Not connected, Your IP: 13.58.39.129
Online: 22054 users - 246578 Mbit/s total BW
.png.f3c947a2e9e68659251859004ed11f01.png){kind=avatar}
Staff
-
Content Count
10643 -
Joined
... -
Last visited
... -
Days Won
1779
Posts posted by Staff
-
-
Hello!
We're very glad to inform you that a new 100 Mbit/s server located in Italy is available: Crucis.
The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Member Area"->"Access without our client").
The server accepts connections on ports 53, 80 and 443 UDP and TCP.
As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
Do not hesitate to contact us for any information or issue.
Kind regards and datalove
AirVPN admins
-
Hello!
Phoenicis migration has been completed successfully and the new server is online. Contrarily to what stated in the previous message, it has been possible to maintain the IP addresses.
Please do not hesitate to contact us for any issue with this server.
Kind regards
-
Hello!
We're very glad to inform you that a new 100 Mbit/s server located in Singapore is available: Sagittarii. We hope and we're confident that this is only the first step of AirVPN expansion in Asia.
The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Member Area"->"Access without our client").
The server accepts connections on ports 53, 80 and 443 UDP and TCP.
As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
Do not hesitate to contact us for any information or issue.
Kind regards and datalove
AirVPN admins
-
WARNING: the migration process has begun. Please disconnect as soon as possible.
Kind regards
-
No, the real header and payload can't be unencrypted when inside the VPN.
In what sense are you making that statement:
Hello!
The http traffic "in transit" cannot be sniffed by your ISP or by a "man in the middle" (an entity between) the OpenVPN client and the OpenVPN server.
Kind regards
-
Hello!
The support team replied to your mail where you attached the Tunnelblick logs. The solution to your problem is straightforward, please check your inbox.
Kind regards
-
Hi!
Yes your right and this should be extremely helpful for others looking to do the same!
I managed to install the VM. I now have Linux Ubuntu running on my windows 7 HM. I managed to create the virtual disk in a hidden vol of a truecrypt container too :-)
I now have a few questions:
1, Is it correct that with this new set-up Tor exit nodes will be irrelevant?
Hello!
What do you mean with irrelevant...? If you refer to TOR over OpenVPN over TOR, one TOR exit node is essential to send your packets to our servers and receive them from our servers, the other TOR exit node is essential to send out and receive packets to/from the Internet (assuming two circuits).
2. Do I need to reinstall all software such as AirVPN, skype etc on the ubuntu VM? Or how does this work?
Yes. In order to connect to Air please install OpenVPN and follow the instructions for Linux.
3. Still only have one VPN provider? Do i need a 2nd VPN for this or can Tor do the job?
You have now tons of options: Any VPN over AirVPN over TOR, TOR over AirVPN over TOR, proxy over AirVPN over TOR, I2P over VPN over TOR, AirVPN over AirVPN over TOR... and theoretically you can even connect (from the VM) over AirVPN over TOR over AirVPN over TOR, or over TOR over AirVPN over AirVPN over TOR etc. etc.. These last two "setups" work fine, but do not expect performance exceeding 100 kbit/s, and be ready for very high latency (1000-2000 ms with the final host you connect to are not uncommon). Usually connecting over a VPN over TOR over AirVPN over TOR is necessary only in extremely critical environments which currently we have not found in practice in any country (but of course our experience is not "universal").
You should study each solution to see which one suits your needs in the best way, i.e. the best compromise between security and performance, provided the minimum necessary setup to defeat your adversary. Ideally, you should have a clear vision of the maximum power your adversary (or adversaries) has/have.
5. "Yes, provided that all the I/O operations are performed inside the encrypted volume."
What is an I/O operation?
I/O = Input / Output.
Kind regards
-
UPDATE 14 Nov 2012: All the hardware replacements have been fulfilled. Both Vega and Phoenicis can be used now.
Hello!
After we detected various issues, an hardware inspection on Vega found a defective Hard Disk Drive. The HDD has been replaced and from now on Vega should be back online without any of the problems which afflicted it in the last weeks. Please do not hesitate to contact us in case you note any issue on Vega.
Phoenicis has some deep hardware problem that can't be currently located by the datacenter technicians. These problems cause a deep crash randomly (total freeze), making the server unreliable for a long term connection. As a consequence, we'll move Phoenicis Hard Disk Drives to a new server in the same datacenter. The name of the server will remain "Phoenicis" but the IP addresses will change. The operation is expected to begin very soon. We'll put Phoenicis down and all the clients will be disconnected.
Phoenicis will reappear on the servers list after the migration is completed and after all the tests on the new machine will be passed.
Kind regards
-
What about the UDP port that bittorrent clients uses for DHT? It is always unsafe to open UDP ports through the VPN? If this is the case I guess we must renounce to DHT.
