Staff

Hello,
 
sorry, there is a delay due to unforeseen problems. The micro-routing Ubertechie has detected a bug in the micro-routing system and has been fixing it. Additionally, we have an annoying delay (for unknown reasons at the moment) on the delivery of another server in France which would have helped us in the testings AND that in our plans will be employed in the near future as a full VPN server (if it will pass all the tests).
 
Hopefully you should see news soon.
 
Kind regards

Hello,
 
we regret to inform you that Diadem VPN server has been withdrawn because of incompatibility between us and the provider FDC Servers. We received this communication from FDCServers:
 
 
 
Of course we will not comply to requests that have the arrogance to tell us how to conduct our business and would force traffic monitoring and logging that is not required by any law and that is potentially illegal. Additionally, such request comes as a consequence of unproven claims of copyright infringements from one third-party private entity, several of which (and this is very important) we know for sure are fabricated and false (because they refer to alleged copyright infringements on servers ports that are not used at all). FDCServers can rest assured that its services will no more attract our and your money,
 
Kind regards

Hello,
 
we regret to inform you that Diadem VPN server has been withdrawn because of incompatibility between us and the provider FDC Servers. We received this communication from FDCServers:
 
 
 
Of course we will not comply to requests that have the arrogance to tell us how to conduct our business and would force traffic monitoring and logging that is not required by any law and that is potentially illegal. Additionally, such request comes as a consequence of unproven claims of copyright infringements from one third-party private entity, several of which (and this is very important) we know for sure are fabricated and false (because they refer to alleged copyright infringements on servers ports that are not used at all). FDCServers can rest assured that its services will no more attract our and your money,
 
Kind regards

That must be a very hard task to keep VPN servers in U.S., especially during the last years...Where you can get raided because your kid was downloading a song...
The American dream...
 
 
Keep up the great service!   

Hello,
 
we regret to inform you that Diadem VPN server has been withdrawn because of incompatibility between us and the provider FDC Servers. We received this communication from FDCServers:
 
 
 
Of course we will not comply to requests that have the arrogance to tell us how to conduct our business and would force traffic monitoring and logging that is not required by any law and that is potentially illegal. Additionally, such request comes as a consequence of unproven claims of copyright infringements from one third-party private entity, several of which (and this is very important) we know for sure are fabricated and false (because they refer to alleged copyright infringements on servers ports that are not used at all). FDCServers can rest assured that its services will no more attract our and your money,
 
Kind regards

AIRVPN DOES NOT RECOGNIZE ANYMORE VERISIGN, AFILIAS AND ICANN AUTHORITY. OUR COMMITMENT AGAINST UNITED STATES OF AMERICA UNFAIR AND ILLEGAL DOMAIN NAMES SEIZURES.

The United States of America authorities have been performing domain names seizures since the end of 2010. The seizures have been performed against perfectly legal web-sites and/or against web-sites outside US jurisdiction.

Administrators of some of those web-sites had been previously acquitted of any charge by courts in the European Union.

The domain name seizures affect the world wide web in its entirety since they are performed bypassing the original registrar and forcing VeriSign and Afilias (american companies which administer TLDs like .org, .net, .info and .com) to transfer the domain name to USA authorities property. No proper judicial overview is guaranteed during the seizure.

Given all of the above, we repute that these acts:

- are a violation of EU citizens fundamental rights, as enshrined in the European Convention on Human Rights;
- are an attack against the Internet infrastructure and the cyberspace;
- are a strong hint which shows that decision capacities of USA Department of Justice and ICE are severely impaired;

and therefore from now on AirVPN does not recognize VeriSign, Afilias and/or ICANN authority over domain names. AirVPN refuses to resolve "seized" domain names to the IP address designated by USA authorities, allowing normal access to the original servers' websites / legitimate Ip addresses.

In order to fulfil the objective, we have put in place an experimental service which is already working fine. If you find anomalies, please let us know, the system will surely improve in time.

Kind regards
AirVPN admins

ITV Player seems to require routing of mercury.itv.com via the UK.

Hello,
 
you can generate split files by clicking on "Advanced Mode" and ticking "Separate certs/key from .ovpn files". By default the generator creates .ovpn files embedded with certificates and key.
 
