Showing results for 'china'.

Two new 100 Mbit/s servers available (HK)

serenacat replied to Staff's topic in News and Announcement

Tricky trying to get privacy/security is it not ? Australia and Singapore also have special bilateral relations for police/customs/military cooperation and the revelations of spying by Australia on the Indonesian government has it running errands for the yankers. China has its own problems with Islamic terrorists, so can probably be "outsourced" to deal with that effectively in HK. I sometimes wonder when updating software from US vendors whether it might contain special implants trying to put "ears" inside China, but do not think HK is "trusted" inside the Great Firewall, so little incentive, but often switch to Singapore for updates. Also Google and others treat HK as Chinese speaking, I explicitly load www.google.com.au to use the search and my gmail identity. Singapore is multiethnic and English speaking enough that ads etc are not Chinese. But also rotate HK and SG servers and am actually only a "non violent leftist dissident (semiretired)" just to frustrate the Surveillance State. Tony made me do it.

Two new 100 Mbit/s servers available (HK)

serenacat replied to Staff's topic in News and Announcement

HK is rather a "junction box" between North to Japan/Korea, East to USA, South to SEAsia and Australia, West to China, with "fat pipes". Singapore seems to service India Bangladesh and the Gulf based on bittorrent DHT swarms, and has westward links to Europe rather than transit USA. In Australia, undersea cable goes direct Sydney-Perth-Singapore and Sydney-HongKong based on traceroute. So typical ping times in Eddie at the moment, in rural eastern Australia using 4G fixed wireless NBN to Hadar HK: Antares Singapore 137ms Hadar HK pacswitch 159ms Yed,etc HK hkserveworks 165ms Heze, California 199ms (best US) Carinae UK 321ms (best EU) Some CDN routing seems suboptimal at times, eg www.reuters.com uses Amazon, and Firefox WorldIP addon shows routed to Germany when using HK. This is probably due to the AirVPN DNS interaction with CDNs.

Difference between using one of their usa vs italy server

OpenSourcerer replied to airvpnlover's topic in General & Suggestions

As far as I know, there is no data retention law in the United States. Law: If you are not allowed to bypass restrictions in your home country by law you might be held liable for this. Fortunately it's not the case in the United States. Or anywhere else. Except for, I don't know, Qatar? China? So you can ignore this. Apart from that, generally the laws of a server location's country apply. If a server gets seized because of some kind of crime forbidden by local law, they get the server with no information on it (because AirVPN is a no-log provider; if no mandatory data retention laws in that country apply, of course). ... Experience: Well, you're a visitor appearing to connect from Italy. Some websites will offer you an Italy version of themselves (Google maybe not ). ...

Security of servers

serenacat replied to alibaba999xxx1's topic in General & Suggestions

It would also be interesting to follow around the people transferring cash from banks to armored cars and ask them questions about how the security mechanisms and procedures work, as general public interest, and for deciding which bank to use. But perhaps better not to, even if drunk. As an ex software guy, and just a customer of airvpn, I would think that it is about secure hosting of just an openvpn endpoint for a certain load of users, and necessary admin. So aim for a minimal "attack surface" by just an OS kernel (SELinux?) and IP stack, possibly up to ssh and sh for admin, and some diagnostics and config and security utilities and libraries. All open source and multiple possible compilers. Openvpn also runs on high end routers, so not just in a mainstream box of OS possibilities. Much simpler than a typical commercial website, so easier to secure. But I am not an expert. Most of the well known VPN providers seem to use "reputable" hosting services in "reputable" nations, so in something like the rule of law we trust, to an extent. But I could imagine also a "darknet" scene where the servers are in "difficult" nations such as Pakistan, Russia, Ukraine, ... in hidden locations with armed gunmen keeping watch. I find it amusing to use VPN servers in Hong Kong China, which is vaguely Bruce Lee vs John Wayne territory.

