Jump to content
Not connected, Your IP: 3.236.55.137

Search the Community

Showing results for tags 'gaming', 'vpn', 'AirVPN', 'games' or 'pc'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • AirVPN
    • News and Announcement
    • How-To
    • Databases
  • Community
    • General & Suggestions
    • Troubleshooting and Problems
    • Blocked websites warning
    • Eddie - AirVPN Client
    • DNS Lists
    • Reviews
    • Other VPN competitors or features
    • Nonprofit
    • Off-Topic
  • Other Projects
    • IP Leak
    • XMPP

Product Groups

  • AirVPN Access
  • Coupons
  • Misc

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Twitter


Mastodon


AIM


MSN


ICQ


Yahoo


XMPP / Jabber


Skype


Location


Interests

Found 368 results

  1. TLDR Issue: When port forwarding is enabled, traffic forwarded from the VPN is being return via the WAN. So it's going AirVPN -> pfsense via VPN -> server -> pfsense via WAN -> Clear Internet. Software: pfsense 2.7.2-RELEASE, Package: WireGuard 0.2.1. Server: ubuntu 22.04.03 LTS I'm reaching out to the community because I'm out of ideas on how to fix what's going wrong. I'm not a network or firewall guru, I'm tech savy but clearly not enough to resolve my issue 😧. I followed the pfSense baseline setup guide available at nguvu.org to configure my pfsense. While the guide primarily focuses on using OpenVPN for the VPN setup, I adapted the instructions to use WireGuard instead but clearly I've missed something or fundermentally misunderstanding something. When I configure port forwarding using AirVPN with WireGuard to pfSense to my VPN network to a sever, I can see on a TCPDump the the initial inbound packets from AirVPN that's being port forwarded reaches the server, but each reply seems to vanish when returned to the router. Using diag_packet_capture on pfsense, I can see the inbound traffic from AirVPN, but when the server replies, it's going out on the WAN interface. Clearly there's some sort of gateway issue. I even tried to pay someone on Fiverr to fix it but they couldn't see any reason for it, they're claming it's a software defect, but seeing other people have somehow managed to do it, must be possible. Have I missed something silly? The port: The Server: These are my rules so far: WAN: WireGuard: Floating: VL20_VPN: Note: Selective_Routing (or VPN whitelist) isn't set: Gateways: Port Forward: Outbound NAT
  2. This guide will explain how to setup OpenVPN in a way such that only select programs will be able to use the VPN connection while all other life continues as usual. Please read this notice before applying the guide Advantages: fail-free "kill switch" functionality (actually better than 98% of VPNs out there) continue using another VPN as primary or don't reroute any other traffic at all nobody, not even peers on LAN, will be able to connect to your torrent client (the only way: through the VPN connection) - eliminating unintended leaks Disadvantage: the apps will still use your default DNS for hostname lookups (secure your DNS separately!) See two more drawings at the end. The guide is applicable to all VPN providers who don't restrict their users to use the OpenVPN client. The method however is universally applicable. It was made with examples from Windows, but with Linux/BSD you will only need little tweaking to do. Specifically, net_gateway placeholder may not available and that's all there is to it. Android clients are probably too limited for this task and lack options we need. - Since there'll be a lot of text, sections titled in (parantheses) are entirely optional to read. The other guide by NaDre is old (2013), hard to read and pursues a slightly different approach. A Staff member actually posted a good first comment there, that's what we're gonna do. (Preface) The BitTorrent as a network is entirely public. Through the decentralized technology called DHT, everyone in the world can find out what torrents you are presumably participating in (this does not apply to private trackers who disable DHT). Clearly this creates an unhealthy atmosphere for privacy of users, e.g. one could find out the OS distribution one is using for a more targetted attack etc. Sometimes the ISPs are outright hostile to peer-to-peer technologies due to the traffic and bandwidth these are consuming. Instead of upgrading dated infrastructure, they cripple their users instead. There are many reasons to use a VPN, that was but a limited selection. ("Split-tunneling") This has become somewhat a marketing term nowadays, but actually explains the nature of the traffic flow well. In this guide only the programs set to use the VPN connection will use it, nothing else. All your traffic goes past the VPN while torrent client traffic (or any other selected program) uses only the VPN connection. ("Kill switch") We'll literally nail it using software settings of your program (the torrent client). This is a marketing-loaded name. In short: if the VPN connection is not available, no traffic ought to be sent bypassing it. In most cases where you have a VPN redirect all your system traffic - you should not rely on it as a feature. The OpenVPN software on Windows is not 100% proof, based on empirical evidence (reconnects and startup/shutdown phases) and some other VPN providers do no better (based on comments and stories). The only bulletproof solution: the VPN tunnel is set up on an intermediary device your PC is connected to - your end device (the PC) has no chance whatsoever to bypass the tunnel in that case. If the VPN provider uses a firewall under the hood, that's good too but with this guide you will not need a firewall nor rely on the VPN software. ("Dual-hop") With the knowledge and methods from this guide you will be able to daisy-chain multiple VPN servers. In essence, your traffic passes PC->VPN1->VPN2->Destination. This was not intended for this guide nor with AirVPN, it's finicky and I wouldn't recommend it myself without a real need and skills to automate the setup and configuration. How it will work Many users (aka mostly idiots on Reddit) are running in circles like qBittorrent is the only client (or probably the only application in the universe, unconfirmed) that can be set to use a certain VPN. Here's the technicality: this is called 'binding' - you can 'bind to IP' which will force the app to use a specific IP address and nothing else. If it cannot use the IP (when VPN is disconnected) then it will not be able to do any networking at all. The OS will deny any communication with the internet: boom! Here's your praised 'kill switch' and 'split-tunneling', 2-in-1. This is the next best bulletproof solution (the only better alternative is to use an intermediary VPN device, as any software could choose a different interface now to communicate with the internet). In a broader sense, you want to 'bind to a network interface' - your client will use any available IPs from the VPN interface - making it ready for IPv4 and IPv6. Oh and you don't need to change the IP once the VPN connection changes to another server. The OS handles the rest. Examples of programs that can bind to user-defined addresses include: (Windows) ping, tracert (IPv6-only, WTF?), curl and wget, and many others, including your favorite torrent client You will find guides online how to do that in your client or just look in settings. (Linux-specific differences of the guide) If you are a Linux/*nix user, there're some minor changes to the quick guide below: * Create custom VPN interface: Create with ip tuntap command. The below line will create 5 interfaces "tun-air1" etc. for YOUR user. Specifying your user allows OpenVPN to drop root rights after connection and run under your user (security). AirVPN allows up to 5 connections. If you have no use for this, create only one. Note: User-owned tunnel interfaces allow to be used by your non-root $user account, but there're issues with running OpenVPN without elevated permissions as $user user="$(whoami)"; for i in {1..5}; do sudo ip tuntap add dev "tun-airvpn$i" mode tun user "$user" group "$user"; done Check their existance with ip -d a -- the interfaces will not be shown under /dev/tun* ALTERNATIVE: openvpn --mktap/--mktun. See manual with man openvpn * Select custom VPN interface: This config part differs from Windows, very confusing. Steps: 1. Replace "dev-node" in config with "dev" 2. Add "dev-type tun" or "tap". Example of config: # if you have these defined multiple times, last entries override previous entries dev tun-airvpn1 # previously dev-node dev-type tun # previously "dev tun" on Windows There're no more differences. In-depth explanation: If you try to use dev-node like for Windows, you will see: OpenVPN log: ERROR: Cannot open TUN/TAP dev /dev/tun-airvpn1: No such file or directory (errno=2) Example strace of error: openat(AT_FDCWD, "/dev/tun-airvpn1", O_RDWR) = -1 ENOENT (No such file or directory) OpenVPN cannot find the TUN/TAP with the name? No, on Linux/*nix/*BSD dev-node has a totally different meaning. Dev-node specifies where the control interface with the kernel is located. On Linux it's usually /dev/node/tun, for the "mknode" command. If OpenVPN can't detect it for some reason, then you'd need to use dev-node. Finally you can start OpenVPN from terminal: sudo openvpn --config 'path/to/config.ovpn' --user mysystemusername --group mysystemusergroup PS: There're issues when running OpenVPN under your current $user. I think the problem was that it couldn't remove added routes after a disconnect. Instead run OpenVPN as root (isn't a good advice but it's what works) Windows Quick Guide Go to the folder where you installed OpenVPN and its exe files: 'C:\Program Files\OpenVPN\' Open CMD inside the 'bin' folder: Hold Shift + Right Click the 'bin' folder -> 'Open Command Window here' We will use tapctl.exe to create a new VPN network interface solely for use with AirVPN (to look around: run "tapctl.exe" or "tapctl.exe help") C:\Program Files\OpenVPN\bin>tapctl create --name AirVPN-TAP {FDA13378-69B9-9000-8FFE-C52DEADBEEF0} C:\Program Files\OpenVPN\bin> A TAP interface is created by default. I have not played enough with Wireguard's TUN to recommend it. You can check it out, it will be under adapters in your Windows network settings Important: Configure your app/torrent client to use this 'AirVPN-TAP' interface. This is what ensures your traffic never leaks. It may appear under a different name, in such case find out which one it is in the output of 'ipconfig /all' (enter this into CMD) If your client does not allow to bind to a general interface but a specific IP (poor decision) then connect to the VPN first to find out the local IP within the VPN network. In this case with AirVPN you may only use one single server or you'll have to constantly change the IP in settings. Generate AirVPN configs where you connect to the server via IPv4! This is important Add these to the .ovpn config files (either under 'Advanced' on the config generator page or manually to each config file) # NOPULL START route-nopull # IF YOU DO NOT USE ANOTHER VPN THAT TAKES OVER ALL YOUR TRAFFIC, USE "net_gateway" (just copy-paste all of this) # net_gateway WILL BE AUTOMATICALLY DETERMINED AND WILL WORK IF YOU CONNECT THROUGH OTHER NETWORKS LIKE A PUBLIC WIFI # personally, due to a second VPN, I had to specify my router IP explicitly instead of net_gateway: 192.168.69.1 # "default"/"vpn_gateway"/"remote_host"/"net_gateway" are allowed placeholders for IPv4 route remote_host 255.255.255.255 net_gateway route 10.0.0.0 255.0.0.0 vpn_gateway route 0.0.0.0 0.0.0.0 default 666 route-ipv6 ::/0 default 666 dev-node AirVPN-TAP # END OF NOPULL Test if the configuration works. Full tests, don't leave it up to chance. In-depth explanation of the OpenVPN config route-nopull rejects any networking routes pushed to you by the server, we will write our own route remote_host 255.255.255.255 <router IP> we tell our system that, to reach remote_host (the AirVPN server IP), it must send traffic to <router IP>. The subnet mask 255.255.255.255 says that this only applies to this single IP set <router IP> to be net_gateway (only for Windows users, check availability on other platforms) <router IP> may be any of the OpenVPN placeholders too, for example "net_gateway" should work universally (you avoid hard-coding the router IP and if it ever changes: wondering years later why the config no longer works) <router IP> is "192.168.1.1" in my case, for my home router that connects me to the internet. route 10.0.0.0 255.0.0.0 vpn_gateway we tell our system that all 10.x.x.x traffic will be sent to the AirVPN server the internal VPN network with AirVPN is always on the 10.0.0.0 - 10.255.255.255 network range. The subnet mask reflects that. However this may interfere with other VPNs if you ever need to be connected to both at once. I will not go into detail on this. What you need to do is to be more specific with 10.x.x.x routes in this config, i.e. instead of /8 subnet, only route the specific /24 subnet of the current VPN server (AirVPN uses a /24 subnet for your connections on each VPN server -> 10.a.b.0 255.255.255.0) vpn_gateway is one of OpenVPN placeholders route 0.0.0.0 0.0.0.0 default 666 allow routing of ANY traffic via the VPN we set the metric to 666, metric defined as path cost (historically) so setting it to a high value will make sure no normal connection runs through it, unless specifically bound to the VPN IP. route-ipv6 ::/0 default 666 same for IPv6. How many can claim they have working VPN IPv6 setup? Welcome in the future. IPv6 is over 20 years old at this point anyhow. dev-node AirVPN-TAP (Windows-only) tell OpenVPN to ONLY use this network interface to create the VPN tunnel on. Nothing should interfere with our setup now That's all, folks! Note: Somehow on Windows my AirVPN connection receives a wrong internal IP that doesn't enable networking at first. In my case I need to wait 1-3 minutes until OpenVPN reconnects itself based on ping timeout: after the reconnect I receive another IP and everything starts to work. I do not know whether it's an OpenVPN or a Windows bug. One last note: using multiple VPNs Actually this will work, that's how I roll. As long as both VPNs don't clash by using the same 10.0.0.0/8 subnet. If this happens, you will need to change Line 5 to point to a more specific (aka smaller) subnet tailored to your AirVPN server. Specifying a 10.x.x.0/24 subnet for routing will surely do (subnet mask: 255.255.255.0). Just be aware that you cannot practically use the same IP range in both networks at the same time (well, you'd need to bind the application you are using to either interface, which you cannot do with a browser or the printing service in case of internal resources). (The story of broken net_gateway) For this placeholder, OpenVPN attempts to determine your 'default gateway', i.e. the router all your internet traffic passes through. It normally works, but may not be supported on other platforms (Linux, sigh). However it has one unintended side-effect: if you already have a VPN that reroutes all your traffic, net_gateway will make all AirVPN traffic go through the first VPN: Your traffic -> VPN1 -> Internet Torrent traffic -> VPN1 -> AirVPN -> Internet That's the unintended dual-hop. Surely you can extend that scheme to 3,4,n-hops if you fiddle enough with routing, subnet masks and correct order. I'm not responsible for headaches We avoid that behavior with Line 4 from our config - the remote_host line forces the AirVPN traffic to go straight to the internet (through your LAN router). One more thing: net_gateway is not available for IPv6 routes in OpenVPN. That's why it currently only works with a IPv4 connection to the VPN server. (Crash course: Subnet masks) You've seen the weird number 255.0.0.0 above. You should refer to other pages for a proper explanation, but basically this is a very simple way for computers to determine the range of IP addresses that are part of a network (a subnet). What's simple for computers is very hard to grasp for us humans. 255 means there are NO changes allowed to the first set of IP numbers. I.e. the 10 in 10.0.0.0 always stays a 10. 0 means all numbers can be used. I.e. the zeroes in 10.0.0.0 can be (0-255), lowest address is 10.0.0.1 and the last address is 10.255.255.254 (technically, 10.0.0.0 is the first and the last 10.255.255.255 is reserved for 'broadcast') Any number in between denotes ... a range in between. 