Staff

Hello! In order to display and copy the logs in the Air client, please right-click on its dock icon and select "Logs". A window will open showing the logs. Click on "Copy to clipboard" then paste in the message. Since you have no problems with Viscosity, perhaps the "Failed to start" error is caused by a corrupt configuration file, in which case you can safely delete it after you close the client (you can find the path and the name of the .xml configuration file in the logs). The Air client will re-create the configuration at the next run. Kind regards

Hello! "Failed to start" and "Already connected" show two different conditions. Can you please send us the logs? Kind regards

Hello! We're very glad to inform you that a new 1 Gbit/s server located in the Netherlands is available: Leporis. The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificate/key generator (menu "Member Area"->"Access without our client"). The server accepts connections on port 53, 80 and 443 UDP and TCP. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN admins

Hello! The testing will end on August 19th, Sunday night (Central European Time). After that, we'll schedule the upgrade for all servers. Some servers will require disconnection of all users (restarting OpenVPN) so in that case you will be warned at least 48 hours in advance. Kind regards

Hello! It's in the path specified in the logs. Assuming (this is just an example, your path will be different of course) it is C:\Users\johndoe\AppData\Roaming\AirVPN\Air\1.0.0.0\, just browse with the window manager or cd with the command prompt to that directory and delete AirVPN.xml. Kind regards

Hello! We're very sorry, we still don't know. We need a cold reboot (ssh access is ineffective again). We don't have option to cold reboot the machine from remote. We hope it's not some hardware fault which periodically (2 times this week...) causes a complete crash of the machine. The apparent randomness of the crash events have, at the moment, prevented us to discover the real causes. Syslogs are not helpful. We have already contacted the technicians and we hope in a speedy intervention. We will try to speed up our agreements to put online another Sweden server. Kind regards

Hello! We can't do that "ex-ante" (just like any true mere conduit of data), but we reserve the right to do that "ex-post". If a competent authority with competent jurisdiction warns us in any way about usage of our systems in order to perform or aid or abet a violation of ECHR (we are particularly sensitive to human trafficking, human exploitation and privacy violations) we will cooperate "ex-post" with the competent authorities. No. The real IP addresses of those users who are connected at that moment not over TOR would be exposed. The users who are connected over Air over TOR would not be exposed. You might like to look for "partition of trust" in the forum, the following post may give you useful information: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=54&limit=6&limitstart=6&Itemid=142#1745 Kind regards

Hello! You're looking in the right place. The line you wish to find is something similar to: Reading options from [...]\Users\[...]\AppData\Roaming\AirVPN\Air\1.0.0.0\AirVPN.xml It appears on the top, just after the initialization. When you have located it, close the Air client and delete the file "AirVPN.xml". When you launch the client again, it will re-create the XML (you will have to re-insert your login name). Kind regards

Hello! In order to determine whether it's a client or a server side problem, can you please try to connect to Orionis or Leonis or Bootis, and try frequent disconnections and re-connections? Those three servers implement a new system which is designed to fix your kind of problem. We're looking forward to hearing from you. Kind regards

Hello! Unfortunately we experienced a down on the backend servers for approximately 1 hour which prevented authorizations and front end access. Already connected users were not disconnected. The problem has been detected and fixed, we apologize for any inconvenience. Kind regards

Hello! Very glad to know that you managed to solve the problem. EDIT: it was not meant that you should run uTorrent with administrator privileges, quite the contrary. Excellent! Although we could never observe uTP to cause leaks with OpenVPN, keep in mind that it is designed (also) to pass through NATs and firewalls. As a (maybe excessive) precaution, it's better to keep it off when connected to a VPN. We allow port forwarding and we don't shape traffic, so you should not need uTP at all. Thank you very much for the feedback. The new system is implemented in Orionis and Bootis as well. Just a few more testing days and we'll proceed to install it on every server. Moreover, stay tuned for some very good news in the next days and in the next weeks! Kind regards

Hello! We can't say for sure, there are very many problems with Virgo left unsolved and we are not willing to cooperate with the provider. It's up to the provider to solve those problems, if they can't do it then we will transfer Virgo. In the meantime 2 Gbit/s for UK are 10 times the average bandwidth request. Kind regards

Hello! Ok, uTorrent 2.2.1 is just fine and we are testing the very same version. Currently we can't reproduce the problem in any way. Does it happen on every server or only on some servers? Is uTP disabled? Can you give us the uTorrent configuration so that we can mimic it for our tests? What is your exact Windows version? Kind regards

Hello, apparently the above are two different problems. Can you both give us some additional info please... which uTorrent and OS version do you use? Does uTorrent have administrator privileges when it runs? Is the bandwidth limits (especially up) for uTorrent correctly set in order not to hog your bandwidth? Kind regards

Hello! We're very glad to inform you that a new 1 Gbit/s server located in the United Kingdom is available: Bootis. The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificate/key generator (menu "Member Area"->"Access without our client"). The server accepts connections on port 53, 80 and 443 UDP and TCP. As usual, no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN admins

