More tunneling options

[zimbabwe 25]

Please add more tunneling options! Day by day censorship around the world becomes worse and worse, OpenVPN and Wireguard is already completely blocked in many countries because it is easily detectable using DPI. Since the mid 2010's people out there have been working very hard on much more censorship-resilient solutions rather than simple-to-detect SSH and SSL-wrapping. The days of the games of privacy are over, now VPNs are more and more used by the people around the world to break the information bubbles created by their oppressive governments.

Here are some examples of the new tunneling methods that you could add to your services:
https://github.com/erebe/wstunnel
https://github.com/cbeuw/Cloak
https://github.com/v2fly/v2ray-core
https://github.com/XTLS/Xray-core

[Tech Jedi Alex 1513]

I find it very hard to believe that OpenVPN and Wireguard are being restricted "in many countries". The opposite is true in the overwhelmingly vast majority of the world; please don't talk doom and gloom.
 

3 hours ago, zimbabwe said:

now VPNs are more and more used by the people around the world to break the information bubbles created by their oppressive governments.

You will find pretty much everyone else outside the privacy bubble not to care much. You should change your statement to include "in the privacy bubble".
And beware of overusing the word "censorship".

Regarding the protocols, it was suggested in the past, please use the search function first. Example:The gist is that support for any proxy protocol like Shadowsocks or V2ray will not see the light of day in the forseeable future in light of the availability of superior protocols like Tor.

[zimbabwe 25]

Tor is slow for watching the blocked YouTube because it's free. We are at least paying for the services, but they are also slow because of DPI.

[zimbabwe 25]

You know, it's sort of sad to think that you must fall into the darkness just because you are not belonging to the "overwhelming majority of the world". China, Russia, Belarus, Venezuela, Turkmenistan, Egypt, Turkey. Who's next? I know we are all the "third world" but we are people and want the information! If no one will lend us a hand from the greater world, where life is still okay, we won't ever make it out of the darkness.

[zimbabwe 25]

Anyway I understand your position, no problem. Like Russians say "Сытый голодного не разумеет" ("the well-fed does never understand the hungry").

[go558a83nk 380]

38 minutes ago, zimbabwe said:

Anyway I understand your position, no problem. Like Russians say "Сытый голодного не разумеет" ("the well-fed does never understand the hungry").

Last I read the current suite of protocols in use by AirVPN (specifically, tls-crypt or SSL tunnel if needed) allowed AirVPN to work even in the most restricted countries.  Have I misunderstood?

[zimbabwe 25]

34 minutes ago, go558a83nk said:

Last I read the current suite of protocols in use by AirVPN (specifically, tls-crypt or SSL tunnel if needed) allowed AirVPN to work even in the most restricted countries.  Have I misunderstood?

I cannot speak for the rest of the "overboard" countries but from my own experience, in Russia the recently installed DPI boxes from Roskomnadzor called ТСПУ (TSPU) manage to completely block OpenVPN with tls-crypt 1.2, Wireguard and even partially Tor. I cannot connect via OpenVPN or Wireguard since the first days of May. According to the governmental reports by the end of July all the 100% of the Russian ISPs had the TSPU boxes installed. There is no direct access to YouTube in Russia since the 1st of August, but luckily for people there already was a ready-made DPI spoofing tool called GoodbyeDPI to circumvent it, so it was a very good try from the government but they failed. SSL and SSH tunneling of VPN still does work for me but the traffic speed is randomly throttled down to almost complete stall which is cured only by reconnect to another server.

As far as I know the worst situation is in Turkmenistan. Recently people from Turkey reported blocking of many sites in their country. You can read more on the current state of things at ntc.party.

[Tech Jedi Alex 1513]

Mr. Zimbabwe, I can in the same way say that there are tons of other VPN providers which might work better for you than AirVPN. I don't get you people who try to argue about the already accomplished fact that there will be no support coming for any proxy protocols in AirVPN, because AirVPN is not a proxy provider and never will be. Who are you trying to convince here?
The AirVPN team is an advocate for Tor. If Tor does not work for you, well, then so be it – maybe AirVPN is not the best fit for you then? Acknowledge that fact and move on, come on.

Now, we can help you with configuration of either OpenVPN or Wireguard, or any other protocol engulfing those VPN protocols, and try to help you with optimization. If you are willing to try it, please open a thread.
 

On 8/18/2024 at 7:53 PM, zimbabwe said:

Сытый голодного не разумеет

Не злись))

[zimbabwe 25]

Okay, I'll give it one more try, may be it's all just a case of misunderstanding: from the beginning I didn't mean using xray, shadowsocks, etc. as direct proxies but only as the outer layer options for OpenVPN and Wireguard, in addition to the current options of SSL and SSH. Still no?