2^(32-prefix)=number. Number is the amount of available addresses and prefix is called the subnet prefix. Both are meant to describe the same thing. For 10.0.0.0/26 or 10.0.0.0 with subnet mask of 255.255.255.192 you get addresses in range 10.0.0.0-10.0.0.64 -- 2^(32-26) = 64. Similarly you can convert the subnet mask into the prefix number and work from there; or eyeball it: 256-192 = 64. (Two ways to accomplish routing) If you have two equal routes, e.g. 0.0.0.0 goes through VPN with metric 666 0.0.0.0 goes through LAN router with metric 10 then obviously the default route for a packet will travel through (2) - because it's a cheaper path. Unless an application specifies to talk only on the VPN interface. However a different rule applies whenever a more specific route exists 0.0.0.0/0 goes through VPN2 with metric 666 0.0.0.0/0 goes through LAN router with metric 10 0.0.0.0/1 goes through VPN1 with metric 30 128.0.0.0/1 goes through VPN1 with metric 30 Here the routes (3) and (4) cover the entire addressing space, just like 0.0.0.0/0. However because they are more specific, they'll be preferred for all traffic because these routes are more selective. This is how OpenVPN does override system routing with VPN routing by default. This is also what the other guide attempted as well, by pushing four {0,64,128,192}.0.0.0/2 routes. Since that was more specific, it would in return override the 0,128 routes and so on. We can calculate how many multi-hops we would be able to do with this method: IPv4 has 32 bits, we will not touch the last 8 bits of the subnets. That leaves us then with 24 bits or 24 maximum amount of hops. Theoretically. The routing table would be outright f---- to look at. This method is a bit more 'secure' in a way because you don't need to rely on overriding a certain metric value, you just slap a more specific route on top and it's automatically made default. Also you don't need to override the default gateway (router) and all that junk. However with my preferred method (first) you can quite easily do DIY dual-hop routing: 0.0.0.0/0 goes through VPN2 with metric 666 0.0.0.0/0 goes through LAN router with metric 10 0.0.0.0/1 goes through VPN1 with metric 30 128.0.0.0/1 goes through VPN1 with metric 30 <VPN2-IP>/32 goes through VPN1 with metric (any) Such a setup will make sure that all traffic destined for the internet (hits 3 and 4) will go through VPN1. If a program specifies the VPN2 network interface, then VPN2 will be reached via VPN1 first (you->VPN1->VPN2). This is quite 'quizzacious' to set up/control. Not part of this guide. As a part of this guide we told the system to route VPN2 via router on LAN. Yet you could indeed chain multiple VPNs this way and force the VPN1 to not only catch all traffic but also be chained via multiple VPNs itself so you would not need to manually set programs. I've seen scripts online for that purpose. Although be aware of MTU issues due to encapsulation. Troubleshooting tips TEST. SERIOUSLY, TEST YOUR SETUP BEFORE ENGAGING YOUR DATA CANNONS! A couple hours now are infinitely many times more worth than a 'leaked' mistake and headaches later on. https://ipleak.net/ - tests your client's default connection route. It would not tell you if your client is alternatively available on LAN for example. If you followed this guide and set up your client correctly, it will not be available on LAN etc. See the images below: 'without interface binding' (most newbie users) and 'with interface binding' (this guide) Wireshark to inspect how the traffic is actually flowing. Follow online tutorials, you only need to select the right network interfaces and filter traffic by port/IP (tcp/udp and your local or VPN IP) curl to send network requests. Like ifconfig.co / ifconfig.io will respond with the IP address it sees you as: curl --interface <your computer IP> http://ifconfig.co curl --interface 192.168.1.42 http://ifconfig.co # for IPv4 or IPv6, default route curl -4 http://ifconfig.co curl -6 http://ifconfig.co > route -4 print and > route -6 print on Windows. To compare the outputs, you can use Notepad++ with the compare plugin (you need two documents open, one in left and another in right pane before comparing). PS: AirVPN configuration generator does not support #comment lines. Please fix. Sorry Linux users, maybe another time I will write something tailored to you. But I believe you are smart cookies and will adapt the OS-specific steps to fulfill this guide's goal.
  3. Hello, I have been using AirVPN for quite some time now... I was previously using the Eddie client on a single machine, but decided to build a PFSense box and configure the VPN there. I am located in Canada, and setting a connection to a single VPN server in Toronto. It seems to give the best connection and reliability rather then going for the ca.airvpn (I seem to always end up at a BC server using this entry) My issue is.... I currently have a 150mbps connection with my ISP. Using PFSense without AirVPN I am able to reach my advertised speeds With AirVPN configured, I am only ever seeing a max of about 30mbps. My hardware setup is quite decent. Intel® Core i5 CPU 650 @ 3.20GHz 4gb DDR3 memory120gb SSD2 Intel NICs (both showing as igb) My speeds using Eddie were very very good, much better then the PFSense speeds; so I can only assume that I have a configuration error (my hardware seems to be quite good from what I have been reading) Some research from other posts did not help better my issue, so I am hoping that posting my own thread on this topic can being me closer to a conclusion with mine. I followed the guide by "pfSense_fan"https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/ I can post any diagnostics or logs as necessary, I just do not know what you guys would like to see. Any help with this would be appreactiated Regards
  4. Hello all, This is collection from different tutorials which I will refer here, but usually changed since some things changed. Setting up VPN on Synology is modified neolefort tutorial from here and reconnect script if from sundi which you can find here, which probably modified this script, plus my iptables for blocking Synology on router level when VPN fails. Other contributions: foobar666 - you no longer need to enter variables manually _sinnerman_ - fixed script for DS 6.1 I'm doing this mostly because I usually forget things I managed to solve after year or two, so this is way to have constant reminder how it was solved and also help others. 1. Get your certificates from AirVPN. Go to the https://airvpn.org/generator/ page to generate the configuration file. (1) SELECT the Advanced Mode (near top right of the page) (2) SELECT LINUX OS (3) Under "Protocols" section select one with protocol UDP and port 443 (at the time of writing, it was first in list). You can choose any combination of protocol/port, but then also change iptables accordingly if you are using failsafe script. (4) Under "Advanced - OpenVPN only" section (right part of page), select "Separate keys/certs from .ovpn file" and change OpenVPN version to "<2.4" (you don't need to do this if you are using DSM7 or newer) (5) SELECT 1 SERVER (refer to section "by single servers") OR COUNTRY OR ANYTHING ELSE YOU WANT In original tutorial, neolefort said to choose 1 server, because in that case you will get IP instead of xxx.airvpn.org domain. Choosing 1 server is safe because it doesn't need working DNS when you want to connect to VPN. If you choose anything else, you need working DNS on your router when establishing VPN connection. (6) Click "GENERATE" at the bottom. (7) Click on the ZIP button in order to download the AIRVPN configuration files and unzip them anywhere on your computer The ZIP archive should contain the following files: -AirVPN_XXXXX_UDP-443.ovpn -ca.crt -user.crt -user.key -ta.key 2. Setup AirVPN on Synology. In new DSM 6 it's much more easier since Synology developers allowed everything in GUI now. - Login as admin or with user from Administrator group. - Open Control panel. - Go "Network" and click on tab "Network Interface" - Click on button "Create" - "Create VPN profile" - Choose "OpenVPN (via importing .ovpn file) - Click "Advanced options" so it shows all options - Profile name: anything you want, but please keep is short and if you can without spaces " ", for example "AirVPN". - User name: LEAVE EMPTY (for DSM 7+ just put anything here) - Password: LEAVE EMPTY (for DSM 7+ just put anything here) - Import .ovpn file: click button and import your AirVPN_XXXXX_UDP-443.ovpn - CA certificate: click button and import your ca.crt - Client certificate: click button and import your user.crt - Client key: click button and import your user.key - Certificate revocation: LEAVE EMPTY - TLS-auth key: click button and import your ta.key - Click "Next" - Select all options, EXCEPT "Enable compression on the VPN link" (well, you can select that also if you really want, but don't ) Now you have working OpenVPN link on your Synology DS6+. You just need to start it from "Control panel" - "Network" - "Network Interface". EXTRAS!!! 3. Setting up external access to your Synology. First what you will notice is, "I CAN'T ACCESS MY SYNOLOGY FROM OUTSIDE OF MY LAN!!!!!!! OMG OMG OMG!!!!" I will not explain port fowards on your router here, if you don't know how to make one, learn! (1) You can port forward trough AirVPN webpage and access your Syno via VPN exit IP. This sometimes works, most of times it doesn't since Syno has some ports you cannot change. Anyway, change your default HTTP / HTTPS port on Syno to your forwarded AirVPN port and you should be fine. But forget about Cloudstation and similliar things. (2) If you want to access Syno via you ISP IP (WAN), then problem is, your Syno is receiving your connection, but it's replying trough VPN. That's a security risk and those connections get droped. But there is solution! - Access "Control panel" - "Network" - "General" - Click "Advanced Settings" button - Mark "Enable multiple gateways" and click "OK" and then "Apply" You're done! It's working now (if you forwarded good ports on your router). 4. Prevent leaks when VPN connection on Synology fails. There will be time, when you VPN will fail, drop, disconnect, and your ISP IP will become visible to world. This is one of ways you can prevent it, on router level. For this you need Tomato, Merlin, DD-WRT or OpenWRT firmware on your router. I will tell you steps for Tomato router. If you are using different firmware, then you need to learn alone how to input this code into your router. Since Shibby version 129 for ARM routers, syntax of iptables changed and depending on which version of iptables you are using, apply that code. - Login to your router (usually just by entering 192.168.1.1 into your browser, if your IP is different, find out which is your gateway IP). - Click on "Administration" - Click on "Scripts" - Choose tab "Firewall" For Shibby v129 for ARM and later (iptables 1.4.x) us this: #Use this order of commands because it executes in reverse order. #This command will execute last, it kills all UDP requests. iptables -I FORWARD -p udp -s 192.168.1.100 -j REJECT #This command will execute second and will block all TCP source ports except those needed for web access or services iptables -I FORWARD -p tcp -s 192.168.1.100 -m multiport ! --sports 5000,5001,6690 -j REJECT #This command will execute first and will ACCEPT connection to your VPN on destination port 443 UDP iptables -I FORWARD -p udp -s 192.168.1.100 -m multiport --dports 443 -j ACCEPT For earlier Shibby versions and later for MIPS routers: #Use this order of commands because it executes in reverse order. #This command will execute last, it kills all UDP requests. iptables -I FORWARD -p udp -s 192.168.1.100 -j REJECT #This command will execute second and will block all TCP source ports except those needed for web access or services iptables -I FORWARD -p tcp -s 192.168.1.100 -m multiport --sports ! 5000,5001,6690 -j REJECT #This command will execute first and will ACCEPT connection to your VPN on destination port 443 UDP iptables -I FORWARD -p udp -s 192.168.1.100 -m multiport --dports 443 -j ACCEPT Port TCP 5000 = HTTP for for Synology web access (change to your if it's not default) Port TCP 5001 = HTTPS for for Synology web access (change to your it's not default) Port TCP 6690 = Cloud Station port Port UDP 443 = AirVPN connection port which you defined in step 1 of this tutorial. If you are using TCP port, then you need to change "-p udp" to "-p tcp" in that line. If you need more ports, just add them separated by comma ",". If you want port range, for example 123,124,125,126,127, you can add it like this 123:127. Change IP 192.168.1.100 to your Synology LAN IP. Be careful NOT TO assign those ports to your Download Station on Synology. This isn't perfect, you can still leak your IP through UDP 443, but since torrent uses mostly TCP, those chances are minimal. If you use TCP port for VPN, then those chances increase. If you really want to be sure nothing leaks even on UDP 443 (or your custom port), you need to choose 1 (ONE) AirVPN server. You need to find that server entry IP and change last IPTABLES rule to something like this: iptables -I FORWARD -p udp -s 192.168.1.100 -d 123.456.789.123 -m multiport --dports 443 -j ACCEPT Where 123.456.789.123 is AirVPN server entry IP. This will allow UDP 443 only for that server, rest will be rejected by router. These are all my opinions, from my very limited knowledge, which may be right and may be wrong. 5. Auto reconnection when VPN is down. Since when you made your VPN connection on your Synology, you checked "Reconnect" option, Syno will try to reconnect automaticly when connection fails. But in some cases, your network will be offline long enough and Syno will stop trying to reconnect, or will hang with VPN connection established, but not working. In those cases you can use this auto reconnect script. This is reconnect script. Just select all script text and copy it. #VPN Check script modified Sep 11, 2016 #Script checks if VPN is up, and if it is, it checks if it's working or not. It provides details like VPN is up since, data #received/sent, VPN IP & WAN IP. #If VPN is not up it will report it in the log file and start it #Change LogFile path to your own location. #Save this script to file of your choosing (for example "synovpn_reconnect"). Store it in one of your Synology shared folders and chmod it: "chmod +x /volume1/shared_folder_name/your_path/synovpn_reconnect" #Edit "/etc/crontab" and add this line without quotes for starting script every 10 minutes: "*/10 * * * * root /volume1/shared_folder_name/your_path/synovpn_reconnect" #After that restart cron with: "/usr/syno/sbin/synoservicectl --restart crond" #!/bin/sh DATE=$(date +"%F") TIME=$(date +"%T") VPNID=$(grep "\[.*\]" /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "[" | cut -f 1 -d "]") VPNNAME=$(grep conf_name /usr/syno/etc/synovpnclient/openvpn/ovpnclient.conf | cut -f 2 -d "=") LogFile="/volume1/filmovi/Backup/airvpn/check_airvpn_$DATE.log" PUBIP=$(curl -s -m 5 icanhazip.com) #PUBIP=$(curl -s -m 5 ipinfo.io/ip) #PUBIP=$(curl -s -m 5 ifconfig.me) CHECKIP=$(echo $PUBIP | grep -c ".") start_vpn() { echo "VPN is down. Attempting to (re)start now." >> $LogFile # /usr/syno/bin/synovpnc kill_client --protocol=openvpn --name=$VPNNAME /usr/syno/bin/synovpnc kill_client /bin/kill `cat /var/run/ovpn_client.pid` 2>/dev/null sleep 35 echo 1 > /usr/syno/etc/synovpnclient/vpnc_connecting echo conf_id=$VPNID > /usr/syno/etc/synovpnclient/vpnc_connecting echo conf_name=$VPNNAME >> /usr/syno/etc/synovpnclient/vpnc_connecting echo proto=openvpn >> /usr/syno/etc/synovpnclient/vpnc_connecting /usr/syno/bin/synovpnc reconnect --protocol=openvpn --name=$VPNNAME >> $LogFile } sleep 6 echo "======================================" >> $LogFile echo "$DATE $TIME" >> $LogFile if ifconfig tun0 | grep -q "00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00" then if [ "$CHECKIP" == 1 ] then IPADDR=$(/sbin/ifconfig tun0 | grep 'inet addr' | cut -d: -f2 | awk '{print $1}') RXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f2 | awk '{print $1,$2,$3}') TXDATA=$(/sbin/ifconfig tun0 | grep "bytes:" | cut -d: -f3 | awk '{print $1,$2,$3}') UPTIME=$(cat /var/log/messages | grep "$IPADDR" | awk '{print $1}' | tail -1) UPTIME=$(date -d"$UPTIME" +"%Y/%m/%d %H:%M:%S") echo "VPN is up since: $UPTIME" >> $LogFile echo "Session Data RX: $RXDATA" >> $LogFile echo "Session Data TX: $TXDATA" >> $LogFile echo "VPN IP is: $IPADDR" >> $LogFile echo "WAN IP is: $PUBIP" >> $LogFile else start_vpn fi else start_vpn fi exit 0 (1) Login to you Synology DSM web interface as admin. - As admin go to "Control panel" - "Task Scheduler" (you need to enable advanced mode in top right corner of control panel for this) - Click "Create" button near top of page, then select "Scheduled Task" and then "User-defined script" (2) New popup window will open. - under "Task:" enter task name - under "User:" select "root" if it's not already selected - switch to "Schedule" tab and select how often you want this task to run, my settings are: - "Run of following days" - "Daily" - "First run time" - 00:00 - "Frequency" - "Every 10 minutes" - "Last run time" - 23:50 - switch to "Task settings" tab - paste script you copied into empty box under "User-defined script" title - press OK and you're done I tested this on DSM 6.2.2 and it works without problems for now. Still, I'm keeping old instructions in next post, if someone wants to do it like that. Tip: If you don't want logfile, you can comment out those lines, or remove ">> $LogFile" code from whole script. That's all. If you entered everything correctly, you should be fine and ready to go! Comments are welcome. If you find mistakes, please correct me.
  5. Everytime I try "Connect to a recommended server" or just try one of the servers from the server list it tries to connect to it and then instantly fails. I will include the logs here below, I'm kinda new to this so any help would be highly appreciated! :D Eddie_20231114_155636.txt
