Jump to content
Not connected, Your IP: 3.226.251.81
Staff

Eddie Android Edition 2.4 released - ChaCha20 support

Recommended Posts

Hello!
 
AirVPN is very proud to introduce for the first time ever OpenVPN 3 support for ChaCha20-Poly1305 cipher with Eddie Android edition 2.4.

The new implementation means remarkably higher performance and longer battery life for your Android device.

CPUs that do not support AES New Instructions, typically ARM CPUs mounted on most Android devices, are much faster to encrypt and decrypt a stream of data with ChaCha20 than AES. At the same time, ChaCha20 offers the same security when compared to AES.
https://en.wikipedia.org/wiki/Salsa20#ChaCha_variant

You can test right now the new cipher. We have prepared four test servers running OpenVPN 2.5 and supporting ChaCha20 in Canada and the Netherlands. When you pick ChaCha20 as cipher in Settings, Eddie will filter properly Air VPN servers to let you connect to them.
 
The outstanding feature has been made possible by AirVPN implementation on "OpenVPN AirVPN" of new directives, never supported before by OpenVPN 3, as well as a brand new, rationally re-engineered class for AEAD ciphers, which currently includes both AES-GCM and ChaCha20. Development of OpenVPN 3 will go on during the next months. Here's the current status:

 

Eddie Android edition available languages are: Chinese (simplified), Chinese (traditional), Danish, Dutch, English, French, German, Italian, Portuguese, Spanish, Russian, Turkish.

Eddie for Android is free and open source software released under GPLv3. We invite you to check from independent 3rd parties lack of trackers code signatures, for example here: https://reports.exodus-privacy.eu.org/en/reports/search/org.airvpn.eddie

You can download Eddie Android 2.4 apk directly from our repository:
https://eddie.website/repository/eddie/android/2.4/org.airvpn.eddie.apk

You can also download it from the Google Play Store:
https://play.google.com/store/apps/details?id=org.airvpn.eddie

and in Amazon Appstore:
https://www.amazon.com/Eddie-AirVPN-official-OpenVPN-GUI/dp/B07KTD6DH9/ref=sr_1_1?keywords=eddie+airvpn
 

Source code is available in GitLab:
https://gitlab.com/AirVPN/EddieAndroid/
 

How to enable ChaCha20 on the Data Channel


Open "Settings" view, then open "AirVPN". Locate "Encryption Algorithm", tap it and set "CHACHA20-POLY1305", then tap "OK".

 

New in version 2.4:
 

  • Updated native library to OpenVPN 3.3 AirVPN
  • ChaCha20-Poly1305 support on both OpenVPN Control and Data channels
  • Support by OpenVPN 3 AirVPN of ncp-disable directive integrated in the app according to the cipher suite picked by the user
  • For new features complete list, please see the changelog at the bottom of this post
 
Main features:
 
  • Free and open source OpenVPN GUI based on "OpenVPN 3.3 AirVPN"
  • Complete ChaCha20, AES-GCM and AES-CBC support
  • The only Android application officially developed by AirVPN
  • Robust, best effort prevention of traffic leaks outside the VPN tunnel
  • Battery-conscious application
  • Low RAM footprint
  • Ergonomic and friendly interface
  • Ability to start and connect the application at device boot
  • Option to define which apps must have traffic inside or outside the VPN tunnel through white and black list
  • Localization in simplified and traditional Chinese, Danish, English, French, German, Italian, Portuguese, Russian, Spanish, Turkish
  • Full integration with AirVPN
  • Enhanced security thanks to locally stored encrypted data through master password
  • Quick one-tap connection and smart, fully automated server selection
  • Smart server selection with custom settings
  • Manual server selection
  • Smart attempts to bypass OpenVPN blocks featuring protocol and server fail-over
  • Full Android TV compatibility including D-Pad support. Mouse emulation is not required.
  • Enhancements aimed to increase accessibility and comfort to visually impaired persons
  • AirVPN servers sorting options
  • Customizable "Favorite" and "Forbidden" servers and countries
  • OpenVPN mimetype support to import profiles from external applications
  • Multiple OpenVPN profile support. The app now imports and manages multiple OpenVPN profiles
  • Support for custom bootstrap servers
  • Support for favorite and forbidden countries
  • AirVPN broadcast messages support
  • User's subscription expiration date is shown in login/connection information
  • The app is aware of concurrent VPN use. In case another app is granted VPN access, Eddie acts accordingly and releases VPN resources
  • Optional local networks access. In such case, local network devices are exempted from the VPN and can be accessed within the local devices
  • Localization override. User can choose the default language and localization from one of the available ones
  • Favorite and forbidden lists can be emptied with a single tap
  • VPN Lock can now be disabled or enabled from settings
  • VPN reconnection in case of unexpected OpenVPN disconnection. (It requires VPN Lock to be disabled)
  • User can generate an OpenVPN profile for any AirVPN server or country and save it in OpenVPN profile manager
  • Server scoring algorithm implementing the latest AirVPN balancing factors in order to determine the best server for quick connection
  • Network name and extra information are shown along with network type
  • Device network status management

