Not connected, Your IP: 216.73.216.133
Online: 42452 users - 512967 Mbit/s total BWAll Activity
This stream auto-updates
- Past hour
-
-
-
-
-
-
-
-
-
-
- Today
-
-
-
.thumb.png.8be84fd39f94c1640ac8c5456fbf3449.png)
ANSWERED Am I understanding your port forwarding correctly?
Staff replied to The Fox's topic in Troubleshooting and Problems
Hello! Welcome aboard. 1. Yes, correct. 2. Yes, correct. 3. With a port linked to "All devices" this is not possible, because you create an unsupported case in forwarding rules, i.e. the same packet to a specific VPN server public IP address port should be forwarded to the port of multiple VPN IP addresses. This is not implemented and also poses a technical challenge in our infrastructure that's not trivial. To overcome this situation you must use unique key pair for each device and take care to link each port to a single device. Alternatively, a simpler solution is just connecting each device to a different VPN server (your 2nd scenario). Kind regards -
Hello! In this case there's something wrong in setup. The configuration file is correct: AllowedIPs = 0.0.0.0/0, ::/0 This line tells WireGuard to tunnel the entire IPv4 and IPv6 address space. Any leak is caused by wrong binding or bad routing table together with absence of "network lock" leaks prevention. Use the AirVPN Suite to get rid of these problems, but it would be interesting to investigate further, if you don't mind. We could start by examining the routing table, the network interface settings and the firewall rule set during a connection, while the problem is occurring. Tracing IPv6 routes can provide valuable clues too. This is what I do, and while it does hide my ISP-provided IPv4 perfectly, the situation is different for IPv6, where my ISP-provided IPv6 is leaked to the tracker and my peers. This is a symptom hinting at a serious mis-configuration (or some previously un-detected qBittorrent bug, but it's unlikely as something so important would have been immediately noticed). Network Lock would prevent this situation but your case is very interesting and in our opinion deserves further investigation. In this case your setup is plausibly the source of the problem. Traffic splitting on an application basis requires some care to avoid those very leaks that you are experiencing. Consider running the AirVPN Suite for a safe traffic splitting on an application basis. AirVPN Suite resources: https://airvpn.org/forums/topic/79336-airvpn-suite-resources/ Kind regards
-
I don't get it. If I omit --interface, then curl does not uses the wireguard tunnel, so my ISP-provided IPv6 is not hidden at all. nicoco@tour ~> curl ip.network -6 2a01:e0a:f09:XX:XX:XX:XX:XX # My ISP IPv6 > Binding qBittorrent to the VPN interface is a perfect solution This is what I do, and while it does hide my ISP-provided IPv4 perfectly, the situation is different for IPv6, where my ISP-provided IPv6 is leaked to the tracker and my peers. I think there is a confusion in your reply. My setup may be somewhat unusual because I do not want all traffic router through the wireguard interface. I only want certain software to specifically bind on this interface. For eg, web browsing, I'm fine not hiding my IP.
-
I've just moved from another VPN service because I'm sick of their servers going AWOL. One thing they did OK at though was port forwarding. It was configured a little different (choose a server IP address & choose a port... if available I got it) to how it's done here. Am I correct in the following understanding: 1. When I reserve ports, they are available to me from any VPN server's exit IP address that I connect my VPN client to? Not sure how you work that magic if it's correct but it makes life very easy. For example: if I connect to Kornephorus, and have port 10001 forwarded to me, then disconnect and reconnect to Capricornus, port 10001 at Capricornus' exit-IP now comes to me with no config changes required? 2. Again with port 10001 forwarded and set to "all devices"... If I have two client devices (on the same LAN so same public IP address from here) connected to different VPN servers, Say Client A connected to Kornephorus and Client B to Capricornus: Client A will receive traffic forwarded from Kornephorus's port 10001 and Client B will receive traffic forwarded from Capricornus' 10001? 3. If I want to connect multiple clients to the same VPN server, with multiple forwarded ports, then I either leave the port forwarding on "all devices" and let my client devices choose what to listen to, or I could opt to pass only a particular port to a particular device by selecting that in the port forwarding for each forwarded port? (the first option would not be so good I guess if there's a lot of incoming traffic, since it would be flooded to all devices on the VPN whether they listen to that port or not). I'm asking to confirm the above because it seems too good to be true. I've done a bit of reading of past posts here though and it does seem to be correct. - Yesterday
