Not connected, Your IP: 3.22.181.211
Online: 22968 users - 253830 Mbit/s total BW
.png.f3c947a2e9e68659251859004ed11f01.png){kind=avatar}
Staff
-
Content Count
10596 -
Joined
... -
Last visited
... -
Days Won
1760
Posts posted by Staff
-
-
hi @ll,
i need to Setup VPN on Windows 7 without openvpn or airvpn tool.
there is an other way to create vpn tunnel under ubuntu but i need your gatway for connection.
please let me know how to do it !
with best regards
Hello!
AirVPN is based on OpenVPN. You can't renounce to it if you wish to connect to a VPN server. If you can't run OpenVPN on your Windows7 machine (maybe you don't have administrator access?) you'll need to setup a gateway (which connects to the VPN) for that Win7 computer.
Kind regards
-
Thank you, admin, for the explanation. I am glad I found a way what works for me.
What I still don't understand is, how does Windows now decide which DNS server address to use for the query?
Hello!
The trigger of the leak can be a matter of discussion for the Microsoft customers' support. Apparently, any delay in a DNS query response inside the tunnel (or in general from a network interface) may trigger another DNS query from another interface. Apparently this is a consequence of a very bad design... but perhaps Microsoft may be able to give some justification for this mess.
Since I configured my physical adapter with two fixed (dummy) DNS addresses, the query will not go to the router. Instead, it will try to go to these dummy addresses directly, and this will be blocked by the block-all rule in Comodo. What happens to the query then? After all, it must go out (and somehow it does go out, since now it works for me!).
Only DNS queries inside the tunnel are allowed (rule "Allow TCP or UDP In/Out From In [AirVPN] To MAC Any... etc.). All the others are dropped by Comodo block rule.
Kind regards
-
Then I tried to login to AirVPN and I get an error message:
The remote name could not be resolved: airvpn.org
Nor could I reach any other website without the VPN
Hello!
That's correct, no DNS leak. On Windows 7, please add to your hosts file the following line:
46.105.19.36 airvpn.org
in order to allow the Air client to resolve airvpn.org for VPN connections.
Kind regards
-
I'm having the same problem as before - I cannot get the forwarded port to work. Either nothing happens or I get timeouts when I try to check the port on AirVPN's ports page - the status dot remains grey (the bottom of the web page indicates that the server is connecting).
I have also checked it in Vuze's NAT/Firewall Test and in Transmission's Network Peer listening port test - both show the port is closed.
Hello!
Can you please tell us in which server(s) you have this problem?
Kind regards
-
I tried to just configure my Wifi card with a fantasy primary and secondary DNS server
(I just used 1.1.1.0 and 1.1.1.1), and it WORKS using the ORIGINAL Home Network rule (allow all). I can go to any website, and I DON'T have any DNS leaks. I don't get it....
Question to admin: By writing "any fixed...", did you mean I should use fantasy values, or did you mean I should known trusted DNS server IPs? For some reason, the fantasy values I used seem to work. But I'm worried that actually these IPs *do* exist somewhere. What would happen if I use IP addresses that do exist, and then send my DNS traffic there? Would that be harmful for my security?
Hello!
It makes no difference: all the DNS queries outside the tunnel are blocked by the Comodo block rule, so there can't be and leak.
And, I really don't understand why does it works when I use the fantasy values? I mean, I just typed 1.1.1.0 and 1.1.1.1 for the primary and secondary DNS servers in my WLAN adapter settings, and in Comodo I just use the original rule
Allow IP In/Out From In [Home Network] To In [Home Network] Where Protocol Is Any
.... and it works! But why??
Because the DNS queries are sent only inside the tunnel toward the TAP-Win32 DNS IP address. DNS queries outside the tunnel are blocked by:
Block And Log IP In/Out From MAC Any To MAC Any Where Protocol Is Any
Kind regards
-
Thanks a lot for the detailed explanation!!!
One last question: Instead of the two (or optional three) allow-rules you suggested, would there also be the option to use the following two rules (MUST BE IN THIS ORDER):
Block UDP In/Out From In [Home Network] To In [Home Network] Where Source Port Is Any And Destination Port Is 53
Allow IP In/Out From In [Home Network] To In [Home Network] Where Protocol Is Any
Would the above two rules also be possible to plug the router DNS leaks? From the leak-test website http://www.dnsleaktest.com, it seems to work fine, no DNS leaks!
