Staff

Actually it's a good thing. Chat support has proven to be totally ineffective throughout the last 10 years for obvious reasons. It's a lark's mirror not only in VPN field, but in any other sector which requires technical and pondered evaluation and reproduction of an issue. Please open a ticket at your convenience, on top of writing in community forum. Kind regards

Hello! Well, If a packet fails the authentication it must be dropped. WireGuard will drop forged packets (the contrary would trivially mean that it's highly insecure, which is not the case). OpenVPN replay protection is time based and size based. Additionally OpenVPN can work over TCP. OpenVPN is highly configurable, in UDP you can modify the replay protection sliding-window size and time through the proper directives, so you can make it identical to WireGuard to perform consistent tests. OpenVPN default sliding window size is 64 (identical to IPsec) with 15 seconds time. This is a very robust setup but at the same time you can modify it according to the type of network you are in (while you can't do it with WireGuard, unfortunately) . If you want to test consistently to make a comparison with WireGuard you can replicate WireGuard settings in OpenVPN (while you can't do the same in WireGuard). By comparison, check the settings and hard coded implementation in WireGuard https://www.wireguard.com/protocol/#nonce-reuse-replay-attacks with those in OpenVPN, test accordingly and then draw your own conclusions. https://openvpn.net/community-resources/reference-manual-for-openvpn-2-6/ M Kind regards

Hello, we have activated a 3 days plan to your account, feel free to test. For the readers: ask for a free trial account in private by clicking "Contact us" on the web site pages. This is a community forum and the community does not have any power to give you a free trial. If we missed your free trial request in the community forum, it would never be read by the persons who can give you the trial. Kind regards

Hello! We're very glad to know it. We can't give you a definite answer as long as you don't tell us the address and host name of this tracker (now you call it a web site? is a web site involved in the problem too, on top of the tracker?), but we suspect that it was caught in some geo-routing for different service(s). If you haven't already done so, please feel free to open a ticket to give us the info which will let us fix the routing. Enjoy AirVPN in the meantime! Kind regards

Hello! 85.17.225.221 is an AirVPN IP address, used by a "geo-routing" server. Geo-routing is enforced for specific destinations mainly in an attempt to bypass geographically based blocks. The tracker address must have been caught by some other geo-routing so it is reached by the 85.17.225.221 server. If you let us know more details (in private with a ticket if you prefer so) we can lift the geo-routing for that tracker. Alternatively, you can turn off geo-routing from your AirVPN account DNS panel, by switching the "AirVPN anti-geolocation system" combo box to "Not active / Neutral". The DNS panel is accessible from your account "Client Area". Kind regards

Hello! We're glad to inform you that, following the community requests and suggestions, we added five DNS block lists in our system, MIT licensed (*) by Jerry Joseph. GoodbyeAds A programmatically expanded list of hosts used for advertisements, Malware and tracking. Use this list to block ads trackers malwares. Items: 200489 (as of today) GoodbyeAds Samsung A well maintained list containing Samsung hosts used for advertisements and tracking. Those who are not using GoodbyeAds list and want to block only Samsung ads and tracking can use it. Items: 103 (as of today) GoodbyeAds Spotify A well maintained list containing Spotify hosts used for advertisements. This list helps to block/reduce Spotify ads. Items: 3774 (as of today) GoodbyeAds Xiaomi A well maintained list containing Xiaomi hosts used for advertisements and tracking. Those who are not using GoodbyeAds list and want to block only Xiaomi ads and tracking can use it. Items: 279 (as of today) GoodbyeAds YouTube A well maintained list containing YouTube hosts used for advertisements. This list helps to block/reduce YouTube ads. Items: 97645 (as of today) ===== By default, AirVPN DNS remains neutral in accordance with our mission. However, you have the option to enforce block lists which poison our DNS, in order, for example, to block known sources of ads, spam, malware and so on. You can manage your preferences in your account Client Area ⇨ DNS panel https://airvpn.org/dns/. We offer only lists released with licenses which grant re-distribution for business purposes too. The system is very flexible and offers some exclusive features never seen before in other VPN services: You can activate or de-activate, anytime, any combination of lists. You can add customized exceptions and/or additional blocks. Any specified domain which must be blocked includes all of its subdomains too. Lists which can return custom A,AAAA,CNAME,TXT records are supported. You can define any combination of block lists and/or exceptions and/or additions for your whole account or only for specific certificate/key pairs of your account (Client Area ⇨ Devices ⇨ Details ⇨ DNS) Different matching methods are available for your additions and exceptions: Exact (exact FQDN), Domain (domain and its subdomains), Wildcard (with * and ? as wildcards), Contain, Start with, End with. An API to fetch every and each list in different formats (see Client Area ⇨ API ⇨ dns_lists service) is active Any change in your selected list(s), any added exception and any added block is enforced very quickly, within few tens of seconds. You don't need to disconnect and re-connect your account. You can define your own lists and discuss lists and anything related in the community forum here Essential requisite to enjoy the service is, of course, querying AirVPN DNS while your system is connected to some VPN server, which is by the way a default setup if you run our software. Kind regards & datalove AirVPN Staff (*) MIT License Copyright (c) 2018 Jerry Joseph Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Hello! OISD changed and implemented new lists. In AirVPN, now you can select: OISD Full - It's the "BIG" list. OISD NSFW - New NSFW list. OISD NSFW will be merged with our "Porn / NSFW" list in a few hours. Kind regards

