cannac 2 Posted ... I have three devices, all linux, running airvpn suite (specifically bluetit on boot through systemd). All three devices are connected simulatenously and, therefore, use separate keys. All are configured to connect on boot to country ISO: US. Infrequently, but often enough, these three devices will happen to connect to the same server (whether that be 2/3 or 3/3). This creates a mess out of my port forwards. Is there a simple solution to this issue? I was thinking of setting up the server whitelist so that no device could possibly connect to another devices server, but this solution seems tedious. Is this my only option? Any suggestions are appreciated, thanks! Quote Share this post Link to post
Staff 9973 Posted ... @cannac Hello! A solution which might meet your needs is partitioning the US Air VPN servers set into three empty intersection subsets, one per device, compiling airwhitserverlist directive with a unique subset in each device, and finally restarting the three connections via Goldcrest on the US country basis. and finally defining the connection mode in bluetit.rc as quick. If the connection mode is not defined as quick Bluetit ignores white and black lists but it does not warn you. A warning in the log and a clarification on the documentation will be implemented. By doing so you will never have two or more devices connecting to the same server.when the air-connect command for the same country is issued by different clients in different devices. If Bluetit connects during the machine bootstrap, remember to send disconnect first: enabled persistent network lock by directive networklockpersist ensures no traffic leak outside the VPN tunnel.In a future Bluetit version we might implement a new Bluetit run control file directive defining a white list for automatic connection at bootstrap so that you will not need to send a connection order via a client later on. Kind regards 1 cannac reacted to this Quote Share this post Link to post
cannac 2 Posted ... 5 hours ago, Staff said: @cannac Hello! A solution which might meet your needs is partitioning the US Air VPN servers set into three empty intersection subsets, one per device, compiling airwhitserverlist directive with a unique subset in each device, and finally restarting the three connections via Goldcrest on the US country basis. By doing so you will never have two or more devices connecting to the same server when the air-connect command for the same country is issued by different clients in different devices. If Bluetit connects during the machine bootstrap, remember to send disconnect first: enabled persistent network lock by directive networklockpersist ensures no traffic leak outside the VPN tunnel. In a future Bluetit version we might implement a new Bluetit run control file directive defining a white list for automatic connection at bootstrap so that you will not need to send a connection order via a client later on. Kind regards So the airwhiteserverlist option in bluetit.rc found here, cannot be used at bootstrap and is only used by the goldcrest client? Should/Can this option be used in goldcrest.rc or is it only available in bluetit.rc? Quote Share this post Link to post
Staff 9973 Posted ... @cannac Hello! You have related options in Goldcrest. If the white list must be global and respected by all users, superuser must define it in Bluetit run control file. If the white list can be decided each time by any user inside airvpn group, then superuser must not define it in Bluetit run control file. The related Goldcrest options, which can be specified on the command line only, and not in goldcrest.rc file, are:--air-white-server-list, -G : AirVPN white server list <list>--air-black-server-list, -M : AirVPN black server list <list> Please see also:https://airvpn.org/suite/readme/#controlling-goldcrest-client Kind regards Quote Share this post Link to post
Staff 9973 Posted ... 23 hours ago, cannac said: So the airwhiteserverlist option in bluetit.rc found here, cannot be used at bootstrap and is only used by the goldcrest client? Should/Can this option be used in goldcrest.rc or is it only available in bluetit.rc? IMPORTANT CORRECTION TO THE PREVIOUS MESSAGE. If you define a "quick" connection mode at boot, Bluetit will consider and respect white and black list directives included in bluetit.rc during the connection at bootstrap. Therefore, the proposed solution is optimal and does not require Goldcrest: just remember to change connection mode to quick (and do not set it to country), and define white lists according to the conditions written in our previous message (i.e. three empty intersection subsets, one subset per device). Kind regards 1 cannac reacted to this Quote Share this post Link to post
cannac 2 Posted ... (edited) I'm getting: ERROR: Reached end of AirVPN server list. No suitable server found. using: airconnectatboot quick airwhiteserverlist aquila,chalawan,metallah,musca,fang,scutum,pegasus,vulpecula,merope,teegarden,yildun,gliese,lich # country US airproto udp proto udp tunpersist yes networklockpersist off aircipher ChaCha20-Poly1305 airipv6 off air6to4 off networklock off ignorednspush no tlsversionmin default If option not listed, assume #'d out/using default.I assume that my list is not formatted correctly in some way. Could be a bug, I've since tried with country commented out as suggested (changed above). I've also tried capitalizing the first letter of each server name, to no avail.Should I open a support ticket for this? Edited ... by cannac Solved. Quote Share this post Link to post
Staff 9973 Posted ... @cannac Hello! We can confirm the problem when "country" has a value (any value, not only US). Please comment out your country US line in bluetit.rc file and you should be fine: Bluetit will pick the "best rated" server between those included in the white list you specified. We will investigate with the developers the issue you reported in the near future, thank you. Kind regards Quote Share this post Link to post
