Staff

EDIT: problem has been resolved around 12.00 2022-06-16 UTC Hello! We're sorry to inform you that a PayPal ongoing malfunction is causing a serious issue with purchase validations and plan activation. IPN (Instant Payment Notification) is not sent, so we must validate PayPal payments manually one by one. PayPal has been notified hours ago. We apologize for the delayed activation but the problem is out of our responsibility and control. Hopefully PayPal will resolve the problem very soon. If you have paid via PayPal and you don't see your plan activation within a few hours feel free to open a ticket as we are struggling to keep the pace on the long run. If you are reading this message before you made a purchase, please consider to pay via Stripe, Amazon Pay or Bitcoin for a faster and automated plan activation. This thread will be updated as new information comes in. Kind regards

Hello and thank you for your choice! Please check again now. A PayPal ongoing malfunction is causing the issue. IPN (Instant Payment Notification) is not sent (they are all stuck) so we must validate payments manually one by one. Hopefully the problem will be resolved in a matter of hours otherwise we can't keep the pace and we will need to disable PayPal. PayPal has been notified hours ago. We apologize for the delayed activation but the problem out of our responsibility and control. [PROBLEM RESOLVED} Kind regards

Hello! Your account reserved ports already include two consecutive ports so you needn't do anything in this case. In general, to find consecutive ports (if available) enter the amount of required ports and click "Search" on the "Suggest a range of sequential free ports" section of your account port panel. Kind regards

Hello! Well, it should (must) work with any OpenVPN3 compatible profile. Which error do you get exactly? Kind regards

@CinnamonStick Hello! The attacker can do exactly the same with tls-crypt v2: subscribe and get the TLS key to pass the first barrier and then perform the attack . tls-crypt v2 is stronger against flood because the attacker, at least, must create more than one attacking account in order to keep flooding after a key gets blocked, while with tls-crypt it can keep flooding with just one key which remains valid (because we would block all the customers if we changed it). That's surely a strong reason to plan tls-crypt v2 implementation. To be effective, however, tls-auth must be dropped, otherwise the flooder can always point to the entry-IP addresses where OpenVPN in tls-auth responds. Nothing changes on the client side security between tls-crypt and tls-crypt v2, while an important change over tls-auth is due to the fact, as we already wrote, that the parser is not exposed and the communication can be dropped sooner. This makes tls-crypt more robust than tls-auth against flood attacks and reduces the attack surface. However it's not yet time for us to drop tls-auth and break backward compatibility, because tls-auth it is still required by customers who run OpenVPN versions which don't support tls-crypt. This has been always done by tls-crypt which we implemented several years ago. It's not something new of tls-crypt v2. A working proof of concept has never been published so we are dubious, but that's not important, because if the exploit had been able to work even against tls-crypt (let's assume for argument's sake that tls-crypt had been available at the time), then it would have worked even against tls-crypt 2. Strömberg says it very clearly: they did not attack servers with tls-auth, because it was just a useless over-complication, as anyone could get the tls-auth key in their (or our) service (and today anyone can get a specific tls-crypt v2 key, nohting changes). The server key is always secret and in particular the DH key is unique to each server. So tls-crypt 2 makes no difference again: if an attack successfully gets the server secrets to impersonate that one server in an attempt to have the target victim connect to it via some additional traffic hijack, it can work either with tls-crypt or tls-crypt v2, because the difference for this purpose is only that the tls-crypt key is common to all clients, while the tls-crypt v2 key may be unique to each client and/or server group, so it can be obtained anyway immediately. This is well explained in GitHub: https://github.com/OpenVPN/openvpn/blob/master/doc/tls-crypt-v2.txt Don't charge tls-crypt v2 with super-features which it doesn't have and has not been designed to have. Kind regards

Hello! Before any investigation starts, please upgrade Eddie. You are running a version dated August 2015 which is no more compatible with our service (thank you very much, you are indeed a long time customer!). You can download Eddie latest release for Windows here: https://airvpn.org/windows Let us know whether the new version resolves all the problems. Kind regards

