Staff

@dr_kristau Thanks, let us know. With Wireguard the performance loss you get with CHACHA20 in an AES-NI supporting CPU is more than compensated by the fact that Wireguard runs in the kernel space, while OpenVPN in the userspace (and does not scale in multicore processors). You will not get the same Wireguard performance with OpenVPN CHACHA20 in your Celeron, because of that very fact. In our infrastructure, anyway, even with Wireguard, you should not expect more than 400-500 Mbit/s, because no server usually has more than 800-900 Mbit/s free (things might change in the future with 10 Gbit/s line per single server). Kind regards

@dr_kristau Hello! it's strange that the router has a peak of 85 Mbit/s in upload and 17 in download. It makes us think about traffic shaping in download. Do you have your ISP traffic shaping (or traffic management) policy? By the way, with that configuration OpenVPN 2.5 will not negotiate CHACHA20 on the Data Channel. If you check the log, you should see that you're still with AES-256-GCM. Modify in the following way: delete line cipher CHACHA20-POLY1305 add lines: data-ciphers CHACHA20-POLY1305 data-ciphers-fallback AES-256-CBC Check in the log that OpenVPN 2.5 uses CHACHA20 in the Data Channel. You should see: Yes. 310 Mbit/s with an i7 and AES-256-GCM is expected. It means 620 Mbit/s on the server and it's more or less what we detect from a fiber line in Italy. We managed to beat that performance on the client side toward our VPN servers only from dedicated lines of dedicated servers. Even 85 Mbit/s with the Celeron in AES-256-GCM sound quite reasonable. It remains to be seen why the router in download becomes so sluggish (17 Mbit/s instead of 85 Mbit/s). Finally, feel free to let us know the performance you will get with CHACHA20, we're curious to see what happens with a Celeron. Kind regards

@dr_kristau Hello! Yes, AES-256-GCM is computationally hard for non AES-New Instructions supporting CPUs. Also consider that OpenVPN 2 does not scale and runs in a single thread of a single core, in the userspace. You have a very slight performance improvement when OpenVPN is linked against mbedTLS and not OpenSSL, but it's not really essential.. With your Celeron you should get significant performance improvement with CHACHA20-POLY1305 cipher for Data Channel. For that, you will need OpenVPN 2.5 or higher version (OpenVPN 2.5 stable version was released yesterday). We have completed deployment of OpenVPN 2.5 on all servers now and while we restart the daemons, more and more VPN servers will offer CHACHA20-POLY1305 on both Data and Control Channel. At the moment, you can have CHACHA20-POLY1305 on the servers marked as "Experimental". Remember that OpenVPN 2.5 or higher version is required, as older versions do not support CHACHA20 on Data Channel. Kind regards

Hello! TLS 1.3 is only available on experimental servers, and only on those servers where OpenVPN 2.5 is linked against OpenSSL, because mbedTLS does not support TLS 1.3. When we deploy OpenVPN 2.5 on all servers, it will be linked against OpenSSL, so TLS 1.3 will be available on all servers Keep in mind anyway that, so far, TLS 1.3 with OpenVPN is inessential. Kind regards

Hello! On a 1 Gbit/s fiber line in Italy which does not suffer traffic shaping we record about 330 Mbit/s with Hummingbird and an Intel i7 (in a Fedora 32 system), with AES-256-GCM on Data Channel and connections to Belgium and the Netherlands servers. Hummingbird uses OpenVPN3 linked against mbedTLS, but we record same performance with OpenVPN 2 linked against OpenSSL. Similar, consistent speeds are recorded by many users. Consider that we have in particular a couple of customers who connect only from dedicated servers and keep their speed (with OpenVPN 2 or 3) constantly at 480 Mbit/s (i.e. 960 Mbit/s on the server). What are your system, CPU, OS? Are you sure that your ISP does not enforce traffic shaping and that your CPU is not the bottleneck? Have you tested several servers to maximize likelihood of good peering between your ISP and our transit providers? Kind regards