Thanks if you can clear this doubt.
Hello!
It is not unsafe (generally speaking) to forward UDP ports. DHT does not need a forwarded port, however uTorrent will try to connect to a uTorrent server (owned by uTorrent company) for DHT bootstrap. DHT bootstrap with the aid of a central server could be necessary at the first run of uTorrent, or maybe after a long time during which uTorrent was never launched, in all other cases the bootstrap should be performed successfully from known peers and not central servers. Latest uTorrent versions don't even need any remotely forwarded port in Air servers, because they can "traverse" Air NAT (which is p2p friendly) with the help of other peers in the swarm. Just wait a couple of minutes with a running torrent and you'll see that the connection token will get green.
Kind regards
-
Yes - I hope so, but WHAT connection logs and where are they? Do you mean the "message" logs in vidalia? or some other logs - that I don't know exist or how to find?
Hello!
The OpenVPN logs. According to how you launch OpenVPN their location or output may vary.
Please tell me what "connection logs" you're referring to - and ALSO:
Please tell me if I am supposed to see some "GUI" for openvpn - or one for any airvpn-server that I may use. Am I missing some GUI?
In order to simplify, please launch OpenVPN directly from a shell as reported in the following link, then just copy & paste the output of the command here.
Kind regards
-
Of course, the normal practice is that a file inside an encrypted volume is never ever stored in unencrypted form outside the volume anywhere. If this happens accidentally, the unencrypted file needs to be securely shredded.
So to clarify on point above: it is safe to access and temporarily store (until accessed and re encrypted using PGP) a file from inside the hidden volume so that it could not be recoverable?
Yes, provided that all the I/O operations are performed inside the encrypted volume.
An adversary can see your encrypted files only if it gains access to your computer while the volume is mounted, so you should not leave your computer unattended with mounted TrueCrypt volumes if someone can gain access to it. Please see also here for a lot of useful information:
http://www.truecrypt.org/docs/
You can keep a VM completely inside an encrypted TrueCrypt volume: just create the virtual hard disk inside the virtual encrypted volume.
Once I have successful set up my system with your fantastic help (which I will confirm with you here) would you mind deleting this thread?
You should use the "Contact us" form if you don't want to make your messages public. Even if we delete this thread, it will remain available on the Internet Archive.org Wayback Machine, Google cache... A forum is meant for public discussions which should remain available to all readers for future references.
Kind regards
-
Thanks for the quick reply!!
Through my research, I've seen other VPN services offer "IP binding", where if the VPN connection goes down, the application (ie Utorrent) stops transmitting.
Does the AirVpn application have the same sort of feature?
Thanks again
Hello!
Please see the links "Prevent leaks with..." in the announcement section of the forum according to your system:
Kind regards
-
Hello!
Can you please send us the connection logs?
Kind regards
-
Thanks all seems fairly straight forward or at least I hope. Here goes - going to try set up either VMWare or VirtualBox or at least get my head properly round it all now.
1. Did you mean that I will need a valid windows CD to create the HM with either VMWare or VirtualBox ? I hope they are free but will check right now after this.
Hello!
You will need a valid OS image and the license to use it. However not all OS are protected by copyright, you can use free and open source OS or distribution of OS which come under GPL, like Linux distributions, or similar like OpenBSD. If your host is Windows-based, it can anyway host such OSes.
3. I also have one other non-connection related question which you might be able to help with. If I am using truecrypt on my OS and have files encrypted with PGP within a hidden volume then when I decrypt the file (still onto the hidden volume) and then read it with say notepad on my comp and then encrypt once finished and remove unencrypted version obviously. As files are always recoverable in some way is it not possible that someone could still view the files using this method and completely defeat the purpose of these systems?
Of course, the normal practice is that a file inside an encrypted volume is never ever stored in unencrypted form outside the volume anywhere. If this happens accidentally, the unencrypted file needs to be securely shredded.
http://en.wikipedia.org/wiki/Data_erasure
After the HM setup I hope I am close to reaching the vision we have described as: "In the vision of a "connection as secure and anonymous as possible"
Please consider, even in view of your point 2, that the reported performance is OpenVPN over TOR and TOR over OpenVPN. TOR over OpenVPN over TOR or TOR over VPN over VPN will have a slower performance.
As always your advice/help is literally "unvaluable"! If your privacy terms and commitment to NEVER sharing information with anyone live up to the standards of your customer service and support then this really is something special here that should be highly valued.
Thank you!
Kind regards
-
I'm currently doing research on the different VPN services available and thinking about purchasing AirVpn due to the new laws about torrenting in my country. A couple of questions....
1. Is AirVPN software that encrypts all of my traffic? Do I need to configure my web browser? Do I need to configure my router?
