Staff

Hello, attached are my logs. As I described this happens if I disconnect from one server and want to connect to another.

Hello!

This is because you are still, really connected to the previous server. It has been possible to determine this with absolute certainty for a stroke of luck because we don't keep logs, however your account is still connected and exchanging successfully data to another server (we don't report it here for privacy). The connection to that other server began well before the time of the logs you report.

So, assuming of course that you did not give your user.key to anyone, please check the disconnection procedure of your client, it seems that you think to be disconnected while in reality you are still connected.

Kind regards

Hi, I am currently receiving poor speeds from all servers except two. http://imgur.com/Qmrl3

Any help to fix this would be greatly appreciated. Thanks

Hello!

Speedtest can give you a relative index about which server to use, not an absolute one. Also, can you please repeat all the tests for port 443 TCP, 80 TCP and 53 UDP and publish the results, at your convenience? Thank you in advance.

Kind regards

Who are those people who would attack your servers, what do they want? And isn't it incredibly difficult to perform a DDOS these days? Don't you need like thousands of computers for it to work?

Anyhow, nice that Castor came back

Hello!

The recent attacks against the good old Draconis and the new Leporis are performed by some entity with good capacities (>3.5 Gbit/s flood, >50000 flows/s) and that also knows the entry-IP of our VPN servers (so they have been lurking in the website or subscribed to the service - not difficult for free trials, discussions in the forum etc.) . These attacks are outside the reach of most entities so we highly doubt they can be capable to bring down more than one server at a time, unless there's some very big entity behind them (very unlikely). Even in this case, the attackers were not able to sustain the attack for more than 20 minutes. Currently Leporis is ok, but we'll bring it back online at due time.

And yes, Castor is back.

Kind regards

Hello and thank you!

So, Comodo was right since the beginning.

You can see in a previous message that we detected that [AirVPN] Network Zone was wrong, and since then we assumed that you corrected it. Unfortunately you inserted a Netmask which covers almost the entire IPv4 range, authorizing your system to communicate with almost every single IP address on the Internet!

The definition of the AirVPN Network Zone must be [10.4.0.0 - 10.9.255.255]. Please note the difference between "-" (IPv4 range) and "/" (CIDR NetMask).

Once you have corrected the [AirVPN] Network Zone, apply the changes, bring back down the block rule below all the allow rules, re-perform the test with and without VPN. There could still be some problem, if it's the case do not hesitate to report again, we'll do our best to solve them.

Kind regards

I have foud that it is that it is both of these rules

Allow IP In/Out from MAC Any To In [AirVPN] Where Protocol Is Any

Allow IP In/Out from In [AirVPN] To MAC Any Where Protocol Is Any

Hello!

Great job!

Can we see again the definition for your [AirVPN] Network Zone? Also, can you please send us the output of the command "ipconfig /all"?

Kind regards

Hello!

Leporis, although up and running, has suddenly lost connectivity with large parts of the Internet. We are investigating.

UPDATE: Leporis is under a DDoS attack and the provider was rightly forced to null-route the targeted IP address. We will keep you posted.

UPDATE: Leporis is up.

Kind regards

i went to bed sorry about the wait, i have tried to put the global rule to block all the way up to the top but all that seems to do is block everything including the vpn but it does block everything though.

Hello!

No problems, of course you can test when you wish and when you have time.

Now, there is a time-consuming test which you can perform if you wish to. Put on top only the allow rule:

Allow TCP or UDP Out From MAC Any To IP 255.255.255.255 Where Source Port Is Any And Destination Port Is Any

in order to allow DHCP "negotiation", reboot and check again whether you can browse (without VPN connection, always). If you can, please report.

If not, move down the block rule only one line at a time, and each time check whether the connection is re-established. This will help identify which rule causes the malfunctioning. When you detect the "guilty rule", try various combinations of the already existing allow rules to determine the set of rules which are causing the leaks.

Also, feel free to send us your exact Windows configuration, in order to help us reproduce your system as near as we can.

