Staff

Wow! Didn't realize about the under usage. That seems surprising to me, but I don't doubt your word. I'll start checking it out more closely before being so quick to use a Netherlands server.

Hello!

As you probably know, you can check anytime the servers status here:

https://airvpn.org/status

Kind regards

Ok sounds great. Will let you know if I have any problems or if I manage successfully. Should be later tonight.

Just 2 questions:

1. Can I use the AirVPN windows client on HM and VM or I have to download and use OpenVPN for both this as I saw you mentioned downloading the configuration files?

Hello!

You can use the Air client both on your host and guest OS. Please note that you can't use the same account for two simultaneous connections.

2. How to identify if I am selecting the appropriate options for Proxy Type, Proxy IP and Proxy Port

You need to know the proxy type, IP and listening port of the proxy you're using. You can discover them from inside the proxy interface and its documentation.

Kind regards

Thank you Admins for the new servers. This really is a great VPN. Everything about Air says quality.

Are there any plans to add another server or two in Sweden? I often use The Netherlands' servers but I personally think another Swedish server would be great. At the same time I know you can't set up servers for everyone that makes these type of requests.

Thanks for such a great service.

Hello!

We can confirm we have plans for one additional Swedish server. However we are currently unable to provide you with a date. Please note that currently Serpentis bandwidth is permanently under usage, with only 25% peaks.

Kind regards

I want to acheive Tor over AirVPN over Tor and therefore need to do the following:

- connect the host over AirVPN over TOR

- connect the guest programs over TOR (just to make an example use the Aurora browser of the Tor Browser Bundle in the guest)

So to acheive this I will:

1. Now install the new windows VM

2. Then download and install Tor and the windows AirVPN client on the VM and then am assuming Im good to go pretty much

3. OR are there any special settings to make the "Tor over VPN part of the connection on normal windows" (HM its called right?) routes to the VM correctly?

Hello!

That's correct, there are no additional requirements. However, the previous admin post forgot to specify an important detail, that is the VM must be connected to the host via NAT in order to render the setup effectively working (i.e. no bridging). This is the default configuration in VirtualBox (just make sure that "NAT" is selected in "Settings"->"Connections") so you should not worry about it, the virtualization program will take care transparently of all NATting.

So then once fully set-up to connect I would do as follows:

a. On HM (normal windows) connect to Tor.

b. Once connected to Tor, connect to AirVPN.

c. Start the VM and then again connect to Tor within it

d. Done! Use the internet with" Tor over VPN over Tor" using the last Tor Browser launched in the VM for your browsing needs?

Correct. About point b, remember to configure OpenVPN to connect to an Air server over your TOR proxy. The configuration generator or the Air client will take care of it, just select the appropriate options for Proxy Type, Proxy IP and Proxy Port.

If point a is correct then how can I change my Comodo settings to allow me to connect to Tor first as the current rules only allow connections to AirVPN servers. Could these changes to settings alow for DNS leaks?

The rules should already allow these type of connections because, when you connect OpenVPN over TOR, OpenVPN will communicate with 127.0.0.1 (your local proxy address), which is explicitly allowed in some rule. Additionally remember, when Comodo will prompt you about that, to allow any communication from/to the Virtual Machine (i.e. take care not to block the virtualization program NAT).

If you have any issue on this matter please do not hesitate to contact us, a Comodo expert will support you.

Kind regards

Hi, another newbie question. In addition to the VPN disconnection leaks, do the instructions in the above mentioned links ("Prevent leaks with Windows & Comodo" and "Prevent leaks with Linux & iptables") cover also the DNS leaks?

Hello!

About Windows and Comodo yes, absolutely, the recommended rules prevent DNS leaks.

About Linux, it does not suffer DNS leaks, which is a typical Windows problem basically related to the fact that Windows lacks the concept of global DNS.

So just set your favorite DNS servers (for example by editing /etc/resolv.conf if you don't have resolvconf installed) and OpenVPN will tunnel them. Only obvious exception: nameserver in which case DNS queries will be sent to your router and the the router will send them out unencrypted.

