Staff

Hello Staff,
 
Of course I would like to test, but not at the moment.
First get OpenSuse Slowroll running properly.
Despite the fact that I have been using Linux for a while, I still find some things very difficult.
Including airvpn sometimes.
I will do my best, though.
nice 2025,
Colorman

@Visentinel

According to a preliminary and very quick legal analysis the Act can be used to charge USA citizens and any company operating in the USA (even non-USA companies, of course) with civil and criminal liability for using Tor, VPN, proxy services, Bitcoin and various open source tools which facilitate encrypted communications to bypass any kind of censorship. Apparently, the language picked for the Act allows to enlarge and broaden the scope of the Act at will. Should the Act be approved as it is, and should the will to enforce it in the broader sense is strong, it is possible that there is no future for the Tor Project and consumers VPN in the USA, if not underground. Simply accessing the Bitcoin blockchain to transfer coins may be easily included as a forbidden action by the Act scope.

We underline that all of the above is based on a preliminary legal analysis, which may change after more thorough examination.

Sources. Wikipedia: https://en.wikipedia.org/wiki/RESTRICT_Act
Vice: https://vice.com/en/article/4a3ddb/restrict-act-insanely-broad-ban-tiktok-vpns
Decrypt: https://decrypt.co/124892/coin-center-restrict-act-ban-bitcoin
Official current draft: https://www.congress.gov/bill/118th-congress/senate-bill/686/text?s=1&r=15

We're open to more discussion, opinions and legal analysis.

Kind regards
 

Hello!
 
Microsoft has confirmed that the April 2024 security updates (KB5036893 in particular) for Windows 11,  Windows 10 and Windows Server have introduced bugs that cause various problems related to VPN (all protocols, including the pre-installed IPsec). A reported problem is that multiple VPN interfaces appear on affected systems as they accumulate at each session. The bugs should have been fixed with the latest updates: can you please make sure that your Windows system is up to date, just in case the problem is caused by the mentioned update?

Kind regards

Hello!

The performance you get is good, especially if you consider that you have packet errors when you connect over UDP. The fact that you get much better throughput on a specific port with the same protocols hints to traffic shaping by the ISP.

The setup is safe provided that you add some measure against traffic leaks, please make sure that you enable Network Lock if you run AirVPN software. On top of that, you may also consider to bind the torrent software (if a bind option is available in your torrent program settings) to the VPN interface you mentioned.

Kind regards
 

actually that log is them trying UDP entry 3 and then TCP and SSH and SSL.  none of them worked.  so, yes, chances are some software is blocking the connection.

Hello!

Very interesting analytical and investigative work by Windscribe disclosing ties (even hidden ones) between VPN companies, publishers, review web sites. Click on node icons to read more details. Very sinister situation at a glance. Note for example how Crossrider (now Kape), well known malware company co-founded by a member of israeli Defense Forces Unit 8200, nowadays controls major VPNs and review web sites:
https://embed.kumu.io/9ced55e897e74fd807be51990b26b415#vpn-company-relationships/control-d

Kind regards
 

@nan0tEch

Hello!

Try the following: enforce mssfix n directive (n is in bytes). This directive tells OpenVPN to split TCP packets (inside the UDP tunnel) larger than n bytes. This directive may resolve MTU size problems. Try for example with mssfix 1320 if your connection is via Ethernet or WiFi if you have an asymmetric line (ADSL etc.), make sure that the maximum allowed upload bandwidth of the torrent software does not "choke" the throughput. To stay on the safe side, limit (from its own settings) the torrent software to use at most 66% of your available upload bandwidth Check any combination of the above attempts (only 1, only 2 and both 1 and 2).

Kind regards
 

Got it properly working with specifying these two variables if anyone is stuck as I were:
- SERVER_COUNTRIES=Canada
- SERVER_CITIES=Montreal

Now it all routes through Gluetun and port forwarding works in test client area and https://www.yougetsignal.com/tools/open-ports/.

Thanks a lot guys, happy holidays, lots of health above everything else to you and your families!

Hello!

In the early stages, the names were taken from the constellations. A little later, from constellations and stars, and finally only from stars. We have exceptions in Tokyo: two servers are named after imaginary planets from Space Battleship Yamato and UFO Robot Grendizer.

Kind regards
 

Version 2.24.5 (Tue, 10 Dec 2024 12:34:03 +0000)
[bugfix] [macOS] Fixed an issue preventing WireGuard detection. [bugfix] [all] Fixed an issue that could cause a connection loop with "executable not allowed" appearing in logs. [change] [linux-deb] updated dependencies from "policykit-1" to "pkexec | policykit-1". [change] [all] Applied minor fixes
We are confident that we will switch this version to stable very soon.
Other reported issues (Exit IP detection, stats at 0, and other minor things) are under investigation and will be fixed in the upcoming version 2.25.x.

Hello!

We post the reply to your ticket by the support team for the reader's comfort.
 
====
Hello and thank you for your choice!

We do not think that the problem can be approached and resolved through OpenVPN configuration files. We would consider policy based routing on the router. In this way you can configure each specific device behind the router to have its traffic routed through the proper tun interface or even through the WAN (outside the VPN, therefore). Please check the documentation.
An overview of the Policy Based Routing (PBR) utility:
https://openwrt.org/docs/guide-user/network/routing/pbr
 
A specific approach to achieve the setup:
https://search.brave.com/search?q=openwrt+policy+routing+for+multiple+OpenVPN+client+connections&summary=1&conversation=f943dbcf532434cd689c65

Kind regards
AirVPN Support Team
====

Kind regards
 

Hello!

In the early stages, the names were taken from the constellations. A little later, from constellations and stars, and finally only from stars. We have exceptions in Tokyo: two servers are named after imaginary planets from Space Battleship Yamato and UFO Robot Grendizer.

Kind regards
 

Comment from AirVPN Staff:

this guide has been written by NaDre. It is rich, well detailed, explanatory and also very useful for related arguments. It has been tested as fully working by a member of the staff on a Windows 7 64 bit system. If you don't need the anonymity layer for all of your traffic, traffic splitting is for you. IGNORE this guide and do NOT proceed if you wish the usual anonymity layer that protects all of your system Internet traffic.
 
Thank you Nadre!

Original thread:
https://airvpn.org/topic/9491-guide-to-setting-up-vpn-just-for-torrenting-on-windows/



This guide may still have typos. Parts may not be very clear. More explanation may be needed in some places. If you have feed back, please just post in the original thread.

==============================================================
Table of Contents
Guide to Setting Up VPN Just for Torrenting on Windows - Part 1
Purpose and Goals
IP Interfaces and Routing Table
Installing OpenVPN
IP Interfaces Before Install
Routing Table Before Install
IP Interfaces with VPN Down
Routing Table with VPN Down
Configuring OpenVPN to Access Servers
IP Interfaces with VPN Up
Routing Table with VPN Up
Comparison of Routing Table with VPN Up Versus Down
Setting Up Port Forwarding
A Very Active Copyright Free Torrent to Test With
Checking That the VPN Is Working
Guide to Setting Up VPN Just for Torrenting on Windows - Part 2
Routing Table Functionality
Advanced Set Up for Windows XP
Set Up for Windows XP Firewall
Routing Table Change to Block Outgoing Native Traffic
Advanced Set Up for Windows Vista and Windows 7
Set Up for Windows Firewall with Advanced Security
Rules for Incoming Connections
Rules for Outgoing Connections
Specifying the Properties for a Firewall Rule
Set Up for Torrent Clients
Setting IP Interface for uTorrent
Setting IP Interface for Vuze
Routing Table Changes to Restore Native Gateway
==============================================================

Guide to Setting Up VPN Just for Torrenting on Windows - Part 1

Purpose and Goals

This guide is about setting up a VPN service on Windows using AirVPN.

