Hummingbird 1.0: AirVPN client based on OpenVPN 3 AirVPN

[Staff 9972]

Hello!

 

^{UPDATE 29-Nov-19: macOS, Linux x86-64 bit and Raspbian beta versions now available.
UPDATE 06-Dec-19: beta 2 version has been released
UPDATE 10-Dec-19: Release Candidate 1 has been released
UPDATE 19-Dec-19: Release Candidate 2 has been released}

^{UPDATE 27-Dec-19: version 1.0 has been released
UPDATE 24-Jan-20: version 1.0.1 has been released}

 

 

We are very glad to introduce Hummingbird, a new client software for:

• Linux x86-64 bit
• Linux Raspbian 32 bit (frequently installed in Raspberry PI)
• Linux ARM 64 bit (tested under Raspberry 4 Ubuntu 19.10)
• Mac (minimum required version macOS Mojave)

based on our own AirVPN OpenVPN 3 library.

The software meets various demands by many users. Furthermore, it will evolve in to an integrated client and daemon targeting Linux, Mac, OpenBSD and FreeBSD platforms.

Main features:

• lightweight and stand alone binary
• no heavy framework required, no GUI
• tiny RAM footprint (less than 3 MB currently)
• lightning fast
• based on OpenVPN 3 library fork by AirVPN with tons of critical bug fixes from the main branch, new ciphers support and never seen before features
• ChaCha20-Poly1305 cipher support on both Control and Data Channel providing great performance boost on Raspberry PI and any Linux-based platform not supporting AES-NI. Note: ChaCha20 support for Android had been already implemented in our free and open source Eddie Android edition https://airvpn.org/forums/topic/44201-eddie-android-edition-24-released-chacha20-support/
• robust leaks prevention through Network Lock based either on iptables, nftables or pf through automatic detection
• proper handling of DNS push by VPN servers, working with resolv.conf as well as any operational mode of systemd-resolved
• additional features

Versions for FreeBSD and OpenBSD will follow in the future.

Source code is available here:
https://gitlab.com/AirVPN/hummingbird
In the above repository you can also find binaries, general instructions, usage instructions and build instructions.

Linux x86-64 64 bit version:
https://eddie.website/repository/hummingbird/1.0.1/hummingbird-linux-x86_64-1.0.1.tar.gz

Raspberry 64 bit / Linux ARM 64 bit version:
https://eddie.website/repository/hummingbird/1.0.1/hummingbird-linux-aarch64-1.0.1.tar.gz

Raspbian 32 bit version:
https://eddie.website/repository/hummingbird/1.0.1/hummingbird-linux-armv7l-1.0.1.tar.gz

macOS version:
https://eddie.website/repository/hummingbird/1.0.1/hummingbird-macos-1.0.1.tar.gz

 

How to install AirVPN client for Linux x86_64, Raspberry and macOS

Requirements
------------

Linux

• x86-64, ARM 32 or ARM 64 bit CPU
• A reasonably recent Linux distribution
• tar
• sha512sum (optional)

Raspberry

• Linux Raspbian distribution or Linux ARM 64 bit distribution
• tar
• sha512sum (optional)

Mac

• macOS Mojave or higher version
• tar
• shasum (optional)
• otool (optional)

Linux x86-64 Installation
------------------

• Download hummingbird-linux-x86_64-1.0.1.tar.gz
• [optional] Download hummingbird-linux-x86_64-1.0.1.tar.gz.sha512 This file is required to check the integrity of the above tar archive. It is not mandatory but it is strongly advised to download this file and check the tar archive
• [optional] Open a terminal window
• [optional] Check the integrity of the tar archive by issuing this command: "sha512sum --check hummingbird-linux-1.0.1-x86_64.tar.gz.sha512" (without quotes)
• [optional] Make sure the command responds with "hummingbird-linux-x86_64-1.0.1.tar.gz: OK"
• Change your current directory to a convenient place, such as your home directory. This can be done by issuing the command "cd ~" (without quotes)
• Extract the tar archive by issuing this command on your terminal window: tar xvf hummingbird-linux-1.0.1.tar.gz
• A new directory will be created: hummingbird-linux-1.0.1
• Move into the new directory with command "cd hummingbird-linux-1.0.1" (without quotes)
• [optional] Check the integrity of the binary file hummingbird-linux-1.0.1. Issue this command from your terminal window: sha512sum --check hummingbird.sha512" (without quotes)
• [optional] Make sure the command responds with "hummingbird-linux-1.0.1: OK"
• [optional] Check dynamic library availability. Issue the command "ldd hummingbird" and make sure all the required dynamic libraries are available. No line of the output must contain "not found"
• the Linux client is now ready to be used and possibly copied to a different directory of your system.
• Please note the client needs root privileges. Your user must therefore be included in your system's "sudoers" (depending on specific Linux distribution)

 

Raspberry/Raspbian/Linux ARM 32 bit Installation
-------------------------------

 

• Download hummingbird-armv7l-1.0.1.tar.gz
• [optional] Download hummingbird-linux-armv7l-1.0.1.tar.gz.sha512 This file is required to check the integrity of the above tar archive. It is not mandatory but it is strongly advised to download this file and check the tar archive
• [optional] Open a terminal window
• [optional] Check the integrity of the tar archive by issuing this command: "sha512sum --check tar xvf hummingbird-armv7l-1.0.1.tar.gz.sha512" (without quotes)
• [optional] Make sure the command responds with "hummingbird-armv7l-1.0.1.tar.gz: OK"
• Change you current directory to a convenient place, such as your home directory. This can be done by issuing the command "cd ~" (without quotes)
• Extract the tar archive by issuing this command on your terminal window: tar xvf hummingbird-armv7l-1.0.1.tar.gz
• A new directory will be created: hummingbird-armv7l-1.0.1
• Enter the new directory with command "cd hummingbird-armv7l-1.0.1" (without quotes)
• [optional] Check the integrity of the binary file hummingbird. Issue this command from your terminal window: "sha512sum --check hummingbird.sha512" (without quotes)
• [optional] Make sure the command responds with "hummingbird: OK"
• [optional] Check dynamic library availability. Issue the command "ldd hummingbird" and make sure all the required dynamic libraries are available. No line of the output must contain "not found"
• the Raspberry/Raspbian client is now ready to be used and possibly copied to a different directory of your system.
• Please note the client needs root privileges. Your user must therefore be included in your system's "sudoers"