  6. Over the past few months of using AirVPN alongside Virgin Media I have had nothing but issues. I am either unable to get the full bandwidth that I pay for, or my connection drops so frequently that it makes browsing almost impossible. I want to say a huge thank you to the AirVPN community and the people over at AirVPN as well for all of their support. I have learnt a lot over the last few months and I wanted to take the time to share my findings so that anyone else that had these issues could attempt the same things as I did and perhaps it will help you too. The Bandwidth cut Firstly lets talk about bandwidth issues. I have a fibre connection that without my VPN service I receive the 150meg I pay for. No sooner do I switch on the VPN I face drops of 75%. With the help of this post: https://airvpn.org/topic/12473-virgin-media-openvpn-low-speeds-throttlingbug/ rainmakerraw posted saying that by using the SSL protocols through EDDIE he was able to regain the lost bandwidth faced by using the VPN service. I figured this could work in the AirVPN program and after contacting the AirVPN team who advised changing this setting in AirVPN's protocols to SSL port 80 I saw that my speeds jumped to around 50% of my total bandwidth. For what I use the internet for, this was more than acceptable so I didn't mind taking a 50% cut so long as my anonymity was safe. METHOD: In the AirVPN program click the AirVPN logo in the top left corner: Next hit the preferences button: And then go to the protocols section and select the SSL port 80 radio button: This should now give you boost on your speeds while running AirVPN with Virgin Media. However, my story doesn't end there. The connection drop For a short time I was able to enjoy absolute anonymity and with only a 50% drop in service. I could live with this, until my connection began drop constantly. Initially this was very intermittent, and I simply disconnected from the current server and just hit reconnect. Issue fixed. However, this started to become extremely frequent, to the point that I was only able to browse for around 5 minutes before the connection dropped and I was shown a DNS error on websites I was trying to access. I could not seem to find anyone on these forums with the same issue, nor anyone with a solution. I knew that it had to be my ISP causing the problem as this did not exist anywhere else. However, I did find whisper on some other sites about Windows 10 causing problems with VPN services. It seems we live in a world governed by people hell bent on watching our every move, and at any cost they will try their best to succeed in this. Thankfully there are far smarter nerds out there capable of finding a solution. After a bit of searching I came across this post: https://www.bestvpn.com/blog/28318/warning-windows-10-vpn-users-at-big-risk-of-dns-leaks-2/ Which suggested that within Windows 10's group policies there was an option causing a few issues regarding DNS leaking. I had checked several times on https://dnsleaktest.com/ as well as https://ipleak.net/ as to whether this might be the cause of my problem but found no issues. That being said I wanted to add this here as I feel it could be of some use to people. Now, this is a guide for Windows 7 users but it works on Windows 10 (I will assume you are using this), however, it only works for Windows 10 pro. Windows 10 Home does not have the group policy software included, and after a little tinkering I managed to get it installed but there was no option to remove the "Smart Multi-Homed Name Resolution". So it didn't help me. However, if you have 10 pro, I see no reason not to include this as it could be an option. Never Give Up I wasn't going to be beaten that easily. I figured it was time to use the ol' process of elimination to figure out the cause of my problem, so I connected my laptop to my mobile phone via WIFI hotspot and with AirVPN connected I found there was not a single drop in a full 24 hours of web browsing. (Of course this ended up costing me a fortune but we live and learn). So then, my issue had to lie with Virgin Media. Perhaps then my Superhub was the cause. But if it was, where would I start? I figured is this was going to be any kind of software issue the firewall would be the place to look. Well by Jove I think I found it. Superhub more like SuperDUD As I type this I am now happily browsing the web at full speed, uninterrupted, and happy. SSL 80, no connection drop and I'm confident. The issue seemed to be with the PPTP and Multicast pass through. A little internet search and what should pop up as the top link: https://support.cultrix.co.uk/hc/en-gb/articles/202644875-VPN-Does-Not-Connect-When-Using-Virgin-Media-SuperHub A page regarding the issues this VM hub causes VPN services when these two options are not clicked. METHOD: Log into your Virgin Media Hub. For most of you this will be via the web browser and in the address bar you type 192.168.0.1 If this should not work refer to your particular hubs manual for the correct method, or using the sticker on the bottom of the router. Once in, you should see this screen: From here you want to type in the password to access the routers settings. I have changed mine so its no longer default, however, if you have never done this the password should be on the sticker on the router, but refer to the user manual to be sure. Next go ahead and click sign in and you will see this screen: From here we want to enter into the advanced settings option located at the bottom right of the screen. It may pop up a little warning but I assure you we are not doing anything that will break the router. On the following screen scroll down until you see the "Security" options: You are going to want to click on "Firewall". Lastly, on this next screen you should see the option for PPTP and Multicast Pass through as seen bellow. Go ahead and click both so that there is a tick in each box and then save the settings. If for some reason yours is already active, and you are facing the same issues as I am I am afraid I am at a loss as to what your issue could be. As I say, this is really just my own findings and this is as far as I got. The light at the end of the fibre Hopefully you should now be in the same boat as me, you should have a lovely consistent connection, with no loss of bandwidth and with the help of your lovely AirVPN service 100% anonymity. If for any reason these methods do not help feel free to post, perhaps this could be the central place for other VM subscribers and those using AirVPN. The small print Of course with any fixes like this they all come with inherent risks. I am merely showing you what I did and how, but please, do this at your own risk. I have had no issues doing this but I am not responsible for anything that goes wrong for you. Another note: Virgin Media from time to time release firmware updates and these can (and have) reset settings on Hubs. If you find that one day you begin to see the same dreaded drops and throttling, check the hub settings again in case they have reset them. I have seen many posts suggesting that turning the Superhub into modem mode and purchasing a router capable of the SSL 80 protocol in the routers settings is also an option. I have an old DD-WRT but its a little too old for the latest firmware and as such can not use the SSL protocol. This I think is a better option as it ensures anyone on your network is behind the VPN. But I am just finding the less expensive solution, not to mention there are far too many routers out there to determine which one can do SSL. Anyway, I hope this can be of some help to people with VM. Or if you have similar issues, maybe your router has these options, give it a go. Have a good day everyone. Updated 29/12/2016: *Title change*
  7. I noticed this started a month ago when connecting to Valve's servers with an AirVPN server results in a dropped connection. Previously it was possible to run AirVPN on a router and play games on Steam. However, nowadays whilst finding a match with the game coordinator still works it'll disconnect the player and impose a penalty despite accepting the match. Attempts at a workaround by changing servers to different regions, changing DNS servers, OpenVPN and Wireguard protocols, different network interface and devices results in the same dropped connection. It seems like Valve's gaming servers are currently blocking AirVPN.
  8. Hello ! Introduction Welcome To AirVPN! This is a guide meant to help new people. Whether you're new to VPNs in general or just new to AirVPN. I've tried to keep it fairly short, by using bullet points & spoiler tags. This hopefully also makes it more readable and less scary. I think AirVPN is a FANTASTIC VPN and while I don't own or have any stake in AirVPN myself, I'm a huge supporter of it. However, it can be quite scary and confusing to use when you first get started, so hopefully my little guide willl help you! This guide also includes links to resources provided by Air and other users, but I don't mean to take credit for these things. So please feel free to scroll to the bottom of this guide! Index: Introduction First Questions Getting Started With AirVPN After Downloading The Eddie Client [includes Troubleshooting tips] AirVPN Guides Section [Look here to find guides about: Security/Torrenting/Port-forwarding/Plex/etc.] Other Noteworthy resources Credits Why I made this guide: AirVPN was said to be very technical and thus hard to use. But since it's such a quality VPN, I don't want that to always be the main bad side to this great service. Therefore, this guide is also a response to this problem, so that newcomers can hopefully feel less overwhelmed about the idea of the air to breathe the real Internet. The Air staff clearly put in a lot of work every day and are extremely knowledgeable people, from all that I've seen. It's just that for newcomers, it can be hard and overwhelming finding all the relevant pieces of information and it can easily be too technical, so I hope my little guide will also be useful in that regard. This is also why, I collect other people's guides and put them in this guide, so that they're easier to find. However, Thank you to AirVPN, Staff and the many knowledgeable members of this community who help out people like myself quite a lot, through their contributions to the site everyday :] Feel free to leave feedback on this guide, both good and bad, if you want to, because I'll happily read it ! First Questions Do I have to be really technical to use this VPN stuff? AirVPN is one of the more technical VPNs out there and this is pretty much its only major drawback, when it gets reviewed. However, it offers unmatched attention to security and privacy. Not all reviews are entirely accurate either, sadly. Which the AirVPN Staff haven't hesitated to remark on though. So in short: No. But if you're new to VPNs in general and not a tech-savvy user, you do have to accept that you might be confused in the start. But this forum is here to help :]. Due to all the marketing and sometimes paid reviews, it can be hard to find out which VPN to trust at all. This is without even getting to the technical features. Air tends to somewhat pride itself on not overselling things however and so on the face of it, AirVPN can seem like it's no match for other, apparently bigger VPNs, but AirVPN has a lot to offer if you take a look. Will I become totally anonymous or completely secure? Please be aware that when using AirVPN or any VPN, while signed in to things such as your e-mail or other online accounts, you might get incorrect notices of being hacked. You have not been hacked most likely, it's just that when services see you log in from several different IP addresses, they get suspicious. Simply keep calm and investigate the issue. No, definitely not. But in terms of steps you can take to reach very high levels of privacy and security, this is one of the best steps you can take. Privacy and security are hard things. To achieve even higher levels involves sorting out things like your operating system, browser, various habits and using networks like Tor, in addition to a VPN like this. Security is hard. It's rarely, if ever, just a one-off solution. Often, security is as much a process, as it is about a single good product, like this VPN. However. just because a VPN doesn't do everything, it doesn't mean it's useless. A lot depends on what you're trying to do/achieve and who your "enemies" are. Yet it should be said, that AirVPN is quite extreme about security. For Air, it's "all or nothing" in many ways. AirVPN is so focused about security, that they even fix issues before they're published! However, VPNs and others technologies are becoming more and more important, as new spy laws like the UK Snoopers Charter & US Rule 41 Amendment crop up. Please check the question "What does AirVPN do to make it safe to use and does it log or track people?" further down, for more details. VPNs A & B have features X & Y, how does AirVPN compare? For this, check out the forum made specifically for that. It's often the case that features from other VPNs are either already included in AirVPN, aren't included because they're unsafe or just aren't as good as they sound. For instance, a rival VPN might say "We offer PPTP and many other secure protocols!", while Air doesn't, because Air knows PPTP is unsafe. Or they might say they offer a "multi-hop" VPN, which may or may not be useful, according to AirVPN Staff. Support for the protocol known as IKEv2 is another example of where Air doesn't support something, but has good reasons for not doing so. As a final example, you will sometimes see competitors speak of their super-secret "camouflage", "4Dstealth" or "hidden" protocols or servers. This is just marketing for gullible customers . But such aforementioned marketing can greatly confuse efforts to compare Airs product with the competitors. So if in doubt, ask the competitor who is offering "stealth"-something, what it is. If I use AirVPN, will I be able to use service XYZ with it? Please be aware that when using AirVPN or any VPN, while signed in to things such as your e-mail or other online accounts, you might get incorrect notices of being hacked. You have not been hacked most likely, it's just that when services see you log in from several different IP addresses, they get suspicious. Simply keep calm and investigate the issue. Please also be aware that it is NOT the main purpose of AirVPN to get access to geo-restricted content because it's a losing battle and Air cannot control how companies such as the BBC and Netflix act. Being able to get access to a site, generally depends on which service you want and which country it's in. AirVPN doesn't have servers in every country. In general, you can get access to everything. Although services like BBC iPlayer and Netflix actively try to block VPNs. Even services as normal as payment processors, such as PayPal don't always make things easy. This means it's not always possible for a VPN provider to do anything about it. But we do have forums to discuss and notify AirVPN on, so that AirVPN can try to solve it as best as it can. But before you post in that forum, make sure to Read This First, as it might help you & will make your posts more helpful to others. AirVPN has a very useful tool called the Route Checking tool. It allows you to test access to a website from ALL AirVPN servers. Just put in a full link in the search field and click the search button. Then press F5 or hit the refresh button in your browser. Green results usually mean there's access; red results mean the opposite. This is useful for seeing if it's only you who has a problem or only the server you're on. As well as which servers don't have a problem, so that you can switch to using those ones instead. It's most important that it's green in the "HTTP" column. There's many different HTTP Codes, so here's a list. VPNs generally slow down your connection a little. But AirVPN is so good that it's still possible to play Multiplayer games through it, without your connection slowing down too much, in my own experience. What does AirVPN do to make it safe to use and does it log or track people? AirVPN isn't just safe because it promises to be so in its marketing. Instead, it backs things up with hard technical specifications and high standards, that you can verify yourself. AirVPN is logless and can't be forced to log surreptitiously, fully supports P2P on all servers & as per #5 ignores all DMCA requests. Remotely-forwarded ports aren't logged either. Here's additional things Air does to increase its security and privacy: AirVPNs infrastructure conforms to a high degree of openness & transparency. This helps show that none of Airs locations are fake, but only bare-metal & lets users compare with one another. AirVPNs encryption standards are military grade and so for all intents and purposes unbreakable. It also only uses the most secure VPN protocol too: OpenVPN. No PPTP/SSTP/L2TP/IKEv2. AirVPN doesn't use any third party tracking on its website, such as Google Analytics or Social buttons, because they leak. Instead, it uses open-source analytics Matomo, which is closed loop. AirVPNs website meets the highest SSLabs security standards: A+. AirVPN takes its mission to fight censorship and manipulation of the Internet extremely seriously. This also means being highly willing to help out journalists and human-rights defenders. AirVPN only uses FOSS (Free and Open Source Software) in its Eddie client. Therefore the software running on your system is not a security "blackbox", but