Jump to content
Not connected, Your IP: 3.144.86.38
Staff

Hummingbird 1.0.2 released

Recommended Posts

In the meantime I'm going to run Hummingbird with Network Lock off. May main concern over a dropped VPN connection is with torrents, and I have a utility (Clutch) that will drop my torrent client {Transmission) connection if the VPN goes down. Also, Network Lock was blocking my Airprint printers. I can use them again with the lock off.

Share this post


Link to post

Hello,

Are there plans to add chacha20 support to all of the servers anytime soon? The number of experimental servers with chacha20 support are very limited at the moment. It would appear that the technology behind this has been sufficiently tested (or it seems so to me at least). I want to switch all my Linux installs over to this but at the moment it is still too limited as to number of servers...

Share this post


Link to post
@puff-m-d

Hello!

Our initial plan was that all the servers would run OpenVPN 2.5 and therefore support CHACHA20 with OpenVPN 2.5 stable release.

The plan was made in autumn 2019. OpenVPN 2.5 stable release had been previously announced for December 2019.

We are now almost in April 2020 and OpenVPN 2.5 stable has not been released yet. Therefore, we could add a few additional servers. We have already several requests and we need to decide additional locations. Please tell us your favorite country (not here, as the thread would be quickly hijacked, but in a ticket).

Kind regards
 

Share this post


Link to post
On 3/16/2020 at 12:07 PM, Staff said:

 @dedo299

Hello!

It has been reported sporadically that OpenVPN3 library fails DHE re-keying when it is initiated on server side. The gathered data is unfortunately anecdotal but those few users who met the problem could resolve it by forcing Hummingbird to be the first to initiate a re-keying.

Please add in your profile the following directive:


reneg-sec 1200

and the problem should disappear
 
Hi , Just noticed Hummingbird 1.0.2 is out it may be useful if you could announce any new release (like with Eddie)  on twitter. I have just made the changes you have suggested to reduce or better still eliminate the re-keying errors so far seems OK. I assume the 1200 is not critical and be set at other values.

Share this post


Link to post

Apologies, I follow you on Twitter but missed your tweet 😞

Share this post


Link to post
Posted ... (edited)

Hello!

I have been trying Hummingbird 1.0.2 (macOS) today and I have found two issues:


1- stdout and stderr are mixed.


Command to reproduce:

hummingbird example.ovpn > stdout.log 2> stderr.log


Errors appear in stdout, this is a selection of errors found:

ERROR: cannot detect IPv6 default gateway
Thu Apr  2 19:06:57.089 2020 UDP send exception: send: Can't assign requested address
Thu Apr  2 19:06:57.089 2020 ERROR: NETWORK_SEND_ERROR
Thu Apr  2 19:08:13.465 2020 ERROR: KEEPALIVE_TIMEOUT
Thu Apr  2 19:08:15.485 2020 ERROR: N_RECONNECT
Thu Apr  2 19:14:33.848 2020 ERROR: Cannot restore DNS settings. Backup copy of system DNS not found.
Thu Apr  2 19:14:33.848 2020 ERROR: Backup copy of network filter not found.


While stderr contains messages that does not seem like execution errors (this block repeats over and over, no different content found):

No ALTQ support in kernel
ALTQ related functions disabled
No ALTQ support in kernel
ALTQ related functions disabled
rules cleared
nat cleared
dummynet cleared
0 tables deleted.
0 states cleared
source tracking entries cleared
pf: statistics cleared
pf: interface flags reset
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.


2- Hummingbird cannot reestablish connection after network connection drop.

How to reproduce:

  1. Run hummingbird.
  2. Disconnect network (disable WiFi, disconnect wired connection, etc).
  3. Connect wire/WiFi again.

The stdout log shows many network errors then, after about 15s of recovering network connection it starts to loop with these errors:

Thu Apr  2 20:24:19.976 2020 ERROR: NETWORK_SEND_ERROR
Thu Apr  2 20:24:19.976 2020 UDP send exception: send: Can't assign requested address
Thu Apr  2 20:24:19.976 2020 ERROR: NETWORK_SEND_ERROR
Thu Apr  2 20:24:19.977 2020 UDP send exception: send: Can't assign requested address
Thu Apr  2 20:24:19.977 2020 ERROR: NETWORK_SEND_ERROR
Thu Apr  2 20:24:19.977 2020 UDP send exception: send: Can't assign requested address
Thu Apr  2 20:24:19.977 2020 ERROR: NETWORK_SEND_ERROR
Thu Apr  2 20:24:19.977 2020 UDP send exception: send: Can't assign requested address
Thu Apr  2 20:24:19.977 2020 ERROR: NETWORK_SEND_ERROR
Thu Apr  2 20:24:20.555 2020 ERROR: KEEPALIVE_TIMEOUT
Thu Apr  2 20:24:20.555 2020 Session invalidated: KEEPALIVE_TIMEOUT
Thu Apr  2 20:24:20.555 2020 Client terminated, restarting in 2000 ms...
Thu Apr  2 20:24:22.556 2020 EVENT: RECONNECTING
Thu Apr  2 20:24:22.557 2020 Successfully restored system DNS.
Thu Apr  2 20:24:22.567 2020 Network filter successfully restored
Thu Apr  2 20:24:22.567 2020 ERROR: N_RECONNECT
Thu Apr  2 20:24:22.567 2020 Contacting 89.249.74.212:443 via UDP
Thu Apr  2 20:24:22.567 2020 EVENT: WAIT
Thu Apr  2 20:24:22.567 2020 Thu Apr  2 20:24:22.568 2020 Connecting to [gb.vpn.airdns.org]:443 (89.249.74.212) via UDPv4
Thu Apr  2 20:24:22.568 2020 UDP send exception: send: Can't assign requested address
Thu Apr  2 20:24:22.568 2020 ERROR: NETWORK_SEND_ERROR
Thu Apr  2 20:24:23.568 2020 UDP send exception: send: Can't assign requested address
Thu Apr  2 20:24:23.568 2020 ERROR: NETWORK_SEND_ERROR
Thu Apr  2 20:24:24.571 2020 UDP send exception: send: Can't assign requested address
Thu Apr  2 20:24:24.571 2020 ERROR: NETWORK_SEND_ERROR
Thu Apr  2 20:24:25.572 2020 UDP send exception: send: Can't assign requested address
Thu Apr  2 20:24:25.572 2020 ERROR: NETWORK_SEND_ERROR
Thu Apr  2 20:24:26.575 2020 UDP send exception: send: Can't assign requested address


The only way to recover inet connection is to kill the process (SIGINT) and, to recover VPN, launch hammingbird again (with the inevitable leak between these commands).

If you prefer that I open two issues at Gitlab just let me know and I will move these there :)

Thanks!

Edited ... by airvpn@ignlg.com
Semantic fixes

Share this post


Link to post
@airvpn@ignlg.com

Hello and thank you!

The logging you mention is correct, Hummingbird writes to stdout everything coming from OpenVPN3-AirVPN library by design, which could be changed in the future but at the moment we're fine with that, as it appears rational to write to stdout connection errors etc. from the library and not errors related to Hummingbird in itself.

The logic behind it is that any connection or packet error is related to line etc. and not to the binary operation, so it is reasonable that all the OpenVPN3-AirVPN library responses pertaining to connections and packet operations go to stdout.

"No ALTQ support in kernel" error might be caused by a macOS version older than Catalina, can you tell us your exact macOS version?

Connection errors in paragraph 2 suggest that UDP and/or OpenVPN are blocked, does the same happen if you try a connection in TCP to entry-IP address THREE?

Kind regards
 

Share this post


Link to post
21 hours ago, Staff said:

"No ALTQ support in kernel" error might be caused by a macOS version older than Catalina...


My understanding is that "No ALTQ support in kernel" is not an error message but a warning/notice that ALTQ functions are not available. Since OSX 10.7 (Lion), Apple has used two firewalls: one at the application level (ALF) and a packet filter (pf), the latter based on Open BSD (but modified). Pf has a QoS/queuing option called ALTQ that Apple never activated (at least up through Mojave; I don’t know about Catalina). So whenever pf is called, it puts up a routine notice that ALTQ functions aren’t available. I’m assuming Hummingbird and OpenVPN3-AirVPN 3.6.3 don’t have anything to do with ALTQ and that the notice can be safely ignored. Is that correct?

Share this post


Link to post
12 minutes ago, dedo299 said:

My understanding is that "No ALTQ support in kernel" is not an error message but a warning/notice that ALTQ functions are not available. Since OSX 10.7 (Lion), Apple has used two firewalls: one at the application level (ALF) and a packet filter (pf), the latter based on Open BSD (but modified). Pf has a QoS/queuing option called ALTQ that Apple never activated (at least up through Mojave; I don’t know about Catalina). So whenever pf is called, it puts up a routine notice that ALTQ functions aren’t available. I’m assuming Hummingbird and OpenVPN3-AirVPN 3.6.3 don’t have anything to do with ALTQ and that the notice can be safely ignored. Is that correct?

Agree. I would say that log levels are a work in progress, and those messages seem like info or even debug. I am using Mojave too (won't upgrade yet due to dev env issues).

As I don't know C++ enough to fix the network reconnection myself, I will be working asap on a wrapper/launcher for Hummingbird to detect network availability and trigger a restart, so I can have it running as LaunchDaemon, logging to /var/log. If I end up with something useful I will post it here, it could be useful for someone else too.

I have to say that the time from start to being connected is surprisingly fast. I do not miss WireGuard at all with Humminbird in the toolbox. Kudos for the AirVPN team.

Share this post


Link to post
10 hours ago, rustacean said:

Agree. I would say that log levels are a work in progress, and those messages seem like info or even debug.


Just to clarify, the No ALTQ messages are coming directly from pf. Hummingbird is just passing them on.
 
10 hours ago, rustacean said:

I will be working asap on a wrapper/launcher for Hummingbird to detect network availability and trigger a restart, so I can have it running as LaunchDaemon, logging to /var/log.


That's something I would be very interested in trying. Staff has been promising a daemon "real soon now" (my wording) but when that will happen is anyone's guess. Not to complain, though, I too am pleased with the work that's been done so far.

A week ago I posted some wake from sleep problems that have cropped up on my desktop (laptop, too--both running Mojave). Using udp 443 entry3 with network lock profile. It's okay without the lock. Have you had any problems with Hummingbird locking the network on wake, or is that what you're talking about in your first post above?  I'm going to try the tcp profile to see if it makes any difference.

Share this post


Link to post

I still can't connect to server via IPv6.
On Manjaro and Arch I've got the same error.
 

Hummingbird - AirVPN OpenVPN 3 Client 1.0.2 - 4 February 2020

Tue Apr  7 20:08:15.357 2020 Starting thread
Tue Apr  7 20:08:15.358 2020 OpenVPN core 3.6.3 AirVPN linux x86_64 64-bit
Tue Apr  7 20:08:15.364 2020 Frame=512/2048/512 mssfix-ctrl=1250
Tue Apr  7 20:08:15.370 2020 UNUSED OPTIONS
3 [resolv-retry] [infinite]
4 [nobind]
5 [persist-key]
6 [persist-tun]
7 [auth-nocache]
8 [route-delay] [5]
9 [verb] [3]
10 [explicit-exit-notify] [5]
Tue Apr  7 20:08:15.370 2020 EVENT: RESOLVE
Tue Apr  7 20:08:15.370 2020 WARNING: NetworkManager is running on this system and may interfere with DNS management and cause DNS leaks
Tue Apr  7 20:08:15.370 2020 Network filter and lock is using iptables-legacy
Tue Apr  7 20:08:15.382 2020 Successfully loaded kernel module iptable_filter
Tue Apr  7 20:08:15.403 2020 Successfully loaded kernel module iptable_nat
Tue Apr  7 20:08:15.409 2020 Successfully loaded kernel module iptable_mangle
Tue Apr  7 20:08:15.415 2020 Successfully loaded kernel module iptable_security
Tue Apr  7 20:08:15.420 2020 Successfully loaded kernel module iptable_raw
Tue Apr  7 20:08:15.426 2020 Successfully loaded kernel module ip6table_filter
Tue Apr  7 20:08:15.442 2020 Successfully loaded kernel module ip6table_nat
Tue Apr  7 20:08:15.448 2020 Successfully loaded kernel module ip6table_mangle
Tue Apr  7 20:08:15.454 2020 Successfully loaded kernel module ip6table_security
Tue Apr  7 20:08:15.459 2020 Successfully loaded kernel module ip6table_raw
Tue Apr  7 20:08:15.462 2020 Network filter successfully initialized
Tue Apr  7 20:08:15.462 2020 Local IPv4 address xxxxxx
Tue Apr  7 20:08:15.462 2020 Local IPv6 address xxxxxx
Tue Apr  7 20:08:15.462 2020 Local IPv6 address xxxxxx
Tue Apr  7 20:08:15.462 2020 Local IPv6 address xxxxxx
Tue Apr  7 20:08:15.462 2020 Local IPv6 address xxxxxx
Tue Apr  7 20:08:15.462 2020 Local IPv6 address xxxxxx
Tue Apr  7 20:08:15.462 2020 Local interface eno1
Tue Apr  7 20:08:15.462 2020 Setting up network filter and lock
Tue Apr  7 20:08:15.462 2020 Allowing system DNS 192.168.1.1 to pass through the network filter
Tue Apr  7 20:08:15.462 2020 Adding IPv6 server 2a00:1678:2470:41:ecca:3296:1054:804e to network filter
Tue Apr  7 20:08:15.486 2020 Network filter and lock successfully activated
Tue Apr  7 20:08:15.486 2020 Contacting [2a00:1678:2470:41:ecca:3296:1054:804e]:443 via UDP
Tue Apr  7 20:08:15.486 2020 EVENT: WAIT
Tue Apr  7 20:08:15.488 2020 net_route_best_gw query IPv6: 2a00:1678:2470:41:ecca:3296:1054:804e/128
Tue Apr  7 20:08:15.488 2020 sitnl_route_best_gw result: via fe80::1233:3faa:fe28:8330 dev eno1
Tue Apr  7 20:08:15.488 2020 Tue Apr  7 20:08:15.488 2020 EVENT: DISCONNECTED
Tue Apr  7 20:08:15.488 2020 ERROR: Backup copy of resolv.conf not found.
Tue Apr  7 20:08:15.506 2020 Network filter successfully restored
Tue Apr  7 20:08:15.506 2020 OpenVPN3 CONNECT ERROR: ipv4_exception: error parsing IPv4 address '2a00:1678:2470:41:ecca:3296:1054:804e' : Invalid argument
Tue Apr  7 20:08:15.506 2020 Thread finished

Share this post


Link to post
1 hour ago, Exceeded said:

I still can't connect to server via IPv6.
On Manjaro and Arch I've got the same error.
 

Hummingbird - AirVPN OpenVPN 3 Client 1.0.2 - 4 February 2020

Tue Apr  7 20:08:15.357 2020 Starting thread
Tue Apr  7 20:08:15.358 2020 OpenVPN core 3.6.3 AirVPN linux x86_64 64-bit
Tue Apr  7 20:08:15.364 2020 Frame=512/2048/512 mssfix-ctrl=1250
Tue Apr  7 20:08:15.370 2020 UNUSED OPTIONS
3 [resolv-retry] [infinite]
4 [nobind]
5 [persist-key]
6 [persist-tun]
7 [auth-nocache]
8 [route-delay] [5]
9 [verb] [3]
10 [explicit-exit-notify] [5]
Tue Apr  7 20:08:15.370 2020 EVENT: RESOLVE
Tue Apr  7 20:08:15.370 2020 WARNING: NetworkManager is running on this system and may interfere with DNS management and cause DNS leaks
Tue Apr  7 20:08:15.370 2020 Network filter and lock is using iptables-legacy
Tue Apr  7 20:08:15.382 2020 Successfully loaded kernel module iptable_filter
Tue Apr  7 20:08:15.403 2020 Successfully loaded kernel module iptable_nat
Tue Apr  7 20:08:15.409 2020 Successfully loaded kernel module iptable_mangle
Tue Apr  7 20:08:15.415 2020 Successfully loaded kernel module iptable_security
Tue Apr  7 20:08:15.420 2020 Successfully loaded kernel module iptable_raw
Tue Apr  7 20:08:15.426 2020 Successfully loaded kernel module ip6table_filter
Tue Apr  7 20:08:15.442 2020 Successfully loaded kernel module ip6table_nat
Tue Apr  7 20:08:15.448 2020 Successfully loaded kernel module ip6table_mangle
Tue Apr  7 20:08:15.454 2020 Successfully loaded kernel module ip6table_security
Tue Apr  7 20:08:15.459 2020 Successfully loaded kernel module ip6table_raw
Tue Apr  7 20:08:15.462 2020 Network filter successfully initialized
Tue Apr  7 20:08:15.462 2020 Local IPv4 address xxxxxx
Tue Apr  7 20:08:15.462 2020 Local IPv6 address xxxxxx
Tue Apr  7 20:08:15.462 2020 Local IPv6 address xxxxxx
Tue Apr  7 20:08:15.462 2020 Local IPv6 address xxxxxx
Tue Apr  7 20:08:15.462 2020 Local IPv6 address xxxxxx
Tue Apr  7 20:08:15.462 2020 Local IPv6 address xxxxxx
Tue Apr  7 20:08:15.462 2020 Local interface eno1
Tue Apr  7 20:08:15.462 2020 Setting up network filter and lock
Tue Apr  7 20:08:15.462 2020 Allowing system DNS 192.168.1.1 to pass through the network filter
Tue Apr  7 20:08:15.462 2020 Adding IPv6 server 2a00:1678:2470:41:ecca:3296:1054:804e to network filter
Tue Apr  7 20:08:15.486 2020 Network filter and lock successfully activated
Tue Apr  7 20:08:15.486 2020 Contacting [2a00:1678:2470:41:ecca:3296:1054:804e]:443 via UDP
Tue Apr  7 20:08:15.486 2020 EVENT: WAIT
Tue Apr  7 20:08:15.488 2020 net_route_best_gw query IPv6: 2a00:1678:2470:41:ecca:3296:1054:804e/128
Tue Apr  7 20:08:15.488 2020 sitnl_route_best_gw result: via fe80::1233:3faa:fe28:8330 dev eno1
Tue Apr  7 20:08:15.488 2020 Tue Apr  7 20:08:15.488 2020 EVENT: DISCONNECTED
Tue Apr  7 20:08:15.488 2020 ERROR: Backup copy of resolv.conf not found.
Tue Apr  7 20:08:15.506 2020 Network filter successfully restored
Tue Apr  7 20:08:15.506 2020 OpenVPN3 CONNECT ERROR: ipv4_exception: error parsing IPv4 address '2a00:1678:2470:41:ecca:3296:1054:804e' : Invalid argument
Tue Apr  7 20:08:15.506 2020 Thread finished

Interesting, I've noticed the same thing on Debian some time ago and posted it in one of the earler Hummingbird threads. Some servers' v6 addresses work, other don't. I have no idea what the problem is, honestly, but try different servers. Create a config file with 10 different remote directives plus remote-random and see which ones work and which ones don't. Maybe we will notice a pattern.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
On 4/7/2020 at 10:01 PM, giganerd said:

Interesting, I've noticed the same thing on Debian some time ago and posted it in one of the earler Hummingbird threads. Some servers' v6 addresses work, other don't. I have no idea what the problem is, honestly, but try different servers. Create a config file with 10 different remote directives plus remote-random and see which ones work and which ones don't. Maybe we will notice a pattern.

I'm yet to find a working server. I've tried 10 or 12 different servers (with individual ovpn files though, not with remote-random).

Share this post


Link to post
Posted ... (edited)
On 3/7/2020 at 12:38 PM, Staff said:

@bm9vbmUK

Hello!

Please check here:
https://dockerquestions.com/2019/07/07/docker-debian-buster-nftables/
 
Reading on the article, it seems expected that both iptables-legacy and nftables can not be used in Docker. In such a case, you need to consider manually a "network lock" solution. Classic iptables should have no problems but it is not available in your images as far as we know. By the way, if it is you should install it, make sure to purge nftables, and force Hummingbird to use iptables with  "--network-lock iptables"

Kind regards
 


I was also trying to use airvpn humming bird inside a docker container and also encountered segmentation errors with network lock enabled.
I tried this with a Ubuntu 18 image, with iptables version 1.6.1, and --network-lock iptables argument as suggested.
It works fine with network lock disabled but that is not ideal.
Do you have any other possible workaround or I misinterpreted the suggestion?

 

I also noticed that the /etc/resolve.conf file is not update, nor a backup is made, when running hummingbird inside a docker (when running with network lock off).

 

root@raspberrypi:/# iptables --version
iptables v1.6.1
root@raspberrypi:/# hummingbird /config/config.ovpn --network-lock iptables &
root@raspberrypi:/# Hummingbird - AirVPN OpenVPN 3 Client 1.0.2 - 4 February 2020

Wed Apr 15 23:36:37.458 2020 Starting thread
Wed Apr 15 23:36:37.459 2020 OpenVPN core 3.6.3 AirVPN linux arm 32-bit
Wed Apr 15 23:36:37.493 2020 Frame=512/2048/512 mssfix-ctrl=1250
Wed Apr 15 23:36:37.523 2020 UNUSED OPTIONS
3 [resolv-retry] [infinite]
4 [nobind]
5 [persist-key]
6 [persist-tun]
7 [auth-nocache]
8 [route-delay] [5]
9 [verb] [3]
10 [explicit-exit-notify] [5]
Wed Apr 15 23:36:37.523 2020 EVENT: RESOLVE
Wed Apr 15 23:36:37.524 2020 Network filter and lock is using iptables

[1]+  Segmentation fault      (core dumped) hummingbird /config/config.ovpn --network-lock iptables
root@raspberrypi:/#
Edited ... by rmires
additional information

Share this post


Link to post

I'm trying to use Hummingbird on Raspbian 10, it runs fine for a day or two but then loses connectivity and spits out this every 20 seconds, any ideas? Thanks.

Fri Apr 24 22:09:51.756 2020 WARNING: Cannot resolve earth.vpn.airdns.org
iptables v1.8.2 (legacy): can't initialize iptables table `security': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
ip6tables v1.8.2 (legacy): can't initialize ip6tables table `security': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
Fri Apr 24 22:09:51.930 2020 Network filter and lock successfully activated
Fri Apr 24 22:09:51.930 2020 Server poll timeout, trying next remote entry...
Fri Apr 24 22:09:51.930 2020 EVENT: RECONNECTING
Fri Apr 24 22:09:51.930 2020 ERROR: Backup copy of resolv.conf not found.
iptables v1.8.2 (legacy): can't initialize iptables table `security': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
ip6tables v1.8.2 (legacy): can't initialize ip6tables table `security': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
Fri Apr 24 22:09:52.034 2020 Network filter successfully restored
Fri Apr 24 22:09:52.034 2020 ERROR: N_RECONNECT
Fri Apr 24 22:09:52.034 2020 EVENT: RESOLVE
Fri Apr 24 22:09:52.035 2020 Network filter and lock is using iptables-legacy
Fri Apr 24 22:09:52.038 2020 Successfully loaded kernel module iptable_filter
Fri Apr 24 22:09:52.050 2020 Successfully loaded kernel module iptable_nat
Fri Apr 24 22:09:52.053 2020 Successfully loaded kernel module iptable_mangle
Fri Apr 24 22:09:52.056 2020 WARNING: Kernel module iptable_security not found. (-2)
Fri Apr 24 22:09:52.059 2020 Successfully loaded kernel module iptable_raw
Fri Apr 24 22:09:52.062 2020 Successfully loaded kernel module ip6table_filter
Fri Apr 24 22:09:52.081 2020 Successfully loaded kernel module ip6table_nat
Fri Apr 24 22:09:52.093 2020 Successfully loaded kernel module ip6table_mangle
Fri Apr 24 22:09:52.095 2020 WARNING: Kernel module ip6table_security not found. (-2)
Fri Apr 24 22:09:52.098 2020 Successfully loaded kernel module ip6table_raw
Fri Apr 24 22:09:52.112 2020 Network filter successfully initialized
Fri Apr 24 22:09:52.112 2020 Local IPv4 address 192.168.1.200
Fri Apr 24 22:09:52.112 2020 Local IPv6 address fd9c:b2b2:a4e:2400:7e9d:4c18:53db:ecd1
Fri Apr 24 22:09:52.112 2020 Local IPv6 address fe80::a56a:e2e3:36b6:2f8f
Fri Apr 24 22:09:52.112 2020 Local interface eth0
Fri Apr 24 22:09:52.112 2020 Local interface wlan0
Fri Apr 24 22:09:52.112 2020 Setting up network filter and lock
Fri Apr 24 22:09:52.112 2020 Allowing system DNS 192.168.1.1 to pass through the network filter

Share this post


Link to post
@elbrownos

Hello!

According to:
Fri Apr 24 22:09:51.756 2020 WARNING: Cannot resolve earth.vpn.airdns.org

your system can't resolve names. Maybe connectivity is down, between your router and ISP. If that's the case, have you tried to leave Hummingbird running until connectivity is restored?

Kind regards
 

Share this post


Link to post

I have not found a way to enable network lock. However, I have also not experienced any network leaks that I know of (no complaints from my ISP). My exact setup is out on Github.

 
On 4/15/2020 at 6:50 PM, rmires said:


I was also trying to use airvpn humming bird inside a docker container and also encountered segmentation errors with network lock enabled.
I tried this with a Ubuntu 18 image, with iptables version 1.6.1, and --network-lock iptables argument as suggested.
It works fine with network lock disabled but that is not ideal.
Do you have any other possible workaround or I misinterpreted the suggestion?

 

I also noticed that the /etc/resolve.conf file is not update, nor a backup is made, when running hummingbird inside a docker (when running with network lock off).

Share this post


Link to post
44 minutes ago, bm9vbmUK said:

I have not found a way to enable network lock. However, I have also not experienced any network leaks that I know of (no complaints from my ISP). My exact setup is out on Github.


I actually saw your solution when I was trying to do this. But you are actually leaking to Cloudfare when you use the 1.1.1.1 dns, you are just not leaking directly to your ISP. If Cloudflare receives a court order to release their data who knows, you need to trust them as well.

To remove the need to use dns 1.1.1.1 you could make an entry point bash script that does something like this:
 
touch ./airvpn_log
hummingbird /config/config.ovpn -N off &> airvpn_log &

sleep 20

echo "nameserver $(grep -oP "(?<=\[DNS\]\s\[)[\d\.]*" airvpn_log)" > /etc/resolv.conf
echo "nameserver $(grep -oP "(?<=\[DNS6\]\s\[)[a-zA-Z\d\:]*" airvpn_log)" >> /etc/resolv.conf

tail -f -n 1000 airvpn_log

I am doing like that on my setup and it is working, but I cannot enable network lock still because of the segmentation fault.
I also tried to install Eddie in the Docker and enable network lock there and the same problem happens. That makes me think that the problem is in the common libraries and as such will not be an easy thing to fix.
I am considering just configuring systemd to auto start Airvpn with the raspberry and delay the containerd daemon (docker daemon) to start after airvpn.
 

Share this post


Link to post
On 4/25/2020 at 2:02 AM, Staff said:
@elbrownos

Hello!

According to:

Fri Apr 24 22:09:51.756 2020 WARNING: Cannot resolve earth.vpn.airdns.org

your system can't resolve names. Maybe connectivity is down, between your router and ISP. If that's the case, have you tried to leave Hummingbird running until connectivity is restored?

Kind regards
 
Yes I think you're right, it's the Raspberry Pi losing connectivity rather than any problem with Hummingbird.

Share this post


Link to post
On 4/24/2020 at 12:07 PM, bm9vbmUK said:

I have not found a way to enable network lock. However, I have also not experienced any network leaks that I know of (no complaints from my ISP). My exact setup is out on Github.


Will that docker image run on arm? I’m trying to build an always-on seedbox using raspian, and I want to run rutorrent behind a dockered hummingbird client that has a network kill switch. I am new to docker, not to Linux, but I absolutely love hummingbird after testing it with rutorrent on a prior pi 3 build. It’s so light and fast - props to these amazing devs!

I’ve never played with docker, so this will be the build I want to do it with.  I want to push all torrent traffic through that, and on the side have an always on Minecraft server (this pi 4 is overclocked to 2.1 and root is installed to an external nvme drive with write speeds at 230MB... which... ok pi, we need some work there to fill that 350MB pipe... but Minecraft is apparently playable if limited to 2-4 players) on a gigabit home connection.

I want to leave the Minecraft server and all other traffic like web browsing untouched. It was my impression that if you force rutorrent traffic through a certain port on another docker, and that docker network was down, then rutorrent just wouldn’t work. From reading the comments here I’m guessing that’s wrong.

I suppose the other option is to manually configure the iptables but I tried to do that manually once, set up a dead man’s switch, and I absolutely did not trust the work that I did to prevent leaks.
 

Share this post


Link to post

Not sure if this is the right thread to report this but I'm having issues with DNS leaks after Hummingbird has been running for a few hours. It connects to Netherlands no problem to begin with, and no DNS leak on ipleaktest, do the same later in the day and it shows local details instead. However IP address etc is still Netherlands.

Not sure what logs would be useful or where to get them from so let me know and will post.

Share this post


Link to post
@asunder52

Hello!

Hummingbird changes DNS settings at the start of the VPN connection. After that any process with root privileges can change them again. It's not that Hummingbird keeps checking DNS settings continuously: it's superuser's responsibility to be aware of who/what can change DNS settings. What is your distribution name and exact version? Log can be useful anyway, yes. Just send it in its entirety please. Also check the content of your /etc/resolv.conf file while the problem is occurring.

Kind regards
 

Share this post


Link to post

I'm trying hummingbird on my raspberry pi 4 with Raspbian:
 

Linux raspberrypi 4.19.97-v8+ #1294 SMP PREEMPT Thu Jan 30 13:27:08 GMT 2020 aarch64 GNU/Linux


but i'm getting this:
 
Hummingbird - AirVPN OpenVPN 3 Client 1.0.2 - 4 February 2020

Fri May 15 19:47:20.194 2020 Starting thread
Fri May 15 19:47:20.194 2020 OpenVPN core 3.6.3 AirVPN linux arm 32-bit
Fri May 15 19:47:20.227 2020 Frame=512/2048/512 mssfix-ctrl=1250
Fri May 15 19:47:20.258 2020 UNUSED OPTIONS
3 [resolv-retry] [infinite] 
4 [nobind] 
5 [persist-key] 
6 [persist-tun] 
7 [auth-nocache] 
8 [route-delay] [5] 
9 [verb] [3] 
10 [explicit-exit-notify] [5] 
Fri May 15 19:47:20.259 2020 EVENT: RESOLVE
Fri May 15 19:47:20.259 2020 Network filter and lock is using iptables-legacy
Fri May 15 19:47:20.263 2020 Successfully loaded kernel module iptable_filter
Fri May 15 19:47:20.270 2020 Successfully loaded kernel module iptable_nat
Fri May 15 19:47:20.274 2020 Successfully loaded kernel module iptable_mangle
Fri May 15 19:47:20.276 2020 WARNING: Kernel module iptable_security not found. (-2)
Fri May 15 19:47:20.279 2020 Successfully loaded kernel module iptable_raw
Fri May 15 19:47:20.283 2020 Successfully loaded kernel module ip6table_filter
Fri May 15 19:47:20.304 2020 Successfully loaded kernel module ip6table_nat
Fri May 15 19:47:20.321 2020 Successfully loaded kernel module ip6table_mangle
Fri May 15 19:47:20.323 2020 WARNING: Kernel module ip6table_security not found. (-2)
Fri May 15 19:47:20.327 2020 Successfully loaded kernel module ip6table_raw
Fri May 15 19:47:20.335 2020 Network filter successfully initialized
Fri May 15 19:47:20.335 2020 Local IPv4 address 192.168.1.6
Fri May 15 19:47:20.335 2020 Local IPv6 address fe80::a80d:1b5f:84a1:efa3
Fri May 15 19:47:20.335 2020 Local interface eth0
Fri May 15 19:47:20.335 2020 Local interface wlan0
Fri May 15 19:47:20.335 2020 Setting up network filter and lock
Fri May 15 19:47:20.335 2020 Allowing system DNS 94.103.153.17 to pass through the network filter
Fri May 15 19:47:25.462 2020 Resolved server de.vpn.airdns.org into IPv4 178.162.204.222
Fri May 15 19:47:25.462 2020 Adding IPv4 server 178.162.204.222 to network filter
iptables v1.8.2 (legacy): can't initialize iptables table `security': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
ip6tables v1.8.2 (legacy): can't initialize ip6tables table `security': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.

Eddie client works fine though
 

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...