Staff

@zsam288 Hi, since the feature is strictly AirVPN DNS related, check your system DNS settings when you use WireGuard and make sure that VPN DNS is queried. What are your Operating System name and version, and which application do you run to connect via WireGuard? Kind regards

Hello! We're very glad to inform you that a new 1 Gbit/s full duplex server located in Tokyo, Japan, is available: Fleed. The AirVPN client will show automatically the new server; if you use any other OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and port 1637 UDP for WireGuard. Fleed supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/fleed Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

UPDATE 2022-05-02 BETA TESTING HAS BEEN COMPLETED. WIREGUARD ACCESS IS NOW AVAILABLE TO ANYONE AND CONSIDERED STABLE IN AIRVPN INFRASTRUCTURE Hello! We're glad to announce the beginning of WireGuard beta testing in AirPVN infrastructure. In order to test WireGuard, go to Client Area ⇨ Preferences and activate Access to BETA Features. This will allow you to see specific guides and options pertaining to WireGuard. About privacy concerns, we wrote a FAQ answer here . Please make sure to read it. WireGuard with Eddie If you want to use Eddie, go to download page of your OS, and click Other versions ⇨ Experimental in Eddie download pages. Linux note: Eddie doesn't recognize WireGuard until it is present at kernel level. Use cat /sys/module/wireguard/version to check your WireGuard kernel module. Wireguard will be available in Preferences > Protocols window (logout and login from Eddie's main window might be necessary). WireGuard without Eddie Otherwise, for official WireGuard app/binaries, see the guides below: Windows - with official WireGuard app (GUI) ⇨ https://airvpn.org/windows/wireguard/gui/ macOS - with official WireGuard app from App Store (GUI) ⇨ https://airvpn.org/macos/wireguard/appstore/ macOS - with Homebrew, terminal ⇨ https://airvpn.org/macos/wireguard/homebrew/ Linux - with official WireGuard from your distro, terminal ⇨ https://airvpn.org/linux/wireguard/terminal/ iOS - with official WireGuard app from App Store (GUI) ⇨ https://airvpn.org/ios/wireguard/appstore/ Android - with official WireGuard app from Play Store (GUI) ⇨ https://airvpn.org/android/wireguard/playstore/ The guides above will be also shown in Download section when Beta Features option is checked. Notes: We will add other connection ports, suggestions are welcome. We automatically generate WireGuard keypair (and preshared-key), and assigned IPv4/IPv6 addresses, for any device, no action required. Kind regards & datalove AirVPN Staff

@zsam288 Hello! Please try again now. Kind regards

Hello! In the Devices page click the "Details" button pertaining to the "device" you wish to modify, then click the "DNS" button. You will be directed to the DNS page. Configure your favorite blocks in the block list page. The settings you define will be reserved to that "device" (i.e. to that certificate/key pair). Kind regards

Hello! We're glad to introduce a new feature in AirVPN infrastructure: DNS block lists. By default, AirVPN DNS remains neutral in accordance with our mission. However, from now on you have the option to enforce block lists which poison our DNS, in order, for example, to block known sources of ads, spam, malware and so on. You can manage your preferences in your account Client Area ⇨ DNS panel https://airvpn.org/dns/. We offer only lists released with licenses which grant re-distribution for business purposes too. The system is very flexible and offers some exclusive features never seen before in other VPN services: You can activate or de-activate, anytime, any combination of lists. You can add customized exceptions and/or additional blocks. Any specified domain which must be blocked includes all of its subdomains too. Lists which can return custom A,AAAA,CNAME,TXT records are supported. You can define any combination of block lists and/or exceptions and/or additions for your whole account or only for specific certificate/key pairs of your account (Client Area ⇨ Devices ⇨ Details ⇨ DNS) Different matching methods are available for your additions and exceptions: Exact (exact FQDN), Domain (domain and its subdomains), Wildcard (with * and ? as wildcards), Contain, Start with, End with. An API to fetch every and each list in different formats (see Client Area ⇨ API ⇨ dns_lists service) is active Any change in your selected list(s), any added exception and any added block is enforced very quickly, within few tens of seconds. You don't need to disconnect and re-connect your account. You can define your own lists and discuss lists and anything related in the community forum here Essential requisite to enjoy the service is, of course, querying AirVPN DNS while your system is connected to some VPN server, which is by the way a default setup if you run any of our software. Kind regards & datalove AirVPN Staff

