Jump to content
Not connected, Your IP: 3.236.13.53

Staff

Staff
  • Content Count

    9079
  • Joined

    ...
  • Last visited

    ...
  • Days Won

    1333

Reputation Activity

  1. Like
    Staff got a reaction from Stalinium in Key management: ambiguous wording 'renew'   ...
    @Stalinium

    Thank you. "Renew" is correct and accurate while "Regenerate" is inaccurate if not wrong. See also OpenSourcerer message.

    That said you all are right, English is not the first language of any member of the AirVPN staff and only one founder has a University doctoral preparation in English language (in scientific English, not in English literature), but he can't read and fix every and each document written by the whole staff. We promise we will do our best to improve.

    Kind regards
     
  2. Like
    Staff got a reaction from sndr in AirVPN vs ProtonVPN.   ...
    With all due respect for an old time customer like you, comparing AirVPN and/or ProtonVPN with ExpressVPN is an insult we can't accept.

    ExpressVPN has always been perfectly aware that one of its executives was an American intelligence operative who helped UAE human rights hostile government in cracking operations. We do agree with Edward Snowden when he says that you must not use ExpressVPN. Incidentally, ExpressVPN is now part of a big group that, throughout the past decade, was an adware based business with shady privacy practices.

    Please check:
    https://www.vice.com/en/article/3aq9p5/expressvpn-uae-hacking-project-raven-daniel-gericke
    https://twitter.com/josephfcox/status/1438127822883729412
    https://twitter.com/Snowden/status/1438291654239215619
    https://www.theregister.com/2021/09/14/expressvpn_bought_kape/

    Kind regards
     
  3. Thanks
    Staff reacted to cannac in Devices connecting to same server   ...
    @Staff
    My issue in my last comment has been solved.
    It appears that for airwhiteserverlist to work, country must be set with an ISO code that is all lower case. Otherwise I get the Error described above.

    Thank you for your time and help!
    This thread can now be closed.
  4. Like
    Staff got a reaction from Alen255 in Devices connecting to same server   ...
    @cannac

    Hello!

    A solution which might meet your needs is partitioning the US Air VPN servers set into three empty intersection subsets, one per device, compiling airwhitserverlist directive with a unique subset in each device, and finally restarting the three connections via Goldcrest on the US country basis.  and finally defining the connection mode in bluetit.rc as quick. If the connection mode is not defined as quick Bluetit ignores white and black lists but it does not warn you. A warning in the log and a clarification on the documentation will be implemented.

    By doing so you will never have two or more devices connecting to the same server.

    when the air-connect command for the same country is issued by different clients in different devices. If Bluetit connects during the machine bootstrap, remember to send disconnect first: enabled persistent network lock by directive networklockpersist ensures no traffic leak outside the VPN tunnel.

    In a future Bluetit version we might implement a new Bluetit run control file directive defining a white list for automatic connection at bootstrap so that you will not need to send a connection order via a client later on.

    Kind regards
     
  5. Like
    Staff got a reaction from go558a83nk in [COMPLETED] Emergency maintenance in Dallas, Texas (US)   ...
    Hello!

    We inform you that an emergency maintenance due to urgent hardware replacement will be ongoing on 2021-09-18 between 19 and 23 CEST on the Dallas datacenter. The maintenance will impact all of our VPN servers in Dallas: expected downtime is approximately 30 minutes.

    Kind regards
    AirVPN Staff
     
  6. Thanks
    Staff got a reaction from cannac in Devices connecting to same server   ...
    IMPORTANT CORRECTION TO THE PREVIOUS MESSAGE.

    If you define a "quick" connection mode at boot, Bluetit will consider and respect white and black list directives included in bluetit.rc during the connection at bootstrap. Therefore, the proposed solution is optimal and does not require Goldcrest: just remember to change connection mode to quick (and do not set it to country), and define white lists according to the conditions written in our previous message (i.e. three empty intersection subsets, one subset per device).

