Linux: AirVPN Suite 1.2.0 available

[Staff 9950]

Hello!

We're very glad to inform you that AirVPN Suite version 1.2.0 is now available. Check supported systems below
UPDATE 15 Feb 22: Release Candidate 1 is available
UPDATE 08 Mar 22: Release Candidate 2 is available
UPDATE 17 Mar 22: Release Candidate 3 is available
 

24 Mar 22: Production release is available

The suite includes:

• Bluetit: lightweight, ultra-fast D-Bus controlled system daemon providing full connectivity and integration to AirVPN servers, or generic OpenVPN servers. Bluetit can also enforce Network Lock and/or connect the system to AirVPN during the bootstrap
• Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN servers
• Hummingbird: lightweight and standalone binary for generic OpenVPN server connections

 

What's new in 1.2.0

• bug fix: white and black lists are now handled more properly by quick connection mode with new logical approach
• bug fix: comma in password is now parsed correctly when entered in bluetit.rc
• bug fix: Hummingbird network restore function works properly when hummingbird.lock file is missing but DNS and firewall rules have their backup copies to be recovered
• bug fixes in --pause, --resume, --reconnect options
• refinements in logging
• in automatic network lock mode, nftables takes precedence over iptables if nft userland utility exists
• DNS handling improvements with certain systemd-resolved wortking modes
• added support for zstd and gzip compressed kernel modules
• IPv6 bootstrap servers enhanced support
• update of all support libraries, including OpenVPN-AirVPN

Please check the changelog at the end of this post for detailed information.

Thank you very much for your tests and please report any bug, glitch, malfunction etc. in this thread!
 

Packages

Please note that the Suite is no more built for i686 systems (32 bit architecture). If you need the Suite for such systems please run 1.1.0 release in the meantime and contact us in this thread or through a ticket.
 

Packages can be downloaded from our web site page https://airvpn.org/linux/suite/

AirVPN Suite is released under GLPv3. Source code and repository: https://gitlab.com/AirVPN/AirVPN-Suite

AirVPN Suite changelog

Changelog for AirVPN Suite

Version 1.2.0 - 22 March 2022

• [ProMIND] production release

Version 1.2.0 RC 3 - 17 March 2022

• [ProMIND] updated to OpenVPN3 AirVPN 3.8.1
• [ProMIND] vpnclient.hpp: changed references of ClientAPI::OpenVPNClient class to ClientAPI::OpenVPNClientHelper to conform to the new OpenVPN3 client class names
• [ProMIND] vpnclient.hpp: added private members event_error and event_fatal_error to reflect client's event errors
• [ProMIND] vpnclient.hpp: added public methods eventError() and eventFatalError()
• [ProMIND] vpnclient.hpp: get_connection_stats() added topology, cipher, ping and ping_restart values from OpenVPN3 options

Version 1.2.0 RC 2 - 8 March 2022

• [ProMIND] vpnclient.hpp: added methods init(), initSupportedDataCiphers(), isDataCipherSupported() and getSupportedDataCiphers()
• [ProMIND] vpnclient.hpp: added cipher member to struct EventData
• [ProMIND] vpnclient.hpp: added getPushedDns() method
• [ProMIND] airvpntools.cpp: added normalizeBoolValue() method for the normalization of "simple" bools to extended values conforming to Suite's option parser and to be used to extend OpenVPN3 "simple" bool options
• [ProMIND] logger.hpp: flushLog() is now synchronized and thread safe by using a semaphore

