Not connected, Your IP: 216.73.216.129
Online: 42940 users - 547866 Mbit/s total BWAll Activity
This stream auto-updates
- Past hour
-
-
-
-
-
-
-
-
- Today
-
-
-
Hello friends! I faced a some problems with Eddie client on Macbook. I created new macbook profile (account). When i logged into my Airvpn account via Eddie, there are no servers in server list window and no protocols for manual selection in Eddie preferences. After some time, the error of "BOOTSTRAP FAILURE" appears. My DNS are set 8.8.8.8 and 4.4.4.4. Airvpn.org pings sucssesfully in terminal. When i changed my old Mac account, there are no problems with Eddie. Can anyone help me to solve this problem? -
@balkie31 Hello! For residential broadband (DSL / cable / FTTH), DHCP lease times are most commonly: ~12–24 hours (very common baseline) ~1–3 days (slightly less common) Occasionally up to ~7 days (less common, but happens) This aligns with general network guidance where stable networks use 1–7 day leases. Therefore, it is normal that you may need a re-connection every few days. You can consider to tell GlueTun to re-connect always to the same server, by setting the proper environment variable. You would be sure that your system would appear on the Internet always with the same IP address (the exit-IP address of the VPN server); on the other hand, if the specific VPN server goes down, GlueTun will be unable to re-connect as long as that server does not come up again. In any case, you may always need to re-start the torrent software as GlueTun will bring the virtual network interface down and up again. Kind regards
-
- Yesterday
-
Ive been using gluetun along with slskd anf qbittorrent. The connection works for a few days or so and then ill end up getting a new ip. Since im using forwarded ports, ill need to restart slskd and qbit to rebind them and get the ports showing as open again for the containers. Is this normal? Or are there some settings im missing? Sorry for thr formatting, i just cant get it to work out on mobile qmcgaw/gluetun:v3 container_name: gluetun cap_add: - NET_ADMIN devices: - /dev/net/tun:/dev/net/tun volumes: - /mnt/Media2/Docker/Configs/gluetun:/gluetun/ ports: - 8114:8000 - 8115:8115 - 18678:18678 - 18678:18678/udp - 3050:5030 - 3150:5031 - 30050:50300 - 3040:9765 - 9091:9091 - 34014:34014 - 34014:34014/udp - 14499:14499 - 14499:14499/udp environment: - VPN_SERVICE_PROVIDER=airvpn - VPN_TYPE=wireguard - WIREGUARD_PRIVATE_KEY=xxxxxxx - WIREGUARD_PRESHARED_KEY=xxxxxxx - WIREGUARD_ADDRESSES=xxxxxxx - SERVER_COUNTRIES=United States - FIREWALL_VPN_INPUT_PORTS=18678,14499 - HEALTH_RESTART_VPN=on - HTTPPROXY=on - FIREWALL_OUTBOUND_PERMITTED_IPS=0.0.0.0/0 - DNS_KEEP_NAMESERVER=off - FIREWALL_DEBUG=on - WIREGUARD_MTU=1420 - FIREWALL_OUTBOUND_SUBNETS=192.168.68.0/24 - UPDATER_PERIOD=24h healthcheck: test: ["CMD", "/gluetun-entrypoint", "healthcheck"] interval: 30s timeout: 10s retries: 3 start_period: 60s sysctls: - net.ipv4.conf.all.src_valid_mark=1 - net.ipv6.conf.all.disable_ipv6=1 restart: unless-stopped:
-
it really should be added. pretty much all the non use specific dns avaiable in airvpn now except for oids are outdated and hagezi's are arguably the best ones. especially ultimate and pro++
-
Native would be a game changer, Been building something like this, with a new feature in the works to generate Wireguard config files if you use it on a host that does not support automation, e.g. wg0.conf point it to a location and setup a host script to wg up, wg down on a daily. Gluetun integration, support custom settings, and custom VPN restart, e.g. if server becomes DroneBL banned, it'll reset the connection with clean servers, if you prioritize stability, and a server is still in the top 4 from last scan, no restart. Some screenshots below, hopefully will be done soon and make an official post with the file on Git, to be ran in Docker (hopefully without too many issues, commit will be more than welcome) -
With some help from Claude I have put together a GTK4 client for Linux. https://gitlab.com/snotra.uk/airvpn Uses the API to grab servers and configs, uses network manager to setup the wireguard connections, and firewalld for the network lock. Seems to be working well for me. might be useful to someone. cheers Shaun
-
Hello! Not all programs support In CPS parameters. Eddie Android edition generates AmneziaWG profiles compliant to the latest official documentation and properly processed by the official Amnezia library latest release. Previous Amnezia 1.x specs may not support all the parameters. In the future we will offer Amnezia integration in our desktop software too. In the meantime you may try to update your software. Kind regards
-
This works great for me, however I can't seem to connect via AWG using any other client when I export the configs. When CPS is enabled, other clients complain about various tags such as <c>, and without CPS no connection seems to be made. While eddie seems to connect with and without CPS easily. How do I connect to AirVPN servers using other AWG clients?
