Jump to content
Not connected, Your IP: 3.80.5.103

Staff

Staff
  • Content Count

    8971
  • Joined

    ...
  • Last visited

    ...
  • Days Won

    1302

Everything posted by Staff

  1. @gzz Hello! We are working on that. Packets arte properly forwarded to clients, but some Linux boxes (including Ubuntu and Debian distros) do not answer to those packets. Windows (any version), Mac OSX and Android do not have this problem. We will keep you posted. Kind regards AirVPN admins
  2. @slammin_bulu_whack Hello! Yes, your assumption is not purely hypothetical. It may happen to any VPN provider anywhere in the world, not only in the USA. Let's be clear, if the action is authorized by a judge under alleged, direct or indirect, violations of human rights (in particular human trafficking, child exploitation, export of monitoring technology) we will fully cooperate with the authorities. First of all, no account data are kept on the VPN servers, and anyway we encourage not to use identity disclosing information in your accounts with us. With a seized, offline server, forensic analysts work would be impaired. Much more effective would be real time wiretapping on the servers. This, potentially, might be done not only by legal agencies, but also by criminal organizations, although it might be difficult to cover their traces. For this reason, as we have said in the statement you cite, we strongly recommend to use AirVPN over TOR if you need to send critical information (for example, a whistleblower who sends something to a journalist), and to encrypt those information. In this way, even real time wiretapping would be ineffective to disclose both origin of the transmission and content information. Using AirVPN over TOR instead of TOR alone has a series of significant advantages, amongst which to solve the problem of malicious TOR relays (the traffic is still encrypted when passing through a TOR relay, and the TOR relay can't see the final destination IP of your communications). Also, AirVPN (thanks to OpenVPN) supports VPN over http-proxy. In this case, you have to use the TCP protocol and you will be able to establish an AirVPN over proxy connection. The proxy server will see your real IP but not the real destination, our servers will not see your real IP address. Furthermore, the packets payload will still be encrypted by OpenVPN when passing through the proxy node. Another scenario with physical access to the server is the possible correlation between account codes and IP address. Suppose that you connect via AirVPN over TOR to one of our servers to send critical data. Then, you connect with the same account to the same server but without TOR. At this point, it is possible to correlate your previous connection over TOR with this new one connection (same account code), disclosing therefore your real IP address to those who have physical access to the server and are wiretapping in real time. So, for critical transmissions, you should also take into consideration to use a specific account, aimed to be used only with AirVPN over TOR, even only one time for additional security, so that it would be impossible to make correlations between account codes and your real IP address, even with real time wiretapping. Trial free codes available on Twitter or sent by us via e-mail are perfect for this purpose (they have a maximum duration of 4 days). Just make sure that you use an e-mail account which can't be exploited to reveal your identity and perform the registration and the activation on our website via TOR. Please do not hesitate to contact us for any further information. Kind regards P.S. Vega is not with Leaseweb.
