Not connected, Your IP: 216.73.216.120
Online: 43187 users - 522160 Mbit/s total BWAll Activity
This stream auto-updates
- Past hour
-
-
-
-
-
-
-
-
-
ANSWERED Configuring White listed servers and traffic splitting
0bacon replied to 0bacon's topic in AirVPN Suite
Following the directions from airvpn.org/forums I set the ipv4 manually to 192.169.x.x/24 and the ip execution error, traffic splitting setup is dirty error has gone away. I also create the user cuckoo because it did not exist and made airvpn the primary usergroup. when logged in as airvpn i run cuckoo -r steam and I get ERROR setnamespace: Cannot open network namespace 'aircuckoo': No such file or directory Then in the bluetit.rc I changed trafficsplitnamespace even though its default should be the same, no change. trafficsplitnamespace aircuckoo Heres my new bluetit logs bluetit4 -
-
- Today
-
Hello! We're very glad to announce that Eddie Android edition 4.0.0 has been released This is a major update: for the first time Eddie Android edition features AmneziaWG complete support. Eddie Android edition is a fully integrated with AirVPN, free and open source client allowing comfortable connections to AirVPN servers and generic VPN servers offering compatible protocols. Eddie 4.0.0 aims primarily at adding, besides the already available OpenVPN and WireGuard, a thorough and comfortable AmneziaWG support. Source code available on GitLab: AmneziaWG is a free and open source fork of WireGuard by Amnezia inheriting the architectural simplicity and high performance of the original implementation, but eliminating the identifiable network signatures that make WireGuard easily detectable by Deep Packet Inspection (DPI) systems. It can operate in several different ways, including a fallback, "compatibility mode" with WireGuard featuring anyway various obfuscation techniques. What's new in Eddie 4.0.0 AmneziaWG support Amnezia WireGuard API stronger anti-blocking logic: ability to log in to the service and download AirVPN infrastructure and user data while connected through a profile with a specific option on the left pane ability to read and use local user data when bootstrap servers are unreachable CPS packets database of 30+ real websites, currently allowing accurate QUIC + HTTP/3 traffic mimicry to and from real web sites through AmneziaWG CPS. Each entry is easily selectable and identified by a clear label support for wrapping both IPv4 and IPv6 traffic over an IPv6 tunnel with WireGuard and AmneziaWG (previously available only with OpenVPN) new "Open with..." option on top of the usual "Share" (now renamed "Export") option to manage and export comfortably generated profiles on any Android version with any suitable application updated AmneziaWG parameters allowed ranges support of latest AmneziaWG padding features vastly improved NetworkMonitor and Tile Service updated OpenSSL, OpenVPN3-AirVPN and WireGuard libraries full compatibility from Android 5.1 to Android 16, including Android TV bug fixes see the complete changelog here: https://gitlab.com/AirVPN/EddieAndroid/-/blob/master/ChangeLog.txt?ref_type=heads AmneziaWG overview From the official documentation: https://docs.amnezia.org/documentation/amnezia-wg AmneziaWG offers: Dynamic Headers for All Packet Types (compatibility with WireGuard: YES) During tunnel initialization, the library generates a set of random constants applied to each of the four WireGuard packet formats: Init, Response, Data, Under‑Load. These constants: As a result, no two clients have identical headers, making it impossible to write a universal DPI rule. Replace predictable WireGuard packet identifiers; Shift offsets of Version/Type fields; Modify reserved bits. Handshake Length Randomization and message padding (compatibility with WireGuard: NO) In WireGuard, the Init packet is exactly 148 bytes, and the Response packet is exactly 92 bytes. AmneziaWG adds message paddings: S1: int - padding of handshake initial message S2: int - padding of handshake response message S3: int - padding of handshake cookie message S4: int - padding of transport messages Offsets of the remaining fields are automatically adjusted, and MAC tags are recalculated accordingly. In order to keep backward compatibility with WireGuard, S1, S2, S3 and S4 must be set to 0. Obfuscation Packets I1-I5 (Signature Chain) & CPS (Custom Protocol Signature) (compatibility with WireGuard: partial, with fallback) Before initiating a "special" handshake (every 120 