2. I am a heavy Utorrent user (personal use)...do I need to configure Utorrent client?
3. I do not live in the USA but I would like to view the TV websites that have full episodes...with AirVPN can I change my location to the US to do this? ie Netflix, Hulu, etc
Thanks in advance!!
Hello!
1. AirVPN is based on OpenVPN. Our OpenVPN servers push automatically routes to your client so that all your traffic is encrypted. Keys are RSA 2048 bit, data channel is encrypted with AES-256-CBC cypher and the packets verification is HMAC SHA-1 160 bit. The authentication is based on two certificates and a client key. In our configuration OpenVPN performs a TLS re-keying with overlapping windows (so that there's no delay or bottleneck during re-keying) every 60 minutes (as by default).
You don't need to configure anything on your router if you connect from a computer or a mobile device.
Just in case you have a DD-WRT/Tomato/OpenWRT router with OpenVPN support, you can alternatively perform the connection directly from the router, instead from you computer. In this case you would need to configure OpenVPN on the router. This is totally optional.
2. No, you don't need to. When you connect to an Air server you are behind a "cone-NAT" (p2p friendly) which latest uTorrent versions are able to "punch". Anyway you can remotely forward a port and then insert the same port number as the listening uTorrent port, to make your client immediately reachable from the Internet without traversing the NAT. This is particularly useful should you use a torrent client which can't traverse a NAT.
3. Yes. We currently provide 5 servers in the USA for a total available throughput bandwidth of 5000 Mbit/s. https://airvpn.org/status
Some more information on the service can be found on the FAQ:
Please do not hesitate to contact us for any further information.
Kind regards
-
Allright.
So, then, what's the way to have the lowest latency possible without UDP protocol?
Hello!
Latency is a parameter which is not controllable, but you should try all the servers to see which can give you the lowest latency. Our server monitor will help you, showing a latency which has no absolute value, but is useful to make comparisons. https://airvpn.org/status
Kind regards
-
The support answers typically take 1-2 hours (4-5 hours during the weekend nights, CET). If you did not receive any reply please check your spam folder and anyway re-send your support request. You can also elaborate your problem here in the forum, if you wish so.
I allowed 48 hours during the week. Not a weekend. And I had to transmit the requested logs three times before anyone appeared to notice, and whomever I corresponded with agrees that they don't show a single thing out of the ordinary.
Hello!
Maybe some communication problems? The support is much faster than 48 hours.
I'm having the same problem as some other people I've seen on the forum: I'm getting 4/4Mbps through nodes that are not heavily used. Everything on my end is, essentially, perfect, and AirVPN is the only service or protocol or site I access that has this limitation, so I'm going to go ahead and say: it's got to be AirVPN.
Of course it can't be excluded: if there's "bad peering" between all our datacenters bandwidth providers and your ISP, unfortunately this can't be resolved. Although we are careful to put servers in datacenters with POPs connected directly to tier1 and tier2 providers, it's impossible to have a 100% certainty to have good peering/latency/routing etc. with all the ISPs in the world... this is just how the Internet works.
I'm a systems and networks administrator. I've been doing this for over a decade. My router/firewall machine is a Core i5-2500. Four cores, 16GiB of RAM. It's lightly loaded. This is not a problem with a crappy little MIPS32 router at 400MHz or 680MHz. And I'm using a full install of Ubuntu Server 12.04.1 LTS with very few changes from defaults.
Ok, so it is probably safe to assume that the above cause is the most probable cause for your 16 Mbit/s performance.
I have a business-class connection through my ISP. I've never caught them throttling any other type of traffic, so finding that they throttle 443/tcp connections would be quite a surprise.
If you haven't already done so, please try connections over UDP ports (try them all), you might have better performance for obvious reasons. Or, you might notice packet fragmentation (which you can't notice with TCP of course), in which case you might fine-tune OpenVPN for higher performance as you probably already know.
Kind regards
-
Hello, i'm running your service behind a firewall that allows just VPN traffic and HTTP traffic. I've noticed that i cant stablish a conection via the UDP protocol on any port (53, 80, 443...), it always gives this error
Sun Nov 11 10:56:16 2012 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Nov 11 10:56:16 2012 TLS Error: TLS handshake failed
Sun Nov 11 10:56:16 2012 TCP/UDP: Closing socket
It could be that my network is closed to UDP traffic but is open to TCP? Could I be able to bypass that block to UDP traffic?
Hello!
Yes, it looks like your firewall drops every outgoing (or maybe incoming, or both) UDP packet. This will cause several issues to the network users, lot applications can't just be used etc.
Just connect over a TCP port and you should be able to solve every problem. Encapsulating packets in TCP will also allow you to use all the applications which rely on UDP packets and that currently you can't use on your network.
Kind regards
-
Which Windows version are you using?