  3. balthazett wrote: Hello! It's a temporary down, it's in the "shadow" servers now. Shadow servers are servers that are working but are hidden. Their purpose is to be always ready in case of emergency. Kind regards
  4. anonimus1105 wrote: Hello! Ok, but when you have inserted those messages you had to be connected because they came from inside our infrastructure. Even this last quoted message comes from inside Air infrastructure, so you were connected while writing it. Can we assume therefore that the problem is solved? We're looking forward to hearing from you. Kind regards
  5. Hello! Yes, there will be new servers. Unfortunately, Mexico and China are not appropriate locations for a service like AirVPN. In China there are very many issues related to privacy, active monitoring and censorship. The infrastructure in Mexico heavily needs further development. We will anyway review the situation in Asia very soon. Kind regards
  6. privado wrote: Hello! Sure, please contact us in private (menu "Support"->"Contact us") for those inquiries. Kind regards
  7. Hello! This is a collection of articles appeared online about AirVPN. The Guardian: http://www.guardian.co.uk/technology/blog/2011/sep/26/technology-links-newsbucket Privacy International: https://www.privacyinternational.org/blog/enjoy-internet-freedom-and-anonymity-terms-and-conditions-apply with a further comment by Eric King, Human Rights and Technology Advisor, Privacy International: https://www.privacyinternational.org/blog/enjoy-internet-freedom-and-anonymity-terms-and-conditions-apply#comment-190 TorrentFreak: https://torrentfreak.com/which-vpn-providers-really-take-anonymity-seriously-111007/ IT World: http://www.itworld.com/security/206429/who-trust-your-secrets-some-vpn-anonymity-providers-sound-noble-others-are-just-icky The Atlantic Wire: http://www.theatlanticwire.com/technology/2011/09/lulzsec-hacker-exposed-service-he-thought-would-hide-him/42895/ Kind regards AirVPN admins
  8. privado wrote: Hello! It's difficult to say why, without further details about configuration differences in the private networks. Thank you for your patience. We are going to refund you your monthly subscription (your access will be granted anyway until the expiration date). You might want to review your problem even in the DD-WRT support forum and wiki, given that we don't have access to an E2000 router and to the unknown DSL modem/router. We will keep on our commitment to improve our customer service. Kind regards
  9. Hello! If you're looking for some original gift for privacy aware friends and relatives, we are now offering gift coupons for 1 month, 3 months and 1 year premium subscription to AirVPN. The coupons are alphanumerical codes that, when inserted in our website, give immediate premium activation without further payment or delay. They have no expiration date set and are delivered in 4-8 hours. The person with the coupon just has to select the corresponding plan (1 month, 3 months and 1 year) and type in the coupon for immediate activation to premium status. You can decide the name of the coupon, up to 16 characters, and then give it to the person you wish to make the present. If you're interested, please do not hesitate to contact us https://airvpn.org/index.php?option=com_alfcontact&Itemid=105 Kind regards
  10. @privado Hello! Now there are no visible errors on the log. During the 4 minutes the E2000 was connected to a VPN server, could you manage to do anything (like pinging some servers...)? Kind regards
  11. whodinni570 wrote: Hello! We're glad to know that the issue has been resolved. We apologize for the inconvenience. About ports significance and TCP - UDP connection difference, please refer to the FAQ available here: https://airvpn.org/index.php?option=com_content&view=article&id=71&Itemid=137 (see "What is the difference between TCP and UDP ports? Which port should I choose?"). According to the Tunneblick wiki, "private configurations are stored in '~/Library/Application Support/Tunnelblick Configurations'. Since these files are all located in the user's Library folder, they must be set up separately for each user. (Note that the "~" in the path indicates the user's home folder; thus the folder is actually located somewhere such as /Users/username/Library/Application Support/Tunnelblick/Configurations. Do not confuse this Library folder with the /Library folder located at the root of the filesystem.) Shared configurations, which can only be Tunnelblick VPN Connection files, are stored in /Library/Application Support/Tunnelblick/Shared. Shared configurations do not need to be set up for each user. (In fact, that's the whole point of sharing them!)" See also http://code.google.com/p/tunnelblick/wiki/cFileLocations You're welcome! Please do not hesitate to contact us for any further information. Kind regards
