Staff

@zombie1982 Try: ip route show If this fails too, look at what's in /proc/net/route cat /proc/net/route Kind regards

Hello! This netstat does not comply, the output is not the kernel IP routing table. Try then with route -n or netstat -r Kind regards Kind regards

Doesn't AIR VPN need to see what user logs in to know if it should be allowed to connect or not, so if the site ur connecting to see the AIR VPN IP adress they know what server connected and when and could match that to airvpn as you can log the user logins, so the trust is back on the your service to uphold the control over the information. Hello! The VPN server needs to check whether an account is on premium status in order to allow the connection but does not keep any information about any account, it queries for authorization a backend server. We recommend NOT to put information in your account data that can be exploited to disclose your identity. As long as we don't know who you are, we can't tell anybody who you are. With Air over TOR, you can also prevent our servers to know your real IP address, even while you are connected. The AirVPN system, if used correctly, is designed to defeat an adversary that has up to the following abilities: the ability to fully monitor the customer's line AND (the relevant portion of the Tor network OR all of the Air VPN servers) the ability to fully monitor any financial transaction of the customer An adversary with such abilities can be defeated in the following way: the customer subscribes to AirVPN with a Bitcoin transaction or a transaction performed through some cryptocurrency designed to keep an anonymity layer on the transaction (check Monero, we accept it without intermediaries) the transaction is performed by tunneling the cryptocurrency transaction and any other operation of that wallet over Tor the transaction is performed with a wallet exactly fit for that transaction the wallet is destroyed immediately after the transaction success (safe deletion of the wallet) the customer always performs "partition of trust" (with the proper account) between parties from now on the customer does NOT insert personally identifiable information in his/her payload, unless he/she wants explicitly to be known by the final recipient: remember that a VPN or Tor or any other system are impotent if you insert personally identifiable information in your content Partition of trust is essential, so that a betrayal of trust by one party does not compromise the anonymity layer. An example of partition of trust is AirVPN over Tor: the Tor nodes see only encrypted (by OpenVPN) traffic and AirVPN servers do not see the real IP address of the user (they see the TOR exit node IP address). On top of that, entry-IP and exit-IP addresses of AirVPN servers are different (to emulate a 2-hop VPN in addition to the multi-hop provided by Tor) in order to prevent correlation attacks. The VPN admins therefore do not know the identity of the customer while the TOR nodes admins do not know the content, the real origin and the real destinations of the packets from/to the Air customer. The drawback of the above setup is that Tor will use always the same circuit, so when this is a concern, you should consider Tor over AirVPN: just run Tor after the system has connected to the VPN and use only Tor-configured applications to transfer sensitive data. In this way, our VPN servers will see your real IP address, but will not know the real, final origin and destinations of such data. Additionally, your packets are still encrypted by Tor when passing through the VPN. The VPN will act as a jumping point to reach Tor, will hide Tor usage from the eyes of an adversary wiretapping the customer's line (extremely useful when someone can be targeted for the mere fact of using Tor), and will at least provide a first protection for UDP flows (if any) and system flows that might be originated by the system and that can't be handled by Tor. Furthemore, the customer should add an encryption layer to protect her packets payload once they get out of our servers or while they transit through the Tor circuits (trivial examples, use GnuPG for e-mails, HTTPS if you reach web sites, SFTP or FTPES for FTP transfers, and so on) in case the payload could be exploited (for example by a second adversary, even unrelated to the first, that monitors the line of the final recipient) to disclose the customer's identity. Always use end-to-end encryption. Always. An adversary with superior abilities may not be defeated by the above setup. Typical examples: an adversary with the ability to monitor the customer's line AND the relevant portion of the Tor network AND all the AirVPN servers an adversary with the ability to fully control the hardware or software of the customer, without the customer's knowledge AND while the customer uses this hardware or software (it's only up to customer to take care against this threat, we can't do anything about it) a global adversary The first kind of adversary requires additional trust partition(s). The second kind of adversary renders the anonymity layer outside the victim's hardware irrelevant. The global adversary theoretically can never be defeated on the Internet. Luckily, the very existence of the global adversary (an adversary with the ability to monitor, store, analyze and correlate all the connections in the world continuously) is highly debatable. Please do not hesitate to contact us for any further information or support. Kind regards