Kind regards & datalove
AirVPN Staff

Changelog 2.4 (VC 26) - Release date: 30 July 2019 by ProMIND
  •  [ProMIND] Production release

Changelog 2.4 RC 1 (VC 25) - Release date: 26 July 2019 by ProMIND
  • [ProMIND] OpenVPN 3.3 AirVPN fork synchronized to master OpenVPN branch
  • [ProMIND] Native library dependencies updated to the latest releases
  • [ProMIND] Minor bug fixes

ConnectAirVPNServerFragment.java
  • [ProMIND] connectServer(): pendingServerConnection is now properly cleared. This prevents a double call from onAirVPNLogin event (user login + user credentials loaded from AirVPN server) in case of a pending server connection going on

Changelog 2.4 beta 1 (VC 24) - Release date: 19 July 2019 by ProMIND
  • [ProMIND] Updated native library to "OpenVPN 3.3 AirVPN" supporting CHACHA20-POLY1305 cipher and ncp-disable profile option (forked from OpenVPN:master 3.2 qa:d87f5bbc04)
  • [ProMIND] Updated default manifest to V256


airvpn_server_listview_item.xml
  • [ProMIND] added a new layout for showing server's warning_open field


AirVPNServerProvider.java
  •  [ProMIND] Added cipher filter according to user settings


AirVPNServerSettingsActivity.java
  • [ProMIND] Added encryption algorithm option for AirVPN servers


AirVPNServer.java
  • [ProMIND] Added class members to comply to Manifest V256


AirVPNServerGroup.java
  • [ProMIND] New class for manifest V256 handling


AirVPNUser.java
  • [ProMIND] getOpenVPNProfile(): profile generator uses "cipher" and "ncp-disable" according to the user settings
  • [ProMIND] getPasswordDialog(): soft keyboard is shown by default
  • [ProMIND] loginDialog(): soft keyboard is shown by default


CipherDatabase.java
  • [ProMIND] New class for manifest V256 handling


ConnectAirVPNServerFragment.java
  • [ProMIND] Show a warning in yellow in case server has a warning_open status
  • [ProMIND] Servers are now filtered according to selected encryption
  • [ProMIND] searchDialog(): soft keyboard is shown by default

ConnectionInfoFragment.java
  • [ProMIND] Added cipher name and digest to info box


OpenVPNTunnel.java
  • [ProMIND] Added method getProtocolOptions()


QuickConnectFragment.java
  • [ProMIND] Show user selected encryption in status box


SettingsActivity.java
  • [ProMIND] Added encryption algorithm option for AirVPN servers


SettingsManager.java
  • [ProMIND] Added methods getAirVPNCipher() and setAirVPNCipher()


SupportTools.java
  • [ProMIND] Changed AIRVPN_SERVER_DOCUMENT_VERSION to 256
  • [ProMIND] editOptionDialog(): soft keyboard is shown by default


VPN.java
  • [ProMIND] Added class members cipherName and digest

Share this post


Link to post
1 hour ago, go558a83nk said:

How can I download the apk?


Hello!

Message edited properly to show how you can do that. Thank you very much for your remark.
 
Quote

You can participate to testing by joining the beta community in the Google Play Store here:
https://play.google.com/apps/testing/org.airvpn.eddie
 
You can also download Eddie Android 2.4 beta 1 apk directly from our repository:
https://eddie.website/repository/eddie/android/2.4beta1/org.airvpn.eddie.apk


Kind regards
 

Share this post


Link to post

The listing makes reference to the "Ability to start and connect the application at device boot." Is this only for when using OpenVPN profiles? I want to try the new ChaCha20 servers but also like having the VPN start when my phone boots.

