Jump to content
Not connected, Your IP: 3.81.29.254
Staff

Eddie Android Edition 2.4 released - ChaCha20 support

Recommended Posts

3 hours ago, Glockdoc said:

I appreciate the attention and replies, however, I decided using Eddie was just too much of a pain in the butt.  Went back to the open VPN app, checked "seamless tunnel" and "endless retry". 

Hello!

You should have the identical behavior if you disable "VPN Lock" in Eddie (you can do that in the "Settings" view).

Note that in such a case you will have traffic leaks outside the tunnel just like you have with any other OpenVPN based app (VPN lock is an exclusive Eddie feature).

Android 8 and 9 implement new systems settings which will make "VPN Lock" superfluous. If you run Android 8 or 9 you can consider to prevent leaks with system settings and keep VPN lock disabled.

Kind regards
 

Share this post


Link to post
Posted ... (edited)

Bug report:

There's a weird bug when I switch sometimes from wifi to mobile data. The UI will sometimes say "Connected to server Connected to server", trying to replicate this isn't straight forward, but it is possible, here's a screenshot of what I see attached to the post or via this URL

The logs say as follows:

Successfully paused VPN
Network is connected
VPNservice.networkStatusChanged() action: SYSTEM_RESUME
Network status has changed. Trying to resume VPN
Resuming OpenVPN client
OpenVPN client resumed
Successfully resumed VPN

I'm using Android's "Block connections without VPN" and Eddie's built in blocker for extra protection. Latest app version, Oreo Android.

 

 

airbug.jpg

 

Edited ... by airdev

Share this post


Link to post
9 hours ago, Glockdoc said:

I appreciate the attention and replies, however, I decided using Eddie was just too much of a pain in the butt.  Went back to the open VPN app, checked "seamless tunnel" and "endless retry".  Battery life improvement was retained and Open reconnects wayyyyy faster.  On a side note I added the OxyTweaker module for Magisk, which disables a lot of google background stuff,  about the same time and my battery  has gone from  great to amazing!

I have tried 10 or so VPNs since I moved to Thailand. I have been with Air longer than any of the others. I abandoned Vypr and Nord after continuous dns leaks.  Not once have I had a leak with Air.  The Phoenix server seems to provide the least amount of data as to who, what, where when I check at dnsleaktest.com and doileak.com. Thanks for a great product.

So I had the same issue, and kept using the OpenVPN Andriod app, and then saw a random post similar to the most recent one about Android VPN lock and this now means I exclusively use Eddie.

Whilst it's not perfect (nothing is), it now ensures zero leakage and works as expected around 99% of the time.
Occasionally Eddie will ask for master password (randomly and very rare, maybe once a week), and sometimes I need to reconnect manually when leaving it in airplane over night (maybe twice a week), it means I get all the power effeciencies of the new encryption algorithm.

The only downside so far as I can tell is it doesn't auto-login and then start the VPN connection after boot (I have to put in master password, and then start the connection).

Increased battery life is worth this minor annoyance though.

Share this post


Link to post
17 hours ago, laowai said:


The only downside so far as I can tell is it doesn't auto-login and then start the VPN connection after boot (I have to put in master password, and then start the connection).

Increased battery life is worth this minor annoyance though.

Hello!

Correct, because your whole data file is encrypted by your Master Password itself. You can anyway have Eddie run and connect automatically at boot through profiles. Consider carefully that in this way your profiles will be in clear text, exposing your client certificate and key (but not your AirVPN username and password). Eddie can even generate a profile by an AirVPN server (long-tap a server name from the VPN SERVER view).

We're very glad to know that longer battery life is noted, it was one of our purposes when Eddie Android edition was designed. Should you use CHACHA20-POLY1305 cipher with our experimental servers, you should see an even longer battery life: feel free to keep us posted.

Kind regards
 

Share this post


Link to post

Is there currently an issue with the 2 experimental servers in NL region?
Both time out so I'm having to use Singapore, which has considerably more latency.

If would also be good to know timeframes for widespread cha-cha rollout.
Thanks

Share this post


Link to post
4 hours ago, laowai said:

Is there currently an issue with the 2 experimental servers in NL region?
Both time out so I'm having to use Singapore, which has considerably more latency.

If would also be good to know timeframes for widespread cha-cha rollout.
Thanks


Hello!

