Jump to content
Not connected, Your IP: 18.217.26.8
Staff

Linux: AirVPN Suite 1.1.0 beta available

Recommended Posts

UPDATE 2021-04-07: 1.1.0 RELEASE CANDIDATE 1 IS AVAILABLE

UPDATE 2021-04-15: 1.1.0 RELEASE CANDIDATE 2 IS AVAILABLE
UPDATE 2021-04-17: 1.10 RELEASE CANDIDATE 3 IS AVAILABLE

UPDATE 2021-05-14: 1.10 RELEASE CANDIDATE 4 IS AVAILABLE
UPDATE 2021-06-04: 1.1.0 HAS BEEN RELEASED

 

Hello!


We're very glad to introduce a new AirVPN Suite version for Linux. Check supported systems below

The suite includes:

  • Bluetit: lightweight, ultra-fast D-Bus controlled system daemon providing full connectivity and integration to AirVPN servers, or generic OpenVPN servers. Bluetit can also enforce Network Lock and/or connect the system to AirVPN during the bootstrap
  • Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN servers
  • Hummingbird: lightweight and standalone binary for generic OpenVPN server connections

All the software is free and open source, licensed under GPLv3.

 

What's new in 1.1.0 version

 

  • full compatibility with OSMC, Open Source Media Center
  • enhanced compatibility with Raspbian
  • persistent Network Lock implementation, useful for example to enforce prompt Network Lock during system bootstrap and prevent traffic leaks caused by processes at bootstrap (**). Use directive networklockpersist in bluetit.rc to enable Network Lock as soon as Bluetit starts, regardless of network status and connection attempts
  • revisited Network Lock logic for additional safety
  • new directives for bluetit.rc: networklockpersist, connectretrymax and aircipher
  • enhanced DNS handling for peculiar systemd-resolved operational modes
  • more rigorous handling of events through semaphore implementation
  • new D-Bus methods for Network Lock aimed at easier control by clients. Developer's documentation will be published soon
  • crash caused by systemd signal flooding has been resolved
  • libcurl crash in OSMC and other systems has been fixed
  • crash in some 32 bit systems has been fixed
  • logical flaw causing Network Lock missed activation in case of account login failure has been fixed
  • various bug fixes
  • see the changelog below for more information and details
 

Important notes

(**) Ponder the option carefully if your machine needs network sync via NTP or other network services outside the VPN during the bootstrap phase
(***) Fedora 33 and openSUSE 15.2 users beware: we have noticed that in freshly installed Fedora 33 libcurl cannot find CA LetsEncrypt certificates and this will prevent Bluetit from detecting the country from ipleak.net. In this case, you can overcome this bug by using the country directive in bluetit.rc file, therefore avoiding the need to contact ipleak.net web site.
 

AirVPN Suite changelog

 

Version 1.1.0 RC 4 - 14 May 2021

  • [ProMIND] optionparser.cpp: added proper message errors in case of invalid argument and allocation memory error
  • [ProMIND] netfilter.cpp: systemBackupExists() now evaluate every firewall mode backup file name
  • [ProMIND] netfilter.cpp: restore() now check for every firewall mode backup and restore it accordingly
  • [ProMIND] netfilter.cpp: IPv6 rules are now allowed or added only in case IPv6 is available in the system


Version 1.1.0 RC 3 - 16 April 2021

  • [ProMIND] Updated to OpenVPN 3.7 AirVPN
  • [ProMIND] vpnclient.hpp: avoid netFilter setup in case NetFilter object is not private
  • [ProMIND] dbusconnector.cpp: fine tuned D-Bus wait cycle in R/W dispatch. Implemented a thread safe wait in order to avoid D-Bus timeout policy


