Search the Community

Hello! Our service is based on OpenVPN and OpenVPN connections are very often (but not always) disrupted in most China residential lines. This is possible because OpenVPN packets headers (not payload, which are of course encrypted) have some additional information for packet re-ordering that make them discernible (with DPI) from pure TLS/SSL connections. In order to bypass the block, OpenVPN over SSL is necessary. The first SSL tunnel encrypts the OpenVPN "fingerprint" to make it not detectable. The method has been tested as successful since more than a year ago from various China areas, including Shanghai and Beijing. Our client Eddie (for Linux, OS X and Windows) implements OpenVPN over SSL, that can be activated with a click. All of our VPN servers accept this connection mode. In our client Eddie, select "AirVPN" -> "Preferences" -> "Protocols". Select "SSL Tunnel - Port 443". Click "Save", then connect to a server. Kind regards

The day before yesterday i registered at private tunnel and try its OpenVPN connection. The funny thing is that i can never connect after installation. I know that great firewall is malicious and very strong. I want to buy a fast vpn for the whole family and it's harder than setting up a free vpn:)

I run my own OpenVPN server, at my home in US, which I use when traveling, and Hulu is 100% working, in China and the Middle East. Hence I know this should be an easy fix.

Hello, it is not simple to implement it in our service, there are serious issues. Anyway our reports from China are very good, there is no need at the moment to add anything else, especially something so problematic like the proposed patch. Kind regards

Airvpn has server in Hong Kong, NOT mainland China. Hong Kong and mainland China are NOT the same. It is totally different case. Mainland China is actively control of speech, control news, internet filtering through "Great Firewall of China", block most vpn traffic, block many western popular websites etc. All these doesn't apply to Hong Kong and most HK ISP doesn't keep logs. Anyway I vote Yes. More is better if possible.

China isn't known to welcome privacy as well and Airvpn has servers there. I have no doubt that the possibility is given to get a valid server in Australia instead its all about whether its worth it.

Hello! Our service is based on OpenVPN and OpenVPN connections are disrupted in most China residential lines. This is possible because OpenVPN packets headers (not payload, which are of course encrypted) have some additional information for packet re-ordering that make them discernible (with DPI) from pure TLS/SSL connections. In order to bypass the block, OpenVPN over SSL is necessary. The first SSL tunnel encrypts the OpenVPN "fingerprint" to make it not detectable. The method has been tested as successful since more than a year ago from various China areas, including Shanghai and Beijing. OpenVPN over SSL is available for Linux, Windows and OS X Mavericks only. It is not working on Android and iOS for limitations of the openvpn app. Anyway, many mobile networks in China do not block OpenVPN, so this is a relatively minor problem. Our client Eddie (for Linux, OS X and Windows) implements OpenVPN over SSL, that can be activated with a click. All of our VPN servers accept this connection mode. In Eddie, go to "AirVPN" -> "Preferences" -> "Protocol". Select "SSL Tunnel - Port 443", click "Save" and finally connect to a server. Kind regards

I'm having problems keeping a steady connection over AirVpn to any servers. It seems to go great for about 30 seconds and i get great speed however, it then slows down and basically disconnects. IT's making it nearly impossible to use my internet here. Is anyone else having this issue and is there any way to fix this?

Hello! Our service is based on OpenVPN and OpenVPN connections are disrupted in most China residential lines. This is possible because OpenVPN packets headers (not payload, which are of course encrypted) have some additional information for packet re-ordering that make them discernible (with DPI) from pure TLS/SSL connections. PPTP with insecure authentication (not supported by us) is not disrupted (that's why you could use other non-OpenVPN based services, probably), maybe because it's not a problem for Chinese authorities (they can break it and decrypt the traffic flow very quickly and easily). In order to bypass the block, OpenVPN over SSL is necessary. The first SSL tunnel encrypts the OpenVPN "fingerprint" to make it not detectable. The method has been tested as successful since more than a year ago from various China areas, including Shanghai and Beijing. Unfortunately, OpenVPN over SSL is available for Linux, Windows and OS X only. It is not working on Android and iOS for limitations of the openvpn app. Anyway, many mobile networks in China do not block OpenVPN, so this is a relatively minor problem. Our client Eddie (for Linux, OS X and Windows) implements OpenVPN over SSL, that can be activated with a click. All of our VPN servers accept this connection mode. On Eddie, click "AirVPN" button, select "Preferences", click "Protocols" tab, select "SSL Tunnel - Port 443" and click "Save". As you can see from the logs, Eddie client is perfectly capable to establish a connection even if your system can't reach our web site. Please contact us in private (open a ticket) if you want to access our web site even without VPN. Kind regards

