Jump to content
Not connected, Your IP:

Search the Community

Showing results for tags 'airvpn'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • AirVPN
    • News and Announcement
    • How-To
    • Databases
  • Community
    • General & Suggestions
    • Troubleshooting and Problems
    • Blocked websites warning
    • Eddie - AirVPN Client
    • DNS Lists
    • Reviews
    • Other VPN competitors or features
    • Nonprofit
    • Off-Topic
  • Other Projects
    • IP Leak
    • XMPP

Product Groups

  • AirVPN Access
  • Coupons
  • Misc

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



Website URL







XMPP / Jabber




Found 193 results

  1. Hello, I have been using AirVPN for quite some time now... I was previously using the Eddie client on a single machine, but decided to build a PFSense box and configure the VPN there. I am located in Canada, and setting a connection to a single VPN server in Toronto. It seems to give the best connection and reliability rather then going for the ca.airvpn (I seem to always end up at a BC server using this entry) My issue is.... I currently have a 150mbps connection with my ISP. Using PFSense without AirVPN I am able to reach my advertised speeds With AirVPN configured, I am only ever seeing a max of about 30mbps. My hardware setup is quite decent. Intel® Core i5 CPU 650 @ 3.20GHz 4gb DDR3 memory120gb SSD2 Intel NICs (both showing as igb) My speeds using Eddie were very very good, much better then the PFSense speeds; so I can only assume that I have a configuration error (my hardware seems to be quite good from what I have been reading) Some research from other posts did not help better my issue, so I am hoping that posting my own thread on this topic can being me closer to a conclusion with mine. I followed the guide by "pfSense_fan"https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/ I can post any diagnostics or logs as necessary, I just do not know what you guys would like to see. Any help with this would be appreactiated Regards
  2. Hello all, This is collection from different tutorials which I will refer here, but usually changed since some things changed. Setting up VPN on Synology is modified neolefort tutorial from here and reconnect script if from sundi which you can find here, which probably modified this script, plus my iptables for blocking Synology on router level when VPN fails. Other contributions: foobar666 - you no longer need to enter variables manually _sinnerman_ - fixed script for DS 6.1 I'm doing this mostly because I usually forget things I managed to solve after year or two, so this is way to have constant reminder how it was solved and also help others. 1. Get your certificates from AirVPN. Go to the https://airvpn.org/generator/ page to generate the configuration file. (1) SELECT the Advanced Mode (near top right of the page) (2) SELECT LINUX OS (3) Under "Protocols" section select one with protocol UDP and port 443 (at the time of writing, it was first in list). You can choose any combination of protocol/port, but then also change iptables accordingly if you are using failsafe script. (4) Under "Advanced - OpenVPN only" section (right part of page), select "Separate keys/certs from .ovpn file" and change OpenVPN version to "<2.4" (you don't need to do this if you are using DSM7 or newer) (5) SELECT 1 SERVER (refer to section "by single servers") OR COUNTRY OR ANYTHING ELSE YOU WANT In original tutorial, neolefort said to choose 1 server, because in that case you will get IP instead of xxx.airvpn.org domain. Choosing 1 server is safe because it doesn't need working DNS when you want to connect to VPN. If you choose anything else, you need working DNS on your router when establishing VPN connection. (6) Click "GENERATE" at the bottom. (7) Click on the ZIP button in order to download the AIRVPN configuration files and unzip them anywhere on your computer The ZIP archive should contain the following files: -AirVPN_XXXXX_UDP-443.ovpn -ca.crt -user.crt -user.key -ta.key 2. Setup AirVPN on Synology. In new DSM 6 it's much more easier since Synology developers allowed everything in GUI now. - Login as admin or with user from Administrator group. - Open Control panel. - Go "Network" and click on tab "Network Interface" - Click on button "Create" - "Create VPN profile" - Choose "OpenVPN (via importing .ovpn file) - Click "Advanced options" so it shows all options - Profile name: anything you want, but please keep is short and if you can without spaces " ", for example "AirVPN". - User name: LEAVE EMPTY (for DSM 7+ just put anything here) - Password: LEAVE EMPTY (for DSM 7+ just put anything here) - Import .ovpn file: click button and import your AirVPN_XXXXX_UDP-443.ovpn - CA certificate: click button and import your ca.crt - Client certificate: click button and import your user.crt - Client key: click button and import your user.key - Certificate revocation: LEAVE EMPTY - TLS-auth key: click button and import your ta.key - Click "Next" - Select all options, EXCEPT "Enable compression on the VPN link" (well, you can select that also if you really want, but don't ) Now you have working OpenVPN link on your Synology DS6+. You just need to start it from "Control panel" - "Network" - "Network Interface". EXTRAS!!! 3. Setting up external access to your Synology. First what you will notice is, "I CAN'T ACCESS MY SYNOLOGY FROM OUTSIDE OF MY LAN!!!!!!! OMG OMG OMG!!!!" I will not explain port fowards on your router here, if you don't know how to make one, learn! (1) You can port forward trough AirVPN webpage and access your Syno via VPN exit IP. This sometimes works, most of times it doesn't since Syno has some ports you cannot change. Anyway, change your default HTTP / HTTPS port on Syno to your forwarded AirVPN port and you should be fine. But forget about Cloudstation and similliar things. (2) If you want to access Syno via you ISP IP (WAN), then problem is, your Syno is receiving your connection, but it's replying trough VPN. That's a security risk and those connections get droped. But there is solution! - Access "Control panel" - "Network" - "General" - Click "Advanced Settings" button - Mark "Enable multiple gateways" and click "OK" and then "Apply" You're done! It's working now (if you forwarded good ports on your router). 4. Prevent leaks when VPN connection on Synology fails. There will be time, when you VPN will fail, drop, disconnect, and your ISP IP will become visible to world. This is one of ways you can prevent it, on router level. For this you need Tomato, Merlin, DD-WRT or OpenWRT firmware on your router. I will tell you steps for Tomato router. If you are using different firmware, then you need to learn alone how to input this code into your router. Since Shibby version 129 for ARM routers, syntax of iptables changed and depending on which version of iptables you are using, apply that code. - Login to your router (usually just by entering into your browser, if your IP is different, find out which is your gateway IP). - Click on "Administration" - Click on "Scripts" - Choose tab "Firewall" For Shibby v129 for ARM and later (iptables 1.4.x) us this: #Use this order of commands because it executes in reverse order. #This command will execute last, it kills all UDP requests. iptables -I FORWARD -p udp -s -j REJECT #This command will execute second and will block all TCP source ports except those needed for web access or services iptables -I FORWARD -p tcp -s -m multiport ! --sports 5000,5001,6690 -j REJECT #This command will execute first and will ACCEPT connection to your VPN on destination port 443 UDP iptables -I FORWARD -p udp -s -m multiport --dports 443 -j ACCEPT For earlier Shibby versions and later for MIPS routers: #Use this order of commands because it executes in reverse order. #This command will execute last, it kills all UDP requests. iptables -I FORWARD -p udp -s -j REJECT #This command will execute second and will block all TCP source ports except those needed for web access or services iptables -I FORWARD -p tcp -s -m multiport --sports ! 