Jump to content
Not connected, Your IP:


Popular Content

Showing content with the highest reputation since 08/21/20 in all areas

  1. 3 points
    Hello, last year I had written a wrapper for Eddie's CLI version (in bash) to be able to use it more easily and extensively in the linux command line like the GUI, but with less resources. I have used it since then every day without problems, but now I have finally gotten to overhaul it and adjust it to Hummingbird because it is just so much faster! I also tried to make it more easy to configure (by having a separate configuration file) and added some new functionality like support (and automatic recognition) of iptables and nftables to lock down the system even without being connected to AirVPN and automatic connection at boot with a systemd unit. Again, feel free to use this as you wish, I hope someone can benefit from this. I'm happy about any improvements and corrections and will update this if I find the time. Features graphical interface in the command line to connect to AirVPN with Hummingbird (no Eddie involved) runs in background, the interface can be closed/opened anytime without affecting the running connection possibility to connect to any server with just one ovpn configuration file easily connect to a random server, to a recommended server, to the recommended server of a specific country or to a specific server sortable list of all servers including info like used bandwidth, load and number of users possibility to connect to other VPNs with openconnect lock down system by default (permanently if you want), so even without AirVPN/Hummingbird running there won't be any unwanted network traffic automatically establish connection at boot (which can later be controlled via the interface) logging of Hummingbird's output (number of days to keep logs for can be adjusted) system notifications to let you know what happens in the background Some general notes The default network lock determines, like Hummingbird itself, if iptables, iptables-legacy or nftables is available on your system and will use the first one found in that list. You can overwrite that by specifying which one to use in the configuration file. Once activated, the lock will stay in place until manually deactivated, so no internet connection will be possible unless connected to AirVPN or other whitelisted VPNs. You can make the lock permanent (or rather activate at boot) by enabling that option in the configuration file. AirVPN's network lock overwrites the default network lock, so there will be no interference. IMPORTANT: If you have any frontend firewall for iptables/nftables running, you might to disable that or read up on how it might interfere with rule changes you make directly via iptables/nft. The same thing applies if you use just Hummingbird itself. If you enable the default permanent network lock, it will write the lock rules at boot, most likely overwriting rules by firewalld or the like, but other enabled firewalls might interfere later. Also important: If you have SELinux and you want to use nftables for Hummingbird starting at boot, you have to create a SELinux exception for nft bcause otherwise it will be denied and Hummingbird starts without setting up its own lock, thus leaving you unprotected (AirVPN staff is aware of this issue). You can do that with audit2allow. Follow for example this guide to troubleshoot the problem and fix it with the solution given by sealert. Check your /etc/resolv.conf file while not running Hummingbird (because Hummingbird's network lock replaces that file temporarily) to make sure your router is not set as a nameserver (so no 192.168... address). Some routers will push themselves on that list by DHCP whenever you connect to their network. Since communication with the router is allowed in the lock rules, DNS requests will be handled by the router and sent to whatever DNS server is configured there even when network traffic should be blocked. There are ways to prevent that file from being changed by DHCP, best configure network manager for that if you use it. To connect to other VPNs, their IPs must be whitelisted and DNS requests for their domains must be allowed in the default network lock rules (netfilter_ipbatles.rulesipv4/ipv6 and/or netfilter_nftables.rules). Only edit those files with the default network lock deactivated. The rules for airvpn.org can be copied and adjusted. You can set custom options for Hummingbird in the interface or the configuration file. All the possible options can be found in the Hummingbird manual or with sudo hummingbird --help Apart from dialog I tried to only use basic system tools. The scripts will check if everything needed is present, if not they will exit. At least bash 4 is needed. The scripts rely mostly on dialog, awk and curl (and iptables/nft as described and openconnect if needed), so it should work on most systems. I wrote and tested this on Fedora 32 with Hummingbird 1.0.3. It should be possible to use any ovpn config file generated by the AirVPN's config generator. Even with the file for one specific server it should be possible to connect to any other server because the server override function is used here. I haven't tested that extensively though and just use the config file for earth. AirVPN's API seems to be a little unreliable sometimes as in not correctly reporting the connection status. Sometimes the API reports me not being connected although I am connected to an AirVPN server. This is no big deal, it just means that the connection status sometimes may be shown falsely as disconnected. If you have the default network lock activated, no traffic would be possible if you were actually disconnected. And, lastly, VERY IMPORTANT: I am still no programmer and do this only on this on the side, so even though I tried my best to make these scripts secure and error free, there might very well be some bad practice, never-ever-do-this mistakes or other hiccups in there. It works very well for me (and has for quite a while by now), but better check it yourself. UPDATE As of 2020/08/29 this project including updates, changelog and further instructions is publicly available on GitLab. There it can be more easily examined, downloaded and updated. Thus I have removed the scripts, installation instructions and the archive with all the files from this post. Check out the GitLab project for the newest version. VPNControl.tar
  2. 2 points
    I noticed your post right after I posted mine. I'm getting the same result as you, and have sent a support request through the client area while also posting here. I got a reply that my request has been forwarded to the Eddie developers. If I get a response from the Eddie developers before one is posted here I will pass the info on.
  3. 2 points

    VPNs - Caught in Lying!?!