Version 1.2.0 RC 1 - 15 February 2022

• [ProMIND] Updated to OpenVPN 3.7.2 AirVPN

Version 1.2.0 Beta 1 - 7 February 2022

• [ProMIND] updated to OpenVPN 3.7.1 AirVPN and latest support libraries and support projects
• [ProMIND] vpnclient.hpp: added methods openVPNInfo(), openVPNCopyright() and sslLibraryVersion()
• [ProMIND] vpnclient.hpp: added event management (subscription, unsubscription, raising) via callback functions for all native ClientEvent::Type
• [ProMIND] loadmod.c: added support for gz and zstd modules
• [ProMIND] netfilter.cpp: changed firewall priority scheme into nftables, iptables-legacy, iptables, pf
• [ProMIND] netfilter.cpp: added workaround for iptables modules in order to comply to kernel 5.15.x
• [ProMIND] netfilter.cpp: init(): in case netlock is set to iptables, force the initial loading of system rules by adding and then immediately removing two IPv4 and IPv6 "fake rules" in order to have netlock work in distributions running under kernel 5.15.x and iptables 1.8.7
• [ProMIND] dnsmanager.cpp: systemHasResolved() method renamed as systemHasSystemdResolved()
• [ProMIND] dnsmanager.cpp: added systemHasResolvectl() method
• [ProMIND] optionparser.cpp: added description and order members to OptionConfig and Option structures
• [ProMIND] airvpntools.cpp: added automatic support and selection for AirVPN IPv6 bootstrap servers
• [ProMIND] airvpnserverprovider.cpp: getFilteredServerList() includes all AirVPN server. Those not meeting the connection priority scheme are sent to the bottom of the list with the highest possible penalty. This is needed in case the country black list includes all of the connection priority scheme's countries

*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*


Changelog for Bluetit

Version 1.2.0 - 22 March 2022

• [ProMIND] production release

Version 1.2.0 RC 3 - 17 March 2022

• [ProMIND] do not check for supported ciphers in OpenVPN config file in case eval.cipher is empty
• [ProMIND] establish_openvpn_connection() returns false in case of client's event error or fatal error
• [ProMIND] connection and connection stats threads are now stopped by dedicated functions stop_connection_thread() and void stop_connection_stats_thread() respectively
• [ProMIND] improved error management at connection time

Version 1.2.0 RC 2 - 8 March 2022

• [ProMIND] Added list_data_ciphers dbus method
• [ProMIND] Added list_pushed_dns dbus method
• [ProMIND] Check and validate requested data cipher according to VpnClient's supported ciphers
• [ProMIND] Shows server information summary at the end of connection process via VpnClient connected event
• [ProMIND] Normalized (extended) bool values for options allowuaf, compress and network-lock

Version 1.2.0 RC 1 - 15 February 2022

• [ProMIND] Same as Beta 1

Version 1.2.0 Beta 1 - 7 February 2022

• [ProMIND] White and black lists are now properly checked when connecting to an AirVPN server or country
• [ProMIND] In case there are white lists defined, quick connection will ignore the connection scheme priority
• [ProMIND] Added "africa" and "oceania" to continent/country connection process
• [ProMIND] Added SSL library version to startup log
• [ProMIND] Removed ipv6 option and replaced with allowuaf option (Allow Unused Address Families) in order to comply to the new OpenVPN3 specifications
• [ProMIND] Added DBus method ssl_library_version
• [ProMIND] btcommon.hpp: added normalized client options and descriptions
• [ProMIND] add_airvpn_bootstrap_to_network_lock(): added support for AirVPN IPv6 bootstrap servers

*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*


Changelog for Goldcrest

Version 1.2.0 - 22 March 2022

• [ProMIND] production release

Version 1.2.0 RC 3 - 17 March 2022

• [ProMIND] Update connection statistics to the latest Bluetit specifications

Version 1.2.0 RC 2 - 8 March 2022

• [ProMIND] Added --list-data-ciphers option
• [ProMIND] Added server information summary to statistics output
• [ProMIND] Normalized (extended) bool values for options allowuaf, compress and network-lock

Version 1.2.0 RC 1 - 15 February 2022

•  [ProMIND] Reassigned short option "Q" to long option "air-key-load"

Version 1.2.0 Beta 1 - 7 February 2022

• [ProMIND] Removed ipv6 command line option and replaced with allowuaf option (Allow Unused Address Families) in order to comply to the new OpenVPN3 specifications
• [ProMIND] Added OpenVPN copyright information and SSL library information to the welcome message
• [ProMIND] Changed usage() in order to use the new normalized option format

