Linux: AirVPN Suite 1.2.1 RC available

[Staff 9972]

Hello!

UPDATE: AirVPN  Suite 1.2.1 has been released. https://airvpn.org/forums/topic/55264-linux-airvpn-suite-121-available/

We're very glad to inform you that AirVPN Suite version 1.2.1 Release Candidate 1 is now available. This is a quick fix release.
 

The suite includes:

• Bluetit: lightweight, ultra-fast D-Bus controlled system daemon providing full connectivity and integration to AirVPN servers, or generic OpenVPN servers. Bluetit can also enforce Network Lock and/or connect the system to AirVPN during the bootstrap
• Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN servers
• Hummingbird: lightweight and standalone binary for generic OpenVPN server connections

 

What's new in 1.2.1

• Packages are available both for OpenSSL 3 and OpenSSL 1.1.x (legacy). Pick one according to the version you have in your system. If in doubt, run openssl version command from a terminal.
• bluetit.rc new directive forbidquickhomecountry to allow or forbid quick connections to home country servers
• Goldcrest bluetit-status option now shows the status of network lock and connection
• update of all support libraries, including OpenVPN-AirVPN
• bug fix: invalid user key label issue. Now, in case an invalid user key label is provided, the proper error is returned

Please check the changelog included, as usual, in the packages for detailed information.

Some notes:

• for Raspberry OS pick the ARM 64 bit legacy package, because Raspberry OS is based on Debian 11 and uses OpenSSL 1.1.x by default.
• for old Raspbian operating system and other 32 bit ARM systems pick the ARM 32 bit legacy package
• for Ubuntu 22 for Raspberry, pick ARM 64 bit mainline package (not legacy)
• if you run some i686 Linux let us know. You can still run AirVPN Suite 1.10 but if we have requests we can prepare a package for abandoned systems. Link to AirVPN Suite 1.1.0 for i686: https://eddie.website/repository/AirVPN-Suite/1.1/AirVPN-Suite-i686-1.1.0.tar.gz sha256 checksum: 6454cafc860ccc89da5da933c5bed279b1e1534a750f4423e6937e4fb84779e1
   

Thank you very much for your tests and please report any bug, glitch, malfunction etc. in this thread!
 

Packages

Please note that the Suite is no more built for i686 systems (32 bit architecture). If you need the Suite for such systems please run 1.1.0 release in the meantime and contact us in this thread or through a ticket.
 

Linux x86-64:

https://eddie.website/repository/AirVPN-Suite/1.2.1-RC1/AirVPN-Suite-x86_64-1.2.1.tar.gz

$ sha256sum AirVPN-Suite-x86_64-1.2.1-RC-1.tar.gz       
b0ed16882279376e413c316594d215c230632301a5281f12260b0e765366a251  AirVPN-Suite-x86_64-1.2.1-RC-1.tar.gz

***

Linux x86-64 legacy:

https://eddie.website/repository/AirVPN-Suite/1.2.1-RC1/AirVPN-Suite-x86_64-legacy-1.2.1-RC-1.tar.gz

$ sha256sum AirVPN-Suite-x86_64-legacy-1.2.1-RC-1.tar.gz
172e5a8436ded9a201e11722245bd399d04749d8448eddaf5ae4832de681e37d  AirVPN-Suite-x86_64-legacy-1.2.1-RC-1.tar.gz

***

Linux ARM 64 bit:

https://eddie.website/repository/AirVPN-Suite/1.2.1-RC1/AirVPN-Suite-aarch64-1.2.1-RC-1.tar.gz

$ sha256sum AirVPN-Suite-aarch64-1.2.1-RC-1.tar.gz
c1a31310376eb7c58a8c17d3daf7389cf00ca654a19b941b61907ecd17caa159  AirVPN-Suite-aarch64-1.2.1-RC-1.tar.gz

***

Linux ARM 64 bit legacy

https://eddie.website/repository/AirVPN-Suite/1.2.1-RC1/AirVPN-Suite-aarch64-legacy-1.2.1-RC-1.tar.gz

$ sha256sum AirVPN-Suite-aarch64-legacy-1.2.1-RC-1.tar.gz
18da433c1a073efcabef5cc00f17a6a75abdd4ed9b9efc0e66caa09070bcfac7  AirVPN-Suite-aarch64-legacy-1.2.1-RC-1.tar.gz