The goal here is to use the VPN only for torrent clients and the normal gateway for all other activities. (Staff note: if you do not understand this sentence STOP HERE, you probably don't need this guide) This way my normal activities are not impacted (Staff note: it's important that you understand that with this guide the "normal activities" will NOT be tunneled and therefore NOT anonymized in any way!) by:
reduced effective bandwidth detectable delays in response while browsing due to increased latency ("latency" is the time it takes for a packet to transit) security panics by sites I use that worry about security when my apparent location in the world changes I am using Windows 7. But this guide also discusses XP and Vista. Details are provided below. Here is a summary of what I do on Windows 7.

I use the VPN only for my torrent clients.

To achieve this, I override the "0.0.0.0/128.0.0.0" and "128.0.0.0/128.0.0.0" routing table entries set up by the OpenVPN client with "0.0.0.0/192.0.0.0", "64.0.0.0/192.0.0.0", "128.0.0.0/192.0.0.0" and "192.0.0.0/192.0.0.0" entries to use my normal gateway for most activities. I have two .bat files that allow me to quickly insert or delete these in order to use the VPN for web browsing when I want to.

I also then need to tell my torrent clients (uTorrent and Vuze are discussed in this guide) to use the VPN interface, since it will now not be used by default. For Vuze one can specify the interface. But for uTorrent one has to specify the IP address.

So long as I continue to use the same AirVPN server, since my DHCP license is for a year I do not need to change the uTorrent configurations. If I wish to change the AirVPN server, I have to change IP address uTorrent uses. This is not a lot of work. At the time of writing, AirVPN does not allow one to have a fixed local IP address for the VPN interface, otherwise this could be avoided.

I also configure Windows firewall to block all traffic from torrent clients using the default gateway. So if the VPN goes down, even if Windows decides to ignore the request to bind to a specific interface/IP and bind to my default gateway (apparently Windows may do this?), nothing leaks out using my own IP address.

Although I am using Windows 7, I have tried setting up a similar scheme to mine using Windows XP and Windows Vista, in the hope of making this guide more useful. I suspect many people are still using XP and Vista. I succeeded in this goal for Vista. However for XP, I was not able to achieve the goal of using the native interface for normal activities while using the VPN for the torrent clients.

I describe the results below. For examples, I use the earliest version of Windows possible, since the examples are often simpler that way, and you should be able to adapt the information to a later release easily.

I try to make minimal assumptions about the readers background, in the hope that this will be useful to non-technical readers. To this end, I try to explain the role of IP interfaces and the routing table in networking and how to obtain important information about these.

All screenshots can be enlarged by clicking on them individually.

IP Interfaces and Routing Table

In a couple of places in what follows I use two commands at the the Windows "Command Prompt" to reveal some useful things about what setting up a VPN does in terms Windows IP interfaces and the Windows routing table. The commands are "ipconfig/all" and "route print".

Installing OpenVPN

Get the "community" version of the unaltered OpenVPN client:

http://openvpn.net/index.php/open-source/downloads.html

If you have a the 64-bit version of Windows then get the 64-bit version of OpenVPN - "openvpn-install-?-x86_64.exe". But if you do not have 64-bit Windows use the 32-bit version - "openvpn-install-?-i686.exe".

Before you install it, use the "ipconfig/all" and "route print" commands at a Windows command prompt. You will get something similar to this:

IP Interfaces Before Install
C:\Documents and Settings\user>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : xp Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter Physical Address. . . . . . . . . : 00-0C-29-A2-B9-61 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.69 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.254 DHCP Server . . . . . . . . . . . : 192.168.1.254 DNS Servers . . . . . . . . . . . : 192.168.1.254 75.153.176.1 Lease Obtained. . . . . . . . . . : Wednesday, March 06, 2013 2:05:50 PM Lease Expires . . . . . . . . . . : Thursday, March 07, 2013 2:05:50 PMRouting Table Before Install
C:\Documents and Settings\user>route print =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 0c 29 a2 b9 61 ...... AMD PCNET Family PCI Ethernet Adapter - Packet Scheduler Miniport =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.69 10 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.1.0 255.255.255.0 192.168.1.69 192.168.1.69 10 192.168.1.69 255.255.255.255 127.0.0.1 127.0.0.1 10 192.168.1.255 255.255.255.255 192.168.1.69 192.168.1.69 10 224.0.0.0 240.0.0.0 192.168.1.69 192.168.1.69 10 255.255.255.255 255.255.255.255 192.168.1.69 192.168.1.69 1 Default Gateway: 192.168.1.254 =========================================================================== Persistent Routes: NoneInstall it.

You may get an "unsigned driver" warning message for the TAP driver that OpenVPN uses to create an IP interface in Windows (saying it could destabilize your system). For Windows XP it looks like this:



Ignore the warning. It works fine on Windows XP (or Vista, Windows 7 or Windows 8).

At this point, again use the "ipconfig/all" and "route print" commands at a Windows command prompt. You will get something similar to this:

IP Interfaces with VPN Down
C:\Documents and Settings\user>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : xp Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter Physical Address. . . . . . . . . : 00-0C-29-A2-B9-61 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.69 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.254 DHCP Server . . . . . . . . . . . : 192.168.1.254 DNS Servers . . . . . . . . . . . : 192.168.1.254 75.153.176.1 Lease Obtained. . . . . . . . . . : Wednesday, March 06, 2013 2:05:50 PM Lease Expires . . . . . . . . . . : Thursday, March 07, 2013 2:05:50 PM Ethernet adapter Local Area Connection 4: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : TAP-Windows Adapter V9 Physical Address. . . . . . . . . : 00-FF-42-5E-D2-9ERouting Table with VPN Down
C:\Documents and Settings\user>route print =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 0c 29 a2 b9 61 ...... AMD PCNET Family PCI Ethernet Adapter - Packet Scheduler Miniport 0x3 ...00 ff 42 5e d2 9e ...... TAP-Windows Adapter V9 - Packet Scheduler Miniport =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.69 10 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.1.0 255.255.255.0 192.168.1.69 192.168.1.69 10 192.168.1.69 255.255.255.255 127.0.0.1 127.0.0.1 10 192.168.1.255 255.255.255.255 192.168.1.69 192.168.1.69 10 224.0.0.0 240.0.0.0 192.168.1.69 192.168.1.69 10 255.255.255.255 255.255.255.255 192.168.1.69 192.168.1.69 1 255.255.255.255 255.255.255.255 192.168.1.69 3 1 Default Gateway: 192.168.1.254 =========================================================================== Persistent Routes: NoneCompare these results to what we had before the install. In the sample above, a new IP interface called "Local Area Connection 4" has been created by the install.

