Jump to content
Not connected, Your IP: 3.236.142.143
Staff

Linux: AirVPN Suite 2.0.0 beta available

Recommended Posts

@irxhnfdptv

Thanks, so it looks like the problem is Bluetit-specific. Can you please send us (here or in private) the complete Bluetit log, taken after the problem has occurred, that you can print with the following command?
sudo journalctl | grep bluetit
Kind regards
 

Share this post


Link to post
@irxhnfdptv

Thank you very much for your tests! The problem is now understood and a fix is coming on the next alpha version which will be out in the very near future, stay tuned!

Kind regards
 

Share this post


Link to post
On 9/15/2023 at 10:00 AM, Staff said:
Bluetit run control file (/etc/airvpn/bluetit.rc) option:

airvpntype: (string) VPN type to be used for AirVPN connections. Possible values: wireguard, openvpn. Default: openvpn

 

@Staff Correct me if I'm wrong but it appears that airvpntype option is missing from /etc/airvpn/bluetit.rc file in AirVPN-Suite-x86_64-2.0.0-alpha-2.tar.gz archive (sha512 sum verified and matching).

Thought I would let you know.

Share this post


Link to post

My experience after using 2.0.0 Preview for a few days (systemd 255.3 / NetworkManager 1.42.6-r2)


/etc/airvpn/bluetit.rc
airconnectatboot     quick
networklockpersist   iptables
airvpntype           wireguard
Despite having "airconnectatboot quick" and bluetit.service unit being enabled:
$ systemctl status bluetit.service
● bluetit.service - AirVPN Bluetit Daemon
     Loaded: loaded (/etc/systemd/system/bluetit.service; enabled; preset: disabled)
     Active: active (running) since Mon 2024-02-12 16:20:31 CET; 7s ago
bluetit doesn't connect at boot.
$ journalctl -u bluetit.service

