Not connected, Your IP: 216.73.216.108
Online: 35063 users - 470431 Mbit/s total BWAll Activity
This stream auto-updates
- Past hour
-
-
-
-
-
-
-
-
-
- Today
-
-
-
Request: split tunnel in eddie on windows
NEDepac replied to costia's topic in General & Suggestions
Use wiresock with the airvpn configuration and you can have multiple options. I stopped bothering with the official airvpn application as it is stuck in the Middle Ages. - Yesterday
-
Request: split tunnel in eddie on windows
Tech Jedi Alex replied to costia's topic in General & Suggestions
It's not abandoned per se, but versions do come out irregularly. Bursts of multiple versions in the span of a few weeks are interrupted by months-long delays, 6-9 months can happen. As such, the chances for new modern features is not 0. As there was communication about Eddie Android 4.0 recently, I believe the responsible developer is focusing on that before returning to Eddie for PC. The missing communication about future plans and roadmaps does not help, though, I agree; everything feels like an "it's done when it's done" thing, a style of comms I'd expect a hobbyist project to adopt, not a business, but, well, here we are. -
DNS on Linux stopped working without Air
Tech Jedi Alex replied to Biggsboy's topic in Troubleshooting and Problems
Eddie version: 2.21.8 Let's update Eddie first to the current stable, which is 2.24.6. Detected DNS: 10.128.0.1, fd7d:76ee:e68f:a993::1 Also, connect, then disconnect. We're troubleshooting DNS not being reset to the original setting after disconnection; it's expected that AirDNS is still set when you're connected. -
-
-
CentralPivot reacted to a post in a topic:
Personal IPv6 exit IP as alternative to port forwarding ...
-
Personal IPv6 exit IP as alternative to port forwarding
CentralPivot replied to CentralPivot's topic in General & Suggestions
This wouldn't really interact with the existing port forwarding system at all. The point is to not have to forward any ports at all, all traffic to your public IP would automatically be forwarded to you, circumventing the entire port forwarding mechanism. The advantage is that you don't have a limitation on the number of forwarded ports anymore or restrictions on which exact ports are available. You'd have access to the entire range of 65535 ports. This is useful for several scenarios, for example if you have multiple clients that need port forwarding you run out very fast. It's also useful for punching through restricted networks or heavily NATed/CG-NATed networks and get a publicly addressable IP. Useful if I want to e.g. share a file with someone on IRC but we're both behind CG-NAT, or if I want to spin up a http server to show off a demo but the cafe I'm at blocks incoming port 80. As for the server infrastructure, stateless address translation is less resource intensive than stateful NAT, so the more popular of a feature this is the less the routing overhead on the servers will be. There's plenty of ways for spammers and other evildoers to do that for free already, they wouln't need an AirVPN subscribtion to get trillions of ipv6 addresses. Which is why with ipv6 nobody blocks on a per-address level, but prefixes. -
Other VPN clients support this functionality. I don't know how it's done on the technical side. But Eddie's development on PC seems to have been abandoned. Last update is from almost a year ago. So I guess the chances for new modern features is basically 0.
-
DNS on Linux stopped working without Air
Biggsboy replied to Biggsboy's topic in Troubleshooting and Problems
Here it is, thanks! EddieReport12.24.25 -
Granted, but then.. if you cannot expand the port forwarding/sharing capabilities, since you'll still be limited to the 64000 ports you can forward with v4 so as to not overcomplicate the port forwarding feature in the client area, what is the technical advantage of going through the pain of implementing all this? Just so you can have a unique v6? For what? You're still blocked by public trackers, WAFs and blacklists because the server (more like its address range) is hosted by a notorious VPN server hoster (M247 for example). You also don't gain throughput because it's still the same server with the same CPU and client count, load and latency. First I've heard of swarms rating their peers. I know that torrent clients can be configured to prefer the allocation of upload slots to peers by certain criteria, but the swarm doesn't care about your IP address or how "fixed" it is. They care about your peer ID. If you're in, you're a peer, be it new or seeding since two years ago. If you're seeding for longer, you'll be found quicker, of course, since your peer ID is known in the swarm, but whether your IP is fixed or dynamic, doesn't matter at all. You restart the torrent client, you get a random peer ID, even if your address is the same. Did you maybe mean positive ratings on torrent trackers/indexers? If so, I believe mapping your traffic stats to accounts is done by passkeys in the tracker announcement URL. Which also doesn't care about how "fixed" your address is. Though, I cannot rule out that certain private trackers/indexers also check the address; after all, the tracker software would know it inevitably. In this case, maybe the privacy-focused AirVPN is not the best fit for people with such a use case? If I as such a spammer will notice that I get a new public address on each reconnect, I would abuse the heck out of this mechanism. I mean.. I wouldn't even need a botnet anymore, I can just cycle my IP with this and attack from literally TRILLIONS of IPs. For, what, 7€ a month? Even less with longer subs? Plus sales? Is it christmas already? (Even if it is right now. ) And if there is no such randomizing mechanism the user can control, you force yourself to use the same UGA on the same server (unless you regenerate the conf, maybe), defeating the purpose of AirVPN. All valid points with v6, of course, and I also always advocate for not devaluing v6 just because "v4 works" (instead of disabling v6 upon problems, fix those problems). If you know of a provider with a good implementation of v6 UGA assignments that preserve privacy of every user, I'd be happy to look into it more closely (please do so via private messaging). Who knows, maybe there is a practical solution for this I don't see yet? But here and now I see that v6 works brilliantly in NAT mode and preserves users' privacy the best way it can. Configuring a VPN connection by generator or ad-hoc is simple, too, and demand is negligible as of now. Also mind my signature: I speak for myself.