Configuring OpenVPN to Access Servers

Then to get the VPN set up initially, at AirVPN go to "Client Area/Config Generator". The page says "OpenVPN Configuration Generator ". Press the "Invert" button to select all of the servers (why not?). Then select "UDP" under "Protocol" and then "443" under "Port". Agree to the terms of service and press the "Generate" button.

This will have created a file called "air.zip". Save it somewhere. Unzip this into a folder. Let's say it is called "AirVPN". It will contain files like this:
C:\Program Files\OpenVPN\config\AirVPN>dir Volume in drive C is Acer Volume Serial Number is 00B1-714F Directory of C:\Program Files\OpenVPN\config\AirVPN 20/02/2013 02:08 PM <DIR> . 20/02/2013 02:08 PM <DIR> .. 20/02/2013 09:07 PM 8,944 AirVPN CH Virginis - UDP 443.ovpn 20/02/2013 09:07 PM 8,944 AirVPN DE Aquilae - UDP 443.ovpn 20/02/2013 09:07 PM 8,944 AirVPN DE Tauri - UDP 443.ovpn 20/02/2013 09:07 PM 8,944 AirVPN DE Velorum - UDP 443.ovpn 20/02/2013 09:07 PM 8,943 AirVPN GB Bootis - UDP 443.ovpn 20/02/2013 09:07 PM 8,943 AirVPN GB Carinae - UDP 443.ovpn 20/02/2013 09:07 PM 8,943 AirVPN GB Cassiopeia - UDP 443.ovpn 20/02/2013 09:07 PM 8,944 AirVPN IT Crucis - UDP 443.ovpn 20/02/2013 09:07 PM 8,945 AirVPN LU Herculis - UDP 443.ovpn 20/02/2013 09:07 PM 8,943 AirVPN NL Castor - UDP 443.ovpn 20/02/2013 09:07 PM 8,943 AirVPN NL Leonis - UDP 443.ovpn 20/02/2013 09:07 PM 8,944 AirVPN NL Leporis - UDP 443.ovpn 20/02/2013 09:07 PM 8,945 AirVPN NL Lyncis - UDP 443.ovpn 20/02/2013 09:07 PM 8,943 AirVPN NL Lyra - UDP 443.ovpn 20/02/2013 09:07 PM 8,944 AirVPN NL Ophiuchi - UDP 443.ovpn 20/02/2013 09:07 PM 8,944 AirVPN NL Orionis - UDP 443.ovpn 20/02/2013 09:07 PM 8,946 AirVPN RO Phoenicis - UDP 443.ovpn 20/02/2013 09:07 PM 8,944 AirVPN SE Cygni - UDP 443.ovpn 20/02/2013 09:07 PM 8,945 AirVPN SE Serpentis - UDP 443.ovpn 20/02/2013 09:07 PM 8,943 AirVPN SG Columbae - UDP 443.ovpn 20/02/2013 09:07 PM 8,943 AirVPN SG Puppis - UDP 443.ovpn 20/02/2013 09:07 PM 8,943 AirVPN SG Sagittarii - UDP 443.ovpn 20/02/2013 09:07 PM 8,943 AirVPN US Andromedae - UDP 443.ovpn 20/02/2013 09:07 PM 8,944 AirVPN US Librae - UDP 443.ovpn 20/02/2013 09:07 PM 8,944 AirVPN US Octantis - UDP 443.ovpn 20/02/2013 09:07 PM 8,945 AirVPN US Pavonis - UDP 443.ovpn 20/02/2013 09:07 PM 8,944 AirVPN US Persei - UDP 443.ovpn 20/02/2013 09:07 PM 8,943 AirVPN US Sirius - UDP 443.ovpn 20/02/2013 09:07 PM 8,943 AirVPN US Vega - UDP 443.ovpn 29 File(s) 259,370 bytes 2 Dir(s) 244,540,530,688 bytes freeMove the "AirVPN" folder to "C:\Program Files\OpenVPN\config". You will be prompted for administrator privilege.

The OpenVPN install will have created a desktop icon for the OpenVPN GUI.

Stop your torrent clients.

Start up the OpenVPN GUI. On Vista or Windows 7 it will require administrator privilege. The following error messages may be symptom if it is not running privileged:





Either always right-mouse click and "Run as administrator", or alter the desktop icon for the OpenVPN GUI to always run as administrator:



The icon for the OpenVPN GUI will be in the system tray. Right-mouse click on it and select a server. On Windows XP the menu looks like this:



There is a page at AirVPN that gives info on how loaded each server is which cane be helpful when selecting a server to use. When the window showing the log closes and the message saying the VPN is up comes up.

Now once more use the "ipconfig/all" and "route print" commands at a Windows command prompt. You will get something similar to this:

IP Interfaces with VPN Up
C:\Documents and Settings\user>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : xp Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter Physical Address. . . . . . . . . : 00-0C-29-A2-B9-61 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.69 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.254 DHCP Server . . . . . . . . . . . : 192.168.1.254 DNS Servers . . . . . . . . . . . : 192.168.1.254 75.153.176.1 Lease Obtained. . . . . . . . . . : Wednesday, March 06, 2013 2:05:50 PM Lease Expires . . . . . . . . . . : Thursday, March 07, 2013 2:05:50 PM Ethernet adapter Local Area Connection 4: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : TAP-Windows Adapter V9 Physical Address. . . . . . . . . : 00-FF-42-5E-D2-9E Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 10.4.50.142 Subnet Mask . . . . . . . . . . . : 255.255.255.252 Default Gateway . . . . . . . . . : 10.4.50.141 DHCP Server . . . . . . . . . . . : 10.4.50.141 DNS Servers . . . . . . . . . . . : 10.4.0.1 Lease Obtained. . . . . . . . . . : Wednesday, March 06, 2013 2:31:50 PM Lease Expires . . . . . . . . . . : Thursday, March 06, 2014 2:31:50 PMRouting Table with VPN Up
C:\Documents and Settings\user>route print =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 0c 29 a2 b9 61 ...... AMD PCNET Family PCI Ethernet Adapter - Packet Scheduler Miniport 0x3 ...00 ff 42 5e d2 9e ...... TAP-Windows Adapter V9 - Packet Scheduler Miniport =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 128.0.0.0 10.4.50.141 10.4.50.142 1 0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.69 10 10.4.0.1 255.255.255.255 10.4.50.141 10.4.50.142 1 10.4.50.140 255.255.255.252 10.4.50.142 10.4.50.142 30 10.4.50.142 255.255.255.255 127.0.0.1 127.0.0.1 30 10.255.255.255 255.255.255.255 10.4.50.142 10.4.50.142 30 95.211.169.3 255.255.255.255 192.168.1.254 192.168.1.69 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 128.0.0.0 128.0.0.0 10.4.50.141 10.4.50.142 1 192.168.1.0 255.255.255.0 192.168.1.69 192.168.1.69 10 192.168.1.69 255.255.255.255 127.0.0.1 127.0.0.1 10 192.168.1.255 255.255.255.255 192.168.1.69 192.168.1.69 10 224.0.0.0 240.0.0.0 10.4.50.142 10.4.50.142 30 224.0.0.0 240.0.0.0 192.168.1.69 192.168.1.69 10 255.255.255.255 255.255.255.255 10.4.50.142 10.4.50.142 1 255.255.255.255 255.255.255.255 192.168.1.69 192.168.1.69 1 Default Gateway: 10.4.50.141 =========================================================================== Persistent Routes: NoneThe "Local Area Connection 4" interface has been configured with an IP address and other configuration information added to it. Also, the routing table has several new entries added to it involving the "Local Area Connection 4" interface. We will examine the details of these differences and comment on the information content of these listings in what follows. You can use a "diff' program such as Winmerge to make the additions and changes to the routing table easier to pick out:

Comparison of Routing Table with VPN Up Versus Down



Now use your browser to go to:

http://whatismyipaddress.com/

Where are you in the world?

