Staff

worked like a charm, got 465/440 on latest speed test! Thank you.
 

UPDATE 2023-AUG-28

A customer with Virgin Hub 5 reported very poor performance. The problem could be resolved by running WireGuard (or Eddie in WireGuard mode) and forcing a 1280 bytes MTU size. In this way the customer could almost saturate the peak bandwidth offered by Virgin.
WireGuard's MTU size can be customized on Eddie 2.23.1 and higher versions, on "Preferences" > "WireGuard" window.

Kind regards
 

Hello!
 
You can consider to enforce permanent firewall rules that block all the outgoing traffic from your system. In this way, the activation of Network Lock will unlock communications to our VPN servers and bootstrap servers only. When Network Lock is disabled, the previous "block all" rules will be restored.
 
This means also that as long as Eddie has not started, your system traffic is totally blocked (even at boot). Just make sure that you allow anyway DHCP communications to your router, they are vital to establish a connection inside your local network.
 
Kind regards

AIRVPN DOES NOT RECOGNIZE ANYMORE VERISIGN, AFILIAS AND ICANN AUTHORITY. OUR COMMITMENT AGAINST UNITED STATES OF AMERICA UNFAIR AND ILLEGAL DOMAIN NAMES SEIZURES.

The United States of America authorities have been performing domain names seizures since the end of 2010. The seizures have been performed against perfectly legal web-sites and/or against web-sites outside US jurisdiction.

Administrators of some of those web-sites had been previously acquitted of any charge by courts in the European Union.

The domain name seizures affect the world wide web in its entirety since they are performed bypassing the original registrar and forcing VeriSign and Afilias (american companies which administer TLDs like .org, .net, .info and .com) to transfer the domain name to USA authorities property. No proper judicial overview is guaranteed during the seizure.

Given all of the above, we repute that these acts:

- are a violation of EU citizens fundamental rights, as enshrined in the European Convention on Human Rights;
- are an attack against the Internet infrastructure and the cyberspace;
- are a strong hint which shows that decision capacities of USA Department of Justice and ICE are severely impaired;

and therefore from now on AirVPN does not recognize VeriSign, Afilias and/or ICANN authority over domain names. AirVPN refuses to resolve "seized" domain names to the IP address designated by USA authorities, allowing normal access to the original servers' websites / legitimate Ip addresses.

In order to fulfil the objective, we have put in place an experimental service which is already working fine. If you find anomalies, please let us know, the system will surely improve in time.

Kind regards
AirVPN admins

Hello!

We regret to inform you that we will be discontinuing the service to residents of Italy as of February the 19th, 2024.
From the above date, any user registering on the platform must declare that he/she is not a resident of Italy. The purchase page will have IP address-based geolocation and will not be served to IP addresses located in Italy. We will not interrupt the service to current subscribers until the natural expiry date and the refund policy will be granted as usual.
 
REASONS FOR DISCONTINUATION
The so-called "Italian Piracy Shield" is a legal framework with implementing regulation by AGCOM (Italian Telecommunications Authority) that forces operators offering services in Italy to block access to end services through IP blocking and/or DNS poisoning.  The list of IP addresses and domain names to be blocked is drawn up by private bodies authorised by AGCOM (currently, for example, Sky and DAZN). These private bodies enter the blocking lists in a specific platform. The blocks must be enforced within 30 minutes of their first appearance by operators offering any service to residents of Italy.

There is no judicial review and no review by AGCOM. The block must be enforced inaudita altera parte and without the possibility of real time refusal, even in the case of manifest error. Any objection by the aggrieved party can only be made at a later stage, after the block has been imposed. For further details:
https://www-wired-it.translate.goog/article/piracy-shield-agcom-piattaforma-streaming-pirata-calcio-segnalazioni/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp

The above requirements are too burdensome for AirVPN, both economically and technically. They are also incompatible with AirVPN's mission and would negatively impact service performance. They pave the way for widespread blockages in all areas of human activity and possible interference with fundamental rights (whether accidental or deliberate). Whereas in the past each individual blockade was carefully evaluated either by the judiciary or by the authorities, now any review is completely lost. The power of those private entities authorized to compile the block lists becomes enormous as the blocks are not verified by any third party and the authorized entities are not subject to any specific fine or statutory damage for errors or over-blocking.

