Staff

Hello,
 
there is a pinned topic in this very same forum pertaining to the issue, have a look at it.
https://airvpn.org/topic/14829-can-only-connect-to-the-internet-browser-through-airvpn
 
Kind regards

HOW TO FORWARD PORTS TO YOUR DEVICES WITH IPTABLES
 
You need to create a basic DNAT on your router. Remember that the router GUI forwards ports from the WAN to LAN. When connected to the VPN you must forward ports from TUN to LAN. Therefore, it is imperative that you do NOT forward ports in the GUI of the router.
 
Assuming that:
destIP is the IP address of the destination device port is the port you wish to forward to that device tun1 is the tun interface of your router (please check! on some routers it can be tun0, on Tomato it can be tun11) you need to forward both TCP and UDP packets you need to add the following rules. Please note that the following rules do NOT replace your already existing rules, you just have to add them.
 
iptables -I FORWARD -i tun1 -p udp -d destIP --dport port -j ACCEPT
iptables -I FORWARD -i tun1 -p tcp -d destIP --dport port -j ACCEPT
iptables -t nat -I PREROUTING -i tun1 -p tcp --dport port -j DNAT --to-destination destIP
iptables -t nat -I PREROUTING -i tun1 -p udp --dport port -j DNAT --to-destination destIP
 
Note: if your router firmware iptables supports the multiport module you can use --match option to make your rules set more compact. Please see here, thanks to Mikeyy https://airvpn.org/topic/14991-asuswrt-merlin-multiple-ports/?do=findComment&comment=31221
 
Kind regards

A very odd conclusion on the basis of what you have reported... On the contrary, all the leaks up to now confirm that NSA is not able to crack ciphers currently used by our service. That's exactly why they need backdoors or directly the keys. If you further read between the lines you'll also see what tremendous effort is putting NSA to bypass encryption, never to crack encryption directly, except for very special cases with very specific ciphers. They know the math very well.
 
Kind regards

A very odd conclusion on the basis of what you have reported... On the contrary, all the leaks up to now confirm that NSA is not able to crack ciphers currently used by our service. That's exactly why they need backdoors or directly the keys. If you further read between the lines you'll also see what tremendous effort is putting NSA to bypass encryption, never to crack encryption directly, except for very special cases with very specific ciphers. They know the math very well.
 
Kind regards

What is Dynamic DNS?
"Dynamic DNS or DDNS is a method of updating, in real time, a Domain Name System (DNS) to point to a changing IP address on the Internet. This is used to provide a persistent domain name for a resource that may change location on the network."
Wikipedia, http://en.wikipedia.org/wiki/Dynamic_DNS
 
Premium Members can choose up to 20 names in their Forwarded Ports page, accessible from the left tabs of their "Client Area".
 
Just for comfort, a name is associated to a forwarded port.

When a Premium member connects to an Air VPN server, the .airdns.org DNS record is updated to the exit-IP address of that server. Therefore, be aware that this service may be unusable when you establish multiple connections to different servers from different devices with the same account (in such cases, you need to point directly to the exit-IP address of the server, or use some third-party DDNS which you manually set).

This service can be useful when you need a domain name, which must be persistent across all Air VPN servers, for a service you need to run "behind Air VPN". For example: if you want to host a game server, you can communicate to the players the DNS name and freely switch Air VPN servers.

Notes:TTL (Time-To-Live) is one hour. If you change VPN server, one hour may be needed before other users can resolve correctly your domain name. A longer time might be necessary: some public DNS (for example Google DNS) sometimes ignore TTL in their caching system.DNS are created or updated when a connection to an Air server is performed. They are deleted only if you disable the system (i.e. you delete the name from the forwarded ports panel). The latest IP address is NOT removed during disconnection or connection retry.

You provide Remote Port Forwarding, what is it?
 
"Remote port forwarding" forwards traffic coming from the Internet to our VPN server ports to a specified local port of your client.

By default, your account has no forwarded ports, and this is good as long as you don't wish to have a service reachable from the Internet. For example, suppose that you want to run a web server behind our VPN, or that you wish to receive incoming connections to your BitTorrent client in order to improve p2p performance, or to seed a file. Without at least one remotely forwarded port, your service could not be reached from the outside, because our VPN server would reject the proper packets to your service.

Usually this is a good security measure against attacks, but it prevents your services to be reached from the Internet.

When you remotely forward an inbound port, our servers will open that port (TCP, UDP or both, according to your selection) and will properly forward incoming packets to you on that port. The service will be reachable from the exit-IP address of the VPN server your system is connected to.

