Jump to content
Not connected, Your IP: 3.219.31.204
Staff

LINUX new software: AirVPN Suite 1.0 beta

Recommended Posts

Hello!

We're very glad to introduce a new software suite for Linux which is ready for public beta testing.

The suite includes the well known Hummingbird software, updated to the latest OpenVPN AirVPN library, and introduces for the first time a D-Bus controlled, real daemon, Bluetit, as well as a command line client, Goldcrest, to interact with Bluetit.


New architecture


The client-daemon architecture we introduce for the first time in our software offers a more robust security model and provides system administrators with a fine-grained, very flexible access control.

Bluetit is fully integrated with AirVPN. The daemon is accessed through a D-Bus interface by providing specific methods and interface in order to give full support to OpenVPN connection and AirVPN functionality, including - but not limited to - quick automatic connection to the best AirVPN server for any specific location as well as any AirVPN server or country.


New OpenVPN 3 library features


Starting from version 1.0 beta 2, Hummingbird and Bluetit are linked against a new version of our OpenVPN 3 library which supports directive data-ciphers: it can be used consistently with OpenVPN 2.5 syntax in OpenVPN profiles.

The directive allows OpenVPN 3 based software to negotiate a common Data Channel cipher with the OpenVPN server,, updating therefore our library to ncp-like negotiation with OpenVPN 2 branch. Hummingbird and Bluetit are already linked against the new library version, while Eddie Android edition will be updated in the near future.

The new library also includes a different handling of IV_CIPHERS variable, fixing OpenVPN main branch issues causing a plethora of problems with OpenVPN 2.5. The implementation, at the same time, takes care of full backward compatibility with OpenVPN versions older than 2.5.

ncp-disable directive, which to date has never been implemented in the main  branch, is still supported, in order to further enhance backward compatibility with both OpenVPN profiles and servers, as well as connection flexibility with servers running older than 2.5 OpenVPN versions.
 

Please note that if you enforce a specific Data Channel cipher by means of Bluetit configuration file, Hummingbird line option, or Goldcrest configuration file and/or line option, the enforced Data Channel cipher will override data-ciphers profile directive.

 

Changelog 3.6.6 AirVPN  by ProMIND


- [ProMIND] [2020/11/02] openvpn/ssl/proto.hpp: IV_CIPHERS is set to the overridden cipher only
                         (both from client and/or OpenVPN profile) in order to properly work
                         with OpenVPN 2.5 IV_CIPHERS specifications. The old method of cipher
                         overriding by means of negotiable crypto parameters is still supported
                         in order to maintain compatibility with OpenVPN < 2.5.0
- [ProMIND] [2020/11/24] added "data-ciphers" directive to profile config .ovpn files in order
                         to comply to OpenVPN 2.5 negotiable data cipher specifications. In case
                         "data-ciphers" is found in the .ovpn files IV_CIPHERS is assigned to the
                         algorithms found in "data-ciphers". In this specific case, "cipher"
                         directive is used as a fallback cipher and, if not already specified in
                         "data-ciphers", is appended to IV_CIPHERS

 

 

Coming soon


When we get out of the beta testing, we plan to document Bluetit interface to let anyone write a custom client and talk with the daemon.

Furthermore, Goldcrest will evolve in the near future and will include an ncurses based TUI which will be very comfortable when you don't want to rely on command line options while a new Bluetit client, based on Qt, will be developed in the future, for those who prefer a GUI.
 

Notes on systemd-resolved


Version 1.0.0 beta 2 fixes a serious issue on systemd based systems running concurrently systemd-resolved and network-manager, for example Fedora 33 in its default configuration.

In Fedora 33 systemd-resolved comes pre-configured to work in "on-link" mode and network-manager works together with it.

This very peculiar, Windows-like setup finally kills Linux global DNS handling, adding to it those so far missing DNS leaks which made every Windows user nightmares more colorful. Any Microsoft system lacking the very concept of global DNS is now emulated, for an outstanding 30 years back time travel.. However, Hummingbird and Bluetit take care of preventing the brand new DNS leaks potentially caused by such smart setup, giving back Fedora + VPN users more peaceful nights.

Also note that systemd-resolved comes pre-configured with fallback DNS (Google DNS is a systemd-resolved default fallback DNS, smart choices pile up!) which will be queried if each interface DNS server fails some resolution. In such a case, if and only if you have Network Lock enabled DNS leaks will be prevented.
 