Hello, I bought AirVPN to mainly use it in China and well... it doesn't work :/ I'm gonna travel for 6 months in China and i'm currently in Guilin (south of China). I'm using AirVPN client on MacOSX 10.9.4 and sometimes it works but mainly it don't. This is the logs : I 2014.09.14 12:21:54 - Session starting. ! 2014.09.14 12:21:54 - Checking environment ! 2014.09.14 12:21:54 - Checking authorization . 2014.09.14 12:21:55 - Error getting response stream (ReadDone1): ReceiveFailure . 2014.09.14 12:21:55 - Error getting response stream (ReadDone1): ReceiveFailure . 2014.09.14 12:22:05 - The request timed out ! 2014.09.14 12:22:06 - Connecting to Electra (United States, Manassas, Virginia) . 2014.09.14 12:22:06 - OpenVPN > OpenVPN 2.3.4 x86_64-apple-darwin13.2.0 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 18 2014 . 2014.09.14 12:22:06 - OpenVPN > library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.05 . 2014.09.14 12:22:06 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2014.09.14 12:22:06 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file . 2014.09.14 12:22:06 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2014.09.14 12:22:06 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2014.09.14 12:22:06 - OpenVPN > Socket Buffers: R=[196724->65536] S=[9216->65536] . 2014.09.14 12:22:06 - OpenVPN > UDPv4 link local: [undef] . 2014.09.14 12:22:06 - OpenVPN > UDPv4 link remote: [AF_INET]199.115.117.225:443 . 2014.09.14 12:22:06 - OpenVPN > TLS: Initial packet from [AF_INET]199.115.117.225:443, sid=96fcccd4 c989704f . 2014.09.14 12:22:08 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2014.09.14 12:22:08 - OpenVPN > Validating certificate key usage . 2014.09.14 12:22:08 - OpenVPN > ++ Certificate has key usage 00a0, expects 00a0 . 2014.09.14 12:22:08 - OpenVPN > VERIFY KU OK . 2014.09.14 12:22:08 - OpenVPN > Validating certificate extended key usage . 2014.09.14 12:22:08 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2014.09.14 12:22:08 - OpenVPN > VERIFY EKU OK . 2014.09.14 12:22:08 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org . 2014.09.14 12:22:15 - OpenVPN > Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key . 2014.09.14 12:22:15 - OpenVPN > Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication . 2014.09.14 12:22:15 - OpenVPN > Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key . 2014.09.14 12:22:15 - OpenVPN > Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication . 2014.09.14 12:22:15 - OpenVPN > Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA . 2014.09.14 12:22:15 - OpenVPN > [server] Peer Connection Initiated with [AF_INET]199.115.117.225:443 . 2014.09.14 12:22:17 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) . 2014.09.14 12:22:17 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.4.0.1,comp-lzo no,route 10.4.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.4.65.250 10.4.65.249' . 2014.09.14 12:22:17 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified . 2014.09.14 12:22:17 - OpenVPN > OPTIONS IMPORT: LZO parms modified . 2014.09.14 12:22:17 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified . 2014.09.14 12:22:17 - OpenVPN > OPTIONS IMPORT: route options modified . 2014.09.14 12:22:17 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified . 2014.09.14 12:22:17 - OpenVPN > Opened utun device utun0 . 2014.09.14 12:22:17 - OpenVPN > do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 . 2014.09.14 12:22:17 - OpenVPN > /sbin/ifconfig utun0 delete . 2014.09.14 12:22:17 - OpenVPN > ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address . 2014.09.14 12:22:17 - OpenVPN > NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure . 2014.09.14 12:22:17 - OpenVPN > /sbin/ifconfig utun0 10.4.65.250 10.4.65.249 mtu 1500 netmask 255.255.255.255 up . 2014.09.14 12:22:17 - OpenVPN > /sbin/route add -net 199.115.117.225 192.168.1.1 255.255.255.255 . 2014.09.14 12:22:17 - OpenVPN > add net 199.115.117.225: gateway 192.168.1.1 . 2014.09.14 12:22:17 - OpenVPN > /sbin/route add -net 0.0.0.0 10.4.65.249 128.0.0.0 . 2014.09.14 12:22:17 - OpenVPN > add net 0.0.0.0: gateway 10.4.65.249 . 2014.09.14 12:22:17 - OpenVPN > /sbin/route add -net 128.0.0.0 10.4.65.249 128.0.0.0 . 2014.09.14 12:22:17 - OpenVPN > add net 128.0.0.0: gateway 10.4.65.249 . 2014.09.14 12:22:17 - OpenVPN > /sbin/route add -net 10.4.0.1 10.4.65.249 255.255.255.255 . 2014.09.14 12:22:17 - OpenVPN > add net 10.4.0.1: gateway 10.4.65.249 . 2014.09.14 12:22:17 - Starting Management Interface . 2014.09.14 12:22:17 - OpenVPN > Initialization Sequence Completed I 2014.09.14 12:22:18 - DNS of a network adapter forced (SAMSUNG_Android) I 2014.09.14 12:22:18 - DNS of a network adapter forced (Wi-Fi) I 2014.09.14 12:22:18 - DNS of a network adapter forced (Bluetooth PAN) I 2014.09.14 12:22:18 - DNS of a network adapter forced (Thunderbolt Bridge) ! 2014.09.14 12:22:18 - Flushing DNS ! 2014.09.14 12:22:18 - Checking route ! 2014.09.14 12:22:23 - Connected. . 2014.09.14 12:22:23 - OpenVpn Management > >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info . 2014.09.14 12:22:23 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3100 . 2014.09.14 12:51:38 - OpenVPN > write UDPv4: Network is down (code=50) . 2014.09.14 13:01:10 - OpenVPN > [server] Inactivity timeout (--ping-restart), restarting . 2014.09.14 13:01:10 - OpenVPN > SIGUSR1[soft,ping-restart] received, process restarting . 2014.09.14 13:01:10 - OpenVPN > Restart pause, 2 second(s) ! 2014.09.14 13:01:10 - Disconnecting . 2014.09.14 13:01:10 - Management - Send 'signal SIGTERM' . 2014.09.14 13:01:10 - OpenVPN > MANAGEMENT: CMD 'signal SIGTERM' . 2014.09.14 13:01:10 - OpenVPN > MANAGEMENT: Client disconnected . 2014.09.14 13:01:10 - OpenVPN > Assertion failed at misc.c:785 . 2014.09.14 13:01:10 - OpenVPN > Exiting due to fatal error . 2014.09.14 13:01:10 - Connection terminated. I 2014.09.14 13:01:10 - DNS of a network adapter restored to original settings (SAMSUNG_Android) I 2014.09.14 13:01:10 - DNS of a network adapter restored to original settings (Wi-Fi) I 2014.09.14 13:01:10 - DNS of a network adapter restored to original settings (Bluetooth PAN) I 2014.09.14 13:01:10 - DNS of a network adapter restored to original settings (Thunderbolt Bridge) ! 2014.09.14 13:01:14 - Waiting for latency tests ! 2014.09.14 13:01:14 - Checking authorization . 2014.09.14 13:01:14 - Error: ConnectFailure (Network is unreachable) . 2014.09.14 13:01:14 - Error: ConnectFailure (Network is unreachable) . 2014.09.14 13:01:14 - Error: ConnectFailure (Network is unreachable) . 2014.09.14 13:01:14 - Error: ConnectFailure (Network is unreachable) . 2014.09.14 13:01:14 - Error: ConnectFailure (Network is unreachable) . 2014.09.14 13:01:14 - Error: NameResolutionFailure . 2014.09.14 13:01:14 - Error: NameResolutionFailure . 2014.09.14 13:01:14 - Error: NameResolutionFailure W 2014.09.14 13:01:14 - Error: ConnectFailure (Network is unreachable) ! 2014.09.14 13:01:17 - Checking authorization . 2014.09.14 13:01:18 - Error getting response stream (ReadDone1): ReceiveFailure . 2014.09.14 13:01:18 - Error getting response stream (ReadDone1): ReceiveFailure . 2014.09.14 13:01:28 - The request timed out ! 2014.09.14 13:01:29 - Connecting to Kuma (United States, Manassas, Virginia) . 2014.09.14 13:01:29 - OpenVPN > OpenVPN 2.3.4 x86_64-apple-darwin13.2.0 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 18 2014 . 2014.09.14 13:01:29 - OpenVPN > library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.05 . 2014.09.14 13:01:29 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2014.09.14 13:01:29 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file . 2014.09.14 13:01:29 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2014.09.14 13:01:29 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2014.09.14 13:01:29 - OpenVPN > Socket Buffers: R=[196724->65536] S=[9216->65536] . 2014.09.14 13:01:29 - OpenVPN > UDPv4 link local: [undef] . 2014.09.14 13:01:29 - OpenVPN > UDPv4 link remote: [AF_INET]199.115.117.213:443 . 2014.09.14 13:01:29 - OpenVPN > TLS: Initial packet from [AF_INET]199.115.117.213:443, sid=4b058068 adbfd6e5 . 2014.09.14 13:01:30 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2014.09.14 13:01:30 - OpenVPN > Validating certificate key usage . 2014.09.14 13:01:30 - OpenVPN > ++ Certificate has key usage 00a0, expects 00a0 . 2014.09.14 13:01:30 - OpenVPN > VERIFY KU OK . 2014.09.14 13:01:30 - OpenVPN > Validating certificate extended key usage . 2014.09.14 13:01:30 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2014.09.14 13:01:30 - OpenVPN > VERIFY EKU OK . 