Staff

Hello! You can use the Air client both on your host and guest OS. Please note that you can't use the same account for two simultaneous connections. You need to know the proxy type, IP and listening port of the proxy you're using. You can discover them from inside the proxy interface and its documentation. Kind regards

Hello! We can confirm we have plans for one additional Swedish server. However we are currently unable to provide you with a date. Please note that currently Serpentis bandwidth is permanently under usage, with only 25% peaks. Kind regards

So to acheive this I will: 1. Now install the new windows VM 2. Then download and install Tor and the windows AirVPN client on the VM and then am assuming Im good to go pretty much 3. OR are there any special settings to make the "Tor over VPN part of the connection on normal windows" (HM its called right?) routes to the VM correctly? Hello! That's correct, there are no additional requirements. However, the previous admin post forgot to specify an important detail, that is the VM must be connected to the host via NAT in order to render the setup effectively working (i.e. no bridging). This is the default configuration in VirtualBox (just make sure that "NAT" is selected in "Settings"->"Connections") so you should not worry about it, the virtualization program will take care transparently of all NATting. Correct. About point b, remember to configure OpenVPN to connect to an Air server over your TOR proxy. The configuration generator or the Air client will take care of it, just select the appropriate options for Proxy Type, Proxy IP and Proxy Port. The rules should already allow these type of connections because, when you connect OpenVPN over TOR, OpenVPN will communicate with 127.0.0.1 (your local proxy address), which is explicitly allowed in some rule. Additionally remember, when Comodo will prompt you about that, to allow any communication from/to the Virtual Machine (i.e. take care not to block the virtualization program NAT). If you have any issue on this matter please do not hesitate to contact us, a Comodo expert will support you. Kind regards

Hello! About Windows and Comodo yes, absolutely, the recommended rules prevent DNS leaks. About Linux, it does not suffer DNS leaks, which is a typical Windows problem basically related to the fact that Windows lacks the concept of global DNS. So just set your favorite DNS servers (for example by editing /etc/resolv.conf if you don't have resolvconf installed) and OpenVPN will tunnel them. Only obvious exception: nameserver in which case DNS queries will be sent to your router and the the router will send them out unencrypted. Kind regards

Hello! Currently the infrastructures in Singapore and Italy do not provide a 1 Gbit/s dedicated port with 1 Gbit/s lines (even shared, best effort) as a viable solution for our requirements. They just can't provide enough traffic. About the Netherlands servers, the old 100 Mbit/s have a dedicated line, which is burstable up to 200 Mbit/s, while the 1 Gbit/s servers have a dedicated 1 Gbit/s port connected to multiple shared lines capable to provide up to 1 Gbit/s 95% of the time. Since the 100 Mbit/s NL servers are in a different network than the Gbit NL servers, we prefer anyway to keep them for access redundancy. Kind regards

Hello! We're confident about that: the provider has been thoroughly informed about our activity. Of course things in real life may be different, we rely both on the correctness of the provider and on our customers' respect of AirVPN Terms of Service. Kind regards

Hello! Please see here: https://airvpn.org/linux It was understood that you had already placed the guest virtual HDD inside a host TrueCrypt volume When the VM is fully setup, you have plenty of options, please see the previous message. For example, if you wish to connect over TOR over AirVPN over TOR: - connect the host over AirVPN over TOR - connect the guest programs over TOR (just to make an example use the Aurora browser of the Tor Browser Bundle in the guest) If you wish to connect over VPN over VPN: - connect the host to a VPN service - connect the guest over another VPN (you can also perform Air 2-hops, connecting the host to an Air server and the guest to another Air server, in which case you will need 2 Air accounts - EDIT: this is not partition of trust because you would multi-hop on servers that are all controlled by the same entity) Kind regards

Hello! We're very glad to inform you that a new 100 Mbit/s server located in Italy is available: Crucis. The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Member Area"->"Access without our client"). The server accepts connections on ports 53, 80 and 443 UDP and TCP. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN admins

Hello! Phoenicis migration has been completed successfully and the new server is online. Contrarily to what stated in the previous message, it has been possible to maintain the IP addresses. Please do not hesitate to contact us for any issue with this server. Kind regards