Supported systems


The suite is currently available for Linux x86-64, i686 (32 bit distributions), arm7l (for example Raspbian and other ARM 32 bit based systems) and aarch64 (ARM 64 bit).

Please note that the source code will be published with the stable release as usual. The software will be licensed under GPLv3.
 

Overview and main features

 
  • AirVPN’s free and open source OpenVPN 3 suite based on AirVPN’s OpenVPN 3 library fork
  • Version 1.0.0 Beta 2 - Relase date 27 November 2020
  • Bluetit: lightweight D-Bus controlled system daemon providing full connectivity to AirVPN servers and generic OpenVPN servers
  • Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN servers
  • Hummingbird: lightweight and standalone client for generic OpenVPN server connection
  • Linux i686, x86-64, arm7l and arm64 (Raspberry) support
  • Full integration with systemd, SysVStyle-init and chkconfig
  • No heavy framework required, no GUI
  • Tiny RAM footprint
  • Lightning fast
  • Based on OpenVPN 3 library fork by AirVPN version 3.6.6 with tons of critical bug fixes from the main branch, new cipher support and never seen before features
  • ChaCha20-Poly1305 cipher support on both Control and Data Channel providing great performance boost on ARM, Raspberry PI and any Linux based platform not supporting AES-NI. Note: ChaCha20 support for Android had been already implemented in our free and open source Eddie Android edition
  • Robust leaks prevention through Network Lock based either on iptables, nftables or pf through automatic detection
  • Proper handling of DNS push by VPN servers, working with resolv.conf as well as any operational mode of systemd-resolved additional features
 

Full documentation:


README.md

Download links:

Linux x86-64: https://eddie.website/repository/AirVPN-Suite/1.0-beta2/AirVPN-Suite-x86_64-1.0.0-Beta-2.tar.gz
Linux x-86-64 sha512 check file: https://eddie.website/repository/AirVPN-Suite/1.0-beta2/AirVPN-Suite-x86_64-1.0.0-Beta-2.tar.gz.sha512

Linux i686: https://eddie.website/repository/AirVPN-Suite/1.0-beta2/AirVPN-Suite-i686-1.0.0-Beta-2.tar.gz
Linux i686 sha512 check file: https://eddie.website/repository/AirVPN-Suite/1.0-beta2/AirVPN-Suite-i686-1.0.0-Beta-2.tar.gz.sha512

Linux arm7l: https://eddie.website/repository/AirVPN-Suite/1.0-beta2/AirVPN-Suite-armv7l-1.0.0-Beta-2.tar.gz
Linux arm7l sha512 check file: https://eddie.website/repository/AirVPN-Suite/1.0-beta2/AirVPN-Suite-armv7l-1.0.0-Beta-2.tar.gz.sha512

Linux aarch64: https://eddie.website/repository/AirVPN-Suite/1.0-beta2/AirVPN-Suite-aarch64-1.0.0-Beta-2.tar.gz
Linux aarch64 sha512 check file: https://eddie.website/repository/AirVPN-Suite/1.0-beta2/AirVPN-Suite-x86_64-1.0.0-Beta-2.tar.gz.sha512

 
Please report bugs and any problem in this thread, thank you!

Kind regards
AirVPN Staff
 

Share this post


Link to post

Good that there are developments for Linux.
Installed it, but using it is still too complicated for me.
So I'm going back to the "old" hummingbird.
Question, how can I remove the package?

Colorman

Share this post


Link to post
@colorman

Hello!

Please note that Goldcrest commands are a superset of Hummingbird commands, so potentially you can use Goldcrest as it were Hummingbird, but in a more robust architecture (just remember that Golcrest must be run by a user in airvpn group, of course).

Hummingbird is anyway included in the suite.

In general, using Goldcrest and Bluetit is way simpler because you don't need to have pre-generated profiles (you can bypass the Configuration Generator completely) and much more secure because you don't need to run Goldcrest from a user that must be able to gain superuser privileges.

Which issues did you experience exactly, if you don't mind?

An uninstall script will be provided in the near future.

In order to delete the programs and disable everything in a systemd  based system enter the following commands (have root privileges):
 
systemctl stop bluetit.service
systemctl disable bluetit.service
rm /etc/systemd/system/bluetit.service
rm (/usr/local/bin|/usr/bin)/goldcrest
rm /sbin/bluetit
rm /etc/airvpn/*
rm /etc/dbus-1/systemd/org.airvpn.*
systemctl reload dbus.service

Kind regards
 

Share this post


Link to post
4 minutes ago, Staff said:
@colorman

Which issues did you experience exactly, if you don't mind?


