Jump to content
Not connected, Your IP: 18.216.167.229

Recommended Posts

As a result of whatever the heck happened here:
 

. 2020.10.04 11:36:55 - Renewing TLS key
. 2020.10.04 11:36:55 - OpenVPN > TLS: tls_process: killed expiring key
. 2020.10.04 11:36:55 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
. 2020.10.04 11:36:55 - OpenVPN > VERIFY KU OK
. 2020.10.04 11:36:55 - OpenVPN > Validating certificate extended key usage
. 2020.10.04 11:36:55 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
. 2020.10.04 11:36:55 - OpenVPN > VERIFY EKU OK
. 2020.10.04 11:36:55 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Avior, emailAddress=info@airvpn.org
. 2020.10.04 11:36:56 - OpenVPN > Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
. 2020.10.04 11:36:56 - OpenVPN > Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
. 2020.10.04 11:36:56 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
. 2020.10.04 11:38:22 - Updating systems & servers data ...
. 2020.10.04 11:38:22 - Systems & servers data update completed
. 2020.10.04 12:30:24 - OpenVPN > [Avior] Inactivity timeout (--ping-restart), restarting
. 2020.10.04 12:30:24 - OpenVPN > SIGUSR1[soft,ping-restart] received, process restarting
. 2020.10.04 12:30:24 - OpenVPN > Restart pause, 5 second(s)
! 2020.10.04 12:30:24 - Disconnecting
. 2020.10.04 12:30:24 - Routes, removed a route previously added, 184.75.223.235 for gateway 10.10.242.1
. 2020.10.04 12:30:24 - Routes, removed a route previously added, 2606:6080:1002:9:ffc4:b9c1:20ad:82f9 for gateway fde6:7a:7d20:6f2::1
. 2020.10.04 12:30:24 - Sending management termination signal
. 2020.10.04 12:30:24 - Management - Send 'signal SIGTERM'
. 2020.10.04 12:30:24 - OpenVPN > MANAGEMENT: CMD 'signal SIGTERM'
. 2020.10.04 12:30:24 - OpenVPN > /sbin/ip route del 184.75.223.237/32
. 2020.10.04 12:30:24 - OpenVPN > /sbin/ip route del 0.0.0.0/1
. 2020.10.04 12:30:24 - OpenVPN > /sbin/ip route del 128.0.0.0/1
. 2020.10.04 12:30:24 - OpenVPN > delete_route_ipv6(::/3)
. 2020.10.04 12:30:24 - OpenVPN > /sbin/ip -6 route del ::/3 dev tun0
. 2020.10.04 12:30:24 - OpenVPN > delete_route_ipv6(2000::/4)
. 2020.10.04 12:30:24 - OpenVPN > /sbin/ip -6 route del 2000::/4 dev tun0
. 2020.10.04 12:30:24 - OpenVPN > delete_route_ipv6(3000::/4)
. 2020.10.04 12:30:24 - OpenVPN > /sbin/ip -6 route del 3000::/4 dev tun0
. 2020.10.04 12:30:24 - OpenVPN > delete_route_ipv6(fc00::/7)
. 2020.10.04 12:30:24 - OpenVPN > /sbin/ip -6 route del fc00::/7 dev tun0
. 2020.10.04 12:30:24 - OpenVPN > Closing TUN/TAP interface
. 2020.10.04 12:30:24 - OpenVPN > /sbin/ip addr del dev tun0 10.10.242.57/24
. 2020.10.04 12:30:24 - OpenVPN > /sbin/ip -6 addr del fde6:7a:7d20:6f2::1037/64 dev tun0
. 2020.10.04 12:30:24 - OpenVPN > SIGTERM[hard,init_instance] received, process exiting
. 2020.10.04 12:30:24 - Connection terminated.
. 2020.10.04 12:30:24 - DNS of the system restored to original settings (Rename method)
F 2020.10.04 12:30:27 - No server available.
. 2020.10.04 12:30:27 - Flushing DNS
. 2020.10.04 12:31:17 - Updating systems & servers data ...
. 2020.10.04 12:31:19 - Systems & servers data update completed
. 2020.10.04 12:41:20 - Updating systems & servers data ...
. 2020.10.04 12:41:21 - Systems & servers data update completed

I was disconnected from Airvpn and ipleak.net revealed my real IP&DNS addresses...

