Staff

Hello! That's perfectly normal, it's how TCP works. Kind regards

Hello! Please see the permanent links in the announcements section of the forum in order to secure your connection according to your OS. We provide instructions for Comodo (Windows), pf (*BSD, Mac OS X), ipfw (*BSD, Mac OS X), iptables (Linux). Kind regards

Hello! Mail received and we confirm that Comodo configuration is all right. The Google DNS you see in the test are fine. You should never see your ISP DNS IP addresses. Should you see them again, further tests will be necessary. Kind regards

Hello! Are you sure you're still connected when it happens? What is your OS? Can you please check whether it's a DNS problem? When the problem occurs, try to browse to: https://46.105.19.36 If you can reach our website, then (assuming you're still connected to a VPN server) it's probably a DNS problem, the causes of which will have to be investigated. Furthermore, is there anything helpful in the client logs? Can you please send them to us when the problem occurs? Kind regards

Hello! We would recommend that you use our DNS, because after our internal resolution against censorship and for internal services, the queries will be sent to Google DNS anyway. In order to determine it please see here https://airvpn.org/specs Your system can send DNS queries to Google in two ways: directly, in which case they are going out unencrypted (and that's not good) or tunneled through our servers, in which case they go out in the encrypted tunnel, you will not be using our DNS but you won't have leaks anyway. In your specific case the test does not tell anything useful: you can't discern whether the detected Google DNS servers are reached by unencrypted queries, encrypted queries or through our DNS. Please note that our servers will always push DNS to clients. However a system can be forced to use another DNS and ignore the push (this might be your case). Kind regards

Hello! The Global Rules showed in the provided link block DNS leaks. If your ISP DNS IP addresses appear in the leak test, either there's actually a leak (therefore some mistake in the rules or network zones), or your provider has public DNS and your device is forced to use them. In this case, the DNS queries are tunneled and your provider will see the queries coming from our VPN server, so the leak is not real. Please feel frees to end us your Global Rules and the definition of you Network Zones for a check. Kind regards

Hello! OpenVPN can't access the TAP-Win32 adapter. Please make sure that it is enabled: On Windows XP: Open Control Panel-->Network and Internet connections-->Network Connections. Right-click on "TAP-Win32 Adapter V9" and select "Enable". Windows Vista: Open Control Panel-->Network and Internet-->Network and Sharing Center-->Manage network connections. Right-click "TAP-Win32 Adapter V9" and select Enable. Windows 7: Open Control Panel-->Network and Internet-->Network and Sharing Center-->Change Adapter Settings. Right-click on "TAP-Win32 Adapter V9" and select Enable. If you find that the TAP adapter is already enabled, select "Disable", apply the change, then select "Enable". Please feel free to let us know whether the above solves the problem. Kind regards

Hello! If the problem occurs again, please feel free to send us the connection logs. As far as we understand you use the Air client, so in order to send us the logs please: - right click on the Air dock icon - select "Logs" - click on "Copy to clipboard" - paste here or where appropriate Kind regards

Hello! According to uTorrent documentation, you should be able to reach the WebUI at the following address: http://Username:Password@<Air server exit-IP>:<port>/gui http://www.utorrent.com/help/guides/webui Kind regards

Hello! We confirm that "speedtest.air" is reachable from Sirius (port 443 UDP). This is a strong hint suggesting that your router is not sending DNS queries to the VPN DNS IP address (see here https://airvpn.org/specs). Chances are that your router and/or the device from which you perform the test are forced to use different DNS servers. Can you please check? Also, you can also perform a DNS leak test for double-check: http://www.dnsleaktest.com Kind regards

Hello! Can you please try again on Tauri at your convenience? Kind regards

Hello! At least the quoted rule is wrong. Since your home network is in 10.0.1.0/24, you can't even simplify the allow rule with 10.0.0.0/8, because it would overlap authorizations for different networks (your home network and the Virtual Private Network). jessez did not foresee this particular case. The quickest solution is setting 6 different pass out rules to replace the above quoted rule: pass out quick inet from 10.4.0.0/16 to any flags S/SA keep state pass out quick inet from 10.5.0.0/16 to any flags S/SA keep state pass out quick inet from 10.6.0.0/16 to any flags S/SA keep state pass out quick inet from 10.7.0.0/16 to any flags S/SA keep state pass out quick inet from 10.8.0.0/16 to any flags S/SA keep state pass out quick inet from 10.9.0.0/16 to any flags S/SA keep state To understand why please see here: https://airvpn.org/specs Kind regards