Kind regards

Forgive my ignorance, but what's with the many 100Mbit servers? Wouldn't 1Gbit have more bandwidth and/or be faster?

Not criticizing here, after all Air has plenty of 1Gbit servers to choose from and I always use them. But why provision a 100Mbit server at all? Air has 6 servers in Netherlands and 3 are 100Mbit? What gives?

Hello!

Currently the infrastructures in Singapore and Italy do not provide a 1 Gbit/s dedicated port with 1 Gbit/s lines (even shared, best effort) as a viable solution for our requirements. They just can't provide enough traffic.

About the Netherlands servers, the old 100 Mbit/s have a dedicated line, which is burstable up to 200 Mbit/s, while the 1 Gbit/s servers have a dedicated 1 Gbit/s port connected to multiple shared lines capable to provide up to 1 Gbit/s 95% of the time. Since the 100 Mbit/s NL servers are in a different network than the Gbit NL servers, we prefer anyway to keep them for access redundancy.

Kind regards

Awesome!!!

I hope it stays online.

Do you feel the host you are with in SG will work well with VPNs?

Hello!

We're confident about that: the provider has been thoroughly informed about our activity. Of course things in real life may be different, we rely both on the correctness of the provider and on our customers' respect of AirVPN Terms of Service.

Kind regards

I have managed to install "OpenVPN Access Server version 1.8.4 for Ubuntu10 i386 " - although actually running ubuntu 12.04 I think it is. I can see its installed but have no idea how to access the file or configure the OpenVPN settings. Advice? Maybe a good link?

Hello!

Please see here:

https://airvpn.org/linux

Will I need to also install skype, TrueCrypt, Tor and all other software on Ubuntu? Im confused whether Ill be using the firefox/Tor on my normal desktop or the equivalent on the ubuntu VM when fully set-up?

It was understood that you had already placed the guest virtual HDD inside a host TrueCrypt volume

When the VM is fully setup, you have plenty of options, please see the previous message. For example, if you wish to connect over TOR over AirVPN over TOR:

- connect the host over AirVPN over TOR

- connect the guest programs over TOR (just to make an example use the Aurora browser of the Tor Browser Bundle in the guest)

If you wish to connect over VPN over VPN:

- connect the host to a VPN service

- connect the guest over another VPN (you can also perform Air 2-hops, connecting the host to an Air server and the guest to another Air server, in which case you will need 2 Air accounts - EDIT: this is not partition of trust because you would multi-hop on servers that are all controlled by the same entity)

Kind regards

Hello!

We're very glad to inform you that a new 100 Mbit/s server located in Italy is available: Crucis.

The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Member Area"->"Access without our client").

The server accepts connections on ports 53, 80 and 443 UDP and TCP.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

Do not hesitate to contact us for any information or issue.

Kind regards and datalove

AirVPN admins

Hello!

Phoenicis migration has been completed successfully and the new server is online. Contrarily to what stated in the previous message, it has been possible to maintain the IP addresses.

Please do not hesitate to contact us for any issue with this server.

Kind regards

Hello!

We're very glad to inform you that a new 100 Mbit/s server located in Singapore is available: Sagittarii. We hope and we're confident that this is only the first step of AirVPN expansion in Asia.

The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Member Area"->"Access without our client").

The server accepts connections on ports 53, 80 and 443 UDP and TCP.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

Do not hesitate to contact us for any information or issue.

Kind regards and datalove

AirVPN admins

WARNING: the migration process has begun. Please disconnect as soon as possible.

Kind regards

No, the real header and payload can't be unencrypted when inside the VPN.

In what sense are you making that statement:

Hello!

The http traffic "in transit" cannot be sniffed by your ISP or by a "man in the middle" (an entity between) the OpenVPN client and the OpenVPN server.

Kind regards

Hello!

