InactiveUser

10.4.0.1 should be reachable regardless of connection method (port / protocol).
The full list of internal addresses can be found at the bottom of this page:
https://airvpn.org/specs/

The question mark is related to NetworkManager's connectivity check.
Periodically - and whenever a connection's status changes - NetworkManager tries to contacts a website. If it doesn't get an "OK" response, the question mark appears.
This means that there's either no connectivity at all or there is connectivity but DNS doesn't resolve.
On a side note, for F21, the config file for the connectivity check can be found at:
 
/etc/NetworkManager/conf.d/20-connectivity-fedora.conf Steps you should take:
1. connect to VPN
2. run
ip addr | grep tun0 and see if your tun0 has been assigned an "inet" address (10.x.x.x)
3. run
ip route the first line should be a default route pointing at the VPN device:
default via 10.x.x.x dev tun0 (..)
4. run
cat /etc/resolv.conf to see what DNS servers you're using. For testing purposes, you can edit this file directly (changes take effect immediately). For persistent changes, you would need to edit the NetworkManager (Air)VPN connection profile to put in the correct AirVPN DNS server 10.x.0.1 - example: If your tun0 address is 10.4.x.x, the DNS IP would be 10.4.0.1, if it is 10.7.x.x, the DNS IP would be 10.7.0.1.)

5. check your firewall rules.
firewall-cmd --direct --get-all-rules Compare them to my current rules:
I grayed out those rules that shouldn't be of any importance with regard to connectivity.
For the sake of brevity, I also deleted all but one AirVPN entry server rules. The one I left in there (192.96.200.18) would allow you to connect to Arrakis. The numbers you see after INPUT/OUTPUT indicate rule position/priority. I haven't actually tested if it makes a difference but AFAIK, DROP rules should be added last, that's why you see 999 in my rules. Read "man firewalld.direct", the "priority" section and the "EXAMPLE" a bit further down in that document.


6. Lastly, you can also investigate
 
journalctl -x -u NetworkManager --since=-10minutes which will show you all NetworkManager logs (including the openvpn module) of the last 10 minutes.


Important note:
If you can't resolve the problem on your own, it would be helpful to see the output of all the commands I mentioned above BUT:
Inspect all output before posting it. Remove, if you find any, identifying info like: non-local/non-AirVPN IP addresses, host names, MAC addresses, ...

Greetings,
 
After numerous tests with 2 different VPN providers ( including AirVPN ) I've come to the conclusion that Shaw ( a prominent Canadian ISP ) is throttling UDP/TCP VPN traffic.
 
My internet plan is for 50Mbps of which I get roughly 48Mbps on speedtest.net while connected via UDP or TCP VPN to Canadian/USA servers or any countries for that matter i'm locked at 3.5Mbps consistently some times 4Mbps.
 
The only solution I was able to find was a service that seems only few VPN providers offer ( AirVPN being one of them ) is SSL Tunneling, after using SSL Tunneling I was able to get 20 - 30Mbps ( of which I find acceptable as download managers can improve this )
 
Just wanted to share this tid bit of knowledge with any other AirVPN Canadian subscribers.
 
Thanks and have a great day !
 
 

Answer to question 1)
 
There are two different types of credentials:
- your AirVPN account / password (the client is able to save these credentials)
- your Mint user account password (the client can't save this password. Every time you launch the client, it needs to ask the OS for root privileges)

If you want to launch the client automatically on system boot, add it to Mint's autostart list (but you'd still have to enter your sudo password).

If you want to run the client without having to enter your sudo password, that's possible too (but slightly tricky if you're totally unfamiliar with the process).

I've already detailed both of these procedures with screenshots / commands in another thread:
https://airvpn.org/topic/12797-from-windows-7-to-linux-problem/
 
 
Answer to question 2)
 
Linux uses the /etc/resolv.conf file which contains all DNS servers that the system may use. If it contains any other than AirVPN servers (which have IPs like 10.X.0.X), that would be the cause of your leaks. The AirVPN client offers options to manage the resolv.conf file, check the client menu, "Advanced" section.
To see if it did its job, connect to AirVPN and then check the contents of the /etc/resolv.conf file.

