Linux: AirVPN Suite 1.0.0 released

[Staff 9972]

Hello!

We're very glad to introduce a new software suite for Linux.

The suite includes the well known Hummingbird software, updated to the latest OpenVPN AirVPN library, and introduces for the first time a D-Bus controlled, real daemon, Bluetit, as well as a command line client, Goldcrest, to interact with Bluetit.
 

New architecture

The client-daemon architecture we introduce for the first time in our software offers a more robust security model and provides system administrators with a fine-grained, very flexible access control.

Bluetit is fully integrated with AirVPN. The daemon is accessed through a D-Bus interface by providing specific methods and interface in order to give full support to OpenVPN connection and AirVPN functionality, including - but not limited to - quick automatic connection to the best AirVPN server for any specific location as well as any AirVPN server or country. Connection during system bootstrap is fully supported as well.

New OpenVPN 3 library features

Hummingbird and Bluetit are linked against a new version of our OpenVPN 3 library which supports directive data-ciphers: it can be used consistently with OpenVPN 2.5 syntax in OpenVPN profiles.

The directive allows OpenVPN 3 based software to negotiate a common Data Channel cipher with the OpenVPN server,, updating therefore our library to ncp-like negotiation with OpenVPN 2 branch. Hummingbird and Bluetit are already linked against the new library version, while Eddie Android edition will be updated in the near future.

The new library also includes a different handling of IV_CIPHERS variable, fixing OpenVPN main branch issues which caused a plethora of problems with OpenVPN 2.5. The implementation, at the same time, takes care of full backward compatibility with OpenVPN versions older than 2.5.

ncp-disable directive, which to date has never been implemented in the main  branch, is still supported, in order to further enhance backward compatibility with both OpenVPN profiles and servers, as well as connection flexibility with servers running older than 2.5 OpenVPN versions.
 

Please note that if you enforce a specific Data Channel cipher by means of Bluetit configuration file, Hummingbird line option, or Goldcrest configuration file and/or line option, the enforced Data Channel cipher will override data-ciphers profile directive.

 

Changelog 3.6.6 AirVPN  by ProMIND

- [ProMIND] [2020/11/02] openvpn/ssl/proto.hpp: IV_CIPHERS is set to the overridden cipher only
                         (both from client and/or OpenVPN profile) in order to properly work
                         with OpenVPN 2.5 IV_CIPHERS specifications. The old method of cipher
                         overriding by means of negotiable crypto parameters is still supported
                         in order to maintain compatibility with OpenVPN < 2.5.0
- [ProMIND] [2020/11/24] added "data-ciphers" directive to profile config .ovpn files in order
                         to comply to OpenVPN 2.5 negotiable data cipher specifications. In case
                         "data-ciphers" is found in the .ovpn files IV_CIPHERS is assigned to the
                         algorithms found in "data-ciphers". In this specific case, "cipher"
                         directive is used as a fallback cipher and, if not already specified in
                         "data-ciphers", is appended to IV_CIPHERS

 

Notes on systemd-resolved

In Fedora 33 systemd-resolved comes pre-configured to work in "on-link" mode and network-manager works together with it.

This very peculiar, Windows-like setup kills Linux global DNS handling, causing those DNS leaks which previously occurred only on Windows. Hummingbird and Bluetit take care of preventing the brand new DNS leaks caused by such a setup.

Also note that systemd-resolved comes pre-configured with fallback DNS (Google DNS is a systemd-resolved default fallback DNS, smart choices pile up!) which will be queried if each interface DNS server fails some resolution. In such a case, if and only if you have Network Lock enabled will DNS leaks be prevented.
 

Supported systems

The suite is currently available for Linux x86-64, i686 (32 bit distributions), arm7l (for example Raspbian and other ARM 32 bit based systems) and aarch64 (ARM 64 bit).

AirVPN Suite is free and open source software licensed under GPLv3.
 

Overview and main features

 

• AirVPN’s free and open source OpenVPN 3 suite based on AirVPN’s OpenVPN 3 library fork
• Version 1.0.0 - Relase date 7 January 2021
• Bluetit: lightweight D-Bus controlled system daemon providing full connectivity to AirVPN servers and generic OpenVPN servers. Ability to connect the system to AirVPN during the bootstrap.
• Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN servers
• Hummingbird: lightweight and standalone client for generic OpenVPN server connection
• Linux i686, x86-64, arm7l and arm64 (Raspberry) support
• Full integration with systemd, SysVStyle-init and chkconfig
• No heavy framework required, no GUI
• Tiny RAM footprint
• Lightning fast
• Based on OpenVPN 3 library fork by AirVPN version 3.6.6 with tons of critical bug fixes from the main branch, new cipher support and never seen before features
• ChaCha20-Poly1305 cipher support on both Control and Data Channel providing great performance boost on ARM, Raspberry PI and any Linux based platform not supporting AES-NI. Note: ChaCha20 support for Android had been already implemented in our free and open source Eddie Android edition
• Robust leaks prevention through Network Lock based either on iptables, nftables or pf through automatic detection
• Proper handling of DNS push by VPN servers, working with resolv.conf as well as any operational mode of systemd-resolved additional features

