Not connected, Your IP: 216.73.216.108
Online: 35377 users - 527618 Mbit/s total BWAll Activity
This stream auto-updates
- Past hour
-
-
-
-
-
-
-
-
-
-
- Today
-
Hello. My apologies. I just saw this message. Eddie was working fine until the Christmas sale message started popping up. When I close the Christmas sale message, it also closes the box that allows me connect to a server. Eddie is showing in the taskbar as running, but I don't think it is because I was unable to connect to a server. I have Windows 11 and I am running Eddie 2.24.6. -
-
Eddie Android edition 4.0.0 preview available
EMULE replied to Staff's topic in News and Announcement
I understand, thank you. -
.thumb.png.8be84fd39f94c1640ac8c5456fbf3449.png)
Eddie Android edition 4.0.0 preview available
Staff replied to Staff's topic in News and Announcement
Hello! It could be sufficient and currently it is indeed sufficient from Russia and China, where you bypass blocks with the backward compatible H parameters. The H parameters could become in the future an additional weapon against evolving blocking techniques. Kind regards -
Eddie Android edition 4.0.0 preview available
EMULE replied to Staff's topic in News and Announcement
If it is the AmneziaWG native server, is it sufficient to use the I1-I5 parameters and not H1-H4? -
Eddie Android edition 4.0.0 preview available
Staff replied to Staff's topic in News and Announcement
Hello! Correct, the I parameters are meant for Custom Protocol Signature (CPS). When you connect to a WireGuard based server you must preserve backward compatibility. Jc, Jmin, Jmax, I1-I5 parameters remain free (within the mentioned constraints), while you must set: S1 = 0 S2 = 0 H1 = 1 H2 = 2 H3 = 3 H4 = 4 Various persons (as well as our original post) report also that you can mix H parameters, but they must be different from each other, and each H must be included between 1 and 4. Kind regards -
Eddie Android edition 4.0.0 preview available
EMULE replied to Staff's topic in News and Announcement
Hello, I relearned the AmneziaWG 1.5 protocol and found that: AmneziaWG 1.0 uses these parameters: Jc, Jmin, Jmax, S1, S2, H1-H4 AmneziaWG 1.5 uses these parameters: Jc, Jmin, Jmax, S1, S2, I1-I5 In my previous tests, I used both H1-H4 and I1-I5 parameters simultaneously. Could this cause compatibility issues? No wonder my connection was so unstable. When enabling CPS, should all H parameters be set to 0? -
feature request AmneziaWG 1.5 protocol support
Staff replied to Erquint's topic in Eddie - AirVPN Client
Hello! We're glad to inform you that AmneziaWG support has been implemented in Eddie Android edition 4.0.0 beta 1 and it will be progressively implemented in all the other AirVPN software. https://airvpn.org/forums/topic/77633-eddie-android-edition-400-preview-available/ Eddie Android edition public beta testing is going very well and the development team is optimistic about a near future release. This is only partially true. When you use CPS on your side and you connect to a WireGuard based server, demultiplexers will identify the traffic according to the CPS settings (QUIC, DNS...) only initially. They will soon be able to detect the traffic as WireGuard traffic. With DNS mimicking this happens just after the handshake, while with QUIC the inspection tools need much more time. We can confirm the above after several experimental tests we repeatedly performed with deep packet inspection. Anyway QUIC mimicking is effective and actually it can nowadays bypass in about 100% of the cases the blocks in both Russia and China. But we have planned to support Amnezia on the server side too, because the current method is anyway not so strong on the long run. When we have Amnezia on the server side too, no tool is able to ever identify the traffic as WireGuard traffic: it remains indefinitely identified as QUIC. Currently we are still at a testing phase, but the outcome so far is very promising. Stay tuned! Kind regards -
Perhaps a result of some benchmark could be factored in the scoring function. I assume a server with better hardware would be able handle more connections. On a second thought, this would probably require quite some work (unless this data already exists), and a change in the API because AFAIK it only returns bandwidth utilization of the server in the current version.