 

Raspberry/Linux ARM 64 bit Installation
-------------------------------

 

• Download hummingbird-linux-aarch64-1.0.1.tar.gz
• [optional] Download hummingbird-linux-aarch64-1.0.1.tar.gz.sha512 This file is required to check the integrity of the above tar archive. It is not mandatory but it is strongly advised to download this file and check the tar archive
• [optional] Open a terminal window
• [optional] Check the integrity of the tar archive by issuing this command: "sha512sum --check hummingbird-linux-aarch64-1.0.1.tar.gz.sha512" (without quotes)
• [optional] Make sure the command responds with " hummingbird-linux-aarch64-1.0.1.tar.gz: OK"
• Change you current directory to a convenient place, such as your home directory. This can be done by issuing the command "cd ~" (without quotes)
• Extract the tar archive by issuing this command on your terminal window: "tar xvf a hummingbird-linux-aarch64-1.0.1.tar.gz" (without quotes)
• A new directory will be created: hummingbird-linux-aarch64-1.0.1
• Enter the new directory with command "cd hummingbird-linux-aarch64-1.0.1" (without quotes)
• [optional] Check the integrity of the binary file hummingbird. Issue this command from your terminal window: "sha512sum --check hummingbird.sha512" (without quotes)
• [optional] Make sure the command responds with "hummingbird: OK"
• [optional] Check dynamic library availability. Issue the command "ldd hummingbird" and make sure all the required dynamic libraries are available. No line of the output must contain "not found"
• the Raspberry/Raspbian client is now ready to be used and possibly copied to a different directory of your system.
• Please note the client needs root privileges. Your user must therefore be included in your system's "sudoers"

 
macOS installation

--------------------

 

• Download hummingbird-macos-1.0.1.tar.gz
• [optional] Download hummingbird-macos-1.0.1.tar.gz.sha512 This file is required to check the integrity of the above tar archive. It is not mandatory but it is strongly advised to download this file and check the tar archive
• [optional] Open a terminal window
• [optional] Check the integrity of the tar archive by issuing this command: "shasum -a 512 -c hummingbird-macos-1.0.1.tar.gz.sha512" (without quotes)
• [optional] Make sure the command responds with "hummingbird-macos-1.0.1.tar.gz: OK"
• Change your current directory to a convenient place, such as your home directory. This can be done by issuing the command "cd ~" (without quotes)
• Extract the tar archive by issuing this command on your terminal window: "tar xvf hummingbird-macos-1.0.1.tar.gz" (without quotes)
• A new directory will be created: hummingbird-macos-1.0.1
• Move into the above directory by entering command "cd hummingbird-macos-1.0.1" (without quotes)
• [optional] Check the integrity of the binary file hummingbird-macos-1.0.1. Issue this command from your terminal window: "shasum -a 512 -c hummingbird.sha512" (without quotes)
• [optional] Make sure the command responds with "hummingbird: OK"
• [optional] Check dynamic library availability. Issue the command "otool -L hummingbird" and make sure all the required dynamic libraries are available. No line of the output must contain "not found". "otool" is distributed with Xcode
• the Mac client is now ready to be used and possibly copied to a different directory of your system.
• Please note the client needs root privileges.

 

Note on Checksum Files

We do strongly suggest you to check the integrity both of the distribution tar.gz file and the hummingbird binary in order to make sure you are installing a binary created and fully supported by AirVPN.
 

Hummingbird is an open source project and, as such, its source code can be downloaded, forked and modified by anyone who wants to create a derivative project or build it on his or her computer. This also means the source code can be tampered or modified in a malicious way, therefore creating a binary version of hummingbird which may act harmfully, destroy or steal your data, redirecting your network traffic and data while pretending to be the "real" hummingbird client genuinely developed and supported by AirVPN.

For this reason, we cannot guarantee forked, modified and custom compiled versions of Hummingbird to be compliant to our specifications, development and coding guidelines and style, including our security standards. These projects, of course, may also be better and more efficient than our release, however we cannot guarantee or provide help for the job of others.

You are therefore strongly advised to check and verify the checksum codes found in the .sha512 files to exactly correspond to the ones below, that is, the checksum we have computed from the sources and distribution files directly compiled and built by AirVPN. This will make you sure about the origin and authenticity of the hummingbird client. Please note the files contained in the distribution tarballs are created from the very source code available in the master branch of the official hummingbird's repository.

Checksum codes for Version 1.0

The checksum codes contained in files hummingbird-<os>-<arch>-1.0.1.tar.gz.sha512 and hummingbird.sha512 must correspond to the codes below in order to prove they are genuinely created and distributed by AirVPN.
 