 
I was too optimistic, thought of an improved GUI like Eddie, but for linux ....
At the moment it is not clear to me how it really works, I have tried everything but I can't figure it out yet.
So wait a while .....
Thanks for the uninstall commands.
 

Share this post


Link to post
@colorman

Hello!

For that you will need to wait for the client software with a Qt based GUI (Firecrest) which will interact with Bluetit as well, or the ncurses based TUI of Goldcrest will be fine for you, perhaps. Stay tuned. :)

Kind regards

 

Share this post


Link to post

The readme is actually quite extensive and explains how to configure it in a lot of detail... up until I have to compile it, anyway! Then I got lost, although that's because of my inexperience of compiling from source.

Tried installing it on the beta Raspberry Pi OS 64bit image and it's missing certain libraries (GLIBC_2.29, GLIBCXX_3.4.26, to be precise).... Will give it a go on the 32bit OS... when I have time again!

Share this post


Link to post
@sooprtruffaut

Hello and thank you!

Watch out! Source code is not available during beta testing. As usual we will make it available with the stable release.

Raspberry Pi OS 64 bit actually has old libraries and the suite will not run in it, we're sorry. When Raspberry OS 64 bit beta testing is over, we plan to support it as well.

Kind regards
 

Share this post


Link to post
Posted ... (edited)
On 11/19/2020 at 5:08 PM, colorman said:

Question, how can I remove the package?


For the Arch users among us, I wrote a simple PKGBUILD to allow quick install, future upgrading and removal. Nothing serious, but you may use it. Simple means, it's not on AUR or something; let's wait for the release before uploading it there. :)
PKGBUILD.tar

$ tar -x PKGBUILD.tar
$ makepkg
$ sudo pacman -U *.tar.zst

. Edited ... by OpenSourcerer
Updated for Beta 2

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post
@Staff
When enabled in goldcrest.rc, IPv6 is falsely detected as unsupported:

$ sudo goldcrest -O -S Mesarthim
2020-11-20 10:35:48 Reading run control directives from file /root/.config/goldcrest.rc
Goldcrest 1.0.0 Beta 1 - 18 November 2020

2020-11-20 10:35:48 Bluetit - AirVPN OpenVPN 3 Service 1.0.0 Beta 1 - 18 November 2020
2020-11-20 10:35:48 OpenVPN core 3.6.6 AirVPN linux x86_64 64-bit
2020-11-20 10:35:48 Bluetit is ready
2020-11-20 10:35:48 Bluetit options successfully reset
2020-11-20 10:35:48 ERROR: IPv6 is not available in this system

$ip -o -6 a
1: lo    inet6 ::1/128 scope host \       valid_lft forever preferred_lft forever
2: enp39s0    inet6 2003:[…]/64 scope global temporary dynamic \       valid_lft 6843sec preferred_lft 1443sec
2: enp39s0    inet6 2003:[…]/64 scope global dynamic mngtmpaddr noprefixroute \       valid_lft 6843sec preferred_lft 1443sec
2: enp39s0    inet6 fe80::433c:773a:8904:118d/64 scope link noprefixroute \       valid_lft forever preferred_lft forever


Failing if air-ipv6 and/or ipv6 are set to on. goldcrest.rc:

#
# goldcrest runcontrol file
#

# air-server            Mesarthim
# air-tls-mode          <auto|auth|crypt>
air-ipv6                on
air-user                OpenSourcerer
air-password            <that's my password, eh!>
air-key                 <that's my key name, eh!>
# cipher                <cipher_name>
proto                   udp
# server                <server_ip|server_url>
port                    443
# tcp-queue-limit       <n>
# ncp-disable           <yes|no>
network-lock            off
ignore-dns-push         yes
#ipv6                   on
# timeout               <seconds>
# compress              <yes|no|asym>
# proxy-host            <host_ip|host_url>
# proxy-port            <port>
# proxy-username        <proxy_username>
# proxy-password        <proxy_password>
# proxy-basic           <yes|no>
# alt-proxy             <yes|no>
# persist-tun           <on|off>


» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

Have goldcrest working, however have a question about it.
Now have goldcrest working as a user, added the airvpn group to my own group, is that the right way?
Thanks in advance, Colorman

Share this post


Link to post

Hello

I find this evolutuion very interesting.
I am going to check it soon on a Raspberry 3B+.