2014.09.14 13:01:30 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org . 2014.09.14 13:01:59 - Error getting response stream (ReadDone1): ReceiveFailure . 2014.09.14 13:01:59 - Error: SendFailure (Error writing headers) . 2014.09.14 13:02:05 - OpenVPN > [server] Inactivity timeout (--ping-exit), exiting . 2014.09.14 13:02:05 - OpenVPN > SIGTERM received, sending exit notification to peer . 2014.09.14 13:02:09 - The request timed out . 2014.09.14 13:02:10 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting ! 2014.09.14 13:02:10 - Disconnecting . 2014.09.14 13:02:10 - Connection terminated. ! 2014.09.14 13:02:13 - Checking authorization . 2014.09.14 13:02:13 - Error getting response stream (ReadDone1): ReceiveFailure . 2014.09.14 13:02:23 - The request timed out . 2014.09.14 13:02:33 - The request timed out ! 2014.09.14 13:02:34 - Connecting to Kuma (United States, Manassas, Virginia) . 2014.09.14 13:02:34 - OpenVPN > OpenVPN 2.3.4 x86_64-apple-darwin13.2.0 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 18 2014 . 2014.09.14 13:02:34 - OpenVPN > library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.05 . 2014.09.14 13:02:34 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2014.09.14 13:02:34 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file . 2014.09.14 13:02:34 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2014.09.14 13:02:34 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2014.09.14 13:02:34 - OpenVPN > Socket Buffers: R=[196724->65536] S=[9216->65536] . 2014.09.14 13:02:34 - OpenVPN > UDPv4 link local: [undef] . 2014.09.14 13:02:34 - OpenVPN > UDPv4 link remote: [AF_INET]199.115.117.213:443 . 2014.09.14 13:02:34 - OpenVPN > TLS: Initial packet from [AF_INET]199.115.117.213:443, sid=4fa4de69 82f0a521 . 2014.09.14 13:02:35 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2014.09.14 13:02:35 - OpenVPN > Validating certificate key usage . 2014.09.14 13:02:35 - OpenVPN > ++ Certificate has key usage 00a0, expects 00a0 . 2014.09.14 13:02:35 - OpenVPN > VERIFY KU OK . 2014.09.14 13:02:35 - OpenVPN > Validating certificate extended key usage . 2014.09.14 13:02:35 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2014.09.14 13:02:35 - OpenVPN > VERIFY EKU OK . 2014.09.14 13:02:35 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org . 2014.09.14 13:03:34 - OpenVPN > TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) . 2014.09.14 13:03:34 - OpenVPN > TLS Error: TLS handshake failed . 2014.09.14 13:03:34 - OpenVPN > SIGUSR1[soft,tls-error] received, process restarting . 2014.09.14 13:03:34 - OpenVPN > Restart pause, 2 second(s) ! 2014.09.14 13:03:34 - Disconnecting . 2014.09.14 13:03:34 - Connection terminated. ! 2014.09.14 13:03:37 - Checking authorization . 2014.09.14 13:03:38 - Error getting response stream (ReadDone1): ReceiveFailure . 2014.09.14 13:03:48 - The request timed out . 2014.09.14 13:03:58 - The request timed out ! 2014.09.14 13:03:59 - Connecting to Kuma (United States, Manassas, Virginia) . 2014.09.14 13:03:59 - OpenVPN > OpenVPN 2.3.4 x86_64-apple-darwin13.2.0 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 18 2014 . 2014.09.14 13:03:59 - OpenVPN > library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.05 . 2014.09.14 13:03:59 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2014.09.14 13:03:59 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file . 2014.09.14 13:03:59 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2014.09.14 13:03:59 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2014.09.14 13:03:59 - OpenVPN > Socket Buffers: R=[196724->65536] S=[9216->65536] . 2014.09.14 13:03:59 - OpenVPN > UDPv4 link local: [undef] . 2014.09.14 13:03:59 - OpenVPN > UDPv4 link remote: [AF_INET]199.115.117.213:443 . 2014.09.14 13:03:59 - OpenVPN > TLS: Initial packet from [AF_INET]199.115.117.213:443, sid=12e18f82 107b3b50 . 2014.09.14 13:04:01 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2014.09.14 13:04:01 - OpenVPN > Validating certificate key usage . 2014.09.14 13:04:01 - OpenVPN > ++ Certificate has key usage 00a0, expects 00a0 . 2014.09.14 13:04:01 - OpenVPN > VERIFY KU OK . 2014.09.14 13:04:01 - OpenVPN > Validating certificate extended key usage . 2014.09.14 13:04:01 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2014.09.14 13:04:01 - OpenVPN > VERIFY EKU OK . 2014.09.14 13:04:01 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org . 2014.09.14 13:04:36 - OpenVPN > [server] Inactivity timeout (--ping-exit), exiting . 2014.09.14 13:04:36 - OpenVPN > SIGTERM received, sending exit notification to peer . 2014.09.14 14:03:36 - OpenVPN > [server] Inactivity timeout (--ping-exit), exiting . 2014.09.14 14:03:36 - OpenVPN > SIGTERM[soft,ping-exit] received, process exiting ! 2014.09.14 14:03:36 - Disconnecting . 2014.09.14 14:03:36 - Connection terminated. I 2014.09.14 14:03:36 - Session terminated. . 2014.09.14 14:04:09 - Error getting response stream (ReadDone1): ReceiveFailure . 2014.09.14 14:04:19 - The request timed out . 2014.09.14 14:04:29 - The request timed out . 2014.09.14 14:04:39 - The request timed out I 2014.09.14 14:06:18 - Session starting. ! 2014.09.14 14:06:18 - Checking environment ! 2014.09.14 14:06:18 - Checking authorization . 2014.09.14 14:06:18 - Error getting response stream (ReadDone1): ReceiveFailure . 2014.09.14 14:06:28 - The request timed out . 2014.09.14 14:06:38 - The request timed out ! 2014.09.14 14:06:39 - Connecting to Kuma (United States, Manassas, Virginia) . 2014.09.14 14:06:39 - OpenVPN > OpenVPN 2.3.4 x86_64-apple-darwin13.2.0 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 18 2014 . 2014.09.14 14:06:39 - OpenVPN > library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.05 . 2014.09.14 14:06:39 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2014.09.14 14:06:39 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file . 2014.09.14 14:06:39 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2014.09.14 14:06:39 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2014.09.14 14:06:39 - OpenVPN > Socket Buffers: R=[196724->65536] S=[9216->65536] . 2014.09.14 14:06:39 - OpenVPN > UDPv4 link local: [undef] . 2014.09.14 14:06:39 - OpenVPN > UDPv4 link remote: [AF_INET]199.115.117.213:443 . 2014.09.14 14:06:40 - OpenVPN > TLS: Initial packet from [AF_INET]199.115.117.213:443, sid=f685cd52 e1cfa20b . 2014.09.14 14:06:41 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2014.09.14 14:06:41 - OpenVPN > Validating certificate key usage . 2014.09.14 14:06:41 - OpenVPN > ++ Certificate has key usage 00a0, expects 00a0 . 2014.09.14 14:06:41 - OpenVPN > VERIFY KU OK . 2014.09.14 14:06:41 - OpenVPN > Validating certificate extended key usage . 2014.09.14 14:06:41 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2014.09.14 14:06:41 - OpenVPN > VERIFY EKU OK . 2014.09.14 14:06:41 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org . 2014.09.14 14:07:17 - OpenVPN > [server] Inactivity timeout (--ping-exit), exiting . 2014.09.14 14:07:17 - OpenVPN > SIGTERM received, sending exit notification to peer . 2014.09.14 14:07:23 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting ! 2014.09.14 14:07:23 - Disconnecting . 2014.09.14 14:07:23 - Connection terminated. ! 2014.09.14 14:07:26 - Checking authorization . 2014.09.14 14:07:26 - Error: SendFailure (Error writing headers) . 2014.09.14 14:07:36 - The request timed out . 2014.09.14 14:07:46 - The request timed out ! 2014.09.14 14:07:47 - Connecting to Kuma (United States, Manassas, Virginia) . 2014.09.14 14:07:47 - OpenVPN > OpenVPN 2.3.4 x86_64-apple-darwin13.2.0 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 18 2014 . 2014.09.14 14:07:47 - OpenVPN > library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.05 . 2014.09.14 14:07:47 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2014.09.14 14:07:47 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file . 2014.09.14 14:07:47 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2014.09.14 14:07:47 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2014.09.14 14:07:47 - OpenVPN > Socket Buffers: R=[196724->65536] S=[9216->65536] . 2014.09.14 14:07:47 - OpenVPN > UDPv4 link local: [undef] . 2014.09.14 14:07:47 - OpenVPN > UDPv4 link remote: [AF_INET]199.115.117.213:443 . 2014.09.14 14:07:48 - OpenVPN > TLS: Initial packet from [AF_INET]199.115.117.213:443, sid=c8379507 0d5926a1 . 2014.09.14 14:07:49 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2014.09.14 14:07:49 - OpenVPN > Validating certificate key usage . 