Hello Heartbleed exploit was made possible by the OpenSSL library on web servers and has been resolved since April 2014, more than 8 years ago. Anyway, with OpenVPN working in TLS mode (like it always did in our infrastructure), the private key was never at risk (not to mention decrypting the client traffic, totally impossible with Heartbleed), not even with the vulnerable OpenSSL version: TLS Auth was sufficient. Heartbleed was particularly dangerous for web servers, not for OpenVPN working in TLS Mode (with TLS Auth and PFS). Using tls-crypt has nothing to do with Heartbleed and vulnerabilities of the sort. If a vulnerability is discovered on the SSL/TLS library, its exploit may or may not affect OpenVPN too, but if it does, tls-crypt and tls-crypt v2 probably will make no difference (it depends mainly on the parsers). This is already implemented in tls-auth. No need of tls-crypt or tls-crypt v2 for it. Strangely you quote features already implemented in tls-auth as advantages of tls-crypt over tls-auth, causing confusion. A clarification is due. tls-crypt and tls-crypt v2 allow early connection abort, while tls-auth needs to expose TLS.X509 parser before dropping the connection, enlarging therefore the attack surface. Moreover, by not sending anything back and dropping all when metadata verification fails, tls-crypt makes the server slightly more robust against floods and DoS attacks in general. This is of course great for the servers and tls-crypt is already implemented (on AirVPN servers entry-IP addresses 3 and 4), and we might also consider tls-crypt v2 in the future and dropping tls-auth (which we maintain on entry-IP 1 and 2 for backward compatibility), but you must not assume that it is useful more than tls-auth to defeat a class of attacks against the clients or aimed at decrypting the client traffic. Another advantage of tls-crypt over tls-auth is that the Data Channel gets completely encrypted since the handshake, thus tls-crypt (and its version 2 of course) can more easily bypass ISP blocks triggered by detection of OpenVPN handshake "fingerprint". Kind regards

@CinnamonStick Again, the added protection against attacks is only on the server side, as you have just confirmed. Strangely tls-crypt v2 seems available on OpenVPN Access Server only, not on OpenVPN, or at least it is missing in the OpenVPN manual, we can find it only on OpenVPN AS manual. Kind regards

Hello! You can have recurring payments only through PayPal in our service. An authorization to recurring payments to us needs double confirmation and can be deleted anytime quickly and easily, it's a matter of a few seconds: https://www.paypal.com/sm/smarthelp/article/how-do-i-cancel-an-automatic-payment-i-have-with-a-merchant-faq2058?app=searchAutoComplete Kind regards

Hello! It should happen by default, as tunpersist is set to "on" by default. Can you please check your /etc/bluetit.rc file? Try also to explicitly declare tunpersist on (on any line in the file). Edit the file with root privileges. Kind regards

Hello! 2Checkout has been momentarily withdrawn by us for we are investigating some problems with it. You can use various credit cards via PayPal or Amazon. No PayPal account is required if you pick PayPal, you can pay with your credit card as a guest. Would it be a viable solution for you? Kind regards

Hello! If you need to shut down Eddie you can send it a SIGTERM. However, if you want it to disconnect only (for example because Network Lock must stay), no command is at the moment available, we're sorry: when Eddie CLI receives a SIGTERM it shuts down, so Network Lock will be lifted. If that's not what you want, you can check Bluetit and drive it through Goldcrest. They are in the AirVPN Suite package (Bluetit is a daemon, while Goldcrest is a command line client through which you can control the daemon interactively).. They meet your mentioned needs, i.e. correct shutdown when system is powered off or rebooted, and you can stop a connection from a terminal without lifting Network Lock if necessary. If you don't need a GUI the Suite is definitely something you should consider. See also: https://airvpn.org/suite/readme/ Kind regards

@OpenSourcerer Thank you very much for your concerns and your continued and ongoing support. You have no peculiar reasons to worry about, under this respect, for we have plans considering even the harsh UK and Germany scenario you depict. Kind regards

If you mean requirements to infringe Net Neutrality, beyond our will (which is blocking outbound port 25 and nothing else), they are unlikely because the contract we sign with them is clear under this respect (and not all providers offer clear contracts). Furthermore, in so many years, a requirement to infringe Net Neutrality has never been made by M247. More in general, providers which requested or enforced by themselves NN infringements have been very few in these 12 years of operations, maybe four, as far as we remember, including one with strange infringements like blocking ICMP altogether. M247 servers, for your information, are 30% of the total in our infrastructure, not 50%, and yes, they can be replaced in the unlikely, worst case scenario. Remember that we still have an oversized infrastructure, so we would be able to do it with no service interruption. Of course if all of our providers enforced Net Neutrality infringements together, then our mission could not be accomplished anymore integrally, or at least not easily at all in a short time, but that's another story. Kind regards

@alternity75 Hello! Gliese is already down while Dimidium should work up to June the 5th. IP addresses will change, it's inevitable in this case. Kind regards

Hello! Unfortunately DediPath could not serve us anymore and demanded block of specific outbound ports to block traffic coming from the usual cretins who spam or have their Windows machines infected with spamware. M247 never posed such a problem to us. Before breaking net neutrality so blatantly we will try with reliable providers and port block remains the last option to be enforced only when absolutely unavoidable (currently we only block outbound port 25). Kind regards