*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*


Changelog for Hummingbird

Version 1.2.0 - 22 March 2022

• [ProMIND] production release

Version 1.2.0 RC 3 - 17 March 2022

• [ProMIND] updated to OpenVPN3 AirVPN 3.8.1
• [ProMIND] do not check for supported ciphers in OpenVPN config file in case eval.cipher is empty
• [ProMIND] changed references of ClientAPI::OpenVPNClient class to ClientAPI::OpenVPNClientHelper to conform to the new OpenVPN3 client class names
• [ProMIND] replaced calls to removed OpenVPN client's eval_config_static() with ClientAPI::OpenVPNClientHelper::eval_config()

Version 1.2.0 RC 2 - 8 March 2022

• [ProMIND] Added --list-data-ciphers option
• [ProMIND] Check and validate requested data cipher according to VpnClient's supported ciphers
• [ProMIND] Normalized (extended) bool values for options allowuaf, compress and network-lock

Version 1.2.0 RC 1 - 15 February 2022

• [ProMIND] Updated to OpenVPN 3.7.2 AirVPN

Version 1.2.0 Beta 1 - 7 February 2022

• [ProMIND] updated to OpenVPN 3.7.1 AirVPN and latest support libraries and support projects
• [ProMIND] Added SSL library version to version message
• [ProMIND] Removed ipv6 command line option and replaced with allowuaf option (Allow Unused Address Families) in order to comply to the new OpenVPN3 specifications
• [ProMIND] Added OpenVPN and copyright information and SSL library information to the welcome message
• [ProMIND] Fixed recover network procedure. It now properly checks the existence of network backup file

Kind regards and datalove
AirVPN Staff
 

[OpenSourcerer 1432]

Is Goldcrest ignoring the config file or something?

$ goldcrest -O
2022-02-08 18:22:10 --air-key-load: no key file name provided

I removed goldcrest.rc from .config to see if there are new config params but it generated a file similar to the old one. Nevertheless, I did my changes to the new one (which means also, I let all whitespace as it is).

#
# goldcrest runcontrol file
#

air-server              Kitalpha
air-tls-mode            crypt
air-ipv6                off
air-6to4                off
air-user                opensourcerer
air-password            p45Sw0rD
air-key         key name
# cipher                <cipher_name>
proto                   udp
# server                <server_ip|server_url>
# port                  <port>
# tcp-queue-limit       <n>
# ncp-disable           <yes|no>
network-lock            off
ignore-dns-push yes
ipv6                    no
# timeout               <seconds>
# compress              <yes|no|asym>
# proxy-host            <host_ip|host_url>
# proxy-port            <port>
# proxy-username        <proxy_username>
# proxy-password        <proxy_password>
# proxy-basic           <yes|no>
# alt-proxy             <yes|no>
# persist-tun           <on|off>
# conn-stat-interval            <seconds>
 

air-key name has got a space.

[Staff 9950]

@OpenSourcerer

Hello!

Thank you, bug confirmed and fixed. Before the next version comes out, you might like to use "--air-connect" in place of "-O" to keep testing.

Kind regards
 

[colorman 26]

@Staff,
I have problems using Bluetit.
See attach

Operating System: openSUSE Leap 15.3
KDE Plasma Version: 5.18.6
KDE Frameworks Version: 5.76.0
Qt Version: 5.12.7
Kernel Version: 5.3.18-150300.59.46-preempt
OS Type: 64-bit
Processors: 8 × AMD Ryzen 5 3400G with Radeon Vega Graphics
Memory: 13,6 GiB



Back to 1.1.0, no problems there

bluetit.txt

bluetit2.txt

[Staff 9950]

@colorman

Hello and thank you!
 
AES-CBC for Data Channel is no more accepted and should not be picked automatically, can we see your bluetit.rc and goldcrest.rc files content?

Kind regards
 

[colorman 26]

33 minutes ago, Staff said:

@colorman

Hello and thank you!
 
AES-CBC for Data Channel is no more accepted and should not be picked automatically, can we see your bluetit.rc and (if you run Golcrest) goldcrest.rc files content, and Goldcrest running options?

