archetyp 0 Posted ... thx 4 hummingbird on linux. problem: if i connect (for example) to belgium & test the connection per ipleak .. ect .. my isp is cloudflare (belgium = not my country - that's ok - but it should be airvpn?). same with netherlands, germany .. and so on. i'm on gnome, clear l. .. Server has pushed its own DNS. Removing system DNS from network filter. System DNS 1.1.1.1 is now rejected by the network filter System DNS 1.0.0.1 is now rejected by the network filter .. seems .. ok. Share this post Link to post
OpenSourcerer 1442 Posted ... Not quite sure I get your problem. You connect to a server in Belgium or any other server whatsoever and you see your ISP being CloudFlare instead of whatever the datacenter is the AirVPN server is hosted in? Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
archetyp 0 Posted ... (edited) sry i'm tired today. yes, exactly. it's not the cloudflare isp of my country, but the cloudflare isp of the country i connect too (instead of the airvpn isp). if i import an ovpn file & connect per network-manager on gnome, i do not have this issue. it's only happening with hummingbird. Edited ... by archetyp Share this post Link to post
OpenSourcerer 1442 Posted ... Hm. Can you please post the complete Hummingbird log here? And maybe the results of the following two commands: curl -sL https://ipleak.net/json curl -sL $(sha512sum ~/.bash_history | cut -b -40).ipleak.net/json Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
archetyp 0 Posted ... yep: { "country_code": "NO", "country_name": "Norway", "continent_code": "EU", "continent_name": "Europe", "city_name": "Oslo", "postal_code": null, "postal_confidence": null, "latitude": "59.9384655", "longitude": "10.8348384", "accuracy_radius": 1, "time_zone": "Europe\/Oslo", "metro_code": null, "level": "min", "country_confidence": 100, "city_confidence": 100, "region_confidence": 100, "cache": 1585738428, "ip": "185.206.225.59", "type": "AirVPN Server (Exit, Ophiuchus)", "reverse": "", "tor": "unknown", "query_text": "185.206.225.59", "query_type": "myip", "query_date": 1585738428 }⏎ { "country_code": "NO", "country_name": "Norway", "region_code": "03", "region_name": "Oslo County", "continent_code": "EU", "continent_name": "Europe", "city_name": "Oslo", "postal_code": null, "postal_confidence": null, "latitude": 59.905, "longitude": 10.7487, "accuracy_radius": 100, "time_zone": "Europe\/Oslo", "metro_code": null, "level": "min", "cache": 1585737310, "ip": "162.158.221.35", "reverse": "", "tor": "unknown", "query_text": "162.158.221.35", "query_type": "mydns", "query_date": 1585738972 }⏎ Wed Apr 1 12:50:50.191 2020 Starting thread Wed Apr 1 12:50:50.192 2020 OpenVPN core 3.6.3 AirVPN linux x86_64 64-bit Wed Apr 1 12:50:50.202 2020 Frame=512/2048/512 mssfix-ctrl=1250 Wed Apr 1 12:50:50.211 2020 UNUSED OPTIONS 3 [resolv-retry] [infinite] 4 [nobind] 5 [persist-key] 6 [persist-tun] 7 [auth-nocache] 8 [route-delay] [5] 9 [verb] [3] Wed Apr 1 12:50:50.211 2020 EVENT: RESOLVE Wed Apr 1 12:50:50.211 2020 WARNING: NetworkManager is running on this system and may interfere with DNS management and cause DNS leaks Wed Apr 1 12:50:50.211 2020 WARNING: systemd-resolved is running on this system and may interfere with DNS management and cause DNS leaks Wed Apr 1 12:50:50.211 2020 Network filter and lock is using iptables-legacy Wed Apr 1 12:50:50.214 2020 Successfully loaded kernel module iptable_filter Wed Apr 1 12:50:50.220 2020 Successfully loaded kernel module iptable_nat Wed Apr 1 12:50:50.222 2020 Successfully loaded kernel module iptable_mangle Wed Apr 1 12:50:50.224 2020 Successfully loaded kernel module iptable_security Wed Apr 1 12:50:50.226 2020 Successfully loaded kernel module iptable_raw Wed Apr 1 12:50:50.228 2020 Successfully loaded kernel module ip6table_filter Wed Apr 1 12:50:50.232 2020 Successfully loaded kernel module ip6table_nat Wed Apr 1 12:50:50.234 2020 Successfully loaded kernel module ip6table_mangle Wed Apr 1 12:50:50.235 2020 Successfully loaded kernel module ip6table_security Wed Apr 1 12:50:50.237 2020 Successfully loaded kernel module ip6table_raw Wed Apr 1 12:50:50.240 2020 Network filter successfully initialized Wed Apr 1 12:50:50.240 2020 Local IPv4 address 10.0.0.2 Wed Apr 1 12:50:50.240 2020 