Staff

Hello! Air uses a double certificate verification method. Please make sure that you have set "ns-cert-type server". Additionally, you can launch OpenVPN directly in order to bypass all the problems with network-manager: https://airvpn.org/linux Kind regards

Hello! Can you please post the exact rule for eMule? Probably the problem is in it. Kind regards

Hello! Thank you. We have been able to check successfully that the ports you remotely forwarded are actually properly forwarded to you while you are connected. Therefore you should now check that the incoming packets can reach your service. Make sure that: - your service listens to the correct port(s) and take care that you have not mismatched UDP and TCP ports - your service is not blocked by any firewall We are not reporting here your ports for privacy and security reasons, anyway be aware that: port 10... is UDP forwarded; port 12... is TCP forwarded ; port 22... is forwarded both TCP & UDP. Kind regards

Hello! The commands to insert the proper rules (assuming that your router has tun0 and br0 interfaces) are: iptables -I FORWARD -i br0 -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -o br0 -j ACCEPT iptables -I INPUT -i tun0 -j REJECT iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE If you use the router DD-WRT web interface you can insert them in the appropriate section (see https://airvpn.org/ddwrt for instructions), otherwise you can insert those commands in one of your scripts. Kind regards

Hello! Yes, we can rule out a DNS problem. Please try at your convenience to upgrade to Tunnelblick 3.3beta21a: http://code.google.com/p/tunnelblick/wiki/DownloadsEntry?tm=2 or, for testing purposes and comparison with Tunnelblick on the non-working servers, try Viscosity: http://www.sparklabs.com/viscosity/ Kind regards

Hello! Same symptoms (connect/disconnect cycle)? Can you please double-check your iptables rules? Also, you might consider to flash OpenWrt, if there's compatibility with any of your routers. Kind regards

Hello! As you already noted, the DNS push appears correct. Also, the routing table is correct. The odd thing is that you have problems with all the servers except Pegasi, but all the servers have the very same configuration and same OpenVPN server version, scripts etc. Can you please check the following: http://code.google.com/p/tunnelblick/wiki/cConnectedBut#If_OpenVPN_is_connected_to_the_server_but_you_can%27t_access In particular, check your Mac DNS settings in "System Preferences". Kind regards

Hello! HIPS and Antivirus are optional in Comodo. Our guide refers to Comodo Firewall, Antivirus and HIPS are not required. However Windows users may greatly benefit from the additional protection provided by Defense+ against very many threats. In order to disable permanently Comodo HIPS, set Defense+ to "Disabled". In order to disable permanently Comodo Antivirus, just install Comodo Firewall (i.e. do not install the package Firewall+Antivirus), or set "Antivirus" to "Disabled". For other readers who like the same approach: change the destination port, or add rules, in case you connect to ports 53 or 80. EDIT: please note that this approach is deprecated by us. You might need to add port 68 too. If it's a global rule, the above rule also prevents DNS leaks (and any other leak, except those toward port 443 from your physical interface) by blocking everything outside the tunnel, including svchost.exe DNS queries leaks. Therefore, after you're connected to the VPN you can activate it even though utorrent is not running. Please be aware that this rule must be inactive in order to allow DNS resolution when you don't want to be connected to the VPN etc. EDIT: finally please be aware that this approach will not prevent leaks toward port 443 (or 80 or 53). Kind regards

Hello! Tunnelblick 3.2.8 is not fully compatible with Mac OSX 10.8.x. Please install the correct version, see here: http://code.google.com/p/tunnelblick/wiki/DownloadsEntry?tm=2 Kind regards

Hello! After your message it appears that your connection is stable. Can you confirm that the problem is solved? If the problem occurs again, it's likely that it's a momentary problem due to some factor such as routing, Internet congestion, peering, so you might try a connection to a TCP port on different servers in order to mitigate it. Kind regards

@ergolon Hello! It was assumed that your client was running in a *BSD machine (OpenBSD, FreeBSD, Mac OSX...) with pf. If you connect through your DD-WRT router, then you must not set the firewall rules specified by the tutorial by jessez on your *BSD device. In order to secure your connection you will have to use iptables on the DD-WRT. It's definitely correct that your forward ports in your home network. The warning pertains to forwarding ports in the router physical network interface which communicates with the "outside", which would be dangerous. Kind regards