seconds), the client may send up to five different UDP packets fully described by the user in the CPS format. In this way AmneziaWG can mimic perfectly QUIC, DNS and other protocols adding powerful methods to circumvent blocks. QUIC is particularly interesting as HTTP/3 is built on it and currently, from Chrome and other compatible browsers, 50% of traffic to/from Google is QUIC traffic. Therefore, blocking QUIC may have major disruptions for any ISP. Note that a CPS database of 30+ real web sites is available in Eddie Android edition: you can activate CPS mimicking traffic to real web sites with a tap. Eddie will take care to compile properly Amnezia's In parameters for accurate mimicry. Junk‑train (Jc) (compatibility with WireGuard: YES) Immediately following the sequence of I-packets, a series Jc of pseudorandom packets with lengths varying between Jmin and Jmax is sent. These packets blur the timing and size profile of the session start, significantly complicating handshake detection. Under‑Load Packet (compatibility with WireGuard: YES) In WireGuard, a special keep-alive packet (“Under-Load”) is used to bypass NAT timeouts. AmneziaWG replaces its fixed header with a randomized one, the value of which can be set manually. This prevents DPI from filtering short ping packets, ensuring stable tunnel connections, especially on mobile networks. How to use Eddie with AmneziaWG To enable AmneziaWG mode, just tap the connection mode available in the main and other views. It will rotate between WireGuard, AmneziaWG and OpenVPN. Set it to AmneziaWG. In its default AmneziaWG mode, Eddie will use all the possible obfuscation, except protocol mimicking, that keeps WireGuard compatibility, thus allowing connections to AirVPN servers. The default settings choice was possible thanks to the invaluable support of persons living in countries where VPN blocks are widespread. Such settings have been tested as working and capable to bypass the current blocking methods in various countries. You may consider to modify them if they are ineffective to bypass "your" specific blocks. In Settings > Advanced, you will find, at the bottom of the page, a new "Custom Amnezia WG directives" item. By tapping it you will summon a dialog that will let you customize any possible AmneziaWG parameter. You can maintain backward compatibility with WireGuard in the dialog WireGuard section, or enable the full AmneziaWG support in the Amnezia section, which is not compatible (at the moment) with AirVPN WireGuard servers. This mode will be mostly valuable in a not distant future, when AirVPN servers will start to support AmneziaWG natively. You may also enable QUIC or DNS mimicking for additional obfuscation efficacy. In order to maintain WireGuard backward compatibility, with or without QUIC or DNS mimicking, you must set: S1 = S2 = S3 = S4 = 0 Hn ∈ {1, 2, 3, 4} H1 ≠ H2 ≠ H3 ≠ H4 Furthermore, do not exceed the valid limit of the J parameters (anyway Eddie will not let you do it). In this preview version, Eddie's formal control of the input data is based on the following document. We strongly recommend you read it if you need to modify manually parameters: https://github.com/amnezia-vpn/amneziawg-linux-kernel-module?tab=readme-ov-file#configuration Custom Protocol Signature with database included Working in AmneziaWG mode, Eddie implements QUIC and DNS mimicry and obfuscation packets for each specific "I" parameter (by using the corresponding "Generate" button). You can enable them with a tap on the proper buttons. You may mimic QUIC and DNS even to connect to WireGuard based servers. Please do not modify In parameters if you don't know exactly what you're doing. Eddie's CPS database is available at your fingertip for accurate mimicry of traffic to and from real web sites using HTTP/3 (other protocols may be added in the future), so you don't need to look for and enter specific sequences. Settings > Advanced > Custom AmneziaWG directives > Enable CPS > Presets > select the web site whose traffic must be imitated . Currently, you can find a database that contains more than 30 actual packet signatures and sequences of real web sites. Select one and Eddie will adjust all the parameters automatically and will use them in the next AmneziaWG connection. When you enable QUIC mimicking and you maintain WireGuard backward compatibility, you add a powerful tool against blocks, because the first packets will be actual QUIC packets. AmneziaWG will fall back to