Not connected, Your IP: 216.73.216.129
Online: 43038 users - 567596 Mbit/s total BWAll Activity
This stream auto-updates
- Past hour
-
-
-
-
-
-
-
- Today
-
-
-
-
Hello! We do agree and we are planning to implement on our software per app traffic splitting on Windows too. Currently you can enjoy per app traffic splitting on Linux (AirVPN Suite) and Android (Eddie Android edition). If the machine you use for Steam is based on Linux you can already have per app traffic splitting with our software. If you run Windows, in the meantime you can consider WireSock, which offers traffic splitting and reverse traffic splitting (on an application basis) and is fully compatible with our WireGuard servers. The Configuration Generator will generate the profiles you wish. Kind regards
-
Any guide or how to because it feels like wireguard and Synology are not natively liking each other. All the guides i've found are docker or spk repacker (does not exist for 1511+) and seems to be done for incoming and not outgoing
-
I have been facing a predicament for months, which is that Steam thinks i'm a bot and doesn't let me play any multiplayer games in.. multiplayer, and I can't turn my VPN off to use all 5 ports on it to host numerous servers. The problem is, there isn't a way to IP or domain whitelist Steam, since I don't know any of the ip's it uses to connect, and they change alot. This is where app-based tunneling would shine though, and here is why 1. App based tunelling would most likely save you guys alot of bandwidth, now people can tell the VPN to send web browser connections through their actual internet, and then you won't have alot of traffic taken up by YouTube streams 2. This defeats the need to switch to other clients, which is clunky and complicated. 3. It lets you do everything in one app (Eddie), which is extremely convenient and simple for newcomers to use, probably bringing more subscribers to the VPN too since split-tunneling is a useful feature 4. It straight up lets you split tunnel some stuff in the first place, such as Steam i've already mentioned, which uses a variety of ip's and domains i don't know, and i'm not about to spend a few hours in wireshark getting all the ip's/domains and adding them. So please, 4 good reasons on why app split-tunneling should be added to Eddie. P.S. another thing I noticed was that the split-tunneling already in Eddie didn't seem to work until I reconnected the VPN, is this a limitation, a bug, or just something that isn't added? - Thanks, a pleading CS2 player and server hoster
-
Hello! Yes, it is definitely planned, but we can't give you a definite ETA. In the meantime, if you have an Android device or an Android emulator, you can use Eddie Android edition to generate configuration files (you can export them to any other system directly from Eddie's "Export" or "Open with" functions) or the Amnezia configuration patcher by @zimbabwe https://github.com/zimbabwe303/awg_conf_patch Eddie Android edition includes 30+ CPS pre-sets of real web sites, so this is the recommended solution currently to bypass blocks. Kind regards
-
Adguard VPN prevents normal email work. Can't send any letter. outlook gets an error: Task '***.com - Sending' reported error (0x800CCC1 A): 'Your server does not support the connection encryption type you have specified. Try changing the encryption method. Contact your mail server administrator or Internet service provider (ISP) for additional assistance.' and my host provider says: "Hello, We can confirm that the mail server is functioning correctly. The error 0x800CCC1A indicates that your new VPN is interfering with the secure connection (SSL/TLS handshake) between your email client and the mail server. This issue commonly occurs because many modern VPN services include features such as Security Shields or Mail Protection, which intercept or filter email traffic. Since this appears to be a local configuration issue related to the third-party VPN software, we recommend contacting your VPN provider’s support team. You may inform them that their service is likely blocking or interfering with SMTP traffic, particularly on ports 465 and 587." no replies for about 1 month from their support and yes, they're fast...