 

User documentation (*) and source code:

https://gitlab.com/AirVPN/AirVPN-Suite

(*) Developer documentation to create custom software clients for Bluetit will be published in the near future.
 

Download links:

Linux x86-64: https://eddie.website/repository/AirVPN-Suite/1.0/AirVPN-Suite-x86_64-1.0.0.tar.gz
Linux x-86-64 sha512 check file: https://eddie.website/repository/AirVPN-Suite/1.0/AirVPN-Suite-aarch64-1.0.0.tar.gz.sha512

Linux i686: https://eddie.website/repository/AirVPN-Suite/1.0/AirVPN-Suite-i686-1.0.0.tar.gz
Linux i686 sha512 check file: https://eddie.website/repository/AirVPN-Suite/1.0/AirVPN-Suite-i686-1.0.0.tar.gz.sha512

Linux arm7l: https://eddie.website/repository/AirVPN-Suite/1.0/AirVPN-Suite-armv7l-1.0.0.tar.gz
Linux arm7l sha512 check file: https://eddie.website/repository/AirVPN-Suite/1.0/AirVPN-Suite-armv7l-1.0.0.tar.gz.sha512

Linux aarch64: https://eddie.website/repository/AirVPN-Suite/1.0/AirVPN-Suite-aarch64-1.0.0.tar.gz
Linux aarch64 sha512 check file: https://eddie.website/repository/AirVPN-Suite/1.0/AirVPN-Suite-aarch64-1.0.0.tar.gz.sha512

Kind regards
AirVPN Staff
 

[6gh54F4 0]

When trying to install using:
$ sudo sh ./install.sh

 

ERROR: D-Bus is not properly configured or not available

Installation aborted

 

OS: Arch Linux x86_64

Kernel: 5.10.6-arch1-1

I'm also using NetworkManager.

[Staff 9972]

@6gh54F4

Hello and thank you for your choice!

 In order to have the suite properly run, you need to install and configure the whole D-Bus infrastructure

The error message "ERROR: D-Bus is not properly configured or not available " is caused by the fact that D-Bus is not properly configured or installed. If it's not installed, please install it.

If it's installed, please make sure that it's active and running:

sudo systemctl enable dbus.service
sudo systemctl start dbus.service

https://wiki.archlinux.org/index.php/D-Bus

If D-Bus is already running but the problem persists, please re-contact us.

Kind regards
 

[6gh54F4 0]

Ok so it says D-Bus is ACTIVE (running) ...but it has error msgs:
 

Jan 15 08:03:14 desktop dbus-daemon[485]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.home1.service': Unit dbus-org.freedesktop.home1.service n>

If I run $ sudo systemctl enable dbus.service:

"The unit files have no installation config (WantedBy=, RequiredBy=, Also=,

Alias= settings in the [Install] section, and DefaultInstance= for template

units). This means they are not meant to be enabled using systemctl."

 

  Edited ... by 6gh54F4

[airvpnclient 13]

Cool!  Works perfectly on OSMC media box for Rpi.

I see there is now a declaration in the bluetit run control file to bring up the vpn, firewall, dns on boot.  Yay!

With hummingbird, I had recently encountered a problem that --recover-network options would not solve.  Apparently it did something NOT GOOD that persisted, so I thought I'd check on the status of the AirVPN Suite just in time to test 1.0 (beta).

Installing the Suite was a breeze following the excellent documentation on GitLab (not GitHub, thank you very much).

