Staff

Hello! Please see here: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3240&limit=6&limitstart=12&Itemid=142#3274 Kind regards

Hello! Can you elaborate? You can't see in or out bytes in the event logs. Comodo is the most reliable firewall for Windows systems. We can't reproduce the behavior you report on Windows 7 64 bit and Windows XP systems, and we have no such reports of malfunctioning from hundreds of clients using Comodo. Since you have a discrepancy between BitTorrent report and Comodo report, you might like to check your traffic with Wireshark, in order to determine whether Comodo or BitTorrent are wrong. If you're absolutely sure of what you report, you might send a warning to Comodo team, write in their forum and send a warning to all the major security experts in the world, because this would be an information of paramount importance. In the meantime, as long as this behavior is not reproducible, we are unfortunately forced to dismiss your claims as not credible. Please see here: http://www.matousec.com/projects/proactive-security-challenge-64/results.php There are a lot of security and practical reasons. Killing applications is not a viable solution, because we have tested that the time between disconnection detection and application forced shutdown allows leaks anyway, not to mention potential data corruption. Anyway, you can do this with small utilities, but we don't recommend to do that. Disabling routes on your physical interface would make your device unable to communicate within your internal network. Blocking traffic with a firewall like Comodo, on the contrary, is a very reliable solution that usually takes a couple of minutes to the average user. Kind regards

Hello! The rule is correct ("to MAC any" is just fine). Did you click "Apply" and then "Ok"? Did you give time to the BitTorrent client to report the correct stats (even if the block is immediate, torrent clients update the stats progressively)? Did you launch bittorrent.exe after you had set the rule? Also, enable the logging when this rule is fired (just tick the box as you can see from our screenshot) and check the Comodo logs, you should see a series of denials for bittorrent.exe when you launch it when you're not connected to the VPN, or when you disconnect from the VPN. Finally, monitor the bittorrent.exe connection with Comodo firewall option "View Active Connections". Kind regards

Hello! Yes, the rules are wrong. Please set the rules for bittorrent.exe as you can see from the screenshot. You don't need to set any additional rule for bittorrent.exe. Link to the screenshot: http://airvpn.org/media/kunena/attachments/62/comodo_rule1_2012-08-11.jpg After you have deleted your rules and set the above rule, it must be displayed as: "Block TCP or UDP Out From IP Not In [10.4.0.0 - 10.9.255.255] To IP Any When Source Port Is Any And Destination Port is Any" Kind regards

Hello! Sorry, the link is broken. Please find the image in this post. This very same rule can be applied to any application that you want to blocked when you are disconnected from the VPN. Since svchost.exe is responsible (among many other things) for DNS queries, with this rule you will block any DNS leak. Please note that you will not be able to reconnect to the VPN in case you use the Air client (because it needs to resolve the domain name airvpn.org in order to show you the server list and download via TLS certificates, key and configuration) so please just add the following line to your hosts file: 46.105.19.36 airvpn.org You don't need to add the above line if you use OpenVPN or any OpenVPN GUI/wrapper. Kind regards

Hello! We have just checked that your account is authorized to access all the servers and that, at the time of writing, is not connected to any server. Can you please try a connection to a TCP port and send us the attempted connection logs? Kind regards

Hello! Please note that a VPN connection does not secure your computer, as clearly stated in our ToS (and in the ToS of every serious VPN provider). That said, if you need to connect one device, you don't need to connect your router to our servers. About your suggestions, they will be taken into considerations. The problem here is that "securing a computer" and in general computer security is a task which goes well beyond a VPN service. A VPN connection should never be meant as an anti-malware/spyware tool. A VPN service like ours should be meant as an extremely strong anonymity layer and data protection tool only for non-compromised systems. If the computer is compromised by a keylogger, or any malware which can run with high privileges, for example, it may leak every information regardless of the encryption and services you use. A course on computer security is always an ongoing, enormous project that can hardly be defined as exhaustive. Kind regards

Hello! We gladly inform you that the configuration generator has been completely re-designed and includes all of your and other customers suggestions and more. Kind regards

