Staff

Hello! Please note that a VPN connection does not secure your computer, as clearly stated in our ToS (and in the ToS of every serious VPN provider). That said, if you need to connect one device, you don't need to connect your router to our servers. About your suggestions, they will be taken into considerations. The problem here is that "securing a computer" and in general computer security is a task which goes well beyond a VPN service. A VPN connection should never be meant as an anti-malware/spyware tool. A VPN service like ours should be meant as an extremely strong anonymity layer and data protection tool only for non-compromised systems. If the computer is compromised by a keylogger, or any malware which can run with high privileges, for example, it may leak every information regardless of the encryption and services you use. A course on computer security is always an ongoing, enormous project that can hardly be defined as exhaustive. Kind regards

Hello! We gladly inform you that the configuration generator has been completely re-designed and includes all of your and other customers suggestions and more. Kind regards

Hello! We're very glad to introduce native support for OpenVPN over SSL and OpenVPN over SSH, and a completely re-designed configuration generator which includes exciting, additional AirVPN services and features. Our service becomes more censorship resistant and easier to use with a wide range of OpenVPN GUIs and wrappers. NEW SERVICES: OPENVPN OVER SSL - OPENVPN OVER SSH OpenVPN over SSL and OpenVPN over SSH will allow you to bypass OpenVPN connections disruption. Known ISP countries where the disruption takes place are China, Iran, Syria, Egypt. The connection disruption is possible because OpenVPN connections have a typical fingerprint which lets Deep Packet Inspection discern them from pure SSL/TLS connections. Connecting OpenVPN over SSL or OpenVPN over SSH will make your connection undiscernable from pure SSL or SSH connections, rendering DPI fingerprint identification powerless. OpenVPN over SSL/SSH is included in every Premium subscription without any additional payment. Use OpenVPN over SSL/SSH only when necessary: a slight performance hit is the price to pay. The performance hit is kept as low as possible because the "double-tunneling" is performed directly on our servers without additional hops. NEW FEATURES A new system for host resolution (not available for Windows) and dynamic VPN server choice is available. This will let you have OpenVPN configuration files which will try connections to various servers (according to your preferences) if one or more servers are unavailable. A new connection port (2018) is now available on all Air VPN servers. A new, alternative entry-IP address is now available on all Air VPN servers. NEW CONFIGURATION GENERATOR FEATURES - You can now select servers by countries, continents and planets (currently only one planet) or any combination between single servers and countries. - You can now select an alternative entry-IP address. Each Air server has now an additional entry-IP address to help you bypass IP blocking. - You can now choose a wide variety of compressing options: zip, 7zip, tar, tar & gzip, tar & bzip2. - You can now choose not to compress the files and download them uncompressed one by one NEW CONFIGURATION GENERATOR "ADVANCED MODE" FEATURES - Total connection ports range available, including new port 2018 in addition to 53, 80, 443 and (for SSH) 22. - Option to generate non-embedded configuration files, mandatory if you use network-manager as OpenVPN wrapper under Linux or just in case you use any wrapper that does not support embedded with certificates and keys OpenVPN configurations. - Option to generate files and scripts for OpenVPN over SSL/SSH connections by clicking on "Advanced Mode" - Option to select "Windows" or "Linux and others". Make sure you select the correct option according to your OS, because connections over SSL/SSH in Windows require different files than those required for Linux, *BSD and Unix-like / POSIX compliant systems such as Mac OSX. - New options to generate configuration files that support proxy authentication for OpenVPN over a proxy connections, particularly useful if you're behind a corporate or college proxy which requires authentication. A significant example of usage of OpenVPN over a proxy is OpenVPN over TOR: https://airvpn.org/tor Instruction page for OpenVPN over SSL: https://airvpn.org/ssl Instruction page for OpenVPN over SSH: https://airvpn.org/ssh Please do not hesitate to contact us for any additional information. Kind regards & Datalove AirVPN admins

Hello! Please feel free not to fish, just read this message: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1713&Itemid=142#1715 Kind regards

Hello! DNS leaks are not strictly related to static or dynamic IP addresses. Also, our service does not require a static IP, you can use it either with a dynamic or a static IP address. Please see here: http://www.dnsleaktest.com/how-to-fix-a-dns-leak.php You might also like to secure your VPN connection in order to prevent any leak in case of unexpected disconnection: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1713&Itemid=142 and https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=2183&Itemid=142#2184 Finally, you must not configure the DNS inside Firefox. You could force your system to use our DNS as the primary DNS server. Please find its address according to the port you connect to and configure Windows to use it as primary DNS: https://airvpn.org/specs Kind regards

Hello! Can you publish the rules you have set for your torrent client? Kind regards