5000,5001,6690 -j REJECT #This command will execute first and will ACCEPT connection to your VPN on destination port 443 UDP iptables -I FORWARD -p udp -s -m multiport --dports 443 -j ACCEPT Port TCP 5000 = HTTP for for Synology web access (change to your if it's not default) Port TCP 5001 = HTTPS for for Synology web access (change to your it's not default) Port TCP 6690 = Cloud Station port Port UDP 443 = AirVPN connection port which you defined in step 1 of this tutorial. If you are using TCP port, then you need to change "-p udp" to "-p tcp" in that line. If you need more ports, just add them separated by comma ",". If you want port range, for example 123,124,125,126,127, you can add it like this 123:127. Change IP to your Synology LAN IP. Be careful NOT TO assign those ports to your Download Station on Synology. This isn't perfect, you can still leak your IP through UDP 443, but since torrent uses mostly TCP, those chances are minimal. If you use TCP port for VPN, then those chances increase. If you really want to be sure nothing leaks even on UDP 443 (or your custom port), you need to choose 1 (ONE) AirVPN server. You need to find that server entry IP and change last IPTABLES rule to something like this: iptables -I FORWARD -p udp -s -d 123.456.789.123 -m multiport --dports 443 -j ACCEPT Where 123.456.789.123 is AirVPN server entry IP. This will allow UDP 443 only for that server, rest will be rejected by router. These are all my opinions, from my very limited knowledge, which may be right and may be wrong. 5. Auto reconnection when VPN is down. Since when you made your VPN connection on your Synology, you checked "Reconnect" option, Syno will try to reconnect automaticly when connection fails. But in some cases, your network will be offline long enough and Syno will stop trying to reconnect, or will hang with VPN connection established, but not working. In those cases you can use this auto reconnect script. This is reconnect script. Just select all script text and copy it. #VPN Check script modified Sep 11, 2016 #Script checks if VPN is up, and if it is, it checks if it's working or not. It provides details like VPN is up since, data #received/sent, VPN IP & WAN IP. #If VPN is not up it will report it in the log file and start it #Change LogFile path to your own location. #Save this script to file of your choosing (for example "synovpn_reconnect"). Store it in one of your Synology shared folders and chmod it: "chmod +x /volume1/shared_folder_name/your_path/synovpn_reconnect" #Edit "/etc/crontab" and add this line without quotes for starting script every 10 minutes: "*/10 * * * * root /volume1/shared_folder_name/your_path/synovpn_reconnect" #After that restart cron with: "/usr/syno/sbin/synoservicectl --restart crond" #!/bin/sh DATE=$(date +"%F") TIME=$(date +"%T") VPNID=$(grep "\[.*\]" /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "[" | cut -f 1 -d "]") VPNNAME=$(grep conf_name /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "=") LogFile="/volume1/filmovi/Backup/airvpn/check_airvpn_$DATE.log" PUBIP=$(curl -s -m 5 icanhazip.com) #PUBIP=$(curl -s -m 5 ipinfo.io/ip) #PUBIP=$(curl -s -m 5 ifconfig.me) CHECKIP=$(echo $PUBIP | grep -c ".") start_vpn() { echo "VPN is down. Attempting to (re)start now." >> $LogFile # /usr/syno/bin/synovpnc kill_client --protocol=openvpn --name=$VPNNAME /usr/syno/bin/synovpnc kill_client /bin/kill `cat /var/run/ovpn_client.pid` 2>/dev/null sleep 35 echo 1 > /usr/syno/etc/synovpnclient/vpnc_connecting echo conf_id=$VPNID > /usr/syno/etc/synovpnclient/vpnc_connecting echo conf_name=$VPNNAME >> /usr/syno/etc/synovpnclient/vpnc_connecting echo proto=openvpn >> /usr/syno/etc/synovpnclient/vpnc_connecting /usr/syno/bin/synovpnc reconnect --protocol=openvpn --name=$VPNNAME >> $LogFile } sleep 6 echo "======================================" >> $LogFile echo "$DATE $TIME" >> $LogFile if ifconfig tun0 | grep -q "00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00" then if [ "$CHECKIP" == 1 ] then IPADDR=$(/sbin/ifconfig tun0 | grep 'inet addr' | cut -d: -f2 | awk '{print $1}') RXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f2 | awk '{print $1,$2,$3}') TXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f3 | awk '{print $1,$2,$3}') UPTIME=$(cat /var/log/messages | grep "$IPADDR" | awk '{print $1}' | tail -1) UPTIME=$(date -d"$UPTIME" +"%Y/%m/%d %H:%M:%S") echo "VPN is up since: $UPTIME" >> $LogFile echo "Session Data RX: $RXDATA" >> $LogFile echo "Session Data TX: $TXDATA" >> $LogFile echo "VPN IP is: $IPADDR" >> $LogFile echo "WAN IP is: $PUBIP" >> $LogFile else start_vpn fi else start_vpn fi exit 0 (1) Login to you Synology DSM web interface as admin. - As admin go to "Control panel" - "Task Scheduler" (you need to enable advanced mode in top right corner of control panel for this) - Click "Create" button near top of page, then select "Scheduled Task" and then "User-defined script" (2) New popup window will open. - under "Task:" enter task name - under "User:" select "root" if it's not already selected - switch to "Schedule" tab and select how often you want this task to run, my settings are: - "Run of following days" - "Daily" - "First run time" - 00:00 - "Frequency" - "Every 10 minutes" - "Last run time" - 23:50 - switch to "Task settings" tab - paste script you copied into empty box under "User-defined script" title - press OK and you're done I tested this on DSM 6.2.2 and it works without problems for now. Still, I'm keeping old instructions in next post, if someone wants to do it like that. Tip: If you don't want logfile, you can comment out those lines, or remove ">> $LogFile" code from whole script. That's all. If you entered everything correctly, you should be fine and ready to go! Comments are welcome. If you find mistakes, please correct me.
  3. Everytime I try "Connect to a recommended server" or just try one of the servers from the server list it tries to connect to it and then instantly fails. I will include the logs here below, I'm kinda new to this so any help would be highly appreciated! :D Eddie_20231114_155636.txt
  4. Over the past few months of using AirVPN alongside Virgin Media I have had nothing but issues. I am either unable to get the full bandwidth that I pay for, or my connection drops so frequently that it makes browsing almost impossible. I want to say a huge thank you to the AirVPN community and the people over at AirVPN as well for all of their support. I have learnt a lot over the last few months and I wanted to take the time to share my findings so that anyone else that had these issues could attempt the same things as I did and perhaps it will help you too. The Bandwidth cut Firstly lets talk about bandwidth issues. I have a fibre connection that without my VPN service I receive the 150meg I pay for. No sooner do I switch on the VPN I face drops of 75%. With the help of this post: https://airvpn.org/topic/12473-virgin-media-openvpn-low-speeds-throttlingbug/ rainmakerraw posted saying that by using the SSL protocols through EDDIE he was able to regain the lost bandwidth faced by using the VPN service. I figured this could work in the AirVPN program and after contacting the AirVPN team who advised changing this setting in AirVPN's protocols to SSL port 80 I saw that my speeds jumped to around 50% of my total bandwidth. For what I use the internet for, this was more than acceptable so I didn't mind taking a 50% cut so long as my anonymity was safe. METHOD: In the AirVPN program click the AirVPN logo in the top left corner: Next hit the preferences button: And then go to the protocols section and select the SSL port 80 radio button: This should now