Hello! We reluctantly have to announce gloomy news to you all: Spooky Halloween Deals are now available in AirVPN... Save up to 74% on AirVPN longer plans (*) (*) When compared to 1 month plan price Check all plans and discounts here: https://airvpn.org/plans If you're already our customer and you wish to jump aboard for a longer period any additional plan will be added on top of already existing subscriptions and you will not lose any day. Every plan gives you all the features that made AirVPN a nightmare for snoopers and a scary service for competitors: active OpenVPN 3 open source development ChaCha20 cipher on OpenVPN Data Channel for higher performance and longer battery life on tablets and smart phones IPv6 support, including IPv6 over IPv4 configurable remote port forwarding refined load balancing to squeeze every last bit per second from VPN servers free and open source software for Android, Linux, Mac and Windows easy "Configuration Generator" web interface for access through third party software guaranteed minimum bandwidth allocation GDPR compliance and very high standards for privacy protection no log and/or inspection of clients' traffic effective traffic leaks prevention by AirVPN software Tor support via AirVPN software on Linux, Mac and Windows various cryptocurrencies accepted without any intermediary crystal clear, easy to read Privacy Notice and Terms https://airvpn.org/privacy No tricks, only treats! Grim regards & datathrills AirVPN Staff

@183aTr78f9o @shaunography Hello! Can you post your Hummingbird log taken just after the problem has occurred? Kind regards

@MyAirVpnDotOrg Hello! From the FAQ answer: It sounds clear, as ports of different nodes (such as your router network interface ports) do not enter into play in the sentence. Maybe you don't know what a port is, hence the confusion, and here we have a problem: if we started to explain networking basics on the FAQ answers, they would risk becoming heavily pedantic and mainly useless.. Check https://en.wikipedia.org/wiki/Port_%28computer_networking%29 Feel free to add your suggestions. Kind regards

@Krebbin Hello! How to sideload and then install an APK in a Sony Bravia TV: https://community.sony.co.uk/t5/android-tv/faq-how-to-sideload-apps-on-android-tvs/td-p/2347365 Eddie APK can be downloaded by following the instructions (link provided in our earlier message: https://airvpn.org/forums/topic/29660-using-airvpn-with-eddie-client-for-android/) Enjoy AirVPN! Kind regards

@Krebbin Hello! Eddie Android edition works just fine in Sony Bravia TVs but you must side load it, after you have downloaded the APK. Once you run Eddie you don't need profiles anymore, or you can have Eddie generate profiles directly in the TV. Check here: https://airvpn.org/forums/topic/29660-using-airvpn-with-eddie-client-for-android/ Kind regards

Hello! We inform you that in the next days server Pisces will change IP addresses. We are upgrading server hardware and in this case IP address change is necessary. Server name, datacenter provider and transit provider will not change. If you run Eddie, the change will be automatically acknowledged. If you use some OpenVPN profile pointing specifically to Pisces, you will need to re-generate it when the switch occurs. Kind regards & datalove AirVPN Staff

Hello! Please check also: https://nguvu.org/pfsense/pfsense-multi-vpn-wan/ Additional ideas, information and detailed instructions to implement pfSense multiple VPN WAN with AirVPN servers, allowing fail-over and load balancing. Kind regards

If you have a proposal of a custom list aimed at blocking domain names, please open a discussion in this forum and provide: Name Description License A raw URL which our system can fetch from periodically in order to build the list It can be either a classic hosts file or a plain list of domain names. In these cases, every domain name is blocked.. Our system can also support a list which returns custom DNS records. Contact us if you want to publish a list of this kind to coordinate with us the file format. Lists that become more huge than 100.000 entries or block domains under our control-list will be automatically disabled. Community lists will be shown in "Lists - Third Party" inside "Client ⇨ DNS" section, opt-in available to AirVPN users. Developers can also obtain lists via "Client ⇨ API" section.

