Search the Community

I've followed the instructions for building the AirVPN client here, and it seems to run just fine. The downloaded copy doesn't seem to like the newer version of Mono I'm running, but building it on my machine seems to work ok when I run it (so far). How do I make a .deb package or otherwise install it? I've tried the Tools|Build Package, but that gets me a tar.gz file which I'm really not sure about, and I'm also unsure as to exactly which segments I need to select anyway.

Hello, can someone explain how the iptables need to be changed for me in order to get the desired network lock working? $ ifconfig eth0 Link encap:Ethernet HWaddr 00:16:3e:f0:ea:1a inet addr:10.0.3.226 Bcast:10.0.3.255 Mask:255.255.255.0 inet6 addr: fe80::216:3eff:fef0:ea1a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:14427656 errors:0 dropped:0 overruns:0 frame:0 TX packets:9119526 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:20539458438 (20.5 GB) TX bytes:2946926836 (2.9 GB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:510367 errors:0 dropped:0 overruns:0 frame:0 TX packets:510367 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:109371859 (109.3 MB) TX bytes:109371859 (109.3 MB) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.4.7.67 P-t-P:10.4.7.67 Mask:255.255.0.0 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:6 errors:0 dropped:0 overruns:0 frame:0 TX packets:5 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:965 (965.0 TX bytes:2086 (2.0 KB) $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.4.0.1 128.0.0.0 UG 0 0 0 tun0 0.0.0.0 10.0.3.1 0.0.0.0 UG 0 0 0 eth0 10.0.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.4.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tun0 128.0.0.0 10.4.0.1 128.0.0.0 UG 0 0 0 tun0 178.162.198.103 10.0.3.1 255.255.255.255 UGH 0 0 0 eth0 From https://airvpn.org/faq/software_lock/: # Flush iptables -F iptables -t nat -F iptables -t mangle -F # Flush V6 ip6tables -F ip6tables -t nat -F ip6tables -t mangle -F # Local iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Local V6 ip6tables -A INPUT -i lo -j ACCEPT ip6tables -A OUTPUT -o lo -j ACCEPT # Make sure you can communicate with any DHCP server iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT iptables -A INPUT -s 255.255.255.255 -j ACCEPT # Make sure that you can communicate within your own network if Private Network option is enabled iptables -A INPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT iptables -A OUTPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT iptables -A INPUT -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT iptables -A OUTPUT -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT iptables -A INPUT -s 172.16.0.0/12 -d 172.16.0.0/12 -j ACCEPT iptables -A OUTPUT -s 172.16.0.0/12 -d 172.16.0.0/12 -j ACCEPT # Allow incoming pings if Ping option is enabled iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT # Allow established sessions to receive traffic: iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow TUN iptables -A INPUT -i tun+ -j ACCEPT iptables -A FORWARD -i tun+ -j ACCEPT iptables -A OUTPUT -o tun+ -j ACCEPT # Block All iptables -A OUTPUT -j DROP iptables -A INPUT -j DROP iptables -A FORWARD -j DROP # Block All V6 ip6tables -A OUTPUT -j DROP ip6tables -A INPUT -j DROP ip6tables -A FORWARD -j DROP

Hey..I have recently (and happily) moved to Ubuntu and "re-upped" my membership with AirVPN. One issue. My ISP is blocking some of my ports so downloading the required dependances or accessing the repository either by Synaptic, the Software Updater or the Ubuntu Software Center. I am looking for a workaround, I cant seem to find how to switch ports or download a full copy of Airvpn dependancies so I can get this to work. Thanks!

Hi, I'm connecting through Eddie 2.9 in Ubuntu. In the preferences I have LAN and ping both enabled, and I've also whitelisted the ip address of the networked printer at my office. But I still can't access it unless I turn network lock off. But I can access other computers on the LAN. It's just the printer that I can't talk to. Any advice?

