Eddie Desktop 2.18beta released

[QueenSasha 1]

16 hours ago, inradius said:

If Eddie is still written in mono then it remains a security risk

If Eddie continues to require root privileges in Linux then it remains a security risk
 

Old Eddie versions had GUI asking for root privileges. & always ran external programs with root privileges when not necessary. Need HTTP comm bro? Eddie raises a whole root shell to curl causing resource crazy waste and security hazard. I mean you're so lazy that you need to run external programs for trivial tasks? At least do it it properly, why the fuck do you run a root shell?! Are you insane or what? Any comment, "developers"?!  Guess we can't see Eddie 2.18 source code yet BTW you can see that finally finally finally GUI runs as normal user, not root - better late than never.

As if AirVPN sent all the lazy jerks to Eddie desktop and all developers to Android and OpenVPN library fork. Go look into 1) Eddie Android source code and OpenVPN fork diffs code vs. 2) Eddie Linux / Mac source code. In 1, elegant - maybe brilliant for abilities of mine!! - code vs. in 2 a stinking muddy mess of nonsense comments, all'round inefficiencies and security holes. Eddie desktop was always a no-go to me but I am pleased by latest or not-so-latest development course in Android and OVPN 3. It began enriching AirVPN badly long due needed software dev, I mean a drastic long due quality enhancement IMHO. More must come though, moar moar more!

Who knows, will Eddie 2.18 for Linux / Mac be better? After years of chaotic devel? Can you expect no cocky impudent heinous root shell summoning?  What about external programs launches with unlimited root privileges? Mess in Eddie 2.16 is huge so I'm all in with new development branch, I am not confident in any future Mono based Eddie, but who cares? You don't need it, not in Linux at least.

 

Quote

If Eddie continues to require root privileges in Linux then it remains a security riskI

Don't ya be a jerk too though. You can raise and drop but at some point you need routes, firewall and so on and so forth. BUT do it properly... by f* Jove, don't raise shells as if they were peanuts!!!
 

Quote

here are much better coded and safer Linux clients offered by other providers

Booooooom, you jerk too!?  Most force you into a jungle of closed source junk software and Android apps aimed to steal your data with bunch of trackers. Tell me tell me genius, who boosted ChaCha20 into OpenVPN 3?

-- qs

[BlueBanana 31]

I am not an expert on this stuff, but as far as i know, the OpenVPN process needs to be root to be executed.

Other clients simply run a daemon in the background that gives them root access when it's needed.

Eddie development has been slow recently, that's true, but for the the years i have been using it, it has never let me down...

So no need to be hysteric. 😉

Regards

BB

[Staff 8353]

Hello!

While we will let developers provide more details should they wish so,  we would like to firmly clarify that:
 

• Eddie 2.18.x GUI or command line frontend does not run as root; the backend process does
• Eddie 2.18.x is in beta testing phase, so potential bugs and issues should be in general expected at any time
• Eddie 2.18.x does not run "curl" with root privileges anymore @QueenSasha
• Eddie 2.18.x GUI is written in C# (so it needs the Mono framework) but the backend process is written in C++, so it does NOT need Mono framework. Running only a GUI in Mono with normal user privileges shrinks down Mono related risks very considerably @inradius If you find critical Mono vulnerabilities even related to apps running with user privileges things would be different, of course
• root privileges are necessary to modify firewall rules (for "Network Lock"), change routing table, properly handle DNS push. Root privileges are also transmitted to OpenVPN, which needs them to modify routing table, default gateway and operate on tun network interface. That's expected, correct and ordinary behavior by any OpenVPN based software developer  @inradius unless you have a special API service, as it happens in Android with VPNService API, where root privileges are not needed (and you can't set a real "Network Lock" as a consequence)
• if any security vulnerability is ascertained and proven we and developers will of course address it expeditiously @QueenSasha

Kind regards

[spinmaster 11]

Just want to throw in that I have been using Eddie 2.18.5 on macOS Catalina 10.15.1 for three weeks or so now and I haven't noticed any issues. Everything seems to work as expected (server connections, switching servers, etc.).