Hello! Would you like to try Orionis or Leonis? If it's a server side problem, you should have no more issues when connected to those servers. They feature a new implementation which according to our tests solve the remaining AUTH_FAILED issues. You can try to connect/reconnect with intervals of few seconds. Feel free to let us know the results. Kind regards

Hello! Can you please make sure that the ports you have remotely forwarded are "CLOSED" in your router? If you're 100% sure that the router ports are closed, then the red token is a false positive and you can go on with peace of mind. Actually, when performing tests we obtain false positives, but they are very rare, while in your case it appears that you ALWAYS get a red token. If the ports in the router are not closed, then the red tokens are correct. From what we learned from recent history, correlation attacks are dangerous for DirectConnect users so it's better to have some false positives and perform a triple-check than having a very dangerous false negative. DC users are also encouraged to secure their connections in order to prevent leaks in case of unexpected VPN disconnections. We're looking forward to hearing from you. Kind regards

Hello! You can attach jpeg, doc, txt, gif and some other formats. If you are unable to do that, please send them via mail to info@airvpn.org Also, a screenshot of your "Global Rules" would be helpful. Did you follow precisely all the 14 points described in the above linked post? Please send also details about your internal network and your implementation of point 11. Kind regards

Hello! Please delete the rule for svchost.exe and follow these instructions: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3405&Itemid=142 Kind regards

Hello! Of course! It's a very simple task which will take you few minutes. You need a firewall. Instructions for Windows (with Comodo), *BSD (including MacOSX, with either pf or ipfw) and Linux (with iptables) are here: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1713&Itemid=142 Further instructions for Windows & Comodo are here: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3405&Itemid=142 Kind regards

Hello! It's very simple, first connect to Air, then launch the TOR browser Aurora (if you use the TOR browser bundle) or your favorite TOR configuration. Please note that in this case only applications configured to use TOR will be tunneled over TOR over Air, all the others will be tunneled over Air only. Kind regards

Hello! Sure, thank you for the suggestion. You can already see them from the source code of the page, anyway for your and other readers comfort you can see them in the configuration files, at the line "remote". You can generate all the configuration files in one shot with our configuration generator. We don't publish the entry-IP addresses list publicly in plain-text to mitigate DDoS botnets attacks. Kind regards

Hello! This is the reason for which you wrongly reported that Comodo does "not block": you did not activate it. Please make sure to set Comodo "Firewall Security Level" to "Custom Policy". If "Firewall Security Policy" is set to "Training Mode", "Disabled" or "Safe Mode", the custom rules are not applied. Pirvatefirewall supports IP ranges. Just specify a NetMask, please see the previous message for an explanation. Basically, any firewall that deserves to be called a firewall can do the job. However, the only firewall we recommend for Windows is Comodo, due to severe outgoing leaks and insufficient pro-active security suffered by any other firewall for Windows (in particular on 64 bit systems). You can get a list of firewalls here, all of them checked with 110 significant tests which try to provoke leaks: http://www.matousec.com/projects/proactive-security-challenge-64/results.php For your security, we recommend to avoid firewalls with a Product Score lower than 90%. Please refer to this post in order to set Comodo rules: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3405&Itemid=142 Kind regards

I thought a TCP connection was slower than a UDP connection? It's certainly slower than my previous ISP connection (through port 443 UDP on the same hardware and line) was. It's about half of my maximum speed. Hello! Yes, there's an overhead, but usually the difference in performance is not so dramatic. Thank you very much. At your convenience do not hesitate to contact us, because chances are that the problem lies in your device or OS, not in BT. It will be interesting that you test out new servers when they are available (soon). By the way, did you perform the "DNS test" recommended by the previous admin? Kind regards