-
ANSWERED Configuring White listed servers and traffic splitting
0bacon replied to 0bacon's topic in AirVPN Suite
I don't close the terminal window. I enter goldcrest -O and it says that it is connected but I can't reach anything. I send kill command after I confirm that I have no connection. Ive given it at least 30 seconds before the kill command, maybe something is causing it to quit after a few seconds? -
ANSWERED Configuring White listed servers and traffic splitting
Staff replied to 0bacon's topic in AirVPN Suite
Hello! Note the discrepancy. Goldcrest may read both ~/goldcrest.rc and ~/.config/goldcrest.rc, no problems, but be aware that you might have two different files. Very well, this is essential to allow network lock to work properly. That's fine, it means that Network Lock blocks the traffic to your system DNS. In this case it's not really true because the system DNS has the same gateway IP address, whose traffic will be allowed in any case (you can verify by pinging 192.168.1.1 for example). About the log, we would like a clarification, we see that, multiple times, soon after a connection you order a disconnection, for example: 9:11:45 AM bluetit: Requested method "bluetit_status -> Bluetit is connected to VPN (WireGuard)" 9:11:45 AM bluetit: Requested method "stop_connection" 9:11:45 AM bluetit: Stopping WireGuard synchronous connection Why do you order the disconnection immediately (or just a few seconds) after the connection was established? Note (just in case) that you're running goldcrest in synchronous mode, so if you destroy the window of goldcrest terminal emulator parent, it will receive a SIGTERM and in turn will require Bluetit to disconnect. So, is the disconnection ordered by you voluntarily? If so, is it because you see that no traffic flows? As a side note, you have defined a white list of only one server. If this is intentional it's fine, but please test more, different servers, just in case there is a problem that's specific between you and Fang. You can define a white list of servers through a list of comma separated server names in the air-white-server-list option in your goldcrest.rc file. Kind regards -
Eddie Android edition 4.0.0 preview available
Staff replied to Staff's topic in News and Announcement
Hello! We're very glad to announce that Eddie Android edition 4.0.0 Release Candidate 1 is now available. New CPS QUIC database: now Eddie features a CPS database of more than 30 real web sites allowing accurate QUIC + HTTP/3 mimicry of real services through AmneziaWG. Each database entry is identified by a clear label for immediate selection in the app's settings. Eddie will take care to compile AmneziaWG In parameters accordingly: no need for manual input, which anyway remains an available option. This addition significantly bolsters Eddie's arsenal against blocks. New: IPv4 and IPv6 traffic can now be wrapped over an IPv6 tunnel with WireGuard and AmneziaWG too Minor bug fixes The original message of this thread has been updated accordingly. You will find on it the new download link and checksum, as well as detailed Amnezia description. If you decide to test, please report at your convenience any bug and problem in this thread. If possible generate a report from the app in a matter of seconds: by tapping the paper plane icon on the Log view bar rightmost side you will generate a full system report which will include both log and logcat and have it sent to our servers. Then you just need to send us the link the app shows you (open a ticket if you prefer to do it in private). Kind regards & datalove AirVPN Staff -
I'm not sure how viable would be to have a UK region going forward... UK daddy government is constantly forcing ISPs to block access to sites. I had a number of trackers failing in Prowlarr and the reason was the above. So I had switched over to another region, although I'd love to use the shiny new UK servers. Also Cloudflare has been acting weird lately
-
-
-
- Last week
-
Youtube is asking for login now over all new UK servers.. What a pain in the arse Youtube is. Any ideas? I hate creating a google account only for that
-
I need more features but I do stick with AirVPN! Please give us dark mode, an easy way of doing split tunneling as well and maybe sort out something so tailscale can work side by side so we can have our computer meshes working outside the tunnel!
-
-
-
yes that would be amazing actually So maybe an Eddie feature that completely leaves the Tailscale adapter off the equation?
