Search the Community

It's a new feature in OpenVPN 2.4, for more privacy and can also help with censorship circumvention in some cases. https://github.com/OpenVPN/openvpn/blob/master/Changes.rst Can AirVPN implement this?

Hello. I’m trying to figure out how to import and use SSL or SSH on iOS and Android using the OpenVPN client. I’m not sure what I’m doing wrong but I can’t even get a connection to any server. any ideas on how to get this working?

Hello, I recently installed Antergos Linux (Arch Linux) on my main Computer and my Laptop. So I downloaded the Config files and tried to run them with the default openvpn. I cannot establish a connection. The resulting error is: Thu Feb 1 12:47:55 2018 OpenVPN 2.4.4 x86_64-unknown-linux-gnu [sSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 26 2017 Thu Feb 1 12:47:55 2018 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.10 Thu Feb 1 12:47:55 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 1 12:47:55 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 1 12:47:55 2018 RESOLVE: Cannot resolve host address: switzerland.vpn.airdns.org:443 (Name or service not known) Thu Feb 1 12:47:55 2018 RESOLVE: Cannot resolve host address: switzerland.vpn.airdns.org:443 (Name or service not known) Thu Feb 1 12:47:55 2018 Could not determine IPv4/IPv6 protocol Thu Feb 1 12:47:55 2018 SIGUSR1[soft,init_instance] received, process restarting Thu Feb 1 12:47:55 2018 Restart pause, 5 second(s) I tried it on my Android device where I also have the config files from before a month. The old ones are working, the new ones don't. Maybe someone has the same problem or a solution? The Problem occurs also when I download another protocol-config or change the Server/State. Thanks

I installed OpenVPN and downloaded the connection info for a variety of locations and installed them per the instructions. I am using a Samsung Chromebook Pro. When I run OpenVPN and choose a location it appears to connect correctly and I see a "success" message with an IP address. However, when I check to see what my IP address is, it is not the one that OpenVPN is showing me, instead it is for the local ISP here where I am traveling (in this case Prague). I can't access a number of website for sports streaming apps because they claim I am outside of the territorial restrictions, which technically I guess I am, but that's the point of using the VPN. I never had an problems on my old Windows laptop. Is this just some weird Chromebook issue? It seems strange that OpenVPN is showing me success and an IP connection but my traffic doesn't seem to be using it.

I normally use AirVPN with openvpn in my computer, with openresolv to allow openvpn to connect to the server then change the DNS so it is tunnelled through the VPN connection. The openvpn config file I downloaded specifies a country, not a particular server, so DNS resolution is needed initially to make the connection. However I am interested in putting the VPN inside a router instead, and I have been experimenting. Looking at the instructions for ddrwt and here: https://airvpn.org/topic/14378-how-can-i-get-vpn-servers-entry-ip-addresses/ it seems it will not be possible to continue using my existing per-country configuration, as I need to give a specific IP address, ie choose just one server (and edit the .ovpn file accordingly). At the moment, I am using an OpenNIC DNS server in parallel with the VPN one instead, but I'd rather not continue to do this. Am I right in thinking each query goes to both DNS servers (rather than using the second one only if the first doesn't return an IP address)? Is there a way to select a country or region, rather than a specific AirVPN server, in this situation? I want to continue using openvpn manually as I understand and trust this method. I am also more familiar with the command line (ssh into the router) than LEDE/OpenWRT, which is new to me.