Eddie 2.11beta available

me.moo@posteo.me replied to Staff's topic in News and Announcement

I don't know if this is a problem or not. If not then great I've been using Mint 18 Cinnamon for a while & KDE recently without any issues. I want to use openSUSE KDE Tumblenose as my main system and have it running in a VM at the moment. I decided to install the beta version into the openSUSE VM and it is working fine as far as I know. However, during the installation I had an issue with 'Signature verification failed'. I retried then ignored it and everything seemed to install ok. linux-srbs:/home/moo/AirVPN # zypper install airvpn_linux_x64_rpm.rpm Loading repository data... Reading installed packages... Resolving package dependencies... The following 20 NEW packages are going to be installed: airvpn glib2-devel glibc-devel libgdiplus0 libgdiplus-devel libpcrecpp0 libpcreposix0 libstdc++6-devel-gcc6 libstdc++-devel linux-glibc-devel mono-core mono-data mono-data-sqlite mono-extras mono-mvc mono-wcf mono-web mono-winforms mono-winfxcore pcre-devel The following recommended package was automatically selected: libgdiplus0 20 new packages to install. Overall download size: 35.5 MiB. Already cached: 0 B. After the operation, additional 157.4 MiB will be used. Continue? [y/n/? shows all options] (y): y Retrieving package linux-glibc-devel-4.7-1.2.noarch Installing: airvpn-2.11-0.x86_64 .............................................................[done] Additional rpm output: warning: /var/cache/zypp/packages/_tmpRPMcache_/airvpn_linux_x64_rpm.rpm: Header V4 RSA/SHA1 Signature, key ID cbc01859: NOKEY linux-srbs:/home/moo/AirVPN # exit exit moo@linux-srbs:~/AirVPN>

Man using HMA to harass ex-girlfriend arrested

highchilled replied to zhang888's topic in Other VPN competitors or features

the discussion will take forever if we start it other question: how do you know that amazon doesn't have backdoors in their servers or some sniffers or sth? ^^ P.S. in THIS world I don't trust anyone anymore... Did you know that cisco-router-supply from U.S. to overseas (China, EU, etc.) got intercepted on the ocean, where nobody sees it and the chips got changed to backdoored-ones? Here the word "trojan-horse" truly gets it's original meaning back ;D Actually we have come so far, that you can't even trust for example that your with your Smartphone really on your provider's original network. They can fake whole networks, complete cellphone-towers (CANDYGRAM)... Here a list of their nice tools: https://en.wikipedia.org/wiki/NSA_ANT_catalog

slow speeds and no internet browsing while downloading from usenet

LZ1 replied to enigma7's topic in Troubleshooting and Problems

Hello! With SSL it's a given you'll take a performance hit. Especially if you're in China and trying to connect to remote servers. Are you using Eddie? Sometimes the TAP driver in the latest stable version can be a pain during downloads I find. So you could try a different driver if you want. Also, are you using Airs DNS? Sent to you from me with datalove

slow speeds and no internet browsing while downloading from usenet

enigma7 posted a topic in Troubleshooting and Problems

Firstly I'm connecting from china so ssl or ssh is needed to connect to the airvpn servers I have tried switching between ssl and ssh before connecting to a server but none of them seem to help with the problem. I get max 350 KBps from the usenet server and while the connection is active to the usenet server I cant browse the internet it just says the dns server could not be reached. I tried disabling ssl to the usenet server and connecting to the normal usenet port but I get the same problem. Thanks in advance

ssl or ssh on iphone

enigma7 posted a topic in Troubleshooting and Problems

Hi I need help getting connected on my iphone with ssl or ssh I have followed the steps on this page https://airvpn.org/ios/ it connects but I dont have access to the net. Im connecting from china so ssl or ssh is needed thanks in advance