2014.09.14 14:07:49 - OpenVPN > ++ Certificate has key usage 00a0, expects 00a0 . 2014.09.14 14:07:49 - OpenVPN > VERIFY KU OK . 2014.09.14 14:07:49 - OpenVPN > Validating certificate extended key usage . 2014.09.14 14:07:49 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2014.09.14 14:07:49 - OpenVPN > VERIFY EKU OK . 2014.09.14 14:07:49 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org . 2014.09.14 14:08:24 - OpenVPN > [server] Inactivity timeout (--ping-exit), exiting . 2014.09.14 14:08:24 - OpenVPN > SIGTERM received, sending exit notification to peer . 2014.09.14 14:08:29 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting ! 2014.09.14 14:08:29 - Disconnecting . 2014.09.14 14:08:29 - Connection terminated. ! 2014.09.14 14:08:32 - Checking authorization . 2014.09.14 14:08:42 - The request timed out . 2014.09.14 14:08:52 - The request timed out . 2014.09.14 14:09:02 - The request timed out ! 2014.09.14 14:09:03 - Connecting to Kuma (United States, Manassas, Virginia) . 2014.09.14 14:09:03 - OpenVPN > OpenVPN 2.3.4 x86_64-apple-darwin13.2.0 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 18 2014 . 2014.09.14 14:09:03 - OpenVPN > library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.05 . 2014.09.14 14:09:03 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2014.09.14 14:09:03 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file . 2014.09.14 14:09:03 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2014.09.14 14:09:03 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2014.09.14 14:09:03 - OpenVPN > Socket Buffers: R=[196724->65536] S=[9216->65536] . 2014.09.14 14:09:03 - OpenVPN > UDPv4 link local: [undef] . 2014.09.14 14:09:03 - OpenVPN > UDPv4 link remote: [AF_INET]199.115.117.213:443 . 2014.09.14 14:09:04 - OpenVPN > TLS: Initial packet from [AF_INET]199.115.117.213:443, sid=4626bcab 57fd1f75 . 2014.09.14 14:09:05 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2014.09.14 14:09:05 - OpenVPN > Validating certificate key usage . 2014.09.14 14:09:05 - OpenVPN > ++ Certificate has key usage 00a0, expects 00a0 . 2014.09.14 14:09:05 - OpenVPN > VERIFY KU OK . 2014.09.14 14:09:05 - OpenVPN > Validating certificate extended key usage . 2014.09.14 14:09:05 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2014.09.14 14:09:05 - OpenVPN > VERIFY EKU OK . 2014.09.14 14:09:05 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org . 2014.09.14 14:09:40 - OpenVPN > [server] Inactivity timeout (--ping-exit), exiting . 2014.09.14 14:09:40 - OpenVPN > SIGTERM received, sending exit notification to peer . 2014.09.14 14:09:45 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting ! 2014.09.14 14:09:45 - Disconnecting . 2014.09.14 14:09:45 - Connection terminated. I 2014.09.14 14:09:45 - Cancel requested. I 2014.09.14 14:09:45 - Session terminated. I 2014.09.14 14:10:49 - Session starting. ! 2014.09.14 14:10:49 - Checking environment ! 2014.09.14 14:10:49 - Checking authorization . 2014.09.14 14:10:59 - The request timed out . 2014.09.14 14:11:09 - The request timed out . 2014.09.14 14:11:19 - The request timed out ! 2014.09.14 14:11:20 - Connecting to Hadar (Hong Kong, Hong Kong) . 2014.09.14 14:11:20 - OpenVPN > OpenVPN 2.3.4 x86_64-apple-darwin13.2.0 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 18 2014 . 2014.09.14 14:11:20 - OpenVPN > library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.05 . 2014.09.14 14:11:20 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2014.09.14 14:11:20 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file . 2014.09.14 14:11:20 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2014.09.14 14:11:20 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2014.09.14 14:11:20 - OpenVPN > Socket Buffers: R=[196724->65536] S=[9216->65536] . 2014.09.14 14:11:20 - OpenVPN > UDPv4 link local: [undef] . 2014.09.14 14:11:20 - OpenVPN > UDPv4 link remote: [AF_INET]103.10.197.186:443 . 2014.09.14 14:11:20 - OpenVPN > TLS: Initial packet from [AF_INET]103.10.197.186:443, sid=c6944af9 f68af350 . 2014.09.14 14:12:20 - OpenVPN > TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) . 2014.09.14 14:12:20 - OpenVPN > TLS Error: TLS handshake failed . 2014.09.14 14:12:20 - OpenVPN > SIGUSR1[soft,tls-error] received, process restarting . 2014.09.14 14:12:20 - OpenVPN > Restart pause, 2 second(s) ! 2014.09.14 14:12:20 - Disconnecting . 2014.09.14 14:12:20 - Connection terminated. ! 2014.09.14 14:12:23 - Checking authorization . 2014.09.14 14:12:33 - The request timed out . 2014.09.14 14:12:43 - The request timed out . 2014.09.14 14:12:53 - The request timed out ! 2014.09.14 14:12:54 - Connecting to Kuma (United States, Manassas, Virginia) . 2014.09.14 14:12:54 - OpenVPN > OpenVPN 2.3.4 x86_64-apple-darwin13.2.0 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 18 2014 . 2014.09.14 14:12:54 - OpenVPN > library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.05 . 2014.09.14 14:12:54 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2014.09.14 14:12:54 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file . 2014.09.14 14:12:54 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2014.09.14 14:12:54 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2014.09.14 14:12:54 - OpenVPN > Socket Buffers: R=[196724->65536] S=[9216->65536] . 2014.09.14 14:12:54 - OpenVPN > UDPv4 link local: [undef] . 2014.09.14 14:12:54 - OpenVPN > UDPv4 link remote: [AF_INET]199.115.117.213:443 . 2014.09.14 14:12:55 - OpenVPN > TLS: Initial packet from [AF_INET]199.115.117.213:443, sid=c7c6f319 0d40277c . 2014.09.14 14:12:56 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2014.09.14 14:12:56 - OpenVPN > Validating certificate key usage . 2014.09.14 14:12:56 - OpenVPN > ++ Certificate has key usage 00a0, expects 00a0 . 2014.09.14 14:12:56 - OpenVPN > VERIFY KU OK . 2014.09.14 14:12:56 - OpenVPN > Validating certificate extended key usage . 2014.09.14 14:12:56 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2014.09.14 14:12:56 - OpenVPN > VERIFY EKU OK . 2014.09.14 14:12:56 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org . 2014.09.14 14:12:59 - OpenVPN > Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key . 2014.09.14 14:12:59 - OpenVPN > Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication . 2014.09.14 14:12:59 - OpenVPN > Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key . 2014.09.14 14:12:59 - OpenVPN > Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication . 2014.09.14 14:12:59 - OpenVPN > Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA . 2014.09.14 14:12:59 - OpenVPN > [server] Peer Connection Initiated with [AF_INET]199.115.117.213:443 . 2014.09.14 14:13:02 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) . 2014.09.14 14:13:07 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) . 2014.09.14 14:13:12 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) . 2014.09.14 14:13:17 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) . 2014.09.14 14:13:22 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) . 2014.09.14 14:13:27 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) . 2014.09.14 14:13:32 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) . 2014.09.14 14:13:37 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) . 2014.09.14 14:13:42 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) . 2014.09.14 14:13:47 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) . 2014.09.14 14:13:52 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) . 2014.09.14 14:13:57 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) . 2014.09.14 14:14:02 - OpenVPN > No reply from server after sending 12 push requests . 2014.09.14 14:14:02 - OpenVPN > SIGUSR1[soft,no-push-reply] received, process restarting . 2014.09.14 14:14:02 - OpenVPN > Restart pause, 2 second(s) . 2014.09.14 14:14:04 - OpenVPN > Socket Buffers: R=[196724->65536] S=[9216->65536] . 2014.09.14 14:14:04 - OpenVPN > UDPv4 link local: [undef] . 2014.09.14 14:14:04 - OpenVPN > UDPv4 link remote: [AF_INET]199.115.117.213:443 . 2014.09.14 14:14:05 - OpenVPN > TLS: Initial packet from [AF_INET]199.115.117.213:443, sid=04fe4f86 f46d7934 ! 2014.09.14 14:14:07 - Disconnecting . 2014.09.14 14:14:07 - Connection terminated. I 2014.09.14 14:14:07 - Cancel requested. I 2014.09.14 14:14:07 - Session terminated. . 2014.09.14 14:15:05 - The request timed out . 2014.09.14 14:15:15 - The request timed out . 2014.09.14 14:15:25 - The request timed out BTW your site is completly blocked from China. [parts removed to protect competing services, see answer to this message] So what can i do now ? Thanks !

