Search the Community

Hello, I need help for my VPN setup. I already have very good skills in using Windows Operating Systems, but i am a new in linux, started using it 1 month ago. My Main Operating System is Linux Mint 18.1. Virtualbox is installed with Whonix Gateway and Whonix Workstation. I was able to run AirVPN Service with Eddie Client on any servers without problems. But for some reason, i can't connect to VPN with OpenVPN Client over Linux Terminal. First i tried port forwarding on my router and then it worked. But i don't want to open router ports for security reasons. Maybe i should forward the needed ports directly over eddie client. Following protocol settings were used: AirVPN_Netherlands_SSH-80 (VPN over SSH, all Netherlands Servers, Port 80) I know all connections are established over remote 127.0.0.1 1412 in openvpn.config. Another port i figured out in AirVPN_Netherlands_SSH-80.sh file is Port 2018. I think the best way to open it would be over Linux Mint directly, but i dont know how to do it. But running VPN in Linux Mint is not as important as running VPN in Whonix-Gateway. That was the first part. The second part are the same connection issues when trying to setup AirVPN over the Whonix Gateway OpenVPN client. The VPN should run before entering Tor Network. I always got the Error: Connection Refused. Maybe the problem is the same, and i have to open ports there, too. But i could not figure out, how to open ports in whonix firewall. The setup is very complex at all. I would like to know, if anyone was able to do this setup correctly. I used the how to from Whonix Wiki Page: https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor#Inside_Whonix-Gateway Maybe my openvpn.config file is wrong. I even don't know if i really need this file, becaue the .ovpn contains almost the same command lines. I think i should add the config of the most important files, to check out wrong details: sudo nano /etc/whonix_firewall.d/50_user.conf ## Make sure Tor always connects through the VPN.## Enable: 1## Disable: 0## DISABELD BY DEFAULT, because it requires a VPN provider.VPN_FIREWALL=1## For OpenVPN.#VPN_INTERFACE=tun0## Destinations you don not want routed through the VPN.## 10.0.2.2-10.0.2.24: VirtualBox DHCP# LOCAL_NET="\# 127.0.0.0-127.0.0.24 \# 192.168.0.0-192.168.0.24 \# 192.168.1.0-192.168.1.24 \# 10.152.152.0-10.152.152.24 \# 10.0.2.2-10.0.2.24 \# " sudo nano /etc/sudoers.d/tunnel_unpriv tunnel ALL=(ALL) NOPASSWD: /bin/iptunnel ALL=(ALL) NOPASSWD: /usr/sbin/openvpn *Defaults:tunnel !requirettyThat are mostly Whonix specific settings, but then things started to get complicated, because the Tutorial Example VPN was Riseup VPN. I don't know if auth.txt is working exactly the same Way for AirVPN. I added username and password for AirVPN instead of Riseup... sudo nano /etc/openvpn/auth.txt riseupusernamevpnsecretHere is the openvpn.conf file that I have written... I think the main problem is the connection to remote server 127.0.0.1 1412. It is a little bit confusing, that all servers of netherlands -or even if i had used global server list for SSH VPN Port 80- using the same remote server. Alternatively, i could add all IP's manually, right? Then my file should look like this: Depending to this .conf file, I have to open port 3599. I would like to know, where i had failed configuration and how to open ports in Whonix Firewall / AirVPN Client Area. Best regards

Hello! I am having troubles trying to connect with openvpn (Android ) It worked fine until today....(I am not tech-savy at all) I already tried to uncheck the bypass option...And both TCP and UDP protocols. https://airvpn.org/topic/19934-openvpn-for-android-connection-refused/?hl=+connection%20+refused%20+code Thank you. EDIT: seems to work now....

Hi all Relatively new to using VPNs, and although I am very familiar with the concept and the benefits, have only just got round to getting started. I'm wondering if someone can please help me with OpenVPN on iOS! I have used the configurator and imported profiles of several servers, and yet the OpenVPN app remains in 'Disconnected' state regardless of flicking the switch on. If I head to Settings on the device, the VPN entry is listed, but the switch will not move from the Status entry, and remains 'Not Connected'. The app doesn't even appear to be generating any logs whatsoever and I'm wondering what on earth I've done wrong...I got everything going on my MacBook Pro in about 2 minutes! Any help would be greatly appreciated, and thanks in advance!

