Linux: AirVPN Suite 2.1.0 preview available

[Staff 10537]

Hello!

We're very glad to inform you that AirVPN Suite version 2.1.0 alpha 1 is now available for x86-64 based Linux systems. 
UPDATE 2026-05-13: AirVPN Suite 2.1.0 beta 1 is now available.
UPDATE 2026-05-27: AirVPN Suite 2.1.0 Release Candidate 1 is now available.

AirVPN Suite 2.1.0 development focuses on bug fixes, improved IPv6 management and aims at a quick release. New features are planned for the major new version (probably 3.0.0) to offer complete AmneziaWG support. Main changes:

• very large routing table should not cause Bluetit to crash anymore
• more accurate detection of default gateway
• several IPv6 addresses management fixes
• more accurate detection of network availability
• option to tunnel or not IPv4 traffic over an IPv6 tunnel

 

Changelog

 

Changelog for AirVPN Suite
 

Version 2.1.0 Release Candidate 1 - 27 May 2026

• [ProMIND] updated to OpenVPN-AirVPN 3.12 (20260508)

airvpntools

• [ProMIND] setBootServerIPv6Mode() renamed to setBootServerIPMode()
• [ProMIND] added new method capitalizeWord()

airvpnuser

• [ProMIND] getOpenVPNProfile(): changed interface. Replaced connectIPv6 and mode6to4 with ipMode
• [ProMIND] getWireGuardProfile(): changed interface. Added mtu. Replaced connectIPv6 and mode6to4 with ipMode

network

• [ProMIND] getGatewayFromRouteTable(): msgBuf is now dynamically allocated (currently to 32KiB)
• [ProMIND] getGatewayFromRouteTable(): socket's receive buffer set to 1MiB
• [ProMIND] getGatewayFromRouteTable(): revised code for a more strict and reliable scan
• [ProMIND] added methods isValidIPAddress(), isValidIPv4() and isValidIPv6()
• [ProMIND] parseIpSpecification(): fixed IPv6 specification handling
• [ProMIND] added enum IPMode
• [ProMIND] enum IPFamily: added UNDEFINED
• [ProMIND] parseIpSpecification(): Improved IP address check

openvpnclient

• [ProMIND] resolveProfile(): changed interface. Replaced ipv6 with IPMode
• [ProMIND] replaced TUN_LINUX with TunNetlink::TunMethods

trafficsplit

• [ProMIND] enable(): added namespace's interface name to both IPv4 and IPv6 routes
• [ProMIND] enable(): improved IPv6 routing procedure

wireguardclient

• [ProMIND] resolveProfile(): changed interface. Replaced ipv6 with IPMode
• [ProMIND] resolveProfile(): fixed hostname parsing
• [ProMIND] setup(): check validity for both IPv4 and IPv6 gateways
• [ProMIND] profileNeedsResolution(): fixed IPv6 address handling
• [ProMIND] setConfiguration(): fixed IPv6 address handling
• [ProMIND] resolveProfile(): fixed IPv6 address handling

 

 

Changelog for Bluetit

Version 2.1.0 Release Candidate 1 - 27 May 2026

• [ProMIND] run control file directives trafficsplitipv4 and trafficsplitipv6 are now parsed with Network::parseIpSpecification().
• [ProMIND] improved network settings for traffic split according to run control file specifications (mainly, custom IP addresses)

Version 2.1.0 beta 1 - 11 May 2026

• [ProMIND] added run control directive airvpn4to6
• [ProMIND] added client option --air-4to6
• [ProMIND] replaced airVpnIPv6Mode and airVpn6to4Mode with airVpnIPMode
• [ProMIND] replaced airVpnBootConnectionIPv6 with airVpnBootConnectionIPMode
• [ProMIND] start_airvpn_connection(): send IPMode to log

 

Changelog for Hummingbird

Version 2.1.0 RC 1 - 27 May 2026

• [ProMIND] no change

Version 2.1.0 beta 1 - 11 May 2026

• [ProMIND] no change

 

Changelog for Goldcrest

Version 2.1.0 Release Candidate 1

• [ProMIND] No change

Version 2.1.0 beta 1 - 11 May 2026

• [ProMIND] added client option air-4to6 to run control file

 

