Staff

Hello! Killing forcefully programs is not the way to go in our opinion. We believe that it is an undue interference with the system and a barbarian method which, besides being insecure, can also cause data loss or data corruption. Anyway if you think that this method is appropriate, there are several free and easy to use programs which already do just that (see previous posts). Kind regards

Hello! Yes, that was clear from your message, no problems. You're running NO risk of real IP leak from your torrent client. Unless you have some very specialized malware running, but that's a totally different argument of course. Kind regards

Hello! Thank you for the report. This is not a known issue. Are you running .NET framework 2.0 or 4? Can you tell us your Air client version? Correct, it is not currently possible to do that with the Air client. Please use OpenVPN directly, as you are correctly already doing. Yes, when you see "Checking..." the Air client contacts airvpn.org which in turn verifies the IP address and compares it with the list of Air VPN servers exit-IP addresses. If the verification is not successful (i.e. the IP address which the client is connecting from is not one of the exit-IP addresses of the VPN servers) the client notifies an error, because the VPN connection (or the push by the VPN server to the client) was not successful. Kind regards

Hello! So the connection is successful but there's an unhandled exception which is not apparently fatal. Does the error message display any additional information about the unhandled exception? The Air client programmer will be notified about it. If you use OpenVPN GUI to connect to a server, is everything all right? Kind regards

Hello! Please see our guide: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3405&Itemid=142 Do not hesitate to contact us if you have problems at any step. Please take 5 minutes to read the linked Comodo relevant instructions, there are some deep differences from Norton. Kind regards

Hello! Your ISP can see anyway your unencrypted DNS queries, even if they are not directed to your ISP DNS. Anyway it's very hard to see any problem in resolving a torrent tracker name. The following project is interesting: http://www.opennicproject.org Correct, just the DNS IP of your physical network adapter. Kind regards

Hello! Can you please check that the Air client version is the correct one for your system? Please see here: https://airvpn.org/windows Please make sure that when the test is performed, the service you want to be reachable from the Internet is already running and listening to the correct port. Please browse to https://airvpn.org and check the central bottom box after you have completed the connection procedure. The box must be green. If it's red your system is not properly using the tunnel, or is not connected. You can also check here: http://ipleak.net Kind regards

Hello! Thanks for the suggestion. Could you please tell us which services / web sites need to be accessed in order to watch Spain soccer matches? Kind regards

Hello! Do you notice any difference if you disable LittleSnitch completely? Kind regards

Hello! We're very glad to inform you that a new 1 Gbit/s server located in the USA is available: Arrakis. The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Member Area"->"Access without our client"). The server accepts connections on ports 53, 80, 443, 2018 UDP and TCP. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Just like every other Air server, Arrakis supports OpenVPN over SSL and OpenVPN over SSH. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN admins

Hello! If you don't wish to use a firewall, you can use any third-party small utilities like VPNetMon, VPNCheck Pro etc. However, we recommend the firewall solution, just because it is more secure and does not require intrusive behavior from third-party programs. Kind regards

Hello! When that option is enabled, the configuration generator will generate .ovpn file(s) which include already resolved names. If the option is disabled, the names are not resolved. Having unresolved names allows the client to rotate between servers according to DNS resolution with multiple records (example: nl.airvpn.org resolves to all the NL servers). This option is available only for "Linux and others" because of some Windows limitations in DNS resolution when a name has multiple records which make this option unusable with it. Windows configuration files will therefore always have resolved names into IP addresses. If airvpn.org is censored/DNS poisoned by your ISP (as it is in every China ISP), you MUST select this option even with Linux or any other OS in order to bypass the censorship. Kind regards

Hello! Using NAT "punching functions" in uTorrent effectively makes remote port forwarding superfluous. uTorrent is perfectly capable to "punch" our p2p-friendly NAT in a short time. You're right, you must not forward ports in your router. Kind regards

Hello! Choice between Air over TOR and TOR over Air depends on your needs. Please see here: https://www.airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1500&Itemid=142#1502 and here: https://airvpn.org/tor Kind regards

Hello! Thank you for your subscription! An account is activated automatically in a few seconds when a payment is received. About account "Fairchilde", it is not yet active because the payment has not been received. As PayPal should have warned you, an eCheck needs 3-5 days to be verified and delivered. When the eCheck is confirmed and PayPal delivers the payment, the account will be activated by the system. Kind regards

