Staff

Hello! Please see the links "Prevent leaks with..." in the announcement section of the forum according to your system: https://airvpn.org/forums Kind regards

Hello! Can you please send us the connection logs? Kind regards

Hello! You will need a valid OS image and the license to use it. However not all OS are protected by copyright, you can use free and open source OS or distribution of OS which come under GPL, like Linux distributions, or similar like OpenBSD. If your host is Windows-based, it can anyway host such OSes. Of course, the normal practice is that a file inside an encrypted volume is never ever stored in unencrypted form outside the volume anywhere. If this happens accidentally, the unencrypted file needs to be securely shredded. http://en.wikipedia.org/wiki/Data_erasure Please consider, even in view of your point 2, that the reported performance is OpenVPN over TOR and TOR over OpenVPN. TOR over OpenVPN over TOR or TOR over VPN over VPN will have a slower performance. Thank you! Kind regards

Hello! 1. AirVPN is based on OpenVPN. Our OpenVPN servers push automatically routes to your client so that all your traffic is encrypted. Keys are RSA 2048 bit, data channel is encrypted with AES-256-CBC cypher and the packets verification is HMAC SHA-1 160 bit. The authentication is based on two certificates and a client key. In our configuration OpenVPN performs a TLS re-keying with overlapping windows (so that there's no delay or bottleneck during re-keying) every 60 minutes (as by default). You don't need to configure anything on your router if you connect from a computer or a mobile device. Just in case you have a DD-WRT/Tomato/OpenWRT router with OpenVPN support, you can alternatively perform the connection directly from the router, instead from you computer. In this case you would need to configure OpenVPN on the router. This is totally optional. 2. No, you don't need to. When you connect to an Air server you are behind a "cone-NAT" (p2p friendly) which latest uTorrent versions are able to "punch". Anyway you can remotely forward a port and then insert the same port number as the listening uTorrent port, to make your client immediately reachable from the Internet without traversing the NAT. This is particularly useful should you use a torrent client which can't traverse a NAT. 3. Yes. We currently provide 5 servers in the USA for a total available throughput bandwidth of 5000 Mbit/s. https://airvpn.org/status Some more information on the service can be found on the FAQ: https://airvpn.org/faq Please do not hesitate to contact us for any further information. Kind regards

Hello! Latency is a parameter which is not controllable, but you should try all the servers to see which can give you the lowest latency. Our server monitor will help you, showing a latency which has no absolute value, but is useful to make comparisons. https://airvpn.org/status Kind regards

I allowed 48 hours during the week. Not a weekend. And I had to transmit the requested logs three times before anyone appeared to notice, and whomever I corresponded with agrees that they don't show a single thing out of the ordinary. Hello! Maybe some communication problems? The support is much faster than 48 hours. Of course it can't be excluded: if there's "bad peering" between all our datacenters bandwidth providers and your ISP, unfortunately this can't be resolved. Although we are careful to put servers in datacenters with POPs connected directly to tier1 and tier2 providers, it's impossible to have a 100% certainty to have good peering/latency/routing etc. with all the ISPs in the world... this is just how the Internet works. Ok, so it is probably safe to assume that the above cause is the most probable cause for your 16 Mbit/s performance. If you haven't already done so, please try connections over UDP ports (try them all), you might have better performance for obvious reasons. Or, you might notice packet fragmentation (which you can't notice with TCP of course), in which case you might fine-tune OpenVPN for higher performance as you probably already know. Kind regards

Hello! Yes, it looks like your firewall drops every outgoing (or maybe incoming, or both) UDP packet. This will cause several issues to the network users, lot applications can't just be used etc. Just connect over a TCP port and you should be able to solve every problem. Encapsulating packets in TCP will also allow you to use all the applications which rely on UDP packets and that currently you can't use on your network. Kind regards

64 bit Windows 7 Ultimate no the changes will stay until i reboot, then the changes are lost. one advantage is that i can choose the server with the least load, but i have to remember when i boot or reboot, i'm not automatically behind VPN because i have to manually start the program. Hello! Thank you very much for the information. We're sending all of them to the Air client programmer. Kind regards