Until we get port forwarding working, there is no point in running your torrent client with the VPN. Although there would be no harm in trying it for a minute.

Stop your torrent clients again before you shut down the VPN.

Setting Up Port Forwarding

At AirVPN, go to "Client Area/Forwarded ports". The page title is "Your forwarded ports"

The ports you already have are shown first with a "Remove" button. At the end there is an extra spot with an "Add" button. Click "Add" and it will generate a random number and forward that port to you. After you click the next page will say "Port ????? added" at the top.

Now you need to tell your torrent client to listen on this port.

Here you should first understand about UPnP:

https://en.wikipedia.org/wiki/Universal_Plug_and_Play

And also NAT-PMP:

http://en.wikipedia.org/wiki/NAT_Port_Mapping_Protocol

UPnP support in the router allows a program running on your PC to tell your router to set up port forwarding. Most routers now a days support this. NAT-PMP is much less widely implemented. It seems that because of this many people do not realize that incoming connections are being forwarded to their torrent client. When using a VPN, you should turn off UPnP and NAT-PMP in your torrent client.

For uTorrent, do "Options/Preferences", then select "Connection" and paste in (or type) the port number AirVPN generated for you. Then click "OK".



For Vuze do "Tools/Options", then "Connections" and paste in (or type) the port number AirVPN generated for you. The click "Save".



Also for Vuze, to turn off UPnP and NAT-PMP use "Tools/Options/Plugins/UPnP" and "Tools/Options/Plugins/UPnP/NAT-PMP":





Now go back to the AirVPN port forwarding page and click the "Check" button for the port. When this competes the "Status" icon should turn green.

A Very Active Copyright Free Torrent to Test With

If you want a very active torrent to test with that has no copyright issues, use the Ubuntu Desktop torrent:

http://www.ubuntu.com/download/desktop/alternative-downloads

Checking That the VPN Is Working

To see whether you are receiving incoming connections:

uTorrent:

Use "Options/Show Status Bar" In the Status Bar area (at the bottom) select the "Peers" tab. Hopefully you have the "Flags" column? If not right mouse-click on the column title area and enable it. What you want to see is a few peers with "I" as one of the flags. This means the peer connected to you. The meaning of each flags is available in "Help/uTorrent Help".

Vuze:

If the icon in front of the torrent is green, then you have received incoming connections. To pursue this further, right mouse-click on a torrent and select "Show Details". Then select the "Peers" tab. Hopefully you have the "T" column? If not right mouse-click on the column title area and enable it. The peers that have "R" in the "T" column came to you as incoming connections.

Process Explorer

But there is a more general and powerful way to check what is happening with a torrent clients IP connections. There is a useful tool that Microsoft provides - "Process Explorer":

http://technet.microsoft.com/en-ca/sysinternals/bb896653.aspx

With it you can see all of the network connections a program is making. Once it is installed, start it and in the process tree that gets shown locate "uTorrent.exe" or "Azureus.exe" under "explorer.exe". Right-mouse click on it and select "Properties..."`. Then select the "TCP/IP" tab. In that uncheck the "Resolve addresses" check box. If you see connections on the port that you set up as the incoming port, that is another indication that you are receiving incoming connections.

Using Process Explorer you will also be able to see if any connections are being made on the native interface rather than the VPN interface (as they should).

This is an example of what you can see with Process Explorer:



In the example above, Vuze is listening for connections on port 63676, so the "ESTABLISHED" connections to that port are from incoming connections.

It can be helpful to sort the items in this display in various orders by clicking on the column headers. The possible states are described here:

http://support.microsoft.com/kb/137984

This is a summary taken from the link above:
SYN_SEND - Indicates active open. SYN_RECEIVED - Server just received SYN from the client. ESTABLISHED - Client received server's SYN and session is established. LISTEN - Server is ready to accept connection. FIN_WAIT_1 - Indicates active close. TIMED_WAIT - Client enters this state after active close. CLOSE_WAIT - Indicates passive close. Server just received first FIN from a client. FIN_WAIT_2 - Client just received acknowledgment of its first FIN from the server. LAST_ACK - Server is in this state when it sends its own FIN. CLOSED - Server received ACK from client and connection is closed.Guide to Setting Up VPN Just for Torrenting on Windows - Part 2

Routing Table Functionality

In what follows, manipulations of the routing table will be used to achieve certain goals. Some understanding of the routing table will be needed in order for the reader to complete these.

You may also want to see the Wikipedia page about the routing table:

http://en.wikipedia.org/wiki/Routing_table

Please refer to the listings generated by "route print" above.

When a program does an IP "bind" function without specifying a particular IP interface or IP address to bind to, the routing table is used to determine what IP interface to send a packet on, based on the destination. The packet destination is compared against the two values "Network Destination" and "Netmask". These two values together define a "subnet" or "subnetwork". For an explanation of a subnetwork and subnet notations see Wikipedia:

http://en.wikipedia.org/wiki/Subnetwork

The values shown as 4 numbers separated by periods are 32 bit strings, divided up into 4 8 bit chunks, so that each chunk is a value from 0 to 255. But think of these as 32 bit strings.

"Netmask" will be all ones on the left and all zeros to the right of that. What matters with it is just how many 1-s are on the left. If the "Netmask" has only 4 1-s on the left, then only the left-most 4 bits of the packet destination and "Network Destination" are compared for a match. A packet destination may have several routing table entries that match by this criteria. The one that will be used is the one for which the "Netmask" had the most 1-s. If that does not resolve it, the lowest "Metric" is then checked.

The entry with the "0.0.0.0." Netmask is called the "default" gateway:
... Network Destination Netmask Gateway Interface Metric ... 0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.69 10 ... Default Gateway: 192.168.1.254 ...This "0.0.0.0" entry will match anything, since no bits have to be compared. So if no more specific entry is found that is where a packet will go.

Now look at the screen shot above labelled "Comparison of Routing Table with VPN Up Versus Down".

