Staff

Hello! In order to prevent any leak (including DNS leaks and leaks in case of unexpected VPN disconnection) please see this guide: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3405&Itemid=142 If you wish to prevent only DNS leaks just set 10.4.0.1 and 10.5.0.1 as primary (preferred) and secondary (alternate) DNS IP address in your physical network card and modify your hosts file by adding to it the following lines: 85.17.207.151 airvpn.org 212.117.180.25 airvpn.org which will allow your system to resolve airvpn.org even when it is disconnected from the VPN, because the Air client needs to access airvpn.org during the login phase. Kind regards

Hello! Currently not, there's no inactivity with an OpenVPN connection and forcing the disconnection poses some security issues. We are anyway evaluating the problem to meet your needs in a less dangerous way. Kind regards

Hello! Tunnelblick 3.2.8 is not compatible with Mac OS X 10.8.x. Please use an appropriate Tunnelblick version: http://code.google.com/p/tunnelblick/wiki/DownloadsEntry?tm=2 Kind regards

Hello! What are your OS X and Tunnelblick versions? Can you please send us Tunnelblick logs just after the problem occurs? Kind regards

Hello! Please send us your support request through "Support"->"Contact us" form. Thank you in advance. Kind regards

Hello! Brazil has no mandatory data retention law at all. This is not the problem with Brazil. When we pick a datacenter, it must comply with some requirements. We have these requirements because we want to provide the same quality experience and the same security on all servers. For example, the datacenter must be network neutral, it must have direct Point of Presence with at least one tier1 provider, the AUP of the datacenter owner must not discriminate against any protocol, the line which the server will be connected to must not be shared (in the sense that it must be able to have always available the bandwidth we declare in the servers monitor), too restrictive limits on the traffic are a no-go (our Gbit servers normally need 70-120 TB per month) etc. This does not mean that there are no providers in Brazil meeting our requirements, it just means that we have not yet found a provider that can meet these requirements all together. Should we find a suitable provider, of course we would be EXTREMELY happy to offer servers in South America. Kind regards

Hello! Killing forcefully programs is not the way to go in our opinion. We believe that it is an undue interference with the system and a barbarian method which, besides being insecure, can also cause data loss or data corruption. Anyway if you think that this method is appropriate, there are several free and easy to use programs which already do just that (see previous posts). Kind regards

Hello! Yes, that was clear from your message, no problems. You're running NO risk of real IP leak from your torrent client. Unless you have some very specialized malware running, but that's a totally different argument of course. Kind regards

Hello! Thank you for the report. This is not a known issue. Are you running .NET framework 2.0 or 4? Can you tell us your Air client version? Correct, it is not currently possible to do that with the Air client. Please use OpenVPN directly, as you are correctly already doing. Yes, when you see "Checking..." the Air client contacts airvpn.org which in turn verifies the IP address and compares it with the list of Air VPN servers exit-IP addresses. If the verification is not successful (i.e. the IP address which the client is connecting from is not one of the exit-IP addresses of the VPN servers) the client notifies an error, because the VPN connection (or the push by the VPN server to the client) was not successful. Kind regards

Hello! So the connection is successful but there's an unhandled exception which is not apparently fatal. Does the error message display any additional information about the unhandled exception? The Air client programmer will be notified about it. If you use OpenVPN GUI to connect to a server, is everything all right? Kind regards

Hello! Please see our guide: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3405&Itemid=142 Do not hesitate to contact us if you have problems at any step. Please take 5 minutes to read the linked Comodo relevant instructions, there are some deep differences from Norton. Kind regards

Hello! Your ISP can see anyway your unencrypted DNS queries, even if they are not directed to your ISP DNS. Anyway it's very hard to see any problem in resolving a torrent tracker name. The following project is interesting: http://www.opennicproject.org Correct, just the DNS IP of your physical network adapter. Kind regards

Hello! Can you please check that the Air client version is the correct one for your system? Please see here: https://airvpn.org/windows Please make sure that when the test is performed, the service you want to be reachable from the Internet is already running and listening to the correct port. Please browse to https://airvpn.org and check the central bottom box after you have completed the connection procedure. The box must be green. If it's red your system is not properly using the tunnel, or is not connected. You can also check here: http://ipleak.net Kind regards