iptables + resolv.conf questions

cm0s replied to zhennlash's topic in Troubleshooting and Problems

yeah network mangler does that i never got used to it, at all just set your local to static and get a opensource router or flash an old one ya got layen around shut off yer dhcp server on that this does a couple of things for ya: first, you now have full control over your local, meaning your isp STOPS at the router that right there gives me a warm fuzzy feeling second you can do this for all the things conneting to your local, meaning ya don't have boxes and phones running junk they don't need that hey, lets face it, first thing they tell ya at bandcamp: don't talk about bandcamp well i mean they say things too like 'don't lead with your chin' or sumthin like that the less junk i got purren and runnen the less for me to break is my point before i have had 30 cups of coffee ok that iptalbes example: i'm not a guru at this so if ya see sumthin wrong or can be improved on etc yeah lemme know please.... this script is a server config comment out what ya don't want mod block ipz or botz with your stuff # 051317_edit geo blocking/spam filter ge0z/country codez # ----- # server config # # to reconnect... # iptables -F # iptables -X # iptables -P INPUT ACCEPT # iptables -P OUTPUT ACCEPT # test firewall with nmap... # nmap -v -f/-sX/-sN ip_addy # check status # iptables -L -n -v # for arch: pacman -S ipset/modprobe -v ip_set | ipset -n list # if non-vpn comment out '# -->' section # to start scratch w/geo, -X,-F tables, ipset destroy geoz, accpet traffic # check with ipset list, rm the wget file also # ipset save > /your/directory/blacklist.save | ipset restore < /your/directory/blacklist.save echo "-> waking wald0 up..." # echo "-> remove rules from chains..." iptables -F iptables -t nat -F iptables -t mangle -F # echo "-> remove user definez..." iptables -X iptables -t nat -X iptables -t mangle -X # echo "-> droppen shit..." iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT # # input/output/vpn echo "-> setten up the flow..." iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT #allow loopback access iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # connectionz # --> # comment out if not vpn iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT #communicate with any DHCP server/router iptables -A INPUT -s 255.255.255.255 -j ACCEPT #communicate with any DHCP server/router iptables -A INPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT #communicate within lan iptables -A OUTPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT iptables -A FORWARD -i enp2s1 -o tun0 -j ACCEPT iptables -A FORWARD -i tun0 -o enp2s1 -j ACCEPT # make sure enp2s2/tun0 can communicate iptables -t nat -A PREROUTING -s 0/0 -p udp --dport 53 -j DNAT --to 10.5.0.1 #use vpn dns iptables -t nat -A PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to 10.5.0.1 # use vpn dns iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE # map tun0 outgoing IP addy, iptables -A OUTPUT -o enp2s1 ! -d 127.0.0.1 -p tcp --dport 1413 -j DROP # if traffic isn't vpn # --> # iptables -A INPUT -p tcp -m state --state NEW -m multiport --dports 22,80,443 -j ACCEPT # ssh, net, ssl # # blocking spam... sleep 2 ipset -N blacklist hash:net sleep 2 # change directory listing here for server IP_TMP=/yourdirectory/ip.tmp IP_BLACKLIST=/yourdirectory/ip-blacklist.conf IP_BLACKLIST_TMP=/yourdirectory/ip-blacklist.tmp list="chinese nigerian russian lacnic exploited-servers" BLACKLISTS=( "http://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1" # TOR Exit Nodes "http://www.maxmind.com/en/anonymous_proxies" # MaxMind GeoIP Anonymous Proxies "http://danger.rulez.sk/projects/bruteforceblocker/blist.php" # BruteForceBlocker IP List "http://blocklist.greensnow.co/greensnow.txt" # greenz ETz rbn-ips replacement "http://www.spamhaus.org/drop/drop.lasso" # Spamhaus Don't Route Or Peer List (DROP) "http://cinsscore.com/list/ci-badguys.txt" # C.I. Army Malicious IP List "http://www.autoshun.org/files/shunlist.csv" # Autoshun Shun List "http://rules.emergingthreats.net/blockrules/compromised-ips.txt" # bad ipz by emergingz "https://zeustracker.abuse.ch/blocklist.php?download=badips" # mohrr bad ipz "https://palevotracker.abuse.ch/blocklists.php?download=ipblocklist" # mohrrz ipz "http://malc0de.com/bl/IP_Blacklist.txt" # malc0dz recentz 2016 "http://lists.blocklist.de/lists/all.txt" # blocklist.de attackers ) for i in "${BLACKLISTS[@]}" do curl "$i" > $IP_TMP grep -Po '(?:\d{1,3}\.){3}\d{1,3}(?:/\d{1,2})?' $IP_TMP >> $IP_BLACKLIST_TMP done for i in `echo $list`; do # Download if needed change directory for server wget --quiet /yourdirectory/ http://www.wizcrafts.net/$i-iptables-blocklist.html # Grep out all but ip blocks cat $i-iptables-blocklist.html | grep -v \< | grep -v \: | grep -v \; | grep -v \# | grep [0-9] > $i.txt # Consolidate blocks into master list cat $i.txt >> $IP_BLACKLIST_TMP done # sort $IP_BLACKLIST_TMP -n | uniq > $IP_BLACKLIST rm $IP_BLACKLIST_TMP wc -l $IP_BLACKLIST # ipset flush blacklist grep -E -v "^#|^$" $IP_BLACKLIST | while IFS= read -r ip do ipset add blacklist $ip done # sleep 2 # iptables -A INPUT -m set --match-set blacklist src -j DROP sleep 2 # # snag sum zonez... sleep 2 ipset -N geoz1 hash:net sleep 2 wget -O /yourdirectory/spamz1/1.txt http://www.ipdeny.com/ipblocks/data/countries/{sa,so,sv,sy,ua,mn,bo,cz,pl}.zone sleep 1 wget -O /yourdirectory/spamz1/2.txt http://www.ipdeny.com/ipblocks/data/countries/{va,za,tw,zm,zw,is,jp,ru,uz}.zone sleep 1 wget -O /yourdirectory/spamz1/3.txt http://www.ipdeny.com/ipblocks/data/countries/{se,au,ge,pe,ug,md,ca,by,fr}.zone sleep 1 # add each IP address from the downloaded list into the ipset-db'geoz1' for i in $(cat /yourdirectory/spamz1/*.txt); do ipset -A geoz1 $i; done # for server sleep 2 # ipset -N geoz2 hash:net sleep 2 wget -O /yourdirectory/spamz2/4.txt http://www.ipdeny.com/ipblocks/data/countries/{bg,ba,cn,iq,ir,it,cf,es,il}.zone sleep 1 wget -O /yourdirectory/spamz2/5.txt http://www.ipdeny.com/ipblocks/data/countries/{hk,kr,kp,kw,kz,in,br,dz,be}.zone sleep 1 wget -O /yourdirectory/spamz2/6.txt http://www.ipdeny.com/ipblocks/data/countries/{ly,mx,pk,ps,rw,ar,az,de,dm}.zone # add each IP address from the downloaded list into the ipset-db'geoz2' for i in $(cat /yourdirectory/spamz2/*.txt); do ipset -A geoz2 $i; done # for server sleep 2 # blocking geoz... echo "-> blocking country codz..." iptables -I INPUT -m set --match-set geoz1 src -j DROP iptables -I INPUT -m set --match-set geoz2 src -j DROP iptables -I OUTPUT -m set --match-set geoz1 dst -j DROP iptables -I OUTPUT -m set --match-set geoz2 dst -j DROP # # blocking botz... echo "-> droppen sum botz/scanz..." iptables -A INPUT -p tcp -m tcp -m multiport --dports 80,443 -m string --string "NetcraftSurveyAgent" --algo bm --to 1000 -j DROP iptables -A INPUT -p tcp -m tcp -m multiport --dports 80,443 -m string --string "w3af.sourceforge.net" --algo bm --to 1000 -j DROP iptables -A INPUT -p tcp -m tcp -m multiport --dports 80,443 -m string --string "nikto" --algo bm --to 1000 -j DROP iptables -A INPUT -p tcp -m tcp -m multiport --dports 80,443 -m string --string "sqlmap" --algo bm --to 1000 -j DROP iptables -A INPUT -p tcp -m tcp -m multiport --dports 80,443 -m string --string "Openvas" --algo bm --to 1000 -j DROP iptables -A INPUT -p tcp -m tcp -m multiport --dports 80,443 -m string --string "Nmap" --algo bm --to 1000 -j DROP iptables -A INPUT -p tcp -m tcp -m multiport --dports 80,443 -m string --string "ZmEu" --algo bm --to 1000 -j DROP # # blocking mohr spam... echo "-> droppen sum spam..." iptables -A INPUT -p tcp -s 116.0.0.0/8 -j DROP # asia spam'ish' iptables -A INPUT -p tcp -s 58.17.30.0/23 -j DROP # China -ShangHai Shelian commpany iptables -A INPUT -p tcp -s 59.69.128.0/19 -j DROP # China -Nanyang Institute Tech. iptables -A INPUT -p tcp -s 61.164.145.0/24 -j DROP # China -Wenzhou Telecom iptables -A INPUT -p tcp -s 81.196.20.0/23 -j DROP # Romania -RCS & RDS S.A. iptables -A INPUT -p tcp -s 82.213.64.0/19 -j DROP # Italy -MIPIACE.COM SPA iptables -A INPUT -p tcp -s 111.0.0.0/10 -j DROP # China -Mobile Comm Corp iptables -A INPUT -p tcp -s 125.23.218.0/24 -j DROP # India -Bharti Tele-Ventures iptables -A INPUT -p tcp -s 183.129.128.0/17 -j DROP # China -Zhejiang Telecom iptables -A INPUT -p tcp -s 200.105.224.0/20 -j DROP # Ecquadore -PUNTONET S.A. iptables -A INPUT -p tcp -s 203.99.130.0/23 -j DROP # Indonisia -PT Varnion Tech Semesta iptables -A INPUT -p tcp -s 210.83.84.64/26 -j DROP # China -China Unicom CncNet iptables -A INPUT -p tcp -s 222.96.0.0/19 -j DROP # Korea -Korea Telcom iptables -A INPUT -p tcp -s 131.178.0.0/16 -j DROP # Mexico spam'ish' # echo "-> droppen spoofz..." iptables -A INPUT -s 10.0.0.0/8 -j DROP iptables -A INPUT -s 169.254.0.0/16 -j DROP iptables -A INPUT -s 172.16.0.0/12 -j DROP iptables -A INPUT -s 127.0.0.0/8 -j DROP iptables -A INPUT -s 224.0.0.0/4 -j DROP iptables -A INPUT -d 224.0.0.0/4 -j DROP iptables -A INPUT -s 240.0.0.0/5 -j DROP iptables -A INPUT -d 240.0.0.0/5 -j DROP iptables -A INPUT -s 0.0.0.0/8 -j DROP iptables -A INPUT -d 0.0.0.0/8 -j DROP iptables -A INPUT -d 239.255.255.0/24 -j DROP iptables -A INPUT -d 255.255.255.255 -j DROP # echo "-> blocken icbmzzz..." iptables -A INPUT -p icmp -m icmp --icmp-type address-mask-request -j DROP iptables -A INPUT -p icmp -m icmp --icmp-type timestamp-request -j DROP iptables -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 1/second -j ACCEPT iptables -A INPUT -p icmp --icmp-type echo-request -j DROP # echo "-> drop off the invaldz..." iptables -A INPUT -m state --state INVALID -j DROP iptables -A FORWARD -m state --state INVALID -j DROP iptables -A OUTPUT -m state --state INVALID -j DROP # echo "-> limit the rst flow..." iptables -A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/second --limit-burst 2 -j ACCEPT # echo "-> bypass the scanners..." iptables -A INPUT -m recent --name portscan --rcheck --seconds 86400 -j DROP iptables -A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP # echo "-> block some brutez..." iptables -N BRUTEFORCE iptables -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW -j BRUTEFORCE iptables -A BRUTEFORCE -m recent --set iptables -A BRUTEFORCE -m recent --update --seconds 3600 --hitcount 6 -j DROP # echo "-> avoid broadcasts..." iptables -A INPUT -i $EXTERNAL_INTERFACE -d $BROADCAST_NET -j DROP # echo "-> drop the fragging..." iptables -A INPUT -f -j DROP iptables -A INPUT -p tcp --dport 113 -m state --state NEW -j REJECT --reject-with tcp-reset iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --name SSH -j DROP # echo "-> not into X-Mas..." iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP # echo "-> null-la-bye..." iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP # echo "-> dropn sum fellaz..." # uncomment to block ipz: iptables -A INPUT -s 239.192.152.143,181.228.206.138,51.254.213.15,82.221.105.7,106.219.59.202 -j DROP iptables -A INPUT -s 122.162.123.217,43.246.249.217,177.83.170.134,37.214.90.130,82.221.105.7 -j DROP iptables -A INPUT -s 208.52.154.240,213.230.72.206,107.20.135.43,197.221.129.138,123.243.167.240 -j DROP iptables -A INPUT -s 5.133.161.202,77.81.6.234,37.153.173.10,190.117.116.177,197.221.129.138 -j DROP iptables -A INPUT -s 217.19.216.243,212.56.214.203,155.94.254.143,67.21.104.221,50.194.147.69 -j DROP iptables -A INPUT -s 87.252.229.9,5.135.151.181,213.230.73.71,104.238.111.88,185.25.151.159 -j DROP iptables -A INPUT -s 141.212.122.129,91.196.50.33,146.185.239.100,198.20.87.98,185.106.92.113 -j DROP iptables -A INPUT -s 109.205.249.84,98.190.250.74,5.141.215.112,193.242.203.131,87.66.122.232 -j DROP iptables -A INPUT -s 104.1.209.192,62.183.125.123,178.218.202.119,207.232.21.133 -j DROP # sleep 2 # echo "-> ignore bad errerz..." # Ignore bad error messages for f in /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses; do echo 1 > $f done # echo "-> disable response to broadkastz..." # Disable response to broadcasts for f in /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts; do echo 1 > $f done # echo "-> downen source routed paketz..." # Disable Source Routed Packets for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do echo 0 > $f done # echo "-> enabling syn cookie protekshun..." # Enable TCP SYN Cookie Protection for f in /proc/sys/net/ipv4/tcp_syncookies; do echo 1 > $f done # echo "-> disabling redirekz..." # Disable ICMP Redirect Acceptance for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $f done # echo "-> not sending redirekz messuhguz..." # Don't send Redirect Messages for f in /proc/sys/net/ipv4/conf/*/send_redirects; do echo 0 > $f done # echo "-> droppen spoof pakz..." # Drop Spoofed Packets coming in for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f done # echo "-> saven the setz Chewy..." iptables-save # # now that is waaaayyyyy over kill so take out the stuff ya don't want cheerz