Feb 12 16:03:47 desktop systemd[1]: Stopping AirVPN Bluetit Daemon...
Feb 12 16:03:47 desktop bluetit[883839]: Received Terminated signal. Terminating Bluetit.
Feb 12 16:03:47 desktop bluetit[883839]: Stopping WireGuard connection thread
Feb 12 16:03:47 desktop bluetit[883839]: Stopping WireGuard connection
Feb 12 16:03:47 desktop bluetit[883839]: Removed route IPv4 0.0.0.0/0 dev tun0
Feb 12 16:03:47 desktop bluetit[883839]: Removed route IPv4 128.0.0.0/1 dev tun0
Feb 12 16:03:47 desktop bluetit[883839]: Removed route IPv6 8000::/1 dev tun0
Feb 12 16:03:47 desktop bluetit[883839]: Removed route IPv4 redacted/32 via 192.168.1.254 dev enp7s0
Feb 12 16:03:47 desktop bluetit[883839]: Disabling WireGuard network interface tun0
Feb 12 16:03:47 desktop bluetit[883839]: WireGuard network interface tun0 successfully disabled
Feb 12 16:03:47 desktop bluetit[883839]: WireGuard successfully disconnected
Feb 12 16:03:47 desktop bluetit[883839]: Successfully restored DNS settings
Feb 12 16:03:47 desktop bluetit[883839]: Session network filter and lock rollback successful
Feb 12 16:03:47 desktop bluetit[883839]: Connection statistics updater thread finished
Feb 12 16:03:47 desktop bluetit[883839]: Session network filter and lock rollback successful
Feb 12 16:03:47 desktop bluetit[883839]: Persistent network filter and lock are enabled
Feb 12 16:03:47 desktop bluetit[883839]: Sending event 'event_disconnected'
Feb 12 16:03:47 desktop bluetit[883839]: Connection time: 07:02:21
Feb 12 16:03:47 desktop bluetit[883839]: Total transferred Input data: 853.24 MB
Feb 12 16:03:47 desktop bluetit[883839]: Total transferred Output data: 45.45 MB
Feb 12 16:03:47 desktop bluetit[883839]: Max Input rate: 33.79 Mbit/s
Feb 12 16:03:47 desktop bluetit[883839]: Max Output rate: 766.10 Kbit/s
Feb 12 16:03:47 desktop bluetit[883839]: AirVPN Manifest updater thread finished
Feb 12 16:03:47 desktop bluetit[883839]: Session network filter and lock are now disabled
Feb 12 16:03:47 desktop bluetit[883839]: Logging out AirVPN user 183aTr78f9o
Feb 12 16:03:47 desktop bluetit[883839]: Sending event 'event_end_of_session'
Feb 12 16:03:47 desktop systemd[1]: bluetit.service: Deactivated successfully.
Feb 12 16:03:47 desktop systemd[1]: Stopped AirVPN Bluetit Daemon.
Feb 12 16:03:47 desktop systemd[1]: bluetit.service: Consumed 12.085s CPU time, 9.0M memory peak.
-- Boot cfc9061d444c4310bc005cc765531a58 --
Feb 12 16:06:31 desktop systemd[1]: Starting AirVPN Bluetit Daemon...
Feb 12 16:06:31 desktop bluetit[3301]: Starting Bluetit - AirVPN WireGuard/OpenVPN3 Service 2.0.0 alpha 2 - 24 November 2023
Feb 12 16:06:31 desktop bluetit[3301]: OpenVPN core 3.9 AirVPN linux x86_64 64-bit
Feb 12 16:06:31 desktop bluetit[3301]: Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.
Feb 12 16:06:31 desktop bluetit[3301]: SSL Library: OpenSSL 3.0.12 24 Oct 2023
Feb 12 16:06:31 desktop bluetit[3301]: WireGuard connection available
Feb 12 16:06:31 desktop bluetit[3306]: Bluetit daemon started with PID 3306
Feb 12 16:06:31 desktop bluetit[3306]: Waiting for external network connection to be available
Feb 12 16:06:31 desktop systemd[1]: Started AirVPN Bluetit Daemon.
Feb 12 16:07:30 desktop bluetit[3306]: Waiting for external network connection to be available
Feb 12 16:08:30 desktop bluetit[3306]: Waiting for external network connection to be available
Feb 12 16:09:30 desktop bluetit[3306]: Waiting for external network connection to be available

It's stuck at "Waiting for external network connection to be available" but at this point my Ethernet interface is up and working. I do
have Internet connection outside of the VPN tunnel.

Futhermore, switching back to
airvpntype           openvpn
and rebooting results in the same issue at boot. bluetit.service still prints "WireGuard connection available" whereas it should now connect using OpenVPN instead of Wireguard.

Regardless of "airvpntype" value, restarting bluetit.service manually solves the issue and the VPN connection is established successfully.

I never experienced this before on AirVPN Suite 1.3.0.

Another concern is that bluetit doesn't automatically reconnect after resuming from suspend/hibernate. This isn't new, it has always been like this as far as I'm concerned. I've been using custom systemd services to stop bluetit before suspending/hibernating and starting it again after, but it doesn't work reliably.

If someone has a more robust workaround, I'd love to know it.

Apart from that, I haven't experienced any disconnection whatsoever using Wireguard, very stable. The speed boost (depending on the server) compared to OpenVPN is noticeable and nice to have.

Thanks.

Share this post


Link to post

Hi, is there a way to reverse the split tunnnel (I.E. have only specified apps using the VPN connection)?

Share this post


Link to post
21 hours ago, Rib said:

Hi, is there a way to reverse the split tunnnel (I.E. have only specified apps using the VPN connection)?


Hello!

We're sorry, this is not currently planned. Suite 2.0 is designed to offer reverse traffic splitting on an application basis only. The type of traffic splitting you request may be considered in future releases.

Kind regards
 

Share this post


Link to post

Hello!

We're glad to inform you that AirVPN Suite 2.0.0 Beta 1 is now available.