-
Would it be a good idea to also add scoring from users? Maybe there could be some score where it is averaged from user ratings. This would seem like a good way for staff to know how servers perform for most users as well.
- Yesterday
-
I just signed up for a year plan of AirVPN and gave Eddie a try. It isn't able to connect to AirVPN servers for me. And in the protocols tab of Eddie settings — all I found were just a bunch of OpenVPN ports and a few WireGuard ones. I don't need to say ports aren't protocols. I knew AmneziaWG client would work with AirVPN, but was hoping I could find use for Eddie, especially if split-tunnel routing could be set up more intelligently than the barebones AmneziaWG offers in that department. To give you an idea of routing hoops I was trying to avoid jumping: I'm having to use a self-written script for automatic CIDR-set inversion and input the result into the configs manually… it's a whole chore. I'm able to connect to AirVPN WireGuard servers using AmneziaWG client by manually enriching the configs generated with the `i1` parameter set to a binary string I had to find myself — one that slips under the DPI radar. Here's a page about AmneziaVPN, but which illustrates how a suitable binary string may be acquired: https://docs.amnezia.org/documentation/instructions/new-amneziawg-selfhosted/ I'm in Russia on Windows and Android. A poweruser and a coder where it comes to PC. Know my way around GNU/Linux and WSL when needed too. AmneziaWG 1.5 protocol extends WireGuard with CPS among other client-side obfuscation methods and presents a necessary technique of VPN connection restriction circumvention in Russia. Basic feature documentation here: https://docs.amnezia.org/documentation/amnezia-wg/#how-it-works CPS is fully compatible with any ol' WireGuard server due to inherent noise filtering WG is built on and basically only concerns establishment of a persistent connection. The DPI systems deployed over here are only capable of interrogating and filtering traffic of establishing connections to decide whether the outbound port opening by ISP will be permitted. My ISP already won't let connections to WireGuard endpoints that are performed without CPS and I'm sure many other ISPs block them as well, judging by rapid CPS adoption observed being reported on Russian Internet censorship circumvention forums. Used to be that `j` parameters would be enough to get around DPI packet filtering. Now pretty much nothing aside the `i` parameter helps in AmneziaWG client. To be clear before I proceed, I'd like to call attention to the following all being distinct entities not to be confused with each other, despite overlapping titling convention: - AmneziaWG protocol extending WireGuard protocol mainly to inject junk that bedazzles active DPI systems in the middle. This is the topic here. - AmneziaWG software forked openly from WireGuard client sources, implementing the above with its own version numbers not shared with the upstream or either protocols. - AmneziaVPN service hosted commercially. - AmneziaVPN software sorta implementing both but mainly geared as a client to the service. Now here's the pickle… Technical protocol specification documentation for AmneziaWG 1.5, including CPS is somewhat scant. No committee, just scrambling for the arms race. It's probably better to check reference implementations. IIRC, this commit implements `i#` parameters, where `#` is a digit: https://github.com/amnezia-vpn/amneziawg-go/commit/c20789848019fb494dbe9d280eb246f29b95ab85 WG Tunnel is an independent FOSS Android implementation of AmneziaWG 1.5 CPS in a config-compatible manner to AmneziaWG client: https://github.com/wgtunnel/wgtunnel I'm also aware of another implementation in a commercial WireGuard client titled WireSock Secure Connect Beta that derives those binaries procedurally, which makes it not directly config-compatible, but that is off topic at the moment. With everything above in mind, it does not seem like Eddie is going to be usable in Russia until AmneziaWG 1.5 CPS is implemented. So here's me asking if Eddie could support AmneziaWG 1.5 CPS client extension to the WireGuard protocol. And to be thorough in avoiding confusion, in case my initial statement is lost in the post, I want to repeat… No modifications is needed to AirVPN's WireGuard servers in order to implement this — CPS is client-side handshake obfuscation that WireGuard's built-in noise filtering inherently ignores.
