Jump to content
Not connected, Your IP: 34.229.131.116
Staff

Hummingbird 1.0: AirVPN client based on OpenVPN 3 AirVPN

Recommended Posts

Yesterday no errors all day, today back to errors It would be good to know what the problem is. Also I can't see from Hummingbird what server I am connected to, sometimes the cert shows the server name and other time no name shown just  "O=airvpn.org, CN=server" I can check with IP/DNS but not Hummingbird. I could also see server with Eddie.

Share this post


Link to post
@inc

Hello!

A GUI is planned, when the Hummingbird "backend" will run as a daemon. We are already working on it, right now.

At the moment you can see the information you need on the standard output, and rightly so! Hummingbird 1 "branch" must remain a light and stand alone binary with no graphic requirement of any kind.

If you need a GUI at the moment please run Eddie.

The problem you mention looks like a failure to DHE. Do you notice a similar problem with OpenVPN 2.x or not?

Kind regards
 

Share this post


Link to post

I think you misunderstand, I do not want GUI , I like Hummingbird, I use Linux and could not wait to remove Eddie with it's dependency on Mono. There are two issues with Hummingbird, it does not always show the AirVPN server name  I am connected to, and there is issue with hourly handshake failing. Since Hummingbird is self contained with your version of OpenVPN  I think that it is an issue with either the server or Hummingbird, I am assuming you want feedback. Regarding OpenVPN 2  I never used any of the beta versions of Hummingbird

See below, sometimes shows server name sometimes not.
 

Tue Jan  7 10:31:42.919 2020 VERIFY OK : depth=0
cert. version     : 3
serial number     : 01:0D
issuer name       : C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
subject name      : C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
issued  on        : 2016-03-10 08:48:05
expires on        : 2026-03-08 08:48:05
signed using      : RSA with SHA1
Tue Jan  7 11:52:39.656 2020 VERIFY OK : depth=0
cert. version     : 3
serial number     : 01:5D
issuer name       : C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
subject name      : C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Orbitar, emailAddress=info@airvpn.org
issued  on        : 2019-01-22 14:37:50
expires on        : 2029-01-19 14:37:50
signed using      : RSA with SHA-512

Share this post


Link to post
2 hours ago, inc said:

Yesterday no errors all day, today back to errors It would be good to know what the problem is.


I am also interested in these problems.  For me the new client has been at least as stable as OpenVPN 2, with sessions staying tacked up for days with no indication it ever failed rekeying.  Sometimes I'll see replay warnings when rsync'ing a repo or doing a speed test, but that was also the case with OpenVPN 2 so it is not particular to hummingbird.
 
1 hour ago, inc said:

it does not always show the AirVPN server name 


I assume this is a setting or value pulled from the server certificate rather than anything to do with hummingbird.  But I probably should let Staff confirm this.

Share this post


Link to post
@inc
@hawkflights

Hello!

The remote, destination server connection is always logged. Of course it may report exclusively an IP address and not an FQDN with its resolution: that depends on the profile.

In case of Air VPN servers, the CN can be either the server name or a generic "server" string (we need to make that consistent, yes).

A full integration with the AirVPN "bootstrap" servers will come with the future frontend(s) directing the daemon we mentioned in our previous message (you may have a sort of idea by looking at Eddie Android edition source code). We will disclose an estimated release date of the Hummingbird daemon beta version soon.

Your request has been well understood: in Linux several community members asked us to drop Mono and required software "10x" faster than Eddie, and we think that we have made some important steps in the right direction, according to the general feedback (thanks!). Remember, furthermore, that even Eddie 2.18.5 piece running as root is completely written in C++ and does not require Mono (Eddie GUI does).

Please keep reporting the problem (we still think it has to do with the re-keying), and also a comparison with OpenVPN 2 from the very same system of yours, if you can and if possible.

Kind regards
 

Share this post


Link to post
On 1/7/2020 at 1:26 PM, Staff said:

Please keep reporting the problem (we still think it has to do with the re-keying)


Yesterday I created another ovpn file using same servers but with UDP  tlscrypt, tls 1.2   and have not had error message for 24 hours.

Share this post


Link to post
1 hour ago, inc said:

Yesterday I created another ovpn file using same servers but with UDP  tlscrypt, tls 1.2   and have not had error message for 24 hours.
I'm also going to test

Share this post


Link to post

I finally encountered the rekeying errors that others reported here.  Attached is a screenshot of when the warning output began while logged into 'Telescopium' (CA), times shown are UTC.

screenshot-20200109_1209.png


Interestingly, the tunnel remains up while the Client Area indicates I've no active session with the server.

screenshot-20200109_1256.png.1c92daf0872a0d5254f13760d3345cfe.png

I will try leaving the connection up on that machine to see when it eventually drops.  N.B. Connection finally dropped at the hour mark after the keying issue began (~13:05 UTC), with the session successfully restarting on its own.

Share this post


Link to post
On 1/9/2020 at 11:57 AM, bunagga said:

Hello!

Thanks for the link. Nice that they talk about it, while it's sad to see that some people "suspect" about something weird when the code is open and a simple diff will tell you everything, even in relation to the bug fixes and new features.

If you read our forum you already know why the major changes and critical bug fixes are not in the main branch: AirVPN commits have been refused with pathetic motivations which have NEVER been technical reasons. Arne Schwabe even talked about coding standards when the code he (or OpenVPN 3 maintainers) approved previously is infested by "goto" (!!!), "break", wrong indentations and totally crazy stuff, while AirVPN code is very elegant even according to the Art of Computer Programming books.

Therefore, now OpenVPN 3 library is bugged, obsolete, without CHACHA20 support and unusable in Linux (just verify the critical bug in re-connections inside a session, which has been patched by us), while OpenVPN 3 AirVPN fork has CHACHA20 support (in Data Channel too), ncp-disable, a new class to handle AEAD ciphers, and works nicely in Android, Linux x86-64 - ARM 32 - ARM 64 and macOS.

Kind regards
 

Share this post


Link to post
23 hours ago, colorman said:
On 1/9/2020 at 9:59 AM, inc said:

Yesterday I created another ovpn file using same servers but with UDP  tlscrypt, tls 1.2   and have not had error message for 24 hours.
I'm also going to test
@Staff @inc

Can you explain to me what the difference is with the "normal" way.
I also experience a better speed with UDP tlscrypt, tls 1.2
No problems so far

Thanks GJ

Share this post


Link to post
20 hours ago, colorman said:

I also experience a better speed with UDP tlscrypt, tls 1.2


I must admit I was still using tls-auth until quite recently.  However even after switching to tls-crypt I continue to have keying problems.
I'm not sure what changed, since prior to my report above I had no such problem even with earlier test releases.

Share this post


Link to post
@hawkflights

Hello!

Can you please tell us your exact Linux distribution version?

@colorman

Hello!

TLS Crypt encrypts the whole OpenVPN Control Channel. Therefore DPI can't detect anymore any typical OpenVPN "fingerprint", thus can't trigger traffic shaping against OpenVPN, or similar. TLS Crypt in an agnostic network does not improve or affect negatively performance, as most of the time is spent on encryption and decryption of the Data Channel. Therefore, if you experience a better throughput with TLS crypt, a plausible explanation is that your ISP enforces traffic shaping.

@inc

Hello!

Should the re-keying errors re-appear, can you tell us your exact Linux distribution version?

@funkoholic

Hello!

Connection over Tor is not planned for the next major release, which is focused on creating an Hummingbird daemon and two different frontends, one of them in Qt, without adding major new features at least for the first release cycle.

Connection over Tor is a special case of the more general connection over a SOCKS proxy, with the addition of communications with Tor to obtain the Tor entry-node IP address and route it outside the VPN, preventing the infinite routing loop problem. Hence, we need to review the code of the library pertaining to connections over a proxy, which we did not touch.

Kind regards
 

Share this post


Link to post
39 minutes ago, Staff said:

Can you please tell us your exact Linux distribution version?


@Staff I'm running Slackware 14.2 stable with kernel 4.4.208 and a source build of Hummingbird 1.0 against mbedtls 2.16.2.

Share this post


Link to post
On 1/11/2020 at 12:31 PM, Staff said:
Should the re-keying errors re-appear, can you tell us your exact Linux distribution version?
 
Had another error message today.
openSUSE 15.1 kernel: 4.12.14-lp151.28.36.1

Sat Jan 11 13:28:54.196 2020 ERROR: KEY_STATE_ERROR
Sat Jan 11 13:28:54.254 2020 ERROR: KEY_STATE_ERROR
Sat Jan 11 13:28:54.254 2020 ERROR: KEY_STATE_ERROR
Sat Jan 11 13:28:56.013 2020 ERROR: KEY_STATE_ERROR
Sat Jan 11 13:29:00.010 2020 ERROR: KEY_STATE_ERROR
Sat Jan 11 13:29:08.195 2020 ERROR: KEY_STATE_ERROR
Sat Jan 11 13:29:24.196 2020 ERROR: KEY_STATE_ERROR

Share this post


Link to post
8 hours ago, Staff said:

@inc

Should the re-keying errors re-appear, can you tell us your exact Linux distribution version?
 

Only had one error message in last three days. Running Debian sid ( siduction) with Kernel: 5.4.10-towo.1-siduction-amd64 x86_64

Share this post


Link to post
@monstrocity

Thank you! Please post  a copy of your message in the Eddie 2.18 beta thread though. Here we just need to verify whether the problem occurs or not when Hummingbird is run by itself: when you are connected to some VPN server, over TCP, can you "ping" an arbitrary host without errors?

Faster throughput and higher general responsiveness is expected as our OpenVPN 3 AirVPN library is highly optimized, from the source code itself,  if you compare it with OpenVPN 2.x.

Kind regards
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...