Nebulizer 0 Posted ... When I visit https://ipleak.net/ it shows the VPN IP address (good). When I disconnect from the VPN with Network Lock enabled, it still only shows the VPN address (good). However, when I reconnect to the VPN, the website briefly detects my real IP address before switching back to the VPN IP address. How can I fix this leak? OS: Linux Mint VPN interface: Eddie Web browser: Brave I do not have firewalld installed on my system, so that isn't the problem. Quote Share this post Link to post
Staff 10186 Posted ... @Nebulizer Hello! Please post a system report generated by Eddie just after the problem has occurred: https://airvpn.org/forums/topic/50663-youve-been-asked-for-a-support-filesystem-report-–-heres-what-to-do/ Kind regards Quote Share this post Link to post
iwih2gk 96 Posted ... I am curious as several others may be to learn of the outcome here. My question is whether or not you closed Eddie down (exit) completely and then re-launched it? During the time Eddie is UP you can switch servers and there is NO risk of IP leak from your ISP. However; if you close Eddie and then connect to a site your raw IP will be displayed because Eddie removes its ruleset on Mint during exit. However setting up a simple ruleset that works perfectly on Mint is easy and I have one recorded in the forum. Using the ruleset you can configure your Mint OS (computer) to NEVER expose your raw ISP IP at any time. I don't trust myself to be perfect so I use a firewall that keeps me safe. Just a suggestion. Quote Share this post Link to post
Nebulizer 0 Posted ... Apologies for the slow response. My system report is: Eddie System/Environment Report - 6/11/2025 - 12:11 AM UTC Eddie version: 2.24.6 Eddie OS build: linux_x64 Eddie architecture: x64 OS type: Linux OS name: Linux Mint OS version: 21.3 (Virginia) OS architecture: x64 Framework: 6.8.0.96 (tarball Wed Jan 15 10:20:48 UTC 2020); Framework: v4.0.30319 OpenVPN: 2.5.11 - OpenSSL 3.0.2 15 Mar 2022, LZO 2.10 (/usr/sbin/openvpn) Hummingbird: Not available WireGuard: 1.0.0 SSH: OpenSSH_8.9p1 Ubuntu-3ubuntu0.13, OpenSSL 3.0.2 15 Mar 2022 (/usr/bin/ssh) SSL: 5.63 (/usr/bin/stunnel4) Profile path: /home/username/.config/eddie/default.profile Data path: /home/username/.config/eddie Application path: /usr/lib/eddie-ui Executable path: /usr/lib/eddie-ui/eddie-ui Command line arguments: (1 args) path.resources="/usr/share/eddie-ui" Network Lock Active: Yes, Linux iptables-legacy Connected to VPN: Yes, Mintaka OS support IPv4: Yes OS support IPv6: Yes Detected DNS: 10.128.0.1,fd7d:76ee:e68f:a993::1 Test DNS IPv4: Ok Test DNS IPv6: Ok Test Ping IPv4: 132 ms Test Ping IPv6: 127 ms Test HTTP IPv4: Ok Test HTTP IPv6: Ok Test HTTPS: Ok ---------------------------- Important options not at defaults: login: (omissis) password: (omissis) remember: True connect: True proxy.mode: none ---------------------------- Logs: . 2025.06.10 20:08:48 - Eddie version: 2.24.6 / linux_x64, System: Linux, Name: Linux Mint, Version: 21.3 (Virginia), Framework: 6.8.0.96 (tarball Wed Jan 15 10:20:48 UTC 2020); Framework: v4.0.30319 . 2025.06.10 20:08:48 - Command line arguments (1): path.resources="/usr/share/eddie-ui" . 2025.06.10 20:08:49 - Collect network information . 2025.06.10 20:08:49 - Reading options from /home/username/.config/eddie/default.profile . 2025.06.10 20:08:50 - OpenVPN - Version: 2.5.11 - OpenSSL 3.0.2 15 Mar 2022, LZO 2.10 (/usr/sbin/openvpn) . 2025.06.10 20:08:50 - SSH - Version: OpenSSH_8.9p1 Ubuntu-3ubuntu0.13, OpenSSL 3.0.2 15 Mar 2022 (/usr/bin/ssh) . 2025.06.10 20:08:50 - SSL - Version: 5.63 (/usr/bin/stunnel4) . 2025.06.10 20:08:50 - Service systemd-resolved restarted I 2025.06.10 20:08:51 - Ready . 2025.06.10 20:08:53 - Collect information about AirVPN completed I 2025.06.10 20:08:53 - Session starting. . 2025.06.10 20:08:53 - Activation of Network Lock - Linux iptables-legacy . 