Version 1.1.0 RC 1 - 7 April 2021

  • Release Candidate, no change from Beta 2


Version 1.1.0 Beta 2 - 2 April 2021

  • [ProMIND] localnetwork.cpp: added getDefaultGatewayInterface() method

Version 1.1.0 Beta 1 - 11 March 2021
 
  • [ProMIND] rcparser.cpp: removed formal list control for STRING type
  • [ProMIND] netfilter.hpp, netfilter.cpp: added functions to set the availability of specific iptables tables in order to properly use available tables only
  • [ProMIND] vpnclient.hpp: onResolveEvent() sets iptables tables according to the loaded modules
  • [ProMIND] vpnclient.hpp: Changed constructor in order to use both private and external NetFilter object
  • [ProMIND] localnetwork.cpp: added getLoopbackInterface(), getLocalIPaddresses() and getLocalInterfaces() methods
  • [ProMIND] airvpntools.cpp: added detectLocation() method to retrieve location data from ipleak.net
  • [ProMIND] airvpnuser.cpp: detectUserLocation() now uses AirVPNTools::detectLocation()
  • [ProMIND] airvpnuser.cpp: loadUserProfile() now correctly sets userProfileErrorDescription in case of network failure
  • [ProMIND] airvpnserverprovider.cpp: added "DEFAULT" rule to getUserConnectionPriority() in case user's country or continent is undefined
  • [ProMIND] airvpnmanifest.cpp: loadManifest() now correctly sets the status STORED in case of network failure
  • [ProMIND] Added Semaphore class
  • [ProMIND] dnsmanager.hpp: method revertAllResolved() renamed to restoreResolved(). Besides reverting all interfaces it now restarts systemd-resolved service as well.
  • [ProMIND] install.sh: improved update/upgrade process
 

Bluetit changelog
 

Version 1.1.0 RC 4 - 14 May 2021
  • [ProMIND] Added directives airipv6 and air6to4 in bluetit.rc
  • [ProMIND] In case it is requested a network recovery, VpnClient object is now initialized with NetFilter::Mode::OFF
  • [ProMIND] In case the requested network lock method is not available, connection is not started
  • [ProMIND] In case system location cannot be determined through ipleak.net, country is now properly set to empty, latitude and longitude to 0.
  • [ProMIND] Persistent network lock is enabled only in case Bluetit status is clean
  • [ProMIND] AirVPN boot connection is started only in case Bluetit status is clean
  • [ProMIND] DNS backup files are now properly evaluated when determining dirty status
  • [ProMIND] Added D-Bus commands "reconnect_connection" and "session_reconnect"

Version 1.1.0 Beta 2 - 2 April 2021
  • [ProMIND] Gateway and gateway interface check at startup. Bluetit won't proceed until both gateway and gateway interface are properly set up by the system
  • [ProMIND] Increased volume and rate data sizes for 32 bit architectures
  • [ProMIND] Added aircipher directive to bluetit.rc
  • [ProMIND] Added maxconnretries directive to bluetit.rc

Version 1.1.0 Beta 1 - 11 March 2021
  • [ProMIND] connection_stats_updater(): now uses server.getEffectiveBandWidth() for AIRVPN_SERVER_BANDWIDTH
  • [ProMIND] added bool shutdownInProgress to control bluetit exit procedure and avoid signal flooding
  • [ProMIND] system location is detected at boot time and eventually propagated to all AirVPN users
  • [ProMIND] Network lock and filter is now enabled and activated before AirVPN login procedure
  • [ProMIND] Added dbus methods "enable_network_lock", "disable_network_lock" and "network_lock_status"
  • [ProMIND] Renamed bluetit.rc directive "airconnectonboot" to "airconnectatboot"
  • [ProMIND] Added bluetit.rc directive "networklockpersist"
 

Goldcrest changelog


Version 1.1.2 RC 4 - 14 May 2021

  • [ProMIND] DNS backup files are now properly evaluated when determining dirty status
  • [ProMIND] ProfileMerge is now constructed by allowing any file extension
  • [ProMIND] Reconnection (SIGUSR2) is now allowed only in case tun persistence is enabled



Version 1.1.2 - 2 April 2021

  • [ProMIND] Updated base classes

Hummingbird changelog


Version 1.1.2 RC 4 - 14 May 2021

  • [ProMIND] DNS backup files are now properly evaluated when determining dirty status
  • [ProMIND] ProfileMerge is now constructed by allowing any file extension
  • [ProMIND] Reconnection (SIGUSR2) is now allowed only in case tun persistence is enabled

 


Architecture


The client-daemon architecture offered by Goldcrest and Bluetit combination offers a robust security model and provides system administrators with a fine-grained, very flexible access control.

Bluetit is fully integrated with AirVPN. The daemon is accessed through a D-Bus interface by providing specific methods and interface in order to give full support to OpenVPN connection and AirVPN functionality, including - but not limited to - quick automatic connection to the best AirVPN server for any specific location as well as any AirVPN server or country. Connection during system bootstrap is fully supported as well.

 

New OpenVPN 3 library features


Hummingbird and Bluetit are linked against a new version of our OpenVPN 3 library which supports directive data-ciphers: it can be used consistently with OpenVPN 2.5 syntax in OpenVPN profiles.