Changelog for Cuckoo

Version 2.1.0 Release Candidate 1 - 27 May 2026

• [ProMIND] removed dynamic link to libxml2

Version 2.1.0 beta 1 - 11 May 2026

• [ProMIND] no change

 

 

Download URL

x86-64: https://eddie.website/repository/AirVPN-Suite/2.1.0-RC1/AirVPN-Suite-x86_64-2.1.0-RC-1.tar.gz
x86-64 SHA-2: https://eddie.website/repository/AirVPN-Suite/2.1.0-RC1/AirVPN-Suite-x86_64-2.1.0-RC-1.tar.gz.sha512

x86-64 legacy: https://eddie.website/repository/AirVPN-Suite/2.1.0-RC1/AirVPN-Suite-x86_64-legacy-2.1.0-RC-1.tar.gz 
x86-64 legacy SHA-2: https://eddie.website/repository/AirVPN-Suite/2.1.0-RC1/AirVPN-Suite-x86_64-legacy-2.1.0-RC-1.tar.gz.sha512

ARM 64 bit: https://eddie.website/repository/AirVPN-Suite/2.1.0-RC1/AirVPN-Suite-aarch64-2.1.0-RC-1.tar.gz 
ARM 64 bit SHA-2: https://eddie.website/repository/AirVPN-Suite/2.1.0-RC1/AirVPN-Suite-aarch64-2.1.0-RC-1.tar.gz.sha512

ARM 64 bit legacy: https://eddie.website/repository/AirVPN-Suite/2.1.0-RC1/AirVPN-Suite-aarch64-legacy-2.1.0-RC-1.tar.gz 
ARM 64 bit legacy SHA-2: https://eddie.website/repository/AirVPN-Suite/2.1.0-RC1/AirVPN-Suite-aarch64-2.1.0-RC-1.tar.gz.sha512

ARM 32 bit: https://eddie.website/repository/AirVPN-Suite/2.1.0-RC1/AirVPN-Suite-armv7l-2.1.0-RC-1.tar.gz 
ARM 32 bit SHA-2: https://eddie.website/repository/AirVPN-Suite/2.1.0-RC1/AirVPN-Suite-armv7l-legacy-2.1.0-RC-1.tar.gz.sha512 

ARM 32 bit legacy: https://eddie.website/repository/AirVPN-Suite/2.1.0-RC1/AirVPN-Suite-armv7l-legacy-2.1.0-RC-1.tar.gz 
ARM 32 bit legacy SHA-2: https://eddie.website/repository/AirVPN-Suite/2.1.0-RC1/AirVPN-Suite-armv7l-legacy-2.1.0-RC-1.tar.gz.sha512 


If you wish to test, thank you very much! Please feel free to report here any bug and malfunction you find!

Kind regards & datalove
AirVPN Staff

[colorman 30]

First test:

Note with  ./goldcrest AirVPN_Netherlands_UDP-443-Entry3.ovpn
No problem 😁

 

@localhost:/usr/local/bin> ./goldcrest AirVPN_Belgium_UDP-1637-Entry3.conf
Goldcrest - AirVPN Bluetit Client 2.1.0 alpha 1 - 23 April 2026