It brought the server to a secure state on boot as required.  Great work.  In the interest of the project, here is some data:

Readily fills a 15/10 pipe: https://www.speedtest.net/result/c/7b37a1b6-f19e-45ad-b49d-3acee84bb148


While not over-stressing the server:


Below find the journalctl |grep bluetit output on first boot after installing AirVPN Suite 1.0 on this rpi media box:

System:    Host: osmc Kernel: 4.19.122-2-osmc armv7l bits: 32 Console: N/A Distro: OSMC 2020.11-1 November 2020
Machine:   Type: ARM Device System: Raspberry Pi 2 Model B Rev 1.1 details: BCM2835 rev: a21041 serial: ******************
CPU:       Topology: Quad Core model: ARMv7 v7l variant: cortex-a7 bits: 32 type: MCP
           Speed: 900 MHz min/max: 600/900 MHz Core speeds (MHz): 1: 900 2: 900 3: 900 4: 900

Here is the log dump:

Jan 14 20:49:57 osmc bluetit[310]: Starting Bluetit - AirVPN OpenVPN 3 Service 1.0.0 - 7 January 2021
Jan 14 20:49:57 osmc bluetit[310]: OpenVPN core 3.6.6 AirVPN linux arm 32-bit
Jan 14 20:49:57 osmc bluetit[310]: Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved.
Jan 14 20:49:57 osmc bluetit[374]: Bluetit daemon started with PID 374
Jan 14 20:49:57 osmc bluetit[374]: Successfully connected to D-Bus
Jan 14 20:49:57 osmc bluetit[374]: Reading run control directives from file /etc/airvpn/bluetit.rc
Jan 14 20:49:57 osmc bluetit[374]: IPv6 is not available in this system
Jan 14 20:49:57 osmc bluetit[374]: System country set to ca by Bluetit policy.
Jan 14 20:49:57 osmc bluetit[374]: Bluetit successfully initialized and ready
Jan 14 20:49:58 osmc bluetit[374]: Starting AirVPN boot connection
Jan 14 20:49:58 osmc bluetit[374]: AirVPN Manifest updater thread started
Jan 14 20:49:58 osmc bluetit[374]: Waiting for a valid AirVPN Manifest to be available
Jan 14 20:49:58 osmc bluetit[374]: AirVPN Manifest update interval is 15 minutes
Jan 14 20:49:58 osmc bluetit[374]: Updating AirVPN Manifest
Jan 14 20:49:59 osmc bluetit[374]: AirVPN Manifest successfully retrieved from server
Jan 14 20:49:59 osmc bluetit[374]: Logging in AirVPN user airvpnclient
Jan 14 20:49:59 osmc bluetit[374]: AirVPN login error: Login error
Jan 14 20:49:59 osmc bluetit[374]: ERROR: AirVPN login failed for user airvpnclient
Jan 14 21:05:11 osmc bluetit[374]: Updating AirVPN Manifest
Jan 14 21:05:12 osmc bluetit[374]: AirVPN Manifest successfully retrieved from server
Jan 14 21:12:12 osmc sudo[901]:     osmc : TTY=pts/0 ; PWD=/home/osmc ; USER=root ; COMMAND=/usr/bin/nano /etc/airvpn/bluetit.rc
Jan 14 21:13:48 osmc bluetit[374]: Received SIGTERM signal. Terminating Bluetit.
Jan 14 21:13:48 osmc bluetit[374]: Received SIGTERM signal. Terminating Bluetit.
Jan 14 21:13:48 osmc bluetit[374]: ERROR: Manifest Updater Thread (future:2): std::future_error: Promise already satisfied
Jan 14 21:13:48 osmc systemd[1]: bluetit.service: Main process exited, code=killed, status=6/ABRT
Jan 14 21:13:48 osmc systemd[1]: bluetit.service: Failed with result 'signal'.
Jan 14 21:13:48 osmc bluetit[937]: Starting Bluetit - AirVPN OpenVPN 3 Service 1.0.0 - 7 January 2021
Jan 14 21:13:48 osmc bluetit[937]: OpenVPN core 3.6.6 AirVPN linux arm 32-bit
Jan 14 21:13:48 osmc bluetit[937]: Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved.
Jan 14 21:13:48 osmc bluetit[940]: Bluetit daemon started with PID 940
Jan 14 21:13:48 osmc bluetit[940]: Successfully connected to D-Bus
Jan 14 21:13:48 osmc bluetit[940]: Reading run control directives from file /etc/airvpn/bluetit.rc
Jan 14 21:13:48 osmc bluetit[940]: IPv6 is not available in this system
Jan 14 21:13:48 osmc bluetit[940]: System country set to ca by Bluetit policy.
Jan 14 21:13:48 osmc bluetit[940]: Bluetit successfully initialized and ready
Jan 14 21:13:48 osmc bluetit[940]: Starting AirVPN boot connection
Jan 14 21:13:48 osmc bluetit[940]: AirVPN Manifest updater thread started
Jan 14 21:13:48 osmc bluetit[940]: AirVPN Manifest update interval is 15 minutes
Jan 14 21:13:48 osmc bluetit[940]: Updating AirVPN Manifest
Jan 14 21:13:48 osmc bluetit[940]: Waiting for a valid AirVPN Manifest to be available
Jan 14 21:13:50 osmc bluetit[940]: AirVPN Manifest successfully retrieved from server
Jan 14 21:13:50 osmc bluetit[940]: Logging in AirVPN user airvpnclient
Jan 14 21:13:51 osmc bluetit[940]: User country set to ca by Bluetit policy.
Jan 14 21:13:51 osmc bluetit[940]: AirVPN user airvpnclient successfully logged in
Jan 14 21:13:51 osmc bluetit[940]: Selected user key: Default
Jan 14 21:13:51 osmc bluetit[940]: Starting connection to currently best AirVPN server in Canada
Jan 14 21:13:51 osmc bluetit[940]: OpenVPN3 client successfully created and initialized.
Jan 14 21:13:51 osmc bluetit[940]: TUN persistence is enabled.
Jan 14 21:13:51 osmc bluetit[940]: Successfully set OpenVPN3 client configuration
Jan 14 21:13:51 osmc bluetit[940]: Starting OpenVPN3 connection thread
Jan 14 21:13:51 osmc bluetit[940]: OpenVPN core 3.6.6 AirVPN linux arm 32-bit
Jan 14 21:13:51 osmc bluetit[940]: Connection statistics updater thread started
