Jump to content
Not connected, Your IP:


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by Staff

  1. Hello! Can you please see this thread, from here: https://airvpn.org/index.php?option=com_kunena&func=view&catid=2&id=970&limit=6&limitstart=12&Itemid=142#1748 ? Try to apply the suggested fix. We're looking forward to hearing from you. Kind regards
  2. Hello! Thank you for your nice words. We're glad to know that you have managed to have a working and secure setup. If there was a conflict, the message should not have been "syntax error", but something different. Anyway, "block out any"? The rule is "block out all". Kind regards
  3. Hello! About the glitch of the red token on UDP ports, we are still investigating. This does not prevent anyway the correct forwarding of UDP packets. The remaining is not a glitch (please see our previous message). Also, it appears from our tests that everything is working properly. Can you please check that listening services are configured to listen to the matching ports and on the correct network interface? Kind regards
  4. Hello! This is correct. If you leave the remote port field blank and click Add, the system will pick randomly an available port and remap it to the same local port (if the local port field has been left blank) or to the specified local port. Kind regards
  5. Hello! [EDIT] We're looking into the issue, please stand-by. In the meantime you can try to: - forward a new port explicitly specifying as "local port" the same number of the forwarded port; - forward a new port without specifying any local port [EDIT 2] About the red token, we are now aware that there's the chance that you get a red token (for an UDP port only) even if that port is closed on your router. Techies will work on it too asap. Kind regards
  6. Hello! We're sorry, currently we don't provide step-by-step support for Symantec products. Symantec products are commercial products which offer full customer support, so you might try to have support from their team. You could: - replicate the rules suggested for any firewall in the forum (Comodo, PF...) on your Norton Firewall - switch to Comodo: independent peer-reviews performed with high-standard leak tests show that Comodo Firewall in terms of security is highly superior to Norton Firewall (we underline "firewall"); in severe leak tests Norton Firewall 2012 protection rates as "NONE" (!!!) while Comodo rates as "excellent", see for example http://www.matousec.com/projects/proactive-security-challenge/results.php - Comodo is not open source but it's freely redistributable, see https://personalfirewall.comodo.com The only software firewalls for old Windows OS that are not useless (or dangerous) toys are (% shows the percentage of passed leak tests, the higher the better): Comodo Internet Security 5.3.176757.1236FREE 100 % Online Solutions Security Suite 1.5.14905.0 99% Privatefirewall 98 % Outpost Security Suite Free 97% Outpost Security Suite Pro 97% BitDefender Internet Security 2011 97 % Kaspersky Internet Security 2012 93 % Malware Defender 91% Norton Internet Security 2012 has 20% (protection "none"). For the most updated "Proactive Security Challenge", see http://www.matousec.com/projects/proactive-security-challenge-64/results.php. This new challenge shows that apart from Comodo (94%), a secure firewall for 64-bit Windows versions does not exist. Kind regards
  7. Hello! No, this is not what you want, the firewall will not block anything without that rule. Replace it with: block out from to any PF will block any outgoing packet from 192.168.*.*, except those which match the subsequent "pass out" rules. If there are no more syntax errors, test the configuration. Activate pf. Now you should lose your Internet connectivity, except toward Lyra. Connect to Air server Lyra entry-IP (, any port. The connection should succeed thanks to the relevant pass out rule. Now you should have full connectivity. Launch a bittorrent client, share some redistributable content. Let it work for some minutes. Then, disconnect from the VPN. If everything is ok, you should immediately see a total drop of outgoing packets from any application, including the bittorrent client. Anyway, you should investigate further, because "block out all" is a perfectly legal directive on any pf version. Kind regards
  8. Hello! Locate line 23 to be sure to identify which line is giving syntax error. Also, make sure that after the copy & paste you have not inserted characters which may cause problems to the pf parser, for example CR+LF. Also, each line must be terminated with a CR, including the last line. Refer finally to your pf man page to check whether the syntax of your pf version is slightly different. Kind regards
  9. Hello! It looks like geolocalization of those services needs improvements! We have verified that CBS, Hulu, Pandora and Netflix are accessible from Sirius and Vega. Please do not hesitate to contact us for any further information and support. Kind regards