2025.06.10 20:08:53 - Waiting for latency tests (107 to go) I 2025.06.10 20:08:56 - Checking authorization ... . 2025.06.10 20:08:57 - Collect information about AirVPN completed ! 2025.06.10 20:08:57 - Connecting to Mintaka (Canada, Toronto, Ontario) . 2025.06.10 20:08:57 - Routes, add 184.75.223.221/32 for interface "wlp4s0". . 2025.06.10 20:08:57 - WireGuard > Setup start . 2025.06.10 20:08:57 - WireGuard > Setup complete . 2025.06.10 20:08:57 - WireGuard > Setup interface . 2025.06.10 20:08:58 - WireGuard > Received first handshake . 2025.06.10 20:08:58 - DNS of the system switched to VPN DNS - via /etc/resolv.conf) . 2025.06.10 20:08:58 - Routes, add 0.0.0.0/1 for interface "Eddie". . 2025.06.10 20:08:58 - Routes, add 128.0.0.0/1 for interface "Eddie". . 2025.06.10 20:08:58 - Routes, add ::/1 for interface "Eddie". . 2025.06.10 20:08:59 - Routes, add 8000::/1 for interface "Eddie". . 2025.06.10 20:08:59 - Routes, add 184.75.223.219/32 for interface "Eddie". . 2025.06.10 20:08:59 - Routes, add [ip-address-redacted] for interface "Eddie". . 2025.06.10 20:08:59 - Flushing DNS . 2025.06.10 20:08:59 - Flush DNS - systemd-resolved flush-caches I 2025.06.10 20:08:59 - Checking route IPv4 I 2025.06.10 20:08:59 - Checking route IPv6 I 2025.06.10 20:09:00 - Checking DNS . 2025.06.10 20:09:00 - Collect network information ! 2025.06.10 20:09:00 - Connected. ! 2025.06.10 20:09:03 - Disconnecting . 2025.06.10 20:09:04 - WireGuard > Stop request received . 2025.06.10 20:09:04 - WireGuard > Stopping . 2025.06.10 20:09:04 - WireGuard > Completed . 2025.06.10 20:09:04 - Routes, delete 0.0.0.0/1 for interface "Eddie", not exists. . 2025.06.10 20:09:04 - Routes, delete 128.0.0.0/1 for interface "Eddie", not exists. . 2025.06.10 20:09:04 - Routes, delete ::/1 for interface "Eddie", not exists. . 2025.06.10 20:09:04 - Routes, delete 8000::/1 for interface "Eddie", not exists. . 2025.06.10 20:09:05 - Routes, delete 184.75.223.221/32 for interface "wlp4s0". . 2025.06.10 20:09:05 - Routes, delete 184.75.223.219/32 for interface "Eddie", not exists. . 2025.06.10 20:09:05 - Routes, delete [ip-address-redacted] for interface "Eddie", not exists. . 2025.06.10 20:09:05 - DNS of the system restored - via /etc/resolv.conf) . 2025.06.10 20:09:05 - Service systemd-resolved restarted . 2025.06.10 20:09:05 - DNS of the interface 'enp5s0' restored to '10.128.0.1 fd7d:76ee:e68f:a993::1' - via systemd-resolved . 2025.06.10 20:09:05 - Default Route of the interface 'enp5s0' restored to 'no' - via systemd-resolved . 2025.06.10 20:09:05 - DNS of the interface 'wlp4s0' restored to '[ip-address-redacted]' - via systemd-resolved . 2025.06.10 20:09:05 - Default Route of the interface 'wlp4s0' restored to 'yes' - via systemd-resolved . 2025.06.10 20:09:05 - Collect network information . 2025.06.10 20:09:05 - Connection terminated. . 2025.06.10 20:09:05 - Flushing DNS . 2025.06.10 20:09:05 - Flush DNS - systemd-resolved flush-caches . 2025.06.10 20:09:05 - Deactivation of Network Lock ! 2025.06.10 20:09:05 - Session terminated. ! 2025.06.10 20:09:11 - Activation of Network Lock - Linux iptables-legacy I 2025.06.10 20:09:13 - Session starting. I 2025.06.10 20:09:13 - Checking authorization ... ! 2025.06.10 20:09:14 - Connecting to Mintaka (Canada, Toronto, Ontario) . 2025.06.10 20:09:14 - Routes, add 184.75.223.221/32 for interface "wlp4s0". . 2025.06.10 20:09:14 - WireGuard > Setup start . 2025.06.10 20:09:14 - WireGuard > Setup complete . 2025.06.10 20:09:14 - WireGuard > Setup interface . 2025.06.10 20:09:15 - WireGuard > Received first handshake . 2025.06.10 20:09:15 - DNS of the system switched to VPN DNS - via /etc/resolv.conf) . 2025.06.10 20:09:15 - Routes, add 0.0.0.0/1 for interface "Eddie". . 2025.06.10 20:09:15 - Routes, add 128.0.0.0/1 for interface "Eddie". . 