Staff

@ba....z123 Hello! You can already select a port (among the supported ones) on the Configuration Generator. Please make sure you tick "Advanced Mode". Our VPN is based on WireGuard and OpenVPN. SSTP VPN (which works only over TCP) is currently not available and not planned in AirVPN, we're sorry. However, OpenVPN and WireGuard offer a combination which may in most cases beat SSTP performance and circumvention abilities. Kind regards

@fts501 Hello! A bug affecting Eddie 2.21.8 causes a race condition under specific conditions during the round trip times calculation. Eddie never gets out of the tests. The bug has been fixed in Eddie 2.22.2 - thanks to @CMaves https://github.com/AirVPN/Eddie/pull/123 https://airvpn.org/forums/topic/50561-eddie-desktop-edition-2216-released/?do=findComment&comment=203120 Hummingbird does not measure round trip times so the problem simply can't be there. Thus, you have now two options: download and install Eddie 2.22.2 (in the download page for your system click "Switch to experimental", then download as usual) don't run Eddie, but run Hummingbird, included in the AirVPN Suite or Goldcrest and Bluetit, components of the Suite too (however, the Suite does not offer a GUI) Kind regards

Hello! In Eddie Android edition you can split traffic on an application basis. You can define "white" and "black" lists of apps. If a black list is defined, the apps included in the black list will have their traffic routed outside the VPN. Any other app will have its traffic routed into the VPN. If you define a white list, only the apps in the white list will have their traffic routed inside. Any other device traffic will be routed outside the VPN. Traffic splitting will work both on WireGuard and on OpenVPN. In Eddie Desktop edition for Linux, Mac and Windows you can split traffic on a destination basis (IP addresses, IP addresses range, or host names). You can tell Eddie to send the traffic outside the VPN tunnel only for specific destinations, or you can tell Eddie to send all the traffic outside the tunnel except for specific destinations. Traffic splitting will work both on WireGuard and OpenVPN. AirVPN Suite for Linux does not offer any traffic splitting ability, but we are considering to implement an app based traffic splitting in the near future. Kind regards

@NKKA12345 Hello! If you are talking about nVidia Shield TV, we have noticed that nVidia Shield TV devices performance suffer when they rely on WiFi. If possible connect your device via Ethernet. If you are talking about nVidia Shield tablets, try to use Eddie Android edition in WireGuard, OpenVPN over UDP, and OpenVPN over TCP modes, and make a comparison. Kind regards

Hello! Currently not, we have no plans about it, we're sorry. Kind regards

Entities and persons supported in 2019-now period (NGOs / persons working in highly dangerous areas not mentioned for security reasons): 2019: Mastodon (recurring support) Tor (recurring support) AccessNow (recurring support) Apollo NG Mobile Hackerspace (recurring support) Caitlin Johnston Chelsie Manning WIkiLeaks Electronic Frontier Foundation 2020: Tor (recurring support) Mastodon (recurring support) AccessNow (recurring support) Apollo HG Mobile Hackerspace (recurring support) 2021: WikiLeaks Tor (recurring support) Mastodon (recurring support) AccessNow (recurring support) Apollo HG Mobile Hackerspace (recurring support) 2022: Tor (recurring support) Mastodon (recurring support) AccessNow (recurring support) Apollo HG Mobile Hackerspace (recurring support) XNet 2023 (so far, updated 01 Feb 2023): Tor (recurring support) Mastodon (recurring support) AccessNow (recurring support) Apollo HG Mobile Hackerspace (recurring support) PeerTube For a full list including previous years, relevant links, and details about how the support is actualized please see https://airvpn.org/mission Kind regards

Hello! Please see here: https://airvpn.org/android/eddie/ Direct link to the latest APK: https://airvpn.org/mirrors/eddie.website/download/?platform=android&version=latest Specific instructions for Android TV and Fire OS: https://airvpn.org/android/eddie/apk/tv/ Kind regards

Hello! In Eddie Android edition you can split traffic on an application basis. You can define "white" and "black" lists of apps. If a black list is defined, the apps included in the black list will have their traffic routed outside the VPN. Any other app will have its traffic routed into the VPN. If you define a white list, only the apps in the white list will have their traffic routed inside. Any other device traffic will be routed outside the VPN. Traffic splitting will work both on WireGuard and on OpenVPN. In Eddie Desktop edition for Linux, Mac and Windows you can split traffic on a destination basis (IP addresses, IP addresses range, or host names). You can tell Eddie to send the traffic outside the VPN tunnel only for specific destinations, or you can tell Eddie to send all the traffic outside the tunnel except for specific destinations. Traffic splitting will work both on WireGuard and OpenVPN. AirVPN Suite for Linux does not offer any traffic splitting ability, but we are considering to implement an app based traffic splitting feature in the near future. Kind regards

Hello! Thanks for the head up, something seems wrong. Under investigation. Kind regards

Please open a ticket for private communications we have to send you.

