Search the Community
Showing results for tags 'guide'.
Found 12 results
-
This guide will explain how to setup OpenVPN in a way such that only select programs will be able to use the VPN connection while all other life continues as usual. Please read this notice before applying the guide Advantages: fail-free "kill switch" functionality (actually better than 98% of VPNs out there) continue using another VPN as primary or don't reroute any other traffic at all nobody, not even peers on LAN, will be able to connect to your torrent client (the only way: through the VPN connection) - eliminating unintended leaks Disadvantage: the apps will still use your default DNS for hostname lookups (secure your DNS separately!) See two more drawings at the end. The guide is applicable to all VPN providers who don't restrict their users to use the OpenVPN client. The method however is universally applicable. It was made with examples from Windows, but with Linux/BSD you will only need little tweaking to do. Specifically, net_gateway placeholder may not available and that's all there is to it. Android clients are probably too limited for this task and lack options we need. - Since there'll be a lot of text, sections titled in (parantheses) are entirely optional to read. The other guide by NaDre is old (2013), hard to read and pursues a slightly different approach. A Staff member actually posted a good first comment there, that's what we're gonna do. (Preface) The BitTorrent as a network is entirely public. Through the decentralized technology called DHT, everyone in the world can find out what torrents you are presumably participating in (this does not apply to private trackers who disable DHT). Clearly this creates an unhealthy atmosphere for privacy of users, e.g. one could find out the OS distribution one is using for a more targetted attack etc. Sometimes the ISPs are outright hostile to peer-to-peer technologies due to the traffic and bandwidth these are consuming. Instead of upgrading dated infrastructure, they cripple their users instead. There are many reasons to use a VPN, that was but a limited selection. ("Split-tunneling") This has become somewhat a marketing term nowadays, but actually explains the nature of the traffic flow well. In this guide only the programs set to use the VPN connection will use it, nothing else. All your traffic goes past the VPN while torrent client traffic (or any other selected program) uses only the VPN connection. ("Kill switch") We'll literally nail it using software settings of your program (the torrent client). This is a marketing-loaded name. In short: if the VPN connection is not available, no traffic ought to be sent bypassing it. In most cases where you have a VPN redirect all your system traffic - you should not rely on it as a feature. The OpenVPN software on Windows is not 100% proof, based on empirical evidence (reconnects and startup/shutdown phases) and some other VPN providers do no better (based on comments and stories). The only bulletproof solution: the VPN tunnel is set up on an intermediary device your PC is connected to - your end device (the PC) has no chance whatsoever to bypass the tunnel in that case. If the VPN provider uses a firewall under the hood, that's good too but with this guide you will not need a firewall nor rely on the VPN software. ("Dual-hop") With the knowledge and methods from this guide you will be able to daisy-chain multiple VPN servers. In essence, your traffic passes PC->VPN1->VPN2->Destination. This was not intended for this guide nor with AirVPN, it's finicky and I wouldn't recommend it myself without a real need and skills to automate the setup and configuration. How it will work Many users (aka mostly idiots on Reddit) are running in circles like qBittorrent is the only client (or probably the only application in the universe, unconfirmed) that can be set to use a certain VPN. Here's the technicality: this is called 'binding' - you can 'bind to IP' which will force the app to use a specific IP address and nothing else. If it cannot use the IP (when VPN is disconnected) then it will not be able to do any networking at all. The OS will deny any communication with the internet: boom! Here's your praised 'kill switch' and 'split-tunneling', 2-in-1. This is the next best bulletproof solution (the only better alternative is to use an intermediary VPN device, as any software could choose a different interface now to communicate with the internet). In a broader sense, you want to 'bind to a network interface' - your client will use any available IPs from the VPN interface - making it ready for IPv4 and IPv6. Oh and you don't need to change the IP once the VPN connection changes to another server. The OS handles the rest. Examples of programs that can bind to user-defined addresses include: (Windows) ping, tracert (IPv6-only, WTF?), curl and wget, and many others, including your favorite torrent client You will find guides online how to do that in your client or just look in settings. (Linux-specific differences of the guide) If you are a Linux/*nix user, there're some minor changes to the quick guide below: * Create custom VPN interface: Create with ip tuntap command. The below line will create 5 interfaces "tun-air1" etc. for YOUR user. Specifying your user allows OpenVPN to drop root rights after connection and run under your user (security). AirVPN allows up to 5 connections. If you have no use for this, create only one. Note: User-owned tunnel interfaces allow to be used by your non-root $user account, but there're issues with running OpenVPN without elevated permissions as $user user="$(whoami)"; for i in {1..5}; do sudo ip tuntap add dev "tun-airvpn$i" mode tun user "$user" group "$user"; done Check their existance with ip -d a -- the interfaces will not be shown under /dev/tun* ALTERNATIVE: openvpn --mktap/--mktun. See manual with man openvpn * Select custom VPN interface: This config part differs from Windows, very confusing. Steps: 1. Replace "dev-node" in config with "dev" 2. Add "dev-type tun" or "tap". Example of config: # if you have these defined multiple times, last entries override previous entries dev tun-airvpn1 # previously