Hello!
Yes, in that order they are just fine!
Kind regards
-
Hi admin, thanks for the great advice! I tried our the modified Home Network rules you suggest, and voilà, the DNS leak was gone!
Looking into the Firewall Events log in Comodo, it turns out, that indeed, my PC had sent DNS queries to the router, which then passed them on to my real provider's DNS servers.
Hello!
We're very glad to know that the problem is solved.
Just out of curiosity: Can this kind of leak ONLY happen with DNS queries? I mean, even with the modified Comodo rules you suggested, my PC can still communicate with the router with TCP and UDP (except for port 53), so can any other data leak out through the router this way?
No, it's not possible (see below).
Also, in a private message, I had sent you detailed information about my router and ipconfig settings. If you saw this info, were you able to see what setting (possibly in the router) was the culprit for the DNS leak?
The "culprit" is Windows. Windows lacks the concept of global DNS, so each card can have its own DNS server IP addresses. The DNS server IP configured (DHCP pushed) on your physical interface is 192.168.0.1. So in every case of a DNS query which does not "obey" to the routing table, the query is sent to your router (configured to act as a DNS server), and not blocked by Comodo (because we allow communications in the home network, which is vital, otherwise it would not be possible to communicate with the router). Then the router sends the unencrypted query to your ISP DNS. By blocking communications in your home network toward port 53 UDP the problem is solved because DNS queries can go only to that destination port.
Other options to block the leaks are forbidding DHCP DNS push from the router (just configure your WiFi card with any fixed primary and secondary DNS you like, so that any leak will be blocked by Comodo by the already existing rules) or blocking with Comodo UDP packets toward 192.168.0.1 port 53 (remember, in this case, to modify this rule if you change the address of the router).
Thanks again, your support is absolutely outstanding!!!
Thank you!
Kind regards
-
Hello!
Currently an outage in a high volume Leaseweb core network router may cause low bandwidth availability on Lyra and Leonis.
We will keep you updated.
UPDATE 15.23 CET+1 - Problems on Lyra and Leonis appear to be fixed. We are currently facing issues with Leporis (low bandwidth).
UPDATE 15.32 CET+1 - High volume router crash is affecting Leporis, Leonis, Lyra. You may most probably notice low bw on these servers.
UPDATE 15.35 CET+1 - High volume router stabilized. While redundancy is being restored, the problem should vanish.
UPDATE 15.59 CET+1 - All problems are solved
Kind regards
-
OK, so I'm trying to set up my other Windows 7 computer for the AirVPN DNS.
For Port 443 and UDP, I should set my ethernet adapter to 10.4.0.1 DNS? IPv4 only?
Hello!
Yes. Please check also that the DNS push from our VPN servers is successful, you should see the same 10.4.0.1 DNS server IP address on your TAP-Win32 adapter (Windows lacks the concept of global DNS servers, it needs that DNS servers are specified for each adapter).
Kind regards
-
Dear admin,
But I *do* regularly see my ISPs DNS servers when performing the DNS Leak test. Please refer to my private message to you (to info@airvpn.org). In my private message, I have copied you an example output of the DNS-leak test results, which shows my private ISP in addition to the Google DNS servers.
Hello!
Either you have a DNS leak (which is a privacy risk) or you're tunneling DNS queries to your ISP DNS (which is not worrying). About the first case, your computer can communicate to your router, so please check whether DNS queries are sent to your router IP address. Chances are that your router then queries your ISP DNS servers (obviously out of the tunnel), causing the leak.
If it's the case, just replace your rule pertaining to your Home network in order to block packets toward port 53 UDP with 2 or 3 different rules:
For example:
Allow TCP In/Out From In [Your Home Network Zone] To In [Your Home Network Zone] Where Source Port Is Any And Destination Port Is Any
Allow UDP In/Out From In [Your Home Network Zone] To In [Your Home Network Zone] Where Source Port Is Any And Destination Port Is Not 53
OPTIONAL, only if you need it:
Allow ICMP In/Out From In [Your Home Network Zone] To In [Your Home Network Zone] Where ICMP Message Is Any
Kind regards
-
Hello!
That's perfectly normal, it's how TCP works.
Kind regards
-
Hello,
i want to use u torrent over AirVPN.