Hello! We added five lists in our system: GoodbyeAds A programmatically expanded list of hosts used for advertisements, Malware and tracking. Use this list to block ads trackers malwares. Items: 200489 (as of today) GoodbyeAds Samsung A well maintained list containing Samsung hosts used for advertisements and tracking. Those who are not using GoodbyeAds list and want to block only Samsung ads and tracking can use it. Items: 103 (as of today) GoodbyeAds Spotify A well maintained list containing Spotify hosts used for advertisements. This list helps to block/reduce Spotify ads. Items: 3774 (as of today) GoodbyeAds Xiaomi A well maintained list containing Xiaomi hosts used for advertisements and tracking. Those who are not using GoodbyeAds list and want to block only Xiaomi ads and tracking can use it. Items: 279 (as of today) GoodbyeAds YouTube A well maintained list containing YouTube hosts used for advertisements. This list helps to block/reduce YouTube ads. Items: 97645 (as of today) Kind regards

Hello! We had a momentary problem with them which has been sorted out. The issue persisted for a couple of hours. Can you please try again now? We deeply apologize for any inconvenience. Kind regards

Hello @NaDre the DCO module might actually make the load balancing superfluous. OpenVPN 2.6.x alone will not, though. So we will keep the load balancing active in the meantime. It will make sense to disable it when DCO enters a stable phase and that stable release is tested on the field, showing that the load balancing is no more necessary. Our current load balancing allowed our servers to beat the OpenVPN limits, as you may remember. The current maximum throughput reached on 10+10 Gbit/s servers (all OpenVPN instances together, of course, and WireGuard excluded) is about 4 Gbit/s (2 Gbit/s + 2 Gbit/s). Without load balancing OpenVPN 2.5.5. and 2.6.2 (without DCO) on our most powerful CPUs, with AES-256-GCM and/or CHACHA20-POLY1305, single instance, can't beat 1.7 Gbit/s. (850 Mbit/s + 850 Mbit/s). OpenVPN + DCO promises to beat even that performance, on a level playing field. They don't recommend load balancing but then they say: <vanity mode on> which is something similar to what we do, except that our load balancing system is better than this as it uses directly the kernel to welcome clients and assign them to the proper OpenVPN instance <vanity mode off> 😉 Kind regards

Hello, the current state is the following: https://airvpn.org/forums/topic/56119-new-10-gbits-server-available-bg/?do=findComment&comment=220907 After the message by Antonio Quartulli (lead DCO developer) we re-started from scratch and the stability problems are resolved. However DCO is still immature for production. Remember that: ovpn-dco is currently under heavy development, therefore neither its userspace API nor the code itself is considered stable and may change radically over time. So you might need to re-build everything multiple times: it's not the way to go in production, of course. Without DCO, on your client side, you can not see any difference in performance and stability between OpenVPN 2.5.x and 2.6.x. So, the only thing we could do would be upgrading to OpenVPN 2.6 without DCO. However, we would prefer to migrate to OpenVPN 2.6.x with DCO support, instead of 1) upgrading to 2.6.3, and 2) later on re-upgrading the whole infrastructure again with DCO. We'll keep you informed, but don't expect too much, nothing will change on your side in terms of stability and throughput. Kind regards

@McFly The route tool works, it returns a green token because it gets 200 (OK) from the final web server, and that's true. But the landing page is served by the Sucuri Firewall as a courtesy block page. Our IP addresses are not in the main black lists around, but there are hundreds of black lists around, we will try to understand which one Sucuri uses (maybe a proprietary one). Kind regards

Hello! You may like to start from here: https://airvpn.org/forums/topic/48234-speedtest-comparison/?do=findComment&comment=130191 Kind regards

@alternate Hello! We're sorry for the several additional days we scheduled for the tests. We're still testing, given the size. We want to be sure they don't cause issues. Besides a syntax error in the list pushed us to verify the good parsing during the import. When we're sure that all is fine, GoodbyeAds will be added as the community feedback on it is very good. Kind regards

Hello! How many independently owned VPN services remain? According to another Reddit list of recommendations we discovered: https://www.reddit.com/r/VPNTorrents/comments/13d41c1/ovpn_acquired_by_pango_removed_from/ only AirVPN, Mullvad and iVPN? And there was WeVPN but it's defunct. Kind regards

