Search the Community

Connections from several places and several different ISPs within mainland China to HADAR continue to be either blocked or very unstable. SSH tunnelling to other servers works, but there can be a big performance penalty. As a newbie, I'm uncertain how to get some attention within AirVPN to the HADAR issue. Any advice anyone?

Hi, I use a public AP which I believe it only allows http and https traffic because I am unable to connect to any VPN. I tried all ports on TCP and UDP and OpenVPN over SSH (failed to connect to ssh). I don't know how to setup OpenVPN over SSL on Android so that's because I didn't try it yet. Any suggestions? P.D: airvpn.org is blocked but airdns.org isn't. My ovpn has its server's IP on it. The AP is made by Cisco (who helped China to make the GFC). PPTP is also blocked. Greetings.

No, it doesn't depend on your tin foil hat, it depends on principles. Well, I "trust" AirVPN slightly more than my internet providers, but that's about it. I don't foster any false belief in VPN providers, where did I give this impression? I recommend Tor instead of VPNs every chance I get. Responding point by point: 1) I don't care where your OpenVPN Connect originally came from. It's distributed as proprietary software on a proprietary platform, containing who knows what, bound to all kinds of crazy clauses and restrictions. I don't use proprietary apps or proprietary platforms. I know exactly where my OpenVPN is coming from - compiled from source myself or compiled by someone who I have solid reason to trust. Give me one reason why I should trust Apple's platform with that task. Especially given all the recent hoopla about mandatory government crypto backdoors. iOS app installations are bound to your account. If you're personally targeted, it's very easy to deploy backdoored versions exactly and only to your account. This alone should be reason enough to avoid any sort of personalized app store. 2) "who cares" means you don't care. I do. If I use inherently untrustable applications on top of my VPN usage, everything I did was for nought. 3) In today's age, everyone is a suspect. Just talking about VPNs or Tor makes you a suspect. If your government cares about Tor, they also care about VPNs - see China. We weren't talking about avoiding being a suspect, but avoiding OpenVPN-blocking firewalls. Tor may sometimes be a way to accomplish that. I wasn't saying anything more or anything less than that. 4) Not sure what you mean by "reliable". Yes, AirVPN has been reliable for me. Mobile networks have not and that's why I use Tor on mobile instead, because in my experience, Tor handles network hiccups more gracefully than OpenVPN. Nothing more, nothing less. 5) True. Where exactly did I claim otherwise? Who torrents on a mobile data budget? 6) Agree, exactly what I said. Jailbreaks eek out a little bit of configurability on a hostile platform, at the cost of security. And at the cost of exploring alternative platforms instead. 7) I know about their audit. Great they fixed bugs, but what about all the security holes since freakin' March this year? I mean, great, they had their source code audited - but how do you know the audited source code equals your binary obtained from the app store? You don't and you can't. Also, the Onion Browser developer might be in contact with Tor Project, but they certainly are not involved. On Tor Project's site, there is an official reference to Orbot. None to Onion Browser or iOS (for good reason). Onion Browser is in no way condoned, recommended or referenced to by Tor Project. 8) Anonymity on mobile platforms is a hard problem to solve. That's why you haven't seen an offcial mobile version of Tor Browser. That's why you will never see an official version for iOS, especially if you take into consideration the licensing problems I mentioned. Guardian Project's Orfox for Android is on its way, though.

With a fast internet connection and tools like Masscan, it only takes anywhere from a few minutes to a few hours to scan the entire internet for open ports. This means that you can expect every port that's open to the internet to see some unexpected traffic rather sooner than later. That, in itself, is nothing to worry about unless you're running vulnerable services or weak authentication. You might have picked a port especially interesting to some scanners, which may explain why you haven't seen such activity on your other ports (yet). The connection attempt you saw is not related to APNIC, they are just the registry for that block of IPs. Here's the actual whois info for your IP: netname: UNICOM-BJ descr: China Unicom Beijing province network Some trivia: Besides the private bulletin board on port 443 (~ 20.000 registered users), the Linux server at IP 221.220.155.170 runs a number of other services: SSH, FTP, VNC, Telnet, and a Synology web interface. Looks like someone's personal server to me, or perhaps a server shared by a number of people. The FTP server greets you with a somewhat amusing message: 220 PLS DISCONNECT IF U HAVE NO IDEA WHERE U R AT!

HADAR is still very flaky. AirVPN works very well to other servers, excluding ANTARES in Singapore. But you pay a performance penalty because of distance. HADAR again seems to have high packet loss and excessive ping times from within mainland China.