dev-node dev-type tun # previously "dev tun" on Windows There're no more differences. In-depth explanation: If you try to use dev-node like for Windows, you will see: OpenVPN log: ERROR: Cannot open TUN/TAP dev /dev/tun-airvpn1: No such file or directory (errno=2) Example strace of error: openat(AT_FDCWD, "/dev/tun-airvpn1", O_RDWR) = -1 ENOENT (No such file or directory) OpenVPN cannot find the TUN/TAP with the name? No, on Linux/*nix/*BSD dev-node has a totally different meaning. Dev-node specifies where the control interface with the kernel is located. On Linux it's usually /dev/node/tun, for the "mknode" command. If OpenVPN can't detect it for some reason, then you'd need to use dev-node. Finally you can start OpenVPN from terminal: sudo openvpn --config 'path/to/config.ovpn' --user mysystemusername --group mysystemusergroup PS: There're issues when running OpenVPN under your current $user. I think the problem was that it couldn't remove added routes after a disconnect. Instead run OpenVPN as root (isn't a good advice but it's what works) Windows Quick Guide Go to the folder where you installed OpenVPN and its exe files: 'C:\Program Files\OpenVPN\' Open CMD inside the 'bin' folder: Hold Shift + Right Click the 'bin' folder -> 'Open Command Window here' We will use tapctl.exe to create a new VPN network interface solely for use with AirVPN (to look around: run "tapctl.exe" or "tapctl.exe help") C:\Program Files\OpenVPN\bin>tapctl create --name AirVPN-TAP {FDA13378-69B9-9000-8FFE-C52DEADBEEF0} C:\Program Files\OpenVPN\bin> A TAP interface is created by default. I have not played enough with Wireguard's TUN to recommend it. You can check it out, it will be under adapters in your Windows network settings Important: Configure your app/torrent client to use this 'AirVPN-TAP' interface. This is what ensures your traffic never leaks. It may appear under a different name, in such case find out which one it is in the output of 'ipconfig /all' (enter this into CMD) If your client does not allow to bind to a general interface but a specific IP (poor decision) then connect to the VPN first to find out the local IP within the VPN network. In this case with AirVPN you may only use one single server or you'll have to constantly change the IP in settings. Generate AirVPN configs where you connect to the server via IPv4! This is important Add these to the .ovpn config files (either under 'Advanced' on the config generator page or manually to each config file) # NOPULL START route-nopull # IF YOU DO NOT USE ANOTHER VPN THAT TAKES OVER ALL YOUR TRAFFIC, USE "net_gateway" (just copy-paste all of this) # net_gateway WILL BE AUTOMATICALLY DETERMINED AND WILL WORK IF YOU CONNECT THROUGH OTHER NETWORKS LIKE A PUBLIC WIFI # personally, due to a second VPN, I had to specify my router IP explicitly instead of net_gateway: 192.168.69.1 # "default"/"vpn_gateway"/"remote_host"/"net_gateway" are allowed placeholders for IPv4 route remote_host 255.255.255.255 net_gateway route 10.0.0.0 255.0.0.0 vpn_gateway route 0.0.0.0 0.0.0.0 default 666 route-ipv6 ::/0 default 666 dev-node AirVPN-TAP # END OF NOPULL Test if the configuration works. Full tests, don't leave it up to chance. In-depth explanation of the OpenVPN config route-nopull rejects any networking routes pushed to you by the server, we will write our own route remote_host 255.255.255.255 <router IP> we tell our system that, to reach remote_host (the AirVPN server IP), it must send traffic to <router IP>. The subnet mask 255.255.255.255 says that this only applies to this single IP set <router IP> to be net_gateway (only for Windows users, check availability on other platforms) <router IP> may be any of the OpenVPN placeholders too, for example "net_gateway" should work universally (you avoid hard-coding the router IP and if it ever changes: wondering years later why the config no longer works) <router IP> is "192.168.1.1" in my case, for my home router that connects me to the internet. route 10.0.0.0 255.0.0.0 vpn_gateway we tell our system that all 10.x.x.x traffic will be sent to the AirVPN server the internal VPN network with AirVPN is always on the 10.0.0.0 - 10.255.255.255 network range. The subnet mask reflects that. However this may interfere with other VPNs if you ever need to be connected to both at once. I will not go into detail on this. What you need to do is to be more specific with 10.x.x.x routes in this config, i.e. instead of /8 subnet, only route the specific /24 subnet of the current VPN server (AirVPN uses a /24 subnet for your connections on each VPN server -> 10.a.b.0 255.255.255.0) vpn_gateway is one of OpenVPN placeholders route 0.0.0.0 0.0.0.0 default 666 allow routing of ANY traffic via the VPN we set the metric to 666, metric defined as path cost (historically) so setting it to a high value will make sure no normal connection runs through it, unless specifically bound to the VPN IP. route-ipv6 ::/0 default 666 same for IPv6. How many can claim they have working VPN IPv6 setup? Welcome in the future. IPv6 is over 20 years old at this point anyhow. dev-node AirVPN-TAP (Windows-only) tell OpenVPN to ONLY use this network interface to create the VPN tunnel on. Nothing should interfere with our setup now That's all, folks! Note: Somehow on Windows my AirVPN connection receives a wrong internal IP that doesn't enable networking at first. In my case I need to wait 1-3 minutes until OpenVPN reconnects itself based on ping timeout: after the reconnect I receive another IP and everything starts to work. I do not know whether it's an OpenVPN or a Windows bug. One last note: using multiple VPNs Actually this will work, that's how I roll. As long as both VPNs don't clash by using the same 10.0.0.0/8 subnet. If this happens, you will need to change Line 5 to point to a more specific (aka smaller) subnet tailored to your AirVPN server. Specifying a 10.x.x.0/24 subnet for routing will surely do (subnet mask: 255.255.255.0). Just be aware that you cannot practically use the same IP range in both networks at the same time (well, you'd need to bind the application you are using to either interface, which you cannot do with a browser or the printing service in case of