (except for NIC kernel drivers ) doesn't read/write data from/to the NIC directly, it does it through the kernel's network stack. If sockets had no buffers, reading and writing would become too slow for any userspace application. Kind regards

@snrtd Hello! Thank you, we are going to verify and look into the issue. @Flx HTTP is correct, the flow is encrypted inside HTTP. This solution offers a few advantages in specific networks, mainly corporate, school, college networks, where HTTPS is not accepted if you don't install root certificates (usually aimed at traffic inspection by MITM attacks by the college, corporate, school networks which want to monitor all the traffic content of their employees/students/teachers). In this way your credentials and AirVPN certificates/keys are protected even when your machine is compromised by fake root certificates. The method can also bypass some other blocks against HTTPS. The disadvantage is that if you're in a network which rejects HTTP completely or blocks HTTP with direct IP addresses (instead of names) then the Suite or Eddie fails to contact the bootstrap servers by default (but we offer custom bootstrap servers to be added in the run control file). Kind regards

Hello! OK, we suspect that's irrelevant. What about the connection and the throughput? Kind regards

@weelilbit Hello! Three servers in three different locations around your node should be more than enough. The problem unfortunately persists. Can you please test with Tunnelblick, just to make sure that the problem is not a specific block against Eddie (from some tool like LittleSnitch for example), or in general a specific Eddie related problem? Tunnelblick is a free and open source software for Mac, a wrapper and a GUI to OpenVPN, you can find instructions here: https://airvpn.org/macos/tunnelblick/ Kind regards

Hello! Which Operating System and Eddie version are you running? If it's not 2.23.2, can you please test it too and report back? Please see here to download it: https://airvpn.org/forums/topic/56428-eddie-desktop-223-beta-released/ Kind regards

Hello! Your account does not have a valid subscription so you can't use it to connect to VPN servers. If you experience problems to purchase a plan please open a ticket at your earliest convenience by clicking "Contact us" on the web site or by writing to support@airvpn.org Kind regards

Hello! All the dc SLAs are within 24 hours except for hardware failures, which can vary according to hardware replacement availability. The problems in Los Angeles are being tackled and you will see relevant news in a few weeks. We will also take care of Phoenix area if necessary. In general the North American infrastructure has grown remarkably in the last weeks and months. For example, 10 Gbit/s servers have been added in Toronto, New York City, Los Angeles and Denver (this last one with 3 Gbit/s guaranteed). As usual infrastructure modifications will closely follow bandwidth demand and amount of users in specific areas. Kind regards

Hello! Thank you very much. Sabik, Merope and Alkes IP addresses are already located in Los Angeles, in the IANA / ARIN databases, so any geo-location database which reports otherwise is poorly maintained. However, we have decided (breaking news 🙂 ) that those servers will be withdrawn in early 2024 and replaced by more powerful hardware in the LA area (please follow the "News" forum in the next weeks). Kind regards

Hello! The server features a 10 Gbit/s NIC connected to a 10 Gbit/s port. 3 Gbit/s (full duplex) are guaranteed and unmetered. Fully burstable to 10 Gbit/s best effort, 3 Gbit/s (full duplex) commitment 100% guaranteed. Kind regards

@88incher Hello and thank you! Yes, we recommend a prompt update of OpenSSH, of course. If you need OpenVPN over SSH to our servers, we assure you that updates are performed frequently so the update will be applied soon, when it is available in the official repository. Remember that the update must be applied even client side. Anyway, remember that the OpenVPN client, at a first analysis, can't be fooled by this method: if you have connected via SSH, by running a vulnerable SSH client and library, to some entity in the middle which pretends to be us by exploiting the vulnerability, that entity will fail to mimic an OpenVPN connection to one of our servers, because it lacks the proper certificates and keys. On the client side you will be able to establish an SSH connection to the attacker machine (provided that you run a vulnerable ssh), but then OpenVPN will fail to connect. Kind regards

Hello! This is exactly what we do, if you read the mission page you can see it, including the organizations we support through 1) active infrastructural management, 2) monetary support and 3) logistic support with free access. We also support services which are technical, essential platforms for media outlets or single individuals to exercise freedom of expression. Freedom of speech is explicitly mentioned in the mission as we already wrote with the citation in our previous message. Kind regards

