zedik 1 Posted ... AirVPN Suite problem. goldcrest --air-connect --air-vpn-type wireguard --network-lock on Above command ends with an error: ↓ STAFF EDIT NOTE FOR THE READERS: THE REPORT IS INCORRECT. NO MATCH BETWEEN INPUT AND OUTPUT. CHECK THE SOLUTION BEFORE POSTING. xxx Bluetit - AirVPN WireGuard/OpenVPN3 Service 2.0.0 - 22 July 2025 xxx OpenVPN core 3.12 AirVPN (20250606) linux x86_64 64-bit xxx Copyright (C) 2012- OpenVPN Inc. All rights reserved. xxx OpenSSL 3.0.13 30 Jan 2024 xxx AirVPN WireGuard Client 2.0.0 Linux x86_64 64-bit xxx Bluetit options successfully reset xxx ERROR: --air-vpn-type can be openvpn or wireguard Why? Can anybody help, please! BTW, I can connect with wg-quick. Its only 4 commands: sudo wg-quick up /home/xxxx/wg0.conf sudo ./wg-killswitch-nft.sh up wg0 sudo wg-quick down /home/xxxx/wg0.conf ./wg-killswitch-nft.sh down wg0 I downloaded killswitch from: https://github.com/xtarlit/wg-killswitch-nft Quote Share this post Link to post
zedik 1 Posted ... Maybe I should modify line in /etc/airvpn/bluetit.rc: ↓ # airvpntype <wireguard|openvpn> But how? E.g. ↓ # airvpntype <wireguard> or: ↓ airvpntype <wireguard> Anybody! Quote Share this post Link to post
Staff 10494 Posted ... 13 hours ago, zedik said: xxx ERROR: --air-vpn-type can be openvpn or wireguard Why? Can anybody help, please! Hello! We can't reproduce in any way. If you had entered some non visible character in your command line we wouldn't be able to see it (on this forum "code" section) and the parser would throw the error. Can you please re-type from scratch the whole command, just to rule out this potential issue? If the problem persists, can you also add the Bluetit log and the bluetit.rc file (wipe out username, password)? To generate the Bluetit log for example to a bluetit.log file: sudo journalctl | grep bluetit > bluetit.log Can you also verify the char encoding of your terminal (type the command locale and send us the whole output)? 11 hours ago, zedik said: But how? E.g. ↓ # airvpntype <wireguard> or: ↓ airvpntype <wireguard> The correct line is: airvpntype wireguard The angular brackets in our convention include possible options or option argument, with the symbol "|" meaning "or". They are not part of the syntax of the option or option argument, instead they are mere placeholders, so you must omit them. Just like in a lot of GNU documentation and Unix man pages, to be clear. Kind regards Quote Share this post Link to post
zedik 1 Posted ... Whole command: ↓ goldcrest --air-connect --air-vpn-type wireguard --network-lock on And results are: ↓ Goldcrest - AirVPN Bluetit Client 2.0.0 - 22 July 2025 2026-03-19 11:06:42 Reading run control directives from file /home/zed/.config/goldcrest.rc AirVPN Username: zedik Password: 2026-03-19 11:07:00 Bluetit - AirVPN WireGuard/OpenVPN3 Service 2.0.0 - 22 July 2025 2026-03-19 11:07:00 OpenVPN core 3.12 AirVPN (20250606) linux x86_64 64-bit 2026-03-19 11:07:01 Copyright (C) 2012- OpenVPN Inc. All rights reserved. 2026-03-19 11:07:01 OpenSSL 3.0.13 30 Jan 2024 2026-03-19 11:07:01 AirVPN WireGuard Client 2.0.0 Linux x86_64 64-bit 2026-03-19 11:07:01 Bluetit options successfully reset 2026-03-19 11:07:01 ERROR: --air-vpn-type can be openvpn or wireguard bluetit.log:→ https://termbin.com/7b2plocale bluetit.rc:→ https://termbin.com/l05j locale LANG=en_AU.UTF-8 LANGUAGE=en_AU:enlocale LC_CTYPE="en_AU.UTF-8" LC_NUMERIC="en_AU.UTF-8" LC_TIME="en_AU.UTF-8" LC_COLLATE="en_AU.UTF-8" LC_MONETARY="en_AU.UTF-8" LC_MESSAGES="en_AU.UTF-8" LC_PAPER="en_AU.UTF-8" LC_NAME="en_AU.UTF-8" LC_ADDRESS="en_AU.UTF-8" LC_TELEPHONE="en_AU.UTF-8" LC_MEASUREMENT="en_AU.UTF-8" LC_IDENTIFICATION="en_AU.UTF-8" LC_ALL= Quote Share this post Link to post