***

Linux ARM 32 bit legacy:

https://eddie.website/repository/AirVPN-Suite/1.2.1-RC1/AirVPN-Suite-armv7l-legacy-1.2.1-RC-1.tar.gz

$ sha256sum AirVPN-Suite-armv7l-legacy-1.2.1-RC-1.tar.gz
323d8ef34ae6a53e3e64a39dff1df05eb91ee8f011ab416cb4c2fb5724ce4c4a  AirVPN-Suite-armv7l-legacy-1.2.1-RC-1.tar.gz

User's manual (1.2.0): https://airvpn.org/suite/readme/
Bluetit developer's reference manual (1.2.0): https://gitlab.com/AirVPN/AirVPN-Suite/-/blob/master/docs/Bluetit-Developers-Reference-Manual.pdf

Kind regards and datalove
AirVPN Staff
 

[cheapsheep 6]

Hello,

i have noticed that the networklockpersist directive may not be working properly when the maximum of connections (guess) have been reached and there is a sudden reconnect of all clients.

Normally i would expect to see something like:
 

Quote

Dec 02 xx:xx:xx xxx bluetit[xxx]: EVENT: RECONNECTING
...
Dec 02 xx:xx:xx xxx bluetit[xxx]: TunPersist: saving tun context:
...
Dec 02 xx:xx:xx xxx bluetit[xxx]: Connected via tun
...

However, due to the sudden and quick reconnect of all clients(??) (e.g. in case the router reboots/crashes), bluetit shows an ERROR: AUTH_FAILED (on all clients!) and therefore resets itself which leads to a full reset of network settings (IP leak):
 

Quote

Dec 02 xx:xx:xx xxx bluetit[xxx]: Session invalidated: KEEPALIVE_TIMEOUT
Dec 02 xx:xx:xx xxx bluetit[xxx]: Client terminated, restarting in 2000 ms...
Dec 02 xx:xx:xx xxx bluetit[xxx]: EVENT: RECONNECTING
Dec 02 xx:xx:xx xxx bluetit[xxx]: Contacting ... via UDP
Dec 02 xx:xx:xx xxx bluetit[xxx]: EVENT: WAIT
Dec 02 xx:xx:xx xxx bluetit[xxx]: Connecting to ... via UDPv4
Dec 02 xx:xx:xx xxx bluetit[xxx]: EVENT: CONNECTING
...
Dec 02 xx:xx:xx xxx bluetit[xxx]: AUTH_FAILED
Dec 02 xx:xx:xx xxx bluetit[xxx]: EVENT: AUTH_FAILED [FATAL ERROR]
Dec 02 xx:xx:xx xxx bluetit[xxx]: ERROR: AUTH_FAILED
...
Dec 02 xx:xx:xx xxx bluetit[xxx]: EVENT: DISCONNECTED
Dec 02 xx:xx:xx xxx bluetit[xxx]: Successfully restored DNS settings
Dec 02 xx:xx:xx xxx bluetit[xxx]: Network filter successfully restored
Dec 02 xx:xx:xx xxx bluetit[xxx]: OpenVPN3 connection thread finished

bluetit.rc:
 

Quote

airconnectatboot server
airserver  xxx
networklockpersist  on
airusername xxx
airpassword xxx

When i only have 4/5 clients running, the problem does not occur (tunX just moves to tunX after reconnecting - as expected).

I have now checked it multiple times by rebooting my router. Normally, i would expect the AUTH_FAILED error to only occur when 5/5 clients are connected and at least one of them is using WireGuard due to the longer handshake timeout (Eddie shows this max. connections reached error).

Can we make the networklock(persist) stay active even if the auth fails (for whatever reason) to prevent leaks? I was not able to find any details in the dev docs.

P.S.: I'm still on 1.2.0

Thanks.

[Staff 9972]

@cheapsheep

Hello!

The authorization access is decided by the AirVPN infrastructure and not by the Suite. Thank you for the head up, we will look into the potential issue you mention. Also keep in mind that when you connect via UDP and your router crashes (or reboots), none of the clients will be able to notify the respective servers that they are leaving the VPN. Therefore, even with OpenVPN, you will experience much longer time for connection slots release (normally a maximum of 2 minutes).
 