Hi everyone, I would like to have my digital ocean VM use a VPN for its outgoing http requests. I am using openVPN on Ubuntu 14.04.1 LTS (GNU/Linux 3.5.0-48-generic x86_64). Got the files AirVPN_Europe_TCP-53.ovpn ca.crt ta.key user.crt user.key in one directory. VPN is using TCP protocol on port 53. Also tried with UDP, same problem also copied the files to /etc/openvpn/ to try to run it via openvpn start. If I do that, I get the output: root@tr:/home# sudo service openvpn start * Starting virtual private network daemon(s)... ..but nothing happens. curl http://www.ipchicken.com still reveals the servers ip If I directly run root@tr:/etc/openvpn# sudo openvpn AirVPN_Europe_TCP-53.ovpn Thu Sep 18 09:42:35 2014 OpenVPN 2.3.2 i686-pc-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [iPv6] built on Feb 4 2014 Thu Sep 18 09:42:35 2014 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file Thu Sep 18 09:42:35 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Sep 18 09:42:35 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Sep 18 09:42:35 2014 Socket Buffers: R=[87380->131072] S=[87380->131072] Thu Sep 18 09:42:35 2014 Attempting to establish TCP connection with [AF_INET]95.211.186.65:53 [nonblock] Thu Sep 18 09:42:36 2014 TCP connection established with [AF_INET]95.211.186.65:53 Thu Sep 18 09:42:36 2014 TCPv4_CLIENT link local: [undef] Thu Sep 18 09:42:36 2014 TCPv4_CLIENT link remote: [AF_INET]95.211.186.65:53 Thu Sep 18 09:42:36 2014 TLS: Initial packet from [AF_INET]95.211.186.65:53, sid=d5ee74c0 46f1dcfd Thu Sep 18 09:42:36 2014 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org Thu Sep 18 09:42:36 2014 Validating certificate key usage Thu Sep 18 09:42:36 2014 ++ Certificate has key usage 00a0, expects 00a0 Thu Sep 18 09:42:36 2014 VERIFY KU OK Thu Sep 18 09:42:36 2014 Validating certificate extended key usage Thu Sep 18 09:42:36 2014 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Thu Sep 18 09:42:36 2014 VERIFY EKU OK Thu Sep 18 09:42:36 2014 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org Thu Sep 18 09:42:37 2014 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Thu Sep 18 09:42:37 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Sep 18 09:42:37 2014 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Thu Sep 18 09:42:37 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Sep 18 09:42:37 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA Thu Sep 18 09:42:37 2014 [server] Peer Connection Initiated with [AF_INET]95.211.186.65:53 Thu Sep 18 09:42:39 2014 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Thu Sep 18 09:42:40 2014 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.9.0.1,comp-lzo no,route 10.9.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.9.0.254 10.9.0.253' Thu Sep 18 09:42:40 2014 OPTIONS IMPORT: timers and/or timeouts modified Thu Sep 18 09:42:40 2014 OPTIONS IMPORT: LZO parms modified Thu Sep 18 09:42:40 2014 OPTIONS IMPORT: --ifconfig/up options modified Thu Sep 18 09:42:40 2014 OPTIONS IMPORT: route options modified Thu Sep 18 09:42:40 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Thu Sep 18 09:42:40 2014 ROUTE_GATEWAY 178.62.192.1/255.255.192.0 IFACE=eth0 HWADDR=04:01:28:70:e1:01 Thu Sep 18 09:42:40 2014 TUN/TAP device tun0 opened Thu Sep 18 09:42:40 2014 TUN/TAP TX queue length set to 100 Thu Sep 18 09:42:40 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Thu Sep 18 09:42:40 2014 /sbin/ip link set dev tun0 up mtu 1500 Thu Sep 18 09:42:40 2014 /sbin/ip addr add dev tun0 local 10.9.0.254 peer 10.9.0.253 Thu Sep 18 09:42:40 2014 /sbin/ip route add 95.211.186.65/32 via 178.62.192.1 Thu Sep 18 09:42:40 2014 /sbin/ip route add 0.0.0.0/1 via 10.9.0.253 Thu Sep 18 09:42:40 2014 /sbin/ip route add 128.0.0.0/1 via 10.9.0.253 Write failed: Broken pipe After that the VM is just completely down / frozen and I need to restart it. Really no clue on whats going wrong here and have been on this for hours. Any idea?

Hi, I'm getting an error when trying to connect on Windows 10. It says: "OpenVPN: Route gateway is not reachable on any active network adapters: 10.4.0.1". It didn't do this when I first installed AirVPN Client. How can I fix this? Thanks

In OpenVPN for iOS, Is it possible to view the list of specific servers in a country profile before connecting to one? Eddie has that option, and I sometimes use it if I need a server in a specific location. For iOS, I’ve downloaded a config file for a country, but OpenVPN seems to choose the best server within that country automatically, invisibly. (Which is usually very helpful but sometimes not.) I’ve downloaded some config files for specific servers within that country, so I can connect directly to a specific server if I want, but having to connect to each one first to see its performance is silly. Thanks.

I'm running OpenVPN on DD-WRT. Everything seems to work fine, but in the OpenVPN logs I see I guess this means the configuration will stop working at some point? Is there some other configuration I should use instead?