You can forward up to 20 ports simultaneously. You can do that on our website, in your account "Client Area". You can't forward ports lower than 2048.

You can map a remotely forwarded port to a different local port: this is useful for a variety of cases, for example when your service listens to a port lower than 2048 or when the port is already reserved. More details about it here below.

Once you reserve an inbound remote port for your account, you have two options:

1) Leave the "Local" field empty. In this case, packets arriving to the VPN server exit-IP address port n will be forwarded to your machine IP address inbound local port with the very same number n

2) Fill in the "Local" field with a different port number x. In this case packets arriving to port n will be forwarded to your system inbound local port x.

In both cases you need to reach the service on the VPN server exit-IP address port n.


IMPORTANT: do NOT forward on your router the same ports you use on your listening services while connected to the VPN. Doing so exposes your system to correlation attacks and potentially causes unencrypted packets to be sent outside the tunnel from your client. However, if you connect a router (for example DD-WRT, Tomato based firmware router) an additional step is required, please see https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/  
NOTE: you can't reach your listening service(s) through the VPN server exit-IP address from the very same machine that's running it/them and is connected to a VPN server, or from any other machine connected to that same VPN server.

A very odd conclusion on the basis of what you have reported... On the contrary, all the leaks up to now confirm that NSA is not able to crack ciphers currently used by our service. That's exactly why they need backdoors or directly the keys. If you further read between the lines you'll also see what tremendous effort is putting NSA to bypass encryption, never to crack encryption directly, except for very special cases with very specific ciphers. They know the math very well.
 
Kind regards

Hello!
 
A new experimental version 2.10.3 is available.
Bundled with OpenVPN 2.3.8 (OpenSSL 1.0.2d), graphics improvement for better Windows 10 compatibility.

You provide Remote Port Forwarding, what is it?
 
"Remote port forwarding" forwards traffic coming from the Internet to our VPN server ports to a specified local port of your client.

By default, your account has no forwarded ports, and this is good as long as you don't wish to have a service reachable from the Internet. For example, suppose that you want to run a web server behind our VPN, or that you wish to receive incoming connections to your BitTorrent client in order to improve p2p performance, or to seed a file. Without at least one remotely forwarded port, your service could not be reached from the outside, because our VPN server would reject the proper packets to your service.

Usually this is a good security measure against attacks, but it prevents your services to be reached from the Internet.

When you remotely forward an inbound port, our servers will open that port (TCP, UDP or both, according to your selection) and will properly forward incoming packets to you on that port. The service will be reachable from the exit-IP address of the VPN server your system is connected to.

You can forward up to 20 ports simultaneously. You can do that on our website, in your account "Client Area". You can't forward ports lower than 2048.

You can map a remotely forwarded port to a different local port: this is useful for a variety of cases, for example when your service listens to a port lower than 2048 or when the port is already reserved. More details about it here below.

Once you reserve an inbound remote port for your account, you have two options:

1) Leave the "Local" field empty. In this case, packets arriving to the VPN server exit-IP address port n will be forwarded to your machine IP address inbound local port with the very same number n

2) Fill in the "Local" field with a different port number x. In this case packets arriving to port n will be forwarded to your system inbound local port x.

In both cases you need to reach the service on the VPN server exit-IP address port n.


IMPORTANT: do NOT forward on your router the same ports you use on your listening services while connected to the VPN. Doing so exposes your system to correlation attacks and potentially causes unencrypted packets to be sent outside the tunnel from your client. However, if you connect a router (for example DD-WRT, Tomato based firmware router) an additional step is required, please see https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/  
NOTE: you can't reach your listening service(s) through the VPN server exit-IP address from the very same machine that's running it/them and is connected to a VPN server, or from any other machine connected to that same VPN server.

What is the difference between protocols?

UDP is a connectionless protocol, so during the handshake it is not always possible to do an effective error correction. As a result, when there's high ping or low quality line during the OpenVPN login, the handshake may fail, although you could see no significant problem after (if) the connection is established.
TCP is capable of handling these problems.

On the other hand, UDP is more efficient once the connection is established. OpenVPN also implements a basic packets error correction even in UDP (only after the tunnel is established).

If you experience problems with VoIP video/audio conversations when connected to the VPN through a TCP port, a typical case for which a difference may be visible (VoIP over TCP - for example UDP over TCP -  is clearly inferior to VoIP over UDP because TCP implements ARQ, UDP does not), then go for an UDP connection.

