Staff

Hello! Yes, there will be new servers. Unfortunately, Mexico and China are not appropriate locations for a service like AirVPN. In China there are very many issues related to privacy, active monitoring and censorship. The infrastructure in Mexico heavily needs further development. We will anyway review the situation in Asia very soon. Kind regards

privado wrote: Hello! Sure, please contact us in private (menu "Support"->"Contact us") for those inquiries. Kind regards

Hello! This is a collection of articles appeared online about AirVPN. The Guardian: http://www.guardian.co.uk/technology/blog/2011/sep/26/technology-links-newsbucket Privacy International: https://www.privacyinternational.org/blog/enjoy-internet-freedom-and-anonymity-terms-and-conditions-apply with a further comment by Eric King, Human Rights and Technology Advisor, Privacy International: https://www.privacyinternational.org/blog/enjoy-internet-freedom-and-anonymity-terms-and-conditions-apply#comment-190 TorrentFreak: https://torrentfreak.com/which-vpn-providers-really-take-anonymity-seriously-111007/ IT World: http://www.itworld.com/security/206429/who-trust-your-secrets-some-vpn-anonymity-providers-sound-noble-others-are-just-icky The Atlantic Wire: http://www.theatlanticwire.com/technology/2011/09/lulzsec-hacker-exposed-service-he-thought-would-hide-him/42895/ Kind regards AirVPN admins

privado wrote: Hello! It's difficult to say why, without further details about configuration differences in the private networks. Thank you for your patience. We are going to refund you your monthly subscription (your access will be granted anyway until the expiration date). You might want to review your problem even in the DD-WRT support forum and wiki, given that we don't have access to an E2000 router and to the unknown DSL modem/router. We will keep on our commitment to improve our customer service. Kind regards

Hello! If you're looking for some original gift for privacy aware friends and relatives, we are now offering gift coupons for 1 month, 3 months and 1 year premium subscription to AirVPN. The coupons are alphanumerical codes that, when inserted in our website, give immediate premium activation without further payment or delay. They have no expiration date set and are delivered in 4-8 hours. The person with the coupon just has to select the corresponding plan (1 month, 3 months and 1 year) and type in the coupon for immediate activation to premium status. You can decide the name of the coupon, up to 16 characters, and then give it to the person you wish to make the present. If you're interested, please do not hesitate to contact us https://airvpn.org/index.php?option=com_alfcontact&Itemid=105 Kind regards

@privado Hello! Now there are no visible errors on the log. During the 4 minutes the E2000 was connected to a VPN server, could you manage to do anything (like pinging some servers...)? Kind regards

whodinni570 wrote: Hello! We're glad to know that the issue has been resolved. We apologize for the inconvenience. About ports significance and TCP - UDP connection difference, please refer to the FAQ available here: https://airvpn.org/index.php?option=com_content&view=article&id=71&Itemid=137 (see "What is the difference between TCP and UDP ports? Which port should I choose?"). According to the Tunneblick wiki, "private configurations are stored in '~/Library/Application Support/Tunnelblick Configurations'. Since these files are all located in the user's Library folder, they must be set up separately for each user. (Note that the "~" in the path indicates the user's home folder; thus the folder is actually located somewhere such as /Users/username/Library/Application Support/Tunnelblick/Configurations. Do not confuse this Library folder with the /Library folder located at the root of the filesystem.) Shared configurations, which can only be Tunnelblick VPN Connection files, are stored in /Library/Application Support/Tunnelblick/Shared. Shared configurations do not need to be set up for each user. (In fact, that's the whole point of sharing them!)" See also http://code.google.com/p/tunnelblick/wiki/cFileLocations You're welcome! Please do not hesitate to contact us for any further information. Kind regards

Hello! The USA server "Sigma" is currently not publicly available. If you need to use an american server, please pick Sirius or Vega. They both can give better performance than Sigma (they have faster hardware and they are on a 1 Gbit/s port instead of Sigma's 100 Mbit/s). Kind regards AirVPN admins