Staff 10494 Posted ... @zedik Hello! The bluetit.rc file you sent us is not consistent with the log. The log mentions: 2026-03-15T12:01:09.447328+11:00 zedkomp bluetit: ERROR: networklockpersist in /etc/airvpn/bluetit.rc must be on, iptables, nftables, pf or off 2026-03-15T12:01:09.447395+11:00 zedkomp bluetit: ERROR: networklock in /etc/airvpn/bluetit.rc must be on, iptables, nftables, pf or off ... 2026-03-16T10:53:44.803779+11:00 zedkomp bluetit: ERROR in /etc/airvpn/bluetit.rc: invalid value "<wireguard>" for directive airvpntype (allowed values: openvpn, wireguard) but the rc file you linked has those directives commented out. Can you please check? About the initial error you pointed out, the cause is the same: 2026-03-19T11:07:01.296401+11:00 zedkomp bluetit: Requested method "set_options: air-vpn-type (f) -> <wireguard>" 2026-03-19T11:07:01.296633+11:00 zedkomp bluetit: ERROR: --air-vpn-type can be openvpn or wireguard Note the difference between <wireguard> (wrong) and wireguard (correct). Kind regards Quote Share this post Link to post
zedik 1 Posted ... I am an old man still learning Linux. I changed 3 lines in bluetit.rc like bold bellow: ↓ # airconnectatboot <off|quick|server|country> networklockpersist on airvpntype wireguard # airusername <airvpn_username> # airpassword <aivpn_password> # airkey <airvpn_user_key> # airserver <airvpn_server_name> # aircountry <airvpn_country_name> # airproto <udp|tcp> # airport <port> # aircipher <cipher_name> # airipv6 <yes|no> # air6to4 <yes|no> # manifestupdateinterval <minutes> # airwhiteserverlist <server list> # airblackserverlist <server list> # airwhitecountrylist <country list> # airblackcountrylist <country list> # forbidquickhomecountry <yes|no> # allowuservpnprofiles <yes|no> # allowtrafficsplitting <yes|no> # trafficsplitnamespace <namespace> # trafficsplitinterface <device_name> # trafficsplitnamespaceinterface <device_name> # trafficsplitipv4 <auto|IPv4> # trafficsplitipv6 <auto|IPv6> # trafficsplitfirewall <yes|no> # country <ISO code> # remote <ip|url list> # proto <udp|tcp> # port <port> # mtu <value> # tunpersist <yes|no> # cipher <cipher_names> # maxconnretries <number> # tcpqueuelimit <value> # ncpdisable <yes|no> networklock on # networkcheck <on|gateway|airvpn|off> And its still the same:→ ERROR: --air-vpn-type can be openvpn or wireguard. Shouldn't original bluetit.rc file be enough? Why I have to change it? Can you, please show me how I should modify bluetit.rc file? Quote Share this post Link to post
zedik 1 Posted ... File bluetit.rc I linked is original from install (not modified). Did I understand correctly — I should modify bluetit.rc file? Quote Share this post Link to post
zedik 1 Posted ... To set up a kill-switch I added to /etc/wireguard/wg,conf these 2 lines under the [Interface] section: ↓ 1. ↓ PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT 2. ↓ PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT I just followed advice from internet but maybe AirVPN Suite doesn't need that. Could that be why I can not connect with goldcrest? Quote Share this post Link to post
Staff 10494 Posted ... 8 hours ago, zedik said: File bluetit.rc I linked is original from install (not modified). Did I understand correctly — I should modify bluetit.rc file? Hello! To resolve this error: 2026-03-19T11:07:01.296401+11:00 zedkomp bluetit: Requested method "set_options: air-vpn-type (f) -> <wireguard>" 2026-03-19T11:07:01.296633+11:00 zedkomp bluetit: ERROR: --air-vpn-type can be openvpn or wireguard you needed to change <wireguard> into wireguard where necessary, either in command line or goldcrest.rc file. Now that you have set the airvpntype option in bluetit.rc you may also omit completely the Goldcrest option air-vpn-type because you have set WireGuard connection type already in bluetit.rc. 2 hours ago, zedik said: I just followed advice from internet but maybe AirVPN Suite doesn't need that. If you want to enable Network Lock or persistent Network Lock in the AirVPN Suite, do not add your own firewall rules in the same chains used by the Suite: they will be overwritten when Network Lock is enabled. Conversely, if you prefer to use your own rules, disable Network Lock completely on bluetit.rc file: networklockpersist off networklock off Kind regards Quote Share this post Link to post