On a sidenote: is there anything more to updating the client on macOS than extracting the tar.gz and replacing the binary file for Eddie in the /Applications folder?

[b52ff 0]

- Running Ubuntu 20.04 daily (don't kill me I like the edge!) Eddie UI 2.18.5beta 
- have been around a while so experienced these types of bugs with Eddie before and grin and bear it
- When selecting 'minimize to tray' the dreaded black screen of Eddie death is back again although connection still works
- Disabled 'minimize to tray' Eddie sits in dock with no problems and tray icon functions ok too
- Eddie related Mono memory use has been as high as 1.4GB!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- NO DNS LEAK

[NotTheOne 6]

MacOS 10.12.6
Eddie 2.18.5

Running for a couple of months, very stable, sometimes certain individual servers have trouble connecting but I just choose a different server and can connect to it.

Only issue I can think of is the "Latency" speeds and stars "Score" don't show up on the "Servers" tab.

 

[uggugg123 0]

On 11/28/2019 at 1:14 PM, NotTheOne said:

MacOS 10.12.6
Eddie 2.18.5

Running for a couple of months, very stable, sometimes certain individual servers have trouble connecting but I just choose a different server and can connect to it.

Only issue I can think of is the "Latency" speeds and stars "Score" don't show up on the "Servers" tab.

 

Client wont do a speed/latency refresh if you're allready connected to an airvpn server.   You can force it to do so by going to Stats and double-clicking the appropriate row from the SS below



An unrelated query, the scoring rules/metrics for Speed annd how many stars it gives a server I've found to be very inaccurate.  According to latest refresh Angetenar is the highest scoring Speed server but I get almost 1/4 the throughput than I do on others.  But the latency test to Stars given to a server seems to be working as expected.

Running Windows 10 1903
Eddie 2.18.5beta
Edited ... by uggugg123

[Maggie144 2]

https://seclists.org/oss-sec/2019/q4/122
can this vulnerability be mitigated with options in Eddie?

[Staff 8353]

@Maggie144

The vulnerability is still unknown so let's wait for the paper. Vulnerability will be disclosed to the public only when a patch is available. Please do not discuss the issue here as it is off-topic for Eddie: another thread is already available, although there's almost nothing to say until the vulnerability is secret, except that the attacker must control your router/access point or be an adjacent to it user, so you know in general how to prevent the potential attack in the meantime.

Kind regards
 

[Neighbour80 0]

I have tried Eddie 2.18.5 a couple times in Windows 10 Build 1909. It can never connect to a server. It goes to restart, then chooses another server, and repeats the cycle endlessly. I tried many different changes to settings, to no avail. I recall also that 2.18.5 is the same version as a month ago. I do not think any changes have been made in a while. The only reason I tried it is that in the mainline Eddie, latency tests are not working for some reason.

[rdbrn 1]

On 12/9/2019 at 12:40 PM, Neighbour80 said:

I have tried Eddie 2.18.5 a couple times in Windows 10 Build 1909. It can never connect to a server. It goes to restart, then chooses another server, and repeats the cycle endlessly. I tried many different changes to settings, to no avail. I recall also that 2.18.5 is the same version as a month ago. I do not think any changes have been made in a while. The only reason I tried it is that in the mainline Eddie, latency tests are not working for some reason.

I am having the same problem when lock is enabled. I've reported it and support has forwarded my report to 2nd. line support. But still after 2 months no reply

[NoiselessOwl 11]

On 12/9/2019 at 6:40 AM, Neighbour80 said:

I have tried Eddie 2.18.5 a couple times in Windows 10 Build 1909. It can never connect to a server. It goes to restart, then chooses another server, and repeats the cycle endlessly. I tried many different changes to settings, to no avail. I recall also that 2.18.5 is the same version as a month ago. I do not think any changes have been made in a while. The only reason I tried it is that in the mainline Eddie, latency tests are not working for some reason.

Did you try deleting the default.xml file in %LocalAppData%\AirVPN\? Deleting that will remove the setting you made on Eddie, I recommend make a backup of that file in case if you don't want to lose your setting. Deleting the default.xml will reset Eddie back to default and hopefully it should clear out the problem you have. I used to have this problem before and deleting default.xml fixed the issue for me. Make a backup of that file before deleting.

[NotTheOne 6]

On 11/28/2019 at 12:14 PM, NotTheOne said:

MacOS 10.12.6
Eddie 2.18.5

Running for a couple of months, very stable, sometimes certain individual servers have trouble connecting but I just choose a different server and can connect to it.

Only issue I can think of is the "Latency" speeds and stars "Score" don't show up on the "Servers" tab.

 



On 12/2/2019 at 7:14 AM, uggugg123 said:

Client wont do a speed/latency refresh if you're allready connected to an airvpn server.   You can force it to do so by going to Stats and double-clicking the appropriate row from the SS below

uggugg123, thanks for the suggestion but that didn't solve the issue. Even after downloading Eddie experimental version 2.18.5 again and reinstalling it, the "Latency" speeds and stars "Score" still don't show up on the "Servers" tab for Eddie.

I was having a connection issue (I thought it was Eddie but ended up being an ISP issue) so I deleted Eddie 2.18.5 and installed Eddie stable version 2.16.3 but I had to delete it because of a new issue. When starting up Eddie, it would not accept my administrator password, it kept telling me it was the wrong password. I quit and restarted Eddie several times but kept getting the "wrong password" error message.

Is this a known issue with Eddie?

I deleted Eddie 2.16.3 and installed Eddie experimental version 2.17.2 and now Eddie would accept my password but a new issue was that after Eddie started, the login window wouldn't show up. All I could see were the main menu items "Eddie" and "Window" at the top of my desktop screen. I quit and restarted Eddie several times but the login window never came up.



Is this a known issue with Eddie?

I delete Eddie 2.17.2 and logged in to my airvpn.org account and downloaded Eddie experimental version 2.18.5 again and reinstalled it. This time I did not have the two issues above and was able to login to and use Eddie.

[zsam288 16]

On 10/20/2019 at 1:46 PM, zsam288 said:

using 2.18.4beta

when using the scoring rule "speed" i seem to get the lowest latency server
when using the scoring rule "latency" i seem to get the server with a lower load but higher latency

this is the opposite behavior from the stable version?
one would think when selecting latency to get a server with the lowest latency?

Not fixed in 2.18.5beta

[tarvpn 1]

Hello,

Possible issue with v2.18.x on Windows 8.1 regarding TAP drivers;

I moved from v2.17.2 to v2.18.5.  Upon first connection, EDDIE tries to install the new TAP drivers, but errors with a driver installation failure notice.  I rebooted, and tried to launch again, EDDIE tries to install the TAP drivers again and fails again.

I downloaded the TAP driver installer directly, noticing there are two versions.  One labelled Win10 and one Win7.  I noticed on the OpenVPN site it was stating to use the Win7 driver with Win8.1.  I tried to install the Win10 driver to test, as EDDIE labels the same installer is to be used with Win10/8.1/8.  I get the same error message when installing "tap-windows-9.23.3-I601-Win10" as I do when EDDIE tries to install them.

I then uninstalled the TAP drivers and installed the Win7 version "tap-windows-9.23.3-I601-Win7".  EDDIE now launches and sees the drivers, it does not try to install the drivers anymore.  EDDIE functions as normal, connects to VPN and works fine.

Perhaps with the new TAP builds, different versions are now required to be bundled with EDDIE for Win8.1/8

Hope that helps.

 

[robertoohoho 4]

On 1/1/2020 at 3:03 PM, NotTheOne said:

uggugg123, thanks for the suggestion but that didn't solve the issue. Even after downloading Eddie experimental version 2.18.5 again and reinstalling it, the "Latency" speeds and stars "Score" still don't show up on the "Servers" tab for Eddie.

I was having a connection issue (I thought it was Eddie but ended up being an ISP issue) so I deleted Eddie 2.18.5 and installed Eddie stable version 2.16.3 but I had to delete it because of a new issue. When starting up Eddie, it would not accept my administrator password, it kept telling me it was the wrong password. I quit and restarted Eddie several times but kept getting the "wrong password" error message.

Is this a known issue with Eddie?

I deleted Eddie 2.16.3 and installed Eddie experimental version 2.17.2 and now Eddie would accept my password but a new issue was that after Eddie started, the login window wouldn't show up. All I could see were the main menu items "Eddie" and "Window" at the top of my desktop screen. I quit and restarted Eddie several times but the login window never came up.



Is this a known issue with Eddie?

I delete Eddie 2.17.2 and logged in to my airvpn.org account and downloaded Eddie experimental version 2.18.5 again and reinstalled it. This time I did not have the two issues above and was able to login to and use Eddie.

Are you running a foreign system?  I had the same problem going back to v2.16.3 when I was asked to enter my password. Eddie's v2.16.3 keyboard mapping is QWERTY, I'm using a AZERTY system.
(I figured this out because I would try to select all the characters to retype the wrong password using Command-A and Eddie would ask me if I really wanted to quit as if I had typed Command-Q).

[Staff 8353]

Version 2.18.6 (Fri, 17 Jan 2020 13:46:48 +0000)

• [change] Bug fixes and code cleanup
• [change] OpenVPN 2.4.8
• [change] Windows - Tap driver (Win7-Win10) upgraded from 9.23.3-i601 to 9.24.2-i601
• [new] New option 'Skip promotional messages'.
• [change] macOS - New menubar icons
• [bugfix] macOS - 'Rules not loaded' in some environment
• [change] Hummingbird integration (experimental)

All other reported issues are under investigation.
(Linux Arch package is not yet available, fix coming soon).

[Clodo 122]

On 11/24/2019 at 12:36 AM, ssling said:

Is the official AUR package for arch linux not maintained anymore? I don't have any issues with 2.17.2 but I'd like to know if there is point in waiting or should I move on to another source.

Simply please wait if you don't have any issues. The official AUR will be updated as soon as possible, thanks.

[jeuia3e9x74uxu6wk0r2u9kdos 14]

39 minutes ago, Staff said:

Version 2.18.6 (Fri, 17 Jan 2020 13:46:48 +0000)

• [change] Bug fixes and code cleanup
• [change] OpenVPN 2.4.8
• [change] Windows - Tap driver (Win7-Win10) upgraded from 9.23.3-i601 to 9.24.2-i601
• [new] New option 'Skip promotional messages'.
• [change] macOS - New menubar icons
• [bugfix] macOS - 'Rules not loaded' in some environment
• [change] Hummingbird integration (experimental)

All other reported issues are under investigation.
(Linux Arch package is not yet available, fix coming soon).

Hi guys! thank you so much and you have done a terrific work as usual

Should we consider this as a "stable" version or still as an "experimental" one?

Thank you

[Staff 8353]

@jeuia3e9x74uxu6wk0r2u9kdos

Hello and thank you!

It's still a beta version, but we expect to release a stable version really soon. We will also evaluate the feedback of course, please keep testing and report (if any) glitches or bugs as you have always done, thank you for your patience.

Kind regards
 

[airdev 3]

Hi, couple of notes:


1: advanced -> uninstall driver -> click "no" to UAC popup -> Eddie says "uninstall completed" regardless if you click no.

2: The update channel does not work, and never has. I have it set to "beta" yet I never get a notification saying there's an update. I do have server list update set to "never" if that matters.

3: It's sad to see the "Skip promotional messages" in the UI tab all the way at the bottom away from other entries. I get why it's there (and unselected by default), but the fact we need a checkbox to hide pop-up's is a shame; they're all predictable sales anyway at the same time each year.

It's interesting to note that the source code contains references to "Wireguard", despite the response I got from support it's good to see it mentioned in Eddie, I suspect support for WG will come sooner rather than later (and AirVPN is I doubt one for being behind the others - if there is an industry wide push/support for WG AirVPN won't want to lose business).

Hummingbird is intriguing, it is confusing however integrating it into Eddie itself which I thought was its own "thing" and did everything that was required as far as OpenVPN is concerned, it'd be really delicious to drop the Mono dependency and go to 100% pure C/C++ code, but I suspect there's little chances of that happening (I'd prefer QT for GUI).

The code is also quite convoluted, I will maintain my position that it would be nice to see an external professional audit of the code to understand if there are any discrepancies. Eddie is quite a complex beast now, it works very well and reliably, but all good codebases have parts that are overlooked or might be a possible security problem without anyone realizing (similar to the kernel, which just considers them "bugs" rather than "security problems"

Looking forward to the final release - I do have quibbles about some aspects of AirVPN's operations, but otherwise they remain one of (if not the) best in class services.

 

[OptimusPrimeAutoBot 0]

3 hours ago, Staff said:

Version 2.18.6 (Fri, 17 Jan 2020 13:46:48 +0000)

• [change] Bug fixes and code cleanup
• [change] OpenVPN 2.4.8
• [change] Windows - Tap driver (Win7-Win10) upgraded from 9.23.3-i601 to 9.24.2-i601
• [new] New option 'Skip promotional messages'.
• [change] macOS - New menubar icons
• [bugfix] macOS - 'Rules not loaded' in some environment
• [change] Hummingbird integration (experimental)

All other reported issues are under investigation.
(Linux Arch package is not yet available, fix coming soon).

How to use the Hummingbird integration in linux?

[giganerd 815]

1 hour ago, airdev said:

3: It's sad to see the "Skip promotional messages" in the UI tab all the way at the bottom away from other entries. I get why it's there (and unselected by default), but the fact we need a checkbox to hide pop-up's is a shame; they're all predictable sales anyway at the same time each year.

It seems people will even complain if the devs listen. Don't be like that.
 

1 hour ago, airdev said:

but I suspect there's little chances of that happening (I'd prefer QT for GUI).

A GTK+ GUI was mentioned. Someone might even build your beloved Qt GUI, or you can do it yourself, Eddie is open source.
 

1 hour ago, airdev said:

The code is also quite convoluted, I will maintain my position that it would be nice to see an external professional audit of the code to understand if there are any discrepancies. Eddie is quite a complex beast now, it works very well and reliably, but all good codebases have parts that are overlooked or might be a possible security problem without anyone realizing (similar to the kernel, which just considers them "bugs" rather than "security problems"

Open source lives not through "independent security audits", but by the fact that hundreds of people look over the code, find bugs and more and either report them or simply fix it on their own. If you look on audits, you add the auditors to the list of people you need to trust.

[Clodo 122]

13 minutes ago, OptimusPrimeAutoBot said:

How to use the Hummingbird integration in linux?

Please remember it's an experimental feature.
Now, Linux AppImage and Portable edition, and any MacOS package already have Hummingbird in the bundle, simply tick Preferences -> Advanced -> Use Hummingbird.
In other kind of linux packages (.deb, .rpm etc) a binary simply called 'hummingbird' need to be in the search path, or place it in /usr/lib/eddie-ui. Restart Eddie.

[OptimusPrimeAutoBot 0]

3 minutes ago, Clodo said:

Please remember it's an experimental feature.
Now, Linux AppImage and Portable edition, and any MacOS package already have Hummingbird in the bundle, simply tick Preferences -> Advanced -> Use Hummingbird.
In other kind of linux packages (.deb, .rpm etc) a binary simply called 'hummingbird' need to be in the search path. 

What do you mean by search path are you referring to path environment variable?