- Last week
-
Might be worth considering implementing Trust Tunnel (https://github.com/TrustTunnel/TrustTunnel) from the guys at adguard VPN. Now open source, supposedly looks like https traffic and seems to be fast from the experience I have with their VPN.
-
OpenVPN might just be too heavy for your synology NAS to do without sacrificing significant performance. Try wireguard instead.
-
.thumb.png.8be84fd39f94c1640ac8c5456fbf3449.png)
ANSWERED Disable Airvpn suite from launching at boot in Fedora
Staff replied to killabyte's topic in AirVPN Suite
Hello! If you wish that Bluetit starts but does not connect and does not touch the system in any way, setting the following directives to off on the run control file is all you need. From the manual: If you prefer to disable the daemon entirely, since Fedora is based on systemd: sudo systemctl stop bluetit sudo systemctl disable bluetit You can later re-enable it if needed with: sudo systemctl enable bluetit Yes, it can, obviously. Just reply no to the following questions: Do you want to enable bluetit.service units? [y/n] Do you want to start Bluetit service now? [y/n] Kind regards -
ANSWERED Disable Airvpn suite from launching at boot in Fedora
killabyte posted a topic in AirVPN Suite
Hi guys, im running Fedora 42 KDE and i cant' find the proper way to stop the AirVPN suite components from starting at boot. Can be done in several ways but for me the best approach is not clear and i don't want to do it cheap. I wonder if the same install script can be used to make it fully manual. I'm having some trouble with Selinux and other programs and i need to use it at will, not from boot. i used the file AirVPN-Suite-x86_64-2.0.0.tar.gz for installing, Thanks -
-
yeah same for me , never had any problem with mullvad - they're great , but switched to AirVPN because of port forwarding.
-
I would delete/rename the default.profile file and reconfigure Eddie from scratch, see if that helps. -
Hi all, I have an older synology 1511+ under DSM 6.2 and use the synocommunity version of deluge (docker is beyond my tech skills, tried and failed a few times). When no vpn is connected in the network tab of the control panel i get my usual speeds around 30Mo/s (240mbps) but then when vpn is connected i can't for my life get over 6Mo/sec (48mbps). Could someone please review what i did and hit me on the head with some advice ? Setup : I set up the openvpn through that guidemaking sure i use a low charge server (tried 1 server, country and region without noticeable change) I opened a port on the air vpn website and reported it in deluge as describded in multiple forum threads unchecking lots of previously checked boxes
-
ANSWERED Configuring White listed servers and traffic splitting
0bacon replied to 0bacon's topic in AirVPN Suite
Following the directions from airvpn.org/forums I set the ipv4 manually to 192.169.x.x/24 and the ip execution error, traffic splitting setup is dirty error has gone away. I also create the user cuckoo because it did not exist and made airvpn the primary usergroup. when logged in as airvpn i run cuckoo -r steam and I get ERROR setnamespace: Cannot open network namespace 'aircuckoo': No such file or directory Then in the bluetit.rc I changed trafficsplitnamespace even though its default should be the same, no change. trafficsplitnamespace aircuckoo Heres my new bluetit logs bluetit4 -
Hello! We're very glad to announce that Eddie Android edition 4.0.0 has been released This is a major update: for the first time Eddie Android edition features AmneziaWG complete support. Eddie Android edition is a fully integrated with AirVPN, free and open source client allowing comfortable connections to AirVPN servers and generic VPN servers offering compatible protocols. Eddie 4.0.0 adds, besides the already available OpenVPN and WireGuard, a thorough and comfortable AmneziaWG support. Source code available on GitLab: https://gitlab.com/AirVPN/EddieAndroid AmneziaWG is a free and open source fork of WireGuard by Amnezia inheriting the architectural simplicity and high performance of the original implementation, but eliminating the identifiable network signatures that make WireGuard easily detectable by Deep Packet Inspection (DPI) systems. It can operate in several different ways, including a fallback, "compatibility mode" with WireGuard featuring anyway various obfuscation techniques. What's new in Eddie 4.0.0 AmneziaWG support Amnezia WireGuard API stronger anti-blocking logic: ability to log in to the service and download AirVPN infrastructure and user data while connected through a profile with a specific option on the left pane ability to read and use local user data when bootstrap servers are unreachable CPS packets database of 30+ real websites, currently allowing accurate QUIC + HTTP/3 traffic mimicry to and from real web sites through AmneziaWG CPS. Each entry is easily selectable and identified by a clear label support for wrapping both IPv4 and IPv6 traffic over an IPv6 tunnel with WireGuard and AmneziaWG (previously available only with OpenVPN) new "Open with..." option on top of the usual "Share" (now renamed "Export") option to manage and export comfortably generated profiles on any Android version with any suitable application updated AmneziaWG parameters allowed ranges support of latest AmneziaWG padding features vastly improved NetworkMonitor and Tile Service updated OpenSSL, OpenVPN3-AirVPN and WireGuard libraries full compatibility from Android 5.1 to Android 16, including Android TV bug fixes see the complete changelog here: https://gitlab.com/AirVPN/EddieAndroid/-/blob/master/ChangeLog.txt?ref_type=heads AmneziaWG overview From the official documentation: https://docs.amnezia.org/documentation/amnezia-wg AmneziaWG offers: Dynamic Headers for All Packet Types (compatibility with WireGuard: YES) During tunnel initialization, the library generates a set of random constants applied to each of the four WireGuard packet formats: Init, Response, Data, Under‑Load. These constants: As a result, no two clients have identical headers, making it impossible to write a universal DPI rule. Replace predictable WireGuard packet identifiers; Shift offsets of Version/Type fields; Modify reserved bits. Handshake Length Randomization and message padding (compatibility with WireGuard: NO) In WireGuard, the Init packet is exactly 148 bytes, and the Response packet is exactly 92 bytes. AmneziaWG adds message paddings: S1: int - padding of handshake initial message S2: int - padding of handshake response message S3: int - padding of handshake cookie message S4: int - padding of transport messages Offsets of the remaining fields are automatically adjusted, and MAC tags are recalculated accordingly. In order to keep backward compatibility with WireGuard, S1, S2, S3 and S4 must be set to 0. Obfuscation Packets I1-I5 (Signature Chain) & CPS (Custom Protocol Signature) (compatibility with WireGuard: partial, with fallback) Before initiating a "special" handshake (every 120 seconds), the client may send up to five different UDP packets fully described by the user in the CPS format. In this way AmneziaWG can mimic perfectly QUIC, DNS and other protocols adding powerful methods to circumvent blocks. QUIC is particularly interesting as HTTP/3 is built on it and currently, from Chrome and other compatible browsers, 50% of traffic to/from Google is QUIC traffic. Therefore, blocking QUIC may have major disruptions for any ISP. Note that a CPS database of 30+ real web sites is available in Eddie Android edition: you can activate CPS mimicking traffic to real web sites with a tap. Eddie will take care to compile properly Amnezia's In parameters for accurate mimicry. Junk‑train (Jc) (compatibility with WireGuard: YES) Immediately following the sequence of I-packets, a series Jc of pseudorandom packets with lengths varying between Jmin and Jmax is sent. These packets blur the timing and size profile of the session start, significantly complicating handshake detection. Under‑Load Packet (compatibility with WireGuard: YES) In WireGuard, a special keep-alive packet (“Under-Load”) is used to bypass NAT timeouts. AmneziaWG replaces its fixed header with a randomized one, the value of which can be set manually. This prevents DPI from filtering short ping