The directive allows OpenVPN 3 based software to negotiate a common Data Channel cipher with the OpenVPN server,, updating therefore our library to ncp-like negotiation with OpenVPN 2 branch. Hummingbird and Bluetit are already linked against the new library version, while Eddie Android edition will be updated in the near future.

The new library also includes a different handling of IV_CIPHERS variable, fixing OpenVPN main branch issues which caused a plethora of problems with OpenVPN 2.5. The implementation, at the same time, takes care of full backward compatibility with OpenVPN versions older than 2.5.

ncp-disable directive, which to date has never been implemented in the main  branch, is still supported, in order to further enhance backward compatibility with both OpenVPN profiles and servers, as well as connection flexibility with servers running older than 2.5 OpenVPN versions.

Please note that if you enforce a specific Data Channel cipher by means of Bluetit configuration file, Hummingbird line option, or Goldcrest configuration file and/or line option, the enforced Data Channel cipher will override data-ciphers profile directive.
 

Notes on systemd-resolved


In Fedora 33 systemd-resolved comes pre-configured to work in "on-link" mode and network-manager works together with it.

This very peculiar, Windows-like setup kills Linux global DNS handling, causing those DNS leaks which previously occurred only on Windows. Hummingbird and Bluetit take care of preventing the brand new DNS leaks caused by such a setup.

Also note that systemd-resolved comes pre-configured with fallback DNS (Google DNS is a systemd-resolved default fallback DNS, smart choices pile up!) which will be queried if each interface DNS server fails some resolution. In such a case, if and only if you have Network Lock enabled will DNS leaks be prevented.
 

Supported systems


The suite is currently available for Linux x86-64, i686 (32 bit distributions), arm7l (for example Raspbian, OSMC and other ARM 32 bit based systems) and aarch64 (ARM 64 bit). Both systemd and SysV-style init based systems are supported.

AirVPN Suite is free and open source software licensed under GPLv3.
 

Overview and main features

 
AirVPN’s free and open source OpenVPN 3 suite based on AirVPN’s OpenVPN 3 library fork
 
  • Bluetit: lightweight D-Bus controlled system daemon providing full connectivity to AirVPN servers and generic OpenVPN servers. Ability to connect the system to AirVPN during the bootstrap.
  • Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN servers
  • Hummingbird: lightweight and standalone client for generic OpenVPN server connection
  • Linux i686, x86-64, arm7l and arm64 (Raspberry) support
  • Full integration with systemd, SysV Style-init and chkconfig
  • No heavy framework required, no GUI
  • Tiny RAM footprint
  • Lightning fast
  • Based on OpenVPN 3 library fork by AirVPN version 3.6.6 with tons of critical bug fixes from the main branch, new cipher support and never seen before features
  • ChaCha20-Poly1305 cipher support on both Control and Data Channel providing great performance boost on ARM, Raspberry PI and any Linux based platform not supporting AES-NI. Note: ChaCha20 support for Android had been already implemented in our free and open source Eddie Android edition
  • Robust leaks prevention through Network Lock based either on iptables, nftables or pf through automatic detection
  • Proper handling of DNS push by VPN servers, working with resolv.conf as well as any operational mode of systemd-resolved additional features
 

User documentation (*) and source code:


https://gitlab.com/AirVPN/AirVPN-Suite

(*) Developer documentation to create custom software clients for Bluetit will be published in the near future.
 

Download links:

Linux x86-64: https://eddie.website/repository/AirVPN-Suite/1.1-RC4/AirVPN-Suite-x86_64-1.1.0-RC4.tar.gz
Linux x-86-64 sha512 check file: https://eddie.website/repository/AirVPN-Suite/1.1-RC4/AirVPN-Suite-x86_64-1.1.0-RC4.tar.gz.sha512

Linux i686: https://eddie.website/repository/AirVPN-Suite/1.1-RC4/AirVPN-Suite-i686-1.1.0-RC4.tar.gz
Linux i686 sha512 check file: https://eddie.website/repository/AirVPN-Suite/1.1-RC4/AirVPN-Suite-armv7l-1.1.0-RC4.tar.gz.sha5123

Linux arm7l: https://eddie.website/repository/AirVPN-Suite/1.1-RC4/AirVPN-Suite-armv7l-1.1.0-RC4.tar.gz
Linux arm7l sha512 check file: https://eddie.website/repository/AirVPN-Suite/1.1-RC4/AirVPN-Suite-armv7l-1.1.0-RC4.tar.gz.sha512