Hello! We're very glad to inform you that a new 100 Mbit/s server located in Singapore is available: Sagittarii. We hope and we're confident that this is only the first step of AirVPN expansion in Asia. The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Member Area"->"Access without our client"). The server accepts connections on ports 53, 80 and 443 UDP and TCP. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN admins

WARNING: the migration process has begun. Please disconnect as soon as possible. Kind regards

In what sense are you making that statement: Hello! The http traffic "in transit" cannot be sniffed by your ISP or by a "man in the middle" (an entity between) the OpenVPN client and the OpenVPN server. Kind regards

Hello! The support team replied to your mail where you attached the Tunnelblick logs. The solution to your problem is straightforward, please check your inbox. Kind regards

Hello! What do you mean with irrelevant...? If you refer to TOR over OpenVPN over TOR, one TOR exit node is essential to send your packets to our servers and receive them from our servers, the other TOR exit node is essential to send out and receive packets to/from the Internet (assuming two circuits). Yes. In order to connect to Air please install OpenVPN and follow the instructions for Linux. You have now tons of options: Any VPN over AirVPN over TOR, TOR over AirVPN over TOR, proxy over AirVPN over TOR, I2P over VPN over TOR, AirVPN over AirVPN over TOR... and theoretically you can even connect (from the VM) over AirVPN over TOR over AirVPN over TOR, or over TOR over AirVPN over AirVPN over TOR etc. etc.. These last two "setups" work fine, but do not expect performance exceeding 100 kbit/s, and be ready for very high latency (1000-2000 ms with the final host you connect to are not uncommon). Usually connecting over a VPN over TOR over AirVPN over TOR is necessary only in extremely critical environments which currently we have not found in practice in any country (but of course our experience is not "universal"). You should study each solution to see which one suits your needs in the best way, i.e. the best compromise between security and performance, provided the minimum necessary setup to defeat your adversary. Ideally, you should have a clear vision of the maximum power your adversary (or adversaries) has/have. I/O = Input / Output. Kind regards

UPDATE 14 Nov 2012: All the hardware replacements have been fulfilled. Both Vega and Phoenicis can be used now. Hello! After we detected various issues, an hardware inspection on Vega found a defective Hard Disk Drive. The HDD has been replaced and from now on Vega should be back online without any of the problems which afflicted it in the last weeks. Please do not hesitate to contact us in case you note any issue on Vega. Phoenicis has some deep hardware problem that can't be currently located by the datacenter technicians. These problems cause a deep crash randomly (total freeze), making the server unreliable for a long term connection. As a consequence, we'll move Phoenicis Hard Disk Drives to a new server in the same datacenter. The name of the server will remain "Phoenicis" but the IP addresses will change. The operation is expected to begin very soon. We'll put Phoenicis down and all the clients will be disconnected. Phoenicis will reappear on the servers list after the migration is completed and after all the tests on the new machine will be passed. Kind regards

Hello! It is not unsafe (generally speaking) to forward UDP ports. DHT does not need a forwarded port, however uTorrent will try to connect to a uTorrent server (owned by uTorrent company) for DHT bootstrap. DHT bootstrap with the aid of a central server could be necessary at the first run of uTorrent, or maybe after a long time during which uTorrent was never launched, in all other cases the bootstrap should be performed successfully from known peers and not central servers. Latest uTorrent versions don't even need any remotely forwarded port in Air servers, because they can "traverse" Air NAT (which is p2p friendly) with the help of other peers in the swarm. Just wait a couple of minutes with a running torrent and you'll see that the connection token will get green. Kind regards

Hello! The OpenVPN logs. According to how you launch OpenVPN their location or output may vary. In order to simplify, please launch OpenVPN directly from a shell as reported in the following link, then just copy & paste the output of the command here. https://airvpn.org/linux Kind regards