Hello! Unfortunately not, it is Apple policy that any Apple app and service may, if it wants to, bypass any VPN. As far as we know, it's not true that the kill switch mentioned in Proton article prevents leaks by Apple services. Some services may decide to bypass the VPN tunnel, other services will systematically bypass the tunnel. OpenVPN Technologies reminded here: https://openvpn.net/vpn-server-resources/faq-regarding-openvpn-connect-ios/ We see that Proton labels this behavior as a bug, but it's probably not. On the contrary, it seems correct (by reading documentation) what OpenVPN tells, i.e. this is Apple policy. On the other hand, if it was a bug on Apple's considerations too, it would have been fixed after so many years. We guess that nobody can realistically assume that iOS is suitable for a robust anonymity layer, but reminding all of the above might be useful anyway. We do not develop (we have never developed) software for iOS, for multiple problems. On top of the above, it's difficult to make GPLv3 compatible with Apple store, due to conflicting licenses -- and we release only FOSS. Actually there's a record of app deletions by Apple when some GPL software was put on the store (even VLC and OpenVPN-connect had to close the source code). Therefore, we're sorry we will not work on the "issue", and anyway it is not resolvable (to the best of our current knowledge) on not "jail broken" iOS devices. Kind regards

Hello! We're sorry, the lines and the ports will remain 1 Gbit/s full duplex per server. The maintenance by the datacenter personnel is performed in order to update/standardize configuration on the aggregation devices, according to the provider informative notes. Kind regards

Hello! OpenVPN over UDP and WireGuard are blocked on most (if not all) China residential lines. You need the following connection mode: OpenVPN protocol TCP port 443 entry-IP address 3 (three) When you run Eddie you can change connection mode on the "Preferences" > "Protocols" window. Uncheck "Automatic", select the proper line (the selection is confirmed by highlighted line) and click "Save". Kind regards

Hello! We don't know the Twitter systems, but other systems may improve geo-location approximation through the combination of browser language and system timezone. Kind regards

Hello! The second log you sent us shows a different problem: Since you renewed a few days ago your client certificates, the problem is likely caused by using ovpn file(s) embedding the old certificate(s). Please generate new ovpn files, import them in Tunnelblick and test again. Please make sure to pick the correct OpenVPN version for each Tunnelblick (OpenVPN >=2.5 for Tunnelblick 4.0 beta, OpenVPN >=2.4 for the other older Tunnelblick you have). Kind regards

Hello! Confirmed, unfortunately. We're investigating and a fix will be implemented in the next release. Thank you very much for the report. Kind regards

Hello! A first non-fatal problem comes from directives not recognized by the probably old OpenVPN version used by this Tunnelblick version, but the configuration file is sanitized. Should you need to generate configuration files already compatible with OpenVPN 2.4, in the Configuration Generator make sure you select "Advanced Mode" and then in the "OpenVPN version" combo box select ">= 2.4". The Configuration Generator will then generate configuration files compatible with OpenVPN 2.4.x. Then the fatal problem should be this one: Apparently Tunnelblick can't resolve the domain name to get the IP address it should connect to, or the IP address is inaccesible, and exits, in your case gb.vpn.airdns.org. Can you please check the DNS settings of your system? Make sure that publicly accessible DNS addresses are set. See here if necessary: https://serverguy.com/kb/change-dns-server-settings-mac-os/ Furthermore, please make sure that you don't run third party tools (typically Malwarebytes, Bitdefender etc.) which might overblock our VPN servers IP addresses. Kind regards

Hello! Please try this: open the Task Manager and terminate any eddie-ui* process running. Pay attention, you could have two different processes, kill them all delete manually Eddie's configuration file. To find it, please see here: https://eddie.website/support/data-path/ uninstall Eddie completely (this time the process should be successful) reboot the system and re-install Eddie Kind regards

Hi! The final decision to re-open was taken after the request to re-open the thread came from someone who we could call a "counter-part" wishing to exercise the right to reply. This is a perfectly legitimate request. Of course we have no idea whether it comes from the original author of the table or from anyone else, and that's not important. It's only important that anyone is given the right to reply. We're sorry to hear that, and indeed the role of every moderator is invaluable. We indeed wrote "The moderators propose themselves on a voluntary basis and perform their tasks during their free time without any monetary retribution and without any obligation to complete their task in the future. Moderators are not employees of AirVPN and their only motivations are passion and dedication. Their role in maintaining the community forums readable and a relaxed place is invaluable." and we're sorry to hear that it's not enough in your opinion. Therefore, we would like here to re-affirm that without the invaluable moderators activities performed every day and for years and years with passion and dedication, and without any monetary compensation, the community forums could not exist as they currently do. The moderators also wrote valuable guides, created translations into various languages for Eddie Android edition (check the credits in the app), and assist other users relentlessly. For that, we and all the community owe to OpenSourcerer, LZ1, zhang888 gratitude and recognition. Kind regards

Hello! Can you please publish the integral Tunnelblick log? Note: feel free to open a ticket as well to get support directly from the technical support team. Kind regards