Search the Community

In OpenVPN for iOS, Is it possible to view the list of specific servers in a country profile before connecting to one? Eddie has that option, and I sometimes use it if I need a server in a specific location. For iOS, I’ve downloaded a config file for a country, but OpenVPN seems to choose the best server within that country automatically, invisibly. (Which is usually very helpful but sometimes not.) I’ve downloaded some config files for specific servers within that country, so I can connect directly to a specific server if I want, but having to connect to each one first to see its performance is silly. Thanks.

I'm running OpenVPN on DD-WRT. Everything seems to work fine, but in the OpenVPN logs I see I guess this means the configuration will stop working at some point? Is there some other configuration I should use instead?

First of all, I would like to declare that I read and implemented this post: https://airvpn.org/topic/11476-using-airvpn-with-openvpn-for-android/ On OpenVPN, I imported the config file that I generated through AirVPN, and when it comes to activating that config file, I just cannot confirm the dialogue box showing up. It is displaying that there is a connection request and OpenVPN for android wants to set up a VPN connection that allows it to monitor network traffic. I just cannot click OK when this dialogue box pops up... I tried all kinds of things that I thought would affect the result without any success such as giving storage permission to OpenVPN, generating the config file as both UDP and TCP, selecting platform as both Android and Linux, as well as selecting various servers. Don't know what else I can do. I even tried to directly connect to VPN without OpenVPN through Android VPN settings. Your help would be greatly appreciated. Thanks

Hello, I have problems when downloading with AirVPN on Ubuntu 16.04 using OpenVPN client. I have tried switching to other VPN servers, but still have problems with the download speed. The speed often goes to zero and sometimes it goes up, but then quickly drops to zero again. For example it goes up to 1.1Mbit and then slowly goes back to zero. And 1.1Mbit is not even close to my actual network speed. When I disable openvpn the download speed is back to normal. Any ideas why this is happening? Cheers!

Hey, the day before yesterday, I installed QVPN on my QNAP 253a. There, I used a OpenVPN file form AirVPN. Without VPN, I get spends of about 35 MB/s. With VPN, I get a maximum of 2 MB/s. The CPU should be fast enough for it and while connected with OpenVPN I do not get high CPU usage. I tired it with UPC and TCP but it won't get faster. Do you have any idea what could fix it? Thanks for your help! Regards, Hannes

Hi AirVPN users! The latest OpenVPN for DD-WRT can be found here ftp://ftp.dd-wrt.com/betas/2020 but please choice builds higher then 06-01-2017-r32170 as lower builds dont have the vulnerabilities patch https://ostif.org/the-openvpn-2-4-0-audit-by-ostif-and-quarkslab-results

I just installed OpenVPN for Android on my phone today. After some phone buggy-ness and fiddling, I got it all working. Cool. But I noticed that when connecting to AirVPN, I was never asked for my login+pw. Hmmm... Ok, I now figure the .ovpn files I generated and imported have some keys/certificates embedded that authenticate me personally as the user who needs to login/connect to AirVPN. If that's true, and if my phone is stolen, how can I invalidate those credentials of mine so the thief can't login to AirVPN as me? Will a simple password change on the AirVPN website do the trick? (Thanks, everyone.)

I was reading the locked thread about AirVPN updating their server-side in response to the article about security vulnerabilities in OpenVPN, and was wondering how a user of, say Windows, or a user with OpenVPN on their mobile device would go about updating in a way that would maintain the settings they're currently using for AirVPN? The aforementioned thread does include a way to update in Linux, but doesn't say anything about other OS systems.