WireGuard compatibility very soon. However, when DPI and SPI tools, and demultiplexers in general, identify the initial QUIC flow, most of them will be unable to detect a WireGuard flow for several minutes. This has been tested thoroughly with deep packet inspection on Linux and FreeBSD based machines by AirVPN staff. Therefore, in different blocking scenarios the QUIC mimicry increases likelihood of successful block bypass. NOTE: the same does not happen with DNS mimicry. In this case DPI / SPI tools identify the stream initially as DNS, but are much quicker (just in a few dozens of packets) to identify the stream as WireGuard's, after the initial DNS identification. How to use Eddie in network where the "bootstrap" servers can not be reached Eddie downloads user and infrastructure data, essential to use the service, from special "bootstrap servers" through an encrypted flow inside HTTP. If the bootstrap servers are blocked or the underlying protocol to port 80 is filtered out, Eddie is unable to proceed. Starting from this Eddie 4 version, the ability to retrieve such data locally has been added. Whenever bootstrap servers are unreachable, Eddie can read the latest available local data to connect to a VPN server. Once connected the bootstrap servers are again reachable and the local data are immediately updated for future usage. The local data remain valid as long as you don't need to change user. On top of all of the above, Eddie can now retrieve such data through the login procedure that now can be started even when a connection to a VPN server was previously established via a profile. Therefore, when you are in a restrictive network that blocks access to bootstrap servers, you can connect through a profile generated by AirVPN web site Configuration Generator. After this first connection, log your account in to the service by selecting the specific option on the left pane, enter your AirVPN account credentials as usual and make sure that Remember me checkbox is ticked: Eddie will download all the necessary files and store them locally. This procedure is "once and for all", at least as long as you don't need to change account. After this initial connection, Eddie will be able to log your account in to the infrastructure, retrieve servers data and establish connections without profiles and without bootstrap servers, offering again full AirVPN integration even when bootstrap servers are unreachable. Only If you change account you must repeat the procedure. New: "Open with..." option added to "Export" option Different Android versions allow management of files with different restrictions. Different apps may support different intents on specific Android versions. To enlarge total compatibility, now Eddie offers two different options to export and manage files, including generated profiles. You will find the usual "Share" option (note: now renamed into "Export") coupled with a new "Open with..." option. Some apps support only one intent, other apps only specific intents on specific Android versions, and so on. By adding this option Eddie enlarges considerably the amount of apps you will be able to open and/or share files with. Download link, checksum and changelog Eddie Android edition 4.0.0 APK direct download quick link: https://airvpn.org/tv Eddie Android edition 4.0.0 is also available on the Google Play Store. https://play.google.com/store/apps/details?id=org.airvpn.eddie Changelog is available here: https://gitlab.com/AirVPN/EddieAndroid/-/blob/master/ChangeLog.txt?ref_type=heads SHA-256 checksum if you prefer to download from our web site and side load the app: $ sha256sum EddieAndroid-4.0.0-VC38.apk 12322926f12d45f8e918173ae30f88cdef03f0fe323f30abf00cef6c033d8dae EddieAndroid-4.0.0-VC38.apk Kind regards & datalove AirVPN Staff
-
Working for Handshake AI: Airvpn blocked
reversevpn replied to John Gow's topic in Blocked websites warning