internal resources). (The story of broken net_gateway) For this placeholder, OpenVPN attempts to determine your 'default gateway', i.e. the router all your internet traffic passes through. It normally works, but may not be supported on other platforms (Linux, sigh). However it has one unintended side-effect: if you already have a VPN that reroutes all your traffic, net_gateway will make all AirVPN traffic go through the first VPN: Your traffic -> VPN1 -> Internet Torrent traffic -> VPN1 -> AirVPN -> Internet That's the unintended dual-hop. Surely you can extend that scheme to 3,4,n-hops if you fiddle enough with routing, subnet masks and correct order. I'm not responsible for headaches We avoid that behavior with Line 4 from our config - the remote_host line forces the AirVPN traffic to go straight to the internet (through your LAN router). One more thing: net_gateway is not available for IPv6 routes in OpenVPN. That's why it currently only works with a IPv4 connection to the VPN server. (Crash course: Subnet masks) You've seen the weird number 255.0.0.0 above. You should refer to other pages for a proper explanation, but basically this is a very simple way for computers to determine the range of IP addresses that are part of a network (a subnet). What's simple for computers is very hard to grasp for us humans. 255 means there are NO changes allowed to the first set of IP numbers. I.e. the 10 in 10.0.0.0 always stays a 10. 0 means all numbers can be used. I.e. the zeroes in 10.0.0.0 can be (0-255), lowest address is 10.0.0.1 and the last address is 10.255.255.254 (technically, 10.0.0.0 is the first and the last 10.255.255.255 is reserved for 'broadcast') Any number in between denotes ... a range in between. 2^(32-prefix)=number. Number is the amount of available addresses and prefix is called the subnet prefix. Both are meant to describe the same thing. For 10.0.0.0/26 or 10.0.0.0 with subnet mask of 255.255.255.192 you get addresses in range 10.0.0.0-10.0.0.64 -- 2^(32-26) = 64. Similarly you can convert the subnet mask into the prefix number and work from there; or eyeball it: 256-192 = 64. (Two ways to accomplish routing) If you have two equal routes, e.g. 0.0.0.0 goes through VPN with metric 666 0.0.0.0 goes through LAN router with metric 10 then obviously the default route for a packet will travel through (2) - because it's a cheaper path. Unless an application specifies to talk only on the VPN interface. However a different rule applies whenever a more specific route exists 0.0.0.0/0 goes through VPN2 with metric 666 0.0.0.0/0 goes through LAN router with metric 10 0.0.0.0/1 goes through VPN1 with metric 30 128.0.0.0/1 goes through VPN1 with metric 30 Here the routes (3) and (4) cover the entire addressing space, just like 0.0.0.0/0. However because they are more specific, they'll be preferred for all traffic because these routes are more selective. This is how OpenVPN does override system routing with VPN routing by default. This is also what the other guide attempted as well, by pushing four {0,64,128,192}.0.0.0/2 routes. Since that was more specific, it would in return override the 0,128 routes and so on. We can calculate how many multi-hops we would be able to do with this method: IPv4 has 32 bits, we will not touch the last 8 bits of the subnets. That leaves us then with 24 bits or 24 maximum amount of hops. Theoretically. The routing table would be outright f---- to look at. This method is a bit more 'secure' in a way because you don't need to rely on overriding a certain metric value, you just slap a more specific route on top and it's automatically made default. Also you don't need to override the default gateway (router) and all that junk. However with my preferred method (first) you can quite easily do DIY dual-hop routing: 0.0.0.0/0 goes through VPN2 with metric 666 0.0.0.0/0 goes through LAN router with metric 10 0.0.0.0/1 goes through VPN1 with metric 30 128.0.0.0/1 goes through VPN1 with metric 30 <VPN2-IP>/32 goes through VPN1 with metric (any) Such a setup will make sure that all traffic destined for the internet (hits 3 and 4) will go through VPN1. If a program specifies the VPN2 network interface, then VPN2 will be reached via VPN1 first (you->VPN1->VPN2). This is quite 'quizzacious' to set up/control. Not part of this guide. As a part of this guide we told the system to route VPN2 via router on LAN. Yet you could indeed chain multiple VPNs this way and force the VPN1 to not only catch all traffic but also be chained via multiple VPNs itself so you would not need to manually set programs. I've seen scripts online for that purpose. Although be aware of MTU issues due to encapsulation. Troubleshooting tips TEST. SERIOUSLY, TEST YOUR SETUP BEFORE ENGAGING YOUR DATA CANNONS! A couple hours now are infinitely many times more worth than a 'leaked' mistake and headaches later on. https://ipleak.net/ - tests your client's default connection route. It would not tell you if your client is alternatively available on LAN for example. If you followed this guide and set up your client correctly, it will not be available on LAN etc. See the images below: 'without interface binding' (most newbie users) and 'with interface binding' (this guide) Wireshark to inspect how the traffic is actually flowing. Follow online tutorials, you only need to select the right network interfaces and filter traffic by port/IP (tcp/udp and your local or VPN IP) curl to send network requests. Like ifconfig.co / ifconfig.io will respond with the IP address it sees you as: curl --interface <your computer IP> http://ifconfig.co curl --interface 192.168.1.42 http://ifconfig.co # for IPv4 or IPv6, default route curl -4 http://ifconfig.co curl -6 http://ifconfig.co > route -4 print and > route -6 print on Windows. To compare the outputs, you can use Notepad++ with the compare plugin (you need two documents open, one in left and another in right pane before comparing). PS: AirVPN configuration generator does not support #comment lines. Please fix. Sorry Linux users, maybe another time I will write something tailored to you. But I believe you are smart cookies and will adapt the OS-specific steps to fulfill this guide's goal.
