Staff

Yes.

Why does this keep happening to me?

Hello!

We still don't know for sure, perhaps you have intermittent latency/packet loss problems which cause handshake failure. We'll keep an eye on it.

Kind regards

I don't worry about leaks very much. I always check I'm connected before I do anything. Support has already said DNS leaks to Google are normal.

Hello!

A DNS leak is not normal. Support meant that if you see Google DNS in the dnsleaktest you're not seeing a leak, you're seeing the DNS eventually queried by our servers.

Kind regards

I can't connect to Cygni.

The server won't connect.

Also, when I try Serpentis, I get a username/pw invalid message.

It was working fine up until five minutes ago.

Hello!

Account "indigo35" appears to be connected and successfully exchanging data since some hours to some server. Is it all right now?

Kind regards

Awesome job.

I am to assume they are all hosted in the same datacenter?

Hello!

Thank you. Yes, same datacenter.

Kind regards

Eventually, your traffic gets to an exit node. It's exactly what it sounds like: your traffic is leaving AirVPN's network and services, where it can pass through various routers and switches and what have you to get to a web server, or an FTP server, or a VoIP server, or whatever kind of server. In a very trivial VPN setup, the entrance and exit node could be the same machine, but we have AirVPN's assurance that they're not, to obfuscate your data and protect your identity.

Hello!

Wait, this admin apologizes for any misunderstanding: the entrance and exit IP addresses are different, not necessarily the physical machine. Multi-hopping with servers belonging to the same entity does not really add any significant security (if you can't afford to trust the VPN operators) so if you need multi-hopping we recommend Air over TOR or VPN over VPN etc. Sorry if there was any misunderstanding on that.

Kind regards

Hello!

We're very glad to inform you that a new 1 Gbit/s server located in the USA (Portland, Oregon) is available: Octantis.

The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Member Area"->"Access without our client").

The server accepts connections on ports 53, 80 and 443 UDP and TCP.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

Do not hesitate to contact us for any information or issue.

Kind regards and datalove

AirVPN admins

Does port forwarding on my torrent client reveal any details about my host or expose me in any way?

No, it does not.

Your question implies that the host running the software is behind some sort of hardware firewall or router. If this is the case, and you're not establishing a VPN tunnel from the *router* to AirVPN, then you must be running the software on a machine behind the router. That seems to be most usual. If that's the case, you're bypassing your router entirely and establishing a link directly between AirVPN and your machine behind the router. That being the case, ports forwarded to you by AirVPN are relatively close to a direct link to the Internet, AirVPN being your second ISP on top of the first.

Hello!

Just some additional notes on your good considerations. You have to take into account that the client host connects to an IP address (entry-IP) which is not the Air exit node IP address. Additionally, if the torrent client had the intention to send out the IP address of the card it's bound, it would send out the VPN IP.

It is assumed that the torrent client is not connecting over any proxy and is not forced (for example with ForceBindIP or similar code injectors) to bind to the physical network card of the client host, which would result in tunnel (routing table/gateway) bypassing.

Assuming no one is able to view the traffic between the AirVPN exit node and any hosts you may be talking to, less-stealthy fingerprinting software can actively probe any ports you have forwarded from AirVPN to your machine running VPN software. And, in the case of running BitTorrent software, it's implied that you might occasionally be exchanging data involuntarily with machines run by people such as BayTSP. Yes, even if you use BitTorrent blocklists--they're not perfect.

Not very alarming, as you already said. To make it even less alarming, consider also that, in this case, an entity like that would see exit-IP and port of the Air exit node, not the IP the OpenVPN client of the customer is connecting to in order to establish the connection to one of our servers (in all the Air servers, the connecting IP does not match the exit-IP).

However, a more sinister scenario is possible, but only if the customer had the same port both remotely forwarded AND open on its router. In that case an entity with the ability to monitor the customer line can send packets both to the real IP address and to the exit-IP address of the VPN (toward the same port) to establish a sure correlation between the p2p activity detected on the VPN exit-node and on the customer host running the p2p client with a relatively low error margin (probably not valid as a legal proof anyway). For this reason we recommend not to open the same remotely forwarded ports on the routers' customers.

Kind regards

Hello!

We're very glad to inform you that a new 100 Mbit/s server located in Singapore is available: Columbae.

The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Member Area"->"Access without our client").

The server accepts connections on ports 53, 80 and 443 UDP and TCP.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

Do not hesitate to contact us for any information or issue.

Kind regards and datalove

AirVPN admins

Hello!

We're very glad to inform you that a new 100 Mbit/s server located in Singapore is available: Puppis.

The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Member Area"->"Access without our client").

The server accepts connections on ports 53, 80 and 443 UDP and TCP.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

Do not hesitate to contact us for any information or issue.

Kind regards and datalove

AirVPN admins

Hello!

If you are 100% sure that nothing in your system is blocking Tunnelblick / OpenVPN, then the first option to be considered is that your ISP is blocking outbound port 443 UDP. Please try to change connection ports. Try 443 TCP, 80 UDP and 80 TCP.