give you boost on your speeds while running AirVPN with Virgin Media. However, my story doesn't end there. The connection drop For a short time I was able to enjoy absolute anonymity and with only a 50% drop in service. I could live with this, until my connection began drop constantly. Initially this was very intermittent, and I simply disconnected from the current server and just hit reconnect. Issue fixed. However, this started to become extremely frequent, to the point that I was only able to browse for around 5 minutes before the connection dropped and I was shown a DNS error on websites I was trying to access. I could not seem to find anyone on these forums with the same issue, nor anyone with a solution. I knew that it had to be my ISP causing the problem as this did not exist anywhere else. However, I did find whisper on some other sites about Windows 10 causing problems with VPN services. It seems we live in a world governed by people hell bent on watching our every move, and at any cost they will try their best to succeed in this. Thankfully there are far smarter nerds out there capable of finding a solution. After a bit of searching I came across this post: https://www.bestvpn.com/blog/28318/warning-windows-10-vpn-users-at-big-risk-of-dns-leaks-2/ Which suggested that within Windows 10's group policies there was an option causing a few issues regarding DNS leaking. I had checked several times on https://dnsleaktest.com/ as well as https://ipleak.net/ as to whether this might be the cause of my problem but found no issues. That being said I wanted to add this here as I feel it could be of some use to people. Now, this is a guide for Windows 7 users but it works on Windows 10 (I will assume you are using this), however, it only works for Windows 10 pro. Windows 10 Home does not have the group policy software included, and after a little tinkering I managed to get it installed but there was no option to remove the "Smart Multi-Homed Name Resolution". So it didn't help me. However, if you have 10 pro, I see no reason not to include this as it could be an option. Never Give Up I wasn't going to be beaten that easily. I figured it was time to use the ol' process of elimination to figure out the cause of my problem, so I connected my laptop to my mobile phone via WIFI hotspot and with AirVPN connected I found there was not a single drop in a full 24 hours of web browsing. (Of course this ended up costing me a fortune but we live and learn). So then, my issue had to lie with Virgin Media. Perhaps then my Superhub was the cause. But if it was, where would I start? I figured is this was going to be any kind of software issue the firewall would be the place to look. Well by Jove I think I found it. Superhub more like SuperDUD As I type this I am now happily browsing the web at full speed, uninterrupted, and happy. SSL 80, no connection drop and I'm confident. The issue seemed to be with the PPTP and Multicast pass through. A little internet search and what should pop up as the top link: https://support.cultrix.co.uk/hc/en-gb/articles/202644875-VPN-Does-Not-Connect-When-Using-Virgin-Media-SuperHub A page regarding the issues this VM hub causes VPN services when these two options are not clicked. METHOD: Log into your Virgin Media Hub. For most of you this will be via the web browser and in the address bar you type If this should not work refer to your particular hubs manual for the correct method, or using the sticker on the bottom of the router. Once in, you should see this screen: From here you want to type in the password to access the routers settings. I have changed mine so its no longer default, however, if you have never done this the password should be on the sticker on the router, but refer to the user manual to be sure. Next go ahead and click sign in and you will see this screen: From here we want to enter into the advanced settings option located at the bottom right of the screen. It may pop up a little warning but I assure you we are not doing anything that will break the router. On the following screen scroll down until you see the "Security" options: You are going to want to click on "Firewall". Lastly, on this next screen you should see the option for PPTP and Multicast Pass through as seen bellow. Go ahead and click both so that there is a tick in each box and then save the settings. If for some reason yours is already active, and you are facing the same issues as I am I am afraid I am at a loss as to what your issue could be. As I say, this is really just my own findings and this is as far as I got. The light at the end of the fibre Hopefully you should now be in the same boat as me, you should have a lovely consistent connection, with no loss of bandwidth and with the help of your lovely AirVPN service 100% anonymity. If for any reason these methods do not help feel free to post, perhaps this could be the central place for other VM subscribers and those using AirVPN. The small print Of course with any fixes like this they all come with inherent risks. I am merely showing you what I did and how, but please, do this at your own risk. I have had no issues doing this but I am not responsible for anything that goes wrong for you. Another note: Virgin Media from time to time release firmware updates and these can (and have) reset settings on Hubs. If you find that one day you begin to see the same dreaded drops and throttling, check the hub settings again in case they have reset them. I have seen many posts suggesting that turning the Superhub into modem mode and purchasing a router capable of the SSL 80 protocol in the routers settings is also an option. I have an old DD-WRT but its a little too old for the latest firmware and as such can not use the SSL protocol. This I think is a better option as it ensures anyone on your network is behind the VPN. But I am just finding the less expensive solution, not to mention there are far too many routers out there to determine which one can do SSL. Anyway, I hope this can be of some help to people with VM. Or if you have similar issues, maybe your router has these options, give it a go. Have a good day everyone. Updated 29/12/2016: *Title change*
  5. I noticed this started a month ago when connecting to Valve's servers with an AirVPN server results in a dropped connection. Previously it was possible to run AirVPN on a router and play games on Steam. However, nowadays whilst finding a match with the game coordinator still works it'll disconnect the player and impose a penalty despite accepting the match. Attempts at a workaround by changing servers to different regions, changing DNS servers, OpenVPN and Wireguard protocols, different network interface and devices results in the same dropped connection. It seems like Valve's gaming servers are currently blocking AirVPN.
  6. Using AirVPN suite 1.2.1 on Debian Bullseye, I can't seem to get the --air-list, --air-info, --air-key-list options to output anything. I'm probably missing something obvious. I'm operating under the assumption that these commands are supposed to pull their info from AirVPN servers. Should I instead generate that info independently and store it locally somewhere for goldcrest to query? Here's the output from example commands given in the readme (other variants give the same output): use@host:~$ goldcrest --air-info --air-server all 2023-03-13 14:26:26 Reading run control directives from file /root/.config/goldcrest.rc Goldcrest 1.2.1 - 9 December 2022 2023-03-13 14:26:26 Bluetit - AirVPN OpenVPN 3 Service 1.2.1 - 9 December 2022 2023-03-13 14:26:27 OpenVPN core 3.8.2 AirVPN linux x86_64 64-bit 2023-03-13 14:26:27 Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved. 2023-03-13 14:26:27 OpenSSL 1.1.1n 15 Mar 2022 2023-03-13 14:26:27 Bluetit is connected to VPN