Hello! @OpenSourcerer Feel free to evaluate whether it's the case to merge both threads or not. Kind regards

@TLH_AIR Hello! The AllowedIPs directive in the conf file lists the set of IP addresses that the local host should route to the remote peer through the WireGuard tunnel. In your case, you can see that you have included the whole IPv4 address space (0.0.0.0/0). Therefore WireGuard tunnels all the traffic, including the local network traffic, which will be lost of course as the remote peer doesn't know what to do with your private addresses. You need to exclude IP addresses of the local network from the VPN routing. Here's an example taken from Eddie Android edition when you tell it that the local network must be reachable during a connection with WireGuard: the listed IP addresses include all the IPv4 and IPv6 address space EXCEPT those reserved for private subnets. It is necessary to adapt the list with CIDR prefixes to make it understandable by WireGuard, that's why it's so long. The space address which must be tunneled is built "around" any possible private IPv4 and v6 space, i.e. it is the complementary set of the union of all the private sets in the "universe set" made of all addresses. If your system doesn't support IPv6, do not include the various IPv6 ranges. The addresses in the configuration file must be separated by a comma as usual. Kind regards AllowedIPs = 0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4,224.0.0.0/3,::/1,8000::/2,c000::/3,e000::/4,f000::/5,f800::/6,fc00::/8,fe00::/7 0.0.0.0/5 8.0.0.0/7 11.0.0.0/8 12.0.0.0/6 16.0.0.0/4 32.0.0.0/3 64.0.0.0/2 128.0.0.0/3 160.0.0.0/5 168.0.0.0/6 172.0.0.0/12 172.32.0.0/11 172.64.0.0/10 172.128.0.0/9 173.0.0.0/8 174.0.0.0/7 176.0.0.0/4 192.0.0.0/9 192.128.0.0/11 192.160.0.0/13 192.169.0.0/16 192.170.0.0/15 192.172.0.0/14 192.176.0.0/12 192.192.0.0/10 193.0.0.0/8 194.0.0.0/7 196.0.0.0/6 200.0.0.0/5 208.0.0.0/4 224.0.0.0/3 ::/1 8000::/2 c000::/3 e000::/4 f000::/5 f800::/6 fc00::/8 fe00::/7

@jcpingu Hello! Yes, your mtr output shows that the what you experience is not strictly related to some Atlanta datacenter problem. Generally speaking, it's how the Internet works with "best effort" routing, which in turn is determined (also, among other factors) by peering agreements. See also. https://en.wikipedia.org/wiki/Peering and https://en.wikipedia.org/wiki/Tier_1_network#Routing_through_peering If your ISP [transit provider] (SBCGlobal?) does not offer low round trip times to/from "our" datacenter in Atlanta, don't be too upset or discouraged, it may happen: as you have seen, you can get excellent round trip times with other datacenters, geographically farther away, but nearer in terms of "network distance" (round trip time). Compare the mtr output by @go558a83nk whose packets go directly to Cogent to see an example difference. "Our" Atlanta datacenter traffic is served by Internap, which (at least in Atlanta) in turn interconnects directly with Lumen (former Level3, tier1), so we have operated well here in the best interest of our customers. There's nothing we can do under this respect in this datacenter. Since you get a lower round trip time with servers in other datacenters, use them! We offer a variety of options for peering and load alternatives and redundancy: for example in the USA we have servers in datacenters which (globally) have PoP either in to major tier1 networks (AT&T, Lumen (Level3)) or major tier2 networks (Cogent, Verizon, Hurricane). By doing so we maximize the likelihood that an AirVPN user can find a datacenter with a "good peering" with his/her residential ISP (or at least with his/her residential ISP's transit provider(s)). Trust us, it's not easy to operate a really agnostic and neutral network in USA datacenters, due to the widespread hostility against specific protocols. Kind regards

@amires Hello! It looks like Google Search blocks our VPN servers in Dallas (403: Forbidden). Not a big deal anyway, as Google Search should never be used by anyone. By the way, if you want to use it, you can consider to access it through startpage.com (which will proxy your query and the reply, adding a precious privacy layer), or connect to Google Search from other USA servers (not in Dallas). One of the favorite, privacy aware search engines here around is https://search.brave.com/ - it's also quite accurate. We are curious to know from everybody their favorite web search engines. Kind regards

@Revhead Hello! For an explanation of the problem and a very quick solution please see here: https://airvpn.org/forums/topic/53004-openssl-error-restart-every-3-seconds/ You're a long time customer too, thank you very much! Kind regards

@after_lunch Hello! Kaspersky tools blocked AirVPN, Nord, Cisco and other VPN various times in the past, since when Kaspersky started pushing for their own VPN (just a coincidence...). If you can't afford to test with Kaspersky tools completely eradicated form your system (disabling all the modules may not be sufficient) follow this guide and check whether the problems you experience get resolved or not: https://windowsreport.com/vpn-blocked-kaspersky/#1 Kind regards