zedik 1 Posted ... Succes! I uninstalled and reinstalled AirVPN Suite. Modified ~/.config/goldcrest.rc file:↓ air-server Tianguan air-vpn-type wireguard ### air-user zedik air-password xxxxxxxxxxxxx air-key Default ## air-white-country-list <country> ######## network-lock on and command:↓ goldcrest --air-connect --air-vpn-type wireguard --network-lock on Gives me:↓ Connection started at: Sat, 21 March 2026 16:34:20 Connection started by Goldcrest - AirVPN Bluetit Client 2.0.0, user xxxx So I am connected and next I'll tray splitting traffic — after rest. However, I would like to know how to tell goldcrest to choose best server from Oceania as I am in Australia. Quote Share this post Link to post
Staff 10494 Posted ... 3 hours ago, zedik said: However, I would like to know how to tell goldcrest to choose best server from Oceania as I am in Australia. Hello! We're glad to know that you managed to resolve the problem. For this new purpose tell Goldcrest to connect generically to Oceania (or New Zealand, since in OC we have servers only in NZ because of the infamous "anti-encryption" legal framework in Australia). Example: goldcrest --air-connect --air-country OC Note that "air-country" accepts continent codes too. Kind regards Quote Share this post Link to post
zedik 1 Posted ... Suggested command:→ goldcrest --air-connect --air-country OC gives me:→ ERROR: country 'oc' does not exist (NZ - the same) I think goldcrest & bluetit are to complicated to me and I'll be using wg-quick. Quote Share this post Link to post
Staff 10494 Posted ... 53 minutes ago, zedik said: Suggested command:→ goldcrest --air-connect --air-country OC gives me:→ ERROR: country 'oc' does not exist (NZ - the same) Hello! Sorry for the typo. Oceania continent code for Bluetit is OCE, not OC. Bluetit follows IOC continent code convention used by the International Olympic, since there is no ISO code for them. Or you could just specify the whole name, Oceania. NZ is recognized correctly though, so your report is incorrect in this regard. 53 minutes ago, zedik said: I'll be using wg-quick. Just keep in mind that you don't have many features, such as integration or namespace management for safe traffic splitting, and above all be aware that you don't have a leaks prevention feature (network lock). If you deem it necessary take care to reproduce it. If you don't, please do not complain about traffic leaks. Kind regards Quote Share this post Link to post
zedik 1 Posted ... I have killswitch as I mentioned earlier: sudo ./wg-killswitch-nft.sh up wg0 sudo ./wg-killswitch-nft.sh down wg0 I downloaded killswitch from: https://github.com/xtarlit/wg-killswitch-nft Quote Share this post Link to post
Staff 10494 Posted ... 20 minutes ago, zedik said: I have killswitch as I mentioned earlier: sudo ./wg-killswitch-nft.sh up wg0 sudo ./wg-killswitch-nft.sh down wg0 I downloaded killswitch from: https://github.com/xtarlit/wg-killswitch-nft Hello! Yes, but you are using it improperly according to your first message. Note how you are exposed between the connection and the manual execution of the script (not to mention in case a failure occurs etc.). A good mitigation of the main problem would be integrating leaks prevention in WireGuard PostUp / PostDown events or just coding a whole script of your own that executes and checks for errors everything. In order to pick the "best" server in New Zealand, you can rely on nz3.vpn.airdns.org domain name. The Configuration Generator will also take care to put it in the profile end point line if you select "New Zealand" country or "Oceania" continent during the selection. NOTE: we did not examine the script, so we are not implying that it works or doesn't work. Kind regards Quote Share this post Link to post
Not connected, Your IP: 216.73.216.182
Online: 42890 users - 557648 Mbit/s total BW