Guess what? As of yesterday sometime, HADAR works from mainland China, at least some places! 非常好！

@submerged: Very interesting with an inside POV of Air's service vs China's Great Firewall. I see you understand and agree with the fact that Air can't really afford to start enlisting data centers that perform censorship since It would ruin their reputation as a VPN company with stellar integrity. Their attempt at a South Korean server shows that they are trying to get a new server up in the region though, so hopefully they will find a country and a company that is compatible with Air's mission of net neutrality

This topic set me using https://startpage.com and searched for "ip proxy" and used the https://ixquick-proxy.com link to look at the ip proxy services. So now I am wondering about if the AirVPN client Eddie accepted a user selected proxy ip address (in dot notation) to set up a https outer tunnel - around the usual openvpn functionality, and the client check of account status to airvpn. Seems it should allow more options to get around ip address blocking, and hide vpn inside https port 443. Probably poorer performance for "p2p pirates" but useful for people in China, Australia,Turkey, India, S Korea ... with paranoid/puritanical/corrupt state apparatus. FU Rupert, Tony.

Never say never but South Korea is no friend of the free interwebs, something you'll be familiar with if you live in China: http://www.economist.com/blogs/economist-explains/2014/02/economist-explains-3

Hi, I appreciate the care and the integrity behind the decision to withdraw DSIBAN. Does this mean no servers in South Korea? I am in northeastern China, and it gave the best performance for me.

Maybe it's just a DNS based block like many things in Mainland China? Because in this case its possible to circumvent the blocks by a forcing the server to use some remote Amazon Air's resolver.

Hello, direct OpenVPN connections are disrupted in most China lines since years ago, you were lucky that yours was not. OpenVPN over SSL will solve the problem just like over SSH, but probably with higher performance (apparently, SSH is allowed on every line but it is shaped more than SSL/TLS to port 443). Please select "SSL Tunnel - Port 443" in client menu "AirVPN" -> "Preferences" -> "Protocols". Kind regards

Hello! In China, please try OpenVPN over SSL (it's called "SSL Tunnel - Port 443" in our client Eddie). Upgrade to Eddie version 2.8.8 or 2.9.2 is recommended. Feel free to keep us posted. Kind regards

What if users are in China and not connected to the vpn? I think this is still valuabled for the same reason as the website providing ip addresses in the config section.

Hi, Is there any development going on to enable SSH or SSL tunnels on Android to avoid DPI in China? Some other providers already have this service on Android. Thanks,

I appreciate your logic. I am a number cruncher but sometimes I go with the 'eye' (or 'nose') test; even if the numbers add up. It does not smell right. That is just for me. I am not suggesting anyone use or not use their services. I find it sad that they need to specifically say people in Iran, China, etc cannot use their software. Or if I were to travel to those countries, it is illegal for me to use it, not to mention have it installed on my device. I do not trust the lawmakers who represent those communities. I do not trust the companies who (are bound by and) will overwhelm me with their laws. I'll defer to you on comparing that other provider. It sounds like you have thoroughly researched them.

hi, How's that server from China? What speeds did you get?

One user descriped a way how to bypass the great firewall in china: https://airvpn.org/topic/11134-ssh-or-ssl-tunnel-on-android/?p=21319 Why isn't android supported officially? If the devs decide to support this I will make an video which would explain this feature and how to install it.

Hi, I'd like to offer some suggestions for improvement of the client (Eddie). Although the product works, there are a few niggling issues I have seen many times over that have caused me to use a third party client over Eddie. So you know where I am coming from, I am currently travelling the world and using AirVPN exclusively as my VPN provider mainly to protect myself from the many unknown networks I have been connecting to over the last 7 months. I use the service on my ipad, mac osx (10.10), and android phone (side note, please increase the number of connections you are allowed simultaneously!). I have been using Eddie over many different network environments, slow, fast, intermittent, lots of packet loss etc, on many different settings, SSL tunnel while in China, UDP , TCP on differing ports. As I say, here are a few suggestions that I think you should incorporate into the client. As a side effect of these problems I no longer use it as my main client, opting only to use it for its ease of tunnelling capabilities. - Limit or have the option to stop authentication attempts: When on a shoddy network (which is quite frequent for me), this greatly increases the time it takes to actually get a connection. Not great when you just want to quickly check emails... This check does not exist when using a third party client such as TunnelBlick. - Provide an option to use resolved server names: Give advanced users the option to download/update a list of server IPs to use instead of resolving server names. This helps with some restrictive networks (captive portals where DNS is allowed, make a great UDP 53 tunnel ) - Allow users to update the list of servers when they require: This stops the server list from being corrupted and also allows finer grain control - Be a little clearer as to the algo for choosing a server when 'connect to recommended server' is selected: I cannot work out what the reasoning is for choice of servers. Is it based around latency? If so, tests may be made against ALL servers before a connection can be made, so doesn't this make connection to the service EVEN slower? Happy to be shot down for any of the above suggestions or to provide better examples where required Cheers!

I notice there is already another topic for this but I want one to be dedicated to a tutorial for SSH and SSL on the android. If someone could post the instructions for them it would be much appreciated to me and many others (especially China citizens). Thank you.

oh, since you have an asus ac68 you need to also use the forums at http://forums.smallnetbuilder.com/forumdisplay.php?f=42 to get information. And look through merlin's wiki to learn how to install optware https://github.com/RMerl/asuswrt-merlin/wiki once optware is installed you should be able to install stunnel with 'ipkg install stunnel' unless you're in a place that requires an SSL tunnel to masq openvpn (China) or your ISP throttles openvpn you'll probably only see a decrease in performance.