2026-04-25 17:03:13 Reading run control directives from file /home/gerrit/.config/goldcrest.rc
2026-04-25 17:03:13 Bluetit - AirVPN WireGuard/OpenVPN3 Service 2.1.0 alpha 1 - 23 April 2026
2026-04-25 17:03:14 OpenVPN core 3.12 AirVPN (20260206) linux x86_64 64-bit
2026-04-25 17:03:14 Copyright (C) 2012- OpenVPN Inc. All rights reserved.
2026-04-25 17:03:14 OpenSSL 3.5.3 16 Sep 2025
2026-04-25 17:03:14 AirVPN WireGuard Client 2.0.0 Linux x86_64 64-bit
2026-04-25 17:03:14 Bluetit options successfully reset
2026-04-25 17:03:14 Requesting VPN connection to Bluetit
2026-04-25 17:03:14 Network filter and lock are using nftables
2026-04-25 17:03:14 Kernel module nf_tables is already loaded
2026-04-25 17:03:14 WARNING: firewalld is active on this system and may interfere with network filter and lock
2026-04-25 17:03:14 WARNING: firewalld is currently owning NFTables and this will prevent the system network f
ilter settings to be restored and cause an error. Please set NftablesTableOwner to "no" in /etc/firewalld/fire
walld.conf
2026-04-25 17:03:14 Network filter successfully initialized
2026-04-25 17:03:14 Private network is allowed to pass the network filter
2026-04-25 17:03:14 Ping output is allowed to pass the network filter
2026-04-25 17:03:14 IPv6 NDP is allowed to pass the network filter
2026-04-25 17:03:14 Local interface lo - IPv4 127.0.0.1 IPv6 ::1
2026-04-25 17:03:14 Local interface enp6s0 - IPv4 192.168.178.11 IPv6 2001:1c04:588:e400:23da:d20e:1229:fd80 I
Pv6 2001:1c04:588:e400:c866:1f63:a0b9:4a41 IPv6 fe80::35a5:513a:4743:88bd
2026-04-25 17:03:14 Default IPv4 gateway via 192.168.178.1 dev enp6s0
2026-04-25 17:03:14 Default IPv6 gateway via fe80::3a17:b1ff:fe40:9189 dev enp6s0
2026-04-25 17:03:14 Starting WireGuard synchronous connection
2026-04-25 17:03:14 ERROR: gateway 192.168.178.1 on interface enp6s0 has the same metrics (2147483647) of gate
way  on interface . Network routing can be unpredictable in most cases. Please fix  your routing table.
2026-04-25 17:03:14 Kernel module wireguard is already loaded
2026-04-25 17:03:14 WireGuard client successfully created and initialized.
2026-04-25 17:03:14 WireGuard Connect thread exception: Cannot resolve hostname
2026-04-25 17:03:14 Bluetit session terminated

 

[Staff 10537]

@colorman

Hello and thank you for your tests!
 

Quote

2026-04-25 17:03:14 WARNING: firewalld is active on this system and may interfere with network filter and lock
2026-04-25 17:03:14 WARNING: firewalld is currently owning NFTables and this will prevent the system network filter settings to be restored and cause an error. Please set NftablesTableOwner to "no" in /etc/firewalld/firewalld.conf

This is a critical situation which will cause Network Lock to falter and lead to firewall system settings restore problems. Please fix it according to the quoted instructions. Should you have already adhered to the aforementioned guidance and Bluetit continues to issue that warning, we kindly ask you to apprise us forthwith.
 

Quote

2026-04-25 17:03:14 ERROR: gateway 192.168.178.1 on interface enp6s0 has the same metrics (2147483647) of gate
way  on interface . Network routing can be unpredictable in most cases. Please fix  your routing table.

This critical error suggests that something goes wrong in Bluetit's gateway(s) detection. Probably the error shall endure even after the prior misconfiguration has been rectified. If so, please send us the output of the following commands:
 

ip a
ip route show
ip route get 0.0.0.0

Kind regards
 

[colorman 30]

I do not see NftablesTableOwner in /etc/firewalld/firewalld.conf

# firewalld config file

# default zone
# The default zone used if an empty zone string is used.
# Default: public
DefaultZone=public

# Clean up on exit
# If set to no or false the firewall configuration will not get cleaned up
# on exit or stop of firewalld.
# Default: yes
CleanupOnExit=yes

# Clean up kernel modules on exit
# If set to yes or true the firewall related kernel modules will be
# unloaded on exit or stop of firewalld. This might attempt to unload
# modules not originally loaded by firewalld.
# Default: no
CleanupModulesOnExit=no

# Lockdown
# If set to enabled, firewall changes with the D-Bus interface will be limited
# to applications that are listed in the lockdown whitelist.
# The lockdown whitelist file is lockdown-whitelist.xml
# Default: no
Lockdown=no

# IPv6_rpfilter
# Performs a reverse path filter test on a packet for IPv6. If a reply to the
# packet would be sent via the same interface that the packet arrived on, the
# packet will match and be accepted, otherwise dropped.
# The rp_filter for IPv4 is controlled using sysctl.
# Note: This feature has a performance impact. See man page FIREWALLD.CONF(5)
# for details.
# Default: yes
IPv6_rpfilter=yes

# IndividualCalls
# Do not use combined -restore calls, but individual calls. This increases the
# time that is needed to apply changes and to start the daemon, but is good for
# debugging.
# Default: no
IndividualCalls=no