  7. With the latest revelation from google about Quantum Computing, I would like to know how safe arewith with Airvpn? What is the best encryption method and how do we implement it .
  8. Looking into subscribing? potential issue I'm unsure of. My home has CCTV installed will there be any conflict as the the post used for it are as per image
  9. Hi, I have written an alternative client for AirVPN that I would like to share with you. Just as Eddie, it supports other providers, too, as long as OpenVPN config files are provided. For AirVPN and Mullvad it offers a convenient update function that just requires you to enter your credentials in order to download the latest server configurations. Furthermore, it allows you to choose among the plethora of protocols offered by AirVPN (including OpenVPN over SSL/SSH) except the experimental ones (I might add support for those in the future, once they become available for all servers). Qomui (Qt OpenVPN management UI) as I have named it, is written in Python and PyQt and should run on any GNU/Linux distribution. It allows you to easily create double-hop connections. In other words, you can route your requests via two OpenVPN servers. This feature works provider-independent. For example, you could choose a Mullvad server for the first hop, and AirVPN for the second (I have successfully tested this with AirVPN, Mullvad and ProtonVPN). Thereby, it avoids a major downside of similar offers by some providers, namely the fact that if one provider controls all "hops" he or she could potentially still see, log or inspect all your traffic. In the latter case, you would gain little in terms of privacy. With the ability to "mix" providers, Qomui does not suffer from the same problem and hence offers some tangible benefits. Obviously, you would still have to sacrifice some speed/bandwith, though. Depending on your DE (looking at you, Gnome!), Qomui will also display a systray icon that shows the country of the server you are currently connected to. Additional features include protection against DNS leaks and a firewall that optionally blocks all outgoing network connections except for the OpenVPN server you have chosen. Since it is never recommended to run graphical applications as root, which is a major flaw of most OpenVPN clients, all commands that require root privileges are handled by a background service that can be controlled via systemd. The following screenshot gives you an idea of what Qomui looks like (on Arch/Arc Dark Theme). If you are interested, you can download Qomui from github: https://github.com/corrad1nho/qomui Of course, I'd be happy for any kind of feedback. If you find bugs or Qomui does not run properly or not at all on your machine, please let me know. I'm happy to help! At last, a big thank you to AirVPN and its amazing community. The fact that you rely more on explaining technical details than empty promises, has helped me to learn a lot. It is also one of the main reason why I chose AirVPN. Commendably, Eddie is also released as open-source software. Only Mullvad does that, too, to my knowledge. Why doesn't every provider do that? You are selling a service, not software! Why would I trust in proprietary software? Funnily, I have never really used Eddie, though, since I was accustomed to manually adding config files to NetworkManager as my first provider did not offer a GNU/Linux client. My interest in features such as OpenVPN over SSL made me look into more convenient solutions, though. Ultimately I decided to write my own program as I wanted to learn some Python and this provided a perfect practical challenge. I have actually used Qomui daily on multiple machines during the past few months and constantly tried to improve it. So I'd thought it'd be about to time to share it (it's an alpha release, though). Have a nice weekend! Corrado
  10. Lately, I've been unable to get Eddie to connect to any server on my Linux operation system. It's always stuck while doing latency tests and I get this following error message. E 2021.12.27 13:47:45 - Exception: nft issue: exit:1; out:; err:Error: syntax error, unexpected rule, expecting string E 2021.12.27 13:47:45 - del rule ip filter OUTPUT ip daddr counter accept E 2021.12.27 13:47:45 - ^^^^ If you need info on my OS... System: Host: <filter> Kernel: 5.14.0-4mx-amd64 x86_64 bits: 64 compiler: N/A parameters: BOOT_IMAGE=/vmlinuz-5.14.0-4mx-amd64 root=UUID=<filter> ro quiet splash slab_nomerge slub_debug=FZ init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on vsyscall=none debugfs=off oops=panic loglevel=0 spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force kvm.nx_huge_pages=force ipv6.disable=1 apparmor=1 security=apparmor random.trust_cpu=off intel_iommu=on amd_iommu=on efi=disable_early_pci_dma kaslr pti=on slab_nomerge page_poison=1 slub_debug=FPZ nosmt Desktop: Xfce 4.16.0 tk: Gtk 3.24.24 info: xfce4-panel wm: xfwm4 dm: LightDM 1.26.0 Distro: MX-21_ahs_x64 Wildflower November 22 2021 base: Debian GNU/Linux 11 (bullseye) Machine: Type: Laptop System: ASUSTeK product: ROG Strix G713QM_G713QM v: 1.0 serial: <filter> Mobo: ASUSTeK model: G713QM v: 1.0 serial: <filter> UEFI: American Megatrends LLC. v: G713QM.314 date: 09/03/2021 Battery: ID-1: BAT0 charge: 87.5 Wh condition: 87.5/90.0 Wh (97%) volts: 17.2/15.9 model: AS3GWAF3KC GA50358 type: Li-ion serial: <filter> status: Full Device-1: hidpp_battery_0 model: Logitech Wireless Keyboard K270 serial: <filter> charge: 100% (should be ignored) rechargeable: yes status: Discharging Device-2: hidpp_battery_1 model: Logitech M585/M590 Multi-Device Mouse serial: <filter> charge: 55% (should be ignored) rechargeable: yes status: Discharging CPU: Topology: 8-Core model: AMD Ryzen 9 5900HX with Radeon Graphics bits: 64 type: MCP arch: N/A family: 19 (25) model-id: 50 (80) stepping: N/A microcode: A50000B L2 cache: 4096 KiB flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm bogomips: 52703 Speed: 2857 MHz min/max: 1200/3300 MHz boost: enabled Core speeds (MHz): 1: 3370 2: 2728 3: 3567 4: 3239 5: 2523 6: 1916 7: 2650 8: 4126 Vulnerabilities: Type: itlb_multihit status: Not affected Type: l1tf status: Not affected Type: mds status: Not affected Type: meltdown status: Not affected Type: spec_store_bypass mitigation: Speculative Store Bypass disabled Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer sanitization Type: spectre_v2 mitigation: Full AMD retpoline, IBPB: always-on, IBRS_FW, STIBP: disabled, RSB filling Type: srbds status: Not affected Type: tsx_async_abort status: Not affected Graphics: Device-1: NVIDIA GA106M [GeForce RTX 3060 Mobile / Max-Q] vendor: ASUSTeK driver: N/A bus ID: 01:00.0 chip ID: 10de:2520 Device-2: AMD Cezanne vendor: ASUSTeK driver: amdgpu v: kernel bus ID: 06:00.0 chip ID: 1002:1638 Display: x11 server: X.Org 1.20.13 driver: amdgpu,ati unloaded: fbdev,modesetting,vesa resolution: 1920x1080~60Hz OpenGL: renderer: AMD RENOIR (DRM 3.42.0 5.14.0-4mx-amd64 LLVM 12.0.1) v: 4.6 Mesa 21.2.5 direct render: Yes Audio: Device-1: NVIDIA vendor: ASUSTeK driver: snd_hda_intel v: kernel bus ID: 01:00.1 chip ID: 10de:228e Device-2: AMD Renoir Radeon High Definition Audio vendor: ASUSTeK driver: snd_hda_intel v: kernel bus ID: 06:00.1 chip ID: 1002:1637 Device-3: AMD Raven/Raven2/FireFlight/Renoir Audio Processor vendor: ASUSTeK driver: N/A bus ID: 06:00.5 chip ID: 1022:15e2 Device-4: AMD Family 17h HD Audio vendor: ASUSTeK driver: snd_hda_intel v: kernel bus ID: 06:00.6 chip ID: 1022:15e3 Sound Server: ALSA v: k5.14.0-4mx-amd64 Network: Device-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet vendor: ASUSTeK driver: r8169 v: kernel port: e000 bus ID: 02:00.0 chip ID: 10ec:8168 IF: eth0 state: down mac: <filter> Device-2: Intel Wi-Fi 6 AX200 driver: iwlwifi v: kernel port: e000 bus ID: 03:00.0 chip ID: 8086:2723 IF: wlan0 state: up mac: <filter> IF-ID-1: tun0 state: unknown speed: 10 Mbps duplex: full mac: N/A