Linux aarch64: https://eddie.website/repository/AirVPN-Suite/1.1-RC4/AirVPN-Suite-aarch64-1.1.0-RC4.tar.gz
Linux aarch64 sha512 check file: https://eddie.website/repository/AirVPN-Suite/1.1-RC4/AirVPN-Suite-aarch64-1.1.0-RC4.tar.gz.sha512

Kind regards
AirVPN Staff

Share this post


Link to post

Thanks for the beta release, but unfortunately the crashes of the bluetit daemon are not resolved... 😥
See attached file for detailed log : bluetit.txt

pi@rPi3:~ $ systemctl status bluetit.service
● bluetit.service - AirVPN Bluetit Daemon
   Loaded: loaded (/etc/systemd/system/bluetit.service; enabled; vendor preset: enabled)
   Active: failed (Result: signal) since Fri 2021-03-12 13:57:22 CET; 7min ago
  Process: 615 ExecStart=/sbin/bluetit (code=exited, status=0/SUCCESS)
 Main PID: 656 (code=killed, signal=ABRT)

Mar 12 13:29:00 rPi3 bluetit[656]: Comp-stub init swap=0
Mar 12 13:29:00 rPi3 bluetit[656]: EVENT: CONNECTED 213.152.187.202:443 (213.152.187.202) via /UDPv4 on tun/10.7.50.244/ gw=[10.7.50.1/]
Mar 12 13:29:00 rPi3 bluetit[656]: Connected to AirVPN server Alphard, Alblasserdam (Netherlands)
Mar 12 13:29:00 rPi3 bluetit[656]: Server has pushed its own DNS. Removing system DNS from network filter.
Mar 12 13:29:00 rPi3 bluetit[656]: System DNS 8.8.8.8 is now rejected by the network filter
Mar 12 13:29:00 rPi3 bluetit[656]: System DNS 8.8.4.4 is now rejected by the network filter
Mar 12 13:44:10 rPi3 bluetit[656]: Updating AirVPN Manifest
Mar 12 13:44:10 rPi3 bluetit[656]: AirVPN Manifest successfully retrieved from server
Mar 12 13:57:22 rPi3 systemd[1]: bluetit.service: Main process exited, code=killed, status=6/ABRT
Mar 12 13:57:22 rPi3 systemd[1]: bluetit.service: Failed with result 'signal'.

Share this post


Link to post

When the bluetit.service tries to connect at boot (when airconnectatboot is set to "quick") it fails with this output:

bluetit[482]: Successfully loaded kernel module ip6table_security
bluetit[482]: Successfully loaded kernel module ip6table_raw
bluetit[482]: Network filter successfully initialized
bluetit[482]: ERROR: Cannot enable network filter and lock
bluetit[482]: AirVPN bootstrap servers are now allowed to pass through the network filter
bluetit[482]: Waiting for a valid AirVPN Manifest to be available
bluetit[482]: AirVPN Manifest successfully retrieved from local instance
bluetit[482]: Logging in AirVPN user MYUSER
bluetit[482]: AirVPN login error: Cannot connect host: Couldn't connect to server
bluetit[482]: ERROR: AirVPN login failed for user MYUSER
And I have to restart the service manually every boot.

I think what happens is that it tries to connect before my wireless connection is established, but I'm not sure. Is there a way I can tell bluetit to wait until I'm connected?

Share this post


Link to post
@Pi77Bull, is it solved by reading the changelog above and more specific the "important notes" ?

🙈

Quote

Important notes


(*) OSCM and Raspbian users beware: you should activate "Wait for network" in "Rapberry Pi configuration" menu to avoid fooling systemd during bootstrap and have it launch Bluetit prematurely

Share this post


Link to post
@tOjO I've read that, but since it's so specific to OSCM and Raspbian I didn't think it would apply to my ArchLinux installation. Do you know how to do that on ArchLinux?

Share this post


Link to post

@Pi77Bull, Can you try : sudo systemctl enable systemd-networkd-wait-online.service
Bluetit service normally starts After=network-online.target...
Have you got the same with a network cable plugged in ?
 

Share this post


Link to post
@tOjO
I tried that but it didn't change anything. I'm using NetworkManager which also has a service "NetworkManager-wait-online.service" which was already enabled.
My laptop doesn't have an ethernet port so I used USB-Tethering to simulate a wired connection and that made the VPN connection work on startup.