Hello! The rules you set for uTorrent are correct. Verify that uTorrent can't exchange data when your system is not connected to the VPN. Also, closing the uTorrent listening port on the router is the right thing to do to prevent correlation attacks from an adversary with the ability to monitor your line. You're also partially right about DNS leaks: a torrent client does not need DNS resolution, except for trackers names resolution (only if you use trackers, of course). Therefore, blocking DNS leaks alone will not prevent a torrent client to continue working outside the VPN; on the other hand, not blocking DNS leaks will potentially let your ISP know that you are accessing trackers in the unfortunate event that the DNS leak occurs exactly when uTorrent needs to resolve a tracker name (that means nothing, but you might like to prevent it as well for total privacy). Now, since DNS queries are sent out by another process (svchost.exe), in order to complete your setup and be totally protected when performing p2p, make sure to block DNS leaks. This can be done in a variety of ways, for example forcing 10.4.0.1 and 10.5.0.1 as primary (preferred) and secondary (alternate) DNS IP addresses of your physical interface. If you choose this solution and you use the Air client to connect, please add the lines: 85.17.207.151 airvpn.org 212.117.180.25 airvpn.org so that your system will be able to resolve airvpn.org (resolution required by the Air client, which needs to access airvpn.org to show you the servers list and more) even when disconnected from the VPN. DHT is not a concern at all. You don't need to do anything else after the above recommendations. Kind regards

Hello! Probably you missed the section about command lines in the instructions. Just launch OpenVPN directly (from inside a screen) and forget network-manager which needs a graphical environment. Traffic splitting on application basis is not supported by OpenVPN. Please see here for alternative solutions: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=5724&Itemid=142#5732 Kind regards

Hello! Not really, when disconnected from the VPN your computer will just be unable to resolve names with DNS queries: this will not prevent all the potential leaks in case of unexpected VPN disconnection. If you wish to block your Internet connectivity when disconnected from the VPN to prevent ANY leak, please follow this guide: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3405&Itemid=142 Kind regards

Hello! You have to add those two lines at the bottom of the file. Open it with Notepad (launched with administrator privileges), add the two lines at the bottom, do not modify anything else, save the file and close Notepad. Kind regards

Hello! Sorry for the clarification request, do you mean that OpenVPN GUI crashes as well? Kind regards

Hello! The Global Rules and Network Zones look just fine. As a side note, you might like to add to your [airvpn.org] Network Zone the IP 212.117.180.25 (another frontend), so that if the NL frontend fails, your system will be able to use the other one. Remember to add the appropriate lines in your hosts file as well: 85.17.207.151 airvpn.org 212.117.180.25 airvpn.org The problem should be somewhere else in Comodo (maybe in the Application Rules, maybe in the Defense+ authorizations). Please re-check your Application Rules to see whether some system application has been blocked. Also, try to see Comodo event logs when you try a VPN connection (feel free to send them to us as well) to check whether Comodo firewall is blocking something it should not. Kind regards

Hello! Probably Comodo Firewall and/or Defense+ (HIPS) and/or Sandbox modules are preventing airvpn.exe and/or openvpn.exe to run with full administrator privileges. Please make sure that both programs are "Trusted Applications" and that they are not forced to run in a sandbox (a very useful feature of Comodo, but in this case both programs needs administrator privileges to run properly, they can't run in a sandbox). If the problem persists although both executables are trusted and not sandboxed, please send us a screenshot of your Global Rules and a screenshot of your Network Zones. [EDIT] Maybe you have already solved the problem? At the moment of this writing, your account is successfully connected to some Air server and is successfully exchanging data in/out. Kind regards

Hello! Your experience with the Norton customer support sounds terrible. Anyway, can you please make sure that the "Type of rule" that you set in the Norton "Rules Wizard" was set indeed to "Block" value? Did you receive the e-mail from the support team? Pasting it here just in case it is useful to some other user: Your physical network interface is From ipconfig /all, your subnet IP range is either 10.0.0.0->10.0.255.255, 10.0.0.0->10.0.1.255, or 10.0.1.0-->10.0.1.255. Let's assume it's the first, which covers the second and the third as well (if it's the second or the third, using the first will do no harm). We don't know the formats in which Norton firewall accepts IP ranges. If it accepts IP/NetMask CIDR notation, you can use 10.0.0.0/255.255.0.0 If it accepts IP/BitMask slash notation, you can use 10.0.0.0/16 If it accepts IP ranges, you can use: Start: 10.0.0.0 End: 10.0.255.255 [PLEASE NOTE THAT IN THE ORIGINAL E-MAIL THERE WAS A MISTAKE ON THIS ADDRESS] All of the above notations are equivalent, so just use the one which Norton wants. Kind regards

Hello! The tun/tap adapter DNS is DHCP-pushed by our servers. Your current setup does not seem appropriate to prevent DNS leaks, keep an eye on them. Kind regards

Hello! No. Only if you put the VPN DNS IP addresses your DNS queries will be tunelled in any case. Yes, of course: it must NOT work, that's the purpose. Also, that's why you need to modify your hosts file in order to allow (re)connections to Air VPN servers through the Air client. No. The leaked queries will go to OpenDNS unencrypted, out of the tunnel, and your ISP can see them. Kind regards