Jump to content
Not connected, Your IP: 3.15.6.140
Staff

[COMPLETED] WireGuard beta testing available

Recommended Posts

UPDATE 2022-05-02 BETA TESTING HAS BEEN COMPLETED. WIREGUARD ACCESS IS NOW AVAILABLE TO ANYONE AND CONSIDERED STABLE IN AIRVPN INFRASTRUCTURE


Hello!

We're glad to announce the beginning of WireGuard beta testing in AirPVN infrastructure.

In order to test WireGuard, go to Client Area ⇨ Preferences and activate Access to BETA Features. This will allow you to see specific guides and options pertaining to WireGuard.

About privacy concerns, we wrote a FAQ answer here . Please make sure to read it.

WireGuard with Eddie
If you want to use Eddie, go to download page of your OS, and click Other versions ⇨ Experimental in Eddie download pages.
Linux note: Eddie doesn't recognize WireGuard until it is present at kernel level. Use cat /sys/module/wireguard/version to check your WireGuard kernel module. Wireguard will be available in Preferences > Protocols window (logout and login from Eddie's main window might be necessary).

WireGuard without Eddie
Otherwise, for official WireGuard app/binaries, see the guides below:


The guides above will be also shown in Download section when Beta Features option is checked.

Notes:

  • We will add other connection ports, suggestions are welcome.
  • We automatically generate WireGuard keypair (and preshared-key), and assigned IPv4/IPv6 addresses, for any device, no action required.

Kind regards & datalove
AirVPN Staff

Share this post


Link to post

very quick initial test gives excellent results from a country unfriendly to VPNs

150mbit on OPENVPN
250+ on wireguard

not sure if it's a fluke or if these kind of improvements are to be expected?

Share this post


Link to post
@zsam288

When the network is not neutral you can have all sorts of differences according to how traffic shaping is enforced. For example, if UDP were to be heavily shaped and de-prioritized, or blocked, you couldn't use WireGuard but only OpenVPN with TCP as transport layer.

In our infrastructure the best download performance we could achieve from a single client when line, peering, CPU and server load and bandwidth availability were not for sure bottlenecks and in total absence of any type of traffic shaping have been 715 Mbit/s (1430 Mbit/s on the server) with OpenVPN 2.5 / OpenVPN AirVPN 3, and 654 Mbit/s (1308 Mbit/s on the server) with WireGuard.

Kind regards


 

Share this post


Link to post
@Spyker

Hello!

It's outlined on step 2: after you have picked Android as system and you have defined your favorite settings, click "Generate" and the QR code will appear. On step 3 you can read how to scan it from the WireGuard app.

Kind regards
 

Share this post


Link to post

Very impressed with the download speeds and appreciate your transparency with regards possible security issues with using Wireguard. Will continue to test and report back if there are any issues.

Thanks for putting this together!

Share this post


Link to post
3 hours ago, Staff said:
@Spyker

Hello!

It's outlined on step 2: after you have picked Android as system and you have defined your favorite settings, click "Generate" and the QR code will appear. On step 3 you can read how to scan it from the WireGuard app.

Kind regards
 
QR code doesn't show for me.
Tried on both firefox and chrome.

Share this post


Link to post
@Spyker

Hello!

It will appear only when you select Wireguard and you can select Wireguard only if you enable "Beta features" from your account "Client Area" panel.

Kind regards
 

Share this post


Link to post

Please pass on my thanks to the AirVPN development team. WireGuard works well! 😃
By the way, how does WireGuard daemon remove the endpoint IP addresses of inactive daemons from its memory? What I know, doing so would require restarting the whole daemon, what would in turn interrupt all the existing connections as well.

Let us hope the WireGuard developers will merge the dynamic peer IP modification into the master. It seems that chaining WireGuard connections requires now (to reduce likelihood of corrrelation snooping) creating extra device keys to obtain the additional static IP addresses for the hops.