Is blocking all Connection except IP Range 10.4.0.0 - 10.9.255.255 from
my Network adapter in Comodo Firewall the only thing i have to do,
to be save?
Hello!
Please see the permanent links in the announcements section of the forum in order to secure your connection according to your OS. We provide instructions for Comodo (Windows), pf (*BSD, Mac OS X), ipfw (*BSD, Mac OS X), iptables (Linux).
Kind regards
-
Thanks a lot for the fast reply!
I have sent you the requested Comodo configurations as .jpg screenshots privately to info@airvpn.org
One thing I forgot to mention is that I do NOT use the Comodo secure DNS servers (I unselected this option during the installation of Comodo), and I also unselected Defense+ (but this has nothing to do with DNS, I suppose).
So my Internet Protocol (TCP/IP) Properties in Windows for my physical adapter and for the virtual VPN adapter are both set to "obtain DNS server addresses automatically".
Hello!
Mail received and we confirm that Comodo configuration is all right. The Google DNS you see in the test are fine. You should never see your ISP DNS IP addresses. Should you see them again, further tests will be necessary.
Kind regards
-
I am encountering a strange error. I connect to Airvpn and everything works as it is supposed. But after a while (10-40 min) the browser suddenly refuses to connect. This has now happened a few times on different servers. Torrents keep on downloading though.
Hello!
Are you sure you're still connected when it happens? What is your OS?
Can you please check whether it's a DNS problem? When the problem occurs, try to browse to:
If you can reach our website, then (assuming you're still connected to a VPN server) it's probably a DNS problem, the causes of which will have to be investigated. Furthermore, is there anything helpful in the client logs? Can you please send them to us when the problem occurs?
Kind regards
-
New user to the world of VPNning here.
First off, I'm using Google Public DNS only. Should I use another? Is the an AirVPN DNS?
Hello!
We would recommend that you use our DNS, because after our internal resolution against censorship and for internal services, the queries will be sent to Google DNS anyway. In order to determine it please see here https://airvpn.org/specs
Your system can send DNS queries to Google in two ways: directly, in which case they are going out unencrypted (and that's not good) or tunneled through our servers, in which case they go out in the encrypted tunnel, you will not be using our DNS but you won't have leaks anyway.
In your specific case the test does not tell anything useful: you can't discern whether the detected Google DNS servers are reached by unencrypted queries, encrypted queries or through our DNS.
Please note that our servers will always push DNS to clients. However a system can be forced to use another DNS and ignore the push (this might be your case).
Kind regards
-
Hello admin,
I am using the Global Rules Method with Comodo
https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3405&Itemid=142
and everything works fine.
In particular, as per the Rules, outbound UDP connections through my physical adapter are of course blocked on port 53 (as on any other ports).
And yet, when testing with www.dnsleaktest.com
I get a couple of InternetService Provider addresses, some of which are in other countries, but one among them is in my home country (and incidentally, this is my provider)
Now I am wondering: Is this a coincidence? Should the Global Rules Method not block all DNS leaks because none are allowed if they don't pass through the VPN?
Hello!
The Global Rules showed in the provided link block DNS leaks. If your ISP DNS IP addresses appear in the leak test, either there's actually a leak (therefore some mistake in the rules or network zones), or your provider has public DNS and your device is forced to use them. In this case, the DNS queries are tunneled and your provider will see the queries coming from our VPN server, so the leak is not real.
Please feel frees to end us your Global Rules and the definition of you Network Zones for a check.
Kind regards
-
Hi, Everytime I try and connect I either get a failed to start or a already connected error.
30/09/2012 - 16:51 CreateFile failed on TAP device: \\.\Global\{D068D703-FDBC-4E88-9DC7-4A4C8110D6AC}.tap
30/09/2012 - 16:51 All TAP-Win32 adapters on this system are currently in use.
30/09/2012 - 16:51 Exiting
Hello!
OpenVPN can't access the TAP-Win32 adapter. Please make sure that it is enabled:
On Windows XP: Open Control Panel-->Network and Internet connections-->Network Connections. Right-click on "TAP-Win32 Adapter V9" and select "Enable".
Windows Vista: Open Control Panel-->Network and Internet-->Network and Sharing Center-->Manage network connections. Right-click "TAP-Win32 Adapter V9" and select Enable.
Windows 7: Open Control Panel-->Network and Internet-->Network and Sharing Center-->Change Adapter Settings. Right-click on "TAP-Win32 Adapter V9" and select Enable.