This topic has been discussed in a lot of places (including: here, Tor Stack Exchange, Wilders Security, ...) so I'll keep it relatively short: "VPN over Tor" (== you >>> Tor >>> VPN >>> destination) Pro: VPN provider doesn't know who/where you are (if you paid anonymously)Pro: Less obstacles while surfing the web (fewer captchas and/or blocks)Pro: Tor offers more creative anti-firewall measures (private Tor bridges and Pluggable Transport protocols) - although SSL/SSH-tunneled VPN usually works well too (even in places like China) Con: VPN provider is able to snoop on your trafficCon: It's easier for sites to track you (one VPN provider cannot provide the same anonymity pool as the bigger Tor network)Con: Less flexible in most cases (pumping all your traffic through Tor first will add a bottleneck) "Tor over VPN" (== you >>> VPN >>> Tor >>> destination) Pro: VPN provider is unable to snoop on your (Tor) trafficPro: Your ISP / local admin / local network cannot see that you're using Tor (although this can also be achieved by using private Tor bridges and/or Pluggable Transports)Pro: Harder for sites to track you (better anonymity pool)Pro: More flexible in most cases (use Tor Browser for the web, use VPN-only for P2P, software updates, ...) Con: More obstacles while surfing the sub (captchas; sites blocking Tor) About P2P: 1. Please don't use Tor at all as P2P traffic generates high numbers of connections and large amounts of traffic; this unfairly strains the Tor network (and, in certain edge cases, might even defeat your anonymity). Read: https://www.torproject.org/docs/faq#FileSharing https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea 2. That means it would be best for you to go for "Tor over VPN", meaning that you do your browsing via Tor but let your P2P applications exit directly through the VPN. This also allows you to set up VPN port forwarding for these applications. 3. If you're looking for anonymous P2P, take a look at the i2p network which is designed with P2P in mind. It's not as popular as Tor though, meaning fewer users, more bugs and - I would imagine - (I haven't tried it yet) slow speeds and small number of available files.

Any provider that does this is pure garbage and should open up an office in China. Would fit in perfectly over there.

dear Airvpn Team id like to let you know about obfsproxy vs ssl , you should switch to obfsproxy with obfs3 support , this is a much better way to obfuscate the openvpn connection from DPI, so your ISP cant notice the difference between your regular net activity and usage of a VPN, since SSL aka Stunnel has the issue of being noticeable due to it being a HTTPS session but it would flag up per DPI due to an unusual long singular HTTPS Session showing up , you see so its far from perfect , mind you China is working on improving the DPI sides of things since they hate people using VPNs but theyre not the only ones and we should be prepared , as so it can only be a positive thing to do not to mention with all the future proofing and so on seeing as Team Tor is constantly developing new plugins for obfsproxy such as the much anticipated Scramblesuit plugin that should take care of DPI for good , but that one is currently in testing phase , so let me know what you guys think i think this is the way to go forward from here on out as should any trustworthy VPN provider that has its users privacy and security in mind, thank you