    Kind regards
     
  7. Thanks
    Staff reacted to Stalinium in Eddie Android edition 2.5 alpha is available   ...
    The Eddie version currently on Play Store still has compression enabled by default. It's been a while since a vulnerability has been known (VORACLE if I'm right) I think it's best to disable and remove the option completely because practical gains from compression are negligible at best (most traffic is TLS or otherwise incompressible).
  8. Like
    Staff got a reaction from Jacker@ in Has AirVPN ever been contacted by a government/law enforcement to provide customer data?   ...
    @airvpnforumuser

    Hello!
     
    No, never, because the investigations follow a different path.
     
    However, we received request for information several times. Such requests relied exclusively on data retention which we do not perform according to the legal framework of countries the servers are located in and/or according the decisions of the CJEU on blanket data retention. We do not inspect or log traffic content or metadata.

    No, we never received gag orders outside the scope of the aforementioned requests, i.e. prohibition to inform the final user that an investigation is ongoing about him or her in case we could identify the user, which never happened for the same reasons above.
     
    You don't, as we never publish private communications regardless of the entity or person sending them, no matter who they are.

    Kind regards


     
  9. Like
    Staff got a reaction from Stalinium in Ad and maybe malware blocking?   ...
    We are not interested in traffic inspection, not even to block ads. Traffic inspection has profound effects and legal consequences: it's contrary to our policy and mission, it weakens remarkably the anonymity layer, it opens the doors dangerously to logging and monitoring and affects in both major and subtle ways the mere conduit status of a service provider in the information society (exemption of liability for users of the service behavior is reduced when the provider selects the content to re-transmit, as past jurisprudence in the EU has widely shown).
     
    About traffic discrimination on your end (in your system) you can of course do as you prefer, there are many tools around which meet your needs without overloading our software with options unrelated to our mission or (even worse!) making it become bloatware.
     
    Kind regards
  10. Like
    Staff got a reaction from Alen255 in Devices connecting to same server   ...
    @cannac

    Hello!

    A solution which might meet your needs is partitioning the US Air VPN servers set into three empty intersection subsets, one per device, compiling airwhitserverlist directive with a unique subset in each device, and finally restarting the three connections via Goldcrest on the US country basis.  and finally defining the connection mode in bluetit.rc as quick. If the connection mode is not defined as quick Bluetit ignores white and black lists but it does not warn you. A warning in the log and a clarification on the documentation will be implemented.

    By doing so you will never have two or more devices connecting to the same server.

    when the air-connect command for the same country is issued by different clients in different devices. If Bluetit connects during the machine bootstrap, remember to send disconnect first: enabled persistent network lock by directive networklockpersist ensures no traffic leak outside the VPN tunnel.

    In a future Bluetit version we might implement a new Bluetit run control file directive defining a white list for automatic connection at bootstrap so that you will not need to send a connection order via a client later on.

    Kind regards
     
  11. Thanks
    Staff reacted to cannac in Bluetit/Goldcrest: automatically restoring connection   ...
    Sure, I've had this issue consistently on ubuntu 20.04 (both amd64 and aarch64) running airvpn suite 1.1.0.
    Without changing the symlink, --recover-network does not work.

    Maybe this should be moved to different topic, since my post was unrelated?
  12. Thanks
    Staff reacted to mith_y2k in Eddie Android edition 2.5 alpha is available   ...
    Best news in a long time!
  13. Like
    Staff got a reaction from Valerian in Server replacement (UK)   ...
    Hello!

    We inform you that all of our VPN servers in Maidenhead will cease operations on 03 September 2021. They will be replaced by servers in London featuring more modern hardware. Unfortunately, both technical and non-technical reasons force us to leave the current dc in Maidenhead.

    Servers in London are anyway located just 40 Km from Maidenhead and they will be announced and available in the next days.

    The new machines will keep the same names in order to support the old FQDN used by OpenVPN client profiles. Since the datacenter seems to have put offline already a server before the natural expiration date, we could put the new servers online before the mentioned 03 September date. When new servers are turned on, older ones with the same name will be disconnected from the infrastructure. This thread will be updated, if necessary, accordingly.