# LogDenied
# Add logging rules right before reject and drop rules in the INPUT, FORWARD
# and OUTPUT chains for the default rules and also final reject and drop rules
# in zones. Possible values are: all, unicast, broadcast, multicast and off.
# Default: off
LogDenied=off

# FirewallBackend
# Selects the firewall backend implementation.
# Choices are:
#    - nftables (default)
#    - iptables (iptables, ip6tables, ebtables and ipset)
# Note: The iptables backend is deprecated. It will be removed in a future
# release.
FirewallBackend=nftables

# FlushAllOnReload
# Flush all runtime rules on a reload. In previous releases some runtime
# configuration was retained during a reload, namely; interface to zone
# assignment, and direct rules. This was confusing to users. To override this
# behavior set this to "yes".
# Default: no
FlushAllOnReload=no

# ReloadPolicy
# Policy during reload. By default all traffic except for established
# connections is dropped while the rules are updated. Set to "DROP", "REJECT"
# or "ACCEPT". Alternatively, specify it per table, like
# "OUTPUT:ACCEPT,INPUT:DROP,FORWARD:REJECT".
# Default: ReloadPolicy=INPUT:DROP,FORWARD:DROP,OUTPUT:DROP
ReloadPolicy=INPUT:DROP,FORWARD:DROP,OUTPUT:DROP

# RFC3964_IPv4
# As per RFC 3964, filter IPv6 traffic with 6to4 destination addresses that
# correspond to IPv4 addresses that should not be routed over the public
# internet.
# Defaults to "yes".
RFC3964_IPv4=yes

# NftablesFlowtable
# This may improve forwarded traffic throughput by enabling nftables flowtable.
# It is a software fastpath and avoids calling nftables rule evaluation for
# data packets. This only works for TCP and UDP traffic.
# The value is a space separated list of interfaces.
# Example value "eth0 eth1".
# Defaults to "off".
NftablesFlowtable=off

# NftablesCounters
# If set to yes, add a counter to every nftables rule. This is useful for
# debugging and comes with a small performance cost.
# Defaults to "no".
NftablesCounters=no

 

@localhost:/usr/local/bin> ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   inet 127.0.0.1/8 scope host lo
      valid_lft forever preferred_lft forever
   inet6 ::1/128 scope host noprefixroute  
      valid_lft forever preferred_lft forever
2: enp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
   link/ether a8:a1:59:2f:52:3e brd ff:ff:ff:ff:ff:ff
   altname enxa8a1592f523e
   inet 192.168.178.11/24 brd 192.168.178.255 scope global dynamic enp6s0
      valid_lft 85583sec preferred_lft 85583sec
   inet6 2001:1c04:588:e400:84e3:a53f:f3f1:cda5/64 scope global temporary dynamic  
      valid_lft 603984sec preferred_lft 85494sec
   inet6 2001:1c04:588:e400:c866:1f63:a0b9:4a41/64 scope global dynamic mngtmpaddr noprefixroute  
      valid_lft 604732sec preferred_lft 604732sec
   inet6 fe80::35a5:513a:4743:88bd/64 scope link noprefixroute  
      valid_lft forever preferred_lft forever
gerrit@localhost:/usr/local/bin> ip route show
default via 192.168.178.1 dev enp6s0  
default via 192.168.178.1 dev enp6s0 proto dhcp src 192.168.178.11 metric 100  
192.168.178.0/24 dev enp6s0 proto kernel scope link src 192.168.178.11  
192.168.178.0/24 dev enp6s0 proto kernel scope link src 192.168.178.11 metric 100  
gerrit@localhost:/usr/local/bin> ip route get 0.0.0.0
local 0.0.0.0 dev lo src 127.0.0.1 uid 1000  
   cache <local>

 

[Staff 10537]

2 hours ago, colorman said:

I do not see NftablesTableOwner in /etc/firewalld/firewalld.conf 

Hello!

Exactly. Add it (you can edit the file with any text editor with root privileges), set it to "no" and verify that the issue gets resolved.

NftablesTableOwner=no

then re-start firewalld. This is vital to let Bluetit operate "Network Lock" properly. Exclusive ownership of the firewall tables must be pondered on a case by case basis. In this case if you wish to enable "Network Lock" you can't assign exclusive ownership of the tables to firewalld.

