Staff

Hello! If you have some spyware, the cracker has not defeated OpenVPN, but can see anyway your activities because the spyware might connect to a cracker's server and send the data you send out before they are encrypted and the data you receive after they are decrypted. A VPN secures your connection up to our servers, not your computer or your behavior. Kind regards

Hello! We have no way to check it, we don't keep logs. Start with a surely clean system. Do not connect it to the Internet. Install LittleSnitch on it (from a physical source, do not yet connect the system to the Internet). Connect to your router (but not to the Internet yet) and make sure that all ports are closed. Once LittleSnitch is installed, create a Virtual Machine if you're able to do so. Connect your system, from your virtual machine guest if available, to the Internet. Keep your host clean. Never allow any program you don't know to connect to the Internet, and never allow any incoming connection you are unsure to your system. Do not install any program you are not sure of, and when you download a program, even from a trusted source, always check the MD5, SHA-1 and SHA-256 sums for any given file, if available from the source and from independent reviews. Install the TOR browser bundle (check that the bundle is the real bundle). In case even of the slightest doubt, always sandbox an application. Start TOR. Browse to https://airvpn.org with the TOR browser bundle and check the certificate, so you are sure you are really on our website. Our SSL/TLS certificate fingerprints: SHA-256 fingerprint: 7F C6 1C D8 97 F9 51 EC 3B D5 84 F0 4F BD E3 2D DB 3D F8 12 16 C8 86 BB A0 EA 26 31 36 35 21 8E SHA-1 fingerprint: EE 54 D8 0A E5 68 DB 61 69 51 E7 0B BF C6 E8 D1 0C EC 86 3F The fingerprints of the SSL certificate from now on will be published on Twitter at random intervals with our account "airvpn". Browse to Twitter with the TOR browser and search for the tweets from "airvpn" (no Twitter login is necessary) to double-check the fingerprints. Fingerprints on the forum you read, on Twitter and on your browser MUST match. Once you are 100% sure that you are really on our website, download certificates, key and configuration. Decompress and protect from access those files. Never give away your key, as usual. Finally connect to our VPN. Do not forward any port, as long as you don't need listening services behind our servers. Close those ports when your service (if any) is not required. Do not forward any port on your router. Always remember that a VPN secures your connection and that any closed-source OS like Windows and Mac OSX pose serious security issues. In case you suspect that your VM has been compromised, freeze it and do your best to discover the causes. Kind regards

Hello! First of all, with our client please try a connection on port 80 TCP or port 53 TCP, just in case your ISP caps bandwidth on some or all UDP ports. Just select the "Modes" tab and pick the appropriate port, then click "Enter". Then, please make sure that your client listening port matches the port you have remotely forwarded on our system. In order to forward a port on our system, log in our website and select menu "Member Area"->"Forwarded ports". Let the system pick a random port for you (TCP & UDP) and write down that port. Finally, configure your torrent client to listen to the very same port. You don't need and you must not forward the same port on your router (security issues). On the FAQ, you will find more detailed instructions: https://airvpn.org/faq Kind regards

Hello! Did you give your personal key to anyone? Please note that if someone has your certificates and keys and wiretaps your line, he/she can NOT decrypt your communications with our servers (unless you have some spyware/keylogger in your system, but that's another matter), but he/she CAN connect with your account. Kind regards

Hello! According to various sources, MacScan is a good software against malware, including spyware. However, if the spyware has been designed specifically against you and your system, MacScan (or any other product) will fail to detect it. A careful examination of your system and your connections, for example with the help of LittleSnitch (which will inform you about any connection attempt from any task/process), may help. Of course, one might think that your adversary has already thought about LittleSnitch too, so the only secure solution would be starting over with a completely clean system and install on it all the security measures before anything else. Here you can find MacScan and LittleSnitch: http://macscan.securemac.com/ http://www.obdev.at/products/littlesnitch/index.html Kind regards

Hello! If you don't want to let your ISP know that you use TOR when you connect to .onion sites, please use TOR over Air instead of Air over TOR. Your ISP will see only encrypted traffic to and from our servers. Kind regards

Hello! Would you like (if you can) elaborate about the MITM attack you claim from the NSA? 66.233.234.27 and 64.13.115.27 appear to be servers of Clearwire, an american provider of 4G services. MITM attacks are extremely difficult (impossible?) with OpenVPN, even for the NSA. Their quickest solution to wiretap someone who's using OpenVPN would be the injection of some spyware directly on his/her devices, so that he/she would not be even aware of their "interest" and they should not bother about any encryption. Can you please try to secure your connection with the indications given in the following link and perform the DNS leak test again? https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1713&Itemid=142 We're looking forward to hearing from you. Kind regards

Hello! All the servers are and have been up and working properly. Please feel free to send us your connection logs for troubleshooting. Kind regards

