Not connected, Your IP: 216.73.217.25
Online: 42989 users - 488950 Mbit/s total BWAll Activity
This stream auto-updates
- Past hour
-
-
-
.thumb.png.8be84fd39f94c1640ac8c5456fbf3449.png)
ANSWERED Windows Wiresock + Port Forward
Staff replied to Scolexis's topic in Troubleshooting and Problems
Solution. Kind regards -
-
@lexsilico Hello! Please note that neither Bluetit nor WireGuard directly control the routing decision; they rely on the kernel's routing stack. The behavior of the underlying OS and the routing configuration can cause issues with your configuration. The operating system may prioritize an interface based on its state or link-local address availability. If one interface with the higher metric is perceived to be more reliable (even if its metric is higher), the system might route traffic through the interface whose routes have a higher metrics in any case for certain types of traffic. More in general, when you configure two interfaces to use the same default gateway and they are both in the same subnet, you're telling the system that both interfaces can reach the same destination (the gateway), which can cause path ambiguity if both interfaces are active, regardless of the routes metrics. Certain types of traffic might end up using the higher metrics interface because of various situations: a race condition, a connection state mismatch, any possible (even temporary) issue with the routing etc. Furthermore this setup paves the way to asymmetric routing problems, which are quite serious. You still have the option to configure policy-based routing using ip to force WireGuard traffic to go through a specific interface, regardless of the default gateway metric. This specific configuration must be created by you as you have no options to force Bluetit to bypass WireGuard (kernel) decisions, and you have no option to tell WireGuard to do the same. You can add your command(s) on the PostUp and PostDown directives to ensure the correct interface is used during the WireGuard connection lifecycle. Note that in this case you will have to use your own profile with Hummingbird (or with Bluetit and Goldcrest), and not the AirVPN integrated Bluetit/Goldcrest connection mode. We will also consult with the Suite development team to study your case in more details and we will update this thread if necessary. We do not rule out the possibility to add in the future special options to compile PostUp and PostDown commands directly from within Bluetit run control file (possibly not via Goldcrest because WireGuard runs PostUp and PostDown specified executable files with root privileges). Kind regards
-
-
-
-
-
- Today
-
-
- Yesterday
-
I have updated awg_conf_patch with support for the AmneziaWG 2.0 parameters: https://github.com/zimbabwe303/awg_conf_patch. The old awg version is still supported: use the -o option. I have also updated the default parameters with better ones: the shuffled H1..4 parameters stopped working recently for some reason (at least for me) so I replaced them with the old generic ones. To still use the shuffled ones set amnezia_CustomH=0 in the script itself.
-
-
awg_conf_patch was updated with support for awg 2.0: https://github.com/zimbabwe303/awg_conf_patch
-
Good afternoon, I recently configured Wiresock by generating a config file, everything was working fine yesterday. However, after a reboot and no other setting changes the port forward isn't working properly through the Wiresock connection any longer. I've tried generating a new config file just to see and same issue. I removed all my ports except for one to see if I just had too many and it was just getting confused. Does anyone know if there's anything specific to configure inside of Wiresock? I've only setup split tunnelling for a couple of specific applications and enabled the virtual adapter setting; everything else is left at the default. I am also running Tailscale if that matters at all, not sure if it would interfere, but killing that connection doesn't seem to have any effect. I do have AirVPN installed on my other machine and port forwarding seems to be working fine there, so I think it's a misconfiguration with Wiresock; I'm just unsure where to check. Any help or nudges in the right direction would be appreciated. Edit: I figured it out; I had to allow qBittorrent in my firewall rules for the public network. Feel free to close this thread.
-
Hi, I'm using the AirVPN Suite for Linux 2.0.0 installed on my raspberry, with wireguard. Everything works fine, but I noticed that it seems that when mounting tun0, bluetit is choosing my wifi interface instead of my wired interface for routing. From the logs I can see : Network gateway is IPv4 192.168.1.254/32 via interface wlan0 Added route IPv4 141.98.XXX.XXX/32 via 192.168.1.254 dev wlan0 Successfully initialized WireGuard device tun0 I have both interfaces enabled on my raspberry (wired : end0 and wifi wlan0), but my wired interface has a lower metric for routing, so I was expecting bluetit to use end0 instead of wlan0. I would prefer to use end0 instead of wlan0 for my vpn. Can you help me to use wlan0 as a first choice ? (btw I don't want to disable wifi interface). Thx
-
Just as a note, since the first days of April the situation with VPNs in Russia is going into the real Cheburnet phase: Spyware VPN detectors will be inserted into all the major commercial mobile apps (Max, VK, Yandex, banks, phone carriers, etc.), every detected endpoint IP will most likely go into the country-wide blacklist The increase of the cross-border backbone bandwidth has already been vetoed because it has grown over the top in the last year due to the VPNs Because of that there are rumors that more than 15 GB/month of cross-border traffic will have added cost for every end user VPN software will be detected on every in-country VPS hosting provider to prevent using them as bridges (it is already a common practice to circumvent white list blocks) Recently there were wired Internet shutdowns looking very much like tests of white list blocks (before that only mobile Internet had white lists) By the way, it's very hard to find any AirVPN server which is not yet blocked. But I can still find some (mostly in Netherlands) by automated scanning. AmneziaWG is necessary, of course.
