Staff

Hello! This sounds like an anomaly in the route checker, we will investigate, thank you. Kind regards

@AmineZary Hello! It looks like DCO is the cause of the problem, as Eddie tries to use it together with OpenVPN 2.5.5, which is impossible: . 2023.05.30 22:46:01 - Using WinTun network interface "OpenVPN Data Channel Offload (OpenVPN Data Channel Offload)" ... . 2023.05.30 22:46:02 - OpenVPN > All wintun adapters on this system are currently in use or disabled. . 2023.05.30 22:46:02 - OpenVPN > Exiting due to fatal error Try the following setting, it should resolve the problem: from Eddie's main window select "Preferences" > "Networking" type eddie in the "VPN interface name" (you may also pick any other very short name you like - just use ASCII characters though) click "Save" test again connections to various servers With the above settings, Eddie will create a new virtual network interface and ignore any other existing virtual interface. Please feel free to keep us and the community posted. Kind regards

Hello! The upgrade of all the servers marked as "1 Gbit/s" has been completed to at least 1 Gbit/s full duplex lines. Therefore we might now switch to "2 Gbit/s" in the servers monitor. In the past we did not do so because the hardware limits made it unrealistic beating a total of 1.2-1.3 Gbit/s throughput on a single server. Nowadays with WireGuard, and ever since we revamped the load balancing system on different OpenVPN instances, that limit is no more. That's why you can often see servers with "1000 Mbit/s" maximum availability providing much more than 1000 Mbit/s. In Dallas and in the Netherlands servers are connected to 10 Gbit/s (full duplex) lines, 10 servers per each line. We have also expanded our 10 Gbit/s lines in the Switzerland, Sweden, Bulgaria and the Netherlands (10 Gbit/s full duplex line, port and NIC for single servers). In various countries (Canada, the Netherlands, Sweden, USA except New York City and other ones) we don't operate any server in M247 datacenters. Furthermore, all the expansions to 5 and 10 Gbit/s lines (full duplex) has been performed outside the M247 infrastructure. We will continue to do so. In general, in the nearest future M247 presence in our infrastructure should not exceed 30% of the total amount of servers, and should not exceed 15% of the amount of total "available" bandwidth. We have no plans at this very moment for alternative providers in New York City, though. Please consider that the USA housing/hosting market is frequently hostile against VPNs and often against p2p as a protocol in itself, even when it is used to deliver content legally. Since we remained faithful to our mission preserving Net Neutrality (no discrimination against any protocol and application) it's difficult to find a USA provider we can rely on, and M247 is hands down one the most reliable in the world (not only in the USA, of course), so far. Kind regards

Hello! Today we're starting AirVPN 13th birthday celebrations offering special, strong discounts on longer term plans. From a two servers service located in a single country providing a handful of Mbit/s, the baby has grown up to a wide infrastructure in 23 countries in four continents, providing now 284,000 Mbit/s to tens of thousands of people around the world. AirVPN is now one of the only three major consumers' VPNs which are still independent, i.e. not owned by big corporations with multiple fields interests, interfering in editiorial publications or intersecting with products or services in conflict with privacy protection. Ever since we celebrated the past 12th birthday, AirVPN operated important, community driven changes: infrastructure power up. Through hardware renewal and new 2, 5 and 10 Gbit/s full duplex lines the infrastructure may deliver now up to 284,000 Mbit/s (full duplex) (+40,000 Mbit/s in one year) additional rewrite of the port forwarding, DDNS and key management service allowing multiple DDNS names and forwarded ports on a device basis various, new optional lists to block spam, ads, trackers and other malicious sources, featuring a unique and fine grained customization which is exclusive on the nowadays market revamped API new API Explorer to generate API call commands and examples from the web interface On the software side, all AirVPN applications and libraries are still free and open source software released under GPLv3. The development of traffic-splitting features on an application basis, already available in AirVPN Eddie Android and Android TV edition, has been planned for Desktop systems too. Check the promotional prices here: https://airvpn.org/buy Kind regards and datalove AirVPN Staff 

@Maggie144 Thank you! We will check that, but from our tests and the good feedback of several users the GoodbyeAds lists are working fine. Kind regards

Hello! A very plausible explanation of what we see from the screenshots is that you encrypted your Eddie profile through a master password and you forgot it. No worries, just delete the following file: default.profile while Eddie is not running and then re-run Eddie. To locate Eddie's configuration file(s) in your system please see here: https://eddie.website/support/data-path/ Uninstalling and re-installing the software in these cases is not a solution, because the configuration file inside your user directory correctly does not get deleted when you uninstall. Kind regards