AirVPN while traveling in China

LZ1 replied to DrQwe's topic in Troubleshooting and Problems

Hello! Air works in China. At least Shanghai, which is one of the "greats" along with Beijing. Simply make sure you use SSL, in the protocol area. The speeds will probably be slow however. You could get obfsproxy and/or Tor installed on your machine too, in advance. It's true the Great firewall does block a ton of things. However it's not impossible to get through by any means . Air is a small provider and perhaps its veneer of techyness scares many people away and thus you don't hear it mentioned as much; yet tech-wise, Air is still superb. Air doesn't have a strong Asian presence I'd say, but it's still useable. Sent to you from me with datalove

...
1 reply

AirVPN while traveling in China

DrQwe posted a topic in Troubleshooting and Problems

I've used AirVPN for years and will soon be making my first business trip to China. Coworkers have warned me about the firewall and suggested some VPN providers that do well to get through it. None of them have mentioned Air, has anyone here had any problems using it in China, specifically Beijing?

...
1 reply

How to defeat traffic analysis when using a VPN?

zhang888 replied to xairv's topic in General & Suggestions

This is possible from your side, and nothing prevents you from doing that. But nothing can be done from Air Exit <-> Destination for that purpose. Your traffic, real or padded, will go to the destination the same way. SIP consumes less traffic than HTTP sessions, so again not sure what you want to hide there in the multi hundred mbit's of each server, but you can download Linux torrents, it will give the same, if not better effect of random connections. Although it will be still the same destination from your original source IP. This sounds like a mix of technical words without any sense, sorry. I think you should review the concept of NAT and what an "upstream provider" is. What an adversary may see, is 'x' connections to 5 destination ports (22/53/80/443/2018) of an entry IP, and that's it. Then, if they know the exit IP (not a hard task but that will require targeting Air infrastructure specifically, as simple traffic graph is not enough because IPs are different) they will see the exit IP sending traffic to thousands of destinations at random hosts and ports every second. So there is no "traffic graph" - there are 2 unrelated graphs so far, and you cannot proof any relation between them, even if there is a high bandwidth user that is supposed to allegedly "pop out" from the mass - since you cannot know that his source IP is the one that caused the traffic to exit from the exit IP. It could easily be one of the hundred of currently connected clients that just started a streaming/torrent download. Upstream providers has absolutely nothing related to this discussion and it's from completely different part of the networking world. In many cases, real upstream providers of the ISPs the VPN servers are located at, will not even see the source traffic. Because incoming traffic to a VPN server in Germany from a user in China can take completely different route to the ISP than outgoing traffic to United States that the user generates. I consider myself quite familiar with available research on the topic. The more relevant thing I thought you would mention would be the Cisco NetFlow, which all ISPs that are complying with lawful interception are using. None of the links you sent actually talk about public services based on OpenVPN, and only one is talking about comparing TCP ACKs of the client and the destination. This is impossible in case of OpenVPN - since the ACKs of the client<->VPN have completely different timestamps and sequence numbers than the ACKs of the destination<->VPN. And if you are using UDP, there are no ACKs at all so there is very little chance to fingerprint an encrypted AES256 UDP stream with some TCP events at the other end, with tens of thousands IPs and ports at the destination. I asked about a case where an activist was caught using adversarial traffic analysis of a VPN service, which did not include logging, backdoors and targeted attacks.

Server for Finland

xairv replied to Sascha's topic in General & Suggestions

The servers are not placed based on population count, and never will be. India and China has the biggest population count but are the worst possible exit locations, for example. Servers are placed in Neutral datacenters in strategically good places - for example places that can cover connectivity from the entire region with effective peering and lowest latency as possible. Of course price matters as well, but usually countries with developed internet infrastructure have lower prices too (competitive market). I'm aware of that, but earlier you mentioned that Helsinki was not a good location due to its latency to the rest of Europe. Well, it does in fact offer very low latency for people in Russian and Finland who tend to use local resources. For us there currently aren't any good options with AirVPN. Finns can't use local geoblocked resources and Russians have to connect to Sweden to access Russian resources, which involves ~14ms from St. Petersburg to Uppsala and then often ~26ms to servers in Moscow or ~14ms to St. Petersburg. AirVPN already has plenty of servers in niche markets like Latvia, Lithuania. I fail to see how those servers are a strategic advantage. Maybe it appears that way from a Europe-centric view, i.e. low latency to Germany/NL/UK, but we don't use European resources... we use our own Russian and Finnish ones. Who uses those AirVPN servers in the Baltics? Finns? Russians? Wouldn't it be strategically wiser to serve those users (and there are potentially many of them) from a better location?

Server for Finland

zhang888 replied to Sascha's topic in General & Suggestions

The servers are not placed based on population count, and never will be. India and China has the biggest population count but are the worst possible exit locations, for example. Servers are placed in Neutral datacenters in strategically good places - for example places that can cover connectivity from the entire region with effective peering and lowest latency as possible. Of course price matters as well, but usually countries with developed internet infrastructure have lower prices too (competitive market).

