Staff

What is a VPN?

VPN is an acronym of Virtual Private Network. Our VPN extends the private network across the Internet. It enables your computer (the "client") to send and receive data across the Internet through dedicated nodes ("the VPN servers") as if those data were an integral part of the private network. This is achieved through a point-to-point OpenVPN (in routing mode) connection. The connection is encrypted and each packet is authenticated both by your client and our servers, so that nobody (including your ISP) between your computer and the VPN server can see the data you transmit and receive, the real origin and destinations of such data, and, last but not least, can inject forged packets into your stream of data. The picked encryption cipher meets higher-than-military security requirements. 
Additionally, when your client has established a point-to-point encrypted connection (often referred to as "the tunnel"), your data will "get to the Internet" without any reference to your real IP address, which is simply no more inside the packets. Anybody on the Internet will therefore see your packets as coming from our VPN servers exit-IP addresses, not from your real IP address, protecting you against privacy intruders and other malignant entities, such as sniffers in public WiFi hot-spots, hi-jackers, profilers and disturbed "copyright trolls".
 
You don't need to configure applications to use "the tunnel", because our servers perform a set of route and default gateway pushes that your client accepts: your applications are "tunneled" transparently. OpenVPN encapsulates your packets inside an UDP or TCP stream, therefore all same or higher layer protocols are supported, making a VPN a profoundly different and highly superior solution to any http or socks proxy.

Please see for example here: https://airvpn.org/topic/3773-pls-help-strange-logs/?do=findComment&comment=3784
 
It would be a good habit to search the forums (good search functions are available) before posting questions that have been already answered multiple times.
 
Kind regards

Hello!
 
You might have noticed that something new is in our home page: our first promotional video!

It is is visible in our home page, totally hosted on our servers, as well as on YouTube at the following URL:
https://youtu.be/N7XMArI3bpACurrently it's subtitled in English, Italian and Chinese many languages.

If anyone wants to help us translate the video, please download an existing subtitle files:

English - https://airvpn.org/static/video/main_en.srt
Italian - https://airvpn.org/static/video/main_it.srt
Chinese - https://airvpn.org/static/video/main_cn.srt

translate it without changing timings and send it to us. We are interested in Spanish and German, but any language is welcome. Gift guaranteed
 
Kind regards
AirVPN Staff

Very good, but the last block of text at the end was not on long enough.  It was definitely more than 15 CPS (characters per second) which is the utmost limit for readible English text to appear on screen.

You provide Remote Port Forwarding, what is it?
 
"Remote port forwarding" forwards traffic coming from the Internet to our VPN server ports to a specified local port of your client.

By default, your account has no forwarded ports, and this is good as long as you don't wish to have a service reachable from the Internet. For example, suppose that you want to run a web server behind our VPN, or that you wish to receive incoming connections to your BitTorrent client in order to improve p2p performance, or to seed a file. Without at least one remotely forwarded port, your service could not be reached from the outside, because our VPN server would reject the proper packets to your service.

Usually this is a good security measure against attacks, but it prevents your services to be reached from the Internet.

When you remotely forward an inbound port, our servers will open that port (TCP, UDP or both, according to your selection) and will properly forward incoming packets to you on that port. The service will be reachable from the exit-IP address of the VPN server your system is connected to.

You can forward up to 20 ports simultaneously. You can do that on our website, in your account "Client Area". You can't forward ports lower than 2048.

You can map a remotely forwarded port to a different local port: this is useful for a variety of cases, for example when your service listens to a port lower than 2048 or when the port is already reserved. More details about it here below.

Once you reserve an inbound remote port for your account, you have two options:

1) Leave the "Local" field empty. In this case, packets arriving to the VPN server exit-IP address port n will be forwarded to your machine IP address inbound local port with the very same number n

2) Fill in the "Local" field with a different port number x. In this case packets arriving to port n will be forwarded to your system inbound local port x.

In both cases you need to reach the service on the VPN server exit-IP address port n.


IMPORTANT: do NOT forward on your router the same ports you use on your listening services while connected to the VPN. Doing so exposes your system to correlation attacks and potentially causes unencrypted packets to be sent outside the tunnel from your client. However, if you connect a router (for example DD-WRT, Tomato based firmware router) an additional step is required, please see https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/  
NOTE: you can't reach your listening service(s) through the VPN server exit-IP address from the very same machine that's running it/them and is connected to a VPN server, or from any other machine connected to that same VPN server.

