Staff 9973 Posted ... UPDATE 2022-05-02 BETA TESTING HAS BEEN COMPLETED. WIREGUARD ACCESS IS NOW AVAILABLE TO ANYONE AND CONSIDERED STABLE IN AIRVPN INFRASTRUCTURE Hello! We're glad to announce the beginning of WireGuard beta testing in AirPVN infrastructure. In order to test WireGuard, go to Client Area ⇨ Preferences and activate Access to BETA Features. This will allow you to see specific guides and options pertaining to WireGuard. About privacy concerns, we wrote a FAQ answer here . Please make sure to read it.WireGuard with Eddie If you want to use Eddie, go to download page of your OS, and click Other versions ⇨ Experimental in Eddie download pages. Linux note: Eddie doesn't recognize WireGuard until it is present at kernel level. Use cat /sys/module/wireguard/version to check your WireGuard kernel module. Wireguard will be available in Preferences > Protocols window (logout and login from Eddie's main window might be necessary).WireGuard without Eddie Otherwise, for official WireGuard app/binaries, see the guides below: Windows - with official WireGuard app (GUI) ⇨ https://airvpn.org/windows/wireguard/gui/ macOS - with official WireGuard app from App Store (GUI) ⇨ https://airvpn.org/macos/wireguard/appstore/ macOS - with Homebrew, terminal ⇨ https://airvpn.org/macos/wireguard/homebrew/ Linux - with official WireGuard from your distro, terminal ⇨ https://airvpn.org/linux/wireguard/terminal/ iOS - with official WireGuard app from App Store (GUI) ⇨ https://airvpn.org/ios/wireguard/appstore/ Android - with official WireGuard app from Play Store (GUI) ⇨ https://airvpn.org/android/wireguard/playstore/ The guides above will be also shown in Download section when Beta Features option is checked. Notes: We will add other connection ports, suggestions are welcome. We automatically generate WireGuard keypair (and preshared-key), and assigned IPv4/IPv6 addresses, for any device, no action required. Kind regards & datalove AirVPN Staff 4 3 Daniel15, Unknown User, rohko and 4 others reacted to this Quote Share this post Link to post
zsam288 36 Posted ... very quick initial test gives excellent results from a country unfriendly to VPNs 150mbit on OPENVPN 250+ on wireguard not sure if it's a fluke or if these kind of improvements are to be expected? 1 Staff reacted to this Quote Share this post Link to post
Staff 9973 Posted ... @zsam288 When the network is not neutral you can have all sorts of differences according to how traffic shaping is enforced. For example, if UDP were to be heavily shaped and de-prioritized, or blocked, you couldn't use WireGuard but only OpenVPN with TCP as transport layer. In our infrastructure the best download performance we could achieve from a single client when line, peering, CPU and server load and bandwidth availability were not for sure bottlenecks and in total absence of any type of traffic shaping have been 715 Mbit/s (1430 Mbit/s on the server) with OpenVPN 2.5 / OpenVPN AirVPN 3, and 654 Mbit/s (1308 Mbit/s on the server) with WireGuard. Kind regards Quote Share this post Link to post
go558a83nk 362 Posted ... I got this on my pfsense box just now . Very nice. . May have even been a little limited by my traffic shaper https://www.speedtest.net/result/12249912075.png 1 Staff reacted to this Quote Share this post Link to post
Spyker 2 Posted ... How can I download .conf files from config generator, or generate a QR code for the Wireguard app? The guide here https://airvpn.org/android/wireguard/playstore/ is not addressing this at all. 1 jclosky reacted to this Quote Share this post Link to post
Staff 9973 Posted ... @Spyker Hello! It's outlined on step 2: after you have picked Android as system and you have defined your favorite settings, click "Generate" and the QR code will appear. On step 3 you can read how to scan it from the WireGuard app. Kind regards Quote Share this post Link to post
Staff 9973 Posted ... 48 minutes ago, go558a83nk said: I got this on my pfsense box just now . Very nice. . May have even been a little limited by my traffic shaper https://www.speedtest.net/result/12249912075.png New All Time High throughput! Record! Congratulations! Feel free to add it here:https://airvpn.org/forums/topic/48234-speedtest-comparison/ Kind regards Quote Share this post Link to post
sooprtruffaut 5 Posted ... Very impressed with the download speeds and appreciate your transparency with regards possible security issues with using Wireguard. Will continue to test and report back if there are any issues. Thanks for putting this together! 1 Staff reacted to this Quote Share this post Link to post
Spyker 2 Posted ... 3 hours ago, Staff said: @Spyker Hello! It's outlined on step 2: after you have picked Android as system and you have defined your favorite settings, click "Generate" and the QR code will appear. On step 3 you can read how to scan it from the WireGuard app. Kind regards QR code doesn't show for me. Tried on both firefox and chrome. Quote Share this post Link to post