I'll be honest, when i first encountered firewalld I had the same reflex, trying to go back to iptables. But it's not that different if you make use of the "direct configuration" mode.
You can either use the "Firewall" GUI to write/edit your rules...
 

 
 
... or use the command line. I will list the commands / rules that I personally use.
I should add that I don't use the Eddie client, I connect directly via NetworkManager.
The following content is not a step by step guide. I am merely presenting a few rule examples and some general tips and tricks that I personally make use of. I achieve blocking non-VPN traffic by whitelisting AirVPN's entry servers and blocking all other direct traffic.

- firewalld commands to directly alter permanent rules -
 
#allow loopback firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -i lo -j ACCEPT firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -o lo -j ACCEPT #allow lan (out) and broadcasting/dhcp firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -s 255.255.255.255 -j ACCEPT firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -d 255.255.255.255 -j ACCEPT # allow tun device to communicate firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -o tun+ -j ACCEPT firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -i tun+ -j ACCEPT firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 998 -o tun+ -j ACCEPT # optional masquerade rule (NAT/ports) firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -o tun+ -j MASQUERADE # finally, drop outgoing ipv4 (if not specifically allowed by other rules) firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 999 -j DROP # optionally, block incoming ipv4 firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 999 -j DROP # drop all ipv6 firewall-cmd --permanent --direct --add-rule ipv6 filter OUTPUT 0 -j DROP   firewall-cmd --permanent --direct --add-rule ipv6 filter INPUT 0 -j DROP # example: allow outgoing ipv4 to a specific AirVPN entry server firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -d 82.118.16.175 -j ACCEPT # alternatively, lock it down to specific port and protocol: firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p udp -m udp --dport=443 -d 82.118.16.175 -j ACCEPT # add such a rule for every AirVPN entry server you need to connect to   Don't forget to restart firewalld to apply the new permanent rules:
 
systemctl restart firewalld   
 
 
- tips and tricks -
 

If you intend to use most / all AirVPN servers, it would be tedious to add rules one by one. Here are some hints on how to automate the process.
 
1. Generate .ovpn file containing all servers:
 

 
 
 
2. bash one-liner to generate firewall rules for all IPs
 
grep "remote " AirVPN_All-servers_UDP-443.ovpn | awk {'print $2'} | tr '\n' '\0' | xargs -0 -L1 -I '$' echo 'firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p udp -m udp --dport=443 -d $ -j ACCEPT' > firewalld-commands  Breaking down all parts of this one-liner:
 
grep "remote " AirVPN_All-servers_UDP-443.ovpn   
...find all lines that contain an entry IP
 
 
awk {'print $2'}   
...only print the 2nd column of the lines to get the IPs by themselves
 
 
tr '\n' '\0'   
...translate the newline character so that xargs can parse the lines correctly
 
 
xargs -0 -L1 -I '$' echo 'firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p udp -m udp --dport=443 -d $ -j ACCEPT'   
...for each line, xargs will echo a string (the firewall command) and replace each "$" with the IP we pipe into xargs    
 
 
> firewalld-commands   
...finally, save the output (the generated firewall rules) as a file called "firewalld-commands


You can then run this file (as root) to execute the generated rules all at once:
 
bash firewalld-commands   
Don't forget to restart firewalld for the new permanent rules to take effect:
 
systemctl restart firewall   
You can print all permanent rules using:
 
firewall-cmd --direct --get-all-rules   
 
General advice
 
- Don't forget to test your firewall rules!
- Don't copy my rules! They're just an example! Adapt them to your situation!
- Remember that AirVPN occasionally withdraws and also adds servers. Maintain your rules to reflect changes.
- Don't forget to correctly configure DNS resolution in order to avoid DNS leaks. Especially when using NetworkManager.

I'll be honest, when i first encountered firewalld I had the same reflex, trying to go back to iptables. But it's not that different if you make use of the "direct configuration" mode.
You can either use the "Firewall" GUI to write/edit your rules...
 

 
 
... or use the command line. I will list the commands / rules that I personally use.
I should add that I don't use the Eddie client, I connect directly via NetworkManager.
The following content is not a step by step guide. I am merely presenting a few rule examples and some general tips and tricks that I personally make use of. I achieve blocking non-VPN traffic by whitelisting AirVPN's entry servers and blocking all other direct traffic.

