Jump to content
Not connected, Your IP: 3.239.33.139

Staff

Staff
  • Content Count

    8846
  • Joined

    ...
  • Last visited

    ...
  • Days Won

    1277

Everything posted by Staff

  1. Hello! That is neither a script nor command lines, but a configuration. With DD-WRT, it might be better to insert the rules as you did before for the connection setup: as a list of iptables commands. Please see https://airvpn.org/ddwrt/ paragraph "DD-WRT Firewall rules". Also, check the "lo" interface, it is very probable that on your DD-WRT you use "br0". A simple example of rules to block all outgoing packets except those toward the Air server whose entry-IP is 95.211.98.154 and assuming a "default" DD-WRT firmware with OpenVPN flavour and tun0 as tun interface: iptables -I FORWARD -i br0 -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -o br0 -j ACCEPT iptables -I INPUT -i tun0 -j REJECT iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE iptables -I OUTPUT -o br0 \! --dst 95.211.98.154 -j DROP # if destination for outgoing packets (on br0 only!) is NOT 95.211.98.154, drop the packet Insert the above rules as specified in the aforementioned tutorial. Kind regards
  2. Hello! You might use iptables. See here for a significant example, and adapt it to your DD-WRT router. Keep in mind that: - Air uses a tun interface; - change the "lo" interface according to your DD-WRT router; - the xx.xx.xx.xx IP address reported in the example must be changed to the Air server entry-IP server address, not the exit-IP (add as many rules as you wish for each entry-IP address, in case you want to switch Air server from the DD-WRT OpenVPN web interface). You will find the entry-IP address of each server on the air.ovpn file generated for that server, line "remote". http://www.linuxforums.org/forum/networking/178976-how-only-allow-openvpn-connections-iptables.html Kind regards
  3. Hello! It depends on your network configuration. If you make the connection through a computer and you accept the routes pushed by our servers, you should have no DNS leak, and your computer should use no more the router DNS. Your router will not even know your traffic payload and real sources and destinations, so it can't discern DNS queries among all the packets. Watch out for DNS leaks directly from your computer, if they are sent out unencrypted your provider may know which domain names you communicate with, potentially even if you don't use their DNS. See here for VPN DNS resolution: https://airvpn.org/specs Using VPN DNS will allow you to bypass USA ICE censorship in several cases. You'll find in the forum several suggestions to prevent DNS leaks. When connected to the VPN, check whether you have DNS leaks with this tool: http://www.dnsleaktest.com Kind regards
  4. Hello! The resolv-retry infinite directive in our configuration files should already force openvpn to try a reconnection as soon as the connection with an Air server is lost. However, if the DD-WRT OpenVPN has crashed you need either to reboot or to prepare a script which re-launches OpenVPN. You might also try to run OpenVPN as daemon and prepare a startup script to launch it, based on our ca.crt, user.crt, user.key and air.ovpn. A script would look like this (it's assumed that openvpn is in /usr/sbin) cd /tmp /usr/sbin/openvpn --mktun --dev tun0 echo \” # Here just paste your air.ovpn file content... daemon # ...but note the addition of the directive daemon # end of air.ovpn paste \” > air.ovpn echo \" -----BEGIN CERTIFICATE----- …INSERT ca.crt CONTENT HERE… -----END CERTIFICATE----- \" > ca.crt echo \" -----BEGIN CERTIFICATE----- …INSERT user.crt HERE… -----END CERTIFICATE----- \" > user.crt echo \" -----BEGIN RSA PRIVATE KEY----- …INSERT user.key HERE… -----END RSA PRIVATE KEY----- \" > user.key chmod 600 user.key sleep 12 ln -s /usr/sbin/openvpn /tmp/airvpn /tmp/airvpn --config air.ovpn Kind regards
  5. Hello! Yes, you just need to connect only the Mac, like apparently you did. The OpenVPN servers routes push does not "affect" communications inside your home network. Kind regards
  6. Hello! Yes, the privacy legal responsible person has the ability to make such correlation. If he hadn't, we could not offer a refund policy. However, he has not the ability to correlate any account with any VPN usage, not even with which server the account has been used for connections. On top of that, keep in mind that PayPal transactions remain stored "forever" (just like any bank transaction), you can't delete them. The transactions proves just that you are an Air customer. Please use Bitcoin if you want to make such correlations impossible. Can you please elaborate? Kind regards
  7. Hello and thank you! Fixed. We apologize for the inconvenience. Please do not hesitate to contact us for any further information or support. Kind regards