Hello! Thank you for your inquiry. We provide unlimited traffic on every server. Our real time servers monitor will help you pick the most suitable server for you: https://airvpn.org/status Kind regards

Hello! Account "KADYWAMPES" subscription expired on July the 17th and is therefore not authorized to access the VPN servers. Please do not hesitate to contact us for any further information. Kind regards

Hello! Please check your iptables rules. In the downscript.sh the line "iptables -I OUTPUT -d 69.163.36.66 -p tdp -j ACCEPT" is wrong (replace "tdp" with "tcp"). Furthermore, apparently no proper masquerading is foreseen in your rules. Please compare your rules with: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1713&limit=6&limitstart=30&Itemid=142#2010 Once you have fixed iptables, please send us the connection logs. Also, please try different servers. Kind regards

Hello! Thank you very much for your purchase from our authorized reseller. You should have received the following (or similar) instructions from Bitcoincodes: - register and log in our website with the account you wish to activate - go to "Payment Plans" https://airvpn.org/payment_plans - pick the non-recurring subscription plan matching the coupon/voucher you have purchased - insert the code ALL UPPERCASE and click "APPLY" (do not click "checkout") The account you're logged in with will be immediately activated to premium status. Please do not hesitate to contact us for any additional information or support. Kind regards

Hello! Can you please post this issue on the Miranda support forum? Kind regards

Hello! Since you only need to access one site bypassing the VPN, the quickest solution is a change to your routing table. You can proceed as follows: - determine the IP address(es) of the website you need to connect to bypassing the VPN. Let's call it a.b.c.d - determine the IP address of the gateway of your physical network adapter (if you are unsure, type on a prompt "ipconfig /all"). Let's call it e.f.g.h After you have connected to the VPN, open a prompt or a PowerShell with administrator privileges and type the command: route -p add a.b.c.d e.f.g.h Please note that the -p flag will make this route permanent, surviving to a reboot. Do not specify "-p" if you don't want it to be permanent. You can remove this route with: route delete a.b.c.d Each packet to a.b.c.d will get out unencrypted outside the tunnel. Warning: proceed with caution. Any mistake might compromise your anonymity layer. Kind regards

Hello! It looks like a network-manager bug. If you use it, you'll sometimes need to restart it when you wish to reconnect. Kind regards

Hello! Please right-click on the Air dock icon and select "Preferences". In the "Proxy" field select "Type: Socks". Kind regards

Hello! Security and privacy on the Internet, as well as in life, require a continuous process of information and education. We do our utmost best to provide a strong anonymity layer, however (as we write in our ToS) a VPN secures your connection, not your computer or your behavior. We don't agree, the system has been designed to destroy correlations between the purchase and an account. When you buy a subscription with BTC, in reality you buy a code from a completely independent reseller (bitcoincodes.com). Then you use that code to activate any account on our website, so there is no correlation between the purchase of BTC through other currencies and/or the purchase of a code, and a premium account on the VPN. The following post may be what you're looking for. It describes how to preserve a strong anonymity layer in the worst case scenario: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=54&limit=6&limitstart=6&Itemid=142#1745 Kind regards

Hello! Please replace that link with this one: https://airvpn.org/tor Kind regards

Hello! Draconis is up and running again. Kind regards

Hello! You're correct, Draconis has been temporarily withdrawn form the servers list due to instability. It suffered a second crash today, after a critical crash yesterday. We are investigating with the help of datacenter support in the hope to bring it up again in a short time. Kind regards

Hello! Since pinging 10.4.0.1 is successful, we could suppose it's a DNS resolution problem, although the routing table apparently shows further problems. Please force your system to use 10.4.0.1 as primary DNS (leave your favourite DNS as secondary) to see whether it fixes the problem. Please note that 10.4.0.1 is your VPN DNS only if you connect to port 443 UDP: https://airvpn.org/specs Kind regards

Hello! You might like to switch to Comodo (for which full instructions are provided in this forum) or ask for support from G-Data Internet Security support team. And yes, DNS leak is a typical Windows problem, not a Linux or BSD one (Mac OSX has been built on BSD - quite funny in the light of the Apple wars against free and open source software ), because Windows allows each adapter to have its own DNS. Kind regards

@locksmith Hello! There are major problems in the routing table when you're connected to Lyra. Why you have this issue only with Lyra and with no other server is still an "enigma". Can you figure out any difference in the connections? Kind regards

Hello! You should block packets with destination port 53 UDP, not 55, and only from your physical interface. Do not block traffic from your TUN/TAP interface, otherwise your system will not be able to send out DNS queries, not even when connected to the VPN. Kind regards

Hello! In the logs there are hints that the routing table is ignored. In any other server connection logs (the servers with which you have no problems), do you have something like: ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=xx and dwForwardType=x after each route.exe command? Can you please send us the routing table after the connection to Lyra? Can you ping 10.4.0.1 after the connection to Lyra? Can you confirm that the IP address of your router is 192.168.1.254? Kind regards