Hello! Previous thread on Windows and Comodo to prevent DNS leaks and leaks in case of unexpected VPN disconnection have become very big and detailed. We invite you to consult those threads for details and support, while we publish this message as a quick, clarifying overview of the essential steps. Please note that if you don't use Windows you don't need to read this post. If you use Windows and a firewall other than Comodo, you can anyway take these rules as an example and adapt them to your firewall. This is a minimal set of instructions to prevent any leak in case of unexpected VPN disconnection and prevent, in any case, DNS leaks, on Windows system with Comodo firewall. Comodo firewall is currently the only firewall we recommend for Windows. The free version is just fine for our purposes. Never rename the rules: in case you need support, we need to see what the rules really state. 1) If you're not familiar with a firewall, read Comodo Firewall manual or guides. In particular, please see the following: https://help.comodo.com/topic-72-1-451-4773-global-rules.html https://help.comodo.com/topic-72-1-451-4884-Network-Zones.html 2) Install Comodo Personal Firewall free version available here: https://personalfirewall.comodo.com/ 3) Set the Firewall Security Level to "Custom Policy" 4) Determine or create the Network Zone of your TAP-Win32 network adapter (from now on "AirVPN"). A safe way to define it: IP Range [10.1.0.0 - 10.255.255.255] if you need OpenVPN over SSH/SSL and other alternative connection modes, see also https://airvpn.org/specs 5) Determine the entry-IP addresses of the AirVPN server(s) you wish to connect to: https://airvpn.org/topic/14378-how-can-i-get-vpn-servers-entry-ip-addresses 6) Define a "Global Rule" which blocks everything: Block And Log IP In/Out From MAC Any To MAC Any Where Protocol Is Any The logging is important for troubleshooting if necessary. 7) Put the above Global Rule in the top position. This will block completely your connectivity and let you add a whitelist of Allow global rules put BEFORE this total block global rule. All the "Allow" rules that you want to be evaluated shall be put BEFORE (i.e. higher than) the above block rule. 8) Define a"Global" rule which allows in/out communications of your TAP-Win32 adapter ("AirVPN") both In and Out: Allow IP In/Out From In [AirVPN] To MAC Any Where Protocol Is Any Allow IP In/Out From MAC Any To In [AirVPN] Where Protocol Is Any 9) Do the same for your loopback zone (IP range 127.0.0.1 - 127.255.255.254) Allow IP In/Out From In [Loopback Zone] to MAC Any Where Protocol Is Any Allow IP In/Out From MAC Any To In [Loopback Zone] Where Protocol Is Any 10) Do the same for any entry-IP address of the VPN servers you wish to connect to. For example for Leporis: Allow TCP or UDP In/Out From IP 95.211.191.33 To MAC Any Where Source Port Is Any And Destination Port Is Any Allow TCP or UDP In/Out From MAC Any To IP 95.211.191.33 Where Source Port Is Any And Destination Port Is Any For your comfort, you might define a Network Zone (for example [Air servers entry IPs]) containing only the entry-IP addresses of our servers and then set two rules like Allow TCP or UDP In/Out From In [Air servers entry IPs] To MAC Any Where Source Port Is Any And Destination Port Is Any Allow TCP or UDP In/Out From MAC Any To In [Air servers entry IPs] Where Source Port Is Any And Destination Port Is Any In this way, you will only need to add a single IPv4 address to that Network Zone in order to connect to a new server, instead of defining two additional rules for each server, which may be annoying if you switch between a lot of servers. 11) Add similar rules to allow communications of your device with your router (and within your home/office network, if you wish so). For example, if your network is [192.168.0.0 / 255.255.0.0] define a network zone with IP Range [192.168.0.0 - 192.168.255.255] (let's call it "Home Network") and set the following rules: Allow TCP In/Out From In [Home Network] To In [Home Network] Where Source Port Is Any And Destination Port Is Any Allow UDP In/Out From In [Home Network] To In [Home Network] Where Source Port Is Any And Destination Port Is Not 53 Allow ICMP In/Out From In [Home Network] To In [Home Network] Where ICMP Message Is Any 11a) Allow DHCP "negotiation": Allow IP In/Out From MAC Any To IP 255.255.255.255 Where Protocol Is Any 12) In order to allow "airvpn.org" resolution even when disconnected (and any other hostname you wish to be resolved even when VPN is disconnected), add to your hosts file the line: 95.211.138.143 airvpn.org Do not forget about this change! If we change our main frontend IP address, you will not be able to reach airvpn.org anymore until you remove that line. No more necessary starting with Air client edition 2 "Eddie". 13) If you use the Air client, add rules to allow communications with IP addresses 5.196.64.52 and 95.211.138.143 (two of our frontend servers), In and Out Allow TCP or UDP In/Out From IP 5.196.64.52 To MAC Any Where Source Port Is Any And Destination Port Is Any Allow TCP or UDP In/Out From MAC Any To IP 5.196.64.52 Where Source Port Is Any And Destination Port Is Any Allow TCP or UDP In/Out From IP 95.211.138.143 To MAC Any Where Source Port Is Any And Destination Port Is Any Allow TCP or UDP In/Out From MAC Any To IP 95.211.138.143 Where Source Port Is Any And Destination Port Is Any 14) You can progressively enlarge your whitelist just by adding "Allow" rules before the total blocking rule of point 6) according to your system needs. Keep in mind that there are literally dozens of ways to accomplish the same task with Comodo. Pay attention not to confuse the "-" symbol, which stands for "IP range", with the "/" symbol, which stands for IP address / NetMask. For example, [10.4.0.0 - 10.9.255.255] is correct (the IP range from 10.4.0.0 to 10.9.255.255), while [10.4.0.0 / 10.9.255.255] is NOT correct (IP 10.4.0.0 NetMask 10.9.255.255, which covers almost every existing IP address!). When you have defined all the rules, do not forget to click "Apply" and "OK" in order to store them and make them active for any new connection. Test everything and do not be afraid to experiment before you rely on the secured connection for sensitive data transmissions. Kind regards