I am looking for a new VPN service for I am experiencing geolocation problems with my actual provider. AirVPN looks like could be the one that suits me quite well. Actually, it could be perfect if it had 5 connections but I know this is not an option, unlikely... Anyway, browsing around the site I got a doubt and I am asking for clarifications. If I got it right, when I am connected to any server (let's say a server in Hong Kong) I can still access georestricted contents for some broadcasters (for example, BBC, FranceTV, RAI, RSI). All of these from within the same server! Is it right? If so, is it true for any server? In the case, I am puzzled: how does it work? On the other side, if a site which is georestricted is not in the "granted" list in the "Website support" page, then to access it I need to connect to a server in the same country as the site, right? So, if there is not such a server, I can not access such a site (and, I must say, the list of countries with a server is not impressive). Now a couple of questions about the client and the connection. I am using linux, so I think I have two options: AirVPN client (aka Eddie) or openvpn. Is there a difference between the two of them? Is one of them to be preferred (and why)? Is it possible, with any of them, to choose an "auto" connection (ie, the one which should be the best at the moment of going up)? I am asking this because on my desktop it would make little to none difference to use one client or the other, but I am also using it on my raspberry where for me the (much) preferred choice would be openvpn, so I would like to get the most from such client. Thank you in advance.

Using the Pfsense 2.3 install guide https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/ When I get to step 3A, "Step 3-A: Setting up the OpenVPN Client" I get the following error: "An IPv4 protocol was selected, but the selected interface has no IPv4 address." After Googling some, I see that this error *might* be a bug in PfSense 2.3 and how it uses OpenVPN? Or something else? I checked steps 1-2 thoroughly, and I am pretty sure I am following the instrux. Thanks for any guidance.

When deciding which pfSense router hardware to use with AirVPN I like to test CPU/System performance to know what the limits of the hardware are. I normally do this on my LAN so I can be sure to eliminate network problems. The basic method I use is to set a simple OpenVPN tunnel between two machines using the shell command line openvpn. I then use iperf3 to measure the throughput of the tunnel. This works for my router, pfSense, Intel Celeron N3150. I get a test result of 127Mb/s, slighy higher if I used the rdrand engine ~134Mb/s. All well and good. This is the router hardware I now run my pfsense connection to airvpn with. The problem is, and it is a silly problem, is that the performance to AirVPN is much better than my theoretical LAN maximum. I get 155Mb/s, which could be limited by my ISP rather than router CPU. I have checked all the OpenVPN parameters between the tunnel to AirVPN and the tunnel on my LAN and they look similar enough apart from AirVPN is using dyname/TLS keys. Obviously my test is wrong, but I just can't see what is wrong with it. The only way I can get my LAN openvpn tunnel to work as fast as the WAN one to AirVPN is to raise tun-mtu to about 1900. But I'm pretty sure Airvpn use 1500. I don't expect anyone will be able to help but there is always hoping ;o)

Hello, I've created a router config and set it up on my router, but the traffic is not going through the VPN. Here is a part of the generated router config without the certificates: clientdev tun proto udp remote us.vpn.airdns.org 443 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server cipher AES-256-CBC comp-lzo no route-delay 5 verb 3 explicit-exit-notify 5 Here is my router log: Mar 22 09:11:09 RT-N56U: WAN up (eth3) Mar 22 09:11:09 dnsmasq[397]: read /etc/hosts - 3 addresses Mar 22 09:11:09 dnsmasq[397]: read /etc/storage/dnsmasq/hosts - 0 addresses Mar 22 09:11:09 dnsmasq-dhcp[397]: read /etc/dnsmasq/dhcp/dhcp-hosts.rc Mar 22 09:11:09 dnsmasq[397]: using nameserver 167.206.10.178#53 Mar 22 09:11:09 dnsmasq[397]: using nameserver 167.206.10.179#53 Mar 22 09:11:09 miniupnpd[449]: version 1.9 starting UPnP-IGD ext if eth3 BOOTID=1490188269 Mar 22 09:11:09 miniupnpd[449]: HTTP listening on port 17455 Mar 22 09:11:09 httpd[445]: Server listening port 80 (HTTP). Mar 22 09:11:10 RT-N56U: starting OpenVPN client... Mar 22 09:11:10 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 22 09:11:10 kernel: br0: port 3(rai0) entered forwarding state Mar 22 09:11:10 kernel: br0: port 2(ra0) entered forwarding state Mar 22 09:11:10 kernel: br0: port 1(eth2) entered forwarding state Mar 22 09:11:19 NTP Client: Synchronizing time to pool.ntp.org. Mar 22 09:11:22 NTP Client: System time changed, offset: 2.135226s Mar 22 09:12:13 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 22 09:13:15 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 22 09:14:17 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 22 09:15:19 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 22 09:16:21 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 22 09:17:23 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 22 09:18:25 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 22 09:19:27 openvpn-cli[476]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Attaching a screenshot from my router admin config: Can you please help me troubleshoot? Thanks!Jim