2025.06.10 20:09:15 - Routes, add ::/1 for interface "Eddie". . 2025.06.10 20:09:15 - Routes, add 8000::/1 for interface "Eddie". . 2025.06.10 20:09:15 - Routes, add 184.75.223.219/32 for interface "Eddie". . 2025.06.10 20:09:15 - Routes, add [ip-address-redacted] for interface "Eddie". . 2025.06.10 20:09:15 - Flushing DNS . 2025.06.10 20:09:15 - Flush DNS - systemd-resolved flush-caches I 2025.06.10 20:09:15 - Checking route IPv4 I 2025.06.10 20:09:16 - Checking route IPv6 I 2025.06.10 20:09:16 - Checking DNS . 2025.06.10 20:09:17 - Collect network information ! 2025.06.10 20:09:17 - Connected. ! 2025.06.10 20:10:09 - Disconnecting . 2025.06.10 20:10:10 - WireGuard > Stop request received . 2025.06.10 20:10:10 - WireGuard > Stopping . 2025.06.10 20:10:10 - WireGuard > Completed . 2025.06.10 20:10:10 - Routes, delete 0.0.0.0/1 for interface "Eddie", not exists. . 2025.06.10 20:10:10 - Routes, delete 128.0.0.0/1 for interface "Eddie", not exists. . 2025.06.10 20:10:10 - Routes, delete ::/1 for interface "Eddie", not exists. . 2025.06.10 20:10:10 - Routes, delete 8000::/1 for interface "Eddie", not exists. . 2025.06.10 20:10:10 - Routes, delete 184.75.223.221/32 for interface "wlp4s0". . 2025.06.10 20:10:10 - Routes, delete 184.75.223.219/32 for interface "Eddie", not exists. . 2025.06.10 20:10:10 - Routes, delete [ip-adress-redacted] for interface "Eddie", not exists. . 2025.06.10 20:10:10 - DNS of the system restored - via /etc/resolv.conf) . 2025.06.10 20:10:10 - Service systemd-resolved restarted . 2025.06.10 20:10:10 - DNS of the interface 'enp5s0' restored to '10.128.0.1 fd7d:76ee:e68f:a993::1' - via systemd-resolved . 2025.06.10 20:10:10 - Default Route of the interface 'enp5s0' restored to 'no' - via systemd-resolved . 2025.06.10 20:10:10 - DNS of the interface 'wlp4s0' restored to '[ip-address-redacted]' - via systemd-resolved . 2025.06.10 20:10:10 - Default Route of the interface 'wlp4s0' restored to 'yes' - via systemd-resolved . 2025.06.10 20:10:10 - Collect network information . 2025.06.10 20:10:10 - Connection terminated. . 2025.06.10 20:10:10 - Flushing DNS . 2025.06.10 20:10:10 - Flush DNS - systemd-resolved flush-caches ! 2025.06.10 20:10:11 - Session terminated. I 2025.06.10 20:10:14 - Session starting. I 2025.06.10 20:10:14 - Checking authorization ... ! 2025.06.10 20:10:15 - Connecting to Mintaka (Canada, Toronto, Ontario) . 2025.06.10 20:10:15 - Routes, add 184.75.223.221/32 for interface "wlp4s0". . 2025.06.10 20:10:15 - WireGuard > Setup start . 2025.06.10 20:10:15 - WireGuard > Setup complete . 2025.06.10 20:10:15 - WireGuard > Setup interface . 2025.06.10 20:10:16 - WireGuard > Received first handshake . 2025.06.10 20:10:16 - DNS of the system switched to VPN DNS - via /etc/resolv.conf) . 2025.06.10 20:10:16 - Routes, add 0.0.0.0/1 for interface "Eddie". . 2025.06.10 20:10:16 - Routes, add 128.0.0.0/1 for interface "Eddie". . 2025.06.10 20:10:16 - Routes, add ::/1 for interface "Eddie". . 2025.06.10 20:10:16 - Routes, add 8000::/1 for interface "Eddie". . 2025.06.10 20:10:16 - Routes, add 184.75.223.219/32 for interface "Eddie". . 2025.06.10 20:10:16 - Routes, add [ip-address-redacted] for interface "Eddie". . 2025.06.10 20:10:16 - Flushing DNS . 2025.06.10 20:10:16 - Flush DNS - systemd-resolved flush-caches I 2025.06.10 20:10:16 - Checking route IPv4 I 2025.06.10 20:10:17 - Checking route IPv6 I 2025.06.10 20:10:17 - Checking DNS . 2025.06.10 20:10:18 - Collect network information ! 2025.06.10 20:10:18 - Connected. ! 2025.06.10 20:11:07 - Disconnecting . 2025.06.10 20:11:08 - WireGuard > Stop request received . 2025.06.10 20:11:08 - WireGuard > Stopping . 2025.06.10 20:11:08 - WireGuard > Completed . 2025.06.10 20:11:08 - Routes, delete 0.0.0.0/1 for interface "Eddie", not exists. . 2025.06.10 20:11:08 - Routes, delete 128.0.0.0/1 for interface "Eddie", not exists. . 