Hello! It appears that there's absolutely nothing wrong in your configuration, so it's still likely that it's a firmware problem. In the specialized forums, we have seen tons of E2500 users reporting your very same, exact problem ("connection reset" without explanation), but no solution. So this is not a true support answer, sorry, but we'll keep investigating and keep you updated. Also, feel free to keep the thread "up". Kind regards

Hello! Can you please send us the Tunnelblick logs? It might still be a DNS problem. A side note: Polaris is no more, it was dismissed more than a year, maybe almost two years, ago (replaced with more powerful hardware)! Kind regards

Hello! It looks just fine! Kind regards

Hello! It's correct, each server has one, shared exit-IP address. Kind regards

Hello! That's correct. Skype retains any and each encryption key, so Skype can decrypt your communications whenever it wishes or whenever it is asked to do so by a proper authority. This will require a little investigation by you. You might like to start from here: http://en.wikipedia.org/wiki/Voip#Securing_VoIP Kind regards

Hello! You don't need any "allow" rule on pf (as long as there are no blocking rules for ports on your tun interface): all the traffic is tunneled to/from a single port so all the packets will be properly forwarded to the correct application without need of pf policy. Just make sure that you have remotely forwarded the port(s) you wish on our system. https://airvpn.org/faq Kind regards

Hello! In order to test the service you must apply for a free trial AND activate your account with your free trial coupon code. We don't provide free trials with a registration on a website. However, we do provide permanent free access to activists in human rights hostile countries who can't afford to pay. Kind regards

Hello! It is not a mistake, your account is correctly not active and not authorized to access VPN servers. Please subscribe to a plan in order to activate your account. Kind regards

Hello! It was understood that you were talking about a different application pertaining to VoIP. No, it must stop only packets "out" NOT coming from 10.4.0.0->10.9.255.255. Your service (torrent client etc.) must be able to receive packets from any IP address. If you reject/drop packets in, you prevent your service to receive ANY packet, because the range 10.4.0.0->10.9.255.255 is the range of the virtual private network. Don't worry, you don't need to be a network expert to use AirVPN. Anyway, reading the Comodo manual can really help. Please follow this tutorial in order to prevent leaks with Comodo without setting up rules for each application: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3405&Itemid=142 Kind regards

Hello! The file attachments are uploaded when you click "Submit", after you have completed your post. You can be sure you have attached a file when you have picked it from the requester which should appear when you click on the attach option. Your attachment was successful and we could see it (did you read the answer?). When the forum is in "moderated" mode, all the messages must be approved to show up. Kind regards

Hello! No, it's not possible, as long as you are connected to the VPN and you started your application after the connection to a VPN server. Anyway, remember that if Skype knows who you are, changing IP does not matter: your calls and chats will be anyway logged and linked to your account. Kind regards

Hello! Don't worry, it's not your or your browser problem. Currently the forum messages need to be approved by a moderator to show up. We took this decision to fight spam. Kind regards

Hello! Please change "Direction" in the rule to "Out" only. "In/Out" will block any incoming packet for the application not coming from 10.4.0.0->10.9.255.255, effectively blocking any chance for the application to receive any packet. Kind regards

Hello! We're glad to inform you that a new servers monitor has been implemented. The new monitor provides a completely redesigned graphics, additional efficiency and plenty of new information. The new layout will let you be informed more quickly and pleasantly about the status of the Air infrastructure. The monitor will also allow us to inform you with more effectiveness about the status of the VPN servers. Each server can have a short message informing you of potential problems or any other relevant information. New aggregated data have also been added on the right column. In the "Geographical distribution" table you can see the total of connected clients, used and available bandwidth divided into planets, continents and countries. The "Top 10" tables on the right column show the highest detected data in the specified field pertaining only to currently online clients. Nick names are not displayed, however from your "Settings" menu you can allow the display if you wish so. The tables are useful to check stability and verify the performance of the network. The monitor is accessible at the usual link https://airvpn.org/status As usual your feedback will be appreciated. Kind regards