Staff

Hello! You don't need any "allow" rule on pf (as long as there are no blocking rules for ports on your tun interface): all the traffic is tunneled to/from a single port so all the packets will be properly forwarded to the correct application without need of pf policy. Just make sure that you have remotely forwarded the port(s) you wish on our system. https://airvpn.org/faq Kind regards

Hello! In order to test the service you must apply for a free trial AND activate your account with your free trial coupon code. We don't provide free trials with a registration on a website. However, we do provide permanent free access to activists in human rights hostile countries who can't afford to pay. Kind regards

Hello! It is not a mistake, your account is correctly not active and not authorized to access VPN servers. Please subscribe to a plan in order to activate your account. Kind regards

Hello! It was understood that you were talking about a different application pertaining to VoIP. No, it must stop only packets "out" NOT coming from 10.4.0.0->10.9.255.255. Your service (torrent client etc.) must be able to receive packets from any IP address. If you reject/drop packets in, you prevent your service to receive ANY packet, because the range 10.4.0.0->10.9.255.255 is the range of the virtual private network. Don't worry, you don't need to be a network expert to use AirVPN. Anyway, reading the Comodo manual can really help. Please follow this tutorial in order to prevent leaks with Comodo without setting up rules for each application: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3405&Itemid=142 Kind regards

Hello! The file attachments are uploaded when you click "Submit", after you have completed your post. You can be sure you have attached a file when you have picked it from the requester which should appear when you click on the attach option. Your attachment was successful and we could see it (did you read the answer?). When the forum is in "moderated" mode, all the messages must be approved to show up. Kind regards

Hello! No, it's not possible, as long as you are connected to the VPN and you started your application after the connection to a VPN server. Anyway, remember that if Skype knows who you are, changing IP does not matter: your calls and chats will be anyway logged and linked to your account. Kind regards

Hello! Don't worry, it's not your or your browser problem. Currently the forum messages need to be approved by a moderator to show up. We took this decision to fight spam. Kind regards

Hello! Please change "Direction" in the rule to "Out" only. "In/Out" will block any incoming packet for the application not coming from 10.4.0.0->10.9.255.255, effectively blocking any chance for the application to receive any packet. Kind regards

Hello! We're glad to inform you that a new servers monitor has been implemented. The new monitor provides a completely redesigned graphics, additional efficiency and plenty of new information. The new layout will let you be informed more quickly and pleasantly about the status of the Air infrastructure. The monitor will also allow us to inform you with more effectiveness about the status of the VPN servers. Each server can have a short message informing you of potential problems or any other relevant information. New aggregated data have also been added on the right column. In the "Geographical distribution" table you can see the total of connected clients, used and available bandwidth divided into planets, continents and countries. The "Top 10" tables on the right column show the highest detected data in the specified field pertaining only to currently online clients. Nick names are not displayed, however from your "Settings" menu you can allow the display if you wish so. The tables are useful to check stability and verify the performance of the network. The monitor is accessible at the usual link https://airvpn.org/status As usual your feedback will be appreciated. Kind regards

Hello! Your list is just fine, there's only that "alien" 176.61.136.35. Kind regards

Hello! We noticed that, but it's a geo IP location error. The server is in a datacenter in Los Angeles. Kind regards

Hello! Sorry, we're not familiar with your firewall. Anyway, since it's a commercial product, surely their customer support will be able to translate the Comodo rules for you in 1 minute. You should change that rule allowing connections to destination IP 255.255.255.255. To understand why your rule will not necessarily work all the times in the DHCP "negotiation": http://support.microsoft.com/kb/169289 Apparently this is the wrong approach. Allowing indiscriminate communications to port 443 will not prevent all the leaks, for example from your browser to https websites, if your browser is not in the blocked application list. About the block rule, you will have to insert any and each application that you want to secure against leaks, however remember NOT to insert openvpn.exe and airvpn.exe amongst those. Furthermore, it is unclear how you can prevent DNS leaks with this approach. If you put svchost.exe in the secured application list rule, you won't have connectivity at all at the boot or when disconnected from the VPN (not even a successful DHCP handshake), so you would be forced to switch on and off continuously the rule for svchost.exe in order to prevent DNS leaks. All in all, probably you can speed up your work and obtain better results just translating Comodo global rules into LooknStop rules. Kind regards