The extra lines when the VPN is up were added by the OpenVPN client. Note these two extra lines in particular:
... Network Destination Netmask Gateway Interface Metric ... 0.0.0.0 128.0.0.0 10.4.50.141 10.4.50.142 1 ... 128.0.0.0 128.0.0.0 10.4.50.141 10.4.50.142 1 ... Default Gateway: 10.4.50.141 ...These entries with "128.0.0.0" prevent the "0.0.0.0" from ever being used, because one of these will match any address, and they are more specific (one 1 bit on the left of the Netmask rather than no bits at all). This makes the VPN gateway (10.4.50.141) the new "default gateway".

The other additional entries serve various purposes which are not relevant to our discussion below.

Advanced Set Up for Windows XP

As I explained above, I was not able to find a way under XP to use the native interface for normal activities while using the VPN for the torrent clients. I could not get the torrent clients to use the VPN interface unless it was the default gateway in the routing table. It appears that you have to use the VPN for everything or nothing.

However it is possible to use a combination of the firewall and the routing table to ensure that no P2P traffic uses the native interface when the VPN is not running.

Set Up for Windows XP Firewall

First I will discuss the firewall. It does not seem to be possible to fully block all torrent traffic from the native interface using just the limited firewall that came with XP.

Although you can block incoming connections to some extent, you cannot block outgoing connections at all. And registering your IP address against torrent hashes on a tracker or by DHT is already bad enough for IP address trolls to see you. And if they register themselves on a tracker as having a torrent you want, you may connect to them (even worse). You could also be given their IP address as a source by peer exchange even if you strip things to DHT only.

With some other firewall that works on XP you may still be able to do this. There may be information on the AirVPN forum.

If you have a router, you may not have had Windows firewall enabled, relying on your router to provide the firewall. However you should have Windows firewall enabled at least for the VPN interface, with an exception for your torrent client. The following screen shots illustrate how to do this:









This will allow incoming connections for torrent clients from the native interface too. But you should be able to configure your router so that no incoming connections are forwarded from the internet to your PC. You will have to poke around in its GUI/HTTP interface. Besides turning off any explicit port forwarding in your router, you need to consider UPnP:

https://en.wikipedia.org/wiki/Universal_Plug_and_Play

UPnP support in the router allows a program running on your PC to tell your router to set up port forwarding. Most routers now a days support this. It seems that because of this many people do not realize that incoming connections are being forwarded to their torrent client. The thing is, malicious programs can do this too!

So you may want to go further and disable UPnP in your router. However you may be using some other program that needs it. With UPnP off (and no explicit port forwarding rules in the router), you can be sure that no incoming connections can come in by the native interface.

If you do want to block incoming torrent connections only on the native interface, then do not enable the exceptions for the clients on the "Exceptions" tab as shown above, but instead go to "Advanced Settings" from the "Advanced" tab and provide exception rules only for the VPN interface, as shown below:



Using this approach, you have to define the rules based on the ports rather than the programs, and you will need a TCP and a UDP rule for each port.

Routing Table Change to Block Outgoing Native Traffic

In order to ensure that outgoing traffic will not go out over the native interface, one can make a change to the routing table which will guarantee that no traffic of any sort (except the encrypted VPN traffic itself) will be able to find its way to the native interface. Refer to the section "Routing Table Functionality" above. If the VPN goes down, the "128.0.0.0" entries that override the default gateway will be removed by the OpenVPN client. If the "0.0.0.0" entry is removed, then there will be no default gateway and nothing will be able to find its way out to the internet.

A variation of this approach is discussed here:

http://cranthetrader.blogspot.ca/2011/10/dont-allow-non-vpn-traffic.html

But it seems to me that the procedure described on that page is far more complicated than necessary. Once the VPN is running, you can just remove the "0.0.0.0" entry from the routing table using this command at a command prompt:
route delete 0.0.0.0 192.168.1.254If you want to stop the VPN and use the native interface again, then after shutting down the VPN, restore the default gateway entry for the native interface using this command at a command prompt:
route add 0.0.0.0 mask 0.0.0.0 192.168.1.254Note that "192.168.1.254" above must be replaced with the gateway for your native interface. If you lose track of this, it is part of the information displayed for interfaces by "ipconfig /all" (see the examples above).

For convenience, you could create two ".bat" files each with one of these commands. I suggest that you place a "pause" command at the end so that the windows that opens to run the command does not disappear before you can see if it worked.

Advanced Set Up for Windows Vista and Windows 7

The set up described below works on either Vista or Windows 7. I use Windows 7, but I have confirmed that it works on Vista using a virtual machine I have with Windows Vista on it.

All of the samples below are taken from Windows Vista. There a couple of small differences in the GUI for "Windows Firewall with Advanced Security".

I also encountered a problem getting the firewall blocking to work fully for Windows Vista. Getting the firewall to block uTorrent from using the native interface worked, but getting it to block Vuze has not worked! Blocking Vuze works fine on Windows 7.

But there is a saving grace. Fortunately Vuze has an option that prevents it using the default interface if it is configured to use a specific interface. I use this on Windows 7 too, even though it does not appear to be necessary.

Set Up for Windows Firewall with Advanced Security

To set up the blocking of both incoming and outgoing connections in the way we need, you have to use "Windows Firewall with Advanced Security", which is separate from "Windows Firewall" in the Windows Start menu. You have to first get into "Administrative Tools". The following screen shot shows how to get into "Windows Firewall with Advanced Security":