If you have any friends inside the US with a residential IP willing to help out, you can perform a reverse VPN connection as follows: 1. On your AirVPN account, forward any UDP Port from the Client Area>Ports(Let's just call it x for the sake of this guide). 2.On your machine, set up a wireguard server with the following parameters: [Interface] PrivateKey=(Insert your own wg privatekey here) ListenPort=x Address=192.168.181.2/24 [Peers] PublicKey=(Insert your friend's publicKey here) AllowedIPs=192.168.181.1 PresharedKey=(Insert presharedkey here) 3.Give your friend a wireguard conf like this: [Interface] PrivateKey=(Insert your friend's wg privatekey here) Address=192.168.181.1/24 [Peers] PublicKey=(Insert your own publicKey here) Endpoint= (Insert Your AirVPN Exit IP here):x AllowedIPs=192.168.181.2 PresharedKey=(Insert presharedkey here) PersistentKeepalive=10 4. Get your friend to install shadowsocks server on their machine. Their config file should look something like this: { "server": "192.168.181.1", "server_port": 8388, "password": "(Insert your own password here)", "method": "chacha20-ietf-poly1305" } 5.Get them to start ssserver with the config.json I specified 6. Install shadowsocks on your own machine, and configure it as follows: { "server": "192.168.181.1", "server_port": 8388, "password": "(Insert same password you gave your friend here)", "method" : "chacha20-ietf-poly1305", "local_address": "127.0.0.1", "local_port": 9500 } Run sslocal on your side 7. If you haven't already, install mozilla firefox or one of its many forks on your machine. 8.In your Firefox, go to Settings>General>Proxy Settings>Configure proxy, and set up as follows: 9. Go to ipleak.net on your firefox to verify that you are using your friend's residential IP. 10. You may now connect to handshake AI in Firefox -
so i was messing w/ airvpn on my laptop and for some reason the “auto reconnect” keeps toggling itself off. i swear i turned it on yesterday, checked the settings like 5x, even reinstalled the client, but next time i open it it’s just off again. tried different servers and the same thing happens. also noticed sometimes the kill switch icon stays red even tho it says “connected” on the main window? super confusing. anyone else seen this buggy behavior or am i losing it? - Yesterday
-
-
Working for Handshake AI: Airvpn blocked
SqueekySprout replied to John Gow's topic in Blocked websites warning
Honestly, if I was in your position, I would assume you have a place / friends at home in the USA. I would set up your VPN server there and remote in to that connection, rather than going through something like AirVPN. Thousands of people are using these sorts of services and it will be a constant game of whack a mole. Having your own, private, connection will save you so many headaches. I personally have a VPN Server which is "home" to do anything local which I need, while travelling. AirVPN is used for when I do not want to be "home". -
Yet another vote for split tunneling support, please.
-
-
-
-
- Last week
-
Wonder why this is still not being considered
-
ANSWERED Configuring White listed servers and traffic splitting
0bacon replied to 0bacon's topic in AirVPN Suite
I reinstalled air vpn suite followed the directions from the setup guide and your directions. It appears that wireguard is blocked. When set to openvpn, I have a connection. Changes to username, pw, and allowtrafficsplitting were made in the bluetit.rc, all other options are defaulted. When I run cuckoo -r /usr/bin/steam From what I have read the namespace aircuckoo is supposed to be created on its own. I tried to rm the directory but it doesn't exist. Whats weirder is the RTNETLINk answers: file exists? airvpn@fedora:~$ cuckoo -r /usr/bin/steam Cuckoo - AirVPN Traffic Splitting Manager 2.0.0 - 22 July 2025 ERROR setnamespace: Cannot open network namespace 'aircuckoo': No such file or directory 11:18:27 AM bluetit: ERROR: REPLAY_ERROR 11:18:27 AM bluetit: ERROR: REPLAY_ERROR 11:18:27 AM bluetit: ERROR: PKTID_REPLAY 11:17:55 AM bluetit: ERROR: REPLAY_ERROR 11:17:55 AM bluetit: ERROR: PKTID_REPLAY 11:17:36 AM bluetit: Requested method "list_pushed_dns" 11:17:21 AM bluetit: ERROR: REPLAY_ERROR 11:17:21 AM bluetit: ERROR: PKTID_REPLAY 11:16:52 AM bluetit: ERROR: REPLAY_ERROR 11:16:52 AM bluetit: ERROR: PKTID_REPLAY 11:16:47 AM bluetit: ERROR: Traffic Split Error: 'ip' execution error: (netns exec IPv6 route add) RTNETLINK answers: File exists 11:16:47 AM bluetit: Successfully restored traffic split settings. 11:16:47 AM bluetit: Successfully deleted 'aircuckoo' namespace 11:16:47 AM bluetit: WARNING: Traffic splitting setup is dirty. Trying to clean and restore settings. FIXED (systemctl restart NetworkManager) ERROR: Traffic Split Error: 'ip' execution error: (netns exec IPv6 route add) RTNETLINK answers: File exists bluetit3 -
Is the Torrent Address detection broken for anyone else too?
HUHHII replied to ByteBuccaneer's topic in IP Leak
Works fine for me -
-
-
Is the Torrent Address detection broken for anyone else too?