Having SSL for Android is a priority, I cannot get any of the non ssl to work in China. Its seems that OpenVPN actually does SLL so why the delay?

A China-based dictionary website. I couldn't access the site since two weeks or so ago. Thank you.

"Some events happen whether we want them to or not." This is a quote taken from a sign in the game Antichamber. It will appear on the wall of signs in the starting room after visiting 20 rooms in total. And if you think of it, it's an event you cannot circumvent, you cannot visit the 19th room and then suddenly proceed to the 21st. This principle is valid for a variety of things, birthdays for example. One of those events that happen whether we want them to or not is an annual subscription coming to an end. Because of that I would like to publish my own opinion on AirVPN, my story, my thoughts, my experiences. -- The beginnings -- It all began in 2012. The whole year I was downloading and seeding things using BitTorrent. I used a private russian tracker which wasn't as known to german companies as Rutor, a public russian tracker. Because of the fact that my tracker is private I believed I wouldn't get caught using BitTorrent as fast as other people get caught for using public trackers. And in fact, since my registration in 2008 I never got any letters. A few days before New Year's Eve I finally got caught seeding a movie. In February 2013 we got a letter from a law office with information about torrent name and hash, date and time, client, IP. The consequences: No more torrents for now. And I made my first research on how to continue torrenting without a fuss. I heard about VPNs, read about how they work and which companies usually stand behind them. Didn't do anything else but making plans for the future. -- Snowden! -- The second stage began shortly after Snowden's leaks. I was concerned about what the NSA knew about me and my surroundings and I think I wasn't all alone with that. I even forgot my torrents for a moment because of this. The idea of subscribing to a VPN provider suddenly was of importance. At the same time I was still struggling with replacing movie torrents by searching for a good movie streaming service in Germany but no one was able to match my needs. I tried Watchever as the most interesting provider (cheap, easy to use, good streaming quality) but many movies just weren't there. Lovefilm (now Amazon Prime Instant Video) was even worse, and Maxdome's pricing was a catastrophe. -- The final decision -- It was August 2013 by now. I started gathering information about VPN providers and access software and tried out a few of them, including faceless.me and ipredator. That's when I discovered TorrentFreak and their article "Which are the best anonymous VPN providers?" - first contact with AirVPN though it didn't receive much attention for now. It was after I read the updated "Review: Is your VPN service really anonymous?" I noticed AirVPN. I did some research on their reputation on the internet and finally registered. A few days later (I still didn't have a client so I spent those days with gathering information on that) I asked for a trial period to see if things would work for me and received a reply two days later.. ... I was concerned about whether my client really worked because I didn't notice any change in speed after connecting. There is no better first impression, really. I subscribed to AirVPN on September 5, 2013. -- First impressions and the forums -- Many things surprised me a lot, especially the status page with status information on bandwidth usage and connected clients, and the forums. I figured: If there's a forum, then you're not just a client, you're getting invited to be part of a community. So I wanted to integrate myself into that community, too, and started writing regularly, trying to help people with their connection problems. I also published some guides about how I use AirVPN. Most of the community is still anonymous and that's okay. I personally didn't like being anonymous all the time, so I opened myself a bit. That way people don't get a feeling as if they would talk to someone with a question mark head (reference to Anonymous hacker's sign ). I made my profile publicly aviable and published my birthday, my location and some of my interests there. Staff is reading the forums, too. They help where they can, though it sometimes can take some time to get a reply from them. This too applies to the Support Desk. But I always keep in mind that day by day more and more people register and become a customer. The more customers, the more time you'd need to reply to all of them. Antichamer sign quote: "Patience has it's own rewards." -- The servers-- Server's aviability and stability depends on the data center. Some servers are really good, able to be called 100% aviable such as the german servers I was using, in 2013 it mainly was Tauri, others sometimes had high packet loss issues and line problems. I occasionally used servers in America and the Netherlands for a few hours and didn't have problems, either. I find it nice to have many connection modes aviable though I never used any other than UDP port 443. But there were users who reported poor performance with it. Switching to another port solved the problem for most of them - an excellent example why this is a nice feature. Additionally, every server accepts specially secured connections - OpenVPN over SSL and SSH. The goal is an encrypted OpenVPN tunnel inside the encrypted SSH/SSL tunnel in order to prevent Deep Packet Inspection currently used by China for example. This way it's easier to connect from inside China and circumvent their Great Firewall. I never needed that feature, that's why I cannot write anything but descriptive terms about it. -- The client -- AirVPN has an own open source client which I never used. I'm using another open source client, Securepoint OpenVPN, and posted an introduction to it. As far as I remember, when I registered AirVPN's client was in a very bad condition. Earlier this year it has been changed, now people are getting more and more satisfied with it. -- Additional features -- Initially I wrote about the status page and the forums being two extremely useful additional features. Also notable is the remote port forwarding feature similar to the port forwarding feature on a router. Working good despite some seldomly occuring flaws.the speed test feature able to calculate how fast your AirVPN connection ("In-Tunnel speed") is in comparison to your real internet connection ("Out-Tunnel speed"). Works as good as the port forwarding feature.-- So, is AirVPN really the "air to breathe the real internet"? -- Yes, it is. And no, it isn't. Really nice slogan, by the way. Yes, because you really circumvent geolocation blocks (Netflix, YouTube) and censorship (China's Great Firewall) using AirVPN. Yes, because you prevent eavesdroppers from seeing what you do (encryption feature). And from manipulating your traffic (integrity feature). No, because your real internet connection wouldn't face extra blocking that apply to VPN providers. Just look into the Blocked websites forum. No, because using a VPN provider is based on trust. You trust the provider not to track your usage and not to betray you. -- So, what now? -- Most of the Netflix users might have heard that Netflix will start it's services in Germany next month. After all, I heard so much good things about Netflix that I really want to give it a try. I'm looking forward to subscribe to Netflix like I did with Spotify years ago. Since then I never downloaded a single music torrent again. I'm planning to stop downloading movie torrents, too, but only if Netflix really has everything, in a quality that matches my current internet speed. It that's the case, OpenVPN will be superfluous. But I won't just leave. I'll stay here and try helping people out. After all, I might need AirVPN again if I ever happen to be on vacation. I wouldn't expose my data to a public WiFi hotspot where a nerdy-looking guy with a self-made super laptop is sitting in some dark corner, attempting to grab emails and credentials from the hotel guests' devices.. or if I just want to use Netflix if it's not aviable in the country. "But didn't you write that Snowden was the guy who inspired you to subscribe to AirVPN?" - He was part of the inspiration. But to be honest, it never was my complete intention to hide myself from the NSA or other entities. I subscribed because I nearly was sued for doing what I love and I needed someone to stand in front of me, effectively protecting me from being nearly sued again for doing what I love. Anyway, one month of my subscription is left. And even if it's not the end, I'd like to thank AirVPN for a great service so far and the community for being a great one. 8)

