Staff

Hello! Provided that you have downloaded the package ONLY from our official web site or you have built the software ONLY from the official source code, it's an infamous false positive ridiculously based on their inclusion of entry-IP addresses which sends out packets only to the peers, and to the Internet in general, telling a lot on how they work to block addresses. Please read here: https://airvpn.org/forums/topic/53073-some-vpn-servers-are-classified-as-malware-ips/?do=findComment&comment=188832 Kind regards

Hello! Yes, it's a geo-routing related issue. Probably you rely on some tracker which is caught in geo-routing because it's inside some CDN range, or for some error. Assuming that this assumption is correct, you can disable the geo-routing system in the settings on your AirVPN account. Go to "Client Area" and open the "DNS" panel. Locate combo box "AirVPN anti-geolocation system" and set it "Not active (neutral)". If you can provide us (here or in private) with the tracker URL we may also check and fix the error, if any. Kind regards

@anindianforor Hello! You can generate different configuration files for different servers or countries and import them. It's a "once and for all" operation for each profile. By doing so you will be able to pick specific servers and/or countries at each connection and switch between them with a couple of taps. It's a feature explained in the iOS manual. How to use it with openvpn-connect app is detailed in the openvpn-connect FAQ answers available here: https://openvpn.net/vpn-server-resources/faq-regarding-openvpn-connect-ios Jump to the FAQ "Can I use iOS 6+ VPN-On-Demand with OpenVPN?" The best practices are explained in the courtesy e-mail you might have received when you activated your account plan, complete with links to manuals and FAQ section. If you did not link a valid e-mail address to your account, a good place to start is our "How To" forum: https://airvpn.org/forums/forum/15-how-to/ - probably starting with https://airvpn.org/forums/topic/18339-guide-to-getting-started-links-for-advanced-users and progressively discovering the advanced features is a good solution. After that, another place to look at is the FAQ section, accessible from our web site upper menu, direct link https://airvpn.org/faqs/ For any problem or doubt customer service is available either on the web site (click "Contact us") or via e-mail - write to support@airvpn.org. Kind regards

@Johny5 Hello! We do not block any web site. It's fair.org the one that blocks some of our servers, but not all of them. You can have a view of which servers they block here: https://airvpn.org/routes/?q=https%3A%2F%2Ffair.org In this moment, they block 39 AirVPN servers. All the other ones are not yet blocked. Please contact fair.org for the issue and send them your complaints. In the meantime you can connect to the servers which are not blocked to access fair.org. Our mission is publicly available here https://airvpn.org/mission Regards

Hello, the test is performed only over TCP, and SoulSeek works in UDP too if we're not mistaken. First, modify your port settings in your AirVPN account port panel. You have restricted the forward only to TCP, so change it to TCP+UDP (select it from the dedicated protocol combo box). Then, make sure that your system is actually connected to the VPN, that SoulSeek listens to the correct port and doesn't bind to the physical network interface. Besides, check your firewall rules (in the same system which connects to the VPN). Some firewalls can change rule set according to the network "type" the system is connected to, so check while the system is connected to the VPN. Make sure that incoming packets to SoulSeek are not blocked. If the problem persists, do not hesitate to open a ticket to let the support personnel assist you. Kind regards

Actually it's a good thing. Chat support has proven to be totally ineffective throughout the last 10 years for obvious reasons. It's a lark's mirror not only in VPN field, but in any other sector which requires technical and pondered evaluation and reproduction of an issue. Please open a ticket at your convenience, on top of writing in community forum. Kind regards

Hello! Well, If a packet fails the authentication it must be dropped. WireGuard will drop forged packets (the contrary would trivially mean that it's highly insecure, which is not the case). OpenVPN replay protection is time based and size based. Additionally OpenVPN can work over TCP. OpenVPN is highly configurable, in UDP you can modify the replay protection sliding-window size and time through the proper directives, so you can make it identical to WireGuard to perform consistent tests. OpenVPN default sliding window size is 64 (identical to IPsec) with 15 seconds time. This is a very robust setup but at the same time you can modify it according to the type of network you are in (while you can't do it with WireGuard, unfortunately) . If you want to test consistently to make a comparison with WireGuard you can replicate WireGuard settings in OpenVPN (while you can't do the same in WireGuard). By comparison, check the settings and hard coded implementation in WireGuard https://www.wireguard.com/protocol/#nonce-reuse-replay-attacks with those in OpenVPN, test accordingly and then draw your own conclusions. https://openvpn.net/community-resources/reference-manual-for-openvpn-2-6/ M Kind regards

Hello, we have activated a 3 days plan to your account, feel free to test. For the readers: ask for a free trial account in private by clicking "Contact us" on the web site pages. This is a community forum and the community does not have any power to give you a free trial. If we missed your free trial request in the community forum, it would never be read by the persons who can give you the trial. Kind regards

Hello! We're very glad to know it. We can't give you a definite answer as long as you don't tell us the address and host name of this tracker (now you call it a web site? is a web site involved in the problem too, on top of the tracker?), but we suspect that it was caught in some geo-routing for different service(s). If you haven't already done so, please feel free to open a ticket to give us the info which will let us fix the routing. Enjoy AirVPN in the meantime! Kind regards