can be independently verified. AirVPNs Eddie client supports a wide selection of protocols. Including SSL and SSH. As well as anonymising services such as Tor; so that you can "partition trust" and need not trust AirVPN. AirVPN fully accepts crypto-currencies. Including to the point where it accepts Bitcoin directly. No middlemen. So if done right, you can use AirVPN with Air knowing nothing about you. AirVPN explains how it doesn't need to inspect or monitor traffic in order to check for breaches of ToS. AirVPN is against security through obscurity, including in its client software Eddie and so shows all the information it can; which leads some users to erroneously think there's logging going on. AirVPN has since then expanded on this point. AirVPN uses in-house support technicians and not outsourced third-party technicians and external packages such as Zendesk. So as with #3, it's closed-loop. No leakage. AirVPN has a strict location policy, so that it doesn't just set up servers in a new, potentially unsafe or questionable, location. One which can't supply the performance required, either. AirVPN has its own DNS servers and "killswitch" feature. With Network Lock on, any accidental loss of connection from Airs servers won't leak anything about you; including WebRTC. AirVPN is run by extremely knowledgeable technical people and not just businessmen. So they're easily able to both explain, defend and attack subjects on a purely technical level. AirVPN supports the auditing of some of the crucial security software that underlies different systems and also supports other projects/groups/services such as Tor, Edri and OpenNIC. AirVPN runs this forum, which can seem like a small thing, but it's actually really important, as it allows for the open sharing of knowledge, providing of technical support and mythbusting. AirVPN already acts as a "multi-hop" VPN and takes many other measures to increase security, such as separate entry & exit IPs, Perfect Forward Secrecy and HMAC SHA1. AirVPN has a strong focus on avoiding marketing fluff and overselling. Which means you know exactly what you're getting and don't need to deal with deceptive use of technical details. AirVPN is highly consistent with staying constantly on top of any security issue. AirVPN is based in Italy and is therefore within the EU. This has a range of other benefits too. That's 20+ ways in which Air has extremely high security "by default". All made nice and easy for you to use. If you want more, there's a simple 3 step guide for that. But seriously, there's always more you can do yourself. When will AirVPN add country or server XYZ? AirVPN Staff do not usually tell the community when a new country or server will be added. They simply add them. So it's easy to miss. The Eddie client will automatically show them. AirVPN frequently adds new countries/locations. This can be seen in the announcement forum, so please try to check this and the Eddie client (if you use it) before asking. Thank you. Requests for a specific location or addition to an existing one, are fine. But demands to know when something will happen, are futile, since AirVPN follows a strict location policy. The technical specifications regarding security/encryption for the Air servers that are used, can be found here. Further, those technologies and standards allows Air to pursue its Mission. Please remember that even if a country you want hasn't been added, you may still be able to get access to the web-content of that country, thanks to Airs micro-routing feature. Here's some old posts regarding different locations, so that you may not need to ask. Please note that some, such as Japan as of 2018 & Austria, were already added: Italian Servers? Japan/Korea Servers? [staff Comment] Russian Servers? Danish Servers? Middle-East/North African Servers? Indian Servers? Panama Servers? Australian/New Zealand Servers? Latvian Servers? French & Belgian Servers?[uPDATE: French Servers Momentarily Withdrawn] Austrian Servers? Central/South American Servers? AirVPN now allows 5 connections per account instead of 3, but is it possible to buy more connections? AirVPN has increased the limit from 3 to 5 connections. Thus it's unlikely to be possible to buy more connections at any point. But you can use a modified router if you still need more than 5. If you change your router firmware(software) to something like DD-WRT or Tomato for instance, you can make all devices on your Wi-Fi/Router go through AirVPN. However running a VPN on a router is quite hardwork for most routers. So you either need high-grade commercial ones or computers like the ZBOX Nano, converted into routers. That ZBOX Nano PC would be excellent for a VPN to run on, as the hardware is very good; even more than the commercial routers. Only savvy users should consider this. Who runs AirVPN & moderates the forums? The Staff account is the Official voice of AirVPN. Private messages cannot be sent to them. Clodo & pj are the most visible AirVPN employees. Clodo is the developer of AirVPNs "Eddie" client software, while pj is a co-founder of AirVPN. Community moderators: zhang888, giganerd and LZ1. Note that we are NOT AirVPN employees, have no access to Air infrastructure and do NOT speak for Air in an official way. Instead, zhang888, giganerd and LZ1 are a part of what the Air Staff call the Air "forum Staff". Note that member profiles can't be accessed by others by default, unless you add them as friends or they made their profile public. Air itself is based in Italy and so that's where their staff will be sourced from. What are some of the "Status" page functions for & how do I use AirVPNs "Micro-routing" feature? The first page you see when you go to the Status page, is an overview of Airs servers & service. Useful for seeing if any server is down or very busy, downloads and how many users there are. The Ping Matrix shows the latency between Air servers and if there's any (severe) packet loss somewhere. No packets = no connection. The Top Users page can help you verify if others are still getting good or bad performance, compared to yourself. The Checking Route page is for seeing if Air servers can or can't connect to a website you select. Unlike the Ping Matrix. There's also the special AirVPN "Micro-routing" service. To use it, simply make sure you connect to Airs servers & DNS. (Automatic when you use Airs Eddie client). Without the micro-routing, if you want to watch French TV for example, you would have to connect to a French server. But with micro-routing, you can connect to ANY Air server and still watch French TV, as long as the TV's website is on the "Website support" list. It's possible to make requests to get sites added to these lists. Anyway, this micro-routing is very very useful ! Because it means that EVEN IF Air takes all French servers offline for some reason, you will still be able to access French content! Is it free and if not, why should I pay for it? AirVPN is not free, but you can get a short trial if you ask nicely. The Trial has unlimited data and full speed. But you can only get a refund if you have used less than 5GB. Free services don't offer many of the very nice features which let you get around website/service blocks. But it can be hard to market these features to non-technical people, because they're not always easy to explain. Yet once you try them, you will appreciate them. AirVPN has quality servers & connections, as well as guarantees a certain speed, with no limits. So it's possible to play multiplayer games through it. Free services often have to exploit their users in order to survive. This is normally done by tracking you, possibly undermining your security and selling your data to 3rd parties. If a free service is leaking your data due to poor practices and technology by accident or selling it on purpose, what's the point in using it then? VPN means Virtual Private Network. Even if a free service doesn't exploit you, you still don't have the same level of security or assurances, because how would a free service pay for that? Real security is hard and costly. Would you rather go through 5 bad free services, risking your security and privacy or would you rather take your privacy and security seriously the first time, for a small fee? If you only need a VPN 1 time, then it's probably not worth it to use a paid service. But if you know you'll need it often, it's worth the investment. Air has a very cheap 3 day plan too though. Free services often have many limits. But AirVPN is logless, allows 5 devices per account, allows P2P and other protocols, has no data/bandwidth limits & very high security. So basically, you need to be able to Trust your provider, yet why would a free service be trustworthy? They don't owe you anything. But a paid one at least does - not that all paid services are great either though. Not all services on the web offer the same level of protection either, whether free or not. Many services, paid & unpaid, lie to you about where they have servers. Fake GeoIP addresses. Since AirVPN isn't free, is it possible to buy a Lifetime subscription, as with other VPNs? Does AirVPN hold sales at all? This question has received its own dedicated topic, so please click the link below All sales related questions are answered in this dedicated thread. Getting Started With AirVPN If you run into a problem with Airs software for some reason, then please make sure to check if there's an experimental version of the Eddie client you can download. Experimental versions aren't always available. How do I start using AirVPN? There's 3 simple steps: Create Account Choose a Plan Choose your setup Creating an account: You don't need a valid e-mail address. The site software, called IPB, just needs the field to be filled with something. Remember that password recovery will NOT work without a valid address. If you can, don't use something which uniquely identifies you. So even if you name your account ninja10834, that's still better than something about your real name, location or even interests. With this account, you can also post on the forums. However in the beginning, you won't be able to post on these forums immediately. This is because a moderator has to make sure that whatever you post, is both genuine and from a person. So when you click the "post" button, your own post will NOT show up immediately; so just be patient, when asking a question. After around 5-10 posts being accepted, your account will increase in level and you will be able to post things immediately, without any supervision. There's 2 names associated with your account. The first is your login name, which cannot be changed and can't be seen by others. You would need to make a new account, to change it. The second name is your forum display name. In my case, it's LZ1. This can be changed by you at any time, but only matters in the forum. NOTE: it's your login name you use for logging into the Eddie software, together with your login password. Choose a plan: At this stage, you pick both how you wish to pay and how much. It's possible to pay in currencies known as "cryptocurrencies". These cryptocurrencies, most famously Bitcoin, have a range of benefits when it comes to things like security and privacy, if used correctly. If you want to pay using a cryptocurrency, there's some guidance on what to do, further down, in the guides section. However if you're just starting out, it's fine if you just use your credit card or whatever method which suits you. It's also possible to ask for a short trial. You can also scroll back up to the "First Questions" section and look for the information on Air's sales, if you want to wait for a discount. After paying, you will be a "Premium User" and will be able to see how many days you have left of your subscription, at the top of the screen, when you're logged into your account. Choose your setup: AirVPN provides a mobile version of its Eddie app for Android. An iOS version is NOT available due to Apple's restrictive policies. This stage is pretty straightforward. Just make sure you select the right versions and hit Download. Your OS: Find out which Windows Operating System you're running or which GNU/Linux you're running. Mac users must use either Mavericks or something newer. Your Architecture: Most will be locked into 64-bit here, as 32-bit is outdated. Your Format: Windows users should select "Installer" & MacOS users select "PKG Package Installer". Ubuntu/Linux users pick according to distro; adding a PPA will enable auto-updates of Eddie. Your User Interface: Most people should pick Graphical UI. Unless you want to run some kind of headless install, as some technical users do. Then click the big blue Download button and follow regular installation procedures. Now you will be downloading the AirVPN software. DONE. No further reading is required from here. Just open Eddie and click "Connect to Recommended Server". Unless you need a guide for something or want to know some of the finer details. This software is called a "client". This "client" is called "Eddie", because that's what AirVPN calls it. So when you hear talk of "Eddie", it's referring to the software you downloaded. If you don't want to use Eddie for some reason, there's ways of getting around it. But for new and casual users, it's recommended that you use it. If normal Installer Formats create problems, you can sometimes fix them by using the portable formats. A portable download is also useful if you want to store Eddie on a USB stick. If the latest Stable or Experimental release doesn't work for you, then you can download an earlier version, by clicking the "Other versions" link under the blue download button. How and where do I manage my AirVPN settings? You do that in the Client Area Some of the most important things in this area include: Configuration Generator Ports Referrals Number 1 is where you automatically generate the files that your VPN needs to work (if you don't use the Eddie Client, such as if you use Android), after you tick some boxes. Number 2 allows you to tell the VPN which "ports" or "virtual doors" to open, which can speed up things such as your Bittorent client (qBittorent, uTorrent, Vuze, Transmission, etc.) Even though it looks confusing, the only thing you actually need to change, is putting the right number in the "Local Port" field. So if your torrent program uses port 7634 for instance, then you put 7634 into the "Local Port" field and simply click the green add button. Then a number will automatically be generated and put into the big white box at the top. All done. Number 3 shows you the link you can share with other people. If they buy an AirVPN plan, you get 20% of what they pay. Then you can use this money to pay for your own plan. What if I need help during the process? If you need help from Air, you can easily contact them. If you're wondering why AirVPN doesn't have "Livechat" or might take a little longer to reply than other providers, then this is why. However you can also just come to these forums. If you can't post yet, then you can read the various guides which exist. In the AirVPN program called Eddie, there's a tab called "logs", which lists various information about what's happening. You can copy this and post it on the forums so we can help. But when you post your logs, MAKE SURE you post them inside "spoiler tags". If you don't use spoiler tags, you will annoy and make things more difficult for everyone, including yourself. I've used untold numbers of spoilers in this guide, as an example. What are logs, where are they and how do I use spoiler tags? When the AirVPN Eddie software is running, it creates a list of what it is doing. What's connecting, when, where, if something went wrong and so on. A log of events. So when you ask for help on these forums, we will often ask about your logs, because without logs, we do NOT know what is happening, in your specific situation . If you open the AirVPN "Eddie" client software, you will see a "Logs" tab. On the top right-hand side of the window, the 2nd button from the top, lets you copy your logs quickly. After copying the logs from Eddie, paste them into your posts when you need help. Do so by typing the short codes necessary; which we call using "Spoiler tags". This makes it much more convenient for everyone; just like this question and answer, is inside a spoiler . Please try to do it, thank you! Is there anything in my AirVPN account I should change? Go to the top-right corner of the screen and click your account username. Then click "My Settngs" in the drop-down box. Under "Profile Privacy", you might wish to un-check the checkbox, if you want others to be able to view your profile when clicking your name. Under the "Notification Options" tab and then under the header "Topics & Posts", check the box which lets you auto-follow things you reply to. This is very useful. Because then you'll get a little notification in the top-right corner, every time someone replies to a thread you made. This makes getting help more convenient. It's also good for following what's happening in threads that you post in. Remember to check the boxes on the right-hand side, so that you can choose if you want to be notified via the forum or via E-mail . You can also enable notifications for when people "like" your posts, since that can be quite encouraging! Under "Profile Settings", you might be curious about who visited your profile. So you can make it show the last 5 visitors. Everything else such as signatures, allowing others to add you as a friend and so on, are up to you. Enjoy! Is there an Experimental or Beta version of the AirVPN Eddie Client I can try? If so, where is it and why would I want to try it? Note that whenever you download the Beta/Experimental Client, you'll always receive the latest one. You can check your version number after you open Eddie and go to its "About" page. There aren't always any Experimental clients to download and new clients are continuously released. So keep an eye on the announcement section, for Beta/Experimental clients. Just because a release is called the "Stable" version, it doesn't mean the Beta/Experimental client is "Unstable". However don't be surprised if you run into issues . You can find the Beta versions [if one is available] on the download page of your OS, under "Other versions": If for some reason an Eddie client doesn't work, try downloading a "portable" version on the OS download page, under "Format". Being Beta/Experimental, you might run into some bugs. However I use the latest all the time, with no problems really. For more information on what features are added and bugs taken away, go straight to the changelog The Beta/Experimental client often includes fixes for bugs which the "Stable" version of Eddie has, as well as various extra features and changes. This helps all platforms. For example, for Windows, a prior Beta release used WFP (Windows Filtering Platform), instead of Windows Firewall, which meant it became easier to use 3rd party security software. 