Hello! ubuntu 14.04LTS Is there a simple way to bypass the vpn for plex or rather a specific port? I need a direct connection to my dedicated server for plex. Any help is very much appreciated. Thx! edit: I found a simple solution for ubuntu. Now, I use an ubuntu lxc-container for everything that I want to do with AirVPN (openvpn). The main system does not connect to AirVPN, thus I can easily establish a direct connection with my plex server. I know this should be possible with firewall rules and routes, but this is a good option for me.

Hi. I use AirVPN in Ubuntu's network manager and would like to use it as tap0, as opposed to tun0, so that I can bridge my connection via ethernet cable to another device (one which is not as easy to configure) and have it connect to the Internet the same way a virtual machine would (i. e. connecting through AirVPN the way my PC would). Unfortunately, I have found no way to bridge (or otherwise sharee) the connection besides using a TAP device. However, upon changing the .ovpn files from 'dev tun' and 'persist-tun' to 'dev tap' and 'persist-tap', I have found that I am unable to access the Internet. There doesn't seem to be a whole lot out there on sharing a VPN connection via Ubuntu, so I'd appreciate any suggestions that you might have for me. Oh, and if this is possible, I wonder why AirVPN files pick TUN over TAP. Is it in any way safer? Would I be compromising security in this case to get a little more functionality?

Hi all, I have the Linux AirVPN Eddie Client 2.8.8 running on Lubuntu. When I try to "Save As" the log files from the GUI it defaults to a "Desktop" directory. As you can see on the attached screenshot, I saved a log file called AirVPN_log.txt. However, it seems that this is not really my desktop. The saved file doesn't show up on my desktop and other files that are on my desktop don't show up in the "Save As" Desktop folder... From the "Save As" dialog I can not navigate to any folder that is familiar to me. There is also no way to open, delete or move files already saved (like the AirVPN_log.txt file). My question is: where does AirVPN save these log files? I can not find the AirVPN_log.txt anywhere on my system, still the Eddie Client seems to have saved it somewhere. Thanks in advance

I would like to be able to use VPN only with Hexchat. I'm using eddie 2.7. I'm on elementary OS. Is there a way to do this so the VPN only gets used through Hexchat?