Hi Everyone I am helping a friend make the transition from windows to Linux. Everything is working just fine for him except we can not get magnet links to work when the VPN is on. He is running Ubuntu 16.04, connecting to VPN using openvpn and is using Vuze for a torrent client. Torrent files download fast and web browsing works perfectly but magnet links fail to do anything, they just sit there trying to connect, they never connect or throw a error. As soon as I take the vpn down the connect immediately. I have tried both UDP and TCP Vpn connections and several different torrent clients and get the same results. I have a similar setup on one of my machines and have not had any problems with magnet links and cannot figure out what is going on. Any help is greatly appreciated.

I've noticed that the number of public WiFi operators making AirVPN unuseable is increasing. To be honest, I don't think it is specifically AirVPN being targeted. I can establish an outbound tunnel quickly and easily, but am then unable to connect to anything via the tunnel. When I look at the stats, the packet counters just stop incrementing. So far I've seen this behaviour with: BT WiFi (any flavour) - Never workedO2 WiFi (certain branded outlets, including Sainsbury, Asda)The Cloud (just started recently).Other providers (including my home broadband, guest wireless at work and (I think) IKEA) work fine so I think the config which comes directly from OpenVPN anyway is OK. Are they likely to be inspecting the traffic and discarding it because it's encrypted, or can it be resolved by reducing frame size, and/or using a different AirVPN transport?

Hi, I am used to using *sudo openvpn --config file.ovpn* and will not switch to use any GUI. However after switching to Ubuntu 16.04 LTS I cannot connect to AirVPN - the log looks like connection succeeded but I have no internet connection. Could you please point me to a tutorial on how to connect from terminal? I cannot find any. ~/AirVPN$ sudo openvpn --config germany.ovpn Mon Mar 27 09:40:44 2017 OpenVPN 2.3.10 x86_64-pc-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [iPv6] built on Feb 2 2016Mon Mar 27 09:40:44 2017 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08Mon Mar 27 09:40:44 2017 Control Channel Authentication: tls-auth using INLINE static key fileMon Mar 27 09:40:44 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authenticationMon Mar 27 09:40:44 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authenticationMon Mar 27 09:40:44 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]Mon Mar 27 09:40:44 2017 UDPv4 link local: [undef]Mon Mar 27 09:40:44 2017 UDPv4 link remote: [AF_INET]178.162.198.112:2018Mon Mar 27 09:40:46 2017 TLS: Initial packet from [AF_INET]178.162.198.112:2018, sid=5f8e2f65 10b9f080Mon Mar 27 09:40:46 2017 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.orgMon Mar 27 09:40:46 2017 Validating certificate key usageMon Mar 27 09:40:46 2017 ++ Certificate has key usage 00a0, expects 00a0Mon Mar 27 09:40:46 2017 VERIFY KU OKMon Mar 27 09:40:46 2017 Validating certificate extended key usageMon Mar 27 09:40:46 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server AuthenticationMon Mar 27 09:40:46 2017 VERIFY EKU OKMon Mar 27 09:40:46 2017 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.orgMon Mar 27 09:40:47 2017 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit keyMon Mar 27 09:40:47 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authenticationMon Mar 27 09:40:47 2017 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit keyMon Mar 27 09:40:47 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authenticationMon Mar 27 09:40:47 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSAMon Mar 27 09:40:47 2017 [server] Peer Connection Initiated with [AF_INET]178.162.198.112:2018Mon Mar 27 09:40:49 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)Mon Mar 27 09:40:49 2017 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.30.0.1,comp-lzo no,route-gateway 10.30.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.30.0.155 255.255.0.0'Mon Mar 27 09:40:49 2017 OPTIONS IMPORT: timers and/or timeouts modifiedMon Mar 27 09:40:49 2017 OPTIONS IMPORT: LZO parms modifiedMon Mar 27 09:40:49 2017 OPTIONS IMPORT: --ifconfig/up options modifiedMon Mar 27 09:40:49 2017 OPTIONS IMPORT: route options modifiedMon Mar 27 09:40:49 2017 OPTIONS IMPORT: route-related options modifiedMon Mar 27 09:40:49 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modifiedMon Mar 27 09:40:49 2017 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlp2s0 HWADDR=48:51:b7:b2:37:2fMon Mar 27 09:40:49 2017 TUN/TAP device tun0 openedMon Mar 27 09:40:49 2017 TUN/TAP TX queue length set to 100Mon Mar 27 09:40:49 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0Mon Mar 27 09:40:49 2017 /sbin/ip link set dev tun0 up mtu 1500Mon Mar 27 09:40:49 2017 /sbin/ip addr add dev tun0 10.30.0.155/16 broadcast 10.30.255.255Mon Mar 27 09:40:49 2017 /sbin/ip route add 178.162.198.112/32 via 192.168.0.1Mon Mar 27 09:40:49 2017 /sbin/ip route add 0.0.0.0/1 via 10.30.0.1Mon Mar 27 09:40:49 2017 /sbin/ip route add 128.0.0.0/1 via 10.30.0.1Mon Mar 27 09:40:49 2017 Initialization Sequence Completed

