Staff

Hello! We're very glad to inform you that a new 1 Gbit/s server located in the UK is available: Cygnus. The AirVPN client will show automatically this new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificate/key generator (menu "Member Area"->"Access without our client"). The server accepts connections on port 53, 80 and 443 UDP and TCP. As usual, no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Please do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN admins

Hello! Can you please try a connection with the OpenVPN GUI? In order to do so, log in our website and go to "Member Area"->"Access without our client". Pick your favorite server and port and download the archive that the system will automatically prepare for you. Decompress and copy all the files inside it (four files: user.crt, ca.crt, user.key and air.ovpn). Paste the file in the OpenVPN configuration directory, which on a default Win 7 installation is: C:\Program Files (x86)\OpenVPN\config This operation is required only once. Do not give to anyone your user.key. Then launch with administrator privileges OpenVPN GUI (right-click on the icon and select "Run as administrator"). Do NOT launch the Air client. Right-click on the OpenVPN GUI dock icon (two small monitors) and select "Air"-->"Connect". After the connection is established, please send us the connection logs (right-click on the dock icon and select "Air"->"View Logs"). We're looking forward to hearing from you. Kind regards

Hello! Yes, perfectly normal. Basically yes. In case of your connection to the VPN, not really, because the "American government" would anyway see the exit-IP address of the VPN server you're connected to. Kind regards

:laugh: About lack of sleep, we can ensure you that we perfectly understand you! Kind regards

Hello! The problem in the first article pertains to SSL certificates issued by "authorities", so it may affect us on the website, in case the certificate were stolen from the authority which issued it to us, not on the OpenVPN connections. Kind regards

Hello! It looks like OpenVPN can not change properly the routing table. In order to do so, OpenVPN needs to run with administrator privileges. The AirVPN client runs OpenVPN with elevated privileges, however chances are that Microsoft Security Essentials interferes with it (perhaps it wrongly detects the OpenVPN behavior as malware - please note from the logs that initially OpenVPN changes the routing table, then it can't). Please try to test a connection with MSE disabled and tell us the results at your convenience. Kind regards

Hello! In order to speed up the configuration, instead of re-downloading everything you might like to search & replace automatically the string 'proto udp' with 'proto tcp', and string 'remote a.b.c.d 443' with 'remote a.b.c.d ' on every .ovpn file. (Perhaps a useless suggestion for you, but maybe useful for some reader). Kind regards

Hello! Do you mean that any program except your browser can perform DNS resolution? To test this out, please open a shell (or a command prompt, according to your OS) and issue the following commands: ping 46.105.19.36 ping airvpn.org and please send us the output of those commands. Then, from you browser, try to access: https://46.105.19.36 and https://airvpn.org and please report the results. Currently we only support IPv4. What is your OS and your browser? What do you use to connect to an AirVPN server (for example our client, OpenVPN GUI, Tunnelblick, network-manager...)? Can you please send us the connection logs? Kind regards

Hello! PayPal, just like any other bank or financial organization, will store forever the transaction in your and our accounts, making it possible to show that you are one of our customers and potentially allowing a correlation between your account name and your PayPal account. This will prove that you are one of our customers, however it does not allow any correlation with your activities on our VPN. We also accept Bitcoin and Liberty Reserve. If you need a much stronger anonymity layer, we recommend Bitcoin. You can also tunnel your Bitcoin client over TOR when you buy a coupon from our authorized reseller http://bitcoincodes.com Kind regards

Hello! Thank you very much for the report. We pick servers in datacenters directly connected to tier1 providers (including the big four in Europe), unfortunately this can't guarantee that all the ISPs in the world have a good peering with our servers. On top of that we make sure that we have always redundant available bandwidth for each customer (as long as he/she picks the right server). Most of our customers can get 70-90 Mbit/s with their 100 Mbit/s lines or dedicated servers, all in all that's how the Internet works. Luckily this attention gives excellent results, since from independent peer reviews with tests from various ISPs around the world the performance is (on average) better than any competitor. There's something very strange with your tests anyway, it appears that you can fully use your available upload bw but not your download bw. Since you work for your own ISP, we assume that you are sure of no caps on UDP ports, otherwise we would recommend you to repeat the tests connecting to TCP ports. Kind regards