Hello,
 
actually not, it is the total time needed by your browser to require via http a 1 byte file to the VPN server and receive it, but as a relative value it is good. And yes, using the client can be quicker (the client really pings).
 
Kind regards

Hello!
 
Yes, please browse to the "Status" page of our web site https://airvpn.org/status
 
The numbers displayed in ms for each server provide you with a relative (not absolute) latency which is a very precious information for your needs.
 
Kind regards

Hello!
 
You might have noticed that something new is in our home page: our first promotional video!

It is is visible in our home page, totally hosted on our servers, as well as on YouTube at the following URL:
https://youtu.be/N7XMArI3bpACurrently it's subtitled in English, Italian and Chinese many languages.

If anyone wants to help us translate the video, please download an existing subtitle files:

English - https://airvpn.org/static/video/main_en.srt
Italian - https://airvpn.org/static/video/main_it.srt
Chinese - https://airvpn.org/static/video/main_cn.srt

translate it without changing timings and send it to us. We are interested in Spanish and German, but any language is welcome. Gift guaranteed
 
Kind regards
AirVPN Staff

Nice. I sent you another the German translation via email. I hope you can use it.
 
Cheers!

Hello!
 
We have no idea how the comment author imagined such a completely fantastic scenario. "AirVPN Hack Executed" is just a line of our client logs, printed when some appropriate operations are performed to patch a (now rare) problem in some Windows 8 systems when the tun/tap interface does not come up. The tun/tap interface is the virtual network card used by OpenVPN. See also here: https://community.openvpn.net/openvpn/ticket/316
 
Our client is free and open source so anyone can examine the source code (and compile it) available on Github: https://github.com/AirVPN/airvpn-client
 
Kind regards
 

Hello,
 
yes, you could be right, see also here:
 
"To make these increasing snooping efforts more difficult, the tracker operators have decided to take a drastic measure. The three top trackers have all implemented a ban list which includes the IP-address ranges of many of the larger hosting providers, which are frequently used by anti-piracy firms."
 
https://torrentfreak.com/public-bittorrent-trackers-ban-piracy-monitoring-outfits-140523
 
From which servers do you experience this issue? Why do you use public trackers instead of DHT? Remember that public torrent trackers not only are obsolete, but they are the heaven of IP harvesters, copyright trolls and other mentally deranged people. If and when possible, they should not be used.
 
Kind regards

Hello!
 
You are right. The "problem" is that on some builds only TLS Cipher set to "None" will allow a correct connection. On some other builds only "TLS-DHE-RSA-WITH-AES-128-CBC-SHA" will work. Both are clearly wrong, but somehow they are bypassed by other settings. We don't know the reasons for this strange behavior.
 
Kind regards

Hello!
 
Knowing your IP address is inevitable at some stage, otherwise there would be no possible communication in any way. However the IP address is not stored (or even less sent to third-parties!) in any way, so it is lost as soon as you disconnect. By the way, you can hide your real IP address even to our servers by connecting for example OpenVPN over TOR. We don't block TOR nodes, of course, neither on the web site nor on any VPN server.
 
About the post you linked: yes, we send OpenVPN logs to /dev/null - it is not correct what they state about stats in this case, so our system looks slightly more secure in this respect because they do not send logs to /dev/null. Since we do it, we cut the main problem at its root. Instead they chose to run an OpenVPN version re-compiled by themselves and very correctly disclosed the diff source code, an interesting choice and also a necessary one for peer reviews, but we do not need this complication for the aforementioned reasons. Our solution provides as well the not secondary advantage for which we can count on global peer reviews on security of OpenVPN mainline.
 
Kind regards

Hello!
 
We have no idea how the comment author imagined such a completely fantastic scenario. "AirVPN Hack Executed" is just a line of our client logs, printed when some appropriate operations are performed to patch a (now rare) problem in some Windows 8 systems when the tun/tap interface does not come up. The tun/tap interface is the virtual network card used by OpenVPN. See also here: https://community.openvpn.net/openvpn/ticket/316
 
Our client is free and open source so anyone can examine the source code (and compile it) available on Github: https://github.com/AirVPN/airvpn-client
 
Kind regards
 

Hello!
 