Hello! 85.17.225.221 is an AirVPN IP address, used by a "geo-routing" server. Geo-routing is enforced for specific destinations mainly in an attempt to bypass geographically based blocks. The tracker address must have been caught by some other geo-routing so it is reached by the 85.17.225.221 server. If you let us know more details (in private with a ticket if you prefer so) we can lift the geo-routing for that tracker. Alternatively, you can turn off geo-routing from your AirVPN account DNS panel, by switching the "AirVPN anti-geolocation system" combo box to "Not active / Neutral". The DNS panel is accessible from your account "Client Area". Kind regards

Hello! We're glad to inform you that, following the community requests and suggestions, we added five DNS block lists in our system, MIT licensed (*) by Jerry Joseph. GoodbyeAds A programmatically expanded list of hosts used for advertisements, Malware and tracking. Use this list to block ads trackers malwares. Items: 200489 (as of today) GoodbyeAds Samsung A well maintained list containing Samsung hosts used for advertisements and tracking. Those who are not using GoodbyeAds list and want to block only Samsung ads and tracking can use it. Items: 103 (as of today) GoodbyeAds Spotify A well maintained list containing Spotify hosts used for advertisements. This list helps to block/reduce Spotify ads. Items: 3774 (as of today) GoodbyeAds Xiaomi A well maintained list containing Xiaomi hosts used for advertisements and tracking. Those who are not using GoodbyeAds list and want to block only Xiaomi ads and tracking can use it. Items: 279 (as of today) GoodbyeAds YouTube A well maintained list containing YouTube hosts used for advertisements. This list helps to block/reduce YouTube ads. Items: 97645 (as of today) ===== By default, AirVPN DNS remains neutral in accordance with our mission. However, you have the option to enforce block lists which poison our DNS, in order, for example, to block known sources of ads, spam, malware and so on. You can manage your preferences in your account Client Area ⇨ DNS panel https://airvpn.org/dns/. We offer only lists released with licenses which grant re-distribution for business purposes too. The system is very flexible and offers some exclusive features never seen before in other VPN services: You can activate or de-activate, anytime, any combination of lists. You can add customized exceptions and/or additional blocks. Any specified domain which must be blocked includes all of its subdomains too. Lists which can return custom A,AAAA,CNAME,TXT records are supported. You can define any combination of block lists and/or exceptions and/or additions for your whole account or only for specific certificate/key pairs of your account (Client Area ⇨ Devices ⇨ Details ⇨ DNS) Different matching methods are available for your additions and exceptions: Exact (exact FQDN), Domain (domain and its subdomains), Wildcard (with * and ? as wildcards), Contain, Start with, End with. An API to fetch every and each list in different formats (see Client Area ⇨ API ⇨ dns_lists service) is active Any change in your selected list(s), any added exception and any added block is enforced very quickly, within few tens of seconds. You don't need to disconnect and re-connect your account. You can define your own lists and discuss lists and anything related in the community forum here Essential requisite to enjoy the service is, of course, querying AirVPN DNS while your system is connected to some VPN server, which is by the way a default setup if you run our software. Kind regards & datalove AirVPN Staff (*) MIT License Copyright (c) 2018 Jerry Joseph Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Hello! OISD changed and implemented new lists. In AirVPN, now you can select: OISD Full - It's the "BIG" list. OISD NSFW - New NSFW list. OISD NSFW will be merged with our "Porn / NSFW" list in a few hours. Kind regards

Hello! We added five lists in our system: GoodbyeAds A programmatically expanded list of hosts used for advertisements, Malware and tracking. Use this list to block ads trackers malwares. Items: 200489 (as of today) GoodbyeAds Samsung A well maintained list containing Samsung hosts used for advertisements and tracking. Those who are not using GoodbyeAds list and want to block only Samsung ads and tracking can use it. Items: 103 (as of today) GoodbyeAds Spotify A well maintained list containing Spotify hosts used for advertisements. This list helps to block/reduce Spotify ads. Items: 3774 (as of today) GoodbyeAds Xiaomi A well maintained list containing Xiaomi hosts used for advertisements and tracking. Those who are not using GoodbyeAds list and want to block only Xiaomi ads and tracking can use it. Items: 279 (as of today) GoodbyeAds YouTube A well maintained list containing YouTube hosts used for advertisements. This list helps to block/reduce YouTube ads. Items: 97645 (as of today) Kind regards

Hello! We had a momentary problem with them which has been sorted out. The issue persisted for a couple of hours. Can you please try again now? We deeply apologize for any inconvenience. Kind regards

