Staff

19 minutes ago, kbps said:

On 10/29/2021 at 7:30 PM, mith_y2k said:

Hi, I want to make sure I understand correctly your answer linked here: are you saying that AirVPN servers will remove the client ip every 10 minutes from memory but that the wireguard client will preserve it or are you saying the Wireguard team will have the client ips indefinitely?

I too am confused as to where and why the user's IP address is stored permantly.  I understand that while connected to Air servers, the user IP address will be known.  Why is this not purged from the Air after disconnect or server change?

Hello!

Keeping permanently the client IP address is a WireGuard feature, see also https://airvpn.org/faq/wireguard

That's why we force a purge of the real IP address. "In AirVPN servers, if no handshake has occurred within 180 seconds, the peer is removed and reapplied. Doing so removes the real IP address from server memory.". Note that 180 seconds are not 10 minutes. If that's not acceptable you must not use WireGuard, keep using OpenVPN, which will get rid of the client IP address by itself (no need of active deletion).

About the VPN IP address, which is another privacy problem, we invite to read the above linked FAQ answer.

Kind regards
 

3 hours ago, benfitita said:

I can imagine some users might switch back to airvpn.org when they see this page. It might make them think .dev is broken. Then again probably most people don't use .dev anyway.

Hello!

We don't think they don't understand because the error message seems clear.
 

Quote

Could you maybe make it more user friendly and add a sentence explaining why this is disabled and what to do?

You're asking to delete the reason of existence of airvpn.dev. Explanation can be found in the specs page: "airvpn.dev web server configuration provides a hardened security configuration to get a rating aiming to 100% (Qualys SSL Labs, CryptCheck) which sacrifices compatibility with older systems and browsers (example: Android 6 will not connect)."

Kind regards
 

3 hours ago, benfitita said:

I'm pretty sure it twice started working after I turned off ads blocklist. I suppose I can play with forwarding DNS through unbound  to see what queries are failing when I open App Store and then add those to the whitelist. Still I'd prefer to have this sorted out for all users, especially new ones. 

Hello!

This is not an issue, so there's nothing to be sorted out for any user. Various apple.com subdomains, such as advertising.apple.com and banners.itunes.apple.com, are blocked by the "Ads & Trackers block list", which is a merge of public lists not compiled by us. Please remember that we do not add blocks by ourselves whatsoever. The blocks do not seem to affect Apple Store, though, as confirmed by other users at the moment. Please be aware, however, that Apple may block access to Apple Store from VPN and Tor. This happened already in the past, even to ProtonVPN, so we can't rule out that some of our servers are already blocked by the Apple Store.

If you don't think that Apple advertising is advertising or anyway the list disturbs you, you should not enable this anti-ads list, or you can add exceptions. When you click "LIst", all the blocked domains are shown. Quickly search for "apple.com" and you will see immediately which subdomains are blocked. You can also propose some other block list against advertising which does not block advertising by Apple, if you can find one.

Kind regards
 

@rohko

Hello!

No, it's not implemented. Float has remained non functional on server side for 8-9 years and we lost interest, so we don't know if they have patched it recently, see also:
https://community.openvpn.net/openvpn/ticket/49?__cf_chl_jschl_tk__=pmd_yzGy8a2GqeOej9TBOdABZf81gch.hzGsPQGiNPHhyfg-1635686027-0-gqNtZGzNAiWjcnBszQal

Kind regards
 

@benfitita

Hello!

Technically it would be possible, but we don't want to make it possible, because airvpn.dev is meant to comply to higher security features. Copy the URL and paste it into your browser bar.

Kind regards
 

@amw

Hello!

Bug noted, under investigation, thank you!

Kind regards
 

Hello!

Can you please also test Eddie 2.21 beta and check whether the crash persists? Feel free to report any problem here:
https://airvpn.org/forums/topic/49638-eddie-desktop-221-beta-released/

In the above linked thread you can also fine instruction on how to download latest Eddie beta version.

Kind regards
AirVPN Support Team
 

@rohko

Hello!

We have not examined or tested the method you suggest, we're sorry. By the way, from the OpenVPN 2.4 manual:

--mark value

Mark encrypted packets being sent with value. The mark value can be matched in policy routing and packetfilter rules. This option is only supported in Linux and does nothing on other operating systems.
 

https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/

Kind regards
 

@mith_y2k

Hello!

