Jump to content
Not connected, Your IP: 54.160.245.243
Staff

Eddie Desktop Edition route check failures quick solution

Recommended Posts

UPDATE 2021-10-01: we have modified server side chain order. Therefore, even old TLS libraries bugs should not enter into play anymore. The quick fix is no more needed. Please feel free to report any malfunction.


Hello!

If you are running Eddie Desktop edition and you have started experiencing route check failures, read on. We have here a clear explanation, an easy solution and a slightly more complex solution as an alternative.

Please make sure that you're running Eddie 2.19.7 or higher version (upgrade if necessary).

The best solution is upgrading your TLS library and your curl and libcurl packages.

However, if you can't or don't want to do so, a quicker and very simple workaround is available:

  • from Eddie's main window select "Preferences" > "Advanced"
  • de-tick "Check if the VPN tunnel works"
  • click "Save"
  • from Eddie's main window select "Preferences" > "DNS"
  • de-tick "Check Air VPN DNS"
  • click "Save"
  • from Eddie's main window enable Network Lock

The above quick fix will resolve the problem on Eddie. The initial checks become useless when you keep Network Lock enabled, so you don't have to worry about safety and security. We are considering whether packaging Eddie with proper curl and libcurl builds linked against very recent TLS libraries, but we must consider all the potential issues in each system.

Explanation of the issue: consider that AirVPN uses mainly LetsEncrypt certificates. Then read here:
https://blog.germancoding.com/2021/04/16/lets-encrypt-and-expired-root-certificates/

Now, if you run a cURL version linked against OpenSSL older than 1.1.0, or LibreSSL version older than 3.2.0, or GnuTLS version older than 3.6.7, the validation chain will fail (messed up path building) with the current LetsEncrypt certificates. It's a TLS library bug working in negative synergy with LetsEncrypt decision.

Special thanks to Ryan Sleevi who made us understand exactly the nature of the problem with his great article written more than a year ago and which we read only now:
https://medium.com/@sleevi_/path-building-vs-path-verifying-implementation-showdown-39a9272b2820

Kind regards
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...