Staff

Hello! That's because account "Theopt" is not authorized to access the VPN servers. Please subscribe to a plan with this account in order to enable it to access the VPN servers. Kind regards

Hello! On port 443 UDP your tun interfaces is DHCP pushed an address in the range 10.4.0.0/255.255.0.0. Therefore you just need to block any outgoing packet for your p2p client NOT coming from 10.4.0.0/16 Please see here: https://airvpn.org/status The public entry and exit-IP addresses of the servers are static. The VPN IP address is DHCP assigned, it is dynamic but you can easily handle it. You can tell the client to tell OpenVPN to connect over an http or a socks proxy. See here for an example: https://airvpn.org/tor Kind regards

Hello! Thank you for the information, we're very glad to know that the problem is solved. It's not your fault, we have dozens of support requests because the TUN/TAP adapter is disabled. It's impossible that all of these requests come from persons who inadvertently switched off the adapter. There must be some condition for which Windows switches it off, however we have been unable so far to determine such condition. Kind regards

Hello! OpenVPN can't access the TAP-Win32 adapter. Please make sure that it is enabled: On Windows XP: Open Control Panel-->Network and Internet connections-->Network Connections. Right-click on "TAP-Win32 Adapter V9" and select "Enable". Windows Vista: Open Control Panel-->Network and Internet-->Network and Sharing Center-->Manage network connections. Right-click "TAP-Win32 Adapter V9" and select Enable. Windows 7: Open Control Panel-->Network and Internet-->Network and Sharing Center-->Change Adapter Settings. Right-click on "TAP-Win32 Adapter V9" and select Enable. If you find that the TAP adapter is already enabled, select "Disable", apply the change, then select "Enable". Please feel free to let us know whether the above solves the problem. Kind regards

Hello! Thank you for the information. Please feel free to share how you managed to improve performance if you wish so, maybe your information can be useful to some other person. Kind regards

Hello! That's right, we'll consider to implement it. Kind regards

Hello! It's normal. When you force your Mac to use some DNS, the DNS queries will be encrypted and tunneled to the VPN server your Mac is connected to. The OpenVPN server decrypts them and sends them out to the proper destination, receives the reply, encrypts it and sends it back to your OpenVPN client in the Mac. The final DNS server does not know the real origin of the query, of course, it sees packets coming from the Air server exit-IP. WARNING: THE ABOVE IS NOT TRUE FOR WINDOWS SYSTEMS (Windows lacks the concept of global DNS; if you force a Windows physical network card to use some DNS, it can occasionally send out unencrypted DNS queries out of the tunnel, causing a DNS leak - in Windows you need to force the TAP-Win32 Adapter V9 to use a particular DNS, AND block DNS leaks, if you don't want to use the Air DNS). You can use any DNS you wish. If you wish to access Air internal services (currently only speedtest.air) and bypass ICE censorship, then you must use the Air DNS (10.x.0.1). Kind regards

Hello! If you connect from your Windows computer, please set 10.4.0.1 as preferred DNS in your computer physical network card. If you connect from your router (for example if you have Tomato, OpenWRT, DD-WRT... routers) set it as the first nameserver in the router. Kind regards

Hello! No problems, you can find the links in step 1 in the guide (which is permanently linked in forum announcements and accessible to anyone): https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3405&Itemid=142 Kind regards

Hello! That's because Windows (the OS which suffers DNS leaks) lacks the concept of global DNS. Each interface in Windows can have different DNS servers IP addresses, which under some conditions can cause DNS leaks (i.e. DNS queries sent out unencrypted, outside the tunnel). Kind regards

Hello! Did you look at the guides linked in step 1? They have screenshots and a step-by-step tutorial on how to define Network Zones and Global Rules. Kind regards

Hello! There are no problems in the system, can you please send us your client logs? Please right-click on the Air client dock icon, select "Logs" and click on "Copy to clipboard". Finally paste here. Currently the account is successfully connected to some server since more than 3 hours ago. Kind regards