2025.06.10 20:11:08 - Routes, delete ::/1 for interface "Eddie", not exists. . 2025.06.10 20:11:08 - Routes, delete 8000::/1 for interface "Eddie", not exists. . 2025.06.10 20:11:08 - Routes, delete 184.75.223.221/32 for interface "wlp4s0". . 2025.06.10 20:11:08 - Routes, delete 184.75.223.219/32 for interface "Eddie", not exists. . 2025.06.10 20:11:08 - Routes, delete [ip-address-redacted] for interface "Eddie", not exists. . 2025.06.10 20:11:08 - DNS of the system restored - via /etc/resolv.conf) . 2025.06.10 20:11:08 - Service systemd-resolved restarted . 2025.06.10 20:11:08 - DNS of the interface 'enp5s0' restored to '10.128.0.1 fd7d:76ee:e68f:a993::1' - via systemd-resolved . 2025.06.10 20:11:08 - Default Route of the interface 'enp5s0' restored to 'no' - via systemd-resolved . 2025.06.10 20:11:08 - DNS of the interface 'wlp4s0' restored to '[ip-address-redacted]' - via systemd-resolved . 2025.06.10 20:11:08 - Default Route of the interface 'wlp4s0' restored to 'yes' - via systemd-resolved . 2025.06.10 20:11:08 - Collect network information . 2025.06.10 20:11:08 - Connection terminated. . 2025.06.10 20:11:08 - Flushing DNS . 2025.06.10 20:11:08 - Flush DNS - systemd-resolved flush-caches ! 2025.06.10 20:11:09 - Session terminated. I 2025.06.10 20:11:10 - Session starting. I 2025.06.10 20:11:10 - Checking authorization ... ! 2025.06.10 20:11:11 - Connecting to Mintaka (Canada, Toronto, Ontario) . 2025.06.10 20:11:11 - Routes, add 184.75.223.221/32 for interface "wlp4s0". . 2025.06.10 20:11:11 - WireGuard > Setup start . 2025.06.10 20:11:11 - WireGuard > Setup complete . 2025.06.10 20:11:11 - WireGuard > Setup interface . 2025.06.10 20:11:12 - WireGuard > Received first handshake . 2025.06.10 20:11:12 - DNS of the system switched to VPN DNS - via /etc/resolv.conf) . 2025.06.10 20:11:12 - Routes, add 0.0.0.0/1 for interface "Eddie". . 2025.06.10 20:11:12 - Routes, add 128.0.0.0/1 for interface "Eddie". . 2025.06.10 20:11:13 - Routes, add ::/1 for interface "Eddie". . 2025.06.10 20:11:13 - Routes, add 8000::/1 for interface "Eddie". . 2025.06.10 20:11:13 - Routes, add 184.75.223.219/32 for interface "Eddie". . 2025.06.10 20:11:13 - Routes, add [ip-address-redacted] for interface "Eddie". . 2025.06.10 20:11:13 - Flushing DNS . 2025.06.10 20:11:13 - Flush DNS - systemd-resolved flush-caches I 2025.06.10 20:11:13 - Checking route IPv4 I 2025.06.10 20:11:13 - Checking route IPv6 I 2025.06.10 20:11:14 - Checking DNS . 2025.06.10 20:11:14 - Collect network information ! 2025.06.10 20:11:14 - Connected. ---------------------------- Network Info: { "routes": [ { "destination": "0.0.0.0\/1", "interface": "Eddie", "scope": "link" }, { "destination": "0.0.0.0\/0", "gateway": "[ip-address-redacted]", "interface": "wlp4s0", "metric": "20600", "proto": "dhcp" }, { "destination": "128.0.0.0\/1", "interface": "Eddie", "scope": "link" }, { "destination": "[ip-address-redacted]", "interface": "wlp4s0", "metric": "1000", "scope": "link" }, { "destination": "184.75.223.219\/32", "interface": "Eddie", "scope": "link" }, { "destination": "184.75.223.221\/32", "gateway": "ip-address-redacted", "interface": "wlp4s0" }, { "destination": "[ip-addres-redacted]", "interface": "wlp4s0", "metric": "600", "proto": "kernel", "scope": "link", "src": "[ip-addres-redacted]" }, { "destination": "::1\/128", "interface": "lo", "metric": "256", "pref": "medium", "proto": "kernel" }, { "destination": "[ip-address-redacted]", "interface": "Eddie", "metric": "1024", "pref": "medium" }, { "destination": "[ip-address-redacted]", "expires": "86314sec", "interface": "wlp4s0", "metric": "256", "pref": "medium", "proto": "kernel" }, { "destination": "::\/1", "interface": "Eddie", "metric": "1024", "pref": "medium" }, { "destination": "[ip-address-redacted]", "interface": "Eddie", "metric": "256", "pref": "medium", "proto": "kernel" }, { "destination": "fe80::\/64", "interface": "wlp4s0", "metric": "256", "pref": "medium", "proto": "kernel" }, { "destination": "8000::\/1", "interface": "Eddie", "metric": "1024", "pref": "medium" }, { "destination": "::\/0", "expires": "1714sec", "gateway": "[ip-address-redacted]", "hoplimit": "64", "interface": "wlp4s0", "metric": "1024", "pref": "medium", "proto": "ra" } ], "ipv4-default-gateway": "[ip-addres-redacted]", "ipv4-default-interface": "wlp4s0", "ipv6-default-gateway": "[ip-address-redacted]", "ipv6-default-interface": "wlp4s0", "interfaces": [ { "friendly": "lo", "id": "lo", "name": "lo", "description": "lo", "type": "Loopback", "status": "Unknown", "bytes_received": "2038020", "bytes_sent": "2038020", "support_ipv4": true, "support_ipv6": true, "ips": [ "127.0.0.1", "::1" ], "bind": true }, { "friendly": "enp5s0", "id": "enp5s0", "name": "enp5s0", "description": "enp5s0", "type": "Ethernet", "status": "Down", "bytes_received": "0", "bytes_sent": "0", "support_ipv4": true, "support_ipv6": true, "ips": [], "bind": false }, { "friendly": "wlp4s0", "id": "wlp4s0", "name": "wlp4s0", "description": "wlp4s0", "type": "Wireless80211", "status": "Up", "bytes_received": "26314969", "bytes_sent": "2528850", "support_ipv4": true, "support_ipv6": true, "ips": [ "[ip-address-redacted]", "[ip-address-redacted]", "[ip-address-redacted]", "[ip-address-redacted]" ], "bind": true }, { "friendly": "Eddie", "id": "Eddie", "name": "Eddie", "description": "Eddie", "type": "0", "status": "Unknown", "bytes_received": "87980", "bytes_sent": "50300", "support_ipv4": true, "support_ipv6": true, "ips": [ "[ip-addres-redacted]", "[ip-addres-redacted]" ], "bind": true } ] } ---------------------------- ip addr show: 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp5s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000 link/ether d8:5e:d3:0a:4e:73 brd ff:ff:ff:ff:ff:ff 3: wlp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether a4:6b:b6:ad:e4:18 brd ff:ff:ff:ff:ff:ff inet [ip-address-redacted] brd [ip-address-redacted] scope global dynamic noprefixroute wlp4s0 valid_lft 85690sec preferred_lft 85690sec inet6 [ip-address-redacted] scope global temporary dynamic valid_lft 86315sec preferred_lft 85251sec inet6 [ip-address-redacted] scope global dynamic mngtmpaddr valid_lft 86315sec preferred_lft 86315sec inet6 fe80::a66b:b6ff:fead:e418/64 scope link valid_lft forever preferred_lft forever 9: Eddie: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1320 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet 10.157.238.110/32 scope global Eddie valid_lft forever preferred_lft forever inet6 [ip-address-redacted] scope global valid_lft forever preferred_lft forever ---------------------------- ip link show: 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: enp5s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 1000 link/ether d8:5e:d3:0a:4e:73 brd ff:ff:ff:ff:ff:ff 3: wlp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DORMANT group default qlen 1000 link/ether a4:6b:b6:ad:e4:18 brd ff:ff:ff:ff:ff:ff 9: Eddie: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1320 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/none Throughout the system report, I have replaced any number that looks like it might be my ip address with [ip-address-redacted], and I replaced my username with "username". Those are the only changes I made. Quote Share this post Link to post
Nebulizer 0 Posted ... (edited) Quote My question is whether or not you closed Eddie down (exit) completely and then re-launched it? Eddie was open and running the whole time Quote However setting up a simple ruleset that works perfectly on Mint is easy and I have one recorded in the forum. Using the ruleset you can configure your Mint OS (computer) to NEVER expose your raw ISP IP at any time. I don't trust myself to be perfect so I use a firewall that keeps me safe. Just a suggestion. This is a great suggestion. Can you please share the link to your setup guide? Edited ... by Nebulizer Accidentally posted with no content except a quote. Quote Share this post Link to post
