Not connected, Your IP: 216.73.216.108
Online: 34691 users - 489390 Mbit/s total BWAll Activity
This stream auto-updates
- Past hour
-
-
-
-
-
- Today
-
-
-
-
-
-
Eddie Android edition 4.0.0 preview available
EMULE replied to Staff's topic in News and Announcement
Hello! I learned something new. AmneziaWG 2.0 parameters: Jc,Jmin,Jmax,S1-S4,H1-H4,I1-I5 It has to be said that this protocol is becoming increasingly complex, and I believe it is also a key force in breaking through the blockade. Keep up the good work, staff. I will also continue to learn, test, and optimize. - Yesterday
-
-
https://airvpn.org/routes/?q=https%3A%2F%2Fwww.rollsroyceforums.com%2F Report shows it's not blocked (on most servers) but can't reach it anyways (Error code: 409 Conflict). Without VPN, and even Tor, it works just fine. Using VPN: >tracert www.rollsroyceforums.com Tracing route to n.sni.global.fastly.net [151.101.65.91] over a maximum of 30 hops: 1 4 ms 3 ms 6 ms 10.22.38.1 2 89 ms 93 ms 91 ms 10.120.0.1 3 93 ms 91 ms 92 ms 192.241.164.11 4 93 ms 90 ms 89 ms 143.244.192.250 5 94 ms 92 ms 94 ms 143.244.225.254 6 90 ms 93 ms 90 ms 143.244.225.137 7 94 ms 89 ms 91 ms jfk1.decixny.fastly.net [206.82.104.29] 8 92 ms 91 ms 91 ms 151.101.65.91 Trace complete.
-
DNS on Linux stopped working without Air
Tech Jedi Alex replied to Biggsboy's topic in Troubleshooting and Problems
Detected DNS: 100.100.100.100 […] . 2025.12.26 09:44:51 - DNS of the interface 'wlp3s0' restored to '8.8.8.8 192.168.1.1' - via systemd-resolved Eddie restores the DNS to the setting it seemed to detect before which is correct, but then 100.100.100.100 is set, which seems to be a Tailscale thing. It is said that this is used as a "127.0.0.1 for Tailscale services". It is also said that Tailscale is listening on port 53 to resolve things. Eddie detected systemd-resolved, so I cannot help but wonder whether you're using two DNS resolvers racing each other. Maybe refer to the Tailscale documentation on how to run Tailscale with a VPN. Maybe someone else with experience can chip in, too. -
What would be the interface from which the users can vote? Client area? Eddie? API? All of those? Don't know about the practicality of such a rating, though, it's highly subjective whether a server works for you or not, doesn't incorporate the setups of users (Access tech? Specific problematic ISPs?)…
-
DNS on Linux stopped working without Air
Biggsboy replied to Biggsboy's topic in Troubleshooting and Problems
My apologies, this should be the correct report now! I've updated the Eddie client, rebooted, and connected and then fully disconnected before generating this one. EddieReportv2.txt -
Listen, if you need such a port feature, fire up your own VPN server. For a privacy-oriented VPN service like AirVPN NATed v6 is the way to go. I don't want a UGA when I'm trying to blend in with other users, and I don't want other users to mindlessly enable such a feature because "it sounded cool and sophisticated" and not understand the privacy implications this has. They would be uniquely identifiable everywhere they go. I also don't see an easy way to toggle all that on and off on a whim, as well, as it is possible with DNS, for example. You need new OpenVPN and Wireguard configs everytime you change that setting, and that alone is enough to not implement this. You must point to an OpenVPN daemon that assigns UGAs instead of ULAs, so the --remote must change. The peer config of Wireguard must include the UGA instead of ULA, too. And both must listen with yet another daemon configured differenly, which raises the entry IP addresses of every server to 6, with alt IPs to 8 (tls-auth/tls-crypt + ULA/UGA config + primary/alternative entry). tls-auth/tls-crypt are also two incompatible configs for OpenVPN, but this distinction was made out of necessity – there is no necessity with UGAs, it's just a feature with a time-consuming implementation, yet with very little added benefit and some problematic demerits. From my point of view, backed up by 12 years of experience with using AirVPN, it makes no sense debating this further, it's simply not coming. But I may not see the whole picture of the infrastructure. Maybe there is an easier way to implement and maintain all this as I imagine it. Easier for AirVPN staff, that is. But let me put the following into perspective: There was once a proposal to implement something of a "DNS CDN" as the DNS backbone of the AirVPN infrastructure where the servers don't act as DNS resolvers themselves but DNS forwarders to this DNS backend. This came up in the context of some DNS resolution errors. Staff showed themselves receptive but since then it wasn't mentioned again. Unfortunately, I don't seem to find the thread again. -,- It will be very similar with this UGA thing, only now there is, yet again, less benefit than a "DNS CDN" would have.