Please feel free to let us know if the above solves your problem.

Kind regards

Trying to connect to UK servers tonight and it gets a "failed to authorized, maybe you are connected somewhere else". I know I'm not because I can get on any other server (after a reboot since it seems to lock me in to "already connected" if I ever get an error). Both UK servers are showing at 0% capacity so I imagine there is some problem with them, just checking to be sure.

Hello!

Correct, there has been a major issue with the Bootis and Cassiopeia datacenter: it has had lines (or routing, we don't know for sure) issues for a couple of hours. The problem was not on our side, we updated the servers monitor to inform about the issue (feel free to check anytime when you have issues). The problem has been fixed, but we have received no info from the provider.

Kind regards

Greetings,

Does port forwarding on my torrent client reveal any details about my host or expose me in any way?

Thanks.

Hello!

No, it does not.

Make sure NOT to forward on your router the same ports that you remotely forwarded, this would not expose your IP but may expose you to correlation attacks from an adversary with the ability to monitor your line.

Kind regards

Hello and thank you!

We should be able to provide some more information on the anti geo-IP discrimination system soon.

Kind regards

I had read a post on here, saying that it was pretty much a necessity to use comodo firewall on windows 8, due to the information leaks.

I was curious as to if there was a guide, detailing what to use specifically to make it the most effective at securing my privacy.

Thanks!

Hello!

Yes, here it is:

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3405&Itemid=142

Kind regards

Hello!

The "Expert Mode" displays log lines below the "Connecting..." string and shows the VPN IP (10.*.*.*) during the connection, nothing else currently.

Kind regards

Hi I am also new to this VPN stuff and I am starting to like it. Just one question.

How do I know it's using the AirVPN DNS? I tried www.dnsleaktest.com and found 3 Google servers. Is that the correct response?

Hello!

Yes, that's just fine. After internal resolutions (for internal services and against ICE censorship) our servers resolve names through Google DNS.

When looking into my network adapter setting on a mac it shows the 10.4.0.1 DNS automatically.

Your client has correctly accepted the DNS push of our server. See also here: https://airvpn.org/specs

Kind regards

Hello!

An Air client version for Windows 8 is ready.

The following is bundled with OpenVPN 2.3_rc1 for 64 bit systems:

https://airvpn.org/repository/air_windows8_x86_64.zip

The following is bundled with OpenVPN 2.3_rc1 for i686:

https://airvpn.org/repository/air_windows8_i686.zip

The Air client has been recompiled with .NET framework 4, so it will start immediately on a default Windows 8 installation.

Please feel free to let us know if the above solves your problems.

Kind regards

I'm still new to the AirVPN service and I enjoy the "sense" of privacy at this moment even though there is a possibility that it could be a weak wall of privacy. I like the fact that I have been able to log in to any of the servers via OpenVPN to obtain a new IP address for extended periods. However, reading through the forum, I have noticed that TOR is brought up a lot. What is TOR and how do I install it?

I know this sounds like a brainless question to many tech savvy readers. Please bare with me.

Hello!

"Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis".

https://www.torproject.org

While a VPN outperforms TOR in terms of bandwidth and latency, and allows all protocols (while TOR can't support UDP and is not suitable for p2p) TOR is anyway an important tool to increase your privacy and strengthen your anonymity layer. In critical situation, when a person can't afford to trust the VPN operators (to make an extreme example, when his/her life is at stake if his/her identity is disclosed and related to the information he/she imparts and/or receive), TOR can be used to perform what we call "partition of trust", so that betrayal of trust by one party does not destroy the anonymity layer.

Some considerations on partition of trust and how to increase the strength of the anonymity layer if a person lives in a human rights hostile regime:

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=54&limit=6&limitstart=6&Itemid=142#1745

How to connect over AirVPN over TOR:

https://airvpn.org/tor

In order to connect, on the contrary, over TOR over AirVPN, just connect to an Air server first, then use TOR.

Considerations about different approaches on partition of trust:

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=5821&Itemid=142#5822

Of course if you don't find yourself in such critical environments you probably don't need any of the above, just connect to Air "normally".

Kind regards

Hello and thank you for replying with details, you make it clearer now. I trust your servers thanks to your good reputation but I do not trust tor exit nodes that anyone could set up.

So, if your purpose is getting protected from malicious TOR exit-nodes and hide to our servers your real IP address, you should connect over OpenVPN over TOR, as you have already done, and then use a browser not configured to connect over a proxy.

This is what I would like to do. Can TOR browser be made to work in this way?

Hello!

Thank you.

Well, yes, for example the Aurora (a customized Firefox) browser in the TOR browser bundle can be configured to use no proxy, and you still have all the protections configured by the TOR Project Team (no scripts allowed, no Flash, https anywhere possible...).

Just like with Firefox, in order to set how Aurora must connect to the Internet, go to "Options"->"Advanced"->"Network" tab. Then click on the "Settings" button near "Configure how Aurora connects to the Internet", finally select "No proxy".