Do you plan to add  features like --up and --down existing on openvpn options ?

Thank you
 

Share this post


Link to post
7 hours ago, colorman said:

Have goldcrest working, however have a question about it.
Now have goldcrest working as a user, added the airvpn group to my own group, is that the right way?
Thanks in advance, Colorman


Hello!

We're glad to know it! Maybe you mean that you have added a specific user to group airvpn ?

If so: yes, the superuser decides who can access Bluetit (via Goldcrest, in this case) by adding any user to that group. It can be done even during the installation since the script will ask you about that. Of course you can later modify your choices by adding and removing users to/from airvpn group.

Therefore you, the superuser, can decide whether users authorized to access Goldcrest can also gain other privileges or not, for additional security.

If that was not what you meant, please feel free to elaborate.

Kind regards
 

Share this post


Link to post
@clebretonfr

Hello!

We might, but it's not planned for the current version, we're sorry. Those options must be approached with care because, as you probably know, they are an attack surface remarkable enlargement for a library and a daemon, as they allow execution of external scripts and binaries. As usual external execution of anything by a daemon must be minimized. We could consider a surrogate implementation into the client (Goldcrest at the moment) so that the external binary or script runs with the privileges of the user running the client. up and down directives are comfortable for very many purposes, hands down.

Kind regards


 

Share this post


Link to post

@staff

Hello

I have followed your instructions to install and have bluetit.service start at bootup.

On boot up of my linux system I get this :

peter@desktop:~/Desktop/VPN$ systemctl status bluetit.service 
● bluetit.service - AirVPN Bluetit Daemon
     Loaded: loaded (/etc/systemd/system/bluetit.service; enabled; vendor prese>
     Active: active (running) since Sat 2020-11-21 15:56:57 GMT; 19s ago
    Process: 606 ExecStart=/sbin/bluetit (code=exited, status=0/SUCCESS)
   Main PID: 652 (bluetit)
      Tasks: 2 (limit: 9293)
     Memory: 12.7M
     CGroup: /system.slice/bluetit.service
             └─652 /sbin/bluetit

Nov 21 15:56:57 desktop systemd[1]: Started AirVPN Bluetit Daemon.
Nov 21 15:56:57 desktop bluetit[652]: Successfully connected to D-Bus
Nov 21 15:56:57 desktop bluetit[652]: Reading run control directives from file >

####Nov 21 15:56:57 desktop bluetit[652]: IPv6 is not available in this system #####


Nov 21 15:56:57 desktop bluetit[652]: System country set to GB by Bluetit polic>
Nov 21 15:56:57 desktop bluetit[652]: Bluetit successfully initialized and ready
Nov 21 15:56:57 desktop bluetit[652]: AirVPN Manifest updater thread started
Nov 21 15:56:57 desktop bluetit[652]: AirVPN Manifest update interval is 15 min>
Nov 21 15:56:57 desktop bluetit[652]: Updating AirVPN Manifest
Nov 21 15:56:57 desktop bluetit[652]: AirVPN Manifest successfully retrieved fr>

If I try to start goldcrest :

peter@desktop:~/Desktop/VPN$ sudo goldcrest --air-connect --air-country GB --cipher CHACHA20-POLY1305 --air-6to4 on --network-lock nftables
[sudo] password for peter: 
2020-11-21 15:57:41 Reading run control directives from file /root/.config/goldcrest.rc
Goldcrest 1.0.0 Beta 1 - 18 November 2020

2020-11-21 15:57:41 Bluetit - AirVPN OpenVPN 3 Service 1.0.0 Beta 1 - 18 November 2020
2020-11-21 15:57:41 OpenVPN core 3.6.6 AirVPN linux x86_64 64-bit
2020-11-21 15:57:41 Bluetit is ready
2020-11-21 15:57:41 Bluetit options successfully reset
####2020-11-21 15:57:41 ERROR: IPv6 is not available in this system  #############

if I do :

peter@desktop:~/Desktop/VPN$ systemctl restart bluetit.service


I then get :

peter@desktop:~/Desktop/VPN$ systemctl status bluetit.service 
● bluetit.service - AirVPN Bluetit Daemon
     Loaded: loaded (/etc/systemd/system/bluetit.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2020-11-21 16:01:32 GMT; 51s ago
    Process: 14041 ExecStart=/sbin/bluetit (code=exited, status=0/SUCCESS)
   Main PID: 14043 (bluetit)
      Tasks: 2 (limit: 9293)
     Memory: 3.1M
     CGroup: /system.slice/bluetit.service
             └─14043 /sbin/bluetit