By the way, thanks for trying to help :)

Share this post


Link to post
2 hours ago, Pi77Bull said:
@tOjO
I tried that but it didn't change anything. I'm using NetworkManager which also has a service "NetworkManager-wait-online.service" which was already enabled.
My laptop doesn't have an ethernet port so I used USB-Tethering to simulate a wired connection and that made the VPN connection work on startup.

By the way, thanks for trying to help :)

Hello!

Thank you very much for your reports. So, when you connect via WiFi you have the issue you reported in Arch. When you connect via simulated wired connection the problem disappears, right?

Kind regards
 

Share this post


Link to post
12 minutes ago, Staff said:

Hello!

Thank you very much for your reports. So, when you connect via WiFi you have the issue you reported in Arch. When you connect via simulated wired connection the problem disappears, right?

Kind regards
 

Hi!
Yes, that's exactly right.

Share this post


Link to post
@Staff

Good morning again

I have two issues with this beta :

1.    Using systemd with bluetit ENABLED on startup I get this line showing -
      Mar 15 05:23:10 desktop bluetit[3151]: ERROR: Cannot detect system location: Cannot resolve ipleak.net

After a restart of bluetit and a start  goldcrest command I get these lines showing -
      Mar 15 05:35:14 desktop systemd[1]: bluetit.service: Can't open PID file /etc/airvpn/bluetit.lock (yet?) after start: Operation not permitted
      2021-03-15 05:35:57 Logging in AirVPN user pjnsmb
This is where the connection seems to stop

^C2021-03-15 05:36:06 Caught SIGTERM signal. Terminating.
2021-03-15 05:36:06 ERROR: D-Bus service org.airvpn.server is not available

The internet connection is lost.

If I disable bluetit.service on bootup and start it manually I keep the internet connection.

2. Following on from the above if I manually start goldcrest with a Country code only I get this line repeated :
    WARNING: Cannot resolve gb3.ipv6.vpn.airdns.org

If I start goldcrest with a single server option I get a satisfactory VPN connection.

There is more information on the attached terminal messages log.

regards
pjnsmb





      

airvpn terminal log

Share this post


Link to post
@pjnsmb

Hello and thank you for your tests!

Can you please tell us your system name and version? Can you also send us bluetit.rc file (cut out sensitive data) as well as the complete Bluetit log for each incident you report? To print the complete Bluetit log enter the command (as root):
journalctl | grep bluetit


Kind regards
 

Share this post


Link to post
@pjnsmb

Thanks! One more request, if possible: Bluetit log even for the successful connection to Denebola (which is the only piece of log missing), goldcrest.rc and /etc/resolv.conf (while the system is not connected to the VPN). We need to ascertain a couple of things, thank you in advance.

Can you also tell us which (if any) DNS resolver you run (bind, powerDNS....)?

Kind regards
 

Share this post


Link to post
@Staff

The Denebola log is at the end of the log I uploaded - from line 171 on my copy.................

I use dnscrypt-proxy 

https://github.com/DNSCrypt/dnscrypt-proxy

resolv.conf is controlled by chattr to stop it being overwritten , as this is required to use dnscrypt-proxy,which  I have been using quite successfully with Airvpn Suite 1.0.0 and previously Eddie.

cheers

 

goldcrest.rc resolv.conf

Share this post


Link to post
@pjnsmb

Hello!

Thank you very much. From line 171 onward Goldcrest log is included, not Bluetit log, apparently. We would need complete Bluetit log too, even for that successful connection.

About your DNS setup, it appears that your system can't resolve gb3.ipv6.vpn.airdns.org, which is necessary when you specify a country (as a connection destination) and "ipv6 on" in Goldcrest configuration. In such a case both Bluetit (for Network Lock rules) and OpenVPN 3 (for connection purposes), need to get the AAAA record of the <country ISO - entry-IP>.ipv6.vpn.airdns.org If you can confirm that your system can't resolve gb3.ipv6.vpn.airdns.org, at least this issue is explained.

The problem does not occur when you specify a specific server as a connection destination because in that case Bluetit reads the IPv6 address from the manifest file (downloaded from the bootstrap servers) and passes it to OpenVPN3, therefore neither Bluetit nor OpenVPN3 need a name resolution.

The other unexpected behavior during system bootstrap is under investigation too: it reminds us an extremely similar problem we have in OSMC and Arch. We have also spotted another anomaly, thanks to your logs, which is under investigation as well. We will keep you posted .Stay tuned, 1.1.0 beta 2 is imminent.

