Search the Community

Yes, providers can interfere the VPN connection to distrupt or trottle it but they can't change or see what's inside the tunnel. If you are not in China or another very restrictive county they may only trottle the VPN. If you have a problem connecting to the tunnel or speed issues you may want to test alternative access methods like SSL or SSH. There are also other ways explained in this website.

Is datacentre traffic not censored in the same way as the rest of China's internet access? Surely this would make it irrelevant as a VPN node anyway?

I doubt it will happen. Most datacenters in China provide a maximum of 10Mbit up / down, and even then the traffic is usually limited because there is no such term as undeterred in China. This is fine for a small business, but will not pass the requirements of any VPN company because it literally means that not more than 10 users can use this server without overloading it, in any present moment. Maybe this will change if the cost of IP Transit will become lower.

Hi, Thanks for your response. I was in China recently and sometimes the AirVPN profiles worked (resolved IP configs) But sometimes they didn't and the 'stealth' config from Torguard did work.

Hello! The problem in those configuration files is that the OpenVPN "fingerprint" is always visible in the headers, so the connection can be disrupted. We solved the problem by encrypting the OpenVPN header, tunneling OpenVPN in SSL or SSH (OpenVPN over SSL/SSH, a tunnel inside a tunnel). This solution works in China and Iran, the two countries in which OpenVPN connections are actively disrupted, but as far as we know (we will investigate further anyway) it can't be implemented on Android or iOS because openvpn-connect client does not support connections of OpenVPN over SSH or SSL. Kind regards

Hi all, Torvpn is able to make stealth profiles for android that work in China. Any possibility to have this for Airvpn? See examples below for both TCP and UDP for one of their servers in the Netherlands client dev tun proto tcp nobind remote-random remote 89.248.172.172 443 ca ca.crt auth-user-pass remote-cert-tls server cipher AES-256-CBC resolv-retry 5 tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 route-delay 5 30 ping-restart 0 persist-key persist-tun comp-lzo mute-replay-warnings client dev tun proto udp nobind remote-random remote 89.248.172.172 53 ca ca.crt auth-user-pass remote-cert-tls server cipher AES-256-CBC resolv-retry 5 tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 route-delay 5 30 ping-restart 0 persist-key persist-tun comp-lzo mute-replay-warnings fast-io

My mainboard was assembled in Malaysia and I'm not an Apple user. What I know is that Malaysia is worse than China.. CnMemory is a german company specialized in assembling RAM and other memory products. They produced them in Germany until they've been bought by a korean company. Now they produce their chips and RAMs in another country. It's hard to get "right" things in a country like Germany.

Wrong. Apple computers are assembled in China under so poor conditions, that workers constantly try to commit suicide there. Sadly most computers are made like this though, probably the computer you are using now has parts made in China or was assembled there entirely.

Wrong. Apple computers are assembled in China under so poor conditions, that workers constantly try to commit suicide there. So yeah, it wouldn't really make a difference what brand of servers they use.

Wrong. Apple computers are assembled in China under so poor conditions, that workers constantly try to commit suicide there.

What is the difference between protocols? UDP is a connectionless protocol, so during the handshake it is not always possible to do an effective error correction. As a result, when there's high ping or low quality line during the OpenVPN login, the handshake may fail, although you could see no significant problem after (if) the connection is established. TCP is capable of handling these problems. On the other hand, UDP is more efficient once the connection is established. OpenVPN also implements a basic packets error correction even in UDP (only after the tunnel is established). If you experience problems with VoIP video/audio conversations when connected to the VPN through a TCP port, a typical case for which a difference may be visible (VoIP over TCP - for example UDP over TCP - is clearly inferior to VoIP over UDP because TCP implements ARQ, UDP does not), then go for an UDP connection. In general, you should always try an UDP connection if your ISP allows it and you don't experience any problem during the handshake. However, TCP is mandatory if you need a proxy to reach the Internet. VPN over TOR connections require a TCP connection. Variety of ports (53, 80, 443) is an additional option to try to bypass country or ISPs blocks, or bandwidth management. When OpenVPN connections are disrupted by your ISP (this happens for sure in China and Iran) then you need OpenVPN over SSL or OpenVPN over SSH supported by every AirVPN server and requiring, again, TCP.

Nope, didn't work. And every time I try to open any version of openvpn or airvpn it hangs and it is impossible to force quit. I have to restart my PC to quit it. Is there perhaps an operating system I can buy from China that works?

Hello! From the first shell, cd to the directory where you have the .sh file and issue the command ./nameofthefile.sh After that, open another shell as root, cd to the directory where you have the .ovpn file pertaining to OpenVPN over SSH and type the command: openvpn "name of the .ovpn file" Try to use OpenVPN over SSH only when absolutely unavoidable (for example in China and Iran). Kind regards

I believe AirVPN is blocked in china by several ISPs. It will be a nice subtle retaliation if we get a china server set up!!!

Hello! We're very sorry, it's not possible to have OpenVPN connect over SSL/SSH or over a proxy when Tunnelblick is the wrapper. You should run OpenVPN directly. Anyway, OpenVPN over SSH/SSL should be used only when absolutely unavoidable (for example from China; since your connection works fine with direct OpenVPN, it's probably a waste of time and resources (but also an interesting didactic exercise ) to connect OpenVPN over SSH. Kind regards

Hi, Is there any development going on to enable SSH or SSL tunnels on Android to avoid DPI in China? Some other providers already have this service on Android. Thanks,

Hi I have been using AirVPN for 6 months now, works great. However I need to travel to China occasionally and regular OpenVPN just will not work. I have been trying to setup a SSL as explained in https://airvpn.org/ssl/ but I just cannot seem to work out exactly what the last step means openvpn "AirVPN <..> - SSL <..>.ovpn"I have no idea what file the "AirVPN <..>" file is though I can guess that the ovpn file is the same as that selected in the previous step to setup the stunnel.exe. In addition openvpn is expecting a double dash "--" not a single dash "-" It would help emensly if you could clarify and update your webpage for others. I am doing this in windows 7 bty. Thanks for a great service. Best R

Is there an AirVPN client for use in China, yet?

viewdns.info refuses connections from Menkib, DEWezen, DESeginus, DENashira, UKSerpentis, SEIt's a pity because I find this service extremely useful and easy to read. Have things like whois and DNS lookup but also China and Iran firewall lookups. Fixed.