United Arab Emirates criminalized VPNs

LZ1 replied to victorab's topic in General & Suggestions

Hello ! Using SSH would help hide the fact that a VPN is being used, if someone was monitoring the network, as in China. It can slow down your connection though. You can alao use a VPN is conjunction with Tor or simply use Tor on its own. It depends what you want to achieve. I haven't read what they've said, but a VPN is only 1 of several different technologies to get around blocks and/or hide your activities. Perhaps you could load a portable version of Eddie onto a USB stick and simply plug it in when you need it. That way, even if your computer is seized, it might not be possible for them to determine that a VPN is or was used. You'd best think of what you're trying to achieve and then plan accordingly

United Arab Emirates criminalized VPNs

victorab posted a topic in General & Suggestions

Hello, As you may know, United Arab Emirates have criminilized the use of VPNs: people who use a VPN risk at least 136K$ and it can go up to jail and 545K$. I will go in Dubai in few days; Am I OK with the standard UDP protocol or should I use SSL or SSH (I don't know if they use DPI)? If this precaution even useful? I know that with systems like in China SSH can be use to bypass a blocking, but when we talk about criminalization it's way different. Thank you

Is it ok to use port TCP port 443 with SSL websites

LZ1 replied to Valunker's topic in General & Suggestions

Hello ! Yes SSL is "more secure" in one sense, but unless you're experiencing severe censorshop, restrictions or other protocols don't work for some reason, then it's not really necessary. It can also slow down your connection even more than a VPN already might, as SSL does add even more required computation to the mix. You have to find out what exactly you're trying to achieve. There's no real reason to use SSL unless as I said, you want to hide your VPN traffic or you're facing heavy restrictions, such as in China. Otherwise, stick to UDP.

...
1 reply

ANSWERED Why is TCP port 80 the only port I have decent speed on?

LZ1 replied to Magenof's topic in Troubleshooting and Problems

It really depends on your specific situation :]. Some ISPs block certain ports and protocols while others don't. It doesn't hurt to experiment though. If it was all the same, it wouldn't be included in the client haha. It's to give you options. If you're in a place like China for instance, then SSL Tunnel on port 443 is pretty much required, for instance.

forwarded ports

go558a83nk replied to rev2k16's topic in Troubleshooting and Problems

if you are running a VPN from your computer to AirVPN then DO NOT forward ports on your router. in your client area, forwarded ports section, create forwarded ports with the internal ports you need input into the local port field. if you can't get connected then something is wrong on your end most likley. unless you're in china or the like...

[MOVING TO TRASH] AirVPN in Russia and China

wer replied to LW4's topic in Off-Topic

Strange headline: neither do I see a server in Russia nor in China. What's your point?

[MOVING TO TRASH] AirVPN in Russia and China

LW4 posted a topic in Off-Topic

With news like this: https://torrentfreak.com/vpn-provider-pia-exits-russia-server-seizures-160712/ "...the passing of a new law last year which requires Internet providers to hold logs of Internet traffic for up to a year" "This means that international companies could be forced to have a physical local presence, to which Russian authorities potentially have access." How is AirVPN able to operate in countries with such strict anti-privacy laws? I would really like to hear from the Air admins on this. It's been a while since they've made comments on the forums.

airvpn broke my internet connection

quindecim replied to iditarod656's topic in Troubleshooting and Problems

Hi iditarod656, i'm copy and pasting my experience and solution to this issue that i also posted in the pinned thread ' Can only connect to the internet (browser) through AirVPN ' that also deals with this same issue, because i think i've encountered the same issue as you have and it was really quite easy to fix! I hope you don't give up on AirVPN. i have dealt with a various VPN's in the past and AirVPN is by far the most impressive. i don't think i will be looking elsewhere for any other VPN's in the future. I would like faster speeds , but privacy is paramount for myself and this is AirVPN's strongpoint! Also do like those servers hosted in China and Ukraine you just need to follow as the guide says: 1. disconnect eddie, remove all network locks etc 2. go to the network change adapter settings, and reset the ipv4 DNS to 'automatic' 3. go to windows firewall, reset default settings 4. reconnect eddie , apply windows firewall network lock, connect, disconnect, etc, and see that the issue is now fixed! 5. and remember to always shut eddie down correctly by disconnecting, removing network locks, and exiting the program. I was worried at first too but it only took me about 10-15 minutes on how to work it out. Copy and pasted reply from my other thread in the hopes that anyone who encounters the same problem will find my experience and solution and hopefully be able to fix it too! Hi guys, Just chiming in here to explain what fixed this for me. So what caused the issue is i didnt close eddie properly and computer had to be reset while un-installing new software. when i restarted windows, i was getting the standard "network lock activated" response, whereby no internet traffic works at all. Connecting and re-connecting the VPN, reapplying and removing the network lock, reseting, etc, had no effect. also changing the network lock protocal in preferences from 'windows firewall'to 'automatic', and then re-connecting, disconnecting, resetting, etc, all had no effect. so i stumbled onto this guide. First attempt i did the reset DNS settings thing in control panel, and reset ipv4 DNS from a pre-selected server to "automatic". no effect, same issue. I then went into windwos firewall settings and restored the defaults, and then re-opened eddie and applied the network lock and its now working again. i re-checked the DNS settings, and AirVPN has re-applied the correct ipv4 settings that i previously changed to automatic. I also re-checked my windows firewall settings and they appear to be set correctly, but is there a way i can check this? Obviously the network lock feature is important to have working correctly, so i would like to be sure that my AirVPN firewall settings have been re-applied correctly? Is it enough to verify that when network lock is activated, that if all other connections are inactive, then it is working correctly? To my mind i think that is correct, but would like to get some confirmation from the Guru's on here for peace of mind. TL;DR -- 1. didnt shut eddie down properly, network lock malfunctioned and was perma-locked, only able to access internet via eddie 2. followed directions in OP and went into network DNS settings, reset ipv4 DNS to 'automatic'. 3. went into windows firewall settings and restored defaults. 4. reconnected to eddie, re-applied network lock (re-applies DNS and firewall settings), and am back to normal now.