In general, you should always try an UDP connection if your ISP allows it and you don't experience any problem during the handshake.
However, TCP is mandatory if you need a proxy to reach the Internet. VPN over TOR connections require a TCP connection.

Variety of ports (53, 80, 443) is an additional option to try to bypass country or ISPs blocks, or bandwidth management. When OpenVPN connections are disrupted by your ISP (this happens for sure in China and Iran) then you need OpenVPN over SSL or OpenVPN over SSH supported by every AirVPN server and requiring, again, TCP.

Hello!
 
Our free and open source client Eddie 2.10.1 Experimental is now available. Feel free to test it, it includes several bugfixes from version 2.9.2 Stable. Remember that it's an experimental version which passed alpha testing but is still in beta testing.
 
If you wish to test it, you can download it in the download page for your system. Click "Other versions" then select "Experimental". Your feedback will be very much appreciated.
 
Changelog:
https://airvpn.org/services/changelog.php?software=client&format=html
 
Kind regards
 
UPDATE 13-Aug-15: Eddie 2.10.3 Experimental is now available https://airvpn.org/topic/14491-eddie-2101-experimental-available/?p=30952

Hello!
 
We regret to inform you that we are withdrawing the following servers.
 
Dsiban (KR). Contrarily to what was promised to us, Dsiban is not in a network neutral datacenter. South Korea wide IP re-routing and similar censorship is in place. Not acceptable for our service.
 
Etamin (USA). In the last two months we have received re-iterated menaces of service suspension due to few copyright infringement notices. It turns out now that a part of the datacenter abuse team thought that they were receiving notices pertaining to hosted illegal contents in the server (which has never been the case). Such errors are a bad symptom which hints to lack of attention and care.
 
More importantly, we have technical problems with the server which have recently become important. The datacenter nulls the server exit-IP address for hours for alleged "attacks" and "suspicious activity" (against the server from the outside), that we do not even detect just before the IP is nulled. This has happened many times in the last 45 days. In the last 45 days Etamin has gathered more complaints from our customers for bad service than all the other servers in our infrastructure together because of these sudden actions by the datacenter. Therefore, this server may be significantly harming AirVPN service quality in the eyes of Air customers using it.
 
Kind regards
AirVPN Staff

Please check with this "How To" article:
https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables
 
just in case you have missed it.
 
Kind regards

Hello!
 
We regret to inform you that we are withdrawing the following servers.
 
Dsiban (KR). Contrarily to what was promised to us, Dsiban is not in a network neutral datacenter. South Korea wide IP re-routing and similar censorship is in place. Not acceptable for our service.
 
Etamin (USA). In the last two months we have received re-iterated menaces of service suspension due to few copyright infringement notices. It turns out now that a part of the datacenter abuse team thought that they were receiving notices pertaining to hosted illegal contents in the server (which has never been the case). Such errors are a bad symptom which hints to lack of attention and care.
 
More importantly, we have technical problems with the server which have recently become important. The datacenter nulls the server exit-IP address for hours for alleged "attacks" and "suspicious activity" (against the server from the outside), that we do not even detect just before the IP is nulled. This has happened many times in the last 45 days. In the last 45 days Etamin has gathered more complaints from our customers for bad service than all the other servers in our infrastructure together because of these sudden actions by the datacenter. Therefore, this server may be significantly harming AirVPN service quality in the eyes of Air customers using it.
 
Kind regards
AirVPN Staff

Hello!
 
A new experimental version 2.10.3 is available.
Bundled with OpenVPN 2.3.8 (OpenSSL 1.0.2d), graphics improvement for better Windows 10 compatibility.

Hello!
 
A new experimental version 2.10.3 is available.
Bundled with OpenVPN 2.3.8 (OpenSSL 1.0.2d), graphics improvement for better Windows 10 compatibility.

Hello!
 
It appears that Eddie 2.9.2 has various issues with Windows 10.
 
When you run Windows 10, we strongly recommend that you upgrade to Eddie 2.10.2 Experimental. In the usual download page please click "Other versions" then select "Experimental" to point to it. Select the proper version for your Windows edition and download it.
 
Eddie 2.10.2 features some important bug fixes as well from version 2.9.2.
 
Kind regards

Hello!
 
The problem is here:
. 2015.08.13 11:12:04 - OpenVPN > Warning: route gateway is ambiguous: 192.168.11.1 (2 matches)
 
You have the same gateway on two different network interfaces. If it's a viable option for you, the fastest solution is just using only one network card for your default gateway.
 