Quote

Can we make the networklock(persist) stay active even if the auth fails (for whatever reason) to prevent leaks? I was not able to find any details in the dev docs.

This is already implemented and it's the expected networklockpersist (but not networlock!) behavior. Bluetit will not "lift" a persistent network lock if the (re)connection attempt fails, and not even when it is disconnected and waiting for commands. Note how the behavior of networklockpersist is different from that of networklock .

Should you notice that network lock firewall rules are unexpectedly no more in place when you suffer an AUTH_FAILED error and netwokrlockpersist  is enabled, please report at your earliest convenience.

Kind regards
 

[colorman 26]

glibc problem;
glibc version on openSUSE 15.4

2.31-150300.41.1

Localhost:/thuis/Downloads/AirVPN-Suite # systemctl status bluetit.service
× bluetit.service - AirVPN Bluetit Daemon
    Loaded: loaded (/etc/systemd/system/bluetit.service; enabled; vendor preset: disabled)
    Active: failed (Result: exit-code) since Sun 2022-12-04 17:24:56 CET; 23s ago
   Process: 7366 ExecStart=/sbin/bluetit (code=exited, status=1/FAILURE)

Dec 04 17:24:56 Localhost systemd[1]: Starting AirVPN Bluetit Daemon...
Dec 04 17:24:56 Localhost bluetit[7366]: /sbin/bluetit: /lib64/libc.so.6: version `GLIBC_2.34' not found (required by /sbin/bluetit)
Dec 04 17:24:56 Localhost bluetit[7366]: /sbin/bluetit: /lib64/libc.so.6: version `GLIBC_2.32' not found (required by /sbin/bluetit)
Dec 04 17:24:56 Localhost bluetit[7366]: /sbin/bluetit: /lib64/libc.so.6: version `GLIBC_2.33' not found (required by /sbin/bluetit)
Dec 04 17:24:56 Localhost systemd[1]: bluetit.service: Control process exited, code=exited, status=1/FAILURE
Dec 04 17:24:56 Localhost systemd[1]: bluetit.service: Failed with result 'exit-code'.
Dec 04 17:24:56 Localhost systemd[1]: Failed to start AirVPN Bluetit Daemon.

 

[Staff 9972]

@colorman

Hello!

Thank you for your tests. Unfortunately openSUSE 15.4 offers libssl 3 but an older C library, a combination unsupported by the Suite 1.2.1 RC 1, either legacy or not. If possible install libssl 1.1 and run Suite 1.2.1 RC 1 legacy version. In the meantime we will ponder the issue.

Kind regards
 

[colorman 26]

Libopenssl 1.1 was already installed.
Removing libopenssl 3 gives many problems
I'll wait for another solution.
thanks for the reply

[Staff 9972]

2 hours ago, colorman said:

Libopenssl 1.1 was already installed.
Removing libopenssl 3 gives many problems
I'll wait for another solution.
thanks for the reply

Hello!

First things first: contrarily to what we stated above, openSUSE 15.4 Leap by default runs OpenSSL 1.1.1l and glibc 2.31. AirVPN Suite 1.2.1 legacy runs successfully (tested). Second, if you installed OpenSSL 3 (it is available only as an experimental package), you don't have to remove it. The AirVPN Suite 1.2.1 legacy version is linked against libssl 1.1 so it will run out of the box if you have that library.

If you still experience any issue please make sure that you're running the legacy version and that libssl 1.1 is really available. Feel free to keep us posted.

Kind regards
 

[colorman 26]

Same problem.
Keep looking for where things go wrong
Found this;

Localhost:/thuis/Downloads/AirVPN-Suite # ./install.sh                       

AirVPN suite installation script

Do you want to install AirVPN Suite? [y/n] y

System is using systemd

D-Bus directory is /etc/dbus-1/system.d

Installing bluetit to /sbin
Installing goldcrest to /usr/local/bin
Installing hummingbird to /usr/local/bin
Installing bluetit configuration files
Installing D-Bus configuration files
Installing systemd bluetit.service unit

Do you want to enable bluetit.service unit? [y/n] y
Bluetit service enabled

Do you want to start Bluetit service now? [y/n] y
Job for bluetit.service failed because the control process exited with error code.
See "systemctl status bluetit.service" and "journalctl -xeu bluetit.service" for details.
Cannot start Bluetit service
Run 'systemctl status bluetit.service' for more information