 

2 hours ago, colorman said:

gerrit@localhost:/usr/local/bin> ip route show
default via 192.168.178.1 dev enp6s0  
default via 192.168.178.1 dev enp6s0 proto dhcp src 192.168.178.11 metric 100  
192.168.178.0/24 dev enp6s0 proto kernel scope link src 192.168.178.11  
192.168.178.0/24 dev enp6s0 proto kernel scope link src 192.168.178.11 metric 100  
gerrit@localhost:/usr/local/bin> ip route get 0.0.0.0
local 0.0.0.0 dev lo src 127.0.0.1 uid 1000  
   cache <local>

You have two default routes via 192.168.178.1 on the same interface (enp6s0), one without explicit metric (so metric 0) and one with metric 100. Such duplicates are harmless in general but Bluetit detects them, probably fails to understand that the metric of one of them is 0, and throws a critical error believing that the metric is the same for both. We'll work on the matter carefully. In the meantime just delete the duplicate route and configure your interface either fully static or fully DHCP to keep on testing 

Kind regards
 

[colorman 30]

43 minutes ago, Staff said:

You have two default routes via 192.168.178.1 on the same interface (enp6s0), one without explicit metric (so metric 0) and one with metric 100. Such duplicates are harmless in general but Bluetit detects them, probably fails to understand that the metric of one of them is 0, and throws a critical error believing that the metric is the same for both. We'll work on the matter carefully. In the meantime just delete the duplicate route and configure your interface either fully static or fully DHCP to keep on testing 

I checked the YAST network settings, but I only see 1 route.
Just to be sure, I also checked the cockpit; I don't see anything unusual.
By the way, I use openSUSE Slowroll.
I have no idea where else to look.
I didn't have any problems with the previous version.

Exactly. Add it (you can edit the file with any text editor with root privileges), set it to "no" and verify that the issue gets resolved.

NftablesTableOwner=no

then re-start firewalld. This is vital to let Bluetit operate "Network Lock" properly. Exclusive ownership of the firewall tables must be pondered on a case by case basis. In this case if you wish to enable "Network Lock" you can't assign exclusive ownership of the tables to firewalld.

 

I added it, but I don't see any change. I restarted the firewall and restarted the PC myself.

For now, I think I'll just go back to the previous version.
I will test it for you again later (I enjoy doing that).
As far as my knowledge allows.
 

[Staff 10537]

15 hours ago, colorman said:

I have no idea where else to look.

Hello!

We already told you where to look at and you already provided evidence of the duplicate and exposing Bluetit's bug, don't worry and thank you. No further action is required at the moment.
 

15 hours ago, colorman said:

I added it, but I don't see any change. I restarted the firewall and restarted the PC myself.

You must see that Bluetit's warning about exclusive tables ownership disappears and Network Lock now works properly. firewalld exclusive tables ownership prevents Network Lock from working properly on any Suite version, obviously.

Kind regards
 

[colorman 30]

8 minutes ago, Staff said:

You must see that Bluetit's warning about exclusive tables ownership disappears and Network Lock now works properly. firewalld exclusive tables ownership prevents Network Lock from working properly on any Suite version, obviously.

This is what I did in firewald.conf
I still see the message.

# firewalld config file

# default zone
# The default zone used if an empty zone string is used.
# Default: public
DefaultZone=public

# Clean up on exit
# If set to no or false the firewall configuration will not get cleaned up
# on exit or stop of firewalld.
# Default: yes
CleanupOnExit=yes

# Clean up kernel modules on exit
# If set to yes or true the firewall related kernel modules will be
# unloaded on exit or stop of firewalld. This might attempt to unload
# modules not originally loaded by firewalld.
# Default: no
CleanupModulesOnExit=no

# Lockdown
# If set to enabled, firewall changes with the D-Bus interface will be limited
# to applications that are listed in the lockdown whitelist.
# The lockdown whitelist file is lockdown-whitelist.xml
# Default: no
Lockdown=no