Drives: Local Storage: total: 7.50 TiB used: 3.22 TiB (43.0%) ID-1: /dev/nvme0n1 vendor: Samsung model: MZVLQ1T0HBLB-00B00 size: 953.87 GiB block size: physical: 512 B logical: 512 B speed: 31.6 Gb/s lanes: 4 serial: <filter> rev: FXM7201Q scheme: GPT ID-2: /dev/nvme1n1 vendor: Samsung model: SSD 970 EVO Plus 250GB size: 232.89 GiB block size: physical: 512 B logical: 512 B speed: 31.6 Gb/s lanes: 4 serial: <filter> rev: 2B2QEXM7 scheme: GPT ID-3: /dev/sda type: USB vendor: Seagate model: Backup+ Hub BK size: 7.28 TiB block size: physical: 4096 B logical: 512 B serial: <filter> rev: D781 scheme: GPT Partition: ID-1: / raw size: 63.98 GiB size: 62.68 GiB (97.96%) used: 13.97 GiB (22.3%) fs: ext4 dev: /dev/dm-0 ID-2: /boot raw size: 256.0 MiB size: 237.9 MiB (92.93%) used: 104.7 MiB (44.0%) fs: ext4 dev: /dev/nvme1n1p2 Sensors: System Temperatures: cpu: 51.0 C mobo: N/A gpu: amdgpu temp: 46 C Fan Speeds (RPM): cpu: 0 Repos: No active apt repos in: /etc/apt/sources.list Active apt repos in: /etc/apt/sources.list.d/airvpn-stable.list 1: deb http://eddie.website/repository/apt stable main Active apt repos in: /etc/apt/sources.list.d/atom.list 1: deb [arch=amd64] https://packagecloud.io/AtomEditor/atom/any/ any main Active apt repos in: /etc/apt/sources.list.d/debian-stable-updates.list 1: deb http://deb.debian.org/debian bullseye-updates main contrib non-free Active apt repos in: /etc/apt/sources.list.d/debian.list 1: deb http://deb.debian.org/debian bullseye main contrib non-free 2: deb http://security.debian.org/debian-security bullseye-security main contrib non-free Active apt repos in: /etc/apt/sources.list.d/mx.list 1: deb https://mirror.us.oneandone.net/linux/distributions/mx/packages/mx/repo/ bullseye main non-free 2: deb https://mirror.us.oneandone.net/linux/distributions/mx/packages/mx/repo/ bullseye ahs Active apt repos in: /etc/apt/sources.list.d/whonix.list 1: deb [signed-by=/usr/share/keyrings/derivative.asc] https://deb.whonix.org bullseye main contrib non-free Info: Processes: 376 Uptime: 1h 32m Memory: 62.24 GiB used: 5.99 GiB (9.6%) Init: SysVinit v: N/A runlevel: 5 default: 5 Compilers: gcc: 10.2.1 alt: 10 Shell: quick-system-in running in: quick-system-in inxi: 3.0.36 Any help would be much appreciated. Thanks. Eddie_20211227_134819.txt
  11. Pegasus, US unconnectable. Fails with AUTH_FAILURE. Unfortunately it is currently selected by the DNS as the preferred US server. Connecting directly to Pollux (US) worked for me: I copied the US config (certs embedded) and changed the IP address. Here's a log for Pegasus (from right now, MTU notifications are from my own edits): 2021-09-26 04:29:38 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning. 2021-09-26 04:29:38 OpenVPN 2.5.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 17 2021 2021-09-26 04:29:38 Windows version 6.1 (Windows 7) 64bit 2021-09-26 04:29:38 library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10 Enter Management Password: 2021-09-26 04:29:38 MANAGEMENT: TCP Socket listening on [AF_INET] 2021-09-26 04:29:38 Need hold release from management interface, waiting... 2021-09-26 04:29:38 MANAGEMENT: Client connected from [AF_INET] 2021-09-26 04:29:38 MANAGEMENT: CMD 'state on' 2021-09-26 04:29:38 MANAGEMENT: CMD 'log all on' 2021-09-26 04:29:38 MANAGEMENT: CMD 'echo all on' 2021-09-26 04:29:38 MANAGEMENT: CMD 'bytecount 5' 2021-09-26 04:29:38 MANAGEMENT: CMD 'hold off' 2021-09-26 04:29:38 MANAGEMENT: CMD 'hold release' 2021-09-26 04:29:38 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2021-09-26 04:29:38 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2021-09-26 04:29:38 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1250) 2021-09-26 04:29:38 MANAGEMENT: >STATE:1632655778,RESOLVE,,,,,, 2021-09-26 04:29:38 TCP/UDP: Preserving recently used remote address: [AF_INET] 2021-09-26 04:29:38 Socket Buffers: R=[8192->262144] S=[8192->262144] 2021-09-26 04:29:38 UDP link local: (not bound) 2021-09-26 04:29:38 UDP link remote: [AF_INET] 2021-09-26 04:29:38 MANAGEMENT: >STATE:1632655778,WAIT,,,,,, 2021-09-26 04:29:39 MANAGEMENT: >STATE:1632655779,AUTH,,,,,, 2021-09-26 04:29:39 TLS: Initial packet from [AF_INET], sid=83a14a89 9092e81f 2021-09-26 04:29:39 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org 2021-09-26 04:29:39 VERIFY KU OK 2021-09-26 04:29:39 Validating certificate extended key usage 2021-09-26 04:29:39 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2021-09-26 04:29:39 VERIFY EKU OK 2021-09-26 04:29:39 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Pegasus, emailAddress=info@airvpn.org 2021-09-26 04:29:39 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1372', remote='link-mtu 1558' 2021-09-26 04:29:39 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1250', remote='tun-mtu 1500' 2021-09-26 04:29:39 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA512 2021-09-26 04:29:39 [Pegasus] Peer Connection Initiated with [AF_INET] 2021-09-26 04:29:40 MANAGEMENT: >STATE:1632655780,GET_CONFIG,,,,,, 2021-09-26 04:29:40 SENT CONTROL [Pegasus]: 'PUSH_REQUEST' (status=1) 2021-09-26 04:29:40 AUTH: Received control message: AUTH_FAILED 2021-09-26 04:29:40 SIGUSR1[soft,auth-failure] received, process restarting 2021-09-26 04:29:40 MANAGEMENT: >STATE:1632655780,RECONNECTING,auth-failure,,,,, 2021-09-26 04:29:40 Restart pause, 5 second(s) 2021-09-26 04:29:45 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2021-09-26 04:29:45 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2021-09-26 04:29:45 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1250) 2021-09-26 04:29:45 TCP/UDP: Preserving recently used remote address: [AF_INET] 2021-09-26 04:29:45 Socket Buffers: R=[8192->262144] S=[8192->262144] 2021-09-26 04:29:45 UDP link local: (not bound) 2021-09-26 04:29:45 UDP link remote: [AF_INET] 2021-09-26 04:29:45 MANAGEMENT: >STATE:1632655785,WAIT,,,,,, 2021-09-26 04:29:46 MANAGEMENT: >STATE:1632655786,AUTH,,,,,, 2021-09-26 04:29:46 TLS: Initial packet from [AF_INET], sid=807e834f 86f4a62b 2021-09-26 04:29:46 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org 2021-09-26 04:29:46 VERIFY KU OK 2021-09-26 04:29:46 Validating certificate extended key usage 2021-09-26 04:29:46 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2021-09-26 04:29:46 VERIFY EKU OK 2021-09-26 04:29:46 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Pegasus, emailAddress=info@airvpn.org 2021-09-26 04:29:46 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1372', remote='link-mtu 1558' 2021-09-26 04:29:46 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1250', remote='tun-mtu 1500' 2021-09-26 04:29:46 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA512 2021-09-26 04:29:46 [Pegasus] Peer Connection Initiated with [AF_INET] 2021-09-26 04:29:47 MANAGEMENT: >STATE:1632655787,GET_CONFIG,,,,,, 2021-09-26 04:29:47 SENT CONTROL [Pegasus]: 'PUSH_REQUEST' (status=1) 2021-09-26 04:29:47 AUTH: Received control message: AUTH_FAILED 2021-09-26 04:29:47 SIGUSR1[soft,auth-failure] received, process restarting 2021-09-26 04:29:47 MANAGEMENT: >STATE:1632655787,RECONNECTING,auth-failure,,,,, 2021-09-26 04:29:47 Restart pause, 5 second(s) 2021-09-26 04:29:51 SIGTERM[hard,init_instance] received, process exiting 2021-09-26 04:29:51 MANAGEMENT: >STATE:1632655791,EXITING,init_instance,,,,, The server page shows Pegasus is chosen as the best server although Pegasus' stats show it has zero users and the drop happened a couple hours ago (Sunday 09:00 on the graph). Similar to my last post I propose that servers are ranked differently. Apparently this time an end-to-end test using OpenVPN is required since the server is reachable but it has got issues with authentication.