 
What's new
  • update of all libraries
  • OpenVPN linked against OpenSSL 3 in every package (dynamically linked in non-legacy packages, statically linked (3.3.0) in legacy packages in order to operate on those systems still not offering OpenSSL 3)
  • improved WireGuard support and management
  • Goldcrest and Bluetit asynchronous connections and Network Lock
  • suspend / resume service for Bluetit in systemd based systems
  • rewritten network availability detection
  • options autocompletion by pressing the TAB key on bash or zsh while entering a Goldcrest or Hummingbird command
  • change of logic in the choice of servers in a specific country, no more using domain names (for additional safety against Tunnelcrack)
  • ability to select whether Network Lock must allow or not communications within local network
  • enhanced support to those IPv6-only networks, no more supporting IPv4 directly and working on IPv4->IPv6 address translation: Network Lock will now allow traffic to/from the translated addresses
  • support for highly-hybridized systems running components causing a frequent mix up of nft and iptables rules (example: Fedora 39 and above) through Network Lock proper adjustments
  • support for legacy 64 bit systems, both x86-64 and ARM (examples: Debian 11, Raspberry Pi OS 64 bit legacy)
  • bug fixes

The list of changes and new features is very long! Please check the various changelogs, available in the first post of this thread. Also check the new readme.md to test and use the new features.

Kind regards & datalove
AirVPN Staff

 

Share this post


Link to post

Nice!

I've been using 2.0.0 Beta 1 for a few hours, so far so good. The issue I reported where bluetit wouldn't connect at boot with 2.0.0 alpha 2 despite using "airconnectatboot quick" is solved on my end. I couldn't reproduce after a few reboots (using Wireguard, default).

The new bluetit-suspend/bluetit.resume systemd units seem to work consistently after several resume/suspend.

After running this Bash script and then suspending, it seems that there isn't any DNS leak at all:

#!/usr/bin/env bash

while true; do
  curl ifconfig.co/country >> output.txt
  sleep 0.5s
done
I did this multiple times and the output file only contains the country of the VPN server I was connected to. May I ask how the network lock somehow "survives" these:
systemctl stop bluetit.service
systemctl start bluetit.service
considering that stopping bluetit.service manually disables the network lock?

Is real IP address really not briefly exposed just before suspending and right after resuming?

Will report back after a longer period of usage.

Thanks.

Share this post


Link to post

Eddie 2.23.2 + Hummingbird 2.0.0 Beta 1 terminates connection in a loop at start due to ~/.config/eddie/*.tmp.ovpn file. Alpha 2 works.

