airvpn.teiuxcg 4 Posted ... Hi, I'd like to offer some suggestions for improvement of the client (Eddie). Although the product works, there are a few niggling issues I have seen many times over that have caused me to use a third party client over Eddie. So you know where I am coming from, I am currently travelling the world and using AirVPN exclusively as my VPN provider mainly to protect myself from the many unknown networks I have been connecting to over the last 7 months. I use the service on my ipad, mac osx (10.10), and android phone (side note, please increase the number of connections you are allowed simultaneously!). I have been using Eddie over many different network environments, slow, fast, intermittent, lots of packet loss etc, on many different settings, SSL tunnel while in China, UDP , TCP on differing ports. As I say, here are a few suggestions that I think you should incorporate into the client. As a side effect of these problems I no longer use it as my main client, opting only to use it for its ease of tunnelling capabilities. - Limit or have the option to stop authentication attempts: When on a shoddy network (which is quite frequent for me), this greatly increases the time it takes to actually get a connection. Not great when you just want to quickly check emails... This check does not exist when using a third party client such as TunnelBlick. - Provide an option to use resolved server names: Give advanced users the option to download/update a list of server IPs to use instead of resolving server names. This helps with some restrictive networks (captive portals where DNS is allowed, make a great UDP 53 tunnel ) - Allow users to update the list of servers when they require: This stops the server list from being corrupted and also allows finer grain control - Be a little clearer as to the algo for choosing a server when 'connect to recommended server' is selected: I cannot work out what the reasoning is for choice of servers. Is it based around latency? If so, tests may be made against ALL servers before a connection can be made, so doesn't this make connection to the service EVEN slower? Happy to be shot down for any of the above suggestions or to provide better examples where required Cheers! Quote Share this post Link to post
Staff 10329 Posted ... I am currently travelling the world It's very important to us to understand the effective circumvention techniques around the world. For that, our apologies about the delay of this reply. Please give us a feedback if you encounter special issues related to countries you visit. Limit or have the option to stop authentication attempts: When on a shoddy network (which is quite frequent for me), this greatly increases the time it takes to actually get a connection. Not great when you just want to quickly check emails... This check does not exist when using a third party client such as TunnelBlick. This check exists just because OpenVPN can reply only with a generic AUTH_FAILED if some problem occurs.Eddie performs a check before launching OpenVPN to provide users with a friendly message.In fact this is optional: if our authorization servers are not reachable, the connection phase continues anyway. However, it actually falls into a retry-x-time before giving up. We will check that in the next version of Eddie to improve performance or eventually add an advanced option to disable it. Provide an option to use resolved server names: Give advanced users the option to download/update a list of server IPs to use instead of resolving server names. This helps with some restrictive networks (captive portals where DNS is allowed, make a great UDP 53 tunnel ) We don't understand very well: the servers list downloaded by Eddie contains only direct IP addresses, not names.The only DNS names used by Eddie are those of the authentication servers (auth.airvpn.org), with fallback to direct IP addresses if the resolution fails.Eddie must work and connect successfully even if you don't have a valid DNS configured on your machine. If not, there is a bug in Eddie or some other issue. Allow users to update the list of servers when they require: This stops the server list from being corrupted and also allows finer grain control It's very strange that you may have corrupted servers list: it is transmitted with a symmetrical encryption, so it can't be corrupted by the network... maybe it is corrupted when saved to disk? Servers list is updated automatically every ten minutes. You can view how old the servers list is in 'Stats' tab, 'Latest Manifest Update'. Double-click on it to force an update (Stats row becomes 'Just now' if successfully updated). In the next Eddie version, we will add an explicit option for that, like 'Auto/10 minutes/1 hour/Never', and a friendly 'Refresh now' button in 'Servers' tab, as you requested. Be a little clearer as to the algo for choosing a server when 'connect to recommended server' is selected: I cannot work out what the reasoning is for choice of servers. Is it based around latency? If so, tests may be made against ALL servers before a connection can be made, so doesn't this make connection to the service EVEN slower? For every server a score is computed, based on many parameters with different height. Lower score = Best, High score = Avoid.Servers with some issue detected from our side (ISP packet loss, for example) gain a highest score. This kind of problems is detected by our Ping Matrix, and Eddie notices this when it updates the servers list. For this reason the update must be done frequently (every ten minutes currently). Servers that are not reachable by latency test from Eddie gain a higher score. In 'Servers' tab there is an option: 'Scoring rule'. This affects score, because for example some servers are the best choice for latency but not for speed.If you encounter an issue with a server, the server is 'penalized' only for you, affecting the score. The penalizations are mitigated in time. For example, an unexpected disconnection from server raises the score of that server, reduced every minute. In around 30 minutes its penalization is reset. Load of a server (available bandwidth and connected users) also affects the score. And, of course, latency affects the score: Eddie performs ping of each server every 10 minutes. When you start Eddie and directly connect, maybe you see a "Waiting for latency tests": this happens because Eddie needs all servers latency results to compute the best score/server. Also, this latency tests are not performed when you are connected to the VPN, hence if you stay connected for more than 10 minutes, and then you disconnect and reconnect, you need to wait for latency tests. But note: you need to wait for latency tests only if you ask Eddie to connect to the "Best server". If you double-click a server directly under "Servers" tab, or if you check the option "Force reconnection to last server at startup", Eddie does not need to wait for the results of latency tests. Kind regards Quote Share this post Link to post
raineysw 0 Posted ... Here's another suggestion. Can we have a 'hide from Dock' option and only have it show in the menu bar? Quote Share this post Link to post