Share this post


Link to post

I am trying to get this working on Debian sid but am getting following errors

[#] ip link add car type wireguard
[#] wg setconf car /dev/fd/63
[#] ip -4 address add 10.155.173.95/10 dev car
[#] ip -6 address add fd7d:76ee:e68f:a993:56a7:3428:9bd9:5f17/48 dev car
[#] ip link set mtu 1420 up dev car
[#] resolvconf -a tun.car -m 0 -x
[#] wg set car fwmark 51820
[#] ip -6 route add ::/0 dev car table 51820
[#] ip -6 rule add not fwmark 51820 table 51820
[#] ip -6 rule add table main suppress_prefixlength 0
[#] nft -f /dev/fd/63
/dev/fd/63:5:101-114: Error: Could not process rule: No such file or directory

[#] resolvconf -d tun.car -f
[#] ip -6 rule delete table 51820
[#] ip -6 rule delete table main suppress_prefixlength 0
[#] ip link delete dev car
car is the shortened .conf file name . what am I doing wrong.

Share this post


Link to post
1 hour ago, inc said:

car is the shortened .conf file name . what am I doing wrong.


Debian doesn't ship nft. Do:

# apt-get install nftables

.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Thanks but nftables is installed, I have given up for the time being.

Share this post


Link to post
7 hours ago, ventilaar said:

.


I see in my email that you asked about port forwarding.  It should work but you'll have to mess with iptables or something on your router.  Can't use the router GUI.  Or if you had iptables working for openvpn you'll have to change the rules for wireguard.

Share this post


Link to post
On 10/28/2021 at 3:57 AM, Staff said:

Hello!

We're glad to announce the beginning of WireGuard beta testing in AirPVN infrastructure.

About privacy concerns, we wrote a FAQ answer here . Please make sure to read it.

Kind regards & datalove

AirVPN Staff

Hi, I want to make sure I understand correctly your answer linked here: are you saying that AirVPN servers will remove the client ip every 10 minutes from memory but that the wireguard client will preserve it or are you saying the Wireguard team will have the client ips indefinitely?

Share this post


Link to post
@mith_y2k

Hello!

First, there is no WireGuard team which comes to know anything about our data and our customers' data.

Our system will wipe out the public IP address within the specified amount of seconds if, during that time frame, no packet is exchanged between server and client.

About the private IP address in the VPN, you need to act by yourself when you want to destroy the correlation between your account key and your account private IP address, in the way you can read on the FAQ answer.

Kind regards
 

Share this post


Link to post

In case anyone is interested in it, I made a NixOS module for myself with WireGuard in a network namespace. On NixOS it can be imported and used like this (note that it needs to have a single number between 1-9 in the name):
 

imports = [
  (import ./qbittorrent.nix { inherit pkgs; vpn1Name = "airvpn1"; })
];

Network namespaces allows confining processes and services so that they can only see certain interfaces, specifically here I made it so that qbittorrent can only access the internet through the wg interface and nothing else. If the VPN goes down, there's just no internet in the netns at all, it can never leak anything.

It should be possible to copy some of the configuration to other distros as well, or at least take inspiration from this. The only limitation is that you have to specify Endpoints with IP only, domain names will not work for now.

Working nice so far though, replaced my OpenVPN setup with this. Wireguard is much more aware of netns, unlike openvpn that needed a mess of scripts to function. 

qbittorrent.nix

Share this post


Link to post
3 hours ago, Staff said:
@mith_y2k

Hello!

First, there is no WireGuard team which comes to know anything about our data and our customers' data.

Our system will wipe out the public IP address within the specified amount of seconds if, during that time frame, no packet is exchanged between server and client.

About the private IP address in the VPN, you need to act by yourself when you want to destroy the correlation between your account key and your account private IP address, in the way you can read on the FAQ answer.

Kind regards
 

would be VERY helpful if you in full detail line out steps on how your "clients can renew their keys whenever they want, forcing a new, random IP address reassignment"....  (?)

Privacy is obviously the #1 reason for choosing a VPN, and if the drastically throttled speeds can be improved that is naturally welcomed, but rarely anybody has time to sift through, search for the correct info on how to implement something that is an officially implemented feature. You guys clearly know how to do it, post a full step-by-step guide, please.

Thanks.