Linux x86_64

hummingbird-linux-x86_64-1.0.1.tar.gz: f2cbc2acded6335c996271d9e86818a0375f4f46712b9edb7147494038bff48a1e72f666b319790a8250298e437a87dd8173313156da0497529c0eace3924fea

hummingbird: bbfb5951a54c1bfd271d7a56ac52a8674a31f295a699698332996c7e49a194974b61526accff0936a7512986c26c92489cd2c0c731999fcb224eaf118bc91a89

Linux ARM32

hummingbird-linux-armv7l-1.0.1.tar.gz: ad5ef28d6904089f474c065ca01dae222e35b2eb999a24de13481f2e4f41228c9fe5c7cb1e623c24b5498339f1c033f7b47717bd3f42e6467f42477129102b88

hummingbird: 3ed0d105a1fece008793575945836d7e2dc38b79698856dfaeb1ffadf871004bf6f8dfd101561322c661df8192a5a8861d39266e89dad2d5db0947cb4d7f675f

Linux ARM64

hummingbird-linux-aarch64-1.0.1.tar.gz: 1c1042ae91fac572a3835ee03b97633a597d4f9abfba8c1ef8a65f3dcdae854c9cec254fead542d629e501449d6db44d7450da810328dfc2328ed4784eb8b1f1

hummingbird: af218c2f53d62feead87fc6731e2b8fad4a6f884fe65103045cb3eafc7eb4f63b76737e2d2176c1fbf6647c1fd3ecad95311c4a000117531055c3cf65926516c

macOS

hummingbird-macos-1.0.1.tar.gz: ecf4c9123fb974561dc4a49676cd4a76c887b74553e380c23f5b879995d4f95c9028c4882a6cce5870c5223dbd2aee1aab39ee06d754774ec708d9050c6ffc23

hummingbird: b389e95c7362290d0349035a018d57d496433ed4d7eab5f6f62e5bb92764615db04c5375362bf8f5c6582ecb775f04d3c4fd261633ab8a1a93b79dccdebe464c

 

Running the Hummingbird Client

Run hummingbird and display its help in order to become familiar with its options. From your terminal window issue the following command:

sudo ./hummingbird --help

After having entered your root account password, hummingbird responds with:

Hummingbird - AirVPN OpenVPN 3 Client 1.0 - 27 December 2019

usage: ./hummingbird [options] <config-file> [extra-config-directives...]
--help, -h : show this help page
--version, -v : show version info
--eval, -e : evaluate profile only (standalone)
--merge, -m : merge profile into unified format (standalone)
--username, -u : username
--password, -p : password
--response, -r : static response
--dc, -D : dynamic challenge/response cookie
--cipher, -C : encrypt packets with specific cipher algorithm (alg)
--proto, -P : protocol override (udp|tcp)
--server, -s : server override
--port, -R : port override
--ncp-disable, -n : disable negotiable crypto parameters
--network-lock, -N : enable/disable network filter and lock (on|off, default on)
--gui-version, -E : set custom gui version (text)
--ignore-dns-push, -i : ignore DNS push request and use system DNS settings
--ipv6, -6 : combined IPv4/IPv6 tunnel (yes|no|default)
--timeout, -t : timeout
--compress, -c : compression mode (yes|no|asym)
--pk-password, -z : private key password
--tvm-override, -M : tls-version-min override (disabled, default, tls_1_x)
--tcprof-override, -X : tls-cert-profile override (legacy, preferred, etc.)
--proxy-host, -y : HTTP proxy hostname/IP
--proxy-port, -q : HTTP proxy port
--proxy-username, -U : HTTP proxy username
--proxy-password, -W : HTTP proxy password
--proxy-basic, -B : allow HTTP basic auth
--alt-proxy, -A : enable alternative proxy module
--dco, -d : enable data channel offload
--cache-password, -H : cache password
--no-cert, -x : disable client certificate
--def-keydir, -k : default key direction ('bi', '0', or '1')
--force-aes-cbc, -f : force AES-CBC ciphersuites
--ssl-debug : SSL debug level
--google-dns, -g : enable Google DNS fallback
--auto-sess, -a : request autologin session
--auth-retry, -Y : retry connection on auth failure
--persist-tun, -j : keep TUN interface open across reconnects
--peer-info, -I : peer info key/value list in the form K1=V1,K2=V2,...
--gremlin, -G : gremlin info (send_delay_ms, recv_delay_ms, send_drop_prob, recv_drop_prob)
--epki-ca : simulate external PKI cert supporting intermediate/root certs
--epki-cert : simulate external PKI cert
--epki-key : simulate external PKI private key
--recover-network : recover network settings after a crash or unexpected exit

Open Source Project by AirVPN (https://airvpn.org)

Linux and macOS design, development and coding: ProMIND

Special thanks to the AirVPN community for the valuable help,
support, suggestions and testing.

Hummingbird needs a valid OpenVPN profile in order to connect to a server. You can create an OpenVPN profile by using the config generator available at AirVPN website in your account's Client Area

Start a connection:

sudo ./hummingbird your_openvpn_file.ovpn

Stop a connection:

Type CTRL+C in the terminal window where hummingbird is running. The client will initiate the disconnection process and will restore your original network settings according to your options.

Start a connection with a specific cipher:

sudo ./hummingbird --ncp-disable --cipher CHACHA20-POLY1305 your_openvpn_file.ovpn

Please note: in order to properly work, the server you are connecting to must support the cipher specified with the --cipher option. If you wish to use CHACHA20-POLY1305 cipher, you can find AirVPN servers supporting it in our real time servers monitor: they are marked in yellow as "Experimental ChaCha20".

Disable the network filter and lock:

sudo ./hummingbird --network-lock off your_openvpn_file.ovpn

Ignore the DNS servers pushed by the VPN server:

sudo ./hummingbird --ignore-dns-push your_openvpn_file.ovpn

Please note: the above options can be combined together according to their use and function.

Network Filter and Lock

Hummingbird's network filter and lock natively uses iptables, nftables and pf in order to provide a "best effort leak prevention". Hummingbird will automatically detect and use the infrastructure available on your system. Please note: Linux services firewalld and ufw may interfere with the hummingbird's network filter and lock and you are strongly advised to not issue any firewall related command while the VPN connection is active.

DNS Management in Linux

Hummingbird currently supports both resolv.conf and systemd-resolved service. It is also aware of Network Manager, in case it is running. While the client is running, you are strongly advised to not issue any resolved related command (such as resolvectl) or change the resolv.conf file in order to make sure the system properly uses DNS pushed by the VPN server. Please note: DNS system settings are not changed in case the client has been started with --ignore-dns-push. In this specific case, the connection will use your system's DNS.