Hey Guys - I just recently started using AirVPN and have spent the weekend setting up a few things. I subscribed to AirVPN with the plan of using a local VM with my fiber connection instead of a remote Seedbox. My goal is to have the local VM on 24/7 running Deluge and have it save all completed files to my primary system. I host too many things on my primary system plus must connect to work's VPN on it which is why I'm using this setup. I've already mounted the share for the downloads in the VM, set everything up, and all seems to be working except one thing. Just wanted to ask a couple of questions including verification that how I set it up is the best suggested method for what I'm trying to do, please. Questions 1. From Deluge's WebUI in a browser, I can connect to Deluge's Daemon. From the WebUI, it connects to 127.0.0.1:58846 (local ip because it's hosted on same system as daemon. However, when I try to connect to the Daemon using the Deluge Client with classic mode disabled, I cannot from my PC using the local IP and same port or even on the hosting PC using 127.0.0.1:58846. This only occurs when the VPN is connected. I tried connecting via DDNS from a forwarded port I created using 58846 as local port but also didn't work 2. Even though I installed AirVPN in the VM (Ubuntu 17.04 x64), it didn't have an option to launch at boot so instead I installed openvpn as a service and have it configured to launch the config file I downloaded at boot to automatically connect. Does connecting this way still offer all of the features such as ports I forward? If not or there's a better way to accomplish this, please let me know 3. Is there a way to implement network lock when using the openvpn method above - or - if openVPN looses connection, will it automatically reconnect? If VPN fails for some reason, I don't want it to continue downloading torrents. VM Environment - Ubuntu 17.04 x64 (hosted on ESXi 6.5) --- Folder mounted to Windows share for completed downloads - each label goes to different folder within mounted share --- AirVPN 2.12.4 installed via .deb (Even though currently not using client to connect) --- openVPN 2.4.0 --- Deluge / Deluged / Deluge WebUI 1.3.15 Conf File (Snippet) Below is the first part of my conf file I build & downloaded. If anything needs to be changed to accommodate anything above, please let me know. #####clientdev tunproto udpremote america.vpn.airdns.org 443resolv-retry infinitenobindpersist-keypersist-tunremote-cert-tls servercipher AES-256-CBCcomp-lzo noroute-delay 5verb 3explicit-exit-notify 5##### Thanks Guys!