Jan 14 21:13:51 osmc bluetit[940]: Frame=512/2048/512 mssfix-ctrl=1250
Jan 14 21:13:51 osmc bluetit[940]: UNUSED OPTIONS
Jan 14 21:13:51 osmc bluetit[940]: EVENT: RESOLVE
Jan 14 21:13:51 osmc bluetit[940]: Network filter and lock is using iptables-legacy
Jan 14 21:13:51 osmc bluetit[940]: Successfully loaded kernel module iptable_filter
Jan 14 21:13:51 osmc bluetit[940]: Successfully loaded kernel module iptable_nat
Jan 14 21:13:51 osmc bluetit[940]: Successfully loaded kernel module iptable_mangle
Jan 14 21:13:51 osmc bluetit[940]: WARNING: Kernel module iptable_security not found. (-2)
Jan 14 21:13:51 osmc bluetit[940]: Successfully loaded kernel module iptable_raw
Jan 14 21:13:51 osmc bluetit[940]: Successfully loaded kernel module ip6table_filter
Jan 14 21:13:51 osmc bluetit[940]: WARNING: Kernel module ip6table_nat not found. (-2)
Jan 14 21:13:52 osmc bluetit[940]: Successfully loaded kernel module ip6table_mangle
Jan 14 21:13:52 osmc bluetit[940]: WARNING: Kernel module ip6table_security not found. (-2)
Jan 14 21:13:52 osmc bluetit[940]: Successfully loaded kernel module ip6table_raw
Jan 14 21:13:52 osmc bluetit[940]: Network filter successfully initialized
Jan 14 21:13:52 osmc bluetit[940]: Local IPv4 address 192.168.1.30
Jan 14 21:13:52 osmc bluetit[940]: Local interface eth0
Jan 14 21:13:52 osmc bluetit[940]: Setting up network filter and lock
Jan 14 21:13:52 osmc bluetit[940]: Allowing system DNS 192.168.1.1 to pass through the network filter
Jan 14 21:13:57 osmc bluetit[940]: Resolved server ca3.vpn.airdns.org into IPv4 184.75.214.165
Jan 14 21:13:57 osmc bluetit[940]: Adding IPv4 server 184.75.214.165 to network filter
Jan 14 21:13:57 osmc bluetit[940]: ERROR: Cannot activate network filter and lock
Jan 14 21:13:57 osmc bluetit[940]: Contacting 184.75.214.165:443 via TCPv4
Jan 14 21:13:57 osmc bluetit[940]: EVENT: WAIT
Jan 14 21:13:57 osmc bluetit[940]: net_route_best_gw query IPv4: 184.75.214.165/32
Jan 14 21:13:57 osmc bluetit[940]: sitnl_route_best_gw result: via 192.168.1.1 dev eth0
Jan 14 21:13:57 osmc bluetit[940]: net_route_add: 184.75.214.165/32 via 192.168.1.1 dev eth0 table 0 metric 0
Jan 14 21:13:57 osmc bluetit[940]: Connecting to [ca3.vpn.airdns.org]:443 (184.75.214.165) via TCPv4
Jan 14 21:13:57 osmc bluetit[940]: EVENT: CONNECTING
Jan 14 21:13:57 osmc bluetit[940]: Tunnel Options:V4,dev-type tun,link-mtu 1524,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client
Jan 14 21:13:57 osmc bluetit[940]: Peer Info:
Jan 14 21:13:57 osmc bluetit[940]: VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org CA/emailAddress=info@airvpn.org, signature: RSA-SHA1
Jan 14 21:13:57 osmc bluetit[940]: VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=Cephei/emailAddress=info@airvpn.org, signature: RSA-SHA512
Jan 14 21:13:58 osmc bluetit[940]: SSL Handshake: peer certificate: CN=Cephei, 4096 bit RSA, cipher: TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
Jan 14 21:13:58 osmc bluetit[940]: Session is ACTIVE
Jan 14 21:13:58 osmc bluetit[940]: EVENT: WARN TLS: received certificate signed with SHA1. Please inform your admin to upgrade to a stronger algorithm. Support for SHA1 signatures will be dropped in the future
Jan 14 21:13:58 osmc bluetit[940]: EVENT: GET_CONFIG
Jan 14 21:13:58 osmc bluetit[940]: Sending PUSH_REQUEST to server...
Jan 14 21:13:58 osmc bluetit[940]: OPTIONS:
Jan 14 21:13:58 osmc bluetit[940]: PROTOCOL OPTIONS:
Jan 14 21:13:58 osmc bluetit[940]: EVENT: ASSIGN_IP
Jan 14 21:13:58 osmc bluetit[940]: VPN Server has pushed IPv4 DNS server 10.13.115.1
Jan 14 21:13:58 osmc bluetit[940]: Setting pushed IPv4 DNS server 10.13.115.1 in resolv.conf
Jan 14 21:13:58 osmc bluetit[940]: net_iface_mtu_set: mtu 1500 for tun0
Jan 14 21:13:58 osmc bluetit[940]: net_iface_up: set tun0 up
Jan 14 21:13:58 osmc bluetit[940]: net_addr_add: 10.13.115.14/24 brd 10.13.115.255 dev tun0
Jan 14 21:13:58 osmc bluetit[940]: net_route_add: 0.0.0.0/1 via 10.13.115.1 dev tun0 table 0 metric 0
Jan 14 21:13:58 osmc bluetit[940]: net_route_add: 128.0.0.0/1 via 10.13.115.1 dev tun0 table 0 metric 0
Jan 14 21:13:58 osmc bluetit[940]: TunPersist: saving tun context:
Jan 14 21:13:58 osmc bluetit[940]: Connected via tun
Jan 14 21:13:58 osmc bluetit[940]: LZO-ASYM init swap=0 asym=1
Jan 14 21:13:58 osmc bluetit[940]: Comp-stub init swap=0
Jan 14 21:13:58 osmc bluetit[940]: EVENT: CONNECTED ca3.vpn.airdns.org:443 (184.75.214.165) via /TCPv4 on tun/10.13.115.14/ gw=[10.13.115.1/]
Jan 14 21:13:58 osmc bluetit[940]: Connected to currently best AirVPN server in Canada
Jan 14 21:13:58 osmc bluetit[940]: Server has pushed its own DNS. Removing system DNS from network filter.
Jan 14 21:13:58 osmc bluetit[940]: System DNS 192.168.1.1 is now rejected by the network filter
Jan 14 21:28:50 osmc bluetit[940]: Updating AirVPN Manifest
Jan 14 21:28:52 osmc bluetit[940]: AirVPN Manifest successfully retrieved from server
Jan 14 21:43:52 osmc bluetit[940]: Updating AirVPN Manifest
Jan 14 21:44:06 osmc bluetit[940]: AirVPN Manifest successfully retrieved from server