- ...
- 23 replies
-
- torrent
- vpn
- split-tunneling
- killswitch
- openvpn
- configuration
- windows
- linux
-
(and 8 more)
Tagged with:
-
Hello! This is just a short FAQ for Eddie Android, which is developed by AirVPN and first launched in 2018. I'll expand upon the FAQ as needed. Make sure to keep an eye on the News & Announcements forum for the latest updates. How do I fix an issue I'm having with the Master Password Feature or can I disable the Master Password? You should be prompted for a new password if you re-install the app. But as of writing, it's not possible to disable the Master Password. Why is a Master Password even required? It's meant as a security feature, so as to encrypt sensitive data locally on your phone/device. Will Eddie be available for Apple iOS? Not until Apple changes its restrictive policies. But Eddie for desktop is available on MacOS/Macbooks otherwise. This is due to mobile and desktop systems being different. Does it have a Network Lock/Killswitch/Leaks prevention feature like desktop Eddie? As with the Master Password, it's a possibility that being able to opt-out of this feature will be a possibility, despite the security pitfalls for the user. Note that enabling "Pause VPN when the screen is off" will NOT cause leaks. Not in the same way as desktop Eddie, no. Because mobile operating systems work differently and so it's not called "Network Lock". But it does try to prevent leaks, but this is rather "best effort". Where can I download Eddie Android from an AirVPN source and how do I configure it? When downloading from AirVPNs own repositories, keep an eye on which version you're downloading. Look here for a short tutorial for how to do it and where to download. It's possible to download the app from Google Play as well as AirVPN's own repositories. If I run into an issue, how can I report it? AirVPN has a bug bounty and vulnerability disclosure program for security issues. From within the app you can share your logs.[Technical] You may also attempt the use of logcat if the app has crashed.You can also try to submit a support ticket. Of course posting in the forums works too. Can I use Eddie Android with a different VPN provider? Yes absolutely. It's usually just a matter of downloading their .ovpn files instead of the AirVPN ones and then importing them. Eddie Android doesn't work on... Note that Eddie Android is otherwise stated as being supported on Nvidia Shield, Android TV and other devices. Sony Bravia Android TVs. Further ideas, thoughts, questions and suggestions are of course welcome as always. Please be aware that answers about AirVPN or desktop Eddie can often be found in the guide in my signature.
-
Hello ! When a website is blocked or things aren't working so well somehow, that sucks. But posting a new topic will not automatically help. So before posting a new thread/topic, I recommend that you try these things first, to help yourself and everyone else out: Things To Try First Try check out the AirVPN Route Checking tool. Put the name of the website, such as www.netflix.com into the search field. Click search. Then refresh the page & look at the HTTP column.Try and change the server that you're using; especially to servers from other countries, rather than just servers from the same country you were first connected to, as sometimes the servers of 1 country are all having issues. Especially if the Route Checking tool shows a red color in the HTTP colum or codes like 403. The HTTP Codes mean different things.Try check out ipleak.net and make sure that the IP & DNS address fields only show 1 address each: those from AirVPN. Otherwise your ISP could be blocking you.For Windows, try going to your Control Panel>>Internet Connections>>Change Adapter Settings>>Right Click each adapter>>Properties>>Untick IPv6>>Click Ok. Similar steps for MacOS/Linux.Try use the AirVPN forum search field in the top right corner, to see if a similar thread exists already. It's better and easier if all the same posts are in the same thread.Try click the "Most Viewed" button, on the horizontal blue line, under the black "Start New Topic" button, in order to see the most viewed threads easily & quickly.Try and check that your ISP or country isn't listed here. Because these ISPs block various things.Try and check if the website is listed here. Sites listed here should be automatically unblocked, regardless of which server you use. (This is called "Micro-routing").Try and see if the content you want, is available via a torrent site, if you wish. You could then use qBittorent to download it using P2P technology, which AirVPN fully allows. (Not all VPNs do) Does AirVPN Care About Blocked Sites? Yes! AirVPN Staff routinely reply to all kinds of different threads on these forums. This includes replies to threads about Netflix. Moderators do too!However due to there being a lot of new threads, they don't always reply to each one. Especially if the thread already exists; such as the many threads about Netflix.This is why it's important to keep all posts about the same website, in the same threads, instead of just making a new thread, which won't get any attention.But the problem is, that AirVPN or even any other VPN provider, can't always do anything about blocks. That's the truth. Because sites like Netflix actively try to block VPNs.It's in AirVPNs Mission Statement to fight all kinds of blocks or attempts at censorship; so it's not because Air isn't trying to fix things. When You Post A Thread, Consider This If you absolutely have to post, then please include: a link to the blocked website, the AirVPN server you used, any error messages you got & any replies from support staff from the blocked site.You get bonus points if you also tell us that you already tried the route checking tool and other things listed in the first section. . Double the bonus if you post in an existing thread instead.Posting also doesn't guarantee that the problem will be fixed. But if you follow the suggestions here, then you will make fixing the problem both quicker and easier for Air & everyone else :]. If you have questions or suggestions, please do not be afraid of posting them here or sending me a PM. If you're new to VPNs, then please feel free to check out my New User guide. Please do provide feedback on this thread if it helped you or is missing something! Thank you for reading !
