Not connected, Your IP: 18.118.137.243
Online: 22435 users - 274143 Mbit/s total BW
.png.f3c947a2e9e68659251859004ed11f01.png){kind=avatar}
Staff
-
Content Count
10633 -
Joined
... -
Last visited
... -
Days Won
1774
Posts posted by Staff
-
-
Hello.
Yes Shakespeer has got port forwarding option. Which Mac OS X client do you have knowledge of, and maybe I can try set up on that and if I have problems you can then help me for it.
However, today I have another issue. uTorrent, which was working perfectly well, with ports all forwarded and the green light coming...is no longer working. Its the same problem...ports all fine on airvpn page but in my uTorrent client, it says its not connectable and that the port is not forwarded correctly. I also have the yellow light on, instead of the green, that I was having a few days ago. I have made no changes to any of my settings.
Hello!
Let's check the server(s) first. Which server(s) do you use for uTorrent?
Kind regards
-
@okcmallrat
The IP ranges published list is not correct, it includes too many IP addresses not belonging to Neflix, please ignore it.
Kind regards
-
Would be happy to do this - where should I send it please?
Hello!
You can send them where you prefer: here on this thread (cut sensitive information), on the "Contact us" form or on the Help Desk.
Kind regards
-
"
Allow TCP or UDP In/Out From MAC Any To IP 95.211.169.3 Where Source Port Is Any And Destination Port Is Any
Hello!
If you always connect to the same port with the same protocol, you can make this rule stricter. For example, if you always connecto to 443 UDP:
Allow UDP In/Out From MAC Any To IP 95.211.169.3 Where Source Port Is Any And Destination Port Is 443
Or you can define a set of ports (53, 80, 443) and set "Destination Port" in that set ("Network Security Policy"->"Port Sets"->"Add a new port sets").
If you are annoyed by too much logging, just disable the logging for the block rule (untick the "Log when this rule is fired") and re-enable it only when you need it.
Kind regards
-
Hey I'm new to all this,
I've correctly installed and set up tunnelblk using config files from a US sever. Tunnelblk connects successfully, but then after a minute or so throws me an error message saying the internet is unreachable and that my VPN may not be configured properly. I think I'm missing something vital here. I tried using different DNS addresses but that hasn't worked. Running os x 10.6.
Can you help me?
Hello!
Can you please send us the Tunnelblick logs?
Kind regards
-
Hello!
This is an unfortunate series of events, we apologize for any inconvenience.
In this case we have had a problem with Cygnus. The server went suddenly offline, we only now know that the service has been suspended without prior notice by the ISP. The server did not communicate anymore with the backend and the connected accounts to the server were not "freed" for a vicious bug which has now been fixed. You should have no more this issue, but should this problem occur again please do not hesitate to contact us.
Kind regards
-
Hello!
This is an unfortunate series of events, we apologize for any inconvenience.
In this case we have had a problem with Cygnus. The server went suddenly offline, we only now know that the service has been suspended without prior notice by the ISP. The server did not communicate anymore with the backend and the connected accounts to the server were not "freed" for a vicious bug which has now been fixed. You should have no more this issue, but should this problem occur again please do not hesitate to contact us.
Kind regards
-
Thanks a lot for the previous help!!
As a reminder, I am using the Global Rule Method outlined here:
https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3405&Itemid=142
While AirVPN is connected (!), I still get some blocked Firewall Events as follows:
A:
Why do these events get blocked at all? After all, AirVPN is connected, and I am using the Global Rules Method, which should allow all traffic as long as AirVPN is connected. Is the reason maybe that legitimate internet addresses only run from 0.0.0.0 to 223.255.255.255, so the above connection requests do not go to legitimate internet addresses and are therefore not going through the AirVPN server (Castor in my case)?
Hello!
No, of course the packets of a local network from/to hosts of the network are routed inside the network itself.
After some research, I learned that the above addresses are so-called "host group addresses" (range from 224.0.0.0 to 239.255.255.255).