Localhost:/thuis/Downloads/AirVPN-Suite # systemctl status bluetit.service   
× bluetit.service - AirVPN Bluetit Daemon
    Loaded: loaded (/etc/systemd/system/bluetit.service; enabled; vendor preset: disabled)
    Active: failed (Result: exit-code) since Mon 2022-12-05 12:54:40 CET; 10s ago
   Process: 9328 ExecStart=/sbin/bluetit (code=exited, status=1/FAILURE)

Dec 05 12:54:40 Localhost systemd[1]: Starting AirVPN Bluetit Daemon...
Dec 05 12:54:40 Localhost bluetit[9328]: /sbin/bluetit: /lib64/libc.so.6: version `GLIBC_2.34' not found (required by /sbin/bluetit)
Dec 05 12:54:40 Localhost bluetit[9328]: /sbin/bluetit: /lib64/libc.so.6: version `GLIBC_2.32' not found (required by /sbin/bluetit)
Dec 05 12:54:40 Localhost bluetit[9328]: /sbin/bluetit: /lib64/libc.so.6: version `GLIBC_2.33' not found (required by /sbin/bluetit)
Dec 05 12:54:40 Localhost systemd[1]: bluetit.service: Control process exited, code=exited, status=1/FAILURE
Dec 05 12:54:40 Localhost systemd[1]: bluetit.service: Failed with result 'exit-code'.
Dec 05 12:54:40 Localhost systemd[1]: Failed to start AirVPN Bluetit Daemon.
Localhost:/thuis/Downloads/AirVPN-Suite #  

 

 

░░ The job identifier is 276.
Dec 05 12:29:21 Localhost bluetit[2256]: Starting Bluetit - AirVPN OpenVPN 3 Service 1.2.0 - 22 March 2022
Dec 05 12:29:21 Localhost bluetit[2256]: OpenVPN core 3.8.1 AirVPN linux x86_64 64-bit
Dec 05 12:29:21 Localhost bluetit[2256]: Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved.
Dec 05 12:29:21 Localhost bluetit[2256]: SSL Library: OpenSSL 1.1.1l  24 Aug 2021 SUSE release 150400.7.16.1
Dec 05 12:29:21 Localhost systemd[1]: bluetit.service: Can't open PID file /etc/airvpn/bluetit.lock (yet?) after start: Operation not permitted
Dec 05 12:29:21 Localhost bluetit[2262]: Bluetit daemon started with PID 2262
Dec 05 12:29:21 Localhost bluetit[2262]: External network is reachable via gateway 192.168.178.1 through interface br0
Dec 05 12:29:21 Localhost systemd[1]: Started AirVPN Bluetit Daemon.
░░ Subject: A start job for unit bluetit.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░  
░░ A start job for unit bluetit.service has finished successfully.
░░  
░░ The job identifier is 276.
Dec 05 12:29:21 Localhost bluetit[2262]: Successfully connected to D-Bus
Dec 05 12:29:21 Localhost bluetit[2262]: Reading run control directives from file /etc/airvpn/bluetit.rc
Dec 05 12:29:21 Localhost bluetit[2262]: IPv6 is available in this system
Dec 05 12:29:21 Localhost bluetit[2262]: Bluetit successfully initialized and ready
Dec 05 12:29:21 Localhost bluetit[2262]: Requesting network IP and country to AirVPN ipleak.net via secure connection
Dec 05 12:29:21 Localhost bluetit[2262]: ERROR: Cannot detect system location: Unknown error: Problem with the SSL CA cert (path? access rights?)
Dec 05 12:29:21 Localhost bluetit[2262]: AirVPN Manifest updater thread started
Dec 05 12:29:21 Localhost bluetit[2262]: AirVPN Manifest update interval is 15 minutes
Dec 05 12:29:21 Localhost bluetit[2262]: Updating AirVPN Manifest
Dec 05 12:29:22 Localhost bluetit[2262]: AirVPN Manifest successfully retrieved from server
Dec 05 12:36:13 Localhost bluetit[2262]: Received SIGTERM signal. Terminating Bluetit.
Dec 05 12:36:13 Localhost bluetit[2262]: AirVPN Manifest updater thread finished
Dec 05 12:36:13 Localhost systemd[1]: Stopping AirVPN Bluetit Daemon...
░░ Subject: A stop job for unit bluetit.service has begun execution

 

[Staff 9972]

Hello!

