Staff

Either they blacklist the whole range of commercial servers or indeed suspect some multihosters running their servers within the AirVPN network.
Of course it is not acceptable from them to do so as they should sort out accountsharing based on accounts and not whole IP ranges.

@aldebaran
 
Hello!
 
Since you run Eddie, if you don't want to go into details, you could just go to "AirVPN" -> "Preferences" -> "Protocols", select some OpenVPN over SSH mode, click "Save" and re-connect to some VPN server.
 
For your purpose, we would also recommend that you test OpenVPN over SSL. In Eddie "Protocols" tab, this is called "SSL Tunnel - Port 443". Technically, OpenVPN over SSL can be less efficient than OpenVPN over SSH [sTRIKE THROUGH: INCORRECT], but in case that your ISP does not shape only port 443 (because it does not want to make the shaping appear to customers using https) and port 80 (for http) then OpenVPN over SSL can provide higher throughput than OpenVPN over SSH (we do not provide SSH to port 443).
 
Kind regards

I have been able to connect via SSH with the following prerequisites:

- Cyanogenmod 11 (or any other rom that ships with command-line ssh client)
- OpenVPN for Android (available in F-Droid)
- Terminal Emulator (preinstalled in CM; available in F-Droid)
 
1. use the AirVPN generator to create config files for Linux (not Android!)
    - pick a specific server
    - choose SSH as connection mode
    - i recommend checking "Resolved hosts in .ovpn file"

2. run the shell script in your Android terminal emulator to make the ssh connection
3. import the .ovpn file in "OpenVPN for Android" and initiate the connection

Now, how do we get there on stock Android?
You can skip reading my following musings; I've figured out an easier way. Read the tutorial in my next post.
[EDIT: split for clarity - go to https://airvpn.org/topic/13486-ssh-tunneled-vpn-on-stock-android/?do=findComment&comment=24983 ]
 
It should be possible; none of the steps require root. The only problem is: While there are countless (GUI) SSH apps in F-Droid and the Play Store, you would need one that lets you
- use a key file for SSH authentification
- open a local listening port (ssh -L)

I do not use Google's Play Store on my devices so my own "research" stops there. If I were to try any apps - "Better Terminal Emulator Pro" looks promising as it includes a command-line SSH client.

If that app doesn't work or, like me, you don't want to use the Play Store, you might want to try KBOX2 in order to get a true cli ssh client:
http://kevinboone.net/kbox2.html
If I find some free time (and if KBOX2 turns out to be a viable alternative), I will write a follow-up post.
 
EDIT 1:
Apparently, ConnectBot (in F-Droid and Play Store) can handle key files and forwarding but I have yet to be able to get it to work.
EDIT 2:
1st road bump with KBOX2: It looks like the dropbear ssh client doesn't like our keyfile format. Solution: convert keyfile with "dropbearconvert":
dropbearconvert openssh dropbear sshtunnel.key id_rsa.db
(Install dropbear on a linux desktop, run the command, then change the AirVPN .sh script, swapping out "sshtunnel.key" with "id_rsa.db")
EDIT 3:
My KBOX2 experiment seems to work. I can't say for sure because I'm working in the Android emulator - which won't let OpenVPN create a tun device, but I don't see any connection-related issues... I'm fairly certain it'd work on a real Android device.
EDIT 4:
Alright, all this KBOX2 nonsense is unnecessary! ConnectBot can port-forward and use the keyfile too, much easier than setting up KBOX2. Read the tutorial below.

@aldebaran
 
Hello!
 
Since you run Eddie, if you don't want to go into details, you could just go to "AirVPN" -> "Preferences" -> "Protocols", select some OpenVPN over SSH mode, click "Save" and re-connect to some VPN server.
 
For your purpose, we would also recommend that you test OpenVPN over SSL. In Eddie "Protocols" tab, this is called "SSL Tunnel - Port 443". Technically, OpenVPN over SSL can be less efficient than OpenVPN over SSH [sTRIKE THROUGH: INCORRECT], but in case that your ISP does not shape only port 443 (because it does not want to make the shaping appear to customers using https) and port 80 (for http) then OpenVPN over SSL can provide higher throughput than OpenVPN over SSH (we do not provide SSH to port 443).
 
Kind regards

I don't use AirVPN's client.
 