Nov 21 16:01:32 desktop bluetit[14043]: Successfully connected to D-Bus
Nov 21 16:01:32 desktop bluetit[14043]: Reading run control directives from file /etc/airvpn/bluetit.rc

#######Nov 21 16:01:32 desktop bluetit[14043]: IPv6 is  available in this system    ###################

Nov 21 16:01:32 desktop bluetit[14043]: System country set to GB by Bluetit policy.
Nov 21 16:01:32 desktop bluetit[14043]: Bluetit successfully initialized and ready
Nov 21 16:01:32 desktop systemd[1]: Started AirVPN Bluetit Daemon.
Nov 21 16:01:32 desktop bluetit[14043]: AirVPN Manifest updater thread started
Nov 21 16:01:32 desktop bluetit[14043]: AirVPN Manifest update interval is 15 minutes
Nov 21 16:01:32 desktop bluetit[14043]: Updating AirVPN Manifest
Nov 21 16:01:33 desktop bluetit[14043]: AirVPN Manifest successfully retrieved from server

Goldcrest will then start properly and successfully.

I have not altered the bluetit.service file in any way after installation.

Is there something I can add to the bluetit.service file to get bluetit to start up properly on boot ?

thanks
pjnsmb
 

Share this post


Link to post
@pjnsmb

Hello and thank you for your tests!

It seems that Bluetit started properly at boot, but the error "IPv6 is not available in this system" may be a bug, perhaps the same bug detected by @OpenSourcerer Developers are aware of the issue and should resolve it very soon.

Can you please tell us your Linux distribution name and version?

As a side note, why running Goldcrest with superuser privileges? By doing so you might jeopardize a portion of the security model provided by the client-daemon architecture. You can run Goldcrest without root privileges, by any user in group airvpn

Kind regards


 

Share this post


Link to post

Nice, sounds like a more robust implementation compared to hummingbird (which I'm currently using with a systemd service unit). I'll give AirVPN Suite a try in the next few days.

@Staff
In READ.ME file, line 444, isn't it supposed to be ipleak.net instead of ipleak.org?

Share this post


Link to post
@183aTr78f9o
 
Quote

Nice, sounds like a more robust implementation compared to hummingbird (which I'm currently using with a systemd service unit). I'll give AirVPN Suite a try in the next few days.



Thank you, we will be looking forward to hearing about your tests!
 
Quote

In READ.ME file, line 444, isn't it supposed to be ipleak.net instead of ipleak.org?


Yes, thank you, we fixed it as well as an atrocious "the your computer", we apologize. 😅

Kind regards
 

Share this post


Link to post
@Staff

So far so good on Arch Linux.

I also created another systemd service unit to automatically connect at boot without having to run any goldcrest command manually in the terminal:
 
/etc/systemd/system/goldcrest.service:
 
[Unit]
Wants=network-online.target
After=network-online.target

[Service]
ExecStart=/usr/local/bin/goldcrest [options]

[Install]
WantedBy=multi-user.target


I've been using the same method to connect with hummingbird and it works as expected.

Is there anything wrong using that additional systemd service unit assuming I want my machine to be connected to an AirVPN server at boot without any manual intervention? could it cause any issue with Bluetit service?

Another question:

Is
 
$ goldcrest [my_config.ovpn]

as secure as
 
$ goldcrest -U [my_username] -P [my_password]

Assuming I stick with the extra systemd service unit, I'd rather use an .ovpn config file  instead of having my AirVPN username and password stored in pain text in goldcrest.rc or in the systemd service unit. Just wondering if the .ovpn file settings would interfere somehow.

Thanks in advance.

Share this post


Link to post

@staff

Thanks for the update
for your information my system is linux unstable :

System:
  Host: desktop Kernel: 5.9.9-towo.2-siduction-amd64 x86_64 bits: 64 
  Desktop: Cinnamon 4.6.7 
  Distro: siduction 18.3.0 Patience - cinnamon - (202010261730) 

p.s. oops on the example - I have been running goldcrest as a normal user not as root...........😳

regards
pjnsmb

 

Share this post


Link to post
16 hours ago, Staff said:
We're glad to know it! Maybe you mean that you have added a specific user to group airvpn ?
Therefore you, the superuser, can decide whether users authorized to access Goldcrest can also gain other privileges or not, for additional security.

If that was not what you meant, please feel free to elaborate.
 