Hello! For the readers, we paste the reply by the support team to your ticket: ==== Hello and thank you for your choice! We report the physical location of the server which in this case is Atlanta. [....] we assume that the provider claims the truth and we also perform some network verification. [Try] mtr 64.42.179.58 you will see in the last hops: core.atl.dedicated.com which is inside a datacenter in Atlanta. http://atldedicated.net/ Note that the the IP address belongs to a company located in Vancouver (WA), maybe you were confused by that. About the round trip time, you need to consider that physical distance is not necessarily related with direct proportionality to network distance, although of course the physical distance plays an important role. Consider the common case for which a residential ISP serving you must reach the node of someone living just in front of your road, but connected to another ISP, and that those ISPs interconnect via a peering agreement with a tier 1 transit provider whose nearest node is 100 Km away from you. To reach the house node which is a few meters away from your house, your packets will enter your ISP network and will be routed according to the Internet "best effort" routing. Sooner or later they will get out of your ISP network, reach the tier 1 provider hop 100 Km away, and then start their travel back to the house in front of you. So, in this particular case, packets will have traveled a minimum of 200 Km (and probably more) to reach a node which is a few meters away from yours. Use mtr tool to verify routes, round trip times etc., it will also help you understand the problems of routing, peering and interconnections (the Internet is (also) a huge set of networks which try to reach each other "in some way"). A nice article is available in Wikipedia https://en.wikipedia.org/wiki/Peering === Kind regards

@after_lunch Hello! Not as useful as we hoped unfortunately. We strongly suspect that there's still something blocking HTTP packets to port 80 or maybe in general packets coming from certain applications: note how even the preliminary HTTP test fails. This test is performed regardless of your account login. Together with the previously mentioned blocks of various web sites, we think that it's worth that you re-check packet filtering rules as well as the configuration of the anti-malware tool that's still installed. Try also to reset the TCP/IP stack... probably it will not resolve the problem, but you never know. Step by step instructions: https://wethegeek.com/reset-tcp-ip-stack-on-windows/ Kind regards

@after_lunch Hello! Before trying the system replacement you mention, please send us a system report, where Eddie might have logged everything happening while it tries to contact the bootstrap servers. From the main window click "Logs" tab, click the LIFE BELT icon, click the "Copy" icon (or send the report to our web sites) and paste either the whole report or the link to the report into your next message (or open a ticket to keep the system report private),. Also test what happens if you enter http://airvpn.org when Eddie asks for an alternative bootstrap server. Note that it's http and not https (then Eddie encrypts by itself the underlying HTTP data flow). If it fails too, try also .info in place of .org. Kind regards

Hello! Since the other machines work fine we can rule out any block by your ISP or by your own network (router etc.). Please check whether any of the tools you mentioned, if still active, may block packets by cURL or OpenVPN or Eddie, or maybe the IP addresses of our bootstrap servers. Since you notice overblocking toward other legitimate destinations, this is an option to be seriously considered. A quick discernment test can be performed by simply disabling entirely every and each tool and check whether the problem gets resolved. Also remember that multiple antimalware and packet filtering tools running at the same time can cause unpredictable conflicts and behavior. If the above doesn't solve the issue, try to re-start Eddie from scratch: delete (or rename) the configuration file C:\Users\xxxx\AppData\Local\Eddie\default.profile (do it while Eddie is NOT running). Then re-start Eddie (you will need to re-enter your AirVPN account credentials). In the event that the configuration file is corrupt, this procedure should resolve the issue. Kind regards

@blackSP Hello! WireGuard lacks a lot of basic features and uses the profile name for the virtual network interface name itself. An interface name characters limit is 15. Hence the error "interface name is longer than 15 characters". Just rename the profile into a name not longer than 15 characters. Alternatively, consider to run Eddie if it's compatible with your distribution. By running Eddie you can connect via WireGuard and you don't need profiles anymore. Kind regards

Hello, as far as it pertains to gaming with prizes in money, even residents in various USA states (such as Arizona, Hawaii, Mississippi, Nevada, South Dakota) are forbidden to use the platform, it's stated here: https://www.checkmategaming.com/faq#region-restrictions-70 In general the platform does not operate in areas where its activity is illegal and/or where it does not have (yet?) mandatory licenses for gambling etc. (it may be questionable whether it's gambling or not, anyway some legal framework tends to frame this activity as such), and also it avoids to operate in "a jurisdiction where the awarding of a prize based on the participant’s results in the competition is prohibited, illegal, or restricted". Therefore it tries to block anything from those areas, to stay on the safe side, and anything not coming from an IP address assigned to a residential ISP. Free games with no fees and no monetary prizes are open to everyone in general. Kind regards

Hello! Currently the resolution of your *.airdns.org domain name is correct, it resolves into the exit-IP address of the VPN server you're currently connected to. We have checked the propagation on various public DNS servers on the Internet and they are all fine, maybe the one you query did not update? Consider that TTL is 1 hour, so on average you can expect 30 minutes updates. Kind regards

Hello! Sure, please see here: Happy Friday! Kind regards

@govegan3 Hello! After you have renewed client certificate/key, please log your account out and in again from Eddie main window (this is strictly necessary whenever you create or renew certificates and keys). Kind regards