 

[Staff 9972]

@airvpnclient

Hello!

Thank you for your feedback, we're very pleased to read it.

However, we have found a problem in you log, unfortunately:

Jan 14 21:13:57 osmc bluetit[940]: ERROR: Cannot activate network filter and lock

We would like to investigate. Can you please give us your system iptables version?

Kind regards
 

[airvpnclient 13]

You are welcome.
 

root@osmc:/home/osmc# sudo iptables -h
iptables v1.8.2
...

[airvpnclient 13]

Rebooted running system and it came back up in a vulnerable state. - NOT GOOD since my torrent client did come up and start under the Eye of Sauron.
 

osmc@osmc:~$ sudo goldcrest --bluetit-status
2021-01-15 09:08:29 Reading run control directives from file /root/.config/goldcrest.rc
Goldcrest 1.0.0 - 7 January 2021

2021-01-15 09:08:29 Bluetit - AirVPN OpenVPN 3 Service 1.0.0 - 7 January 2021
2021-01-15 09:08:29 OpenVPN core 3.6.6 AirVPN linux arm 32-bit
2021-01-15 09:08:29 It seems Bluetit did not exit gracefully or has been killed.
Your system may not be working properly and your network connection may not work
as expected. To recover your network settings, run this program again and use
the "--recover-network" option.