-
I have officially made the switch to AirVPN and was mainly hoping to set my torrent client to only work through the VPN. What I have found is that the guides on this website are incredibly convoluted and expect a whole lot of knowledge from the user. I'm sure it's not on purpose and to advanced computer users everything is completely comprehensible. But as someone who would like to think of themselves as an above average computer user, I'm hitting walls at every step of the way. I'm not even going to bother asking the creators of those guides to elaborate on certain steps, because there's a good chance I won't understand their elaboration and even if I do, the next steps might result in similar problems. That's where video guides tend to be the most useful, because users can see exactly how a step should be taken instead of having to assume things. So my suggestion is: please do some videos to take users through the most useful/popular guides.
-
The port-forwarding page was updated very recently (neat!) and there's now an option to test whether the port is open and reachable. I did test it: unreachable! Darn, I must've changed/enabled the firewall again. Disable it? No, I will show you the proper way how to configure Windows Firewall for port-forwarding. Screenshots attached below Go to "Control Panel\All Control Panel Items\Windows Firewall". You will see the Home/Work and Public networks. Find out which one is your OpenVPN connection to AirVPN (mine is properly named, yours will not be), preferably you should've set it as a public network like me. if the VPN connection is not classified as a public network, change it now. There's no reason to allow Windows to be promiscuous with the local services like printing and file sharing on the VPN network. Read what is says about incoming connections: "Block all connections to programs that are not on the list of allowed programs". We will need to change that On the left click "Advanced settings" (opens "Windows Firewall with Advanced Security") - OR skip steps 1,2: Press Win+R keys and run "WF.msc" You'll see the same thing as in 3: "Public profile is Active - Inbound connections that do not match a rule are blocked" and "Outbound connections that do not match a rule are allowed" This means we only need to create inbound rules to allow incoming connections (port-forwarding) [Allow Program] Go to "Inbound Rules" -> New Rule... Rule Type = Program, Next This program path = choose the program's .exe file. Like "C:\Gameserver\server.exe", NEXT For Minecraft that's either java.exe or javaw.exe in Program Files. Windows: cmd.exe and run "where java" to find out the path. The first line is your answer Action = Allow the connection, Next Profile = Check the profile where AirVPN adapter is (e.g. Public). You can select all three checkboxes, it's ok. Name = "MyServer (allow program)" Your new entry will appear at the top. When you next visit the settings, it will be sorted alphabetically. [Allow ports] Only doing (5) was not enough to get port-forwarding to work, I had to explicitly allow the ports. Go to "Inbound Rules" -> New Rule... Rule Type = Port, Next TCP/UDP (repeat these steps to enable TCP AND UDP with 2 different rules) Specific local ports: Enter the port from port-forwarding page. If you specified a different local port there, enter the local port in Firewall settings. Next Allow the connection, Next Profile = See above or check all Name = "MyServer (allow TCP _port#_) Repeat these steps to allow UDP Now port-forwarding should work and inbound connections be accepted by your server or content-sharing application. This guide was sponsored by windows 7 gang Final result (I forgot to allow UDP 1234 too) Go to Windows Firewall, click advanced settings (left): Create new Inbound rule to Allow program (step 5): Now the individual TCP/UDP ports (step 6)
-
https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/ https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/ https://www.eff.org/privacybadger https://www.eff.org/https-everywhere https://www.requestpolicy.com/ https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/ https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/ https://addons.mozilla.org/en-US/firefox/addon/privacy-settings/ Three of these have been suggested to need a how to guide. (Including one I did not have in the list for just this reason.) https://airvpn.org/topic/17983-anonymity-and-machine-identification/?do=findComment&comment=43344 First of all is Ublock Origin. It is a classic adblocker that can do much more than most other such extensions. Here is how to configure it. Click the Ublock Origin icon in the browser. (Obviously it is the icon surrounded in green.) That brings this little menu down. Click the title of the menu where it says Ublock Origin. (Again, the green highlight shows where to click in case I am being too unclear.) That brings us to the Ublock Origin Dashboard. Click the "3rd-Party Filters" tab and set it similar to this. You have a lot of options here, but this seems to work everywhere I go on the Internet. Your mileage may vary. Once you change, add, or remove any filters, you will see "apply" in the upper right corner. Click that to save your changes. It will automatically update the filters for you. Now Request Policy and NoScript work almost identically. So I am just providing instructions for Request Policy. Too many sites fail to work as desired with NoScript, so I do not use it most of the time. Lets say you open Random.org and want to see how it works. Like the last few images, the green highlight is around the icon to click for this extension to do what it does best. That brings you to this. It shows you each domain attempting to load content into the page. See the options at the very bottom? Those are the only ones you should ever use unless you are really certain you know what you are doing. If you load a site and the images do not load with the text, or the formatting is all messed up, it is likely because it is being blocked by this. Use the Temporarily Allow option on the very bottom to see if that fixes it. If not, you may have more domains to permit. But be warned not to use the "Allow Requests from" option on any site you are not certain you trust. Temporarily allowing a bad site will usually not be a terrible choice, but if you set it to allow them without using the temporary option, you will have to hope the site does not mess things up that you cannot fix, and it will remember all but the temporary permissions assigned here next time you load the browser too. Be warned in advance that some sites will have dozens of sites they attempt to load content from. These are almost always clickbait sites, and if you see one like that, you should close that tab and never go back. NoScript works almost the same, except it only prevents sites from using javascript. Questions? Ask away.