3rd party security software, are things such as Comodo firewall or Avast anti-virus. Things which you install yourself. In addition, it also comes with the latest software updates "out-of-the-box", such as the latest TAP drivers and OpenVPN patches, so you don't have to update them yourself. It may enable some things by default, which a current Stable version requires you to change yourself (as explained in the next section of this guide). By using the Beta, you can also help AirVPN by providing feedback, which means Air can then make things even better . Each Beta release has its own feedback thread. Just remember to describe the problem, tell us which system you use (Linux/Windows/MacOS/etc.), the client version (Go to Eddie client "About" page) and some logs in spoilers! : D. Thanks! After Downloading The Eddie Client Please remember to share your Eddie logs and use spoiler tags, when you need help from the community. How to do so, is answered in the previous section, thank you! What's "Network Lock" & should I use it? Please be aware that using Network Lock with Tor can be contradictory to try. It's not currently planned for. Please also note that it's expected that Eddie turns off Network Lock, when Eddie is shut down. Network Lock in AirVPN, is what many other VPN providers normally call a "killswitch". So this is Airs own "killswitch". Network Lock (NL) is a way for the AirVPN software to force all of your computers network communications through the AirVPN service, so that nothing "leaks out" about your identity. For new users, I don't recommend using it too soon. I recommend waiting a few days and just getting comfortable with the day-to-day running of the software and then using it later. With NL on, your internet connection will stop entirely, if you lose connection to the Air servers. This is great for preventing information from leaking & is a feature, not a bug. Why is this important? Well, I don't want to name & shame other providers, but one poster showed that his last provider leaked his real IP address during server changes. This shouldn't happen. But with NL on, this won't happen to you, because changing servers in Eddie will mean disconnecting from server A to go to server B. Thus the connection is stopped first & then resumed. No leaks. But if you want maximum security right away and aren't afraid of small technical issues, you can start using it right away. It can always be changed back.. How can I test that AirVPN is hiding my IP and DNS addresses correctly? Turning on Network Lock in the Eddie client will protect you from WebRTC leaks. You can use AirVPNs own service called ipleak.net. Make sure it's .net and NOT .com. Since ipleak.net is run by Air, it has now received its own sub-forum, where you can ask questions, give suggestions and receive information on any changes made to ipleak. Un-configured, browsers like Mozilla Firefox and Google Chrome will "leak" (show) your real IP address through a technology called "WebRTC". To stop WebRTC, scroll to the bottom of the ipleak page and read the very short and simple instructions on how to fix it. It's not overly technical, don't worry. If you torrent files, there's also a torrent on the same website, which you can download in order to test which IP other torrenters would see if you torrented a real file. It's recommended you use Free & Open Source Software(FOSS). With this client, you can make it bind itself to whichever network adapter is using the VPN, which is convenient, so that it only torrents when using a VPN. I can recommend setting ipleak.net as your browser start page, so that every time you start your browser, you'll quickly be able to see if everything is working as intended. Eddie can't connect or is very slow, what can I do? If none of the below solutions work, then it's time to ask the forums or Air support. In BOTH cases, please supply your logs, as detailed before. Otherwise no one can help you. First, please make sure your client is updated to the latest Stable or Beta release. You can see your version number in Eddie>Top Left Corner Menu>About. Head to download page if not. Please try different protocols, at Eddie>Menu>Preferences>Protocols>Uncheck "Automatic">Select a protocol, such as SSL or TCP 443> Save>re-connect to an Air server. Please try connecting to not just different servers, but different countries too. Proximity to your location does not automatically mean better connections; due to routing technicalities. If you're an online gamer, you may benefit from changing the buffer sizes, as mentioned by Staff. If you're a Linux, MacOS or Windows user and webpages aren't loading fully or there's less than optimum speed, you can try the so-called "mssfix". If it's simply a problem with connecting to airvpn.org, then please try the alternate entry: airvpn.info - note that sometimes Air comes under attack from within and so you get an error page. If Eddie, such as in its Logs, says there's problems with route checking, please refer here for a solution. Note: disabling Preferences>DNS>Check Air DNS can be tried at the same time too. If you enabled Network Lock and can't connect to the web without Eddie turned on, then please disable Network Lock or reset your firewall and/or DNS, as shown in the two posts here. If torrenting speeds are slow, then please remember to port-forward and configure your torrent client correctly. For detailed guides on this, please go to the Guides Section below. For some ISPs, such as Virgin Media, please check the Guides Section below, for specific tutorials on how to optimize speeds. In some cases, especially if you run Air directly on your router, it's possible that your computer hardware isn't new enough to handle the encryption quickly enough. For Windows users, updating or downgrading the TAP adapter may work. But this shouldn't be tried as the first thing, as it's often not necessary now. For Windows users, you can try downloading a program called TCPOptimizer. Which other steps can I take to increase my privacy and security? Using AirVPN with Tor is a strong answer, among many other good ones. Here's a further explanation of how AirVPN & Tor work, when together. There's also many other ways to handle privacy and security on multiple fronts. If you're looking for a technical challenge, you can install pfSense on a very powerful computer, to make it act like a router, so that all devices connected to your Wi-Fi will be covered by the VPN. Why not just use an expensive commercial router? Because even expensive ones struggle to handle the protocol known as "OpenVPN" efficiently enough to give excellent performance. You can change the software & hardware you use & support the organisations which try to make things better; such as the FSF/EFF. If you're a geek or networking enthusiast, you can also check out things such as the Turris Omnia router, which offers very powerful hardware & software. AirVPN Guides Section Make sure to check the date of the posts you read below. Hope you like it ! Guides, How To's & Troubleshooting Amazon devices like the Fire Stick, Fire TV Cube and others can be used with Android Eddie without sideloading, according to Staff. Mini-guide by Staff on how to test if your connection is being shaped/throttled [How-To] Use AirVPN with Network Manager on Ubuntu/Mint [How-To] AirVPN via SSL/stunnel on Android 6/7/8 [How-To] fix Virgin Media Connection Drops/Bandwidth Issues Plex Server Guidance (Until someone makes an actual Plex guide) Paying with Bitcoin/Cryptocurrency Guidance. (Until someone makes an actual Cryptocurrency guide) Mini-guides On How To Improve Torrent Speeds Mini-guide On Torrenting With Tixati Client How To Autostart AirVPN As Root With No Password (Linux) Note: security risk & What Staff Says(OSX/MacOS) How To Setup The Eddie Client On Raspberry Pi 3 How To Port-Forward & Use A Torrent Client Guide To pfSense 2.3 For AirVPN Guide to pfSense 2.1 For AirVPN Firefox Extensions Guide Guide To Setting Up VPN For Torrenting On Windows Guide - What To Do When A Site Is Blocked AirVPN Forum Styleguide How To Improve Smartphone Security How To Block Non-VPN Traffic With Windows Firewall How To Connect To AirVPN With Your Fritz!box Router Using AirVPN Through Stunnel On Android Using AirVPN Over Tor Using AirVPN on iOS Check Your TAP Driver Version Explaining The Use Of AirVPN With Tor How To Configure A Synology Device For AirVPN AirVPN & iOS Other Noteworthy Resources Links Please be aware that AirVPN, unlike most, does NOT buy or otherwise use paid-for reviews. An alternative VPN client to Eddie, for Linux. Best VPNs 2016 & AirVPNs results Advanced Networking & Computing How To Break The Internet (Cory Doctorow) (Recommended Watch) Why the OpenVPN protocol that Air uses is good Guide to all things privacy Five Eyes Countries Schneier on Encryption CGP Grey explaining Encryption 10 Myths About VPNs (Ignore the self-advertising) (Recommended Read) The Eternal Value Of Privacy (Recommended Read) Credits Thank you to: AirVPN & Staff for their excellent service and explanations. inradius for his guide on how to use Air with Network Manager on Ubuntu/Mint Omninegro for his pertinent guide on extensions. The always crazily knowledgeable and helpful zhang888, whom I owe a lot to for all his work here. Thanks man. Omniferums excellent guide on securing Windows. pfSense_fans guide on how to use the excellent pfSense firewall software. The always very friendly and helpful giganerd! NaDre for his excellent torrenting guide. neolefort for his Synology guide. sheivoko's guide on using AirVPN through stunnel on Android bigbrosbitch for starting a guide on mobile security Zensen for his guide on how to autostart Eddie on Linux with Root sagarbehere for his nice guide on how to set up Eddie on a Raspberry Pi 3 rainmakerraw for his mini-guides on improving torrent speeds and how to torrent. lewisisonfire for his guide to fixing out Virgina Media-related issues and with nice pictures too. Khariz, giganerd and ~Daniel~ for their helpful posts. I hope the guide was of use! If you find any inaccuracies, feel free to tell me. I worked hours on this tiny guide, so I want it to be perfect haha. I hope your experience with AirVPN will be a good one! Mine certainly has been. If you have any questions, feel free to ask. Thank you for reading :] P.S. I consider myself pretty savvy, but I remember being confused when I got here. So I can only imagine how it is for less savvy individuals. P.P.S. I know it lacks images, but images do evil things to my spoilers, lol.
  9. Using AirVPN suite 1.2.1 on Debian Bullseye, I can't seem to get the --air-list, --air-info, --air-key-list options to output anything. I'm probably missing something obvious. I'm operating under the assumption that these commands are supposed to pull their info from AirVPN servers. Should I instead generate that info independently and store it locally somewhere for goldcrest to query? Here's the output from example commands given in the readme (other variants give the same output): use@host:~$ goldcrest --air-info --air-server all 2023-03-13 14:26:26 Reading run control directives from file /root/.config/goldcrest.rc Goldcrest 1.2.1 - 9 December 2022 2023-03-13 14:26:26 Bluetit - AirVPN OpenVPN 3 Service 1.2.1 - 9 December 2022 2023-03-13 14:26:27 OpenVPN core 3.8.2 AirVPN linux x86_64 64-bit 2023-03-13 14:26:27 Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved. 2023-03-13 14:26:27 OpenSSL 1.1.1n 15 Mar 2022 2023-03-13 14:26:27 Bluetit is connected to VPN
  10. With the latest revelation from google about Quantum Computing, I would like to know how safe arewith with Airvpn? What is the best encryption method and how do we implement it .
  11. Hello community, I'm quite new to VPN's and used them only in Client mode. I need a solution where all my network traffic gets routed trough a VPN, for every client that is connected to my Archer M600. On my Fritzbox and Archer M600 I only got the option for Server mode, to access my homenetwork from the internet, but not in Clientmode for outgoing traffic Am I maybe just overseeing something? I got a Pi4 aswell. Any chance to get this working? Thanks
  12. Looking into subscribing? potential issue I'm unsure of. My home has CCTV installed will there be any conflict as the the post used for it are as per image
  13. Hi, I have written an alternative client for AirVPN that I would like to share with you. Just as Eddie, it supports other providers, too, as long as OpenVPN config files are provided. For AirVPN and Mullvad it offers a convenient update function that just requires you to enter your credentials in order to download the latest server configurations. Furthermore, it allows you to choose among the plethora of protocols offered by AirVPN (including OpenVPN over SSL/SSH) except the experimental ones (I might add support for those in the future, once they become available for all servers). Qomui (Qt OpenVPN management UI) as I have named it, is written in Python and PyQt and should run on any GNU/Linux distribution. It allows you to easily create double-hop connections. In other words, you can route your requests via two OpenVPN servers. This feature works provider-independent. For example, you could choose a Mullvad server for the first hop, and AirVPN for the second (I have successfully tested this with AirVPN, Mullvad and ProtonVPN). Thereby, it avoids a major downside of similar offers by some providers, namely the fact that if one provider controls all "hops" he or she could potentially still see, log or inspect all your traffic. In the latter case, you would gain little in terms of privacy. With the ability to "mix" providers, Qomui does not suffer from the same problem and hence offers some tangible benefits. Obviously, you would still have to sacrifice some speed/bandwith, though. Depending on your DE (looking at you, Gnome!), Qomui will also display a systray icon that shows the country of the server you are currently connected to. Additional features include protection against DNS leaks and a firewall that optionally blocks all outgoing network connections except for the OpenVPN server you have chosen. Since it is never recommended to run graphical applications as root, which is a major flaw of most OpenVPN clients, all commands that require root privileges are handled by a background service that can be controlled via systemd. The following screenshot gives you an idea of what Qomui looks like (on Arch/Arc Dark Theme). If you are interested, you can download Qomui from github: https://github.com/corrad1nho/qomui Of course, I'd be happy for any kind of feedback. If you find bugs or Qomui does not run properly or not at all on your machine, please let me know. I'm happy to help! At last, a big thank you to AirVPN and its amazing community. The fact that you rely more on explaining technical details than empty promises, has helped me to learn a lot. It is also one of the main reason why I chose AirVPN. Commendably, Eddie is also released as open-source software. Only Mullvad does that, too, to my knowledge. Why doesn't every provider do that? You are selling a service, not software! Why would I trust in proprietary software? Funnily, I have never really used Eddie, though, since I was accustomed to manually adding config files to NetworkManager as my first provider did not offer a GNU/Linux client. My interest in features such as OpenVPN over SSL made me look into more convenient solutions, though. Ultimately I decided to write my own program as I wanted to learn some Python and this provided a perfect practical challenge. I have actually used Qomui daily on multiple machines during the past few months and constantly tried to improve it. So I'd thought it'd be about to time to share it (it's an alpha release, though). Have a nice weekend! Corrado
