Staff

Hello! Your message is from 2019 and in the meantime new challenges and problems arose in quantum computing, but anyway we have an important update. We offer WireGuard with per-client pre-shared key for post-quantum resistance, so we're ready, in the extremely unlikely event that a powerful quantum computer could work effectively during our life time. WireGuard pre-shared key is offered by default, you don't need any specific action. Kind regards

Hello! We're very glad to inform you that a new 1 Gbit/s full duplex server located in Vancouver (Canada) is available: Ginan. The AirVPN client will show automatically the new server; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637 and 47107 UDP for WireGuard. Ginan supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses and 4096 bit DH key not shared with any other VPN server. You can check the status as usual in our real time servers monitor: https://airvpn.org/servers/Ginan Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team 

Hello! The proper guide is this one: https://openwrt.org/docs/guide-user/services/vpn/wireguard/client Keep a profile generated by the Configuration Generator, according to your preferences, available (it's just a text file). From it, you can find the settings for the initial configuration: WG_IF="vpn" WG_SERV="SERVER_ADDRESS" <-- the VPN server address you see in the "Endpoint" entry WG_PORT="1637" <-- you can see it in the "Endpoint" entry WG_ADDR="..." <-- the IPv4 address you find in the profile "Address" entry WG_ADDR6="..." <-- the IPv6 address you find in the profile "Address" entry Skip the "Key management" section. In our system your WireGuard key is generated by our infrastructure. In the same file you also find the public key, the pre-shared key and the DNS server address that you will need to complete the configuration, respectively in the PublicKey entry, the PresharedKey entry and the DNS entry. Kind regards

@geno5 Hello! If the notice is authentic, you must have suffered a traffic leak outside the VPN tunnel, so you must have had "Network Lock" feature disabled.. Please make sure you have Network Lock enabled. It will prevent any possible traffic leak outside the VPN tunnel, even leaks caused by misconfiguration of any program and unexpected VPN disconnection. It will prevent leaks even in case Eddie or OpenVPN or WireGuard suffer a crash (it is as reliable as your system packet filtering tool is, nothing to share with obsolete and unreliable kill switches). Network Lock, as you know from the welcome e-mail, the guide for beginners, the FAQ answers, the general recommendations on the How-To forum, is a set of firewall rules, therefore it works properly regardless of the underlying VPN protocol (OpenVPN, WireGuard). It can be activated from Eddie's main window before you start a connection (and you can tell Eddie to activate it automatically when it starts). It is also active by default in the Eddie Android edition app and on the AirVPN Suite. To optimize your torrent software performance and make sure that it is not misconfigured you can follow this guide: https://airvpn.org/faq/p2p/ Kind regards

@Lee47 Hello! Just out of information, your requirements for 4K HDR are excessive! Netflix recommends 25 Mbit/s and Amazon 15 Mbit/s. https://nvidia.custhelp.com/app/answers/detail/a_id/4182/~/what-bandwidth-do-i-need-for-4k-hdr-streaming Kind regards

@SurprisedItWorks Hello, that's correct. According to recent reports, Netflix USA allows streaming through our servers only of those contents of Netflix exclusive property, even when the user who tries to access such content is a USA citizen.. The other contents are perhaps too problematic (because of the copyright mafia, one might argue) to allow access from dedicated servers (or IP addresses not assigned to USA residential ISPs), even when such access is performed by a citizen living in the USA. Kind regards

@nemoomen Hello! This is the fatal error which causes Eddie to exit: Routes, add 2607:ff48:aa81:200:7624:912a:38e8:a606/128 for interface "enp11s0" failed: Exception: exit:2; err:RTNETLINK answers: File exists It's unclear why that route (to Acamar entry-IP address 3) is already there on enp11s0 ("file exists") this is matter for developer's investigation. Try to delete (while Eddie is not running) the following file: /home/lillianr/.config/eddie/default.profile then reset your TCP/IP stack and interfaces, and check whether Eddie re-starts correctly (that default.profile file is Eddie's configuration file so you will need to re-enter your AirVPN account credentials and Eddie settings). Kind regards

Hello! Can you give us a list of VPN servers which you experience this IPv6 problem on? Kind regards

@DZ-015 Hello! Please test a connection via WireGuard as well as a connection on OpenVPN, protocol TCP, port 443, entry-IP address three, and check whether one of those connection modes resolves the issue. You can change connection mode in the following way: from Eddie's main window select "Preferences" > "Protocols" uncheck "Automatic" select the line describing one of the aforementioned modes. The line will be highlighted click "Save" and test again connections If the problem persists, please open a ticket and include a system report https://airvpn.org/forums/topic/50663-youve-been-asked-for-a-support-filesystem-report-–-heres-what-to-do/ Kind regards

@nan0tEch Hello! Try the following: enforce mssfix n directive (n is in bytes). This directive tells OpenVPN to split TCP packets (inside the UDP tunnel) larger than n bytes. This directive may resolve MTU size problems. Try for example with mssfix 1320 if your connection is via Ethernet or WiFi if you have an asymmetric line (ADSL etc.), make sure that the maximum allowed upload bandwidth of the torrent software does not "choke" the throughput. To stay on the safe side, limit (from its own settings) the torrent software to use at most 66% of your available upload bandwidth Check any combination of the above attempts (only 1, only 2 and both 1 and 2). Kind regards