  8. Hello! No, they would be no more available on our servers. However, the system would not allow you to do that. If you think that your account is not ok, probably it's better to ask us to delete it and then re-start with a new one. Feel free to contact us in private for further details (menu "Support"->"Contact us"). Kind regards
  9. Hello! Stored information (not on VPN servers, but on a backend server) are: - your login name - your name as entered in the subscription - your password (encrypted) - date and time of account subscription - date and time of last login on the website - date and time of account expiration - subscribed plan type (if any) - e-mail address associated with the account - forwarded ports linked to the account (if any) The above information are provided by you and must be stored in order to provide the service. Without them, you could not even log in. We recommend not to put in your account data any information which can be exploited to disclose you real identity. For example, do no put your real name, do not use an e-mail address which can be linked to your real identity. We don't check e-mail validity, but you might need a working e-mail in case you need to reset your password, receive support or any other private communication from us. If you enable the connections statistics, further stored data (deletable whenever you wish) are: - time and duration of connection to a VPN server (not specified which one) - total uploaded and downloaded bytes - uploaded and downloaded bytes of last 50 sessions IP addresses are not stored, not even if you enable the sessions statistics. The above information can be deleted upon simple written request. Yes. Please note that each server has different entry-IP and exit-IP addresses. Thank you! Please do not hesitate to contact us for any further information. Kind regards
  10. Hello! Please give us detailed information on your system and how you can reproduce the behaviour. The more information you give us, the easier it will be to reproduce and spot the bug. Thank you and kind regards.
  11. Hello! Thank you very much for your choice and for your nice words. The displayed bandwidth is the bandwidth under usage by a server in real time (or with a difference of a few seconds). Premium members do not have any limit neither on bandwidth nor on usage, so we have no interest in collecting such data (we just collect total bandwidth and traffic usage of each server in order to offer a better service, check whether there are critical points in the infrastructure, decide for infrastructure expansions etc.). Anyway, if you wish to keep statistics about your dl/ul traffic, you can enable this feature on your member panel. Of course you can delete those info whenever you wish. We allow plans accumulation, however due to a bug in our AEC account processor (a commercial product) the remaining days of the previous plan might get "burned" when you change plan type. We can fix this quickly and give you back the missing days, just warn us if you lose days and we'll fix it for you at once. Kind regards
  12. Hello! Most probably you have mismatched the configuration for Delphini with the configuration for Omicron. You can check this by looking at your Delphini .ovpn file, probably in the "remote" line you will not see an IP address beginning with 146. Just regenerate the configuration file for Delphini and overwrite it. Kind regards
  13. Hello! Since you use Viscosity, please read here: http://www.thesparklabs.com/forum/viewtopic.php?f=3&t=189 We're looking forward to hearing from you, Mac users might be interested in your setup. EDIT: see also this article http://www.niteoweb.com/blog/openvpn-over-ssh that is not completely related to your case but that can anyway be useful. Kind regards
  14. Hello! Thanks for your nice words. We are not aware of any IP geolocalization service which detects our UK server exit-IP address as located in Germany... can you tell us what it is? Kind regards
  15. Hello! Sure, it all depends on what you want to achieve. We were asked how to block a specific program and we answered accordingly. About trojans, generally it does not make a big difference if they can get out through the tunnel or not, a VPN will not protect you against trojans which send out data without your knowledge (see also Terms of Service, point 1). Chrome must be a "trusted application" in Comodo in order to be able to send and receive data. As usual, you can define further customized rules for any program, including Chrome. Please do not hesitate to contact us for any further information or support. Kind regards