hallo i have donwload the datat for linux and have also an howto how it should works,but i dont now it its works here are the log openvpn --config /etc/openvpn/client.conf Sun May 14 17:04:46 2017 WARNING: file '/etc/openvpn/userpass.txt' is group or o thers accessible Sun May 14 17:04:46 2017 OpenVPN 2.4.0 arm-oe-linux-gnueabi [sSL (OpenSSL)] [LZO ] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 11 2017 Sun May 14 17:04:46 2017 library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.09 Sun May 14 17:04:46 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sun May 14 17:04:46 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sun May 14 17:04:47 2017 TCP/UDP: Preserving recently used remote address: [AF_I NET]62.102.148.148:443 Sun May 14 17:04:47 2017 Socket Buffers: R=[163840->163840] S=[163840->163840] Sun May 14 17:04:47 2017 UDP link local: (not bound) Sun May 14 17:04:47 2017 UDP link remote: [AF_INET]62.102.148.148:443 Sun May 14 17:04:47 2017 TLS: Initial packet from [AF_INET]62.102.148.148:443, s id=d05661e2 cb0533cb Sun May 14 17:04:47 2017 WARNING: this configuration may cache passwords in memo ry -- use the auth-nocache option to prevent this Sun May 14 17:04:47 2017 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.or g, CN=airvpn.org CA, emailAddress=info@airvpn.org Sun May 14 17:04:47 2017 Validating certificate key usage Sun May 14 17:04:47 2017 ++ Certificate has key usage 00a0, expects 00a0 Sun May 14 17:04:47 2017 VERIFY KU OK Sun May 14 17:04:47 2017 Validating certificate extended key usage Sun May 14 17:04:47 2017 ++ Certificate has EKU (str) TLS Web Server Authenticat ion, expects TLS Web Server Authentication Sun May 14 17:04:47 2017 VERIFY EKU OK Sun May 14 17:04:47 2017 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.or g, CN=server, emailAddress=info@airvpn.org Sun May 14 17:04:47 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AE S256-GCM-SHA384, 4096 bit RSA Sun May 14 17:04:47 2017 [server] Peer Connection Initiated with [AF_INET]62.102 .148.148:443 Sun May 14 17:04:48 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Sun May 14 17:04:48 2017 PUSH: Received control message: 'PUSH_REPLY,redirect-ga teway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0 .1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.4.8 255.255.0.0' Sun May 14 17:04:48 2017 OPTIONS IMPORT: timers and/or timeouts modified Sun May 14 17:04:48 2017 OPTIONS IMPORT: compression parms modified Sun May 14 17:04:48 2017 OPTIONS IMPORT: --ifconfig/up options modified Sun May 14 17:04:48 2017 OPTIONS IMPORT: route options modified Sun May 14 17:04:48 2017 OPTIONS IMPORT: route-related options modified Sun May 14 17:04:48 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Sun May 14 17:04:48 2017 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Sun May 14 17:04:48 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sun May 14 17:04:48 2017 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Sun May 14 17:04:48 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sun May 14 17:04:48 2017 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=eth0 HWAD DR=00:6c:fd:c7:f4:5b Sun May 14 17:04:48 2017 TUN/TAP device tun1 opened Sun May 14 17:04:48 2017 TUN/TAP TX queue length set to 100 Sun May 14 17:04:48 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Sun May 14 17:04:48 2017 /sbin/ip link set dev tun1 up mtu 1500 Sun May 14 17:04:48 2017 /sbin/ip addr add dev tun1 10.4.4.8/16 broadcast 10.4.2 55.255 Sun May 14 17:04:53 2017 /sbin/ip route add 62.102.148.148/32 via 192.168.0.1 Sun May 14 17:04:53 2017 /sbin/ip route add 0.0.0.0/1 via 10.4.0.1 RTNETLINK answers: File exists Sun May 14 17:04:53 2017 ERROR: Linux route add command failed: external program exited with error status: 2 Sun May 14 17:04:53 2017 /sbin/ip route add 128.0.0.0/1 via 10.4.0.1 RTNETLINK answers: File exists Sun May 14 17:04:53 2017 ERROR: Linux route add command failed: external program exited with error status: 2 Sun May 14 17:04:53 2017 Initialization Sequence Completed root@ax51:~# openvpn --config /etc/openvpn/client.conf Sun May 14 17:04:46 2017 WARNING: file '/etc/openvpn/userpass.txt' is group or o thers accessible Sun May 14 17:04:46 2017 OpenVPN 2.4.0 arm-oe-linux-gnueabi [sSL (OpenSSL)] [LZO ] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 11 2017 Sun May 14 17:04:46 2017 library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.09 Sun May 14 17:04:46 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sun