Hello! Port specification is mandatory in Internet Protocol (IP). A port "is a logical construct that identifies a specific process or a type of network service. A port at the software level is identified for each transport protocol and address combination by the port number assigned to it. The most common transport protocols that use port numbers are the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP); those port numbers are 16-bit unsigned numbers." (WIkipedia) https://en.wikipedia.org/wiki/Port_(computer_networking You may get the illusion that URLs locating web sites don't need port specification, but it's only because adding :80 and :443 if the port is omitted is a default behavior for HTTP and HTTPS. Now, remotely forwarding ports 80 and 443, and any other port lower than 2048, is not allowed in our service, so your client(s) must always add the destination port to reach your web site or any other service behind AirVPN. Kind regards

@itsmeprivately Hello! Please try the following settings (usually they are strictly necessary to bypass China blocks): switch to OpenVPN (if you haven't already done so) by tapping the icon "VPN Type" on the main view. Each tap switches between WireGuard and OpenVPN. force connection over TCP to port 443 in the following way: open "Settings" and expand "AirVPN" by tapping on it tap "Default OpenVPN protocol", select "TCP" and tap "OK" tap "Default OpenVPN port", select "443" and tap "OK" tap "Quick connection mode", select "Use default options only" and tap "OK" Finally test again connections to various servers in various locations. Kind regards

Hello! Provided that you have downloaded the package ONLY from our official web site or you have built the software ONLY from the official source code, it's an infamous false positive ridiculously based on their inclusion of entry-IP addresses which sends out packets only to the peers, and to the Internet in general, telling a lot on how they work to block addresses. Please read here: https://airvpn.org/forums/topic/53073-some-vpn-servers-are-classified-as-malware-ips/?do=findComment&comment=188832 Kind regards

Hello! Yes, it's a geo-routing related issue. Probably you rely on some tracker which is caught in geo-routing because it's inside some CDN range, or for some error. Assuming that this assumption is correct, you can disable the geo-routing system in the settings on your AirVPN account. Go to "Client Area" and open the "DNS" panel. Locate combo box "AirVPN anti-geolocation system" and set it "Not active (neutral)". If you can provide us (here or in private) with the tracker URL we may also check and fix the error, if any. Kind regards

@anindianforor Hello! You can generate different configuration files for different servers or countries and import them. It's a "once and for all" operation for each profile. By doing so you will be able to pick specific servers and/or countries at each connection and switch between them with a couple of taps. It's a feature explained in the iOS manual. How to use it with openvpn-connect app is detailed in the openvpn-connect FAQ answers available here: https://openvpn.net/vpn-server-resources/faq-regarding-openvpn-connect-ios Jump to the FAQ "Can I use iOS 6+ VPN-On-Demand with OpenVPN?" The best practices are explained in the courtesy e-mail you might have received when you activated your account plan, complete with links to manuals and FAQ section. If you did not link a valid e-mail address to your account, a good place to start is our "How To" forum: https://airvpn.org/forums/forum/15-how-to/ - probably starting with https://airvpn.org/forums/topic/18339-guide-to-getting-started-links-for-advanced-users and progressively discovering the advanced features is a good solution. After that, another place to look at is the FAQ section, accessible from our web site upper menu, direct link https://airvpn.org/faqs/ For any problem or doubt customer service is available either on the web site (click "Contact us") or via e-mail - write to support@airvpn.org. Kind regards

@Johny5 Hello! We do not block any web site. It's fair.org the one that blocks some of our servers, but not all of them. You can have a view of which servers they block here: https://airvpn.org/routes/?q=https%3A%2F%2Ffair.org In this moment, they block 39 AirVPN servers. All the other ones are not yet blocked. Please contact fair.org for the issue and send them your complaints. In the meantime you can connect to the servers which are not blocked to access fair.org. Our mission is publicly available here https://airvpn.org/mission Regards

Hello, the test is performed only over TCP, and SoulSeek works in UDP too if we're not mistaken. First, modify your port settings in your AirVPN account port panel. You have restricted the forward only to TCP, so change it to TCP+UDP (select it from the dedicated protocol combo box). Then, make sure that your system is actually connected to the VPN, that SoulSeek listens to the correct port and doesn't bind to the physical network interface. Besides, check your firewall rules (in the same system which connects to the VPN). Some firewalls can change rule set according to the network "type" the system is connected to, so check while the system is connected to the VPN. Make sure that incoming packets to SoulSeek are not blocked. If the problem persists, do not hesitate to open a ticket to let the support personnel assist you. Kind regards