Multi-hopping with servers belonging to the same operator will not protect you very effectively, anyway it is perfectly possible, you can already do it with our service. Please note that TOR over OpenVPN, or even OpenVPN over TOR, provides a much stronger anonymity layer than VPN server 1 over VPN server 2.
 
Kind regards

Hi, 
this is a an important question.
 
We have recorded a dramatic increase of clients requiring connections to NL servers in the past weeks and months. With the increase of single connected clients (consider that since April a user can connect simultaneously three clients and also consider that Air user base has grown up considerably during this year), we must take into account different variables to a server load in addition to available bandwidth.
 
CPUs of our servers not only must handle TLS auth and OpenVPN AES-256 encryption/decryption, but also SSH and OpenSSL additional tunnels. There is, so far, no scientific study which determines how the CPU load increases (under the same provided bandwidth) with the increase of connected clients in an OpenVPN server, but empirically it might be not linear (example: 50 clients requiring 1 Mbit/s each stress CPU more than one client requiring 50 Mbit/s does). So, we could have a server that has a line and a port of 1 Gbit/s, but whose CPU gets at capacity before that limit (for example already at 650 Mbit/s). Therefore, in order to respect our commitment to always provide at least 4 Mbit/s per client in at least one server in the world, we add servers before this limit is reached. In the particular case of the Netherlands, we have decided to go beyond our warrant, because customers clearly appear to be very interested in this country.
 
With the current configuration and considering the average numbers of clients connected to Netherlands servers with an excess prudential margin of 20%, we are now able to provide more than 4 Mbit/s per client in the Netherlands alone, even keeping into account potential aforementioned overhead. In the "Top 10 Users Speed", right now, we can see that the topmost 4 clients are all in the Netherlands, ranging from 65 Mbit/s to 40 Mbit/s each.
 
Kind regards

Hello everyone,
 
I'm not sure if you have heard that Verizon (VZW) has been, for the past two years, inserting a perma-cookie into HTTP traffic headers via means of a UIDH. The UIDH ignores: private browsing, do not track, even Verizon's own opt-outs.
 
I have assembled some links below to provide you some more information regarding this issue.
 
AFAIK, AirVPN users are safe from VZW tracking. You are also safe on sites that use HTTPS.
 
According to some comments in the various articles (links to articles below), it appears at least AT&T is doing the same thing as VZW.
 
Reddit: /r/Privacy Verizon & ATT injecting UIDH
Verizon adding UIDs: Hacker News
Wired: Verizon's Perma Cookie kills privacy
DSLreports: Verizon Perma Cookie
WebPolicy: Verizon Tracking Header
LessonsLearned: Test for Cellular tracking Beacons (must be on cellular network)
 
This issue highlights the need for net neutrality and encryption!
 
anonym

Install OpenVPN for Android.Hosted on GitHub: https://github.com/schwabe/ics-openvpn Note: if you don't have access to Google Play Store, you can download "OpenVPN for Android" apk here: https://airvpn.org/repository/ics-openvpn-latest-stable.apk Launch your internet browser.NOTE: don't use the default Android browser because it has an unresolved bug.
Chrome and Opera have been tested by us and work.
Connect to AirVPN website, login and create the configuration files from our Config Generator.Choose Linux as platform (only direct TCP and UDP connections are supported) and finally click the "Generate" button to download it.
Downloaded .ovpn files may be imported directly into the application but the behavior depends on many factors (employed browser, files manager, Android version, etc).For simplicity's sake, we assume in this guide that you saved .ovpn generated files under the Download directory in the Android filesystem.
Open OpenVPN for Android and tap the top right "Import" button:
Click on the import button of the prompt dialog:
Browse to *.ovpn files:
Select your configuration of choice:
Confim the import with the top right button:
Click on the imported profile to connect:
Confirm the Android's security prompt dialog:
Wait for the bootstrap sequence:
The VPN tunnel is now established:
When you need to disconnect from the VPN click on the "Disconnect" button from the app's notification:
Confirm the prompt dialog:

Hi, 
this is a an important question.
 
We have recorded a dramatic increase of clients requiring connections to NL servers in the past weeks and months. With the increase of single connected clients (consider that since April a user can connect simultaneously three clients and also consider that Air user base has grown up considerably during this year), we must take into account different variables to a server load in addition to available bandwidth.
 