Exactly, see RFC 1112 http://www.ietf.org/rfc/rfc1112.txt
This leads to my second question:
B:
Is this safe? Or am I allowing too much traffic this way? Is this traffic even legitimate, as I assumed? Will this traffic ever leave my home network (while AirVPN is connected or disconnected)? Will this allowed traffic ever reveal my true IP address to the world (while AirVPN is connected or disconnected)?
Yes, it is safe, as long as all the hosts in your network are safe. It does not expose your real IP on the Internet.
Kind regards
-
The most accurate speed test is our internal speedtest, directly on our VPN servers. In this way you will get a consistent and coherent relative index of the performance (of course do not use speedtest to have an absolute index) which will help you determine the server, port and protocol which can provide you with the best performance.
The speedtest is available in menu "Member Area"->"Speed Test". You need to be connected to a VPN server and logged in the website.
Kind regards
-
Thanks for the help last time!
I have two more questions, any help on this would be great:
1)
I'm using the global rules method in Comodo as described here
https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3405&Itemid=142
(Note: BELOW the Global "totalblock" rule, I deleted all the *default* global rules with "Block ICMP..." that existed just after installation of Comodo, I hope this is ok, since they would not become relevant anyway, as they are below the total-block rule)
Hello!
Thank you for your nice words.
Yes, it's ok, the block rule we published blocks everything, so any other subsequent (i.e. "lower") block rule does not need to be evaluated.
At first glance, everything seems to work as it should. But when I look in Comodo's
"Firewall Events", there are TONS of blocked events from "Windows Operating System"
They are ok. They may be blocks of DNS leaks or UPnP attempts etc. If you wish to support UPnP, share printers etc., you can allow communications to and from the IP addresses you report on point 3). About sharing devices on your local network, if you don't update regularly your Windows OS, please carefully read this before allowing those connections in Comodo:
http://technet.microsoft.com/en-us/security/bulletin/MS10-061
2)
About once in 2 hours, AirVPN looses the connection and reconnects
automatically, which takes about 5 minutes.
When I click on My Computer -> Manage -> Event Viewer -> System,
I can see that during these disconnects there first is an event ID 1003
(Type: Warning) "Your computer was not able to renew its address from
the network (from the DHCP) server) for the network card with network
address
. The following error occurred: The operation wascancelled by the user. Your computer will continue to try and obtain an
address on its own from the network address (DHCP) server"
This shows that you lost connectivity with your ISP and/or with your router. If it happens regularly every 2 hours, chances are that your ISP is losing connection regularly or that your DHCP settings on your DHCP server (typically your router) are not correct (see also DHCP lease time) and/or the DHCP settings of your ISP are grossly misconfigured.
You might like to read this:
http://www.tcpipguide.com/free/t_DHCPLeaseLifeCycleOverviewAllocationReallocationRe.htm
Kind regards
-
Hi!
Thanks for your reply.
I can assure you that my hardware is perfectly alright, no problems with the router or network card or cable and I don't use WiFi.
Using TCP to connect might solve the "problem", but I would like to avoid that at all cost, since I sometimes use the VPN for gaming and using Skype and TCP increases ping and delay and drastically decreases speeds.
Hello!
We apologize for the delay, your issue deserved an extensive and careful evaluation.
If TCP reduces your speed drastically in comparison with UDP (let's say more than 15%) then there may be a high rate of packet loss, unfortunately, or a replay attack (see below). With TCP, each lost packet is properly resent thanks to its extensive error-correction implementation, but this is of course not the best solutions for performance of some applications (VoIP, online gaming, real A/V streaming...).
Usually I disconnect before gaming, but I was running some bandwidth intensive application in the background as well. Could that have something to do with it? It never does when I'm not connected, so it has to do something with openVPN or the server, right?
It seems really related to the OpenVPN connection, see below.
What do you mean by "temporary perring issue between our servers and your ISP" though?
You might like to read here:
http://en.wikipedia.org/wiki/Peering
Could it also have something to do with an outside attack or portscan, probe, whatever they do?
And what is this replay thing anyway? Can it be disabled?
A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator (of course not in our case!!!) or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution. OpenVPN will reject correctly the fraudulent packets and no injection is possible. However the attack, if well organized, will slow down considerably your VPN connections. If your problem occurs on EVERY Air server, then it's extremely unlikely that you are the target of a replay attack, UNLESS your adversary has the ability to monitor your own ISP line.