By withdrawing service availability from Italy, AirVPN will be able to stay outside the scope of the framework and maintain integrity and efficient operations.

We certainly sympathise with our fellow Italian citizens, and we will be happy to offer advice and alternatives. We would also like to remind them of our more than ten years of support for the Tor network, which is freely accessible even from Italy, and which is becoming increasingly reliable and fast thanks to a myriad of small contributions like ours.

Kind regards and datalove
AirVPN Staff
 

Hello!

We're very glad to inform you that a new 1 Gbit/s (full duplex) server located in Kyiv, Ukraine, is available: Altais.

Altais supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Altais will replace Alcor in the same location.

The AirVPN client will show automatically the new server; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard.

Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses and 4096 bit DH key not shared with any other VPN server.

You can check the status as usual in our real time servers monitor:
https://airvpn.org/servers/Altais

Do not hesitate to contact us for any information or issue.

Kind regards and datalove
AirVPN Staff

Hello!

Server load is indeed, and it has always been, one of the variables which are taken into calculation to determine the server rating and therefore recommend a server over another. Furthermore we have other inner variables which are monitored and are indicative of a server overload. In extreme cases yes, a server may be even closed to new connections due to overload, nothing new here. Such events are quite rare.
 
Where does this assumption come from? There's no evidence that OpenVPN users are slowing down WireGuard users. The problem is mainly on the OpenVPN client side, as users running OpenVPN on agnostic networks and/or on devices not supporting AES-NI might be unable to reach the performance which they would enjoy with WireGuard.

Again, whether or not prioritizing WireGuard over OpenVPN on the client side through our software default settings is not a problem due to OpenVPN stealing CPU time to WireGuard on server side (as incorrectly understood by @ms2738 too, we see now), as all servers have plenty of CPU available time for WireGuard, but a problem of customer satisfaction (in our previous message we mentioned the pros and cons which make the choice non trivial).

Kind regards
 

Hello!
 

Customers who are not residents of Italy and purchased the service from outside Italy should not suffer any unintended suspension, even if they are transiting through Italy (for example for tourism). Should any problem arise please contact the support team.
 
We will carefully explore different, feasible options when necessary, and this is one of them.
 
This is because the authority will seek to enforce blocks on any company offering services to residents of Italy, regardless of whether the service is offered from another country and jurisdiction. See, for example, the request for DNS poisoning filed to Quad9, a non-Italian company that operates DNS servers outside Italy but accessible to residents of Italy. It is remarkable to note that Quad9 challenged a similar request from Sony in court, and won.

Kind regards


 

@qwertyuiopas

Hello,

we think the moderator locked the thread correctly because you yourself wrote that the problem was resolved:
Since you just wrote the opposite we have re-opened the thread and merged it with your new message, no problems.

Kind regards
 

@organicchocolate

Hello!

Your setup is fine. On your side you may either use WireGuard or OpenVPN. You can't use them at the same time on the same machine. In many cases WireGuard can provide higher performance especially on devices without AES-NI acceleration, such as your iPhone. WireGuard kernel module, which plays an important role to make WIreGuard faster than OpenVPN, is not available in macOS, so you may also compare in your Mac OpenVPN vs. WireGuard and pick the one which can provide the better performance.

Kind regards
 

Hello!

Server load is indeed, and it has always been, one of the variables which are taken into calculation to determine the server rating and therefore recommend a server over another. Furthermore we have other inner variables which are monitored and are indicative of a server overload. In extreme cases yes, a server may be even closed to new connections due to overload, nothing new here. Such events are quite rare.
 
Where does this assumption come from? There's no evidence that OpenVPN users are slowing down WireGuard users. The problem is mainly on the OpenVPN client side, as users running OpenVPN on agnostic networks and/or on devices not supporting AES-NI might be unable to reach the performance which they would enjoy with WireGuard.