Hello! Ok, problem detected from the logs. You are trying to connect to Sigma server, which is currently not publicly available. We apologize for the inconvenience and we are going to put a warning in the forum right now. For the USA servers, try the connection to Sirius (1 Gbit/s dedicated port server, Virginia) or Vega (1 Gbit/s, Oregon), you should have better performance (Sigma is on a 100 Mbit/s switch). Go to the "Member"->"Access without our client" and generate a new configuration for Sirius or Vega. Let us know if everything is all right. Kind regards

privado wrote: Hello! Several E2000 users claim that the E2000 with DD-WRT is unable to connect to UDP ports via OpenVPN, see thread: http://www.dd-wrt.com/phpBB2/viewtopic.php?p=498189 Might it be that with the other provider you're testing you have connections only on TCP ports? We offer both UDP and TCP connections. It can be worth a try to revert back to your previous semi-working configuration, and try a connection on any of our servers available TCP ports (53, 80 or 443). To do that, change "proto udp" directive in the configuration file, and therefore on the startup script, to "proto tcp" Also, are you able to connect to a VPN server with your PC and E2000, that is not using OpenVPN on DD-WRT, but directly from one of your computers? Kind regards

whodinni570 wrote: Hello! We can confirm you that your account is on premium status, authorized to access all the servers. There was no change of certificates or configurations recently from our side. Did you change anything in your system Tunnelblick configuration? Could you please send us the connection logs? Kind regards

alcrom23 wrote: Hello! Checking your account, it appears that payment from PayPal was first delivered and then frozen after a few hours for a non-explained suspect of unauthorized transfer. From past experience the only thing we can do is to tell PayPal to give you back the money, in order to speed up the process. Kind regards

privado wrote: Hello! Which command line you refer to? If you refer to the startup script, try this basic startup script (when the DSL modem/router is not in the network) and please post again the logs: cd /tmp ln -s /usr/sbin/openvpn /tmp/openvpn echo " [[PASTE air.ovpn HERE]] keepalive 15 60 daemon log /tmp/openvpn.log " > airvpn.conf echo " -----BEGIN CERTIFICATE----- [[PASTE ca.crt CONTENT HERE]] -----END CERTIFICATE----- " > ca.crt echo " -----BEGIN CERTIFICATE----- [[PASTE user.crt CONTENT HERE]] -----END CERTIFICATE----- " > user.crt echo " -----BEGIN RSA PRIVATE KEY----- [[PASTE user.key CONTENT HERE]] -----END RSA PRIVATE KEY----- " > user.key # Start openvpn sleep 5 /tmp/openvpn --config airvpn.conf --fragment <insert here the best value you found> --mssfix Kind regards

scipio wrote: Hello! Can you please make sure that you copied the user.key too? In total there are 4 files that must be copied from within air.zip: the configuration (air.ovpn), 2 certificates (ca.crt, user.crt) and the private key (user.key). We're looking forward to hearing from you. Kind regards

privado wrote: Hello! It's good that the MTU problem has been fixed by --fragment and --mssfix. We gave you a script which configures tun0, not tun1, in promisc mode, because of the previous bridged configuration with the DSL router, which now is not there anymore. Please delete or comment out the following line from the startup script: ifconfig tun0 10.x.x.x netmask 255.255.0.0 promisc up then delete or comment out the following lines from the "Firewall" script: iptables -I FORWARD -i br0 -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -o br0 -j ACCEPT and check the logs to see what happens. We're looking forward to hearing from you. Kind regards

anonimus1105 wrote: Hello! See, the message with the screenshot and the quoted message just above come both from INSIDE our private network. This necessarily means that your account was normally connected to some VPN server. Check you connection simply browsing https://airvpn.org. Look at the central box at the bottom of the page. If it is green and displays "Connected" then you are connected to some VPN server and you appear on the Internet with exit-IP of that server. Kind regards AirVPN admins

privado wrote: Hello! Your guess about 192.168.1.1 seems correct from the logs. 192.168.1.1 is the default IP address of a DD-WRT router. To be sure, browse the web interface, go to "Setup"-->"Basic setup" and see the IP reported in the "Local IP address" field. About the errors, they are probably related to MTU size. First of all, go to "Basic Setup" again and set the following values (probably they are already set so): TUN MTU Setting 1500 TUN MTU Extra 32 TCP MSS 1450 If they showed different settings, try the connection again after the modification. On the contrary, if those values were already 1500, 32 and 1450 and/or the log still shows errors of that kind, then launch OpenVPN with the --fragment 1000 and --mssfix parameters, i.e. modify the line in the "startup" script which launches OpenVPN in the following way: # Start openvpn sleep 5 /tmp/openvpn --config airvpn.conf --fragment 1000 --mssfix If this fixes the problem, progressively increase those values to 1100, 1200, 1300, ..., 1450 (that is, increase them until the logs show again an error code 91) to determine the optimal maximum segment size (the lower the max segment size is, the worse can be the performance, so this would be fine tuning). Unfortunately, it is in general impossible to conclude in a network what MTU will be at any moment. We're looking forward to hearing from you. Kind regards

anonimus1105 wrote: Hello! You can have one connection per account at a given time. You can use your account on as many computers or devices as you like, but you can't use your account on multiple devices simultaneously. The message you have written comes from inside our private network, therefore you were connected to some AirVPN server when you wrote it. Make sure you have not given to anyone your account name and password. We're looking forward to hearing from you. Kind regards AirVPN admins