Once again, please re-check that you have no other firewalls and/or antivirus running, or any other monitoring system which can run with administrator privileges and interfere with Comodo.

Kind regards

@nzbob

Hello!

Thank you for the report.

The various "xx" that are visible in the logs on the "VERIFY OK" lines have been put by you (i.e. you edited the logs) or are those the unedited logs?

Does it happen only with Vega on port 443 TCP, on all Vega ports, or on every server?

Kind regards

Is there any way to get PPTP to work with a Synology NAS (running DSM 4.1Beta)?

Hello!

We don't provide PPTP access. Please refer to the Synology customers' support.

Kind regards

I have put it in custom policy and i did reboot and i did not connect to the vpn but i still had internet connection and the i still was able to go on any website.

Hello!

We can't reproduce the behavior.

Please move up your main blocking rule to the top, reboot and perform again the test. If you still have connectivity, please report to Comodo support team for major bug.

Kind regards

Hello!

We're sorry, as far as we know the Synology NAS is not fully compatible with OpenVPN in client mode because it does not support double certificate+key authentications. Please refer to the Synology customer support.

Kind regards

Hi, ive been using the client for awhile now and have had no issues until today. i am currently experiencing the same problems as above. here are my logs :

Hello!

This is a different problem, your TAP-Win32 adapter is inaccessible:

8/26/2012 - 9:07 PM CreateFile failed on TAP device: \\.\Global\{6EFF04E6-FB49-4CD4-9334-9DCD69EA3CA0}.tap

8/26/2012 - 9:07 PM All TAP-Win32 adapters on this system are currently in use.

Please make sure that:

- no other OpenVPN instances are running

- the Air client is launched with administrator privileges

- the TAP-Win32 adapter is enabled

In order to enable the TAP-Win32 adapter:

Windows XP: Open Control Panel->Network and Internet connections->Network Connections. Right-click the adapter "TAP-Win32 Adapter V9" and select Enable.

Windows Vista: Open Control Panel->Network and Internet->Network and Sharing Center->Manage network connections. Right-click the TAP-Win32 Adapter and select Enable.

Windows 7: Open Control Panel->Network and Internet->Network and Sharing Center->Change Adapter Settings. Right-click the adapter TAP-Win32 Adapter and select Enable.

Kind regards

I have been trying to forward a port to work with a DC++ app for Mac OS X, Shakespeer. But whichever port I choose, when I press the Test Port button in the app, it says TCP/UDP port unreachable. The port forwarding worked like a charm in uTorrent, but I dont know what I am missing here. Please help me! Thanks!

Hello!

We're sorry, we don't know Shakespeer. Does it have configurable listening ports?

Kind regards

I did check my application rules and there are some set however i am not sure exactly what you mean as when i put it for untrusted program it would not work under vpn so hear are my application rules.

oh and also should i use the same application rules for the bit torrent client?

Hello!

Forget momentarily about application rules, the previous suggestion was misleading, we apologize for the inconvenience.

First of all, please perform a basic test: put your Comodo firewall to "Custom Policy", then reboot your system.

Please let us know whether you have Internet connectivity just after the reboot (do not connect to the VPN).

Kind regards

Hello!

We're glad to know that the problem is solved. Please do not hesitate to warn us if the problem occurs again, so that we can check to understand what really happens.

Kind regards

Yes i realized that about the airvpn.org will always be accessible but the problem is that i can go on youtube or google any website even though i have the firewall on custom policy the way it is setup currently.

Hello!

Did you set any application rule?

When Comodo evaluates the rules, for incoming connections the global rules take precedence over the application rules.

For outgoing connections, on the contrary, application rules take the precedence on global rules. In the case of web browsers, they don't need an incoming connection, because they establish an outgoing TCP connection and communicate through the established socket. MISLEADING: the global rules will be evaluated anyway after the application rules.

Please check that you don't have application rules, especially that Chrome is not a trusted application or is anyway authorized to establish outgoing connections.

In case of any doubt, please do not hesitate to send us a screenshot of your application rules.