Kind regards

Want to check that I have set up your service and my programs correctly.

I am using tor with your vpn. I followed instructions on your tor setup page. Started tor first then openvpn connects to the airvpn server I choose. Your site still says I am not connected and shows my tor ip, and checkmyip.com also shows tor ip and ipligence.com shows geolocation that is wrong country for your vpn, so it must be tor. But if I use other browsers your site says connected, checkmyip shows vpn ip, and ipligence shows geolocation of that vpn server. Does this sound like tor is working right over your vpn? Is this secure against malicious tor exit nodes? Thank you.

Hello!

Your connection is "AirVPN over TOR". In this case, if you use a browser NOT configured to connect over a proxy:

- our servers can't see your real IP address, but can see your traffic

- TOR nodes can't see your traffic, which is encrypted by OpenVPN

- you are "visible" on the Internet with the Air server exit-IP address

With the same setup, if you run a browser configured to connect over the same TOR proxy used by OpenVPN:

- you will be using TOR only

- your traffic will not pass through our servers

- you will be visible on the Internet with the TOR exit-node IP address of the established circuit

- you are not protected against TOR malicious exit-nodes

So, if your purpose is getting protected from malicious TOR exit-nodes and hide to our servers your real IP address, you should connect over OpenVPN over TOR, as you have already done, and then use a browser not configured to connect over a proxy.

If your purpose is hiding your traffic to our servers, then just connect to an Air server normally, and then use the TOR browser.

If your purpose is hiding your traffic AND your IP address to our servers, but trusting TOR exit-nodes, you can connect over TOR over AirVPN over TOR. In order to do that, the simplest way is through a Virtual Machine. In the host you just connect over OpenVPN over TOR as you do now. In the guest OS you connect over TOR.

Kind regards

Hi,

Sorry to bring this matter up again.

I’m wondering if AirVPN is still offering free trials. I requested one, a couple of days ago, and got no reply... Can an admin please take a look?

Thanks

Hello!

Please check your account (menu "Member Area"->"Your Details").

Kind regards

attachment 2

Hello!

The application rule for uTorrent looks ok and the AirVPN Network Zone is correctly defined. Maybe uTorrent is using a proxy? Please also check that Comodo Firewall security is set to "Custom Policy".

As a side note, please check your Loopback Zone definition (it is wrong), it must be IP/Netmask [127.0.0.0/255.0.0.0] or equivalently IP range [127.0.0.0 - 127.255.255.255]

Kind regards

The instructions here all work fine, but how do I forward a range of ports in my airvpn account, because it's impossible for me to see which ports have already been taken by other users, how can I find a single consecutive range? Through trial and error I've managed to find a range of 4 ports, which probably isn't going to be enough.

Hello!

You're right, if you need contiguous ports the system is annoying. We planned to modify this system actually (for example with the addition of a "map" of free ports) and we'll work on it soon. EDIT: option was added.

In the meantime please contact us and we'll give you a free consecutive 20 ports range.

Also, out of interest, what will happen if you get more users and run out of ports?!

We'll have to provide the option to use the same forwarded ports to different accounts and direct those accounts to different exit-IP addresses or invent some other trick. Actually, it is a problem which we would be glad to face, it would mean that Air is used by very many people.

Kind regards

Is this issue being investigated by the AirVPN team?

Thanks.

Hello!

The problem was solved some hours ago, anyway your account was one of those not affected by the issue. Your account is connected and exchanging data successfully with some Air server since 15-16 hours ago approximately.

Kind regards

One last thing that I don't quite understand is something you've referred to, in terms of setting Deluge's interface:

It seems that tun0 is always given the same IP by linux (although I haven't specified that anywhere),

Hello!

tun0 IP will be DHCP-assigned by our servers, unless you reject the push with nopull.

https://airvpn.org/specs

so I've entered that IP into Deluge's interface setting to force traffic only through the VPN. Although for a couple of minutes when I reboot I do get a message in the thinclient that 'no connections found', but that goes away quickly, and everything seems to work ok, and more importantly, http://checkmytorrentip.com does not report any leaks. Does that make sense, and seem like a logical solution to you? I'm guessing it has problems initially because deluge tries to connect through this interface before the vpn is properly initialised.

Yes, it makes sense, and if you notice no leaks you're just fine. The "no connection found" is probably correct (it should occur until your OpenVPN client receives the push from the server).

Oooh actually, one more thing. I had problems forwarding the ports correctly for Deluge. In the end I configured a forwarded port in my airvpn account that forwards a specific port to the SAME port at my end. eg 55555->55555, then entered that port into Deluge's incoming and outgoing port settings. That seems to work ok, whereas all previous settings do not. I don't see how anything else could work as how could peers possibly send to the right port if I've redirected it to another port?

Of course you're right, a remotely forwarded port for a p2p client must not be remapped to a different local port, as specified in our FAQ, otherwise the client won't be reached from the Internet (p2p is of course possible but with no incoming connections). This is a particular case for which a port remap is not desirable with our cone-NAT.

Kind regards