privado wrote: Hello! In the bottom of this message we report the settings for web interface configuration, just in case you wish to try with that again. If you insert the 1st script in the "Startup" section the router will execute it when it boots and will write the openvpn logs in /tmp/openvpn.log. If everything is fine it will also connect automatically to the VPN server of your choice (the one specified in the air.ovpn that you have pasted there). YOUR CLIENT NETWORK SUBNET depends on the configuration of your DSL modem+router. Since it is in full bridge mode but DHCP is enabled, it will provide an IP address to the DD-WRT router. You are in a situation where you have two DHCP servers, one in the DSL m+r, the other in the E2000, and this makes things a little bit more complicated: you must pick IP subnets which do not overlap with each other. You should check that. It might be an address of the type 192.168.1.*, but it is also not uncommon that it might be 192.168.2.*. It all depends on the customization your ISP made to your DSL modem+router, just browse to the web configuration interface of the DSL router and check internal IP and subnet. When you're there, take also note of the internal gateway IP address, you will need it later. So, if the DSL router has internal IP 192.168.1.1 subnet 255.255.255.0 pick 192.168.2.1 for the local IP address of the DD-WRT router. If it is 192.168.2.1, pick 192.168.1.1. etc. The local IP address must also be set in the "Setup" page, tab "Basic setup" of the E2000. Example: local IP 192.168.2.1 Subnet Mask 255.255.255.0 Gateway . In this tab, also make sure that "DHCP Mode" is set to "Server" and that the "Enable" option is active. a.b.c.d is the IP address of the DSL router gateway. PARAMETERS FOR THE DD-WRT ROUTER WEB INTERFACE Start OpenVPN: Yes Server IP / Name: your favourite VPN server IP address (see the line "remote" in air.ovpn) Port: your favourite port (53, 80 or 443) [this is useful in case your ISP slows down connections on port 443 or 80 UDP] Use LZO Compression: Yes Tunnel Protocol: UDP or TCP [uDP is more efficient, but TCP with its full error-correction is precious when there are connection issues or your ISP throttles UDP connections] nsCertType: Server Public Server Cert: Paste the contents of ca.crt from "------BEGIN CERTIFICATE" to "END CERTIFICATE-----" included Public Client Cert: Paste the contents of user.crt like above Private Client Key: Paste the contents of user.key Save settings. Now, enable ssh connections in the E2000 so that you will be later able to access via ssh to the router for deeper troubleshooting. To enable SSH: - Using the Web Interface, go to the Administration tab. (in v24 use Services tab) - Under the Services sub-tab, Enable SSHd in the Secure Shell section. If new options don't appear, Save Settings - Enable Password Login to enable the password login - Save and Apply Settings Finally, please reboot the router, wait a couple of minutes, check the connection and verify your exit-IP to the Internet (you can see it by connecting to https://airvpn.org and looking at the central box in the bottom of the page). To access the openvpn logs for troubleshooting, login to your E2000 via telnet or ssh port 22. For telnet, default login: root default psw: admin. For ssh, default login: root. telnet ssh > If you use Windows Vista/7, you will need to install telnet from "Programs and features". Or you can download PuTTY which supports both ssh and telnet http://www.putty.org Once you log in the E2000, go to the /tmp dir and print the log. Copy it and please paste it to us, it may be really helpful for troubleshooting: cd /tmp cat openvpn.log Note: if you don't use PuTTY and you have Windows 7/Vista, use the Powershell to have improved screening and copy & paste functionalities. To copy a text inside the powershell, select it with the left mouse button pressed. When you have selected it all, release the left button and click once the right button. The text will be put in the clipboard, ready for pasting. We're looking forward to hearing from you. Kind regards

privado wrote: Hello! Thank you for your feedback. The troubleshooting with DD-WRT routers with any s&t OpenVPN-based VPN provider requires exactly the same information we asked (network configuration, logs). They are necessary to give proper assistance. We will keep on our involvement to make life easier for non-techies, however there are certain minimal technical requirements which are mandatory if someone wants to be serious about privacy and anonymity layers. It's a small price to pay for a greater benefit. Please do not hesitate to contact us for any further information. Kind regards