# here is the associated journalctl|grep bluetit output from the reboot:

osmc@osmc:~$ journalctl |grep bluetit
Jan 15 09:01:48 osmc bluetit[298]: Starting Bluetit - AirVPN OpenVPN 3 Service 1.0.0 - 7 January 2021
Jan 15 09:01:48 osmc bluetit[298]: OpenVPN core 3.6.6 AirVPN linux arm 32-bit
Jan 15 09:01:48 osmc bluetit[298]: Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved.
Jan 15 09:01:48 osmc bluetit[372]: Bluetit daemon started with PID 372
Jan 15 09:01:48 osmc bluetit[372]: Successfully connected to D-Bus
Jan 15 09:01:48 osmc bluetit[372]: Reading run control directives from file /etc/airvpn/bluetit.rc
Jan 15 09:01:48 osmc bluetit[372]: IPv6 is not available in this system
Jan 15 09:01:48 osmc bluetit[372]: System country set to ca by Bluetit policy.
Jan 15 09:01:48 osmc bluetit[372]: Bluetit successfully initialized and ready
Jan 15 09:01:49 osmc bluetit[372]: Bluetit did not exit gracefully on its last run or has been killed.
Jan 15 09:01:49 osmc bluetit[372]: Run recover network procedure or restore system settings saved in /etc/airvpn
Jan 15 09:01:49 osmc bluetit[372]: Starting AirVPN boot connection
Jan 15 09:01:49 osmc bluetit[372]: AirVPN Manifest updater thread started
Jan 15 09:01:49 osmc bluetit[372]: AirVPN Manifest update interval is 15 minutes
Jan 15 09:01:49 osmc bluetit[372]: Updating AirVPN Manifest
Jan 15 09:01:49 osmc bluetit[372]: Waiting for a valid AirVPN Manifest to be available
Jan 15 09:01:50 osmc bluetit[372]: AirVPN Manifest successfully retrieved from server
Jan 15 09:01:50 osmc bluetit[372]: Logging in AirVPN user airvpnclient
Jan 15 09:01:50 osmc bluetit[372]: AirVPN login error: Login error
Jan 15 09:01:50 osmc bluetit[372]: ERROR: AirVPN login failed for user airvpnclient


# doing > goldcrest --recover-network as normal user gets me:

osmc@osmc:~$ sudo goldcrest --recover-network
2021-01-15 09:10:59 Reading run control directives from file /root/.config/goldcrest.rc
Goldcrest 1.0.0 - 7 January 2021

2021-01-15 09:10:59 Bluetit - AirVPN OpenVPN 3 Service 1.0.0 - 7 January 2021
2021-01-15 09:10:59 OpenVPN core 3.6.6 AirVPN linux arm 32-bit
2021-01-15 09:11:00 Successfully restored DNS and Network filter settings
2021-01-15 09:11:00 Successfully restored DNS settings
2021-01-15 09:11:00 Network filter successfully restored
2021-01-15 09:11:00 Bluetit session terminated
osmc@osmc:~$ sudo goldcrest --bluetit-status
2021-01-15 09:11:29 Reading run control directives from file /root/.config/goldcrest.rc
Goldcrest 1.0.0 - 7 January 2021

2021-01-15 09:11:29 Bluetit - AirVPN OpenVPN 3 Service 1.0.0 - 7 January 2021
2021-01-15 09:11:29 OpenVPN core 3.6.6 AirVPN linux arm 32-bit
2021-01-15 09:11:29 Bluetit is ready

Edited ... by airvpnclient
added why it is NOT GOOD

[Staff 9972]

@airvpnclient

Hello!

Let us try under OSMC latest release and reproduce the issue. In the meantime please open a ticket and, if you don't mind, send us your account password (in the ticket - you can then change it even immediately after you have sent it to us) as well as your bluetit.rc file.

About communications with Bluetit, default policy allows any user in group airvpn so you should not run Golcdrest with root privileges, just run it from any user in airvpn group.

Normally login failure at boot would not be a problem because Network Lock would be enforced anyway, but in this case we saw issues with Network Lock too. Did you disable Network Lock in bluetit.rc ?

We will keep you posted both here and in the ticket system.