Security researchers have developed an application called pacumen to analyze encrypted traffic. With the information provided by it an attacker can find out if a certain (specified) application is communicating behind an encrypted connection. This analysis technique is called a side channel attack. In pacumen, you create a classifier (detection rules for the application you'd like to uncover in the traffic) and a pcap file with sniffed traffic (preferably covering hours of length). It then starts analyzing it and calculates a value, representing the similarity of the analyzed traffic with the specified rules. For example: The researchers tried to uncover usage of Skype inside an SSH tunnel and were quite successful. The same thing can be done with any other protocol, let's say, to see if some user is using Facebook over HTTPS. Or identifying BitTorrent inside OpenVPN. China and Iran could theoretically use it to uncover OpenVPN over SSH/SSL. Countermeasures are padding of all packets and/or sending contant dummy packets. Note that both of them would lower performance of tunnels drastically.

Hi pelado, Am asking this as I didn't see this mentioned earlier - What speeds are you getting when not using the VPN? Say downloading an ubuntu iso when not connected to a VPN as opposed to when connected to a VPN? I am assuming the download speeds are close to 6Mbps when not connected? @Staff, If that is the case, even I am interested to know what options do we have to prove that the ISP is throttling the VPN. I thought that the recommended option for use in China (SSL Tunnel) would have overcome any nation's ISP throttling. Additionally, these are two random suggestions I have received (that seemed to have had an affect) - Use Google/OpenDNS/AirVPN dns instead of your ISP's DNS - I once had speed issues irrespective of which VPN provider I used. The issue resolved itself after I reset the router at my home and flashed an older version of the router's firmware. I don't know why that worked or what the issue originally was. Simply throwing this out there

Hello! Yes, we confirm that we are receiving some reports from China according to which on mobile networks OpenVPN is not disrupted anymore. The block remains on residential fixed lines, where OpenVPN over SSL still seems mandatory (OpenVPN over SSH works as well, but it is often too capped). openvpn-connect for iOS supports a lot of OpenVPN directives on the client side, but not all. By the way there's everything you need to connect to our services. We tend to believe that it's probably not a matter of different implementation, because our servers packets are anyway the same, but maybe it's just that the disruption does not take place on (some?) mobile connections. Feel free to keep us posted! Kind regards

Hi, Yup the iPad definitely connected. I checked via a whatismyip service and also on the 'clients currently connected' list. Really strange. The only thing wrong with it was it took a while to connect, but it connected at least 90% of the time...! OSX however dragged its feet a hell of a lot. This was the same with an OpenVPN server I have running at home, it was just permanently stuck at the authorising stage. My initial thoughts are, what capabilities does the iPad (or the OpenVPN app to be more precise I guess) cater for in terms of openvpn directives? Can it do comp-lzo, or utilise the ta (HMAC) facilities or anything else that would change the packet structure to differ from OSX? Anyone have any ideas? Failing that does AirVPN have any exit servers in China(?!) that I could use to do some testing? I only managed to get one sample each time (iPad connecting, OSX not connecting, and OSX successfully connecting from a different country)...!