Staff 10186 Posted ... @Nebulizer Hello! This: Quote . 2025.06.10 20:09:05 - Connection terminated. . 2025.06.10 20:09:05 - Flushing DNS . 2025.06.10 20:09:05 - Flush DNS - systemd-resolved flush-caches . 2025.06.10 20:09:05 - Deactivation of Network Lock ! 2025.06.10 20:09:05 - Session terminated. ! 2025.06.10 20:09:11 - Activation of Network Lock - Linux iptables-legacy I 2025.06.10 20:09:13 - Session starting. must happen only if you have not activated Network Lock from Eddie's main window and/or from the proper menu, or you have activated it and you de-activated it after the disconnection (by clicking the big central button). Eddie applies Network Lock during connections even when Network Lock has not been engaged, unless explicitly disabled in its entirety from the settings, and disables it at the end of the connection, according to user's settings. Actually, when Network Lock is engaged explicitly from the main window or the settings and it is not disengaged via the big central button, you must have this correct behavior that occurs even in your case except for the one case above: Quote . 2025.06.10 20:10:10 - Connection terminated. . 2025.06.10 20:10:10 - Flushing DNS . 2025.06.10 20:10:10 - Flush DNS - systemd-resolved flush-caches ! 2025.06.10 20:10:11 - Session terminated. I 2025.06.10 20:10:14 - Session starting. As you can see, here deactivation / activation cycle does not take place. Network Lock remains engaged and no leak is possible. Now, if you can reproduce the first behavior even after you have engaged Network Lock from the main window or from the options and you started a connection and then ordered a disconnection from a server (and you did not click the button to disengage Network Lock of course), please describe all the steps you performed to let us reproduce the problem so that the developers can address it asap. Kind regards Quote Share this post Link to post
Nebulizer 0 Posted ... The steps are: 1. Eddie is open but disconnected. Activate network lock. 2. Now, Network Lock is activated. Connect to a server: The connection is successful: 3. Go to ipleak.net and see only the VPN IP address (good). 4. Disconnect from Eddie 5. Network Lock is still active. Reconnect to Eddie: 6. After reconnecting, ipleak.net shows both the VPN IP address and my real IP address (under "DNS Addresses"): Let me know if you have additional questions. Quote Share this post Link to post
Staff 10186 Posted ... 6 hours ago, Nebulizer said: ipleak.net shows both the VPN IP address and my real IP address (under "DNS Addresses"): Hello! From your description this issue has not to do with Network Lock but involves DNS leaks. Eddie 2.24.6 supports every systemd-resolved operational mode and in this case Eddie decides to operate exclusively with /etc/resolv.conf: . 2025.06.10 20:08:58 - DNS of the system switched to VPN DNS - via /etc/resolv.conf) which is correct according to the tests on our Mint 21.3 system because /etc/resolv.conf is not a symlink. We can not reproduce the issue in any way on our Mint 21.3, therefore we will investigate further. On your side, can you please send us the following output taken immediately after the issue occurred and while Eddie is still connected to the VPN (do not disconnect)? ls -l /etc/resolv.conf cat /etc/resolv.conf Kind regards Quote Share this post Link to post