Hi everyone, I would like to have my digital ocean VM use a VPN for its outgoing http requests. I am using openVPN on Ubuntu 14.04.1 LTS (GNU/Linux 3.5.0-48-generic x86_64). Got the files AirVPN_Europe_TCP-53.ovpn ca.crt ta.key user.crt user.key in one directory. VPN is using TCP protocol on port 53. Also tried with UDP, same problem also copied the files to /etc/openvpn/ to try to run it via openvpn start. If I do that, I get the output: root@tr:/home# sudo service openvpn start * Starting virtual private network daemon(s)... ..but nothing happens. curl http://www.ipchicken.com still reveals the servers ip If I directly run root@tr:/etc/openvpn# sudo openvpn AirVPN_Europe_TCP-53.ovpn Thu Sep 18 09:42:35 2014 OpenVPN 2.3.2 i686-pc-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [iPv6] built on Feb 4 2014 Thu Sep 18 09:42:35 2014 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file Thu Sep 18 09:42:35 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Sep 18 09:42:35 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Sep 18 09:42:35 2014 Socket Buffers: R=[87380->131072] S=[87380->131072] Thu Sep 18 09:42:35 2014 Attempting to establish TCP connection with [AF_INET]95.211.186.65:53 [nonblock] Thu Sep 18 09:42:36 2014 TCP connection established with [AF_INET]95.211.186.65:53 Thu Sep 18 09:42:36 2014 TCPv4_CLIENT link local: [undef] Thu Sep 18 09:42:36 2014 TCPv4_CLIENT link remote: [AF_INET]95.211.186.65:53 Thu Sep 18 09:42:36 2014 TLS: Initial packet from [AF_INET]95.211.186.65:53, sid=d5ee74c0 46f1dcfd Thu Sep 18 09:42:36 2014 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org Thu Sep 18 09:42:36 2014 Validating certificate key usage Thu Sep 18 09:42:36 2014 ++ Certificate has key usage 00a0, expects 00a0 Thu Sep 18 09:42:36 2014 VERIFY KU OK Thu Sep 18 09:42:36 2014 Validating certificate extended key usage Thu Sep 18 09:42:36 2014 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Thu Sep 18 09:42:36 2014 VERIFY EKU OK Thu Sep 18 09:42:36 2014 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org Thu Sep 18 09:42:37 2014 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Thu Sep 18 09:42:37 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Sep 18 09:42:37 2014 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Thu Sep 18 09:42:37 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Sep 18 09:42:37 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA Thu Sep 18 09:42:37 2014 [server] Peer Connection Initiated with [AF_INET]95.211.186.65:53 Thu Sep 18 09:42:39 2014 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Thu Sep 18 09:42:40 2014 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.9.0.1,comp-lzo no,route 10.9.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.9.0.254 10.9.0.253' Thu Sep 18 09:42:40 2014 OPTIONS IMPORT: timers and/or timeouts modified Thu Sep 18 09:42:40 2014 OPTIONS IMPORT: LZO parms modified Thu Sep 18 09:42:40 2014 OPTIONS IMPORT: --ifconfig/up options modified Thu Sep 18 09:42:40 2014 OPTIONS IMPORT: route options modified Thu Sep 18 09:42:40 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Thu Sep 18 09:42:40 2014 ROUTE_GATEWAY 178.62.192.1/255.255.192.0 IFACE=eth0 HWADDR=04:01:28:70:e1:01 Thu Sep 18 09:42:40 2014 TUN/TAP device tun0 opened Thu Sep 18 09:42:40 2014 TUN/TAP TX queue length set to 100 Thu Sep 18 09:42:40 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Thu Sep 18 09:42:40 2014 /sbin/ip link set dev tun0 up mtu 1500 Thu Sep 18 09:42:40 2014 /sbin/ip addr add dev tun0 local 10.9.0.254 peer 10.9.0.253 Thu Sep 18 09:42:40 2014 /sbin/ip route add 95.211.186.65/32 via 178.62.192.1 Thu Sep 18 09:42:40 2014 /sbin/ip route add 0.0.0.0/1 via 10.9.0.253 Thu Sep 18 09:42:40 2014 /sbin/ip route add 128.0.0.0/1 via 10.9.0.253 Write failed: Broken pipe After that the VM is just completely down / frozen and I need to restart it. Really no clue on whats going wrong here and have been on this for hours. Any idea?

Hi guys! So I am attempting to setup my Transmission bittorrent client with Transdrone (Transdroid) app on Android. I want to be able to use this android remote app to connect to my desktop (where Transmission is running) while I am connected to this VPN. So I: 1) Connected to a server (say Server A). 2) Configured port forwarding on AirVPN's site (AirVPN > Client Area > Forwarded ports). Let's say I forwarded port 7712 and 7713. 3) Logged into Transmission and set port 7712 as the Incoming port (Transmission > Preferences > Network) and made sure 'Pick a random port at startup' was unchecked. 4) Allowed remote access (HTTP) from port 7713 and configured username/password authentication. Made sure 'Only allow these IP addresses' was unchecked. 5) Then set my firewall to allow incoming connections from port 7712 and 7713 (TCP). * I DID NOT log into my router and configure port forwarding for these ports (or any for that matter). When I hit the 'Test Port' button (Transmission > Network) to test port 7712, it says 'Port is OPEN'. Cool. ----- So what is my post about? Well there are some instructions on this page that confuse the heck outta me: https://airvpn.org/faq/p2p/ I do not understand what is being communicated here... "If you forward a port for a p2p torrent client, do NOT remap it to a different local port and make sure that the torrent client port matches the remotely forwarded port number" - What is meant by "do not remap it to a different local port"? Am I supposed to log into my router and setup port forwarding for port 7712 & 7713? "do NOT forward on your router the same ports you use on your Bittorrent or eMule client (or any other listening service) while connected to the VPN" - Doesn't this contradict the previous instruction? What is the correct way to configure port forwarding so that my P2P client will work with my android remote app? (and seed)

Hey there, So I'm using the AirVPN client on ubuntu and I've two questions: 1) How do I make it so the client starts at system startup? I already added "sudo airvpn" to the system-startup thing and in the airVPN client I checked the box "Connect at startup". It's still not working.. Any idea why? 2) What's the name of the process in the system-monitor? The other day I had a problem with the client and couldn't/didn't-know-how-to kill it because I couldn't find the process..