-
Hello. My apologies. I just saw this message. Eddie was working fine until the Christmas sale message started popping up. When I close the Christmas sale message, it also closes the box that allows me connect to a server. Eddie is showing in the taskbar as running, but I don't think it is because I was unable to connect to a server. I have Windows 11 and I am running Eddie 2.24.6. -
-
Eddie Android edition 4.0.0 preview available
EMULE replied to Staff's topic in News and Announcement
I understand, thank you. -
.thumb.png.8be84fd39f94c1640ac8c5456fbf3449.png)
Eddie Android edition 4.0.0 preview available
Staff replied to Staff's topic in News and Announcement
Hello! It could be sufficient and currently it is indeed sufficient from Russia and China, where you bypass blocks with the backward compatible H parameters. The H parameters could become in the future an additional weapon against evolving blocking techniques. Kind regards -
Eddie Android edition 4.0.0 preview available
EMULE replied to Staff's topic in News and Announcement
If it is the AmneziaWG native server, is it sufficient to use the I1-I5 parameters and not H1-H4? -
Eddie Android edition 4.0.0 preview available
Staff replied to Staff's topic in News and Announcement
Hello! Correct, the I parameters are meant for Custom Protocol Signature (CPS). When you connect to a WireGuard based server you must preserve backward compatibility. Jc, Jmin, Jmax, I1-I5 parameters remain free (within the mentioned constraints), while you must set: S1 = 0 S2 = 0 H1 = 1 H2 = 2 H3 = 3 H4 = 4 Various persons (as well as our original post) report also that you can mix H parameters, but they must be different from each other, and each H must be included between 1 and 4. Kind regards -
Eddie Android edition 4.0.0 preview available
EMULE replied to Staff's topic in News and Announcement
Hello, I relearned the AmneziaWG 1.5 protocol and found that: AmneziaWG 1.0 uses these parameters: Jc, Jmin, Jmax, S1, S2, H1-H4 AmneziaWG 1.5 uses these parameters: Jc, Jmin, Jmax, S1, S2, I1-I5 In my previous tests, I used both H1-H4 and I1-I5 parameters simultaneously. Could this cause compatibility issues? No wonder my connection was so unstable. When enabling CPS, should all H parameters be set to 0? -
feature request AmneziaWG 1.5 protocol support
Staff replied to Erquint's topic in Eddie - AirVPN Client
Hello! We're glad to inform you that AmneziaWG support has been implemented in Eddie Android edition 4.0.0 beta 1 and it will be progressively implemented in all the other AirVPN software. https://airvpn.org/forums/topic/77633-eddie-android-edition-400-preview-available/ Eddie Android edition public beta testing is going very well and the development team is optimistic about a near future release. This is only partially true. When you use CPS on your side and you connect to a WireGuard based server, demultiplexers will identify the traffic according to the CPS settings (QUIC, DNS...) only initially. They will soon be able to detect the traffic as WireGuard traffic. With DNS mimicking this happens just after the handshake, while with QUIC the inspection tools need much more time. We can confirm the above after several experimental tests we repeatedly performed with deep packet inspection. Anyway QUIC mimicking is effective and actually it can nowadays bypass in about 100% of the cases the blocks in both Russia and China. But we have planned to support Amnezia on the server side too, because the current method is anyway not so strong on the long run. When we have Amnezia on the server side too, no tool is able to ever identify the traffic as WireGuard traffic: it remains indefinitely identified as QUIC. Currently we are still at a testing phase, but the outcome so far is very promising. Stay tuned! Kind regards -
Perhaps a result of some benchmark could be factored in the scoring function. I assume a server with better hardware would be able handle more connections. On a second thought, this would probably require quite some work (unless this data already exists), and a change in the API because AFAIK it only returns bandwidth utilization of the server in the current version.
-
Would it be a good idea to also add scoring from users? Maybe there could be some score where it is averaged from user ratings. This would seem like a good way for staff to know how servers perform for most users as well.