read through thread after thread and i can't solve this... i need DNS to work both within and outside of the VPN (using a different connection), but when the tunnel connection is active, i want to use only the DNS provided by the Air servers mint 18.1/opendns process should be straight forward: config gen > advanced > resolve host names > generate > change 'opvn' extensions to 'conf' and dump files in /etc/openvpn router (tomato): advanced > DHCP/DNS > 'Use internal DNS' ??? i don't know, but doesn't seem to work without this selected - 'Use received DNS with user-entered DNS' ??? i don't know OS: connection editor > IPV4 > method: tried 'automatic' and 'automatic (addresses only)' - no DNS servers added to the IPV4 tab (shouldn't need any since domains were resolved when i gen'd the config's?) so when i restart openvpn and connect to the connection i created, i expect that no DNS lookup should be needed to reach the VPN because the IP's were resolved when i gen'd the config files - and after i connect, i should be using the VPN DNS, however i cannot even connect to the servers adding 10.4.0.1 to resolv.conf does not survive a reboot and nothing else i've tried works the only way i can connect seems to be to set 'method' to 'automatic' in the connection editor and use the random DNS servers configured in the router - so when i go to ipleak.net, i'm connected to the VPN, but the DNS is not provided by the VPN server

Hi, First of all, I'm very happy with the service. AirVPN is simply the best VPN service out there and I am glad to have found you! Running AirVPN on my desktop machines (Win, OSX, Linux) works like a charm either with plain OpenVPN or one of your clients. However, I'm not really sure how I can also use your service on my Linux server to which I connect via ssh. The issue is that as soon as I run openvpn with sudo openvpn --config your_config_file.ovpn naturally the existing ssh connection - as well as any other means to reach my server - gets interrupted. So my use case is that my server should stay reachable publicly as before, but ideally I would like to open a single shell session that gets routed through your VPN for occasional casual browsing or processes which I prefer to use anonymously.. Can I somehow restrict the VPN to only one process? Do you see any other solution for my use case? Best regards!

Hi, I have searched a lot to achieve this. I am looking for a comprehensive step by step (being a novice in this area) to setup a separate Virtual Access point in a DD-WRT router which uses OpenVPN and TOR (This feature is available in latest version of DD-WRT) at the same time. Also I want to ensure that any traffic goes through this VAP only if OpenVPN is up and running. I want to have OpenVPN on port 443 (TCP) due to aggressive DPI by local ISPs for VoIP. Looking to hear from experts I have gone through some guides (no.1 and no.2) but these aren't completely covered or not most relevant.

Hi I've added the following directives to my openVPN client configuration file in order to maximise the VPN throughput on my Ubuntu 16.04 based VPN router/gateway. fast-io nice -20 Starting my VPN with sudo service openvpn restart, initiates the VPN correctly, but the "nice" directive isn't applied. Relavent lines of log are below. Feb 14 12:30:09 srvbuntu ovpn-airvpn[23065]: nice = -20 ... Feb 14 12:30:09 srvbuntu ovpn-airvpn[23065]: fast_io = ENABLED ... Feb 14 12:30:09 srvbuntu ovpn-airvpn[23067]: WARNING: nice -20 failed: Operation not permitted: Operation not permitted (errno=1) If I start the VPN from the CLI using "sudo openvpn airvpn.conf" the "nice" directive is implemented: Tue Feb 14 12:37:25 2017 us=588423 nice -20 succeeded What is preventing the nice directive from being followed when I start it as a service?

So something strange is happening. I am mostly connected to an German Server. Also most Server dont work anyway with Amazon Prime. But at least two i know of do. But that is not the pont. So i have a Zotac Z-Box, setted it up with the pfSense Guide from the Forum here and everything is just good. Full speed, connection encrypted, perfect. No issues, except with Amazon Prime. From time to time, when i watch Amazon Prime on my Smart TV or with an Fire TV SetupBox it kills my router. That means my pfSense router just does not react anymore, i have to press the powerbutton on the device itself to turn it off and turn it on again. And i have no fucking clue, how Amazon Prime is able to kill my router. I mean what is happening that it can do that to the router. Has anybody any clue? Do you need more information? Ask i try to say what i know, but i am no expert in pfSense etc. But i just dont understand how a website can manage to kill a router that it is not reacting anymore.