-
Hello! I've been using AirVPN for a pretty long time on a Proxmox LXC with Wireguard that runs my qBittorrent. It's been working fantastic until suddenly it can no longer make outbound connections. Pinging 1.1.1.1 comes up with nothing, and I cannot ping www.google.com either. Only thing I can ping are connections inside my network. I'm honestly unsure what would've possibly caused this as I've changed nothing about my system except for updating it, but thats it. The only thing I notice is a message when doing "wg-quick up wg0" is "/etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a symbolic link to /run/resolvconf/resolv.conf", but when I do "ln -sf /run/resolvconf/resolv.conf /etc/resolv.conf" I get "Temporary failure in name resolution: `us3.vpn.airdns.org:1637'. Trying again in 1.00 seconds..." with the time slowly increasing. I added some photos below to hopefully allow people to get a better idea on whats going on. Any help is appriciated cause honestly I have no idea where to go with this, its a major head scratcher and I'm unsure on where to even begin. If it helps I also do have tailscale setup on this as well, but it's been working fine for the longest time so I can't see that affecting anything. All connections work fine with the wireguard vpn down as well. Thank you! -
Hello! Like many others, I use native software to connect to your servers. I would very much like to see the ability to obtain a configuration for the AmneziaWG protocol in the config generator. Will this feature be implemented, and if so, when?
- Yesterday
-
-
Hello friends! I faced a some problems with Eddie client on Macbook. I created new macbook profile (account). When i logged into my Airvpn account via Eddie, there are no servers in server list window and no protocols for manual selection in Eddie preferences. After some time, the error of "BOOTSTRAP FAILURE" appears. My DNS are set 8.8.8.8 and 4.4.4.4. Airvpn.org pings sucssesfully in terminal. When i changed my old Mac account, there are no problems with Eddie. Can anyone help me to solve this problem? -
@balkie31 Hello! For residential broadband (DSL / cable / FTTH), DHCP lease times are most commonly: ~12–24 hours (very common baseline) ~1–3 days (slightly less common) Occasionally up to ~7 days (less common, but happens) This aligns with general network guidance where stable networks use 1–7 day leases. Therefore, it is normal that you may need a re-connection every few days. You can consider to tell GlueTun to re-connect always to the same server, by setting the proper environment variable. You would be sure that your system would appear on the Internet always with the same IP address (the exit-IP address of the VPN server); on the other hand, if the specific VPN server goes down, GlueTun will be unable to re-connect as long as that server does not come up again. In any case, you may always need to re-start the torrent software as GlueTun will bring the virtual network interface down and up again. Kind regards
-
- Last week
-
Ive been using gluetun along with slskd anf qbittorrent. The connection works for a few days or so and then ill end up getting a new ip. Since im using forwarded ports, ill need to restart slskd and qbit to rebind them and get the ports showing as open again for the containers. Is this normal? Or are there some settings im missing? Sorry for thr formatting, i just cant get it to work out on mobile qmcgaw/gluetun:v3 container_name: gluetun cap_add: - NET_ADMIN devices: - /dev/net/tun:/dev/net/tun volumes: - /mnt/Media2/Docker/Configs/gluetun:/gluetun/ ports: - 8114:8000 - 8115:8115 - 18678:18678 - 18678:18678/udp - 3050:5030 - 3150:5031 - 30050:50300 - 3040:9765 - 9091:9091 - 34014:34014 - 34014:34014/udp - 14499:14499 - 14499:14499/udp environment: - VPN_SERVICE_PROVIDER=airvpn - VPN_TYPE=wireguard - WIREGUARD_PRIVATE_KEY=xxxxxxx - WIREGUARD_PRESHARED_KEY=xxxxxxx - WIREGUARD_ADDRESSES=xxxxxxx - SERVER_COUNTRIES=United States - FIREWALL_VPN_INPUT_PORTS=18678,14499 - HEALTH_RESTART_VPN=on - HTTPPROXY=on - FIREWALL_OUTBOUND_PERMITTED_IPS=0.0.0.0/0 - DNS_KEEP_NAMESERVER=off - FIREWALL_DEBUG=on - WIREGUARD_MTU=1420 - FIREWALL_OUTBOUND_SUBNETS=192.168.68.0/24 - UPDATER_PERIOD=24h healthcheck: test: ["CMD", "/gluetun-entrypoint", "healthcheck"] interval: 30s timeout: 10s retries: 3 start_period: 60s sysctls: - net.ipv4.conf.all.src_valid_mark=1 - net.ipv6.conf.all.disable_ipv6=1 restart: unless-stopped:
-
it really should be added. pretty much all the non use specific dns avaiable in airvpn now except for oids are outdated and hagezi's are arguably the best ones. especially ultimate and pro++
-
Native would be a game changer, Been building something like this, with a new feature in the works to generate Wireguard config files if you use it on a host that does not support automation, e.g. wg0.conf point it to a location and setup a host script to wg up, wg down on a daily. Gluetun integration, support custom settings, and custom VPN restart, e.g. if server becomes DroneBL banned, it'll reset the connection with clean servers, if you prioritize stability, and a server is still in the top 4 from last scan, no restart. Some screenshots below, hopefully will be done soon and make an official post with the file on Git, to be ran in Docker (hopefully without too many issues, commit will be more than welcome) -
With some help from Claude I have put together a GTK4 client for Linux. https://gitlab.com/snotra.uk/airvpn Uses the API to grab servers and configs, uses network manager to setup the wireguard connections, and firewalld for the network lock. Seems to be working well for me. might be useful to someone. cheers Shaun
-
Hello! Not all programs support In CPS parameters. Eddie Android edition generates AmneziaWG profiles compliant to the latest official documentation and properly processed by the official Amnezia library latest release. Previous Amnezia 1.x specs may not support all the parameters. In the future we will offer Amnezia integration in our desktop software too. In the meantime you may try to update your software. Kind regards
-
This works great for me, however I can't seem to connect via AWG using any other client when I export the configs. When CPS is enabled, other clients complain about various tags such as <c>, and without CPS no connection seems to be made. While eddie seems to connect with and without CPS easily. How do I connect to AirVPN servers using other AWG clients?
-
Might be worth considering implementing Trust Tunnel (https://github.com/TrustTunnel/TrustTunnel) from the guys at adguard VPN. Now open source, supposedly looks like https traffic and seems to be fast from the experience I have with their VPN.
-
OpenVPN might just be too heavy for your synology NAS to do without sacrificing significant performance. Try wireguard instead.
-
.thumb.png.8be84fd39f94c1640ac8c5456fbf3449.png)
ANSWERED Disable Airvpn suite from launching at boot in Fedora
Staff replied to killabyte's topic in AirVPN Suite
Hello! If you wish that Bluetit starts but does not connect and does not touch the system in any way, setting the following directives to off on the run control file is all you need. From the manual: If you prefer to disable the daemon entirely, since Fedora is based on systemd: sudo systemctl stop bluetit sudo systemctl disable bluetit You can later re-enable it if needed with: sudo systemctl enable bluetit Yes, it can, obviously. Just reply no to the following questions: Do you want to enable bluetit.service units? [y/n] Do you want to start Bluetit service now? [y/n] Kind regards -
ANSWERED Disable Airvpn suite from launching at boot in Fedora
killabyte posted a topic in AirVPN Suite
Hi guys, im running Fedora 42 KDE and i cant' find the proper way to stop the AirVPN suite components from starting at boot. Can be done in several ways but for me the best approach is not clear and i don't want to do it cheap. I wonder if the same install script can be used to make it fully manual. I'm having some trouble with Selinux and other programs and i need to use it at will, not from boot. i used the file AirVPN-Suite-x86_64-2.0.0.tar.gz for installing, Thanks -
-
yeah same for me , never had any problem with mullvad - they're great , but switched to AirVPN because of port forwarding.