Kind regards
 

Sorry but i need help with this, don't understand what you mean, but i do my best.....

can not attach from /etc/airvpn/ because the are root

Like this?
@local:/usr/local/bin> ./goldcrest AirVPN_Netherlands_UDP-443-Entry3.ovpn
 

bluetit.rc goldcrest

[Staff 9950]

@colorman

Hello!

The failure is

2022-02-09 11:35:55 Client exception in transport_recv: crypto_alg: AES-256-CBC: bad cipher for data channel use

AES-CBC cipher must not (and is not according to our tests) be selected with default settings. Therefore we would like to see the content of the mentioned files to understand how AES-CBC happened to be selected. Forget about Goldcrest running options, we see that you give Goldcrest an ovpn file to parse.

Please note that if you generated an OpenVPN configuration file for OpenVPN 2.4, the directive:

cipher AES-256-CBC

will be included. This directive will cause the error you see on latest OpenVPN3-AirVPN and OpenVPN 2 versions. To generate a proper configuration file for AirVPN Suite and latest OpenVPN 2.5 releases, tick "Advanced Mode", then select "OpenVPN >= 2.5". In this way the aforementioned directive will not be included. Alternatively, do not use ovpn files at all (Bluetit and Goldcrest don't require them with AirVPN).

Kind regards
 

[OpenSourcerer 1432]

$ goldcrest --air-connect
2022-02-09 14:45:20 Reading run control directives from file /home/airvpn/.config/goldcrest.rc
Goldcrest 1.2.0 Beta 1 - 7 February 2022

2022-02-09 14:45:20 Bluetit - AirVPN OpenVPN 3 Service 1.2.0 Beta 1 - 7 February 2022
2022-02-09 14:45:20 OpenVPN core 3.7.1 AirVPN linux x86_64 64-bit
2022-02-09 14:45:21 Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved.
2022-02-09 14:45:21 OpenSSL 1.1.0l  10 Sep 2019
2022-02-09 14:45:21 Bluetit is ready
2022-02-09 14:45:21 Bluetit options successfully reset
2022-02-09 14:45:21 ERROR: Unknown option --ipv6

.

[Staff 9950]

@OpenSourcerer

Thank you! Do you have "ipv6 on" in your goldcrest.rc ? We brought in from OpenVPN3 main branch the IPv6 member deletion and other IPv6 related modifications. EDIT: ...so ipv6 option is no more supported (check our next message).

Kind regards
 

[OpenSourcerer 1432]

4 minutes ago, Staff said:

Do you have "ipv6 on" in your goldcrest.rc ?

Same rc as above, ipv6 is off because of server choice. Commenting out ipv6 lets Goldcrest initiate a connection.

[colorman 26]

44 minutes ago, Staff said:

@colorman

Hello!

The failure is

2022-02-09 11:35:55 Client exception in transport_recv: crypto_alg: AES-256-CBC: bad cipher for data channel use

AES-CBC cipher must not (and is not according to our tests) be selected with default settings. Therefore we would like to see the content of the mentioned files to understand how AES-CBC happened to be selected. Forget about Goldcrest running options, we see that you give Goldcrest an ovpn file to parse.

Please note that if you generated an OpenVPN configuration file for OpenVPN 2.4, the directive:

cipher AES-256-CBC

will be included. This directive will cause the error you see on latest OpenVPN3-AirVPN and OpenVPN 2 versions. To generate a proper configuration file for AirVPN Suite and latest OpenVPN 2.5 releases, tick "Advanced Mode", then select "OpenVPN >= 2.5". In this way the aforementioned directive will not be included. Alternatively, do not use ovpn files at all (Bluetit and Goldcrest don't require them with AirVPN).

Kind regards
 

solved thank you......

[Staff 9950]

36 minutes ago, OpenSourcerer said:

Same rc as above, ipv6 is off because of server choice. Commenting out ipv6 lets Goldcrest initiate a connection.

Hello!

Yes, ipv6 option has been removed. From the changelog:

[ProMIND] Removed ipv6 command line option and replaced with allowuaf option (Allow Unused Address Families) in order to comply to the new OpenVPN3 specifications 

The next user's manual which will be published with the stable release will reflect the change.