Kind regards

Hey!
Just stopping by to say thanks. Perusing the forums and saw this thread. Been a member for almost 3 years now. AIR is by far the best of the best VPN providers. But now perusing this forum I seem to find a really great group of users too. Way cool. I say this because just in this one thread I have picked up on two useful bits of info for tweaking my clients. 
Thanks every one and Thanks AIR!!

Hello!
 
If you run our client Eddie in Windows 10, it already sets VPN DNS for ALL network interfaces by default (unless you explicitly configure it not to do it, of course).
 
About the last part of the article:
 
 
please note that this option is already available in Eddie 2.9.2 and 2.10.2 Experimental.
 
Kind regards

Hello!
 
This is a report of what happened in the datacenter where most of our NL servers are located, directly from the company managing director.
 
 
The two outages were anyway limited in time (10-15 minutes). We are confident that the datacenter operated by Instant is constantly improving the service quality. In the last months we have anyway added a significant amount of servers all around Europe to add redundancy. Our infrastructure is no more critically tied to Netherlands as it was before with Leaseweb, which (at least for the Netherlands and USA) is unfortunately no more a viable option for the service we offer to our customers. The new datacenter in the Netherlands is fully compliant to all of our requirements and the two short outages which occurred today are a minor inconvenience that should not occur anymore in this way.
 
Kind regards

Hello,

we have added  www.thesimpsons.com (www.simpsonsworld.com) to our georouting system.

Can you try again and confirm that it works now  ?
 
Note: Cable provider login required to access full length episodes. The clips instead do not have restrictions.

Kind regards

Do you allow p2p? How can I optimize performance of eMule and BitTorrent with AirVPN?

Yes, p2p is allowed, as well as any other protocol. Currently p2p is a set of the most efficient protocols to share and access information on the Internet. We do not discriminate against any protocol.

To obtain the best performance with a BitTorrent client or an eMule client, log your account in our web site and proceed to remotely forward a port from the menu "Client Area"->"Forwarded ports". Pick a port or let the system choose an available one for you. Pick "TCP & UDP". Remember the port number.

Then, configure the "Port used for incoming connections" (also called "Listening port") in your BitTorrent client so that it matches the port number you have just forwarded remotely. On eMule, go to "Options"->"Connection" tab. Write in both fields of "Client ports" the number of the port that you have forwarded. Disable UPnP, NAT-PMP and any possible automatic port mapping feature that can modify the listening port. 
If you run uTorrent or any other software with bandwidth management, make sure to disable such management (such as uTP in uTorrent).

In this way your clients will be able to accept incoming connections from the Internet, enhancing performance in several cases and making initial seeding possible. This procedure can be performed just once and for all, as long as you don't wish to change port(s) on your clients. On BitTorrent clients, make sure to disable the option to pick random ports at every startup.

If you forward a port for a p2p torrent client, do NOT remap it to a different local port and make sure that the torrent client port matches the remotely forwarded port number, otherwise your client will communicate to trackers (if you use them) and DHT the wrong port: torrent clients will communicate to trackers and DHT the port number you have configured in them. As a result, you will get no incoming packets from the swarm and the torrent client network status token will remain yellow.

IMPORTANT: do NOT forward on your router the same ports you use on your Bittorrent or eMule client (or any other listening service) while connected to the VPN. Doing so exposes your system to correlation attacks and potentially causes uncencrypted packets to be sent outside the tunnel from your client.

Hello,

the server Naos is back online now.

Kind regards

Hello!
 
We regret to inform you that we are withdrawing the following servers.
 
Dsiban (KR). Contrarily to what was promised to us, Dsiban is not in a network neutral datacenter. South Korea wide IP re-routing and similar censorship is in place. Not acceptable for our service.
 
Etamin (USA). In the last two months we have received re-iterated menaces of service suspension due to few copyright infringement notices. It turns out now that a part of the datacenter abuse team thought that they were receiving notices pertaining to hosted illegal contents in the server (which has never been the case). Such errors are a bad symptom which hints to lack of attention and care.
 
More importantly, we have technical problems with the server which have recently become important. The datacenter nulls the server exit-IP address for hours for alleged "attacks" and "suspicious activity" (against the server from the outside), that we do not even detect just before the IP is nulled. This has happened many times in the last 45 days. In the last 45 days Etamin has gathered more complaints from our customers for bad service than all the other servers in our infrastructure together because of these sudden actions by the datacenter. Therefore, this server may be significantly harming AirVPN service quality in the eyes of Air customers using it.
 
Kind regards
AirVPN Staff