Hello! That's correct. Its purpose is OpenVPN fingerprint encryption to bypass China and Iran OpenVPN disruptions. Sometimes it is useful to greatly mitigate even traffic shaping from some ISPs with rickety or oversold infrastructures and to bypass particular restrictions on corporate networks. The overhead is not negligible and on top of that OpenVPN is forced to work in TCP, which is less efficient than UDP for OpenVPN. Therefore connect OpenVPN over SSL/SSH only when strictly necessary or just for didactic purposes. Kind regards

Hello! Eddie is the codename of Air client versions 2. The working iPad deserves investigation. Are you sure it is successfully connected? Usually good performance from China can be achieved with OpenVPN over SSL to Hong Kong and Singapore servers. Kind regards

Hi, I hope you can help! Basically trying to use the service while in China, I've created a config for both my iPad and OSX. The iPad works fine, takes a while to connect but does so eventually. OSX however fails to connect pretty much at all! I'm mainly using tunnelblick but I've tried the AirVPN client but that takes aaaages to do anything (and still doesn't connect like tunnelblick). So my question is, why does the same profile work in iOS (iPad) and not on OSX? My thinking is that .cn is dropping the final auth packet from OSX and therefore the connection cannot be completed. The logs below are from TunnelBlick. Side note, I have tried using the SSL tunnel but the instructions are a bit rubbish! I've got the tunnel up but cant route anything down it! Cheers! 2014-07-15 01:38:45 *Tunnelblick: OS X 10.9.4; Tunnelblick 3.4beta28 (build 3872); prior version 3.4beta26 (build 3828) 2014-07-15 01:38:45 *Tunnelblick: Attempting connection with AirVPN_UK_UDP-443; Set nameserver = 1; monitoring connection 2014-07-15 01:38:45 *Tunnelblick: openvpnstart start AirVPN_UK_UDP-443.tblk 1337 1 0 3 0 16689 -ptADGNWradsgnw 2.2.1 2014-07-15 01:38:46 *Tunnelblick: openvpnstart log: Tunnelblick: Loading tun-signed.kext Tunnelblick: OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line): /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn --daemon --log /Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-SAirVPN_UK_UDP--443.tblk-SContents-SResources-Sconfig.ovpn.1_0_3_0_16689.1337.openvpn.log --cd /Library/Application Support/Tunnelblick/Shared/AirVPN_UK_UDP-443.tblk/Contents/Resources --config /Library/Application Support/Tunnelblick/Shared/AirVPN_UK_UDP-443.tblk/Contents/Resources/config.ovpn --cd /Library/Application Support/Tunnelblick/Shared/AirVPN_UK_UDP-443.tblk/Contents/Resources --management 127.0.0.1 1337 --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw 2014-07-15 01:38:45 OpenVPN 2.2.1 i386-apple-darwin10.8.0 [sSL] [LZO2] [PKCS11] [eurephia] built on Jun 12 2014 2014-07-15 01:38:45 MANAGEMENT: TCP Socket listening on 127.0.0.1:1337 2014-07-15 01:38:45 Need hold release from management interface, waiting... 2014-07-15 01:38:45 *Tunnelblick: openvpnstart starting OpenVPN 2014-07-15 01:38:46 *Tunnelblick: Established communication with OpenVPN 2014-07-15 01:38:46 MANAGEMENT: Client connected from 127.0.0.1:1337 2014-07-15 01:38:46 MANAGEMENT: CMD 'pid' 2014-07-15 01:38:46 MANAGEMENT: CMD 'state on' 2014-07-15 01:38:46 MANAGEMENT: CMD 'state' 2014-07-15 01:38:46 MANAGEMENT: CMD 'bytecount 1' 2014-07-15 01:38:46 MANAGEMENT: CMD 'hold release' 2014-07-15 01:38:46 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2014-07-15 01:38:46 Control Channel Authentication: tls-auth using INLINE static key file 2014-07-15 01:38:46 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2014-07-15 01:38:46 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2014-07-15 01:38:46 LZO compression initialized 2014-07-15 01:38:46 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ] 2014-07-15 01:38:46 Socket Buffers: R=[196724->65536] S=[9216->65536] 2014-07-15 01:38:46 MANAGEMENT: >STATE:1405359526,RESOLVE,,, 2014-07-15 01:38:46 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] 2014-07-15 01:38:46 Local Options hash (VER=V4): '9e7066d2' 2014-07-15 01:38:46 Expected Remote Options hash (VER=V4): '162b04de' 2014-07-15 01:38:46 UDPv4 link local: [undef] 2014-07-15 01:38:46 UDPv4 link remote: 94.229.74.90:443 2014-07-15 01:38:46 MANAGEMENT: >STATE:1405359526,WAIT,,, 2014-07-15 01:38:47 MANAGEMENT: >STATE:1405359527,AUTH,,, 2014-07-15 01:38:47 TLS: Initial packet from 94.229.74.90:443, sid=a19a3237 67723ba1 2014-07-15 01:39:12 VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org 2014-07-15 01:39:12 Validating certificate key usage 2014-07-15 01:39:12 ++ Certificate has key usage 00a0, expects 00a0 2014-07-15 01:39:12 VERIFY KU OK 2014-07-15 01:39:12 Validating certificate extended key usage 2014-07-15 01:39:12 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2014-07-15 01:39:12 VERIFY EKU OK 2014-07-15 01:39:12 VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org 2014-07-15 01:39:46 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2014-07-15 01:39:46 TLS Error: TLS handshake failed 2014-07-15 01:39:46 TCP/UDP: Closing socket 2014-07-15 01:39:46 SIGUSR1[soft,tls-error] received, process restarting 2014-07-15 01:39:46 MANAGEMENT: >STATE:1405359586,RECONNECTING,tls-error,, 2014-07-15 01:39:46 MANAGEMENT: CMD 'hold release' 2014-07-15 01:39:46 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2014-07-15 01:39:46 Re-using SSL/TLS context 2014-07-15 01:39:46 LZO compression initialized 2014-07-15 01:39:46 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ] 2014-07-15 01:39:46 Socket Buffers: R=[196724->65536] S=[9216->65536] 2014-07-15 01:39:46 MANAGEMENT: >STATE:1405359586,RESOLVE,,, 2014-07-15 01:39:46 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] 2014-07-15 01:39:46 Local Options hash (VER=V4): '9e7066d2' 2014-07-15 01:39:46 Expected Remote Options hash (VER=V4): '162b04de' 2014-07-15 01:39:46 UDPv4 link local: [undef] 2014-07-15 01:39:46 UDPv4 link remote: 94.229.74.90:443 2014-07-15 01:39:46 MANAGEMENT: >STATE:1405359586,WAIT,,, 2014-07-15 01:39:50 MANAGEMENT: >STATE:1405359590,AUTH,,, 2014-07-15 01:39:50 TLS: Initial packet from 94.229.74.90:443, sid=753edcc3 1db22f0f 2014-07-15 01:40:07 VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org 2014-07-15 01:40:07 Validating certificate key usage 2014-07-15 01:40:07 ++ Certificate has key usage 00a0, expects 00a0 2014-07-15 01:40:07 VERIFY KU OK 2014-07-15 01:40:07 Validating certificate extended key usage 2014-07-15 01:40:07 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2014-07-15 01:40:07 VERIFY EKU OK 2014-07-15 01:40:07 VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org 2014-07-15 01:40:47 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2014-07-15 01:40:47 TLS Error: TLS handshake failed 2014-07-15 01:40:47 TCP/UDP: Closing socket 2014-07-15 01:40:47 SIGUSR1[soft,tls-error] received, process restarting 2014-07-15 01:40:47 MANAGEMENT: >STATE:1405359647,RECONNECTING,tls-error,, 2014-07-15 01:40:47 MANAGEMENT: CMD 'hold release' 2014-07-15 01:40:47 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2014-07-15 01:40:47 Re-using SSL/TLS context 2014-07-15 01:40:47 LZO compression initialized 2014-07-15 01:40:47 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ] 2014-07-15 01:40:47 Socket Buffers: R=[196724->65536] S=[9216->65536] 2014-07-15 01:40:47 MANAGEMENT: >STATE:1405359647,RESOLVE,,, 2014-07-15 01:40:47 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] 2014-07-15 01:40:47 Local Options hash (VER=V4): '9e7066d2' 2014-07-15 01:40:47 Expected Remote Options hash (VER=V4): '162b04de' 2014-07-15 01:40:47 UDPv4 link local: [undef] 2014-07-15 01:40:47 UDPv4 link remote: 94.229.74.90:443 2014-07-15 01:40:47 MANAGEMENT: >STATE:1405359647,WAIT,,, 2014-07-15 01:40:47 MANAGEMENT: >STATE:1405359647,AUTH,,, 2014-07-15 01:40:47 TLS: Initial packet from 94.229.74.90:443, sid=0e16d65b 06cac51a 2014-07-15 01:41:03 VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org 2014-07-15 01:41:03 Validating certificate key usage 2014-07-15 01:41:03 ++ Certificate has key usage 00a0, expects 00a0 2014-07-15 01:41:03 VERIFY KU OK 2014-07-15 01:41:03 Validating certificate extended key usage 2014-07-15 01:41:03 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2014-07-15 01:41:03 VERIFY EKU OK 2014-07-15 01:41:03 VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org 2014-07-15 01:41:14 *Tunnelblick: Disconnecting; notification window disconnect button pressed 2014-07-15 01:41:14 *Tunnelblick: Disconnecting using 'kill' 2014-07-15 01:41:14 event_wait : Interrupted system call (code=4) 2014-07-15 01:41:14 SIGTERM received, sending exit notification to peer 2014-07-15 01:41:19 TCP/UDP: Closing socket 2014-07-15 01:41:19 SIGTERM[soft,exit-with-notification] received, process exiting 2014-07-15 01:41:19 MANAGEMENT: >STATE:1405359679,EXITING,exit-with-notification,, 2014-07-15 01:41:19 *Tunnelblick: No 'post-disconnect.sh' script to execute 2014-07-15 01:41:19 *Tunnelblick: Expected disconnection occurred.