Local IPv6 address fe80::2f4:8dff:fea8:ff6d Wed Apr 1 12:50:50.240 2020 Local interface enp2s0 Wed Apr 1 12:50:50.240 2020 Local interface wlp3s0 Wed Apr 1 12:50:50.240 2020 Setting up network filter and lock Wed Apr 1 12:50:50.240 2020 Allowing system DNS 10.16.245.1 to pass through the network filter Wed Apr 1 12:50:50.592 2020 Resolved server no.vpn.airdns.org into IPv4 185.206.225.58 Wed Apr 1 12:50:50.592 2020 Adding IPv4 server 185.206.225.58 to network filter Wed Apr 1 12:50:50.655 2020 Network filter and lock successfully activated Wed Apr 1 12:50:50.657 2020 Contacting 185.206.225.58:443 via TCPv4 Wed Apr 1 12:50:50.657 2020 EVENT: WAIT Wed Apr 1 12:50:50.657 2020 net_route_best_gw query IPv4: 185.206.225.58/32 Wed Apr 1 12:50:50.657 2020 sitnl_route_best_gw result: via 10.0.0.1 dev wlp3s0 Wed Apr 1 12:50:50.657 2020 net_route_add: 185.206.225.58/32 via 10.0.0.1 dev wlp3s0 table 0 metric 0 Wed Apr 1 12:50:50.658 2020 Wed Apr 1 12:50:50.721 2020 Connecting to [no.vpn.airdns.org]:443 (185.206.225.58) via TCPv4 Wed Apr 1 12:50:50.783 2020 EVENT: CONNECTING Wed Apr 1 12:50:50.784 2020 Tunnel Options:V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client Wed Apr 1 12:50:50.784 2020 Peer Info: IV_VER=3.6.3 AirVPN IV_PLAT=linux IV_NCP=2 IV_TCPNL=1 IV_PROTO=2 IV_LZO_STUB=1 IV_COMP_STUB=1 IV_COMP_STUBv2=1 IV_GUI_VER=Hummingbird - AirVPN OpenVPN 3 Client 1.0.2 Wed Apr 1 12:50:51.005 2020 VERIFY OK : depth=1 cert. version : 3 serial number : 8C:D8:43:EF:E4:5F:20:03 issuer name : C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org subject name : C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org issued on : 2014-04-11 10:15:45 expires on : 2024-04-08 10:15:45 signed using : RSA with SHA1 RSA key size : 4096 bits basic constraints : CA=true Wed Apr 1 12:50:51.005 2020 VERIFY OK : depth=0 cert. version : 3 serial number : 40 issuer name : C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org subject name : C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Ophiuchus, emailAddress=info@airvpn.org issued on : 2016-12-02 16:49:50 expires on : 2026-11-30 16:49:50 signed using : RSA with SHA-512 RSA key size : 4096 bits basic constraints : CA=false cert. type : SSL Server key usage : Digital Signature, Key Encipherment ext key usage : TLS Web Server Authentication Wed Apr 1 12:50:51.466 2020 SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 Wed Apr 1 12:50:51.467 2020 Session is ACTIVE Wed Apr 1 12:50:51.467 2020 EVENT: GET_CONFIG Wed Apr 1 12:50:51.467 2020 Sending PUSH_REQUEST to server... Wed Apr 1 12:50:51.779 2020 OPTIONS: 0 [comp-lzo] [no] 1 [redirect-gateway] [def1] [bypass-dhcp] 2 [dhcp-option] [DNS] [10.25.213.1] 3 [route-gateway] [10.25.213.1] 4 [topology] [subnet] 5 [ping] [10] 6 [ping-restart] [60] 7 [ifconfig] [10.25.213.25] [255.255.255.0] 8 [peer-id] [0] 9 [cipher] [AES-256-GCM] Wed Apr 1 12:50:51.780 2020 PROTOCOL OPTIONS: cipher: AES-256-GCM digest: NONE ncp enabled: yes compress: LZO_STUB peer ID: 0 Wed Apr 1 12:50:51.780 2020 EVENT: ASSIGN_IP Wed Apr 1 12:50:51.780 2020 VPN Server has pushed IPv4 DNS server 10.25.213.1 Wed Apr 1 12:50:51.787 2020 Setting pushed IPv4 DNS server 10.25.213.1 in resolv.conf Wed Apr 1 12:50:51.791 2020 net_iface_mtu_set: mtu 1500 for tun0 Wed Apr 1 12:50:51.791 2020 net_iface_up: set tun0 up Wed Apr 1 12:50:51.791 2020 net_addr_add: 10.25.213.25/24 brd 10.25.213.255 dev tun0 Wed Apr 1 12:50:51.792 2020 net_route_add: 0.0.0.0/1 via 10.25.213.1 dev tun0 table 0 metric 0 Wed Apr 1 12:50:51.792 2020 net_route_add: 128.0.0.0/1 via 10.25.213.1 dev tun0 table 0 metric 0 Wed Apr 1 12:50:51.792 2020 Connected via tun Wed Apr 1 12:50:51.792 2020 LZO-ASYM init swap=0 asym=1 Wed Apr 1 12:50:51.792 2020 Comp-stub init swap=0 Wed Apr 1 12:50:51.792 2020 EVENT: CONNECTED no.vpn.airdns.org:443 (185.206.225.58) via /TCPv4 on tun/10.25.213.25/ gw=[10.25.213.1/] Wed Apr 1 12:50:51.792 2020 Server has pushed its own DNS. Removing system DNS from network filter. Wed Apr 1 12:50:51.796 2020 System DNS 10.16.245.1 is now rejected by the network filter Share this post Link to post