This is because the way I use my network connections is probably quite unique to me. And I do not expect a single program, written by AirVPN or anyone else, to provide the level of flexibility and generality that can be achieved by configuring client programs, OpenVPN, the routing table and Windows Firewall. The idea of a program like the AirVPN client is to make things easier for those who do not want to spend the time learning how to configure all of the individual components. To be simpler for the user, such a program must present some simpler paradigm to the user. And this guarantees that there will be things that cannot be added or removed from the underlying (real configuration).
 
I am sure many people who start out using AirVPN's program will grow to a point where what they want to do cannot be done using AirVPN's program. When that point is reached, I think their efforts would be better spent learning how to do without AirVPN's program rather than demanding that AirVPN add more and more complexity to their client.
 
Setting "media.peerconnection.enabled" to false suppresses some functionality that some users may want to use. And use over the VPN.
 
A simple alternative is to add a rule (just one rule, so nothing so extensive as "network lock") to Windows Firewall that blocks Firefox from using the real interface. The rule must be given a name. This rule can then be enabled when the VPN is up, and disabled when the VPN is down, using a line-mode command that refers to the name of the rule (there can be several rules with the same name, so all get enabled or disabled together). And if you are using the OpenVPN client with your own customized configuration files, this can be made automatic.
 
So one could use the functionality lost by setting "media.peerconnection.enabled" to false over the VPN, without any risk of the real IP address be discovered.
 
I could provide a bit more explanation, or links to other topics here about doing this sort of thing, if anyone asks. I am sure other people here could too.

EDIT: a deeper study of improperly called "WebRTC leak" has brought up how the initial approach by a wide part of communities discussing it has been totally wrong, has missed the core reasons and has proposed "solutions" which are questionable. Please see here to get a more balanced and informed view of the so called "problem".
 
http://www.clodo.it/blog/an-alternative-approach-to-so-called-webrtc-leaks
 
 
WARNING: the following post was written hours after "WebRTC leak" hit the news. It is now to be considered outdated. It is also inappropriate when it uses the word "vulnerability". However, the way to prevent applications to talk outside the tunnel is the same, enable Network Lock or set proper firewall rules. It is absolutely nothing new, just like the whole fabricated "WebRTC leak" affair.
 
 
============================================================================
 
Hello!
 
Browsers supporting WebRTC run in a Windows-environment can seriously compromise the security of VPN-tunnels by allowing the true IP address of the user to be read. https://en.wikipedia.org/wiki/WebRTC#Concerns

WebRTC is supported in the following browsers:
https://en.wikipedia.org/wiki/WebRTC#Support
 
According to our tests we can at this moment confirm that Linux and OS X appear to be not affected. EDIT: OS X users please see here, according to this report OS X is vulnerable as well. https://airvpn.org/topic/13490-vpn-security-flaw-does-this-affect-airvpn/?do=findComment&comment=24757
 
You can test your system here: http://ipleak.net
 
Windows users can fix the vulnerability in one of the following ways:
 
- by enabling "Network Lock" in our free and open source client Eddie
- by configuring a firewall to prevent leaks. In our "How-To" section we have guides for Comodo and Windows Firewall
- by disabling WebRTC on the browser (WARNING: you can't do that in Google Chrome desktop edition, you'll need an extension). This page seems quite accurate https://www.browserleaks.com/webrtc#webrtc-disable
EDIT: in the above linked page, the extension recommended for Chrome does not really prevent leaks
- by running a browser which does not support WebRTC
 
 
Kind regards
AirVPN Support Team

Hello @Opayq,
 
thanks for the info, it looks relevant, because it is not an expected behavior and it will need additional investigation. In the meantime your way to kill both processes is fine, perfectly legitimate.
 
Kind regards

I've tried it and it works. IPv6 disabled. Network Lock On. Chrome extension disabled. No leak.

EDIT: a deeper study of improperly called "WebRTC leak" has brought up how the initial approach by a wide part of communities discussing it has been totally wrong, has missed the core reasons and has proposed "solutions" which are questionable. Please see here to get a more balanced and informed view of the so called "problem".
 
http://www.clodo.it/blog/an-alternative-approach-to-so-called-webrtc-leaks
 
 
WARNING: the following post was written hours after "WebRTC leak" hit the news. It is now to be considered outdated. It is also inappropriate when it uses the word "vulnerability". However, the way to prevent applications to talk outside the tunnel is the same, enable Network Lock or set proper firewall rules. It is absolutely nothing new, just like the whole fabricated "WebRTC leak" affair.
 
 
============================================================================
 
Hello!
 