First of all, I would like to declare that I read and implemented this post: https://airvpn.org/topic/11476-using-airvpn-with-openvpn-for-android/ On OpenVPN, I imported the config file that I generated through AirVPN, and when it comes to activating that config file, I just cannot confirm the dialogue box showing up. It is displaying that there is a connection request and OpenVPN for android wants to set up a VPN connection that allows it to monitor network traffic. I just cannot click OK when this dialogue box pops up... I tried all kinds of things that I thought would affect the result without any success such as giving storage permission to OpenVPN, generating the config file as both UDP and TCP, selecting platform as both Android and Linux, as well as selecting various servers. Don't know what else I can do. I even tried to directly connect to VPN without OpenVPN through Android VPN settings. Your help would be greatly appreciated. Thanks

Hello, I have problems when downloading with AirVPN on Ubuntu 16.04 using OpenVPN client. I have tried switching to other VPN servers, but still have problems with the download speed. The speed often goes to zero and sometimes it goes up, but then quickly drops to zero again. For example it goes up to 1.1Mbit and then slowly goes back to zero. And 1.1Mbit is not even close to my actual network speed. When I disable openvpn the download speed is back to normal. Any ideas why this is happening? Cheers!

Hey, the day before yesterday, I installed QVPN on my QNAP 253a. There, I used a OpenVPN file form AirVPN. Without VPN, I get spends of about 35 MB/s. With VPN, I get a maximum of 2 MB/s. The CPU should be fast enough for it and while connected with OpenVPN I do not get high CPU usage. I tired it with UPC and TCP but it won't get faster. Do you have any idea what could fix it? Thanks for your help! Regards, Hannes

Hi AirVPN users! The latest OpenVPN for DD-WRT can be found here ftp://ftp.dd-wrt.com/betas/2020 but please choice builds higher then 06-01-2017-r32170 as lower builds dont have the vulnerabilities patch https://ostif.org/the-openvpn-2-4-0-audit-by-ostif-and-quarkslab-results

I just installed OpenVPN for Android on my phone today. After some phone buggy-ness and fiddling, I got it all working. Cool. But I noticed that when connecting to AirVPN, I was never asked for my login+pw. Hmmm... Ok, I now figure the .ovpn files I generated and imported have some keys/certificates embedded that authenticate me personally as the user who needs to login/connect to AirVPN. If that's true, and if my phone is stolen, how can I invalidate those credentials of mine so the thief can't login to AirVPN as me? Will a simple password change on the AirVPN website do the trick? (Thanks, everyone.)

I was reading the locked thread about AirVPN updating their server-side in response to the article about security vulnerabilities in OpenVPN, and was wondering how a user of, say Windows, or a user with OpenVPN on their mobile device would go about updating in a way that would maintain the settings they're currently using for AirVPN? The aforementioned thread does include a way to update in Linux, but doesn't say anything about other OS systems.

I am looking for a new VPN service for I am experiencing geolocation problems with my actual provider. AirVPN looks like could be the one that suits me quite well. Actually, it could be perfect if it had 5 connections but I know this is not an option, unlikely... Anyway, browsing around the site I got a doubt and I am asking for clarifications. If I got it right, when I am connected to any server (let's say a server in Hong Kong) I can still access georestricted contents for some broadcasters (for example, BBC, FranceTV, RAI, RSI). All of these from within the same server! Is it right? If so, is it true for any server? In the case, I am puzzled: how does it work? On the other side, if a site which is georestricted is not in the "granted" list in the "Website support" page, then to access it I need to connect to a server in the same country as the site, right? So, if there is not such a server, I can not access such a site (and, I must say, the list of countries with a server is not impressive). Now a couple of questions about the client and the connection. I am using linux, so I think I have two options: AirVPN client (aka Eddie) or openvpn. Is there a difference between the two of them? Is one of them to be preferred (and why)? Is it possible, with any of them, to choose an "auto" connection (ie, the one which should be the best at the moment of going up)? I am asking this because on my desktop it would make little to none difference to use one client or the other, but I am also using it on my raspberry where for me the (much) preferred choice would be openvpn, so I would like to get the most from such client. Thank you in advance.

Using the Pfsense 2.3 install guide https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/ When I get to step 3A, "Step 3-A: Setting up the OpenVPN Client" I get the following error: "An IPv4 protocol was selected, but the selected interface has no IPv4 address." After Googling some, I see that this error *might* be a bug in PfSense 2.3 and how it uses OpenVPN? Or something else? I checked steps 1-2 thoroughly, and I am pretty sure I am following the instrux. Thanks for any guidance.