The support team replied to your mail where you attached the Tunnelblick logs. The solution to your problem is straightforward, please check your inbox.

Kind regards

Hi!

Yes your right and this should be extremely helpful for others looking to do the same!

I managed to install the VM. I now have Linux Ubuntu running on my windows 7 HM. I managed to create the virtual disk in a hidden vol of a truecrypt container too :-)

I now have a few questions:

1, Is it correct that with this new set-up Tor exit nodes will be irrelevant?

Hello!

What do you mean with irrelevant...? If you refer to TOR over OpenVPN over TOR, one TOR exit node is essential to send your packets to our servers and receive them from our servers, the other TOR exit node is essential to send out and receive packets to/from the Internet (assuming two circuits).

2. Do I need to reinstall all software such as AirVPN, skype etc on the ubuntu VM? Or how does this work?

Yes. In order to connect to Air please install OpenVPN and follow the instructions for Linux.

3. Still only have one VPN provider? Do i need a 2nd VPN for this or can Tor do the job?

You have now tons of options: Any VPN over AirVPN over TOR, TOR over AirVPN over TOR, proxy over AirVPN over TOR, I2P over VPN over TOR, AirVPN over AirVPN over TOR... and theoretically you can even connect (from the VM) over AirVPN over TOR over AirVPN over TOR, or over TOR over AirVPN over AirVPN over TOR etc. etc.. These last two "setups" work fine, but do not expect performance exceeding 100 kbit/s, and be ready for very high latency (1000-2000 ms with the final host you connect to are not uncommon). Usually connecting over a VPN over TOR over AirVPN over TOR is necessary only in extremely critical environments which currently we have not found in practice in any country (but of course our experience is not "universal").

You should study each solution to see which one suits your needs in the best way, i.e. the best compromise between security and performance, provided the minimum necessary setup to defeat your adversary. Ideally, you should have a clear vision of the maximum power your adversary (or adversaries) has/have.

5. "Yes, provided that all the I/O operations are performed inside the encrypted volume."

What is an I/O operation?

I/O = Input / Output.

Kind regards

UPDATE 14 Nov 2012: All the hardware replacements have been fulfilled. Both Vega and Phoenicis can be used now.

Hello!

After we detected various issues, an hardware inspection on Vega found a defective Hard Disk Drive. The HDD has been replaced and from now on Vega should be back online without any of the problems which afflicted it in the last weeks. Please do not hesitate to contact us in case you note any issue on Vega.

Phoenicis has some deep hardware problem that can't be currently located by the datacenter technicians. These problems cause a deep crash randomly (total freeze), making the server unreliable for a long term connection. As a consequence, we'll move Phoenicis Hard Disk Drives to a new server in the same datacenter. The name of the server will remain "Phoenicis" but the IP addresses will change. The operation is expected to begin very soon. We'll put Phoenicis down and all the clients will be disconnected.

Phoenicis will reappear on the servers list after the migration is completed and after all the tests on the new machine will be passed.

Kind regards

What about the UDP port that bittorrent clients uses for DHT? It is always unsafe to open UDP ports through the VPN? If this is the case I guess we must renounce to DHT.

Thanks if you can clear this doubt.

Hello!

It is not unsafe (generally speaking) to forward UDP ports. DHT does not need a forwarded port, however uTorrent will try to connect to a uTorrent server (owned by uTorrent company) for DHT bootstrap. DHT bootstrap with the aid of a central server could be necessary at the first run of uTorrent, or maybe after a long time during which uTorrent was never launched, in all other cases the bootstrap should be performed successfully from known peers and not central servers. Latest uTorrent versions don't even need any remotely forwarded port in Air servers, because they can "traverse" Air NAT (which is p2p friendly) with the help of other peers in the swarm. Just wait a couple of minutes with a running torrent and you'll see that the connection token will get green.

Kind regards

Yes - I hope so, but WHAT connection logs and where are they? Do you mean the "message" logs in vidalia? or some other logs - that I don't know exist or how to find?