Actually it's a good thing. Chat support has proven to be totally ineffective throughout the last 10 years for obvious reasons. It's a lark's mirror not only in VPN field, but in any other sector which requires technical and pondered evaluation and reproduction of an issue. Please open a ticket at your convenience, on top of writing in community forum. Kind regards

Hello! Well, If a packet fails the authentication it must be dropped. WireGuard will drop forged packets (the contrary would trivially mean that it's highly insecure, which is not the case). OpenVPN replay protection is time based and size based. Additionally OpenVPN can work over TCP. OpenVPN is highly configurable, in UDP you can modify the replay protection sliding-window size and time through the proper directives, so you can make it identical to WireGuard to perform consistent tests. OpenVPN default sliding window size is 64 (identical to IPsec) with 15 seconds time. This is a very robust setup but at the same time you can modify it according to the type of network you are in (while you can't do it with WireGuard, unfortunately) . If you want to test consistently to make a comparison with WireGuard you can replicate WireGuard settings in OpenVPN (while you can't do the same in WireGuard). By comparison, check the settings and hard coded implementation in WireGuard https://www.wireguard.com/protocol/#nonce-reuse-replay-attacks with those in OpenVPN, test accordingly and then draw your own conclusions. https://openvpn.net/community-resources/reference-manual-for-openvpn-2-6/ M Kind regards

Hello, we have activated a 3 days plan to your account, feel free to test. For the readers: ask for a free trial account in private by clicking "Contact us" on the web site pages. This is a community forum and the community does not have any power to give you a free trial. If we missed your free trial request in the community forum, it would never be read by the persons who can give you the trial. Kind regards

Hello! We're very glad to know it. We can't give you a definite answer as long as you don't tell us the address and host name of this tracker (now you call it a web site? is a web site involved in the problem too, on top of the tracker?), but we suspect that it was caught in some geo-routing for different service(s). If you haven't already done so, please feel free to open a ticket to give us the info which will let us fix the routing. Enjoy AirVPN in the meantime! Kind regards

Hello! 85.17.225.221 is an AirVPN IP address, used by a "geo-routing" server. Geo-routing is enforced for specific destinations mainly in an attempt to bypass geographically based blocks. The tracker address must have been caught by some other geo-routing so it is reached by the 85.17.225.221 server. If you let us know more details (in private with a ticket if you prefer so) we can lift the geo-routing for that tracker. Alternatively, you can turn off geo-routing from your AirVPN account DNS panel, by switching the "AirVPN anti-geolocation system" combo box to "Not active / Neutral". The DNS panel is accessible from your account "Client Area". Kind regards

Hello! We're glad to inform you that, following the community requests and suggestions, we added five DNS block lists in our system, MIT licensed (*) by Jerry Joseph. GoodbyeAds A programmatically expanded list of hosts used for advertisements, Malware and tracking. Use this list to block ads trackers malwares. Items: 200489 (as of today) GoodbyeAds Samsung A well maintained list containing Samsung hosts used for advertisements and tracking. Those who are not using GoodbyeAds list and want to block only Samsung ads and tracking can use it. Items: 103 (as of today) GoodbyeAds Spotify A well maintained list containing Spotify hosts used for advertisements. This list helps to block/reduce Spotify ads. Items: 3774 (as of today) GoodbyeAds Xiaomi A well maintained list containing Xiaomi hosts used for advertisements and tracking. Those who are not using GoodbyeAds list and want to block only Xiaomi ads and tracking can use it. Items: 279 (as of today) GoodbyeAds YouTube A well maintained list containing YouTube hosts used for advertisements. This list helps to block/reduce YouTube ads. Items: 97645 (as of today) ===== By default, AirVPN DNS remains neutral in accordance with our mission. However, you have the option to enforce block lists which poison our DNS, in order, for example, to block known sources of ads, spam, malware and so on. You can manage your preferences in your account Client Area ⇨ DNS panel https://airvpn.org/dns/. We offer only lists released with licenses which grant re-distribution for business purposes too. The system is very flexible and offers some exclusive features never seen before in other VPN services: You can activate or de-activate, anytime, any combination of lists. You can add customized exceptions and/or additional blocks. Any specified domain which must be blocked includes all of its subdomains too. Lists which can return custom A,AAAA,CNAME,TXT records are supported. You can define any combination of block lists and/or exceptions and/or additions for your whole account or only for specific certificate/key pairs of your account (Client Area ⇨ Devices ⇨ Details ⇨ DNS) Different matching methods are available for your additions and exceptions: Exact (exact FQDN), Domain (domain and its subdomains), Wildcard (with * and ? as wildcards), Contain, Start with, End with. An API to fetch every and each list in different formats (see Client Area ⇨ API ⇨ dns_lists service) is active Any change in your selected list(s), any added exception and any added block is enforced very quickly, within few tens of seconds. You don't need to disconnect and re-connect your account. You can define your own lists and discuss lists and anything related in the community forum here Essential requisite to enjoy the service is, of course, querying AirVPN DNS while your system is connected to some VPN server, which is by the way a default setup if you run our software. Kind regards & datalove AirVPN Staff (*) MIT License Copyright (c) 2018 Jerry Joseph Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Hello! OISD changed and implemented new lists. In AirVPN, now you can select: OISD Full - It's the "BIG" list. OISD NSFW - New NSFW list. OISD NSFW will be merged with our "Porn / NSFW" list in a few hours. Kind regards