Share this post


Link to post

Those things tend to happen if you don't enable Network Lock. Eddie's got a big button saying "Activate Network Lock" when you launch it. If you don't, people can expect you to take care of yourself (i.e., you know what you are doing).


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Thank you giganerd for the quick response! Currently, I am using the Airvpn command line interface, as I was previously unable to get Eddie working on my system (separate issue). Is there an equivalent -command for activating the network lock? Or a list of commands available for use with the cli?

Thanks!

Share this post


Link to post

Tried man eddie-ui?

       --netlock
              Network lock automatically at startup. Default: False

.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Hmmm I tried that and ran into some trouble, but luckily I found this post where another user shared my problem:

https://airvpn.org/forums/topic/46522-eddie-cli-how-to-use/

So I just took their suggested solution and went with hummingbird (which has network-lock on by default) and it is working great so far!
Here is the kind of help page I was searching for in the first place (others can find this to be useful):
 

Running the Hummingbird Client

Run hummingbird and display its help in order to become familiar with its options. From your terminal window issue this command:

    sudo ./hummingbird --help

After having entered your root account password, hummingbird responds with:

    Hummingbird - AirVPN OpenVPN 3 Client 1.0.3 - 3 June 2020

    usage: ./hummingbird [options] <config-file> [extra-config-directives...]
    --help, -h : show this help page
    --version, -v : show version info
    --eval, -e : evaluate profile only (standalone)
    --merge, -m : merge profile into unified format (standalone)
    --username, -u : username
    --password, -p : password
    --response, -r : static response
    --dc, -D : dynamic challenge/response cookie
    --cipher, -C : encrypt packets with specific cipher algorithm (alg)
    --proto, -P : protocol override (udp|tcp)
    --server, -s : server override
    --port, -R : port override
    --tcp-queue-limit, -l : size of TCP packet queue (1-65535, default 512)
    --ncp-disable, -n : disable negotiable crypto parameters
    --network-lock, -N : network filter and lock mode (on|iptables|nftables|pf|off, default on)
    --gui-version, -E : set custom gui version (text)
    --ignore-dns-push, -i : ignore DNS push request and use system DNS settings
    --ipv6, -6 : combined IPv4/IPv6 tunnel (yes|no|default)
    --timeout, -t : timeout
    --compress, -c : compression mode (yes|no|asym)
    --pk-password, -z : private key password
    --tvm-override, -M : tls-version-min override (disabled, default, tls_1_x)
    --tcprof-override, -X : tls-cert-profile override (legacy, preferred, etc.)
    --proxy-host, -y : HTTP proxy hostname/IP
    --proxy-port, -q : HTTP proxy port
    --proxy-username, -U : HTTP proxy username
    --proxy-password, -W : HTTP proxy password
    --proxy-basic, -B : allow HTTP basic auth
    --alt-proxy, -A : enable alternative proxy module
    --cache-password, -H : cache password
    --no-cert, -x : disable client certificate
    --def-keydir, -k : default key direction ('bi', '0', or '1')
    --ssl-debug : SSL debug level
    --auto-sess, -a : request autologin session
    --auth-retry, -Y : retry connection on auth failure
    --persist-tun, -j : keep TUN interface open across reconnects
    --peer-info, -I : peer info key/value list in the form K1=V1,K2=V2,...
    --gremlin, -G : gremlin info (send_delay_ms, recv_delay_ms, send_drop_prob, recv_drop_prob)
    --epki-ca : simulate external PKI cert supporting intermediate/root certs
    --epki-cert : simulate external PKI cert
    --epki-key : simulate external PKI private key
    --recover-network : recover network settings after a crash or unexpected exit

    Open Source Project by AirVPN (https://airvpn.org)

    Linux and macOS design, development and coding by ProMIND

    Special thanks to the AirVPN community for the valuable help,
    support, suggestions and testing.