-
Hi, I have been using AirVPN successfully on my system using this guide above on my private trackers for nearly a year. https://airvpn.org/topic/9549-traffic-splitting-guide-to-setting-up-vpn-only-for-torrenting-on-windows-thanks-to-nadre/?hl=utorrent I had successfully setup this system to work using the guide whereby uTorrent was using AirVPN and my browsing traffic using my own internet connection. Firstly, prior to this issue I have noticed that despite changing server 3 or 4 times. I cannot get a speed faster than 3.0mb/s when downloading on uTorrent. Previously I was getting between 8 and 12 down, running a test with my own internet gives me my max speed of around 30mb/s down. Two of my trackers have switched to using a HTTPS tracker address rather than a HTTP one and the downloads or uploads no longer work. I receive an Error of "A connection with the server cannot be established" and the tracker won't connect. The HTTP connections work fine. I have tested and either removing the firewall block to my non VPN IP allows the connections to go through when I have modified the Route table. Alternatively, If I remove the route table modification and allow all data to flow through the VPN. The torrent starts downloading. I am using the latest OpenVPN and UDP connections to Dutch or UK servers.
-
I've recently purchased AirVPN and set up the client for usage with two windows devices, however I'm having issues with one of my Linux systems. In the first instance, when trying to install the client via the package installer, I received the message: Error: Dependency is not satisfiable: "libmono-system-runtime2.0-cil" ... Since I couldn't use the installer, I downloaded the mobile client instead. Everything seemed to be running smoothly, except when I ran a check on ipleak.net, I found that my UK details were displayed along with the foreign IP from the VPN. My accurate location was also shown on the Google Maps image at the bottom of the screen. This is not the case with either of my windows devices. In the windows instances, the only addresses and locations shown are those coming from the VPN. Also, the ipleaks check reads: "AirVPN Exit Node: No." With both my windows devices, this section reads: "AirVPN Exit Node: Yes." Forgive me if I sound foolish, but I really am confused as to what the issue could be. Any help would be greatly appreciated.
-
Hello ! Some have asked me how they can help out. How To Help AirVPN Succeed So here's some ways I propose how: Help new people. It's very easy to feel intimidated, due to the high level of technical knowledge displayed. Especially by the l33t Staff account. But don't just help them. Make them feel welcome. A very complex solution to this, is to say "Welcome" when they post their first posts. How about posting your review of AirVPN; a nice good solid long review, telling others how AirVPN is so good you want to visit Italy, etc. etc. Post your "logs" in spoiler tags, when you need help with something. See my signature for how to do so. Some logs are super long, so it helps. Ask & discuss the features of other VPNs & help make us all smarter. Where did you come from? Where are you going? What is love? etc. Make a guide/how-to about something you care about. Heck, even if it's just a nice index of useful programs/software, for instance. Post comments on review sites & tell them why they're wrong! Lol no, just use facts instead;) . Be charming & factual, like Zorro! Video reviews are especially great, as the ones which are highest on the youtube lists I'm seeing, are like your kindergarten pics! ANCIENT! Go to your Client Area and use your "Referral" code to invite more friends to the service & profit from it yourself too. Can't let Air get lonely! Go to threads like this & see if you can contribute with a new language or spread the word about it. Got any Arabic-speaking friends hmm? Answer questions that you're able to answer, in all of the sub-forums. With time, you become more knowledgeable . Find projects that you think Air should support.This way, your Air sub helps many more projects! Make sure they are in-line with Airs "mission". Help AirVPN test out new versions of their software. Be creative and find positive ways to add to the service; I'll be the first to admit Air doesn't give many tips lol. So don't feel bad. How To Make Your Forum Posts More Appealing(Mini Styleguide) Why is presentation important? Because this is a technical forum. So we read a lot. It's easier to get help, solve a problem & share knowledge when things are presented well. All codes on this forum, usually at least, follow the same formula: there's a "start" tag and an "end" tag. End tags are showed by a slash: /. Remember to close things off correctly, or it can ruin your entire post, if you forget either a [ or a ] character. Note: When you want to make an index, you currently have to "Reserve" a spot, by posting blank posts to your own guide, so that you can link to these posts after you finish editing them. This way, you can eventually create an index. Very useful if your guide or post is very long. Some useful codes: Links can be long, ugly, annoying & broken by linebreaks. So make it easy for everyone by making clickable words. Critical for a stylish guide & helpful posts. You can link directly to individual posts by clicking the # in the top right corner of the post you want to copy. Just click and then copy the link. [url=https://airvpn.org/]This can be clicked[/url] [url=https://airvpn.org/topic/18339-guide-to-getting-started-links-for-advanced-users/?p=43734]This links to my other guide[/url] Result: This can be clicked This links to my other guide Style headings in your posts, for much-better-looking management of paragraphs. It doesn't go past h3. [h1=This Is The Biggest Heading][/h1] [h2=This Is The Second Biggest Heading][/h2] [h3=This Is The Third Biggest Heading][/h3] Result: This Is The Biggest Heading This Is The Second Biggest Heading This Is The Third Biggest Heading These tags are the most flashy available on the forums and are naturally excellent at bringing attention to the most important things. [info]Did you know Eddie likes to read logs?[/info] [warning]Warning! If You mention Netflix One more time...[/warning] [error]Error! AirVPN can no longer handle "ICANN"s nonsense[/error] Result: Did you know Eddie likes to read logs? Warning! If You mention Netflix One more time... Error! AirVPN can no longer handle "ICANN"s nonsense Spoiler Alert! This is the most holy of the holy tags in existence. The mighty spoiler tag! Used to not spoil your viewers mood both during guides & when you post a 3 page logfile. [spoiler]This has been spoiled[/spoiler] Result: This has been spoiled. Omg spoilerception! The rightbox is useful for adding information which perhaps isn't critical or which is perhaps especially interesting, info-box style. [rightbox]This box is right. You're not. [/rightbox] Result: This box is right. You're not. The hr, horizontal-rule, is a special tag which isn't closed. It's good for breaking things up, as I've been doing. It's also especially boring. [hr] Result: Other Formatting & Posting Tips: Use lists like this one. Either bulleted or not. You click the button in the interface, under the "Font" and "Size" buttons. To the left of the smiley.Right above the place you "Attach Files", you can click on "View Auto Saved Content", in case you need to reload something you lost.In the top right corner, you can check a box that lets you Follow your own topic. But you can also make a poll.Under the smiley in the interface, you can click the <> sign. Then in the biggest box, you can write code, so that others can see it while its inactive, like in this guide.On the same line as the Smiley, in the inteface, there's a button next to "Font" on the left, called "Special BBcode", that you can refer to, for more codes.If a piece of text is a part of a link, you can unlink it and make it normal text again, by clicking the "unlink" button, to the left of the <> code button, in the interface. I'll give a medal or something to the first person who can make the Staff account "lol" publicly. Quantum computing is possible, so this must be too! Do you have any other ideas? If so, please feel free to post them :]. Questions are always welcome. Don't be afraid of asking! *^__^* Thank you!