EDIT:

The recommendation is wrong, sorry. Although application rules take precedence over global rules for outgoing packets, this is an evaluation precedence only. No application rule can jump to "accept" before the global rules are also evaluated. So an outgoing connection must pass both the application rules and the global rules to be established. Therefore, this can't be the problem. Chances are that some other firewall or antivirus is interfering with Comodo.

Kind regards

I have restarted the web browser and such and made sure comodo is on custom policy but it still will not block connections when not connected to the vpn and im also sure that there are connections that are not going through the vpn even when it is on as comodo shows that chrome is taking up about 11% compared to openvpn, although it might just be to itself though it still is not blocking either firefox nor chrome when not connected.

Hello!

The 11% of Chrome (or any other application) is normal. All the applications will communicate with the outside, but passing through the tunnel, except OpenVPN. However, Comodo will correctly display the percentage on the total communications, on any network card. So that 11% refers to communications of Chrome to/from your TAP-Win32 card AND/OR to/from airvpn.org.

Important: when you disconnect from the VPN your applications will be anyway authorized to communicate with airvpn.org (and with the VPN servers specified entry-IP addresses, of course), according to the global rules. This is to allow the Air client to connect. If you don't like this behavior, you can delete the allow rules for 46.105.19.36, and connect via OpenVPN directly or via the OpenVPN GUI, which don't need to contact airvpn.org.

You can perform a quick check even without tools like Wireshark. Open the Comodo "View Active Connections" while you're connected to the VPN, and check that all the applications, except openvpn.exe, are connecting from 10.*.*.*. If some application is connecting from 192.168.*.* (assuming this is your home network zone) to the outside world, then there's something wrong.

Then, disconnect the VPN and check that the only communications comply with the global rules. For example, try to open with Chrome any website except airvpn.org, you should be unable to reach it.

We're looking forward to hearing from you.

Kind regards

The files extracted from the air.zip when you create a configuration need to be copied to "~/Library/Application Support/Tunnelblick/Configurations". I don't understand if i need to copy the content or the folder. For each server do you need to create a folder inside the configurations or just copy the .ovpn? Are the ca.crt, user.crt, user.key always the same or are different?

Thanks

Hello!

You need to copy the content of the zip archive. The ca.crt, user.crt and user.key files are always the same.

"You can put more than one .ovpn or .conf file together with its key and/or certificate files into the ~/Library/Application Support/Tunnelblick/Configurations folder. Tunnelblick interprets each .ovpn or .conf file in the ~/Library/Application Support/Tunnelblick/Configurations folder as a configuration file for a different connection; each of the connections will be available in the drop down menu and shown as a separate tab in the "OpenVPN Log” window. "

http://code.google.com/p/tunnelblick/wiki/UsingTunnelblick#Using_More_than_One_VPN_Connection

Please do not hesitate to contact us for any further information.

Kind regards

Yes that has made the vpn work however comodo still will not block connections when the vpn is down and i still get something blocked in the comodo logs i am putting a screenshot of my current global rules network rules to see if you can figure out where i went wrong.

Hello!

The global rules look fine, there are just some duplicates but they are inessential, for example the following three rules are the same according to your Network Zones configuration:

Allow IP In/Out From IP In [10.4.0.0 -10.9.255.255] To MAC Any Where Protocol Is Any

Allow IP In/Out From In [AirVPN] To MAC Any Where Protocol Is Any

Allow IP In/Out From MAC Any To In [AirVPN] Where Protocol Is Any

Anyway, this is not the cause of the problem. The blocks you can see in Comodo logs are ok.

Please make sure that the Comodo firewall security policy is set to "Custom Policy" and that you don't have any other firewall running.

Please close all your applications (close browsers, disconnect from VPN etc.), set Comodo to "Custom Policy", reconnect to the VPN, start normal Internet activity then disconnect from the VPN and check that you don't have anymore connectivity outside your local network.

We're looking forward to hearing from you.

Kind regards

@jasonc

Hello!

We have just checked that your account is authorized to access all the servers and we don't detect any problem with it.