Staff 9973 Posted ... @Spyker Hello! It will appear only when you select Wireguard and you can select Wireguard only if you enable "Beta features" from your account "Client Area" panel. Kind regards 1 Spyker reacted to this Quote Share this post Link to post
tuffy 1 Posted ... im happy with wireguard finally good speeds > https://www.speedtest.net/result/12251272931.png good work 1 Staff reacted to this Quote Share this post Link to post
cqs 5 Posted ... Generated an Android profile for Nahn and Wireguard refused to import it until it got renamed to Nahn.conf 1 Kjhjsllsjjsjsj reacted to this Quote Share this post Link to post
rohko 17 Posted ... Please pass on my thanks to the AirVPN development team. WireGuard works well! 😃 By the way, how does WireGuard daemon remove the endpoint IP addresses of inactive daemons from its memory? What I know, doing so would require restarting the whole daemon, what would in turn interrupt all the existing connections as well. Let us hope the WireGuard developers will merge the dynamic peer IP modification into the master. It seems that chaining WireGuard connections requires now (to reduce likelihood of corrrelation snooping) creating extra device keys to obtain the additional static IP addresses for the hops. 1 Staff reacted to this Quote Share this post Link to post
inc 3 Posted ... I am trying to get this working on Debian sid but am getting following errors [#] ip link add car type wireguard [#] wg setconf car /dev/fd/63 [#] ip -4 address add 10.155.173.95/10 dev car [#] ip -6 address add fd7d:76ee:e68f:a993:56a7:3428:9bd9:5f17/48 dev car [#] ip link set mtu 1420 up dev car [#] resolvconf -a tun.car -m 0 -x [#] wg set car fwmark 51820 [#] ip -6 route add ::/0 dev car table 51820 [#] ip -6 rule add not fwmark 51820 table 51820 [#] ip -6 rule add table main suppress_prefixlength 0 [#] nft -f /dev/fd/63 /dev/fd/63:5:101-114: Error: Could not process rule: No such file or directory [#] resolvconf -d tun.car -f [#] ip -6 rule delete table 51820 [#] ip -6 rule delete table main suppress_prefixlength 0 [#] ip link delete dev car car is the shortened .conf file name . what am I doing wrong. Quote Share this post Link to post
OpenSourcerer 1435 Posted ... 1 hour ago, inc said: car is the shortened .conf file name . what am I doing wrong. Debian doesn't ship nft. Do: # apt-get install nftables . Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
inc 3 Posted ... Thanks but nftables is installed, I have given up for the time being. Quote Share this post Link to post
go558a83nk 362 Posted ... 7 hours ago, ventilaar said: . I see in my email that you asked about port forwarding. It should work but you'll have to mess with iptables or something on your router. Can't use the router GUI. Or if you had iptables working for openvpn you'll have to change the rules for wireguard. Quote Share this post Link to post
mith_y2k 6 Posted ... On 10/28/2021 at 3:57 AM, Staff said: Hello! We're glad to announce the beginning of WireGuard beta testing in AirPVN infrastructure. About privacy concerns, we wrote a FAQ answer here . Please make sure to read it.Kind regards & datalove AirVPN Staff Hi, I want to make sure I understand correctly your answer linked here: are you saying that AirVPN servers will remove the client ip every 10 minutes from memory but that the wireguard client will preserve it or are you saying the Wireguard team will have the client ips indefinitely? Quote Share this post Link to post
Staff 9973 Posted ... @mith_y2k Hello! First, there is no WireGuard team which comes to know anything about our data and our customers' data. Our system will wipe out the public IP address within the specified amount of seconds if, during that time frame, no packet is exchanged between server and client. About the private IP address in the VPN, you need to act by yourself when you want to destroy the correlation between your account key and your account private IP address, in the way you can read on the FAQ answer. Kind regards 1 mith_y2k reacted to this Quote Share this post Link to post
i_like_noodles 0 Posted ... In case anyone is interested in it, I made a NixOS module for myself with WireGuard in a network namespace. On NixOS it can be imported and used like this (note that it needs to have a single number between 1-9 in the name): imports = [ (import ./qbittorrent.nix { inherit pkgs; vpn1Name = "airvpn1"; }) ]; Network namespaces allows confining processes and services so that they can only see certain interfaces, specifically here I made it so that qbittorrent can only access the internet through the wg interface and nothing else. If the VPN goes down, there's just no internet in the netns at all, it can never leak anything. It should be possible to copy some of the configuration to other distros as well, or at least take inspiration from this. The only limitation is that you have to specify Endpoints with IP only, domain names will not work for now. Working nice so far though, replaced my OpenVPN setup with this. Wireguard is much more aware of netns, unlike openvpn that needed a mess of scripts to function. qbittorrent.nix Quote Share this post Link to post