Hello!

The OpenVPN logs. According to how you launch OpenVPN their location or output may vary.

Please tell me what "connection logs" you're referring to - and ALSO:

Please tell me if I am supposed to see some "GUI" for openvpn - or one for any airvpn-server that I may use. Am I missing some GUI?

In order to simplify, please launch OpenVPN directly from a shell as reported in the following link, then just copy & paste the output of the command here.

https://airvpn.org/linux

Kind regards

Of course, the normal practice is that a file inside an encrypted volume is never ever stored in unencrypted form outside the volume anywhere. If this happens accidentally, the unencrypted file needs to be securely shredded.

http://en.wikipedia.org/wiki/Data_erasure

So to clarify on point above: it is safe to access and temporarily store (until accessed and re encrypted using PGP) a file from inside the hidden volume so that it could not be recoverable?

Yes, provided that all the I/O operations are performed inside the encrypted volume.

An adversary can see your encrypted files only if it gains access to your computer while the volume is mounted, so you should not leave your computer unattended with mounted TrueCrypt volumes if someone can gain access to it. Please see also here for a lot of useful information:

http://www.truecrypt.org/docs/

You can keep a VM completely inside an encrypted TrueCrypt volume: just create the virtual hard disk inside the virtual encrypted volume.

Once I have successful set up my system with your fantastic help (which I will confirm with you here) would you mind deleting this thread?

You should use the "Contact us" form if you don't want to make your messages public. Even if we delete this thread, it will remain available on the Internet Archive.org Wayback Machine, Google cache... A forum is meant for public discussions which should remain available to all readers for future references.

Kind regards

Thanks for the quick reply!!

Through my research, I've seen other VPN services offer "IP binding", where if the VPN connection goes down, the application (ie Utorrent) stops transmitting.

Does the AirVpn application have the same sort of feature?

Thanks again

Hello!

Please see the links "Prevent leaks with..." in the announcement section of the forum according to your system:

https://airvpn.org/forums

Kind regards

Hello!

Can you please send us the connection logs?

Kind regards

Thanks all seems fairly straight forward or at least I hope. Here goes - going to try set up either VMWare or VirtualBox or at least get my head properly round it all now.

1. Did you mean that I will need a valid windows CD to create the HM with either VMWare or VirtualBox ? I hope they are free but will check right now after this.

Hello!

You will need a valid OS image and the license to use it. However not all OS are protected by copyright, you can use free and open source OS or distribution of OS which come under GPL, like Linux distributions, or similar like OpenBSD. If your host is Windows-based, it can anyway host such OSes.

3. I also have one other non-connection related question which you might be able to help with. If I am using truecrypt on my OS and have files encrypted with PGP within a hidden volume then when I decrypt the file (still onto the hidden volume) and then read it with say notepad on my comp and then encrypt once finished and remove unencrypted version obviously. As files are always recoverable in some way is it not possible that someone could still view the files using this method and completely defeat the purpose of these systems?

Of course, the normal practice is that a file inside an encrypted volume is never ever stored in unencrypted form outside the volume anywhere. If this happens accidentally, the unencrypted file needs to be securely shredded.

http://en.wikipedia.org/wiki/Data_erasure

After the HM setup I hope I am close to reaching the vision we have described as: "In the vision of a "connection as secure and anonymous as possible"

Please consider, even in view of your point 2, that the reported performance is OpenVPN over TOR and TOR over OpenVPN. TOR over OpenVPN over TOR or TOR over VPN over VPN will have a slower performance.

As always your advice/help is literally "unvaluable"! If your privacy terms and commitment to NEVER sharing information with anyone live up to the standards of your customer service and support then this really is something special here that should be highly valued.

Thank you!

Kind regards

I'm currently doing research on the different VPN services available and thinking about purchasing AirVpn due to the new laws about torrenting in my country. A couple of questions....

1. Is AirVPN software that encrypts all of my traffic? Do I need to configure my web browser? Do I need to configure my router?