-
- Last week
-
-
-
increasing efficiency in blocking ads and trackers
Staff replied to Tionni's topic in General & Suggestions
Hello! We already implemented it in 2021. Any domain which must be blocked includes all of its subdomains too. Besides, different matching methods are available for your additions and exceptions: Exact (exact FQDN), Domain (domain and its subdomains), Wildcard (with * and ? as wildcards), Contain, Start with, End with. Kind regards -
Hello, I just did read about Proton VPN increasing it efficiency on blocking ads and trackers Is this something you can implement also?
-
Hello! Yes, AmneziaWG support on the server side. You do not need handshake and payload packet padding to circumvent blocks in Russia and China. Padding may be instrumental to make destination guessing from traffic pattern more difficult. Kind regards
-
Hello! Unfortunately, the CSP settings do not help to overcome DPI. On the servers of other VPN providers, I have found that it is effective to change the values of the S1-S4 and H1-H4 parameters. However, as far as I understand, all airvpn servers are configured with zero values for S1-S4 and values for H1-H4 ranging from 1 to 4. These are the standard parameters of the wireguard protocol and can be easily detected by DPI. Is there any plan to allow for the modification of these parameters?
-
-
Today I encountered the same issue on my system under similar conditions, so I can share what I found in case it helps diagnose it. From the stack trace, this does not appear to be a straightforward dependency or missing library problem. Although the error mentions libmono-native.so, the failure occurs earlier in the Mono/WinForms initialization chain (System.Console / TermInfo / X11), which usually points to a runtime initialization or environment selection issue rather than a simple missing file. In my case, Eddie (version 2.25.1 on Gentoo 6.18.18-gentoo-dist-hardened) had been working normally for a long time without a system Mono installation. After installing Mono for another application, Eddie immediately began crashing at startup with a fatal initialization failure. The stack trace consistently pointed to System.Console and then to libmono-native.so, even though the library was present and correctly resolved by the dynamic linker. This initially suggested a broken installation or missing dependency, but neither rebuilding dependencies nor checking linker configuration changed the outcome. The key factor turned out to be that Eddie appears to dynamically prefer a system Mono runtime when one is available. Once Mono was installed globally, Eddie stopped using its own internal runtime and instead executed against the system Mono version. In my case, this was 6.14, which is not compatible with the runtime expectations of this particular Eddie build. Downgrading Mono to 6.12 did not resolve the issue, which further suggested that the problem is not a specific version regression, but rather a general incompatibility between Eddie and external Mono runtimes in this configuration. The decisive test was removing the system Mono entirely. After uninstalling it, Eddie immediately reverted to using its bundled runtime again, which appears to be based on Mono 6.8. At that point, the application started normally without any further changes. This indicates that the bundled runtime is functional, but it is only used when no external Mono installation is present. The failure is likely caused by Eddie’s lack of strict runtime isolation. The presence of a system Mono installation changes its execution path, resulting in the use of an incompatible runtime. The most reliable fix is either to avoid installing system Mono alongside Eddie or to remove it if Eddie is required. Regards Viktor23596
-
-
-
-
-
ANSWERED Docker Gluetun server name
ByteBuccaneer replied to Grimmy57's topic in Troubleshooting and Problems
Naturally I verified this; the documentation agrees with you that the plural form is the correct form. Naturally I then became curious as to why my singular form version works so well then. It turns out that older versions of the code only allowed one server, and more recent upgrades enabled multiple servers to be listed. In order to upgrade to the plural form without borking the older, singular versions the author wrote the following excellent code: Golang (serverselection.go line 461) ss.Names = r.CSV("SERVER_NAMES", reader.RetroKeys("SERVER_NAME")) To anyone reading this definitely use the plural form for new Docker containers, but you don't need to worry about older ones as the author has you covered! Thanks for the correction @Grimmy57 -
-
wiresock works!!!!!!! thxxxxx
-
-
There are hundreds of those protocols. Neither of them works as well as AmneziaWG.
-
Hello! The first main problem to resolve is setting a proper DNS that the container can query before the connection is established. Your system can't resolve the domain name of the end point (us3.vpn.airdns.org), so WireGuard does not even try to establish a VPN connection. Note how the service wg-quick@wg0.service exited because of that (temporary failure in name resolution). Please don't send screenshots whenever text is possible and suitable. Kind regards
-
-
-
-
-
-
movaxdx reacted to a post in a topic:
Can we get a server in Poland? They seem to like freedom of speech. ...
-
If you can't dedicate a middlebox to just your NAS, you can use your main machine as the middlebox, if it runs Linux with systemd. If you do have that, then you can use iproute2 and systemd-nspawn to just send the NAS's trafic over the VPN without sending your main computer's traffic over the VPN, unless you also want to send your main computer's traffic over the VPN.