Kind regards

Hello,
 
correct, on OpenVPN over SSH your client is pushed an IP address in 10.50.0.0/16, i.e. range starting from 10.50.0.2 and ending to 10.50.255.254
 
Kind regards
AirVPN Support Team

Hello,
 
under a pure performance point of view, our DNS records are updated in almost-real-time to reflect the best server for each area. The best server is determined according to a formula which keeps into considerations the following parameters: latency from nodes in the same region, available bandwidth, status parameters (such as packet loss). Once the system has performed measurements and calculations, it determines the best server and updates DNS accordingy. For example, america.vpn.airdns.org will resolve to the IP address of the best server in America continent.
 
You can see the best server and many more information (useful also in case you wish to perform a manual pick) in our servers monitor:
 
https://airvpn.org/status
 
where latency is calculated directly from your computer, bandwidth and stats are updated every 60 seconds.
 
Additionally, have a look at the Ping Matrix (updated every 300 seconds):
 
https://airvpn.org/pingmatrix
 
Kind regards

Thanks a bunch!
Now it works perfectly

Hello,
 
sorry, no plans at all at the moment.
 
Kind regards

Hello!
 
Ok, the results from ipleak.net show no DNS leak at all.
 
Kind regards

Hello!
 
Just as a side-note, you don't need to assign a static IP address to your network card to prevent DNS leaks (and in some circumstances it might also create issues if your network is handled by a DHCP server), just set static DNS IP addresses 10.4.0.1 and 10.5.0.1, which are reachable regardless of the Air VPN server port you connect to.
 
Kind regards

EDITED ON 21 Aug 12
EDITED ON 24 Nov 12: added important note for some Linux users, see bottom of message
EDITED ON 02 Jun 15: please refer to https://airvpn.org/faq/software_lock for a more advanced set of rules
 
WARNING: this guide assumes that you have no IPv6 connectivity. If you have, you should block outgoing IPv6 packets while connected to the VPN with "ip6tables". Please see https://airvpn.org/faq/software_lock
 
Hello!
 
You can use iptables, a very powerful packet filtering and NAT program (probably one of the most powerful, if not the most powerful of all). iptables is already included in all official Ubuntu distros and most Linux distros, anyway if you don't have it just install it with aptitude.
 
Adding the following simple rules will prevent leaks in case of [accidental] VPN disconnection. In this example, it is assumed that your network interface is eth+ (change it as appropriate; for example, you might have wlan0 for a WiFi connection).
 
a.b.c.d is the entry-IP address of the Air server you connect to. You can find out the address simply looking at the line "remote" of your air.ovpn configuration file. In case of doubts, just ask us. Some of the following rules might be redundant if you have already chains.
 
Assumptions: you are in a 192.168.0.0/16 network and your router is a DHCP server. You have a a physical network interface named eth*. The tun adapter is tun* and the loopback interface is lo.
 
iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT #allow loopback access iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT #make sure you can communicate with any DHCP server iptables -A INPUT -s 255.255.255.255 -j ACCEPT #make sure you can communicate with any DHCP server iptables -A INPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT #make sure that you can communicate within your own network iptables -A OUTPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT iptables -A FORWARD -i eth+ -o tun+ -j ACCEPT iptables -A FORWARD -i tun+ -o eth+ -j ACCEPT # make sure that eth+ and tun+ can communicate iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE # in the POSTROUTING chain of the NAT table, map the tun+ interface outgoing packet IP address, cease examining rules and let the header be modified, so that we don't have to worry about ports or any other issue - please check this rule with care if you have already a NAT table in your chain iptables -A OUTPUT -o eth+ ! -d a.b.c.d -j DROP # if destination for outgoing packet on eth+ is NOT a.b.c.d, drop the packet, so that nothing leaks if VPN disconnects 
When you add the above rules, take care about pre-existing rules, if you have already some tables, and always perform a test to verify that the subsequent behavior is what you expect: when you disconnect from the VPN, all outgoing traffic should be blocked, except for a reconnection to an Air server.
 
In order to block specific programs only, some more sophisticated usage of iptables is needed, and you will also need to know which ports those programs use. See "man iptables" for all the features and how to make the above rules persistent or not according to your needs.
 