Problem resolved: several NL servers, including ChaCha20 supporting servers Comae and Luhman, had a brief downtime. The roadmap is the same we informed you about during the last months: ChaCha20-Poly1305 will be available on all servers when OpenVPN 2.5 stable is released. In the meantime we will keep adding servers supporting ChaCha20 with OpenVPN 2.5 beta version whenever necessary.

Kind regards
 

Share this post


Link to post
On 10/4/2019 at 1:46 PM, Staff said:

Hello!

Problem resolved: several NL servers, including ChaCha20 supporting servers Comae and Luhman, had a brief downtime. The roadmap is the same we informed you about during the last months: ChaCha20-Poly1305 will be available on all servers when OpenVPN 2.5 stable is released. In the meantime we will keep adding servers supporting ChaCha20 with OpenVPN 2.5 beta version whenever necessary.

Kind regards
 

Thanks for this, though since this outage the reliability of servers has been sporadic at best. Is there an ongoing issue?

Also a few bugs to report:
1) play store downloading updates and new apps. With airvpn running, and the Android system VPN settings set to always on and block without VPN for Eddie, downloads simply don't work. They permanently sit on on "waiting for download..." Every now and then - 1 in 50 I'd say - downloads work, but otherwise I have to manually change and disconnect VPN to allow it to happen. This is really quite annoying and means any CVEs fixed in apps aren't being addressed as updates don't work.
2) random drops of the VPN, causing Eddie to almost panic and drop out the initial authentication. So I have to auth again and then connect to vpn again. 

Happy to do some logs or whatever is needed to help troubleshoot. This is Nokia 8.1 android one latest updates (also happened on Xiaomi A2 kite also android one)

Thanks

Share this post


Link to post
@laowai

Thank you!

Description of point 1 makes us think that the problem is unrelated to Eddie. Anyway we'll try to reproduce it (so far we couldn't but we have tested on different hardware).

About point 2, the description seems coherent with the expected behavior of a VPN lock following an unrecoverable error. In such a case human intervention is required. The operator has the option to shut down critical applications before unlocking the communications: it's what you need for the safest leaks prevention within the limits enforced by Android.

If you have Android 8 or 9 you can disable VPN Lock (from the "Settings" view) and let Android handle leaks prevention with the proper system options. Anyway, feel free to elaborate and clarify if our interpretation of your description is incorrect.


Kind regards
 

Share this post


Link to post
On 10/12/2019 at 1:07 PM, Staff said:
@laowai

Thank you!

Description of point 1 makes us think that the problem is unrelated to Eddie. Anyway we'll try to reproduce it (so far we couldn't but we have tested on different hardware).

About point 2, the description seems coherent with the expected behavior of a VPN lock following an unrecoverable error. In such a case human intervention is required. The operator has the option to shut down critical applications before unlocking the communications: it's what you need for the safest leaks prevention within the limits enforced by Android.

If you have Android 8 or 9 you can disable VPN Lock (from the "Settings" view) and let Android handle leaks prevention with the proper system options. Anyway, feel free to elaborate and clarify if our interpretation of your description is incorrect.


Kind regards
 
Thanks - so Nokia just released Android Q for the 8.1, which I've installed. This seems to have helped point 1. It still doesn't download and update automatically (despite this being set), but in 2 days, updates have all gone through without stalling on "downloading...."

I'll elaborate on point 2 - apologies I wrote it quickly on my phone.
Every so often (typically when changing networks from 4G to WiFi or back again), Eddie will drop the VPN and show the attached.
Sometimes, this just means going back in to Eddie, and then connecting again manually.
Other times, it'll revert to requiring the master password, before I can reconnect (it's almost as if the Eddie process terminates and then restarts).
I'll see how the latest Android works with this over the next few weeks and revert.

Otherwise, I also got Eddie to start on boot finally, but just once. The step I'd missed was to actually *select* the Ovpn profile - it then loads without requiring a master password.
This only worked twice, in 5 reboots that I tried. Mostly it just sits there with the same notification as the attached and does not load.

I also have OpenVPN for Android installed, but this is switched off entirely. I keep this in case Eddie doesn't work so well, but wonder if this could conflict?

Capture.JPG

Share this post


Link to post
@laowai

Hello!