Browsers supporting WebRTC run in a Windows-environment can seriously compromise the security of VPN-tunnels by allowing the true IP address of the user to be read. https://en.wikipedia.org/wiki/WebRTC#Concerns

WebRTC is supported in the following browsers:
https://en.wikipedia.org/wiki/WebRTC#Support
 
According to our tests we can at this moment confirm that Linux and OS X appear to be not affected. EDIT: OS X users please see here, according to this report OS X is vulnerable as well. https://airvpn.org/topic/13490-vpn-security-flaw-does-this-affect-airvpn/?do=findComment&comment=24757
 
You can test your system here: http://ipleak.net
 
Windows users can fix the vulnerability in one of the following ways:
 
- by enabling "Network Lock" in our free and open source client Eddie
- by configuring a firewall to prevent leaks. In our "How-To" section we have guides for Comodo and Windows Firewall
- by disabling WebRTC on the browser (WARNING: you can't do that in Google Chrome desktop edition, you'll need an extension). This page seems quite accurate https://www.browserleaks.com/webrtc#webrtc-disable
EDIT: in the above linked page, the extension recommended for Chrome does not really prevent leaks
- by running a browser which does not support WebRTC
 
 
Kind regards
AirVPN Support Team

AIRVPN DOES NOT RECOGNIZE ANYMORE VERISIGN, AFILIAS AND ICANN AUTHORITY. OUR COMMITMENT AGAINST UNITED STATES OF AMERICA UNFAIR AND ILLEGAL DOMAIN NAMES SEIZURES.

The United States of America authorities have been performing domain names seizures since the end of 2010. The seizures have been performed against perfectly legal web-sites and/or against web-sites outside US jurisdiction.

Administrators of some of those web-sites had been previously acquitted of any charge by courts in the European Union.

The domain name seizures affect the world wide web in its entirety since they are performed bypassing the original registrar and forcing VeriSign and Afilias (american companies which administer TLDs like .org, .net, .info and .com) to transfer the domain name to USA authorities property. No proper judicial overview is guaranteed during the seizure.

Given all of the above, we repute that these acts:

- are a violation of EU citizens fundamental rights, as enshrined in the European Convention on Human Rights;
- are an attack against the Internet infrastructure and the cyberspace;
- are a strong hint which shows that decision capacities of USA Department of Justice and ICE are severely impaired;

and therefore from now on AirVPN does not recognize VeriSign, Afilias and/or ICANN authority over domain names. AirVPN refuses to resolve "seized" domain names to the IP address designated by USA authorities, allowing normal access to the original servers' websites / legitimate Ip addresses.

In order to fulfil the objective, we have put in place an experimental service which is already working fine. If you find anomalies, please let us know, the system will surely improve in time.

Kind regards
AirVPN admins

Hello!
 
Your concerns about OpenVPN are probably based on a basic and huge misunderstanding. AirVPN is based on OpenVPN, a free and open source software by James Yonan and subsequently developed by OpenVPN Project and by OpenVPN Tehcnologies Inc.
 
OpenVPN has been and is continuously peer-reviewed and tested by some of the best cryptography experts in the world and by a very vast community with members from all over the world, together with OpenSSL (and PolarSSL, which might become relevant in the near future). AirVPN does not use any server, machine or infrastructure, does not employ any technician or any personnel from OpenVPN Technologies Inc. and does not exchange any data with OpenVPN Technologies Inc.
 
The fact that the software (which AirVPN uses without tweaks or anyway modifications from the source code) is open source is an invaluable advantage for deeper examinations and analysis. It is well known that OpenVPN is considered by thousands of experts, gurus and competent persons alike one of the best, if not THE best, VPN solution under a security and flexibility point of view. Please see here for a nice overview: https://en.wikipedia.org/wiki/Openvpn
 
Kind regards

Install from Google Play Store OpenVPN Connect, the official OpenVPN client for Android developed by OpenVPN Technologies, Inc. Launch your internet browser.
NOTE: don't use the default Android browser because it has an unresolved bug.
Chrome and Opera have been tested by us and work. Log in the AirVPN website and create the configuration files from our Config Generator.
Choose Linux as platform (only direct TCP and UDP connections are supported) and finally click then "Generate" button to download it. Downloaded .ovpn files may be imported directly into the application but the behavior depends on many factors (employed browser, files manager, Android version, etc).
For simplicity's sake, we assume in this guide that you saved .ovpn generated files under the Download's directory in the Android filesystem. Launch OpenVPN Connect and click on the top right menu button:
Click on the "Import" button:
Click on "Import Profile from SD card":
Browse your *.ovpn files:
Select your configuration of choice:
Confirm the import by clicking the "Select" button:
Click on the "Connect" button to connect:
Confirm Android security prompt dialog:
Wait for the connection's bootstrap process:
The VPN tunnel is now established:
When you need to disconnect from the VPN click on the "Disconnect" button:

Hello!

