Search the Community

The link does not work. And I strongly suspect this is rubbish to the nth power. The traffic is encrypted and cannot be parsed in plain text. I have never heard or read of anything bypassing strong encryption. This is fanciful nonsense. Hello! You can imagine a situation where a citizen is "locked in a cage": the adversary must have the ability to poison the victim DNS and propose alternative (or stolen) SSL certificates which "look like" the original site. The victim is led to believe that he/she is not in a such a "caged" network and that the certificates he/she receives from the https websites are not fake. With the device advertised in the tvhawaii's link, the adversary can more easily succeed in its attack, because the device acts as a gateway to the real https website and sends fluidly (quickly enough so that the victim can't notice any suspect lag) the real pages of the site the victim connects to. Each vInspector devices is advertised as capable to handle up to 3.5 Gbit/s SSL throughput. Actually, this admin has had direct experience that this method has been repeatedly used by human rights hostile governments in order to capture and "decrypt" the traffic of their citizens to/from https websites, including GMail and Facebook. Kind regards I followed the link from https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=5149&limit=6&limitstart=12&Itemid=142 to see the evidence and I cannot see it. As for the argument above, this is an entirely different animal altogether and can apply to any service or website. This is not applicable only to Tor and never has been. The original poster never meant his words to mean what you wrote above. The ISP cannot sniff the traffic under normal circumstances. No one disputes the ability of a strong opponent to do what you describe above but this goes beyond decrypting encrypted data. I fail to see the connection to Tor alone. Thank you Hello! About the link provided by tvhawaii, it works, please check it out. About the required evidence on how it has been possible to successfully attack a target and decrypt the victim's traffic even with https-only websites, it is this admin's direct experience. Some of these events (but not all) have been anyway widely documented, for example: http://www.theregister.co.uk/2011/09/06/diginotar_audit_damning_fail In these types of attacks, the device advertised in the link provided by tvhawaii is indeed useful and can help the attacker, because the attacker obviously does not want to reproduce the victim website in its entirety, but does want that the victim connects finally to the real website without getting warnings from his/her browser. Assuming that the victim does not have from a trusted source the SH1 and MD5 certificate fingerprints and/or does not check manually them (the manual check is necessary because the browser will not issue any warning, being the certificate "trusted" for the browser), the attacker has been able to decrypt all the victim's https traffic to and from https websites while the victim was believing that his/her traffic was securely encrypted. Using vInspector or similar products is an additional comfort for the attacker and adds some more "nice" options, such as real time de-cryption and re-encryption of the https website pages accessed by the victims, de-cryption and re-encryption of the data the victims send to those sites, injections on the fly. Wikipedia has a short but nice article about the huge problem with SSL certificates emitted by CA authorities, their intrinsic weaknesses, some examples on how to perform a successful attack and some more references to notable attacks in the past which were successful: http://en.wikipedia.org/wiki/Certificate_authority The vulnerabilities can be greatly mitigated with OpenVPN, because once the connection is established toward servers which present certificates not subjected to subversion, the attack basis is no more available to the attacker. Therefore the attacker must face the new problem to hi-jack the victim without having the victim in the cage anymore. While this cage might still work with TOR (working in the cage so that a circuit either can not be established or it has high probability to be established only with relays and exit nodes controlled by the attacker), a VPN with non public entry-IP addresses is much more difficult to block. Currently the only solution to the attacker (as far as we know, of course) is just to disrupt OpenVPN connections completely (without disrupting SSL/TLS connections, because the attacker wishes that the victim remains able to connect to https websites), which can be achieved for the typical fingerprint of OpenVPN handshake, which is uniquely recognizable with DPI (we are working to try to bypass this limitation because this method is currently applied at least in Syria, Iran and intermittently in vast areas of China). About the "normal circumstances" you cite, it would help that you define what these normal circumstances are, and anyway it can be a dangerous mistake to assume that such circumstances surely apply to tvhawaii or any other person. Kind regards

We all know there are certain sites out there that love to track you. In addition they love to provide you "extra security" by making sure no bad guys get into your account. I know for example if Gmail sees a foreign IP log into your account, it may think its a bad guy and give you a warning. They do track the timing of these things to so that if you are traveling its smart enough to know that you don't travel between the US and China at the speed of light, but if there's 12 hour diff, you're OK. I've seen this traveling myself. Is it going to be problematic for someone to use Gmail at home over a AirVPN foreign server and then once they leave home and use Gmail over a cellphone which uses the local carrier? Are there other sites with these kind of smarts that will be problematic to use? Like Facebook? Would love to use my cell over VPN. Does this just protect all the data streams (wifi, 3g, 4g, etc.) and not the voice? I assume to do so would mean I could have one device my router and then a plus one for each mobile device that leaves that router's presence. Or can I route everything thru the home router somehow?