Log files below. I'm using VPN through SSH as I'm based in China. 2014.12.06 21:27:19 - AirVPN client version: 2.7, System: OSX, Architecture: x64 . 2014.12.06 21:27:19 - Reading options from /Users/XXXXX/.airvpn/AirVPN.xml. 2014.12.06 21:27:19 - Data Path: /Users/XXXXX/.airvpn. 2014.12.06 21:27:19 - App Path: /Applications/AirVPN.app/Contents/MacOS. 2014.12.06 21:27:19 - Executable Path: /Applications/AirVPN.app/Contents/MacOS/AirVPN. 2014.12.06 21:27:19 - Command line arguments:. 2014.12.06 21:27:20 - Updating systems & servers data .... 2014.12.06 21:27:20 - Operating System: Unix 14.0.0.0 - Darwin XXXXXs-MacBook-Pro.local 14.0.0 Darwin Kernel Version 14.0.0: Fri Sep 19 00:26:44 PDT 2014; root:xnu-2782.1.97~2/RELEASE_X86_64 x86_64I 2014.12.06 21:27:20 - OpenVPN Driver - ExpectedI 2014.12.06 21:27:20 - OpenVPN - Version: OpenVPN 2.3.4 (/Applications/AirVPN.app/Contents/MacOS/openvpn)I 2014.12.06 21:27:20 - SSH - Version: OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 (/usr/bin/ssh)I 2014.12.06 21:27:20 - SSL - Version: stunnel 5.06 (/Applications/AirVPN.app/Contents/MacOS/stunnel)I 2014.12.06 21:27:20 - IPV6: AvailableW 2014.12.06 21:27:20 - Recovery. Unexpected crash?I 2014.12.06 21:27:20 - DNS of a network adapter restored to original settings (Bluetooth DUN)I 2014.12.06 21:27:20 - DNS of a network adapter restored to original settings (Wi-Fi)I 2014.12.06 21:27:20 - DNS of a network adapter restored to original settings (Thunderbolt Bridge)I 2014.12.06 21:27:20 - Session starting.! 2014.12.06 21:27:20 - Checking environment! 2014.12.06 21:27:20 - Retrieving manifest. 2014.12.06 21:27:30 - Updating systems & servers data ..., 1° try failed (The request timed out). 2014.12.06 21:27:34 - Systems & servers data update completed! 2014.12.06 21:27:34 - Checking authorization .... 2014.12.06 21:27:44 - Checking authorization ..., 1° try failed (The request timed out)! 2014.12.06 21:27:46 - Connecting to Pavonis (United States, Chicago, Illinois). 2014.12.06 21:27:46 - SSH > OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011. 2014.12.06 21:27:46 - SSH > debug1: Reading configuration data /etc/ssh_config. 2014.12.06 21:27:46 - SSH > debug1: /etc/ssh_config line 20: Applying options for *. 2014.12.06 21:27:46 - SSH > debug1: Connecting to 149.255.33.156 [149.255.33.156] port 22.. 2014.12.06 21:27:47 - SSH > debug1: Connection established.. 2014.12.06 21:27:47 - SSH > debug1: permanently_set_uid: 501/20. 2014.12.06 21:27:47 - SSH > debug1: identity file /Users/XXXXX/.airvpn/1c85d7141445efef107ef41549857f055f92ff9bb0644cfbd07ad4647fc24679.tmp.key type -1. 2014.12.06 21:27:47 - SSH > debug1: identity file /Users/XXXXX/.airvpn/1c85d7141445efef107ef41549857f055f92ff9bb0644cfbd07ad4647fc24679.tmp.key-cert type -1. 2014.12.06 21:27:47 - SSH > debug1: Enabling compatibility mode for protocol 2.0. 2014.12.06 21:27:47 - SSH > debug1: Local version string SSH-2.0-OpenSSH_6.2. 2014.12.06 21:27:48 - SSH > debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u2. 2014.12.06 21:27:48 - SSH > debug1: match: OpenSSH_6.0p1 Debian-4+deb7u2 pat OpenSSH*. 2014.12.06 21:27:48 - SSH > debug1: SSH2_MSG_KEXINIT sent. 2014.12.06 21:27:49 - SSH > debug1: SSH2_MSG_KEXINIT received. 2014.12.06 21:27:49 - SSH > debug1: kex: server->client aes128-ctr hmac-md5 none. 2014.12.06 21:27:49 - SSH > debug1: kex: client->server aes128-ctr hmac-md5 none. 2014.12.06 21:27:49 - SSH > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent. 2014.12.06 21:27:49 - SSH > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP. 2014.12.06 21:27:51 - SSH > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent. 2014.12.06 21:27:51 - SSH > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY. 2014.12.06 21:27:52 - SSH > debug1: Server host key: RSA 86:7d:6a:e1:3c:9e:ff:78:0a:1d:0d:01:9b:13:df:55. 2014.12.06 21:27:52 - SSH > Warning: Permanently added '149.255.33.156' (RSA) to the list of known hosts.. 2014.12.06 21:27:52 - SSH > debug1: ssh_rsa_verify: signature correct. 2014.12.06 21:27:52 - SSH > debug1: SSH2_MSG_NEWKEYS sent. 2014.12.06 21:27:52 - SSH > debug1: expecting SSH2_MSG_NEWKEYS. 2014.12.06 21:27:52 - SSH > debug1: SSH2_MSG_NEWKEYS received. 2014.12.06 21:27:52 - SSH > debug1: Roaming not allowed by server. 