When deciding which pfSense router hardware to use with AirVPN I like to test CPU/System performance to know what the limits of the hardware are. I normally do this on my LAN so I can be sure to eliminate network problems. The basic method I use is to set a simple OpenVPN tunnel between two machines using the shell command line openvpn. I then use iperf3 to measure the throughput of the tunnel. This works for my router, pfSense, Intel Celeron N3150. I get a test result of 127Mb/s, slighy higher if I used the rdrand engine ~134Mb/s. All well and good. This is the router hardware I now run my pfsense connection to airvpn with. The problem is, and it is a silly problem, is that the performance to AirVPN is much better than my theoretical LAN maximum. I get 155Mb/s, which could be limited by my ISP rather than router CPU. I have checked all the OpenVPN parameters between the tunnel to AirVPN and the tunnel on my LAN and they look similar enough apart from AirVPN is using dyname/TLS keys. Obviously my test is wrong, but I just can't see what is wrong with it. The only way I can get my LAN openvpn tunnel to work as fast as the WAN one to AirVPN is to raise tun-mtu to about 1900. But I'm pretty sure Airvpn use 1500. I don't expect anyone will be able to help but there is always hoping ;o)

Hello, I've created a router config and set it up on my router, but the traffic is not going through the VPN. Here is a part of the generated router config without the certificates: clientdev tun proto udp remote us.vpn.airdns.org 443 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server cipher AES-256-CBC comp-lzo no route-delay 5 verb 3 explicit-exit-notify 5 Here is my router log: Mar 22 09:11:09 RT-N56U: WAN up (eth3) Mar 22 09:11:09 dnsmasq[397]: read /etc/hosts - 3 addresses Mar 22 09:11:09 dnsmasq[397]: read /etc/storage/dnsmasq/hosts - 0 addresses Mar 22 09:11:09 dnsmasq-dhcp[397]: read /etc/dnsmasq/dhcp/dhcp-hosts.rc Mar 22 09:11:09 dnsmasq[397]: using nameserver 167.206.10.178#53 Mar 22 09:11:09 dnsmasq[397]: using nameserver 167.206.10.179#53 Mar 22 09:11:09 miniupnpd[449]: version 1.9 starting UPnP-IGD ext if eth3 BOOTID=1490188269 Mar 22 09:11:09 miniupnpd[449]: HTTP listening on port 17455 Mar 22 09:11:09 httpd[445]: Server listening port 80 (HTTP). Mar 22 09:11:10 RT-N56U: starting OpenVPN client... Mar 22 09:11:10 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 22 09:11:10 kernel: br0: port 3(rai0) entered forwarding state Mar 22 09:11:10 kernel: br0: port 2(ra0) entered forwarding state Mar 22 09:11:10 kernel: br0: port 1(eth2) entered forwarding state Mar 22 09:11:19 NTP Client: Synchronizing time to pool.ntp.org. Mar 22 09:11:22 NTP Client: System time changed, offset: 2.135226s Mar 22 09:12:13 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 22 09:13:15 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 22 09:14:17 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 22 09:15:19 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 22 09:16:21 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 22 09:17:23 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 22 09:18:25 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 22 09:19:27 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Attaching a screenshot from my router admin config: Can you please help me troubleshoot? Thanks!Jim