CPUs of our servers not only must handle TLS auth and OpenVPN AES-256 encryption/decryption, but also SSH and OpenSSL additional tunnels. There is, so far, no scientific study which determines how the CPU load increases (under the same provided bandwidth) with the increase of connected clients in an OpenVPN server, but empirically it might be not linear (example: 50 clients requiring 1 Mbit/s each stress CPU more than one client requiring 50 Mbit/s does). So, we could have a server that has a line and a port of 1 Gbit/s, but whose CPU gets at capacity before that limit (for example already at 650 Mbit/s). Therefore, in order to respect our commitment to always provide at least 4 Mbit/s per client in at least one server in the world, we add servers before this limit is reached. In the particular case of the Netherlands, we have decided to go beyond our warrant, because customers clearly appear to be very interested in this country.
 
With the current configuration and considering the average numbers of clients connected to Netherlands servers with an excess prudential margin of 20%, we are now able to provide more than 4 Mbit/s per client in the Netherlands alone, even keeping into account potential aforementioned overhead. In the "Top 10 Users Speed", right now, we can see that the topmost 4 clients are all in the Netherlands, ranging from 65 Mbit/s to 40 Mbit/s each.
 
Kind regards

Hello!

We're very glad to inform you that five new 1 Gbit/s servers located in the Netherlands are available: Ceres, Julliet, Pallas, Riguel and Sedna.

The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The server accepts connections on ports 53, 80, 443, 2018 UDP and TCP.

Just like every other Air server, Ceres, Julliet, Pallas, Riguel and Sedna support OpenVPN over SSL and OpenVPN over SSH.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

Hello!
 
We resolved an issue of the AirVPN Client, about the Windows Autostart option that doesn't load the correct preferences.
 
The issue affected only Windows users, and only those who had chosen the Installer version and not the Portable version. For that, we decided to only patch the current 2.7 release.
 
Please re-download and re-install, enter Preferences and exit at least one time to resolve the issue.
 
Kind regards

Hello Staff,
 
Please disregard my last post as I was able to find the time to gather the requested information before I went out of town. I sent it to you via a support ticket referencing this thread.
 
Thank you for your help.
 
Best regards...

Android XMPP (Jabber) client with OTR
http://www.xabber.org/
Menu -> Settings -> XMPP accounts -> Add account

Account type: XMPP
Username: @xmpp.airvpn.org
Password:

Chat through TOR anonymity network and force TLS cryptographic protocol: if you wish so.

By default it uses TLS if enabled. Click the created account, search TLS/SSL usage and force Require TLS.

Update: Everything is fine now, no DNS "leaks". Following the IPv6 line of thought I disabled the IPv6 DHCP option in my router settings, reconnected and now on all of the tests I mentioned as well as GRC's Nameserver test I can only see those belonging to AirVPN.
 
Thanks for all the help

HOW TO FORWARD PORTS TO YOUR DEVICES WITH IPTABLES
 
You need to create a basic DNAT on your router. Remember that the router GUI usually forwards ports from the WAN to LAN. When connected to the VPN you must forward ports from TUN interface to the final destination. Therefore, it is important that you do not forward ports through the GUI of the router.
 
Assuming that:
destIP is the IP address of the destination device port is the port you wish to forward to that device tun1 is the tun interface of your router (please check! on some routers it can be tun0, on Tomato it can be tun11) you need to forward both TCP and UDP packets you need to add the following rules. Please note that the following rules do NOT replace your already existing rules, you just have to add them.
 
iptables -I FORWARD -i tun1 -p udp -d destIP --dport port -j ACCEPT
iptables -I FORWARD -i tun1 -p tcp -d destIP --dport port -j ACCEPT
iptables -t nat -I PREROUTING -i tun1 -p tcp --dport port -j DNAT --to-destination destIP
iptables -t nat -I PREROUTING -i tun1 -p udp --dport port -j DNAT --to-destination destIP
 
Note: if your router firmware iptables supports the multiport module you can use --match option to make your rules set more compact. Please see here, thanks to Mikeyy https://airvpn.org/topic/14991-asuswrt-merlin-multiple-ports/?do=findComment&comment=31221
 
Kind regards