So to clarify on point above: it is safe to access and temporarily store (until accessed and re encrypted using PGP) a file from inside the hidden volume so that it could not be recoverable? Yes, provided that all the I/O operations are performed inside the encrypted volume. An adversary can see your encrypted files only if it gains access to your computer while the volume is mounted, so you should not leave your computer unattended with mounted TrueCrypt volumes if someone can gain access to it. Please see also here for a lot of useful information: http://www.truecrypt.org/docs/ You can keep a VM completely inside an encrypted TrueCrypt volume: just create the virtual hard disk inside the virtual encrypted volume. You should use the "Contact us" form if you don't want to make your messages public. Even if we delete this thread, it will remain available on the Internet Archive.org Wayback Machine, Google cache... A forum is meant for public discussions which should remain available to all readers for future references. Kind regards

Hello! Please see the links "Prevent leaks with..." in the announcement section of the forum according to your system: https://airvpn.org/forums Kind regards

Hello! Can you please send us the connection logs? Kind regards

Hello! You will need a valid OS image and the license to use it. However not all OS are protected by copyright, you can use free and open source OS or distribution of OS which come under GPL, like Linux distributions, or similar like OpenBSD. If your host is Windows-based, it can anyway host such OSes. Of course, the normal practice is that a file inside an encrypted volume is never ever stored in unencrypted form outside the volume anywhere. If this happens accidentally, the unencrypted file needs to be securely shredded. http://en.wikipedia.org/wiki/Data_erasure Please consider, even in view of your point 2, that the reported performance is OpenVPN over TOR and TOR over OpenVPN. TOR over OpenVPN over TOR or TOR over VPN over VPN will have a slower performance. Thank you! Kind regards

Hello! 1. AirVPN is based on OpenVPN. Our OpenVPN servers push automatically routes to your client so that all your traffic is encrypted. Keys are RSA 2048 bit, data channel is encrypted with AES-256-CBC cypher and the packets verification is HMAC SHA-1 160 bit. The authentication is based on two certificates and a client key. In our configuration OpenVPN performs a TLS re-keying with overlapping windows (so that there's no delay or bottleneck during re-keying) every 60 minutes (as by default). You don't need to configure anything on your router if you connect from a computer or a mobile device. Just in case you have a DD-WRT/Tomato/OpenWRT router with OpenVPN support, you can alternatively perform the connection directly from the router, instead from you computer. In this case you would need to configure OpenVPN on the router. This is totally optional. 2. No, you don't need to. When you connect to an Air server you are behind a "cone-NAT" (p2p friendly) which latest uTorrent versions are able to "punch". Anyway you can remotely forward a port and then insert the same port number as the listening uTorrent port, to make your client immediately reachable from the Internet without traversing the NAT. This is particularly useful should you use a torrent client which can't traverse a NAT. 3. Yes. We currently provide 5 servers in the USA for a total available throughput bandwidth of 5000 Mbit/s. https://airvpn.org/status Some more information on the service can be found on the FAQ: https://airvpn.org/faq Please do not hesitate to contact us for any further information. Kind regards

Hello! Latency is a parameter which is not controllable, but you should try all the servers to see which can give you the lowest latency. Our server monitor will help you, showing a latency which has no absolute value, but is useful to make comparisons. https://airvpn.org/status Kind regards

I allowed 48 hours during the week. Not a weekend. And I had to transmit the requested logs three times before anyone appeared to notice, and whomever I corresponded with agrees that they don't show a single thing out of the ordinary. Hello! Maybe some communication problems? The support is much faster than 48 hours. Of course it can't be excluded: if there's "bad peering" between all our datacenters bandwidth providers and your ISP, unfortunately this can't be resolved. Although we are careful to put servers in datacenters with POPs connected directly to tier1 and tier2 providers, it's impossible to have a 100% certainty to have good peering/latency/routing etc. with all the ISPs in the world... this is just how the Internet works. Ok, so it is probably safe to assume that the above cause is the most probable cause for your 16 Mbit/s performance. If you haven't already done so, please try connections over UDP ports (try them all), you might have better performance for obvious reasons. Or, you might notice packet fragmentation (which you can't notice with TCP of course), in which case you might fine-tune OpenVPN for higher performance as you probably already know. Kind regards

Hello! Yes, it looks like your firewall drops every outgoing (or maybe incoming, or both) UDP packet. This will cause several issues to the network users, lot applications can't just be used etc. Just connect over a TCP port and you should be able to solve every problem. Encapsulating packets in TCP will also allow you to use all the applications which rely on UDP packets and that currently you can't use on your network. Kind regards