princesskenny 1 Posted ... Quote Interoperability between open-source applications and our service is still a main objective for us. This is important to me. Thank you. I'm looking forward to trying wg with AirVPN. 1 Staff reacted to this Quote Share this post Link to post
OpenSourcerer 1435 Posted ... 6 hours ago, qitorin said: Fatal error occured, please contact Eddie support: Exception: nft issue: exit:1; out:^ ~~; err:Error: syntax error, options must be specified before commands Known and hotfixed, not a Wireguard error:Clear the cache, then redownload the package: # apt-get clean && apt-get install --reinstall eddie-ui . Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
zsam288 36 Posted ... when creating a config file from the config generator and improting it to android, the android wireguard app cannot import the config "invalid name" not using any custom names QR works fine Quote Share this post Link to post
OpenSourcerer 1435 Posted ... 8 hours ago, zsam288 said: not using any custom names Rename before importing. Keep it very simple (e.g. airvpn0). Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
benfitita 39 Posted ... Thank you AirVPN! nl_ams_ter and similar names work as well. Quote Share this post Link to post
kbps 29 Posted ... On 10/29/2021 at 6:30 PM, mith_y2k said: Hi, I want to make sure I understand correctly your answer linked here: are you saying that AirVPN servers will remove the client ip every 10 minutes from memory but that the wireguard client will preserve it or are you saying the Wireguard team will have the client ips indefinitely? I too am confused as to where and why the user's IP address is stored permantly. I understand that while connected to Air servers, the user IP address will be known. Why is this not purged from the Air after disconnect or server change? Quote Share this post Link to post
Staff 9972 Posted ... 19 minutes ago, kbps said: On 10/29/2021 at 7:30 PM, mith_y2k said: Hi, I want to make sure I understand correctly your answer linked here: are you saying that AirVPN servers will remove the client ip every 10 minutes from memory but that the wireguard client will preserve it or are you saying the Wireguard team will have the client ips indefinitely? I too am confused as to where and why the user's IP address is stored permantly. I understand that while connected to Air servers, the user IP address will be known. Why is this not purged from the Air after disconnect or server change? Hello! Keeping permanently the client IP address is a WireGuard feature, see also https://airvpn.org/faq/wireguard That's why we force a purge of the real IP address. "In AirVPN servers, if no handshake has occurred within 180 seconds, the peer is removed and reapplied. Doing so removes the real IP address from server memory.". Note that 180 seconds are not 10 minutes. If that's not acceptable you must not use WireGuard, keep using OpenVPN, which will get rid of the client IP address by itself (no need of active deletion). About the VPN IP address, which is another privacy problem, we invite to read the above linked FAQ answer. Kind regards Quote Share this post Link to post
SurprisedItWorks 49 Posted ... "I too am confused as to where and why the user's IP address is stored permantly. I understand that while connected to Air servers, the user IP address will be known. Why is this not purged from the Air after disconnect or server change?" Re why: The wireguard protocol itself has no notion of a "disconnect," and the server is always open to seeing more packets from a given peer (client in this case). Keeping the last known IP from which each peer communicates with the server radically speeds up incoming packet authentication, because if a packet arrives from a sender in the "last known" list, it's pretty obvious which public key to try first to test whether it's authentic. Air has worked around the issue nicely by deleting the last known IP after (currently) 3m during which the usual handshake packets have not arrived. The next packet that does arrive then has to be tested for authenticity against a large number of peer (users here) public keys. That carries a computational cost that Air kindly absorbs for the sake of our privacy in the comically unlikely case of some serious evildoer breaking into a datacenter and somehow siphoning off the contents of a running server's memory (IIRC they are diskless) for subsequent analysis. Summary: Air has made the saved public IP a nonissue in practical terms. 1 2 Antti Simola, kbps and Lee47 reacted to this Quote Share this post Link to post
kbps 29 Posted ... 4 hours ago, SurprisedItWorks said: he wireguard protocol itself has no notion of a "disconnect," and the server is always open to seeing more packets from a given peer (client in this case). Keeping the last known IP from which each peer communicates with the server radically speeds up incoming packet authentication, because if a packet arrives from a sender in the "last known" list, it's pretty obvious which public key to try first to test whether it's authentic. I see, thanks for the explanation. So basically, OpenVPN sends a disconnect packet to the VPN server, server forgets the connected IP address. Wireguard does not send a disconnect packet to the VPN server, server keeps the connected IP address stored in-case it sees that IP again so that it does not have to re-authenticate. To maintain privacy Air has decided to delete IP's after 3 minutes. Thanks Air. Have I understood this correctly? Out of interest how are other VPN providers dealing with this issue. Are they doing something similar? Quote Share this post Link to post