    The replacement servers are five, while the replaced ones are six. That's because we might be adding in the future another datacenter in UK in a different location.

    Kind regards
    AirVPN Staff
  14. Like
    Staff got a reaction from Jacker@ in Server replacement (UK)   ...
    UPDATE 3 Sep 2021
    Replacement has been completed.

    Kind regards
     
  15. Thanks
    Staff got a reaction from go558a83nk in Server replacement (UK)   ...
    Hello!

    Our first 10 Gbit/s lines dedicated only to our servers were used for the first time in Dallas, Texas, several years ago. One line is for the VPN servers and another one for the Tor nodes by Quintex. Then we had four (now six) 10 Gbit/s lines in the Netherlands. Each line was and is shared by 10 or 11 of our servers.

    Then Xuange came, in Switzerland, that was the first one with an exclusive 10 Gbit/s line. Ain then followed and has been the last one at the moment.

    As @OpenSourcerer says, prices in some locations (such as Tokyo) are too high for 10 Gbit/s and at least 600 TB traffic per month for a single server (2 Gbit/s 24/7 means you generate 600 TB in a month). Moreover, in order to beat the usual 1 Gbit/s full duplex, more powerful hardware is needed and a different software approach too.

    Even so, on Xuange and Ain we could not manage to squeeze more than 3-4 Gbit/s (in total, up+down) when more than 150 clients are connected, and even the most powerful CPUs available on the market, running one OpenVPN instance per virtual core, suffer. The whole system get choked if we go up to 300 clients, which would be the minimum amount required to run those servers without losing money. Wireguard might help but it's uncertain and anyway many core customers of ours don't accept it for the notorious privacy problems, other customers can't use it for UDP blocks/shaping and so on, so we can't and we won't drop OpenVPN in any case.

    EDIT: it's not only a pure AES/CHACHA20 processing power issue, but also a conntrack and packert mangling huge queue related issue, which gets intertwined with pure encryption/decryption processing power problems. - pj

    For us, the cost per user to be provided with high bandwidth is remarkably higher with dedicated 10 Gbit/s single server lines, because we experimentally see that we can not put on such a server 10 times the users a 1 Gbit/s server can handle (unless we wanted to lower the quality of service, which is not on the table). Therefore, if we want to keep the same prices and at the same time we don't want to oversell, offering an infrastructure all based on a 10 Gbit/s line per server for 2.75 EUR/month (the current price for 3 years subscriptions) is not realistic.

    Remember that year after year prices of AirPVN went down or remained unchanged, and today AirVPN is probably the less expensive VPN around (ruled out the free ones, as they profile you or do worse things too).

    Maybe in the future, or maybe with a different pricing, migration to all "10 Gbit/s servers" could be pursued.

    We're not "over-cautious" but realistic: in the last 5-6 years, while other VPN services accumulated important debts surpassing tens and tens of USD millions (think about PIA mother company, which went down for more than 30 millions in just 3 or 4 years; and other big ones, which are forced to oversell and continuously pay for favorable bogus reviews hiding overselling in order to survive) AIrVPN never ever had debts.

    Who would be interested in paying more (probably x3 or even x4) to have access to 10 Gbit/s dedicated lines (one line per server) on a wide variety of AirVPN locations with the usual AirVPN quality? We might start a survey to know.

    Kind regards


     
  16. Like
    Staff got a reaction from usager987 in Eddie Desktop 2.21 beta released   ...
    Hello!
     
    We're very glad to inform you that a new Eddie Air client version has been released: 2.21 beta. It is ready for public beta testing.
     
    How to test our experimental release:
    Go to download page of your OS Click on Other versions
    Click on Experimental
    Look at the changelog if you wish Download and install
    Please see the changelog: https://eddie.website/changelog/?software=client&format=html



    This version contains an almost completely rewritten code for routes management, DNS and more, so please report any difference from the latest stable release 2.20.

