Staff

Hello! It seems that the router does not send the DNS query to 10.4.0.1. What happens if you delete any other DNS server IP? Kind regards

Hello! Yes, it looks just fine. Try to browse https://speedtest.air in order to make sure that the router sends DNS queries to 10.4.0.1. Kind regards

Hello! Thank you for your subscription! Please click the "Enter" menu and select your OS. Then please follow the instructions. Direct link: https://airvpn.org/enter Kind regards

Hello! Can you please enable logging for the block rule and publish it? Kind regards

Hello! You need remote port forwarding if you run some service which must be able to receive incoming connections from the Internet (examples: a web server, an eMule-like p2p client...). According to your description you don't need port forwarding at all. Kind regards

Hello! Apparently, with 800 KB/s == 6.4 Mbit/s, you're very near to the maximum AES-256 encrypted traffic throughput sustainable by a typical DD-WRT router CPU, so it should be fine. The fact that you get lower performance from non-USA servers might be due to "worse" routing/peering between either your ISP and our non-USA servers or the newsgroups servers and our non-USA servers. Kind regards

Hello! Maybe a DHCP problem? Try to add the rules: pass out quick on $eth_if from any to 255.255.255.255 pass out quick on $wifi_if from any to 255.255.255.255 just below the "block out all" rule. Kind regards

Hello! You can require a free trial through the "Contact us" form (please make sure you pick the subject "Request free trial") and wait for the trial queue, or jump the queue and subscribe to any plan and request for a full refund within 3 days (which should be enough for testing). Kind regards

Hello! That's because account "Theopt" is not authorized to access the VPN servers. Please subscribe to a plan with this account in order to enable it to access the VPN servers. Kind regards

Hello! On port 443 UDP your tun interfaces is DHCP pushed an address in the range 10.4.0.0/255.255.0.0. Therefore you just need to block any outgoing packet for your p2p client NOT coming from 10.4.0.0/16 Please see here: https://airvpn.org/status The public entry and exit-IP addresses of the servers are static. The VPN IP address is DHCP assigned, it is dynamic but you can easily handle it. You can tell the client to tell OpenVPN to connect over an http or a socks proxy. See here for an example: https://airvpn.org/tor Kind regards

Hello! Thank you for the information, we're very glad to know that the problem is solved. It's not your fault, we have dozens of support requests because the TUN/TAP adapter is disabled. It's impossible that all of these requests come from persons who inadvertently switched off the adapter. There must be some condition for which Windows switches it off, however we have been unable so far to determine such condition. Kind regards

Hello! OpenVPN can't access the TAP-Win32 adapter. Please make sure that it is enabled: On Windows XP: Open Control Panel-->Network and Internet connections-->Network Connections. Right-click on "TAP-Win32 Adapter V9" and select "Enable". Windows Vista: Open Control Panel-->Network and Internet-->Network and Sharing Center-->Manage network connections. Right-click "TAP-Win32 Adapter V9" and select Enable. Windows 7: Open Control Panel-->Network and Internet-->Network and Sharing Center-->Change Adapter Settings. Right-click on "TAP-Win32 Adapter V9" and select Enable. If you find that the TAP adapter is already enabled, select "Disable", apply the change, then select "Enable". Please feel free to let us know whether the above solves the problem. Kind regards

Hello! Thank you for the information. Please feel free to share how you managed to improve performance if you wish so, maybe your information can be useful to some other person. Kind regards

Hello! That's right, we'll consider to implement it. Kind regards

Hello! It's normal. When you force your Mac to use some DNS, the DNS queries will be encrypted and tunneled to the VPN server your Mac is connected to. The OpenVPN server decrypts them and sends them out to the proper destination, receives the reply, encrypts it and sends it back to your OpenVPN client in the Mac. The final DNS server does not know the real origin of the query, of course, it sees packets coming from the Air server exit-IP. WARNING: THE ABOVE IS NOT TRUE FOR WINDOWS SYSTEMS (Windows lacks the concept of global DNS; if you force a Windows physical network card to use some DNS, it can occasionally send out unencrypted DNS queries out of the tunnel, causing a DNS leak - in Windows you need to force the TAP-Win32 Adapter V9 to use a particular DNS, AND block DNS leaks, if you don't want to use the Air DNS). You can use any DNS you wish. If you wish to access Air internal services (currently only speedtest.air) and bypass ICE censorship, then you must use the Air DNS (10.x.0.1). Kind regards

Hello! If you connect from your Windows computer, please set 10.4.0.1 as preferred DNS in your computer physical network card. If you connect from your router (for example if you have Tomato, OpenWRT, DD-WRT... routers) set it as the first nameserver in the router. Kind regards

Hello! No problems, you can find the links in step 1 in the guide (which is permanently linked in forum announcements and accessible to anyone): https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3405&Itemid=142 Kind regards

Hello! That's because Windows (the OS which suffers DNS leaks) lacks the concept of global DNS. Each interface in Windows can have different DNS servers IP addresses, which under some conditions can cause DNS leaks (i.e. DNS queries sent out unencrypted, outside the tunnel). Kind regards

Hello! Did you look at the guides linked in step 1? They have screenshots and a step-by-step tutorial on how to define Network Zones and Global Rules. Kind regards

Hello! There are no problems in the system, can you please send us your client logs? Please right-click on the Air client dock icon, select "Logs" and click on "Copy to clipboard". Finally paste here. Currently the account is successfully connected to some server since more than 3 hours ago. Kind regards

Hello! Because from the monitored web site in your example, they would see the VPN server exit-IP address. An adversary with the ability to monitor simultaneously all the VPN servers in the world and the destination server which a user connects to is able to correlate the real IP address of the user which accesses those servers. An adversary with such abilities can be defeated with "partition of trust", please see here: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=54&limit=6&limitstart=6&Itemid=142#1745 Kind regards

Hello! Yes, if you wish to block uTorrent only in case of VPN disconnection, the rules for utorrent.exe must block anything out NOT from the range [10.4.0.0 - 10.9.255.255]: Block [And Log] IP Out From IP Not In [10.4.0.0 - 10.9.255.255] To MAC Any Where Protocol Is Any For the "Not" operator just tick the box "Exclude (i.e. NOT the choice below". This is because when the computer is connected to the VPN, its VPN IP address is in that range, see also https://airvpn.org/specs Kind regards

Hello! No, given those conditions they would not be able to do that. Kind regards

Hello! Once again this kind of discussions need more accuracy. It is necessary that the adversary power and the attacked person needs are exactly defined, otherwise it's sort of talking about the gender of angels. Kind regards

Hello! If you mean that you lose connection when you're not connected to the VPN then it's just fine, it's the purpose of the rules. If you mean that you can't connect to the VPN servers listed in the allow rules, please send us your Comodo firewall event logs. Kind regards