First, there is no WireGuard team which comes to know anything about our data and our customers' data.

Our system will wipe out the public IP address within the specified amount of seconds if, during that time frame, no packet is exchanged between server and client.

About the private IP address in the VPN, you need to act by yourself when you want to destroy the correlation between your account key and your account private IP address, in the way you can read on the FAQ answer.

Kind regards
 

Hello!

So far, the All Time High measured with multiple HTTP streams and in a way that line, CPU and peering could not be bottlenecks, and in an agnostic network, are 717 Mbit/s with OpenVPN and 864 Mbit/s with WreGuard. Your claimed peak of 1064 Mbit/s is a new record. Of course some hardware can have more gain, other almost nothing, and other could even have lower performance with WireGuard, as we have seen experimentally.

Remember: use WireGuard only when you have understood perfectly the privacy issues it poses and you are sure that they are not a problem for your threat model.

Kind regards
 

1 hour ago, pfolk said:

is 'wireguard' an experimental feature ?

Hello!

Yes, it's in public beta testing. If you want to test it, please read here:
https://airvpn.org/forums/topic/49877-wireguard-beta-testing-available/

Kind regards
 

17 hours ago, go558a83nk said:

I got this with the new wireguard implementation.

https://www.speedtest.net/result/12249912075.png

New record so far!

Kind regards
 

@OpenSourcerer
@yoyall

Hello!

You can use the list to bypass illegal seizures by ICANN (for example via ICE orders). This happened in the past, when domain names were seized in infringement of EU court decisions and inaudita altera parte (the right to have a legal defense was canceled and the seizure occurred without any judicial overview), so those seizures were illegal under every point of view. Not real news for USA "justice" (???) system. In the last years we have not heard anymore of illegal seizures, but we guess that the precedents are set so they can happen again potentially.

Therefore, that's the only list which is not a "block list" whatsoever, quite the contrary. We apologize for the ambiguity.

If you have information about seized domains which are not in the list, and the correct IP address they should resolve into, please let us know.

Kind regards
 

@Spyker

Hello!

It will appear only when you select Wireguard and you can select Wireguard only if you enable "Beta features" from your account "Client Area" panel.

Kind regards
 

48 minutes ago, go558a83nk said:

I got this on my pfsense box just now . Very nice. . May have even been a little limited by my traffic shaper

https://www.speedtest.net/result/12249912075.png

New All Time High throughput! Record! Congratulations! Feel free to add it here:
https://airvpn.org/forums/topic/48234-speedtest-comparison/

Kind regards
 

@Spyker

Hello!

It's outlined on step 2: after you have picked Android as system and you have defined your favorite settings, click "Generate" and the QR code will appear. On step 3 you can read how to scan it from the WireGuard app.

Kind regards
 

@zsam288

Hello!

Just an additional check: make sure that the "device" (client certificate/key pair) you use in your Android device has the correct DNS block settings. Since you can define different lists (or no lists) for each "device", it's worth a verification.

Kind regards
 

Hello!

We reluctantly have to announce _gloomy news to you all: _{Spooky Halloween Deals} are now available in _AirVPN...
 

 

Save up to 74% on AirVPN longer plans (*)
(*) When compared to 1 month plan price

 
Check all plans and discounts here: https://airvpn.org/plans

If you're already our customer and you wish to jump aboard for a longer period any additional plan will be added on top of already existing subscriptions and you will not lose any day.

Every plan gives you all the features that made _AirVPN a _nightmare for snoopers and a _scary service for competitors:
 

• a clear mission without compromises https://airvpn.org/mission
• active OpenVPN 3 open source development
• WireGuard support
• exclusive and very flexible, opt-in block lists against malware and other hostile entities. Pick pre-defined lists, add exceptions or additional blocks, or just use our totally neutral DNS by default
• ChaCha20 cipher on OpenVPN Data Channel for higher performance and longer battery life on tablets and smart phones
• IPv6 support, including IPv6 over IPv4
• configurable remote port forwarding
• refined load balancing to squeeze every last bit per second from VPN servers
• free and open source software for Android, Linux, Mac and Windows
• easy "Configuration Generator" web interface for access through third party software
• guaranteed minimum bandwidth allocation
• GDPR compliance and very high standards for privacy protection
• no log and/or inspection of clients' traffic
• effective traffic leaks prevention by AirVPN software
• Tor support via AirVPN software on Linux, Mac and Windows
• various cryptocurrencies accepted without any intermediary
• no obligation to use our free and open source software to enter AirVPN infrastructure. Interoperability is an AirVPN priority.
• perfectly clear and easy to read Privacy Notice and Terms https://airvpn.org/privacy

No tricks, only treats!