. Eddie version: 2.23.2 / linux_x64, System: Linux, Name: Arch Linux, Version: Linux host 6.8.9-hardened1-2-hardened #1 SMP PREEMPT_DYNAMIC * x86_64 GNU/Linux, Framework: 6.12.0 (makepkg/0cbf0e290c3 Sat Mar  9 11:37:33 UTC 2024); Framework: v4.0.30319
. Command line arguments (2): path.resources="/usr/share/eddie-ui" path.exec="/usr/bin/eddie-ui"
. Raise system privileges
. Collect network information
. Reading options from /home/user/.config/eddie/default.profile
. OpenVPN - Version: 3.3.2 - Hummingbird - WireGuard/OpenVPN3 Client 2.0.0 beta 1 - 13 May 2024 (/usr/local/bin/hummingbird)
. SSH - Version: OpenSSH_9.7p1, OpenSSL 3.3.0 9 Apr 2024 (/usr/local/bin/ssh)
. SSL - Version: 5.72 (/usr/bin/stunnel)
I Ready
. Collect information about AirVPN completed
! Activation of Network Lock - Linux nftables
. Collect information about AirVPN completed
I Session starting.
I Checking authorization ...
! Connecting to Xuange (Switzerland, Zurich)
. Routes, add 79.142.69.163/32 for interface "wlp3s0".
. Routes, add 79.142.69.163/32 for interface "wlp3s0", already exists.
. SSL > LOG6[ui]: Initializing inetd mode configuration
. SSL > LOG5[ui]: stunnel 5.72 on x86_64-pc-linux-gnu platform
. SSL > LOG5[ui]: Compiled with OpenSSL 3.2.1 30 Jan 2024
. SSL > LOG5[ui]: Running  with OpenSSL 3.3.0 9 Apr 2024
. SSL > LOG5[ui]: Update OpenSSL shared libraries or rebuild stunnel
. SSL > LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,OCSP,PSK,SNI
. SSL > LOG6[ui]: Initializing inetd mode configuration
. SSL > LOG5[ui]: Reading configuration from file /home/user/.config/eddie/c99f82f1ac630c54507010a373bede3e83fd5823b241fe155d4cf82b4d573f48.tmp.ssl
. SSL > LOG5[ui]: UTF-8 byte order mark detected
. SSL > LOG5[ui]: FIPS mode disabled
. SSL > LOG6[ui]: Compression disabled
. SSL > LOG6[ui]: Initializing service [openvpn]
. SSL > LOG6[ui]: OpenSSL security level is used: 2
. SSL > LOG6[ui]: Session resumption enabled
. SSL > LOG6[ui]: Configured trusted server CA: C=IT, ST=Italy, L=Perugia, O=AirVPN, OU=stunnel, CN=stunnel.airvpn.org, emailAddress=info@airvpn.org
. SSL > LOG4[ui]: Service [openvpn] needs authentication to prevent MITM attacks
. SSL > LOG6[ui]: DH initialization skipped: client section
. SSL > LOG5[ui]: Configuration successful
. SSL > LOG6[ui]: Service [openvpn] (FD=9) bound to 127.0.0.1:61863
. SSL > LOG6[ui]: Accepting new connections
. SSL > LOG6[per-day]: Executing per-day jobs
. SSL > LOG6[per-day]: Per-day jobs completed in 0 seconds
. Hummingbird > Hummingbird - WireGuard/OpenVPN3 Client 2.0.0 beta 1 - 13 May 2024
. Hummingbird > OpenVPN core 3.9 AirVPN linux x86_64 64-bit
. Hummingbird > Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.
. Hummingbird > OpenSSL 3.3.0 9 Apr 2024
. Hummingbird > WireGuard Client 1.0.0 AirVPN Linux x86_64 64-bit
. Hummingbird > System and service manager in use is systemd
E Hummingbird > ERROR: profile /home/user/.config/eddie/9b7c5dbb3f48811ec5344bd0d0829a2fd0bf83b650a4d99a2ebcc4f6cea4615e.tmp.ovpn not found
! Disconnecting
. Sending soft termination signal
. SSL > LOG5[ui]: Terminated
. SSL > LOG6[ui]: Terminating 2 service thread(s)
. SSL > LOG6[ui]: Service threads terminated
. Routes, delete 79.142.69.163/32 for interface "wlp3s0".
. Routes, delete 79.142.69.163/32 for interface "wlp3s0", not exists.
. Connection terminated.

Share this post


Link to post
13 hours ago, 183aTr78f9o said:

I've been using 2.0.0 Beta 1 for a few hours, so far so good. The issue I reported where bluetit wouldn't connect at boot with 2.0.0 alpha 2 despite using "airconnectatboot quick" is solved on my end. I couldn't reproduce after a few reboots (using Wireguard, default).
The new bluetit-suspend/bluetit.resume systemd units seem to work consistently after several resume/suspend.


Hello!

Thank you very much for your tests! We're very pleased to receive confirmation that this version solves those problems.
 
13 hours ago, 183aTr78f9o said:

May I ask how the network lock somehow "survives" these: 


Network Lock does not survive, but it is re-enforced before any new socket can be created, so no leak occurs. This is exclusively up to systemd: apart from writing correctly the suspend and resume unit files there's nothing else we can do, we're afraid.

Kind regards
 

Share this post


Link to post

Quick feedback after using 2.0.0 Beta 1 for 10 days.

Just as stable as 1.3.0, no issue. Speed boost with Wireguard is significant.