pfolk 6 Posted ... 3 hours ago, Staff said: @mith_y2k Hello! First, there is no WireGuard team which comes to know anything about our data and our customers' data. Our system will wipe out the public IP address within the specified amount of seconds if, during that time frame, no packet is exchanged between server and client. About the private IP address in the VPN, you need to act by yourself when you want to destroy the correlation between your account key and your account private IP address, in the way you can read on the FAQ answer. Kind regards would be VERY helpful if you in full detail line out steps on how your "clients can renew their keys whenever they want, forcing a new, random IP address reassignment".... (?) Privacy is obviously the #1 reason for choosing a VPN, and if the drastically throttled speeds can be improved that is naturally welcomed, but rarely anybody has time to sift through, search for the correct info on how to implement something that is an officially implemented feature. You guys clearly know how to do it, post a full step-by-step guide, please. Thanks. Quote Share this post Link to post
qitorin 1 Posted ... I tried to use wireguard on debian sid and eddie-ui does not proceed from setup phase. I did log out and basically try everything to make it work. In addition there is another bug with nftables which is independent from wireguard bug and happens even with openvpn. eddie-ui wireguard output: . 2021.10.30 05:28:21 - Command line arguments (2): path.resources="/usr/share/eddie-ui" path.exec="/usr/bin/eddie-ui" . 2021.10.30 05:28:22 - Reading options from /home/****/.config/eddie/default.profile . 2021.10.30 05:28:25 - OpenVPN - Version: 2.5.1 - OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10 (/usr/sbin/openvpn) . 2021.10.30 05:28:25 - SSH - Version: OpenSSH_8.4p1 Debian-6, OpenSSL 1.1.1l 24 Aug 2021 (/usr/local/bin/ssh) . 2021.10.30 05:28:25 - SSL - Version: Initializing (/usr/bin/stunnel4) . 2021.10.30 05:28:25 - curl - Version: 7.74.0 (/usr/bin/curl) ! 2021.10.30 05:28:25 - Activation of Network Lock - Linux iptables I 2021.10.30 05:28:29 - Ready . 2021.10.30 05:28:30 - Collect information about AirVPN completed I 2021.10.30 05:28:39 - Session starting. I 2021.10.30 05:28:39 - Checking authorization ... . 2021.10.30 05:28:40 - IPv6 disabled on network adapter (default) . 2021.10.30 05:28:40 - IPv6 disabled on network adapter (eth0) ! 2021.10.30 05:28:40 - Connecting to ***** . 2021.10.30 05:28:40 - Routes, add 128.127.104.79/32 for interface "eth0". . 2021.10.30 05:28:40 - Routes, add 128.127.104.79/32 for interface "eth0", already exists. . 2021.10.30 05:28:40 - WireGuard > Setup start . 2021.10.30 05:28:40 - WireGuard > Setup complete . 2021.10.30 05:28:40 - WireGuard > Setup interface eddie-ui nftables bug log: E 2021.10.30 05:35:22 - Fatal error occured, please contact Eddie support: Exception: nft issue: exit:1; out:^ ~~; err:Error: syntax error, options must be specified before commands E 2021.10.30 05:35:22 - /usr/sbin/nft list ruleset -n -a - at Eddie.Core.Elevated.Command.GetSyncResult () [0x00012] in <0079446312484dacb62534ba98c85599>:0 E 2021.10.30 05:35:22 - at Eddie.Core.Elevated.IElevated.DoCommandSync (Eddie.Core.Elevated.Command c) [0x00046] in <0079446312484dacb62534ba98c85599>:0 E 2021.10.30 05:35:22 - at Eddie.Core.Elevated.IElevated.DoCommandSync (System.String command, System.String key1, System.String val1, System.String key2, System.String val2, System.String key3, System.String val3, System.String key4, System.String val4) [0x00051] in <0079446312484dacb62534ba98c85599>:0 E 2021.10.30 05:35:22 - at Eddie.Platform.Linux.NetworkLockNftables.DeallowInterface (System.Net.NetworkInformation.NetworkInterface networkInterface) [0x00021] in <9d46b1845ef64495a6f05ffa4bf6c961>:0 E 2021.10.30 05:35:22 - at Eddie.Core.NetworkLockManager.DeallowInterface (System.Net.NetworkInformation.NetworkInterface networkInterface) [0x00008] in <0079446312484dacb62534ba98c85599>:0 E 2021.10.30 05:35:22 - at Eddie.Core.ConnectionTypes.IConnectionType.OnClose () [0x0001c] in <0079446312484dacb62534ba98c85599>:0 E 2021.10.30 05:35:22 - at Eddie.Core.ConnectionTypes.OpenVPN.OnClose () [0x00000] in <0079446312484dacb62534ba98c85599>:0 E 2021.10.30 05:35:22 - at Eddie.Core.Session.OnRun () [0x00a5e] in <0079446312484dacb62534ba98c85599>:0 Quote Share this post Link to post