We deployed a new release which fixes issues with WireGuard (for a public beta testing) and some minor bugs. Other issues reported in this thread are under investigation. Version 2.21.2 (Wed, 27 Oct 2021 12:29:20 +0000) [bugfix] [all] WireGuard beta support [change] [all] Whitelist->Allowlist, Blacklist->Denylist [bugfix] [all] Preferences -> Routes error

Hello! Intentional / intended. Kind regards

Hello! As a preliminary clarification, if your account uses all the connection slots and a new connection is required, the previous connection slots remain unaffected. Therefore, the disconnections occurred at an earlier time. If each OpenVPN client connected to a different server, the most plausible cause of the simultaneous disconnection is some line break, or a problem in the router. Not necessarily. If the connections were over UDP (if they are over TCP, the following does not stand), and the disconnection is caused by a line drop, your clients can not notify the server that they were disconnecting. UDP is connectionless and in our system the ping timeout is set to 60 seconds. Add to that a few more seconds for communications between VPN servers, proxy and backend servers, and you see that you need to wait more than a minute to have your connection slots freed in case of unexpected disconnection without notification in UDP. Kind regards

Hello! It seems the proxy does not accept connections from OpenVPN but anyway this approach (OpenVPN over proxy) is not what you want, because if you connected OpenVPN over that proxy, your packets would have the VPN server as last hop, so the final service would again see the VPN server exit-IP address. To achieve your purpose, connect OpenVPN normally, then configure your software to connect to the proxy (make sure you start the software after the VPN connection has been established). In this way, this, and only this, software will have its traffic tunneled over the proxy over OpenVPN, and the final "exit node" is the proxy itself. It remains to be seen, however, whether the proxy will accept connections from our VPN servers IP addresses. Remember: data transiting through the proxy server will not be protected anymore by OpenVPN encryption. Make sure you enforce end-to-end encryption. Kind regards

Hello! It might be indeed an IPB malfunction or problem, we will investigate. Kind regards

Understood. Maybe an error by Invision? Go to your account "Client Area" > "Preferences" page, and force the date time, language and format you wish, instead of "browser". Click "Save" and verify whether the change complies to your choice. Feel free to keep us posted. Kind regards

@Valerian Hello! The dates are displayed according to the browser settings, so the US format should be displayed only to en-US set browsers. Do you notice any discrepancy? Kind regards

Hello! We're very glad to announce that, in compliance with its mission, AirVPN proudly supports WikiLeaks https://wikileaks.org in 2021 too, with a 0.32577602 BTC donation, around 20,000 USD at the moment of the transaction. WikiLeaks is an international non-profit organization that publishes news leaks and classified media provided by anonymous sources. Since 2006, the group has released a huge amount of documents of paramount importance and public interest, with an outstanding 100% accuracy so far, which deeply changed our vision and knowledge of the world. https://www.blockchain.com/btc/tx/527abecb9e8959556fd01cba66b45890a71f643eddff3cb1d6f9d4ffd39dc15b AirVPN's mission: https://airvpn.org/mission Kind regards & datalove AirVPN Staff

More very important information: https://english.almayadeen.net/articles/analysis/exclusive:-expressvpn-insider-tells-all-on-companys-israelua Kind regards

@maasenstodt Hello! Currently Eddie does not re-download automatically any new certificate/key pair: in Eddie main window, log your account out and then log it in again, in order to force Eddie to re-download client certificate(s) and key(s). A detailed guide is available here: https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/ Kind regards

Hello! Frequently, the wintun driver can solve different problems caused by the TAP driver. If you have problems with the TAP driver (including installation issues), try and switch to the wintun one: in "Preferences" > "Advanced" window tick "Use wintun driver" then click "Save", finally re-start Eddie. Eddie 2.19 or higher version is required. Kind regards