Staff 10329 Posted ... Here's another suggestion. Can we have a 'hide from Dock' option and only have it show in the menu bar?Hello! Please talk about this feature in this topic: https://airvpn.org/topic/12796-ui-improvements-for-osx-yosemite/ Do you know another OS X app that has this kind of option, maybe an open source app? Kind regards Quote Share this post Link to post
Staff 10329 Posted ... Some latency improvements and the option about when the client downloads servers list have been implemented in the latest experimental build. https://airvpn.org/topic/13002-experimentalbeta-release/ Quote Share this post Link to post
airvpn.teiuxcg 4 Posted ... I am currently travelling the world It's very important to us to understand the effective circumvention techniques around the world. For that, our apologies about the delay of this reply. Please give us a feedback if you encounter special issues related to countries you visit. Limit or have the option to stop authentication attempts: When on a shoddy network (which is quite frequent for me), this greatly increases the time it takes to actually get a connection. Not great when you just want to quickly check emails... This check does not exist when using a third party client such as TunnelBlick. This check exists just because OpenVPN can reply only with a generic AUTH_FAILED if some problem occurs.Eddie performs a check before launching OpenVPN to provide users with a friendly message.In fact this is optional: if our authorization servers are not reachable, the connection phase continues anyway. However, it actually falls into a retry-x-time before giving up. We will check that in the next version of Eddie to improve performance or eventually add an advanced option to disable it. Yes the retry-x is what I am referring to, it takes a long while for it to timeout, esp. if its tried multiple times Provide an option to use resolved server names: Give advanced users the option to download/update a list of server IPs to use instead of resolving server names. This helps with some restrictive networks (captive portals where DNS is allowed, make a great UDP 53 tunnel ) We don't understand very well: the servers list downloaded by Eddie contains only direct IP addresses, not names.The only DNS names used by Eddie are those of the authentication servers (auth.airvpn.org), with fallback to direct IP addresses if the resolution fails.Eddie must work and connect successfully even if you don't have a valid DNS configured on your machine. If not, there is a bug in Eddie or some other issue. Basically if I am on a network which uses a restrictive portal (catches any http/https connections) and asks the user to sign in, other ports, such as DNS are still open and therefore can be tunnelled through. But this has been solved by the fact that Eddie downloads IP's not DNS names. Allow users to update the list of servers when they require: This stops the server list from being corrupted and also allows finer grain control It's very strange that you may have corrupted servers list: it is transmitted with a symmetrical encryption, so it can't be corrupted by the network... maybe it is corrupted when saved to disk? This was going along the same lines as the previous comment. It made the assumption that DNS lookups were made from Eddie, not downloaded in the update in an encrypted fashion. Servers list is updated automatically every ten minutes. You can view how old the servers list is in 'Stats' tab, 'Latest Manifest Update'. Double-click on it to force an update (Stats row becomes 'Just now' if successfully updated). In the next Eddie version, we will add an explicit option for that, like 'Auto/10 minutes/1 hour/Never', and a friendly 'Refresh now' button in 'Servers' tab, as you requested. Great if you can implement this! Saves network bandwidth when on a rubbish network! Be a little clearer as to the algo for choosing a server when 'connect to recommended server' is selected: I cannot work out what the reasoning is for choice of servers. Is it based around latency? If so, tests may be made against ALL servers before a connection can be made, so doesn't this make connection to the service EVEN slower? For every server a score is computed, based on many parameters with different height. Lower score = Best, High score = Avoid.Servers with some issue detected from our side (ISP packet loss, for example) gain a highest score. This kind of problems is detected by our Ping Matrix, and Eddie notices this when it updates the servers list. For this reason the update must be done frequently (every ten minutes currently). Servers that are not reachable by latency test from Eddie gain a higher score. In 'Servers' tab there is an option: 'Scoring rule'. This affects score, because for example some servers are the best choice for latency but not for speed.If you encounter an issue with a server, the server is 'penalized' only for you, affecting the score. The penalizations are mitigated in time. For example, an unexpected disconnection from server raises the score of that server, reduced every minute. In around 30 minutes its penalization is reset. Load of a server (available bandwidth and connected users) also affects the score. And, of course, latency affects the score: Eddie performs ping of each server every 10 minutes. When you start Eddie and directly connect, maybe you see a "Waiting for latency tests": this happens because Eddie needs all servers latency results to compute the best score/server. Also, this latency tests are not performed when you are connected to the VPN, hence if you stay connected for more than 10 minutes, and then you disconnect and reconnect, you need to wait for latency tests. But note: you need to wait for latency tests only if you ask Eddie to connect to the "Best server". If you double-click a server directly under "Servers" tab, or if you check the option "Force reconnection to last server at startup", Eddie does not need to wait for the results of latency tests. Ok I get the scoring now, thanks. I guess what it comes down to (as I've had more of a think about it) is a request for an advanced 'lite' mode/client. Basically the ability to just connect to a server quickly using any method I want (OVPN, SSL, SSH etc.) something a little more specific to the AirVPN service than Tunnelblick, or another lightweight client. I can update the servers when I want, and perform latency when I want. Simples... Quote Share this post Link to post
Staff 10329 Posted ... I guess what it comes down to (as I've had more of a think about it) is a request for an advanced 'lite' mode/client. Basically the ability to just connect to a server quickly using any method I want (OVPN, SSL, SSH etc.) something a little more specific to the AirVPN service than Tunnelblick, or another lightweight client. I can update the servers when I want, and perform latency when I want. Simples... Hello! As you may have seen, all of your requests have been implemented in Eddie 2.8.8. Enjoy AirVPN! Kind regards 1 airvpn.teiuxcg reacted to this Quote Share this post Link to post