However, the "Authenticate/Decrypt packet error: bad packet ID (may be a replay)" log entries do really suggest a replay attack against you even before the connection to our servers. If this an attack, then the adversary is not attacking our servers in general, he/she is attacking you specifically.
About the "Replay-window backtrack occurred", this is the consequence of the problem. OpenVPN writes in the log this event. Please read here. Although it is not 100% sure, it might mitigate your problem without having to use TCP:
http://openvpn.net/archive/openvpn-users/2004-09/msg00068.html
It is not sure that the above will improve your connectivity for online gaming, you will have to test various parameters. But it is sure that it may lower your security if you are under attack. The risk is forcing OpenVPN to accept fraudulent packets as valid packets. The directive to set the n parameter is replay-window in your .ovpn configuration file.
See the OpenVPN manual:
--replay-window n [t]
Use a replay protection sliding-window of size n and a time window of t seconds.
By default n is 64 (the IPSec default) and t is 15 seconds.
This option is only relevant in UDP mode, i.e. when either --proto udp is specifed, or no --proto option is specified.
When OpenVPN tunnels IP packets over UDP, there is the possibility that packets might be dropped or delivered out of order. Because OpenVPN, like IPSec, is emulating the physical network layer, it will accept an out-of-order packet sequence, and will deliver such packets in the same order they were received to the TCP/IP protocol stack, provided they satisfy several constraints.
(a) The packet cannot be a replay (unless --no-replay is specified, which disables replay protection altogether).
(
If a packet arrives out of order, it will only be accepted if the difference between its sequence number and the highest sequence number received so far is less than n.© If a packet arrives out of order, it will only be accepted if it arrives no later than t seconds after any packet containing a higher sequence number.
If you are using a network link with a large pipeline (meaning that the product of bandwidth and latency is high), you may want to use a larger value for n. Satellite links in particular often require this.
If you run OpenVPN at --verb 4, you will see the message "Replay-window backtrack occurred [x]" every time the maximum sequence number backtrack seen thus far increases. This can be used to calibrate n.
There is some controversy on the appropriate method of handling packet reordering at the security layer.
Namely, to what extent should the security layer protect the encapsulated protocol from attacks which masquerade as the kinds of normal packet loss and reordering that occur over IP networks?
The IPSec and OpenVPN approach is to allow packet reordering within a certain fixed sequence number window.
OpenVPN adds to the IPSec model by limiting the window size in time as well as sequence space.
OpenVPN also adds TCP transport as an option (not offered by IPSec) in which case OpenVPN can adopt a very strict attitude towards message deletion and reordering: Don't allow it. Since TCP guarantees reliability, any packet loss or reordering event can be assumed to be an attack.
In this sense, it could be argued that TCP tunnel transport is preferred when tunneling non-IP or UDP application protocols which might be vulnerable to a message deletion or reordering attack which falls within the normal operational parameters of IP networks.
So I would make the statement that one should never tunnel a non-IP protocol or UDP application protocol over UDP, if the protocol might be vulnerable to a message deletion or reordering attack that falls within the normal operating parameters of what is to be expected from the physical IP layer. The problem is easily fixed by simply using TCP as the VPN transport layer.
Kind regards
-
Hello!
I am having a few troubles with AirVPN. I'll summarize them and go in to detail afterwards. For a little information on my setup I'm using Windows 7 Professional connected via ethernet cable to a router. Standard Win 7 Firewall (no I will not use Comodo, no need) but have no rules than what's standard with the OS.
1. When connected to a VPN server under the Win 7 connection popup it says "No internet access" even when it does have access and I can browse. I've searched and cannot find how to solve this.
Hello!
1. This is normal.
2. Having trouble forwarding ports. I have one forwarded in my profile and the same is being used in uTorrent. However, under the forwarding port page it just says "Waiting for a checking" and does nothing.
Please make sure that uTorrent listens to the same port you have remotely forwarded. Make sure that Windows firewall is not blocking uTorrent on any network. "Run a torrent" and check whether you obtain a green token in uTorrent to verify that the port is correctly forwarded. We confirm you that port forwarding is working correctly on all servers for every client.
