pjnsmb 13 Posted ... @Staff thanks for the clarification that works for me regards Hide pjnsmb's signature Hide all signatures regardspjnsmb Share this post Link to post
misam 9 Posted ... I successfully created a ProxyVM within QubesOS using hummingbird and I confirm that connection works, however I have problems when trying to use this ProxyVM connections for other AppVM's. They basically do not connect. Accoring to QubesOS VPN section, it should be all working but it is not. I mean, I do not expect a solution here, I think I should post to QubesOS but heads up for hummingbird working (more or less lol) in Qubes. Share this post Link to post
misam 9 Posted ... Sometimes I am getting a bunch of KEY_STATE_ERROR messages, however connection is still on. 1 fiverair reacted to this Share this post Link to post
monstrocity 31 Posted ... Hummingbird has been updated to 1.0.1. Have you tried the latest version? Share this post Link to post
misam 9 Posted ... yes I am on 1.0.1 but still getting (quite randomly) there errors. Right now while I am writing this post, I see them. Share this post Link to post
Androidlinux 0 Posted ... Hi, thank you so much for the new client, I am going to try it, but I have one question, is there any way to change servers without stopping the process. Basically, I have a python script that triggers vpn server change, previously I used the system gui scripting (mac) , however that it can't do this in background, it always requires control over PC. Now I want to use it on Linux, is it possible to send something like a signal to change a server? Thanks Share this post Link to post
Staff 9972 Posted ... @Androidlinux Hello! Currently not, we're sorry (you need to send a kill signal to Hummingbird and restart it with a new profile, which is not exactly what you ask for), but this feature will be available in the frontend+daemon solution. Hummingbird will be maintained as a stand alone binary and will also evolve in to a new software. The daemon is already in advanced development stage and initially we will release it together with a CLI frontend. Immediately after that, development of a GUI for the daemon, based on Qt, will begin. Kind regards 1 1 encrypted and Androidlinux reacted to this Share this post Link to post
Androidlinux 0 Posted ... 38 minutes ago, Staff said: @Androidlinux Hello! Currently not, we're sorry (you need to send a kill signal to Hummingbird and restart it with a new profile, which is not exactly what you ask for), but this feature will be available in the frontend+daemon solution. Hummingbird will be maintained as a stand alone binary and will also evolve in to a new software. The daemon is already in advanced development stage and initially we will release it together with a CLI frontend. Immediately after that, development of a GUI for the daemon, based on Qt, will begin. Kind regards Thank you for the prompt answer, that will be a really cool feature! Share this post Link to post
frk1337 3 Posted ... The Linux binary does not run on the most recent Synology DSM (DS918+): hummingbird: /lib/libstdc++.so.6: no version information available (required by hummingbird) hummingbird: /lib/libstdc++.so.6: no version information available (required by hummingbird) hummingbird: /lib/libstdc++.so.6: no version information available (required by hummingbird) hummingbird: /lib/libstdc++.so.6: no version information available (required by hummingbird) hummingbird: /lib/libstdc++.so.6: no version information available (required by hummingbird) hummingbird: /lib/libstdc++.so.6: no version information available (required by hummingbird) hummingbird: /lib/libstdc++.so.6: no version information available (required by hummingbird) hummingbird: /lib/libstdc++.so.6: no version information available (required by hummingbird) hummingbird: /lib/libstdc++.so.6: no version information available (required by hummingbird) hummingbird: /lib/libstdc++.so.6: no version information available (required by hummingbird) hummingbird: /lib/libstdc++.so.6: no version information available (required by hummingbird) hummingbird: /lib/libstdc++.so.6: no version information available (required by hummingbird) hummingbird: /lib/libstdc++.so.6: no version information available (required by hummingbird) hummingbird: relocation error: hummingbird: symbol _ZTINSt3_V214error_categoryE, version GLIBCXX_3.4.21 not defined in file libstdc++.so.6 with link time reference Any plans for a static Linux x86_64 binary ? Share this post Link to post
