Staff

Hello! That's right, we'll consider to implement it. Kind regards

Hello! It's normal. When you force your Mac to use some DNS, the DNS queries will be encrypted and tunneled to the VPN server your Mac is connected to. The OpenVPN server decrypts them and sends them out to the proper destination, receives the reply, encrypts it and sends it back to your OpenVPN client in the Mac. The final DNS server does not know the real origin of the query, of course, it sees packets coming from the Air server exit-IP. WARNING: THE ABOVE IS NOT TRUE FOR WINDOWS SYSTEMS (Windows lacks the concept of global DNS; if you force a Windows physical network card to use some DNS, it can occasionally send out unencrypted DNS queries out of the tunnel, causing a DNS leak - in Windows you need to force the TAP-Win32 Adapter V9 to use a particular DNS, AND block DNS leaks, if you don't want to use the Air DNS). You can use any DNS you wish. If you wish to access Air internal services (currently only speedtest.air) and bypass ICE censorship, then you must use the Air DNS (10.x.0.1). Kind regards

Hello! If you connect from your Windows computer, please set 10.4.0.1 as preferred DNS in your computer physical network card. If you connect from your router (for example if you have Tomato, OpenWRT, DD-WRT... routers) set it as the first nameserver in the router. Kind regards

Hello! No problems, you can find the links in step 1 in the guide (which is permanently linked in forum announcements and accessible to anyone): https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3405&Itemid=142 Kind regards

Hello! That's because Windows (the OS which suffers DNS leaks) lacks the concept of global DNS. Each interface in Windows can have different DNS servers IP addresses, which under some conditions can cause DNS leaks (i.e. DNS queries sent out unencrypted, outside the tunnel). Kind regards

Hello! Did you look at the guides linked in step 1? They have screenshots and a step-by-step tutorial on how to define Network Zones and Global Rules. Kind regards

Hello! There are no problems in the system, can you please send us your client logs? Please right-click on the Air client dock icon, select "Logs" and click on "Copy to clipboard". Finally paste here. Currently the account is successfully connected to some server since more than 3 hours ago. Kind regards

Hello! Because from the monitored web site in your example, they would see the VPN server exit-IP address. An adversary with the ability to monitor simultaneously all the VPN servers in the world and the destination server which a user connects to is able to correlate the real IP address of the user which accesses those servers. An adversary with such abilities can be defeated with "partition of trust", please see here: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=54&limit=6&limitstart=6&Itemid=142#1745 Kind regards

Hello! Yes, if you wish to block uTorrent only in case of VPN disconnection, the rules for utorrent.exe must block anything out NOT from the range [10.4.0.0 - 10.9.255.255]: Block [And Log] IP Out From IP Not In [10.4.0.0 - 10.9.255.255] To MAC Any Where Protocol Is Any For the "Not" operator just tick the box "Exclude (i.e. NOT the choice below". This is because when the computer is connected to the VPN, its VPN IP address is in that range, see also https://airvpn.org/specs Kind regards

Hello! No, given those conditions they would not be able to do that. Kind regards

Hello! Once again this kind of discussions need more accuracy. It is necessary that the adversary power and the attacked person needs are exactly defined, otherwise it's sort of talking about the gender of angels. Kind regards

Hello! If you mean that you lose connection when you're not connected to the VPN then it's just fine, it's the purpose of the rules. If you mean that you can't connect to the VPN servers listed in the allow rules, please send us your Comodo firewall event logs. Kind regards

Hello! Please add the missing allow rules for the VPN servers you wish to connect to: Allow TCP or UDP In/Out From MAC Any To IP 62.212.85.65 Where Source Port Is Any And Destination Port Is Any Allow TCP or UDP In/Out From MAC Any To IP 95.211.149.200 Where Source Port Is Any And Destination Port Is Any etc. etc. You have defined an incomplete set of rules for that. Additionally, please modify the block rule to: Block And Log IP In/Out From MAC Any To MAC Any Where Protocol Is Any Furthermore, please correct your [Home #1] Network Zone. Please define it as IP range [192.168.0.0 - 192.168.255.255] or equivalently IP/Netmask [192.168.0.0 / 255.255.0.0] Kind regards

Hello! If the the OpenVPN client runs on the machine behind the router, you may need to set them in your machine. Anyway, our servers push the VPN DNS, therefore your machine should already be using the VPN DNS. You can perform the DNS leak test here (while your computer is connected to the VPN): http://dnsleaktest.com If you see only Google DNS then you have no DNS leaks. Kind regards

Hello! Can you please send us a screenshot of your global rules and network zones? Kind regards

Hello! Normally all the devices behind the DD-WRT will use the tunnel transparently, unless you have splitted traffic with multiple routing tables (on the router), can you please check that? Kind regards

Hello! We have checked that no unsolicited packet (except of course those toward your forwarded port) can reach your VPN IP address. Can you please contact us in private for further investigations? Kind regards

Hello! You should create a network zone with name "AirVPN" (or any name you like) with IP range from 10.4.0.0 to 10.9.255.255. A simple guide to create and edit network zones: http://help.comodo.com/topic-72-1-155-1096-Network-Zones.html Kind regards

Hello! You can do that with OpenVPN GUI (please see previous post on this same thread). You can autostart the Air client as well, but not auto-connect it with the current version. This feature is planned for future Air client releases. Kind regards

EDIT: Maintenance ended. Sagittarii is online. Hello! An urgent maintenance has been planned for server Sagittarii (Singapore). Maintenance will start at 22.00 CET 9 Dec 2012. The maintenance will probably need several hours. We will put the server offline and we will very probably need to disconnect the clients. If you need a Singapore server, please connect to Puppis or Columbae as soon as possible. In any case, please disconnect from Sagittarii as soon as possible. At the end of the maintenance you will see Sagittarii re-appear in the servers monitor https://airvpn.org/status We apologize for any inconvenience. Kind regards

Hello! Still working on it, we should have found a solution. We'll keep you informed, it should take just a couple of days from now. The core problem we are facing is that Zattoo blacklists a lot of Swiss datacenters IP addresses (while in Germany there are no problems, but there are less channels available). Kind regards

Hello! The timer bug will be fixed in the next client release. It is just a display bug, it does not affect connections in any way. About your observations on client screen layout, they will be transmitted to the programmer, thank you. The Comodo global rules will prevent any leak (DNS leaks and leaks in case of unexpected VPN disconnection). If you wish to prevent just DNS leaks, you can simply force your physical network card to use 10.4.0.1 as preferred DNS IP once your computer is connected to the VPN. You can check for DNS leaks here: http://dnsleaktest.com After you have connected to the VPN, if you have no leaks and you're using the VPN DNS you should see only Google DNS. Kind regards

Hello! Thank you for you inquiry. Yes, please see here: https://airvpn.org/status Yes, please see here: https://airvpn.org/faq#p2p Please see here: https://airvpn.org/faq#multiple_connections and here: https://airvpn.org/faq#routers Routers with OpenWRT or Tomato or DD-WRT firmware can run OpenVPN clients so they are just fine. Once you're behind a "gateway" (a computer, a DD-WRT router...) connected with one account to an Air server, it will see just one connection so you can connect (behind that "gateway") as many devices as you wish. They will use the tunnel transparently. Kind regards

Hello! Without seeing its rules, it's an option that can't be disregarded. Just perform a test for a VPN connection. Kind regards

Hello! Please find the entry-IP addresses from the .ovpn configuration files or just ask us for them in private. We are reluctant to publish in the forum all the VPN servers entry-IP addresses. Kind regards