_{Grim regards & datathrills
AirVPN Staff}

@zsam288

The current version of WireGuard does not support DHCP, so not even DNS push. The server has no way to tell your client which DNS it should set. We do include a directive in the WireGuard configuration file to use the proper DNS, though. Have you generated the configuration file with our Configuration Generator? If so, can you please check the directive starting with "DNS=" ?

Kind regards
 

@zsam288

When the network is not neutral you can have all sorts of differences according to how traffic shaping is enforced. For example, if UDP were to be heavily shaped and de-prioritized, or blocked, you couldn't use WireGuard but only OpenVPN with TCP as transport layer.

In our infrastructure the best download performance we could achieve from a single client when line, peering, CPU and server load and bandwidth availability were not for sure bottlenecks and in total absence of any type of traffic shaping have been 715 Mbit/s (1430 Mbit/s on the server) with OpenVPN 2.5 / OpenVPN AirVPN 3, and 654 Mbit/s (1308 Mbit/s on the server) with WireGuard.

Kind regards


 

@zsam288

Hi,

since the feature is strictly AirVPN DNS related, check your system DNS settings when you use WireGuard and make sure that VPN DNS is queried. What are your Operating System name and version, and which application do you run to connect via WireGuard?

Kind regards
 

Hello!

UPDATE 2022-05-02 BETA TESTING HAS BEEN COMPLETED. WIREGUARD ACCESS IS NOW AVAILABLE TO ANYONE AND CONSIDERED STABLE IN AIRVPN INFRASTRUCTURE

Hello!

We're glad to announce the beginning of WireGuard beta testing in AirPVN infrastructure.

In order to test WireGuard, go to Client Area ⇨ Preferences and activate Access to BETA Features. This will allow you to see specific guides and options pertaining to WireGuard.

About privacy concerns, we wrote a FAQ answer here . Please make sure to read it.

WireGuard with Eddie
If you want to use Eddie, go to download page of your OS, and click Other versions ⇨ Experimental in Eddie download pages.
Linux note: Eddie doesn't recognize WireGuard until it is present at kernel level. Use cat /sys/module/wireguard/version to check your WireGuard kernel module. Wireguard will be available in Preferences > Protocols window (logout and login from Eddie's main window might be necessary).

WireGuard without Eddie
Otherwise, for official WireGuard app/binaries, see the guides below:

• Windows - with official WireGuard app (GUI) ⇨ https://airvpn.org/windows/wireguard/gui/
• macOS - with official WireGuard app from App Store (GUI) ⇨ https://airvpn.org/macos/wireguard/appstore/
• macOS - with Homebrew, terminal ⇨ https://airvpn.org/macos/wireguard/homebrew/
• Linux - with official WireGuard from your distro, terminal ⇨ https://airvpn.org/linux/wireguard/terminal/
• iOS - with official WireGuard app from App Store (GUI) ⇨ https://airvpn.org/ios/wireguard/appstore/
• Android - with official WireGuard app from Play Store (GUI) ⇨ https://airvpn.org/android/wireguard/playstore/

The guides above will be also shown in Download section when Beta Features option is checked.

Notes:

• We will add other connection ports, suggestions are welcome.
• We automatically generate WireGuard keypair (and preshared-key), and assigned IPv4/IPv6 addresses, for any device, no action required.

Kind regards & datalove
AirVPN Staff

@zsam288

Hello!

Please try again now.

Kind regards
 

1 minute ago, zsam288 said:

I cant find the per device dns setting on the devices details page?

Hello!

In the Devices page click the "Details" button pertaining to the "device" you wish to modify, then click the "DNS" button. You will be directed to the DNS page. Configure your favorite blocks in the block list page. The settings you define will be reserved to that "device" (i.e. to that certificate/key pair).

Kind regards