Awesome, can't wait! Hello! 2023 Christmas deal is live! Kind regards

Hello! The current information unfortunately are insufficient to tell something effective. As a preliminary suggestion, please make sure that your VPS has tun support enabled. This support must be enabled on the host hypervisor, so it's up to your VPS provider to make sure that the VPS supports a "tun" VPN interface (without it, OpenVPN and WireGuard can't work). Please open a ticket, the support team will ask you for additional information and reports to diagnose the problem both on your PC and VPS and offer a possible solution. In order to open a ticket you can click "Contact us" or write to support@airvpn.org. Do not add insults anyway, the support team is instructed to ignore tickets with insults and forward them to us, so you will only waste a lot of time. Of course the thread remains open to allow community members to reply to help you, if they wish so. Kind regards

Hello! Let's verify whether changing connection mode helps or not, just in case the ISP is interfering with UDP and/or OpenVPN: from Eddie's main window please select "Preferences" > "Protocols" uncheck "Automatic" select the line with OpenVPN, protocol TCP, port 443, entry-IP address 3 (three). The line will be highlighted click "Save" and test again connections to various servers Kind regards

Hello! Totally correct. AirVPN forums ("News", "How-To" and "Databases") are technical and service forums where a new thread can be started only by AirVPN staff. "News" is restricted to announcements and news regarding AirVPN and its infrastructure, "How-To" is restricted to guides for the customers, and "Databases" pertains to geo-routing db as well as residential ISPs around the world, to report their behavior and blocks against VPN or Tor. So they are totally inappropriate for any "free speech" purpose. The community forums are a gift of AirVPN to the community, mainly managed by the community itself with self-proposed, voluntary moderation. AirVPN basically provides the infrastructure and cover its expenses. Ads are forbidden, netiquette is enforced, but we do not monitor these forums closely, except for "Troubleshooting", dedicated to technical problems and their resolutions, where we can intervene (if we have the time) before the professional support team is involved through a ticket. However most problems are resolved by the community itself without our intervention. Of course you can't abuse the community forums for generic "freedom of speech" as they would lose their purpose: community member support by other community members. They could also become unreadable if all topics were allowed! In the community forums you also find the "Off-Topic" forum where you can post various arguments, even not specifically related to AirVPN. Ads prohibition and netiquette enforcement stay even in "Off-Topic" of course. More in general, we provide you with an infrastructure to aid free speech trough a layer of privacy and even anonymity, as anonymity as been recognized both by the UN and by the USA Supreme Court as an essential tool in order to exercise freedom of expression and information. We also support or supported monetarily other tools which aid directly freedom of speech, such as PeerTube, Mastodon, Tor, and organizations which support freedom of speech (for example EDRi and EFF). All of the above is in accordance with our mission https://airvpn.org/mission : it's not in our mission to maintain and deliver directly tools to exercise freedom of expression, but it's in our mission to "Deliver a service capable of providing a strong anonymity layer in order to exercise the Right to Remain Anonymous (*), which has been widely recognized as a key to freedom of speech". Specialization is essential in this case given our resources: do one thing and do it well. If we dispersed our resources in more and more projects with too many purposes, we might end up being ineffective in all areas. Kind regards

@ScanFarer Hello! New 10 Gbit/s full duplex server has been added in Los Angeles. Another server with high bandwidth has been added in Denver (Colorado) with a 10 Gbit/s interface and port and 3 Gbit/s bandwidth (full duplex) guaranteed, burstable to 10 Gbit/s. https://airvpn.org/status Kind regards

Hello! We're very glad to inform you that a new 3 Gbit/s (full duplex) server located in Denver, CO (USA) is available: Sadachbia. Sadachbia supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. The AirVPN client will show automatically the new server; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637 and 47107 UDP for WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses and 4096 bit DH key not shared with any other VPN server. You can check the status as usual in our real time servers monitor: https://airvpn.org/servers/Sadachbia Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Staff