2014.12.06 21:27:52 - SSH > debug1: SSH2_MSG_SERVICE_REQUEST sent. 2014.12.06 21:27:55 - SSH > debug1: SSH2_MSG_SERVICE_ACCEPT received. 2014.12.06 21:27:57 - SSH > debug1: Authentications that can continue: publickey,password. 2014.12.06 21:27:57 - SSH > debug1: Next authentication method: publickey. 2014.12.06 21:27:57 - SSH > debug1: Trying private key: /Users/XXXXX/.airvpn/1c85d7141445efef107ef41549857f055f92ff9bb0644cfbd07ad4647fc24679.tmp.key. 2014.12.06 21:27:57 - SSH > debug1: read PEM private key done: type RSA. 2014.12.06 21:27:58 - SSH > debug1: Authentication succeeded (publickey).. 2014.12.06 21:27:58 - SSH > Authenticated to 149.255.33.156 ([149.255.33.156]:22).. 2014.12.06 21:27:58 - SSH > debug1: Local connections to LOCALHOST:61650 forwarded to remote address 127.0.0.1:2018! 2014.12.06 21:27:58 - Disconnecting. 2014.12.06 21:27:58 - OpenVPN > OpenVPN 2.3.4 x86_64-apple-darwin13.4.0 [sSL (OpenSSL)] [LZO] [MH] [iPv6] built on Oct 18 2014. 2014.12.06 21:27:58 - SSH > debug1: Local forwarding listening on ::1 port 61650.. 2014.12.06 21:27:58 - OpenVPN > library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.05. 2014.12.06 21:27:58 - SSH > debug1: channel 0: new [port listener]. 2014.12.06 21:27:58 - Auto retry with another port.. 2014.12.06 21:27:59 - SSH > debug1: Local forwarding listening on 127.0.0.1 port 61650.. 2014.12.06 21:27:59 - OpenVPN > MANAGEMENT: Socket bind failed on local address [AF_INET]127.0.0.1:3103: Address already in use. 2014.12.06 21:27:59 - Connection terminated.. 2014.12.06 21:27:59 - SSH > debug1: channel 1: new [port listener]. 2014.12.06 21:27:59 - OpenVPN > Exiting due to fatal error. 2014.12.06 21:27:59 - SSH > debug1: Requesting no-more-sessions@openssh.com. 2014.12.06 21:27:59 - SSH > debug1: Entering interactive session.! 2014.12.06 21:28:02 - Waiting for latency tests (59 to go)! 2014.12.06 21:28:03 - Waiting for latency tests (58 to go)! 2014.12.06 21:28:04 - Waiting for latency tests (57 to go)! 2014.12.06 21:28:04 - Waiting for latency tests (56 to go)! 2014.12.06 21:28:05 - Waiting for latency tests (55 to go)! 2014.12.06 21:28:05 - Waiting for latency tests (53 to go)! 2014.12.06 21:28:06 - Waiting for latency tests (51 to go)! 2014.12.06 21:28:06 - Waiting for latency tests (49 to go)! 2014.12.06 21:28:07 - Waiting for latency tests (46 to go)! 2014.12.06 21:28:07 - Waiting for latency tests (43 to go)! 2014.12.06 21:28:08 - Waiting for latency tests (40 to go)! 2014.12.06 21:28:08 - Waiting for latency tests (36 to go)! 2014.12.06 21:28:09 - Waiting for latency tests (32 to go)! 2014.12.06 21:28:09 - Waiting for latency tests (28 to go)! 2014.12.06 21:28:10 - Waiting for latency tests (23 to go)! 2014.12.06 21:28:11 - Waiting for latency tests (18 to go)! 2014.12.06 21:28:11 - Waiting for latency tests (15 to go)! 2014.12.06 21:28:11 - Waiting for latency tests (12 to go)! 2014.12.06 21:28:12 - Waiting for latency tests (7 to go)! 2014.12.06 21:28:12 - Checking authorization .... 2014.12.06 21:28:22 - Checking authorization ..., 1° try failed (The request timed out)! 2014.12.06 21:28:24 - Connecting to Pavonis (United States, Chicago, Illinois). 2014.12.06 21:28:25 - SSH > OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011. 2014.12.06 21:28:25 - SSH > debug1: Reading configuration data /etc/ssh_config. 2014.12.06 21:28:25 - SSH > debug1: /etc/ssh_config line 20: Applying options for *. 2014.12.06 21:28:25 - SSH > debug1: Connecting to 149.255.33.156 [149.255.33.156] port 22.. 2014.12.06 21:28:25 - SSH > debug1: Connection established.. 2014.12.06 21:28:25 - SSH > debug1: permanently_set_uid: 501/20. 2014.12.06 21:28:26 - SSH > debug1: identity file /Users/XXXXX/.airvpn/1e97e853a1473d38d65f1ac6ca33e33175f0ef8e4507885928fcde98b8c3a336.tmp.key type -1. 2014.12.06 21:28:26 - SSH > debug1: identity file /Users/XXXXX/.airvpn/1e97e853a1473d38d65f1ac6ca33e33175f0ef8e4507885928fcde98b8c3a336.tmp.key-cert type -1. 2014.12.06 21:28:26 - SSH > debug1: Enabling compatibility mode for protocol 2.0. 2014.12.06 21:28:26 - SSH > debug1: Local version string SSH-2.0-OpenSSH_6.2. 2014.12.06 21:28:26 - SSH > debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u2. 2014.12.06 21:28:26 - SSH > debug1: match: OpenSSH_6.0p1 Debian-4+deb7u2 pat OpenSSH*. 