Hello! We're very glad to introduce native support for OpenVPN over SSL and OpenVPN over SSH, and a completely re-designed configuration generator which includes exciting, additional AirVPN services and features. Our service becomes more censorship resistant and easier to use with a wide range of OpenVPN GUIs and wrappers. NEW SERVICES: OPENVPN OVER SSL - OPENVPN OVER SSH OpenVPN over SSL and OpenVPN over SSH will allow you to bypass OpenVPN connections disruption. Known ISP countries where the disruption takes place are China, Iran, Syria, Egypt. The connection disruption is possible because OpenVPN connections have a typical fingerprint which lets Deep Packet Inspection discern them from pure SSL/TLS connections. Connecting OpenVPN over SSL or OpenVPN over SSH will make your connection undiscernable from pure SSL or SSH connections, rendering DPI fingerprint identification powerless. OpenVPN over SSL/SSH is included in every Premium subscription without any additional payment. Use OpenVPN over SSL/SSH only when necessary: a slight performance hit is the price to pay. The performance hit is kept as low as possible because the "double-tunneling" is performed directly on our servers without additional hops. NEW FEATURES A new system for host resolution (not available for Windows) and dynamic VPN server choice is available. This will let you have OpenVPN configuration files which will try connections to various servers (according to your preferences) if one or more servers are unavailable. A new connection port (2018) is now available on all Air VPN servers. A new, alternative entry-IP address is now available on all Air VPN servers. NEW CONFIGURATION GENERATOR FEATURES - You can now select servers by countries, continents and planets (currently only one planet) or any combination between single servers and countries. - You can now select an alternative entry-IP address. Each Air server has now an additional entry-IP address to help you bypass IP blocking. - You can now choose a wide variety of compressing options: zip, 7zip, tar, tar & gzip, tar & bzip2. - You can now choose not to compress the files and download them uncompressed one by one NEW CONFIGURATION GENERATOR "ADVANCED MODE" FEATURES - Total connection ports range available, including new port 2018 in addition to 53, 80, 443 and (for SSH) 22. - Option to generate non-embedded configuration files, mandatory if you use network-manager as OpenVPN wrapper under Linux or just in case you use any wrapper that does not support embedded with certificates and keys OpenVPN configurations. - Option to generate files and scripts for OpenVPN over SSL/SSH connections by clicking on "Advanced Mode" - Option to select "Windows" or "Linux and others". Make sure you select the correct option according to your OS, because connections over SSL/SSH in Windows require different files than those required for Linux, *BSD and Unix-like / POSIX compliant systems such as Mac OSX. - New options to generate configuration files that support proxy authentication for OpenVPN over a proxy connections, particularly useful if you're behind a corporate or college proxy which requires authentication. A significant example of usage of OpenVPN over a proxy is OpenVPN over TOR: https://airvpn.org/tor Instruction page for OpenVPN over SSL: https://airvpn.org/ssl Instruction page for OpenVPN over SSH: https://airvpn.org/ssh Please do not hesitate to contact us for any additional information. Kind regards & Datalove AirVPN admins

Hello! Please feel free not to fish, just read this message: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1713&Itemid=142#1715 Kind regards

Hello! DNS leaks are not strictly related to static or dynamic IP addresses. Also, our service does not require a static IP, you can use it either with a dynamic or a static IP address. Please see here: http://www.dnsleaktest.com/how-to-fix-a-dns-leak.php You might also like to secure your VPN connection in order to prevent any leak in case of unexpected disconnection: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1713&Itemid=142 and https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=2183&Itemid=142#2184 Finally, you must not configure the DNS inside Firefox. You could force your system to use our DNS as the primary DNS server. Please find its address according to the port you connect to and configure Windows to use it as primary DNS: https://airvpn.org/specs Kind regards

Hello! Can you publish the rules you have set for your torrent client? Kind regards

Hello! If you forward the same ports on your router and remotely on our servers, an adversary who can monitor your line (just as an example your ISP or those that have the power to force your ISP to do that) has various ways to perform successfully correlation attacks (for example, timing packet sending on the same port to your real IP and to the exit-IP of the VPN server you're connected to) disclosing the service and the protocol that you're using behind the VPN (and in case of p2p, your p2p activity). This is your vulnerability, not an OpenVPN one. This is only possible (in some cases) when your client responds to all of your network interfaces. A client that is instructed to do so directly exposes your real IP address when you do p2p, no need for any correlation attack. Please check the bindings of your client and avoid multiple IP bindings. This is not an OpenVPN vulnerability, it is a vulnerability inside your system which authorizes administrator privileges to an application making it capable to bypass the routing table or directly a vulnerability configured by you in your application. The p2p swarm will see your client as two clients: one with the VPN server exit-IP address and one with your real IP address. Kind regards

Hello! Please see here to block selectively any application you wish with Comodo: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1713&Itemid=142#1715 Kind regards

Hello! No, if you use Windows firewall and you don't tick that box, you risk ending up with a completely blocked uTorrent (regardless of VPN connection or not). It is sufficient that you don't forward the port(s) you use for uTorrent on your router in order to prevent correlation attacks. As a side note, you might like to consider to switch to Comodo Firewall since the Windows firewall is unreliable. Comodo firewall will also enable you very easily to prevent uTorrent leaks in case of unexpected VPN disconnection. https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1713&Itemid=142 Kind regards

Hello! Yes, our servers push a VPN DNS to the clients. Please see here: https://airvpn.org/specs Kind regards

Hello! We don't have any other report from BT customers about this issue. Can you please try to connect to port 80 TCP (if you have not already done so) in order to determine whether BT has started throttling some UDP ports? Kind regards

Hello! If you need a UK server, currently please use Cygnus only. Virgo has issues we are looking into. Kind regards

Hello! We don't have onion sites... Kind regards

Hello! No, we can't, because we don't keep logs. Please do not hesitate to contact us for any further information. Kind regards

Hello! Can you please report when you exactly get that message and also provide us with some additional information (your Windows version and your .NET framework version)? Kind regards

Hello! Please see here: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1955&Itemid=142#1956 Kind regards

Hello! We don't censor any website. Actually, we are against any censorship. Can you please send us a list of the websites that you can't reach (even in private, if you prefer so) so that we can investigate? You can send us a report even unrelated to your account (just register a new "fake" account and use the "Contact us" form to send us the list, or use a new mail account unrelated to the Air account of yours and write to info@airvpn.org). Kind regards

Hello! Currently servers in any Asian country datacenter do not meet our requirements for traffic, net neutrality, privacy and data protection. We must admit that our requirements are actually quite high. Should we find any provider that complies to our requirements, we'll be of course very glad (and it would be in our utmost interest) to install servers in their datacenters. Kind regards

Hello! Air over TOR is specifically useful when you want to hide your real IP address to our server even WHILE you are connected. You might like to read here: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=54&limit=6&limitstart=6&Itemid=142#1745 Kind regards