ByteBuccaneer posted a topic in IP Leak
I've always had good success with the IP Leak website, but tonight the Torrent Address detection functionality was borked. Also the "View" button has a strange "/" at the end of it. Can anyone else run Torrent Address detection successfully? -
Edit: Currently able to slip by on one NYC server. Have no idea why. If anyone knows of other US servers where one can get back to work on this site, please share. https://email.m.ai.joinhandshake.com https://ai.joinhandshake.com/ I am currently in the EU. A friend flew me out here to get me away from the Trump regime, which has been ****ing with my family and livelihood, but I need to work to make money and figure out what I'm going to do with my life (I'm working on a nomad visa). I seem to have mixed luck here. On a couple exit IPs from the USA, which I need to appear to be coming in from in order to work, it worked for a bit, but the IPs are now blocked. I'm not breaking any rules, I get why they would want to block VPNs because cloud labor sites have issues with nationals paying people in other countries to work as them, but I'm a born citizen with a right to work in the USA and not being able to use a VPN is seriously hurting me right now. Choosing to come in without a VPN gives me a "This project is not available in your region." wall. I have already started work on the project in question, I'm legal, just remote! Very frustrating. Is there anything I can do to get past this? It's going to hurt really bad if I can't work on any remote projects because of regional/VPN blocks. Thanks everyone!
-
I've been away from AIR for some years wandering the wilderness of VPN's but now back, not sure why I actually left in the first place?? But its a great VPN, when I look at the added bloat on some others which is almost ubiquitous Air is great, nice to see Eddie again & thanks!
-
-
-
I assumed worldcat blocks all VPNs, but some users (seemingly not of AirVPN) report success reaching it with VPNs. I searched the forums and other pages found in the links at the top of the forum and didnt find it, so whatever the result/answer is, I think it's good to have it documented. Checked the tools in the thread to check if it's an ISP issue, it shouldn't be. The route check for https://www.worldcat.org/ shows success for pings but every single server fails to connect, either with Fail (no connect) or Fail (HTTP 301) (https://airvpn.org/routes/?q=https%3A%2F%2Fwww.worldcat.org%2F). I assume this is due to the above url automatically redirecting to https://search.worldcat.org/ ? Then again, route check for that url errors out with Fail (HTTP 302) or (no connect) (https://airvpn.org/routes/?q=https%3A%2F%2Fsearch.worldcat.org%2F). Thanks for any help in advance!
-
.thumb.png.8be84fd39f94c1640ac8c5456fbf3449.png)
@zanon321 Hello! We can reach your SSH server from the Internet, so the setup of sshd on the office PC is just fine. You have a single key pair and a single port. When you connect your home PC to a VPN server, the DNS record of the domain name <your name>.airdns.org is updated to the exit IP address of the VPN server the home PC connected to, so the address of the office PC (behind the VPN server) is lost. In this case this setup could work only if the office PC is the last one to connect, so it's not a reliable scenario. You need to create a new key pair and use a unique key on each computer. Then, link DDNS and port <your port> to only one of the key pairs (in this case, the office PC key pair). Finally make sure that you connect PCs to different VPN servers. ALTERNATIVELY, just don't use DDNS but point ssh directly to the exit-IP address of the VPN server the office PC is connected to and make sure you connect each device to a different VPN server. How to manage key pairs and certificates: https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/ Kind regards -
Hello! Can you publish the whole terminal output when you try to run the installation script? Just copy and paste everything. Kind regards
-
Hi I created a port forwarding on my pc1 at port eg 3***** and running eddie on it, i can connect to it from pc2 via ssh over the internet. but the moment i activate eddie and route my home pc traffic via eddie on home pc as eg 1******** and then try to reach my office vis ssh, i get the below error ssh: connect to host ubuntu.airdns.org port 34445: Network is unreachable then i have to delete the home port in my control panel at airvpn, and wait for hours for connection to reset on its own or chache to clear so that i can connect from home to office. Basically airdns works great with just one active port. if i want to run ssh on pc2 and connect to it from pc3 (while pc2 is sshing into pc1) it fails. Any help on this pl. -
Hello. I just downloaded and installed the latest version of Linux Mint, and then downloaded the Linux version of AirVPN, but what do I do next? Install.sh doesn't work
-
Loading issues with some locations? Edit: lol, the name telos
-
Unable to connect to vrpirates.wiki
JohnnyRF replied to steveadoo's topic in Blocked websites warning
same problem, after 2 years of existence of this post.... I guess i'm cooked -
10 years here I think... Possibly more.. Lost counting. Best VPN ever. Give us some more features and a better client guys!