Share this post


Link to post

I tried to use wireguard on debian sid and eddie-ui does not proceed from setup phase. I did log out and basically try everything to make it work. In addition there is another bug with nftables which is independent from wireguard bug and happens even with openvpn.
eddie-ui wireguard output:

. 2021.10.30 05:28:21 - Command line arguments (2): path.resources="/usr/share/eddie-ui" path.exec="/usr/bin/eddie-ui"
. 2021.10.30 05:28:22 - Reading options from /home/****/.config/eddie/default.profile
. 2021.10.30 05:28:25 - OpenVPN - Version: 2.5.1 - OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10 (/usr/sbin/openvpn)
. 2021.10.30 05:28:25 - SSH - Version: OpenSSH_8.4p1 Debian-6, OpenSSL 1.1.1l  24 Aug 2021 (/usr/local/bin/ssh)
. 2021.10.30 05:28:25 - SSL - Version: Initializing (/usr/bin/stunnel4)
. 2021.10.30 05:28:25 - curl - Version: 7.74.0 (/usr/bin/curl)
! 2021.10.30 05:28:25 - Activation of Network Lock - Linux iptables
I 2021.10.30 05:28:29 - Ready
. 2021.10.30 05:28:30 - Collect information about AirVPN completed
I 2021.10.30 05:28:39 - Session starting.
I 2021.10.30 05:28:39 - Checking authorization ...
. 2021.10.30 05:28:40 - IPv6 disabled on network adapter (default)
. 2021.10.30 05:28:40 - IPv6 disabled on network adapter (eth0)
! 2021.10.30 05:28:40 - Connecting to *****
. 2021.10.30 05:28:40 - Routes, add 128.127.104.79/32 for interface "eth0".
. 2021.10.30 05:28:40 - Routes, add 128.127.104.79/32 for interface "eth0", already exists.
. 2021.10.30 05:28:40 - WireGuard > Setup start
. 2021.10.30 05:28:40 - WireGuard > Setup complete
. 2021.10.30 05:28:40 - WireGuard > Setup interface

eddie-ui nftables bug log:
E 2021.10.30 05:35:22 - Fatal error occured, please contact Eddie support: Exception: nft issue: exit:1; out:^                       ~~; err:Error: syntax error, options must be specified before commands
E 2021.10.30 05:35:22 -     /usr/sbin/nft list ruleset -n -a -   at Eddie.Core.Elevated.Command.GetSyncResult () [0x00012] in <0079446312484dacb62534ba98c85599>:0
E 2021.10.30 05:35:22 -     at Eddie.Core.Elevated.IElevated.DoCommandSync (Eddie.Core.Elevated.Command c) [0x00046] in <0079446312484dacb62534ba98c85599>:0
E 2021.10.30 05:35:22 -     at Eddie.Core.Elevated.IElevated.DoCommandSync (System.String command, System.String key1, System.String val1, System.String key2, System.String val2, System.String key3, System.String val3, System.String key4, System.String val4) [0x00051] in <0079446312484dacb62534ba98c85599>:0
E 2021.10.30 05:35:22 -     at Eddie.Platform.Linux.NetworkLockNftables.DeallowInterface (System.Net.NetworkInformation.NetworkInterface networkInterface) [0x00021] in <9d46b1845ef64495a6f05ffa4bf6c961>:0
E 2021.10.30 05:35:22 -     at Eddie.Core.NetworkLockManager.DeallowInterface (System.Net.NetworkInformation.NetworkInterface networkInterface) [0x00008] in <0079446312484dacb62534ba98c85599>:0
E 2021.10.30 05:35:22 -     at Eddie.Core.ConnectionTypes.IConnectionType.OnClose () [0x0001c] in <0079446312484dacb62534ba98c85599>:0
E 2021.10.30 05:35:22 -     at Eddie.Core.ConnectionTypes.OpenVPN.OnClose () [0x00000] in <0079446312484dacb62534ba98c85599>:0
E 2021.10.30 05:35:22 -     at Eddie.Core.Session.OnRun () [0x00a5e] in <0079446312484dacb62534ba98c85599>:0
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...