Hello! About Air over TOR, please see https://airvpn.org/tor and http://openvpn.net/index.php/open-source/documentation/howto.html#http About TOR over Air, it's just a proxy over OpenVPN. Please note that a strong additional security layer is obtained with Air over TOR thanks to the partition of trust (TOR nodes see your traffic payload still encrypted and Air servers don't see your real IP address). For deeper knowledge, you might like to examine your routing table, analyze your incoming and outgoing packets with appropriate tools (Wireshark is great), and examine the OpenVPN source code http://openvpn.git.sourceforge.net/git/gitweb.cgi?p=openvpn/openvpn-testing.git;a=summary Wireshark is available here: http://www.wireshark.org Please do not hesitate to contact us for any further information or support. Kind regards

Hello! There is a very slight delay (keep in mind that VPN servers do not keep or store any account information, login data etc.) of the order of very few seconds or less. A five minutes delay is abnormal. We'll look into the issue, does it happen for you on every and each server or on some particular server? Kind regards

Hello! Good, netstat without parameters just confirms what we already knew from the OpenVPN logs. Can you please send us the kernel IP routing table after the connection? netstat -nr Kind regards

Hello! By default the Air servers push routes in order to tunnel everything. Freenet, TOR and I2P are routed over AirVPN too, as long as they are run after the connection to an Air server. All the programs that were running before the connection will not be tunneled, because they are already using a socket/established a connection. Looking at your routing table after the connection can clarify. Examples: if you run TOR after you have connected to an Air server, you will have TOR over AirVPN for the programs configured to use TOR, all the other programs will be tunneled through AirVPN only. If you run TOR before the connection to Air, then you have two options: connecting directly to Air or connecting Air over TOR (please see https://airvpn.org/tor). In the first case, programs configured to be tunneled through TOR will use TOR only, all the other programs (launched after the connection to Air) will use AirVPN only. In the latter case, any and each program launched after the connection will be tunneled over AirVPN over TOR. Please do not hesitate to contact us for any further information or support. Kind regards

Hello! You can check what AirVPN client is doing while "Checking" is displayed simply having a look at the logs (it checks whether the connection has been really established and retrieves data for the commodities). If you don't like the client (only for Windows), just don't use it: you can use OpenVPN directly or any OpenVPN GUI or wrapper you wish. You can generate certificates, key and configuration file through our configuration generator, please read the instructions. That the client "must know! what airvpn.org is" is a gratuitous assumption that has nothing to do about the remarkable OpenVPN ability to tunnel over a proxy. The "proxy" options must be used if you wish to tunnel AirVPN over a SOCKS or an http proxy, for example when you need to hide your real IP address to Air servers even while you are connected, or if you need AirVPN over TOR, or if you are behind a corporate or ISP or university or government proxy, or for any need for partition of trust. Far from being idiotic, this is a very important feature for several customers. Obviously the proxy, local or not, must be running and accepting connections. Kind regards

Hello! We strictly respect Net Neutrality, so no website is blocked from our network. We have just checked that Omicron (the german server) and the 4 servers in the Netherlands (Castor, Leonis, Lyra and Orionis) can all access bayfiles.com without problems. Are you sure to be connected to one of them while you receive that message? Kind regards

Hello! Is your system able to ping 10.5.0.1? Also, would you please publish your kernel IP routing table (delete your real IP for privacy) after the connection? Kind regards

Hello! The logs look just fine. After you have established the connection you should be visible from the Internet with the VPN server exit-IP, can you please check? The VPN DNS private IP address for clients connected to port 443 TCP is 10.5.0.1 (see here for all the others: https://airvpn.org/specs). Kind regards