Hummingbird needs a valid OpenVPN profile in order to connect to a server. You can create an OpenVPN profile by using the config generator available at AirVPN website in your account's Client Area
Start a connection

    sudo ./hummingbird your_openvpn_file.ovpn

Stop a connection

Type CTRL+C in the terminal window where hummingbird is running. The client will initiate the disconnection process and will restore your original network settings according to your options.
Start a connection with a specific cipher

    sudo ./hummingbird --ncp-disable --cipher CHACHA20-POLY1305 your_openvpn_file.ovpn

Please note: in order to properly work, the server you are connecting to must support the cipher specified with the --cipher option. If you wish to use CHACHA20-POLY1305 cipher, you can find AirVPN servers supporting it in our real time servers monitor: they are marked in yellow as "Experimental ChaCha20".
Disable the network filter and lock

    sudo ./hummingbird --network-lock off your_openvpn_file.ovpn

Ignore the DNS servers pushed by the VPN server

    sudo ./hummingbird --ignore-dns-push your_openvpn_file.ovpn

Please note: the above options can be combined together according to their use and function.
Network Filter and Lock

Hummingbird's network filter and lock natively uses iptables, iptables-legacy, nftables and pf in order to provide a "best effort leak prevention". Hummingbird will automatically detect and use the infrastructure available on your system.

You can also override this default behavior by manually selecting your preferred firewall by using --network-lock option, which defaults to on and, in this specific case, hummingbird will automatically detect and use the firewall installed on your system by using this specific priority: iptables-legacy, iptables, nftables and finally pf.

In case you want to force the use of a specific firewall, you can do that by specifying its name in the --network-lock option. For example, in case you want to force hummingbird to use nftables, you can specify --network-lock nftables. Please note the firewall must be properly installed on your system.

Also note in case both iptables and iptables-legacy are installed on your system, hummingbird will use iptables-legacy.

Note on nftables: Nftables rules created and issued by Hummingbird follow the specification and behavior of nftables version 0.9. In case you detect nftables errors or it seems to not be working properly, please check nftables installed on your system and make sure it is compatible with 0.9 specifications.

Please note: Linux services firewalld and ufw may interfere with the hummingbird's network filter and lock and you are strongly advised to not issue any firewall related command while the VPN connection is active.
DNS Management in Linux

Hummingbird currently supports both resolv.conf and systemd-resolved service. It is also aware of Network Manager, in case it is running. While the client is running, you are strongly advised to not issue any resolved related command (such as resolvectl) or change the resolv.conf file in order to make sure the system properly uses DNS pushed by the VPN server. Please note: DNS system settings are not changed in case the client has been started with --ignore-dns-push. In this specific case, the connection will use your system's DNS.

Furthermore, please note that if your network interfaces are managed by Network Manager, DNS settings might be changed under peculiar circumstances during a VPN connection, even when DNS push had been previously accepted.
DNS Management in macOS

DNS setting and management is done through OpenVPN 3 native support
Recover Your Network Settings

In case hummingbird crashes or it is killed by the user (i.e. kill -9 `pidof hummingbird` ) as well as in case of system reboot while the connection is active, the system will keep and use all the network settings determined by the client; therefore, your network connection will not work as expected, every connection is refused and the system will seem to be "network locked". To restore and recover your system network, you can use the client with the --recover-network option.

    sudo ./hummingbird --recover-network

Please note in case of crash or unexpected exit, when you subsequently run hummingbird it will warn you about the unexpected exit and will require you to run it again with the --recover-network option. It will also refuse to start any connection until the network has been properly restored and recovered.
 

Share this post


Link to post

Yeah, eddie-cli is just a byproduct of Eddie-UI development, not really written for the console. Hummingbird on the other hand is. I would've suggested Hummingbird sometime later, anyway. :)
Enjoy!


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...