-
VIRTUAL MACHINES AND VPN This is a quick short guide to anyone wanting to use VPN over a virtual machine, and also how to use TOR and VPN in a virtual machine. REQUIREMENTS 1. Virtualization software such as: Oracle VM Virtualbox (Free) https://www.virtualbox.org/ VM Ware Workstation (Proffesional Software) http://www.vmware.com/uk/products/workstation.html Windows Virtual PC (Freeware but can only install systems for Windows XP and up) https://www.microsoft.com/en-us/download/details.aspx?id=3702 These are the three most popular options for virtualization software. I personally recommend using Virtualbox if you don't want to pay a lot of money for VM Ware, although it is packed with features and is probably the most advanced virtualization software on the market, hence why it is used by professionals and large companies. 2. An ISO image of the operating system you'd like to use. If you want general purpose virtualization, such as testing applications, I recommend Windows. If you want to use TOR, refer to the TOR section down below. 3. A decent computer. What you will be basically doing is running a computer inside your computer. Yeah I know, Inception, right? Anyway, you should have a decent computer for this, and I recommend minimum of 8gb of RAM. You should also have a decent CPU as it will also affect the performance of the virtual machine. 4. A VPN. If you are on this forum you should be using Air, but this should work with any properly configured VPN. CONFIGURATION I won't go through the set up and installation of a operating system in a virtual machine in this guide because there are plenty of resources out there that explain how to do this. Make sure you are connected to your VPN on your host machine (The computer you are running the virtual machine on). Once you have your virtual machine configured, be it Linux or Windows or any operating system, the essential thing you need to do is switch your virtual machines network adapter to use NAT. It is absolutely essential that you do this, otherwise your true IP address will be used by the virtual machine. Bridged modes simply use your network adapter hardware directly, which reveals your real IP. The NAT (Network Address Translation) mode uses your host operating system's IP address, and if your VPN is configured properly it will mean the virtual machine is using the exact same VPN connection your computer is using. USING TOR IN A VIRTUAL MACHINE If you want to use TOR in a virtual machine, you have two options. You can either use the TOR Browser like in a regular computer, running it on Windows or Linux, whatever your choice may be. I personally recommend using Tails, an operating system designed for anonymity and usage of TOR. TAILS Tails is a live operating system designed for anonymity and privacy, and is released under the GNU/GPL license. All of the source code of the applications that tails uses that are not taken directly from upstream Debian packages are available on their git repositories, they have a guide here: https://tails.boum.org/contribute/git/ The great thing about tails is that it is crammed with programs and features for anonymity, security and privacy. It has email clients, tools for public keys and GPG, disguising the operating system as Windows 8 if you want to use it in public places, instant messaging clients, and many, many more. So now that you know what Tails is, you probably can't wait to get it. The best part is that it is a live operating system, and you don't need to install it. Tails homepage: https://tails.boum.org/ They also made a great installation guide if you want to install Tails to a usb stick: https://tails.boum.org/install/ To use tails in a virtual machine, they have made a guide here: https://tails.boum.org/doc/advanced_topics/virtualization/virtualbox/ (The steps for virtualbox in Linux are pretty much the exact same as in Windows) MAKE SURE YOU USE NAT IN THE TAILS VIRTUAL MACHINE Hope you found this guide useful, and don't forget to send it to friends to help them use the internet privately, and securely
-
Hi fellow Airvpn'ers, First I would like to thank pfSense_fan for the great guide and Airvpn for their mission and superb service! and ofcourse the community for their help! I have followed the 2.3 guide of pfSense_fan. When following the guide exactly everything works perfectly, but I am having a problem when trying to do things slight differently. The thing is that I have different interfaces for different purposes. For the other interfaces I wish to use different DNS servers. When following the guide it works, but when I adjust the DNS NAT rule to use those different DNS servers I am not having internet at all. I have tried to add the DNS servers through the DHCP servers menu and add it through there. I also created a alias with the DNS servers. I changed the NAT rule to use the alias with their respective DNS servers as target IP instead of the pfSense IP. I have been trying and trying, but the internet goes down when changing the NAT rule for DNS. I can reach the firewall through its IP. So my question is how I can use different DNS servers while following the guide of pfSense_fan? Can some of you share their expertise with me and perhaps tell me what I am doing wrong here? Thanks!