  10. Hello! About point one: yes, a simple but not very flexible way would be to run the service before you connect to an Air server. When you connect to the VPN, the service will continue exchanging packets outside the tunnel, but only for already established connections. Thus, if this is a TCP based service the above may be a good solution, otherwise it's probably not. The alternative would be to modify your routing table. By default our VPN servers push routes so that all your traffic will be routed through the encrypted tunnel. After the connection you might modify routes so that traffic for certain IP addresses is routed outside, through your "normal" gateway, bypassing tun interface. Compare your routing tables before and after the connection, and proceed with caution, a mistake may compromise the anonymity layer. About point two: 40 Mbit/s is an awesome result, better (as far as we know) than the average bandwidth offered by most VPN providers in the world. To beat that, you need at least a 100 Mbit/s server exclusively dedicated to you (please note that your 40 Mbit/s imply 80 Mbit/s on the Air server - bw used by the server for a client is the double of the bw used by that client). Actually, we can provide 100 Mbit/s and 1 Gbit/s servers (please note that a dedicated server will not offer the usual AirVPN anonymity layer) but probably you would not beat that speed anyway. Any additional bandwidth allocation guaranteed by us probably would have no effect, because you already enjoy from Air servers an available bandwidth (700-800 Mbit/s) greater than the maximum speed you can reach. Kind regards
  11. Hello! The green token shows that your service is reachable when behind the VPN. Let's try to make a step at a time, then. Change the SSH daemon listening port. Set it to a TCP port you have remotely forwarded without local remap. Then connect your server to an AirVPN server. Check that ssh has a bind to the correct network interface: it must listen on the tun interface used by OpenVPN. Finally, make sure to start ssh. If the ssh service was already running, restart it, this is very important. After all that, try to connect to your server with ssh :, from a device NOT connected to the same Air server. We're looking forward to hearing from you. Kind regards
  12. Hello! What is that 443 in line pass out quick from to 443? Please delete it. Kind regards
  13. Hello! 1. Could you please elaborate? 2. Currently premium members connecting to 1 Gbit/s servers already have more than that. 1 Gbit/s servers are Delphini, Sirius, Vega, Draconis and Castor. On these servers there are constantly 700-800 Mbit/s (that is 75-100 MB/s) available. Kind regards
  14. @Orfeo Hello! What happens with the following rules? block out all pass out quick from to any pass out quick from to <AirVPN_server_entry_IP> pass out quick from to any pass out quick from to Kind regards
  15. Hello! PF needs ALTQ (Alternate Queing for Network Packets) kernel support to use all its features. Alternate queuing of network packets provides disciplines for queuing outgoing network packets (for example traffic shaping) in *BSD based systems. Apparently your Mac OSX does not come with a kernel built with this support or your network card driver does not support ALTQ functions, however you should not need them for basic firewall operations: PF will just run with disabled ALTQ functions. You can't recompile and build Mac OSX kernel (it's not open source). The default configuration file read by pf is pf.conf, not pf.con (if it was just a mistyping on your message, ignore this warning). Lines 23 and 24 have a syntax error, feel free to paste pf.conf here. You can find the entry-IP address by watching at the line with directive "remote" in the air.ovpn configuration file you have (just display it with the cat command or open it with any text editor). Please do not hesitate to contact us for any further information. Kind regards
  16. Hello! Suppose that the account used by your SSH server has forwarded port 12345 TCP and remapped it to local port 22. Then, when your server is running OpenVPN as a client connected to one of our Air servers, you will be able to reach the SSH service on your server on :12345, NOT :22 Perform a check from your panel (click "Check", wait for some seconds, then click "Refresh"). If you see a green token, then your service on your server is reachable. If you see a gray token, then your service is not responding (or not running). If you see a yellow token, then your server is responding on port 22 even when reached to its real IP address. You might as well change the SSH listening port to a TCP port number>=2048 that matches one of the remotely forwarded TCP port numbers. In this case you will not need a remap to local port 22, and you should obtain a red token (evaluate if this can be a vulnerability exploitable for correlation attacks and if so solve it). You should also make sure that once your server establishes a connection with an Air server, it can communicate with the Internet as usual (except for incoming connections on non-forwarded ports, of course). Please do not hesitate to contact us for any further information. Kind regards
  17. Staff


    Hello! We kindly ask you to read the ToS and the Privacy Notice, available through the links at the bottom of most pages of our website, and the FAQ (menu "More"->"Frequently Asked Questions"). Acceptance of ToS and PN is mandatory for subscriptions. In a few words we don't log IP addresses on any VPN server and we don't log and/or monitor traffic (including both headers and payload) on any VPN server. Please do not hesitate to contact us for any further information. Kind regards
  18. Hello! Thanks for your clarification. Can you please tell us how do you disconnect from an AirVPN server (just in case it is a useful info for better troubleshooting)? Kind regards
  19. Staff


