Staff

Hello! Because from the monitored web site in your example, they would see the VPN server exit-IP address. An adversary with the ability to monitor simultaneously all the VPN servers in the world and the destination server which a user connects to is able to correlate the real IP address of the user which accesses those servers. An adversary with such abilities can be defeated with "partition of trust", please see here: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=54&limit=6&limitstart=6&Itemid=142#1745 Kind regards

Hello! Yes, if you wish to block uTorrent only in case of VPN disconnection, the rules for utorrent.exe must block anything out NOT from the range [10.4.0.0 - 10.9.255.255]: Block [And Log] IP Out From IP Not In [10.4.0.0 - 10.9.255.255] To MAC Any Where Protocol Is Any For the "Not" operator just tick the box "Exclude (i.e. NOT the choice below". This is because when the computer is connected to the VPN, its VPN IP address is in that range, see also https://airvpn.org/specs Kind regards

Hello! No, given those conditions they would not be able to do that. Kind regards

Hello! Once again this kind of discussions need more accuracy. It is necessary that the adversary power and the attacked person needs are exactly defined, otherwise it's sort of talking about the gender of angels. Kind regards

Hello! If you mean that you lose connection when you're not connected to the VPN then it's just fine, it's the purpose of the rules. If you mean that you can't connect to the VPN servers listed in the allow rules, please send us your Comodo firewall event logs. Kind regards

Hello! Please add the missing allow rules for the VPN servers you wish to connect to: Allow TCP or UDP In/Out From MAC Any To IP 62.212.85.65 Where Source Port Is Any And Destination Port Is Any Allow TCP or UDP In/Out From MAC Any To IP 95.211.149.200 Where Source Port Is Any And Destination Port Is Any etc. etc. You have defined an incomplete set of rules for that. Additionally, please modify the block rule to: Block And Log IP In/Out From MAC Any To MAC Any Where Protocol Is Any Furthermore, please correct your [Home #1] Network Zone. Please define it as IP range [192.168.0.0 - 192.168.255.255] or equivalently IP/Netmask [192.168.0.0 / 255.255.0.0] Kind regards

Hello! If the the OpenVPN client runs on the machine behind the router, you may need to set them in your machine. Anyway, our servers push the VPN DNS, therefore your machine should already be using the VPN DNS. You can perform the DNS leak test here (while your computer is connected to the VPN): http://dnsleaktest.com If you see only Google DNS then you have no DNS leaks. Kind regards

Hello! Can you please send us a screenshot of your global rules and network zones? Kind regards

Hello! Normally all the devices behind the DD-WRT will use the tunnel transparently, unless you have splitted traffic with multiple routing tables (on the router), can you please check that? Kind regards

Hello! We have checked that no unsolicited packet (except of course those toward your forwarded port) can reach your VPN IP address. Can you please contact us in private for further investigations? Kind regards

Hello! You should create a network zone with name "AirVPN" (or any name you like) with IP range from 10.4.0.0 to 10.9.255.255. A simple guide to create and edit network zones: http://help.comodo.com/topic-72-1-155-1096-Network-Zones.html Kind regards

Hello! You can do that with OpenVPN GUI (please see previous post on this same thread). You can autostart the Air client as well, but not auto-connect it with the current version. This feature is planned for future Air client releases. Kind regards

EDIT: Maintenance ended. Sagittarii is online. Hello! An urgent maintenance has been planned for server Sagittarii (Singapore). Maintenance will start at 22.00 CET 9 Dec 2012. The maintenance will probably need several hours. We will put the server offline and we will very probably need to disconnect the clients. If you need a Singapore server, please connect to Puppis or Columbae as soon as possible. In any case, please disconnect from Sagittarii as soon as possible. At the end of the maintenance you will see Sagittarii re-appear in the servers monitor https://airvpn.org/status We apologize for any inconvenience. Kind regards

Hello! Still working on it, we should have found a solution. We'll keep you informed, it should take just a couple of days from now. The core problem we are facing is that Zattoo blacklists a lot of Swiss datacenters IP addresses (while in Germany there are no problems, but there are less channels available). Kind regards