-
Is it possible for you to insert a middlebox between your synology and the upstream router? By middlebox, I mean any computer that can run Linux (i.e. Debian) and that you can give at least two ethernet interfaces (oen or both can be USB ethernet if you don't have enough built-in Ethernet ports). If it is possible, you can have the middlebox do wireguard, then just set the mtu between the synology and the middlebox to be 1420 (or 1320, if you leave the AirVPN config file as-is), and then just have the middlebox NAT all the synology's traffic into the Wireguard tunnel.
-
Hello! We do agree and we are planning to implement on our software per app traffic splitting on Windows too. Currently you can enjoy per app traffic splitting on Linux (AirVPN Suite) and Android (Eddie Android edition). If the machine you use for Steam is based on Linux you can already have per app traffic splitting with our software. If you run Windows, in the meantime you can consider WireSock, which offers traffic splitting and reverse traffic splitting (on an application basis) and is fully compatible with our WireGuard servers. The Configuration Generator will generate the profiles you wish. Kind regards
-
Any guide or how to because it feels like wireguard and Synology are not natively liking each other. All the guides i've found are docker or spk repacker (does not exist for 1511+) and seems to be done for incoming and not outgoing
-
I have been facing a predicament for months, which is that Steam thinks i'm a bot and doesn't let me play any multiplayer games in.. multiplayer, and I can't turn my VPN off to use all 5 ports on it to host numerous servers. The problem is, there isn't a way to IP or domain whitelist Steam, since I don't know any of the ip's it uses to connect, and they change alot. This is where app-based tunneling would shine though, and here is why 1. App based tunelling would most likely save you guys alot of bandwidth, now people can tell the VPN to send web browser connections through their actual internet, and then you won't have alot of traffic taken up by YouTube streams 2. This defeats the need to switch to other clients, which is clunky and complicated. 3. It lets you do everything in one app (Eddie), which is extremely convenient and simple for newcomers to use, probably bringing more subscribers to the VPN too since split-tunneling is a useful feature 4. It straight up lets you split tunnel some stuff in the first place, such as Steam i've already mentioned, which uses a variety of ip's and domains i don't know, and i'm not about to spend a few hours in wireshark getting all the ip's/domains and adding them. So please, 4 good reasons on why app split-tunneling should be added to Eddie. P.S. another thing I noticed was that the split-tunneling already in Eddie didn't seem to work until I reconnected the VPN, is this a limitation, a bug, or just something that isn't added? - Thanks, a pleading CS2 player and server hoster
-
Hello! Yes, it is definitely planned, but we can't give you a definite ETA. In the meantime, if you have an Android device or an Android emulator, you can use Eddie Android edition to generate configuration files (you can export them to any other system directly from Eddie's "Export" or "Open with" functions) or the Amnezia configuration patcher by @zimbabwe https://github.com/zimbabwe303/awg_conf_patch Eddie Android edition includes 30+ CPS pre-sets of real web sites, so this is the recommended solution currently to bypass blocks. Kind regards
-
Adguard VPN prevents normal email work. Can't send any letter. outlook gets an error: Task '***.com - Sending' reported error (0x800CCC1 A): 'Your server does not support the connection encryption type you have specified. Try changing the encryption method. Contact your mail server administrator or Internet service provider (ISP) for additional assistance.' and my host provider says: "Hello, We can confirm that the mail server is functioning correctly. The error 0x800CCC1A indicates that your new VPN is interfering with the secure connection (SSL/TLS handshake) between your email client and the mail server. This issue commonly occurs because many modern VPN services include features such as Security Shields or Mail Protection, which intercept or filter email traffic. Since this appears to be a local configuration issue related to the third-party VPN software, we recommend contacting your VPN provider’s support team. You may inform them that their service is likely blocking or interfering with SMTP traffic, particularly on ports 465 and 587." no replies for about 1 month from their support and yes, they're fast...
-
Hello! I've been using AirVPN for a pretty long time on a Proxmox LXC with Wireguard that runs my qBittorrent. It's been working fantastic until suddenly it can no longer make outbound connections. Pinging 1.1.1.1 comes up with nothing, and I cannot ping www.google.com either. Only thing I can ping are connections inside my network. I'm honestly unsure what would've possibly caused this as I've changed nothing about my system except for updating it, but thats it. The only thing I notice is a message when doing "wg-quick up wg0" is "/etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a symbolic link to /run/resolvconf/resolv.conf", but when I do "ln -sf /run/resolvconf/resolv.conf /etc/resolv.conf" I get "Temporary failure in name resolution: `us3.vpn.airdns.org:1637'. Trying again in 1.00 seconds..." with the time slowly increasing. I added some photos below to hopefully allow people to get a better idea on whats going on. Any help is appriciated cause honestly I have no idea where to go with this, its a major head scratcher and I'm unsure on where to even begin. If it helps I also do have tailscale setup on this as well, but it's been working fine for the longest time so I can't see that affecting anything. All connections work fine with the wireguard vpn down as well. Thank you! -
Hello! Like many others, I use native software to connect to your servers. I would very much like to see the ability to obtain a configuration for the AmneziaWG protocol in the config generator. Will this feature be implemented, and if so, when?