Hello! We're very glad to inform you that two new 1 Gbit/s full duplex servers located in New York City are available: Haedus and Iklil. They are going to replace Dimidium and Gliese. The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637 UDP for WireGuard. Haedus and Iklil support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor: https://airvpn.org/servers/Haedus/ https://airvpn.org/servers/Iklil/ Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! For some reason we will probably investigate, when ExpressVPN driver and software are installed OpenVPN and WireGuard on their own don't work properly anymore: We don't know whether it's a highly customized driver which creates incompatibilities or it's just an interface lock problem caused by some Express process still running and interfering in the background. Anyway, we have noticed that by removing anything Express related, both OpenVPN and WireGuard work again just fine. Kind regards

Hello! It's unfortunately expected because Eddie doesn't handle Linux or desktop signals for a poweroff/reboot, therefore it will not restore system settings. At the next boot, a common occurrence is that your system still has VPN DNS set (if no DHCP occurred), not accessible from outside the VPN. Anyway, Eddie stores the settings in a backup file for additional security. By re-running Eddie and shutting it down from inside the graphical interface menu you should get the previous settings restored, otherwise you will need to manually set the proper DNS. In general, to circumvent this limitation shut down Eddie from inside the GUI itself before you shut down the system. Kind regards

Hello! Today we're starting AirVPN twelfth birthday celebrations offering special, strong discounts on longer term plans. From a two servers service located in a single country providing a handful of Mbit/s, the baby has grown up to a wide infrastructure in 23 countries in four continents, providing now 240,000+ Mbit/s to tens of thousands of people around the world. We still define it as a "baby", but AirVPN is now the oldest VPN in the market which never changed ownership, and it's one of the last that still puts ethics well over profit, a philosophy which has been rewarded by customers and users. During the last year, AirVPN added important features, even according to customers requests: integrated and full WireGuard support on all VPN servers optional lists selection to block spam, ads, trackers and other malicious sources, featuring a unique and fine grained customization which is exclusive on the nowadays market improved inbound remote port forwarding interface and implementation The infrastructure saw a robust power up in Tokyo, where we have now 14000 Mbit/s available (7000 Mbit/s full duplex), with more powerful hardware, and a small addition in Ireland. The VPN servers and the back service ones have had some minor security improvements as well as ordinary system updates as usual. Optimized software, and also WireGuard implementation, allowed our server to deliver high performance more smoothly, thanks to the improved balancing between threads and of course the good WireGuard scalability. On the software side, all AirVPN applications and libraries are still free and open source software released under GPLv3. WirteGuard has been fully integrated in the Desktop edition of Eddie, while Eddie Android edition will support it in the next version which is imminent (a public alpha release will be ready in June). All the applications are continuously developed and updated to provide an even better experience and performance. Kind regards and datalove AirVPN Staff 

New version 2.21.8 This release follows the stable version 2.21.6 by fixing some minor issues. Released as stable. This was an urgency release to resolve common issues discovered. Other issues also reported in this topic are under evaluation. [bugfix] [windows] "Network interface no more available" in some situation [change] [linux/macOS] Hummingbird available also in High Sierra [change] [linux] eddie-tray updated to GTK3 (cleaning dependencies issue) [bugfix] [all] Minor bugfixes

Hello! AES-CBC is no more supported, please switch to AES-GCM or CHACHA20-POLY1305. You can edit the ovpn file with any text editor or you can generate new configuration files. If you do so, make sure you select "OpenVPN >= 2.5" in the proper combo box of the Configuration Generator page: the CG will generate files including no references to AES-CBC. Kind regards

@Wave_Rider Hello! It looks like your system downloaded the whole HTML page in place of the actual ovpn generated file. Which browser did you run? Can you please test Chrome and Firefox? Alternatively, run Eddie Android edition. It is fully integrated with AirVPN so you can get rid of configuration files. https://airvpn.org/android/ Kind regards

Hello! From your description it looks like Eddie starts minimized. Check the system tray (click the up arrow to see hidden icons) for Eddie's tray icon, a small cloud in a circle. Double-click on it to bring up Eddie main window. Kind regards

@unn4m3d @BKK20 Your consideration can not be agreed upon, as micro-routing fights censorship as well as end-to-end connectivity principle infringements by bypassing, when possible, third-party blocks. We are seriously considering to offer an option to disable micro-routing. Remember that those trackers (and any service in general) which block our NL VPN servers will become completely unreachable with micro-routing disabled.