SurprisedItWorks 49 Posted ... Some other providers are also tweaking things to try and deal with the storage of the public IP (what we discussed above) and the internal-network IP (the 10.X.Y.Z address you can change by renewing your device key). Air's is the cleanest approach I've seen so far, because it doesn't hurt compatibility with third-party client software. You should be able to set up a dd-wrt or other router to use an Air wireguard server without difficulty, and I've done it in iOS using the official WireGuard app (easy set up & works great), etc. The other approaches I've seen limit you to the VPN provider's client apps. Quote Share this post Link to post
go558a83nk 362 Posted ... I want to add a second wireguard tunnel/peer setup on my pfsense box, using a different device as setup in my AirVPN account. The different device gives me a different, unique interface address for wireguard configs. However, it still overlaps in network address space with the other address for my other "device" so pfsense doesn't allow me to add it. (The /10 address is a very large address range!) Is there any solution to this so that I can have multiple wireguard tunnels running? Quote Share this post Link to post
go558a83nk 362 Posted ... re my above post. I changed the tunnel addresses from /10 to /32 and it works. however, I was pulling my hair out trying to figure out why my second tunnel wasn't working even after the tunnel addresses didn't overlap. server was Chameleon. turns out when I tried to use Leo instead it works. So perhaps something is wrong with Chameleon wireguard? Quote Share this post Link to post
Jacker@ 6 Posted ... (edited) Hi,@go558a83nk Can you explain how/what you changed address and CIDR? I want to run multiple WG servers in pfsense, but cannot, all server configs have the same Address = 10.153.187.114/10 Thanks in advance 😁 Edited ... by Jacker@ Quote Share this post Link to post
go558a83nk 362 Posted ... 20 hours ago, Jacker@ said: Hi,@go558a83nk Can you explain how/what you changed address and CIDR? I want to run multiple WG servers in pfsense, but cannot, all server configs have the same Address = 10.153.187.114/10 Thanks in advance 😁 You need to create another "device" which will allow you to generate configs with a different tunnel IP address. https://airvpn.org/devices/ As far as changing the /10 to /32 I do that in the interface settings of the wireguard tunnel. First I setup tunnel and peer for wireguard handshake, then setup interface and gateway for that wireguard tunnel. 1 Jacker@ reacted to this Quote Share this post Link to post
Jacker@ 6 Posted ... 9 minutes ago, go558a83nk said: You need to create another "device" which will allow you to generate configs with a different tunnel IP address. https://airvpn.org/devices/ As far as changing the /10 to /32 I do that in the interface settings of the wireguard tunnel. First I setup tunnel and peer for wireguard handshake, then setup interface and gateway for that wireguard tunnel. Thanks man 😎 Quote Share this post Link to post
go558a83nk 362 Posted ... 1 hour ago, Jacker@ said: Thanks man 😎 you're welcome. did you get it working? Quote Share this post Link to post
Jacker@ 6 Posted ... 1 minute ago, go558a83nk said: you're welcome. did you get it working? Tested and worked perfectly thank you. I run two together in a failover gateway for IOT's. I have also been using Mullvad purely because of their wireguard support, so this is ideal for me now to migrate back, 👍 Quote Share this post Link to post
LcKHUNy7 1 Posted ... Thanks Staff for the great work. My Synology NAS with a weak CPU (Celeron J3455) managed maybe 30MB/s through OpenVPN UDP with either AES or ChaCha20, with Wireguard I just reached 80MB/s (~640 Mbit/s). I was hoping for a slight improvement, but this is much beyond my expectation! Quote Share this post Link to post
vc5fo 4 Posted ... Thanks to lovely AirVPN for launching this protocol ... I'm getting "bringing up tunnel" error when try to connect ... Tried a few solutions around the web, but no luck. 😡 Quote Share this post Link to post
autone 4 Posted ... Anyone managed to get port forwarding to work with wireguard? I am getting connection refused errors. It works fine on openVPN. Quote Share this post Link to post
monstrocity 31 Posted ... 5 hours ago, autone said: Anyone managed to get port forwarding to work with wireguard? I am getting connection refused errors. It works fine on openVPN. I opened UDP port 1637 on the router that's behind a W10 machine, and WG worked fine through Eddie. I'm not sure if that port needs to be open or not on your end - worth a shot if nothing else works. Quote Share this post Link to post
LcKHUNy7 1 Posted ... 5 hours ago, autone said: Anyone managed to get port forwarding to work with wireguard? I am getting connection refused errors. It works fine on openVPN. Works fine for me with no additional configuration, just the config from the config generator. You don't need to port-forward anything in the router since Airvpn's port-forwarding is only dependent on the client and server, and gets tunneled through the VPN tunnel. Is the service you are trying to forward listening on the Wireguard tunnel interface? Quote Share this post Link to post
autone 4 Posted ... 2 hours ago, monstrocity said: 8 hours ago, autone said: Anyone managed to get port forwarding to work with wireguard? I am getting connection refused errors. It works fine on openVPN. I opened UDP port 1637 on the router that's behind a W10 machine, and WG worked fine through Eddie. I'm not sure if that port needs to be open or not on your end - worth a shot if nothing else works. I can connect to wireguard fine. It's port fowarding i'm having an issue with.https://airvpn.org/ports/ Quote Share this post Link to post
monstrocity 31 Posted ... Are your ports setup for TCP+UDP? I need both for different use cases - two of my devices are restricted to TCP only so those can't use WG unfortunately. Wondering if someone else is already connected to the port(s) you're trying to use - some sort of overlap in port assignments. If you already have dedicated UDP ports not working at all, open a support ticket. Quote Share this post Link to post