Once you are into ""Windows Firewall with Advanced Security"" you can configure rules for both incoming and outgoing connections at a level of detail much greater than you could for Windows XP. In order to do this we will need to determine an appropriate subnet definition for the native interface and the VPN interface. This can be obtained from examining output from the "ipconfig /all" and "route print" commands:
C:\Users\user>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : virtual_Vista Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection 3: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : TAP-Windows Adapter V9 Physical Address. . . . . . . . . : 00-FF-B8-2E-BD-7C DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::5d15:cf7:c242:3e80(Preferred) IPv4 Address. . . . . . . . . . . : 10.4.50.142(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.252 Lease Obtained. . . . . . . . . . : Wednesday, March 13, 2013 11:38:12 AM Lease Expires . . . . . . . . . . : Thursday, March 13, 2014 11:38:12 AM Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 10.4.50.141 DHCPv6 IAID . . . . . . . . . . . : 234946488 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-79-1E-1D-00-0C-29-3D-07-02 DNS Servers . . . . . . . . . . . : 10.4.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-0C-29-E3-F7-8B DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::9c19:3be7:696c:e04(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.67(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Wednesday, March 13, 2013 11:32:09 AM Lease Expires . . . . . . . . . . : Thursday, March 14, 2013 11:32:09 AM Default Gateway . . . . . . . . . : 192.168.1.254 DHCP Server . . . . . . . . . . . : 192.168.1.254 DHCPv6 IAID . . . . . . . . . . . : 251661353 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-79-1E-1D-00-0C-29-3D-07-02 DNS Servers . . . . . . . . . . . : 192.168.1.254 75.153.176.1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Local Area Connection* 6: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{A8B29C02-92F2-4901-B6DB-0A2CD26E54D2} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 7: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 02-00-54-55-4E-01 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:349c:1efb:f5fb:cd71(Preferred) Link-local IPv6 Address . . . . . : fe80::349c:1efb:f5fb:cd71(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter Local Area Connection* 11: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{B82EBD7C-FAAE-42FB-AAA5-4E849D98E35A} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes C:\Users\user>route print =========================================================================== Interface List 14 ...00 ff b8 2e bd 7c ...... TAP-Windows Adapter V9 10 ...00 0c 29 e3 f7 8b ...... Intel(R) PRO/1000 MT Network Connection 1 ........................... Software Loopback Interface 1 13 ...00 00 00 00 00 00 00 e0 isatap.{A8B29C02-92F2-4901-B6DB-0A2CD26E54D2} 12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface 15 ...00 00 00 00 00 00 00 e0 isatap.{B82EBD7C-FAAE-42FB-AAA5-4E849D98E35A} =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.67 10 0.0.0.0 128.0.0.0 10.4.50.141 10.4.50.142 30 10.4.0.1 255.255.255.255 10.4.50.141 10.4.50.142 30 10.4.50.140 255.255.255.252 On-link 10.4.50.142 286 10.4.50.142 255.255.255.255 On-link 10.4.50.142 286 10.4.50.143 255.255.255.255 On-link 10.4.50.142 286 95.211.169.3 255.255.255.255 192.168.1.254 192.168.1.67 10 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 128.0.0.0 128.0.0.0 10.4.50.141 10.4.50.142 30 192.168.1.0 255.255.255.0 On-link 192.168.1.67 266 192.168.1.67 255.255.255.255 On-link 192.168.1.67 266 192.168.1.255 255.255.255.255 On-link 192.168.1.67 266 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 10.4.50.142 286 224.0.0.0 240.0.0.0 On-link 192.168.1.67 266 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 10.4.50.142 286 255.255.255.255 255.255.255.255 On-link 192.168.1.67 266 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 12 18 ::/0 On-link 1 306 ::1/128 On-link 12 18 2001::/32 On-link 12 266 2001:0:9d38:953c:349c:1efb:f5fb:cd71/128 On-link 14 286 fe80::/64 On-link 10 266 fe80::/64 On-link 12 266 fe80::/64 On-link 12 266 fe80::349c:1efb:f5fb:cd71/128 On-link 14 286 fe80::5d15:cf7:c242:3e80/128 On-link 10 266 fe80::9c19:3be7:696c:e04/128 On-link 1 306 ff00::/8 On-link 12 266 ff00::/8 On-link 14 286 ff00::/8 On-link 10 266 ff00::/8 On-link =========================================================================== Persistent Routes: NoneExamining the "ipconfig /all" output we see that:

* the VPN interface ("Local Area Connection 3") has IP address 10.4.50.142 and provides a path to the gateway 10.4.50.141

* the native interface (with IP address 192.168.1.67) provides a path to the gateway 192.168.1.254

Examining the "route print" output we see that:

* the VPN interface (with IP address 10.4.50.142) provides a path to the gateway 10.4.50.141

* the native interface ("Local Area Connection") has IP address 192.168.1.67 and provides a path to the gateway 192.168.1.254 (this can also be gleaned from the "ipconfig /all" output)

For the firewall rules, we need to use the CIDR subnet ("prefix/length") notation:

http://en.wikipedia.org/wiki/CIDR_notation#CIDR_notation

We will go with "10.4.0.0/16" as a subnet definition containing the VPN address and with "192.168.0.0/16" as a subnet definition containing our native interface. We need these two subnet definitions to not overlap, and to be big enough that they will not need to change if the address given to us by the VPN DHCP server or our router DHCP server changes. A prefix length of 16 should be plenty for this.

I will explain the rationale for the firewall rules I set up after some screen shots that give the jist of how to use the firewall set up GUI.

The following screen shots show the summary window:

Rules for Incoming Connections



Rules for Outgoing Connections



The following screen shots illustrate how to set the properties of firewall rules:

Specifying the Properties for a Firewall Rule











Installing (or perhaps running the first time) uTorrent will have created Inbound rules named "Torrent (TCP-In)" and "Torrent (UDP-In)". Installing (or perhaps running the first time) Vuze will have create a rule named "Azureus / Vuze" for each of TCP and UDP. We want to change these so that they allow incoming connections only from the VPN. In the screen shot above for Incoming connections you will see that the "Local IP address" property has been set to "10.4.0.0/16". Although I do not recall changing anything else, make whatever other changes you need to ensure that the rules you create are as in the example above. You could if you prefer disable the original rules and create new ones.

The uTorrent and Vuze installations do not create any Outbound rules. So I have created a rule for uTorrent ("_uTorrent") and for Vuze ("_Vuze"). We want these rules to block outgoing traffic over the native interface from our torrent clients. We need these rules to be "blocking" rules, applying to all profiles and all protocols, and with that the "Local IP address" property has been set to "192.168.0.0/16". Make whatever other changes you need to ensure that the rules you create are as in the example above.

Set Up for Torrent Clients

Next we set up the torrent clients to use only the VPN interface. This will give additional assurance that torrent traffic does not go out over the native interface, and also allow us to make the changes to the routing table that will cause the VPN interface to be used only for torrent traffic.

The following screen shot illustrates setting the IP interface for uTorrent:

Setting IP Interface for uTorrent



From the menu in uTorrent select "Options/Preferences" and then select "Advanced". You need to set the "net.bind.ip" and "net.outgoing.ip" to the IP address of the VPN interface. Unfortunately for uTorrent one has to specify the IP address, unlike Vuze (see below).

So long as I continue to use the same AiirVPN server, since my DHCP license is for a year, I do not need to change the uTorrent configuration. If I wish to change the AirVPN server, I have to change IP address uTorrent uses.

At the time of writing, AirVPN does not allow one to have a fixed local IP address for
the VPN interface, otherwise this could be avoided.

The following screen shot illustrates setting the IP interface for Vuze:

Setting IP Interface for Vuze



From the menu in Vuze select "Options" and then select "Connection/Advanced Network Settings". First ensure that the check box labelled "Enforce IP bindings even when interfaces are not available, ..." (at the bottom of the page) is enabled. Next fill in the text box labelled "Bind to local IP address or interface". You could fill in the actual IP address of the VPN interface as we did for uTorrent. But it is better to scan the list of interfaces further down the page for the one for the VPN interface. In the sample screen shot you will see that the VPN address "10.4.50.142" goes with the interface "eth5[0]". So I have copied and pasted that into the text box instead. By using the interface name rather than the IP address, I avoid having to change the Vuze set up if the address of my VPN interface changes (when I switch OpenVPN servers for example).

Routing Table Changes to Restore Native Gateway

The final step in this set up is to add some additional routing table entries to restore the native gateway as the default gateway. Recall (see the discussion above) that the OpenVPN client added two routing table entries with a subnet prefix length of 1 bit (net mask 128.0.0.0) in order to override the original routing table entry that made the native interface the default gateway. That original routing table entry (just 1 entry) had a subnet prefix length of 0 bits (net mask 0.0.0.0). Because the subnet prefix length of the routing table entries the VPN client made is longer, and the two entries together cover the full IP address space, these two new entries had the effect of overriding the original default gateway.

One might think then that we just need to delete the two entries with net mask "128.0.0.0". And indeed, if we were not using Windows, this would probably work! But I have found that with these entries removed, Windows does not allow the torrent clients to bind to the VPN interface, which they were configured above to use. But there is another possibility, which I have found does work.