May 14 17:04:46 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sun May 14 17:04:47 2017 TCP/UDP: Preserving recently used remote address: [AF_I NET]62.102.148.148:443 Sun May 14 17:04:47 2017 Socket Buffers: R=[163840->163840] S=[163840->163840] Sun May 14 17:04:47 2017 UDP link local: (not bound) Sun May 14 17:04:47 2017 UDP link remote: [AF_INET]62.102.148.148:443 Sun May 14 17:04:47 2017 TLS: Initial packet from [AF_INET]62.102.148.148:443, s id=d05661e2 cb0533cb Sun May 14 17:04:47 2017 WARNING: this configuration may cache passwords in memo ry -- use the auth-nocache option to prevent this Sun May 14 17:04:47 2017 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.or g, CN=airvpn.org CA, emailAddress=info@airvpn.org Sun May 14 17:04:47 2017 Validating certificate key usage Sun May 14 17:04:47 2017 ++ Certificate has key usage 00a0, expects 00a0 Sun May 14 17:04:47 2017 VERIFY KU OK Sun May 14 17:04:47 2017 Validating certificate extended key usage Sun May 14 17:04:47 2017 ++ Certificate has EKU (str) TLS Web Server Authenticat ion, expects TLS Web Server Authentication Sun May 14 17:04:47 2017 VERIFY EKU OK Sun May 14 17:04:47 2017 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.or g, CN=server, emailAddress=info@airvpn.org Sun May 14 17:04:47 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AE S256-GCM-SHA384, 4096 bit RSA Sun May 14 17:04:47 2017 [server] Peer Connection Initiated with [AF_INET]62.102 .148.148:443 Sun May 14 17:04:48 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Sun May 14 17:04:48 2017 PUSH: Received control message: 'PUSH_REPLY,redirect-ga teway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0 .1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.4.8 255.255.0.0' Sun May 14 17:04:48 2017 OPTIONS IMPORT: timers and/or timeouts modified Sun May 14 17:04:48 2017 OPTIONS IMPORT: compression parms modified Sun May 14 17:04:48 2017 OPTIONS IMPORT: --ifconfig/up options modified Sun May 14 17:04:48 2017 OPTIONS IMPORT: route options modified Sun May 14 17:04:48 2017 OPTIONS IMPORT: route-related options modified Sun May 14 17:04:48 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Sun May 14 17:04:48Sun May 14 17:05:48 2017 [server] Inactivity timeout (--ping-restart), restarting Sun May 14 17:05:48 2017 SIGUSR1[soft,ping-restart] received, process restarting Sun May 14 17:05:48 2017 Restart pause, 5 second(s) Sun May 14 17:05:53 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]62.102.148.148:443 Sun May 14 17:05:53 2017 Socket Buffers: R=[163840->163840] S=[163840->163840] Sun May 14 17:05:53 2017 UDP link local: (not bound) Sun May 14 17:05:53 2017 UDP link remote: [AF_INET]62.102.148.148:443 Sun May 14 17:05:53 2017 TLS: Initial packet from [AF_INET]62.102.148.148:443, sid=4a86630a 05934325 Sun May 14 17:05:53 2017 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org Sun May 14 17:05:53 2017 Validating certificate key usage Sun May 14 17:05:53 2017 ++ Certificate has key usage 00a0, expects 00a0 Sun May 14 17:05:53 2017 VERIFY KU OK Sun May 14 17:05:53 2017 Validating certificate extended key usage Sun May 14 17:05:53 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Sun May 14 17:05:53 2017 VERIFY EKU OK Sun May 14 17:05:53 2017 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org Sun May 14 17:05:54 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA Sun May 14 17:05:54 2017 [server] Peer Connection Initiated with [AF_INET]62.102.148.148:443 Sun May 14 17:05:55 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Sun May 14 17:05:55 2017 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.4.8 255.255.0.0' Sun May 14 17:05:55 2017 OPTIONS IMPORT: timers and/or timeouts modified Sun May 14 17:05:55 2017 OPTIONS IMPORT: compression parms modified Sun May 14 17:05:55 2017 OPTIONS IMPORT: --ifconfig/up options modified Sun May 14 17:05:55 2017 OPTIONS IMPORT: route options modified Sun May 14 17:05:55 2017 OPTIONS IMPORT: route-related options modified Sun May 14 17:05:55 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Sun May 14 17:05:55 2017 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Sun May 14 17:05:55 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sun May 14 17:05:55 2017 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Sun May 14 17:05:55 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sun May 14 17:05:55 2017 Preserving previous TUN/TAP instance: tun1 Sun May 14 17:05:55 2017 Initialization Sequence Completed