  12. Hello! The USA server "Sigma" is currently not publicly available. If you need to use an american server, please pick Sirius or Vega. They both can give better performance than Sigma (they have faster hardware and they are on a 1 Gbit/s port instead of Sigma's 100 Mbit/s). Kind regards AirVPN admins
  13. Hello! Ok, problem detected from the logs. You are trying to connect to Sigma server, which is currently not publicly available. We apologize for the inconvenience and we are going to put a warning in the forum right now. For the USA servers, try the connection to Sirius (1 Gbit/s dedicated port server, Virginia) or Vega (1 Gbit/s, Oregon), you should have better performance (Sigma is on a 100 Mbit/s switch). Go to the "Member"->"Access without our client" and generate a new configuration for Sirius or Vega. Let us know if everything is all right. Kind regards
  14. privado wrote: Hello! Several E2000 users claim that the E2000 with DD-WRT is unable to connect to UDP ports via OpenVPN, see thread: http://www.dd-wrt.com/phpBB2/viewtopic.php?p=498189 Might it be that with the other provider you're testing you have connections only on TCP ports? We offer both UDP and TCP connections. It can be worth a try to revert back to your previous semi-working configuration, and try a connection on any of our servers available TCP ports (53, 80 or 443). To do that, change "proto udp" directive in the configuration file, and therefore on the startup script, to "proto tcp" Also, are you able to connect to a VPN server with your PC and E2000, that is not using OpenVPN on DD-WRT, but directly from one of your computers? Kind regards
  15. whodinni570 wrote: Hello! We can confirm you that your account is on premium status, authorized to access all the servers. There was no change of certificates or configurations recently from our side. Did you change anything in your system Tunnelblick configuration? Could you please send us the connection logs? Kind regards
  16. alcrom23 wrote: Hello! Checking your account, it appears that payment from PayPal was first delivered and then frozen after a few hours for a non-explained suspect of unauthorized transfer. From past experience the only thing we can do is to tell PayPal to give you back the money, in order to speed up the process. Kind regards
  17. privado wrote: Hello! Which command line you refer to? If you refer to the startup script, try this basic startup script (when the DSL modem/router is not in the network) and please post again the logs: cd /tmp ln -s /usr/sbin/openvpn /tmp/openvpn echo " [[PASTE air.ovpn HERE]] keepalive 15 60 daemon log /tmp/openvpn.log " > airvpn.conf echo " -----BEGIN CERTIFICATE----- [[PASTE ca.crt CONTENT HERE]] -----END CERTIFICATE----- " > ca.crt echo " -----BEGIN CERTIFICATE----- [[PASTE user.crt CONTENT HERE]] -----END CERTIFICATE----- " > user.crt echo " -----BEGIN RSA PRIVATE KEY----- [[PASTE user.key CONTENT HERE]] -----END RSA PRIVATE KEY----- " > user.key # Start openvpn sleep 5 /tmp/openvpn --config airvpn.conf --fragment <insert here the best value you found> --mssfix Kind regards
  18. scipio wrote: Hello! Can you please make sure that you copied the user.key too? In total there are 4 files that must be copied from within air.zip: the configuration (air.ovpn), 2 certificates (ca.crt, user.crt) and the private key (user.key). We're looking forward to hearing from you. Kind regards
  19. privado wrote: Hello! It's good that the MTU problem has been fixed by --fragment and --mssfix. We gave you a script which configures tun0, not tun1, in promisc mode, because of the previous bridged configuration with the DSL router, which now is not there anymore. Please delete or comment out the following line from the startup script: ifconfig tun0 10.x.x.x netmask 255.255.0.0 promisc up then delete or comment out the following lines from the "Firewall" script: iptables -I FORWARD -i br0 -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -o br0 -j ACCEPT and check the logs to see what happens. We're looking forward to hearing from you. Kind regards
