Eddie systemd service(debian)

[superfk7 0]

Hi all
I want to create a systemd service for eddie to run on startup without having to login user.
I read the following links but I'm stuck where it says I have to copy/move the default.xml from ~/.airvpn/ to /etc/airvpn.
The problem is that there is not ~/.airvpn/ in my home directory.

link1
link2
link3

Something else I want to ask. I set the port in p2p client but the test failed, so I created a firewall rule in ufw and the port opened. Should I open the port in ufw or it is against the purpose of vpn? (Of course I haven't created a rule for on my router, I know that)

[Staff 10123]

1 hour ago, superfk7 said:

The problem is that there is not ~/.airvpn/ in my home directory.
 

Hello!

eddie-ui --cli has been replaced by eddie-cli that doesn't need Mono anymore. Please run eddie-cli directly. You can download it by selecting the CLI only package in the Linux download page.

The correct default directory is ~/.config/eddie and the default configuration file name is default.profile (the path and filename specified by the author were correct in very old Eddie versions). If the file is encrypted, the procedure can not work (at the time the author wrote the document, probably the encryption of the default configuration file via Master Password was not yet implemented), therefore make sure to generate a non-encrypted default.profile
 

Quote

I created a firewall rule in ufw and the port opened. Should I open the port in ufw

A different solution to consider (which is potentially better) is disabling ufw and enabling Eddie's Network Lock , either by adding --netlock option:

ExecStart=eddie-cli path=/etc/airvpn/ --batch --netlock

or by using a profile where Network Lock has been enabled at Eddie's startup. In Eddie's Preferences > General window check Activate Network Lock at startup.

Kind regards
 

[superfk7 0]

1 hour ago, Staff said:

eddie-ui --cli has been replaced by eddie-cli that doesn't need Mono anymore. Please run eddie-cli directly. You can download it by selecting the CLI only package in the Linux download page.

Thank you for the reply
I have downloaded the ui version and this is what I need to run as a service.
Can you tell if these steps are correct to create the service without the need to login with user first?

1. sudo mkdir /etc/airvpn/
2. sudo mv  ~/.config/eddie/default.profile /etc/airvpn
3. sudo /etc/systemd/system/eddie-ui.service

4. [Unit]
   Description=Eddie UI
   Requires=network-online.target
   After=network-online.target
   
   [Service]
   Type=simple
   ExecStart=/usr/lib/eddie-ui/eddie-ui
   Restart=always
   RestartSec=1s
   TimeoutStopSec=5s
   
   [Install]
   WantedBy=multi-user.target

5. sudo systemctl daemon-reload
6. sudo systemctl enable --now eddie-ui.service
7. sudo systemctl start eddie-ui.service
    

1 hour ago, Staff said:

A different solution to consider (which is potentially better) is disabling ufw and enabling Eddie's Network Lock

I have enabled network lock. The proble in my case was that even if I had set the port I granted in the p2p client, trackers showed as not connectable as did the port test and when I added the rule with the specific port in ufw port opened both for trackers and the test. I would like to keep ufw enabled because I manage rules for other services. My question is if it wrong to open airvpn port in software firewall. (I read that it is wrong to open port for airvpn on router).

[Staff 10123]

Hello!
 

13 hours ago, superfk7 said:

ExecStart=/usr/lib/eddie-ui/eddie-ui

The binary file name is eddie-cli, not eddie-ui. You must invoke eddie-cli with the proper options as specified in the earlier messages. Alternatively you can consider the AirVPN Suite which offers a real daemon (Bluetit) fully manageable via systemctl, signals and the client Goldcrest.

Documentation available here.
 

13 hours ago, superfk7 said:

I would like to keep ufw enabled because I manage rules for other services. My question is if it wrong to open airvpn port in software firewall. (I read that it is wrong to open port for airvpn on router). 

It's correct to allow packets to the proper port of the tun interface (the virtual private network interface) and not of the physical network interface. Network Lock will replace firewall rules (to restore them at the end of the session) so if you need ufw custom rules for the purposes you mention you have to keep Network Lock disabled. Therefore, you may additionally consider ufw rules to prevent traffic leaks outside the VPN tunnel and bind your torrent program to the virtual private network interface, if a bind option is available in your torrent program settings.

Kind regards
 

[superfk7 0]

On 3/28/2025 at 10:59 AM, Staff said:

Hello!
 

The binary file name is eddie-cli, not eddie-ui. You must invoke eddie-cli with the proper options as specified in the earlier messages. Alternatively you can consider the AirVPN Suite which offers a real daemon (Bluetit) fully manageable via systemctl, signals and the client Goldcrest.

Documentation available here.
 
It's correct to allow packets to the proper port of the tun interface (the virtual private network interface) and not of the physical network interface. Network Lock will replace firewall rules (to restore them at the end of the session) so if you need ufw custom rules for the purposes you mention you have to keep Network Lock disabled. Therefore, you may additionally consider ufw rules to prevent traffic leaks outside the VPN tunnel and bind your torrent program to the virtual private network interface, if a bind option is available in your torrent program settings.

Kind regards
 

Hi again
I created the systemd unit for the cli but it doesn't connect automatically when system boots. I have to login and connect manually.
How can I force it connect automatically?
Also eddie ui is installed on system too. Shouldn't cli retrieve the same profile file?
If I stop the service and do: eddie-cli -logi=myusername -password=mypassword --remember , I get bash: !s+: event not found. "!s+" is part of my password.
 

[Staff 10123]

34 minutes ago, superfk7 said:

How can I force it connect automatically?
Also eddie ui is installed on system too. Shouldn't cli retrieve the same profile file?
If I stop the service and do: eddie-cli -logi=myusername -password=mypassword --remember , I get bash: !s+: event not found. "!s+" is part of my password.
 

Hello!

Please make sure to run Eddie with the proper options, do not forget --connect . Also add specific server or country if you prefer connections always to the same server or country. Avoid bash parsing or expansion of your password special characters by enclosing the password in single quotes (Quoting is used to remove the special meaning of certain characters or words to the shell) or by escaping it with backslash character \ (or pick a password without characters that pose this problem). For additional details please check the bash manual Quoting paragraph (type man bash to see it locally or read the web page previously linked).

Type on a terminal

man eddie-cli

to read the manual of your Eddie version, it explains all the options.

Kind regards