packets, ensuring stable tunnel connections, especially on mobile networks. How to use Eddie with AmneziaWG To enable AmneziaWG mode, just tap the connection mode available in the main and other views. It will rotate between WireGuard, AmneziaWG and OpenVPN. Set it to AmneziaWG. In its default AmneziaWG mode, Eddie will use all the possible obfuscation, except protocol mimicking, that keeps WireGuard compatibility, thus allowing connections to AirVPN servers. The default settings choice was possible thanks to the invaluable support of persons living in countries where VPN blocks are widespread. Such settings have been tested as working and capable to bypass the current blocking methods in various countries. You may consider to modify them if they are ineffective to bypass "your" specific blocks. In Settings > Advanced, you will find, at the bottom of the page, a new "Custom Amnezia WG directives" item. By tapping it you will summon a dialog that will let you customize any possible AmneziaWG parameter. You can maintain backward compatibility with WireGuard in the dialog WireGuard section, or enable the full AmneziaWG support in the Amnezia section, which is not compatible (at the moment) with AirVPN WireGuard servers. This mode will be mostly valuable in a not distant future, when AirVPN servers will start to support AmneziaWG natively. You may also enable QUIC or DNS mimicking for additional obfuscation efficacy. In order to maintain WireGuard backward compatibility, with or without QUIC or DNS mimicking, you must set: S1 = S2 = S3 = S4 = 0 Hn ∈ {1, 2, 3, 4} H1 ≠ H2 ≠ H3 ≠ H4 Furthermore, do not exceed the valid limit of the J parameters (anyway Eddie will not let you do it). In this preview version, Eddie's formal control of the input data is based on the following document. We strongly recommend you read it if you need to modify manually parameters: https://github.com/amnezia-vpn/amneziawg-linux-kernel-module?tab=readme-ov-file#configuration Custom Protocol Signature with database included Working in AmneziaWG mode, Eddie implements QUIC and DNS mimicry and obfuscation packets for each specific "I" parameter (by using the corresponding "Generate" button). You can enable them with a tap on the proper buttons. You may mimic QUIC and DNS even to connect to WireGuard based servers. Please do not modify In parameters if you don't know exactly what you're doing. Eddie's CPS database is available at your fingertip for accurate mimicry of traffic to and from real web sites using HTTP/3 (other protocols may be added in the future), so you don't need to look for and enter specific sequences. Settings > Advanced > Custom AmneziaWG directives > Enable CPS > Presets > select the web site whose traffic must be imitated . Currently, you can find a database that contains more than 30 actual packet signatures and sequences of real web sites. Select one and Eddie will adjust all the parameters automatically and will use them in the next AmneziaWG connection. When you enable QUIC mimicking and you maintain WireGuard backward compatibility, you add a powerful tool against blocks, because the first packets will be actual QUIC packets. AmneziaWG will fall back to WireGuard compatibility very soon. However, when DPI and SPI tools, and demultiplexers in general, identify the initial QUIC flow, most of them will be unable to detect a WireGuard flow for several minutes. This has been tested thoroughly with deep packet inspection on Linux and FreeBSD based machines by AirVPN staff. Therefore, in different blocking scenarios the QUIC mimicry increases likelihood of successful block bypass. NOTE: the same does not happen with DNS mimicry. In this case DPI / SPI tools identify the stream initially as DNS, but are much quicker (just in a few dozens of packets) to identify the stream as WireGuard's, after the initial DNS identification. How to use Eddie in network where the "bootstrap" servers can not be reached Eddie downloads user and infrastructure data, essential to use the service, from special "bootstrap servers" through an encrypted flow inside HTTP. If the bootstrap servers are blocked or the underlying protocol