Hello! Please see here: https://airvpn.org/faq#p2p If you get a red token on TCP, please make sure that you have NOT forwarded, on the router, the same port(s) you have remotely forwarded. The red token shows you that the port forwarding works, but that your device may be subject to some correlation attacks. Kind regards

[quote name='"engagement" post=5479 1. Is a VM the same as HM? Hello! The host is the machine which "hosts" virtualized operating systems (the Virtual Machines' date=' also called "guests"). Typically the host is your computer with your OS. There are several virtualization programs, amongst which VMWare and VirtualBox are particularly powerful and easy to use. You need a virtualization program, such as VirtualBox or VMWare, and and operating system to install on one of the Virtual Machines. Once done, you'll have a guest operating system (the new OS installed in the VM) running inside ("hosted") by your host OS. See for example: http://en.wikipedia.org/wiki/Virtualbox In this case the main problem is not the part regarding TOR, because once you have established a connection over a VPN over a VPN, tunneling over TOR over VPN over VPN is trivial. The core problem is connecting a VPN over a VPN both with OpenVPN clients on the same machine which has one physical network card. There are several issues and if you don't master networking, routing tables and masquerading, then virtualization is a much, much simpler solution. Unfortunately it's impossible to say: it depends on too many factors. In Italy (tested with very few ISPs only), usually the bandwidth by establishing Air (with Holland servers) over a "random" circuit on different days and times of the day oscillates from around 200 kbit/s to 600-700 kbit/s. Kind regards

Hello! The following instructions show you how to connect over AirVPN over TOR: https://airvpn.org/tor In the above case all the programs will be tunneled over OpenVPN over TOR, leaving open the option to additionally add another tunnel (proxy over Air over TOR, TOR over Air over TOR, VPN over Air over TOR etc. etc.). In order instead to connect over TOR over AirVPN: first connect to an Air server, then launch TOR. In this case only the programs that are configured to tunnel over TOR will be tunneled over TOR over OpenVPN. The programs not using TOR will be tunneled over OpenVPN alone. Kind regards

Hello! The connection, as you can see from the logs, was over UDP, not TCP. You might like to try a connection over TCP while we investigate. Kind regards

Yes, if you can do that you might give us some useful information for troubleshooting. We will anyway try to reproduce your problem if you can't do that. Basically TCP protects against some replay attacks on top of OpenVPN protection, while with UDP the replay attacks are defeated with OpenVPN replay-protection sliding-window and time window, besides HMAC authentication. https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3773&Itemid=142#3784 Kind regards

Hello! Actually not, no particular problem is displayed in them before the credentials rejection. What happens with a connection over a TCP port? Kind regards

Hello! You're right, under a performance point of view UDP is better. Please see here for more information: https://airvpn.org/faq#udp_vs_tcp Kind regards

Hello! Thank you for the information. If you try a connection over a TCP port do you have the same problem? Kind regards

Hello! In the last 28 minutes your account has never connected and has tried no connections. If you tried the connection during this time window, can you please send us the Viscosity logs? Kind regards

Hello! We're looking into this. Did it start to happen to you since yesterday? Kind regards

Hello! Were you using different devices? Kind regards

Hello! Your account is currently connected and exchanging data. Please let us know at your convenience if the issue is solved. Kind regards

Hello! Normally you don't need to change any setting (but you might like to see anyway how to optimize p2p performance here: https://airvpn.org/faq#p2p ). For additional security you can perform the following test while you are connected to the VPN: http://checkmytorrentip.com Finally, you can consider to secure your connection against leaks in case of unexpected VPN disconnection. According to your system please see the guides that are linked in the announcement section of the forum. https://airvpn.org/forums Kind regards

Hello! The support answers typically take 1-2 hours (4-5 hours during the weekend nights, CET). If you did not receive any reply please check your spam folder and anyway re-send your support request. You can also elaborate your problem here in the forum, if you wish so. Kind regards

Hello! Unfortunately Phoenicis crashed again and again. We are keeping the server unavailable to premium users while we investigate with the help of the datacenter technicians. Kind regards

Hello! In this case you can't have a DNS leak, the rules will prevent all of them. Even assuming that you mean Mbit/s instead of MB/s, it's quite odd. Maybe your ISP allows bandwidth bursts? Kind regards