Kind regards
 

[OpenSourcerer 1432]

3 hours ago, Staff said:

The next user's manual which will be published with the stable release will reflect the change.

The part of the suite writing the boilerplate goldcrest.rc if it doesn't exist should reflect this change, too.

I also noticed that Bluetit/Goldcrest don't use the system OpenSSL. Is that a deliberate choice or accidental?

2022-02-08 18:39:50 OpenSSL 1.1.0l  10 Sep 2019

System version is 1.1.1m.

[Staff 9950]

@OpenSourcerer

Hello!

Sure, the *.rc templates will be adjusted accordingly.

The Suite must use system OpenSSL library, simply because it has nothing else. That log entry is very strange, as OpenSSL 1.1.0 is nowhere, and we have noticed the same on a different system (Fedora 35). Under investigation. Thanks again.

Kind regards
 

[Staff 9950]

On 2/9/2022 at 6:50 PM, OpenSourcerer said:

I also noticed that Bluetit/Goldcrest don't use the system OpenSSL. Is that a deliberate choice or accidental?

2022-02-08 18:39:50 OpenSSL 1.1.0l  10 Sep 2019

System version is 1.1.1m.

Hello!

Explanation found. OpenVPN3 hard codes internally the OpenSSL header value at compilation time, even though OpenSSL is linked dynamically. So, if you compile in, say, Debian 9 to ensure maximum compatibility, OpenVPN 3 will claim "1.1.0h" regardless of the actual OpenSSL used during runtime.

It's a wrong approach our library inherited from the master branch. The correct approach would be for example using the proper library function to get and return the library version and avoid the aforementioned hard coding. We are going to fix this botch in our fork asap. EDIT: fix implemented in OpenVPN3 AirVPN 3.7.2. AirVPN Suite 1.2.0 RC 1 is now linked against the new library.

Kind regards
 

[Staff 9950]

Hello!

Update: AirVPN Suite 1.2.0 Release Candidate 1 is now available. Original message download links and changelog have been updated accordingly. RC 1  is linked against the new OpenVPN3-AirVPN library and fixes all the glitches you have found so far in beta 1. Thank you for your tests!

Kind regards
 

[OpenSourcerer 1432]

I've been testing this a little on the command line.
1.
If passwords (-P) are quoted with "", the marks appear to be seen as part of the password. Single quotes ' ' work, though, and -F accepts them both as well. Backslash escapes work as well.

$ goldcrest -O -S Kitalpha -V off -B off -U opensourcerer -P "<password with special Bash characters like * and &>" -F "key name" -6 off
2022-02-26 19:32:12 Reading run control directives from file […]/.config/goldcrest.rc
…
2022-02-26 19:12:18 Logging in AirVPN user opensourcerer
2022-02-26 19:12:18 ERROR: AirVPN login failed for user opensourcerer

$ goldcrest -O -S Kitalpha -V off -B off -U opensourcerer -P '<password with special Bash characters like * and &>' -F "key name" -6 off
…
2022-02-26 19:28:49 Logging in AirVPN user opensourcerer
2022-02-26 19:28:49 AirVPN user opensourcerer successfully logged in

2. -6's off setting is unrecognized.

$ goldcrest -O -S Kitalpha -V off -B off -U opensourcerer -P <password> -F "key name" -6 off  
Goldcrest 1.2.0 RC 1 - 15 February 2022
…
2022-02-26 19:12:47 AirVPN user opensourcerer successfully logged in
2022-02-26 19:12:47 Selected user key: <key name>
2022-02-26 19:12:48 ERROR eval config error: ERR_PROFILE_GENERIC: IPv6Setting: unrecognized setting: 'off'

A test afterwards showed the same for allowuaf option in the rc. Default rc does list it as a possible option, though.
3.
If allowuaf is not set to off, the suite pushes routes for v6 rerouting, too, regardless of whether the server supports v6 or not. Edge case… but how would you handle someone requesting v6 for Kitalpha?
Also from the docs, the default is default, so I deduce that the floor here is made out of floor.