Hello! Thank you, very good suggestion. We had already planned to implement something similar, you will see major changes to the configuration generator soon. Kind regards

Hello! We have several servers with Leaseweb, we are quite happy with their service and their policy and they really deliver what they promise (as you can see from the performance you get). From what you say, Peerblock blocks the IP ranges from Leaseweb. Regardless of the pertinence and the reasons of this choice, you don't need to use Peerblock when you're connected to the VPN. Kind regards

Hello! We have chosen a different model: - no traffic limit at all - no bandwidth limitations or caps - unlimited devices connected from the same network (like you can do with DD-WRT or with a dedicated server/VPS of yours) - very low prices - connections to servers in datacenters with POPs connected to tier1 providers - same account usable from anywhere - no constraints to use proprietary software - no protocols discriminations - no denial of connection nor bandwidth caps from dedicated servers connections - guaranteed bandwidth allocation - no overselling - real time report on servers load via website to everyone - allowance of services behind our servers - no logs - very careful privacy protection and security hardening - no denial of connections from TOR nodes - NO multiple connections with the same account. This is clearly stated in the ToS that you accepted when you subscribed. As far as we know no consumers VPN provider in the world offers all the above features, not even for higher prices. Multiple connections with the same account can cause multiple problems: enormous overhead to guarantee allocated bandwidth, hidden multiple account resales to uninformed people and potential security issues for key sharing. An old proverb: http://en.wikipedia.org/wiki/Have_one%27s_cake_and_eat_it_too Kind regards

Hello! We don't throttle traffic, absolutely not (no packet/port shaping, no monitoring, nothing at all), we're completely and totally "traffic agnostic", with the only exception (which is strictly necessary, otherwise the VPN might not survive) of the block on outbound port 25. As a general suggestion, besides of course picking a low-load server, try to connect to TCP ports and make a comparison. Several ISPs around the world cap bandwidth on some or all UDP ports. It's worth a try. Kind regards

Hello! We're sorry, we don't provide multiple simultaneous accesses with the same account. Kind regards

Hello! Currently the "Snoopers' Charter" scope does not cover VPNs like ours. Of course in its legislation iter a lot can be amended. In the countries where we have servers there are currently over 100 draft laws which may affect privacy and data protection on the Internet. We'll keep an eye on all of them, however as long as they are still drafts and subject to amendments and rejection we can't say anything for certain, considering that we will not accept any applicable law which violates EU acquis. Kind regards

Hello! Due to irreconcilable contrasts with Delphini provider we are dismissing the server. The provider pretended to accept at face value any copyright infringement notice from any clown around the world and also pretended to apply some USA rules, which are inapplicable even in the USA, in the UK, forcing us to unnecessary, continued overwork. On top of that the provider has not even been able to respond (not even a "yes" or "no", just delays over delays and absurd apologies) to a simple SWIP allocation request after several months. We should have suspected to deal with amateurs when we had to request to unblock port 80 UDP, which was blocked, according to their customer service, because "very bad things happen with port 80 UDP" [sic] We can't accept anymore to give money to a toy company. We apologize for our wrong provider choice due to recommendations from "experts". Delphini is replaced by Virgo. Furthermore, in the next hours we will add a new, additional 1 Gbit/s UK server to fully meet the bandwidth demand in UK with high redundancy. Kind regards

Hello! We're very glad to inform you that a new 1 Gbit/s server located in the UK is available: Virgo. The AirVPN client will show automatically this new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificate/key generator (menu "Member Area"->"Access without our client"). The server accepts connections on port 53, 80 and 443 UDP and TCP. As usual, no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Please do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN admins

Hello! We are receiving an impressive amount of requests for support from Mac OSX 10.8 Mountain Lion + Tunnelblick customers. We apologize for any delay in our replies. In most cases this is a DNS issue, still unresolved by the Tunnelblick team. Before opening a ticket or writing to us, please read here: https://code.google.com/p/tunnelblick/wiki/cMountainLionDnsIssue We recommend to use our VPN DNS. According to the port you connect, you can find the VPN DNS IP address in the following link: https://airvpn.org/specs For example, if you connect to port 443 UDP you can set your primary DNS to 10.4.0.1. Kind regards