Hello! Can you please try a connection and send us the logs? Kind regards

Hello! All servers are up and running. You can connect ONLY to Lyra? If so, can you please send us attempted connection logs to a couple of servers (for example Cassiopeia and Bootis, which are your highest priority)? Logs can be very helpful for troubleshooting. We're looking forward to hearing from you. Kind regards

Hello! In the PC which fails the connection, OpenVPN is trying to connect over a proxy which is not responding. Either you don't need to connect over Air over a proxy, or your proxy is misconfigured. In the 1st case: please disable proxy connection on your Air client. In order to do so, please right-click the Air dock icon, select "Preferences" and set the Proxy Type combo box to "None". In the 2nd case: please make sure that your proxy is running AND listening to port 9050. If you tell us which proxy you're using, we might help you with that. We're looking forward to hearing from you. Kind regards

Hello! No, your torrent clients don't have to use any proxy. Please do not hesitate to contact us for any further information. Kind regards

Hello! Please see here https://airvpn.org/faq#p2p and do not hesitate to contact us if you have issues on any suggested step. Kind regards

Hello! Did you insert login and password on the configuration file? If so, please remove them. The authentication is performed through double certificate and personal key. Please make sure that the configuration file points to the correct files (ca.crt is the server certificate, user.crt the client certificate and user.key the client key). Our configuration generator builds all the files according to your instructions (menu "Member Area"->"Access Without Our Client"). Kind regards

Hello! You should check with their programmers. Anyway we observe that Skype is able to continue working without DNS resolution. Generally speaking no, because there are very many possible leaks which do not require DNS resolution. It can't be and should not be considered a secure solution. Kind regards

Hello! Unfortunately not, in general that will prevent only DNS leaks, not every leak. You may have the impression that the Internet is totally inaccessible because your system can't resolve anymore domain names. However, all the programs which do need a DNS resolution (for example a torrent client) will start to exchange data, leaking the real IP address. Kind regards What about instant message programs such as Trillian and Skype? Hello! Exactly. Sorry for the typo, the sentence " all the programs which do need a DNS resolution (for example a torrent client) will start to exchange data, leaking the real IP address" must be read "all the programs which do NOT need a DNS resolution (for example a torrent client) will start to exchange data, leaking the real IP address" Original message edited to correct the typo. Kind regards

Hello! Comparing this log with your previous logs, it's unclear why OpenVPN tries to modify the routing table with "ip route" etc. instead of "route". Do you need multiple routing tables? Assuming that your kernel supports policy routing (you run an Ubuntu distribution, right...?), please check group permissions: http://ubuntuforums.org/showthread.php?t=1867166 See in particular post number 5 by "Jonathan L". Kind regards

Hello! OpenVPN can't access the TAP-Win32 interface and can't modify the routing table. Please make sure that: - you launch OpenVPN GUI with administrator privileges - there are no other OpenVPN instances running - the TAP-Win32 adapter is enabled Kind regards

Hello! Unfortunately not, in general that will prevent only DNS leaks, not every leak. You may have the impression that the Internet is totally inaccessible because your system can't resolve anymore domain names. However, all the programs which do not need a DNS resolution (for example a torrent client) will start to exchange data, leaking the real IP address. Kind regards

Hello! Not exactly, but you can easily adapt them to DD-WRT, changing interface names and IP addresses if necessary. However, proceed with care. We recommend that you first read here, you can see directly the iptables rules for DD-WRT and an important warning when you apply those rules: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=2377&Itemid=142#2377 Kind regards

Hello! Yes! First, we still need to solve some technical issues. Then, we'll open a dedicated forum section for suggestions, reports and services IP ranges detection. This is a huge task, especially for services which check the IP address location even during the streaming, so we are planning to offer the option as a free, additional service to premium members (no additional payments, no different plans) hoping for a cooperation from the community. We think that only with the support and the reports of the community we can make this type of service a reality for a lot of geo-discriminatory services. Kind regards