-
-
-
-
-
-
-
-
Good Morning everyone, I have been experiencing extremely inconsistent network speeds since a few months. Sometimes disconnecting and reconnecting fixes it, but not always. I can't seem to find a correlation. I either connect through wg-quick or use nmcli. Both have the same issue. Any way I could go about solving this issue / providing further logs? -
ANSWERED Configuring White listed servers and traffic splitting
0bacon replied to 0bacon's topic in AirVPN Suite
Good news! forbidquickhomecountry was the issue. I can now use the vpn, Thanks! I really appreciate your help. I still have another issue. I want to use cuckoo for traffic splitting. I made allowtrafficsplitting yes in the bluetit.rc as user airvpn I run goldcrest -O After enabling allowtrafficsplitting in bluetit.rc, I no longer have a connection. Everything worked, I enabled allowtrafficsplitting yes, no connection, I disabled allowtrafficsplitting, I still don't have a connection. So allowtrafficsplitting seems to have broke something. I restarted my PC, no change. I disabled firewalld, no change. It's weird that everything was working and allowtrafficsplitting on and off has made it so that I have no connection. 2026-04-01 11:31:22 WARNING: Traffic splitting setup is dirty. Trying to clean and restore settings. 2026-04-01 11:31:22 Successfully deleted 'aircuckoo' namespace 2026-04-01 11:31:22 Successfully restored traffic split settings. 2026-04-01 11:31:22 ERROR: Traffic Split Error: 'ip' execution error: (netns exec IPv6 route add) RTNETLINK answers: File exists I attached the full log files. I really am trying my best bluetit2 cuckoo trafficspli - Earlier
-
-
-
-
I am experiencing a problem with the server Segin (94.185.80.228:1637). I connect using WireGuard with the following configuration: [Interface] Address = xxx.xxx.xxx.xxx/32 PrivateKey = xxxx= MTU = 1320 DNS = 10.128.0.1 [Peer] PublicKey = xxxx= PresharedKey = xxxx= Endpoint = 94.185.80.228:1637 AllowedIPs = 0.0.0.0/0,::/0 PersistentKeepalive = 15 When I connect using endpoint port 1637, the tunnel is established successfully and initially the speed is very good, close to the maximum available from my ISP. However, after approximately 5 minutes, the connection stops working completely. At that point, traffic no longer passes through the tunnel, and even a speed test cannot complete. I also tried connecting to the same server using other endpoint ports, specifically 47107 and 51820. With those ports, the connection remains much slower than expected compared to the bandwidth provided by my ISP. So the behavior is the following: port 1637: very good speed at first, but since Saturday the connection starts dropping after a few minutes; ports 47107 and 51820: the tunnel works, but the speed is very low compared to my normal line speed. At the moment, port 1637 gives the best performance when it works, but since Saturday it has become unstable due to these repeated drops. Could you please check whether there is any issue on the server side with Segin, especially regarding port 1637, or advise what might be causing this behavior? If needed, I can provide additional diagnostics and logs.
-
ANSWERED eddie - there is no available or enabled network lock mode
sh4rd replied to sh4rd's topic in Troubleshooting and Problems
that was it, thankyou -
ANSWERED [OpenSuse - Tumbleweed] DNS Leaking
Staff replied to lilzayn's topic in Eddie - AirVPN Client
Hello! Or that any "Network Lock" mode is disabled by setting "Network Lock" box to "None" in "Preferences" > "Network Lock" window (default: "Automatic"), as it is indeed the case according to the system report (important option not at default: netlock.connection false) and considering that the user's system does have nft and iptables-* installed. Splitting the different cases with different messages and logging them will be suggested to devs. Kind regards