OpenSourcerer 1442 Posted ... 47 minutes ago, archetyp said: Wed Apr 1 12:50:50.211 2020 WARNING: NetworkManager is running on this system and may interfere with DNS management and cause DNS leaks Wed Apr 1 12:50:50.211 2020 WARNING: systemd-resolved is running on this system and may interfere with DNS management and cause DNS leaks systemd-resolved here may be the culprit. Under its umbrella resolv.conf is a symlink to /lib/systemd/resolv.conf (on Debian; can vary from distro to distro), and this file is generated automatically by systemd-resolved based on the settings provided in /etc/systemd/resolved.conf or by the resolvectl command. Can you please post the output of resolvectl status? I'm thinking you might be using DNS-over-HTTPS or DNS-over-TLS by default here or resolved is otherwise configured to use CloudFlare as upstream DNS servers. Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
archetyp 0 Posted ... thx, it's clear linux; a little different from the debian & co. filesystem (stateless). yes, i've adjusted my router & gnome network manager to cloudflare dns. but no dns-over-https or dns-over-tls. here is the log: curl ifconfig.co/city Oslo ~ ❯❯❯ resolvectl status Global LLMNR setting: no MulticastDNS setting: yes DNSOverTLS setting: no DNSSEC setting: no DNSSEC supported: no Current DNS Server: 10.25.213.1 DNS Servers: 10.25.213.1 Fallback DNS Servers: 1.1.1.1 8.8.8.8 1.0.0.1 8.8.4.4 2606:4700:4700::1111 2001:4860:4860::8888 2606:4700:4700::1001 2001:4860:4860::8844 DNSSEC NTA: 10.in-addr.arpa 16.172.in-addr.arpa 168.192.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa corp d.f.ip6.arpa home internal intranet lan local private test Link 5 (tun0) Current Scopes: none DefaultRoute setting: no LLMNR setting: yes MulticastDNS setting: no DNSOverTLS setting: no DNSSEC setting: no DNSSEC supported: no Link 3 (wlp3s0) Current Scopes: DNS DefaultRoute setting: yes LLMNR setting: yes MulticastDNS setting: no DNSOverTLS setting: no DNSSEC setting: no DNSSEC supported: no Current DNS Server: 1.1.1.1 DNS Servers: 1.1.1.1 1.0.0.1 DNS Domain: ~. Link 2 (enp2s0) Current Scopes: none DefaultRoute setting: no LLMNR setting: yes MulticastDNS setting: no DNSOverTLS setting: no DNSSEC setting: no DNSSEC supported: no Share this post Link to post
archetyp 0 Posted ... + firewall (hummingbird active): hain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- 255.255.255.255 anywhere ACCEPT all -- 192.168.0.0/16 192.168.0.0/16 ACCEPT all -- 10.0.0.0/8 10.0.0.0/8 ACCEPT all -- 172.16.0.0/12 172.16.0.0/12 ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere DROP all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere 10.25.213.1 ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere 255.255.255.255 ACCEPT all -- 192.168.0.0/16 192.168.0.0/16 ACCEPT all -- 10.0.0.0/8 10.0.0.0/8 ACCEPT all -- 172.16.0.0/12 172.16.0.0/12 ACCEPT all -- 192.168.0.0/16 base-address.mcast.net/24 ACCEPT all -- 10.0.0.0/8 base-address.mcast.net/24 ACCEPT all -- 172.16.0.0/12 base-address.mcast.net/24 ACCEPT all -- 192.168.0.0/16 239.255.255.250 ACCEPT all -- 10.0.0.0/8 239.255.255.250 ACCEPT all -- 172.16.0.0/12 239.255.255.250 ACCEPT all -- 192.168.0.0/16 239.255.255.253 ACCEPT all -- 10.0.0.0/8 239.255.255.253 ACCEPT all -- 172.16.0.0/12 239.255.255.253 ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state ESTABLISHED ACCEPT all -- anywhere 58.225.206.185.in-addr.arpa DROP all -- anywhere anywhere Share this post Link to post
OpenSourcerer 1442 Posted ... 3 hours ago, archetyp said: i've adjusted my router & gnome network manager to cloudflare dns. Well, you see, you even gave birth to the issue yourself. NetworkManager tends to simply override resolv.conf. You can configure a second profile for AirVPN with the DNS servers written on the specs page. Name it something like "AirDNS". In both v4 and v6, set the method to "Automatic (addresses only)". This is the way I did it in the past. Others suggested to simply prevent NetworkManager from updating resolv.conf at all. In /etc/NetworkManager/NetworkManager.conf in the [main] section, set dns=none. Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
archetyp 0 Posted ... i'm an idiot. as i "said" - tired today. sry. too many work. many thx for your hints & help. great service/support as always! Share this post Link to post
Not connected, Your IP: 18.118.28.31 Not connected, Your IP: 18.118.28.31
Online: 26663 users - 343475 Mbit/s total BW