iwih2gk 96 Posted ... On 6/11/2025 at 12:43 AM, Nebulizer said: Eddie was open and running the whole time This is a great suggestion. Can you please share the link to your setup guide? I hope this will make sense to you. I will paste an overview and I assure you it works perfectly in Mint because I am using it. The GOAL of this simple little NFT firewall procedure is that you will NEVER be able to go online without being connected to Eddie [Don''t worry its super easy to flush the ruleset IF you intentionally want to go online without AirVpn/Eddie]. I am including a basic list of commands that you might use over time. Again, easy stuff BUT totally effective and has never let anything through --- EVER. Paste below and then brief descriptions below that: ** Global NFT ON - Off instructions ** Set nftables to start at boot: systemctl enable nftables Prevent nftables from starting at boot: systemctl mask nftables ----------------------------------------------------------------- sudo nft list ruleset sudo nft flush ruleset #opens computer to connect to LAN. sudo systemctl start nftables Restart nft rules without needing to reboot ---- eddie should be down first!! **Personal AirVpn firewall rules below (nft must be enabled before you can see the place to edit the OS ruleset to my personal set).** XXX@mint:~$ sudo nft list ruleset [sudo] password for XXX: table inet filter { chain input { type filter hook input priority filter; policy drop; iifname "lo" accept ct state established,related accept } chain forward { type filter hook forward priority filter; policy drop; } chain output { type filter hook output priority filter; policy drop; oifname "lo" accept ip saddr 192.168.0.0/16 ip daddr 192.168.0.0/16 accept } } XXX@mint:~$ ## **** -----------------------------------------------------Add or Edit NFT rules ------------------------------------ **** sudo nano /etc/nftables.conf # and add table above and save it of course - Ctrl X End of paste ---------------------------------------------------- Don't get lost here this is easy stuff. The block diagram is that you will use NFT rules and simply paste in the the tiny firewall script above. This is very basic and its NOT the firewall protecting you while you are online. Eddie will install its own firewall and that is what is in play while online. This tiny firewall simply prevents your machine from going out to workspace -- period. When you mount Eddie the client will save a copy of this firewall and when you exit Eddie it will place it back as it was. This is the default operation of Eddie you don't have to configure it in any way its automatic, so relax. Drawing you a mental picture here ---- > You mount Mint and during mount systemctl starts (assuming you enable/instruct it to do so) -- see terminal commands above. This means the tiny firewall is up and running, which blocks Mint's access to going online. Now you start Eddie and the client takes over as I described above. Its flawless and once setup its perfect performing. Let me once again remind you the startup firewall does NOT need to be complex it is ONLY forcing you to remember to connect and also will protect you when you exit Eddie because once again your Mint machine will be blocked from going online when you exit Eddie. Makes sense?? 1 Nebulizer reacted to this Quote Share this post Link to post
Nebulizer 0 Posted ... 3 hours ago, iwih2gk said: Makes sense?? Yes, this makes sense. Thank you! Quote Share this post Link to post
Nebulizer 0 Posted ... 17 hours ago, Staff said: We can not reproduce the issue in any way on our Mint 21.3, therefore we will investigate further. I checked and the issue only seems to affect chrome-based browsers (Brave and Chromium). Firefox did not leak, so it cannot be used to reproduce the issue. The command $ ls -l /etc/resolv.conf outputs: -rw-r--r-- 1 root root 335 Jun 12 21:46 /etc/resolv.conf The command $ cat /etc/resolv.conf outputs: # # Created by Eddie. Do not edit. # # Your resolv.conf file is temporarily backed up in /etc/resolv.conf.eddievpn # To restore your resolv.conf file you need to log in as root # and execute the below command from the shell: # # mv /etc/resolv.conf.eddievpn /etc/resolv.conf # nameserver 10.128.0.1 nameserver fd7d:76ee:e68f:a993::1 Quote Share this post Link to post