We're very glad to inform you that two new 1 Gbit/s servers located in Canada are available: Kraz and Rana.
 
The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP.

Just like every other Air server, Kraz and Rana support OpenVPN over SSL and OpenVPN over SSH.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

Hello!
 
Some additional considerations on the whole discussion. It seems somehow paradoxical that some of our customers explicitly ask for Net Neutrality violation when they look exactly for a service capable to respect Net Neutrality with no discriminations against any protocol. As soon as Net Neutrality respect brings inconveniences created by third-parties, we are somehow invited to send such respect into the trashcan. We tend to think that it would be more appropriate and honest to focus energy and protests against those services whose administrators actively contribute to destroy the open Internet, with Tor indiscriminate bans, huge blacklists which block millions of IP addresses just because they are 'used as NAT' or because they are used to operate dedicated servers. It seems unquestionable that the concept behind such actions is an Internet where end-to-end principle and privacy are deemed as negative features to be fought.
 
Remember our philosophy and mission: banning a server of ours because it's a source of problems appears as a very questionable action.
It is the same error that some services do with Tor: to hit someone, they ban innocent users who love their privacy or who are forced to use Tor to bypass censorship in their country.
 
If our servers or a Tor node are performing vulnerability scan, service needs to fix the vulnerability, not blame who caught it red handed.
If our servers or a Tor node are wasting a service resource, service operators need to learn how to configure well their systems.
If a service can't afford a method to manage spam, it should close the discussion system, it would be better for all.
 
For all of the above, AirVPN will never violate Net Neutrality, and so we'll never commit any action to help "incompetent services".
 
Kind regards
AirVPN Staff

AIRVPN DOES NOT RECOGNIZE ANYMORE VERISIGN, AFILIAS AND ICANN AUTHORITY. OUR COMMITMENT AGAINST UNITED STATES OF AMERICA UNFAIR AND ILLEGAL DOMAIN NAMES SEIZURES.

The United States of America authorities have been performing domain names seizures since the end of 2010. The seizures have been performed against perfectly legal web-sites and/or against web-sites outside US jurisdiction.

Administrators of some of those web-sites had been previously acquitted of any charge by courts in the European Union.

The domain name seizures affect the world wide web in its entirety since they are performed bypassing the original registrar and forcing VeriSign and Afilias (american companies which administer TLDs like .org, .net, .info and .com) to transfer the domain name to USA authorities property. No proper judicial overview is guaranteed during the seizure.

Given all of the above, we repute that these acts:

- are a violation of EU citizens fundamental rights, as enshrined in the European Convention on Human Rights;
- are an attack against the Internet infrastructure and the cyberspace;
- are a strong hint which shows that decision capacities of USA Department of Justice and ICE are severely impaired;

and therefore from now on AirVPN does not recognize VeriSign, Afilias and/or ICANN authority over domain names. AirVPN refuses to resolve "seized" domain names to the IP address designated by USA authorities, allowing normal access to the original servers' websites / legitimate Ip addresses.

In order to fulfil the objective, we have put in place an experimental service which is already working fine. If you find anomalies, please let us know, the system will surely improve in time.

Kind regards
AirVPN admins

Hello!
 
This is an expected behavior and a normal feature. In our opinion it's very logic, if not obvious. If Network Lock is inactive no traffic is blocked at all.
 
Kind regards

What is the referral system?

Referral system is a method to allow a person to gain money when another person buys a service or a product recommended by the first one, typically through a referral link.
A detailed referrals' page is available in Client Area, in Referrals page. It shows the URL that referrals need to use and some ready to use banners. It also lists the recent customers linked to the referrals and the latest account credit charges.

When a customer follows a referral link, a one-month validity 'referred_by' cookie is created in the customer's browser.
If it already exists and already points to the same referral, it gets renewed for one month.
If it already exists but does not point to the same referral, the original referral still remains.

During an account creation, a customer having the 'referred_by' cookie is linked to the referral.

When a new referred customer buys an AirVPN service for the first time, 20% is credited in 'Account Credit' of the referral person. Higher commissions are available when mid-term aims are reached. Contact us if you are interested in a mid-term commitment.