Hello, I have Ubuntu 12.04.3LTS on a bootable flash drive and I am trying to get AirVPN to work. I can get the download but the install keeps failing. I have tried a couple different things I have seen posted on the forums, but the install is not going - when I go to import I keep getting message that the file doesn't contain the correct VPN info. Is it even possible to get Air working on a bootable Linux flash drive?

Hi, I installed the Eddie client from the .deb package, but when I try to connect I get the error Driver Installation Failed The logs show an error when I installed the client which says: OpenVPN Driver - Not available however, `open-vpn` and `bridge-utils` are installed. Any suggestions to get it working?

UPDATE 01-SEP-17 Due to multiple, critical problems in network-manager-openvpn which after years have not been solved we recommend to NOT use it. Please understand that we will not provide support to network-manager-openvpn. In GNU/Linux we recommend that you run our free and open source software "AirVPN Suite", "Eddie" or OpenVPN directly Warning: Ubuntu 14.04 has an issue on configuration files import. At 25/04/2014 there's still no fix. Bug Report Go to Config Generator page, choose Linux and choose your preferred options. Select Advanced Mode Tick Separate certs/keys from .ovpn files Click on any archive format. Save the downloaded archive file somewhere, say in ~/.airvpn. Extract it. Five files should be extracted. Try to make sure nobody but you can read the file user.key, because that one is secret. Install the package named network-manager-openvpn-gnome, which is a plugin to NetworkManager handling OpenVPN connections. The install will automatically include all needed packages, like openvpn etc. Click on NetworkManager icon in top-right bar, and choose Edit Connections... Click Add, choose Import a saved VPN configuration, click Create... and choose a .ovpn file extracted from files generated by our Config Generator. The imported information is displayed. Click Save... and close the NetworkManager Connections editor. From now on, the imported connections are showed under VPN Connections menu. Click it to connect.

I've read the instructions on adding a VPN via the GUI NetworkManager in Linux. I cannot get these options to save. I'm attaching a screen shot as this explains it much better than I can. All fields are populated, yet I cannot apply/save these settings. VPN via the command line does work, but I cannot create this connection via NetworkManager. Please help, it's driving me crazy!!

Hi AirVPN team, On the same machine I have windows and ubuntu. On Windows: * Windows 8 Pro * Advanced Firewall used to limit internet traffic to only be through VPN * uTorrent w/ port forwarding * Usually peaks around 2.5mB/s. Max I've seen is 3mB/s+. * Server: Sirius, TCP On Ubuntu: * 12.04 Server (with minimal desktop installed) * UFW used to block all traffic out/in for internet except certain ports through VPN * Transmission w/ port forwarding * Usually peaks around 500kB/s. Max I've seen is 900mB/s. * Server: Sirius, UDP What can I do to increase the speed on Ubuntu? I think it's very odd that this is happening. Other variations are that the disks are different, but both are comparable 7200RPMs. Thanks

Hi Guys, I am running Ubuntu 12.04 lts x86_64 and I have installed everything correctly and vpn works on all other configurations except for openvpn over ssl. when I use the command stunnel (see below) it gives me an openvpn error failed to initialize SSL I'm pretty frustrated trying to get this to work with gnome network manager or openvpn directly. can someone help? Thank you. stunnel AirVPN_US-Librae_SSL-443.ssl Clients allowed=500 stunnel 4.56 on x86_64-unknown-linux-gnu platform Compiled/running with OpenSSL 1.0.1 14 Mar 2012 Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Reading configuration from file AirVPN_US-Librae_SSL-443.ssl FIPS_mode_set: F06D065: error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported Line 13: "[openvpn]": Failed to initialize SSL str_stats: 4 block(s), 57 data byte(s), 232 control byte(s)

I managed to get my headless Ubuntu Server 12.04 LTS running AirVPN fine. However, I can't seem to get any data connection, either thru wget or apt-get commands or anything else. Are there some tests I could run to see what it might be? Any help would be awesome! Thanks!