[Staff 9950]

15 hours ago, OpenSourcerer said:

I've been testing this a little on the command line.
1.
If passwords (-P) are quoted with "", the marks appear to be seen as part of the password. Single quotes ' ' work, though, and -F accepts them both as well. Backslash escapes work as well.

Hello and thank you!

OK, it sounds fine here.
 

Quote

2. -6's off setting is unrecognized.

Yes, bug reproduced - it doesn't recognize any setting.
 

Quote

If allowuaf is not set to off, the suite pushes routes for v6 rerouting, too, regardless of whether the server supports v6 or not. Edge case… but how would you handle someone requesting v6 for Kitalpha?

If connection is attempted over IPv6, for example because default system choice is IPv6 or configuration file prescribes IPv6 address in remote directive, failure is expected when IPv6 is not available server side. That's fine. The problem in such systems is again the bug for which one can't turn off -6 (allowuaf), making those almost unable to connect to IPv4 only servers (a remote IPv4 address must be forced to circumvent the problem).
 

Quote

Also from the docs, the default is default, so I deduct that the floor here is made out of floor. 

The default setting for IPv6 should be the default system setting. Docs clarification/fix needed, we will check.

Thank you very much!

Kind regards
 

[Staff 9950]

@OpenSourcerer

Hello!

-6 option problem you have detected is caused by the fact that the option is managed by OpenVPN3 and not by the Suite. OpenVPN3 options can't have "on", "off" etc. arguments, but only "yes", "no" and "default"/other, while the Suite parser is much more flexible. We will translate the arguments of those options which are managed internally by OpenVPN3 in order to resolve the issue. In the meantime you should use only "yes" or "no" to resolve the problem and keep testing.

Kind regards
 

[OpenSourcerer 1432]

Some options don't make much sense in ad-hoc mode, and I think these should be separated in the help file and elsewhere. Specifically, these are at least --bluetit-status, --bluetit-stats, --pause, --resume, --reconnect. Calling them in a second terminal if Goldcrest initiated the connection gives me this:

2022-02-28 18:26:37 DBusConnectorException: DBusConnector: not primary owner (2)

But the actual issue is that --pause/--resume and --reconnect are somewhat unstable. --pause works always, but --resume often does not:

Feb 28 19:02:52  bluetit[9396]: EVENT: PAUSE Received pause signal
Feb 28 19:02:52  bluetit[9396]: ERROR: N_PAUSE
Feb 28 19:03:00  bluetit[9396]: Requested method "version"
Feb 28 19:03:00  bluetit[9396]: Requested method "openvpn_info"
Feb 28 19:03:00  bluetit[9396]: Requested method "openvpn_copyright"
Feb 28 19:03:00  bluetit[9396]: Requested method "ssl_library_version"
Feb 28 19:03:00  bluetit[9396]: Requested method "resume_connection"
Feb 28 19:03:00  bluetit[9396]: Resuming VPN connection
Feb 28 19:03:00  bluetit[9396]: EVENT: RESUME
Feb 28 19:03:00  bluetit[9396]: EVENT: RESUME
Feb 28 19:03:00  bluetit[9396]: DBusConnectorException: DBusConnector: cannot append argument to method
Feb 28 19:03:00  bluetit[9396]: Stopping OpenVPN3 connection thread
Feb 28 19:03:00  bluetit[9396]: EVENT: RECONNECTING
Feb 28 19:03:00  bluetit[9396]: net_route_del: 128.0.0.0/1 via 10.20.6.1 dev tun0 table 0 metric 0
Feb 28 19:03:00  bluetit[9396]: Connection statistics updater thread finished
Feb 28 19:03:00  bluetit[9396]: net_route_del: 0.0.0.0/1 via 10.20.6.1 dev tun0 table 0 metric 0
Feb 28 19:03:00  bluetit[9396]: net_addr_del: 10.20.6.231/24 dev tun0
Feb 28 19:03:00  bluetit[9396]: net_iface_mtu_set: mtu 1500 for tun0
Feb 28 19:03:00  bluetit[9396]: net_iface_up: set tun0 down
Feb 28 19:03:00  bluetit[9396]: net_route_del: 91.214.169.71/32 via 192.168.110.1 dev enp39s0 table 0 metric 0
Feb 28 19:03:00  bluetit[9396]: EVENT: DISCONNECTED
Feb 28 19:03:00  bluetit[9396]: Network filter successfully restored
Feb 28 19:03:00  bluetit[9396]: OpenVPN3 CONNECT ERROR: DBusConnector: cannot append argument to method
Feb 28 19:03:00  bluetit[9396]: Stopping OpenVPN3 connection thread
Feb 28 19:03:00  bluetit[9396]: OpenVPN3 Connect thread exception: Verklemmung beim Zugriff auf eine Ressource vermieden
Feb 28 19:03:00  bluetit[9396]: Stopping OpenVPN3 connection thread
Feb 28 19:03:00  systemd[1]: bluetit.service: Main process exited, code=killed, status=6/ABRT
Feb 28 19:03:00  systemd[1]: bluetit.service: Failed with result 'signal'.