Got this from: http://www.wilderssecurity.com/showthread.php?s=6e8f149699a3b0bd25aabbee06a6d7c0&t=331316 Full post is at: http://www.dslreports.com/forum/r27288554-Zero-logs- A follow-up post has the following list (full quote): Good countries for VPN: Argentina - No data retention law Brazil - No data retention law Bulgaria - Data retention law not applicable to VPN providers Cyprus - Data retention law declared unconstitutional (?) Czech Republic - No data retention law (declared unconstitutional) Hong Kong - No data retention law (?) Iceland - No data retention period specified (?); good privacy laws Japan - No data retention law Luxemburg - Data retention law not applicable to VPN providers Netherlands - Data retention law not applicable to VPN providers Panama - No data retention law Romania - Data retention law declared unconstitutional Serbia - Data retention law not applicable to VPN providers (?) Sweden - Data retention law going into effect in May 2012, but (presumably) not applicable to VPNs Taiwan - No data retention law (?) + seemingly good privacy laws Ukraine - No data retention law "Questionable" Countries: Australia - No data retention law, but internet regulations are strict & they're on RSF's Internet Surveillance 2012 watch list Belgium - Data retention law not implemented, but has fairly strict laws & some internet censorship issues (esp. anti-p2p) Canada - No data retention law, but anti-privacy legislation is rapidly gaining traction Egypt - No data retention law (?), but privacy laws are dubious & they're on RSF's Internet Surveillance watch list France - Data retention law not applicable to VPNs, but has strict laws & they're on RSF's Internet Surveillance watch list Germany - Data retention law declared unconstitutional, but server raids & gov't surveillance are prevalent Israel - No data retention law, but gov't surveillance is suspected (conflict zone) Italy - Data retention law not applicable to VPNs, but internet regulations are fairly strict & there are some censorship issues Malaysia - No data retention law, but has some censorship/server raid issues & they're on RSF's Internet Surveillance watch list Mexico - No data retention law, but there are concerns about gov't corruption & some internet censorship issues New Zealand - No data retention law, but there are concerns about gov't surveillance Russia - No data retention law (?), but they have some censorship issues & they're on RSF's Internet Surveillance watch list Singapore - Minimal data retention law, but has fairly strict internet regulations & some censorship issues South Africa - No data retention law, but internet regulations are strict South Korea - No data retention law, but they have some censorship issues & they're on RSF's Internet Surveillance watch list United States - No data retention law, but server raids and gov't surveillance are prevalent Bad Countries for VPN: Afghanistan - Suspected surveillance by allied forces (war zone) Armenia - Internet censorship Austria - Data retention law Bahrain - Internet censorship Belarus - Internet censorship Burma (Myanmar) - Internet censorship China - Internet censorship + data retention law Cuba - Internet censorship Denmark - Data retention law Estonia - Data retention law Ethiopia - Internet censorship Finland - Data retention law Greece - Data retention law Hungary - Data retention law India - Internet censorship + data retention law Indonesia - Internet censorship Iran - Internet censorship + data retention law Iraq - Suspected surveillance by allied forces (war zone) Ireland - Data retention law Kuwait - Internet censorship Latvia - Data retention law Liechtenstein - Data retention law Lithuania - Data retention law Malta - Data retention law Morocco - Internet censorship North Korea - Internet censorship (internet infrastructure is virtually non-existent here anyway) Norway - Data retention law Oman - Internet censorship Pakistan - Internet censorship Palestinian Territory - Internet censorship Poland - Data retention law Portugal - Data retention law Qatar - Internet censorship Saudi Arabia - Internet censorship Slovakia - Data retention law Slovenia - Data retention law Spain - Data retention law Sudan - Internet censorship Switzerland - Data retention law Syria - Internet censorship Thailand - Internet censorship + data retention law Tunisia - Internet censorship Turkey - Data retention law + internet censorship Turkmenistan - Internet censorship United Arab Emirates - Internet censorship United Kingdom - Data retention law Uzbekistan - Internet censorship Vietnam - Internet censorship Yemen - Internet censorship http://www.dslreports.com/forum/r27288551- So, is it true that you have to log by some of the countries law?