-
Hello! The idea is correct, but you must omit --interface option for the previously explained reasons. However this is a necessary but not sufficient condition to prevent traffic leaks. Binding qBittorrent to the VPN interface is a perfect solution. Our software Network Lock feature is another one. You may apply both settings for additional safety. Please note that some qBittorrent versions could handle only IPv6 or only IPv4 traffic, but we think that qBittorrent devs resolved this limitation recently. Kind regards
-
https://eddie.website/report/15dee5c5/
-
Hi Staff! Thanks for the reply; as another user posted, I also missed the update on the Announcements topic. However, one thing I'd like to ask regarding these numbers: do they represent a switch from OpenVPN to Wireguard by already existing users, or is this due to the fact that a big number of new users joined the service and started with WG by default for their connections? Not to make a counter argument, it's just that it could be a combination of causes for the % decline of active OpenVPN users. Anyway, it's always good to have both options available, so we'll patiently wait for 2027 hoping to get the new shiny OpenVPN. Thanks again for the replies!
-
ANSWERED Configuring White listed servers and traffic splitting
0bacon replied to 0bacon's topic in AirVPN Suite
Ok, my bluetit logs are attached. /etc/airvpn/bluetit.rc has all the default settings. I've only been working with ~/.goldcrest.rc. While goldcrest -O connects to the best performing vpn server, I still don't have a connection. I suspect that it has something to do with the push dns rejected message, could you explain to me in simplest terms what that is? I see the option to ignore the dns push but I don't actually know what it does, or if its even safe. Thanks in advance. (I should also mention that in my firewalld.conf, I have NftablesTableOwner=no.) bluetit -
-
Not going to add any technical input to this convo but as a former hardline openvpn user on a pfsense box the speed difference was night and day when i made the switch. I also think that we have to give them credit for keeping Openvpn as an option since the numbers are low they are putting technical effort on a very low percentage of users. That's why i love airvpn they choose provide for any both services and not make it a financial or technical issue. If they are not the latest is for a reason, if that is not good for you, there's always a choice to leave.
-
Thanks for your replies. We're reaching the limits of my networking knowledge, so I hope what I say is not too much nonsense. > You must not specify the VPN interface: the interface must manage an IPv4 tunnel. I use wireguard to create a new network interface which is not the default one. This way, I can choose to use this interface in qbittorrent and nicotine+ (both p2p file sharing clients). If I curl without specifying the network interface, it defaults to my enp12s0 interface, and fetching ip.network yields my ISP-given public IPv4 with -4 and my ISP-given public IPv6 with -6. nicoco@tour ~> curl ip.network -4 82.66.XX.XX nicoco@tour ~> curl ip.network -6 2a01:e0a:f09:XX:XX:XX:XX:XX Specifying the interface with the wireguard one works as (I) expected for IPv4 nicoco@tour ~> curl ip.network --interface airvpn -4 185.156.XX.XX But fails for IPv6: nicoco@tour ~> curl ip.network --interface airvpn -6 curl: (7) Failed to connect to ip.network port 80 after 25 ms: Could not connect to server Now, I don't really care about curl, the reason I investigated this was that I noticed that a torrent tracker I use reported my ISP-provided IPv6, despite specifying in qbittorrent settings that I want qbittorrent to only use the airvpn interface. I worked around the issue by forcing qbittorrent to use the airvpn interface AND to bind to the airvpn (local) IPv4 (10.169.139.176) only. But ideally, I would love to be able to use both IPv4 and IPv6 in qbittorrent, through airvpn. My idea was that getting curl -6 --interface airvpn ip.network to yield airvpn's public IPv6 was the first step to verify that my setup is working correctly. But maybe this does not work the way I thought it did, and it's more complicated than that? ^^
-
Hello! Well, the problem seems different though... the OP should be able to enjoy IPv6 over an IPv4 tunnel with the published configuration file. @nicoco First of all, there is an error in how you use curl. You must not specify the VPN interface: the interface must manage an IPv4 tunnel. IPv6 must be wrapped over it. If you bind curl to the VPN interface, you bypass the routing table and you prevent the system from picking the correct source IPv6 address. You don't see this problem with curl -4 --interface <VPN interface> probably because there is no ambiguity in selecting IPv4 source address when curl binds to the VPN interface, in spite of the routing table bypass (i.e. lucky case). Just omit this option and you should be fine (alternative: follow @Tech Jedi Alex solution, you will have an IPv6 tunnel over which you can tunnel IPv4 too and the problem could be "specular" with v4 when you use curl). Side note: the option --interface is not supported in Windows. If the problem persists: are you sure that your curl -6 tests are directed toward an IPv6 HTTP supporting service? Try https://ipv6.google.com for a cross-check, and ping6 too. If the problem still persists, please make sure that IPv6 support is enabled on your system and your network interfaces. Kind regards