Hello! 1. They show the current bandwidth usage for each server. 2. Some parameters you might like to consider are geolocation (to access geo-discriminatory services for example), busy bandwidth and performance with your ISP. Please do not hesitate to contact us for any further information. Kind regards

Hello! Log in the website and pick menu "Member area", item "Access without our client". Choose your favourite server and port, accept the ToS and the Privacy Policy. Leave the proxy combobox to "None" if you don't need to run OpenVPN over a proxy. The system will prepare the archive air.zip and let you download it. Inside the archive you will find all the files needed by Tunnelblick. You can generate as many configurations as you wish and install them in Tunnelblick in order to switch easily from one server/port to another. FAQ, also useful to use AirVPN services at their best, are available here: https://airvpn.org/faq Please do not hesitate to contact us for any further information or support. Kind regards

Hello! The AirVPN over TOR uses OpenVPN ability to perform connections over SOCKS (or HTTP) proxies. When you perform Air over TOR connection, all your traffic, including that generated by applications not configured to use TOR, will be routed over AirVPN over TOR. The TOR nodes will see OpenVPN encrypted traffic, our VPN servers will see the IP address of the TOR exit-node (partition of trust). So Air servers won't know your IP address not even while you are connected. For additional details please see: https://airvpn.org/tor and http://openvpn.net/index.php/open-source/documentation/howto.html#http Flash and Java enable an adversary to run (in the target's system) programs which may try to reveal and send to the adversary sensitive information, including but not limited to your real IP address. These attacks have been proven to be successful when a proxy is used, but not an OpenVPN based VPN. However, Flash and Java malicious "applets" may try to exploit several system vulnerabilities (especially on Windows) in order to try a "privilege escalation". If in doubt, never use Flash or Java if/when you need to send or receive critically sensitive data. Do it only if you perfectly know what you're doing. In general, to the best of the knowledge of the current admin writing this reply, Flash and Java based attacks have never proven to be successful when they are run inside a well configured sandbox or virtual machine where the host is connected to an OpenVPN based VPN. Please prevent leak of packets in case of accidental disconnection by setting appropriate firewall rules. Browse our forum for additional information, or give us information about your OS and firewall for support on how to do it. Logging of IP/data is not enabled on our VPN servers. In order to perform ex-post (never ex-ante, of course: we can't give information we don't have) investigations, appropriate steps may be taken in case of alleged violations of the ECHR through our services, if the allegation comes from a jurisdictional competent authority. Specific cases for which we are willing to cooperate with jurisdictional competent authorities are alleged human trafficking, child exploitation, privacy violations, copyright enforcement through privacy violations (please note, copyright enforcement, NOT alleged infringement) and in general any violation of fundamental human rights. For those specific alleged violations we would not appeal against a proper request from a jurisdictional competent authority. Kind regards

Hello! Please use Sirius, Google considers the exit-IP address of Vega as from Hong Kong. We can't do anything about this mistake. Only Google makes this mistake. Kind regards

Hello! No problems at all. With Comodo, the procedure is simple and fast. When you connect to AirVPN, regardless of the server you're connected to, your TUN/TAP adapter is DHCP-assigned an IP address in the range specified by our Technical Specs page. https://airvpn.org/specs/ Therefore, in order to block a program to send out packets when you're not connected to Air, just block (for any program you wish) any outgoing packet NOT coming from range 10.4.0.0->10.9.255.255, from any port to any port. Comodo supports both IP ranges (without need of CIDR notation) and the NOT operator. Open you Comodo control center, click on the tab "Firewall", select "Network Security Policy", click on the tab "Application Rules". Detect the application you want to block when not connected to Air, or add it in the list through the "Browse" command, right-click on the application entry, select "Edit rule" (or "Add rule" if the application has no rules), and define the rule as you can see in the attached image. Leave "Source Port" and "Destination Port" to "Any". Please do not hesitate to contact us for any further information. Kind regards