EDIT: Looked once again at my first message and I think it was obvious. So it's obviously "no". For some reason Tor will help anyone in the world, although its exit nodes has zero monetization, in contrast to VPN services.

[Tech Jedi Alex 1513]

5 hours ago, zimbabwe said:

Okay, I'll give it one more try, may be it's all just a case of misunderstanding: from the beginning I didn't mean using xray, shadowsocks, etc. as direct proxies but only as the outer layer options for OpenVPN and Wireguard, in addition to the current options of SSL and SSH. Still no?

I've done a bit of research and it seems possible to do both, at least technically. Now we just need to talk about the merits of offering it. What I can definitely say is that it's not going to be a high priority thing right now.

[alekas 2]

Traveling to Uzbekistan. I cannot connect to any AirVpn server anymore. It worked fine in USA.
Any protocol available in Eddie UI do not work.
Unfortunately I paid for the whole year of AirVPN service. Looks like the XRay or something similar is the way to go...

[Staff 10383]

8 minutes ago, alekas said:

Traveling to Uzbekistan. I cannot connect to any AirVpn server anymore. It worked fine in USA.
Any protocol available in Eddie UI do not work.
Unfortunately I paid for the whole year of AirVPN service. Looks like the XRay or something similar is the way to go...

Hello!

We have a report that makes us suspect that in Uzbekistan it's the IP addresses of various VPN servers (not only AirVPN, other VPN too), to be blocked "unconditionally". Anyway AmneziaWG is worth a test, with and without QUIC mimicking, toward all the wg ports of our servers. It has an incredibly high rate of success in Russia and China (higher than OpenVPN over SSH and shadowsocks) so it's definitely worth a test. Please keep us posted as we have literally three reports only from Uzbekistan including yours...

If you need some parameters to test check here:
https://airvpn.org/forums/topic/77633-eddie-android-edition-400-preview-available/?do=findComment&comment=258644

and here:
https://airvpn.org/forums/topic/59479-block-vpn-in-russia/?do=findComment&comment=237288

If you need some suggestions for the parameters I_n in order to mimic QUIC connection to some specific web site known to be not blocked in countries controlled by VPN hostile regimes, please contact our support team in private by opening a ticket.

Kind regards


 

[alekas 2]

AmneziaWG  may be a good idea, but will require time.. 
It seams like AirVpn needs to follow these DPI and other restrictions and make sure that customers can just pay and use the service.

I am using AirVPN for years and for the first time I was not able to connect to ANY server using ANY available protocol withing Eddie UI.. From Uzbekistan.


 

[Staff 10383]

9 minutes ago, alekas said:

AmneziaWG  may be a good idea, but will require time.

Hello!

It's available right now if you can edit the generated file. An integration with the configuration generator will require time so we suggest that you test by editing your own file (generated by the CG for WireGuard). Integration with Eddie Android edition is already available in the 4.0.0 beta version. ~100% success at the moment comes from reports from Russia and China. It would be good to have an additional report from Uzbekistan. 😋

Kind regards
 

[alekas 2]

I am just installing Eddie UI and using it. If you provide steps - I am in to test. I am currently on windows 11...
Where should I edit [Interface] section? I cannot find any file with that in AirVpn installation folder.
 

[Staff 10383]

9 minutes ago, alekas said:

I am just installing Eddie UI and using it. If you provide steps - I am in to test. I am currently on windows 11...
Where should I edit [Interface] section? I cannot find any file with that in AirVpn installation folder.
 

Thank you!

Please use the Configuration Generator. Turn on the "Advanced" switch. Generate a file with the Configuration Generator for WireGuard for the server or country you want to test. Download the file and edit it with any text editor. To begin with, add these parameters in the [Interface] section:
 

Jc = 20
Jmin = 50
Jmax = 1000
S1 = 0
S2 = 0
H1 = 3
H2 = 1
H3 = 4
H4 = 2 

Import the file into your PC AmneziaWG client, or use it with the AirVPN Suite component Hummingbird, and even in Eddie 4.0.0 (you can do it in the "VPN profiles" view once the file is in your Android device) and use it to test a connection in Amnezia mode.

If it fails please try a connection directly from Eddie, without profile, in Amnezia WG. If it fails too enable QUIC mimicking in "Settings" > "Advanced" > "Custom AmneziaWG directives" and test again a connection.

