Jump to content
Not connected, Your IP: 52.90.49.108

Recommended Posts

I have three devices, all linux, running airvpn suite (specifically bluetit on boot through systemd). All three devices are connected simulatenously and, therefore, use separate keys. All are configured to connect on boot to country ISO: US.
Infrequently, but often enough, these three devices will happen to connect to the same server (whether that be 2/3 or 3/3). This creates a mess out of my port forwards.

Is there a simple solution to this issue? I was thinking of setting up the server whitelist so that no device could possibly connect to another devices server, but this solution seems tedious. Is this my only option?

Any suggestions are appreciated, thanks!

Share this post


Link to post
@cannac

Hello!

A solution which might meet your needs is partitioning the US Air VPN servers set into three empty intersection subsets, one per device, compiling airwhitserverlist directive with a unique subset in each device, and finally restarting the three connections via Goldcrest on the US country basis.  and finally defining the connection mode in bluetit.rc as quick. If the connection mode is not defined as quick Bluetit ignores white and black lists but it does not warn you. A warning in the log and a clarification on the documentation will be implemented.

By doing so you will never have two or more devices connecting to the same server.

when the air-connect command for the same country is issued by different clients in different devices. If Bluetit connects during the machine bootstrap, remember to send disconnect first: enabled persistent network lock by directive networklockpersist ensures no traffic leak outside the VPN tunnel.

In a future Bluetit version we might implement a new Bluetit run control file directive defining a white list for automatic connection at bootstrap so that you will not need to send a connection order via a client later on.

Kind regards
 

Share this post


Link to post
5 hours ago, Staff said:
@cannac

Hello!

A solution which might meet your needs is partitioning the US Air VPN servers set into three empty intersection subsets, one per device, compiling airwhitserverlist directive with a unique subset in each device, and finally restarting the three connections via Goldcrest on the US country basis.

By doing so you will never have two or more devices connecting to the same server when the air-connect command for the same country is issued by different clients in different devices. If Bluetit connects during the machine bootstrap, remember to send disconnect first: enabled persistent network lock by directive networklockpersist ensures no traffic leak outside the VPN tunnel.

In a future Bluetit version we might implement a new Bluetit run control file directive defining a white list for automatic connection at bootstrap so that you will not need to send a connection order via a client later on.

Kind regards
 
So the airwhiteserverlist option in bluetit.rc found here, cannot be used at bootstrap and is only used by the goldcrest client? Should/Can this option be used in goldcrest.rc or is it only available in bluetit.rc?

Share this post


Link to post
@cannac

Hello!

You have related options in Goldcrest. If the white list must be global and respected by all users, superuser must define it in Bluetit run control file. If the white list can be decided each time by any user inside airvpn group, then superuser must not define it in Bluetit run control file. The related Goldcrest options, which can be specified on the command line only, and not in goldcrest.rc file, are:
--air-white-server-list, -G : AirVPN white server list <list>
--air-black-server-list, -M : AirVPN black server list <list>

Please see also:
https://airvpn.org/suite/readme/#controlling-goldcrest-client

Kind regards
 

Share this post


Link to post
23 hours ago, cannac said:
So the airwhiteserverlist option in bluetit.rc found here, cannot be used at bootstrap and is only used by the goldcrest client? Should/Can this option be used in goldcrest.rc or is it only available in bluetit.rc?

IMPORTANT CORRECTION TO THE PREVIOUS MESSAGE.

If you define a "quick" connection mode at boot, Bluetit will consider and respect white and black list directives included in bluetit.rc during the connection at bootstrap. Therefore, the proposed solution is optimal and does not require Goldcrest: just remember to change connection mode to quick (and do not set it to country), and define white lists according to the conditions written in our previous message (i.e. three empty intersection subsets, one subset per device).

Kind regards
 

Share this post


Link to post
Posted ... (edited)

I'm getting:

ERROR: Reached end of AirVPN server list. No suitable server found.
using:
airconnectatboot		quick
airwhiteserverlist		aquila,chalawan,metallah,musca,fang,scutum,pegasus,vulpecula,merope,teegarden,yildun,gliese,lich
# country			US
airproto			udp
proto				udp
tunpersist			yes
networklockpersist		off
aircipher			ChaCha20-Poly1305
airipv6				off
air6to4				off
networklock			off
ignorednspush			no
tlsversionmin			default
If option not listed, assume #'d out/using default.

I assume that my list is not formatted correctly in some way.

Could be a bug, I've since tried with country commented out as suggested (changed above).
I've also tried capitalizing the first letter of each server name, to no avail.

Should I open a support ticket for this? Edited ... by cannac
Solved.

Share this post


Link to post
@cannac

Hello!

We can confirm the problem when "country" has a value (any value, not only US). Please comment out your country US line in bluetit.rc file and you should be fine: Bluetit will pick the "best rated" server between those included in the white list you specified.