Hello! The timer bug will be fixed in the next client release. It is just a display bug, it does not affect connections in any way. About your observations on client screen layout, they will be transmitted to the programmer, thank you. The Comodo global rules will prevent any leak (DNS leaks and leaks in case of unexpected VPN disconnection). If you wish to prevent just DNS leaks, you can simply force your physical network card to use 10.4.0.1 as preferred DNS IP once your computer is connected to the VPN. You can check for DNS leaks here: http://dnsleaktest.com After you have connected to the VPN, if you have no leaks and you're using the VPN DNS you should see only Google DNS. Kind regards

Hello! Thank you for you inquiry. Yes, please see here: https://airvpn.org/status Yes, please see here: https://airvpn.org/faq#p2p Please see here: https://airvpn.org/faq#multiple_connections and here: https://airvpn.org/faq#routers Routers with OpenWRT or Tomato or DD-WRT firmware can run OpenVPN clients so they are just fine. Once you're behind a "gateway" (a computer, a DD-WRT router...) connected with one account to an Air server, it will see just one connection so you can connect (behind that "gateway") as many devices as you wish. They will use the tunnel transparently. Kind regards

Hello! Without seeing its rules, it's an option that can't be disregarded. Just perform a test for a VPN connection. Kind regards

Hello! Please find the entry-IP addresses from the .ovpn configuration files or just ask us for them in private. We are reluctant to publish in the forum all the VPN servers entry-IP addresses. Kind regards

@LNK29041 Hello! Is the issue occurring also with Online Armour completely disabled? Kind regards

Hello! Nothing wrong, the CPU processing power of most DD-WRT router can sustain no more than 7-8 Mbit/s throughput of AES-256 encrypted traffic. You can connect directly from one of your computers (leaving the DD-WRT router disconnected from the VPN) in order to make a performance comparison. Kind regards

Hello! You can achieve your purpose in the following way: 1) Create a New Shortcut on your Desktop, with the following settings: Target: C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-*.exe --connect "*.ovpn"where: *.ovpn is the configuration file of the server you wish to connect to; it is generated by our configuration generator and it must be in C:\Program Files (x86)\OpenVPN\config in a default Win 7 installation openvpn-gui-*.exe is the name of your OpenVPN GUI, it may vary according to the version you have installed, for example openvpn-gui-1.0.3.exe Please note the double quote around the .ovpn configuration file after the --connect option. Start in: C:\Program Files (x86)\OpenVPN\config 2) Click "Advanced" and enable the shortcut to run with administrator privileges. Disconnect and exit OpenVPN if it's running and double-click your new shortcut to make sure it works. 3) Move or copy the shortcut to the Window 7 Startup directory. In Win 7 standard installation it is for an individual user: C:\users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup For all users it is: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup This is performed by default by your OpenVPN client according to the configuration. Kind regards

Hello! Glad to know that the problem is solved. In dnsleaktest.com you correctly see only Google DNS, which is the last DNS queried by the Air servers. Thank you! Kind regards

Hello! Here you're probably wrong, because you wrote your message while connected to the VPN. It shows that you have connectivity inside the VPN but your computer can't resolve names. You can only browse to airvpn.org because it's in the hosts file and does not need DNS resolution. It is a DNS issue. Can you please try to change DNS on your physical interface and set 10.4.0.1 as primary (preferred) DNS IP address? Please right-click on the Air dock icon when you're connected to the VPN, select "Logs", click "Copy to clipboard" and paste in a message. Kind regards

Hello! The hosts file is just fine. The event logs show that your system tries repeatedly to leak DNS queries sending them to 192.168.1.1 (your router DNS address), as if it could not resolve names through the tunnel. Once you're connected to the VPN, can you please try to: - browse to https://airvpn.org - open a command prompt and issue the following commands: ping google.com ping 8.8.8.8 ping 10.4.0.1 ping airvpn.org and send us their output? Also, can you please send us your client logs? Kind regards

Hello! The forum will not accept files without extension, please just copy & paste in a message the content of the hosts file. Kind regards