The only minor inconvenience I experienced is that sometimes (occurred 4 times since May 14th out of 20+ suspend/resume in total), bluetit couldn't reconnect after resuming from suspend (log below). I had to restart the service manually with:

# systemctl restart bluetit.service
else it seems that it would have been stuck forever (waited a few minutes). It seems that bluetit tries to reconnect too early after resuming and the network isn't up yet. Maybe this could be fixed by adjusting bluetit-resume.service?
 

May 19 18:41:14 bluetit[848508]: Bluetit daemon started with PID 848508
May 19 18:41:14 bluetit[848508]: External network is reachable via IPv4 gateway 192.168.1.254 through interface eno1
May 19 18:41:14 bluetit[848508]: Successfully connected to D-Bus
May 19 18:41:14 bluetit[848508]: Reading run control directives from file /etc/airvpn/bluetit.rc
May 19 18:41:14 systemd[1]: Starting AirVPN Bluetit Daemon...
May 19 18:41:14 bluetit[848508]: IPv6 is available in this system
May 19 18:41:14 systemd[1]: bluetit.service: Can't open PID file /etc/airvpn/bluetit.lock (yet?) after start: No such file or directory
May 19 18:41:14 systemd[1]: Started AirVPN Bluetit Daemon.
May 19 18:41:14 bluetit[848508]: System country set to <redacted> by Bluetit policy.
May 19 18:41:14 bluetit[848508]: Default VPN type for AirVPN connections is set to WireGuard
May 19 18:41:14 bluetit[848508]: Bluetit successfully initialized and ready
May 19 18:41:14 bluetit[848508]: Enabling persistent network filter and lock
May 19 18:41:14 bluetit[848508]: Network filter and lock are using /bin/iptables-legacy
May 19 18:41:14 bluetit[848508]: iptables-nft rules found. Enabling iptables-nft save and restore modes.
May 19 18:41:14 bluetit[848508]: Kernel module iptable_filter is already loaded
May 19 18:41:14 bluetit[848508]: Kernel module iptable_nat is already loaded
May 19 18:41:14 bluetit[848508]: Kernel module iptable_mangle is already loaded
May 19 18:41:14 bluetit[848508]: Kernel module iptable_security is already loaded
May 19 18:41:14 bluetit[848508]: Kernel module iptable_raw is already loaded
May 19 18:41:14 bluetit[848508]: Kernel module ip6table_filter is already loaded
May 19 18:41:14 bluetit[848508]: Kernel module ip6table_nat is already loaded
May 19 18:41:14 bluetit[848508]: Kernel module ip6table_mangle is already loaded
May 19 18:41:14 bluetit[848508]: Kernel module ip6table_security is already loaded
May 19 18:41:14 bluetit[848508]: Kernel module ip6table_raw is already loaded
May 19 18:41:14 bluetit[848508]: Network filter successfully initialized
May 19 18:41:14 bluetit[848508]: Private network is allowed to pass the network filter
May 19 18:41:14 bluetit[848508]: Persistent network filter and lock successfully enabled. Private network is allowed.
May 19 18:41:14 bluetit[848508]: Starting AirVPN WireGuard boot connection
May 19 18:41:14 bluetit[848508]: AirVPN Manifest updater thread started
May 19 18:41:14 bluetit[848508]: Default AirVPN Manifest update interval is 15 minutes
May 19 18:41:14 bluetit[848508]: AirVPN Manifest update suspended: AirVPN boot connection initialization in progress
May 19 18:41:14 bluetit[848508]: Trying to load the local instance of AirVPN Manifest