Hello, I've recently installed OpenVPN for Android (the open-source recommended choice) but I'm concerned about different issues. For instance, this app doesn't autostart at boot / reboot but has to be manually started. BTW Android uses wifi's previous state after reboot : when Wifi was "on" our real IP is visible until OpenVPN is manually started. When it crashes (it happens with the latest version) our real IP gets exposed too. I wonder if it could be possible to configure a firewall (AfWall+ or Droidwall) to block all the traffic excepting the one which transits through OpenVPN for both Wifi and data (3G/4G) ? These two apps are using iptables but I don't know how to write the custom rules matching my requirements. The help and knowledge of some computer savvy members would be appreciated. If it works we could maybe create a tutorial for the "How to" section of this forum ? I've collected several articles regarding Android and iptables but I've no idea how I could adapt all this for AirVPN .ovpn default config file (Europe). https://android.stackexchange.com/questions/14455/how-can-i-block-the-traffic-outside-the-vpn-even-if-the-vpn-is-down https://github.com/ukanth/afwall/wiki/Apps-leak-private-user-data-during-boot https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy https://droidvpn.com/page/stopping-leaks-with-droidwall-when-using-droidvpn-8/ https://airvpn.org/faq/software_lock/ Any idea ? Thanks

Here: https://airvpn.org/specs/ is stated that each AirVPN server has its own DNS server. Why is that? Why are the DNS servers protocol and port specific? Why not give just one? Is that arbitrary or does it serve a purpose besides load balancing? What will happen if I use for example UDP Port 53 for my VPN connection and 10.9.0.1 as my DNS server instead of the listed 10.8.0.1?

Hi, I exactly followed all steps for creating a VPN on Synology. I have established a successful VPN connection - which is visible on in my AirVPN client area > overview page. The thing is that I cannot access the internet (Download Manager) - even ping (using putty) is not responding after having made the VPN connection.Btw - I deliberatly did not (yet) make any portforwarding changes, as I wanted to see if something as simple as this would work.Because I thought it might be a firewall issue, I temporary disabled my router firewall - no luck. Hope you could get me in the right direction... Netstat before and after making VPN connection. DiskStation> netstat -nrKernel IP routing tableDestination Gateway Genmask Flags MSS Window irtt Iface0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0DiskStation> netstat -nrKernel IP routing tableDestination Gateway Genmask Flags MSS Window irtt Iface0.0.0.0 10.8.0.1 128.0.0.0 UG 0 0 0 tun00.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth010.8.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tun0128.0.0.0 10.8.0.1 128.0.0.0 UG 0 0 0 tun0192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0213.152.161.73 192.168.0.1 255.255.255.255 UGH 0 0 0 eth0213.152.161.73 192.168.0.1 255.255.255.255 UGH 0 0 0 eth0

Just a quick question, I have OpenVPN setup in my Shibby Tomato router to use airvpn. No issues until I started to selectively route a few of the Source IP through the tunnel (using the GUI OpenVPN Client tab Routing Policy) as I can't Netflix to work. So now, my ISP's DNS is showing up in DNS leak test. I've tried to insert static DNS in the basic network config to use another DNS server, but nothing worked. DNS Leak test still show me that I am using my ISP's DNS server. Anyone has this problem when selectively routing a few IPs through the tunnel using Tomato?

I am running a headless ubuntu server v16.04 on raspberry pi, everything works fine. Now I am trying to setup openvpn client with AirVpn, can anybody provide some instructions on how to do it ?