Share this post


Link to post
1 minute ago, arealcoolhand said:

The listing makes reference to the "Ability to start and connect the application at device boot." Is this only for when using OpenVPN profiles? I want to try the new ChaCha20 servers but also like having the VPN start when my phone boots.


Hello!

That's correct. You can start Eddie and have it connected to an experimental server with ChaCha20 during your device bootstrap by using a profile. Remember that you can generate a profile from inside the app, you don't necessarily have to rely on the Configuration Generator.
  • Go to "Settings" > "AirVPN" and make sure that you have selected "ChaCha20-Poly1305" as "Encryption algorithm"
  • Open "AirVPN Server" view
  • Locate your favorite experimental server
  • Long-tap on it and select "Add to OpenVPN profile", then confirm
  • Go to "OpenVPN Profile" view, tap the generated profile and confirm
  • When the connection is established,  reboot your device. Eddie will start and connect to that experimental server during your device bootstrap

Kind regards

 

Share this post


Link to post

ChaCha20 really increases the speed, and the experimental servers work well! Speed went up to 146mbit/s, while before 110mbit/s was the limit

Battery life has increased as well! Eddie battery consumption used to be about 40%, and now it is down to 15-20% (both at intense smartphone usage)

However, I noticed that speedtest only works with TCP. If I connect with UDP, it can´t find any server to connect to, and loads endlessly.
Any idea why this happens? Non-experimental servers work on both protocols.

Share this post


Link to post
8 hours ago, DarkSpace-Harbinger said:
@Staff If i may ask, how would we go about downloading a profile through the config generator using ChaCha20 as the encryption cipher?

Hello!

You can't at the moment: please generate profiles directly with Eddie Android edition, or use the following directives to connect from different platforms (remember that only OpenVPN 2.5 beta and OpenVPN 3.3 AirVPN support ChaCha20 on Data Channel):
 
ncp-disable
cipher CHACHA20-POLY1305

Kind regards
 

Share this post


Link to post

On my Shield TV the difference in speed was a matter of 45mbit/s vs 35mbit/s.  Not that significant a speed increase with chacha20.  This using the same speedtest server, same VPN server, same port and protocol.  Only thing that changed was stream cipher.  AES-256-GCM vs chacha20.  But, perhaps my speed from that VPN server just never will be that high anyway.

Share this post


Link to post

Nominal peak bandwidth on my residential line: 100 Mbit/s
Servers for speed test and methods etc. described in https://testvelocita.it

Android tablet WiFi connected and kept at less than 1 meter to the router in 802.11n (multiple channels in 20 MHz mode to exceed the peak nominal bandwidth of the ISP)

AirVPN server: Comae (NL)
OpenVPN transport: UDP
 

  • No VPN: 80 Mbit/s
  • Eddie 2.4 alfa 1 on OpenVPN 3.3 AirVPN + mbedTLS AES-256-GCM: 58 Mbit/s
  • Eddie 2.4 alfa 1 on OpenVPN 3.3 AirVPN + mbedTLS CHACHA20-POLY1305: 72 Mbit/s
  • OpenVPN for Android 0.7.5 on OpenVPN 2.5 + OpenSSL AES-256-GCM: 45 Mbit/s
  • OpenVPN for Android 0.7.5 on OpenVPN 3.x + OpenSSL AES-256-GCM: 45 Mbit/s
  • OpenVPN for Android 0.7.5 on OpenVPN 3.x + OpenSSL CHACHA20-POLY1305: n.a. - unsupported cipher on Data Channel
  • OpenVPN for Android 0.7.5 on OpenVPN 2.x + OpenSSL CHACHA20-POLY1305: n.a. - unsupported cipher on Data Channel



--- App and device information ---

Eddie Version Code: 24
Eddie Version Name: 2.4 alfa 1
Eddie Library 1.3.2 - 22 March 2019
Eddie Library API level: 6

Architecture: arm64-v8a (Arm 64 bit)
Platform: Android

Manufacturer: asus
Model: P008
Device: P008_1
Board: EeePad
Brand: asus
Product: WW_P008
Hardware: qcom
Supported ABIs: arm64-v8a armeabi-v7a armeabi
Host: mec10
ID: MMB29M
Display: MMB29M.WW_P008-V3.3.18-20161012
Android API Level: 23
Android Codename: REL
Android Version Release: 6.0.1
Android Version Incremental: WW_P008-V3.3.18-20161012

Share this post


Link to post
1 hour ago, encrypted said:

Maybe off topic, but wouldn't ChaCha20 support also be useful to those Eddie users without AES acceleration?