Hi guys! I set up my Windows 7 PC by this instruction: https://airvpn.org/topic/3405-windows-comodo-prevent-leaks/. It's a nice HOW-TO guide and i'm very grateful for it, but is there any similar guide to add TOR before my VPN connection? I tried to find some info on this forum, but I couldn't. So, if anybody knows links to HOW-TO guides please give it to me. Thank you! P.S. - I know about Eddie, but i really want to set up it with OpenVPN.

Here's a strange problem. I use openvpn to connect to AirVPN, with the update-resolv-conf script to prevent DNS 'leaks' (I know they "don't happen on Linux", but that's what I'm calling it). After starting the VPN, going to dnsleaktest.com, and hitting the extended test, the first query comes back as 2 and shows both my ISP and Air, and all of the rest come back as 1 showing only Air. If I retest or go to another DNS leak checking site (like ipleak.net) after doing this, only Air is shown. If I go to a different site and check *before* using dnsleaktest.com, it will detect my ISP. If I retest, it still shows my ISP along with Air. In short, I am getting DNS 'leaks' until I test for them using dnsleaktest.com. What could be causing this, and how can I fix it? Edit: It seems that testing with dnsleak.com also 'fixes' it.

Unfortunately, this is a bit of a multi-disciplinary question that has to be prefaced with some background. I've got my connection to AirVPN set up on my pfSense box and am using the Resolver there in the default, non-forwarding mode. That means for DNS lookups, pfSense (through Resolver) is supposed to directly query the top-level DNS servers for name resolution without using any specified, lower-level DNS servers. In one sense, it seems to be working in that none of the leak-testing sites (like ipleak.net) show any DNS servers other than AirVPNs. On the other hand, I don't understand how those sites even see those AirVPN DNS servers at all since pfSense isn't set up to use them. Worse, I recently found out that DNS queries through Resolver in the default, non-forwarding mode do NOT get routed through the NAT/Firewall rules: they're sent out the default gateway (my WAN, not my VPN tunnel). So, theoretically, my DNS lookups are in the open instead of through AirVPN. If that's true, why do places like ipleak.net not show a DNS leak? How do they determine what DNS server I'm using? Does it just ask my server what DNS is associated with it? Or, does it look for the DNS requests coming from my system? But, if Resolver is sending its own DNS requests over the WAN, then would places like ipleak.net even see them?

Multiple security Vulnerabilities were found in Openvpn 2.4.1. OpenVPN 2.4.1 was simultaneously reviewed by Quarkslab (funded by OSTIF). Here is a link to the audit information. https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits

Hello, I need help for my VPN setup. I already have very good skills in using Windows Operating Systems, but i am a new in linux, started using it 1 month ago. My Main Operating System is Linux Mint 18.1. Virtualbox is installed with Whonix Gateway and Whonix Workstation. I was able to run AirVPN Service with Eddie Client on any servers without problems. But for some reason, i can't connect to VPN with OpenVPN Client over Linux Terminal. First i tried port forwarding on my router and then it worked. But i don't want to open router ports for security reasons. Maybe i should forward the needed ports directly over eddie client. Following protocol settings were used: AirVPN_Netherlands_SSH-80 (VPN over SSH, all Netherlands Servers, Port 80) I know all connections are established over remote 127.0.0.1 1412 in openvpn.config. Another port i figured out in AirVPN_Netherlands_SSH-80.sh file is Port 2018. I think the best way to open it would be over Linux Mint directly, but i dont know how to do it. But running VPN in Linux Mint is not as important as running VPN in Whonix-Gateway. That was the first part. The second part are the same connection issues when trying to setup AirVPN over the Whonix Gateway OpenVPN client. The VPN should run before entering Tor Network. I always got the Error: Connection Refused. Maybe the problem is the same, and i have to open ports there, too. But i could not figure out, how to open ports in whonix firewall. The setup is very complex at all. I would like to know, if anyone was able to do this setup correctly. I used the how to from Whonix Wiki Page: https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor#Inside_Whonix-Gateway Maybe my openvpn.config file is wrong. I even don't know if i really need this file, becaue the .ovpn contains almost the same command lines. I think i should add the config of the most important files, to check out wrong details: sudo nano /etc/whonix_firewall.d/50_user.conf ## Make sure Tor always connects through the VPN.## Enable: 1## Disable: 0## DISABELD BY DEFAULT, because it requires a VPN provider.VPN_FIREWALL=1## For OpenVPN.#VPN_INTERFACE=tun0## Destinations you don not want routed through the VPN.## 10.0.2.2-10.0.2.24: VirtualBox DHCP# LOCAL_NET="\# 127.0.0.0-127.0.0.24 \# 192.168.0.0-192.168.0.24 \# 192.168.1.0-192.168.1.24 \# 10.152.152.0-10.152.152.24 \# 10.0.2.2-10.0.2.24 \# " sudo nano /etc/sudoers.d/tunnel_unpriv tunnel ALL=(ALL) NOPASSWD: /bin/iptunnel ALL=(ALL) NOPASSWD: /usr/sbin/openvpn *Defaults:tunnel !requirettyThat are mostly Whonix specific settings, but then things started to get complicated, because the Tutorial Example VPN was Riseup VPN. I don't know if auth.txt is working exactly the same Way for AirVPN. I added username and password for AirVPN instead of Riseup... sudo nano /etc/openvpn/auth.txt riseupusernamevpnsecretHere is the openvpn.conf file that I have written... I think the main problem is the connection to remote server 127.0.0.1 1412. It is a little bit confusing, that all servers of netherlands -or even if i had used global server list for SSH VPN Port 80- using the same remote server. Alternatively, i could add all IP's manually, right? Then my file should look like this: Depending to this .conf file, I have to open port 3599. I would like to know, where i had failed configuration and how to open ports in Whonix Firewall / AirVPN Client Area. Best regards