to port 80 is filtered out, Eddie is unable to proceed. Starting from this Eddie 4 version, the ability to retrieve such data locally has been added. Whenever bootstrap servers are unreachable, Eddie can read the latest available local data to connect to a VPN server. Once connected the bootstrap servers are again reachable and the local data are immediately updated for future usage. The local data remain valid as long as you don't need to change user. On top of all of the above, Eddie can now retrieve such data through the login procedure that now can be started even when a connection to a VPN server was previously established via a profile. Therefore, when you are in a restrictive network that blocks access to bootstrap servers, you can connect through a profile generated by AirVPN web site Configuration Generator. After this first connection, log your account in to the service by selecting the specific option on the left pane, enter your AirVPN account credentials as usual and make sure that Remember me checkbox is ticked: Eddie will download all the necessary files and store them locally. This procedure is "once and for all", at least as long as you don't need to change account. After this initial connection, Eddie will be able to log your account in to the infrastructure, retrieve servers data and establish connections without profiles and without bootstrap servers, offering again full AirVPN integration even when bootstrap servers are unreachable. Only If you change account you must repeat the procedure. New: "Open with..." option added to "Export" option Different Android versions allow management of files with different restrictions. Different apps may support different intents on specific Android versions. To enlarge total compatibility, now Eddie offers two different options to export and manage files, including generated profiles. You will find the usual "Share" option (note: now renamed into "Export") coupled with a new "Open with..." option. Some apps support only one intent, other apps only specific intents on specific Android versions, and so on. By adding this option Eddie enlarges considerably the amount of apps you will be able to open and/or share files with. Download link, checksum and changelog Quick reference page: https://airvpn.org/android/eddie Eddie Android edition 4.0.0 APK direct download short URL: https://airvpn.org/tv Eddie Android edition 4.0.0 is also available on the Google Play Store. https://play.google.com/store/apps/details?id=org.airvpn.eddie Changelog is available here: https://gitlab.com/AirVPN/EddieAndroid/-/blob/master/ChangeLog.txt?ref_type=heads SHA-256 checksum if you prefer to download from our web site and side load the app: $ sha256sum EddieAndroid-4.0.0-VC38.apk 12322926f12d45f8e918173ae30f88cdef03f0fe323f30abf00cef6c033d8dae EddieAndroid-4.0.0-VC38.apk Kind regards & datalove AirVPN Staff
-
Working for Handshake AI: Airvpn blocked
reversevpn replied to John Gow's topic in Blocked websites warning
If you have any friends inside the US with a residential IP willing to help out, you can perform a reverse VPN connection as follows: 1. On your AirVPN account, forward any UDP Port from the Client Area>Ports(Let's just call it x for the sake of this guide). 2.On your machine, set up a wireguard server with the following parameters: [Interface] PrivateKey=(Insert your own wg privatekey here) ListenPort=x Address=192.168.181.2/24 [Peers] PublicKey=(Insert your friend's publicKey here) AllowedIPs=192.168.181.1 PresharedKey=(Insert presharedkey here) 3.Give your friend a wireguard conf like this: [Interface] PrivateKey=(Insert your friend's wg privatekey here) Address=192.168.181.1/24 [Peers] PublicKey=(Insert your own publicKey here) Endpoint= (Insert Your AirVPN Exit IP here):x AllowedIPs=192.168.181.2 PresharedKey=(Insert presharedkey here) PersistentKeepalive=10 4. Get your friend to install shadowsocks server on their machine. Their config file should look something like this: { "server": "192.168.181.1", "server_port": 8388, "password": "(Insert your own password here)", "method": "chacha20-ietf-poly1305" } 5.Get them to start ssserver with the config.json I specified 6. Install shadowsocks on your own machine, and configure it as follows: { "server": "192.168.181.1", "server_port": 8388, "password": "(Insert same password you gave your friend here)", "method" : "chacha20-ietf-poly1305", "local_address": "127.0.0.1", "local_port": 9500 } Run sslocal on your side 7. If you haven't already, install mozilla firefox or one of its many forks on your machine. 