Hello!

Yes, definitely. According to our roadmap, "OpenVPN 3.3 AirVPN" based clients will be deployed for Linux (not only x86 but also ARM), OpenBSD and FreeBSD, three systems which are widely used even in various devices (including routers) using CPUs not supporting AES-NI.

Kind regards
 

Share this post


Link to post
On 7/21/2019 at 8:27 AM, Monotremata said:

So Eddie for Android seems to be pushing along just fine, yet Eddie for everyone else hasn't been touched in like 9 months and still isn't a final product yet?


Agreed, and hoping there have been no known CVEs or drastic performance optimisations that should have been released for the desktop app since last Sep 2018?

It seems the whole dev team have been moved on to mobile apps and dropped all else for the foreseeable

Share this post


Link to post
On 7/20/2019 at 6:32 AM, go558a83nk said:

On my Shield TV the difference in speed was a matter of 45mbit/s vs 35mbit/s.  Not that significant a speed increase with chacha20.  This using the same speedtest server, same VPN server, same port and protocol.  Only thing that changed was stream cipher.  AES-256-GCM vs chacha20.  But, perhaps my speed from that VPN server just never will be that high anyway.


Actually that is a very significant increase. 10/35 ~=  .285. That's a 28.5% increase in download speed. That's a huge improvement. Especially for VPN changes.

Share this post


Link to post
17 hours ago, laowai said:

Agreed, and hoping there have been no known CVEs or drastic performance optimisations that should have been released for the desktop app since last Sep 2018?

It seems the whole dev team have been moved on to mobile apps and dropped all else for the foreseeable

Hello!

Eddie desktop edition is being developed as usual, with somehow a slower pace but you will see news soon.

Eddie Android edition and OpenVPN 3 fork are being developed by another small team that does not work in any way on Eddie Desktop editions. Additional software for Linux, FreeBSD and OpenBSD (as well as OpenIndiana under consideration) will also be developed by the same team, after Eddie 2.4 stable is released.  Currently the roadmap includes software for both x86 and ARM based Linux.

Kind regards
 

Share this post


Link to post
3 hours ago, jeuia3e9x74uxu6wk0r2u9kdos said:

 Hi guys! Now that Eddie 2.4 is stable, will all servers support chacha20 or is still an experimental feature?

Thanks :)

Hello!

On the server side we run OpenVPN 2.5 to offer ChaCha20-Poly1305 on the Data Channel. OpenVPN 2.5 is still in beta testing, although some key functions are performed by OpenSSL or mbedTLS which are stable, so we mark servers running OpenVPN 2.5 as "Experimental" (you will see them listed with the yellow warning color). OpenVPN 2.4.7 does not support ChaCha20 on the Data Channel so it's a no go (note that OpenVPN 3 is a library with client only, and not server, features).

When OpenVPN 2.5 stable version is released, then ALL of our servers will support ChaCha20 on the Data Channel. Estimated release date is November 2019 according to OpenVPN community. In the meantime please feel free to use ChaCha20 on the experimental servers, of course.

We can expand the network of experimental servers if we receive requests. Currently the servers in Canada and the Netherlands seem enough to support the traffic of clients using ChaCha20, but please let us have your feedback!

Kind regards
 

Share this post


Link to post
21 hours ago, Staff said:
We can expand the network of experimental servers if we receive requests. Currently the servers in Canada and the Netherlands seem enough to support the traffic of clients using ChaCha20, but please let us have your feedback!
Then here is a request please  for a U.K experimental server for ChaCha20 

Share this post


Link to post

Hello!

We're very glad to inform you that we have now activated a Singapore server running OpenVPN 2.5 supporting ChaCha20: Luyten, it will make connections from various Asian locations quicker.

Kind regards
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...