-
Hello, I have started encountering this issue as well and even deleted the config file but the issue still persists. Eddie_20251224_134250.txt -
I checked Eddie on Linux and Android in parallel, thrice, with some delay between them. Star ratings from Linux with Speed rule. #1, Subra seems like the better one due to latency. Linux: Subra 13ms 62% 119u (3-star) Android: Taiyi 26 ms 65% 112u (0-star) #2 Diphda seems slightly better due to latency and load. Linux: Diphda 12ms 48% 128u (3-star) Android: Taiyi 18ms 65% 112u (0-star) #3 After a ~15min delay. Very similar results, but Linux chose again marginally better. Linux: Garnet 13ms 56% 121u (3-star) Android: Taiyi 13ms 58% 124u (0-star) Android's fixation on Taiyi is interesting, but not a bad choice in all cases. #1 UK. Comparable. None is better than the other. Linux: Chow 26ms 29% 104u Android: Naos 24ms 35% 99u #2 Sweden. All are bad choices, even if Linux chose marginally better. The Kustbandet servers are somehow ignored completely, there are no load and no users on them. Linux: Norma 24ms 79% 167u Android: Copernicus 25ms 86% 162u #3 Japan. Iskandar is a slightly better choice. Linux: Iskandar 234ms 52% 76u Android: Albaldah 236ms 76% 85u In regards to the scoring rules, an idea. A math formula incorporating clients, load and latency, times a modifier for the scoring rule. Something that maybe rates clients, load and latency = 0 best, so one can use the lowest result. I'm not a math whiz, frankly, but maybe use a function where y grows exponentially. The parabola comes to mind, f(x) = x^2, where f(0) = 0. Drawing a bit in a graphical calculator, something like 0.0001 * x^2 * (modifier) * x looks promising. Calculate this for all three, sum the result, lowest is best server. Gives some flexibility in that it's easy to add further data points to the calculation, or a broader selection of modifiers. I think it would even enable users to set the modifiers themselves because all scores will be based on this parabola function. Modifier can also be in front, (mod*0.0001) * x^2. Then you'd set it as integer (default 1), and rising modifiers cause the curve to steepen quicker.
-
Hello! You may be right. According to your user feeling, what is the best selection of server using quick connection mode (i.e. you do not force a white list of any type) between Eddie Desktop, Eddie Android and AirVPN Suite (if you ran two or all of them)? And what is the software that achieves the best selection inside a single forced country (when the country offers multiple servers)? Kind regards
-
Hello! That's correct, the routing and the firewall rules are not infringed and the queries are not treated differently. However, you may create specific environments where DNS queries are not tunneled even when everything is properly set up and Network Lock is enabled. A typical example is when you force your router address as DNS server of the machine connected to the Internet. Network Lock won't stop the traffic to this router, thus DNS query will go to the router (outside the VPN tunnel, according to the table) and then the router will forward it on to the Internet from its physical network interface with its "real" (ISP assigned) IP address. The system is adhering precisely to what it has been told to do, so it is not a DNS leak, but at the end of the day the outcome is equivalent on the client's point of view. Yes, good solution at a first glance. BIND, dnsmasq, Unbound and PowerDNS offer this feature. Kind regards
-
But, why would requests to another public DNS server not also be tunnelled by the VPN? I thought all traffic that goes through the default route ought to be tunnelled, but is DNS treated differently somehow? Of course, I guess this would only apply if I configured the public DNS servers directly on my end machines, rather than allowing them to proxy through the router, which would somewhat defeat the purpose of this whole exercise since I wanted to benefit from my router's ability to resolve local DNS names. I guess I will put configuring a local recursive resolver on my project list - that is, a resolver running on my own machine that I could point the AirVPN client at, and then that resolver would divert queries either to my router (for ".lan") or to the standard AirVPN DNS servers (for everything else). That sounds doable, right, assuming that I have the wherewithal to write the code?