Hello! I am having troubles trying to connect with openvpn (Android ) It worked fine until today....(I am not tech-savy at all) I already tried to uncheck the bypass option...And both TCP and UDP protocols. https://airvpn.org/topic/19934-openvpn-for-android-connection-refused/?hl=+connection%20+refused%20+code Thank you. EDIT: seems to work now....

Hi all Relatively new to using VPNs, and although I am very familiar with the concept and the benefits, have only just got round to getting started. I'm wondering if someone can please help me with OpenVPN on iOS! I have used the configurator and imported profiles of several servers, and yet the OpenVPN app remains in 'Disconnected' state regardless of flicking the switch on. If I head to Settings on the device, the VPN entry is listed, but the switch will not move from the Status entry, and remains 'Not Connected'. The app doesn't even appear to be generating any logs whatsoever and I'm wondering what on earth I've done wrong...I got everything going on my MacBook Pro in about 2 minutes! Any help would be greatly appreciated, and thanks in advance!

Hi Everyone I am helping a friend make the transition from windows to Linux. Everything is working just fine for him except we can not get magnet links to work when the VPN is on. He is running Ubuntu 16.04, connecting to VPN using openvpn and is using Vuze for a torrent client. Torrent files download fast and web browsing works perfectly but magnet links fail to do anything, they just sit there trying to connect, they never connect or throw a error. As soon as I take the vpn down the connect immediately. I have tried both UDP and TCP Vpn connections and several different torrent clients and get the same results. I have a similar setup on one of my machines and have not had any problems with magnet links and cannot figure out what is going on. Any help is greatly appreciated.

I've noticed that the number of public WiFi operators making AirVPN unuseable is increasing. To be honest, I don't think it is specifically AirVPN being targeted. I can establish an outbound tunnel quickly and easily, but am then unable to connect to anything via the tunnel. When I look at the stats, the packet counters just stop incrementing. So far I've seen this behaviour with: BT WiFi (any flavour) - Never workedO2 WiFi (certain branded outlets, including Sainsbury, Asda)The Cloud (just started recently).Other providers (including my home broadband, guest wireless at work and (I think) IKEA) work fine so I think the config which comes directly from OpenVPN anyway is OK. Are they likely to be inspecting the traffic and discarding it because it's encrypted, or can it be resolved by reducing frame size, and/or using a different AirVPN transport?

Hi, I am used to using *sudo openvpn --config file.ovpn* and will not switch to use any GUI. However after switching to Ubuntu 16.04 LTS I cannot connect to AirVPN - the log looks like connection succeeded but I have no internet connection. Could you please point me to a tutorial on how to connect from terminal? I cannot find any. ~/AirVPN$ sudo openvpn --config germany.ovpn Mon Mar 27 09:40:44 2017 OpenVPN 2.3.10 x86_64-pc-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [iPv6] built on Feb 2 2016Mon Mar 27 09:40:44 2017 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08Mon Mar 27 09:40:44 2017 Control Channel Authentication: tls-auth using INLINE static key fileMon Mar 27 09:40:44 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authenticationMon Mar 27 09:40:44 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authenticationMon Mar 27 09:40:44 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]Mon Mar 27 09:40:44 2017 UDPv4 link local: [undef]Mon Mar 27 09:40:44 2017 UDPv4 link remote: [AF_INET]178.162.198.112:2018Mon Mar 27 09:40:46 2017 TLS: Initial packet from [AF_INET]178.162.198.112:2018, sid=5f8e2f65 10b9f080Mon Mar 27 09:40:46 2017 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.orgMon Mar 27 09:40:46 2017 Validating certificate key usageMon Mar 27 09:40:46 2017 ++ Certificate has key usage 00a0, expects 00a0Mon Mar 27 09:40:46 2017 VERIFY KU OKMon Mar 27 09:40:46 2017 Validating certificate extended key usageMon Mar 27 09:40:46 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server AuthenticationMon Mar 27 09:40:46 2017 VERIFY EKU OKMon Mar 27 09:40:46 2017 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.orgMon Mar 27 09:40:47 2017 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit keyMon Mar 27 09:40:47 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authenticationMon Mar 27 09:40:47 2017 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit keyMon Mar 27 09:40:47 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authenticationMon Mar 27 09:40:47 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSAMon Mar 27 09:40:47 2017 [server] Peer Connection Initiated with [AF_INET]178.162.198.112:2018Mon Mar 27 09:40:49 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)Mon Mar 27 09:40:49 2017 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.30.0.1,comp-lzo no,route-gateway 10.30.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.30.0.155 255.255.0.0'Mon Mar 27 09:40:49 2017 OPTIONS IMPORT: timers and/or timeouts modifiedMon Mar 27 09:40:49 2017 OPTIONS IMPORT: LZO parms modifiedMon Mar 27 09:40:49 2017 OPTIONS IMPORT: --ifconfig/up options modifiedMon Mar 27 09:40:49 2017 OPTIONS IMPORT: route options modifiedMon Mar 27 09:40:49 2017 OPTIONS IMPORT: route-related options modifiedMon Mar 27 09:40:49 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modifiedMon Mar 27 09:40:49 2017 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlp2s0 HWADDR=48:51:b7:b2:37:2fMon Mar 27 09:40:49 2017 TUN/TAP device tun0 openedMon Mar 27 09:40:49 2017 TUN/TAP TX queue length set to 100Mon Mar 27 09:40:49 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0Mon Mar 27 09:40:49 2017 /sbin/ip link set dev tun0 up mtu 1500Mon Mar 27 09:40:49 2017 /sbin/ip addr add dev tun0 10.30.0.155/16 broadcast 10.30.255.255Mon Mar 27 09:40:49 2017 /sbin/ip route add 178.162.198.112/32 via 192.168.0.1Mon Mar 27 09:40:49 2017 /sbin/ip route add 0.0.0.0/1 via 10.30.0.1Mon Mar 27 09:40:49 2017 /sbin/ip route add 128.0.0.0/1 via 10.30.0.1Mon Mar 27 09:40:49 2017 Initialization Sequence Completed

read through thread after thread and i can't solve this... i need DNS to work both within and outside of the VPN (using a different connection), but when the tunnel connection is active, i want to use only the DNS provided by the Air servers mint 18.1/opendns process should be straight forward: config gen > advanced > resolve host names > generate > change 'opvn' extensions to 'conf' and dump files in /etc/openvpn router (tomato): advanced > DHCP/DNS > 'Use internal DNS' ??? i don't know, but doesn't seem to work without this selected - 'Use received DNS with user-entered DNS' ??? i don't know OS: connection editor > IPV4 > method: tried 'automatic' and 'automatic (addresses only)' - no DNS servers added to the IPV4 tab (shouldn't need any since domains were resolved when i gen'd the config's?) so when i restart openvpn and connect to the connection i created, i expect that no DNS lookup should be needed to reach the VPN because the IP's were resolved when i gen'd the config files - and after i connect, i should be using the VPN DNS, however i cannot even connect to the servers adding 10.4.0.1 to resolv.conf does not survive a reboot and nothing else i've tried works the only way i can connect seems to be to set 'method' to 'automatic' in the connection editor and use the random DNS servers configured in the router - so when i go to ipleak.net, i'm connected to the VPN, but the DNS is not provided by the VPN server