    Hello! Thank you very much for your choice. There are no particular problems with PayPal, however when you pay as a guest with PayPal (i.e. without having a PayPal account), PayPal will not accept some kinds of debit cards. Please check with PayPal in your country to know which debit cards and which credit cards are accepted. Furthermore, please be aware that if you have a PayPal account and you log in your account with an IP address of a different country (for example behind a proxy, a VPN, TOR etc.), the PayPal security system will "put on hold" all the transactions you perform. The funds will be unavailable both for us and for you for 1-5 days. We also accept Bitcoin and Liberty Reserve. Please do not hesitate to contact us for any further information. Kind regards
  20. Hello! Thanks. Also please note that if you don't use internal Air resolution, you might not be able to take advantage of the anti-ICE/DHS USA censorship system: since it is based on domain name seizure at VeriSign/ICANN etc. level, no matter which DNS that recognizes ICANN authority you use, you will always be censored. On Windows system, using custom DNS rises probability of DNS leakage (we are investigating - Windows users can get rid of this potential leakage by blocking outgoing packets from svchost.exe NOT from IP range>, or by blocking connections from network card IP address to port 53 when destination IP is not AirVPN entry-IP address). Kind regards
  21. Hello and welcome aboard! Yes, we are outside USA jurisdiction, although the recent developments in the UK pose the question whether the USA jurisdiction is unlimited... http://torrentfreak.com/pirating-uk-student-to-be-extradited-to-the-us-120313/ 1. You can use an account on as many devices as you wish. However, only one can connect to an Air server at the same time. For simultaneous connections from different devices in different networks you will need multiple accounts (contact us for discounts on additional accounts). 2. It can be a point of failure in the sense that a smart phone has geotracking abilities "independent" of the IP address you're visible on the Internet. Please read here: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1333&Itemid=142#1339 3. They are both low latency "anonymizer networks". Apparently, TOR has been much more peer-reviewed, so its anonymization layer can be considered more robust. 4. Air over TOR uses the OpenVPN ability to tunnel over a socks proxy (see https://airvpn.org/tor), so our servers will not see your real IP address and all TOR nodes will see encrypted traffic and will not know the real destination of your outgoing packets and the real origin of your incoming packets (you have therefore a precious partition of trust, where if one party betrays the trust your anonymization layer is not compromised). TOR over VPN is a connection to TOR through the VPN server, so the TOR entry-node will not see your real IP address and the Air servers will see encrypted traffic and will not know the real destinations of your outgoing packets and the real origin of incoming packets. For further considerations please see https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=54&limit=6&limitstart=6&Itemid=142#1745 5. We guess that if usage of "Care Bear" were to become a violation of human rights as enshrined in the European Convention on Human Rights, either we will be forced to change our ToS or you will have to face the dramatic consequences to change your nick. Speaking of which, let us check if we have some "Hobbit" or "The Hobbit" nicknames in the forum... http://torrentfreak.com/hollywood-lawyers-threaten-hobbit-pub-120313 Please do not hesitate to contact us for any further information. Kind regards
  22. Hello! If you have already tried lolwhat suggestions, consider the following (just in case...): - remote port forwarding must be enabled on the side of the account used by the server you're trying to reach and the SSH daemon must be started (or restarted) after OpenVPN has connected to an Air server; - services of two clients behind the same VPN server can't communicate to each other. So if your server is behind a certain Air server, you can't reach it if you are connected to that same server - make sure that you are trying to reach the SSH server on the proper IP address and port. Each Air server has different entry and exit IP addresses, so the listening SSH service is reachable on :. Please note that is not the remapped local port - if you are using ssh to perform sftp, then you will have to consider some additional issues: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1700&Itemid=142 Please do not hesitate to contact us for any further information and support. Kind regards
  23. Hello! Can you please tell us which site does that? We'll look into the issue. In the meantime, if you were using Vega please switch to Sirius, and vice versa, to see whether this fixes the problem. We're looking forward to hearing from you. Kind regards
  24. Hello! You should check whether AVG has the ability to set specific rules for each program as specified in the guidelines given for Comodo in this thread (for your comfort, your message has been moved here). AVG Manuals are available here: http://www.avg.com/us-en/downloads-documentation AVG FAQ & Tutorials: http://www.avg.com/us-en/faq Please do not hesitate to contact us for any further support or information. Kind regards
  25. Hello! Excellent. You will just have to add the rules posted in the previous messages in IceFloor. In the list of features, the author writes "edit main PF and anchors configuration files with the built-in editor". You can just do that and copy & paste the given rules. Just take care to identify the correct IP addresses and network cards. Please do not hesitate to contact us for any further information or support. Kind regards
  • Create New...