- Last week
-
-
-
-
Personal IPv6 exit IP as alternative to port forwarding
larry.munday replied to CentralPivot's topic in General & Suggestions
I’m with @CentralPivot on this Topic. Would be lovely for FileSharing etc. and I don’t see any Downsides @Tech Jedi Alex suggests applying. Using a shared IPv6 obviously needs to be the Default. But @CentralPivot seems to suggest for it to work in a similar Way as Port Forwarding does now: Activate it and get a completely forwarded v6 for In&Out instead of a Port on a v4. (Having a (semi) fixed v6 helps with getting a positive Rating in BitTorrent Swarms.) Maybe a fresh IPv6 on Reconnects as an Option? For my Use Cases Peers without v6 are completely irrelevant to be honest, but v4 Port Forwarding doesn’t need to stop working for that Feature to exist? In the other Direction there are quite a few ISPs in the World that only do v4 via Gateways for their Users, because getting IPv4-Addresses for their Customers is impossible. IPv6 has been a "Draft" since 1998 and a Standard since late 2017… -
larry.munday reacted to a post in a topic:
Personal IPv6 exit IP as alternative to port forwarding ...
-
larry.munday reacted to a post in a topic:
Personal IPv6 exit IP as alternative to port forwarding ...
-
Doesn't take much for the score to be reduced to 0 stars, though. Certainly doesn't need the penalty value to be set (it's set nowhere in SE). I don't understand the "speed" scoring, anyway. Neither does it relate to theoretically achievable throughput (load), nor to a stable connection (clients). It's illogical for me why a server with 96% usage and 165 clients gets a similar score as a 28% usage server with a whopping 335 clients connected. The scoring by latency makes more sense in that those 23-37 ms servers get 5* and Menkab only 3-4. We really need better scoring rules…
-
-
I'm on pfsense+ 25.07.1. I'm delaying updating to 25.11 for a bit longer. Also I'm still using the wireguard package 0.2.9_5 instead of the latest version which is 0.2.11. -
Split DNS configuration for Eddie
Tech Jedi Alex replied to raxod502's topic in Eddie - AirVPN Client
Well, in the case of AirDNS the requests benefit from the encryption of the VPN tunnel, of course, so men in the middle cannot intercept DNS requests. It is safer to use AirDNS, that's for sure. Though outside of it, maybe DoT or DoH are alternatives. -
Tried several countries, using both with domain names and resolved addresses. Deleted even devices under client area, renewed, etc. The thing is, on my previous setup on pfsense I was able to connect wtih Air+Mullvad. Then after fresh Pfsense install it seems not to work in Air's case, Mullvad is fine. -
@Esurient, what software is that? Looks cool!
-
I just connected to three different servers with wireguard configs on pfsense. Are you using resolved hosts or the domain in the config? Only thing I can think of considering other VPNs are working for you is if the domain isn't resolvable for you.
-
-
Were you able to get your port forwarding fixed? In addition to specifying your WireGuard variables you need to add: FIREWALL_VPN_INPUT_PORTS=# (replace # with your port from AirVPN client area). Here is a template config: services: gluetun: cap_add: - NET_ADMIN container_name: gluetun devices: - /dev/net/tun:/dev/net/tun environment: - VPN_SERVICE_PROVIDER=custom - VPN_TYPE=wireguard - WIREGUARD_ENDPOINT_IP=# - WIREGUARD_ENDPOINT_PORT=# - WIREGUARD_PUBLIC_KEY=# - WIREGUARD_PRIVATE_KEY=# - WIREGUARD_PRESHARED_KEY=# - WIREGUARD_ADDRESSES=# - FIREWALL_VPN_INPUT_PORTS=# image: qmcgaw/gluetun:latest ports: - 8888:8888/tcp - 8388:8388/tcp restart: unless-stopped you can fill in # with values from your WireGuard configuration file. More info can be found here: https://github.com/qdm12/gluetun-wiki/blob/main/setup/options/wireguard.md. Hope that helps! -
-
-
I think that would definitely explain it, I'm guessing most people use Eddie to connect to AirVPN servers, and pick whatever server has the highest score. I just read your other posts going into detail on how the score for speed was calculated. Since ping, load percentage and user percentage are all comparable, it seems like that "Penality" factor must be extremely high then for the servers located in Uppsala.
-
If I use my standard public DNS servers, then assuming I trust the operator of those DNS servers to not log my requests, is there any additional reduction in privacy compared to using AirVPN's DNS servers? I imagine in either case the DNS requests are traveling across the network unencrypted, but maybe there is some encapsulation I am unaware of that would make the default configuration more secure? (Besides the request logging policy, if applicable.)
-
Looking in Eddie, I can deduce a possible reason. If the scoring rule is set to Speed, which is the default, only four servers actually get a non-zero score, putting only those four into consideration of the Connect to best server function. The client count reflects that. I quick-tested a connection to Sweden on Android, and Copernicus was chosen to be the best server.. huh. Also interesting: The first three are hosted by Altushost, Segin is Netrouting, rest seems to be Kustbandet. ISP might play a role here, too.
-
Request: split tunnel in eddie on windows
Tech Jedi Alex replied to costia's topic in General & Suggestions
This window is more or less an interface to the --route directive of OpenVPN, and --route does not support application names or strange protocol/port notations. -
Random question that I was always curious about, does anyone know why most of the servers in Sweden have such low utilization? Doesn't seem to happen for any other country.
.thumb.png.8be84fd39f94c1640ac8c5456fbf3449.png){kind=avatar}