8.In your Firefox, go to Settings>General>Proxy Settings>Configure proxy, and set up as follows: 9. Go to ipleak.net on your firefox to verify that you are using your friend's residential IP. 10. You may now connect to handshake AI in Firefox -
so i was messing w/ airvpn on my laptop and for some reason the “auto reconnect” keeps toggling itself off. i swear i turned it on yesterday, checked the settings like 5x, even reinstalled the client, but next time i open it it’s just off again. tried different servers and the same thing happens. also noticed sometimes the kill switch icon stays red even tho it says “connected” on the main window? super confusing. anyone else seen this buggy behavior or am i losing it? -
-
Working for Handshake AI: Airvpn blocked
SqueekySprout replied to John Gow's topic in Blocked websites warning
Honestly, if I was in your position, I would assume you have a place / friends at home in the USA. I would set up your VPN server there and remote in to that connection, rather than going through something like AirVPN. Thousands of people are using these sorts of services and it will be a constant game of whack a mole. Having your own, private, connection will save you so many headaches. I personally have a VPN Server which is "home" to do anything local which I need, while travelling. AirVPN is used for when I do not want to be "home". -
Yet another vote for split tunneling support, please.
-
-
-
-
-
Wonder why this is still not being considered
-
ANSWERED Configuring White listed servers and traffic splitting
0bacon replied to 0bacon's topic in AirVPN Suite
I reinstalled air vpn suite followed the directions from the setup guide and your directions. It appears that wireguard is blocked. When set to openvpn, I have a connection. Changes to username, pw, and allowtrafficsplitting were made in the bluetit.rc, all other options are defaulted. When I run cuckoo -r /usr/bin/steam From what I have read the namespace aircuckoo is supposed to be created on its own. I tried to rm the directory but it doesn't exist. Whats weirder is the RTNETLINk answers: file exists? airvpn@fedora:~$ cuckoo -r /usr/bin/steam Cuckoo - AirVPN Traffic Splitting Manager 2.0.0 - 22 July 2025 ERROR setnamespace: Cannot open network namespace 'aircuckoo': No such file or directory 11:18:27 AM bluetit: ERROR: REPLAY_ERROR 11:18:27 AM bluetit: ERROR: REPLAY_ERROR 11:18:27 AM bluetit: ERROR: PKTID_REPLAY 11:17:55 AM bluetit: ERROR: REPLAY_ERROR 11:17:55 AM bluetit: ERROR: PKTID_REPLAY 11:17:36 AM bluetit: Requested method "list_pushed_dns" 11:17:21 AM bluetit: ERROR: REPLAY_ERROR 11:17:21 AM bluetit: ERROR: PKTID_REPLAY 11:16:52 AM bluetit: ERROR: REPLAY_ERROR 11:16:52 AM bluetit: ERROR: PKTID_REPLAY 11:16:47 AM bluetit: ERROR: Traffic Split Error: 'ip' execution error: (netns exec IPv6 route add) RTNETLINK answers: File exists 11:16:47 AM bluetit: Successfully restored traffic split settings. 11:16:47 AM bluetit: Successfully deleted 'aircuckoo' namespace 11:16:47 AM bluetit: WARNING: Traffic splitting setup is dirty. Trying to clean and restore settings. FIXED (systemctl restart NetworkManager) ERROR: Traffic Split Error: 'ip' execution error: (netns exec IPv6 route add) RTNETLINK answers: File exists bluetit3 -
Is the Torrent Address detection broken for anyone else too?
HUHHII replied to ByteBuccaneer's topic in IP Leak
Works fine for me -
-
-
Is the Torrent Address detection broken for anyone else too?
ByteBuccaneer posted a topic in IP Leak
I've always had good success with the IP Leak website, but tonight the Torrent Address detection functionality was borked. Also the "View" button has a strange "/" at the end of it. Can anyone else run Torrent Address detection successfully?