    This version implements WireGuard support. AirVPN servers will offer it, during an opt-in beta-testing phase, within September.
      WireGuard support is expected to work out-of-the-box (no need to install anything else but Eddie) in Windows and macOS. In Linux it works if kernel supports it (WG support by kernel is required).

     
    PLEASE CONSIDER THIS AS A BETA VERSION.
    Don't use it for real connections it's only for those who want to collaborate to the project as beta-testers.  
  17. Like
    Staff reacted to PrivacyMatters in ProtonMail Logged IP Address of French Activist After Order By Swiss Authorities   ...
    Would the use of a VPN, such as AirVPN or ProtonVPN (in this case, I believe the users did not use the bundled service) or TOR prevent this situation?

    In the transparency report; the state over 700 cases of this nature out of 3000+ Legal orders.  In which ProtonMail's parent corporation representation states they fought and denied hundreds more improper orders sent on by the Swiss authorities.

    Interestingly, most do not understand email is not a secure service by default, and ProtonMail's whole thing is encryption, because ultimately such as any VPN or service will know the originating IP of a user.  The company was required to log, after legal request, which from a financial point of view, I believe is true because it costs money to data mine without any benefit, unlike Google for example.

    Also, when does an IP equal an individual?  There must be more to the story.

    More reasons to use AirVPN imo, vs protonvpn because: no ZenDesk, no outsourced customer service, no outsourced payment processors, no parent company holdings as far as I know.  Also I love the openess of your code, and willing to work with outsiders, such as the CLI wrapper.   The activism also I agree with.

    So important:  I created this account with the ability to use no linking information to anything, including a random string with @ and .com
  18. Like
    Staff got a reaction from Antti Simola in Can we get a server in Poland? They seem to like freedom of speech.   ...
    @blueport26

    Hello!

    First and foremost we must say that we have not updated our knowledge on Poland data retention legal framework. Our old information tells us that it's NOT compliant with the latest decisions of the CJEU which forbid Member States to put any obligation on any provider of service in the information society for pre-emptive, blanket, indiscriminate data retention. All that follows is therefore based on our not up-to-date knowledge. Feel free to point us to the relevant laws if we base our decision on no more valid knowledge.

    Now, we can actually ignore the EU Member States legal frameworks on data retention where they clearly infringe the EU Court of Justice legally binding decisions, because in a casus belli we can challenge, or defend against, the rogue Member State with high likelihood of winning.

    At the same time, we must carefully decide which legal battle fronts we want to open, because legal costs for cases which must be brought up to the highest courts may easily become very high. We are already challenging Spain legal framework on Data Retention, and, given AirVPN size, it's not wise to challenge multiple Member States simultaneously. That's the main reason we do not operate VPN servers in France and Italy, other Member States whose data retention framework is in flagrant violation of the legally binding decisions of the CJEU.

    We're not like those marketing fluff based VPNs which lie to you and in reality perform Data Retention in the countries where  it is mandatory: you have plenty of examples from the press to prove what we claim here, when VPN customers identities and activities have been disclosed because of that very same data retention the VPN providers claimed not to perform. When we say we do not retain data and metadata of your traffic we really do it, that's why we must carefully evaluate the countries legal framework we plan to operate servers within.

    Kind regards

    P.S. Ukraine does not oblige dacenters and VPN providers to any data retention.
     
  19. Like
    Staff got a reaction from Valerian in Server replacement (UK)   ...
    Hello!

    We inform you that all of our VPN servers in Maidenhead will cease operations on 03 September 2021. They will be replaced by servers in London featuring more modern hardware. Unfortunately, both technical and non-technical reasons force us to leave the current dc in Maidenhead.

    Servers in London are anyway located just 40 Km from Maidenhead and they will be announced and available in the next days.

    The new machines will keep the same names in order to support the old FQDN used by OpenVPN client profiles. Since the datacenter seems to have put offline already a server before the natural expiration date, we could put the new servers online before the mentioned 03 September date. When new servers are turned on, older ones with the same name will be disconnected from the infrastructure. This thread will be updated, if necessary, accordingly.