cannac 2 Posted ... (edited) @Staff My issue in my last comment has been solved. It appears that for airwhiteserverlist to work, country must be set with an ISO code that is all lower case. Otherwise I get the Error described above. Thank you for your time and help! This thread can now be closed. Edited ... by cannac Notify staff 1 Staff reacted to this Quote Share this post Link to post
Staff 9973 Posted ... @cannac Hello! In reality the problems are caused by a much more subtle cause and a bug: Bluetit uses a global connection zone list, when the country is undetermined. When you enter a country with lowercase ISO code, Bluetit does not understand it, and doesn't know where you are. Therefore it consults default connection list, which includes the Netherlands and California. In your white list, you have included at least a California server (Aquila), thus Bluetit finds at least one valid server to connect to. On the contrary, when you entered "country US", Bluetit knew that your node is in the USA: the quick connection mode excluded all the servers in the US (in accordance with the safety rule which prescribes to avoid connections to servers located in the same country your client is too), and again no valid server was found in the white list. The above will be changed in the next release where the white lists will take priority in any case for the quick connection mode, regardless of the fact that Bluetit knows or not the country of your node. Kind regards 1 cannac reacted to this Quote Share this post Link to post
Staff 9973 Posted ... 6 hours ago, Staff said: @cannac The above will be changed in the next release where the white lists will take priority in any case for the quick connection mode, regardless of the fact that Bluetit knows or not the country of your node. Kind regards @cannac In the meantime you can efficiently resolve the problem by editing the connection scheme in /etc/airvpn/connection_priority.txt (as root, with any text editor). Find the line: DEFAULT -> NL,California and change it into (for your specific case): DEFAULT -> US,NL on all devices. Then differentiate the white lists in each device bluetit.rc file according to the previous suggestion (subsets with empty intersection). Kind regards 1 cannac reacted to this Quote Share this post Link to post
cannac 2 Posted ... 8 minutes ago, Staff said: @cannac In the meantime you can efficiently resolve the problem by editing the connection scheme in /etc/airvpn/connection_priority.txt (as root, with any text editor). Find the line: DEFAULT -> NL,California and change it into (for your specific case): DEFAULT -> US,NL on all devices. Then differentiate the white lists in each device bluetit.rc file according to the previous suggestion (subsets with empty intersection). Kind regards Using this new solution, should I then unset country e.g.(# country = us)? Quote Share this post Link to post
Staff 9973 Posted ... Just now, cannac said: Using this new solution, should I then unset country e.g.(# country = us)? Hi, you can, but it should work either way. Kind regards 1 cannac reacted to this Quote Share this post Link to post
cannac 2 Posted ... Also, would DEFAULT -> US,NL and DEFAULT -> US,California,NL be effectively the same thing? Is DEFAULT restricted to two entries? Quote Share this post Link to post
Staff 9973 Posted ... @cannac It would be the same thing, yes. DEFAULT is not restricted to two entries: you can list more areas (countries, continents, USA states...). Kind regards Quote Share this post Link to post
cannac 2 Posted ... (edited) 7 hours ago, Staff said: On the contrary, when you entered "country US", Bluetit knew that your node is in the USA: the quick connection mode excluded all the servers in the US (in accordance with the safety rule which prescribes to avoid connections to servers located in the same country your client is too), and again no valid server was found in the white list. If setting country = US blocks US servers from being connected, does DEFAULT in connection_priority have the same behavior? In other words, would setting DEFAULT -> US block all US servers? Do I need to include NL in DEFAULT? In summary, what is DEFAULT doing in connection_priority.txt and how is it different/similar to country option in bluetit.rc? Edited ... by cannac missing question mark Quote Share this post Link to post
Staff 9973 Posted ... @cannac Hi!country is a directive you can include in bluetit.rc file to tell Bluetit where your node is, while the connection scheme file contains connection lists. The file is read by Bluetit to determine a connection list according to the country your node is in. DEFAULT is the connection list used by Bluetit when it does not know your country and a quick connection is required. Therefore DEFAULT -> US does not block connection to US servers whatsoever, while country xx will prevent connections to country xx (due to the famous "safety rule") when a quick connection is required and no white lists are specified. Check the syntax, there is no "=" symbol in the directive, just separate directives and their arguments with space(s) or tab(s). Kind regards Quote Share this post Link to post
cannac 2 Posted ... (edited) With # country US in bluetit.rc and either DEFAULT -> US or DEFAULT -> US,NL in connection_priority.txt I'm still getting the ERROR: Reached end of AirVPN server list. No suitable server found. in bluetit My country us directive in bluetit.rc still seems to be the only solution that works in my case. I've also tested that my above directive works for all US servers (including California) with airwhiteserverlist@Staff sorry, # country = US was a typo and I've updated the post to reflect that. Edited ... by cannac fix typo Quote Share this post Link to post