You seem to not understand. Even if a website's SSL certificate is compromised, a VPN will not protect you. The data will be sniffed. So this argument is not against Tor alone, but all services. Are you actually arguing that using an OpenVPN will protect you from this type of attack? Are you joking? Hello! The VPN will effectively protect the victim because it lets him/her to get out of the cage. It accomplishes (and accomplished in reality) the attacker purpose. Please note that there's a significant difference between blocking TOR and handling the routes so that the probability that the wished by the attacker circuit is established. Unfortunately the purposes of the attackers in the past were more sinister. Catching the login credentials and exchanged data of activists in Skype, GMail and Facebook is very useful for a human rights hostile regime. Actually, when 300.000 iranian citizens suffered this attack, and the attack was successful (see the previous link about the incident), the purposes were essentially repression and control. That was a significant example, a proof of concept to show you the basis of more sophisticated MITM of SSL attacks. It should appear quite obvious to the careful reader. While with AirVPN this problem is solved with partition of trust (which not necessarily requires TOR), you can't perform partition of trust with TOR alone in the depicted scenario. In that case, the only remaining option to the attacker is disrupting OpenVPN connections (we will soon provide an additional service to mitigate or even solve the problem of OpenVPN connections disruption). It's even worse: actually, as it was repeatedly showed, it is not necessary at all to hack a website to succeed with the attack. The main difference is that if you can't allow yourself to trust the Air operators, you can hide them all your real packet headers AND payloads, while you can't do that with TOR alone in the depicted scenario. We have faced this problem since when we designed AirVPN, and our suggested solution is partition of trust, so that you have a service which you don't need to trust if you can't allow yourself to trust it. Additionally, we have designed the system so that (if the customer wishes so) no identity can be correlated to an account. In this case, the only option remaining to the attacker is perform correlations (typical vulnerability of any low latency "anonymity" network). However, timing attacks become extremely difficult with OpenVPN, and even more with OpenVPN over TOR, theoretically the only adversary that can successfully perform them is the global adversary. Multi-hopping within the same VPN infrastructure (or within different VPNs owned by the same entity), while perfectly possible with Air, does not solve the problem unfortunately, since the operators can trivially correlate all the traffic amongst all the VPN servers, while multi-hopping with different VPNs owned by different entities which do not cooperate with each other, or with a connection over OpenVPN over a proxy, does. Of course you can solve the problem as well connecting over TOR|I2P|etc. over OpenVPN over TOR|I2P|etc. (but not TOR over OpenVPN, unfortunately), in which case you don't have to worry neither about a malignant VPN operator nor a malignant TOR|I2P|etc. exit node. In this case the target can only be defeated by an adversary who can control simultaneously the TOR exit nodes and the VPN server. That this VPN operators can be this adversary, i.e. that they can have the power of a government which can control ISPs and border routers, is an extraordinarily near zero probability. TOR over OpenVPN does not solve the problem because, if you imagine a really nasty VPN operator, you can assume that he/she hi-jack TOR connections from the VPN server to which you connect to, in order to enhance greatly the probability that you establish a circuit where the exit node is controlled by the same nasty operator (but obviously he/she can't do that if you connect over OpenVPN over TOR). I think you are sorely confounding many different things. Let's make a step back before proceeding. Have you understood how the attack works and why it does not need to hack https website and/or authority servers, and how the SSL/TLS packets to and from the victim are decrypted and re-encrypted? Yes, I am aware of that. I was not making specific references to any particular hack. The argument was that the breach was on a third party site; it was not the Tor service. Whether the third party site is CA website or Google, it matters little. We have seen real cases in which the attack does not need neither a breach on any authority website nor a breach on any https website (see the links on the Wikipedia article). We are making specific references to real incidents which really occurred, while the impression (but this admin may well be wrong, no offense meant) is that you are facing the issue in a fantastic, ideal scenario, ignoring the incidents really occurred in the past years. It must be said also, for completeness, that some of the most critical TOR vulnerabilities have been fixed at the end of 2011 ( https://blog.torproject.org/blog/tor-02234-released-security-patches ), while critical vulnerabilities in OpenVPN have not been found until today. Kind regards