-
-
-
-
-
-
[SOLVED] Network lock protection lost when eddie-ui crashes
zebulon replied to zebulon's topic in Eddie - AirVPN Client
Hello! Many thanks for all these information and insight. Indeed I completely agree with what you state. Meanwhile, I identified the culprit of plasmashell crashing: a system resource plasmoid I use on the Plasma desktop background. If I remove it, no crashes happen anymore. So the safe solution is to report it to its owner/author. Despite this I was unable to crash and end Eddie GUI gracefully, so I might have misidentified this happening. That said I will keep an eye and report again if I find a reproducible way. And I understand this is beyond your control and thank you very much for the feedback. Kind regards! -
-
Request: split tunnel in eddie on windows
NEDepac replied to costia's topic in General & Suggestions
Use wiresock with the airvpn configuration and you can have multiple options. I stopped bothering with the official airvpn application as it is stuck in the Middle Ages. - Last week
-
Request: split tunnel in eddie on windows
Tech Jedi Alex replied to costia's topic in General & Suggestions
It's not abandoned per se, but versions do come out irregularly. Bursts of multiple versions in the span of a few weeks are interrupted by months-long delays, 6-9 months can happen. As such, the chances for new modern features is not 0. As there was communication about Eddie Android 4.0 recently, I believe the responsible developer is focusing on that before returning to Eddie for PC. The missing communication about future plans and roadmaps does not help, though, I agree; everything feels like an "it's done when it's done" thing, a style of comms I'd expect a hobbyist project to adopt, not a business, but, well, here we are. -
DNS on Linux stopped working without Air
Tech Jedi Alex replied to Biggsboy's topic in Troubleshooting and Problems
Eddie version: 2.21.8 Let's update Eddie first to the current stable, which is 2.24.6. Detected DNS: 10.128.0.1, fd7d:76ee:e68f:a993::1 Also, connect, then disconnect. We're troubleshooting DNS not being reset to the original setting after disconnection; it's expected that AirDNS is still set when you're connected. -
-
-
CentralPivot reacted to a post in a topic:
Personal IPv6 exit IP as alternative to port forwarding ...
-
Personal IPv6 exit IP as alternative to port forwarding
CentralPivot replied to CentralPivot's topic in General & Suggestions
This wouldn't really interact with the existing port forwarding system at all. The point is to not have to forward any ports at all, all traffic to your public IP would automatically be forwarded to you, circumventing the entire port forwarding mechanism. The advantage is that you don't have a limitation on the number of forwarded ports anymore or restrictions on which exact ports are available. You'd have access to the entire range of 65535 ports. This is useful for several scenarios, for example if you have multiple clients that need port forwarding you run out very fast. It's also useful for punching through restricted networks or heavily NATed/CG-NATed networks and get a publicly addressable IP. Useful if I want to e.g. share a file with someone on IRC but we're both behind CG-NAT, or if I want to spin up a http server to show off a demo but the cafe I'm at blocks incoming port 80. As for the server infrastructure, stateless address translation is less resource intensive than stateful NAT, so the more popular of a feature this is the less the routing overhead on the servers will be. There's plenty of ways for spammers and other evildoers to do that for free already, they wouln't need an AirVPN subscribtion to get trillions of ipv6 addresses. Which is why with ipv6 nobody blocks on a per-address level, but prefixes. -
Other VPN clients support this functionality. I don't know how it's done on the technical side. But Eddie's development on PC seems to have been abandoned. Last update is from almost a year ago. So I guess the chances for new modern features is basically 0.