Staff 10186 Posted ... 6 hours ago, Nebulizer said: I checked and the issue only seems to affect chrome-based browsers (Brave and Chromium). Firefox did not leak, so it cannot be used to reproduce the issue. Hello! In this case the problem may be completely different from what it was theorized up to now in this thread. Let's make a step back, from your original message there is a point which may explain the whole issue: On 6/8/2025 at 4:57 AM, Nebulizer said: When I disconnect from the VPN with Network Lock enabled, it still only shows the VPN address (good). This is NOT good, this is clearly impossible. When you disconnect from the VPN, Network Lock malfunctioning or not, and you browse a web site to check the IP address you appear with on the Internet, you can either get your "real" (ISP assigned) IP address or you can't access the Internet at all (except for airvpn.org web site and VPN servers entry-IP addresses). You can't see any public VPN server IP address, simply because you are not connected to any VPN server. So, adding this relevant information (we missed it out since the beginning) on top of the fact that you can reproduce the problem only with Chrome and Brave, while on our side we can't reproduce the problem at all (tested beyond browsers), we start to suspect that it's all an illusion caused by Chrome caching. Chrome caches website data, images, scripts, resources and DNS records to improve browsing performance. The browser maintains its own internal DNS cache, which is separate from the operating system's DNS cache. Please repeat the test, but this time start from a pristine Chrome/Chromium browser whose caches are all completely empty, and if our suspicion is correct you should see that the problem does not appear. Kind regards Quote Share this post Link to post
Nebulizer 0 Posted ... On 6/13/2025 at 4:56 AM, Staff said: This is NOT good, this is clearly impossible. When you disconnect from the VPN, Network Lock malfunctioning or not, and you browse a web site to check the IP address you appear with on the Internet, you can either get your "real" (ISP assigned) IP address or you can't access the Internet at all (except for airvpn.org web site and VPN servers entry-IP addresses). You can't see any public VPN server IP address, simply because you are not connected to any VPN server. When I disconnect from the VPN, I already have the website open. The website stops working, as it should, because the internet is not working. (The only IP address it shows is the VPN I was previously connected to. It does not show my real IP address. This is why I called it "good".) Then, after I reconnect to the VPN, it shows my real IP address (bad). Here is my best guess of what is happening: 1. Connect to VPN with network lock on. 2. Connect to ipleak.net (shows only VPN IP address). 3. Disconnect from VPN (network lock breaks internet connection, website stops working). 4. Reconnect to VPN (network lock reconnects to internet, but somehow leaks real IP address before reconnecting to the VPN). 5. Website now shows real IP address. The bold part of point 4 is only a guess, I am not sure what the real issue is. In Chromium, I tried accessing the website through both "Incognito Window" and "Window with a temporary profile" and the issue persists. I also confirmed the issue on a second computer. I also installed Google Chrome via Flatpak (I didn't have Chrome installed before, so this was a completely pristine installation) and it has the same issue. Let me know if you need further details on replicating the problem. Quote Share this post Link to post
Not connected, Your IP: 216.73.216.18
Online: 30992 users - 417110 Mbit/s total BW