Hello! We are considering to wipe out session archive. Kind regards

@Jamertol  Hello! If a port does not exist there's physically no way to have some host process reached via that port (it seems you don't know what a port is, check it out). It's not a matter of bugs, it's a physical limitation in the code as the host lacks the information to process and assign the packet to any process. That's possible. Can you (or somebody else) make an example showing that the option would be useful and not an over-complication? We can't think of any, but If the reason is good, we can seriously think about adding the option(s). Kind regards

@Jamertol Hello! "VPN Lock" option, which is enabled by default, may be the cause of what you report. It's aimed to preventing traffic leaks outside the VPN tunnel when an unrecoverable connection error occurs. If Eddie allowed automatic re-connection it would also allow potential traffic leaks. You can disable "VPN Lock" in "Settings" and have Eddie re-connect automatically with no human intervention. Note that traffic leaks become possible. The exclusive "VPN Lock" feature is very important in Android 8 and older versions. With any other OpenVPN based application you routinely have traffic leaks. We prefer to offer Eddie Android edition with traffic leaks prevention enabled by default at the moment. In Android 9 and 10 you can prevent traffic leaks through system settings. When traffic leaks are prevented by the system, "VPN Lock" option becomes useless and even uncomfortable for the reason you mention. Once you have enabled traffic leaks prevention in system settings, you can disable "VPN Lock" option safely and have Eddie re-connect automatically (no user's action is required) with no traffic leaks at all. Kind regards

@giganerd You often have a price per star. We don't know about a price per mouse/tree or whatever With them, we have had absolutely no request (otherwise you would not have seen the review, as you know we don't pay for bogus reviews). The journalist even contacted us to inquire and clarify various points, some weeks ago. This is a problem of ours which we need to face. You CAN enter a non-existent e-mail address, but you can NOT enter nothing. You can not even enter a bogus address if you don't include a "@" and a dot in the chars after the @. So noneofyourbusiness@mindyourbusiness is not accepted, but nonefoyourbusiness@mind.yourownbusiness is. So, the conclusion of the journalist is trivially wrong in this case, but we were complicit to make him reach the wrong conclusion, our bad. Kind regards

@curhen57 Just a quick preamble to make you notice that Italy is not one of the "Five Eyes countries". However it is one of the Fourteen Eyes country. It's not very relevant when servers are not based in Italy (but, like any other VPN service, we do operate or own servers even in the USA, the apparent champions of illegal wiretapping!). Remember that, no matter how powerful an entity is, it can't get data that we don't have. So do not enter personal data in your VPN account, pay with anonymous methods (we accept Monero too and without intermediaries!) and so on and so forth. We guess we are the only VPN service in the world that accepts many different cryptocurrencies without intermediaries. An intermediary can crumble all the privacy and anonymity layer of a cryptocurrency transaction nowadays: most cc payment processors now collect your data and many do not even allow transactions if you don't send them an ID document etc. The majority of Tor nodes are in the Fourteen Eyes countries too. We have written a lot on how to defeat a powerful adversary (in short: jump to Tor not from your node, but from a VPN server located in a country different than the one you are living in), but of course if you are a specific target the easy way for the powerful adversary is breaking your own system, so that any encryption and all that jazz become irrelevant. It's hilarious (or maybe sad) that a lot of people worry about intelligence data exchange and co-operation while they use routinely and with peace of mind Windows, Mac, Android, iOS or some archaic Linux distribution! About NordVPN mining personal data, we were aware that they implemented several trackers usage in their Android application which collected personal information and sent it out to third parties without your consent in the past, are you aware of anything else about data mining issue with them? AirVPN is the oldest VPN around (between the mainstream ones) operating since 2010 (and at least an AirVPN founder had experience with VPN and Tor since late 90ies). During these 10 years, can you mention about AirVPN a single case of identity disclosure imputable to AirVPN logging or storing personal information? There are cases for various "no logging" VPNs around, but we challenge you to find one about AirVPN. About local data mining (enforced by many VPN software, unfortunately, what a shame) can you find any line of code in our software (it's open source, so anyone can check), now or in the past, aimed at sending personal information to ourselves or any third party? Kind regards