As the title says, I'm trying to connect to AirVPN via OpenVPN on Linux but can't. I recently updated to OpenVPN 2.4.0, but it has worked since the update. I generated a config file with no separate keys/certs and ran `sudo openvpn /path/to/air.ovpn`, but this happened: Sat Dec 31 23:26:05 2016 OpenVPN 2.4.0 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Dec 28 2016 Sat Dec 31 23:26:05 2016 library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.09 Sat Dec 31 23:26:05 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Dec 31 23:26:05 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Dec 31 23:26:05 2016 TCP/UDP: Preserving recently used remote address: [AF_INET]71.19.249.195:443 Sat Dec 31 23:26:05 2016 Socket Buffers: R=[212992->212992] S=[212992->212992] Sat Dec 31 23:26:05 2016 UDP link local: (not bound) Sat Dec 31 23:26:05 2016 UDP link remote: [AF_INET]71.19.249.195:443 Sat Dec 31 23:27:05 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Sat Dec 31 23:27:05 2016 TLS Error: TLS handshake failed Sat Dec 31 23:27:05 2016 SIGUSR1[soft,tls-error] received, process restarting Sat Dec 31 23:27:05 2016 Restart pause, 5 second(s) Sat Dec 31 23:27:10 2016 TCP/UDP: Preserving recently used remote address: [AF_INET]71.19.249.195:443 Sat Dec 31 23:27:10 2016 Socket Buffers: R=[212992->212992] S=[212992->212992] Sat Dec 31 23:27:10 2016 UDP link local: (not bound) Sat Dec 31 23:27:10 2016 UDP link remote: [AF_INET]71.19.249.195:443 ^CSat Dec 31 23:27:15 2016 event_wait : Interrupted system call (code=4) Sat Dec 31 23:27:15 2016 SIGTERM received, sending exit notification to peer Sat Dec 31 23:27:20 2016 SIGTERM[soft,exit-with-notification] received, process exiting My internet works fine, to my knowledge. I can access the internet normally with no problems. This problem affects my phone, desktop, and laptop; all 3 get the same timeout error.

I am trying to use AirVPN to SSH into a computer. How do I do this? I have tried the .sh file I got from the SSH tutorial, but when I try to connect to the computer running it, I can never log in (permission denied). Trying to use OpenVPN as root with the .ovpn file caused errors about not being able to connect.

My phone is connected to AirVPN via OpenVPN for Android. Most websites are fooled by the VPN, but when I ask google directly (OK Google), it shows my actual IP address. I do not have this issue on my PC. What can I do about this? Thanks in advance.