- Last week
-
I just signed up for a year plan of AirVPN and gave Eddie a try. It isn't able to connect to AirVPN servers for me. And in the protocols tab of Eddie settings — all I found were just a bunch of OpenVPN ports and a few WireGuard ones. I don't need to say ports aren't protocols. I knew AmneziaWG client would work with AirVPN, but was hoping I could find use for Eddie, especially if split-tunnel routing could be set up more intelligently than the barebones AmneziaWG offers in that department. To give you an idea of routing hoops I was trying to avoid jumping: I'm having to use a self-written script for automatic CIDR-set inversion and input the result into the configs manually… it's a whole chore. I'm able to connect to AirVPN WireGuard servers using AmneziaWG client by manually enriching the configs generated with the `i1` parameter set to a binary string I had to find myself — one that slips under the DPI radar. Here's a page about AmneziaVPN, but which illustrates how a suitable binary string may be acquired: https://docs.amnezia.org/documentation/instructions/new-amneziawg-selfhosted/ I'm in Russia on Windows and Android. A poweruser and a coder where it comes to PC. Know my way around GNU/Linux and WSL when needed too. AmneziaWG 1.5 protocol extends WireGuard with CPS among other client-side obfuscation methods and presents a necessary technique of VPN connection restriction circumvention in Russia. Basic feature documentation here: https://docs.amnezia.org/documentation/amnezia-wg/#how-it-works CPS is fully compatible with any ol' WireGuard server due to inherent noise filtering WG is built on and basically only concerns establishment of a persistent connection. The DPI systems deployed over here are only capable of interrogating and filtering traffic of establishing connections to decide whether the outbound port opening by ISP will be permitted. My ISP already won't let connections to WireGuard endpoints that are performed without CPS and I'm sure many other ISPs block them as well, judging by rapid CPS adoption observed being reported on Russian Internet censorship circumvention forums. Used to be that `j` parameters would be enough to get around DPI packet filtering. Now pretty much nothing aside the `i` parameter helps in AmneziaWG client. To be clear before I proceed, I'd like to call attention to the following all being distinct entities not to be confused with each other, despite overlapping titling convention: - AmneziaWG protocol extending WireGuard protocol mainly to inject junk that bedazzles active DPI systems in the middle. This is the topic here. - AmneziaWG software forked openly from WireGuard client sources, implementing the above with its own version numbers not shared with the upstream or either protocols. - AmneziaVPN service hosted commercially. - AmneziaVPN software sorta implementing both but mainly geared as a client to the service. Now here's the pickle… Technical protocol specification documentation for AmneziaWG 1.5, including CPS is somewhat scant. No committee, just scrambling for the arms race. It's probably better to check reference implementations. IIRC, this commit implements `i#` parameters, where `#` is a digit: https://github.com/amnezia-vpn/amneziawg-go/commit/c20789848019fb494dbe9d280eb246f29b95ab85 WG Tunnel is an independent FOSS Android implementation of AmneziaWG 1.5 CPS in a config-compatible manner to AmneziaWG client: https://github.com/wgtunnel/wgtunnel I'm also aware of another implementation in a commercial WireGuard client titled WireSock Secure Connect Beta that derives those binaries procedurally, which makes it not directly config-compatible, but that is off topic at the moment. With everything above in mind, it does not seem like Eddie is going to be usable in Russia until AmneziaWG 1.5 CPS is implemented. So here's me asking if Eddie could support AmneziaWG 1.5 CPS client extension to the WireGuard protocol. And to be thorough in avoiding confusion, in case my initial statement is lost in the post, I want to repeat… No modifications is needed to AirVPN's WireGuard servers in order to implement this — CPS is client-side handshake obfuscation that WireGuard's built-in noise filtering inherently ignores.
-
-
-
-
-
-
[SOLVED] Network lock protection lost when eddie-ui crashes
zebulon replied to zebulon's topic in Eddie - AirVPN Client
Hello! Many thanks for all these information and insight. Indeed I completely agree with what you state. Meanwhile, I identified the culprit of plasmashell crashing: a system resource plasmoid I use on the Plasma desktop background. If I remove it, no crashes happen anymore. So the safe solution is to report it to its owner/author. Despite this I was unable to crash and end Eddie GUI gracefully, so I might have misidentified this happening. That said I will keep an eye and report again if I find a reproducible way. And I understand this is beyond your control and thank you very much for the feedback. Kind regards! -
-
Request: split tunnel in eddie on windows
NEDepac replied to costia's topic in General & Suggestions
Use wiresock with the airvpn configuration and you can have multiple options. I stopped bothering with the official airvpn application as it is stuck in the Middle Ages. -
Request: split tunnel in eddie on windows
Tech Jedi Alex replied to costia's topic in General & Suggestions
It's not abandoned per se, but versions do come out irregularly. Bursts of multiple versions in the span of a few weeks are interrupted by months-long delays, 6-9 months can happen. As such, the chances for new modern features is not 0. As there was communication about Eddie Android 4.0 recently, I believe the responsible developer is focusing on that before returning to Eddie for PC. The missing communication about future plans and roadmaps does not help, though, I agree; everything feels like an "it's done when it's done" thing, a style of comms I'd expect a hobbyist project to adopt, not a business, but, well, here we are. -
DNS on Linux stopped working without Air
Tech Jedi Alex replied to Biggsboy's topic in Troubleshooting and Problems
Eddie version: 2.21.8 Let's update Eddie first to the current stable, which is 2.24.6. Detected DNS: 10.128.0.1, fd7d:76ee:e68f:a993::1 Also, connect, then disconnect. We're troubleshooting DNS not being reset to the original setting after disconnection; it's expected that AirDNS is still set when you're connected. -
-
-
CentralPivot reacted to a post in a topic:
Personal IPv6 exit IP as alternative to port forwarding ...