2014.12.06 21:28:27 - SSH > debug1: SSH2_MSG_KEXINIT sent. 2014.12.06 21:28:27 - SSH > debug1: SSH2_MSG_KEXINIT received. 2014.12.06 21:28:27 - SSH > debug1: kex: server->client aes128-ctr hmac-md5 none. 2014.12.06 21:28:28 - SSH > debug1: kex: client->server aes128-ctr hmac-md5 none. 2014.12.06 21:28:28 - SSH > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent. 2014.12.06 21:28:28 - SSH > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP. 2014.12.06 21:28:29 - SSH > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent. 2014.12.06 21:28:29 - SSH > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY. 2014.12.06 21:28:30 - SSH > debug1: Server host key: RSA 86:7d:6a:e1:3c:9e:ff:78:0a:1d:0d:01:9b:13:df:55. 2014.12.06 21:28:30 - SSH > Warning: Permanently added '149.255.33.156' (RSA) to the list of known hosts.. 2014.12.06 21:28:30 - SSH > debug1: ssh_rsa_verify: signature correct. 2014.12.06 21:28:30 - SSH > debug1: SSH2_MSG_NEWKEYS sent. 2014.12.06 21:28:30 - SSH > debug1: expecting SSH2_MSG_NEWKEYS. 2014.12.06 21:28:30 - SSH > debug1: SSH2_MSG_NEWKEYS received. 2014.12.06 21:28:30 - SSH > debug1: Roaming not allowed by server. 2014.12.06 21:28:30 - SSH > debug1: SSH2_MSG_SERVICE_REQUEST sent. 2014.12.06 21:28:32 - SSH > debug1: SSH2_MSG_SERVICE_ACCEPT received. 2014.12.06 21:28:33 - SSH > debug1: Authentications that can continue: publickey,password. 2014.12.06 21:28:33 - SSH > debug1: Next authentication method: publickey. 2014.12.06 21:28:33 - SSH > debug1: Trying private key: /Users/XXXXX/.airvpn/1e97e853a1473d38d65f1ac6ca33e33175f0ef8e4507885928fcde98b8c3a336.tmp.key. 2014.12.06 21:28:34 - SSH > debug1: read PEM private key done: type RSA. 2014.12.06 21:28:34 - SSH > debug1: Authentication succeeded (publickey).. 2014.12.06 21:28:34 - SSH > Authenticated to 149.255.33.156 ([149.255.33.156]:22).. 2014.12.06 21:28:35 - OpenVPN > OpenVPN 2.3.4 x86_64-apple-darwin13.4.0 [sSL (OpenSSL)] [LZO] [MH] [iPv6] built on Oct 18 2014. 2014.12.06 21:28:35 - SSH > debug1: Local connections to LOCALHOST:45934 forwarded to remote address 127.0.0.1:2018. 2014.12.06 21:28:35 - OpenVPN > library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.05. 2014.12.06 21:28:35 - SSH > debug1: Local forwarding listening on ::1 port 45934.. 2014.12.06 21:28:35 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3104. 2014.12.06 21:28:35 - SSH > debug1: channel 0: new [port listener]. 2014.12.06 21:28:35 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file. 2014.12.06 21:28:35 - SSH > debug1: Local forwarding listening on 127.0.0.1 port 45934.. 2014.12.06 21:28:35 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication. 2014.12.06 21:28:35 - SSH > debug1: channel 1: new [port listener]. 2014.12.06 21:28:35 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication. 2014.12.06 21:28:35 - SSH > debug1: Requesting no-more-sessions@openssh.com. 2014.12.06 21:28:35 - OpenVPN > Socket Buffers: R=[131072->65536] S=[131072->65536]. 2014.12.06 21:28:35 - SSH > debug1: Entering interactive session.. 2014.12.06 21:28:35 - OpenVPN > Attempting to establish TCP connection with [AF_INET]127.0.0.1:45934 [nonblock]. 2014.12.06 21:28:35 - SSH > debug1: Connection to port 45934 forwarding to 127.0.0.1 port 2018 requested.. 2014.12.06 21:28:35 - SSH > debug1: channel 2: new [direct-tcpip]. 2014.12.06 21:28:35 - SSH > debug1: Remote: Pty allocation disabled.. 2014.12.06 21:28:35 - SSH > debug1: Remote: X11 forwarding disabled.. 2014.12.06 21:28:36 - OpenVPN > TCP connection established with [AF_INET]127.0.0.1:45934. 2014.12.06 21:28:36 - SSH > debug1: Remote: Forced command.. 2014.12.06 21:28:36 - OpenVPN > TCPv4_CLIENT link local: [undef]. 2014.12.06 21:28:36 - OpenVPN > TCPv4_CLIENT link remote: [AF_INET]127.0.0.1:45934. 2014.12.06 21:28:38 - OpenVPN > TLS: Initial packet from [AF_INET]127.0.0.1:45934, sid=d9028d03 91da3f4a. 2014.12.06 21:28:59 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org. 2014.12.06 21:28:59 - OpenVPN > Validating certificate key usage. 2014.12.06 21:28:59 - OpenVPN > ++ Certificate has key usage 00a0, expects 00a0. 2014.12.06 21:28:59 - OpenVPN > VERIFY KU OK. 2014.12.06 21:28:59 - OpenVPN > Validating certificate extended key usage. 