I have just purchased this for port forwarding as i have 2 different computer that I want to use for webhosting and cannot port forward to 2 separate computers. I have installed network-manager-openvpn-gnome on the computer with Ubuntu. I do not have a GUI so the instructions to follow here https://airvpn.org/linux/ do not work. I have created openvpn in my home directory and uploaded the 4 files made in airvpn to here. i restarted openvpn and get the following NO VPN is running. What do I need to do next. I have not set up the port forwarding as yet. Thanks for any help.

Hi everyone, I was using AirVPN for several month now on Mac OSX with Tunnelblick and it worked flawlessly. No I have configured it on my Ubuntu laptop, all settings exactly like in the help section and here: https://airvpn.org/?option=com_kunena&Itemid=55&func=view&catid=3&id=116 It works at first, AirVPN.org website tells me I'm connected, but just after a couple of seconds, I only get timeout errors. I'm using the network-manager under Ubuntu. Any idea? Thanks murph

Hi just changed my OS to Ubuntu 12.04. Followed the instructions however every time I try to import one of the OVPN files downloaded I get an error message : "The file 'AirVPN_CH-Virginis_UDP-443.ovpn' could not be read or does not contain recognized VPN connection information: . Not sure what I am doing wrong. By the way I am new to linux environment. Thanks for nay help!

Hey guys, I followed the instructions and when attempting to connect I get to Initalization Sequence Completed and then.. Nothing. It just hangs it seems like. Anyone have any suggestions? I did an alt+C to cancel at the end to restore internet access. Mon Jun 17 12:04:40 2013 OpenVPN 2.2.1 x86_64-linux-gnu [sSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [iPv6 payload 20110424-2 (2.2RC2)] built on Feb 27 2013Mon Jun 17 12:04:40 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executablesMon Jun 17 12:04:40 2013 WARNING: file 'user.key' is group or others accessibleMon Jun 17 12:04:40 2013 LZO compression initializedMon Jun 17 12:04:40 2013 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]Mon Jun 17 12:04:40 2013 Socket Buffers: R=[229376->131072] S=[229376->131072]Mon Jun 17 12:04:40 2013 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]Mon Jun 17 12:04:40 2013 Local Options hash (VER=V4): '22188c5b'Mon Jun 17 12:04:40 2013 Expected Remote Options hash (VER=V4): 'a8f55717'Mon Jun 17 12:04:40 2013 UDPv4 link local: [undef]Mon Jun 17 12:04:40 2013 UDPv4 link remote: [AF_INET]149.255.33.154:443Mon Jun 17 12:04:40 2013 TLS: Initial packet from [AF_INET]149.255.33.154:443, sid=73901bca b6551ec2Mon Jun 17 12:04:40 2013 VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.orgMon Jun 17 12:04:40 2013 VERIFY OK: nsCertType=SERVERMon Jun 17 12:04:40 2013 VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.orgMon Jun 17 12:04:41 2013 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit keyMon Jun 17 12:04:41 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authenticationMon Jun 17 12:04:41 2013 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit keyMon Jun 17 12:04:41 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authenticationMon Jun 17 12:04:41 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSAMon Jun 17 12:04:41 2013 [server] Peer Connection Initiated with [AF_INET]149.255.33.154:443Mon Jun 17 12:04:43 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)Mon Jun 17 12:04:43 2013 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.4.0.1,comp-lzo no,route 10.4.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.4.39.62 10.4.39.61'Mon Jun 17 12:04:43 2013 OPTIONS IMPORT: timers and/or timeouts modifiedMon Jun 17 12:04:43 2013 OPTIONS IMPORT: LZO parms modifiedMon Jun 17 12:04:43 2013 OPTIONS IMPORT: --ifconfig/up options modifiedMon Jun 17 12:04:43 2013 OPTIONS IMPORT: route options modifiedMon Jun 17 12:04:43 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modifiedMon Jun 17 12:04:43 2013 ROUTE default_gateway=192.168.3.30Mon Jun 17 12:04:43 2013 TUN/TAP device tun0 openedMon Jun 17 12:04:43 2013 TUN/TAP TX queue length set to 100Mon Jun 17 12:04:43 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0Mon Jun 17 12:04:43 2013 /sbin/ifconfig tun0 10.4.39.62 pointopoint 10.4.39.61 mtu 1500Mon Jun 17 12:04:43 2013 /sbin/route add -net 149.255.33.154 netmask 255.255.255.255 gw 192.168.3.30Mon Jun 17 12:04:43 2013 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.4.39.61Mon Jun 17 12:04:43 2013 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.4.39.61Mon Jun 17 12:04:43 2013 /sbin/route add -net 10.4.0.1 netmask 255.255.255.255 gw 10.4.39.61Mon Jun 17 12:04:43 2013 Initialization Sequence Completed^CMon Jun 17 12:05:10 2013 event_wait : Interrupted system call (code=4)