3. Speeds when connected are very slow when compared to my previous VPN services (which offered similar servers and speeds).
Please see the FAQ https://airvpn.org for various reasons for which you may obtain low performance. Since you have already jumped to conclusions, remember that you have 3 days to ask for a full refund, "no questions asked".
Kind regards
-
@FPyro
Hello!
The logs show that either duplicate packets are being received or packets are arriving out of correct order. Seeing the last lines of the logs ("Replay-window backtrack occurred") the second option is more probable. If the problem was born only recently, maybe it is just a temporary peering issue between our servers and your ISP. Rarely it may also be a symptom of a defective Ethernet cable or network card, router issues or WiFi problems. Please try connections to VPN servers' TCP ports to mitigate the problem and also test different servers. Finally, just in case, if you have the chance, try to replace momentarily cable and router and if possible also the computer. Change only one item at a time to determine if the problem is in the hardware.
Kind regards
-
@itsmeprivately
1) It just means that Comodo is doing its job. By checking source and destination IP address you can see if you wish to authorize that traffic outside the tunnel or not.
2) Losing connection so often is not normal, probably you have connectivity issues with your ISP. Once you are disconnected, you should be able to reconnect immediately, but only if the ISP is giving you back full connectivity.
Kind regards
-
The only thing I noticed is whenever I got disconnected from the airVPN, my ISP gave me a new dynamic IP. Now I've been wondering if that might be the case and if there's a solution for this.
Hello!
It means that you lose connectivity with your ISP each time. Therefore ALL the established connections will be lost (not only OpenVPN ones). Please contact your ISP customer service, we really can't do anything about it.
Kind regards
-
What exactly is a gpg public key, how do I use it, and how would I go about obtaining it?
Hello!
Please see here:
Kind regards
-
After installing the AirVPN client, I see an additional network connection in my Windows (XP) network connections: Local Area Connection (TAP-Win23 adapter).
Note: Before installing AirVPN, I only had my regular "Wireless Network Connection" in Windows (XP) network connections.
Now, Windows XP would allow me to "bridge" these two connections by selecting them both and right clicking on them and choosing "Bridge Connections".
Should I do that?
What would happen?
Thank you for any info!
Hello!
The TAP-Win32 interface is the virtual network adapter used by OpenVPN. Air is a routed VPN, not bridged, and uses a TUN interface. Please also see here:
http://en.wikipedia.org/wiki/TUN/TAP
Kind regards
-
I have that information in a .zip file, but I can't find how to attach a file to a helpdesk problem. How do you want me to send you the information you requested?
I realize that I could attach a file to the forum post, but I would rather not have this information available to all the other forum members to download.
Hello!
Yes of course, your care for privacy is absolutely correct. Please attach the file in an e-mail and send it to info@airvpn.org. Ask for and send your gpg public key before sending the file if you don't wish to send it unencrypted.
Kind regards
-
Hello admin, thank you for the reply!
It looks easy, but the payment plans link isn't working to me... I guess the board messed up something but I can't figure out what!
Hello!
We apologize for the inconvenience, that link was wrong. Fixed now.
Kind regards
-
@dexter010
Hello!
Thank you for your purchase.
You should have received instructions to use your code from bitcoincodes, our authorized reseller, but if your mailbox is blocked you clearly could not.
Anyway...
To activate your account to premium status:
- register and log in our website https://airvpn.org
- select "Payment Plans" https://airvpn.org/payment_plans
- pick the non-recurring subscription plan matching the code you have
- before the checkout, insert your code (uppercase) and click "APPLY"
- your account will be activated to premium status (no traffic limit, no bandwidth limit)
After that, just select your favorite server and port with our configuration generator (for Linux, Windows, MacOSX, Android, DD-WRT), or connect through the AirVPN client (for Windows).
You can generate as many configs as you wish in order to switch easily from one server/port to another with the OpenVPN client.