Dears, I've followed the tutorial on how to connect to AirVPN through DD-WRT but it seems that I can't do it on my own So I would appreciate your help The error I'm getting is: Clientlog: 20161112 18:22:31 N TLS Error: TLS handshake failed 20161112 18:22:31 I SIGUSR1[soft tls-error] received process restarting 20161112 18:22:31 Restart pause 2 second(s) 20161112 18:22:33 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:22:33 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:22:33 I UDPv4 link local: [undef] 20161112 18:22:33 I UDPv4 link remote: [AF_INET]109.232.227.148:443 20161112 18:23:33 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20161112 18:23:33 N TLS Error: TLS handshake failed 20161112 18:23:33 I SIGUSR1[soft tls-error] received process restarting 20161112 18:23:33 Restart pause 2 second(s) 20161112 18:23:35 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:23:35 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:23:35 I UDPv4 link local: [undef] 20161112 18:23:35 I UDPv4 link remote: [AF_INET]109.232.227.148:443 20161112 18:24:35 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20161112 18:24:35 N TLS Error: TLS handshake failed 20161112 18:24:35 I SIGUSR1[soft tls-error] received process restarting 20161112 18:24:35 Restart pause 2 second(s) 20161112 18:24:37 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:24:37 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:24:39 I UDPv4 link local: [undef] 20161112 18:24:39 I UDPv4 link remote: [AF_INET]213.152.162.103:443 20161112 18:25:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:25:07 D MANAGEMENT: CMD 'state' 20161112 18:25:07 MANAGEMENT: Client disconnected 20161112 18:25:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:25:07 D MANAGEMENT: CMD 'state' 20161112 18:25:07 MANAGEMENT: Client disconnected 20161112 18:25:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:25:07 D MANAGEMENT: CMD 'state' 20161112 18:25:07 MANAGEMENT: Client disconnected 20161112 18:25:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:25:07 D MANAGEMENT: CMD 'status 2' 20161112 18:25:07 MANAGEMENT: Client disconnected 20161112 18:25:07 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:25:07 D MANAGEMENT: CMD 'log 500' 20161112 18:25:07 MANAGEMENT: Client disconnected 20161112 18:25:39 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20161112 18:25:39 N TLS Error: TLS handshake failed 20161112 18:25:39 I SIGUSR1[soft tls-error] received process restarting 20161112 18:25:39 Restart pause 2 second(s) 20161112 18:25:41 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:25:41 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:25:41 I UDPv4 link local: [undef] 20161112 18:25:41 I UDPv4 link remote: [AF_INET]213.152.162.103:443 20161112 18:26:41 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20161112 18:26:41 N TLS Error: TLS handshake failed 20161112 18:26:41 I SIGUSR1[soft tls-error] received process restarting 20161112 18:26:41 Restart pause 2 second(s) 20161112 18:26:43 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:26:43 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:26:43 I UDPv4 link local: [undef] 20161112 18:26:43 I UDPv4 link remote: [AF_INET]213.152.162.103:443 20161112 18:27:43 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20161112 18:27:43 N TLS Error: TLS handshake failed 20161112 18:27:43 I SIGUSR1[soft tls-error] received process restarting 20161112 18:27:43 Restart pause 2 second(s) 20161112 18:27:45 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:27:45 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:27:45 I UDPv4 link local: [undef] 20161112 18:27:45 I UDPv4 link remote: [AF_INET]213.152.162.103:443 20161112 18:28:46 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20161112 18:28:46 N TLS Error: TLS handshake failed 20161112 18:28:46 I SIGUSR1[soft tls-error] received process restarting 20161112 18:28:46 Restart pause 2 second(s) 20161112 18:28:48 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:28:48 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:28:48 I UDPv4 link local: [undef] 20161112 18:28:48 I UDPv4 link remote: [AF_INET]213.152.162.103:443 20161112 18:29:48 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20161112 18:29:48 N TLS Error: TLS handshake failed 20161112 18:29:48 I SIGUSR1[soft tls-error] received process restarting 20161112 18:29:48 Restart pause 2 second(s) 20161112 18:29:50 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:29:50 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:29:52 I UDPv4 link local: [undef] 20161112 18:29:52 I UDPv4 link remote: [AF_INET]213.152.161.132:443 20161112 18:30:52 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20161112 18:30:52 N TLS Error: TLS handshake failed 20161112 18:30:52 I SIGUSR1[soft tls-error] received process restarting 20161112 18:30:52 Restart pause 2 second(s) 20161112 18:30:54 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20161112 18:30:54 Socket Buffers: R=[180224->131072] S=[180224->131072] 20161112 18:30:54 I UDPv4 link local: [undef] 20161112 18:30:54 I UDPv4 link remote: [AF_INET]213.152.161.132:443 20161112 18:30:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:30:55 D MANAGEMENT: CMD 'state' 20161112 18:30:55 MANAGEMENT: Client disconnected 20161112 18:30:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:30:55 D MANAGEMENT: CMD 'state' 20161112 18:30:55 MANAGEMENT: Client disconnected 20161112 18:30:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:30:55 D MANAGEMENT: CMD 'state' 20161112 18:30:55 MANAGEMENT: Client disconnected 20161112 18:30:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:30:55 D MANAGEMENT: CMD 'status 2' 20161112 18:30:55 MANAGEMENT: Client disconnected 20161112 18:30:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20161112 18:30:55 D MANAGEMENT: CMD 'log 500' 19700101 01:00:00 ca /tmp/openvpncl/ca.crt cert /tmp/openvpncl/client.crt key /tmp/openvpncl/client.key management 127.0.0.1 16 management-log-cache 100 verb 3 mute 3 syslog writepid /var/run/openvpncl.pid client resolv-retry infinite nobind persist-key persist-tun script-security 2 dev tun1 proto udp cipher aes-256-cbc auth sha1 remote nl.vpn.airdns.org 443 comp-lzo yes tls-client tun-mtu 1500 mtu-disc yes ns-cert-type server fast-io tun-ipv6 tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 Can someone please help me ? I've attached my config in DD-WRT Thanks.

Hi, I am having trouble getting AirVPN running on: - Samsung Galaxy S5 (SM-G900F) - Android 6.0.1 - rooted using OpenVPN for Android by Arne Schwabe. I have created a .ovpn file using Chrome Android (creating such a file in Firefox Android also gives this problem) and followed the instructions here: https://airvpn.org/topic/11476-using-airvpn-with-openvpn-for-android/ When I try to start the newly made profile in OpenVPN for Android, I can see a dialog appearing for a split second, before seeing it disappear. Log: VPN API permission dialog cancelled My question is: How can I remedy this issue and connect to AirVPN on my Android device? Thanks in advance, Arceon

Recently joined and trying to lock down the fort. How can I patch up the DNS leak? I disabled IPV6 on Ethernet 2 and Wi-Fi adapters, and IPLeak appears to pass. Just DNS leaking.