farquaad 14 Posted ... The following is a basic script to randomise vpn connections. It works on a MacOS and can surely be adapted for Linux. #!/usr/bin/env sh # Tested on MacOS. Will require 'brew install randomize-lines' or a change of code to randomise. # Script launches process in screen background. To reattach: 'sudo screen -r'. For more, 'man scren' # I have the following in my user root: # vpn/safe - All non 14 eyes and close # vpn/toofar - All non 14 eyes and too far # vpn/14eyes - All 14 eyes that I should never touch # Check you are root if [[ $(whoami) != 'root' ]]; then echo "You need to be root!" exit 1 fi # Kill all humingbird instances. Softly first... [ $(pgrep hummingbird) ] && pkill -15 hummingbird [ $(pgrep hummingbird) ] && pkill -9 hummingbird # Make sure it isn't locked before starting hummingbird --recover-network if [[ $1 == '' ]]; then # Randomise vpn=$(find ~/vpn/safe -type f -name '*.ovpn' | rl --count=1) else vpn=$1 fi # Start in the background echo "Connecting to: $(basename $vpn)" screen -d -m sudo hummingbird --network-lock on --persist-tun --auth-retry --tcp-queue-limit 4000 $vpn Hope it can help someone out there. Share this post Link to post
OpenSourcerer 1435 Posted ... @farquaad A few remarks for Linux: I'd rewrite the question about root to a relaunch as root: # Check you are root if [[ $(whoami) != 'root' ]]; then sudo $0; exit 0; fi Since the hummingbird binary will not be in PATH, one must decide whether to copy it to /usr/local/sbin or enter hummingbird's path to PATH. Otherwise calling hummingbird will output a command not found error. Randomization can be done with shuf. It's part of coreutils so everyone should have it. It accepts files directly, so one can think about calling it with shuf -n 1 ~/vpn/safe instead. I don't quite understand the find command, especially why you look for ".ovpn". Maybe, because I don't know the format of that safe file. Can you elaborate or even provide it? One can even think about generating it in a semi-automatic fashion in the future. Some distributions don't come with screen preinstalled, like Debian. I will add a check for this which terminates the script if it's not found. There are far more elegant solutions for this. The hummingbird options may be relevant for you only. I'd reduce them to something everyone would want, like NetLock. And since we call the script as root, sudo wouldn't be needed. All in all: #!/usr/bin/env sh # Script launches process in screen background. On some distribution, it must first be installed with a package manager. # To reattach: 'sudo screen -r'. For more, 'man screen'. # Original author uses some files with this script: # vpn/safe - All non 14 eyes and close # vpn/toofar - All non 14 eyes and too far # vpn/14eyes - All 14 eyes that should never be touched # Check if screen is installed screen -v 2>/dev/null if [ $? -eq 127 ]; then echo "Screen doesn't seem to be installed. Exiting." exit 1 fi # Check if you are root if [[ $(whoami) != 'root' ]]; then sudo $0 exit 0 fi # Kill all hummingbird instances. Softly first... [ $(pgrep hummingbird) ] && pkill -15 hummingbird [ $(pgrep hummingbird) ] && pkill -9 hummingbird # Make sure it isn't locked before starting hummingbird --recover-network if [[ $1 == '' ]]; then # Randomise vpn=$(find ~/vpn/safe -type f -name '*.ovpn' | shuf -n 1) else vpn=$1 fi # Start in the background echo "Connecting to: $(basename $vpn)" screen -d -m hummingbird --persist-tun $vpn Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
farquaad 14 Posted ... @giganerd I did do a few assumptions. I copied the binary to /usr/local/bin, I should have mentioned it. There is a coreutils on brew so using shuf will also work on the Mac. One step closer to Linux. Good catch on screen. This was tested on a Mac but yes, Debian comes without so why not test it and try and make it work there too. Using which might be cleaner I would rather warn that someone is not root rather than prompt for a password and have them wonder why. My ~/vpn/safe is nothing more than the list of vpn servers I connect to. An ls would do the trick but I went with find. find ~/vpn/safe -type f -name '*.ovpn' /Users/farquaad/vpn/safe/AirVPN_Czech-Republic_TCP-443-Entry3.ovpn /Users/farquaad/vpn/safe/AirVPN_Switzerland_TCP-443-Entry3.ovpn /Users/farquaad/vpn/safe/AirVPN_Lithuania_UDP-443-Entry3.ovpn [...] hummingbird preset were indeed meant for me and I didn't think of changing them. Maybe version 2 might allows hummingbird options on the command line. Thanks for your feedback! #!/usr/bin/env sh # Script launches process in screen background. To reattach: 'sudo screen -r'. For more, 'man scren' # The following folder structure contains my ovpn files: # vpn//safe - All non 14 eyes and close # vpn//toofar - All non 14 eyes and too far # vpn//14eyes - All 14 eyes that I should never touch # Check if screen is installed if [ ! $(which screen) ]; then echo "Screen doesn't seem to be installed. Exiting." exit 1 fi # Check you are root if [[ $(whoami) != 'root' ]]; then echo "You need to be root!" exit 1 fi # Kill all humingbird instances. Softly first... [ $(pgrep hummingbird) ] && pkill -15 hummingbird [ $(pgrep hummingbird) ] && pkill -9 hummingbird # Make sure it isn't locked before starting hummingbird --recover-network if [[ $1 == '' ]]; then # Randomise vpn=$(find ~/vpn/safe -type f -name '*.ovpn' | shuf -n 1) else vpn=$1 fi # Start in the background echo "Connecting to: $(basename $vpn)" screen -d -m hummingbird --persist-tun $vpn Share this post Link to post
OpenSourcerer 1435 Posted ... 1 hour ago, farquaad said: My ~/vpn/safe is nothing more than the list of vpn servers I connect to. An ls would do the trick but I went with find. You did it this way because hummingbird doesn't support remote-random yet, am I right? 1 hour ago, farquaad said: I would rather warn that someone is not root rather than prompt for a password and have them wonder why. Fair enough. 1 hour ago, farquaad said: Using which might be cleaner I agree. Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
inc 3 Posted ... Bit of a problem, I was trying to set up some port forwarding on my Microtek router (no vpn) and forgot I was running the vpn on my pc so closed it ,since then I can now only get online through the vpn and cannot reach the router setup via the browser. I can reach the router through a terminal and the settings look fine running the hummingbird --recover-network command I get It seems this program has properly exited in its last run and it has already restored network settings on exit. ERROR: Backup copy of resolv.conf not found. ERROR: Backup copy of network filter not found. I have looked at the network config files and they all look OK any ideas where to look next I will probably do a hard reset of the router and try a reinstall of the OS next but that will be a last resort. Share this post Link to post
OpenSourcerer 1435 Posted ... iptables -F Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
inc 3 Posted ... Thanks, no change, the iptables files look ok, I don't use them on the pc Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination # Warning: iptables-legacy tables present, use iptables-legacy to see them Share this post Link to post
inc 3 Posted ... Solved, got into the routerOS via the terminal and eventually worked out how to disable the NAT settings I had been working on when the problem occurred and it all seems to be back to normal. Share this post Link to post
muelli 2 Posted ... Something is really wrong with the "hummingbird" client. It is eating 100% CPU @<40mbit on my celeron J1900 with CHACHA20:POLY1305 cipher. Openvpn 2.4 can crunch around 200MBit on this CPU with AES256 cipher.... so there must be some error somewhere.... Share this post Link to post
Staff 9972 Posted ... @muelli Hello! We have not observed the behavior on our testing machines and it has never been reported before, so it needs to be investigated from scratch. What is your exact Linux distribution? What is the CPU usage if you use AES-CBC and AES-GCM? Kind regards Share this post Link to post
muelli 2 Posted ... @Staff LInux flavor: Ubuntu 18.04.3 LTS, 4.15.0-88-generic #88-Ubuntu SMP Tue Feb 11 20:11:34 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux CPU (Celeron J1900) usage: OpenVPN3, AES-256-CBC, 97% @200Mbit OpenVPN3, AES-256-GCM, 98% @200Mbit Hummingbird 1.0.2, AES-256-CBC, 100% @52Mbit Hummingbird 1.0.2, AES-256-GCM, 100% @45Mbit Hummingbird 1.0.2, CHACHA20-POLY1305, 100% @35Mbit Share this post Link to post
Staff 9972 Posted ... @muelli Thanks. We failed to reproduce it, but it must be said that we don't have a Celeron at all. Does anybody else observe a 100% CPU load, or anyway high CPU load? If so, at what throughput? Kind regards Share this post Link to post
muelli 2 Posted ... @Staff This particular Intel CPU has no AES-NI, so that was the reason for testing ChaCha20. Maybe you find a x86 CPU in your lab without AES-NI as well to test? Share this post Link to post
Staff 9972 Posted ... 18 minutes ago, muelli said: @Staff This particular Intel CPU has no AES-NI, so that was the reason for testing ChaCha20. Maybe you find a x86 CPU in your lab without AES-NI as well to test? Not even one unfortunately... but we have a plethora of ARM processors. Another very weird occurrence in your case is that you have LESS throughput with CHACHA20 than with AES, which is unexpected indeed on a non-AES-NI supporting system. Actually we observe the opposite on ARM based devices (better throughput and longer battery life). Let's see whether somebody else can report from some similar system. Quote OpenVPN3, AES-256-CBC, 97% @200Mbit OpenVPN3, AES-256-GCM, 98% @200Mbit EDIT: how do you use OpenVPN 3 library in your system? We see a huge boost when compared to Hummingbird, it could be a good starting point to check various things. Kind regards Share this post Link to post
muelli 2 Posted ... @Staff Not sure what you mean about how I use the openvpn3 library. I am using the official openvpn repo described here:https://community.openvpn.net/openvpn/wiki/OpenVPN3Linux The linked libs for my openvpn3 binary from this repo are: linux-vdso.so.1 (0x00007ffc5e1f4000) libssl.so.1.1 => /usr/lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007f08f745a000) libcrypto.so.1.1 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007f08f6f8f000) libgio-2.0.so.0 => /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 (0x00007f08f6bf0000) libgobject-2.0.so.0 => /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 (0x00007f08f699c000) libglib-2.0.so.0 => /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0 (0x00007f08f6685000) libjsoncpp.so.1 => /usr/lib/x86_64-linux-gnu/libjsoncpp.so.1 (0x00007f08f6453000) liblz4.so.1 => /usr/lib/x86_64-linux-gnu/liblz4.so.1 (0x00007f08f6237000) libstdc++.so.6 => /usr/lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007f08f5eae000) libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f08f5c96000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f08f5a77000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f08f5686000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f08f5482000) libgmodule-2.0.so.0 => /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0 (0x00007f08f527e000) libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f08f5061000) libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1 (0x00007f08f4e39000) libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007f08f4c1e000) libmount.so.1 => /lib/x86_64-linux-gnu/libmount.so.1 (0x00007f08f49ca000) libffi.so.6 => /usr/lib/x86_64-linux-gnu/libffi.so.6 (0x00007f08f47c2000) libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 (0x00007f08f4550000) libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f08f41b2000) /lib64/ld-linux-x86-64.so.2 (0x00007f08f7a62000) libblkid.so.1 => /lib/x86_64-linux-gnu/libblkid.so.1 (0x00007f08f3f65000) librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f08f3d5d000) libuuid.so.1 => /lib/x86_64-linux-gnu/libuuid.so.1 (0x00007f08f3b56000) If you need another information, pls elaborate 2 OpenSourcerer and Staff reacted to this Share this post Link to post
snrtd 0 Posted ... I get 100 % CPU usage at around 20 MBytes/s with CHACHA20; with AES-256-GCM I get 100 % usage at around 40 MBytes/s. Is that to be expected on a i5-7200U CPU @ 2.5 GHz? Share this post Link to post