Kind regards
 

[airvpnclient 13]

K.  Happy to help smooth out these bumps.  This is the latest OSMC with apt  full-upgrade run.  Watch for the ticket.

Quote

[oya 0]

Is it possible to make use of OpenVPN over SSL in goldcrest directly? If not, is integrating stunnel into goldcrest (and firecrest, once it's released) a planned feature?
I couldn't find any reference for establishing such a connection in the user documentation, udp & tcp seem to be the only options.

Downloading .ssl and .ovpn files for specific servers and starting the stunnel process manually seems rather clunky.
I really prefer how the Eddie client allows for SSL connections to any arbitrary AirVPN server by simply choosing said protocol in the settings.

[OpenSourcerer 1435]

On 1/15/2021 at 4:40 PM, Staff said:

Let us try under OSMC latest release and reproduce the issue. In the meantime please open a ticket and, if you don't mind, send us your account password (in the ticket - you can then change it even immediately after you have sent it to us) as well as your bluetit.rc file.

Probably a scam, then
"AirVPN Staff will never ask you for your password."

The "IPv6 is not available in your system" error is back. Cannot use v6 to connect to AirVPN again. air-ipv6, air-6to4 and ipv6 rc options all set to on, tried setting them to off and no via arguments but journalctl prints that bluetit still uses air-ipv6 (V) -> on.

No offense, but this is getting a little ridiculous now.

[Staff 9972]

3 hours ago, OpenSourcerer said:

The "IPv6 is not available in your system" error is back. Cannot use v6 to connect to AirVPN again. air-ipv6, air-6to4 and ipv6 rc options all set to on,
No offense, but this is getting a little ridiculous now.

Hello!
 
When Bluetit starts, it asks the kernel whether the IPv6 layer is available. Furthermore, Bluetit asks systemd to be run only after the network layer is up. If systemd launches Bluetit when IPv4 layer is up but IPv6 layer is not, Bluetit correctly is started by systemd and informed by the kernel that IPv6 is not available, and will not use it during its entire run life.

It is important not to rely on IPv6 when the kernel tells that it's not available, otherwise OpenVPN3 library will throw various, critical errors.

You first experienced this "problem", then you reported that it was resolved, then you again report that you experience the problem, but Bluetit code in that part has never changed between beta1 and final release, so what is ridiculous here? We can't understand your hostile attitude.

It comes to mind that the inconsistent behavior you report is due to the fact that Bluetit is run by systemd before the IPv6 layer is available, while when you did not detect the problem the IPv6 layer had already come up when Bluetit was started. Please check: if you find that starting Bluetit manually when the IPv6 layer is surely up does not cause the problem, then you have a confirmation of the above. Let us know.
 

Quote

tried setting them to off and no via arguments but journalctl prints that bluetit still uses air-ipv6 (V) -> on.

That seems correct and expected, as Goldcrest can't bypass bluetit.rc settings, by design based on very good reasons.

Kind regards
 

[Staff 9972]

@Acteon

Hello!

It's not planned at the moment. OpenVPN over an additional SSL/TLS tunnel is nowadays made obsolete by tls-crypt. Same block circumvention abilities, much higher performance.

NOTE: you can have Eddie run Hummingbird if you wish to use OpenVPN 3 AirVPN library while at the same time you want the ability to add an additional TLS tunnel by stunnel. Make sure to run Eddie 2.19.7 or higher version (older versions can't invoke Hummingbird 1.1.1 properly).

Kind regards
 

[Staff 9972]

@airvpnclient

Thanks! Ticket received and the matter is under investigation. We will update this thread too when we find anything relevant, for all readers.

Kind regards
 

[OpenSourcerer 1435]

Bluetit is not started with the system. It's started manually when needed, when IPv6 is unquestionably available.

I stopped bluetit and started it again 30 minutes later. Error is gone.
I'm done. No idea how to troubleshoot this.

[Staff 9972]

@OpenSourcerer

Hello!

Probably the kernel tells Bluetit that IPv6 layer is not available when you see the "problem". It's not enough that IPv6 is available locally in the system, of course (that's a pre-requisite only to tunnel IPv6 over IPv4). Can you give us the list and properties of all physical interfaces just before you start Bluetit with the "problem" and the exact distribution which you have this inconsistent behavior on?

Kind regards
 

[OpenSourcerer 1435]

X cut for privacy, as usual. This is when it works, to make a comparison possible.