2. I am a heavy Utorrent user (personal use)...do I need to configure Utorrent client?

3. I do not live in the USA but I would like to view the TV websites that have full episodes...with AirVPN can I change my location to the US to do this? ie Netflix, Hulu, etc

Thanks in advance!!

Hello!

1. AirVPN is based on OpenVPN. Our OpenVPN servers push automatically routes to your client so that all your traffic is encrypted. Keys are RSA 2048 bit, data channel is encrypted with AES-256-CBC cypher and the packets verification is HMAC SHA-1 160 bit. The authentication is based on two certificates and a client key. In our configuration OpenVPN performs a TLS re-keying with overlapping windows (so that there's no delay or bottleneck during re-keying) every 60 minutes (as by default).

You don't need to configure anything on your router if you connect from a computer or a mobile device.

Just in case you have a DD-WRT/Tomato/OpenWRT router with OpenVPN support, you can alternatively perform the connection directly from the router, instead from you computer. In this case you would need to configure OpenVPN on the router. This is totally optional.

2. No, you don't need to. When you connect to an Air server you are behind a "cone-NAT" (p2p friendly) which latest uTorrent versions are able to "punch". Anyway you can remotely forward a port and then insert the same port number as the listening uTorrent port, to make your client immediately reachable from the Internet without traversing the NAT. This is particularly useful should you use a torrent client which can't traverse a NAT.

3. Yes. We currently provide 5 servers in the USA for a total available throughput bandwidth of 5000 Mbit/s. https://airvpn.org/status

Some more information on the service can be found on the FAQ:

https://airvpn.org/faq

Please do not hesitate to contact us for any further information.

Kind regards

Allright.

So, then, what's the way to have the lowest latency possible without UDP protocol?

Hello!

Latency is a parameter which is not controllable, but you should try all the servers to see which can give you the lowest latency. Our server monitor will help you, showing a latency which has no absolute value, but is useful to make comparisons. https://airvpn.org/status

Kind regards

The support answers typically take 1-2 hours (4-5 hours during the weekend nights, CET). If you did not receive any reply please check your spam folder and anyway re-send your support request. You can also elaborate your problem here in the forum, if you wish so.

I allowed 48 hours during the week. Not a weekend. And I had to transmit the requested logs three times before anyone appeared to notice, and whomever I corresponded with agrees that they don't show a single thing out of the ordinary.

Hello!

Maybe some communication problems? The support is much faster than 48 hours.

I'm having the same problem as some other people I've seen on the forum: I'm getting 4/4Mbps through nodes that are not heavily used. Everything on my end is, essentially, perfect, and AirVPN is the only service or protocol or site I access that has this limitation, so I'm going to go ahead and say: it's got to be AirVPN.

Of course it can't be excluded: if there's "bad peering" between all our datacenters bandwidth providers and your ISP, unfortunately this can't be resolved. Although we are careful to put servers in datacenters with POPs connected directly to tier1 and tier2 providers, it's impossible to have a 100% certainty to have good peering/latency/routing etc. with all the ISPs in the world... this is just how the Internet works.

I'm a systems and networks administrator. I've been doing this for over a decade. My router/firewall machine is a Core i5-2500. Four cores, 16GiB of RAM. It's lightly loaded. This is not a problem with a crappy little MIPS32 router at 400MHz or 680MHz. And I'm using a full install of Ubuntu Server 12.04.1 LTS with very few changes from defaults.

Ok, so it is probably safe to assume that the above cause is the most probable cause for your 16 Mbit/s performance.

I have a business-class connection through my ISP. I've never caught them throttling any other type of traffic, so finding that they throttle 443/tcp connections would be quite a surprise.

If you haven't already done so, please try connections over UDP ports (try them all), you might have better performance for obvious reasons. Or, you might notice packet fragmentation (which you can't notice with TCP of course), in which case you might fine-tune OpenVPN for higher performance as you probably already know.

Kind regards