Hello! OpenBSD and some Linux distros are considered very robust. You might run them as guests in your Mac so you can get practice with them. FreeBSD deserves consideration as well. It's not an easy choice, you should gather on your own as many info as you can and then decide. Kind regards

Hello! If you have some spyware, the cracker has not defeated OpenVPN, but can see anyway your activities because the spyware might connect to a cracker's server and send the data you send out before they are encrypted and the data you receive after they are decrypted. A VPN secures your connection up to our servers, not your computer or your behavior. Kind regards

Hello! We have no way to check it, we don't keep logs. Start with a surely clean system. Do not connect it to the Internet. Install LittleSnitch on it (from a physical source, do not yet connect the system to the Internet). Connect to your router (but not to the Internet yet) and make sure that all ports are closed. Once LittleSnitch is installed, create a Virtual Machine if you're able to do so. Connect your system, from your virtual machine guest if available, to the Internet. Keep your host clean. Never allow any program you don't know to connect to the Internet, and never allow any incoming connection you are unsure to your system. Do not install any program you are not sure of, and when you download a program, even from a trusted source, always check the MD5, SHA-1 and SHA-256 sums for any given file, if available from the source and from independent reviews. Install the TOR browser bundle (check that the bundle is the real bundle). In case even of the slightest doubt, always sandbox an application. Start TOR. Browse to https://airvpn.org with the TOR browser bundle and check the certificate, so you are sure you are really on our website. Our SSL/TLS certificate fingerprints: SHA-256 fingerprint: 7F C6 1C D8 97 F9 51 EC 3B D5 84 F0 4F BD E3 2D DB 3D F8 12 16 C8 86 BB A0 EA 26 31 36 35 21 8E SHA-1 fingerprint: EE 54 D8 0A E5 68 DB 61 69 51 E7 0B BF C6 E8 D1 0C EC 86 3F The fingerprints of the SSL certificate from now on will be published on Twitter at random intervals with our account "airvpn". Browse to Twitter with the TOR browser and search for the tweets from "airvpn" (no Twitter login is necessary) to double-check the fingerprints. Fingerprints on the forum you read, on Twitter and on your browser MUST match. Once you are 100% sure that you are really on our website, download certificates, key and configuration. Decompress and protect from access those files. Never give away your key, as usual. Finally connect to our VPN. Do not forward any port, as long as you don't need listening services behind our servers. Close those ports when your service (if any) is not required. Do not forward any port on your router. Always remember that a VPN secures your connection and that any closed-source OS like Windows and Mac OSX pose serious security issues. In case you suspect that your VM has been compromised, freeze it and do your best to discover the causes. Kind regards

Hello! First of all, with our client please try a connection on port 80 TCP or port 53 TCP, just in case your ISP caps bandwidth on some or all UDP ports. Just select the "Modes" tab and pick the appropriate port, then click "Enter". Then, please make sure that your client listening port matches the port you have remotely forwarded on our system. In order to forward a port on our system, log in our website and select menu "Member Area"->"Forwarded ports". Let the system pick a random port for you (TCP & UDP) and write down that port. Finally, configure your torrent client to listen to the very same port. You don't need and you must not forward the same port on your router (security issues). On the FAQ, you will find more detailed instructions: https://airvpn.org/faq Kind regards

Hello! Did you give your personal key to anyone? Please note that if someone has your certificates and keys and wiretaps your line, he/she can NOT decrypt your communications with our servers (unless you have some spyware/keylogger in your system, but that's another matter), but he/she CAN connect with your account. Kind regards

Hello! According to various sources, MacScan is a good software against malware, including spyware. However, if the spyware has been designed specifically against you and your system, MacScan (or any other product) will fail to detect it. A careful examination of your system and your connections, for example with the help of LittleSnitch (which will inform you about any connection attempt from any task/process), may help. Of course, one might think that your adversary has already thought about LittleSnitch too, so the only secure solution would be starting over with a completely clean system and install on it all the security measures before anything else. Here you can find MacScan and LittleSnitch: http://macscan.securemac.com/ http://www.obdev.at/products/littlesnitch/index.html Kind regards