$ nmcli device
DEVICE   TYPE      STATE            CONNECTION
enp39s0  ethernet  verbunden        Home       
lo       loopback  nicht verwaltet  --

$ nmcli device show enp39s0
GENERAL.DEVICE:                         enp39s0
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         X
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (verbunden)
GENERAL.CONNECTION:                     Home
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/2
WIRED-PROPERTIES.CARRIER:               an
IP4.ADDRESS[1]:                         192.168.110.23/24
IP4.GATEWAY:                            192.168.110.1
IP4.ROUTE[1]:                           dst = 0.0.0.0/0, nh = 192.168.110.1, mt = 100
IP4.ROUTE[2]:                           dst = 192.168.110.0/24, nh = 0.0.0.0, mt = 100
IP4.DNS[1]:                             192.168.110.22
IP4.DOMAIN[1]:                          fritz.box
IP6.ADDRESS[1]:                         2003:f5:X:f46a:5b13:daa5:35c7/64
IP6.ADDRESS[2]:                         2003:f5:X:c1d5:cfd:57cb:ac4e/64
IP6.ADDRESS[3]:                         fe80::433c:773a:8904:118d/64
IP6.GATEWAY:                            fe80::X (fritz.box)
IP6.ROUTE[1]:                           dst = 2003:f5::/56, nh = fe80::X, mt = 100
IP6.ROUTE[2]:                           dst = 2003:f5::/64, nh = ::, mt = 100
IP6.ROUTE[3]:                           dst = ::/0, nh = fe80::X, mt = 100
IP6.ROUTE[4]:                           dst = fe80::/64, nh = ::, mt = 100
IP6.ROUTE[5]:                           dst = ff00::/8, nh = ::, mt = 256, table=255
IP6.DNS[1]:                             fe80::X (pihole)

$ lspci -s 27:00
27:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8125 2.5GbE Controller

Will post another when I see the error popping up again. Unless you want output from another program.

[Staff 9972]

@OpenSourcerer

Hello!

The output is fine. We'll be waiting for the next one to compare. What is the exact distribution?

Kind regards
 

[OpenSourcerer 1435]

15 minutes ago, Staff said:

What is the exact distribution?

$ lsb_release -a
LSB Version:    1.4
Distributor ID: EndeavourOS
Description:    EndeavourOS Linux
Release:        rolling
Codename:       n/a

.

[Staff 9972]

@OpenSourcerer

OK.

Ideally take the output just before you run Bluetit, then, if the problem occurs, save that output.

Kind regards
 

[suroh 1]

On 1/14/2021 at 1:06 PM, Staff said:

@6gh54F4

Hello and thank you for your choice!

 In order to have the suite properly run, you need to install and configure the whole D-Bus infrastructure

The error message "ERROR: D-Bus is not properly configured or not available " is caused by the fact that D-Bus is not properly configured or installed. If it's not installed, please install it.

If it's installed, please make sure that it's active and running:

sudo systemctl enable dbus.service
sudo systemctl start dbus.service

https://wiki.archlinux.org/index.php/D-Bus

If D-Bus is already running but the problem persists, please re-contact us.

Kind regards
 

I'm also trying to install AirVpn suite and I'm getting this same error. I can confirm that I have dbus running, but the installer says "ERROR: D-Bus is not properly configured or not available". What should I configure?

[Staff 9972]

@6gh54F4
@suroh

Hello!

Can you please send us the installed D-Bus related packages in your system? Can you tell us whether, in your system:
/etc/dbus-1
/etc/dbus-1/system.d
/usr/share/dbus-1/system.d

exist or not?

@suroh, can you please specify your distribution too?

Kind regards


 

[suroh 1]

I am running Arch Linux, uname spits out  `5.10.8-arch1-1`
I only have `/usr/share/dbus-1/system.d`
 

[Staff 9972]

@suroh

Hello!

OK, please hold on, we will release a fixed installation script very soon.

If you want to edit install.sh for a dirty hot fix (let us know if it works):

1) Find the line:

if [ ! -d "/etc/dbus-1" ] || [ ! -d "/etc/dbus-1/system.d" ]; then

and replace it with

if [ ! -d "/etc/dbus-1/system.d" ] && [ ! -d "/usr/share/dbus-1/system.d" ]; then

2)

Find the lines:

cp etc/dbus-1/system.d/* /etc/dbus-1/system.d
chmod 644 /etc/dbus-1/system.d/org.airvpn.*

and replace them both with the following block of text:
 

if [ -d "/etc/dbus-1/system.d" ]; then
   cp etc/dbus-1/system.d/* /etc/dbus-1/system.d
   chmod 644 /etc/dbus-1/system.d/org.airvpn.*
fi

if [ -d "/usr/share/dbus-1/system.d" ]; then
   cp etc/dbus-1/system.d/* /usr/share/dbus-1/system.d
   chmod 644 /usr/share/dbus-1/system.d/org.airvpn.*
fi

Please note that the uninstall script will also have to be adapted (the fix will include a new uninstall.sh).

Kind regards