@curhen57 Hello! Combining Tor over OpenVPN provides you with remarkable benefits. Some examples: you tunnel efficiently UDP, which Tor alone can't handle you tunnel at least over the VPN any system process with high privileges binding without your knowledge you hide your Tor traffic to your ISP and government (really relevant but only in some countries) you exit from the VPN server to enter a Tor circuit (Tor circuits are re-built normally, the fixed circuit problem is relevant in OpenVPN over Tor) you can split traffic to balance load, aggregate bandwidth etc. you can use protocols which are not welcome, not recommended, not usable or too sluggish on Tor network (one example on the next point) you can use BitTorrent (and any other software which behaves similarly or relies on STUN) without risking your real IP address is revealed, as it may happen (and it happened) with Tor alone https://blog.torproject.org/bittorrent-over-tor-isnt-good-idea?page=0 This is false with Tor over OpenVPN for very obvious reasons (speaking of which, if it was true then the correlation would be absolutely identical and successful with your ISP IP address!). With OpenVPN over Tor of course you have a fixed circuit because Tor does not change circuit for the same TCP stream and that's an issue to seriously consider. Therefore OpenVPN over Tor may be a starting point to use Tor over itself and establish "dynamic" circuits (a new one for each stream) over a VPN tunnel over a fixed Tor circuit. In this way you have all the advantages given by Tor while our VPN servers do not come to know neither your real IP address nor your real traffic origin and destination (the price to pay is another performance hit). Anyway use it only if you understand perfectly what you are doing, otherwise rely on Tor over OpenVPN and forget about OpenVPN over Tor. That's the most astonishing thing since sliced bread. 😱 Anyway it is exactly what would happen after a Tor exit node, or after your ISP nearest DSLAM, just to say, if you hadn't end-to-end encryption. The external, first encryption layer of Tor or OpenVPN or your router MUST be wiped out, otherwise how would the final recipient understand your data? By the way HTTP is disappearing so it does not apply much to web traffic. We think that nowadays lack of end-to-end encryption should not be tolerated, and actually we see important steps toward that. That said, we strongly support Tor (during 2018 and 2019, more than 2.5% of the global worldwide Tor traffic transited through exit-nodes financed by us) and we recommend to use it with and without VPN. Tor network access remains totally free for anyone especially thanks to those people who run at their expenses (money, time, legal issues) Tor exit nodes, just like AirVPN staff does. Kind regards

@hydrotux Yes, but some services restrict streaming to IP addresses assigned to residential ISPs. Any IP address, even geo-located in Italy, not assigned to some residential ISP is treated as a foreign address. That said, RAI programs are perfectly accessible from all of our VPN servers. Kind regards

Problem resolved in Eddie 2.18 and higher versions. Kind regards

@Flx No reboots have been recorded and no daemons have been restarted. However some Amanah servers have suffered a line blackout at ~ 3.30 AM (UTC) for several minutes. We also see that the problem was sorted out just before 4 AM. During the blackout they could not communicate at all. It might be the problem you mention. Check the real time server monitor and when you mention time remember to specify time zone. No communications from Amanah so far. Kind regards

@Flx You can check anytime the issue history of each server in the real time server monitor by clicking a server's name. We think no peculiar problems affected our servers in Amanah at the time you mention but check yourself. https://airvpn.org/status Kind regards

@NLVPN Hello! Also consider that you can have robust load balancing with a pfSense (and in general *BSD) box and AirVPN: https://nguvu.org/pfsense/pfsense-multi-vpn-wan/ Kind regards

@Maggie144 Hello! Eddie development will be re-opened soon, to align Edie with latest AirVPN library, improve general usability and comply to the future November 2020 Google requirements. Kind regards