Furthermore, please note that if your network interfaces are managed by Network Manager, DNS settings might be changed under peculiar circumstances during a VPN connection, even when DNS push had been previously accepted.

DNS Management in macOS

DNS setting and management is done through OpenVPN3 native support
 

Recover Your Network Settings

In case hummingbird crashes or it is killed by the user (i.e. kill -9 `pidof hummingbird` ) as well as in case of system reboot while the connection is active, the system will keep and use all the network settings determined by the client; therefore, your network connection will not work as expected, every connection is refused and the system will seem to be "network locked". To restore and recover your system network, you can use the client with the --recover-network option.

sudo ./hummingbird --recover-network

Please note: in case of crash or unexpected exit, when you subsequently run hummingbird it will warn you about the unexpected exit and will require you to run it again with the --recover-network option. It will also refuse to start any connection until the network has been properly restored and recovered.

 

Changelog

--------

Changelog.txt URL:
https://gitlab.com/AirVPN/hummingbird/blob/master/Changelog.txt
 

Changelog 1.0.1 - 24 January 2020

- [ProMIND] Updated to OpenVPN3-AirVPN 3.6.2


*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

Changelog 1.0 - 27 December 2019

- [ProMIND] Production release


*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*


Changelog 1.0 RC2 - 19 December 2019

- [ProMIND] Better management of Linux NetworkManager and systemd-resolved in case they are both running
- [ProMIND] Log a warning in case Linux NetworkManager and/or systemd-resolved are running



*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*


Changelog 1.0 RC1 - 10 December 2019

- [ProMIND] Updated asio dependency


*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*


Changelog 1.0 beta 2 - 6 December 2019

- [ProMIND] Updated to OpenVPN 3.6.1 AirVPN
- [ProMIND] macOS now uses OpenVPN's Tunnel Builder
- [ProMIND] Added --ignore-dns-push option for macOS
- [ProMIND] Added --recover-network option for macOS


*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*


Changelog 1.0 beta 1 - 28 November 2019

- [ProMIND] Added a better description for ipv6 option in help page
- [ProMIND] --recover-network option now warns the user in case the program has properly exited in its last run
- [ProMIND] NetFilter class is now aware of both iptables and iptables-legacy and gives priority to the latter


*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*


Changelog 1.0 alpha 2 - 7 November 2019
 
- [ProMIND] DNS resolver has now a better management of IPv6 domains
- [ProMIND] DNS resolver has now a better management of multi IP domains
- [ProMIND] Minor bug fixes


*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*


Changelog 1.0 alpha 1 - 1 November 2019

- [ProMIND] Initial public release

Kind regards and datalove
AirVPN Staff




 

 

 

[OpenSourcerer 1435]

It mixes up v4 and v6 somewhere.

$ sudo ./airvpn IPv6.ovpn -i --ipv6 yes IPv6.ovpn
AirVPN OpenVPN 3 Client 1.0 alpha 1

CONNECTING...
Starting thread
Fri Nov  1 18:00:43.484 2019 OpenVPN core 3.3.2 AirVPN linux x86_64 64-bit
Fri Nov  1 18:00:43.485 2019 Frame=512/2048/512 mssfix-ctrl=1250
Fri Nov  1 18:00:43.487 2019 UNUSED OPTIONS
3 [resolv-retry] [infinite]
4 [nobind]
5 [persist-key]
6 [persist-tun]
7 [auth-nocache]
8 [route-delay] [5]
9 [verb] [3]
10 [explicit-exit-notify] [5]
18 [pull-filter] [ignore] [dhcp-option DNS]
39 [IPv6.ovpn]
Fri Nov  1 18:00:43.487 2019 EVENT: RESOLVE
Fri Nov  1 18:00:43.487 2019 Network filter and lock is using iptables
Fri Nov  1 18:00:43.491 2019 Successfully loaded kernel module iptable_filter
Fri Nov  1 18:00:43.500 2019 Successfully loaded kernel module iptable_nat
Fri Nov  1 18:00:43.503 2019 Successfully loaded kernel module iptable_mangle
Fri Nov  1 18:00:43.506 2019 Successfully loaded kernel module iptable_security
Fri Nov  1 18:00:43.509 2019 Successfully loaded kernel module iptable_raw
Fri Nov  1 18:00:43.512 2019 Successfully loaded kernel module ip6table_filter
Fri Nov  1 18:00:43.519 2019 Successfully loaded kernel module ip6table_nat
Fri Nov  1 18:00:43.522 2019 Successfully loaded kernel module ip6table_mangle
Fri Nov  1 18:00:43.525 2019 Successfully loaded kernel module ip6table_security
Fri Nov  1 18:00:43.527 2019 Successfully loaded kernel module ip6table_raw
# Warning: iptables-legacy tables present, use iptables-legacy-save to see them
# Warning: ip6tables-legacy tables present, use ip6tables-legacy-save to see them
Fri Nov  1 18:00:43.536 2019 Network filter successfully initialized
Fri Nov  1 18:00:43.536 2019 Local IPv4 address 192.168.110.11
Fri Nov  1 18:00:43.536 2019 Local IPv4 address 192.168.122.1
Fri Nov  1 18:00:43.536 2019 Local IPv6 address 2003:f5:f713:6500:da0f:dfee:ec7:71ae
Fri Nov  1 18:00:43.536 2019 Local IPv6 address fe80::588d:c0ef:5820:9720
Fri Nov  1 18:00:43.536 2019 Local interface enp35s0
Fri Nov  1 18:00:43.536 2019 Local interface virbr0
Fri Nov  1 18:00:43.536 2019 Local interface virbr0-nic
Fri Nov  1 18:00:43.536 2019 Setting up network filter and lock
Fri Nov  1 18:00:43.536 2019 OpenVPN profile has multiple remote directives. Temporarily adding remote servers to network filter.
Fri Nov  1 18:00:43.536 2019 WARNING: Cannot resolve 2001:ac8:20:2b:fbca:14fa:873e:4051
Fri Nov  1 18:00:43.536 2019 WARNING: Cannot resolve 2001:ac8:20:2c:463c:42f4:f700:3d77
Fri Nov  1 18:00:43.536 2019 WARNING: Cannot resolve 2a00:c98:2050:a007:b750:ad0d:3df1:5950
Fri Nov  1 18:00:43.536 2019 WARNING: Cannot resolve 2001:ac8:20:99:744e:9a79:9f43:89c7
Fri Nov  1 18:00:43.536 2019 WARNING: Cannot resolve 2a00:c98:2050:a02f:d4fa:1823:c0b2:2a77
Fri Nov  1 18:00:43.536 2019 WARNING: Cannot resolve 2a02:c205:0:1031:79f8:734d:afb7:43c
Fri Nov  1 18:00:43.536 2019 WARNING: Cannot resolve 2a00:c98:2050:a02f:b240:4a82:7fb6:af29
Fri Nov  1 18:00:43.536 2019 WARNING: Cannot resolve 2001:ac8:20:97:ec6c:776:1763:3ee7
Fri Nov  1 18:00:43.536 2019 WARNING: Cannot resolve 2001:ac8:20:98:5307:a6cf:d139:d129
Fri Nov  1 18:00:43.536 2019 WARNING: Cannot resolve 2001:ac8:20:2a:fa58:8bc5:ea41:6ecc
Fri Nov  1 18:00:43.536 2019 WARNING: Cannot resolve 2001:ac8:20:9a:9a5a:d9af:457a:bae8
Fri Nov  1 18:00:43.536 2019 WARNING: Cannot resolve 2001:ac8:20:5:6000:4b07:7b1c:4c0
Fri Nov  1 18:00:43.536 2019 WARNING: Cannot resolve 2a00:c98:2050:a02f:9a5:8bac:eb1d:d313
Fri Nov  1 18:00:43.536 2019 WARNING: Cannot resolve 2001:ac8:20:96:b054:682e:3392:c1ff
Fri Nov  1 18:00:43.536 2019 Allowing system DNS 192.168.110.22 to pass through the network filter
Fri Nov  1 18:00:43.561 2019 Network filter and lock successfully activated
Fri Nov  1 18:00:43.561 2019 Contacting [2001:ac8:20:2a:fa58:8bc5:ea41:6ecc]:443 via UDP
Fri Nov  1 18:00:43.561 2019 EVENT: WAIT
Fri Nov  1 18:00:43.561 2019 net_route_best_gw query IPv6: 2001:ac8:20:2a:fa58:8bc5:ea41:6ecc/128
Fri Nov  1 18:00:43.562 2019 sitnl_route_best_gw result: via fe80::9a9b:cbff:fe6d:a378 dev enp35s0
Fri Nov  1 18:00:43.562 2019 Fri Nov  1 18:00:43.562 2019 EVENT: DISCONNECTED
Fri Nov  1 18:00:43.581 2019 Network filter successfully restored
connect error: ipv4_exception: error parsing IPv4 address '2001:ac8:20:2a:fa58:8bc5:ea41:6ecc' : Invalid argument
Thread finished

[Staff 9972]

@giganerd

Hello!

Thanks! We can guess the bug from the log, yes, in the attempt to resolve IPv6 addresses instead of names which produce those warnings and in the end a fatal error. Can you please send us your profile (without certificates and keys, of course) for additional investigation?

Kind regards

 

[OpenSourcerer 1435]

# --------------------------------------------------------
# Air VPN | https://airvpn.org | Monday 3rd of December 2018 07:15:00 PM
# OpenVPN Client Configuration
# AirVPN_DE-Frankfurt_Ogma_UDP-443
# --------------------------------------------------------

client
dev tun
proto udp6
resolv-retry infinite
nobind
persist-key
persist-tun
auth-nocache
route-delay 5
verb 3
explicit-exit-notify 5
push-peer-info
setenv UV_IPV6 yes
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
key-direction 1
remote-random
pull-filter ignore "dhcp-option DNS"

### ROUTEN ###
route 192.168.0.0 255.255.0.0 192.168.110.1

# Ogma
remote 2001:ac8:20:2b:fbca:14fa:873e:4051 443
# Cervantes
remote 2001:ac8:20:2c:463c:42f4:f700:3d77 443
# Serpens
remote 2a00:c98:2050:a007:b750:ad0d:3df1:5950 443
# Mirfak
remote 2001:ac8:20:99:744e:9a79:9f43:89c7 443
# Veritate
remote 2a00:c98:2050:a02f:d4fa:1823:c0b2:2a77 443
# Mesarthim
remote 2a02:c205:0:1031:79f8:734d:afb7:43c 443
# Tucana
remote 2a00:c98:2050:a02f:b240:4a82:7fb6:af29 443
# Alsephina
remote 2001:ac8:20:97:ec6c:776:1763:3ee7 443
# Menkalinan
remote 2001:ac8:20:98:5307:a6cf:d139:d129 443

# unknown yet
remote 2001:ac8:20:2a:fa58:8bc5:ea41:6ecc 443
remote 2001:ac8:20:9a:9a5a:d9af:457a:bae8 443
remote 2001:ac8:20:5:6000:4b07:7b1c:4c0 443
remote 2a00:c98:2050:a02f:9a5:8bac:eb1d:d313 443
remote 2001:ac8:20:96:b054:682e:3392:c1ff 443
 

[colorman 26]

interesting, we are going to test on openSUSE 15.1.

Thanks GJ
no problems so far, only internet a bit slow

 

[Staff 9972]

On 11/2/2019 at 10:15 AM, GJElde said:

interesting, we are going to test on openSUSE 15.1.

Thanks GJ
no problems so far, only internet a bit slow

 

Hello!

If you have time to make comparisons, please take note whether OpenVPN 2, on rigorously equal terms (therefore no ChaCha20 comparison is possible unless you run OpenVPN 2.5 beta), is faster or slower than 3.3, and feel free to publish the throughput you get with both versions.

Kind regards
 

[colorman 26]

46 minutes ago, Staff said:

Hello!

If you have time to make comparisons, please take note whether OpenVPN 2, on rigorously equal terms (therefore no ChaCha20 comparison is possible unless you run OpenVPN 2.5 beta), is faster or slower than 3.3, and feel free to publish the throughput you get with both versions.

Kind regards

I suspect that the server I had yesterday was very busy and therefore slightly less fast.
How I can make the comparison, that's too high for me sorry.

Linux is a hobby, and I don't work in IT😉

[colorman 26]

A problem.......

error

[QueenSasha 1]

Lo lo Great great, at last something sweeter than wheezing monogenetic hyperbugged psychowindowsish mammoth Eddie. Aaaaand... fixing for real ovpn3 serious bugs, bravo AirVPN, don't wait lazy ovpn3 devs --- did not sanitize from bugs for years literally as far as I remember.

Working smoothly on Fedora 29 and Raspberry PI Raspbian in IPv4. ChaCha20 is a magic blue pill for Rasp ARM as expected, I get +20% min vs AES-128 and 256. I'm not sure I share your decision to allow momentarily local DNS traffic with Network Lock to resolve profile names. Mumbling mumbling.

Can we expect an OpenBSD version b4 xxxMas? Will u support pf and ipfw for NLock? Is this something you'll build a new g interface on top? If you build a g interface, will you make the whole forked library available in a daemon/service? Will you add user control on socket buffer or ovpn3 can manage it just fine through asio or whatever?

Will report bugs if I drive em out.

Keep it up my privacy paladins!

-- qs

Edited ... by QueenSasha

[maxandjim 2]

It worked for me straight away, using the same config file I was using in /etc/openvpn. I'm running a PI4 headless and using it as a wireless AP.
Speeds were instantly twice what I've ever had though Air prior.

Upon shutting the connection the network lock comes in as stated in the above post, and I've been forced to power off and on again. The --network-recover gives an error that no backup of resolv.conf is present, I've tried both as a command and within the config file.

I've also no internet on the AP, I can connect and get an IP address but no throughput. Eddie had an option for local traffic so maybe I'm missing that? 

[guuguu 0]

3 hours ago, maxandjim said:

It worked for me straight away, using the same config file I was using in /etc/openvpn. I'm running a PI4 headless and using it as a wireless AP.
Speeds were instantly twice what I've ever had though Air prior.

Upon shutting the connection the network lock comes in as stated in the above post, and I've been forced to power off and on again. The --network-recover gives an error that no backup of resolv.conf is present, I've tried both as a command and within the config file.

I've also no internet on the AP, I can connect and get an IP address but no throughput. Eddie had an option for local traffic so maybe I'm missing that? 


i have being trying to connect AIRVPN on RDP and it wouldn't work. The RDP allows AIRVPN but it won't just work, it doesn't test on your site when i run the TCP check. Pls what can i do to get this fixed and get working, it's days already. I appreciate your inputs. Thanks

[usr32 2]

That is great news, thank you, keep up the good work.

I performed a small benchmark for fun, comparing the throughput in a VM. What is weird is the Tx/Rx "reversal" with OpenVPN 2.4.4 versus 3.3.2 but probably just the peak values are relevant.

~30% more performance is something. Expected a little more but the CPU is heavily throttled (and supports AES-NI), so I guess this is a very good result. Here is the test.
 

### All tests performed on lowest cheapo cloud instance with Luhman

## No VPN
# Baseline

iperf3 Network Speed Tests (IPv4):
---------------------------------
Provider                  | Location (Link)           | Send Speed      | Recv Speed
                          |                           |                 |
Bouygues Telecom          | Paris, FR (10G)           | 967 Mbits/sec   | 7.44 Gbits/sec
Online.net                | Paris, FR (10G)           | 962 Mbits/sec   | 7.88 Gbits/sec
Severius                  | The Netherlands (10G)     | 966 Mbits/sec   | 2.72 Gbits/sec
Worldstream               | The Netherlands (10G)     | 966 Mbits/sec   | 7.51 Gbits/sec
wilhelm.tel               | Hamburg, DE (10G)         | 948 Mbits/sec   | 7.20 Gbits/sec
Hostkey                   | Moscow, RU (1G)           | 624 Mbits/sec   | 909 Mbits/sec
Velocity Online           | Tallahassee, FL, US (10G) | 878 Mbits/sec   | 958 Mbits/sec
Airstream Communications  | Eau Claire, WI, US (10G)  | 834 Mbits/sec   | 294 Mbits/sec

## With OpenVPN 2.4.4 and AES-256-GCM
# Test 1

iperf3 Network Speed Tests (IPv4):
---------------------------------
Provider                  | Location (Link)           | Send Speed      | Recv Speed
                          |                           |                 |
Bouygues Telecom          | Paris, FR (10G)           | 200 Mbits/sec   | 162 Mbits/sec
Online.net                | Paris, FR (10G)           | 210 Mbits/sec   | 120 Mbits/sec
Severius                  | The Netherlands (10G)     | 183 Mbits/sec   | 67.5 Mbits/sec
Worldstream               | The Netherlands (10G)     | 206 Mbits/sec   | 68.5 Mbits/sec
wilhelm.tel               | Hamburg, DE (10G)         | 216 Mbits/sec   | 59.7 Mbits/sec
Hostkey                   | Moscow, RU (1G)           | 135 Mbits/sec   | 78.7 Mbits/sec
Velocity Online           | Tallahassee, FL, US (10G) | 69.6 Mbits/sec  | 61.6 Mbits/sec
Airstream Communications  | Eau Claire, WI, US (10G)  | 62.6 Mbits/sec  | 45.4 Mbits/sec

# Test 2

iperf3 Network Speed Tests (IPv4):
---------------------------------
Provider                  | Location (Link)           | Send Speed      | Recv Speed
                          |                           |                 |
Bouygues Telecom          | Paris, FR (10G)           | 216 Mbits/sec   | 104 Mbits/sec
Online.net                | Paris, FR (10G)           | 252 Mbits/sec   | 101 Mbits/sec
Severius                  | The Netherlands (10G)     | 198 Mbits/sec   | 84.6 Mbits/sec
Worldstream               | The Netherlands (10G)     | 226 Mbits/sec   | 73.3 Mbits/sec
wilhelm.tel               | Hamburg, DE (10G)         | 238 Mbits/sec   | 62.4 Mbits/sec
Hostkey                   | Moscow, RU (1G)           | 129 Mbits/sec   | 160 Mbits/sec
Velocity Online           | Tallahassee, FL, US (10G) | 62.1 Mbits/sec  | 75.7 Mbits/sec
Airstream Communications  | Eau Claire, WI, US (10G)  | 77.9 Mbits/sec  | 67.6 Mbits/sec

## With AirVPN OpenVPN 3 Client 1.0 alpha 1 and CHACHA20-POLY1305
# Test 1

iperf3 Network Speed Tests (IPv4):
---------------------------------
Provider                  | Location (Link)           | Send Speed      | Recv Speed
                          |                           |                 |
Bouygues Telecom          | Paris, FR (10G)           | 40.3 Mbits/sec  | 303 Mbits/sec
Online.net                | Paris, FR (10G)           | 56.7 Mbits/sec  | 264 Mbits/sec
Severius                  | The Netherlands (10G)     | 83.2 Mbits/sec  | 213 Mbits/sec
Worldstream               | The Netherlands (10G)     | 47.8 Mbits/sec  | 283 Mbits/sec
wilhelm.tel               | Hamburg, DE (10G)         | 83.5 Mbits/sec  | 285 Mbits/sec
Hostkey                   | Moscow, RU (1G)           | 65.4 Mbits/sec  | 106 Mbits/sec
Velocity Online           | Tallahassee, FL, US (10G) | 48.9 Mbits/sec  | 106 Mbits/sec
Airstream Communications  | Eau Claire, WI, US (10G)  | 12.0 Mbits/sec  | 55.6 Mbits/sec

# Test 2

iperf3 Network Speed Tests (IPv4):
---------------------------------
Provider                  | Location (Link)           | Send Speed      | Recv Speed
                          |                           |                 |
Bouygues Telecom          | Paris, FR (10G)           | 134 Mbits/sec   | 333 Mbits/sec
Online.net                | Paris, FR (10G)           | 166 Mbits/sec   | 274 Mbits/sec
Severius                  | The Netherlands (10G)     | busy            | 254 Mbits/sec
Worldstream               | The Netherlands (10G)     | 121 Mbits/sec   | 334 Mbits/sec
wilhelm.tel               | Hamburg, DE (10G)         | 157 Mbits/sec   | 304 Mbits/sec
Hostkey                   | Moscow, RU (1G)           | 50.2 Mbits/sec  | 208 Mbits/sec
Velocity Online           | Tallahassee, FL, US (10G) | 45.9 Mbits/sec  | 92.5 Mbits/sec
Airstream Communications  | Eau Claire, WI, US (10G)  | 98.3 Mbits/sec  | 74.1 Mbits/sec

[colorman 26]

Can't connect to other than the Netherlands ??

 

airvpn-static-linux-x86_64 # ./AirVPN_Belgium_UDP-443.ovpn
./AirVPN_Belgium_UDP-443.ovpn: line 7: client: command not found
./AirVPN_Belgium_UDP-443.ovpn: line 8: dev: command not found
./AirVPN_Belgium_UDP-443.ovpn: line 9: remote: command not found
./AirVPN_Belgium_UDP-443.ovpn: line 10: resolv-retry: command not found
./AirVPN_Belgium_UDP-443.ovpn: line 11: nobind: command not found
./AirVPN_Belgium_UDP-443.ovpn: line 12: persist-key: command not found
./AirVPN_Belgium_UDP-443.ovpn: line 13: persist-tun: command not found
./AirVPN_Belgium_UDP-443.ovpn: line 14: auth-nocache: command not found
./AirVPN_Belgium_UDP-443.ovpn: line 15: route-delay: command not found
./AirVPN_Belgium_UDP-443.ovpn: line 16: verb: command not found
./AirVPN_Belgium_UDP-443.ovpn: line 17: explicit-exit-notify: command not found
./AirVPN_Belgium_UDP-443.ovpn: line 18: remote-cert-tls: command not found
./AirVPN_Belgium_UDP-443.ovpn: line 19: cipher: command not found
./AirVPN_Belgium_UDP-443.ovpn: line 20: comp-lzo: command not found
./AirVPN_Belgium_UDP-443.ovpn: line 21: proto: command not found
./AirVPN_Belgium_UDP-443.ovpn: line 22: key-direction: command not found
./AirVPN_Belgium_UDP-443.ovpn: line 23: syntax error near unexpected token `newline'
./AirVPN_Belgium_UDP-443.ovpn: line 23: `<ca>'

[Staff 9972]

Hello!


@giganerd

Bug detected and fixed, a new testing version is almost ready to be deployed. Thanks!


@QueenSasha

Thank you, actually speed, efficiency and low RAM footprint have been a priority in OpenVPN 3.3 AirVPN design. Glad to hear that you get remarkable performance boost in Raspberry. Our OpenVPN 3 development goes on and is aimed as usual to bug fixing and new features implementation.

Developer will answer soon to your technical questions, in the meantime feel free to keep us posted if you find any glitch or bug.


@usr32

Great comparison thank you! We are surprised that you could beat AES with ChaCha20 in an AES-NI supporting machine. Can you please specify the whole architecture? We would like to make some verifications with OpenVPN 3+mbedTLS for AES-NI support in specific archs.


@GJElde

So you made an OpenVPN text configuration file +x and you tried to run it?


@maxandjim

Thank you, we will investigate asap.

Kind regards

[colorman 26]

3 minutes ago, Staff said:

So you made an OpenVPN text configuration file +x and you tried to run it?

In the Client Area I created an .ovpn via OpenVPN Config Generator with the choice of Belgium or a country other than the Netherlands
They all don't work, only the Netherlands.

[Staff 9972]

5 minutes ago, GJElde said:

In the Client Area I created an .ovpn via OpenVPN Config Generator with the choice of Belgium or a country other than the Netherlands
They all don't work, only the Netherlands.

Hello!

ovpn profiles are not scripts or binaries that you can run: they are text files that will be parsed by some OpenVPN binary. Use profiles as arguments of the client software as you always did. Let's end it here and now, please: if you need clarifications on that, please feel free to open a ticket at your convenience because it's off topic here.

Kind regards
 

[colorman 26]

8 minutes ago, Staff said:

Hello!

ovpn profiles are not scripts or binaries that you can run: they are text files that will be parsed by some OpenVPN binary. Use profiles as arguments of the client software as you always did. Let's end it here and now, please: if you need clarifications on that, please feel free to open a ticket at your convenience because it's off topic here.

Kind regards
 

sorry, i am deeply ashamed, what a stupid mistake.

[maxandjim 2]

Trying a clean Raspian install on a Pi4 and noticed typos in the instructions.

Files are named alpha and the shell commands are alfa.

[maxandjim 2]

Did a clean install and fully updated. Buster on a headless Pi4 and set up my wifi AP with this https://www.raspberrypi.org/documentation/configuration/wireless/access-point.md#internet-sharing

Installed the Alpha1 and tried various config files and all seem to work and connect seamlessly, good speeds.
Nothing works on the AP though through the VPN, I can connect and ping wlan0 and tun0 from windows but no internet. This is probably blatantly obvious to most but I'm sadly out of my depth here so I'll leave this thread to the pros.

--recover-network gives the same fault as I mentioned earlier, no backup of resolv.conf, though when killing the connection with ctrl/c the last thing it says is "successfully restored DNS"

Ctrl/C kills everything, kills the ssh shell and I can't ssh back in to either eth0 or wlan0 #poweroff

Good luck with the project, I will keep my eye on it :-)



 

[QueenSasha 1]

Bug report to check:

the software freezes when it runs with a profile containing a remote line with a name resolving to multiple addresses . After a forced kill, software doesn't restore fw rules correctly with --recover-network when launched again

Test for example with:
remote europe.all.vpn.airdns.org 443

-- qs
 

[QueenSasha 1]

8 hours ago, Staff said:

@QueenSasha

Developer will answer soon to your technical questions, in the meantime feel free to keep us posted if you find any glitch or bug.

@maxandjim

Eagerly awaiting Mr. or Ms. Developer

I think I caught a nasty 👿 bug too, check the other message of mine.

-- qs

[Staff 9972]

17 hours ago, QueenSasha said:

Bug report to check:

the software freezes when it runs with a profile containing a remote line with a name resolving to multiple addresses . After a forced kill, software doesn't restore fw rules correctly with --recover-network when launched again

Test for example with:
remote europe.all.vpn.airdns.org 443

-- qs
 

Thanks a lot! Bug confirmed, a fix will be available soon.

Kind regards
 

[Staff 9972]

2 hours ago, jesus2 said:

Am I correct in understanding that, as of now, this client is not open-source since the code is nowhere to be found?

Hello!

Of course you are correct. We plan to release the stable edition of the software (or maybe the beta version) on GPLv3. We are at alpha stage currently, as you may have noticed. However OpenVPN 3 AirVPN code is available, have you examined it? Here it is: https://github.com/AirVPN/openvpn3-airvpn

Kind regards
 

[Staff 9972]

@maxandjim

Thank you, we will investigate about communications in the local network. If for some reason the remote ssh session gets broken with CTRL-C you can consider to run the client inside a screen and send a soft kill signal when you want to shut it down gracefully. Warning: if you lose ssh connection, the client will continue to run in "its screen", completely detached (even its stdin, stdout and stderr will be detached from the previous shell) so the machine will remain connected to the VPN and "network locked": make sure you can remotely force a machine reboot as an emergency rescue just in case you can't access it anymore via ssh.

About fantastic screen utility:
https://www.gnu.org/software/screen

Kind regards

[Staff 9972]

Hello!

AirVPN OpenVPN 3 client version 1.0 alpha 2 is now available. It addresses reported bugs and should resolve them.

AirVPN OpenVPN 3 Client 1.0 alpha 2 - 7 November 2019
 

Changelog
 

• [ProMIND] DNS resolver has now a better management of IPv6 domains
• [ProMIND] DNS resolver has now a better management of multi IP domains
• [ProMIND] Minor bug fixes

========

Linux 64 bit build can be downloaded here:
https://eddie.website/repository/eddie/airvpn-static1.0alpha/airvpn-static-linux-1.0-alpha2.tar.gz
SHA512: https://eddie.website/repository/eddie/airvpn-static1.0alpha/airvpn-static-linux-1.0-alpha2.tar.gz.sha512

Linux Raspbian 32 bit build can be downloaded here:
https://eddie.website/repository/eddie/airvpn-static1.0alpha/airvpn-static-raspberry-1.0-alpha2.tar.gz
SHA 512: https://eddie.website/repository/eddie/airvpn-static1.0alpha/airvpn-static-raspberry-1.0-alpha2.tar.gz.sha512

Thank you for your tests!

Kind regards