I've tried a number of different sites, notably Google's DNS servers and this one here http://censurfridns.dk. Can you recommend any DNS suppliers that work a little better with AirVPN? Also, this may sound like a real noob question, but I have the DNS set in the static ip address config, is this the correct place to put this info and if not, where should I be designating it? Thanks for your reply! Hello, Google DNS (as well as OpenNIC and any other public DNS we have tested) have no problems in resolving our names and this suggests that your ISP is hijacking DNS queries (please see below). For example: dig @8.8.8.8 asia.vpn.airdns.org ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @8.8.8.8 asia.vpn.airdns.org ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52404 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;asia.vpn.airdns.org. IN A ;; ANSWER SECTION: asia.vpn.airdns.org. 300 IN A 119.81.1.125 ;; Query time: 647 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Fri Jan 3 02:09:04 2014 ;; MSG SIZE rcvd: 53 It might be that your DNS queries are hijacked in any case REGARDLESS of the DNS server you try to reach. This occurs with some ISPs around the world (for example Vodafone) AND it might occur with several ISPs in China. In this case, please do not use names at all. Insert directly the entry-IP address of the server you wish to connect to. For example, instead of asia.vpn.airdns.org, insert the entry-IP address of one of the Singapore servers. Kind regards

Hello, OpenVPN packets have a typical fingerprint (basically due to additional information on the packets headers for error correction) which make OpenVPN protocol different from pure SSL/TLS. Usage of OpenVPN is perfectly normal and widespread, therefore it's not a reason of concern unless your ISP decides to cap or disrupt OpenVPN connections (as it happens in China). In this case, you can use OpenVPN over SSL/SSH to encapsulate OpenVPN packets inside SSL or SSH tunnel (you can find the instructions by clicking "Enter" from the upper menu of our web site). In case your ISP does not perform this discrimination, you should connect directly with OpenVPN for better performance. Kind regards

There was also the great diversion of traffic to China a few years ago: http://arstechnica.com/security/2010/11/how-china-swallowed-15-of-net-traffic-for-18-minutes/ Perhaps I will give in a bit to paranoia. Now that the NSA has the SSL keys for most of the major services in the U.S., probably Russia and China have them too? Given what Edward Snowden was able to walk away with, how many people with less lofty ethics had already done the same for $, or because of blackmail? Old fashioned spying has not stopped. Will the database with the SSL keys be any more secure? So if this sort of thing happens now, they can decrypt it too, rather than just save metadata?

Hello! OpenVPN over SSL connections will be probably supported in the final Eddie release (the next client version). Remember that you should never use OpenVPN over SSL except for extreme cases. This is an additional, free of charge service originally designed for China only. In order to easily switch servers over SSL, first prepare all the files you need for all the servers you wish to connect to, so that you can switch them in a matter of seconds. The Configuration Generator accepts multiple choices so you will need just 30 seconds for the initial generation (once and for all), we fail to see why it should be such a pain for you. About your problem, it might be a DNS issue, since the logs look just fine. While your system is connected to a VPN server, please open a command prompt (with administrator privileges), issue the following commands and send us the output: ipconfig /flushdns tracert google.com ping 10.4.0.1 ping 8.8.8.8 Kind regards

Hello! First of all, it's important to note that the sentence in bold is totally wrong, and it's strange that a VPN provider claims that (maybe it's just a misunderstanding with TorrentFreak). It would be GREAT if it was true, but it isn't. OpenVPN traffic to port 443 TCP is profoundly different from "standard http over SSL" traffic. One of the differences is that OpenVPN performs a packet wrapping with some important additional data (for packets re-ordering etc.) which makes the OpenVPN traffic discriminable from https or pure SSL/TLS through Stateful or Deep Packet Inspection. That's why it's possible to easily discern the typical OpenVPN traffic "fingerprint" and block it, like they do in China, and that's why we offer OpenVPN over SSL. We wish to underline that, because otherwise you could think that we're "stupid" to provide OpenVPN over SSL or SSH with the purpose to bypass OpenVPN disruptions in China and Iran. Encapsulating OpenVPN traffic into http by default would be a major breakthrough (at the expense of an important performance hit, probably) which is being discussed for possible implementation in the next paramount release, OpenVPN 3, which might see the light in 2015. However, there are important problems to be considered for this implementation, so it is uncertain whether it will be supported in OpenVPN 3 or not. We provide to option to connect to ports 53, 80, 443 and 2018, all of which with protocols TCP and UDP, according to your preferences. We also provide the option to connect OpenVPN over SSH to ports 22, 80 and 53 (only TCP, obviously) and OpenVPN over SSL to port 443 TCP. PPTP has been discarded even before the official birth of AirVPN. We have never supported it and we will most probably never support it. IPsec has been discarded as well, although for very different reasons. Kind regards

Hello! We're sorry, Tunnelblick can't be used to connect OpenVPN over SSH or SSL. You need to run stunnel first from one shell, and then OpenVPN from another, please see the instructions. Adding an additional SSL or SSH layer is an option we introduced for special cases, i.e. when OpenVPN connections are disrupted, as it happens in China. In every other case it should be avoided because it does not add security and hits performance. Kind regards