  14. Hello ! When a website is blocked or things aren't working so well somehow, that sucks. But posting a new topic will not automatically help. So before posting a new thread/topic, I recommend that you try these things first, to help yourself and everyone else out: Things To Try First Try check out the AirVPN Route Checking tool. Put the name of the website, such as www.netflix.com into the search field. Click search. Then refresh the page & look at the HTTP column.Try and change the server that you're using; especially to servers from other countries, rather than just servers from the same country you were first connected to, as sometimes the servers of 1 country are all having issues. Especially if the Route Checking tool shows a red color in the HTTP colum or codes like 403. The HTTP Codes mean different things.Try check out ipleak.net and make sure that the IP & DNS address fields only show 1 address each: those from AirVPN. Otherwise your ISP could be blocking you.For Windows, try going to your Control Panel>>Internet Connections>>Change Adapter Settings>>Right Click each adapter>>Properties>>Untick IPv6>>Click Ok. Similar steps for MacOS/Linux.Try use the AirVPN forum search field in the top right corner, to see if a similar thread exists already. It's better and easier if all the same posts are in the same thread.Try click the "Most Viewed" button, on the horizontal blue line, under the black "Start New Topic" button, in order to see the most viewed threads easily & quickly.Try and check that your ISP or country isn't listed here. Because these ISPs block various things.Try and check if the website is listed here. Sites listed here should be automatically unblocked, regardless of which server you use. (This is called "Micro-routing").Try and see if the content you want, is available via a torrent site, if you wish. You could then use qBittorent to download it using P2P technology, which AirVPN fully allows. (Not all VPNs do) Does AirVPN Care About Blocked Sites? Yes! AirVPN Staff routinely reply to all kinds of different threads on these forums. This includes replies to threads about Netflix. Moderators do too!However due to there being a lot of new threads, they don't always reply to each one. Especially if the thread already exists; such as the many threads about Netflix.This is why it's important to keep all posts about the same website, in the same threads, instead of just making a new thread, which won't get any attention.But the problem is, that AirVPN or even any other VPN provider, can't always do anything about blocks. That's the truth. Because sites like Netflix actively try to block VPNs.It's in AirVPNs Mission Statement to fight all kinds of blocks or attempts at censorship; so it's not because Air isn't trying to fix things. When You Post A Thread, Consider This If you absolutely have to post, then please include: a link to the blocked website, the AirVPN server you used, any error messages you got & any replies from support staff from the blocked site.You get bonus points if you also tell us that you already tried the route checking tool and other things listed in the first section. . Double the bonus if you post in an existing thread instead.Posting also doesn't guarantee that the problem will be fixed. But if you follow the suggestions here, then you will make fixing the problem both quicker and easier for Air & everyone else :]. If you have questions or suggestions, please do not be afraid of posting them here or sending me a PM. If you're new to VPNs, then please feel free to check out my New User guide. Please do provide feedback on this thread if it helped you or is missing something! Thank you for reading !
  15. Hey team, since one week I can't login and play Valorant anymore, supposedly because some EU VPN servers are blocked from access to the authentication servers via Cloudflare. Anything we can do to circumvent this? Like trying different ports or settings? Logging in through Netherlands, US and other VPN servers works, but it's horrible Ping for me obv. Prague, Frankfurt, Vienna, Brussels all don't work. Example: account.riotgames.com
  16. I am just wondering how affected are users of AirVPN who might live in India, because of this news development? i myself do not live in India but might similar countries adopt measures or laws like this one? India tells VPN / Cloud / Crypto companies to collect user data for 5 years or face IMPRISONMENT https://www.techspot.com/news/94441-india-tells-vpn-cloud-crypto-companies-collect-user.html i am asking because i want to know what a user of ANY VPN service would do if this kind of TYRANNY ever came to their country -- could they be detected as a "VPN user"? how dangerous is this law? I know that companies like Mullvad are now LOG-LESS AND DISKLESS -- meaning that their VPN service software CANNOT even collect any logs. How does AirVPN compare to Mullvad when it comes to being LOG-LESS? I know AirVPN is LOGLESS but are their servers also DISKLESS ??? Thanks in advance.
  17. Can this happen while being connected via AirVPN ? I do not know? --- Read more of this story at Slashdot. https://yro.slashdot.org/story/22/01/31/222250/website-fined-by-german-court-for-leaking-visitors-ip-address-via-google-fonts I originally saw this story posted on Facebook and here is their comment thread on it: https://www.facebook.com/slashdot/posts/10158469206330857 I do not know if this can still happen while being connected on ANY VPN, let alone while on or using AirVPN? Can anyone help me who knows better? I guess a simple yes or no from someone who knows better, would be reassuring lol
  18. Lately, I've been unable to get Eddie to connect to any server on my Linux operation system. It's always stuck while doing latency tests and I get this following error message. E 2021.12.27 13:47:45 - Exception: nft issue: exit:1; out:; err:Error: syntax error, unexpected rule, expecting string E 2021.12.27 13:47:45 - del rule ip filter OUTPUT ip daddr 52.48.66.85 counter accept E 2021.12.27 13:47:45 - ^^^^ If you need info on my OS... System: Host: <filter> Kernel: 5.14.0-4mx-amd64 x86_64 bits: 64 compiler: N/A parameters: BOOT_IMAGE=/vmlinuz-5.14.0-4mx-amd64 root=UUID=<filter> ro quiet splash slab_nomerge slub_debug=FZ init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on vsyscall=none debugfs=off oops=panic loglevel=0 spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force kvm.nx_huge_pages=force ipv6.disable=1 apparmor=1 security=apparmor random.trust_cpu=off intel_iommu=on amd_iommu=on efi=disable_early_pci_dma kaslr pti=on slab_nomerge page_poison=1 slub_debug=FPZ nosmt Desktop: Xfce 4.16.0 tk: Gtk 3.24.24 info: xfce4-panel wm: xfwm4 dm: LightDM 1.26.0 Distro: MX-21_ahs_x64 Wildflower November 22 2021 base: Debian GNU/Linux 11 (bullseye) Machine: Type: Laptop System: ASUSTeK product: ROG Strix G713QM_G713QM v: 1.0 serial: <filter> Mobo: ASUSTeK model: G713QM v: 1.0 serial: <filter> UEFI: American Megatrends LLC. v: G713QM.314 date: 09/03/2021 Battery: ID-1: BAT0 charge: 87.5 Wh condition: 87.5/90.0 Wh (97%) volts: 17.2/15.9 model: AS3GWAF3KC GA50358 type: Li-ion serial: <filter> status: Full Device-1: hidpp_battery_0 model: Logitech Wireless Keyboard K270 serial: <filter> charge: 100% (should be ignored) rechargeable: yes status: Discharging Device-2: hidpp_battery_1 model: Logitech M585/M590 Multi-Device Mouse serial: <filter> charge: 55% (should be ignored) rechargeable: yes status: Discharging CPU: Topology: 8-Core model: AMD Ryzen 9 5900HX with Radeon Graphics bits: 64 type: MCP arch: N/A family: 19 (25) model-id: 50 (80) stepping: N/A microcode: A50000B L2 cache: 4096 KiB flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm bogomips: 52703 Speed: 2857 MHz min/max: 1200/3300 MHz boost: enabled Core speeds (MHz): 1: 3370 2: 2728 3: 3567 4: 3239 5: 2523 6: 1916 7: 2650 8: 4126 Vulnerabilities: Type: itlb_multihit status: Not affected Type: l1tf status: Not affected Type: mds status: Not affected Type: meltdown status: Not affected Type: spec_store_bypass mitigation: Speculative Store Bypass disabled Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer sanitization Type: spectre_v2 mitigation: Full AMD retpoline, IBPB: always-on, IBRS_FW, STIBP: disabled, RSB filling Type: srbds status: Not affected Type: tsx_async_abort status: Not affected Graphics: Device-1: NVIDIA GA106M [GeForce RTX 3060 Mobile / Max-Q] vendor: ASUSTeK driver: N/A bus ID: 01:00.0 chip ID: 10de:2520 Device-2: AMD Cezanne vendor: ASUSTeK driver: amdgpu v: kernel bus ID: 06:00.0 chip ID: 1002:1638 Display: x11 server: X.Org 1.20.13 driver: amdgpu,ati unloaded: fbdev,modesetting,vesa resolution: 1920x1080~60Hz OpenGL: renderer: AMD RENOIR (DRM 3.42.0 5.14.0-4mx-amd64 LLVM 12.0.1) v: 4.6 Mesa 21.2.5 direct render: Yes Audio: Device-1: NVIDIA vendor: ASUSTeK driver: snd_hda_intel v: kernel bus ID: 01:00.1 chip ID: 10de:228e Device-2: AMD Renoir Radeon High Definition Audio vendor: ASUSTeK driver: snd_hda_intel v: kernel bus ID: 06:00.1 chip ID: 1002:1637 Device-3: AMD Raven/Raven2/FireFlight/Renoir Audio Processor vendor: ASUSTeK driver: N/A bus ID: 06:00.5 chip ID: 1022:15e2 Device-4: AMD Family 17h HD Audio vendor: ASUSTeK driver: snd_hda_intel v: kernel bus ID: 06:00.6 chip ID: 1022:15e3 Sound Server: ALSA v: k5.14.0-4mx-amd64 Network: Device-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet vendor: ASUSTeK driver: r8169 v: kernel port: e000 bus ID: 02:00.0 chip ID: 10ec:8168 IF: eth0 state: down mac: <filter> Device-2: Intel Wi-Fi 6 AX200 driver: iwlwifi v: kernel port: e000 bus ID: 03:00.0 chip ID: 8086:2723 IF: wlan0 state: up mac: <filter> IF-ID-1: tun0 state: unknown speed: 10 Mbps duplex: full mac: N/A Drives: Local Storage: total: 7.50 TiB used: 3.22 TiB (43.0%) ID-1: /dev/nvme0n1 vendor: Samsung model: MZVLQ1T0HBLB-00B00 size: 953.87 GiB block size: physical: 512 B logical: 512 B speed: 31.6 Gb/s lanes: 4 serial: <filter> rev: FXM7201Q scheme: GPT ID-2: /dev/nvme1n1 vendor: Samsung model: SSD 970 EVO Plus 250GB size: 232.89 GiB block size: physical: 512 B logical: 512 B speed: 31.6 Gb/s lanes: 4 serial: <filter> rev: 2B2QEXM7 scheme: GPT ID-3: /dev/sda type: USB vendor: Seagate model: Backup+ Hub BK size: 7.28 TiB block size: physical: 4096 B logical: 512 B serial: <filter> rev: D781 scheme: GPT Partition: ID-1: / raw size: 63.98 GiB size: 62.68 GiB (97.96%) used: 13.97 GiB (22.3%) fs: ext4 dev: /dev/dm-0 ID-2: /boot raw size: 256.0 MiB size: 237.9 MiB (92.93%) used: 104.7 MiB (44.0%) fs: ext4 dev: /dev/nvme1n1p2 Sensors: System Temperatures: cpu: 51.0 C mobo: N/A gpu: amdgpu temp: 46 C Fan Speeds (RPM): cpu: 0 Repos: No active apt repos in: /etc/apt/sources.list Active apt repos in: /etc/apt/sources.list.d/airvpn-stable.list 1: deb http://eddie.website/repository/apt stable main Active apt repos in: /etc/apt/sources.list.d/atom.list 1: deb [arch=amd64] https://packagecloud.io/AtomEditor/atom/any/ any main Active apt repos in: /etc/apt/sources.list.d/debian-stable-updates.list 1: deb http://deb.debian.org/debian bullseye-updates main contrib non-free Active apt repos in: /etc/apt/sources.list.d/debian.list 1: deb http://deb.debian.org/debian bullseye main contrib non-free 2: deb http://security.debian.org/debian-security bullseye-security main contrib non-free Active apt repos in: /etc/apt/sources.list.d/mx.list 1: deb https://mirror.us.oneandone.net/linux/distributions/mx/packages/mx/repo/ bullseye main non-free 2: deb https://mirror.us.oneandone.net/linux/distributions/mx/packages/mx/repo/ bullseye ahs Active apt repos in: /etc/apt/sources.list.d/whonix.list 1: deb [signed-by=/usr/share/keyrings/derivative.asc] https://deb.whonix.org bullseye main contrib non-free Info: Processes: 376 Uptime: 1h 32m Memory: 62.24 GiB used: 5.99 GiB (9.6%) Init: SysVinit v: N/A runlevel: 5 default: 5 Compilers: gcc: 10.2.1 alt: 10 Shell: quick-system-in running in: quick-system-in inxi: 3.0.36 Any help would be much appreciated. Thanks. Eddie_20211227_134819.txt
  19. Pegasus, US unconnectable. Fails with AUTH_FAILURE. Unfortunately it is currently selected by the DNS as the preferred US server. Connecting directly to Pollux (US) worked for me: I copied the US config (certs embedded) and changed the IP address. Here's a log for Pegasus (from right now, MTU notifications are from my own edits): 2021-09-26 04:29:38 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning. 2021-09-26 04:29:38 OpenVPN 2.5.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 17 2021 2021-09-26 04:29:38 Windows version 6.1 (Windows 7) 64bit 2021-09-26 04:29:38 library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10 Enter Management Password: 2021-09-26 04:29:38 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25343 2021-09-26 04:29:38 Need hold release from management interface, waiting... 2021-09-26 04:29:38 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25343 2021-09-26 04:29:38 MANAGEMENT: CMD 'state on' 2021-09-26 04:29:38 MANAGEMENT: CMD 'log all on' 2021-09-26 04:29:38 MANAGEMENT: CMD 'echo all on' 2021-09-26 04:29:38 MANAGEMENT: CMD 'bytecount 5' 2021-09-26 04:29:38 MANAGEMENT: CMD 'hold off' 2021-09-26 04:29:38 MANAGEMENT: CMD 'hold release' 2021-09-26 04:29:38 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2021-09-26 04:29:38 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2021-09-26 04:29:38 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1250) 2021-09-26 04:29:38 MANAGEMENT: >STATE:1632655778,RESOLVE,,,,,, 2021-09-26 04:29:38 TCP/UDP: Preserving recently used remote address: [AF_INET]199.249.230.16:443 2021-09-26 04:29:38 Socket Buffers: R=[8192->262144] S=[8192->262144] 2021-09-26 04:29:38 UDP link local: (not bound) 2021-09-26 04:29:38 UDP link remote: [AF_INET]199.249.230.16:443 2021-09-26 04:29:38 MANAGEMENT: >STATE:1632655778,WAIT,,,,,, 2021-09-26 04:29:39 MANAGEMENT: >STATE:1632655779,AUTH,,,,,, 2021-09-26 04:29:39 TLS: Initial packet from [AF_INET]199.249.230.16:443, sid=83a14a89 9092e81f 2021-09-26 04:29:39 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org 2021-09-26 04:29:39 VERIFY KU OK 2021-09-26 04:29:39 Validating certificate extended key usage 2021-09-26 04:29:39 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2021-09-26 04:29:39 VERIFY EKU OK 2021-09-26 04:29:39 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Pegasus, emailAddress=info@airvpn.org 2021-09-26 04:29:39 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1372', remote='link-mtu 1558' 2021-09-26 04:29:39 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1250', remote='tun-mtu 1500' 2021-09-26 04:29:39 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA512 2021-09-26 04:29:39 [Pegasus] Peer Connection Initiated with [AF_INET]199.249.230.16:443 2021-09-26 04:29:40 MANAGEMENT: >STATE:1632655780,GET_CONFIG,,,,,, 2021-09-26 04:29:40 SENT CONTROL [Pegasus]: 'PUSH_REQUEST' (status=1) 2021-09-26 04:29:40 AUTH: Received control message: AUTH_FAILED 2021-09-26 04:29:40 SIGUSR1[soft,auth-failure] received, process restarting 2021-09-26 04:29:40 MANAGEMENT: >STATE:1632655780,RECONNECTING,auth-failure,,,,, 2021-09-26 04:29:40 Restart pause, 5 second(s) 2021-09-26 04:29:45 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2021-09-26 04:29:45 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2021-09-26 04:29:45 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1250) 2021-09-26 04:29:45 TCP/UDP: Preserving recently used remote address: [AF_INET]199.249.230.16:443 2021-09-26 04:29:45 Socket Buffers: R=[8192->262144] S=[8192->262144] 2021-09-26 04:29:45 UDP link local: (not bound) 2021-09-26 04:29:45 UDP link remote: [AF_INET]199.249.230.16:443 2021-09-26 04:29:45 MANAGEMENT: >STATE:1632655785,WAIT,,,,,, 2021-09-26 04:29:46 MANAGEMENT: >STATE:1632655786,AUTH,,,,,, 2021-09-26 04:29:46 TLS: Initial packet from [AF_INET]199.249.230.16:443, sid=807e834f 86f4a62b 2021-09-26 04:29:46 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org 2021-09-26 04:29:46 VERIFY KU OK 2021-09-26 04:29:46 Validating certificate extended key usage 2021-09-26 04:29:46 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2021-09-26 04:29:46 VERIFY EKU OK 2021-09-26 04:29:46 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Pegasus, emailAddress=info@airvpn.org 2021-09-26 04:29:46 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1372', remote='link-mtu 1558' 2021-09-26 04:29:46 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1250', remote='tun-mtu 1500' 2021-09-26 04:29:46 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA512 2021-09-26 04:29:46 [Pegasus] Peer Connection Initiated with [AF_INET]199.249.230.16:443 2021-09-26 04:29:47 MANAGEMENT: >STATE:1632655787,GET_CONFIG,,,,,, 2021-09-26 04:29:47 SENT CONTROL [Pegasus]: 'PUSH_REQUEST' (status=1) 2021-09-26 04:29:47 AUTH: Received control message: AUTH_FAILED 2021-09-26 04:29:47 SIGUSR1[soft,auth-failure] received, process restarting 2021-09-26 04:29:47 MANAGEMENT: >STATE:1632655787,RECONNECTING,auth-failure,,,,, 2021-09-26 04:29:47 Restart pause, 5 second(s) 2021-09-26 04:29:51 SIGTERM[hard,init_instance] received, process exiting 2021-09-26 04:29:51 MANAGEMENT: >STATE:1632655791,EXITING,init_instance,,,,, The server page shows Pegasus is chosen as the best server although Pegasus' stats show it has zero users and the drop happened a couple hours ago (Sunday 09:00 on the graph). Similar to my last post I propose that servers are ranked differently. Apparently this time an end-to-end test using OpenVPN is required since the server is reachable but it has got issues with authentication.