Hello @NaDre the DCO module might actually make the load balancing superfluous. OpenVPN 2.6.x alone will not, though. So we will keep the load balancing active in the meantime. It will make sense to disable it when DCO enters a stable phase and that stable release is tested on the field, showing that the load balancing is no more necessary. Our current load balancing allowed our servers to beat the OpenVPN limits, as you may remember. The current maximum throughput reached on 10+10 Gbit/s servers (all OpenVPN instances together, of course, and WireGuard excluded) is about 4 Gbit/s (2 Gbit/s + 2 Gbit/s). Without load balancing OpenVPN 2.5.5. and 2.6.2 (without DCO) on our most powerful CPUs, with AES-256-GCM and/or CHACHA20-POLY1305, single instance, can't beat 1.7 Gbit/s. (850 Mbit/s + 850 Mbit/s). OpenVPN + DCO promises to beat even that performance, on a level playing field. They don't recommend load balancing but then they say: <vanity mode on> which is something similar to what we do, except that our load balancing system is better than this as it uses directly the kernel to welcome clients and assign them to the proper OpenVPN instance <vanity mode off> 😉 Kind regards

Hello, the current state is the following: https://airvpn.org/forums/topic/56119-new-10-gbits-server-available-bg/?do=findComment&comment=220907 After the message by Antonio Quartulli (lead DCO developer) we re-started from scratch and the stability problems are resolved. However DCO is still immature for production. Remember that: ovpn-dco is currently under heavy development, therefore neither its userspace API nor the code itself is considered stable and may change radically over time. So you might need to re-build everything multiple times: it's not the way to go in production, of course. Without DCO, on your client side, you can not see any difference in performance and stability between OpenVPN 2.5.x and 2.6.x. So, the only thing we could do would be upgrading to OpenVPN 2.6 without DCO. However, we would prefer to migrate to OpenVPN 2.6.x with DCO support, instead of 1) upgrading to 2.6.3, and 2) later on re-upgrading the whole infrastructure again with DCO. We'll keep you informed, but don't expect too much, nothing will change on your side in terms of stability and throughput. Kind regards

@McFly The route tool works, it returns a green token because it gets 200 (OK) from the final web server, and that's true. But the landing page is served by the Sucuri Firewall as a courtesy block page. Our IP addresses are not in the main black lists around, but there are hundreds of black lists around, we will try to understand which one Sucuri uses (maybe a proprietary one). Kind regards

Hello! You may like to start from here: https://airvpn.org/forums/topic/48234-speedtest-comparison/?do=findComment&comment=130191 Kind regards

@alternate Hello! We're sorry for the several additional days we scheduled for the tests. We're still testing, given the size. We want to be sure they don't cause issues. Besides a syntax error in the list pushed us to verify the good parsing during the import. When we're sure that all is fine, GoodbyeAds will be added as the community feedback on it is very good. Kind regards

Hello! How many independently owned VPN services remain? According to another Reddit list of recommendations we discovered: https://www.reddit.com/r/VPNTorrents/comments/13d41c1/ovpn_acquired_by_pango_removed_from/ only AirVPN, Mullvad and iVPN? And there was WeVPN but it's defunct. Kind regards

Hello! Unfortunately not, it is Apple policy that any Apple app and service may, if it wants to, bypass any VPN. As far as we know, it's not true that the kill switch mentioned in Proton article prevents leaks by Apple services. Some services may decide to bypass the VPN tunnel, other services will systematically bypass the tunnel. OpenVPN Technologies reminded here: https://openvpn.net/vpn-server-resources/faq-regarding-openvpn-connect-ios/ We see that Proton labels this behavior as a bug, but it's probably not. On the contrary, it seems correct (by reading documentation) what OpenVPN tells, i.e. this is Apple policy. On the other hand, if it was a bug on Apple's considerations too, it would have been fixed after so many years. We guess that nobody can realistically assume that iOS is suitable for a robust anonymity layer, but reminding all of the above might be useful anyway. We do not develop (we have never developed) software for iOS, for multiple problems. On top of the above, it's difficult to make GPLv3 compatible with Apple store, due to conflicting licenses -- and we release only FOSS. Actually there's a record of app deletions by Apple when some GPL software was put on the store (even VLC and OpenVPN-connect had to close the source code). Therefore, we're sorry we will not work on the "issue", and anyway it is not resolvable (to the best of our current knowledge) on not "jail broken" iOS devices. Kind regards

Hello! We're sorry, the lines and the ports will remain 1 Gbit/s full duplex per server. The maintenance by the datacenter personnel is performed in order to update/standardize configuration on the aggregation devices, according to the provider informative notes. Kind regards

Hello! OpenVPN over UDP and WireGuard are blocked on most (if not all) China residential lines. You need the following connection mode: OpenVPN protocol TCP port 443 entry-IP address 3 (three) When you run Eddie you can change connection mode on the "Preferences" > "Protocols" window. Uncheck "Automatic", select the proper line (the selection is confirmed by highlighted line) and click "Save". Kind regards

Hello! We don't know the Twitter systems, but other systems may improve geo-location approximation through the combination of browser language and system timezone. Kind regards

Hello! The second log you sent us shows a different problem: Since you renewed a few days ago your client certificates, the problem is likely caused by using ovpn file(s) embedding the old certificate(s). Please generate new ovpn files, import them in Tunnelblick and test again. Please make sure to pick the correct OpenVPN version for each Tunnelblick (OpenVPN >=2.5 for Tunnelblick 4.0 beta, OpenVPN >=2.4 for the other older Tunnelblick you have). Kind regards