# IPv6_rpfilter
# Performs a reverse path filter test on a packet for IPv6. If a reply to the
# packet would be sent via the same interface that the packet arrived on, the
# packet will match and be accepted, otherwise dropped.
# The rp_filter for IPv4 is controlled using sysctl.
# Note: This feature has a performance impact. See man page FIREWALLD.CONF(5)
# for details.
# Default: yes
IPv6_rpfilter=yes

# IndividualCalls
# Do not use combined -restore calls, but individual calls. This increases the
# time that is needed to apply changes and to start the daemon, but is good for
# debugging.
# Default: no
IndividualCalls=no

# LogDenied
# Add logging rules right before reject and drop rules in the INPUT, FORWARD
# and OUTPUT chains for the default rules and also final reject and drop rules
# in zones. Possible values are: all, unicast, broadcast, multicast and off.
# Default: off
LogDenied=off

# FirewallBackend
# Selects the firewall backend implementation.
# Choices are:
#    - nftables (default)
#    - iptables (iptables, ip6tables, ebtables and ipset)
# Note: The iptables backend is deprecated. It will be removed in a future
# release.
FirewallBackend=nftables

# FlushAllOnReload
# Flush all runtime rules on a reload. In previous releases some runtime
# configuration was retained during a reload, namely; interface to zone
# assignment, and direct rules. This was confusing to users. To override this
# behavior set this to "yes".
# Default: no
FlushAllOnReload=no

# ReloadPolicy
# Policy during reload. By default all traffic except for established
# connections is dropped while the rules are updated. Set to "DROP", "REJECT"
# or "ACCEPT". Alternatively, specify it per table, like
# "OUTPUT:ACCEPT,INPUT:DROP,FORWARD:REJECT".
# Default: ReloadPolicy=INPUT:DROP,FORWARD:DROP,OUTPUT:DROP
ReloadPolicy=INPUT:DROP,FORWARD:DROP,OUTPUT:DROP

# RFC3964_IPv4
# As per RFC 3964, filter IPv6 traffic with 6to4 destination addresses that
# correspond to IPv4 addresses that should not be routed over the public
# internet.
# Defaults to "yes".
RFC3964_IPv4=yes

# NftablesFlowtable
# This may improve forwarded traffic throughput by enabling nftables flowtable.
# It is a software fastpath and avoids calling nftables rule evaluation for
# data packets. This only works for TCP and UDP traffic.
# The value is a space separated list of interfaces.
# Example value "eth0 eth1".
# Defaults to "off".
NftablesFlowtable=off

# NftablesCounters
# If set to yes, add a counter to every nftables rule. This is useful for
# debugging and comes with a small performance cost.
# Defaults to "no".
NftablesCounters=no

Nftables TableOwner=no

 

[Staff 10537]

27 minutes ago, colorman said:

Nftables TableOwner=no

Hello!

Syntax error. Check our previous message and fix accordingly, there's an undue space character between "Nftables" and "TableOwner" that must be deleted, otherwise the option is not recognized.

Kind regards
 

[colorman 30]

5 hours ago, Staff said:

Hello!

Syntax error. Check our previous message and fix accordingly.

Kind regards
 

I'll keep looking.

Thanks

Update:
AirVPN Bluetit Client 2.0.0 - 22 July 2025
(check 2.1.0 the same notifications)

The message I saw earlier is gone after a fresh start.
There are still 2 warnings with openvpn.


There are still 2 warnings.

2026-04-27 13:56:58 WARNING: firewalld is active on this system and may interfere with network filter and lock (With Wireguard, only this message.)

2026-04-27 13:56:59 WARNING: NetworkManager is active on this system and may interfere with DNS management as
well as causing DNS leaks

 

 

[Staff 10537]

Hello!

We're very glad to inform you that AirVPN 2.1.0 beta 1 is now available. Please check here:
https://airvpn.org/forums/topic/80022-linux-airvpn-suite-210-preview-available/

This version includes even more bug fixes and IPv6 management improvements. It is linked against updated libraries.
 

NEW BLUETIT AND GOLDCREST OPTION

air-4to6
Enables or disables IPv4 over IPv6 for AirVPN connection.
This option is available when the tunnel is built on IPv6, i.e. air-ipv6 on. When air-4to6 option is on or omitted, both IPv4 and IPv6 traffic will be sent over the IPv6 tunnel. Values: on | off . Default: on

Kind regards
 

[colorman 30]

First test


@localhost:/usr/local/bin> ./goldcrest AirVPN_Belgium_UDP-1637-Entry3.conf
This isn't working?
@localhost:/usr/local/bin> ./goldcrest AirVPN_Netherlands_UDP-443-Entry3.ovpn
No problems.
 