I'm testing CBS from Castor and it's ok. It would be nice if you could add http://*.pptv.com (china) to your list. Thank you

Hello! We're very glad to introduce native support for OpenVPN over SSL and OpenVPN over SSH, and a completely re-designed configuration generator which includes exciting, additional AirVPN services and features. Our service becomes more censorship resistant and easier to use with a wide range of OpenVPN GUIs and wrappers. NEW SERVICES: OPENVPN OVER SSL - OPENVPN OVER SSH OpenVPN over SSL and OpenVPN over SSH will allow you to bypass OpenVPN connections disruption. Known ISP countries where the disruption takes place are China, Iran, Syria, Egypt. The connection disruption is possible because OpenVPN connections have a typical fingerprint which lets Deep Packet Inspection discern them from pure SSL/TLS connections. Connecting OpenVPN over SSL or OpenVPN over SSH will make your connection undiscernable from pure SSL or SSH connections, rendering DPI fingerprint identification powerless. OpenVPN over SSL/SSH is included in every Premium subscription without any additional payment. Use OpenVPN over SSL/SSH only when necessary: a slight performance hit is the price to pay. The performance hit is kept as low as possible because the "double-tunneling" is performed directly on our servers without additional hops. NEW FEATURES A new system for host resolution (not available for Windows) and dynamic VPN server choice is available. This will let you have OpenVPN configuration files which will try connections to various servers (according to your preferences) if one or more servers are unavailable. A new connection port (2018) is now available on all Air VPN servers. A new, alternative entry-IP address is now available on all Air VPN servers. NEW CONFIGURATION GENERATOR FEATURES - You can now select servers by countries, continents and planets (currently only one planet) or any combination between single servers and countries. - You can now select an alternative entry-IP address. Each Air server has now an additional entry-IP address to help you bypass IP blocking. - You can now choose a wide variety of compressing options: zip, 7zip, tar, tar & gzip, tar & bzip2. - You can now choose not to compress the files and download them uncompressed one by one NEW CONFIGURATION GENERATOR "ADVANCED MODE" FEATURES - Total connection ports range available, including new port 2018 in addition to 53, 80, 443 and (for SSH) 22. - Option to generate non-embedded configuration files, mandatory if you use network-manager as OpenVPN wrapper under Linux or just in case you use any wrapper that does not support embedded with certificates and keys OpenVPN configurations. - Option to generate files and scripts for OpenVPN over SSL/SSH connections by clicking on "Advanced Mode" - Option to select "Windows" or "Linux and others". Make sure you select the correct option according to your OS, because connections over SSL/SSH in Windows require different files than those required for Linux, *BSD and Unix-like / POSIX compliant systems such as Mac OSX. - New options to generate configuration files that support proxy authentication for OpenVPN over a proxy connections, particularly useful if you're behind a corporate or college proxy which requires authentication. A significant example of usage of OpenVPN over a proxy is OpenVPN over TOR: https://airvpn.org/tor Instruction page for OpenVPN over SSL: https://airvpn.org/ssl Instruction page for OpenVPN over SSH: https://airvpn.org/ssh Please do not hesitate to contact us for any additional information. Kind regards & Datalove AirVPN admins

I know china is impossible but how about some of the other smaller asian countries ?

Hello everyone, when logged into Vega, I noticed Chinese Google ads showing up on the sites visited. I checked my IP location through http://whatismyipaddress.com/ and Yahoo, and both showed my IP as Portland, Oregon, so thought there must be a Chinese immigrant enclave in Portland that the ads are targeting. It turns out that Google pinpointed all of my sessions through Vega as from Shanghai, China. I am not in China but I deal with some content concerning human rights in China. 1. Is it even remotely possible that the Chinese government was tracking my sessions through Vega? 2. Even if they were, how & why does http://whatismyipaddress.com show my IP as Oregon while Google shows it as Shanghai? 3. Anyone else have this issue?