Hello! At the moment we do not support this patch and we need to study it thoroughly before touching the original source code and compile it for production. From China, it is easy to connect with OpenVPN over SSL (with Windows, Linux and OS X). In our client Eddie, click the "AirVPN" button, select "Preferences", click the "Protocols" tab, select "SSL Tunnel - Port 443" and click "Save". In this way OpenVPN tunnel will be in itself tunneled inside an SSL tunnel, so any OpenVPN "fingerprint" can't be detected by DPI. Kind regards

Hey, I'm looking to make my VPN more secure, as I'm in China and trying to avoid DPI. I want to know if I can use the xor patch with AirVPN. Basically, you need to add an argument to the sever side config if you wish to scramble openvpn (scramble obfuscate guardian), I'm wondering if this is supplied on the server side config. I'm still inexperienced when it comes to networking, so you'll forgive me if it seems like an obvious question. Thanks for your help!

Hello! We don't want to add security to the SSL layer. The SSL layer has the only purpose to encrypt the OpenVPN headers to prevent OpenVPN usage detection, it must not be thought as an additional security layer: the real security lies on the OpenVPN tunnel inside the SSL tunnel. Anyway, AES-128 is robust, even too much for our purposes. Remember that you should use OpenVPN over SSL only when absolutely unavoidable (for example from China, or whenever an ISP tries to block OpenVPN), because with OpenVPN over SSL you add a significant overhead and on top of that you force OpenVPN to work in TCP, while OpenVPN gives out its best performance in UDP. Kind regards

Which means that the NSA gains knowledge about the non-public entry nodes and those who use them.Isn't it unbelievable that dissidents using Tor in China, Iran, repressive countries all over the world become NSA targets? Marked as extremists by the land of the free? - Googling for.. Welcome to the NSA database, extremist! - Using Tor hidden services: If you run hidden services, don't consider them "hidden". Expect exploitation attempts. Do not let them scare you off Tor. Yes, it's scary, but if you think about the rotten goals of NSA/GCHQ/BND, it's not a shocking revelation - it had to be expected. So, the only conclusion should be: Use the heck out of Tor, now more than ever! You can't escape ubiquitous surveillance, but you can make it harder! Run nodes! Fund nodes! Stop voting for parties that don't act against the surveillance state! Make yourself heard! EXCELLENT ADDITION!

Leaked XKeyscore selectors: http://daserste.ndr.de/panorama/xkeyscorerules100.txt If this document is authentic, any interest in Tor will mark you as an extremist: - Asking bridges@torproject.org for a bridge IP: Which means that the NSA gains knowledge about the non-public entry nodes and those who use them.Isn't it unbelievable that dissidents using Tor in China, Iran, repressive countries all over the world become NSA targets? Marked as extremists by the land of the free? - Googling for.. Welcome to the NSA database, extremist! - Using Tor hidden services: If you run hidden services, don't consider them "hidden". Expect exploitation attempts. Do not let them scare you off Tor. Yes, it's scary, but if you think about the rotten goals of NSA/GCHQ/BND, it's not a shocking revelation - it had to be expected. So, the only conclusion should be: Use the heck out of Tor, now more than ever! You can't escape ubiquitous surveillance, but you can make it harder! Run nodes! Fund nodes! Stop voting for parties that don't act against the surveillance state! Make yourself heard!