 
Warning: the following applies ONLY for Linux users who don't have resolvconf installed and don't use up & down OpenVPN directives with update-resolv-conf script
 
In this case, your system has no way to process the DNS push from our servers. Therefore your system will just tunnel the DNS queries with destination the DNS IP address specified in the "nameserver" lines of the /etc/resolv.conf file. But if your first nameserver is your router IP, the queries will be sent to your router which in turn will send them out unencrypted. Solution is straightforward: edit the /etc/resolv.conf file and add the following line at the top (just an example, of course you can use any of your favorite DNS, as long as it is NOT your router):
nameserver 10.4.0.1 # in order to use AirVPN DNS
nameserver 31.220.5.106 # in order to use OpenNIC DNS only if AirVPN DNS is unavailable
 
Kind regards
 
Original thread post: https://airvpn.org/topic/1713-win-mac-bsd-block-traffic-when-vpn-disconnects/page-2?do=findComment&comment=2010

Nashira and Pollux are both working for me now, and my download speeds are serviceable (400-500 Kbps). Still no tracker connection, but as long as the download speeds are reasonable, I'm happy.
 
I also just installed a new router since my previous one had slowly started killing my latency (2000ms to ping google and sporadic packet loss by the time I isolated the problem), but I didn't realize there was a problem until my browsing speeds became significantly impacted. The faulty router must have been the primary contributor to my single-digit download speeds before since both Nashira and Pollux are both performing as desired for me now.

Hello,
 
there is a GMail option to disable that warning and allow any IP address, and even an option to authorize certain IP addresses (so you could put there the exit-IP addresses of the VPN servers you connect to). Please consult the GMail guides at your convenience. Once you have authorized an IP address, it will be authorized regardless of the device you use to access the mail server.
 
Kind regards

Hello!

We're very glad to inform you that a new 1 Gbit/s server located in UK is available: Nunki.

The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").
 
The server accepts connections on ports 53, 80, 443, 2018 UDP and TCP.
 
Just like every other Air server, Nunki supports OpenVPN over SSL and OpenVPN over SSH.
 
As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

Hello!

We're very glad to inform you that a new 1 Gbit/s server located in Canada is available: Lesath.

The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").
 
The server accepts connections on ports 53, 80, 443, 2018 UDP and TCP.
 
Just like every other Air server, Lesath supports OpenVPN over SSL and OpenVPN over SSH.
 
As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team
 

Hello!

We're very glad to inform you that a new 1 Gbit/s server located in UK is available: Nunki.

The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").
 
The server accepts connections on ports 53, 80, 443, 2018 UDP and TCP.
 
Just like every other Air server, Nunki supports OpenVPN over SSL and OpenVPN over SSH.
 
As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

Hello,
 
about p2p activities: we have never received any communication or request of any kind from legal authorities (neither jurisdictionally competent nor jurisdictionally not competent).
 
From private entities, we have received communications of alleged copyright infringements perpetrated through usage of p2p protocols through some of our servers, but we have never received any request of data disclosure. Until now all of such communications have never been accompanied by any proof, and now and then they referred to servers which were not operational at the time of the alleged infringement, casting serious doubts about the validity of any similar allegation.
 
In case of personal data disclosure requests from private entities, the request would be simply ignored or in extreme cases cause us to report the private entity to competent authorities, because in general complying to such requests, in our jurisdiction, would imply to commit civil and criminal infringements.
 
In every other case, we can't give away information that we do not have.
 
Kind regards

Hello!

We're very glad to inform you that a new 1 Gbit/s server located in Canada is available: Lesath.

The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").
 
The server accepts connections on ports 53, 80, 443, 2018 UDP and TCP.
 
Just like every other Air server, Lesath supports OpenVPN over SSL and OpenVPN over SSH.
 
As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team
 

Hello!

We're very glad to inform you that a new 1 Gbit/s server located in UK is available: Nunki.

The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").
 
The server accepts connections on ports 53, 80, 443, 2018 UDP and TCP.
 
Just like every other Air server, Nunki supports OpenVPN over SSL and OpenVPN over SSH.
 
As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team

I have been unable to reach (even ping) these public trackers via Corvi for about half a day now:
 
tracker.istole.it
tracker.publicbt.com
tracker.openbittorrent.com
 
I can ping them OK from my normal IP.

Hello!

We're very glad to inform you that a new 1 Gbit/s server located in Canada is available: Lesath.

The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").
 
The server accepts connections on ports 53, 80, 443, 2018 UDP and TCP.
 
Just like every other Air server, Lesath supports OpenVPN over SSL and OpenVPN over SSH.
 
As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.
 
Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Team