Hello! Can you please send us the connection logs (right-click on the Air dock icon, then select "Logs", finally "Copy to clipboard" and paste here). Also, what are your OS and .NET framework versions? Finally, can you please try a connection without the Air client and send us the OpenVPN logs? Kind regards

Hello! Your account is authorized to access all the servers. Please make sure that you launch the AirVPN client with administrator privileges and that no software blocks it. Also, can you please send us the logs (after a connection attempt, right-click on Air dock icon, select "Logs", then "Copy to clipboard" and paste here)? We're looking forward to hearing from you. Kind regards

Hello! There is no difference in privacy and logging in any AirVPN servers. Currently there are no laws in the USA and in Sweden which require a VPN service to log online activities. Please do not hesitate to contact us for any further information. Kind regards

Hello! Thank you for your nice words. Yes, it is possible to do it with the Win7 firewall. Please have a look at this thread and do not hesitate to reply if you need further information or support: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1626&Itemid=142 Kind regards

Hello! You will need to configure your FTP server in passive mode (PASV) and perform some configuration. This is an example based on a server which listens to port 21 and supports passive mode. First of all, make sure you use an FTP daemon which allows you to specify a range of ports which the FTP server will use. You will need to configure the server to listen to: - port 21 (used to initiate the connection from any FTP client) - a range of high numbered (>=2048) ports. The range must be large enough to handle different simultaneous passive connections. After connection to port 21, the client initiates TCP data connection to random port specified by server with the command PORT. Let's assume, as an example, that you use ProFTPd and you want a range of 10 ports to handle 10 simultaneous passive connections. In the example, the range is 58120-58129. EDIT: our new port forwarding interface will let you determine immediately a range of contiguous available ports. Furthermore, as of July 2023 new accounts have 5 ports available by default: https://airvpn.org/forums/topic/56405-port-forwarding-availability-change/ If you need more ports please contact us. Configure it with the directive [NOTE: edited from previous mistyping]: PassivePorts 58120 58129 Now, log in our website, and forward a random port, making sure to remap it to your local port 21. Let's call this port X_Port_Number. Make also sure you select "TCP" as protocol. Now forward all ports from 58120 to 58129, protocol TCP. Do not remap them to any local port. Launch your FTP service. Now it should be reachable from any client supporting passive mode (all modern clients support it) on: ftp:// server exit-IP address>: If you wish to use sftp as well, proceed to forward an additional port, TCP protocol, and remap it to your local port 22 (or the port you will configure on your server for sftp). The client does not need to forward any port, because in passive mode it's the client the one that initiates the connection according to the PORT command of the server. Using active mode is possible. In this case you will have to ponder different issues. With active mode, the client connects from a random unprivileged port n >= 1024 to the FTP server's command port 21. Then, the client starts listening to port n+1 and sends the command PORT n+1 to the FTP server. The server then connects back to the client's specified data port from its local data port, which is port 20. Active mode basically transfers most of port issues on the client side. Please do not hesitate to contact us for any further information. Kind regards

Hello! We are informing the Air client programmer of the issue and we are looking into it. Can you please try a connection directly with OpenVPN and tell us whether it's successful? Also, can you please tell us the version of the OS you're using? We're looking forward to hearing from you. Kind regards

Hello! No, it's not normal. Do you have to reboot because of a non-recoverable crash or because of "connectivity lost"? When you stop OpenVPN, it deletes the previous routing table additions ("route add"), no reboot should ever be necessary. However, if you stop OpenVPN with a "kill -9" then your routing table might not be restored and you "lose connectivity". The network-manager, anyway, should fix your issue. You can find it in the menu "Enter", then click on "Linux". Direct link https://airvpn.org/linux Kind regards

Hello! Excellent, all the problems are solved. The AUTH_FAILED error you see was probably due to a double connection attempt (remember that you can't double-connect an account). Now that you have made sure that OpenVPN works, you can cofigure a GUI for additional comfort of usage. In our website you can find instructions for network-manager. Please do not hesitate to contact us for any further information. Kind regards

Thread up as a reminder. Kind regards