  12. Quality of Service post: Although it is a 10Gbit server it seems to be suffering. I'm from Europe and checking its ping shows average 344ms over 234 attempts. This puts it in range of JP and NZ servers at 350ms. This is not the first time I've seen it perform poorly. Last week I connected to se.vpn.airdns.org (and it still shows as the preferred choice in API and https://airvpn.org/status/ EDIT: not any longer as of finishing writing) and had the same problems downloading a file with speed jumping up and down. To get the ping results I filtered the API JSON into an IP list to use with Nirsoft PingInfoView: https://www.nirsoft.net/utils/multiple_ping_tool.html Current IP list: (if you read this post at a later date: it is not up to date!) sortscript.sh | sort -k2 at, Alderamin (Austria, Vienna; 1000) at, Beemim (Austria, Vienna; 1000) at, Caelum (Austria, Vienna; 1000) be, Capricornus (Belgium, Brussels; 1000) be, Castor (Belgium, Brussels; 1000) be, Columba (Belgium, Brussels; 1000) be, Diadema (Belgium, Brussels; 1000) be, Mebsuta (Belgium, Brussels; 1000) bg, Apus (Bulgaria, Sofia; 1000) bg, Grus (Bulgaria, Sofia; 1000) br, Lalande (Brazil, Sao Paulo; 1000) br, Peony (Brazil, Sao Paulo; 1000) ca, Agena (Canada, Toronto, Ontario; 1000) ca, Alhena (Canada, Toronto, Ontario; 1000) ca, Alkurhah (Canada, Toronto, Ontario; 1000) ca, Aludra (Canada, Toronto, Ontario; 1000) ca, Alwaid (Canada, Toronto, Ontario; 1000) ca, Alya (Canada, Toronto, Ontario; 1000) ca, Angetenar (Canada, Toronto, Ontario; 1000) ca, Arkab (Canada, Toronto, Ontario; 1000) ca, Avior (Canada, Toronto, Ontario; 1000) ca, Cephei (Canada, Toronto, Ontario; 1000) ca, Chort (Canada, Toronto, Ontario; 1000) ca, Enif (Canada, Toronto, Ontario; 1000) ca, Gorgonea (Canada, Toronto, Ontario; 1000) ca, Lacerta (Canada, Montreal; 1000) ca, Lesath (Canada, Toronto, Ontario; 1000) ca, Mintaka (Canada, Toronto, Ontario; 1000) ca, Nahn (Canada, Vancouver; 1000) ca, Pisces (Canada, Vancouver; 1000) ca, Regulus (Canada, Toronto, Ontario; 1000) ca, Ross (Canada, Montreal; 1000) ca, Rotanev (Canada, Toronto, Ontario; 1000) ca, Sadalbari (Canada, Toronto, Ontario; 1000) ca, Saiph (Canada, Toronto, Ontario; 1000) ca, Sargas (Canada, Toronto, Ontario; 1000) ca, Sham (Canada, Vancouver; 1000) ca, Sharatan (Canada, Toronto, Ontario; 1000) ca, Sualocin (Canada, Toronto, Ontario; 1000) ca, Tegmen (Canada, Toronto, Ontario; 1000) ca, Tejat (Canada, Toronto, Ontario; 1000) ca, Telescopium (Canada, Vancouver; 1000) ca, Titawin (Canada, Vancouver; 1000) ca, Tyl (Canada, Toronto, Ontario; 1000) ca, Ukdah (Canada, Toronto, Ontario; 1000) ch, Achernar (Switzerland, Zurich; 1000) ch, Achird (Switzerland, Zurich; 1000) ch, Baiten (Switzerland, Zurich; 1000) ch, Dorado (Switzerland, Zurich; 1000) ch, Hamal (Switzerland, Zurich; 1000) ch, Kitalpha (Switzerland, Zurich; 1000) ch, Sextans (Switzerland, Zurich; 1000) ch, Sirrah (Switzerland, Zurich; 1000) ch, Virginis (Switzerland, Bern; 1000) ch, Xuange (Switzerland, Zurich; 10000) cz, Centaurus (Czech Republic, Prague; 1000) cz, Markab (Czech Republic, Prague; 1000) cz, Turais (Czech Republic, Prague; 1000) cz, Zuben (Czech Republic, Prague; 1000) de, Adhara (Germany, Frankfurt; 1000) de, Alsephina (Germany, Frankfurt; 1000) de, Cervantes (Germany, Frankfurt; 1000) de, Cujam (Germany, Berlin; 1000) de, Dubhe (Germany, Frankfurt; 1000) de, Errai (Germany, Frankfurt; 1000) de, Intercrus (Germany, Frankfurt; 1000) de, Menkalinan (Germany, Frankfurt; 1000) de, Mesarthim (Germany, Munich; 1000) de, Mirfak (Germany, Frankfurt; 1000) de, Mirzam (Germany, Frankfurt; 1000) de, Ogma (Germany, Frankfurt; 1000) de, Serpens (Germany, Frankfurt; 1000) de, Tucana (Germany, Frankfurt; 1000) de, Veritate (Germany, Frankfurt; 1000) ee, Alruba (Estonia, Tallinn; 1000) es, Eridanus (Spain, Barcelona; 1000) es, Mekbuda (Spain, Madrid; 1000) es, Taurus (Spain, Madrid; 1000) gb, Alathfar (United Kingdom, Maidenhead; 1000) gb, Alshain (United Kingdom, London; 1000) # gb, Arion (United Kingdom, London; 1000) gb, Asterion (United Kingdom, London; 1000) gb, Asterope (United Kingdom, Manchester; 1000) gb, Betelgeuse (United Kingdom, Maidenhead; 1000) gb, Carinae (United Kingdom, Maidenhead; 1000) gb, Chow (United Kingdom, Manchester; 1000) gb, Denebola (United Kingdom, Maidenhead; 1000) gb, Geminorum (United Kingdom, London; 1000) gb, Kitel (United Kingdom, Maidenhead; 1000) gb, Minkar (United Kingdom, Maidenhead; 1000) gb, Naos (United Kingdom, Manchester; 1000) gb, Nashira (United Kingdom, Manchester; 1000) gb, Orbitar (United Kingdom, Manchester; 1000) gb, Westerlund (United Kingdom, Manchester; 1000) jp, Biham (Japan, Tokyo; 1000) jp, Iskandar (Japan, Tokyo; 1000) jp, Okab (Japan, Tokyo; 1000) jp, Taphao (Japan, Tokyo; 1000) lv, Felis (Latvia, Riga; 1000) # lv, Meissa (Latvia, Riga; 100) lv, Phact (Latvia, Riga; 100) lv, Schedir (Latvia, Riga; 100) lv, Shaula (Latvia, Riga; 100) nl, Alchiba (Netherlands, Alblasserdam; 1000) nl, Alcyone (Netherlands, Alblasserdam; 1000) nl, Aljanah (Netherlands, Alblasserdam; 1000) nl, Alphard (Netherlands, Alblasserdam; 1000) nl, Alphecca (Netherlands, Alblasserdam; 1000) nl, Alpheratz (Netherlands, Alblasserdam; 1000) nl, Alphirk (Netherlands, Alblasserdam; 1000) nl, Alrai (Netherlands, Alblasserdam; 1000) nl, Alshat (Netherlands, Alblasserdam; 1000) nl, Alterf (Netherlands, Alblasserdam; 1000) nl, Alzirr (Netherlands, Alblasserdam; 1000) nl, Ancha (Netherlands, Alblasserdam; 1000) nl, Andromeda (Netherlands, Alblasserdam; 1000) nl, Anser (Netherlands, Alblasserdam; 1000) nl, Asellus (Netherlands, Alblasserdam; 1000) nl, Aspidiske (Netherlands, Alblasserdam; 1000) nl, Atik (Netherlands, Alblasserdam; 1000) nl, Canis (Netherlands, Alblasserdam; 1000) nl, Capella (Netherlands, Alblasserdam; 1000) nl, Caph (Netherlands, Alblasserdam; 1000) nl, Celaeno (Netherlands, Alblasserdam; 1000) nl, Chara (Netherlands, Alblasserdam; 1000) nl, Comae (Netherlands, Alblasserdam; 1000) nl, Crater (Netherlands, Alblasserdam; 1000) nl, Cygnus (Netherlands, Alblasserdam; 1000) nl, Diphda (Netherlands, Alblasserdam; 1000) nl, Edasich (Netherlands, Alblasserdam; 1000) nl, Elnath (Netherlands, Alblasserdam; 1000) nl, Eltanin (Netherlands, Alblasserdam; 1000) nl, Garnet (Netherlands, Alblasserdam; 1000) nl, Gianfar (Netherlands, Alblasserdam; 1000) nl, Gienah (Netherlands, Alblasserdam; 1000) nl, Hassaleh (Netherlands, Alblasserdam; 1000) nl, Horologium (Netherlands, Alblasserdam; 1000) nl, Hyadum (Netherlands, Alblasserdam; 1000) nl, Hydrus (Netherlands, Alblasserdam; 1000) nl, Jabbah (Netherlands, Alblasserdam; 1000) nl, Kajam (Netherlands, Alblasserdam; 1000) nl, Kocab (Netherlands, Alblasserdam; 1000) nl, Larawag (Netherlands, Alblasserdam; 1000) nl, Luhman (Netherlands, Alblasserdam; 1000) nl, Maasym (Netherlands, Alblasserdam; 1000) nl, Matar (Netherlands, Alblasserdam; 1000) nl, Melnick (Netherlands, Alblasserdam; 1000) nl, Merga (Netherlands, Alblasserdam; 1000) nl, Mirach (Netherlands, Alblasserdam; 1000) nl, Miram (Netherlands, Alblasserdam; 1000) nl, Muhlifain (Netherlands, Alblasserdam; 1000) nl, Muscida (Netherlands, Alblasserdam; 1000) nl, Musica (Netherlands, Alblasserdam; 1000) nl, Nash (Netherlands, Alblasserdam; 1000) nl, Orion (Netherlands, Alblasserdam; 1000) nl, Phaet (Netherlands, Alblasserdam; 1000) nl, Piscium (Netherlands, Alblasserdam; 1000) nl, Pleione (Netherlands, Alblasserdam; 1000) nl, Pyxis (Netherlands, Alblasserdam; 1000) nl, Rukbat (Netherlands, Alblasserdam; 1000) nl, Salm (Netherlands, Alblasserdam; 1000) nl, Scuti (Netherlands, Alblasserdam; 1000) nl, Sheliak (Netherlands, Alblasserdam; 1000) nl, Situla (Netherlands, Alblasserdam; 1000) nl, Subra (Netherlands, Alblasserdam; 1000) nl, Suhail (Netherlands, Alblasserdam; 1000) nl, Talitha (Netherlands, Alblasserdam; 1000) nl, Tarazed (Netherlands, Alblasserdam; 1000) nl, Tiaki (Netherlands, Alblasserdam; 1000) nl, Tianyi (Netherlands, Alblasserdam; 1000) nl, Zibal (Netherlands, Alblasserdam; 1000) no, Camelopardalis (Norway, Oslo; 1000) no, Cepheus (Norway, Oslo; 1000) no, Fomalhaut (Norway, Oslo; 1000) no, Gemini (Norway, Oslo; 1000) no, Ophiuchus (Norway, Oslo; 1000) nz, Fawaris (New Zealand, Auckland; 1000) ro, Alamak (Romania, Bucharest; 1000) ro, Canes (Romania, Bucharest; 1000) rs, Alnitak (Serbia, Belgrade; 1000) se, Ain (Sweden, Stockholm; 10000) se, Albali (Sweden, Uppsala; 1000) se, Algieba (Sweden, Uppsala; 1000) se, Algorab (Sweden, Uppsala; 1000) se, Alrami (Sweden, Uppsala; 1000) se, Altarf (Sweden, Uppsala; 1000) se, Alula (Sweden, Uppsala; 1000) se, Atria (Sweden, Uppsala; 1000) se, Azmidiske (Sweden, Uppsala; 1000) se, Benetnasch (Sweden, Uppsala; 1000) se, Copernicus (Sweden, Stockholm; 1000) se, Hatysa (Sweden, Uppsala; 1000) se, Lupus (Sweden, Stockholm; 1000) se, Menkab (Sweden, Uppsala; 1000) se, Muphrid (Sweden, Uppsala; 1000) se, Norma (Sweden, Stockholm; 1000) sg, Antares (Singapore, Singapore; 1000) sg, Auriga (Singapore, Singapore; 1000) sg, Circinus (Singapore, Singapore; 1000) sg, Delphinus (Singapore, Singapore; 1000) sg, Hydra (Singapore, Singapore; 1000) sg, Lacaille (Singapore, Singapore; 1000) sg, Luyten (Singapore, Singapore; 1000) sg, Struve (Singapore, Singapore; 1000) sg, Triangulum (Singapore, Singapore; 1000) ua, Alcor (Ukraine, Kiev; 1000) us, Acamar (United States, Miami; 1000) us, Alkes (United States, Los Angeles; 1000) us, Aquila (United States, Fremont, California; 1000) us, Bootes (United States, Phoenix, Arizona; 1000) us, Chalawan (United States, Phoenix, Arizona; 1000) us, Chamaeleon (United States, Dallas, Texas; 1000) us, Cursa (United States, Miami; 1000) us, Dimidium (United States, New York City; 1000) us, Equuleus (United States, Dallas, Texas; 1000) us, Fang (United States, Chicago, Illinois; 1000) us, Gliese (United States, New York City; 1000) us, Groombridge (United States, Los Angeles; 1000) us, Helvetios (United States, Dallas, Texas; 1000) us, Hercules (United States, Atlanta, Georgia; 1000) us, Indus (United States, Phoenix, Arizona; 1000) us, Kruger (United States, Chicago, Illinois; 1000) us, Leo (United States, Dallas, Texas; 1000) us, Libra (United States, Atlanta, Georgia; 1000) us, Lich (United States, New York City; 1000) us, Mensa (United States, Dallas, Texas; 1000) us, Merope (United States, Los Angeles; 1000) us, Metallah (United States, Pennsylvania; 1000) us, Musca (United States, Atlanta, Georgia; 1000) us, Pegasus (United States, Dallas, Texas; 1000) us, Phoenix (United States, Phoenix, Arizona; 1000) us, Pollux (United States, Jacksonville, Florida; 1000) us, Ran (United States, Dallas, Texas; 1000) us, Sabik (United States, Los Angeles; 1000) us, Sculptor (United States, Atlanta, Georgia; 1000) us, Scutum (United States, Dallas, Texas; 1000) us, Sneden (United States, Chicago, Illinois; 1000) us, Teegarden (United States, Los Angeles; 1000) us, Ursa (United States, Atlanta, Georgia; 1000) us, Virgo (United States, Phoenix, Arizona; 1000) us, Volans (United States, Dallas, Texas; 1000) us, Vulpecula (United States, Dallas, Texas; 1000) us, Yildun (United States, Miami; 1000) I believe it doesn't affect Eddie as it can pick servers on its own by pinging. But the "preferred" server and DNS responses are still dependent on the server logic, hence Ain sometimes ends up recommended as Earth or Europe server (currently not any longer) but seems to always be the preferred choice for Sweden. To quantify that, it's 350 out of 755 users connected to Swedish servers and unnecessarily getting insane jitter and latencies. To proof it's not just me, https://lg.telia.net/ from AMS-IX showed 24ms to another Swedish server by AirVPN and approx. 340ms to Ain. Or AirVPN's own lookup: https://airvpn.org/routes/?q= PS: Is it an Intel CPU? Edit: What I meant to say with this post (not only to start investigating Ain) that the "best server" logic should be not only working based on bandwidth load, but the server's relative latency times. PS2: I do realize that it's currently listed as having issues (packet loss) but during my last week's connect afaik it wasn't. Logically, jitter/high latency begins before packet loss kicks in (networking and throughput theory) - https://airvpn.org/servers/Ain/
  13. Currently AirVPN servers ONLY provide you with IPv6 connectivity (IPv6 traffic via VPN) if OpenVPN correctly pushes a certain value to the server. This is what the relevant config lines look like: push-peer-info setenv UV_IPV6 yes 'UV_IPV6 yes' is a variable that is set to 'yes', basically: yes, gimme IPv6 push-peer-info sends the server information about the client. This includes: OS version and OpenVPN client release, your router's MAC address and of course the UV_IPV6 variable that tells the server to give you an IPv6 address. This last part is problematic and has already led to problems for AirVPN users: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/556 I've run into this issue myself when I tried to get AirVPN running on Linux using the NetworkManager interface (present in virtually every distro out there). It's confusing because it seems to work but in reality it doesn't. You do get a connection, except without IPv6 forwarding. It's no surprise people encounter this: Why would one really need to install your client if the preinstalled GUI manager has worked fine before? Nobody knows the intricacies. Not even those who reported the issue to the correct place above! *drum-roll* and the problem is: NetworkManager. Really. NetworkManager is crippled in that it DOES NOT support many of the OpenVPN features. The combination of push-peer-info + setenv is one of them. The variable is not set upon connection -> VPN connects to the server -> The server does not see UV_IPV6=yes -> The server only setups IPv4 for the client. Yes, THIS IS A SECURITY ISSUE. According to Google, 32% of users have IPv6. Here come you, an AirVPN user with IPv4 and IPv6 on Linux, using NetworkManager. It seems to connect. You quickly check a website to see your IP and see that you indeed got a new IP (IPv4) after connecting to the VPN. Maybe the website doesn't show IPv6 at all, or the user doesn't pay attention to the fact this long and cryptic IPv6 didn't change or maybe the user did not yet have IPv6 and it was enabled later by the ISP... And there the user goes to surf online with half his ass naked: IPv4 is properly routed through AirVPN but IPv6 is still going through his real ISP. This must be changed. IPv6 must be the default. Do not leave a chance to expose users. When this change is applied, both config lines will be rendered obsolete and as a bonus, the clients will no longer unnecessarily send their internal MAC addresses to the server, which can be used too: - https://threatpost.com/fbi-mum-on-how-exactly-it-hacked-tor/117127/ | https://www.theregister.com/2018/02/24/tor_fbi_hacking_appeal/ - https://web.archive.org/web/20180923231303/https://blog.owenson.me/analysis-of-the-fbi-tor-malware/ Finally if you feel there's someone who really wishes to not use IPv6 via Air: reverse the config. Make it an explicit UV_IPV6=no to opt-out. Security must be the default. Thanks for reading. I really hope this change to be introduced soon. PS: Can someone login at the Freedesktop bug tracker above to tell these people that it's fixable? I don't have an account PPS: You can see what push-peer-info sends if you set verbosity to 4: "verb 4" in the config Tags: IPv6 not working AirVPN Linux config openvpn
  14. I enjoy online multiplayer gaming as a past time and although I enjoy using a VPN to keep even my gaming sessions safe and encrypted, I know it can give a hit to my ping and such. I never tried AirVPN with online gaming yet but I wonder if anyone, from experience, can tell me if it is indeed a suitable VPN for online gaming. Otherwise, what other VPN service can anyone suggest for just gaming while still using AirVPN for other online activities? Thanks.