May 19 18:41:14 bluetit[848508]: Persistent Network Lock and Filter is enabled
May 19 18:41:14 bluetit[848508]: Adding AirVPN bootstrap server 63.33.78.166/32 to network filter
May 19 18:41:14 bluetit[848508]: Adding AirVPN bootstrap server 52.48.66.85/32 to network filter
May 19 18:41:14 bluetit[848508]: Adding AirVPN bootstrap server 54.93.175.114/32 to network filter
May 19 18:41:14 bluetit[848508]: Adding AirVPN bootstrap server 63.33.116.50/32 to network filter
May 19 18:41:14 bluetit[848508]: Adding AirVPN bootstrap server 2a03:b0c0:0:1010::9b:c001/128 to network filter
May 19 18:41:14 bluetit[848508]: AirVPN bootstrap servers are now allowed to pass through the network filter
May 19 18:41:14 bluetit[848508]: Logging in AirVPN user 183aTr78f9o
May 19 18:41:14 bluetit[848508]: AirVPN Manifest successfully retrieved from local instance
May 19 18:41:14 bluetit[848508]: Updating AirVPN Manifest
May 19 18:41:14 bluetit[848508]: Trying connection to AirVPN bootstrap server at http://54.93.175.114
May 19 18:41:14 bluetit[848508]: Cannot connect host: Couldn't connect to server
May 19 18:41:14 bluetit[848508]: Trying connection to AirVPN bootstrap server at http://52.48.66.85
May 19 18:41:14 bluetit[848508]: Trying connection to AirVPN bootstrap server at http://52.48.66.85
May 19 18:41:14 bluetit[848508]: Cannot connect host: Couldn't connect to server
May 19 18:41:14 bluetit[848508]: Trying connection to AirVPN bootstrap server at http://63.33.116.50
May 19 18:41:14 bluetit[848508]: Cannot connect host: Couldn't connect to server
May 19 18:41:14 bluetit[848508]: Trying connection to AirVPN bootstrap server at http://63.33.78.166
May 19 18:41:14 bluetit[848508]: Cannot connect host: Couldn't connect to server
May 19 18:41:14 bluetit[848508]: Trying connection to AirVPN bootstrap server at http://63.33.78.166
May 19 18:41:14 bluetit[848508]: Cannot connect host: Couldn't connect to server
May 19 18:41:14 bluetit[848508]: Trying connection to AirVPN bootstrap server at http://82.196.3.205
May 19 18:41:14 bluetit[848508]: Cannot connect host: Couldn't connect to server
May 19 18:41:14 bluetit[848508]: Trying connection to AirVPN bootstrap server at http://63.33.116.50
May 19 18:41:14 bluetit[848508]: Cannot connect host: Couldn't connect to server
May 19 18:41:14 bluetit[848508]: AirVPN login error: Cannot connect host: Couldn't connect to server
May 19 18:41:14 bluetit[848508]: Cannot connect host: Couldn't connect to server
May 19 18:41:14 bluetit[848508]: Trying connection to AirVPN bootstrap server at http://54.93.175.114
May 19 18:41:14 bluetit[848508]: ERROR: AirVPN login failed for user 183aTr78f9o
May 19 18:41:14 bluetit[848508]: Cannot connect host: Couldn't connect to server
May 19 18:41:14 bluetit[848508]: Session network filter and lock rollback successful
May 19 18:41:14 bluetit[848508]: Persistent network filter and lock are enabled
May 19 18:41:14 bluetit[848508]: Sending event 'event_end_of_session'
May 19 18:41:14 bluetit[848508]: AirVPN Manifest successfully retrieved from local instance
May 19 18:41:14 bluetit[848508]: AirVPN Manifest update interval is now set to 30 minutes
May 19 18:41:26 bluetit[848508]: Requested method "version"
May 19 18:41:26 bluetit[848508]: Requested method "openvpn_info"