Kind regards
 

Share this post


Link to post
@Staff

The wonder of Linux, hopefully we never stop learning............................................................

I have extracted the relevant entries from syslog where bluetit has an entry for the same time period as the previous uploads.

If I dig gb3.ipv6.vpn.airdns.org :

peter@desktop:~$ dig gb3.ipv6.vpn.airdns.org

; <<>> DiG 9.16.12-Debian <<>> gb3.ipv6.vpn.airdns.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14794
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;gb3.ipv6.vpn.airdns.org.    IN    A

;; AUTHORITY SECTION:
airdns.org.        3599    IN    SOA    ns1.airvpn.org. ns2.airvpn.org. 86711759 604800 86400 2419200 604800

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Mar 16 06:46:04 GMT 2021
;; MSG SIZE  rcvd: 103





 

syslog bluetit

Share this post


Link to post

Thanks for the new version but stability still seems to be an issue.

After some issues getting the new version installed which I cured by uninstalling and then re-installing (Might be worth updating the install instructions to say that old versions should be uninstalled first). 

Bluetit ran for about 40 minutes, which is better than it normally does.

Logs:
 

sudo service bluetit status
● bluetit.service - AirVPN Bluetit Daemon
   Loaded: loaded (/etc/systemd/system/bluetit.service; enabled; vendor preset: enabled)
   Active: failed (Result: signal) since Fri 2021-03-19 11:41:23 GMT; 2min 8s ago
  Process: 1855 ExecStart=/sbin/bluetit (code=exited, status=0/SUCCESS)
 Main PID: 1857 (code=killed, signal=ABRT)

Mar 19 11:03:19 pidown bluetit[1857]: EVENT: CONNECTED 213.152.187.202:443 (213.152.187.202) via /UDPv4 on tun/10.7.58.144/ gw=[10.7.58.1
Mar 19 11:03:19 pidown bluetit[1857]: Connected to AirVPN server Alphard, Alblasserdam (Netherlands)
Mar 19 11:03:19 pidown bluetit[1857]: Server has pushed its own DNS. Removing system DNS from network filter.
Mar 19 11:03:19 pidown bluetit[1857]: System DNS 192.168.1.124 is now rejected by the network filter
Mar 19 11:18:17 pidown bluetit[1857]: Updating AirVPN Manifest
Mar 19 11:18:21 pidown bluetit[1857]: AirVPN Manifest successfully retrieved from server
Mar 19 11:33:21 pidown bluetit[1857]: Updating AirVPN Manifest
Mar 19 11:33:39 pidown bluetit[1857]: AirVPN Manifest successfully retrieved from server
Mar 19 11:41:23 pidown systemd[1]: bluetit.service: Main process exited, code=killed, status=6/ABRT
Mar 19 11:41:23 pidown systemd[1]: bluetit.service: Failed with result 'signal'.

Output from 
journalctl | grep bluetit
and
 bluetit.rc
attached.

D



 

journalctl.out bluetit.rc

Share this post


Link to post

Sorry, meant to say:

System:
 

Raspberry Pi 4
Linux pidown 5.10.17-v7l+ #1403 SMP Mon Feb 22 11:33:35 GMT 2021 armv7l GNU/Linux

Share this post


Link to post

And there also seems to be issues around re-starting the service:

I needed a reboot to restart the service :(
 

Mar 19 11:59:33 pidown bluetit[10393]: Starting Bluetit - AirVPN OpenVPN 3 Service 1.1.0 Beta 1 - 11 March 2021
Mar 19 11:59:33 pidown bluetit[10393]: OpenVPN core 3.6.6 AirVPN linux armv7a thumb2 32-bit
Mar 19 11:59:33 pidown bluetit[10393]: Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved.
Mar 19 11:59:33 pidown systemd[1]: bluetit.service: Failed to parse PID from file /etc/airvpn/bluetit.lock: Invalid argument
Mar 19 11:59:33 pidown bluetit[10395]: Bluetit daemon started with PID 10395
Mar 19 11:59:33 pidown systemd[1]: bluetit.service: Supervising process 10395 which is not our child. We'll most likely not notice when it exits.
Mar 19 11:59:33 pidown bluetit[10395]: Successfully connected to D-Bus
Mar 19 11:59:33 pidown bluetit[10395]: Reading run control directives from file /etc/airvpn/bluetit.rc
Mar 19 11:59:33 pidown bluetit[10395]: IPv6 is  available in this system
Mar 19 11:59:33 pidown bluetit[10395]: Bluetit successfully initialized and ready
Mar 19 11:59:33 pidown bluetit[10395]: Bluetit did not exit gracefully on its last run or has been killed.
Mar 19 11:59:33 pidown bluetit[10395]: Run recover network procedure or restore system settings saved in /etc/airvpn
Mar 19 11:59:33 pidown bluetit[10395]: Requesting network IP and country to AirVPN ipleak.net via secure connection
Mar 19 11:59:41 pidown bluetit[10395]: ERROR: Cannot detect system location: Connection timeout: Timeout was reached
Mar 19 11:59:41 pidown bluetit[10395]: Starting AirVPN boot connection
Mar 19 11:59:41 pidown bluetit[10395]: AirVPN Manifest updater thread started
Mar 19 11:59:41 pidown bluetit[10395]: AirVPN Manifest update interval is 15 minutes
Mar 19 11:59:41 pidown bluetit[10395]: AirVPN Manifest update suspended: AirVPN boot connection initialization in progress
Mar 19 11:59:42 pidown bluetit[10395]: Updating AirVPN Manifest
Mar 19 11:59:42 pidown bluetit[10395]: Network filter and lock are using iptables-legacy
Mar 19 11:59:42 pidown bluetit[10395]: Successfully loaded kernel module iptable_filter
Mar 19 11:59:42 pidown bluetit[10395]: Successfully loaded kernel module iptable_nat
Mar 19 11:59:42 pidown bluetit[10395]: Successfully loaded kernel module iptable_mangle
Mar 19 11:59:42 pidown bluetit[10395]: WARNING: Kernel module iptable_security not found. (-2)
Mar 19 11:59:42 pidown bluetit[10395]: Successfully loaded kernel module iptable_raw
Mar 19 11:59:42 pidown bluetit[10395]: Successfully loaded kernel module ip6table_filter
Mar 19 11:59:42 pidown bluetit[10395]: Successfully loaded kernel module ip6table_nat
Mar 19 11:59:42 pidown bluetit[10395]: Successfully loaded kernel module ip6table_mangle
Mar 19 11:59:42 pidown bluetit[10395]: Successfully loaded kernel module ip6table_security
Mar 19 11:59:42 pidown bluetit[10395]: Successfully loaded kernel module ip6table_raw
Mar 19 11:59:42 pidown bluetit[10395]: Network filter successfully initialized
Mar 19 11:59:42 pidown bluetit[10395]: Session network filter and lock successfully enabled
Mar 19 11:59:42 pidown bluetit[10395]: AirVPN bootstrap servers are now allowed to pass through the network filter
Mar 19 11:59:42 pidown bluetit[10395]: Waiting for a valid AirVPN Manifest to be available
Mar 19 11:59:42 pidown bluetit[10395]: AirVPN Manifest successfully retrieved from server
Mar 19 11:59:43 pidown bluetit[10395]: Logging in AirVPN user XXXXXXX
Mar 19 11:59:43 pidown systemd[1]: bluetit.service: Main process exited, code=killed, status=6/ABRT
Mar 19 11:59:43 pidown systemd[1]: bluetit.service: Failed with result 'signal'.

Share this post


Link to post
@dL4l7dY6

Hello!

Uninstalling an older version should not be necessary as the installation script takes care of everything. Which problem did you experience exactly?

Stopping and re-starting Bluetit is up to systemd. Can you show us how systemd failed to do that (just copy & paste the whole output), and why you needed a reboot of the whole system?

The crash you show us might be identical to the one reported by @tOjO which we are trying to reproduce: can you tell us the system activity when the crash occurred? In particular, were you using bandwidth continuously? Do you run PiHole? Were you running any torrent client?

Kind regards
 

Share this post


Link to post

I was running a torrent client when the crash occurred., i.e. using bandwidth constantly.

I do run PiHole but not on that box, i.e. PiHole is not aware of the VPN.



 

Share this post


Link to post
@dL4l7dY6, I have the same setup and same results : crash during constant bandwidth load. Staff reproduced the problem (PiHole is not the cause), so now it's in their hands 😉
I don't have any crashes when Hummingbird is running instead of the bluetit-daemon. Perhaps use Hummingbird when awaiting on the next release...

Grts

Share this post


Link to post

My last attmpt at posting this got memory holed, so Take 2.

I'm not sure if this is user error or an issue with bluetit / goldcrest.