2014.12.06 21:28:59 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication. 2014.12.06 21:28:59 - OpenVPN > VERIFY EKU OK. 2014.12.06 21:28:59 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org. 2014.12.06 21:29:22 - OpenVPN > Connection reset, restarting [0]. 2014.12.06 21:29:22 - OpenVPN > SIGUSR1[soft,connection-reset] received, process restarting! 2014.12.06 21:29:22 - Disconnecting. 2014.12.06 21:29:22 - OpenVPN > Restart pause, 5 second(s). 2014.12.06 21:29:23 - Connection terminated.! 2014.12.06 21:29:26 - Checking authorization .... 2014.12.06 21:29:36 - Checking authorization ..., 1° try failed (The request timed out)! 2014.12.06 21:29:39 - Connecting to Pavonis (United States, Chicago, Illinois). 2014.12.06 21:29:39 - SSH > OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011. 2014.12.06 21:29:39 - SSH > debug1: Reading configuration data /etc/ssh_config. 2014.12.06 21:29:39 - SSH > debug1: /etc/ssh_config line 20: Applying options for *. 2014.12.06 21:29:39 - SSH > debug1: Connecting to 149.255.33.156 [149.255.33.156] port 22.. 2014.12.06 21:29:40 - SSH > debug1: Connection established.. 2014.12.06 21:29:40 - SSH > debug1: permanently_set_uid: 501/20. 2014.12.06 21:29:40 - SSH > debug1: identity file /Users/XXXXX/.airvpn/28ba73950155f600af8ea87ce9db7686474c1e32a213e42c858200ff65aba095.tmp.key type -1. 2014.12.06 21:29:40 - SSH > debug1: identity file /Users/XXXXX/.airvpn/28ba73950155f600af8ea87ce9db7686474c1e32a213e42c858200ff65aba095.tmp.key-cert type -1. 2014.12.06 21:29:40 - SSH > debug1: Enabling compatibility mode for protocol 2.0. 2014.12.06 21:29:40 - SSH > debug1: Local version string SSH-2.0-OpenSSH_6.2. 2014.12.06 21:29:41 - SSH > debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u2. 2014.12.06 21:29:41 - SSH > debug1: match: OpenSSH_6.0p1 Debian-4+deb7u2 pat OpenSSH*. 2014.12.06 21:29:41 - SSH > debug1: SSH2_MSG_KEXINIT sent. 2014.12.06 21:29:43 - SSH > debug1: SSH2_MSG_KEXINIT received. 2014.12.06 21:29:43 - SSH > debug1: kex: server->client aes128-ctr hmac-md5 none. 2014.12.06 21:29:43 - SSH > debug1: kex: client->server aes128-ctr hmac-md5 none. 2014.12.06 21:29:43 - SSH > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent. 2014.12.06 21:29:43 - SSH > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP. 2014.12.06 21:29:45 - SSH > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent. 2014.12.06 21:29:45 - SSH > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY. 2014.12.06 21:29:46 - SSH > debug1: Server host key: RSA 86:7d:6a:e1:3c:9e:ff:78:0a:1d:0d:01:9b:13:df:55. 2014.12.06 21:29:46 - SSH > Warning: Permanently added '149.255.33.156' (RSA) to the list of known hosts.. 2014.12.06 21:29:47 - SSH > debug1: ssh_rsa_verify: signature correct. 2014.12.06 21:29:47 - SSH > debug1: SSH2_MSG_NEWKEYS sent. 2014.12.06 21:29:47 - SSH > debug1: expecting SSH2_MSG_NEWKEYS. 2014.12.06 21:29:47 - SSH > debug1: SSH2_MSG_NEWKEYS received. 2014.12.06 21:29:47 - SSH > debug1: Roaming not allowed by server. 2014.12.06 21:29:47 - SSH > debug1: SSH2_MSG_SERVICE_REQUEST sent. 2014.12.06 21:29:48 - SSH > debug1: SSH2_MSG_SERVICE_ACCEPT received. 2014.12.06 21:29:50 - SSH > debug1: Authentications that can continue: publickey,password. 2014.12.06 21:29:50 - SSH > debug1: Next authentication method: publickey. 2014.12.06 21:29:50 - SSH > debug1: Trying private key: /Users/XXXXX/.airvpn/28ba73950155f600af8ea87ce9db7686474c1e32a213e42c858200ff65aba095.tmp.key. 2014.12.06 21:29:50 - SSH > debug1: read PEM private key done: type RSA. 2014.12.06 21:29:51 - SSH > debug1: Authentication succeeded (publickey).. 2014.12.06 21:29:51 - SSH > Authenticated to 149.255.33.156 ([149.255.33.156]:22).. 2014.12.06 21:29:51 - OpenVPN > OpenVPN 2.3.4 x86_64-apple-darwin13.4.0 [sSL (OpenSSL)] [LZO] [MH] [iPv6] built on Oct 18 2014. 2014.12.06 21:29:51 - SSH > debug1: Local connections to LOCALHOST:34597 forwarded to remote address 127.0.0.1:2018. 2014.12.06 21:29:51 - OpenVPN > library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.05. 2014.12.06 21:29:51 - SSH > debug1: Local forwarding listening on ::1 port 34597.. 2014.12.06 21:29:51 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3104. 2014.12.06 21:29:51 - SSH > debug1: channel 0: new [port listener]. 