Same with --reconnect:

Feb 28 19:07:46  bluetit[9995]: Reconnecting VPN server
Feb 28 19:07:46  bluetit[9995]: Reconnecting OpenVPN3
Feb 28 19:07:46  bluetit[9995]: Reconnecting OpenVPN3
Feb 28 19:07:46  bluetit[9995]: net_route_del: 128.0.0.0/1 via 10.20.6.1 dev tun0 table 0 metric 0
Feb 28 19:07:46  bluetit[9995]: net_route_del: 0.0.0.0/1 via 10.20.6.1 dev tun0 table 0 metric 0
Feb 28 19:07:46  bluetit[9995]: net_addr_del: 10.20.6.231/24 dev tun0
Feb 28 19:07:46  bluetit[9995]: net_iface_mtu_set: mtu 1500 for tun0
Feb 28 19:07:46  bluetit[9995]: net_iface_up: set tun0 down
Feb 28 19:07:46  bluetit[9995]: net_route_del: 91.214.169.71/32 via 192.168.110.1 dev enp39s0 table 0 metric 0
Feb 28 19:07:46  bluetit[9995]: EVENT: DISCONNECTED
Feb 28 19:07:46  bluetit[9995]: Network filter successfully restored
Feb 28 19:07:46  bluetit[9995]: OpenVPN3 CONNECT ERROR: DBusConnector: cannot append argument to method
Feb 28 19:07:46  bluetit[9995]: Stopping OpenVPN3 connection thread
Feb 28 19:07:46  bluetit[9995]: Connection statistics updater thread finished
Feb 28 19:07:46  bluetit[9995]: OpenVPN3 Connect thread exception: Verklemmung beim Zugriff auf eine Ressource vermieden
Feb 28 19:07:46  bluetit[9995]: Stopping OpenVPN3 connection thread
Feb 28 19:07:46  systemd[1]: bluetit.service: Main process exited, code=killed, status=6/ABRT
Feb 28 19:07:46  systemd[1]: bluetit.service: Failed with result 'signal'.

The connect thread exceptions are: Deadlock prevented when accessing a resource.

[Staff 9950]

@OpenSourcerer

Hello!
 

 

Quote

 

Calling them in a second terminal if Goldcrest initiated the connection gives me this:

2022-02-28 18:26:37 DBusConnectorException: DBusConnector: not primary owner (2)

 

 

Yes, that's fine, Bluetit implements an exclusive D-Bus mode to prevent multiple clients from connecting to it.
 

Quote

Feb 28 19:07:46  bluetit[9995]: OpenVPN3 CONNECT ERROR: DBusConnector: cannot append argument to method

That's puzzling, it may be caused by D-Bus lack of memory or wrong data type (EDIT: the error would be caused by lack of memory only according to D-Bus documentation) Furthermore Bluetit crashes immediately after.:
 

Quote

Feb 28 19:07:46  systemd[1]: bluetit.service: Main process exited, code=killed, status=6/ABRT
Feb 28 19:07:46  systemd[1]: bluetit.service: Failed with result 'signal'. 