-
Hello! Well, not totally true thanks to SIMD, especially AVX and AVX-512. AVX is commonly available on CPUs since 2011, while AVX-512 came out around 2016. By the way: WireGuard already saturates our servers (2.6 Gbit/s per client on the server, recently...) so the physical limit of our lines is reached before kernel performance becomes a problem. We would also like to see how the new DCO beats properly configured WireGuard on real life usage, not from a paper written by the same DCO developer. But anyway DCO changed incarnations and compatibilities many times. Having followed each iteration at the beginning, we wasted a significant amount of time and this situation had to be ended. No more, thank you... we are inclined to use the NEW DCO only when we have our infrastructure running on a mainline kernel that includes the module (in other words, starting from Debian 14, which is due to be released in 2027). On the other hand we also acknowledge the decision of important competitors to drop OpenVPN completely in the recent past. It's a delicate matter that we must take into consideration. Additionally, OpenVPN keeps a relevant superiority over WireGuard with some important features: DHCP enabled, ability to connect over SSH and TLS additional tunnels, and over socks and http proxies. But we do not need DCO for such strategic options (which by themselves hit performance heavily) so its adoption is not compelling. Our customers' choice is clear: OpenVPN usage dropped from 80% to 23% in just a year and a half. Note that just two weeks ago we had 24%, now it's 23%, the decline is fast. So what? DCO is not a replacement for blocks circumvention and does not feature AmneziaWG abilities, including CPS, handshake and payload packets padding, junk packets. We see DCO as a WireGuard competitor, but not at all as an AmneziaWG alternative, which in turn is aimed at lower performance for better blocks circumvention. Kind regards
-
OpenVPN DCO, plans to update?
oassQ9w4cbl4AySZhhth%p36x replied to pHxaq's topic in General & Suggestions
thank you, yes i missed that update the forums do not notify when you modify the thread. disappointing decision though. AES-NI support and using AES-GCM is better for computer to computer communication and openvpn DCO outperforms wireguard by quite some margin, especially when tuned properly. AmneziaWG is good but also most things do not support it. For most people they just want the best throughput for the lowest overhead which up until openvpn DCO was wireguard. now it is not. -
-
Hello! We're not ignoring it, did you read the update on the first message of this thread? Kind regards
-
ANSWERED Configuring White listed servers and traffic splitting
Staff replied to 0bacon's topic in AirVPN Suite
Hello! Note: we asked for the Bluetit log and you never sent it. In this case it's no more necessary because there is no problem at all, but in the future you should reply to requests, otherwise you prevent us from supporting you properly. This is expected and correct. air-server option requires a server name, not a list. If you want to define a list of servers you need air-server-white-list option, which expects a list of server names separated by a comma. When you define a white list of server, leave air-server commented out and do not specify it in the command line. The software will pick the "best" server among the white listed ones. As a peculiar case, when you invoke Goldcrest you can still specify --air-server <server name> just in case you want a connection to a specific server included in the white list. However, you can not force a server that's not in the white list. Nothing in /etc/airvpn/bluetit.rc must contradict goldcrest.rc as Bluetit directives and policy, that can be enforced only by root, take precedence. Kind regards -
Thanks, Guys WireGuard it is then
-
OpenVPN DCO, plans to update?
oassQ9w4cbl4AySZhhth%p36x replied to pHxaq's topic in General & Suggestions
https://netdevconf.info/0x16/papers/27/ovpn-dco.pdf yep some pretty interesting results, praying @Staff stop ignoring it. -
-
Hello Staff team, as OpenVPN 2.7 and the latest Linux Kernel 6.16 have now streamlined the integration of the ovpn driver, DCO has become the new performance standard. OpenVPN Data Channel Offload (DCO): The Definitive Guide to the Performance Boost Making OpenVPN The Fastest VPN Protocol Other companies such as ExpressVPN and Norton VPN have already integrated DCO to offer their users these performance gains. Implementing this would keep your service competitive and provide a much smoother experience for those of us who prefer the OpenVPN protocol for its maturity and security. Do you have OpenVPN DCO on your current technical roadmap? I look forward to hearing your thoughts on this. Kind regards.