We will do what the VPN client did - add more routing table entries. Our entries will have a subnet prefix length of 2 bits (new mask 192.0.0.0). In order cover the full IP address space we need 4 entries (see the pattern?). To this end, create two ".bat" files. Files ending in .bat are expected by Windows to contain "scripts" that run the same commands that you can run at the Windows Command Prompt. Create two files as follows -

"VPN_gateway_suspend.bat" containing:
@set GATEWAY=192.168.1.254 route add 0.0.0.0 mask 192.0.0.0 %GATEWAY% route add 64.0.0.0 mask 192.0.0.0 %GATEWAY% route add 128.0.0.0 mask 192.0.0.0 %GATEWAY% route add 192.0.0.0 mask 192.0.0.0 %GATEWAY% @pause "VPN_gateway_restore.bat" containing:
@set GATEWAY=192.168.1.254 route delete 0.0.0.0 mask 192.0.0.0 %GATEWAY% route delete 64.0.0.0 mask 192.0.0.0 %GATEWAY% route delete 128.0.0.0 mask 192.0.0.0 %GATEWAY% route delete 192.0.0.0 mask 192.0.0.0 %GATEWAY% @pause I put my files into the folder "C:\bat\VPN". The route commands to add and delete entries require administrator privilege. So to run the .bat files directly you have to right mouse-click on them and select "Run as administrator". As a convenience, I create short cuts to these .bat files and set "Run as administrator" in their "Advanced Properties":



To be sure these scripts and short cuts are working for you, use the "route print" command in a Windows Command Prompt window.

Hello!

It's too early to claim anything, given the excellent growth rate of the user base and the rising costs of IPv4 subnets... Stay tuned!

Kind regards
 

The eunomia.social domain linked from post #4 was taken over by Malaysian casino ads (can the link be removed/annotated?). Here is a live link, if only to the project announcement https://www.synyo.com/news/eunomia-project-to-combat-misinformation-with-decentralized-secure-and-trustworthy-social-media/

This is really cool, the website UI for this part is very clear too, with the "p2p" toggle and pool selection (except :1 & :2 are weirdly non-descriptive). I think one half of the first pool could have remained free, if people knew to migrate their static services over to pool2. I will consider moving one of my two ports to pool 2.

Thinking about this, it only has a niche usefulness currently. I am sure you understand, but I want to type it out. Any service that's not a passive "I will wait for connections from outside" will have automatic WAN IP discovery built in. So once the "exit" IP is not selectable (as it is now), all those programs will not stop advertising, but instead actively advertise the wrong IP (due to default communication). As Open Sourcerer has shown above for DHT. However if the DHT data reliably only advertised the working pool2 IP, all clients would eventually find out about it, if not via DHT directly then through Peer EXchange from other peers.

What are the current top arguments for not enabling exit IP selection (pool 1/2)? Surely, only very little traffic would go out on pool 2. Is it about the selection setting? Requiring more entry IPs? What if the pool selection was based on entry port instead?

I am delighted to see this problem being approached in this way. I wouldn't have imagined it like this

Be a good friend, give your friends the best VPN there is Merry Christmas!

UPDATE: @Staff I don't know what snowy climate you're living in, I think this is too much snow for the browser to handle (CPU usage goes up). I see that the default white theme makes the snowflakes barely visible. Therefore my suggestion is to give the snowflakes a blue/cyan tint for visibility on the white background, but reduce their amount significantly.

Hello!

We inform you that within a few hours all the IP addresses of Alruba (Tallinn, Estonia) VPN server will change, due to a datacenter's decision.

If you run AirVPN software, no action on your side is required. If you connect to Alruba through configuration files with IP address (and not domain name) please re-generate the file(s) in due time. The change is planned on 2024-Oct-09 at around 12.30 PM CEST.

Kind regards
AirVPN Staff
 

Hello!

This information will not be disclosed at the moment in details but you may be informed in due time.
 
No to the question and no to the assumption (wrong assumption). All of the current servers are in M247 property racks but not necessarily in M247 datacenters. The new servers will not necessarily be in the same datacenters and M247 will not own any of the new hardware.
 
The current ones are M247, Cogent and Hurricane.
 
Those reports spread false information, if they exist. The current Phoenix servers are in a Cogent datacenter located in Phoenix, this one: https://www.datacentermap.com/usa/arizona/phoenix/cogent-phoenix/
New servers are in a Phoenix datacenter as well.

Kind regards
 

Hello!

The current Phoenix servers are in a Cogent datacenter in Phoenix, see also our previous message. Any provider may offer services inside totally owned or partially owned datacenters, or from not owned at all datacenters where entire racks are rented or similar agreements are finalized.

The new Phoenix servers are in Phoenix, shipped at the beginning of October and arrived on site a few days ago, they are already connected and working, we are testing them and we are confident we will announce them before the end of October. There are dozens of datacenters in Phoenix, around 75 or so, including big ones like Google, Apple, NTT, Cogent and more.

Kind regards
 

@MichelAIR too.

Hello!

It's the ISO 3166 string extracted by Eddie as usual for any country.
 
You can ask ISO to include ROC on ISO 3166 as a sovereign country, but it will not happen. ISO builds the list according to those countries that are either UN members, parties of the statute of the ICJ or members of a UN agency, but Republic of China can't enter the UN because of the PRC veto. To make things worse, almost all the countries in the world, including the USA and the EU Member States, with the exception of 12 countries with lesser power in the UN such as Belize and Haiti, do not recognize the Republic of China as an independent country because, we guess, they fear too much the economic sanctions PRC will enforce against those countries that would do so.

Our solution to list Taiwan as it was in ISO 3166 as a stand alone, recognized and independent country, with its own flag, its own place as a country in the servers list, its own country fully qualified domain name in the infrastructure, far from being funny should have told you everything.
 
Building our own codes and strings by breaking ISO standard may become a bigger problem but we'll evaluate it (after all we already got out of ICANN for specific ICE-related "enforcement" more than a decade ago). The matter was already on the table as already announced in the "News" forum:
https://airvpn.org/forums/topic/63201-new-1-gbits-server-available-new-country-tw/?do=findComment&comment=238819
and Eddie's next version will print "Taiwan, Republic of China".

On one hand, by abiding to the ISO 3166 but moving ROC to an autonomous country as it has been in practice since decades we can keep using ISO standards (no technical complications, no exception handling and worse) but at the same time we show a clear political position and challenge PRC propaganda & mantra "there's only one China". The obvious strength of this position is the provocation to leave the ISO string and keeping ROC as an autonomous country, therefore claiming there there is NOT one China only and de-structuring the meaning of "Province of China".

On the other hand, breaking ISO standards and UN decisions may be very questionable but somehow stronger. Also, to avoid losing the strength of the aforementioned provocation we can find alternative strings such as "Republic of China" directly (claiming Taipei in "Republic of China" can cause again adverse reactions by ignorant people). This is the picked modification for the next Eddie version, at the moment.
 
No problems. The fight of elderly AirVPN members against PRC censorship, propaganda and more is a quarter of century old, so being accused to align with PRC against ROC is obscenely provocative, but the replies are (self or not) moderated.