  20. Quality of Service post: Although it is a 10Gbit server it seems to be suffering. I'm from Europe and checking its ping shows average 344ms over 234 attempts. This puts it in range of JP and NZ servers at 350ms. This is not the first time I've seen it perform poorly. Last week I connected to se.vpn.airdns.org (and it still shows as the preferred choice in API and https://airvpn.org/status/ EDIT: not any longer as of finishing writing) and had the same problems downloading a file with speed jumping up and down. To get the ping results I filtered the API JSON into an IP list to use with Nirsoft PingInfoView: https://www.nirsoft.net/utils/multiple_ping_tool.html Current IP list: (if you read this post at a later date: it is not up to date!) sortscript.sh | sort -k2 185.9.19.106 at, Alderamin (Austria, Vienna; 1000) 37.120.155.178 at, Beemim (Austria, Vienna; 1000) 217.64.127.194 at, Caelum (Austria, Vienna; 1000) 194.187.251.90 be, Capricornus (Belgium, Brussels; 1000) 91.207.57.114 be, Castor (Belgium, Brussels; 1000) 194.187.251.114 be, Columba (Belgium, Brussels; 1000) 194.187.251.162 be, Diadema (Belgium, Brussels; 1000) 194.187.251.154 be, Mebsuta (Belgium, Brussels; 1000) 82.102.23.130 bg, Apus (Bulgaria, Sofia; 1000) 82.102.23.138 bg, Grus (Bulgaria, Sofia; 1000) 45.162.229.146 br, Lalande (Brazil, Sao Paulo; 1000) 45.162.228.170 br, Peony (Brazil, Sao Paulo; 1000) 184.75.223.210 ca, Agena (Canada, Toronto, Ontario; 1000) 162.219.176.2 ca, Alhena (Canada, Toronto, Ontario; 1000) 184.75.221.202 ca, Alkurhah (Canada, Toronto, Ontario; 1000) 104.254.90.202 ca, Aludra (Canada, Toronto, Ontario; 1000) 184.75.221.114 ca, Alwaid (Canada, Toronto, Ontario; 1000) 184.75.221.170 ca, Alya (Canada, Toronto, Ontario; 1000) 184.75.221.162 ca, Angetenar (Canada, Toronto, Ontario; 1000) 184.75.221.210 ca, Arkab (Canada, Toronto, Ontario; 1000) 184.75.223.234 ca, Avior (Canada, Toronto, Ontario; 1000) 184.75.214.162 ca, Cephei (Canada, Toronto, Ontario; 1000) 104.254.90.234 ca, Chort (Canada, Toronto, Ontario; 1000) 104.254.90.242 ca, Enif (Canada, Toronto, Ontario; 1000) 104.254.90.250 ca, Gorgonea (Canada, Toronto, Ontario; 1000) 87.101.92.170 ca, Lacerta (Canada, Montreal; 1000) 184.75.221.2 ca, Lesath (Canada, Toronto, Ontario; 1000) 184.75.223.218 ca, Mintaka (Canada, Toronto, Ontario; 1000) 192.30.89.66 ca, Nahn (Canada, Vancouver; 1000) 192.30.89.26 ca, Pisces (Canada, Vancouver; 1000) 184.75.221.34 ca, Regulus (Canada, Toronto, Ontario; 1000) 139.28.218.234 ca, Ross (Canada, Montreal; 1000) 104.254.90.186 ca, Rotanev (Canada, Toronto, Ontario; 1000) 184.75.221.178 ca, Sadalbari (Canada, Toronto, Ontario; 1000) 184.75.223.226 ca, Saiph (Canada, Toronto, Ontario; 1000) 184.75.223.194 ca, Sargas (Canada, Toronto, Ontario; 1000) 192.30.89.74 ca, Sham (Canada, Vancouver; 1000) 104.254.90.194 ca, Sharatan (Canada, Toronto, Ontario; 1000) 184.75.221.42 ca, Sualocin (Canada, Toronto, Ontario; 1000) 137.63.71.50 ca, Tegmen (Canada, Toronto, Ontario; 1000) 184.75.221.194 ca, Tejat (Canada, Toronto, Ontario; 1000) 192.30.89.50 ca, Telescopium (Canada, Vancouver; 1000) 192.30.89.58 ca, Titawin (Canada, Vancouver; 1000) 184.75.223.202 ca, Tyl (Canada, Toronto, Ontario; 1000) 184.75.221.58 ca, Ukdah (Canada, Toronto, Ontario; 1000) 185.156.175.170 ch, Achernar (Switzerland, Zurich; 1000) 185.156.175.34 ch, Achird (Switzerland, Zurich; 1000) 185.156.175.50 ch, Baiten (Switzerland, Zurich; 1000) 195.206.105.226 ch, Dorado (Switzerland, Zurich; 1000) 185.156.175.42 ch, Hamal (Switzerland, Zurich; 1000) 91.214.169.68 ch, Kitalpha (Switzerland, Zurich; 1000) 195.206.105.202 ch, Sextans (Switzerland, Zurich; 1000) 185.156.175.58 ch, Sirrah (Switzerland, Zurich; 1000) 46.19.137.114 ch, Virginis (Switzerland, Bern; 1000) 79.142.69.159 ch, Xuange (Switzerland, Zurich; 10000) 185.156.174.114 cz, Centaurus (Czech Republic, Prague; 1000) 185.156.174.26 cz, Markab (Czech Republic, Prague; 1000) 185.156.174.154 cz, Turais (Czech Republic, Prague; 1000) 89.238.166.234 cz, Zuben (Czech Republic, Prague; 1000) 185.104.184.42 de, Adhara (Germany, Frankfurt; 1000) 141.98.102.186 de, Alsephina (Germany, Frankfurt; 1000) 185.189.112.26 de, Cervantes (Germany, Frankfurt; 1000) 37.120.217.242 de, Cujam (Germany, Berlin; 1000) 141.98.102.242 de, Dubhe (Germany, Frankfurt; 1000) 185.189.112.10 de, Errai (Germany, Frankfurt; 1000) 178.162.204.227 de, Intercrus (Germany, Frankfurt; 1000) 141.98.102.226 de, Menkalinan (Germany, Frankfurt; 1000) 79.143.191.166 de, Mesarthim (Germany, Munich; 1000) 141.98.102.234 de, Mirfak (Germany, Frankfurt; 1000) 141.98.102.178 de, Mirzam (Germany, Frankfurt; 1000) 185.189.112.18 de, Ogma (Germany, Frankfurt; 1000) 178.162.209.151 de, Serpens (Germany, Frankfurt; 1000) 178.162.204.219 de, Tucana (Germany, Frankfurt; 1000) 178.162.204.222 de, Veritate (Germany, Frankfurt; 1000) 185.195.237.202 ee, Alruba (Estonia, Tallinn; 1000) 185.183.106.2 es, Eridanus (Spain, Barcelona; 1000) 185.93.182.170 es, Mekbuda (Spain, Madrid; 1000) 194.99.104.34 es, Taurus (Spain, Madrid; 1000) 185.103.96.132 gb, Alathfar (United Kingdom, Maidenhead; 1000) 217.151.98.162 gb, Alshain (United Kingdom, London; 1000) #89.238.150.42 gb, Arion (United Kingdom, London; 1000) 217.151.98.167 gb, Asterion (United Kingdom, London; 1000) 89.249.74.212 gb, Asterope (United Kingdom, Manchester; 1000) 185.103.96.134 gb, Betelgeuse (United Kingdom, Maidenhead; 1000) 94.229.74.90 gb, Carinae (United Kingdom, Maidenhead; 1000) 89.249.74.217 gb, Chow (United Kingdom, Manchester; 1000) 185.103.96.133 gb, Denebola (United Kingdom, Maidenhead; 1000) 2.58.47.202 gb, Geminorum (United Kingdom, London; 1000) 185.103.96.131 gb, Kitel (United Kingdom, Maidenhead; 1000) 185.103.96.130 gb, Minkar (United Kingdom, Maidenhead; 1000) 84.39.117.56 gb, Naos (United Kingdom, Manchester; 1000) 84.39.116.179 gb, Nashira (United Kingdom, Manchester; 1000) 192.145.126.114 gb, Orbitar (United Kingdom, Manchester; 1000) 141.98.101.132 gb, Westerlund (United Kingdom, Manchester; 1000) 37.120.210.210 jp, Biham (Japan, Tokyo; 1000) 82.102.28.106 jp, Iskandar (Japan, Tokyo; 1000) 37.120.210.218 jp, Okab (Japan, Tokyo; 1000) 193.148.16.210 jp, Taphao (Japan, Tokyo; 1000) 46.183.220.202 lv, Felis (Latvia, Riga; 1000) #159.148.186.13 lv, Meissa (Latvia, Riga; 100) 159.148.186.18 lv, Phact (Latvia, Riga; 100) 159.148.186.24 lv, Schedir (Latvia, Riga; 100) 159.148.186.31 lv, Shaula (Latvia, Riga; 100) 213.152.161.180 nl, Alchiba (Netherlands, Alblasserdam; 1000) 213.152.161.116 nl, Alcyone (Netherlands, Alblasserdam; 1000) 134.19.179.170 nl, Aljanah (Netherlands, Alblasserdam; 1000) 213.152.187.199 nl, Alphard (Netherlands, Alblasserdam; 1000) 213.152.187.194 nl, Alphecca (Netherlands, Alblasserdam; 1000) 134.19.179.242 nl, Alpheratz (Netherlands, Alblasserdam; 1000) 213.152.187.214 nl, Alphirk (Netherlands, Alblasserdam; 1000) 213.152.162.78 nl, Alrai (Netherlands, Alblasserdam; 1000) 213.152.161.4 nl, Alshat (Netherlands, Alblasserdam; 1000) 213.152.161.169 nl, Alterf (Netherlands, Alblasserdam; 1000) 213.152.187.204 nl, Alzirr (Netherlands, Alblasserdam; 1000) 213.152.162.164 nl, Ancha (Netherlands, Alblasserdam; 1000) 213.152.161.228 nl, Andromeda (Netherlands, Alblasserdam; 1000) 213.152.186.18 nl, Anser (Netherlands, Alblasserdam; 1000) 213.152.187.209 nl, Asellus (Netherlands, Alblasserdam; 1000) 134.19.179.194 nl, Aspidiske (Netherlands, Alblasserdam; 1000) 213.152.161.9 nl, Atik (Netherlands, Alblasserdam; 1000) 213.152.161.218 nl, Canis (Netherlands, Alblasserdam; 1000) 134.19.179.138 nl, Capella (Netherlands, Alblasserdam; 1000) 213.152.162.169 nl, Caph (Netherlands, Alblasserdam; 1000) 213.152.161.68 nl, Celaeno (Netherlands, Alblasserdam; 1000) 213.152.187.219 nl, Chara (Netherlands, Alblasserdam; 1000) 213.152.186.162 nl, Comae (Netherlands, Alblasserdam; 1000) 213.152.162.14 nl, Crater (Netherlands, Alblasserdam; 1000) 213.152.161.243 nl, Cygnus (Netherlands, Alblasserdam; 1000) 213.152.161.164 nl, Diphda (Netherlands, Alblasserdam; 1000) 213.152.161.210 nl, Edasich (Netherlands, Alblasserdam; 1000) 213.152.186.39 nl, Elnath (Netherlands, Alblasserdam; 1000) 134.19.179.146 nl, Eltanin (Netherlands, Alblasserdam; 1000) 213.152.162.73 nl, Garnet (Netherlands, Alblasserdam; 1000) 213.152.161.100 nl, Gianfar (Netherlands, Alblasserdam; 1000) 213.152.162.93 nl, Gienah (Netherlands, Alblasserdam; 1000) 213.152.161.39 nl, Hassaleh (Netherlands, Alblasserdam; 1000) 213.152.162.4 nl, Horologium (Netherlands, Alblasserdam; 1000) 213.152.161.34 nl, Hyadum (Netherlands, Alblasserdam; 1000) 213.152.162.9 nl, Hydrus (Netherlands, Alblasserdam; 1000) 213.152.186.23 nl, Jabbah (Netherlands, Alblasserdam; 1000) 213.152.161.84 nl, Kajam (Netherlands, Alblasserdam; 1000) 213.152.162.180 nl, Kocab (Netherlands, Alblasserdam; 1000) 134.19.179.178 nl, Larawag (Netherlands, Alblasserdam; 1000) 213.152.186.167 nl, Luhman (Netherlands, Alblasserdam; 1000) 213.152.162.103 nl, Maasym (Netherlands, Alblasserdam; 1000) 213.152.187.224 nl, Matar (Netherlands, Alblasserdam; 1000) 134.19.179.162 nl, Melnick (Netherlands, Alblasserdam; 1000) 213.152.161.29 nl, Merga (Netherlands, Alblasserdam; 1000) 213.152.162.68 nl, Mirach (Netherlands, Alblasserdam; 1000) 213.152.162.88 nl, Miram (Netherlands, Alblasserdam; 1000) 134.19.179.202 nl, Muhlifain (Netherlands, Alblasserdam; 1000) 213.152.162.153 nl, Muscida (Netherlands, Alblasserdam; 1000) 213.152.161.248 nl, Musica (Netherlands, Alblasserdam; 1000) 213.152.161.24 nl, Nash (Netherlands, Alblasserdam; 1000) 213.152.161.238 nl, Orion (Netherlands, Alblasserdam; 1000) 213.152.187.229 nl, Phaet (Netherlands, Alblasserdam; 1000) 134.19.179.130 nl, Piscium (Netherlands, Alblasserdam; 1000) 213.152.162.148 nl, Pleione (Netherlands, Alblasserdam; 1000) 213.152.161.233 nl, Pyxis (Netherlands, Alblasserdam; 1000) 213.152.162.83 nl, Rukbat (Netherlands, Alblasserdam; 1000) 213.152.161.19 nl, Salm (Netherlands, Alblasserdam; 1000) 134.19.179.154 nl, Scuti (Netherlands, Alblasserdam; 1000) 213.152.186.34 nl, Sheliak (Netherlands, Alblasserdam; 1000) 213.152.161.14 nl, Situla (Netherlands, Alblasserdam; 1000) 213.152.162.98 nl, Subra (Netherlands, Alblasserdam; 1000) 134.19.179.186 nl, Suhail (Netherlands, Alblasserdam; 1000) 213.152.161.137 nl, Talitha (Netherlands, Alblasserdam; 1000) 213.152.161.132 nl, Tarazed (Netherlands, Alblasserdam; 1000) 134.19.179.234 nl, Tiaki (Netherlands, Alblasserdam; 1000) 213.152.186.172 nl, Tianyi (Netherlands, Alblasserdam; 1000) 213.152.161.148 nl, Zibal (Netherlands, Alblasserdam; 1000) 82.102.27.194 no, Camelopardalis (Norway, Oslo; 1000) 82.102.27.170 no, Cepheus (Norway, Oslo; 1000) 185.206.225.50 no, Fomalhaut (Norway, Oslo; 1000) 82.102.27.162 no, Gemini (Norway, Oslo; 1000) 185.206.225.58 no, Ophiuchus (Norway, Oslo; 1000) 103.231.91.58 nz, Fawaris (New Zealand, Auckland; 1000) 91.207.102.162 ro, Alamak (Romania, Bucharest; 1000) 86.105.9.66 ro, Canes (Romania, Bucharest; 1000) 152.89.160.130 rs, Alnitak (Serbia, Belgrade; 1000) 128.127.104.79 se, Ain (Sweden, Stockholm; 10000) 62.102.148.149 se, Albali (Sweden, Uppsala; 1000) 62.102.148.142 se, Algieba (Sweden, Uppsala; 1000) 62.102.148.147 se, Algorab (Sweden, Uppsala; 1000) 62.102.148.145 se, Alrami (Sweden, Uppsala; 1000) 62.102.148.140 se, Altarf (Sweden, Uppsala; 1000) 62.102.148.151 se, Alula (Sweden, Uppsala; 1000) 62.102.148.150 se, Atria (Sweden, Uppsala; 1000) 62.102.148.141 se, Azmidiske (Sweden, Uppsala; 1000) 62.102.148.148 se, Benetnasch (Sweden, Uppsala; 1000) 79.142.76.243 se, Copernicus (Sweden, Stockholm; 1000) 62.102.148.144 se, Hatysa (Sweden, Uppsala; 1000) 128.127.105.183 se, Lupus (Sweden, Stockholm; 1000) 62.102.148.143 se, Menkab (Sweden, Uppsala; 1000) 62.102.148.146 se, Muphrid (Sweden, Uppsala; 1000) 31.3.152.99 se, Norma (Sweden, Stockholm; 1000) 103.254.153.68 sg, Antares (Singapore, Singapore; 1000) 185.200.116.210 sg, Auriga (Singapore, Singapore; 1000) 185.200.116.202 sg, Circinus (Singapore, Singapore; 1000) 185.200.116.218 sg, Delphinus (Singapore, Singapore; 1000) 185.200.117.130 sg, Hydra (Singapore, Singapore; 1000) 209.58.173.142 sg, Lacaille (Singapore, Singapore; 1000) 92.119.178.2 sg, Luyten (Singapore, Singapore; 1000) 209.58.183.86 sg, Struve (Singapore, Singapore; 1000) 185.200.116.130 sg, Triangulum (Singapore, Singapore; 1000) 91.231.84.39 ua, Alcor (Ukraine, Kiev; 1000) 173.44.55.154 us, Acamar (United States, Miami; 1000) 107.167.244.66 us, Alkes (United States, Los Angeles; 1000) 199.249.223.129 us, Aquila (United States, Fremont, California; 1000) 193.37.254.2 us, Bootes (United States, Phoenix, Arizona; 1000) 193.37.254.18 us, Chalawan (United States, Phoenix, Arizona; 1000) 199.249.230.41 us, Chamaeleon (United States, Dallas, Texas; 1000) 96.47.229.58 us, Cursa (United States, Miami; 1000) 185.228.19.146 us, Dimidium (United States, New York City; 1000) 199.249.230.36 us, Equuleus (United States, Dallas, Texas; 1000) 68.235.48.107 us, Fang (United States, Chicago, Illinois; 1000) 91.132.0.202 us, Gliese (United States, New York City; 1000) 37.120.132.82 us, Groombridge (United States, Los Angeles; 1000) 199.249.230.46 us, Helvetios (United States, Dallas, Texas; 1000) 64.42.179.58 us, Hercules (United States, Atlanta, Georgia; 1000) 193.37.254.26 us, Indus (United States, Phoenix, Arizona; 1000) 68.235.35.123 us, Kruger (United States, Chicago, Illinois; 1000) 199.249.230.21 us, Leo (United States, Dallas, Texas; 1000) 64.42.179.66 us, Libra (United States, Atlanta, Georgia; 1000) 194.36.111.58 us, Lich (United States, New York City; 1000) 199.249.230.6 us, Mensa (United States, Dallas, Texas; 1000) 107.167.244.50 us, Merope (United States, Los Angeles; 1000) 156.96.151.131 us, Metallah (United States, Pennsylvania; 1000) 64.42.179.42 us, Musca (United States, Atlanta, Georgia; 1000) 199.249.230.16 us, Pegasus (United States, Dallas, Texas; 1000) 193.37.254.34 us, Phoenix (United States, Phoenix, Arizona; 1000) 198.203.28.42 us, Pollux (United States, Jacksonville, Florida; 1000) 199.249.230.26 us, Ran (United States, Dallas, Texas; 1000) 107.167.244.82 us, Sabik (United States, Los Angeles; 1000) 64.42.179.34 us, Sculptor (United States, Atlanta, Georgia; 1000) 199.249.230.11 us, Scutum (United States, Dallas, Texas; 1000) 68.235.52.35 us, Sneden (United States, Chicago, Illinois; 1000) 37.120.132.90 us, Teegarden (United States, Los Angeles; 1000) 64.42.179.50 us, Ursa (United States, Atlanta, Georgia; 1000) 193.37.254.10 us, Virgo (United States, Phoenix, Arizona; 1000) 199.249.230.31 us, Volans (United States, Dallas, Texas; 1000) 199.249.230.1 us, Vulpecula (United States, Dallas, Texas; 1000) 173.44.55.178 us, Yildun (United States, Miami; 1000) I believe it doesn't affect Eddie as it can pick servers on its own by pinging. But the "preferred" server and DNS responses are still dependent on the server logic, hence Ain sometimes ends up recommended as Earth or Europe server (currently not any longer) but seems to always be the preferred choice for Sweden. To quantify that, it's 350 out of 755 users connected to Swedish servers and unnecessarily getting insane jitter and latencies. To proof it's not just me, https://lg.telia.net/ from AMS-IX showed 24ms to another Swedish server by AirVPN and approx. 340ms to Ain. Or AirVPN's own lookup: https://airvpn.org/routes/?q=128.127.104.79 PS: Is it an Intel CPU? Edit: What I meant to say with this post (not only to start investigating Ain) that the "best server" logic should be not only working based on bandwidth load, but the server's relative latency times. PS2: I do realize that it's currently listed as having issues (packet loss) but during my last week's connect afaik it wasn't. Logically, jitter/high latency begins before packet loss kicks in (networking and throughput theory) - https://airvpn.org/servers/Ain/
  21. Hot off the press! Arstechnica 'VPN servers seized by Ukrainian authorities weren’t encrypted' Why did they wait almost 2 weeks? The post was published on July 9th. The blog post seems to rather be in full damage control mode than to admit how much of a failure it was that it apparently contained the single VPN certificate shared across all servers. (looks like I got it wrong read first reply) On top of that a technically incorrect explanation of when this acquired certificate can be successfully exploited. I don't wanna rant right now but will expand on my points when asked. I'm also curious whether AirVPN actually keeps all sensitive data in RAM as stated in the Torrentfreak article: Although I don't see that Windscribe had actually lied about any of their stuff (beyond omissions in current damage control), can we be sure AirVPN actually has all of the above implemented? Though I like how specific the response in the description. Also AMD's Zen CPUs are currently the only ones on the market (in x86 space fore sure) with actual RAM encryption. Having data on RAM disk wouldn't be enough for a prepared attacker due to technical possibility of extracting the data in a cold boot attack. Such an upgrade would not only take a while for the infrastructure and but be costly.
  22. Guest