-
DNS on Linux stopped working without Air
Biggsboy replied to Biggsboy's topic in Troubleshooting and Problems
Here it is, thanks! EddieReport12.24.25 -
Granted, but then.. if you cannot expand the port forwarding/sharing capabilities, since you'll still be limited to the 64000 ports you can forward with v4 so as to not overcomplicate the port forwarding feature in the client area, what is the technical advantage of going through the pain of implementing all this? Just so you can have a unique v6? For what? You're still blocked by public trackers, WAFs and blacklists because the server (more like its address range) is hosted by a notorious VPN server hoster (M247 for example). You also don't gain throughput because it's still the same server with the same CPU and client count, load and latency. First I've heard of swarms rating their peers. I know that torrent clients can be configured to prefer the allocation of upload slots to peers by certain criteria, but the swarm doesn't care about your IP address or how "fixed" it is. They care about your peer ID. If you're in, you're a peer, be it new or seeding since two years ago. If you're seeding for longer, you'll be found quicker, of course, since your peer ID is known in the swarm, but whether your IP is fixed or dynamic, doesn't matter at all. You restart the torrent client, you get a random peer ID, even if your address is the same. Did you maybe mean positive ratings on torrent trackers/indexers? If so, I believe mapping your traffic stats to accounts is done by passkeys in the tracker announcement URL. Which also doesn't care about how "fixed" your address is. Though, I cannot rule out that certain private trackers/indexers also check the address; after all, the tracker software would know it inevitably. In this case, maybe the privacy-focused AirVPN is not the best fit for people with such a use case? If I as such a spammer will notice that I get a new public address on each reconnect, I would abuse the heck out of this mechanism. I mean.. I wouldn't even need a botnet anymore, I can just cycle my IP with this and attack from literally TRILLIONS of IPs. For, what, 7€ a month? Even less with longer subs? Plus sales? Is it christmas already? (Even if it is right now. ) And if there is no such randomizing mechanism the user can control, you force yourself to use the same UGA on the same server (unless you regenerate the conf, maybe), defeating the purpose of AirVPN. All valid points with v6, of course, and I also always advocate for not devaluing v6 just because "v4 works" (instead of disabling v6 upon problems, fix those problems). If you know of a provider with a good implementation of v6 UGA assignments that preserve privacy of every user, I'd be happy to look into it more closely (please do so via private messaging). Who knows, maybe there is a practical solution for this I don't see yet? But here and now I see that v6 works brilliantly in NAT mode and preserves users' privacy the best way it can. Configuring a VPN connection by generator or ad-hoc is simple, too, and demand is negligible as of now. Also mind my signature: I speak for myself.
-
Hello, I have started encountering this issue as well and even deleted the config file but the issue still persists. Eddie_20251224_134250.txt -
I checked Eddie on Linux and Android in parallel, thrice, with some delay between them. Star ratings from Linux with Speed rule. #1, Subra seems like the better one due to latency. Linux: Subra 13ms 62% 119u (3-star) Android: Taiyi 26 ms 65% 112u (0-star) #2 Diphda seems slightly better due to latency and load. Linux: Diphda 12ms 48% 128u (3-star) Android: Taiyi 18ms 65% 112u (0-star) #3 After a ~15min delay. Very similar results, but Linux chose again marginally better. Linux: Garnet 13ms 56% 121u (3-star) Android: Taiyi 13ms 58% 124u (0-star) Android's fixation on Taiyi is interesting, but not a bad choice in all cases. #1 UK. Comparable. None is better than the other. Linux: Chow 26ms 29% 104u Android: Naos 24ms 35% 99u #2 Sweden. All are bad choices, even if Linux chose marginally better. The Kustbandet servers are somehow ignored completely, there are no load and no users on them. Linux: Norma 24ms 79% 167u Android: Copernicus 25ms 86% 162u #3 Japan. Iskandar is a slightly better choice. Linux: Iskandar 234ms 52% 76u Android: Albaldah 236ms 76% 85u In regards to the scoring rules, an idea. A math formula incorporating clients, load and latency, times a modifier for the scoring rule. Something that maybe rates clients, load and latency = 0 best, so one can use the lowest result. I'm not a math whiz, frankly, but maybe use a function where y grows exponentially. The parabola comes to mind, f(x) = x^2, where f(0) = 0. Drawing a bit in a graphical calculator, something like 0.0001 * x^2 * (modifier) * x looks promising. Calculate this for all three, sum the result, lowest is best server. Gives some flexibility in that it's easy to add further data points to the calculation, or a broader selection of modifiers. I think it would even enable users to set the modifiers themselves because all scores will be based on this parabola function. Modifier can also be in front, (mod*0.0001) * x^2. Then you'd set it as integer (default 1), and rising modifiers cause the curve to steepen quicker.