Again, whether or not prioritizing WireGuard over OpenVPN on the client side through our software default settings is not a problem due to OpenVPN stealing CPU time to WireGuard on server side (as incorrectly understood by @ms2738 too, we see now), as all servers have plenty of CPU available time for WireGuard, but a problem of customer satisfaction (in our previous message we mentioned the pros and cons which make the choice non trivial).

Kind regards
 

Hello!

Do you get any improvement with WireGuard? In order to switch to WireGuard:
from Eddie's main window please select "Preferences" > "Protocols" uncheck "Automatic" select any line with WireGuard. The line will be highlighted. click "Save" and re-start a connection to apply the change please make sure to test a few servers in different locations around your node Kind regards
 

Hello!

We're very glad to inform you that a new 10 Gbit/s (full duplex) server located in Los Angeles (California, USA) is available: Saclateni.

Saclateni supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard.

The AirVPN client will show automatically the new server; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard.

Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses and 4096 bit DH key not shared with any other VPN server.

You can check the status as usual in our real time servers monitor:
https://airvpn.org/servers/Saclateni

Do not hesitate to contact us for any information or issue.

Kind regards and datalove

Hello!

With the current information unfortunately we can't say what you should look into. Try to open a ticket and investigate together with the support team. Let them know your Operating System, the browser you run, the software you use to connect to VPN servers... probably they will ask you for even more info in an attempt to understand the cause of the problem.

Kind regards
 

@shortfacedbear

Hello!

While Eddie Windows edition does not feature traffic splitting on an application basis (i.e. the feature you would need) WireSock for Windows has emerged in the last months as a practical and efficient solution even for your needs. https://www.wiresock.net/

On Windows, WireSock allows per app traffic splitting, per app reverse traffic splitting, per IP address destination traffic splitting, and hybrid traffic splitting with an extremely simple configuration file. According to the new reports we received from some of our Windows customers, it is probably a good solution which will save you from virtualization and from any solution requiring a fairly decent system and networking competence. According to those same reports, WireSock is fully compatible with AirVPN but unfortunately it is not open source software as far as we can see.

Kind regards
 

There's also https://airvpn.org/api/status/

Hello!

Google Search should never be used for privacy reasons (Google profiling techniques are so advanced that you risk to create a correlation between your real identity and your VPN identity at the tiniest error) and ethical reasons, but you can rely on startpage.com if you really need Google Search. Startpage will proxy your queries to Google Search and serve you back Google reply, therefore an additional protection layer stands between your node and Google and you usually avoid captchas. A very good search engine offering privacy protection commitment is Brave Search:
https://search.brave.com

Kind regards
 

Hello!

A new release is planned during April 2024. Stay tuned!

Kind regards
 

If someone else wanted a decent VPN, I'd direct them to this. So far of a month usage, AirVPN never created any issues.
The port forwarding instruction was a bit confusing, as I was not sure If I should configure port forwarding in my router,
Maybe more detailed steps would be appreciated (the answer is don't configure, VPN will work without router configs)
About speeds, I always reach around 5/6 my speed (to keep it simple, I reach max speed).

Using WireGuard, in a Linux machine.
A happy customer, will renew subscription.

Edit: Oh, my bad. I forgot to credit AirVPN staffs, they are helpful in forums.

Hello!

Definitely, that reference to Google Authenticator was an old remnant of board's scrambled text. Please verify that everything has been fixed properly now. Thank you for the head-up.

Kind regards
 

@John Gow

Thanks, we ignore the Linux Mint policy hostile to AirVPN and their reasons to act in this way after we supported the open source community so much in the last 13 years, but as far as it pertains to Reddit that's part of their policy enforced ever since years ago. Please note that it is in no way a block against AirVPN and that you can enter Reddit anyway from all the AirVPN servers. For a full description please jump here:
https://airvpn.org/forums/topic/56980-vpn-servers-mostly-blocked-by-reddit/
 
It is, but it's not against AirVPN specifically. An important reason for which all VPNs tend to get blocked (but of course this can't be the reason for Linux Mint web sites) is that their usage has exceeded a critical threshold worldwide and it's now threatening businesses based on profiling, personal data harvesting and reselling. For other reasons, see also:
https://airvpn.org/forums/topic/57171-no-specific-report/?do=findComment&comment=228533

Kind regards
 

Hello!