May 19 18:41:26 bluetit[848508]: Requested method "openvpn_copyright"
May 19 18:41:26 bluetit[848508]: Requested method "ssl_library_version"
May 19 18:41:26 bluetit[848508]: Requested method "wireguard_info"
May 19 18:41:26 bluetit[848508]: Requested method "network_lock_status -> Persistent Network Lock and Filter is enabled. (using iptables) Private network is allowed."
May 19 18:41:26 bluetit[848508]: Requested method "list_pushed_dns"
May 19 18:41:31 bluetit[848508]: Requested method "version"
May 19 18:41:31 bluetit[848508]: Requested method "openvpn_info"
May 19 18:41:31 bluetit[848508]: Requested method "openvpn_copyright"
May 19 18:41:32 bluetit[848508]: Requested method "ssl_library_version"
May 19 18:41:32 bluetit[848508]: Requested method "wireguard_info"
May 19 18:41:32 bluetit[848508]: Requested method "network_lock_status -> Persistent Network Lock and Filter is enabled. (using iptables) Private network is allowed."
May 19 18:41:32 bluetit[848508]: Requested method "list_pushed_dns"
May 19 18:41:37 bluetit[848508]: Requested method "version"
May 19 18:41:37 bluetit[848508]: Requested method "openvpn_info"
May 19 18:41:37 bluetit[848508]: Requested method "openvpn_copyright"
May 19 18:41:37 bluetit[848508]: Requested method "ssl_library_version"
May 19 18:41:37 bluetit[848508]: Requested method "wireguard_info"
May 19 18:41:37 bluetit[848508]: Requested method "network_lock_status -> Persistent Network Lock and Filter is enabled. (using iptables) Private network is allowed."
May 19 18:41:37 bluetit[848508]: Requested method "list_pushed_dns"
May 19 18:41:37 bluetit[848508]: Requested method "version"
May 19 18:41:37 bluetit[848508]: Requested method "openvpn_info"
May 19 18:41:37 bluetit[848508]: Requested method "openvpn_copyright"
May 19 18:41:37 bluetit[848508]: Requested method "ssl_library_version"
May 19 18:41:37 bluetit[848508]: Requested method "wireguard_info"
May 19 18:41:37 bluetit[848508]: Requested method "network_lock_status -> Persistent Network Lock and Filter is enabled. (using iptables) Private network is allowed."
May 19 18:41:37 bluetit[848508]: Requested method "list_pushed_dns"
May 19 18:41:38 bluetit[848508]: Requested method "version"
May 19 18:41:38 bluetit[848508]: Requested method "openvpn_info"
May 19 18:41:38 bluetit[848508]: Requested method "openvpn_copyright"
May 19 18:41:38 bluetit[848508]: Requested method "ssl_library_version"
May 19 18:41:38 bluetit[848508]: Requested method "wireguard_info"
May 19 18:41:38 bluetit[848508]: Requested method "network_lock_status -> Persistent Network Lock and Filter is enabled. (using iptables) Private network is allowed."
May 19 18:41:38 bluetit[848508]: Requested method "list_pushed_dns"
May 19 18:41:58 bluetit[848508]: Requested method "version"
May 19 18:41:58 bluetit[848508]: Requested method "openvpn_info"
May 19 18:41:58 bluetit[848508]: Requested method "openvpn_copyright"
May 19 18:41:58 bluetit[848508]: Requested method "ssl_library_version"
May 19 18:41:58 bluetit[848508]: Requested method "wireguard_info"
May 19 18:41:58 bluetit[848508]: Requested method "network_lock_status -> Persistent Network Lock and Filter is enabled. (using iptables) Private network is allowed."
May 19 18:41:59 bluetit[848508]: Requested method "list_pushed_dns"