Pricing & Currency Your commission percentage is computed on the NET price In case a currency differs from EUR (including cryptocurrencies), your commission is always in EUR, computed at the exchange rate valid when the referred user made the payment.
Scenario examples: If a user follows your referral link, and it's the first time in a month that he/she browses airvpn.org website, any account that this user will create is associated to the referral. If a user follows your referral link after having followed a different referral link of another website, the first referral is the one that remains valid (for one month).

Hello!
 
We're very glad to inform you that two new 100 Mbit/s servers located in Latvia are available: Phact and Meissa.
 
The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP.

Just like every other Air server, Phact and Meissa support OpenVPN over SSL and OpenVPN over SSH.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Kind regards and datalove
AirVPN Team
 

Hi,
 
OS: Windows 7
Connection method: Eddie 2.8
Eddie configuration: Force TAP interface UP, Force DNS, Switch DHCP to static all activated to prevent dns leaks.
 
After shutting down while connected using eddy 2.8 i experience the following:
 
- At reboot DNS and fixed IP stay assigned not allowing me to surf the web with my regular connection, i have to manually reset auto ip and dns to my device (lan or wlan). After my manual intervention, I can connect to the internet.
- On the other hand, launching EDDIE to reconnect to an air server recovers the previous state from recover.xml file but can't connect to the internet neither to an Airvpn server as it recovers the situation from above. I had to delete airvpn.xml from eddie folder to recover the situation.
 
The point here is that for a non tech guy in the case he is connected to an air server via eddie and shuts down his computer without disconnecting, gets locked in a loop where he won't ever be able to reconnect to the internet...

Hello!
 
We're very glad to inform you that two new 100 Mbit/s servers located in Latvia are available: Phact and Meissa.
 
The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP.

Just like every other Air server, Phact and Meissa support OpenVPN over SSL and OpenVPN over SSH.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Kind regards and datalove
AirVPN Team
 

Hello!

We're very glad to inform you that two new 1 Gbit/s servers located in Canada are available: Kraz and Rana.
 
The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP.

Just like every other Air server, Kraz and Rana support OpenVPN over SSL and OpenVPN over SSH.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

What is the referral system?

Referral system is a method to allow a person to gain money when another person buys a service or a product recommended by the first one, typically through a referral link.
A detailed referrals' page is available in Client Area, in Referrals page. It shows the URL that referrals need to use and some ready to use banners. It also lists the recent customers linked to the referrals and the latest account credit charges.

When a customer follows a referral link, a one-month validity 'referred_by' cookie is created in the customer's browser.
If it already exists and already points to the same referral, it gets renewed for one month.
If it already exists but does not point to the same referral, the original referral still remains.

During an account creation, a customer having the 'referred_by' cookie is linked to the referral.

When a new referred customer buys an AirVPN service for the first time, 20% is credited in 'Account Credit' of the referral person. Higher commissions are available when mid-term aims are reached. Contact us if you are interested in a mid-term commitment.


Pricing & Currency Your commission percentage is computed on the NET price In case a currency differs from EUR (including cryptocurrencies), your commission is always in EUR, computed at the exchange rate valid when the referred user made the payment.
Scenario examples: If a user follows your referral link, and it's the first time in a month that he/she browses airvpn.org website, any account that this user will create is associated to the referral. If a user follows your referral link after having followed a different referral link of another website, the first referral is the one that remains valid (for one month).

Hello!

We're very pleased to introduce our new referral program. The program has been widely requested during AirVPN years of activity by several of our customers and it is now time to make it real.

We are confident that it will meet expectations and requirements and will attract our customers' interest. The available tools to join the program are aimed to be quick and effective in order to allow anyone interested in the program to get started with minimal effort.

We have written a detailed description of the system as an answer to a FAQ that you can find here:
https://airvpn.org/topic/12636-faq-referrals

Kind regards and datalove
AirVPN Staff
 

Hello!
 
We're very glad to inform you that we accept new CryptoCoins for AirVPN subscriptions.
 
You can find a list of accepted CryptoCoins in our plans page https://airvpn.org/plans
 
Please note that the list is dynamic. It is updated frequently and we might (we reserve the right to) stop accepting any kind of CryptoCoin in any moment.
 
Kind regards and datalove
AirVPN Staff
 

Hello!

We're very glad to inform you that two new 1 Gbit/s servers located in Canada are available: Kraz and Rana.
 
The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The servers accept connections on ports 53, 80, 443, 2018 UDP and TCP.

Just like every other Air server, Kraz and Rana support OpenVPN over SSL and OpenVPN over SSH.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team