Please note that an account can connect only to one server at the same time. You can switch servers as many times as you wish, but you can't be connected to two or more servers simultaneously.

Please do not hesitate to contact us for any further support.

Kind regards

I have attached the comodo logs the air vpn logs and an attachment that shows the VPN is not working i have restarted chrome and Firefox and the airvpn several times to be positive that it still had a problem.

Hello!

The Comodo logs show a block to the operating system in the DHCP "negotiation". Please make sure that you have the global Allow rule specified in step 11a:

Allow IP In/Out From MAC Any To IP 255.255.255.255 Where Protocol Is Any

and that your network areas are correctly defined according to the previous message.

As a possible consequence, the TAP-Win32 interface does not come up, this is the reason for which you establish a tunnel but you don't tunnel anything inside it: no access to the TAP-Win32 interface is possible.

If the TAP-Win32 still does not come up after the changes reported here above, please make sure that you launch the Air client with administrator privileges (it is set by default to be launched with those privileges, but you will have to authorize it if you have the default Win7 UAC active).

If that does not solve the problem, you should uninstall OpenVPN. When you re-install it, make sure that you authorize it to install all the drivers it asks you for authorization.

Kind regards

I have found a new problem, it does not let me connect to any webpage other than airvpn i think it might be my netork setup so i will take a print screen of that.

Hello!

The [Loopback Zone] Network Zone is wrongly defined, it must be [127.0.0.1 / 255.0.0.0]

The [AirVPN] Network Zone is wrongly defined, it must be IP range [10.4.0.0 - 10.9.255.255], or [10.0.0.0 / 255.0.0.0]

The [Home Network] Network Zone is wrongly defined, it must be AT LEAST [192.168.0.0 / 255.255.255.0], however please check your DHCP server (your router probably). A safe definition may be [192.168.0.0 / 255.255.0.0] to cover 192.168.*.*.

The [LAN] Network Zone will go to overlap with the [Home Network] Network Zone, so you can just delete the [LAN] Network Zone in order to avoid confusion and conflicts and be consistent with your global rules.

When you have fixed the Network Zones, store the changes, please re-launch the Air client, re-connect to Cygnus, test the connection and if you have further problems please send us the Comodo logs and the Air logs.

We're looking forward to hearing from you.

Kind regards

I'm running into a problem today where the only servers that accept my authentication are in the US. every other server gives me the following message using openvpn as my client on windows 7 x64

Sun Aug 26 10:45:57 2012 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

Sun Aug 26 10:45:57 2012 AUTH: Received AUTH_FAILED control message

Sun Aug 26 10:45:57 2012 TCP/UDP: Closing socket

I'm using the generator to create my ovpn configs and I can auth to all 3 US servers without issue.

Hello!

That's bizarre, to say the least. Can you please publish the complete log? We'll look into the issue immediately.

Kind regards

I am not sure what step i get stuck at its just that it hasnt worked yet i can login and choose a server but then it never gets to the point where it is at the server i tried connecting to the cygnus server. i have an attachment with my current global rules also all it says is Connecting but it never does.

Hello!

The Cygnus entry-IP address is 37.220.11.106.

In order to connect to Cygnus please just modify the IP of the "Allow" rule from/to IP 37.220.11.107. Change the IP to 37.220.11.106.

Whenever you have some problem of this kind, it's convenient to check the Comodo logs to see immediately where the block occurs.

Assuming that the network zones have been defined correctly, all the other rules look just fine. You might like to modify the rule pertaining to the Loopback Zone in Allow IP In/Out From In [Loopback Zone] To In [Loopback Zone]

Kind regards

ok now it is saying that i am already connected when i clearly am not whilst trying my tenth attempt to doing that guide this is really frustrating can anyone give a clear simple guide on how to fix these problems now?

(edit:I can now login but other then that the same problems with comodo are still there.)

Hello!

Where do you get stuck with the Comodo guide (which step)?

If you need to block ONLY your torrent client please see here:

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1713&Itemid=142#1715

Kind regards