@localhost:/usr/local/bin> ./goldcrest AirVPN_Belgium_UDP-1637-Entry3.conf
Goldcrest - AirVPN Bluetit Client 2.1.0 beta 1 - 11 May 2026

2026-05-14 17:18:16 Reading run control directives from file /home/gerrit/.config/goldcrest.rc
2026-05-14 17:18:16 Bluetit - AirVPN WireGuard/OpenVPN3 Service 2.1.0 beta 1 - 11 May 2026
2026-05-14 17:18:16 OpenVPN core 3.12 AirVPN (20260508) linux x86_64 64-bit
2026-05-14 17:18:16 Copyright (C) 2012- OpenVPN Inc. All rights reserved.
2026-05-14 17:18:16 OpenSSL 3.5.3 16 Sep 2025
2026-05-14 17:18:16 AirVPN WireGuard Client 2.0.0 Linux x86_64 64-bit
2026-05-14 17:18:16 Bluetit options successfully reset
2026-05-14 17:18:16 Requesting VPN connection to Bluetit
2026-05-14 17:18:16 Network filter and lock are using nftables
2026-05-14 17:18:16 Kernel module nf_tables is already loaded
2026-05-14 17:18:16 WARNING: firewalld is active on this system and may interfere with network filter and lock
2026-05-14 17:18:16 Network filter successfully initialized
2026-05-14 17:18:16 Private network is allowed to pass the network filter
2026-05-14 17:18:16 Ping output is allowed to pass the network filter
2026-05-14 17:18:16 IPv6 NDP is allowed to pass the network filter
2026-05-14 17:18:16 Local interface lo - IPv4 127.0.0.1 IPv6 ::1
2026-05-14 17:18:16 Local interface enp6s0 - IPv4 192.168.178.11 IPv6 2001:1c04:588:e400:c866:1f63:a0b9:4a41 I
Pv6 2001:1c04:588:e400:826a:83d3:642a:f40a IPv6 fe80::35a5:513a:4743:88bd
2026-05-14 17:18:16 Default IPv4 gateway via 192.168.178.1 dev enp6s0
2026-05-14 17:18:16 Default IPv6 gateway via fe80::3a17:b1ff:fe40:9189 dev enp6s0
2026-05-14 17:18:16 Starting WireGuard synchronous connection
2026-05-14 17:18:16 Successfully loaded kernel module wireguard
2026-05-14 17:18:16 WireGuard client successfully created and initialized.
2026-05-14 17:18:16 Allowing system IPv4 DNS 84.116.46.20 to pass through the network filter
2026-05-14 17:18:16 Allowing system IPv4 DNS 84.116.46.21 to pass through the network filter
2026-05-14 17:18:18 WireGuard Connect thread exception: Cannot resolve hostname Endpoint
2026-05-14 17:18:18 Session network filter and lock are now disabled
2026-05-14 17:18:18 Bluetit session terminated

 

[Staff 10537]

On 5/14/2026 at 5:23 PM, colorman said:

2026-05-14 17:18:18 WireGuard Connect thread exception: Cannot resolve hostname Endpoint

Hello!

Confirmed.

This is a bug that has been lurking in the code for a long time (probably since the early 2.0.0 testing versions). It has been addressed so you will see a fix on the next version already. Thank you for your tests!

Kind regards
 

[lexsilico 2]

Hi,
no issue detected for me with the beta version for now.
Thank you

[Titums 3]

I found my way to this thread due to "getGatewayFromRouteTable(): Received invalid packet from socket".  Super convenient timing as I just hit this error today on a new system.  This build resolved the error and seems to work just fine in the limited testing I've done so far.

[Staff 10537]

Hello!

We're glad to announce that AirVPN Suite 2.1.0 Release Candidate 1 is now available. It features an additional bug fix, a few more refinements on IPv6 management and improved traffic splitting namespace management. Please see the first message of this thread for complete description, full changelog and download URLs.

Thank you in advance if you wish to test! Please feel free to report any glitch and bug on this thread.

Kind regards