Hello! If you forward the same ports on your router and remotely on our servers, an adversary who can monitor your line (just as an example your ISP or those that have the power to force your ISP to do that) has various ways to perform successfully correlation attacks (for example, timing packet sending on the same port to your real IP and to the exit-IP of the VPN server you're connected to) disclosing the service and the protocol that you're using behind the VPN (and in case of p2p, your p2p activity). This is your vulnerability, not an OpenVPN one. This is only possible (in some cases) when your client responds to all of your network interfaces. A client that is instructed to do so directly exposes your real IP address when you do p2p, no need for any correlation attack. Please check the bindings of your client and avoid multiple IP bindings. This is not an OpenVPN vulnerability, it is a vulnerability inside your system which authorizes administrator privileges to an application making it capable to bypass the routing table or directly a vulnerability configured by you in your application. The p2p swarm will see your client as two clients: one with the VPN server exit-IP address and one with your real IP address. Kind regards

Hello! Please see here to block selectively any application you wish with Comodo: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1713&Itemid=142#1715 Kind regards

Hello! No, if you use Windows firewall and you don't tick that box, you risk ending up with a completely blocked uTorrent (regardless of VPN connection or not). It is sufficient that you don't forward the port(s) you use for uTorrent on your router in order to prevent correlation attacks. As a side note, you might like to consider to switch to Comodo Firewall since the Windows firewall is unreliable. Comodo firewall will also enable you very easily to prevent uTorrent leaks in case of unexpected VPN disconnection. https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1713&Itemid=142 Kind regards

Hello! Yes, our servers push a VPN DNS to the clients. Please see here: https://airvpn.org/specs Kind regards

Hello! We don't have any other report from BT customers about this issue. Can you please try to connect to port 80 TCP (if you have not already done so) in order to determine whether BT has started throttling some UDP ports? Kind regards

Hello! If you need a UK server, currently please use Cygnus only. Virgo has issues we are looking into. Kind regards

Hello! We don't have onion sites... Kind regards

Hello! No, we can't, because we don't keep logs. Please do not hesitate to contact us for any further information. Kind regards

Hello! Can you please report when you exactly get that message and also provide us with some additional information (your Windows version and your .NET framework version)? Kind regards

Hello! Please see here: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1955&Itemid=142#1956 Kind regards

Hello! We don't censor any website. Actually, we are against any censorship. Can you please send us a list of the websites that you can't reach (even in private, if you prefer so) so that we can investigate? You can send us a report even unrelated to your account (just register a new "fake" account and use the "Contact us" form to send us the list, or use a new mail account unrelated to the Air account of yours and write to info@airvpn.org). Kind regards

Hello! Currently servers in any Asian country datacenter do not meet our requirements for traffic, net neutrality, privacy and data protection. We must admit that our requirements are actually quite high. Should we find any provider that complies to our requirements, we'll be of course very glad (and it would be in our utmost interest) to install servers in their datacenters. Kind regards

Hello! Air over TOR is specifically useful when you want to hide your real IP address to our server even WHILE you are connected. You might like to read here: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=54&limit=6&limitstart=6&Itemid=142#1745 Kind regards

Hello! We can confirm you that we don't detect any problem on UK servers. Kind regards

Hello! We can confirm you that port forwarding is working correctly on our servers. If your router does not allow to close any port, you might block the ports you have remotely forwarded with your software firewall (very easy if you use Comodo) ONLY on your physical interface in order to prevent correlation attacks. Kind regards

Hello! Can you please use the "Contact us" form for this request? Kind regards

@aaronasaka Hello! This is just a wild guess in case you have Windows, but it's worth a try. We have some reports from Asus and other vendors customers from which it appears that some pre-installed "network card managers" have the effect to slow down dramatically the connection when OpenVPN is in use. For example, "Network i Control" from Asus appears from our reports to slow down the connection only when a TUN/TAP interface is used (just like in the OpenVPN case). At your convenience, and just in case you run a pre-installed Windows, please check whether you have one of those programs running and disable it to check whether the OpenVPN performance improves. Kind regards

Hello! We have deliberately chosen not to provide PPTP access with any authentication since the birth of AirVPN. MS-CHAPv2 authentication vulnerabilities are well known since years, nothing new under the sun. Attacks against PPTP with MS-CHAPv2 are trivial and can be performed automatically and rapidly with various tools. Kind regards

Hello! In your case, in order to have a cleaner, more precise set of rules, rule 2000 should be changed to: allow ip on en0 from 10.0.1.0/24 to 95.211.169.3 keep-state because 10.0.1.* in CIDR notation is 10.0.1.0/24 Rules from 5100 to 5260 can be made cleaner with "on tun0" (assuming that tun0 is your tun interface), for example: allow ip on tun0 from 10.4.0.0/16 to any Pay attention to rule 1200 if you wish to use a local proxy (for example Air over proxy will be blocked with that rule if you have a proxy on 127.0.01) and/or if you have software which needs to communicate with 127.0.0.1 (for example Tunnelblick). Kind regards