@Cthulu_007 Hello and thank you for your great feedback and support! AirVPN Suite version 2.0 for Linux will implement traffic splitting on an application basis. The first alpha preview is due in a matter of weeks (the first addition is however WireGuard support and integration, so in the alpha 1 you might not see a full traffic splitting implementation yet). In the meantime, if you need a simplified approach, you can split traffic on an application basis through any means of virtualization. Please remember, as usual, that any traffic splitting poses risks of de-anonymization in specific circumstances. Splitting traffic, therefore, must be considered a sensitive action which should be performed only by those who perfectly understand what they are doing. Kind regards

Hello! Thank you for your great feedback. Try this procedure: - from the left pane select "Logout" - tap the big central button to login again - re-enter your credentials - check whether all the keys appear in the box "AirVPN key" (tap the key name and a full list should pop-up) Kind regards

@ba....z123 Hello! You can already select a port (among the supported ones) on the Configuration Generator. Please make sure you tick "Advanced Mode". Our VPN is based on WireGuard and OpenVPN. SSTP VPN (which works only over TCP) is currently not available and not planned in AirVPN, we're sorry. However, OpenVPN and WireGuard offer a combination which may in most cases beat SSTP performance and circumvention abilities. Kind regards

@fts501 Hello! A bug affecting Eddie 2.21.8 causes a race condition under specific conditions during the round trip times calculation. Eddie never gets out of the tests. The bug has been fixed in Eddie 2.22.2 - thanks to @CMaves https://github.com/AirVPN/Eddie/pull/123 https://airvpn.org/forums/topic/50561-eddie-desktop-edition-2216-released/?do=findComment&comment=203120 Hummingbird does not measure round trip times so the problem simply can't be there. Thus, you have now two options: download and install Eddie 2.22.2 (in the download page for your system click "Switch to experimental", then download as usual) don't run Eddie, but run Hummingbird, included in the AirVPN Suite or Goldcrest and Bluetit, components of the Suite too (however, the Suite does not offer a GUI) Kind regards

Hello! In Eddie Android edition you can split traffic on an application basis. You can define "white" and "black" lists of apps. If a black list is defined, the apps included in the black list will have their traffic routed outside the VPN. Any other app will have its traffic routed into the VPN. If you define a white list, only the apps in the white list will have their traffic routed inside. Any other device traffic will be routed outside the VPN. Traffic splitting will work both on WireGuard and on OpenVPN. In Eddie Desktop edition for Linux, Mac and Windows you can split traffic on a destination basis (IP addresses, IP addresses range, or host names). You can tell Eddie to send the traffic outside the VPN tunnel only for specific destinations, or you can tell Eddie to send all the traffic outside the tunnel except for specific destinations. Traffic splitting will work both on WireGuard and OpenVPN. AirVPN Suite for Linux does not offer any traffic splitting ability, but we are considering to implement an app based traffic splitting in the near future. Kind regards

@NKKA12345 Hello! If you are talking about nVidia Shield TV, we have noticed that nVidia Shield TV devices performance suffer when they rely on WiFi. If possible connect your device via Ethernet. If you are talking about nVidia Shield tablets, try to use Eddie Android edition in WireGuard, OpenVPN over UDP, and OpenVPN over TCP modes, and make a comparison. Kind regards

Hello! Currently not, we have no plans about it, we're sorry. Kind regards

Entities and persons supported in 2019-now period (NGOs / persons working in highly dangerous areas not mentioned for security reasons): 2019: Mastodon (recurring support) Tor (recurring support) AccessNow (recurring support) Apollo NG Mobile Hackerspace (recurring support) Caitlin Johnston Chelsie Manning WIkiLeaks Electronic Frontier Foundation 2020: Tor (recurring support) Mastodon (recurring support) AccessNow (recurring support) Apollo HG Mobile Hackerspace (recurring support) 2021: WikiLeaks Tor (recurring support) Mastodon (recurring support) AccessNow (recurring support) Apollo HG Mobile Hackerspace (recurring support) 2022: Tor (recurring support) Mastodon (recurring support) AccessNow (recurring support) Apollo HG Mobile Hackerspace (recurring support) XNet 2023 (so far, updated 01 Feb 2023): Tor (recurring support) Mastodon (recurring support) AccessNow (recurring support) Apollo HG Mobile Hackerspace (recurring support) PeerTube For a full list including previous years, relevant links, and details about how the support is actualized please see https://airvpn.org/mission Kind regards

Hello! Please see here: https://airvpn.org/android/eddie/ Direct link to the latest APK: https://airvpn.org/mirrors/eddie.website/download/?platform=android&version=latest Specific instructions for Android TV and Fire OS: https://airvpn.org/android/eddie/apk/tv/ Kind regards