privado wrote: Hello! Sorry, it was assumed that you were already monitoring the logs. Here are two scripts that may help troubleshoot. They require minimal adjustment to fit your needs and according to your network configuration. If you startup with the 1st script, you'll find the logs in the file /tmp/openvpn.log Also, check that you have enough free memory in the router (8 kB free are enough). You might want to look here for further details: http://www.dd-wrt.com/wiki/index.php/OpenVPN_-_Site-to-Site_routed_VPN_between_two_routers#Client1_Configuration There you'll find how to enable syslog on your router as well. The first script is for the "Startup" section of your router. =========== cd /tmp ln -s /usr/sbin/openvpn /tmp/openvpn echo " [[PASTE air.ovpn HERE]] keepalive 15 60 daemon log /tmp/openvpn.log " > airvpn.conf echo " -----BEGIN CERTIFICATE----- [[PASTE ca.crt CONTENT HERE]] -----END CERTIFICATE----- " > ca.crt echo " -----BEGIN CERTIFICATE----- [[PASTE user.crt CONTENT HERE]] -----END CERTIFICATE----- " > user.crt echo " -----BEGIN RSA PRIVATE KEY----- [[PASTE user.key CONTENT HERE]] -----END RSA PRIVATE KEY----- " > user.key # Create tun0 interface /tmp/openvpn --mktun --dev tun0 ifconfig tun0 10.x.x.x netmask 255.255.0.0 promisc up [MODIFY 'x' - SEE https://airvpn.org/index.php?option=com_content&view=article&id=74&Itemid=141) # Create routes route add -net [[YOUR CLIENT NETWORK SUBNET HERE]] netmask 255.255.255.0 gw a.b.c.d [[FIND ADDRESS ACCORDING TO SERVER YOU CONNECT TO]] # Start openvpn sleep 5 /tmp/openvpn --config airvpn.conf ======================== Script for the "Firewall" section: # Open firewall holes - you might want to modify according to your connection iptables -I INPUT 2 -p udp --dport 53 -j ACCEPT iptables -I INPUT 2 -p tcp --dport 53 -j ACCEPT iptables -I INPUT 2 -p udp --dport 80 -j ACCEPT iptables -I INPUT 2 -p tcp --dport 80 -j ACCEPT iptables -I INPUT 2 -p udp --dport 443 -j ACCEPT iptables -I INPUT 2 -p tcp --dport 443 -j ACCEPT iptables -I FORWARD -i br0 -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -o br0 -j ACCEPT Looking forward to hearing from you. Kind regards AirVPN

privado wrote: Hello! The optimal solution would be to configure the DSL router in full bridge mode. Currently, does your DSL router use DHCP? And the E2000? Can you please send us the DD-WRT router OpenVPN connection logs to check (you may need to turn on logging)? Kind regards

privado wrote: Hello! To clarify, is the connection of this kind: Your PCs/devices ((())) DD-WRT router----DSL router----ISP ? Does your DSL router use DHCP for LAN? Does it support IP forwarding? When you don't use OpenVPN, is the connection ok? Looking forward to hearing from you Kind regards

privado wrote: Hello! You can find a good tutorial is in the DD-WRT wiki (see the "Client Mode"): '>http://www.dd-wrt.com/wiki/index.php/OpenVPN#Enable_OpenVPN_in_the_Router> If you have any doubt on any parameter to insert, please do not hesitate to contact us or write in the forum. Kind regards AirVPN admins

blakvoid wrote: Hello! We realize it's not uncommon to find DNS leaks under various Windows OS, including Windows 7. DNS leakage means that a DNS query is sent unencrypted outside the tunnel. It is not OpenVPN responsability, it is due to the OS. A DNS leak may happen when the system falls back to the standard DNS for the main interface adapter and does not use the DNS pushed to the TUN/TAP adapter. Therefore your ISP or any "Man In The Middle" could intercept and read the query. "Fallback" may be caused for example by inability of AirVPN to resolve an address (for example if a non-existent url is typed into a browser). In this case there is no particular risk to compromise anonymity, since the ISP or the MITM can see requests to non-existing domain names. Unfortunately, DNS leaks may happen even when a valid name is resolved. Under Windows, DNS queries are sent out by svchost.exe. When you connect to AirVPN, your TUN/TAP adapter will have an address of the type 10.x.*.*, where 4https://airvpn.org/index.php?option=com_content&view=article&id=74&Itemid=141 for more details). With the above information, it's easy to prevent DNS leaks. Use a firewall to block, when connected to an AirVPN server, any outgoing connection by svchost.exe not originating from the TUN/TAP address. The same method may be use to secure any other application (to make sure, for example, that they don't send out data if the connection drops) or to secure all your network so that no data get out when you are not connected to the VPN. According to the firewall you use details may vary, but the principle is the same. In the screenshot you can see an example of DNS leak fix under Windows with the Comodo Firewall using "Network Security Policy" for svchost.exe. Just remember that if you set this firewall rule as general, you will need to drop it when you are not connected to the VPN, otherwise you will not be able to resolve domain names anymore. Please do not hesitate to contact us for any further information. Kind regards