Actually, I added user airvpn to my own group / home / g .....
Can do this in yast users and groups (openSUSE 15.2)
Now use goldcrest as user and not as root.
It remains to find out how everything works
By the way, use ./goldcrest .ovpn, other ways I have yet to invent.

ps,  Sorry, not awake yet, sent few replies without login

Share this post


Link to post

Just this error,

2020-11-24 13:39:02 ERROR: TUN_WRITE_ERROR
2020-11-24 13:39:02 TUN write exception: write_some: Input/output error
2020-11-24 13:39:02 ERROR: TUN_WRITE_ERROR
2020-11-24 13:39:07 TUN write exception: write_some: Input/output error
2020-11-24 13:39:07 ERROR: TUN_WRITE_ERROR
^C2020-11-24 13:58:08 Caught SIGTERM signal. Terminating.
2020-11-24 13:58:08 Bluetit is connected to VPN
2020-11-24 13:58:08 Requesting VPN connection termination to Bluetit
2020-11-24 13:58:08 sitnl_send: rtnl: generic error: No such process (-3)
2020-11-24 13:58:08 net_route_del: ::/1 via fde6:7a:7d20:142e::1 dev tun0 table 0 metric 0
2020-11-24 13:58:08 sitnl_send: rtnl: generic error: No such process (-3)
2020-11-24 13:58:08 net_route_del: 128.0.0.0/1 via 10.24.46.1 dev tun0 table 0 metric 0
2020-11-24 13:58:08 sitnl_send: rtnl: generic error: No such process (-3)
2020-11-24 13:58:08 net_route_del: 0.0.0.0/1 via 10.24.46.1 dev tun0 table 0 metric 0
2020-11-24 13:58:08 sitnl_send: rtnl: generic error: No such process (-3)
2020-11-24 13:58:08 net_addr_del: fde6:7a:7d20:142e::106c/64 dev tun0
2020-11-24 13:58:08 sitnl_send: rtnl: generic error: Cannot assign requested address (-99)
2020-11-24 13:58:08 net_addr_del: 10.24.46.110/24 dev tun0
2020-11-24 13:58:08 sitnl_send: rtnl: generic error: Cannot assign requested address (-99)
2020-11-24 13:58:08 net_iface_mtu_set: mtu 1500 for tun0
2020-11-24 13:58:08 net_iface_up: set tun0 down
2020-11-24 13:58:08 net_route_del: 213.152.162.71/32 via 192.168.178.1 dev eth0 table 0 metric 0
2020-11-24 13:58:08 sitnl_send: rtnl: generic error: No such process (-3)
2020-11-24 13:58:08 Error while executing NetlinkRoute6(add: 0) tun0: -3
Error while executing NetlinkRoute6(add: 0) tun0: -3
Error while executing NetlinkRoute4(add: 0) tun0: -3
Error while executing NetlinkRoute4(add: 0) tun0: -3
Error while executing NetlinkAddr6(add: 0) tun0: -99
Error while executing NetlinkAddr4(add: 0) tun0: -99
Error while executing NetlinkRoute4(add: 0) eth0: -3
2020-11-24 13:58:08 EVENT: DISCONNECTED
2020-11-24 13:58:08 Successfully restored DNS settings
2020-11-24 13:58:08 Network filter successfully restored
2020-11-24 13:58:08 VPN session terminated


 

Share this post


Link to post

.One reason why I love AirVPN is the dedication to open source and linux. Whenever I get into conversations with techies about VPNs, their picks fail in contrast to airvpn.
I think I will also wait for the GUI/qt version of this. I've been running Eddie for a long time now and am very familiar with it, the experimental builds seem to work quite nicely and one thing I've learned from being a 100% linux user the past few years is "if it works, don't mess with it."  I'll keep checking back for updates, thanks airvpn staff!

Share this post


Link to post

UPDATE 27 NOVEMBER 2020


We're glad to announce that new version 1.0.0 beta 2 has been released featuring new OpenVPN 3 library supporting data-ciphers directive. The suite also fixes DNS issues with systemd-resolved when it is actively operating in "on link" mode and concurrently with network-manager in systemd based systems (it happens for example in Fedora 33).

Please check the first message of the thread for a full overview and more details!

Kind regards & datalove
AirVPN Staff
 

Share this post


Link to post

IPv6 detection error is fixed but v6 routes are still not applied, leading to IPv6 leaks if NetLock is off. IPv6 rc values and console arguments only cause Bluetit to connect via v6.


» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...