    The replacement servers are five, while the replaced ones are six. That's because we might be adding in the future another datacenter in UK in a different location.

    Kind regards
    AirVPN Staff
  20. Like
    Staff got a reaction from Jacker@ in Server replacement (UK)   ...
    UPDATE 3 Sep 2021
    Replacement has been completed.

    Kind regards
     
  21. Like
    Staff got a reaction from Jacker@ in Has AirVPN ever been contacted by a government/law enforcement to provide customer data?   ...
    @airvpnforumuser

    Hello!
     
    No, never, because the investigations follow a different path.
     
    However, we received request for information several times. Such requests relied exclusively on data retention which we do not perform according to the legal framework of countries the servers are located in and/or according the decisions of the CJEU on blanket data retention. We do not inspect or log traffic content or metadata.

    No, we never received gag orders outside the scope of the aforementioned requests, i.e. prohibition to inform the final user that an investigation is ongoing about him or her in case we could identify the user, which never happened for the same reasons above.
     
    You don't, as we never publish private communications regardless of the entity or person sending them, no matter who they are.

    Kind regards


     
  22. Like
    Staff got a reaction from SeUbHS in Network lock not active   ...
    @SeUbHS

    Hello!

    Yes, set your blocking rules as default rules while Eddie is not running and has just exited cleanly. Remember to allow local network, and special destinations such as 255.255.255.255 in order not to block DHCP (at bootstrap etc.). Since you run iptables you can simply enforce DROP policy to the OUTPUT and INPUT chains of the filter table, and then set a few rules jumping to ACCEPT for local subnet, localhost and 255.255.255.255.

    A very simple startup script (it's only an example, you must modify it according to your needs and the features of your network, and you can also use iptables-save to make rules permanent - also specify the correct path to iptables):
      iptables -F iptables -P OUTPUT DROP iptables -P INPUT DROP iptables -P FORWARD ACCEPT iptables -I INPUT -s 255.255.255.255 -j ACCEPT iptables -I OUTPUT -d 255.255.255.255 -j ACCEPT iptables -I OUTPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT iptables -I INPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT iptables -I INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT iptables -I OUTPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT

    When Eddie enables Network Lock, you can communicate with AirVPN infrastructure only. When Eddie disables Network Lock (including when it quits) it will restore your blocking rule, so your machine will be isolated from the Internet.

    Kind regards
     
  23. Like
    Staff got a reaction from User of AirVPN in Server replacement (UK)   ...
    UPDATE 27 Aug 2021
    VPN servers Alathfar and Carinae switch has been completed.

    Minkar will not be replaced at the moment and will cease operations on 03 Sep 2021.

    Kind regards
     
  24. Like
    Staff got a reaction from blueport26 in Eddie development, roadmap question and some suggestions   ...
    Hello!

    Note that the original plan was about GTK#, not GTK, therefore Eddie's GUI would have remained anyway based on Mono..

    All the AirVPN Suite for Linux and Hummingbird for Mac were born to provide a software completely unrelated to Mono. In Linux you also have a real daemon, Bluetit, capable to offer a strong basis to develop any AirVPN client, even from third-party developers. In the past third-party AirVPN clients developers faced the formidable barrier of the undocumented bootstrap servers and undocumented "manifest" file format. No more problems of that kind now, as you probably know if you have checked Bluetit developer's manual.

    Kind regards
     
  25. Thanks
    Staff got a reaction from 56Kmodem in Unable to obtain elevated privileges (required): Unable to start   ...
    @56Kmodem

    Thank you, it's probably the configuration file "default.profile" which is not removed by the uninstaller (correctly, because it's an uninstall and not a purge) and which is not upward compatible. It remains to be seen why the problem arose in the first place with 2.21 beta. The very first time you had the problem, were you testing beta 1 or beta 2? What is your exact Windows version?

    Kind regards
     
×
×
  • Create New...