The log you sent us shows that you have installed AirVPN Suite 1.2.0. Here we test AirVPN Suite 1.2.1. For your system, openSUSE 15.4, AirVPN Suite 1.2.1 legacy is required, because of the glibc library version (2.31). According to our tests 1.2.1 legacy runs fine in openSUSE 15.4.

The secondary issue which prevents connection to ipleak.net and therefore hinders location extrapolation:

Quote

Dec 05 12:29:21 Localhost bluetit[2262]: ERROR: Cannot detect system location: Unknown error: Problem with the SSL CA cert (path? access rights?)

can be ignored at the moment, it's related to CA certificates path and libcurl. If you need geo-location for a more accurate server choice after a quick connection request, you may use the country directive in bluetit.rc file.

Kind regards
 

[colorman 26]

oops, I downloaded the wrong package.
not the AirVPN Suite 1.2.1 legacy.
sorry for the inconvenience.

but new problem:

./goldcrest AirVPN_Netherlands_UDP-443-Entry4.ovpn
2022-12-05 16:29:11 Reading run control directives from file /home/gerrit/.config/goldcrest.rc


Goldcrest 1.2.1 RC 1 - 30 November 2022

2022-12-05 16:29:12 Bluetit - AirVPN OpenVPN 3 Service 1.2.1 RC 1 - 30 November 2022
2022-12-05 16:29:12 OpenVPN core 3.8.2 AirVPN linux x86_64 64-bit
2022-12-05 16:29:12 Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved.
2022-12-05 16:29:12 OpenSSL 1.1.1l  24 Aug 2021 SUSE release 150400.7.16.1
2022-12-05 16:29:12 Bluetit is ready
2022-12-05 16:29:12 Bluetit options successfully reset
2022-12-05 16:29:12 Requesting VPN connection to Bluetit
2022-12-05 16:29:12 Network filter and lock are using nftables
2022-12-05 16:29:12 Successfully loaded kernel module nf_tables
2022-12-05 16:29:12 WARNING: firewalld is running on this system and may interfere with network filter and lock
2022-12-05 16:29:12 Network filter successfully initialized
2022-12-05 16:29:12 Starting VPN Connection
2022-12-05 16:29:12 TUN persistence is enabled.
2022-12-05 16:29:12 OpenVPN core 3.8.2 AirVPN linux x86_64 64-bit
2022-12-05 16:29:12 Frame=512/2112/512 mssfix-ctrl=1250
2022-12-05 16:29:12 NOTE: This configuration contains options that were not used:
2022-12-05 16:29:12 Unsupported option (ignored)
2022-12-05 16:29:12 3 [resolv-retry] [infinite]
2022-12-05 16:29:12 5 [persist-key]
2022-12-05 16:29:12 6 [persist-tun]
2022-12-05 16:29:12 7 [auth-nocache]
2022-12-05 16:29:12 10 [explicit-exit-notify] [5]
2022-12-05 16:29:12 16 [data-ciphers-fallback] [AES-256-CBC]
2022-12-05 16:29:12 UNKNOWN/UNSUPPORTED OPTIONS
2022-12-05 16:29:12 8 [route-delay] [5]
2022-12-05 16:29:12 OpenVPN3 CONNECT ERROR: option_error: sorry, unsupported options present in configuration: UNKNOWN/UNSUPPORTED OPTIONS
2022-12-05 16:30:12
 

[Staff 9972]

@colorman

Hello!

Excellent, we see that everything works as expected. route-delay directive is not supported by OpenVPN3, and it has been deleted from the Configuration Generator too. Please delete the directive or renew your profile. You can tell Bluetit to generate a new profile directly, through Goldcrest commands (see the manual, search for --air-save Goldcrest option), or don't use a profile at all and have Goldcrest pass the connection order to Bluetit (probably this is a more comfortable usage).

Kind regards
 

[colorman 26]

¨(see the manual, search for --air-save Goldcrest option)¨

I browsed through the manual for a while and tried something.
But I really don't understand what to do, try my best to understand.
Go back to 1.2.0 for now.
Staff thanks for help so far.

update: Everything works, problems solved

in client area I deleted devices and created new ones.
further removed all .ovpn from pc and created new one in config generator.
that did it....