As far as it pertains to the initial reaction, it means that at least the provocation worked, although it was not fully understood in this case, and if it serves the purpose to push people to realize that it's the ISO (and the UN, secondarily) the one putting the string "Province of China" on the ISO 3166 doc, it's a good thing. Not to mention that it can also serve the purpose to make people question how come, how it's possible that one could become victim of PRC propaganda "there's only one China" when one is against PRC propaganda!

Kind regards
 

Hello everyone!

We hereby publish the Community Forum policy in response to requests for clarification as apparently the generic invitations to comply to Netiquette are not sufficient. We will spread this information throughout the platform if necessary. This document pertains only to Community forums and not to AirVPN forums for official AirVPN communications and guides, where only AirVPN staff can open new threads.

The Community Forums are managed and maintained by AirVPN, inside its own infrastructure, and are intended to be an environment to:
improve AirVPN services through community driven suggestions provide an old style, relaxed platform for customers to get technical help in addition to the core assistance provided by the professional AirVPN customer care and support team.
  Community forum is open to everybody, including non-AirVPN customers, and moderated by AirVPN staff. Community moderators may be appointed by AirVPN staff on a voluntary basis to improve moderation.

Messages posted on the forums and authors must comply with the following rules: Message content and author's behavior must respect Netiquette rules as described here: https://www.britannica.com/topic/netiquette Content must be rigorously on topic. The topic is specified in the description of each forum or made explicit in the name itself. Any form of explicit or surreptitious advertising for third party companies or private activities is prohibited.
Moderators have the task to enforce compliance with the above rules. Messages that violate the rules can be deleted. When possible, moderators will inform the author about the infringement. Authors of two or more messages whose content violates the rules can have their accounts temporarily prevented from posting in the forum.

If the author of a message reputes that a moderator made a mistake in the moderation actvity, communication with the moderator is encouraged. If the author is still unsatisfied by communication with the moderator, AirVPN staff can be contacted at info@airvpn.org. The staff undertakes to examine author's' complaints within a reasonable time not exceeding 30 days.

Kind regards and datalove
AirVPN Staff
 

Hello!

It could. The current decision is that next Eddie Desktop edition version will print "Taiwan, Republic of China", by breaking ISO compliance and at the same time not leaving any doubt to PRC propaganda brainwashed people. This definition should be strong enough to satisfy everyone except mainland China and supporters of standards, of course.

Kind regards
 

@MichelAIR too.

Hello!

It's the ISO 3166 string extracted by Eddie as usual for any country.
 
You can ask ISO to include ROC on ISO 3166 as a sovereign country, but it will not happen. ISO builds the list according to those countries that are either UN members, parties of the statute of the ICJ or members of a UN agency, but Republic of China can't enter the UN because of the PRC veto. To make things worse, almost all the countries in the world, including the USA and the EU Member States, with the exception of 12 countries with lesser power in the UN such as Belize and Haiti, do not recognize the Republic of China as an independent country because, we guess, they fear too much the economic sanctions PRC will enforce against those countries that would do so.

Our solution to list Taiwan as it was in ISO 3166 as a stand alone, recognized and independent country, with its own flag, its own place as a country in the servers list, its own country fully qualified domain name in the infrastructure, far from being funny should have told you everything.
 
Building our own codes and strings by breaking ISO standard may become a bigger problem but we'll evaluate it (after all we already got out of ICANN for specific ICE-related "enforcement" more than a decade ago). The matter was already on the table as already announced in the "News" forum:
https://airvpn.org/forums/topic/63201-new-1-gbits-server-available-new-country-tw/?do=findComment&comment=238819
and Eddie's next version will print "Taiwan, Republic of China".

On one hand, by abiding to the ISO 3166 but moving ROC to an autonomous country as it has been in practice since decades we can keep using ISO standards (no technical complications, no exception handling and worse) but at the same time we show a clear political position and challenge PRC propaganda & mantra "there's only one China". The obvious strength of this position is the provocation to leave the ISO string and keeping ROC as an autonomous country, therefore claiming there there is NOT one China only and de-structuring the meaning of "Province of China".

On the other hand, breaking ISO standards and UN decisions may be very questionable but somehow stronger. Also, to avoid losing the strength of the aforementioned provocation we can find alternative strings such as "Republic of China" directly (claiming Taipei in "Republic of China" can cause again adverse reactions by ignorant people). This is the picked modification for the next Eddie version, at the moment.
 
No problems. The fight of elderly AirVPN members against PRC censorship, propaganda and more is a quarter of century old, so being accused to align with PRC against ROC is obscenely provocative, but the replies are (self or not) moderated.

As far as it pertains to the initial reaction, it means that at least the provocation worked, although it was not fully understood in this case, and if it serves the purpose to push people to realize that it's the ISO (and the UN, secondarily) the one putting the string "Province of China" on the ISO 3166 doc, it's a good thing. Not to mention that it can also serve the purpose to make people question how come, how it's possible that one could become victim of PRC propaganda "there's only one China" when one is against PRC propaganda!

Kind regards
 

Hello!
 
We're very glad to announce a special promotion on our long terms Premium plans.
 
You can get prices as low as 2.20 €/month with a three years plan, which is a 68% discount when compared to monthly plan price of 7 €.

You can also send an AirVPN plan as a gift: you have the option to print or send a colorful, dedicated picture with the code to activate the plan. You can do it in your account Client Area -> Your membership: Purchase and credit -> Print X-Mas after you have bought a coupon.
 
 
 
If you're already our customer and you wish to stay aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day.


Please check plans special prices on https://airvpn.org and https://airvpn.org/buy --- Promotion will end on January the 8th, 2024 (UTC).
 
AirVPN does not inspect and/or log client traffic and offers:
five simultaneous connections per account (additional connection slots available if needed) inbound remote port forwarding with multiple pools active daemons load balancing for unmatched high performance - current 'all time high' on client side is 730 Mbit/s with OpenVPN and 2100 Mbit/s with WireGuard flexible and customizable opt-in block lists protecting you from adware, trackers, spam and other malicious sources. You can customize answers or exceptions globally, at account level or even at single device level. powerful API IPv6 full support comfortable management of your client certificates and keys AES-GCM and ChaCha20 OpenVPN ciphers on all servers Perfect Forward Secrecy with unique per-server 4096 bit Diffie-Hellman keys internal DNS. Each server runs its own DNS server. DNS over HTTPS and DNS over TLS are also supported. free and open source software client side software support to traffic splitting on an application basis on Android and Linux and on a destination basis on Windows and macOS GPS spoofing on Android application
AirVPN is the only VPN provider which is actively developing OpenVPN 3 library with a fork that's currently 245 commits ahead of OpenVPN master and adds key features and bug fixes for a much more comfortable and reliable experience:
https://github.com/AirVPN/openvpn3-airvpn

AirVPN, in accordance with its mission, develops only free and open source software for many platforms, including Android, Linux (both x86 and ARM based systems), macOS and Windows.
Promotion due to end on 2025-02-08 (UTC).
 
Kind regards & datalove
AirVPN Staff