Here's my config file, created by the AirVPN client configurator tool for europe3 (tls-crypt), port 443:

client
dev tun
remote europe3.vpn.airdns.org 443
resolv-retry infinite
nobind
persist-key
persist-tun
auth-nocache
route-delay 5
verb 3
push-peer-info
setenv UV_IPV6 no
remote-cert-tls server
cipher AES-256-GCM
comp-lzo no
proto tcp-client
auth SHA512
The protocol is TCP. However, bluetit / goldcrest connect using UDP:
Apr 03 10:13:18 air-eur bluetit[768]: EVENT: RESOLVE
Apr 03 10:13:18 air-eur bluetit[768]: Local IPv4 address 10.137.0.77
Apr 03 10:13:18 air-eur bluetit[768]: Local IPv6 address fe80::216:3eff:fe5e:6c00
Apr 03 10:13:18 air-eur bluetit[768]: Local interface eth0
Apr 03 10:13:18 air-eur bluetit[768]: Setting up network filter and lock
Apr 03 10:13:18 air-eur bluetit[768]: Allowing system DNS 10.139.1.1 to pass through the network filter
Apr 03 10:13:18 air-eur bluetit[768]: Allowing system DNS 10.139.1.2 to pass through the network filter
Apr 03 10:13:18 air-eur bluetit[768]: AirVPN Manifest successfully retrieved from server
Apr 03 10:13:19 air-eur bluetit[768]: Resolved server europe3.vpn.airdns.org into IPv4 128.127.104.82
Apr 03 10:13:19 air-eur bluetit[768]: Adding IPv4 server 128.127.104.82 to network filter
Apr 03 10:13:19 air-eur bluetit[768]: Network filter and lock successfully activated
Apr 03 10:13:19 air-eur bluetit[768]: Contacting 128.127.104.82:443 via UDP
Apr 03 10:13:19 air-eur bluetit[768]: EVENT: WAIT
Apr 03 10:13:19 air-eur bluetit[768]: net_route_best_gw query IPv4: 128.127.104.82/32
Apr 03 10:13:19 air-eur bluetit[768]: sitnl_route_best_gw result: via 10.137.0.5 dev eth0
Apr 03 10:13:19 air-eur bluetit[768]: net_route_add: 128.127.104.82/32 via 10.137.0.5 dev eth0 table 0 metric 0
Apr 03 10:13:19 air-eur bluetit[768]: Connecting to [europe3.vpn.airdns.org]:443 (128.127.104.82) via UDPv4
Apr 03 10:13:19 air-eur bluetit[768]: EVENT: CONNECTING
Apr 03 10:13:19 air-eur bluetit[768]: Tunnel Options:V4,dev-type tun,link-mtu 1522,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-GCM,auth [null-dig
est],keysize 256,key-method 2,tls-client
Netstat confirms that it's a UDP connection:
netstat -tun
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
udp        0      0 10.137.0.77:44944       128.127.104.82:443      ESTABLISHED
I've left the bluetit configuration file unchanged and have not created a goldcrest config.

The OpenVPN config file connects correctly when using OpenVPN 2.4.7:
Sat Apr  3 10:34:33 2021 Attempting to establish TCP connection with [AF_INET]128.127.104.82:443 [nonblock]
Sat Apr  3 10:34:34 2021 TCP connection established with [AF_INET]128.127.104.82:443
Sat Apr  3 10:34:34 2021 TCP_CLIENT link local: (not bound)
Sat Apr  3 10:34:34 2021 TCP_CLIENT link remote: [AF_INET]128.127.104.82:443
So is this a user error or an issue with the software?









 

Share this post


Link to post

Hello!

We're glad to announce that AirVPN Suite 1.1.0 beta 2 is now available.

Download URLs and changelog have been updated accordingly in the first topic message.

Most important changes:

  • Bluetit crash in some 32 bit systems (e.g. Raspbian) has been addressed and resolved
  • Bluetit now waits for the system to set up properly gateway and gateway interface. Therefore, even when launched by some init system prematurely during bootstrap, and in any other circumstance, Bluetit can autonomously decide when it's time to proceed, as soon as the network link is up, avoiding errors due to network unavailability
  • Bluetit recognizes new directive aircipher allowing to pick a specific cipher for Data Channel even when Bluetit is configured to start automatically at system bootstrap
  • Bluetit recognizes new directive maxconnretries which tells Bluetit how many connection retries must be attempted (default: 10) in case of connection failure
  • Goldcrest new line option --bluetit-stats allows to fetch connection stats from Bluetit

Thank you for testing!

Kind regards
AirVPN Staff
 

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...