Hello! Yes, it is possible. While "airvpn.org" is blocked in various China areas (IP blocking), you can access anyway our VPN servers. You can also access our website after you have established a connection to a VPN server or through a proxy or TOR. You can prepare the OpenVPN configuration files for our servers before you go to China (so that you will not need to access our website) or have us send them to you in an encrypted e-mail (gpg recommended). In case the chinese ISP that you will use tries to detect and disrupt OpenVPN connections, you can use OpenVPN over a SOCKS or an http proxy (example: https://airvpn.org/tor). Kind regards

I'm new to vpn's... I'm going to china soon, soi need to beat the great firewall, and still see the websites i see in the uk..is this possible? sites like the bbc (bbc iplayer), also can i view hulu if i conenct to an american server? Finally can I still use torrent sites? OR P2P ?

Thank you for this info; I had a slight moment of panic as to why Google was warning me that my Gmail account had been accessed from China (obv. I haven't been there). Since only the SMTP address showed as China (POP was US) I figured it was this sort of VPN IP sorcery at work; good to have a confirmation to ease my paranoia a tiny bit.

Hello! The problem is only with Google which considers Vega's exit IP in China and redirects you to their .hk pages. USA geo-discriminatory services anyway recognize Vega IP as an USA IP address, granting therefore access. There's nothing we can do, it's just a Google mistake (Vega is in Oregon). You could use the server Sirius, in the USA, to solve the problem. Please do not hesitate to contact us for any further information. Kind regards

Hello! Yes, there will be new servers. Unfortunately, Mexico and China are not appropriate locations for a service like AirVPN. In China there are very many issues related to privacy, active monitoring and censorship. The infrastructure in Mexico heavily needs further development. We will anyway review the situation in Asia very soon. Kind regards

Will there be new servers to use? I would like China, Mexico or Canada servers.

Thank you for your help. I cannot access Viscosity in China, but I played around with Tunnelblick and it turns out my previous problems with dev tun in Tunnelblick are no longer applicable, but I was still configuring as before. Needless to say, I'm up and running now. Thank you once again!

kenzieparis wrote: Hello! Yes, at the moment all of our servers are reachable from China. Before proceeding with Tunnelblick, anyway, you might perform a test with another OpenVPN client for Mac, Viscosity. Although it is free only for 1 month trial, you can use it during this period as a test to ascertain whether the connection problem relies on Tunnelblick or not. '>http://www.thesparklabs.com/viscosity/> Kind regards AirVPN admins

Hello, Thanks for the quick reply. Although there is a "Great Firewall of China", I have used AirVPN before so it shouldn't be the problem, and I have indeed copied all configuration files to the proper location. I have previously had problems with Tunnelblick file parsing, but I'm unclear about exactly what parameters I should modify and where. Could you please be more specific? Thank you!

EzioAuditore wrote: Hello! The steps you have followed are correct. However, we have just performed a deep check of your account and everything is fine. The system authorizes you to connect to any server. Make sure that user.key has been copied properly from air.zip and pasted into the correct directory. Finally, there is a slight chance that the UDP protocol is causing problems: UDP packets not arriving from client to server or vice versa. This may be caused by low quality connection, router not forwarding properly UDP packets or your ISP capping/throttling UDP ports (several providers from Italy, China, Egypt and many more do that). We don't know if you're using UDP; if it's the case, try to switch to proto TCP. If that does not solve the issue, please do not hesitate to open a ticket. Kind regards AirVPN admins

Hi everyone, I am an ex-pat living in China and have been using a VPN service for a couple of years now. Just recently I find myself without any access to my usual sources that China so dearly loves to block. I want to change or add some DNSs in my AirPort settings, but I cannot because they are not active and I cannot find a way to make them active. I had no problem when adding new DNSs to my Ethernet settings, but the Ethernet is not connected. As you can see in the attachment the DNS settings are and cannot be highlighted. Any ideas or advice? Thanks much.

This happened at the worst time for us. China started blocking the other VPNs and AirVPN was still okay, but now it is down too. Maybe the service provider breaking AirVPN works for the Chinese government? Please do what you need to restore the VPN.

MiL0 wrote. Hello! According to our terms of use, you have the right to a full refund, no questions asked. If you wish, and only if you wish, drop us a couple of lines telling us in private which country you connect from and your ISP (in case, use "Contact us" option in the drop-down menu). We would be curious to know just because those ping times are incredibly high, much higher than those recorded from Philippines, China and some countries in Africa. Kind regards AirVPN admins

hello, i already have a company openvpn. is there a .ovpn config file i can simply throw into the config directory? br & greet from china krg ..very dumb question, please close this...