Yes, if you need to re-enter the Master Password, then Eddie re-started. If you have the chance to take a logcat, that would help us immensely: we start to suspect that Eddie crashes in your customized Android version, and the idea is supported even by some other unexpected behaviors you report and by the fact that after your last system upgrade situation improved remarkably.

About starting Eddie at (re)boot, that's entirely up to the system. Eddie registers to the list of applications that the system should launch at boot. Then it's up to the system when and if running them. In some device (for example some Asus phones and tables), a boot launcher manager pre-installed by the manufacturer and running with root privileges is active by default and manages the list of apps to run at boot, so it will bypass Eddie (and any other app) registration.

Kind regards
 

Share this post


Link to post

Sure happy to take a logcat - is that just share from the Log section and attach here? Is there anything identifiable in the log?

And just a reminder this is a Nokia 8.1 so android is Android One, which is stock. 👍

Share this post


Link to post
@laowai

Please feel free to send the logcat in a ticket, and not here (as you prefer). Eddie has been tested extensively on dozens of Android 6, 7, 8 and 9 devices, and not on 10, so the logcat is very welcome. Is your version a beta version?

Kind regards

 

Share this post


Link to post
22 hours ago, Staff said:
@laowai

Please feel free to send the logcat in a ticket, and not here (as you prefer). Eddie has been tested extensively on dozens of Android 6, 7, 8 and 9 devices, and not on 10, so the logcat is very welcome. Is your version a beta version?

Kind regards

 
Thanks - I've sent a support request in - had to attach the file in to here first though, but it's been sent with the log.
I don't think the Android Q update has improved things - it restarted overnight after being in airplane mode, and crashed out the VPN when changing from 4G to Wifi earlier this morning. OpenVPN for Android never had these issues and would seamlessly change networks, literally never ever had these issues. So maybe it's worth finding out how they handle network changes?

 

Share this post


Link to post
6 hours ago, laowai said:

So maybe it's worth finding out how they handle network changes?


Well, OpenVPN for Android does not bundle a VPN lock which is designed to prevent leaks; it stops the application from doing anything if problems arise. On OpenVPN for Android, such leaks may occur unless Always-On VPN is enabled for it.
Though I agree with you that Eddie should handle this network change case properly in case of VPN lock being enabled.

Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post
18 hours ago, giganerd said:

Well, OpenVPN for Android does not bundle a VPN lock which is designed to prevent leaks; it stops the application from doing anything if problems arise. On OpenVPN for Android, such leaks may occur unless Always-On VPN is enabled for it.
Though I agree with you that Eddie should handle this network change case properly in case of VPN lock being enabled.

Hello!

Of course. Eddie handles network changes perfectly in Android 5.1, 6, 7, 8 and 9.  Should problems involve Android 10 (under which current Eddie stable release was not tested) they will be properly addressed. Let's see log and logcat.

Kind regards
 

Share this post


Link to post
On 8/16/2019 at 3:02 PM, go558a83nk said:

It looks like some of the requests for experimental servers were declined (UK, Switzerland) but I'll go ahead and request a Dallas server just to see.

Could we have a Dallas experimental server for chacha20?  Thanks.


Hello!

We're glad to inform you all that Chamaeleon https://airvpn.org/servers/Chamaeleon in Dallas now runs OpenVPN 2.5 daemons and is configured to accept connections with cipher CHACHA20-POLY1305 both on Control and Data Channel. You can connect in ChaCha20 with Eddie Android edition, OpenVPN 3.3 AirVPN alpha for Linux, or by using Eddie desktop edition with OpenVPN 2.5.

To use cipher ChaCha20:
 
  • with Eddie Android edition, select "Settings" > "AirVPN" > "Encryption Algorithm" > "CHACHA20-POLY1305"
  • with OpenVPN 3.3 AirVPN please see here:
  •  
  • with Eddie desktop edition, install OpenVPN 2.5, tell Eddie to use OpenVPN 2.5 in "Preferences" > "Advanced" , finally add the following custom directives in "Preferences" > "OVPN Directives" and make sure to connect or white list ONLY experimental ChaCha20 servers
 
ncp-disable
cipher CHACHA20-POLY1305

Servers supporting ChaCha20 are marked as "Experimental ChaCha20" in https://airvpn.org/status in a yellow warning.

Kind regards
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...