2014.12.06 21:29:51 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file. 2014.12.06 21:29:51 - SSH > debug1: Local forwarding listening on 127.0.0.1 port 34597.. 2014.12.06 21:29:51 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication. 2014.12.06 21:29:51 - SSH > debug1: channel 1: new [port listener]. 2014.12.06 21:29:51 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication. 2014.12.06 21:29:51 - SSH > debug1: Requesting no-more-sessions@openssh.com. 2014.12.06 21:29:51 - OpenVPN > Socket Buffers: R=[131072->65536] S=[131072->65536]. 2014.12.06 21:29:51 - SSH > debug1: Entering interactive session.. 2014.12.06 21:29:51 - OpenVPN > Attempting to establish TCP connection with [AF_INET]127.0.0.1:34597 [nonblock]. 2014.12.06 21:29:51 - SSH > debug1: Connection to port 34597 forwarding to 127.0.0.1 port 2018 requested.. 2014.12.06 21:29:51 - SSH > debug1: channel 2: new [direct-tcpip]. 2014.12.06 21:29:51 - SSH > debug1: Remote: Pty allocation disabled.. 2014.12.06 21:29:51 - SSH > debug1: Remote: X11 forwarding disabled.. 2014.12.06 21:29:51 - SSH > debug1: Remote: Forced command.. 2014.12.06 21:29:52 - OpenVPN > TCP connection established with [AF_INET]127.0.0.1:34597. 2014.12.06 21:29:52 - OpenVPN > TCPv4_CLIENT link local: [undef]. 2014.12.06 21:29:52 - OpenVPN > TCPv4_CLIENT link remote: [AF_INET]127.0.0.1:34597. 2014.12.06 21:29:54 - OpenVPN > TLS: Initial packet from [AF_INET]127.0.0.1:34597, sid=37aa5366 a42c5fb9. 2014.12.06 21:30:04 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org. 2014.12.06 21:30:04 - OpenVPN > Validating certificate key usage. 2014.12.06 21:30:04 - OpenVPN > ++ Certificate has key usage 00a0, expects 00a0. 2014.12.06 21:30:04 - OpenVPN > VERIFY KU OK. 2014.12.06 21:30:04 - OpenVPN > Validating certificate extended key usage. 2014.12.06 21:30:04 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication. 2014.12.06 21:30:04 - OpenVPN > VERIFY EKU OK. 2014.12.06 21:30:04 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org. 2014.12.06 21:30:22 - OpenVPN > Connection reset, restarting [0]. 2014.12.06 21:30:22 - OpenVPN > SIGUSR1[soft,connection-reset] received, process restarting. 2014.12.06 21:30:22 - OpenVPN > Restart pause, 5 second(s)! 2014.12.06 21:30:22 - Disconnecting. 2014.12.06 21:30:22 - Connection terminated.! 2014.12.06 21:30:25 - Checking authorization .... 2014.12.06 21:30:36 - Checking authorization ..., 1° try failed (The request timed out)! 2014.12.06 21:30:38 - Connecting to Pavonis (United States, Chicago, Illinois). 2014.12.06 21:30:38 - SSH > OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011. 2014.12.06 21:30:38 - SSH > debug1: Reading configuration data /etc/ssh_config. 2014.12.06 21:30:38 - SSH > debug1: /etc/ssh_config line 20: Applying options for *. 2014.12.06 21:30:38 - SSH > debug1: Connecting to 149.255.33.156 [149.255.33.156] port 22.. 2014.12.06 21:30:40 - SSH > debug1: Connection established.. 2014.12.06 21:30:40 - SSH > debug1: permanently_set_uid: 501/20. 2014.12.06 21:30:40 - SSH > debug1: identity file /Users/XXXXX/.airvpn/2ac1038dff731d0e4cb4e307a9681c2afe41c31882878b4ecc9d39c1ff2883a6.tmp.key type -1. 2014.12.06 21:30:40 - SSH > debug1: identity file /Users/XXXXX/.airvpn/2ac1038dff731d0e4cb4e307a9681c2afe41c31882878b4ecc9d39c1ff2883a6.tmp.key-cert type -1. 2014.12.06 21:30:40 - SSH > debug1: Enabling compatibility mode for protocol 2.0. 2014.12.06 21:30:40 - SSH > debug1: Local version string SSH-2.0-OpenSSH_6.2. 2014.12.06 21:30:41 - SSH > debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u2. 2014.12.06 21:30:41 - SSH > debug1: match: OpenSSH_6.0p1 Debian-4+deb7u2 pat OpenSSH*. 2014.12.06 21:30:41 - SSH > debug1: SSH2_MSG_KEXINIT sent. 2014.12.06 21:30:42 - SSH > debug1: SSH2_MSG_KEXINIT received. 2014.12.06 21:30:42 - SSH > debug1: kex: server->client aes128-ctr hmac-md5 none. 2014.12.06 21:30:42 - SSH > debug1: kex: client->server aes128-ctr hmac-md5 none. 2014.12.06 21:30:42 - SSH > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent. 2014.12.06 21:30:42 - SSH > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP. 2014.12.06 21:30:44 - SSH > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent. 2014.12.06 21:30:44 - SSH > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY