iwih2gk 94 Posted ... First; let me say that other than the thread title Eddie is working flawlessly. I am using the stable version and not the beta. Some of my installs are clean Buster and some are updated from previous Debian OS's. Regardless they all perform the same while connecting via Eddie. Formerly (before Buster) Eddie would connect in a few seconds. Any ideas of where to look (in my logs) for an answer? Is this something that the Beta Eddie would address? I prefer the stable because family members also use some of these machines. Quote Share this post Link to post
OpenSourcerer 1447 Posted ... Use the beta, simple as that. Fixes issues on all platforms. Anyway, I cannot reproduce it on Debian buster and testing, but I'm already on 2.18.x. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
iwih2gk 94 Posted ... Mixed outcomes from trying beta Eddie. The client will connect quickly and exactly IF I leave my UFW firewall DOWN before connecting to the VPN. If I leave my firewall UP (I use it 24/7/365) the client will NOT connect. I use a manual UFW firewall so that NO family member can use our family machines without first connecting to AirVpn. The stable Eddie simply replaces my firewall rules and creates a network lock on its own. When I exit stable it replaces my firewall Iptable rules so that it is impossible to connect UNLESS Air is used in a future session. I don't want a family member to be able to click on Firefox and go online with my raw ISP IP. My current Eddie stable accomplishes that perfectly. Make sense? Have I configured something incorrectly or has the process on the beta changed so that it no longer performs as the stable in this regard. In other words does the beta no longer make a copy of the iptables and then replace them upon exit? Quote Share this post Link to post
iwih2gk 94 Posted ... My other option of course would be to leave the firewall in place, BUT create a rule to allow a hole in it for AirVpn! That wouldn't be my preference compared to my current scheme but it would be an option for me. Let me know. Quote Share this post Link to post
Staff 10052 Posted ... @iwih2gk Hello! It's important to know that Eddie 2.16.3 doesn't run properly in Debian 10. In Debian 10 please run Eddie 2.18 beta or Hummingbird. Remember in any case to disable UFW completely, if you need Network Lock. UFW is an iptables and iptables-legacy frontend which may interfere fatally. You may set iptables-legacy or nftables rules to accomplish your purpose. If you run nftables directly remember that: Eddie 2.18 beta does NOT support nftables Hummingbird fully supports nftables BUT will prefer by default iptables-legacy if available, so remember to force Network Lock based on nftables: --network-lock nftables Kind regards Quote Share this post Link to post
iwih2gk 94 Posted ... 6 hours ago, Staff said: @iwih2gk Hello! It's important to know that Eddie 2.16.3 doesn't run properly in Debian 10. In Debian 10 please run Eddie 2.18 beta or Hummingbird. Remember in any case to disable UFW completely, if you need Network Lock. UFW is an iptables and iptables-legacy frontend which may interfere fatally. You may set iptables-legacy or nftables rules to accomplish your purpose. If you run nftables directly remember that: Eddie 2.18 beta does NOT support nftables Hummingbird fully supports nftables BUT will prefer by default iptables-legacy if available, so remember to force Network Lock based on nftables: --network-lock nftables Kind regards Perhaps you or someone else here can make this "connect the dot" easy for me. My desire is to simply make certain that a family computer, when started/booted in Debian 10, cannot go online without using Eddie. No ISP IP in workspace allowed. NO exceptions! Note: Eddie 2.18.7 is so fricken smooth and fast for me on Buster. BUT I cannot relax IF one of my computers can go online without being AirVpn tunneled by accident. Can you highlight how to enter iptables-legacy into Eddie to accomplish my preference as described? Should be easy I would think. Thank you for your help. I imagine many users would love to know their computers cannot accidentally be used without Eddie. ps - If Hummingbird would make this easier I am not afraid to do some homework, LOL. Quote Share this post Link to post
OpenSourcerer 1447 Posted ... I think it will be much easier to do that in a firewall to which all devices are connected instead of fighting with NetLock. Allow all the AirVPN servers out, deny rest of out and all in and you have the guarantee that nothing can use the net without a working VPN connection to one of the servers. For the servers' IPs you can use the brilliant Ellie app AV remotes from forums user @benfitita here:Tool terminates with an error right now, I'm sure not for long. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
iwih2gk 94 Posted ... I used to create ip-tables/UFW in a manual way years ago. Then Eddie made it easy by simply moving the saved ip-tables and use the ones it created in the background for LOCK, and then would write back my ip-tables upon exit. Too bad that can no longer happen. That was the most convenient thing in the world because it allowed me to lock down the machine entirely with UFW and yet with Eddie pick ANY server I wanted without creating any ovpn stuff at all. It is apparent that has changed for Buster. For now; I'll have to decide whether to create a manual ip-table once again, OR figure a way to make sure I don't go online without using Eddie thereby having an accident that could betray some anonymity at sites I visit. The Network Lock created by Eddie seems much more sophisticated than a simple ip-table firewall. Quote Share this post Link to post
OpenSourcerer 1447 Posted ... 42 minutes ago, iwih2gk said: The Network Lock created by Eddie seems much more sophisticated than a simple ip-table firewall. Not everything that glares is made of gold.. or something like that. It seems so, but at the end of the day all Eddie does is call iptables. And what is iptables in Linux, or pf on BSD (=> pfSense), if not a firewall, a packet filter? Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
iwih2gk 94 Posted ... After due consideration I decided to stay with Eddie and network lock. I was able to devise a "method" to make pretty certain my family members will not boot and then use a machine without connecting Eddie first. Nothing technical just MY way of handling family, LOL! Quote Share this post Link to post
OpenSourcerer 1447 Posted ... That's savage. I hope it doesn't involve electric shocks everytime someone forgets launching Eddie… Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Not connected, Your IP: 3.12.71.211
Online: 27847 users - 319523 Mbit/s total BW