-
I would delete/rename the default.profile file and reconfigure Eddie from scratch, see if that helps. -
Hi all, I have an older synology 1511+ under DSM 6.2 and use the synocommunity version of deluge (docker is beyond my tech skills, tried and failed a few times). When no vpn is connected in the network tab of the control panel i get my usual speeds around 30Mo/s (240mbps) but then when vpn is connected i can't for my life get over 6Mo/sec (48mbps). Could someone please review what i did and hit me on the head with some advice ? Setup : I set up the openvpn through that guidemaking sure i use a low charge server (tried 1 server, country and region without noticeable change) I opened a port on the air vpn website and reported it in deluge as describded in multiple forum threads unchecking lots of previously checked boxes
-
ANSWERED Configuring White listed servers and traffic splitting
0bacon replied to 0bacon's topic in AirVPN Suite
Following the directions from airvpn.org/forums I set the ipv4 manually to 192.169.x.x/24 and the ip execution error, traffic splitting setup is dirty error has gone away. I also create the user cuckoo because it did not exist and made airvpn the primary usergroup. when logged in as airvpn i run cuckoo -r steam and I get ERROR setnamespace: Cannot open network namespace 'aircuckoo': No such file or directory Then in the bluetit.rc I changed trafficsplitnamespace even though its default should be the same, no change. trafficsplitnamespace aircuckoo Heres my new bluetit logs bluetit4 -
Hello! We're very glad to announce that Eddie Android edition 4.0.0 has been released This is a major update: for the first time Eddie Android edition features AmneziaWG complete support. Eddie Android edition is a fully integrated with AirVPN, free and open source client allowing comfortable connections to AirVPN servers and generic VPN servers offering compatible protocols. Eddie 4.0.0 adds, besides the already available OpenVPN and WireGuard, a thorough and comfortable AmneziaWG support. Source code available on GitLab: https://gitlab.com/AirVPN/EddieAndroid AmneziaWG is a free and open source fork of WireGuard by Amnezia inheriting the architectural simplicity and high performance of the original implementation, but eliminating the identifiable network signatures that make WireGuard easily detectable by Deep Packet Inspection (DPI) systems. It can operate in several different ways, including a fallback, "compatibility mode" with WireGuard featuring anyway various obfuscation techniques. What's new in Eddie 4.0.0 AmneziaWG support Amnezia WireGuard API stronger anti-blocking logic: ability to log in to the service and download AirVPN infrastructure and user data while connected through a profile with a specific option on the left pane ability to read and use local user data when bootstrap servers are unreachable CPS packets database of 30+ real websites, currently allowing accurate QUIC + HTTP/3 traffic mimicry to and from real web sites through AmneziaWG CPS. Each entry is easily selectable and identified by a clear label support for wrapping both IPv4 and IPv6 traffic over an IPv6 tunnel with WireGuard and AmneziaWG (previously available only with OpenVPN) new "Open with..." option on top of the usual "Share" (now renamed "Export") option to manage and export comfortably generated profiles on any Android version with any suitable application updated AmneziaWG parameters allowed ranges support of latest AmneziaWG padding features vastly improved NetworkMonitor and Tile Service updated OpenSSL, OpenVPN3-AirVPN and WireGuard libraries full compatibility from Android 5.1 to Android 16, including Android TV bug fixes see the complete changelog here: https://gitlab.com/AirVPN/EddieAndroid/-/blob/master/ChangeLog.txt?ref_type=heads AmneziaWG overview From the official documentation: https://docs.amnezia.org/documentation/amnezia-wg AmneziaWG offers: Dynamic Headers for All Packet Types (compatibility with WireGuard: YES) During tunnel initialization, the library generates a set of random constants applied to each of the four WireGuard packet formats: Init, Response, Data, Under‑Load. These constants: As a result, no two clients have identical headers, making it impossible to write a universal DPI rule. Replace predictable WireGuard packet identifiers; Shift offsets of Version/Type fields; Modify reserved bits. Handshake Length Randomization and message padding (compatibility with WireGuard: NO) In WireGuard, the Init packet is exactly 148 bytes, and the Response packet is exactly 92 bytes. AmneziaWG adds message paddings: S1: int - padding of handshake initial message S2: int - padding of handshake response message S3: int - padding of handshake cookie message S4: int - padding of transport messages Offsets of the remaining fields are automatically adjusted, and MAC tags are recalculated accordingly. In order to keep backward compatibility with WireGuard, S1, S2, S3 and S4 must be set to 0. Obfuscation Packets I1-I5 (Signature Chain) & CPS (Custom Protocol Signature) (compatibility with WireGuard: partial, with fallback) Before initiating a "special" handshake (every 120 seconds), the client may send up to five different UDP packets fully described by the user in the CPS format. In this way AmneziaWG can mimic perfectly QUIC, DNS and other protocols adding powerful methods to circumvent blocks. QUIC is particularly interesting as HTTP/3 is built on it and currently, from Chrome and other compatible browsers, 50% of traffic to/from Google is QUIC traffic. Therefore, blocking QUIC may have major disruptions for any ISP. Note that a CPS database of 30+ real web sites is available in Eddie Android edition: you can activate CPS mimicking traffic to real web sites with a tap. Eddie will take care to compile properly Amnezia's In parameters for accurate mimicry. Junk‑train (Jc) (compatibility with WireGuard: YES) Immediately following the sequence of I-packets, a series Jc of pseudorandom packets with lengths varying between Jmin and Jmax is sent. These packets blur the timing and size profile of the session start, significantly complicating handshake detection. Under‑Load Packet (compatibility with WireGuard: YES) In WireGuard, a special keep-alive packet (“Under-Load”) is used to bypass NAT timeouts. AmneziaWG replaces its fixed header with a randomized one, the value of which can be set manually. This prevents DPI from filtering short ping packets, ensuring stable tunnel connections, especially on mobile networks. How to use Eddie with AmneziaWG To enable AmneziaWG mode, just tap the connection mode available in the main and other views. It will rotate between WireGuard, AmneziaWG and OpenVPN. Set it to AmneziaWG. In its default AmneziaWG mode, Eddie will use all the possible obfuscation, except protocol mimicking, that keeps WireGuard compatibility, thus allowing connections to AirVPN servers. The default settings choice was possible thanks to the invaluable support of persons living in countries where VPN blocks are widespread. Such settings have been tested as working and capable to bypass the current blocking methods in various countries. You may consider to modify them if they are ineffective to bypass "your" specific blocks. In Settings > Advanced, you will find, at the bottom of the page, a new "Custom Amnezia WG directives" item. By tapping it you will summon a dialog that will let you customize any possible AmneziaWG parameter. You can maintain backward compatibility with WireGuard in the dialog WireGuard section, or enable the full AmneziaWG support in the Amnezia section, which is not compatible (at the moment) with AirVPN WireGuard servers. This mode will be mostly valuable in a not distant future, when AirVPN servers will start to support AmneziaWG natively. You may also enable QUIC or DNS mimicking for additional obfuscation efficacy. In order to maintain WireGuard backward compatibility, with or without QUIC or DNS mimicking, you must set: S1 = S2 = S3 = S4 = 0 Hn ∈ {1, 2, 3, 4} H1 ≠ H2 ≠ H3 ≠ H4 Furthermore, do not exceed the valid limit of the J parameters (anyway Eddie will not let you do it). In this preview version, Eddie's formal control of the input data is based on the following document. We strongly recommend you read it if you need to modify manually parameters: https://github.com/amnezia-vpn/amneziawg-linux-kernel-module?tab=readme-ov-file#configuration Custom Protocol Signature with database included Working in AmneziaWG mode, Eddie implements QUIC and DNS mimicry and obfuscation packets for each specific "I" parameter (by using the corresponding "Generate" button). You can enable them with a tap on the proper buttons. You may mimic QUIC and DNS even to connect to WireGuard based servers. Please do not modify In parameters if you don't know exactly what you're doing. Eddie's CPS database is available at your fingertip for accurate mimicry of traffic to and from real web sites using HTTP/3 (other protocols may be added in the future), so you don't need to look for and enter specific sequences. Settings > Advanced > Custom AmneziaWG directives > Enable CPS > Presets > select the web site whose traffic must be imitated . Currently, you can find a database that contains more than 30 actual packet signatures and sequences of real web sites. Select one and Eddie will adjust all the parameters automatically and will use them in the next AmneziaWG connection. When you enable QUIC mimicking and you maintain WireGuard backward compatibility, you add a powerful tool against blocks, because the first packets will be actual QUIC packets. AmneziaWG will fall back to WireGuard compatibility very soon. However, when DPI and SPI tools, and demultiplexers in general, identify the initial QUIC flow, most of them will be unable to detect a WireGuard flow for several minutes. This has been tested thoroughly with deep packet inspection on Linux and FreeBSD based machines by AirVPN staff. Therefore, in different blocking scenarios the QUIC mimicry increases likelihood of successful block bypass. NOTE: the same does not happen with DNS mimicry. In this case DPI / SPI tools identify the stream initially as DNS, but are much quicker (just in a few dozens of packets) to identify the stream as WireGuard's, after