  15. Downloaded this program for the first time and after i press "connect to recommended server" and the "tunnel drivers" are installing, the process is aborted and this message apears: "VPN network adaptor not found: install fail (0901)". After three seconds it restarts, and the message reappears, over and over again. What to do?
  16. Last week i shared a nice topic about VPN’s and how in the 21st century it is mandatory that every single person should be using one, is how some one mentioned AirVPN. I “had” 5 VPN’s on my iphone ( since it is where i use the internet the most ) i signed aboard to AirVPN and asked for a trial. And let me tell you i have not been this excited in a long time. after my trial ended few days ago i decided i should support AirVPN and get a subscription. Set up my windows 10 tablet, linux mint PC and of course my phone, i deleted the other VPNs off my system and did a few test and research in between and I have to say AirVPN is simple, fast, affordable, transparent and yet reliable. i can not believe i have not came across AirVPN before ( Google definitely did not help bring up any mention of AirVPN ) and wasted so much time, money, researching and hassle with choosing the right VPN service. enough of my ranting, keep up the good work and keep up with the good fight!!!
  17. If you're running AirVPN on Linux you probably don't want to have to type your sudo password in each time it runs. Why? If you're auto-starting it, you want your network lock and VPN connection to happen as soon as you login. Here's what I did for Ubuntu (Actually Kubuntu)... Install gksu (sudo apt install gksu) Add AirVPN to your autostart list and for command use gksudo /usr/bin/airvpn Run sudo nano /usr/share/applications/AirVPN.desktop and change the command to gksudo /usr/bin/airvpn Edit the AirVPN entry in your application launcher and change the command to gksudo /usr/bin/airvpn Run sudo visudo and add the line %airvpn ALL=(ALL:ALL) NOPASSWD: /usr/bin/airvpn after all other rules (Press Ctrl+x and then Enter to exit and save). Run sudo groupadd airvpn Run sudo usermod -a -G airvpn user replacing "user" with your account's username. You're done. The next time you login (Or start it any any other way) AirVPN will start without entering any password. Note: Your AirVPN settings will be back to default after doing this. Don't worry, just set them again and they'll save.
  18. Lately I've been thinking about the prospect of using VPN's in conjunction with the Tor proxy and done some research. I know there are both pros and cons to Tor-over-VPN and VPN--Over-Tor connections and played with the idea of using both connection types at once - something I like to call the "Sandwiched Connection" in that you layer your Tor connection between two separate VPN connections. Please correct me if I got any details wrong or missing. First, you have your plain naked internet connection without a VPN or proxy so your ISP and local network can see everything you're doing. Next, you connect to a VPN server. It masks your IP address and location from your ISP as well as encrypts your web traffic so they have no idea what you're doing. However, the company managing the VPN server will have access to your real IP address, location and web traffic that will be decrypted in their servers - making it important it is a trustworthy service provider that doesn't keep logs of your activities and allows you to create your account with a temporary email address, no personal details and paid with cryptocurrency (that is untraceable like Z-Cash and Monero). You connect to your Tor proxy. Ordinarily, the Tor entry node will know your IP address and location. Since you are using a VPN, it will only know the masked address provided by the VPN server. Not only that but the Tor proxy will further encrypt your web traffic so even the VPN provider won't know what you are doing, just like how it, in turn, hides it from your ISP. Even better? Your ISP won't even know you are using Tor in the first place. However, the Tor exit node decrypts your web traffic and has full access to it as if you were never using a VPN to begin with. If the exit node happens to be malicious or operated by any authority that doesn't like what you're doing, they could potentially call whoever is operating the entry node and/or follow the mask IP address to the VPN service provider and contact them for details concerning you. Again, a trustworthy VPN provider with a no-logs policy is important. Then comes the second VPN connection. After you connect to Tor, you connect to that second VPN server which should encrypt your web traffic from the tor exit node. Whatever company is managing that second server (it could be the same service as the first one or a different one) will only know the IP address and location provided by the Tor proxy and first VPN server but it will know your web traffic as it is being fed to their servers and decrypted. Not to mention that this "sandwiched connection" will deliver a big dent to your connection performance so it helps if you have a powerful router connected via ethernet. So at the end of the day, I figured, someone has to know what you're up to online which leaves the question "Who do you trust with your personal information?" Plus this is all just theory, as far I can tell. Has anyone ever tried putting this into practise? Can anyone provide any further insight into the "sandwiched connection"? I look forward to talking about it.
  19. Hi ..... So I just bought airvpn and not until now i realized the interface is not friendly and i don't like the fact that the vpn app name (Eddie) is different from the vpn name (Airvpn) itself. So Far so good everything works fine. But my biggest problem now is the app not having a kill switch for me to toggle on. How is this even possible? I just don't feel good using a vpn without any form of leak protection if my internet connection should drop and try to reconnect then its very likely the websites am using at the point in time might see my real location and take action. Its common knowledge that there must be an internet connection from my ISP before any vpn can start routing connection through their server. I read answers from the forums regarding why Eddie is not having a kill switch and not okay with the answers coming from airvpn stuffs or technical teams. ( That it's not right for a vpn to drop or totally kill internet connections if local ISP is down ) I think we need an option here.
  20. Hi, since configuring AIrVPN on my pfSense machine, I've been struggling to get Sky On Demand working. SKY Q box tells me "download failed". Before AirVPN config, all was good. AirVPN is connecting nicely and allowing me to browse. I followed nguvu's guide here to get 3 connections to AIrVPN so that I could have some resilience in case one of the OpenVPN servers failed. All my devices seem to be connecting to the internet. Only the SKY Q is lamenting failures with downloads of movies. DNSLEAK TEST is giving which is the AIrVPN exit node. When I do the extended test, I get 3 DNS servers, one for each of the OpenVPN connections I have up and running AirVPN's DNS Leak ipleak.net is also giving 3 DNS servers (the same as DNSLEAK TEST) and identifying me with one of the other AIrVPN servers in the Netherlands. So here doesn't appear to be a leak and the AirVPN routing seems to be correct too as its correctly exiting me in the UK by showing the UK AIrVPN exit node. So the question begs as to why and how Sky Q box is refusing to download the movies ("failed downloading"). Of course the Sky Q box has no log facilities ... so I have no hope of consulting that ... :-( Does anyone have a similar setup to mine with AIrVPN and is using Sky Q in the UK. I guess my next option is to let it through Clearnet (i.e. not through the VPN connection ....). Any thoughts? Thanks
  21. After years of trying open source routers and VPN services I'm coming to the conclusion that pfSense and AirVPn are a great combination. Following some problems withe the server I was connected to in Sweden today, I've realised I need a fallback solution. Basically, is it possible to set up a second openVPN connection to a different AirVPN server if the default connection falls i.e. openVPN disconnects on server 1, pfSense 2.4 brings up connetion to server 2 automatically. If this can't be done automatically, is it just a matter of creating a second VPN connection/internface and activating/deactivating manually base on which server is performing well? Thanks
  22. Hello. I just got my subscription for AirVPN recently and installed Eddie. Already, I find it trickier to work with in comparison to other VPN clients. I presume the Network Lock is Eddie's version of the killswitch. The problem I'm having is that whenever I activate the Network Lock, it completely kills my internet connection even though I am connected to an AirVPN server. Help please? Thanks.
  23. Lately, I've come across the Pi-Hole, a program for the Raspberry Pi which basically turns the device into an advanced adblocker which you can connect your computer to via DNS. It sounded very fascinating as it could do the work of your typical browser adblocker but potentially freeing the use of one, thus reducing any browser entropy that could uniquely identify you - whether you're using a VPN or not. Pi-Hole website link here. Check it out! What I want to know is whether or not AirVPN would work well with the Pi-Hole if I had to replace the VPN's DNS with the devices. Are there any noteworthy features of AirVPN's DNS I would be giving up in exchange? Thanks.
  24. Hello, Anyone else from community have a problem and/or not able to access airvpn.org? Only airvpn.info seems to be working. Thank you, Flx
  25. Hello, I am running Ubuntu 18.04 with zerotier installed and using the eddie client(network lock enabled). Is there a way to have zerotier connected? Edit: Inside or outside airVPN would be fine.
  • Create New...