Hello! It's a nice idea and we have evaluated it. However we consider OpenVPN over TOR much more secure. A multihop VPN with all servers belonging to the same entity might add just a very thin additional security layer. Of course we could create separate entities/companies which handle various servers, however it's difficult to see a real advantage in comparison to Air over TOR. Kind regards

Ahhhhhhhh this is perfect, I did not know this. I thought it would be for the entire router. That makes this whole thing a lot easier. Hello! Yes, DD-WRT supports Policy Based Routing with multiple routing tables. If you're curious, start from here to get an idea: http://www.dd-wrt.com/wiki/index.php/Policy_Based_Routing and then have a look here: http://www.dd-wrt.com/wiki/index.php/OpenVPN So you might say, for example, that 192.168.1.101 uses the tunnel, while 192.168.1.102 does not. Kind regards

Hello! During the login phase, airvpn.exe establishes an SSL/TLS connection with airvpn.org. It seems that your system does not trust the airvpn.org certificate. Kind regards

Hello! Yes, probably it's a different problem, please send us the logs in case you won't solve it. Our servers will push routes to tunnel ALL the traffic. You will have to modify the routing table or reject our servers push (with nopull directive) and then build carefully your own routing table in order to "split" traffic. DD-WRT also lets you select which devices on your WAN will use the tunnel and which not. Kind regards

Hello! Please right-click on the Air dock icon, select "Logs", click on "Copy to clipboard" and finally paste. We're looking forward to hearing from you. Kind regards

Hello! We need additional information to support you properly. Can you please tell us your device, OS and client (for example Air client, OpenVPN direct, OpenVPN GUI, Tunnelblick...) you're using to connect? Also, can you please send us the logs of the client? Kind regards

Hello! Fine, just check that your device IP is defined as 192.168.0.0/24 in ipfw rules (192.168.0.0/16 would anyway work, it's just bigger). Just connect to the port which gives you best performance. If your ISP does not perform any port shaping, ports 53 and 443 will give you the same performance. You might also like to check the Vega, Bootis and Leporis entry IP addresses: Bootis 31.193.12.74 Leporis 95.211.191.33 Vega 69.163.36.66 EDIT: this is jessez's script with clear and explanatory comments: https://airvpn.org/media/kunena/attachments/33554/AirVPN-CommandlineDocumentation.txt Kind regards

Hello! Sorry, it was assumed that you used pf, not Waterrof+ipfw. Those instructions are for pf. You can follow this: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1713&limit=6&limitstart=42&Itemid=142#2756 (see also the subsequent messages). Kind regards

Hello! You might follow this good tutorial: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1713&limit=6&limitstart=36&Itemid=142#2532 If you get stuck at any step, please do not hesitate to contact us. Please provide us with as many information as possible about your problem (if any). Kind regards

Hello! That's correct, account "sys_op" is already connected to one of the Air servers. It was connected since about 30 minutes before your post. At the time of writing "sys_op" is still connected and exchanging data. Please note that multiple connections with the same account are not possible. Kind regards

Hello! We've warned the provider about the issue. We will keep you informed. Kind regards

Hello! The Comodo rule is just fine, therefore it is likely that the red token for your UDP port is just a false positive (it may happen with UDP). Please drop us a note while you are connected, so that we can check in real time the "Not reachable..." message and port forwarding for your account. Also make sure that the port(s) eMule listens to do match the ports you have remotely forwarded on our system. Kind regards

Hello! Sorry, the remote-random directive was already included. Please note that the servers you comment as in "Switzerland" are actually in the USA and server 176.61.136.35 is not an Air server. Kind regards