the initial DNS identification. How to use Eddie in network where the "bootstrap" servers can not be reached Eddie downloads user and infrastructure data, essential to use the service, from special "bootstrap servers" through an encrypted flow inside HTTP. If the bootstrap servers are blocked or the underlying protocol to port 80 is filtered out, Eddie is unable to proceed. Starting from this Eddie 4 version, the ability to retrieve such data locally has been added. Whenever bootstrap servers are unreachable, Eddie can read the latest available local data to connect to a VPN server. Once connected the bootstrap servers are again reachable and the local data are immediately updated for future usage. The local data remain valid as long as you don't need to change user. On top of all of the above, Eddie can now retrieve such data through the login procedure that now can be started even when a connection to a VPN server was previously established via a profile. Therefore, when you are in a restrictive network that blocks access to bootstrap servers, you can connect through a profile generated by AirVPN web site Configuration Generator. After this first connection, log your account in to the service by selecting the specific option on the left pane, enter your AirVPN account credentials as usual and make sure that Remember me checkbox is ticked: Eddie will download all the necessary files and store them locally. This procedure is "once and for all", at least as long as you don't need to change account. After this initial connection, Eddie will be able to log your account in to the infrastructure, retrieve servers data and establish connections without profiles and without bootstrap servers, offering again full AirVPN integration even when bootstrap servers are unreachable. Only If you change account you must repeat the procedure. New: "Open with..." option added to "Export" option Different Android versions allow management of files with different restrictions. Different apps may support different intents on specific Android versions. To enlarge total compatibility, now Eddie offers two different options to export and manage files, including generated profiles. You will find the usual "Share" option (note: now renamed into "Export") coupled with a new "Open with..." option. Some apps support only one intent, other apps only specific intents on specific Android versions, and so on. By adding this option Eddie enlarges considerably the amount of apps you will be able to open and/or share files with. Download link, checksum and changelog Quick reference page: https://airvpn.org/android/eddie Eddie Android edition 4.0.0 APK direct download short URL: https://airvpn.org/tv Eddie Android edition 4.0.0 is also available on the Google Play Store. https://play.google.com/store/apps/details?id=org.airvpn.eddie Changelog is available here: https://gitlab.com/AirVPN/EddieAndroid/-/blob/master/ChangeLog.txt?ref_type=heads SHA-256 checksum if you prefer to download from our web site and side load the app: $ sha256sum EddieAndroid-4.0.0-VC38.apk 12322926f12d45f8e918173ae30f88cdef03f0fe323f30abf00cef6c033d8dae EddieAndroid-4.0.0-VC38.apk Kind regards & datalove AirVPN Staff
-
Working for Handshake AI: Airvpn blocked
reversevpn replied to John Gow's topic in Blocked websites warning
If you have any friends inside the US with a residential IP willing to help out, you can perform a reverse VPN connection as follows: 1. On your AirVPN account, forward any UDP Port from the Client Area>Ports(Let's just call it x for the sake of this guide). 2.On your machine, set up a wireguard server with the following parameters: [Interface] PrivateKey=(Insert your own wg privatekey here) ListenPort=x Address=192.168.181.2/24 [Peers] PublicKey=(Insert your friend's publicKey here) AllowedIPs=192.168.181.1 PresharedKey=(Insert presharedkey here) 3.Give your friend a wireguard conf like this: [Interface] PrivateKey=(Insert your friend's wg privatekey here) Address=192.168.181.1/24 [Peers] PublicKey=(Insert your own publicKey here) Endpoint= (Insert Your AirVPN Exit IP here):x AllowedIPs=192.168.181.2 PresharedKey=(Insert presharedkey here) PersistentKeepalive=10 4. Get your friend to install shadowsocks server on their machine. Their config file should look something like this: { "server": "192.168.181.1", "server_port": 8388, "password": "(Insert your own password here)", "method": "chacha20-ietf-poly1305" } 5.Get them to start ssserver with the config.json I specified 6. Install shadowsocks on your own machine, and configure it as follows: { "server": "192.168.181.1", "server_port": 8388, "password": "(Insert same password you gave your friend here)", "method" : "chacha20-ietf-poly1305", "local_address": "127.0.0.1", "local_port": 9500 } Run sslocal on your side 7. If you haven't already, install mozilla firefox or one of its many forks on your machine. 8.In your Firefox, go to Settings>General>Proxy Settings>Configure proxy, and set up as follows: 9. Go to ipleak.net on your firefox to verify that you are using your friend's residential IP. 10. You may now connect to handshake AI in Firefox