On a different note: Any chance goldcrest could have a similar option than journalctl -f, --follow
Quote

man journalctl

 -f, --follow
           Show only the most recent journal entries, and continuously print new entries as they are appended to the journal.

This would be useful to monitor
goldcrest --bluetit-status

I know I could use watch but unfortunately it doesn't play well with tailspin that I'm using for highlighting.
Currently I'm using a simple while loop but clearing the screen every few seconds isn't as readable as a "natural" refreshing:
$ while true; do
    goldcrest --bluetit-status | tspin
    sleep 10
    clear
done

Share this post


Link to post
7 hours ago, 183aTr78f9o said:

Quick feedback after using 2.0.0 Beta 1 for 10 days.

Just as stable as 1.3.0, no issue. Speed boost with Wireguard is significant.


Hello and thank you for your tests!

Excellent. Kudos to the new WireGuard library too.
 
7 hours ago, 183aTr78f9o said:

It seems that bluetit tries to reconnect too early after resuming and the network isn't up yet. Maybe this could be fixed by adjusting bluetit-resume.service?


In the unit file targets you can see that systemd must start Bluetit only when the network is up (Wants=network-online.target). Bluetit also waits some more time for a valid gateway, see here:
Quote

External network is reachable via IPv4 gateway 192.168.1.254 through interface eno1


The above log entry seems to confirm that systemd is right and the network is really up but of course the fact that the network is up does not guarantee that the system's upstream router has a valid Internet connection. If the router does not have Internet connectivity, the incident wouldn't be a systemd or bluetit fault. We will investigate. In which distribution do you experience this?
 
7 hours ago, 183aTr78f9o said:

would be useful to monitor


goldcrest --bluetit-status

 


OK. By starting the connection with Goldcrest you may rely on the conn-stat-interval n option, where n is in seconds (please consult the user's manual for more details). You may also consider async for more tasks: the new asynchronous mode adds some interactivity, please check the new manual.

However conn-stat-interval  is not available in bluetit.rc. Thus, if you don't start a connection via Goldcrest, your approach is the way to go at a first glance. We'll consider your suggestion.

Thanks again, keep testing! :)

Kind regards

 

Share this post


Link to post
21 hours ago, Staff said:
In the unit file targets you can see that systemd must start Bluetit only when the network is up (Wants=network-online.target). Bluetit also waits some more time for a valid gateway, see here:
The above log entry seems to confirm that systemd is right and the network is really up but of course the fact that the network is up does not guarantee that the system's upstream router has a valid Internet connection. If the router does not have Internet connectivity, the incident wouldn't be a systemd or bluetit fault. We will investigate. In which distribution do you experience this?

Indeed, I'm not sure why this occurs occasionally. I'm using Gentoo.
Maybe simply adding
ExecStartPre=/usr/bin/sleep 5
before
ExecStart=systemctl start bluetit.service
could help, I'll try and let you know how it goes.
 
21 hours ago, Staff said:
OK. By starting the connection with Goldcrest you may rely on the conn-stat-interval n option, where n is in seconds (please consult the user's manual for more details). You may also consider async for more tasks: the new asynchronous mode adds some interactivity, please check the new manual.

However conn-stat-interval  is not available in bluetit.rc. Thus, if you don't start a connection via Goldcrest, your approach is the way to go at a first glance. We'll consider your suggestion.

Thanks for the suggestion, I'm currently using
airconnectatboot quick
in bluetit.rc for now because I wanted to test the bluetit-suspend / bluetit-resume systemd units.

When manually connecting with goldcrest, I'm fine with the default interval.

One more question/remark:
--bluetit-status              : Show Bluetit status and exit
--bluetit-stats               : Show Bluetit connection statistics and exit
These two options produce very similar output on my end, the only difference is that --status also prints:
Persistent Network Lock and Filter is enabled. (using iptables) Private network is allowed.
Just curious as to why there are two distinct options?

Thanks.

Share this post


Link to post
@183aTr78f9o

Hello!

Please keep us posted and let us know, when you manage to reproduce the problem, what happens with the delay. It's not a solution we recommend because it can expose to leaks but the outcome may provide some insight. We're working on a different approach but we still can't reproduce the problem unfortunately, so it's too early to say whether or not the different approach will be effective.
 
On 5/24/2024 at 11:44 PM, 183aTr78f9o said:

Just curious as to why there are two distinct options?


Different options for different tasks, even if partially overlapping, nothing too unusual.

Kind regards
 

Share this post


Link to post
On 5/27/2024 at 9:38 AM, Staff said:
@183aTr78f9o

Hello!

Please keep us posted and let us know, when you manage to reproduce the problem, what happens with the delay. It's not a solution we recommend because it can expose to leaks but the outcome may provide some insight. We're working on a different approach but we still can't reproduce the problem unfortunately, so it's too early to say whether or not the different approach will be effective.

After 7 days (20+ suspend/resume), I couldn't reproduce the problem with:
ExecStartPre=/usr/bin/sleep 5

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...