Hello! Thanks for the suggestion. Could you please tell us which services / web sites need to be accessed in order to watch Spain soccer matches? Kind regards

Hello! Do you notice any difference if you disable LittleSnitch completely? Kind regards

Hello! We're very glad to inform you that a new 1 Gbit/s server located in the USA is available: Arrakis. The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Member Area"->"Access without our client"). The server accepts connections on ports 53, 80, 443, 2018 UDP and TCP. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Just like every other Air server, Arrakis supports OpenVPN over SSL and OpenVPN over SSH. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN admins

Hello! If you don't wish to use a firewall, you can use any third-party small utilities like VPNetMon, VPNCheck Pro etc. However, we recommend the firewall solution, just because it is more secure and does not require intrusive behavior from third-party programs. Kind regards

Hello! When that option is enabled, the configuration generator will generate .ovpn file(s) which include already resolved names. If the option is disabled, the names are not resolved. Having unresolved names allows the client to rotate between servers according to DNS resolution with multiple records (example: nl.airvpn.org resolves to all the NL servers). This option is available only for "Linux and others" because of some Windows limitations in DNS resolution when a name has multiple records which make this option unusable with it. Windows configuration files will therefore always have resolved names into IP addresses. If airvpn.org is censored/DNS poisoned by your ISP (as it is in every China ISP), you MUST select this option even with Linux or any other OS in order to bypass the censorship. Kind regards

Hello! Using NAT "punching functions" in uTorrent effectively makes remote port forwarding superfluous. uTorrent is perfectly capable to "punch" our p2p-friendly NAT in a short time. You're right, you must not forward ports in your router. Kind regards

Hello! Choice between Air over TOR and TOR over Air depends on your needs. Please see here: https://www.airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1500&Itemid=142#1502 and here: https://airvpn.org/tor Kind regards

Hello! Thank you for your subscription! An account is activated automatically in a few seconds when a payment is received. About account "Fairchilde", it is not yet active because the payment has not been received. As PayPal should have warned you, an eCheck needs 3-5 days to be verified and delivered. When the eCheck is confirmed and PayPal delivers the payment, the account will be activated by the system. Kind regards

Hello! The rules you set for uTorrent are correct. Verify that uTorrent can't exchange data when your system is not connected to the VPN. Also, closing the uTorrent listening port on the router is the right thing to do to prevent correlation attacks from an adversary with the ability to monitor your line. You're also partially right about DNS leaks: a torrent client does not need DNS resolution, except for trackers names resolution (only if you use trackers, of course). Therefore, blocking DNS leaks alone will not prevent a torrent client to continue working outside the VPN; on the other hand, not blocking DNS leaks will potentially let your ISP know that you are accessing trackers in the unfortunate event that the DNS leak occurs exactly when uTorrent needs to resolve a tracker name (that means nothing, but you might like to prevent it as well for total privacy). Now, since DNS queries are sent out by another process (svchost.exe), in order to complete your setup and be totally protected when performing p2p, make sure to block DNS leaks. This can be done in a variety of ways, for example forcing 10.4.0.1 and 10.5.0.1 as primary (preferred) and secondary (alternate) DNS IP addresses of your physical interface. If you choose this solution and you use the Air client to connect, please add the lines: 85.17.207.151 airvpn.org 212.117.180.25 airvpn.org so that your system will be able to resolve airvpn.org (resolution required by the Air client, which needs to access airvpn.org to show you the servers list and more) even when disconnected from the VPN. DHT is not a concern at all. You don't need to do anything else after the above recommendations. Kind regards

Hello! Probably you missed the section about command lines in the instructions. Just launch OpenVPN directly (from inside a screen) and forget network-manager which needs a graphical environment. Traffic splitting on application basis is not supported by OpenVPN. Please see here for alternative solutions: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=5724&Itemid=142#5732 Kind regards

Hello! Not really, when disconnected from the VPN your computer will just be unable to resolve names with DNS queries: this will not prevent all the potential leaks in case of unexpected VPN disconnection. If you wish to block your Internet connectivity when disconnected from the VPN to prevent ANY leak, please follow this guide: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3405&Itemid=142 Kind regards

Hello! You have to add those two lines at the bottom of the file. Open it with Notepad (launched with administrator privileges), add the two lines at the bottom, do not modify anything else, save the file and close Notepad. Kind regards