64 bit Windows 7 Ultimate
When you perform any change, close the preferences window and then you re-open it, are the changes lost?
no the changes will stay until i reboot, then the changes are lost.
one advantage is that i can choose the server with the least load, but i have to remember when i boot or reboot, i'm not automatically behind VPN because i have to manually start the program.
Hello!
Thank you very much for the information. We're sending all of them to the Air client programmer.
Kind regards
-
Hi I have recently purchased AirVPN mainly for torrenting. I use utorrent an would like to know how to set it up properly, as I have a set port and I have portforwarded it on the website but am getting a DANGER signal when checking it on the site.
I would appreciate a fast response.
Thanks
Hello!
Please see here:
If you get a red token on TCP, please make sure that you have NOT forwarded, on the router, the same port(s) you have remotely forwarded. The red token shows you that the port forwarding works, but that your device may be subject to some correlation attacks.
Kind regards
-
[quote name='"engagement" post=5479
1. Is a VM the same as HM?
Hello!
The host is the machine which "hosts" virtualized operating systems (the Virtual Machines' date=' also called "guests"). Typically the host is your computer with your OS.
2. Do you have any useful links with regards of step-by-step of setting up a HM/VM?There are several virtualization programs, amongst which VMWare and VirtualBox are particularly powerful and easy to use.
3. How difficult and what is needed to set up the HM/VM?You need a virtualization program, such as VirtualBox or VMWare, and and operating system to install on one of the Virtual Machines. Once done, you'll have a guest operating system (the new OS installed in the VM) running inside ("hosted") by your host OS.
See for example:
http://en.wikipedia.org/wiki/Virtualbox
4. Regarding Tor is it possible without a VM/HM to have Tor over VPN over VPN?In this case the main problem is not the part regarding TOR, because once you have established a connection over a VPN over a VPN, tunneling over TOR over VPN over VPN is trivial. The core problem is connecting a VPN over a VPN both with OpenVPN clients on the same machine which has one physical network card. There are several issues and if you don't master networking, routing tables and masquerading, then virtualization is a much, much simpler solution.
5. You said performance is slower with VPN over Tor - roughly how much slower percentage wise (a guess is ok)Unfortunately it's impossible to say: it depends on too many factors. In Italy (tested with very few ISPs only), usually the bandwidth by establishing Air (with Holland servers) over a "random" circuit on different days and times of the day oscillates from around 200 kbit/s to 600-700 kbit/s.
Kind regards
-
Do your direction support local to vpn to tor, or do your directions create local to tor to vpn?
Hello!
The following instructions show you how to connect over AirVPN over TOR:
In the above case all the programs will be tunneled over OpenVPN over TOR, leaving open the option to additionally add another tunnel (proxy over Air over TOR, TOR over Air over TOR, VPN over Air over TOR etc. etc.).
In order instead to connect over TOR over AirVPN: first connect to an Air server, then launch TOR. In this case only the programs that are configured to tunnel over TOR will be tunneled over TOR over OpenVPN. The programs not using TOR will be tunneled over OpenVPN alone.
Kind regards
-
I'm still having the same issues.
I was connected to a server, manually disconnected.
I'm trying to connect to Phoenicus via TCP and it won't let me connect. Viscosity is saying invalid user name and password.
Here is the most recent VPN log:
Hello!
The connection, as you can see from the logs, was over UDP, not TCP. You might like to try a connection over TCP while we investigate.
Kind regards
-
I haven't tried TCP. Yet.
Should I go into the file configurator and make a set of connections solely based on the TCP protocol and work with them for awhile and see how it works?
Yes, if you can do that you might give us some useful information for troubleshooting. We will anyway try to reproduce your problem if you can't do that.
Is TCP just as secure?
Basically TCP protects against some replay attacks on top of OpenVPN protection, while with UDP the replay attacks are defeated with OpenVPN replay-protection sliding-window and time window, besides HMAC authentication.
https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3773&Itemid=142#3784
Kind regards
Advice Needed
in General & Suggestions
Posted ...
Hello!
Please see here:
https://airvpn.org/linux
It was understood that you had already placed the guest virtual HDD inside a host TrueCrypt volume
When the VM is fully setup, you have plenty of options, please see the previous message. For example, if you wish to connect over TOR over AirVPN over TOR:
- connect the host over AirVPN over TOR
- connect the guest programs over TOR (just to make an example use the Aurora browser of the Tor Browser Bundle in the guest)
If you wish to connect over VPN over VPN:
- connect the host to a VPN service
- connect the guest over another VPN (you can also perform Air 2-hops, connecting the host to an Air server and the guest to another Air server, in which case you will need 2 Air accounts - EDIT: this is not partition of trust because you would multi-hop on servers that are all controlled by the same entity)
Kind regards