Hello! We added five lists in our system: GoodbyeAds A programmatically expanded list of hosts used for advertisements, Malware and tracking. Use this list to block ads trackers malwares. Items: 200489 (as of today) GoodbyeAds Samsung A well maintained list containing Samsung hosts used for advertisements and tracking. Those who are not using GoodbyeAds list and want to block only Samsung ads and tracking can use it. Items: 103 (as of today) GoodbyeAds Spotify A well maintained list containing Spotify hosts used for advertisements. This list helps to block/reduce Spotify ads. Items: 3774 (as of today) GoodbyeAds Xiaomi A well maintained list containing Xiaomi hosts used for advertisements and tracking. Those who are not using GoodbyeAds list and want to block only Xiaomi ads and tracking can use it. Items: 279 (as of today) GoodbyeAds YouTube A well maintained list containing YouTube hosts used for advertisements. This list helps to block/reduce YouTube ads. Items: 97645 (as of today) Kind regards

Hello! We had a momentary problem with them which has been sorted out. The issue persisted for a couple of hours. Can you please try again now? We deeply apologize for any inconvenience. Kind regards

Hello @NaDre the DCO module might actually make the load balancing superfluous. OpenVPN 2.6.x alone will not, though. So we will keep the load balancing active in the meantime. It will make sense to disable it when DCO enters a stable phase and that stable release is tested on the field, showing that the load balancing is no more necessary. Our current load balancing allowed our servers to beat the OpenVPN limits, as you may remember. The current maximum throughput reached on 10+10 Gbit/s servers (all OpenVPN instances together, of course, and WireGuard excluded) is about 4 Gbit/s (2 Gbit/s + 2 Gbit/s). Without load balancing OpenVPN 2.5.5. and 2.6.2 (without DCO) on our most powerful CPUs, with AES-256-GCM and/or CHACHA20-POLY1305, single instance, can't beat 1.7 Gbit/s. (850 Mbit/s + 850 Mbit/s). OpenVPN + DCO promises to beat even that performance, on a level playing field. They don't recommend load balancing but then they say: <vanity mode on> which is something similar to what we do, except that our load balancing system is better than this as it uses directly the kernel to welcome clients and assign them to the proper OpenVPN instance <vanity mode off> 😉 Kind regards

Hello, the current state is the following: https://airvpn.org/forums/topic/56119-new-10-gbits-server-available-bg/?do=findComment&comment=220907 After the message by Antonio Quartulli (lead DCO developer) we re-started from scratch and the stability problems are resolved. However DCO is still immature for production. Remember that: ovpn-dco is currently under heavy development, therefore neither its userspace API nor the code itself is considered stable and may change radically over time. So you might need to re-build everything multiple times: it's not the way to go in production, of course. Without DCO, on your client side, you can not see any difference in performance and stability between OpenVPN 2.5.x and 2.6.x. So, the only thing we could do would be upgrading to OpenVPN 2.6 without DCO. However, we would prefer to migrate to OpenVPN 2.6.x with DCO support, instead of 1) upgrading to 2.6.3, and 2) later on re-upgrading the whole infrastructure again with DCO. We'll keep you informed, but don't expect too much, nothing will change on your side in terms of stability and throughput. Kind regards

@McFly The route tool works, it returns a green token because it gets 200 (OK) from the final web server, and that's true. But the landing page is served by the Sucuri Firewall as a courtesy block page. Our IP addresses are not in the main black lists around, but there are hundreds of black lists around, we will try to understand which one Sucuri uses (maybe a proprietary one). Kind regards