-
Hello! You may be right. According to your user feeling, what is the best selection of server using quick connection mode (i.e. you do not force a white list of any type) between Eddie Desktop, Eddie Android and AirVPN Suite (if you ran two or all of them)? And what is the software that achieves the best selection inside a single forced country (when the country offers multiple servers)? Kind regards
-
Hello! That's correct, the routing and the firewall rules are not infringed and the queries are not treated differently. However, you may create specific environments where DNS queries are not tunneled even when everything is properly set up and Network Lock is enabled. A typical example is when you force your router address as DNS server of the machine connected to the Internet. Network Lock won't stop the traffic to this router, thus DNS query will go to the router (outside the VPN tunnel, according to the table) and then the router will forward it on to the Internet from its physical network interface with its "real" (ISP assigned) IP address. The system is adhering precisely to what it has been told to do, so it is not a DNS leak, but at the end of the day the outcome is equivalent on the client's point of view. Yes, good solution at a first glance. BIND, dnsmasq, Unbound and PowerDNS offer this feature. Kind regards
-
But, why would requests to another public DNS server not also be tunnelled by the VPN? I thought all traffic that goes through the default route ought to be tunnelled, but is DNS treated differently somehow? Of course, I guess this would only apply if I configured the public DNS servers directly on my end machines, rather than allowing them to proxy through the router, which would somewhat defeat the purpose of this whole exercise since I wanted to benefit from my router's ability to resolve local DNS names. I guess I will put configuring a local recursive resolver on my project list - that is, a resolver running on my own machine that I could point the AirVPN client at, and then that resolver would divert queries either to my router (for ".lan") or to the standard AirVPN DNS servers (for everything else). That sounds doable, right, assuming that I have the wherewithal to write the code?
-
-
-
-
Personal IPv6 exit IP as alternative to port forwarding
larry.munday replied to CentralPivot's topic in General & Suggestions
I’m with @CentralPivot on this Topic. Would be lovely for FileSharing etc. and I don’t see any Downsides @Tech Jedi Alex suggests applying. Using a shared IPv6 obviously needs to be the Default. But @CentralPivot seems to suggest for it to work in a similar Way as Port Forwarding does now: Activate it and get a completely forwarded v6 for In&Out instead of a Port on a v4. (Having a (semi) fixed v6 helps with getting a positive Rating in BitTorrent Swarms.) Maybe a fresh IPv6 on Reconnects as an Option? For my Use Cases Peers without v6 are completely irrelevant to be honest, but v4 Port Forwarding doesn’t need to stop working for that Feature to exist? In the other Direction there are quite a few ISPs in the World that only do v4 via Gateways for their Users, because getting IPv4-Addresses for their Customers is impossible. IPv6 has been a "Draft" since 1998 and a Standard since late 2017… -
larry.munday reacted to a post in a topic:
Personal IPv6 exit IP as alternative to port forwarding ...
-
larry.munday reacted to a post in a topic:
Personal IPv6 exit IP as alternative to port forwarding ...
-
Doesn't take much for the score to be reduced to 0 stars, though. Certainly doesn't need the penalty value to be set (it's set nowhere in SE). I don't understand the "speed" scoring, anyway. Neither does it relate to theoretically achievable throughput (load), nor to a stable connection (clients). It's illogical for me why a server with 96% usage and 165 clients gets a similar score as a 28% usage server with a whopping 335 clients connected. The scoring by latency makes more sense in that those 23-37 ms servers get 5* and Menkab only 3-4. We really need better scoring rules…