FAQs are available here, please take a moment to read them all, because they will help you use our system at best (including enhancing performance for p2p and fully use our unique Remote Port Forwarding system):
More details on recent improvements on the system:
https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1616&Itemid=142
Another useful tool is the real-time servers monitor:
The ToS and the Privacy Policy are available at the bottom of most of our website pages.
Please do not hesitate to contact us for any further information.
Kind regards
-
Okay, I am able to connect now, but I am still unable to get firefox to go to any site except AirVPN.org.
I've looked into the Comodo firewall log, and I have hundreds of logged block events for application "Windows Operating System" protocol: UDP coming from what appears to be my old IP address, going to another IP that has the same first 3 IP sections as my old IP but the 4th section is a little different.
I have a feeling this is related to the "You will have to know some parts of your network, though, just in case you'll need additional allow rules to communicate with your gateway" thing you mentioned, but how do I know which parts of the network to allow? I want to be able to have internet access, but I also don't want to add more Global allow rules than I need to.
Hello!
Please send us:
- Comodo network zones
- Comodo global rules
- Comodo application rules
- Comodo Firewall events logs
- Air client (or OpenVPN) logs
Kind regards
-
I am curious whether there are any benefits to using OpenDNS, namely, to have their DNSCrypt software running 1) in conjunction with the AirVPN client, and 2) when AirVPN is disconnected.
Will running DNSCrypt (or setting the DNS to OpenDNS' servers) mess up any anonymity provided by AirVPN?
I also do not understand the concept behind DNSCrypt and am wondering whether it provides any additional privacy (other than merely setting the DNS to OpenDNS' or Comodo's DNS servers).
I do understand that this is all moot (and correct me if I am wrong) because whatever I set my DNS settings to in Windows 7, it automatically "pushes" to AirVPN when the client is running.
Not sure if this is relevant, but I also have Comodo firewall up, running, and configured properly to work with AirVPN (according to the instructions on the forum).
Thanks,
Jopa
Hello!
If you don't want use the Air DNS, you should force your favorite DNS servers on your TUN/TAP interface, so that encrypted and tunneled DNS queries will be forwarded by our servers to those. No problems with the Comodo rules, they don't prevent DNS queries in the tunnel, they prevent them outside the tunnel.
Usage of DNSCrypt is useless when a device is connected to the VPN. Usage of DNS servers different of Air DNS will not impact anonymity, but will neutralize our anti-ICE censorship system.
Kind regards
-
I came here to ask the same question. Just tried connecting for 30 minutes and every time it says "failed to start" and kicks me off. Worked fine awhile ago. I haven't changed anything.
Hello!
Can you please send us the logs?
Kind regards
-
I am trying to get my new AirVPN service up and running, but I have run into a few problems:
1. I accidentally pressed connect on the wrong server, and tried to press the disconnect button literally less than a second after clicking the connect button, and now AirVPN won't let me log on as it says "You are already connected". Could you guys force log me out of the system or something?
Hello!
The operation you performed should give you no problems. If you still can't connect to our servers, please send us the Air (or OpenVPN) logs.
2. I noticed in your instructions on using Comodo to block leaks, you instruct users to put a rule in to allow communication with the router (ex. 192.168.0.1) but what if we are on a corporate or university internet where there is no physical connection to a router, instead the CAT5 ethernet cord connects to a data port on the wall? What rule should we create in this instance?
Basically nothing changes. You will have to know some parts of your network, though, just in case you'll need additional allow rules to communicate with your gateway, or with the corporate proxy (if any).
Kind regards
Can't Connect
in General & Suggestions
Posted ...
Hello!
Probably you have blocked DNS resolution when you are not connected to the VPN (preventing therefore DNS leaks, and that's fine). The Air client needs to resolve airvpn.org in order to show you the servers list, download certificates etc.
You have various options to solve the issue:
1) Use OpenVPN or OpenVPN GUI instead of the Air client
or
2) Add to your hosts file the following line:
46.105.19.36 airvpn.org
This line resolves airvpn.org to the correct IP address, rendering a DNS query unnecessary.
or
3) Secure your VPN connection with Comodo firewall in order to prevent every leak, not only DNS leaks, in case of unexpected VPN disconnection.
https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3405&Itemid=142
Kind regards