-
Personal IPv6 exit IP as alternative to port forwarding
CentralPivot replied to CentralPivot's topic in General & Suggestions
This wouldn't really interact with the existing port forwarding system at all. The point is to not have to forward any ports at all, all traffic to your public IP would automatically be forwarded to you, circumventing the entire port forwarding mechanism. The advantage is that you don't have a limitation on the number of forwarded ports anymore or restrictions on which exact ports are available. You'd have access to the entire range of 65535 ports. This is useful for several scenarios, for example if you have multiple clients that need port forwarding you run out very fast. It's also useful for punching through restricted networks or heavily NATed/CG-NATed networks and get a publicly addressable IP. Useful if I want to e.g. share a file with someone on IRC but we're both behind CG-NAT, or if I want to spin up a http server to show off a demo but the cafe I'm at blocks incoming port 80. As for the server infrastructure, stateless address translation is less resource intensive than stateful NAT, so the more popular of a feature this is the less the routing overhead on the servers will be. There's plenty of ways for spammers and other evildoers to do that for free already, they wouln't need an AirVPN subscribtion to get trillions of ipv6 addresses. Which is why with ipv6 nobody blocks on a per-address level, but prefixes. -
Other VPN clients support this functionality. I don't know how it's done on the technical side. But Eddie's development on PC seems to have been abandoned. Last update is from almost a year ago. So I guess the chances for new modern features is basically 0.
-
DNS on Linux stopped working without Air
Biggsboy replied to Biggsboy's topic in Troubleshooting and Problems
Here it is, thanks! EddieReport12.24.25 -
Granted, but then.. if you cannot expand the port forwarding/sharing capabilities, since you'll still be limited to the 64000 ports you can forward with v4 so as to not overcomplicate the port forwarding feature in the client area, what is the technical advantage of going through the pain of implementing all this? Just so you can have a unique v6? For what? You're still blocked by public trackers, WAFs and blacklists because the server (more like its address range) is hosted by a notorious VPN server hoster (M247 for example). You also don't gain throughput because it's still the same server with the same CPU and client count, load and latency. First I've heard of swarms rating their peers. I know that torrent clients can be configured to prefer the allocation of upload slots to peers by certain criteria, but the swarm doesn't care about your IP address or how "fixed" it is. They care about your peer ID. If you're in, you're a peer, be it new or seeding since two years ago. If you're seeding for longer, you'll be found quicker, of course, since your peer ID is known in the swarm, but whether your IP is fixed or dynamic, doesn't matter at all. You restart the torrent client, you get a random peer ID, even if your address is the same. Did you maybe mean positive ratings on torrent trackers/indexers? If so, I believe mapping your traffic stats to accounts is done by passkeys in the tracker announcement URL. Which also doesn't care about how "fixed" your address is. Though, I cannot rule out that certain private trackers/indexers also check the address; after all, the tracker software would know it inevitably. In this case, maybe the privacy-focused AirVPN is not the best fit for people with such a use case? If I as such a spammer will notice that I get a new public address on each reconnect, I would abuse the heck out of this mechanism. I mean.. I wouldn't even need a botnet anymore, I can just cycle my IP with this and attack from literally TRILLIONS of IPs. For, what, 7€ a month? Even less with longer subs? Plus sales? Is it christmas already? (Even if it is right now. ) And if there is no such randomizing mechanism the user can control, you force yourself to use the same UGA on the same server (unless you regenerate the conf, maybe), defeating the purpose of AirVPN. All valid points with v6, of course, and I also always advocate for not devaluing v6 just because "v4 works" (instead of disabling v6 upon problems, fix those problems). If you know of a provider with a good implementation of v6 UGA assignments that preserve privacy of every user, I'd be happy to look into it more closely (please do so via private messaging). Who knows, maybe there is a practical solution for this I don't see yet? But here and now I see that v6 works brilliantly in NAT mode and preserves users' privacy the best way it can. Configuring a VPN connection by generator or ad-hoc is simple, too, and demand is negligible as of now. Also mind my signature: I speak for myself.
-
Hello, I have started encountering this issue as well and even deleted the config file but the issue still persists. Eddie_20251224_134250.txt