  20. anonimus1105 wrote: Hello! See, the message with the screenshot and the quoted message just above come both from INSIDE our private network. This necessarily means that your account was normally connected to some VPN server. Check you connection simply browsing https://airvpn.org. Look at the central box at the bottom of the page. If it is green and displays "Connected" then you are connected to some VPN server and you appear on the Internet with exit-IP of that server. Kind regards AirVPN admins
  21. privado wrote: Hello! Your guess about 192.168.1.1 seems correct from the logs. 192.168.1.1 is the default IP address of a DD-WRT router. To be sure, browse the web interface, go to "Setup"-->"Basic setup" and see the IP reported in the "Local IP address" field. About the errors, they are probably related to MTU size. First of all, go to "Basic Setup" again and set the following values (probably they are already set so): TUN MTU Setting 1500 TUN MTU Extra 32 TCP MSS 1450 If they showed different settings, try the connection again after the modification. On the contrary, if those values were already 1500, 32 and 1450 and/or the log still shows errors of that kind, then launch OpenVPN with the --fragment 1000 and --mssfix parameters, i.e. modify the line in the "startup" script which launches OpenVPN in the following way: # Start openvpn sleep 5 /tmp/openvpn --config airvpn.conf --fragment 1000 --mssfix If this fixes the problem, progressively increase those values to 1100, 1200, 1300, ..., 1450 (that is, increase them until the logs show again an error code 91) to determine the optimal maximum segment size (the lower the max segment size is, the worse can be the performance, so this would be fine tuning). Unfortunately, it is in general impossible to conclude in a network what MTU will be at any moment. We're looking forward to hearing from you. Kind regards
  22. anonimus1105 wrote: Hello! You can have one connection per account at a given time. You can use your account on as many computers or devices as you like, but you can't use your account on multiple devices simultaneously. The message you have written comes from inside our private network, therefore you were connected to some AirVPN server when you wrote it. Make sure you have not given to anyone your account name and password. We're looking forward to hearing from you. Kind regards AirVPN admins
  23. privado wrote: Hello! In the bottom of this message we report the settings for web interface configuration, just in case you wish to try with that again. If you insert the 1st script in the "Startup" section the router will execute it when it boots and will write the openvpn logs in /tmp/openvpn.log. If everything is fine it will also connect automatically to the VPN server of your choice (the one specified in the air.ovpn that you have pasted there). YOUR CLIENT NETWORK SUBNET depends on the configuration of your DSL modem+router. Since it is in full bridge mode but DHCP is enabled, it will provide an IP address to the DD-WRT router. You are in a situation where you have two DHCP servers, one in the DSL m+r, the other in the E2000, and this makes things a little bit more complicated: you must pick IP subnets which do not overlap with each other. You should check that. It might be an address of the type 192.168.1.*, but it is also not uncommon that it might be 192.168.2.*. It all depends on the customization your ISP made to your DSL modem+router, just browse to the web configuration interface of the DSL router and check internal IP and subnet. When you're there, take also note of the internal gateway IP address, you will need it later. So, if the DSL router has internal IP 192.168.1.1 subnet 255.255.255.0 pick 192.168.2.1 for the local IP address of the DD-WRT router. If it is 192.168.2.1, pick 192.168.1.1. etc. The local IP address must also be set in the "Setup" page, tab "Basic setup" of the E2000. Example: local IP 192.168.2.1 Subnet Mask 255.255.255.0 Gateway . In this tab, also make sure that "DHCP Mode" is set to "Server" and that the "Enable" option is active. a.b.c.d is the IP address of the DSL router gateway. PARAMETERS FOR THE DD-WRT ROUTER WEB INTERFACE Start OpenVPN: Yes Server IP / Name: your favourite VPN server IP address (see the line "remote" in air.ovpn) Port: your favourite port (53, 80 or 443) [this is useful in case your ISP slows down connections on port 443 or 80 UDP] Use LZO Compression: Yes Tunnel Protocol: UDP or TCP [uDP is more efficient, but TCP with its full error-correction is precious when there are connection issues or your ISP throttles UDP connections] nsCertType: Server Public Server Cert: Paste the contents of ca.crt from "------BEGIN CERTIFICATE" to "END CERTIFICATE-----" included Public Client Cert: Paste the contents of user.crt like above Private Client Key: Paste the contents of user.key Save settings. Now, enable ssh connections in the E2000 so that you will be later able to access via ssh to the router for deeper troubleshooting. To enable SSH: - Using the Web Interface, go to the Administration tab. (in v24 use Services tab) - Under the Services sub-tab, Enable SSHd in the Secure Shell section. If new options don't appear, Save Settings - Enable Password Login to enable the password login - Save and Apply Settings Finally, please reboot the router, wait a couple of minutes, check the connection and verify your exit-IP to the Internet (you can see it by connecting to https://airvpn.org and looking at the central box in the bottom of the page). To access the openvpn logs for troubleshooting, login to your E2000 via telnet or ssh port 22. For telnet, default login: root default psw: admin. For ssh, default login: root. telnet ssh > If you use Windows Vista/7, you will need to install telnet from "Programs and features". Or you can download PuTTY which supports both ssh and telnet http://www.putty.org Once you log in the E2000, go to the /tmp dir and print the log. Copy it and please paste it to us, it may be really helpful for troubleshooting: cd /tmp cat openvpn.log Note: if you don't use PuTTY and you have Windows 7/Vista, use the Powershell to have improved screening and copy & paste functionalities. To copy a text inside the powershell, select it with the left mouse button pressed. When you have selected it all, release the left button and click once the right button. The text will be put in the clipboard, ready for pasting. We're looking forward to hearing from you. Kind regards
  24. privado wrote: Hello! Thank you for your feedback. The troubleshooting with DD-WRT routers with any s&t OpenVPN-based VPN provider requires exactly the same information we asked (network configuration, logs). They are necessary to give proper assistance. We will keep on our involvement to make life easier for non-techies, however there are certain minimal technical requirements which are mandatory if someone wants to be serious about privacy and anonymity layers. It's a small price to pay for a greater benefit. Please do not hesitate to contact us for any further information. Kind regards
  25. privado wrote: Hello! Sorry, it was assumed that you were already monitoring the logs. Here are two scripts that may help troubleshoot. They require minimal adjustment to fit your needs and according to your network configuration. If you startup with the 1st script, you'll find the logs in the file /tmp/openvpn.log Also, check that you have enough free memory in the router (8 kB free are enough). You might want to look here for further details: http://www.dd-wrt.com/wiki/index.php/OpenVPN_-_Site-to-Site_routed_VPN_between_two_routers#Client1_Configuration There you'll find how to enable syslog on your router as well. The first script is for the "Startup" section of your router. =========== cd /tmp ln -s /usr/sbin/openvpn /tmp/openvpn echo " [[PASTE air.ovpn HERE]] keepalive 15 60 daemon log /tmp/openvpn.log " > airvpn.conf echo " -----BEGIN CERTIFICATE----- [[PASTE ca.crt CONTENT HERE]] -----END CERTIFICATE----- " > ca.crt echo " -----BEGIN CERTIFICATE----- [[PASTE user.crt CONTENT HERE]] -----END CERTIFICATE----- " > user.crt echo " -----BEGIN RSA PRIVATE KEY----- [[PASTE user.key CONTENT HERE]] -----END RSA PRIVATE KEY----- " > user.key # Create tun0 interface /tmp/openvpn --mktun --dev tun0 ifconfig tun0 10.x.x.x netmask 255.255.0.0 promisc up [MODIFY 'x' - SEE https://airvpn.org/index.php?option=com_content&view=article&id=74&Itemid=141) # Create routes route add -net [[YOUR CLIENT NETWORK SUBNET HERE]] netmask 255.255.255.0 gw a.b.c.d [[FIND ADDRESS ACCORDING TO SERVER YOU CONNECT TO]] # Start openvpn sleep 5 /tmp/openvpn --config airvpn.conf ======================== Script for the "Firewall" section: # Open firewall holes - you might want to modify according to your connection iptables -I INPUT 2 -p udp --dport 53 -j ACCEPT iptables -I INPUT 2 -p tcp --dport 53 -j ACCEPT iptables -I INPUT 2 -p udp --dport 80 -j ACCEPT iptables -I INPUT 2 -p tcp --dport 80 -j ACCEPT iptables -I INPUT 2 -p udp --dport 443 -j ACCEPT iptables -I INPUT 2 -p tcp --dport 443 -j ACCEPT iptables -I FORWARD -i br0 -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -o br0 -j ACCEPT Looking forward to hearing from you. Kind regards AirVPN
×
×
  • Create New...