Multiple keys allow you to:
selectively pick remotely forwarded inbound ports by device/key connect multiple devices to the same VPN server by using a different key on each device have different, device-specific DNS block lists
A dedicated panel to manage your client certificates and keys is accessible in our web site.
 
In order to access the main control panel click Client Area while your account is logged into the AirVPN web site.
 
The Devices button provides you with access to a panel to administer your client certificate/key pairs. The panel lets you use a multi-certificate/key support from AirVPN, a comfortable and convenient feature. You can have multiple pairs, renew them and issue completely new ones. From each device of yours you will be free to use any pair you like. Therefore you can keep all of your certificates and keys under control, administer them and also connect multiple devices to the same server and port by using a different key on each device. Eddie 2.13.6 or higher version is required.

In Eddie's Overview window a menu which will let you choose a key before you start a connection will appear automatically when you create a new certificate/key par from your account control panel (note: restart Eddie and log your account out and in again if such menu does not appear). To create a new certificate/key pair click the button labeled Add a new device.
 
The Configuration Generator has been modified as well, in order to let you generate configuration files with the certificate/key pair you wish.
 
Let's see in details how to use the "Devices/Keys" options.
 
Device Name and Description: these are free name and description which you can associate to any pair for your comfort. Click the pencil icon to edit.

Details opens a window showing various information: Type, Creation date, Last renew date and Last VPN connection. In the same window you can find the following actions: Renew: when you click this action button, the corresponding certificate will be revoked, and a new certificate/key pair will be issued. Delete: this action button will revoke the corresponding certificate, without issuing a new one. DNS: this action button will let you enter the DNS block list panel for that specific certificate/key pair to let you define, activate or de-activate specific DNS block lists, exceptions and additions, which will apply to that pair only.
View history and View Active will toggle with each other to provide you with any relevant information on the history of your actions about keys and the current active list.   
Some caution when using the aforementioned features:
if you revoke or renew a certificate/key pair which is being used by some connected device, that device will soon be disconnected
in Eddie Desktop edition, you will need to log your account out and then in again to force Eddie to pick a different pair (new or old) (*) - in Eddie Android edition this is not necessary
to use new pairs, you will need to re-generate and import configuration files if you use them with some third-party software, or if you run OpenVPN or Wireguard directly
(*) unchecking "Remember me" is necessary in older Eddie versions  
Kind regards and datalove
AirVPN Staff

Hello!

If DCO becomes stable and maintains the performance claimed in the OpenVPN Hackathon 2019 yes, we do, as DCO would outperform WireGuard (in real life we don't see much difference though, but we must keep into account that DCO is still highly experimental). On top of multi-threading support, it could be used over TCP too, which would be significant. On the server side it resolves also WireGuard limitation regarding the automatic IP address assignment in place of the moronic static, hard coded and on file key<->address bijection needed by WireGuard. On the other hand, on the Linux universe, we don't foresee DCO included in the mainline kernel, while WireGuard is already there. We'll see.
 
It's a worthwhile test and we're thinking about it.

Kind regards
 

Hello!

If DCO becomes stable and maintains the performance claimed in the OpenVPN Hackathon 2019 yes, we do, as DCO would outperform WireGuard (in real life we don't see much difference though, but we must keep into account that DCO is still highly experimental). On top of multi-threading support, it could be used over TCP too, which would be significant. On the server side it resolves also WireGuard limitation regarding the automatic IP address assignment in place of the moronic static, hard coded and on file key<->address bijection needed by WireGuard. On the other hand, on the Linux universe, we don't foresee DCO included in the mainline kernel, while WireGuard is already there. We'll see.
 
It's a worthwhile test and we're thinking about it.

Kind regards
 

Hello!

Please try again now.

Kind regards