Personally I'm using gufw for linux, and it works very well. However, it's important to remember that gufw is just a graphical frontend for ufw, and ufw, in turn, is just a friendlier system for manipulating IPTABLES (which is again a system for manipulating netfilter directly in the running kernel). Gufw is perhaps over simplified, which is why I find it not really that great for anything else than providing an overview of your rules and turning the firewall on an off. With regards to firestarter, I have tried it once, but I didn't really have any good experience with it, since, as you guys have already posted, it seems rather poorly coded and does some odd things when manipulating IPTABLES. What I found invaluable about ufw is its ability to specify rules based on interface and its simplictity even though its quite powerful. This was my main motivation for using it over other solutions like Firestarter, and Shorewall was too complicated for my taste. My rule approach goes like this: Allow connections OUT to AirVPN servers I use the most (for connecting/reconnecting to the AirVPN service, entry IP's, marked RED on the screenshot) Allow connections OUT FROM the tun0 interface TO anywhere (when I'm connected, this is the interface used to communicate to the Internet, marked GREEN on the screenshot) Allow connections (UDP/TCP) IN TO the tun0 interface to a specific port (to enable AirVPN's port forwarding feature, marked BLUE on the screeshot) Allow connections IN FROM the 192.168.1.0/24 network TO the eth0 interface (enable home networking. Notice how it's on a different interface, YELLOW) Allow connections OUT FROM the eth0 interface TO the 192.168.1.0/24 network (enable home networking, also on the eth0 interface, YELLOW) Block ALL other traffic (by choosing DENY/DENY in gufw) When the VPN drops (and the tun0 interface is disabled), the only connections allowed OUT from the computer are to the AirVPN server IP's (to reconnect) and the local 192.168.1.0/24 network (to still function in the LAN). And the only connections allowed TO the computer are from the local network as well. No leaks. Now, the gufw GUI doesn't allow for specifying the interface (remember, it's over simplified), so to do that, it's necessary to use ufw directly. Gufw can, however, display the rules when created by ufw. For example: "sudo allow out on tun0 from any to any" - is quite straightforward, and of course creates the rule that allows for communication TO the Internet when connected to AirVPN. "sudo allow in on tun0 from any to any port xxxxx" - enables the port forwarding feature by allowing packets to the specified port on the tun0 interface to pass through. Tips: - the order of the rules is very important - mimic mine on the screenshot attached - to add rules in a specific order from the command line, use "insert x": "sudo insert 3 allow in on tun0 from any to any port xxxxx" - inserts the rule at the 3rd position and moves rules below it downward, includin the previous rule nr 3. - when adding rules via the commandline, press F5 in gufw to force a refresh and view the newly added rule - the UFW manual is well worth reading, although you may not need any more information than offered in this post - with this approach, you're blocking multicasting addresses possibly forwarded by your router. Just a thing to have in mind in case you need it; it is of couse easily remedied by creating a new rule allowing the address(es). Let me know how this works for ya