  16. Hello! Advanced options might appear only when you "Apply settings", see the DD-WRT wiki here: http://www.dd-wrt.com/wiki/index.php/OpenVPN#Enable_OpenVPN_in_the_Router According to DD-WRT developers and community, all the DD-WRT web GUI interface with firmware withOpenVPN flavor have the option to pick encryption type. We can't confirm that, since we don't have all the routers in the world, but it appears strange that such a lack would have gone unnoticed. Please keep us posted. Kind regards
  17. Hello! Please note that you should block outgoing packets NOT in the range 10.4.0.0->10.9.255.255. If you blocked outgoing packets in that range, it was normal that uTorrent could not work with VPN connection. If you wish to block incoming packets not coming from our VPN server, just block anything to your Ethernet or WiFi interface not coming from Air server entry-IP address (also note that entry-IP and exit-IP are different; you can find the entry-IP with our configuration generator or with the Air client). Finally, we strongly recommend NOT to use any Symantec/Norton product on Windows systems: http://www.matousec.com/projects/proactive-security-challenge-64/results.php not even on 32-bit Windows system: http://www.matousec.com/projects/proactive-security-challenge/results.php#products-ratings Kind regards
  18. Hello! Do you mean Comodo? If so, the rules are identical with any Comodo version of the last year. The screenshot is taken from Comodo Internet Security Premium 5.10.228257.2253, free version (it should be up to date). Kind regards
  19. Hello! We are confident that the following thread will help you. We would anyway recommend that you replace Windows 7 firewall with Comodo Firewall (free edition is just fine). https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1713&Itemid=142 Please do not hesitate to contact us for any further information. Kind regards
  20. Hello! Yes, we confirm that our servers push routes so that ALL the traffic will go in the encrypted tunnel. About your Usenet provider, using the VPN is useful if you wish to hide to that provider your real IP address, just in case... Instead of refusing the push (which might make your OpenVPN client uneasy), you could rewrite the routing table after the connection, or you could rewrite your OpenVPN configuration file. As usual, proceed with caution. Any mistake can destroy your anonymity layer. Some ideas: http://dltj.org/article/openvpn-split-routing/ EDIT: This thread looks better http://forums.openvpn.net/topic8229.html Kind regards
  21. Hello! You should decompress the folder (or navigate into it) and copy the 4 files you see inside. Paste & use them as the configuration, certificates and key for Tunnelblick, according to instructions. Please do not hesitate to contact us for any further information or support. Kind regards
  22. Hello! In a few words, UDP is more efficient, but TCP is mandatory when you want to connect over an http or socks proxy. Also, TCP may be necessary if you find difficulties during the handshake. TCP implements full error correction, and this is at the same time a plus and a minus. Please refer to the FAQ for a more detailed comparison. https://airvpn.org/faq Kind regards
  23. Hello! If there's no way with that firmware to tell OpenVPN to use AES-256-CBC, you should use a script to connect. We can't renounce to strong encryption. Please see here: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1840&limit=6&limitstart=6&Itemid=142#1866 That is a specific setup for your model of router behind another router, and you can easily change it in order to make it suitable for your network. Kind regards
  24. Hello! You will not get the same speed (please see the FAQ for details). We must be clear on this point: adding a VPN hop will unavoidably decrease performance. Since we pick servers on datacenters connected to tier1 providers, the performance decrease in most cases is a fair price to pay for a layer of anonymity and privacy. On the other hand, if your ISP caps certain protocols (for example p2p) you will get a better performance with a VPN on those protocols. We do not discriminate against any protocol and we do not monitor the connections, not even to determine protocols for technical reasons. The only exception to the purest Net Neutrality is the block of outbound port 25 that we are forced to perform to keep the service alive. You can connect as many devices as you wish through your DD-WRT router, you will need just one account that you can use directly on your router. See also https://airvpn.org/ddwrt Please do not hesitate to contact us for any further information. Kind regards
  25. Hello! What are your router models? Are you using the latest DD-WRT firmware available for them? Kind regards
×
×
  • Create New...