Hi guys, I've subscribed to the Airvpn service about 4 months ago and I'm very happy with it. Nevertheless, as a Linux user (currently Lubuntu 16.04) which isn't using the client option, it was becoming somewhat annoying to turn on and turn off the openvpn and the stunnel in different terminals every time. Few days ago I sat and wrote a small CLI script in python, that is automating the process of connecting and disconnecting to the Airvpn service. The script can be found here: https://github.com/hemulin/airvpn_toggler Simply put, what it does is: When turning on - 1) Scanning the configs files folder and asking you from which country you wish to exit 2) After you choose a country, it turns on the stunnel as a background process and waiting for it to finish the initialization 3) After the stunnel init has finished, it turns on the openvpn as a background process and waiting for it to finish init. 4) After the openvpn has finished its init, the script validates that the external IP has changed and if yes, adding a system tray indicator to show it is connected. When turning off - 1) Killing the system tray indicator, the openvpn and the stunnel processes. 2) Validating that the external IP has changed. Currently it is working well for me, but I still consider it to be a "work in progress", so (1) I still improves it and (2) Feel free to ask for features (and of course, forks and pull requests are welcome). Cheers, Hemulin

hey guys, with ufw enabled, vpn connects but wget and web pages don't resolve: $uname -a Linux 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 2016 x86_64 x86_64 x86_64 GNU/Linux $ufw reset $ufw allow out on wlp1s0 to 213.152.161.180 port 443 proto udp $ufw allow out on tun0 $ufw status verbose Status: active Logging: on (low) Default: deny (incoming), deny (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 213.152.161.180 443/udp ALLOW OUT Anywhere on wlp1s0 # NL-Alblasserdam_Alchiba_UDP-443.ovpn Anywhere ALLOW OUT Anywhere on tun0 # tun0 $openvpn --config ~/VPN/NL-Alblasserdam_Alchiba_UDP-443.ovpn Mon Oct 3 2016 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Feb 2 2016 Mon Oct 3 2016 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08 Mon Oct 3 2016 Control Channel Authentication: tls-auth using INLINE static key file Mon Oct 3 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Oct 3 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Oct 3 2016 Socket Buffers: R=[212992->212992] S=[212992->212992] Mon Oct 3 2016 UDPv4 link local: [undef] Mon Oct 3 2016 UDPv4 link remote: [AF_INET]213.152.161.180:443 Mon Oct 3 2016 TLS: Initial packet from [AF_INET]213.152.161.180:443, sid=b2d0c912 4505e529 Mon Oct 3 2016 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org Mon Oct 3 2016 Validating certificate key usage Mon Oct 3 2016 ++ Certificate has key usage 00a0, expects 00a0 Mon Oct 3 2016 VERIFY KU OK Mon Oct 3 2016 Validating certificate extended key usage Mon Oct 3 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Mon Oct 3 2016 VERIFY EKU OK Mon Oct 3 2016 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org Mon Oct 3 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Mon Oct 3 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Oct 3 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Mon Oct 3 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Oct 3 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA Mon Oct 3 2016 [server] Peer Connection Initiated with [AF_INET]213.152.161.180:443 Mon Oct 3 2016 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Mon Oct 3 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.48.174 255.255.0.0' Mon Oct 3 2016 OPTIONS IMPORT: timers and/or timeouts modified Mon Oct 3 2016 OPTIONS IMPORT: LZO parms modified Mon Oct 3 2016 OPTIONS IMPORT: --ifconfig/up options modified Mon Oct 3 2016 OPTIONS IMPORT: route options modified Mon Oct 3 2016 OPTIONS IMPORT: route-related options modified Mon Oct 3 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Mon Oct 3 2016 ROUTE_GATEWAY 10.42.0.1/255.255.255.0 IFACE=wlp1s0 HWADDR=xx:xx:xx:xx:xx:xx Mon Oct 3 2016 TUN/TAP device tun0 opened Mon Oct 3 2016 TUN/TAP TX queue length set to 100 Mon Oct 3 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Mon Oct 3 2016 /sbin/ip link set dev tun0 up mtu 1500 Mon Oct 3 2016 /sbin/ip addr add dev tun0 10.4.48.174/16 broadcast 10.4.255.255 Mon Oct 3 2016 /sbin/ip route add 213.152.161.180/32 via 10.42.0.1 Mon Oct 3 2016 /sbin/ip route add 0.0.0.0/1 via 10.4.0.1 Mon Oct 3 2016 /sbin/ip route add 128.0.0.0/1 via 10.4.0.1 Mon Oct 3 2016 Initialization Sequence Completed $route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.4.0.1 128.0.0.0 UG 0 0 0 tun0 0.0.0.0 10.42.0.1 0.0.0.0 UG 600 0 0 wlp1s0 10.4.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tun0 10.42.0.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp1s0 128.0.0.0 10.4.0.1 128.0.0.0 UG 0 0 0 tun0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlp1s0 213.152.161.180 10.42.0.1 255.255.255.255 UGH 0 0 0 wlp1s0 $ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: wlp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff inet 10.42.0.9/24 brd 10.42.0.255 scope global wlp1s0 valid_lft forever preferred_lft forever inet6 <removed>/64 scope link valid_lft forever preferred_lft forever 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100 link/none inet 10.4.48.174/16 brd 10.4.255.255 scope global tun0 valid_lft forever preferred_lft forever inet6 <removed>/64 scope link flags 800 valid_lft forever preferred_lft forever i don't usually touch my iptables directly but here's the output: $iptables -L Chain INPUT (policy DROP) target prot opt source destination ufw-before-logging-input all -- anywhere anywhere ufw-before-input all -- anywhere anywhere ufw-after-input all -- anywhere anywhere ufw-after-logging-input all -- anywhere anywhere ufw-reject-input all -- anywhere anywhere ufw-track-input all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ufw-before-logging-forward all -- anywhere anywhere ufw-before-forward all -- anywhere anywhere ufw-after-forward all -- anywhere anywhere ufw-after-logging-forward all -- anywhere anywhere ufw-reject-forward all -- anywhere anywhere ufw-track-forward all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ufw-before-logging-output all -- anywhere anywhere ufw-before-output all -- anywhere anywhere ufw-after-output all -- anywhere anywhere ufw-after-logging-output all -- anywhere anywhere ufw-reject-output all -- anywhere anywhere ufw-track-output all -- anywhere anywhere Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-ns ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-dgm ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:netbios-ssn ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:microsoft-ds ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootps ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootpc ufw-skip-to-policy-input all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem ACCEPT icmp -- anywhere anywhere icmp echo-request ufw-user-forward all -- anywhere anywhere Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ufw-logging-deny all -- anywhere anywhere ctstate INVALID DROP all -- anywhere anywhere ctstate INVALID ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc ufw-not-local all -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere 239.255.255.250 udp dpt:1900 ufw-user-input all -- anywhere anywhere Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ufw-user-output all -- anywhere anywhere Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] " Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- anywhere anywhere ctstate INVALID limit: avg 3/min burst 10 LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- anywhere anywhere ADDRTYPE match dst-type LOCAL RETURN all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST RETURN all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST ufw-logging-deny all -- anywhere anywhere limit: avg 3/min burst 10 DROP all -- anywhere anywhere Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP all -- anywhere anywhere Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- anywhere anywhere Chain ufw-skip-to-policy-output (0 references) target prot opt source destination DROP all -- anywhere anywhere Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-input (1 references) target prot opt source destination Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] " REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-output (1 references) target prot opt source destination ACCEPT udp -- anywhere 213.152.161.180 udp dpt:https ACCEPT all -- anywhere anywhere any help would be great. let me know if you need anymore info.