    Tor Project Membership

    Recently, the Tor Project announced a membership program. As Air has always been a strong supporter of the Tor Project, maybe you can also consider the membership? This can help secure its independecy while also making AirVPN known to a wider audience. Many NGOs still struggle as the pandemic has decreased their donations. Here is the link to the announcement: https://blog.torproject.org/tor-project-membership-program
  23. Currently AirVPN servers ONLY provide you with IPv6 connectivity (IPv6 traffic via VPN) if OpenVPN correctly pushes a certain value to the server. This is what the relevant config lines look like: push-peer-info setenv UV_IPV6 yes 'UV_IPV6 yes' is a variable that is set to 'yes', basically: yes, gimme IPv6 push-peer-info sends the server information about the client. This includes: OS version and OpenVPN client release, your router's MAC address and of course the UV_IPV6 variable that tells the server to give you an IPv6 address. This last part is problematic and has already led to problems for AirVPN users: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/556 I've run into this issue myself when I tried to get AirVPN running on Linux using the NetworkManager interface (present in virtually every distro out there). It's confusing because it seems to work but in reality it doesn't. You do get a connection, except without IPv6 forwarding. It's no surprise people encounter this: Why would one really need to install your client if the preinstalled GUI manager has worked fine before? Nobody knows the intricacies. Not even those who reported the issue to the correct place above! *drum-roll* and the problem is: NetworkManager. Really. NetworkManager is crippled in that it DOES NOT support many of the OpenVPN features. The combination of push-peer-info + setenv is one of them. The variable is not set upon connection -> VPN connects to the server -> The server does not see UV_IPV6=yes -> The server only setups IPv4 for the client. Yes, THIS IS A SECURITY ISSUE. According to Google, 32% of users have IPv6. Here come you, an AirVPN user with IPv4 and IPv6 on Linux, using NetworkManager. It seems to connect. You quickly check a website to see your IP and see that you indeed got a new IP (IPv4) after connecting to the VPN. Maybe the website doesn't show IPv6 at all, or the user doesn't pay attention to the fact this long and cryptic IPv6 didn't change or maybe the user did not yet have IPv6 and it was enabled later by the ISP... And there the user goes to surf online with half his ass naked: IPv4 is properly routed through AirVPN but IPv6 is still going through his real ISP. This must be changed. IPv6 must be the default. Do not leave a chance to expose users. When this change is applied, both config lines will be rendered obsolete and as a bonus, the clients will no longer unnecessarily send their internal MAC addresses to the server, which can be used too: - https://threatpost.com/fbi-mum-on-how-exactly-it-hacked-tor/117127/ | https://www.theregister.com/2018/02/24/tor_fbi_hacking_appeal/ - https://web.archive.org/web/20180923231303/https://blog.owenson.me/analysis-of-the-fbi-tor-malware/ Finally if you feel there's someone who really wishes to not use IPv6 via Air: reverse the config. Make it an explicit UV_IPV6=no to opt-out. Security must be the default. Thanks for reading. I really hope this change to be introduced soon. PS: Can someone login at the Freedesktop bug tracker above to tell these people that it's fixable? I don't have an account PPS: You can see what push-peer-info sends if you set verbosity to 4: "verb 4" in the config Tags: IPv6 not working AirVPN Linux config openvpn
  24. I have installed and got AirVPN working great on Windows 10. I have a Plex media server on the same pc but the Plex remote connection goes through the VPN. I want it to go outside the VPN and all other traffic on the pc go through the VPN. I have been able to get Plex to connect when the VPN is disconnected and I have also been able to get Plex to connect while VPN is connected but traffic goes through the VPN. I want to be able to connect to the VPN but all Plex traffic to travel outside the VPN. I need help!
×
×
  • Create New...