We will investigate with the developers the issue you reported in the near future, thank you.

Kind regards
 

Share this post


Link to post
Posted ... (edited)

@Staff
My issue in my last comment has been solved.
It appears that for airwhiteserverlist to work, country must be set with an ISO code that is all lower case. Otherwise I get the Error described above.

Thank you for your time and help!
This thread can now be closed.

Edited ... by cannac
Notify staff

Share this post


Link to post
@cannac

Hello!

In reality the problems are caused by a much more subtle cause and a bug: Bluetit uses a global connection zone list, when the country is undetermined.

When you enter a country with lowercase ISO code, Bluetit does not understand it, and doesn't know where you are. Therefore it consults default connection list, which includes the Netherlands and California.

In your white list, you have included at least a California server (Aquila), thus Bluetit finds at least one valid server to connect to. On the contrary, when you entered "country US", Bluetit knew that your node is in the USA: the quick connection mode excluded all the servers in the US (in accordance with the safety rule which prescribes to avoid connections to servers located in the same country your client is too), and again no valid server was found in the white list.

The above will be changed in the next release where the white lists will take priority in any case for the quick connection mode, regardless of the fact that Bluetit knows or not the country of your node.

Kind regards
 

Share this post


Link to post
6 hours ago, Staff said:
@cannac

The above will be changed in the next release where the white lists will take priority in any case for the quick connection mode, regardless of the fact that Bluetit knows or not the country of your node.

Kind regards
 

@cannac

In the meantime you can efficiently resolve the problem by editing the connection scheme in /etc/airvpn/connection_priority.txt (as root, with any text editor). Find the line:
DEFAULT -> NL,California

and change it into (for your specific case):
DEFAULT -> US,NL

on all devices. Then differentiate the white lists in each device bluetit.rc file according to the previous suggestion (subsets with empty intersection).

Kind regards

 

Share this post


Link to post
8 minutes ago, Staff said:

@cannac

In the meantime you can efficiently resolve the problem by editing the connection scheme in /etc/airvpn/connection_priority.txt (as root, with any text editor). Find the line:
DEFAULT -> NL,California

and change it into (for your specific case):
DEFAULT -> US,NL

on all devices. Then differentiate the white lists in each device bluetit.rc file according to the previous suggestion (subsets with empty intersection).

Kind regards

 
Using this new solution, should I then unset country e.g.(# country = us)?

Share this post


Link to post
Just now, cannac said:
Using this new solution, should I then unset country e.g.(# country = us)?

Hi, you can, but it should work either way.

Kind regards
 

Share this post


Link to post

Also, would
DEFAULT -> US,NL
and
DEFAULT -> US,California,NL
be effectively the same thing?

Is DEFAULT restricted to two entries?

Share this post


Link to post
@cannac

It would be the same thing, yes. DEFAULT is not restricted to two entries: you can list more areas (countries, continents, USA states...).

Kind regards
 

Share this post


Link to post
Posted ... (edited)
7 hours ago, Staff said:
On the contrary, when you entered "country US", Bluetit knew that your node is in the USA: the quick connection mode excluded all the servers in the US (in accordance with the safety rule which prescribes to avoid connections to servers located in the same country your client is too), and again no valid server was found in the white list.
If setting
country = US
blocks US servers from being connected, does DEFAULT in connection_priority have the same behavior?
In other words, would setting DEFAULT -> US block all US servers?
Do I need to include NL in DEFAULT?

In summary, what is DEFAULT doing in connection_priority.txt and how is it different/similar to country option in bluetit.rc? Edited ... by cannac
missing question mark

Share this post


Link to post
@cannac

Hi!

country is a directive you can include in bluetit.rc file to tell Bluetit where your node is, while the connection scheme file contains connection lists. The file is read by Bluetit to determine a connection list according to the country your node is in. DEFAULT is the connection list used by Bluetit when it does not know your country and a quick connection is required. Therefore DEFAULT -> US does not block connection to US servers whatsoever, while country xx will prevent connections to country xx (due to the famous "safety rule") when a quick connection is required and no white lists are specified.

Check the syntax, there is no "=" symbol in the directive, just separate directives and their arguments with space(s) or tab(s).

Kind regards
 

Share this post


Link to post
Posted ... (edited)

With

# country	US

in bluetit.rc and either

DEFAULT -> US

or

DEFAULT -> US,NL

in connection_priority.txt
I'm still getting the ERROR: Reached end of AirVPN server list. No suitable server found. in bluetit

My

country		us

directive in bluetit.rc still seems to be the only solution that works in my case. I've also tested that my above directive works for all US servers (including California) with airwhiteserverlist

@Staff
sorry, # country = US was a typo and I've updated the post to reflect that.

Edited ... by cannac
fix typo

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...