-
Hi all, I've build a pfsense router myself because I found that speeds were dramatically dropping through my Linksys router (EA6500) or through my client. By building my own router I had more control over the hardware and firmware. I have a 200 Mb/s - 10 Mb/s ISP connection. My router build as follows: Shutlle DS61 V1.1 mini ITX barebone / socket 1155 / 2 x Gbit LAN2 x 4 GB SO DDR3 Kingston HyperXIntel XEON E3-1230 V2 3.10 GHz (has no graphic chip)Kingston 60 GB SSDIn order to get graphics (which I'll need for installation, since the mini ITX motherboard doesn't support an extra graphics card) I bought an old Celeron 2.70 GHz with graphic chip. Now pfsense is installed, I will be using the Celeron for a while in case something goes wrong in pfsense settings and I'll be needing graphics again. So after I'm done with installing packages, setting up everything, I will replace it with the XEON. Speedtest with the Celeron while connected to VPN I think that is pretty impressive since I had around 60 Mb/s - 9.5 Mb/s before I had this router. If you forget about the XEON and keep the Celeron (for 24/7 use, I'll take the XEON also because of it's 'AES NI' instruction within the chipset) it will cost you about 500 dollars or about 370 euro's. The XEON included adds an extra 250 dollars or 195 euro's. This is a better investment than buying any other consumer router with a 600 MHz Broadcom processor. This is a kick ass router! For a proper installation of pfsense I can recommend this video: (good packages: squid, havp, snort (get a paid oinkcode for 27 dollars/year, otherwise you'll have a 10 days delay in updates)) SET UP AIRVPN IN PFSENSE Configure an airvpn *.ovpn file (use a region, airvpn will connect to the best server automatically)From the pfSense interface, navigate to the dropdown menus: System ---> Cert Manager and stay in the first tab.Click the button as seen here to create a new certificate. Give it a description like: cert airvpn. Ensure that "Import an existing certificate authority" is selected. Open the *.ovpn file and copy/paste the first certificate (starting with: -----BEGIN CERTIFICATE----- and ending with: -----END CERTIFICATE-----) into the 1st fieldClick save (leave the orher field empty)Click on the tab Certificates and click on the plus button as seen here Give it a description like: certificate airvpn. Ensure that "Import an existing certificate authority" is selected.Open the *.ovpn file and copy/paste the second certificate (starting with: ---- CERTIFICATE:----- and ending with: -----END CERTIFICATE-----) into the 1st fieldSo in the file it looks like this: -----END CERTIFICATE----- (end of the first certificate we've just imported) </ca> <cert> Certificate: The second copy/paste should start at: Certificate: copy/paste the third certificate (starting with: -----BEGIN CERTIFICATE----- and ending with: -----END CERTIFICATE-----) into the 3d fieldClick saveNavigate to the system dropdown menus: VPN ---> OpenVPNClick the Client tab and click on the Plus buttonFollow below settings in the pictures where: 1. serverhost or host adres can be found in the *.ovpn file ending with probably airvpn.org, 2.The serverport can be found in the top of the *ovpn file as well. Navigate to the system dropdown menus Interfaces ----> (assign) and click on the Plus button -Note in the previous screenshot you will notice a StrongVPN interface. you will NOT have that on your box yet, so dont worry. After clicking on the plus button pfSense will tell you it has successfully added a new interface. the network port name will most likley be named "ovpnc1". Ensure that the new interface is selected as "ovpnc1" (it could be ovpnc2, ovpnc3, etc... depends if you have other ovpn interfaces or not)navigate to the system dropdown menus Interfaces ---> OPT1 (or whatever your new interface from the previous step is) and follow steps in below picture Click saveNavigate to the system dropdown menus System ---> Routing and click on the Plus button Follow the settings in the picture below -Note 1: The ip seen in the picture 208.67.222.222 is the ip of OpenDNS -Note 2: By selecting "Default Gateway", the connection to the internet drops if the VPN connection drops. You'll have to set the WAN as default manually in the case if you need an internet connection. navigate to the system dropdown menus Firewall ---> Rules and click on the LAN tabClick on the Plus button to create a new ruleFollow instructions in the picture below Action: PASS -- Interface: LAN Protocol: ANY Source: LAN Subnet Destination: ANY -- Description: LAN to Internet force through VPN **IMPORTANT**: scroll down to "Gateway" under the "Advanced features" of the rule. Set gateway to your VPN interface (see above picture). After Clicking save, you should see something like this navigate to the system dropdown menus Firewall ---> NAT and click on the Outbound tabenable "Manual Outbound NAT rule generation" and select save. Reboot the router and you're done... If you want to/need to start manually, go to Status -----> Services and click on the Play button next to the VPN interface status. Check Status ------> Dashboard for connections as seen in the picture below (in the WAN section you'll see your ISP's IP, which is connection you're coming from to Airvpn (Note from AirVPN: We inevitably know it. Any reference will be deleted when the connection is closed). Don't worry, you're visible with a different IP on the internet. The reason I choose a XEON is the 10% watt reduction and the AES NI instructions in the chip (AirVPN is 256 bit AES encrypted). This will lower my CPU usage and speed up the process. Below you find a picture with system loads while having 10 torrents running and downloading a large file at full speed from usenet (ssl encrypted)... See the CPU usage on the Celeron. That will change I think with a XEON. Good luck and don't forget to install Snort, HAVP and Squit on your pfsense. Good guides out there on Google... knicker