If you find that the TAP adapter is already enabled, select "Disable", apply the change, then select "Enable".
Please feel free to let us know whether the above solves the problem.
Kind regards
-
where will i find the logs?
this morning it jas connected straight to the uk servers and is working fine.
no idea what happened yesterday.
Hello!
If the problem occurs again, please feel free to send us the connection logs. As far as we understand you use the Air client, so in order to send us the logs please:
- right click on the Air dock icon
- select "Logs"
- click on "Copy to clipboard"
- paste here or where appropriate
Kind regards
-
Can someone give me some advice on getting the utorrent webui working. I thought if I just forwarded a port to it I should be able to connect with
http://
: . For some reason this doesn't seem to work. Everything else is working like a champ, but not this.
Thanks in advance.
Hello!
According to uTorrent documentation, you should be able to reach the WebUI at the following address:
http://Username:Password@<Air server exit-IP>:<port>/gui
http://www.utorrent.com/help/guides/webui
Kind regards
-
It deems to happen when I'm connected via OpenVPN on my DD-WRT router. I'm on Sirius at the moment and unable to test.
Hello!
We confirm that "speedtest.air" is reachable from Sirius (port 443 UDP). This is a strong hint suggesting that your router is not sending DNS queries to the VPN DNS IP address (see here https://airvpn.org/specs). Chances are that your router and/or the device from which you perform the test are forced to use different DNS servers.
Can you please check? Also, you can also perform a DNS leak test for double-check:
Kind regards
-
Hey!
Not sure if it's just recently, but both today and yesterday I notice the port forwarding on Tauri hasn't been working for me.
Is this only temporary to block an attack for example?
Ports are open again as soon as I switch to NL servers.
Thanks
Hello!
Can you please try again on Tauri at your convenience?
Kind regards
-
I can't seem to get the Jessez's instructions to work. My limited experience and some troubleshooting doesn't seem to be enough. I've used the .conf file attached above, just a straight copy/paste. My machine's local ip is 10.0.1.11 (apple time capsule range), so I swapped out for the 198's in the file. Loading pf.conf and enabling doesn't seem to make a difference with non-vpn traffic, so clearly I'm doing something wrong. It's a 10.8.2 mountain lion system.
Here's the rules as loaded:
pass out quick inet from 10.0.0.0/8 to any flags S/SA keep state
Hello!
At least the quoted rule is wrong. Since your home network is in 10.0.1.0/24, you can't even simplify the allow rule with 10.0.0.0/8, because it would overlap authorizations for different networks (your home network and the Virtual Private Network). jessez did not foresee this particular case.
The quickest solution is setting 6 different pass out rules to replace the above quoted rule:
pass out quick inet from 10.4.0.0/16 to any flags S/SA keep state pass out quick inet from 10.5.0.0/16 to any flags S/SA keep state pass out quick inet from 10.6.0.0/16 to any flags S/SA keep state pass out quick inet from 10.7.0.0/16 to any flags S/SA keep state pass out quick inet from 10.8.0.0/16 to any flags S/SA keep state pass out quick inet from 10.9.0.0/16 to any flags S/SA keep state
To understand why please see here:
Kind regards
-
I have been having the original problem again today. Please investigate, thanks.
Hello!
Can you please try a connection and send us the logs?
Kind regards
-
hi, been using the program for a few weeks without an issue.
today i cant seem to connect to the uk servers, it joined for about 3 minutes but was very slow, now it wont connect at all.
ive gone through most of the servers, i can connect to lyra, pretty quickly, but its a slow connection as im uk based.
the rest, i log in, select server, it goes to connecting and stays there. the green bar is moving, but it wont connect.
is there a fault, or how can i trouble shoot at my end.
just seems weird how 2 days ago it connected fine and today it wont.
thanks.
Hello!
All servers are up and running. You can connect ONLY to Lyra? If so, can you please send us attempted connection logs to a couple of servers (for example Cassiopeia and Bootis, which are your highest priority)? Logs can be very helpful for troubleshooting.
We're looking forward to hearing from you.
Kind regards
Help me out! Tunnelblick+GoogleDNS=DNS leaks?
in Eddie - AirVPN Client
Posted ...
Hello!
It's just fine, our servers DHCP-push the VPN DNS IP address.
Kind regards