Hey Guys - I just recently started using AirVPN and have spent the weekend setting up a few things. I subscribed to AirVPN with the plan of using a local VM with my fiber connection instead of a remote Seedbox. My goal is to have the local VM on 24/7 running Deluge and have it save all completed files to my primary system. I host too many things on my primary system plus must connect to work's VPN on it which is why I'm using this setup. I've already mounted the share for the downloads in the VM, set everything up, and all seems to be working except one thing. Just wanted to ask a couple of questions including verification that how I set it up is the best suggested method for what I'm trying to do, please. Questions 1. From Deluge's WebUI in a browser, I can connect to Deluge's Daemon. From the WebUI, it connects to 127.0.0.1:58846 (local ip because it's hosted on same system as daemon. However, when I try to connect to the Daemon using the Deluge Client with classic mode disabled, I cannot from my PC using the local IP and same port or even on the hosting PC using 127.0.0.1:58846. This only occurs when the VPN is connected. I tried connecting via DDNS from a forwarded port I created using 58846 as local port but also didn't work 2. Even though I installed AirVPN in the VM (Ubuntu 17.04 x64), it didn't have an option to launch at boot so instead I installed openvpn as a service and have it configured to launch the config file I downloaded at boot to automatically connect. Does connecting this way still offer all of the features such as ports I forward? If not or there's a better way to accomplish this, please let me know 3. Is there a way to implement network lock when using the openvpn method above - or - if openVPN looses connection, will it automatically reconnect? If VPN fails for some reason, I don't want it to continue downloading torrents. VM Environment - Ubuntu 17.04 x64 (hosted on ESXi 6.5) --- Folder mounted to Windows share for completed downloads - each label goes to different folder within mounted share --- AirVPN 2.12.4 installed via .deb (Even though currently not using client to connect) --- openVPN 2.4.0 --- Deluge / Deluged / Deluge WebUI 1.3.15 Conf File (Snippet) Below is the first part of my conf file I build & downloaded. If anything needs to be changed to accommodate anything above, please let me know. #####clientdev tunproto udpremote america.vpn.airdns.org 443resolv-retry infinitenobindpersist-keypersist-tunremote-cert-tls servercipher AES-256-CBCcomp-lzo noroute-delay 5verb 3explicit-exit-notify 5##### Thanks Guys!