question about VPN safety in general

LZ1 replied to bafdbf's topic in General & Suggestions

Hello ! I recommend you take a look at torrentfreak.com and you'll find there's countless stories of very well-funded organisations hunting down people who torrent stuff. You'll find that despite their efforts, both legal and otherwise, they're still failing at consistently finding and even less so, imprisoning or fining downloaders. Also: - There's shared IPs. Meaning multiple users share the same IP address. - Multiple servers around the world you can connect to and thus different jurisdictions/rules. - AirVPN is logless and makes constant attempts at securing their users. - Not all ISPs are interested in following up on copyright notices and not all are capable of it either. - Having an IP address isn't necessarily proof of any wrongdoing. For instance, when you're in a swarm, your IP is shared regardless of if you're downloading or uploading anything at all. - It's not necessarily easy to see when someone is using a VPN.With AirVPN, you can mask VPN traffic to look like generic traffic. This is how you get around high-level censorship in places like China, where VPNs are actively blocked. - Air offers their own DNS services too, so you won't use your ISPs; meaning they still won't be able to see what you do. - For general browsing, but not torrenting, Air is one of the view VPNs which offers the option of routing VPN traffic through the anonymizing network known as TOR, for an additional level of privacy and security. - AirVPN has an active policy of ignoring DMCA requests. Meaning it doesn't matter if someone was watching the peer list. Companies already do this and they're still failing as well. - The nature of the VPNs encrypted traffic is to prevent people looking over your shoulder to start with. - Torrenting/Bittorrent are not illegal in and of themselves. Bittorent is a protocol and torrenting is an act of downloading. It depends on what you're downloading and where it's from. So in short, if you take your precautions and do things like: - Use an open-sourced client, such as qBittorent and configure it correctly. - Use Network Lock in Airs "Eddie" VPN program or similar. - Plug the various IP leaks in your browser, by checking Airs website www.ipleak.net (not dot com) - Download from reputable sources and don't download stuff like child porn, etc. - Generally keep your OS, browser and client software up to date. Then you won't have anything to worry about, for the most part :]. I also recommend taking a look at this: https://www.goldenfrog.com/blog/myths-about-vpn-logging-and-anonymity https://superuser.com/questions/609406/if-one-uses-a-vpn-can-the-isp-still-see-or-know-what-exact-urls-one-visits-o Ignore the self-advertising on goldenfrog, but do read the various points.

ANSWERED Some general questions.

vpnuser1285 posted a topic in General & Suggestions

I am going to buy AirVPN but i have a question before i do so. I am located in Iran and there has recently been a crack down on even more VPN protocols (openvpn just got blocked) so now the conventional ovpn connection wont do the job, i have tried a few vpn roviders (mostly free trials of the) and the only one that has been successful was Astrill VPN, and i believe they use SSL? Another worry that i have is connecting on my iPhone, since AirVPN doesnt have an application on the Appstore, we are limited to using the OpenVPN app, i was wondering if the Openvpn app supports ssl? Also the good thing about astrill for me is that it was an app on the app store and it uses a method called "Astrill vpn" to connect apparently, thats what i read on the profile of the vpn in the settings, but the point is that it works, i was wondering if there are any users in iran or in china, or even in any other country that blocks normal openvpn connection, and if so, how to do you connect on your mobile devices, does the openvpn app work for you? Cheers.

Search the Community

Search By Tags

Search By Author

Content Type

Forums

Product Groups

Find results in...

Find results that contain...

Date Created

Start

End

Last Updated

Start

End

Filter by number of...

Minimum number of replies

Minimum number of reviews

Minimum number of views

Joined

Start

End

Group

Website URL

Twitter

Mastodon

AIM

MSN

ICQ

Yahoo

XMPP / Jabber

Skype

Location

Interests