Keep us posted!
Kind regards


 

[EMULE 7]

With the AmneziaWG protocol, the obfuscation capability at the UDP layer is greatly improved, but what about at the TCP layer?
Other countries may completely block the UDP protocol, making it impossible for AmneziaWG to connect. In that case, they can only connect via the TCP protocol. Currently, AirVPN only has early obfuscation solutions such as SSH and SSL for TCP obfuscation.
In China's IPv4 environment, SSH and SSL are fully recognized, rate-limited, and blocked. This means that AirVPN's TCP-level obfuscation performance is relatively poor. I think the next step for AirVPN could be to focus on TCP obfuscation. X-ray, Shadowsocks, and V2Ray are all protocols with high levels of obfuscation. You could choose one of these protocols to make an outer proxy for OpenVPN TCP to enhance the obfuscation capabilities at the TCP layer.
I know that AirVPN's strongest shield against TCP is the pluggable bridges developed by the Tor team. However, Tor is blocked in China at a much higher level than SSH and SSL (because the dark web is hidden within the Tor network). The newly developed WebTunnel is unlikely to survive more than three months in China. Blocking Tor isn't about identifying the bridge protocol; it's about blocking Tor-related domains, node IPs, and bridge IPs, making Tor unusable in China. AirVPN might be able to utilize the obfuscated bridge protocols developed by the Tor team without using Tor nodes, using bridge protocols like WebTunnel as an outer proxy for OpenVPN TCP, directly connecting to the AirVPN server network.
AirVPN may still rely on Tor for TCP protocol obfuscation in the short term, which is understandable, given that adding a new protocol to all servers would require a significant amount of time and resources.
The addition of the AmneziaWG protocol is sufficient for my needs; thank you, AirVPN.
However, with increasing global internet censorship and the emergence of new obfuscation protocols, switching to more modern obfuscation protocols is definitely the future trend for VPN vendors, because there will always be people in the dark side of the internet.
These are all my personal opinions, thanks.

[Staff 10383]

4 hours ago, EMULE said:

With the AmneziaWG protocol, the obfuscation capability at the UDP layer is greatly improved, but what about at the TCP layer?
Other countries may completely block the UDP protocol, 

Hello!

Not anymore, and even less in the near future. HTTP/3 is quickly spreading. Today, HTTP/3 is used by 36.5% of all the websites, including major web sites inside countries that enforce blocks against VPN. Furthemore, blocking UDP as such is no more realistic, not even in China, where UDP has become an instrumental protocol for many companies in any sector (video streaming, video conference, VoIP, marketing, social media marketing, regime propaganda and more), for regime aligned or regime owned activities.
 

4 hours ago, EMULE said:

In China's IPv4 environment, SSH and SSL are fully recognized, rate-limited, and blocked. This means that AirVPN's TCP-level obfuscation performance is relatively poor.

In China you have a near 100% success rate and no shaping (apart from the normal shaping for anything outside China) with the current Amnezia "weak obfuscation" (no CPS) implementation, i.e. at the moment you don't even need QUIC mimicking (which is anyway available and very effective). Currently, bypassing blocks via UDP than via TCP is more efficient in China.
 

4 hours ago, EMULE said:

However, with increasing global internet censorship and the emergence of new obfuscation protocols, switching to more modern obfuscation protocols is definitely the future trend for VPN vendors

At the moment there is nothing more effective than mimicking QUIC with the signature / fingerprint of an existing web site that's not blocked, and you have this option right now. We see > 95% success rate, which is better than the success rates of SSH (not exceeding 75%), shadowsocks and XRay, V2Ray etc (but a lot faster!). The success rate is similar to any VPN protocol over HTTP/2, but, again, dramatically faster.
 

Quote

The addition of the AmneziaWG protocol is sufficient for my needs; thank you, AirVPN.

We're glad to know it. It is also very flexible. Thanks to CPS, you may mimic any transport layer protocol built on UDP, for example DNS, QUIC, SIP.

Kind regards
 

[EMULE 7]

Yes, the addition of the AmneziaWG protocol can solve the connection problems for most people at present, and I hope that AmneziaWG can be used for a long time. If in the future, when the existing protocol can no longer connect, I believe that AirVPN will add a new protocol to solve the connection problem. I will always believe in your technology and capabilities, and I believe that you will always let us breathe real internet. I will always love you, AirVPN. Keep it up!😘😘😘

[alekas 2]

I installed AmneziaVPN, downloaded generated configuration (Nederland) UPD 1637 and connected. It works with and without these changes in [Interface] section.
I did not change any other config values in AmneziaVPN.
Now, I tried to use EddieUI with default params and it works too! Looks like domestic regulators have holiday in Uzbekistan...
I will try again tomorrow.

Edited ... by alekas