Two different topics in the same post since I can only make a single post a day. Sorry. First, what is the proper way to set the.ovpn configuration file in order to enable VPN through Tor? I have attempted using 127.0.0.1 as the SOCKS proxy but that has not worked. Maybe it has something to do with the control port? Second, I have been able to get Eddie started on CentOS 7, but for some reason, Eddie does not connect to any server. I used all default settings once, and then disabled DNS check. Posting relevant log below: I 2016.09.30 12:22:37 - Session starting. I 2016.09.30 12:22:38 - Checking authorization ... ! 2016.09.30 12:22:38 - Connecting to Gemma (Canada, Vancouver) . 2016.09.30 12:22:38 - OpenVPN > OpenVPN 2.3.12 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Aug 23 2016 . 2016.09.30 12:22:38 - OpenVPN > library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06 . 2016.09.30 12:22:38 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2016.09.30 12:22:38 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file . 2016.09.30 12:22:38 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2016.09.30 12:22:38 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2016.09.30 12:22:38 - OpenVPN > Socket Buffers: R=[212992->262144] S=[212992->262144] . 2016.09.30 12:22:38 - OpenVPN > UDPv4 link local: [undef] . 2016.09.30 12:22:38 - OpenVPN > UDPv4 link remote: [AF_INET]##.##.###.###:443 . 2016.09.30 12:23:10 - OpenVPN > [UNDEF] Inactivity timeout (--ping-exit), exiting . 2016.09.30 12:23:10 - OpenVPN > SIGTERM received, sending exit notification to peer . 2016.09.30 12:23:15 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting ! 2016.09.30 12:23:15 - Disconnecting . 2016.09.30 12:23:15 - Connection terminated. I 2016.09.30 12:23:16 - Cancel requested. ! 2016.09.30 12:23:16 - Session terminated. If any advancements have been made in either issues, I would greatly appreciate any news - even if it's bad news.