We've been struggling and failing to reproduce the issue so far. Can you tell us your D-Bus version? Have you experienced the problem in Arch only or even in other distributions?

Kind regards
 

[OpenSourcerer 1432]

8 hours ago, Staff said:

Can you tell us your D-Buys version? Have you experienced the problem in Arch only or even in other distributions?

$ dbus-daemon --version
D-Bus Message Bus Daemon 1.12.20
Copyright (C) 2002, 2003 Red Hat, Inc., CodeFactory AB, and others
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Didn't test this on other distros, so only Arch so far. Any particular distros (+version) I should retest this with?

[Staff 9950]

@OpenSourcerer

Hello!

We couldn't reproduce the issue in Arch, but our distribution uses DBus 1.14, while yours runs the 1.12.20 legacy. Do you have the option to upgrade to 1.12.22 or 1.14 and check whether the problem gets resolved or not? We start suspecting that the issue is related to 1.12.20.

Kind regards
 

[OpenSourcerer 1432]

2 hours ago, Staff said:

while yours runs the 1.12.20 legacy

Ran.

[2022-03-03T23:29:22+0100] [ALPM] upgraded dbus (1.12.20-1 -> 1.14.0-1)

When I checked the version at that time, 1.12.20 was indeed the current version in the repository. Retested this with 1.14 now.

Mär 04 13:23:08   bluetit[4892]: Requested method "version"
Mär 04 13:23:08   bluetit[4892]: Requested method "openvpn_info"
Mär 04 13:23:08   bluetit[4892]: Requested method "openvpn_copyright"
Mär 04 13:23:08   bluetit[4892]: Requested method "ssl_library_version"
Mär 04 13:23:08   bluetit[4892]: Requested method "reconnect_connection"
Mär 04 13:23:08   bluetit[4892]: Reconnecting VPN server
Mär 04 13:23:08   bluetit[4892]: Reconnecting OpenVPN3
Mär 04 13:23:08   bluetit[4892]: Reconnecting OpenVPN3
Mär 04 13:23:08   bluetit[4892]: net_route_del: 128.0.0.0/1 via 10.20.6.1 dev tun0 table 0 metric 0
Mär 04 13:23:08   bluetit[4892]: net_route_del: 0.0.0.0/1 via 10.20.6.1 dev tun0 table 0 metric 0
Mär 04 13:23:08   bluetit[4892]: net_addr_del: 10.20.6.231/24 dev tun0
Mär 04 13:23:08   bluetit[4892]: net_iface_mtu_set: mtu 1500 for tun0
Mär 04 13:23:08   bluetit[4892]: net_iface_up: set tun0 down
Mär 04 13:23:08   bluetit[4892]: net_route_del: 91.214.169.71/32 via 192.168.110.1 dev enp39s0 table 0 metric 0
Mär 04 13:23:08   bluetit[4892]: EVENT: DISCONNECTED
Mär 04 13:23:08   bluetit[4892]: Network filter successfully restored
Mär 04 13:23:08   bluetit[4892]: OpenVPN3 CONNECT ERROR: DBusConnector: cannot append argument to method
Mär 04 13:23:08   bluetit[4892]: Stopping OpenVPN3 connection thread
Mär 04 13:23:08   bluetit[4892]: Connection statistics updater thread finished
Mär 04 13:23:08   bluetit[4892]: OpenVPN3 Connect thread exception: Verklemmung beim Zugriff auf eine Ressource vermieden
Mär 04 13:23:08   bluetit[4892]: Stopping OpenVPN3 connection thread
Mär 04 13:23:08   systemd[1]: bluetit.service: Main process exited, code=killed, status=6/ABRT
Mär 04 13:23:08   systemd[1]: bluetit.service: Failed with result 'signal'.

Would a higher verbosity setting for OpenVPN 3 cause Bluetit to log more verbosely? Though I don't see an option for anything debug besides --ssl-debug.

[Staff 9950]

Hello!

Update: AirVPN Suite 1.2.0 Release Candidate 2 is now available. Original message download links and changelog have been updated accordingly.  Thank you for your tests!

Kind regards