Hello! Ignore that sentence, actually we fixed the issue on server side to maintain compatibility with bugged TLS libraries and at the same time old Android versions will not be affected. That was never the case. The problem is caused by bugged TLS libraries in your system. Yes, you can do it now! You understood exactly the opposite of what it really happened. Security degradation is on client side affecting those systems still running with obsolete TLS libraries affected by critical bugs. Although we now keep compatibility even with bugged TLS libraris, please consider to upgrade your system anyway. Bugged TLS libraries are (at least) OpenSSL 1.1.0 or older versions, LibreSSL older than 3.2.0 version, GnuTLS older than 3.6.7 version. As you can see they are all obsolete versions which should not be used anymore. Kind regards

@Iyam Nadie Hello! Yatse "receiver" and client listen to ports 8083 and 9077. Can those ports be configured, both in server and client? If so, you can remotely forward ports in our system (from your account "Client Area" > "Ports" panel) and then configure Yatse server and client to listen / reach to the same port numbers you remotely forwarded, as long as you need to contact Yatse receiver from the Internet. If those ports are hard coded (but hopefully in 2021 nobody hard codes anything anymore) you can't follow our suggestion. However, you could consider to reach the Yatse listening service from and to the local network, no need to send the packets to the Internet from your home network, and then receive them back, after they traveled around the world, to your home again. Can Yatse service be configured to bind to a specific interface? Kind regards

@y0wl Hello! Thank you. It's an Eddie 2.21.1 problem, so this is not the proper thread, and we are moving your messages to the following thread: https://airvpn.org/forums/topic/49638-eddie-desktop-221-beta-released/ Please continue there. We will also make sure that developers get your report. Kind regards

@cloudofsky Hello! Can we see the complete Goldcrest log, Bluetit log and bluetit.rc and goldcrest.rc files content? To print Bluetit log: sudo journalctl | grep bluetit Kind regards

@Breeze Hello! Thank you! Access activation to Wireguard beta testing will be available in the "Client Area". We will have more information on a definite date very soon, we're still working on it. Announcement will follow in "News" forum. Can you also tell us your Linux distribution name and version? If you run Eddie beta from other packages (not the AppImage) do you see the same crash? Kind regards

Hello! Please be aware that the core router serving our servers in Dallas (TX, USA) will be replaced on Saturday October the 9th at 18.00 UTC (20.00 CEST). Expected downtime of all of our servers is approximately 1 hour. Kind regards

@y0wl Hello! The procedure you describe should not be necessary as Eddie must take care of it. However some old Eddie version has a bug and Hummingbird could not be launched because it was not owned by root. Eddie, for security reasons, does not start with root privileges anything not owned by root. Do you still need the procedure you describe with Eddie latest release 2.20.0? Kind regards

Hello! The current state of play as well as important clarifications. The issue occurs only in those OpenVPN clients linked against OpenSSL 3 and only to some of our users, see below Since 2017, our system generates CRT signed with SHA512 algorithm. Previously they were signed with SHA1. Regeneration of old CRT is not triggered and forced by us automatically, because it would invalidate any previous OVPN configuration file out there and lock out the user who does not follow our forum, notification e-mails etc. @rprimus you have a client CRT (user.crt) dated 2015. You and anybody else using pre-2017 user certificates: please go to your "Client Area" > "Devices" menu, renew your cert/key pair, re-download your OVPN configuration files from the Configuration Generator, use them and you will be fine. (*) The problem has never been caused by the CA certificate. Replacing the CA.crt is not mandatory, it just avoids warning message (that you can safely ignore and has nothing to do with the main issue of this thread) you may meet in Eddie Android edition, Hummingbird and Bluetit. Anyway, now even ca.crt is SHA512 signed, so you will not get anymore the mentioned warning (*) Yellow rows show certificates which use a signature based on a deprecated for security reasons hash algorithm (SHA1). They are still here to ensure backward compatibility, because we can't know whether you still use them in generated profiles. However, future OpenVPN versions might not allow them anymore. Click 'Renew' or 'Delete' to resolve the issue. After that, re-generate profile(s) with our Configuration Generator. If you run our client software Eddie, you just need to log your account out and in again from the main window. Kind regards