Hello! In Eddie Android edition you can split traffic on an application basis. You can define "white" and "black" lists of apps. If a black list is defined, the apps included in the black list will have their traffic routed outside the VPN. Any other app will have its traffic routed into the VPN. If you define a white list, only the apps in the white list will have their traffic routed inside. Any other device traffic will be routed outside the VPN. Traffic splitting will work both on WireGuard and on OpenVPN. Please open "Settings" and expand "System". Tap "Application filter type" and select the type you want: Whitelist: only apps included in the whitelist will have their traffic tunneled. Anything else's traffic will go outside the tunnel, including system traffic. Blacklist: all the traffic will be tunneled except the traffic of the apps in the Blacklist. After you enable a filter type a new item will appear just below the "Application filter type". Tap it to select the apps you want to be "white" or "black" listed. In Eddie Desktop edition for Linux, Mac and Windows you can split traffic on a destination basis (IP addresses, IP addresses range, or host names). You can tell Eddie to send the traffic outside the VPN tunnel only for specific destinations, or you can tell Eddie to send all the traffic outside the tunnel except for specific destinations. Traffic splitting will work both on WireGuard and OpenVPN. AirVPN Suite for Linux does not offer any traffic splitting ability, but we are considering to implement an app based traffic splitting feature in the near future. EDIT: Starting from version 2.0.0, AirVPN Suite implements per-app traffic splitting. Kind regards

Hello! Thanks for the head up, something seems wrong. Under investigation. Kind regards

Please open a ticket for private communications we have to send you.

Hello! @OpenSourcerer Feel free to evaluate whether it's the case to merge both threads or not. Kind regards

@TLH_AIR Hello! The AllowedIPs directive in the conf file lists the set of IP addresses that the local host should route to the remote peer through the WireGuard tunnel. In your case, you can see that you have included the whole IPv4 address space (0.0.0.0/0). Therefore WireGuard tunnels all the traffic, including the local network traffic, which will be lost of course as the remote peer doesn't know what to do with your private addresses. You need to exclude IP addresses of the local network from the VPN routing. Here's an example taken from Eddie Android edition when you tell it that the local network must be reachable during a connection with WireGuard: the listed IP addresses include all the IPv4 and IPv6 address space EXCEPT those reserved for private subnets. It is necessary to adapt the list with CIDR prefixes to make it understandable by WireGuard, that's why it's so long. The space address which must be tunneled is built "around" any possible private IPv4 and v6 space, i.e. it is the complementary set of the union of all the private sets in the "universe set" made of all addresses. If your system doesn't support IPv6, do not include the various IPv6 ranges. The addresses in the configuration file must be separated by a comma as usual. Kind regards AllowedIPs = 0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4,224.0.0.0/3,::/1,8000::/2,c000::/3,e000::/4,f000::/5,f800::/6,fc00::/8,fe00::/7 0.0.0.0/5 8.0.0.0/7 11.0.0.0/8 12.0.0.0/6 16.0.0.0/4 32.0.0.0/3 64.0.0.0/2 128.0.0.0/3 160.0.0.0/5 168.0.0.0/6 172.0.0.0/12 172.32.0.0/11 172.64.0.0/10 172.128.0.0/9 173.0.0.0/8 174.0.0.0/7 176.0.0.0/4 192.0.0.0/9 192.128.0.0/11 192.160.0.0/13 192.169.0.0/16 192.170.0.0/15 192.172.0.0/14 192.176.0.0/12 192.192.0.0/10 193.0.0.0/8 194.0.0.0/7 196.0.0.0/6 200.0.0.0/5 208.0.0.0/4 224.0.0.0/3 ::/1 8000::/2 c000::/3 e000::/4 f000::/5 f800::/6 fc00::/8 fe00::/7

@jcpingu Hello! Yes, your mtr output shows that the what you experience is not strictly related to some Atlanta datacenter problem. Generally speaking, it's how the Internet works with "best effort" routing, which in turn is determined (also, among other factors) by peering agreements. See also. https://en.wikipedia.org/wiki/Peering and https://en.wikipedia.org/wiki/Tier_1_network#Routing_through_peering If your ISP [transit provider] (SBCGlobal?) does not offer low round trip times to/from "our" datacenter in Atlanta, don't be too upset or discouraged, it may happen: as you have seen, you can get excellent round trip times with other datacenters, geographically farther away, but nearer in terms of "network distance" (round trip time). Compare the mtr output by @go558a83nk whose packets go directly to Cogent to see an example difference. "Our" Atlanta datacenter traffic is served by Internap, which (at least in Atlanta) in turn interconnects directly with Lumen (former Level3, tier1), so we have operated well here in the best interest of our customers. There's nothing we can do under this respect in this datacenter. Since you get a lower round trip time with servers in other datacenters, use them! We offer a variety of options for peering and load alternatives and redundancy: for example in the USA we have servers in datacenters which (globally) have PoP either in to major tier1 networks (AT&T, Lumen (Level3)) or major tier2 networks (Cogent, Verizon, Hurricane). By doing so we maximize the likelihood that an AirVPN user can find a datacenter with a "good peering" with his/her residential ISP (or at least with his/her residential ISP's transit provider(s)). Trust us, it's not easy to operate a really agnostic and neutral network in USA datacenters, due to the widespread hostility against specific protocols. Kind regards