hallo i have donwload the datat for linux and have also an howto how it should works,but i dont now it its works here are the log openvpn --config /etc/openvpn/client.conf Sun May 14 17:04:46 2017 WARNING: file '/etc/openvpn/userpass.txt' is group or o thers accessible Sun May 14 17:04:46 2017 OpenVPN 2.4.0 arm-oe-linux-gnueabi [sSL (OpenSSL)] [LZO ] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 11 2017 Sun May 14 17:04:46 2017 library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.09 Sun May 14 17:04:46 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sun May 14 17:04:46 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sun May 14 17:04:47 2017 TCP/UDP: Preserving recently used remote address: [AF_I NET]62.102.148.148:443 Sun May 14 17:04:47 2017 Socket Buffers: R=[163840->163840] S=[163840->163840] Sun May 14 17:04:47 2017 UDP link local: (not bound) Sun May 14 17:04:47 2017 UDP link remote: [AF_INET]62.102.148.148:443 Sun May 14 17:04:47 2017 TLS: Initial packet from [AF_INET]62.102.148.148:443, s id=d05661e2 cb0533cb Sun May 14 17:04:47 2017 WARNING: this configuration may cache passwords in memo ry -- use the auth-nocache option to prevent this Sun May 14 17:04:47 2017 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.or g, CN=airvpn.org CA, emailAddress=info@airvpn.org Sun May 14 17:04:47 2017 Validating certificate key usage Sun May 14 17:04:47 2017 ++ Certificate has key usage 00a0, expects 00a0 Sun May 14 17:04:47 2017 VERIFY KU OK Sun May 14 17:04:47 2017 Validating certificate extended key usage Sun May 14 17:04:47 2017 ++ Certificate has EKU (str) TLS Web Server Authenticat ion, expects TLS Web Server Authentication Sun May 14 17:04:47 2017 VERIFY EKU OK Sun May 14 17:04:47 2017 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.or g, CN=server, emailAddress=info@airvpn.org Sun May 14 17:04:47 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AE S256-GCM-SHA384, 4096 bit RSA Sun May 14 17:04:47 2017 [server] Peer Connection Initiated with [AF_INET]62.102 .148.148:443 Sun May 14 17:04:48 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Sun May 14 17:04:48 2017 PUSH: Received control message: 'PUSH_REPLY,redirect-ga teway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0 .1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.4.8 255.255.0.0' Sun May 14 17:04:48 2017 OPTIONS IMPORT: timers and/or timeouts modified Sun May 14 17:04:48 2017 OPTIONS IMPORT: compression parms modified Sun May 14 17:04:48 2017 OPTIONS IMPORT: --ifconfig/up options modified Sun May 14 17:04:48 2017 OPTIONS IMPORT: route options modified Sun May 14 17:04:48 2017 OPTIONS IMPORT: route-related options modified Sun May 14 17:04:48 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Sun May 14 17:04:48 2017 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Sun May 14 17:04:48 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sun May 14 17:04:48 2017 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Sun May 14 17:04:48 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sun May 14 17:04:48 2017 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=eth0 HWAD DR=00:6c:fd:c7:f4:5b Sun May 14 17:04:48 2017 TUN/TAP device tun1 opened Sun May 14 17:04:48 2017 TUN/TAP TX queue length set to 100 Sun May 14 17:04:48 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Sun May 14 17:04:48 2017 /sbin/ip link set dev tun1 up mtu 1500 Sun May 14 17:04:48 2017 /sbin/ip addr add dev tun1 10.4.4.8/16 broadcast 10.4.2 55.255 Sun May 14 17:04:53 2017 /sbin/ip route add 62.102.148.148/32 via 192.168.0.1 Sun May 14 17:04:53 2017 /sbin/ip route add 0.0.0.0/1 via 10.4.0.1 RTNETLINK answers: File exists Sun May 14 17:04:53 2017 ERROR: Linux route add command failed: external program exited with error status: 2 Sun May 14 17:04:53 2017 /sbin/ip route add 128.0.0.0/1 via 10.4.0.1 RTNETLINK answers: File exists Sun May 14 17:04:53 2017 ERROR: Linux route add command failed: external program exited with error status: 2 Sun May 14 17:04:53 2017 Initialization Sequence Completed root@ax51:~# openvpn --config /etc/openvpn/client.conf Sun May 14 17:04:46 2017 WARNING: file '/etc/openvpn/userpass.txt' is group or o thers accessible Sun May 14 17:04:46 2017 OpenVPN 2.4.0 arm-oe-linux-gnueabi [sSL (OpenSSL)] [LZO ] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 11 2017 Sun May 14 17:04:46 2017 library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.09 Sun May 14 17:04:46 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sun May 14 17:04:46 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sun May 14 17:04:47 2017 TCP/UDP: Preserving recently used remote address: [AF_I NET]62.102.148.148:443 Sun May 14 17:04:47 2017 Socket Buffers: R=[163840->163840] S=[163840->163840] Sun May 14 17:04:47 2017 UDP link local: (not bound) Sun May 14 17:04:47 2017 UDP link remote: [AF_INET]62.102.148.148:443 Sun May 14 17:04:47 2017 TLS: Initial packet from [AF_INET]62.102.148.148:443, s id=d05661e2 cb0533cb Sun May 14 17:04:47 2017 WARNING: this configuration may cache passwords in memo ry -- use the auth-nocache option to prevent this Sun May 14 17:04:47 2017 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.or g, CN=airvpn.org CA, emailAddress=info@airvpn.org Sun May 14 17:04:47 2017 Validating certificate key usage Sun May 14 17:04:47 2017 ++ Certificate has key usage 00a0, expects 00a0 Sun May 14 17:04:47 2017 VERIFY KU OK Sun May 14 17:04:47 2017 Validating certificate extended key usage Sun May 14 17:04:47 2017 ++ Certificate has EKU (str) TLS Web Server Authenticat ion, expects TLS Web Server Authentication Sun May 14 17:04:47 2017 VERIFY EKU OK Sun May 14 17:04:47 2017 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.or g, CN=server, emailAddress=info@airvpn.org Sun May 14 17:04:47 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AE S256-GCM-SHA384, 4096 bit RSA Sun May 14 17:04:47 2017 [server] Peer Connection Initiated with [AF_INET]62.102 .148.148:443 Sun May 14 17:04:48 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Sun May 14 17:04:48 2017 PUSH: Received control message: 'PUSH_REPLY,redirect-ga teway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0 .1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.4.8 255.255.0.0' Sun May 14 17:04:48 2017 OPTIONS IMPORT: timers and/or timeouts modified Sun May 14 17:04:48 2017 OPTIONS IMPORT: compression parms modified Sun May 14 17:04:48 2017 OPTIONS IMPORT: --ifconfig/up options modified Sun May 14 17:04:48 2017 OPTIONS IMPORT: route options modified Sun May 14 17:04:48 2017 OPTIONS IMPORT: route-related options modified Sun May 14 17:04:48 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Sun May 14 17:04:48Sun May 14 17:05:48 2017 [server] Inactivity timeout (--ping-restart), restarting Sun May 14 17:05:48 2017 SIGUSR1[soft,ping-restart] received, process restarting Sun May 14 17:05:48 2017 Restart pause, 5 second(s) Sun May 14 17:05:53 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]62.102.148.148:443 Sun May 14 17:05:53 2017 Socket Buffers: R=[163840->163840] S=[163840->163840] Sun May 14 17:05:53 2017 UDP link local: (not bound) Sun May 14 17:05:53 2017 UDP link remote: [AF_INET]62.102.148.148:443 Sun May 14 17:05:53 2017 TLS: Initial packet from [AF_INET]62.102.148.148:443, sid=4a86630a 05934325 Sun May 14 17:05:53 2017 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org Sun May 14 17:05:53 2017 Validating certificate key usage Sun May 14 17:05:53 2017 ++ Certificate has key usage 00a0, expects 00a0 Sun May 14 17:05:53 2017 VERIFY KU OK Sun May 14 17:05:53 2017 Validating certificate extended key usage Sun May 14 17:05:53 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Sun May 14 17:05:53 2017 VERIFY EKU OK Sun May 14 17:05:53 2017 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org Sun May 14 17:05:54 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA Sun May 14 17:05:54 2017 [server] Peer Connection Initiated with [AF_INET]62.102.148.148:443 Sun May 14 17:05:55 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Sun May 14 17:05:55 2017 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.4.8 255.255.0.0' Sun May 14 17:05:55 2017 OPTIONS IMPORT: timers and/or timeouts modified Sun May 14 17:05:55 2017 OPTIONS IMPORT: compression parms modified Sun May 14 17:05:55 2017 OPTIONS IMPORT: --ifconfig/up options modified Sun May 14 17:05:55 2017 OPTIONS IMPORT: route options modified Sun May 14 17:05:55 2017 OPTIONS IMPORT: route-related options modified Sun May 14 17:05:55 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Sun May 14 17:05:55 2017 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Sun May 14 17:05:55 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sun May 14 17:05:55 2017 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Sun May 14 17:05:55 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sun May 14 17:05:55 2017 Preserving previous TUN/TAP instance: tun1 Sun May 14 17:05:55 2017 Initialization Sequence Completed