- firewalld commands to directly alter permanent rules -
 
#allow loopback firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -i lo -j ACCEPT firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -o lo -j ACCEPT #allow lan (out) and broadcasting/dhcp firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -s 255.255.255.255 -j ACCEPT firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -d 255.255.255.255 -j ACCEPT # allow tun device to communicate firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -o tun+ -j ACCEPT firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -i tun+ -j ACCEPT firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 998 -o tun+ -j ACCEPT # optional masquerade rule (NAT/ports) firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -o tun+ -j MASQUERADE # finally, drop outgoing ipv4 (if not specifically allowed by other rules) firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 999 -j DROP # optionally, block incoming ipv4 firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 999 -j DROP # drop all ipv6 firewall-cmd --permanent --direct --add-rule ipv6 filter OUTPUT 0 -j DROP   firewall-cmd --permanent --direct --add-rule ipv6 filter INPUT 0 -j DROP # example: allow outgoing ipv4 to a specific AirVPN entry server firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -d 82.118.16.175 -j ACCEPT # alternatively, lock it down to specific port and protocol: firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p udp -m udp --dport=443 -d 82.118.16.175 -j ACCEPT # add such a rule for every AirVPN entry server you need to connect to   Don't forget to restart firewalld to apply the new permanent rules:
 
systemctl restart firewalld   
 
 
- tips and tricks -
 

If you intend to use most / all AirVPN servers, it would be tedious to add rules one by one. Here are some hints on how to automate the process.
 
1. Generate .ovpn file containing all servers:
 

 
 
 
2. bash one-liner to generate firewall rules for all IPs
 
grep "remote " AirVPN_All-servers_UDP-443.ovpn | awk {'print $2'} | tr '\n' '\0' | xargs -0 -L1 -I '$' echo 'firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p udp -m udp --dport=443 -d $ -j ACCEPT' > firewalld-commands  Breaking down all parts of this one-liner:
 
grep "remote " AirVPN_All-servers_UDP-443.ovpn   
...find all lines that contain an entry IP
 
 
awk {'print $2'}   
...only print the 2nd column of the lines to get the IPs by themselves
 
 
tr '\n' '\0'   
...translate the newline character so that xargs can parse the lines correctly
 
 
xargs -0 -L1 -I '$' echo 'firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p udp -m udp --dport=443 -d $ -j ACCEPT'   
...for each line, xargs will echo a string (the firewall command) and replace each "$" with the IP we pipe into xargs    
 
 
> firewalld-commands   
...finally, save the output (the generated firewall rules) as a file called "firewalld-commands


You can then run this file (as root) to execute the generated rules all at once:
 
bash firewalld-commands   
Don't forget to restart firewalld for the new permanent rules to take effect:
 
systemctl restart firewall   
You can print all permanent rules using:
 
firewall-cmd --direct --get-all-rules   
 
General advice
 
- Don't forget to test your firewall rules!
- Don't copy my rules! They're just an example! Adapt them to your situation!
- Remember that AirVPN occasionally withdraws and also adds servers. Maintain your rules to reflect changes.
- Don't forget to correctly configure DNS resolution in order to avoid DNS leaks. Especially when using NetworkManager.

I have checked my hosts file and it does not have any duplicate lines in it.
(I compared the linecount of "cat /etc/hosts | wc -l" versus "cat /etc/hosts | sort | uniq | wc -l").
 
What do you mean by "they don't list the output of the compiled list of blocked hosts"?
The resulting hosts file already is a "hosts friendly file" - it's plain text!  
 
You can set a custom path for the resulting file in the rc.conf:
 
 
# FINAL HOSTSFILE. The final hosts file that combines together all downloaded # blocklists. If not using a dns caching daemon like dnsmasq, this should be # /etc/hosts. Include hosts file entries which you want to maintain in the # "hostshead" entry, such as your loopback device (e.g. 127.0.0.1 localhosts) hostsfile="/etc/hosts.block" #hostsfile="/etc/hosts" # If not using a dns caching daemon   
 
I am not aware of any fundamental differences between the Windows and Linux implementations of the hosts file standard. I would imagine that you could use hostsblock on a Linux box or VM and sync it over to your other Windows/OS X machines. If these machines need to keep some custom entries you might need to append to the existing hosts file, not replace it.
That could be achieved easily by copying the machine-specific lines into a separate file, then using a little script to append hostsblock's synced-over hosts file, save the resulting file as \system32\drivers\etc\hosts (or wherever Windows expects its hosts file to be).

"this is not my real IP, no-one knows who I am"

I wouldn't be so definitive about that.
As you know, browsers are usually very fingerprintable:
http://panopticlick.eff.org/

Consider this scenario:
- You use AirVPN
- You don't block ads / trackers (but regularly delete cookies)
- You use Facebook/Twitter/Google/ other services that know your identity
- You browse the web

In this case, and as far as my understanding goes, trackers on Facebook etc. would be able to link your fingerprint (no cookies needed for that) to your identity and track your fingerprint around the web.

----

For your "poll", I'll detail my browsing setup. Most of my precautions are aimed at improving security; as a side effect, some of them also help against tracking.

hostsblocks - this tool auto-updates my /etc/hosts file to block most ads / trackers. Very configurable. You mentioned that common  adblockers slow you down - you may want to try this one instead!
http://gaenserich.github.com/hostsblock

Sandboxing via firejail - Firefox does not see any other processes on the system and can't access certain personal directories (my web browser does not need access to my bank receipts, does it?)
The same can be achieved by properly using SELinux but firejail is easier to configure (I know, shame on me).
http://l3net.wordpress.com/projects/firejail/
 
No Flash/Java plugins installed. YouTube still works just fine with HTML5.
 
Firefox addons:

Adblock Edge + Element Hiding Helper
I already block ad/tracker servers via hostsblock, but it's still useful for hiding certain parts of websites that I don't ever want to see.

NoScript
I only enable JavaScript for very few sites, never for 3rd parties.

Self-Destructing Cookies
If a site no longer has any open tabs, delete its cookies.
 
Cookie Monster
I use it to whitelist a few cookies so they won't get auto-deleted. Works great in combination with Self-Destructing Cookies.

HTTPS-Everywhere
Automatically switches from http to https whenever possible.

RefControl
No website needs to know how I got there. Some sites protect against hotlinking - RefControl can be used to send a forged referer to those sites, pointing to the site itself (or actually sending the real referer).

RequestPolicy
All requests to 3rd-party domains get blocked by default. I imagine this would be very annoying for most people, but I don't want any 3rd parties while I'm browsing a 2nd party. Many sites use centralized services or CDNs - you can't use them wihout selectively enabling 3rd parties - that will definitely slow you down your browsing experience, similar to the frustrations of running NoScript.
----

Rant on why I use such a frustrating setup, including NoScript and RequestPolicy:

It's not just about privacy or security. I hate the modern web. I don't ever want to login to sites using some social network. I don't need fancy. I want information. The amazing property of the world wide web used to be the fact that everyone has the power to host their own site. Nowadays, sites flock towards centralized services like Wordpress, Cloudflare, Google.  I want the internet to be decentralized and independent.

Another one of my related pet peaves:
JavaScript should be an addition to, not a replacement for HTML.
If you host a website, you must provide a basic version via pure HTML and if you think it's necessary, go nuts and improve it using JavaScript. Sites that can't even display basic information without the use of (often embedded, 3rd-party) JavaScript (or, even worse, Java/Flash) can go to hell.
 
----
 
Happy Christmas!

"this is not my real IP, no-one knows who I am"

I wouldn't be so definitive about that.
As you know, browsers are usually very fingerprintable:
http://panopticlick.eff.org/

Consider this scenario:
- You use AirVPN
- You don't block ads / trackers (but regularly delete cookies)
- You use Facebook/Twitter/Google/ other services that know your identity
- You browse the web

In this case, and as far as my understanding goes, trackers on Facebook etc. would be able to link your fingerprint (no cookies needed for that) to your identity and track your fingerprint around the web.

----

For your "poll", I'll detail my browsing setup. Most of my precautions are aimed at improving security; as a side effect, some of them also help against tracking.

hostsblocks - this tool auto-updates my /etc/hosts file to block most ads / trackers. Very configurable. You mentioned that common  adblockers slow you down - you may want to try this one instead!
http://gaenserich.github.com/hostsblock

Sandboxing via firejail - Firefox does not see any other processes on the system and can't access certain personal directories (my web browser does not need access to my bank receipts, does it?)
The same can be achieved by properly using SELinux but firejail is easier to configure (I know, shame on me).
http://l3net.wordpress.com/projects/firejail/
 
No Flash/Java plugins installed. YouTube still works just fine with HTML5.
 
Firefox addons:

Adblock Edge + Element Hiding Helper
I already block ad/tracker servers via hostsblock, but it's still useful for hiding certain parts of websites that I don't ever want to see.

NoScript
I only enable JavaScript for very few sites, never for 3rd parties.

Self-Destructing Cookies
If a site no longer has any open tabs, delete its cookies.
 
Cookie Monster
I use it to whitelist a few cookies so they won't get auto-deleted. Works great in combination with Self-Destructing Cookies.

HTTPS-Everywhere
Automatically switches from http to https whenever possible.

RefControl
No website needs to know how I got there. Some sites protect against hotlinking - RefControl can be used to send a forged referer to those sites, pointing to the site itself (or actually sending the real referer).

RequestPolicy
All requests to 3rd-party domains get blocked by default. I imagine this would be very annoying for most people, but I don't want any 3rd parties while I'm browsing a 2nd party. Many sites use centralized services or CDNs - you can't use them wihout selectively enabling 3rd parties - that will definitely slow you down your browsing experience, similar to the frustrations of running NoScript.
----

Rant on why I use such a frustrating setup, including NoScript and RequestPolicy:

It's not just about privacy or security. I hate the modern web. I don't ever want to login to sites using some social network. I don't need fancy. I want information. The amazing property of the world wide web used to be the fact that everyone has the power to host their own site. Nowadays, sites flock towards centralized services like Wordpress, Cloudflare, Google.  I want the internet to be decentralized and independent.

Another one of my related pet peaves:
JavaScript should be an addition to, not a replacement for HTML.
If you host a website, you must provide a basic version via pure HTML and if you think it's necessary, go nuts and improve it using JavaScript. Sites that can't even display basic information without the use of (often embedded, 3rd-party) JavaScript (or, even worse, Java/Flash) can go to hell.
 
----
 
Happy Christmas!

"this is not my real IP, no-one knows who I am"

I wouldn't be so definitive about that.
As you know, browsers are usually very fingerprintable:
http://panopticlick.eff.org/

Consider this scenario:
- You use AirVPN
- You don't block ads / trackers (but regularly delete cookies)
- You use Facebook/Twitter/Google/ other services that know your identity
- You browse the web

In this case, and as far as my understanding goes, trackers on Facebook etc. would be able to link your fingerprint (no cookies needed for that) to your identity and track your fingerprint around the web.

----

For your "poll", I'll detail my browsing setup. Most of my precautions are aimed at improving security; as a side effect, some of them also help against tracking.

hostsblocks - this tool auto-updates my /etc/hosts file to block most ads / trackers. Very configurable. You mentioned that common  adblockers slow you down - you may want to try this one instead!
http://gaenserich.github.com/hostsblock

Sandboxing via firejail - Firefox does not see any other processes on the system and can't access certain personal directories (my web browser does not need access to my bank receipts, does it?)
The same can be achieved by properly using SELinux but firejail is easier to configure (I know, shame on me).
http://l3net.wordpress.com/projects/firejail/
 
No Flash/Java plugins installed. YouTube still works just fine with HTML5.
 
Firefox addons:

Adblock Edge + Element Hiding Helper
I already block ad/tracker servers via hostsblock, but it's still useful for hiding certain parts of websites that I don't ever want to see.

NoScript
I only enable JavaScript for very few sites, never for 3rd parties.

Self-Destructing Cookies
If a site no longer has any open tabs, delete its cookies.
 
Cookie Monster
I use it to whitelist a few cookies so they won't get auto-deleted. Works great in combination with Self-Destructing Cookies.

HTTPS-Everywhere
Automatically switches from http to https whenever possible.

RefControl
No website needs to know how I got there. Some sites protect against hotlinking - RefControl can be used to send a forged referer to those sites, pointing to the site itself (or actually sending the real referer).

RequestPolicy
All requests to 3rd-party domains get blocked by default. I imagine this would be very annoying for most people, but I don't want any 3rd parties while I'm browsing a 2nd party. Many sites use centralized services or CDNs - you can't use them wihout selectively enabling 3rd parties - that will definitely slow you down your browsing experience, similar to the frustrations of running NoScript.
----

Rant on why I use such a frustrating setup, including NoScript and RequestPolicy:

It's not just about privacy or security. I hate the modern web. I don't ever want to login to sites using some social network. I don't need fancy. I want information. The amazing property of the world wide web used to be the fact that everyone has the power to host their own site. Nowadays, sites flock towards centralized services like Wordpress, Cloudflare, Google.  I want the internet to be decentralized and independent.

Another one of my related pet peaves:
JavaScript should be an addition to, not a replacement for HTML.
If you host a website, you must provide a basic version via pure HTML and if you think it's necessary, go nuts and improve it using JavaScript. Sites that can't even display basic information without the use of (often embedded, 3rd-party) JavaScript (or, even worse, Java/Flash) can go to hell.
 
----
 
Happy Christmas!

Would AirVPN consider setting up a warrant canary https://en.wikipedia.org/wiki/Warrant_canary
LiquidVPN  https://www.liquidvpn.com/ is the only VPN service I'm aware of that offer's this...https://www.liquidvpn.com/billing/canary/canary
This would be a great feature, another layer of security and the ultimate in piece of mind.

Two steps:
- Tell the AirVPN client to automatically connect when launched
- Add the AirVPN client to Mint's "Startup Applications".
​
Here's a screenshot detailing all the steps:

I tried this with Mint 17.1 MATE, but the Cinnamon edition features the same "Startup Applications" tool, afaik.

Caveat: You still have to enter your sudo/user password every time AirVPN starts.
If that bothers you, you can edit the "sudoers" file to let you run AirVPN as root without having to enter any password.
If you're totally new to sudo and its sudoers file, I'd recommend reading Ubuntu's documentation first:
​https://help.ubuntu.com/community/Sudoers
​The paragraph "Shutting Down From The Console Without A Password" describes a similar use case to what we're doing here.
The only way to edit sudoers is on the command line using:
 
sudo visudo Add the following line to the very end of that file (replace the word "user" with your own user name):
 
user ALL=(ALL) NOPASSWD: /usr/bin/airvpn Exit visudo with ctrl-x.
 
​
Go back into Mint's "Startup Applications", edit the AirVPN entry.
Change its command from ..
/usr/bin/airvpn to ..
sudo /usr/bin/airvpn and reboot.

​https://www.youtube.com/watch?v=dNZrq2iK87k
 
If you haven't seen this yet - this is a 2+ hour, must-watch presentation about the current state of data collection / analysis / surveillance / targeting, held by (right-wing, anti-Snowden!) private investigator Steven Rambam at the HOPE X conference.


Money quotes:

"If this stuff had existed during the American Revolution, all of the leaders of the revolution would have been identified and arrested."

"It's a double-edged sword. Undercover agents, people risking their lives assuming identities, what do they do about this? (..) It's a nightmare now. (..) Motorcycle gangs now have membership applications. And they hire private investigators to check them out."

"All of this stuff is being done to catalog us, pigeonhole us - is it actually translating (..) to a reduction in crime rates, catching of terrorists, finding missing persons? No. Not at all."


This presentation is a great reminder that yes, we need technological solutions like VPNs and Tor but the real problem lies so much deeper. It doesn't matter how hard we try, we can't escape or avoid "the system". We have to change it and it's not just some crooked governments or a few misguided corporations: it's the current, global mindset that enables these violations and this wrong way of thinking.

Hello!
 
The implications of the paper are completely different than what the message seems to suggest. In particular how did you get the idea that "If you use TOR, there's a 81.6% chance someone knows your real IP." from the paper? It says quite the opposite, i.e. that even if the attack was successful, the likelihood to get your real IP address is astronomically low.
 
Besides paper reading, https://blog.torproject.org/blog/traffic-correlation-using-netflows can help. Do not miss the comments from the paper authors themselves.It looks like several persons are taking this paper implications at the exact opposite of what they are. Urban legends seem to spread very fast even nowadays.
 
Kind regards

​https://www.youtube.com/watch?v=dNZrq2iK87k
 
If you haven't seen this yet - this is a 2+ hour, must-watch presentation about the current state of data collection / analysis / surveillance / targeting, held by (right-wing, anti-Snowden!) private investigator Steven Rambam at the HOPE X conference.


Money quotes:

"If this stuff had existed during the American Revolution, all of the leaders of the revolution would have been identified and arrested."

"It's a double-edged sword. Undercover agents, people risking their lives assuming identities, what do they do about this? (..) It's a nightmare now. (..) Motorcycle gangs now have membership applications. And they hire private investigators to check them out."

"All of this stuff is being done to catalog us, pigeonhole us - is it actually translating (..) to a reduction in crime rates, catching of terrorists, finding missing persons? No. Not at all."


This presentation is a great reminder that yes, we need technological solutions like VPNs and Tor but the real problem lies so much deeper. It doesn't matter how hard we try, we can't escape or avoid "the system". We have to change it and it's not just some crooked governments or a few misguided corporations: it's the current, global mindset that enables these violations and this wrong way of thinking.

On a rooted device, you should check out the excellent open source iptables frontend AFWall+:
 
https://f-droid.org/repository/browse/?fdid=dev.ukanth.ufirewall
 
In its preferences, enable "VPN control" to give you fine-grained control over every app's connectivity (allow app traffic via: WiFi / Mobile Data / only via VPN / none).
 
Another interesting setting to consider would be "Fix Data Startup Leak" which prevents Android from sending any packets before AFWall's iptables rules are loaded. Be careful with this option, it's incompatible with certain devices, preventing them from booting. It's happened to me with several devices so I leave this option disabled. As a workaround (which may or may not be effective), I put my devices in airplane mode prior to rebooting.

On a rooted device, you should check out the excellent open source iptables frontend AFWall+:
 
https://f-droid.org/repository/browse/?fdid=dev.ukanth.ufirewall
 
In its preferences, enable "VPN control" to give you fine-grained control over every app's connectivity (allow app traffic via: WiFi / Mobile Data / only via VPN / none).
 
Another interesting setting to consider would be "Fix Data Startup Leak" which prevents Android from sending any packets before AFWall's iptables rules are loaded. Be careful with this option, it's incompatible with certain devices, preventing them from booting. It's happened to me with several devices so I leave this option disabled. As a workaround (which may or may not be effective), I put my devices in airplane mode prior to rebooting.

Overview

We host a XMPP (Jabber) server, with A-A security rating. We recommend to use only OTR compatible client.

It's available for free to every member of this website.

This forum is open to already available or new guides, tutorials or discussions (even about XEP).


Recommended client

OS X: Adium
Windows, Linux: Pidgin
Android: Xabber

Lots of different questions, let's try and untangle this:
 
A firewall that's deployed on your computer can be configured to filter all packets coming into (ingress filtering) and/or originating from (egress filtering) your computer's network interfaces.Whenever your network interfaces try to communicate, the firewall will look at the packets (destination, target, port, protocol, ..) and decide whether to allow, deny, modify or redirect them.
Also, nothing connects to a firewall; it's a transparent layer that either lets you through or not.
 
 
If you establish a connection from your computer to a VPN server, your computer - not the router - is the endpoint of the tunnel.
Of course, your router is still part of the route, so if there's a firewall on your router, that will affect your computer too. Many routers are configured to not allow incoming traffic and/or port forwarding by default.
 
Unless you use AirVPN's Port Forwarding, a port scan of an AirVPN IP will not reveal any of your computer's services / ports.
 
Regardless of whether you use VPNs or not, it is generally recommended to have your computer's firewall deny incoming traffic by default and selectively open ports for incoming traffic when such a need arises.
 
With regard to VPNs, the talk about firewalls is usually about egress filtering: Configuring the firewall to deny outgoing traffic by default, only allowing communication to AirVPN entry servers. This will prevent accidental, unsecured communication.

Leaked XKeyscore selectors:
http://daserste.ndr.de/panorama/xkeyscorerules100.txt
If this document is authentic, any interest in Tor will mark you as an extremist:
 
- Asking bridges@torproject.org for a bridge IP:
Which means that the NSA gains knowledge about the non-public entry nodes and those who use them.Isn't it unbelievable that dissidents using Tor in China, Iran, repressive countries all over the world become NSA targets? Marked as extremists by the land of the free?
 
- Googling for..
Welcome to the NSA database, extremist! 
- Using Tor hidden services:
If you run hidden services, don't consider them "hidden". Expect exploitation attempts. 
Do not let them scare you off Tor. Yes, it's scary, but if you think about the rotten goals of NSA/GCHQ/BND, it's not a shocking revelation - it had to be expected. So, the only conclusion should be: Use the heck out of Tor, now more than ever! You can't escape ubiquitous surveillance, but you can make it harder! Run nodes! Fund nodes! Stop voting for parties that don't act against the surveillance state! Make yourself heard!

Leaked XKeyscore selectors:
http://daserste.ndr.de/panorama/xkeyscorerules100.txt
If this document is authentic, any interest in Tor will mark you as an extremist:
 
- Asking bridges@torproject.org for a bridge IP:
Which means that the NSA gains knowledge about the non-public entry nodes and those who use them.Isn't it unbelievable that dissidents using Tor in China, Iran, repressive countries all over the world become NSA targets? Marked as extremists by the land of the free?
 
- Googling for..
Welcome to the NSA database, extremist! 
- Using Tor hidden services:
If you run hidden services, don't consider them "hidden". Expect exploitation attempts. 
Do not let them scare you off Tor. Yes, it's scary, but if you think about the rotten goals of NSA/GCHQ/BND, it's not a shocking revelation - it had to be expected. So, the only conclusion should be: Use the heck out of Tor, now more than ever! You can't escape ubiquitous surveillance, but you can make it harder! Run nodes! Fund nodes! Stop voting for parties that don't act against the surveillance state! Make yourself heard!

The owner of one of the TOR directory servers himself confirmed he had seen the source code of XKeyscore and saw his server's IP hardcoded in there. The server is located in Nürnberg, Germany, and is called Gabelmoo.
 
Id est: XKeyscore logged every attempt to access his server. Additionally, comments made in the source code show that everyone who is accessing the directory server is made an "extremist" - at least in the terminology of the NSA.
 
In the source code the student hasn't seen any proof that TOR relay servers are exposed to the same risk. This task might be allotted to another application...
 
Source#1
 
Source#2
 
excellent addition by sheivoko - the XKeyscore rules!

It's about their monetization strategy. Since APB introduced their opt-out "Acceptable Ads", people have questioned their integrity.  
"In an article for mobilegeeks.de, blogger Sascha Pallenberg accuses the developers of the popular AdBlock Plus (ABP) browser plugin of maintaining business connections to "strategic partners in the advertising industry". Pallenberg goes as far as calling ABP a "mafia-like advertising network"."

source: http://web.archive.org/web/20131208011244/http://www.h-online.com/newsticker/news/item/Serious-accusations-against-AdBlock-Plus-1897360.html
 
The following quote is kind of ironic and oh-so on-topic; it's from a 2009 ABP blog post on the "monetization dilemma":
 
"I know that some other extension developers have their extension as a full-time job and that makes them dependent on money sources. Given the market value of their user base, it is hard not to sell out."
 
source: https://adblockplus.org/blog/the-monetization-dilemma

Hello! 
We have never been asked by TorrentFreak to sponsor them.
 
About your 2nd question, we can't answer now, an answer should come from the Air founders collective agreement. We have never invested a cent in direct advertising. We preferred to invest very much on supporting compatible with our mission, independent projects, and on quality of service, but things of course are not immutable, and nowadays all types of investments can be no more mutually exclusive.
 
Kind regards

Hello!
 
We're very glad to inform you that a new payment processor for Bitcoin is available: BitPay. From now on, you can more comfortably pay in Bitcoin with an automated order in our web site. During the checkout, just select "Bitcoin (via BitPay)" and follow the quick & easy instructions! Paying in Bitcoin effectively enhances your privacy and improves the anonymity layer provided by our service.
 
We would like to remind you that ONE and ONLY ONE authorized AirVPN reseller currently exists (12-Feb-2014), bitcoincodes.com. Anybody else selling or proposing AirVPN subscriptions or selling coupon codes is NOT authorized by us (12-Feb-2014).
 
Kind regards and datalove
AirVPN Staff