Hello! Because from the monitored web site in your example, they would see the VPN server exit-IP address. An adversary with the ability to monitor simultaneously all the VPN servers in the world and the destination server which a user connects to is able to correlate the real IP address of the user which accesses those servers. An adversary with such abilities can be defeated with "partition of trust", please see here: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=54&limit=6&limitstart=6&Itemid=142#1745 Kind regards

Hello! Yes, if you wish to block uTorrent only in case of VPN disconnection, the rules for utorrent.exe must block anything out NOT from the range [10.4.0.0 - 10.9.255.255]: Block [And Log] IP Out From IP Not In [10.4.0.0 - 10.9.255.255] To MAC Any Where Protocol Is Any For the "Not" operator just tick the box "Exclude (i.e. NOT the choice below". This is because when the computer is connected to the VPN, its VPN IP address is in that range, see also https://airvpn.org/specs Kind regards

Hello! No, given those conditions they would not be able to do that. Kind regards

Hello! Once again this kind of discussions need more accuracy. It is necessary that the adversary power and the attacked person needs are exactly defined, otherwise it's sort of talking about the gender of angels. Kind regards

Hello! If you mean that you lose connection when you're not connected to the VPN then it's just fine, it's the purpose of the rules. If you mean that you can't connect to the VPN servers listed in the allow rules, please send us your Comodo firewall event logs. Kind regards

Hello! Please add the missing allow rules for the VPN servers you wish to connect to: Allow TCP or UDP In/Out From MAC Any To IP 62.212.85.65 Where Source Port Is Any And Destination Port Is Any Allow TCP or UDP In/Out From MAC Any To IP 95.211.149.200 Where Source Port Is Any And Destination Port Is Any etc. etc. You have defined an incomplete set of rules for that. Additionally, please modify the block rule to: Block And Log IP In/Out From MAC Any To MAC Any Where Protocol Is Any Furthermore, please correct your [Home #1] Network Zone. Please define it as IP range [192.168.0.0 - 192.168.255.255] or equivalently IP/Netmask [192.168.0.0 / 255.255.0.0] Kind regards

Hello! If the the OpenVPN client runs on the machine behind the router, you may need to set them in your machine. Anyway, our servers push the VPN DNS, therefore your machine should already be using the VPN DNS. You can perform the DNS leak test here (while your computer is connected to the VPN): http://dnsleaktest.com If you see only Google DNS then you have no DNS leaks. Kind regards

Hello! Can you please send us a screenshot of your global rules and network zones? Kind regards

Hello! Normally all the devices behind the DD-WRT will use the tunnel transparently, unless you have splitted traffic with multiple routing tables (on the router), can you please check that? Kind regards

Hello! We have checked that no unsolicited packet (except of course those toward your forwarded port) can reach your VPN IP address. Can you please contact us in private for further investigations? Kind regards

Hello! You should create a network zone with name "AirVPN" (or any name you like) with IP range from 10.4.0.0 to 10.9.255.255. A simple guide to create and edit network zones: http://help.comodo.com/topic-72-1-155-1096-Network-Zones.html Kind regards

Hello! You can do that with OpenVPN GUI (please see previous post on this same thread). You can autostart the Air client as well, but not auto-connect it with the current version. This feature is planned for future Air client releases. Kind regards

EDIT: Maintenance ended. Sagittarii is online. Hello! An urgent maintenance has been planned for server Sagittarii (Singapore). Maintenance will start at 22.00 CET 9 Dec 2012. The maintenance will probably need several hours. We will put the server offline and we will very probably need to disconnect the clients. If you need a Singapore server, please connect to Puppis or Columbae as soon as possible. In any case, please disconnect from Sagittarii as soon as possible. At the end of the maintenance you will see Sagittarii re-appear in the servers monitor https://airvpn.org/status We apologize for any inconvenience. Kind regards