Hi guys! I set up my Windows 7 PC by this instruction: https://airvpn.org/topic/3405-windows-comodo-prevent-leaks/. It's a nice HOW-TO guide and i'm very grateful for it, but is there any similar guide to add TOR before my VPN connection? I tried to find some info on this forum, but I couldn't. So, if anybody knows links to HOW-TO guides please give it to me. Thank you! P.S. - I know about Eddie, but i really want to set up it with OpenVPN.

Here's a strange problem. I use openvpn to connect to AirVPN, with the update-resolv-conf script to prevent DNS 'leaks' (I know they "don't happen on Linux", but that's what I'm calling it). After starting the VPN, going to dnsleaktest.com, and hitting the extended test, the first query comes back as 2 and shows both my ISP and Air, and all of the rest come back as 1 showing only Air. If I retest or go to another DNS leak checking site (like ipleak.net) after doing this, only Air is shown. If I go to a different site and check *before* using dnsleaktest.com, it will detect my ISP. If I retest, it still shows my ISP along with Air. In short, I am getting DNS 'leaks' until I test for them using dnsleaktest.com. What could be causing this, and how can I fix it? Edit: It seems that testing with dnsleak.com also 'fixes' it.

Unfortunately, this is a bit of a multi-disciplinary question that has to be prefaced with some background. I've got my connection to AirVPN set up on my pfSense box and am using the Resolver there in the default, non-forwarding mode. That means for DNS lookups, pfSense (through Resolver) is supposed to directly query the top-level DNS servers for name resolution without using any specified, lower-level DNS servers. In one sense, it seems to be working in that none of the leak-testing sites (like ipleak.net) show any DNS servers other than AirVPNs. On the other hand, I don't understand how those sites even see those AirVPN DNS servers at all since pfSense isn't set up to use them. Worse, I recently found out that DNS queries through Resolver in the default, non-forwarding mode do NOT get routed through the NAT/Firewall rules: they're sent out the default gateway (my WAN, not my VPN tunnel). So, theoretically, my DNS lookups are in the open instead of through AirVPN. If that's true, why do places like ipleak.net not show a DNS leak? How do they determine what DNS server I'm using? Does it just ask my server what DNS is associated with it? Or, does it look for the DNS requests coming from my system? But, if Resolver is sending its own DNS requests over the WAN, then would places like ipleak.net even see them?

Multiple security Vulnerabilities were found in Openvpn 2.4.1. OpenVPN 2.4.1 was simultaneously reviewed by Quarkslab (funded by OSTIF). Here is a link to the audit information. https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits