Search the Community

Hi All, I have a Debian Apache Server running on a machine under my home network. I have a opnevpn client and a AirVPN host running especially for the server. But all the incoming connections over ports 80 (http) and 443 (https) are not accessible now from the publicly assigned IP address by AirVPN. I have tried port forwarding some arbitary port >2048 to internal port 443 using Remote Port Forwarding and it works fine. But now I wanted to have a SSL certificate provided by https://letsencrypt.org/ but their client only checks and updates the certificates over SSL port 443 and that is true for all the SSL certificate providers. Is there any I can get the requests go through the VPN?

Will it ever be possible for us to hide our connections to AirVPN on our mobile devices using OpenVPN over SSL and SSH in the future via Eddie or some other mobile solution?

Hello, since a few days I get weird disconnections when I'm going via a SSL Tunnel. Why's that and am I compromised after this disconnection? Thanks in advance for your help!

Hi, As the title says, I can only connect with the SSH or SSL tunnel. I'm on Windows 10, using the Eddie client, trying to connect to a Dutch server. When I try to connect with UDP over port 443, it times out at the "Checking Route" stage. Honestly, I don't really mind because I tunnel over SSH or SSL anyway, but I'm curious if this is a known issue with a solution. Thanks for any help!

I'm with Virgin Media in the UK, on 160/12 cable. Last year I had a spate of low speed (3MB/sec hard cap) which I initially blamed on throttling of OpenVPN as I could hit full speed on my naked ISP connection. After some investigation I found it was actually a bug in the ISP supplied router, so I switched to my own and the problem went away. Lately however, I'm having a hard speed cap problem and it really looks like issues caused by either VM's use of DPI and/or OpenVPN throttling/shaping at ISP level. VM operate a whitelist for shaping, so unless the protocol is whitelisted it's shaped by default. VM categorically and publicly deny any form of throttling, shaping or interference with OpenVPN connections. I've been using an Ubuntu torrent as a speed benchmark as it's multi-threaded, consistently very fast, and can be used off-VPN without fear of legal issues. I have tested every port and protocol in Eddie, as well as via Viscosity (to rule out Eddie issues). I also tried the same tests with several other well respected VPN providers with good networks and the results were consistent across them all, Air included. Note that I am using MB/sec in its proper format, meaning megabytes per second. 1MB/sec = 8Mbps. All results are for the same Ubuntu 15.04 x64 torrent downloaded in the latest qBittorrent v3.2.3 on Mac OS X (also verified on Linux, PCBSD and Windows 8.1 Pro). As well as checking against multiple VPN companies, multiple OpenVPN software and multiple operating systems, I also reproduced the results on multiple machines (mid 2012 MacBook Pro and my FX8350 / 16GB DDR3 / Samsung Evo 850 sad / Radeon R9 380 gfx desktop). I repeated the tests with several ethernet cables (to rule out cable issues), as well as with *machine* > router > modem and *machine* > modem (to rule out firmware or routing issues). Every time, regardless of the variable, the results below were consistent. ISP : 19MB/sec OpenVPN 53 UDP : 2MB/sec OpenVPN (all other ports in turn) UDP : 5MB/sec OpenVPN (all ports) TCP : 4 - 5 MB/sec OpenVPN + SSH 22 : 2MB/sec OpenVPN + SSH 80 (or 53) : 13 - 18 MB/sec (lower in peak times, high off-peak) OpenVPN + SSL 443 : 13 - 18 MB/sec (lower in peak times, high off-peak) As we can see, generally SSL and SSH masking the OpenVPN connection allows almost full line speed (minus the encryption overheads). That's great. As soon as it's a bare OpenVPN connection the speeds cap out at around 33% of what they should be. Bare OpenVPN TCP is a little slower than UDP (as you'd expect) but otherwise in accordance with the general 5MB/sec cap experienced on UDP. The only exceptions are UDP:53 and SSH:22 which are both heavily restricted to around 2MB/sec. Now to my mind, knowing what I do of VM's shaping and DPI systems, this would only make sense if they were interfering with OpenVPN either by purposefully throttling it, or else their DPI system is messing up the connection. They further seem to restrict SSH:22 and UDP:53 by protocol but not by port. This actually makes sense, as all other Eddie combinations are quite random whereas SSH:22 (SSH) and UDP:53 (DNS) are established network traffic protocols and thus could be singled out for listing in the shaping systems. If we reverse the protocol/port (to give SSH 53 and UDP 22) we once again obfuscate the tunnel and go back to full speeds! I also get a lot of decrypt/replay errors in the logs on every single port for 'normal' OpenVPN. As soon as I hide the OpenVPN in either SSL or SSH the errors simply don't occur. Ever. This suggests that the extra tunnel is hiding the OpenVPN tunnel from being shaped, or else the DPI process in and of itself is breaking OpenVPN and causing the packets to arrive out of order. Maybe that in and of itself can hurt speed? So there you go. Sorry for the long post but it's an interesting (if thoroughly frustrating and annoying) issue. What do you gurus think? Given I have worked to change the variables one at a time to rule out issues with AirVPN (different providers), the router and/or its firmware (direct connection to modem, bypassing router), wireless issues (used ethernet directly) and OS limits or bugs (used multiple OSs) I can't see anything is left... except issues with the ISP shaping/throttling or else their DPI breaking things. I posted a thread very similar to this in VM's support forums, but for a whole week it has gone unanswered by any staff. Interestingly it is the only thread on the forum to have been ignored. Make of that what you wish. I await your replies with interest. Thanks in advance for reading.

Hi Everyone, I am currently trying to run AirVPN through an SSL Tunnel on port 443 as my default setting; however I don't show that port as open on my machine. It shows AirVPN running on port 50080. Is there a problem? Why isn't SSL Tunnel working? Thanks

One user descriped a way how to bypass the great firewall in china: https://airvpn.org/topic/11134-ssh-or-ssl-tunnel-on-android/?p=21319 Why isn't android supported officially? If the devs decide to support this I will make an video which would explain this feature and how to install it.

Tutorial: SSH-Tunneled VPN on Stock Android 0. Notes - no proprietary / commercial apps required. FOSS only! (Free and Open Source Software) - no root / custom ROM required - tested on Android 4.4.4 - minimum requirement: Android 4.x 1. Required apps - OpenVPN for Android - ConnectBot (any advanced SSH client will work, ) - CyanogenMod File Manager (or pick any file manager you like) I highly recommend installing all of these apps via F-Droid, a Free Open Source Software platform: https://f-droid.org/ In order to install F-Droid, you may need to temporarily "Allow installation of apps from unknown sources" in Android's security settings. 2. Generate config files Use the AirVPN Generator (https://airvpn.org/generator/) to create SSH config files for Linux (not Android). Only pick one specific server. Screenshot #1: http://i.imgur.com/FWcuXH2.jpg 3. Transfer config files We only need 2 out of the 3 generated files: - sshtunnel.key - the .ovpn profile Screenshot #2: http://i.imgur.com/p2L7T0l.jpg Transfer both of them to your Android's sdcard. Also, open the .ovpn file in a text editor and look for a line that starts with "route", it contains the server's IP - we will need it in step 5. Example: route 199.19.94.12 255.255.255.255 net_gateway That's the IP we will need. 4. Import key file in ConnectBot Launch ConnectBot. Go into menu and "Manage Pubkeys". Screenshot #3: https://i.imgur.com/uGT3UgC.jpg Import the sshtunnel.key file. Screenshot #4: https://i.imgur.com/ZPYhI6V.jpg 5. Configure SSH connection in ConnectBot Go to ConnectBot's main screen. At the bottom of the screen, enter: sshtunnel@199.19.94.12 (Notice, that's the IP we took note of in step 3). Screenshot #5A: http://i.imgur.com/ludTDgv.jpg If the default port 22 is blocked, you can try an alternative port by appending it at the end: sshtunnel@199.19.94.12:80 or sshtunnel@199.19.94.12:53 - Press Enter on your keyboard. It will try to connect and ask you to continue. Choose "Yes". Screenshot #5B: http://i.imgur.com/UJNpB9n.jpg - Cancel the connection, we need to configure it now. Long-press the newly created connection and choose "Edit host". Screenshot #6: https://i.imgur.com/n3OtM2D.jpg - Change "Use pubkey authentication" to "sshtunnel.key". Screenshot #7: https://i.imgur.com/CwfFSoO.jpg - Disable the option "Start shell session" Screenshot #8: https://i.imgur.com/l2niHqG.jpg - Consider enabling the option "Stay connected". 6. Configure SSH port forwarding - Go to ConnectBot's main screen. - Long-press the new connection again, but this time choose "Edit port forwards". "Add port forward" with the following values: Type: Local Source port: 1412 Destination: 127.0.0.1:2018 Screenshot #9: https://i.imgur.com/TBnsKQx.jpg - Press "Create port forward". Configuration of the SSH connection is now complete. - Go back to ConnectBot's main screen and tap the connection entry to establish a connection. Leave the ConnectBot app using your "home" button. 7. Import OpenVPN config - Launch "OpenVPN for Android" - Tap the folder icon. In the "Open from" dialog, choose "File Manager" Screenshot #10: https://i.imgur.com/Nhc6fDa.jpg - Pick the AirVPN_...SSH-22.ovpn file - OpenVPN will present you with an "import log", tap the "Save" file to accept. - You may want to dive into the new profile's settings, go to "ROUTING" and enable "Use default route". - in the ALLOWED APPS tab, find and select ConnectBot to exclude it from OpenVPN's routing 8. Start OpenVPN connection - In OpenVPN's main screen, tap the VPN profile to establish the connection. - Provided that the SSH connection is still running, OpenVPN will be able to connect. Congratulations 9. How to connect / disconnect from now on When establishing a connection, always - start the SSH connection first - then launch OpenVPN When disconnecting, always - disconnect the OpenVPN connection first - then disconnect SSH in ConnectBot 10. Thoughts on reliabilty and firewalling If avoiding network leaks is important to you: be careful on Android, especially on unreliable mobile or WiFi networks that might cause the connection to collapse quite often. I don't have a solution for this potential issue on stock Android, but if you're on a rooted device, you should absolutely consider installing AFWall+ (available in F-Droid). AFWall+ allows you to firewall individual apps, restricting their network access to VPN-only. (You have to dive into its settings to enable VPN mode). Finally: Good luck!

I've managed to get a pfSense VM working with AirVPN's Serpentis server via Stunnel. Given the importance of using the latest versions of Stunnel and OpenSSL, I used pfSense 2.2-BETA x64, which is based on FreeBSD 10.1-RELEASE x64. Working in a FreeBSD 10.1 x64 VM, I made the stunnel-5.07 package and its dependencies from ports. See <http://www.freshports.org/security/stunnel/>. Also see <https://forums.freebsd.org/threads/howto-setting-up-stunnel-in-freebsd.1717/>. pfSense 2.2-BETA x64 VM: 512 MB RAM 7 MB video RAM 2 GB dynamic VDI PAE/NX, VT-x/AMD-V, Nested Paging Adapter 1: Intel PRO/1000 MT Desktop (NAT) Adapter 2: Intel PRO/1000 MT Desktop (Internal Network, 'AV') audio and USB disabled otherwise defaults FreeBSD 10.1 x64 VM 1024 MB RAM 7 MB video RAM 10 GB dynamic VDI PAE/NX, VT-x/AMD-V, Nested Paging Adapter 1: Intel PRO/1000 MT Desktop (Internal Network, 'AV') audio and USB disabled otherwise defaults Debian 7.6 x64 workspace VM 1024 MB RAM 128 MB video RAM 20 GB dynamic VDI PAE/NX, VT-x/AMD-V, Nested Paging Adapter 1: Intel PRO/1000 MT Desktop (Internal Network, 'AV') audio and USB disabled otherwise defaults legacy Gnome desktop installed openssh-server Working in FreeBSD VM: # portsnap fetch extract # mkdir /usr/ports/packages # cd /usr/ports/security/stunnel # make config [x] DOCS [x] EXAMPLES [ ] FIPS [ ] IPV6 [ ] LIBWRAP [x] SSL_PORT [ ] FORK [x] PTHREAD [ ] UCONTEXT # make package-recursive [use default openssl-1.0.1_16 settings] [use default perl5-5.18.4_10 settings] # cd /usr/ports/packages/All # ls openssl-1.0.1_16.txz pkg-1.3.8_3.txz perl5-5.18.4_10.txz stunnel-5.07.txz # sftp user@192.168.10.11 [Debian VM] # put * # exit # shutdown -p now Working in Debian VM: login pfSense webGUI browse "Diagnostics: Command Prompt" upload openssl-1.0.1_16.txz and move to /root/ upload pkg-1.3.8_3.txz and move to /root/ upload perl5-5.18.4_10.txz and move to /root/ upload stunnel-5.07.txz and move to /root/ Working in pfSense VM console: : pkg install *.txz The package management tool is not yet installed on your system. Do you want to fetch and install it now? [y/N]: y ... New packages to be INSTALLED: openssl-1.0.1_16 perl5-5.18.4_10 stunnel: 5.07 The process will require 61 MB more space. Proceed with this action? [y/N]: y [1/3] Installing openssl-1.0.1_16: 100% [2/3] Installing perl5-5.18.4_10: 100% makewhatis: not found makewhatis: not found pkg: POST-INSTALL script failed ===> Creating users and/or groups. Creating group 'stunnel' with gid '341'. Creating user 'stunnel' with uid '341'. [3/3] Installing stunnel-5.07: 100% Message for openssl-1.0.1_16: Copy /usr/local/openssl/openssl.cnf.sample to /usr/local/openssl/openssl.cnf and edit it to fit your needs. [DON'T DO THAT. USE EXISTING openssl.cnf] Message for stunnel-5.07: *************************************************************************** To create and install a new certificate, type "make cert" And don't forget to check out the FAQ at http://www.stunnel.org/ *************************************************************************** : mkdir /usr/local/etc/stunnel/run : chown stunnel:stunnel /usr/local/etc/stunnel/run : chmod 0622 /usr/local/etc/stunnel/run Working in Debian VM: login pfSense webGUI browse "Diagnostics: Edit File" browse "/usr/local/etc/stunnel/stunnel.conf-sample" and open to edit save as "/usr/local/etc/stunnel/stunnel.conf" replace content with this and save: ................................... ; create local jail chroot = /usr/local/etc/stunnel/run ; set own UID and GID setuid = stunnel setgid = stunnel client = yes foreground = no options = NO_SSLv2 [openvpn] accept = 1413 connect = 178.248.30.133:443 TIMEOUTclose = 0 ................................... browse "/etc/defaults/rc.conf" and open to edit add this at end and save: ......................................................... stunnel_enable="YES" stunnel_pid_file="/usr/local/etc/stunnel/run/stunnel.pid" ......................................................... browse "Diagnostics: Command Prompt" run "mv /usr/local/etc/rc.d/stunnel /usr/local/etc/rc.d/stunnel.sh" Working in pfSense VM console: hit "5" and "y" to reboot Working in Debian VM: login pfSense webGUI browse "Status: System logs: General" should see: ................................................................................................... ... ... php-fpm[243]: /rc.start_packages: Restarting/Starting all packages. ... kernel: done. ... stunnel: LOG5[34393318400]: stunnel 5.07 on amd64-portbld-freebsd10.1 platform ... stunnel: LOG5[34393318400]: Compiled/running with OpenSSL 1.0.1j 15 Oct 2014 ... stunnel: LOG5[34393318400]: Threading:PTHREAD Sockets:POLL,IPv4 SSL:ENGINE,OCSP ... stunnel: LOG5[34393318400]: Reading configuration from file /usr/local/etc/stunnel/stunnel.conf ... stunnel: LOG5[34393318400]: UTF-8 byte order mark not detected ... stunnel: LOG5[34393318400]: Configuration successful ... ................................................................................................... browse "System: General Setup" specify desired third-party DNS servers on WAN_DHCP [x] Do not use the DNS Forwarder as a DNS server for the firewall browse "Services: DNS Forwarder" [ ] Enable DNS forwarder browse "System: Advanced: Networking" [ ] Allow IPv6 [x] Prefer to use IPv4 even if IPv6 is available browse "System: Advanced: Miscellaneous" [x] Skip rules when gateway is down [x] Enable gateway monitoring debug logging browse "System: Certificate Authority Manager" add ca.crt browse "System: Certificate Manager" add client.crt|client.key browse "VPN: OpenVPN: Client" Protocol: TCP Interface: Localhost Server host or address: 127.0.0.1 Server port: 1413 Server host name resolution: don't "Infinitely resolve server" Encryption algorithm: AES-256-CBC Compression: Disabled - No Compression Disable IPv6: Don't forward IPv6 traffic Advanced: persist-key;persist-tun;remote-cert-tls server; route 178.248.30.133 255.255.255.255 net_gateway Verbosity level: 5 browse "Status: System logs: General" should see: ................................................................................................... ... ... openvpn[86987]: [server] Peer Connection Initiated with [AF_INET]127.0.0.1:1413 ... openvpn[86987]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) ... openvpn[86987]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1, dhcp-option DNS 10.50.0.1,comp-lzo no,route 10.50.0.1,topology net30,ping 10, ping-restart 60,ifconfig 10.50.2.74 10.50.2.73' ... ... openvpn[86987]: /sbin/ifconfig ovpnc1 10.50.2.74 10.50.2.73 mtu 1500 netmask 255.255.255.255 up ... openvpn[86987]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1560 10.50.2.74 10.50.2.73 init ... openvpn[86987]: /sbin/route add -net 127.0.0.1 10.0.2.2 255.255.255.255 ... openvpn[86987]: /sbin/route add -net 0.0.0.0 10.50.2.73 128.0.0.0 ... openvpn[86987]: /sbin/route add -net 128.0.0.0 10.50.2.73 128.0.0.0 ... openvpn[86987]: /sbin/route add -net 178.248.30.133 10.0.2.2 255.255.255.255 ... openvpn[86987]: /sbin/route add -net 10.50.0.1 10.50.2.73 255.255.255.255 ... openvpn[86987]: Initialization Sequence Completed ................................................................................................... browse "Services: DHCP Server" set 10.50.0.1 as DNS server browse "Interfaces: Assign Network Ports" add OPT1 browse "Interfaces: OPT1" enable and rename "AIRVPN" browse "Firewall: NAT: Outbound" select "Manual Outbound NAT rule generation (AON - Advanced Outbound NAT)" save and apply changes leave localhost rules alone "Auto created rule for ISAKMP - localhost to WAN" "Auto created rule - localhost to WAN" change interface for LAN rules from WAN to AIRVPN "Rule for ISAKMP - LAN to AIRVPN" "Rule - LAN to AIRVPN" apply changes browse "Firewall: Rules: LAN" delete IPv6 rule edit IPv4 rule specify AIRVPN_VPNV4 as Gateway\ rename as "Allow LAN to any rule via AIRVPN_VPNV4" apply changes Working in pfSense VM console: hit "5" and "y" to reboot Working in Debian VM: login pfSense webGUI browse "Status: OpenVPN" should see that Client TCP is up Done Edit: I've added rules on WAN, and required aliases. Aliases are needed for three types of outbound traffic: 1) the DNS server IPs specified in “System: General Setup”; 2) the pfSense NTP server hostname specified in “System: General Setup”; and 3) the connect server IP specified in the Stunnel configuration. In Firewall: Aliases: IP, create three aliases, using the + button to add the values: Name Values Description dnssvr 208.67.220.220 208.67.222.222 DNS server IP addresses ntpsvr 0.pfsense.pool.ntp.org default pfSense NTP server sslsvr 178.248.30.133 Stunnel server Using these aliases, you then add rules for the WAN interface to pass necessary outbound traffic, and then a final rule to block everything else. In "Firewall: Rules: WAN", create these rules, specifying “Single host or address” for the pass rules: Action TCP/IP Proto Source Port Dest Port Gateway Queue Description pass IPv4 TCP/UDP WAN address * dnssvr * * none Allow to DNS servers pass IPv4 UDP WAN address * ntpsvr * * none Allow to NTP server pass IPv4 TCP/UDP WAN address * sslsvr * * none Allow to SSL server block IPv4 * WAN address * * * * none Block all other IPv4 block IPv6 * WAN address * * * * none Block all IPv6 Then reboot from the console window, by entering 5 and then y to confirm.

A friend of mine is sending me a fairly beefy router which supports the latest builds for all versions of DD-WRT. While I wait, I was reading up on this page, and found myself curious as to whether stunnel is built-in as well, or if there is any way to do SSL tunneling for OpenVPN as in the AirVPN client?

Security researchers have developed an application called pacumen to analyze encrypted traffic. With the information provided by it an attacker can find out if a certain (specified) application is communicating behind an encrypted connection. This analysis technique is called a side channel attack. In pacumen, you create a classifier (detection rules for the application you'd like to uncover in the traffic) and a pcap file with sniffed traffic (preferably covering hours of length). It then starts analyzing it and calculates a value, representing the similarity of the analyzed traffic with the specified rules. For example: The researchers tried to uncover usage of Skype inside an SSH tunnel and were quite successful. The same thing can be done with any other protocol, let's say, to see if some user is using Facebook over HTTPS. Or identifying BitTorrent inside OpenVPN. China and Iran could theoretically use it to uncover OpenVPN over SSH/SSL. Countermeasures are padding of all packets and/or sending contant dummy packets. Note that both of them would lower performance of tunnels drastically.

Yesterday I saw that SSL was available in the config generator. I downloaded the new config file but am unable to connect. Can anybody tell me what might be the problem based on my OpenVPN connection log? If you need any other information please let me know. EDIT I just noticed stunnel.exe on the SSL page. Is there a guide to doing this SSL thing somewhere on the forums? I've been able to connect successfully after running stunnel. I ran this command from a command prompt in Windows 7: stunnel "AirVPN_US-Alkaid_SSL-443.ssl" Do I need to run this program each time I wish to connect via SSL? Also, when I am done, do I just close out the window or is there a specific way I should shut it down?

Since SSL and SSH both use a double layer of encryption, I am wondering if this hides my download totals (bytes going to my PC) from my provider? My guess is not but I would appreciate confirmation. Thank you P.

Hi, Is there any development going on to enable SSH or SSL tunnels on Android to avoid DPI in China? Some other providers already have this service on Android. Thanks,

Hi all, I have just finished configuring the SSL tunnel for AirVPN under Linux (Ubuntu). I think the guide at https://airvpn.org/ssl/ needs to be updated. If you use apt-get install stunnel Ubuntu will install stunnel4, but the softlink which is used in stunnel "AirVPN <..> - SSL <..>.ssl" points at version stunnel3. So first, go to /usr/bin/ and change the softlink to point at stunnel4 instead of 3: sudo -ln -s /usr/bin/stunnel4 /usr/bin/stunnel [EDIT from Staff: the correct command is "sudo ln ..."] Second point is, stunnel needs to know where the ssl certificate is located, if you don't point it to the right directory, the connection will end with the error: End of section stunnel: SSL server needs a certificate So to get rid of this, you have to go to /etc/stunnel and create a file stunnel.conf (also check the README there for more infos) and in it insert 2 lines: cert=/path/to/pemkey=/path/to/keyLast but not least you have to generate a stunnel private key: openssl req -new -x509 -days 365 -nodes Just remember to put it in the folder, which is listed in the stunnel.conf file. Now you should be able to run the connection through a tunnel Because I'm not a Linux wiz, I have used help from the following guides: Google http://serverfault.com/questions/424619/stunnel-not-reading-configuration-file http://www.onsight.com/faq/stunnel/stunnel-faq-a.html https://www.stunnel.org/pipermail/stunnel-users/2011-September/003261.html

Hi, I'm new to SSL. I'm using Viscosity and i know is compatible with SSL. I'm following these instructions http://my.hostvpn.com/knowledgebase/30/Stunnel-with-OpenVPN-or-Viscosity-on-Mac-OS-X.html. I've already installed stunnel, i marked "Bundle with executables" and generated the files. Now i have 5 files: AirVPN_GB-Nashira_SSL-443 AirVPN_GB-Nashira_SSL-443.ssl AirVPN_GB-Nashira_UDP-443 openvpn stunnelI don't understand for what is needed this command "./stunnel "AirVPN <..> - SSL <..>.ssl"" that i found here https://airvpn.org/ssl/ So i have the 5 files, stunnel installed, and Viscosity. Now? In my country a direct OpenVPN connection is possible. Should i use SSL or SSH. Sorry but i tried to find a guide on this site.

Hello! We're very glad to introduce native support for OpenVPN over SSL and OpenVPN over SSH, and a completely re-designed configuration generator which includes exciting, additional AirVPN services and features. Our service becomes more censorship resistant and easier to use with a wide range of OpenVPN GUIs and wrappers. UPDATE OCT 2014: EDDIE CLIENT AirVPN client version 2, codename Eddie, gets out of the beta testing with version 2.6. Free and open source, it is a major breakthrough from client versions 1.x. Available for Linux, Windows and OS X Mavericks and Yosemite. Eddie includes Network Lock, full integrated TOR support for OpenVPN over TOR, support for OpenVPN over SSL and SSH, "intelligent" anti-censorship circumvention technique, "intelligent" VPN servers efficiency and rating calculations and much, much more. https://airvpn.org/topic/12464-eddie-27-available Currently the only open source OpenVPN wrapper in the world which allows OpenVPN over TOR connections without middle boxes or VM on three different OS. NEW SERVICES: OPENVPN OVER SSL - OPENVPN OVER SSH OpenVPN over SSL and OpenVPN over SSH will allow you to bypass OpenVPN connections disruption. Known ISP countries where the disruption takes place are China, Iran, Syria, Egypt. The connection disruption is possible because OpenVPN connections have a typical fingerprint which lets Deep Packet Inspection discern them from pure SSL/TLS connections. Connecting OpenVPN over SSL or OpenVPN over SSH will make your connection undiscernable from pure SSL or SSH connections, rendering DPI fingerprint identification powerless. OpenVPN over SSL/SSH is included in every Premium subscription without any additional payment. Use OpenVPN over SSL/SSH only when necessary: a slight performance hit is the price to pay. The performance hit is kept as low as possible because the "double-tunneling" is performed directly on our servers without additional hops. NEW FEATURES A new system for host resolution (not available for Windows) and dynamic VPN server choice is available. This will let you have OpenVPN configuration files which will try connections to various servers (according to your preferences) if one or more servers are unavailable. A new connection port (2018) is now available on all Air VPN servers. A new, alternative entry-IP address is now available on all Air VPN servers. NEW CONFIGURATION GENERATOR FEATURES - You can now select servers by countries, continents and planets (currently only one planet) or any combination between single servers and countries. - You can now select an alternative entry-IP address. Each Air server has now an additional entry-IP address to help you bypass IP blocking. - You can now choose a wide variety of compressing options: zip, 7zip, tar, tar & gzip, tar & bzip2. - You can now choose not to compress the files and download them uncompressed one by one NEW CONFIGURATION GENERATOR "ADVANCED MODE" FEATURES - Total connection ports range available, including new port 2018 in addition to 53, 80, 443 and (for SSH) 22. - Option to generate non-embedded configuration files, mandatory if you use network-manager as OpenVPN wrapper under Linux or just in case you use any wrapper that does not support embedded with certificates and keys OpenVPN configurations. - Option to generate files and scripts for OpenVPN over SSL/SSH connections by clicking on "Advanced Mode" - Option to select "Windows" or "Linux and others". Make sure you select the correct option according to your OS, because connections over SSL/SSH in Windows require different files than those required for Linux, *BSD and Unix-like / POSIX compliant systems such as Mac OSX. - New options to generate configuration files that support proxy authentication for OpenVPN over a proxy connections, particularly useful if you're behind a corporate or college proxy which requires authentication. A significant example of usage of OpenVPN over a proxy is OpenVPN over TOR: https://airvpn.org/tor Instruction page for OpenVPN over SSL (only if you don't run our client Eddie): https://airvpn.org/ssl Instruction page for OpenVPN over SSH (only if you don't run our client Eddie): https://airvpn.org/ssh Please do not hesitate to contact us for any additional information. Kind regards & Datalove AirVPN admins