    @arteryshelby We do not log and/or inspect our customers' traffic. Since 2010 you can't produce any single case, and not even the slightest clue, in which the identity of an AirVPN customer has been disclosed through traffic log and/or inspection and/or any other invasive method. It means a lot, given that various younger VPN services have been caught lying (ascertained court cases) and that AirVPN is now the oldest still active VPN service, with the exception of a minor service which anyway changed ownership twice in the last 12 years. By the way we have never asked our customers to blindly believe in our words. We do not block Tor and we even integrate its usage in our software, so you can be even safer if you can't afford to trust us OR some datacenter. For example you can use Tor over OpenVPN, to hide Tor usage to your country and ISP, and at the same time hide your traffic real origin, destination, protocol etc. to us and the datacenter the server is connected into. Last but not least, we invest a lo of money in Tor infrastructure and in 2017, 2018 and 2019 more than 2.5% of global world Tor network traffic transited on Tor exit-nodes paid by AirVPN. It is an important achievement we're proud of, and it hints to good faith. Kind regards
  4. 2 points
    Same issue on windows 10 for me I was able to solve/bypass the issue by changing 'networking' settings to; Layer IPv4: Inside tunnel (must be supported) Layer IPv6: Block Internet protocol used for connection: IPv4, IPv6
  5. 1 point
    @Flx No reboots have been recorded and no daemons have been restarted. However some Amanah servers have suffered a line blackout at ~ 3.30 AM (UTC) for several minutes. We also see that the problem was sorted out just before 4 AM. During the blackout they could not communicate at all. It might be the problem you mention. Check the real time server monitor and when you mention time remember to specify time zone. No communications from Amanah so far. Kind regards
  6. 1 point
    Thanks # giganerd! Eddie needed a restart, now it works perfectly!
  7. 1 point

    HOW TO: get openVPN working in Kodi

    This manual is primarily intended for LibreELEC/CoreELEC/OpenELEC users, from version 7, there OpenVPN is already integrated. But in general it should work with Linux and Windows, but OpenVPN may have to be installed there first. For more information, see also: https://github.com/Zomboided/service.vpn.manager/wiki/01.-Installation This manual is based on the unofficial build of kszaq LibreELEC with Kodi (Krypton) 17.6 and "VPN Manager for openVPN" 4.9.9. After I've tried for hours to get openVPN working in LibreELEC in order to be able using Zattoo (HIQ) via switzerland-airVPN-server, here a small HOW TO, so hopefully it would be easier for others. 1. Use the Config Generator in client area in order to create a configuration file. Select as operating system Linux (I did) or RPiSelect as protocol udp (recomended), Port 443Select nothing else, no advanced mode, no proxySelect a server (for me it has to be one from switzerland) by single server! I have experienced, that if you choose "by country", sometimes it won't work (probably because one or more servers, which are then automatically selected, are not recognized as swiss servers). You can test the single servers with your already working system to see whether they should be recognized for what they are. One server is enough, because later only one server can be used for automatic connection establishment in the VPN Manager anyway. But you can also create several server-files, if you want (and later mark the files in green, you'll see it in one of the next steps.).Create and downlaod the .ovpn file(s).2. Download the zomboided repository on your PC. With this you can download later on the service-vpn-manager (to manage openvpn) and its updates. You can get it from here: https://github.com/Zomboided/repository.zomboided.plugins And maybe interesting: https://github.com/Zomboided/service.vpn.manager/wiki There you can read, what it does and how it works. 3. Copy the two files (zomboided repo and .ovpn file) in the download-folder of Kodi (your OE/LE/CE machine). For connecting your PC with your device you can use e.g. SAMBA. An other way is e.g. to copy the files to an USB-Stick and work with this. 4. Now go into your Kodi menu. Enable install from unknown sources (for more informations take a look at the Wiki-link above -> installation)Install the zomboided repository via Systems/Addons/InstallGo to the new installed zomboided repository and install the "vpn manager for openvpn".Now a wizard wants to start -> don't use it! (For me it did't work!) Instead change directly in this window into settings.In the new window (settings) you can see on the left the first entry "VPN configuration". It should be already selected.Move to right, just have a look at "Protocol (udp recomended)" and change it to udp, if necessary. Don't change anything else (don't care about all the things like username or password!), but scroll directly down to "user defined import wizard", select this.Confirm the next dialog box with OK.Next dialog box should be: "Any existing user defined settings and files will be deleted. Do you want to continue?" -> YesNext dialog box: "Select all files needed ...", you can choose between files and directory -> choose "files"Navigate to the folder you have stored the .ovpn file, select it (it turns green) and click OK.(I'm not sure about this point. I recently had a device, the next steps (from "Now in the settings window again...") did not work. So maybe you'd better move on to the next to steps.) Next dialog box: "Update the .ovpn files ...?" -> NoNext dialog box: "Update the .ovpn files ...?" -> YesNext dialog box: "Rename the .ovpn files ...?" -> YesNext dialog box: "Import wizard finished ..." -> OKNow in the settings window again, go down on left side to "VPN connections".Go right to "First vpn connection ..." and click it. Wait a moment ...In the new dialog box: Heading "select first vpn profile", you should find something like "AIR_VPN_..._UDP..." or maybe just an IP-Adress -> select it and click OKNow you should get a new dialog box with: "Connected to a VPN ..." - gratulation, that's it!To make sure you don't forget, now go in the settings menu and click OK to save the settings you have made so far!Just a few more tips: Now you can go back to the settings menu and familiarize yourself a little bit. For example you should have a look at the "monitor" menu option on the left. There you can define, among other things, whether openVPN should connect automatically at system startup or even before the Kodi startup.An other interesting thing for example is the "Add-on Filter". There for example, you can define addons that should only work over a VPN connection. For example, if you only need a VPN connection when you start a specific addon like Zattoo HIQ, you can put this addon into the filter and the VPN Manager will automatically establish the openVPN connection when the addon is started. And it will not allow Internet access for the addon until the VPN connection is established. That's really very useful, I think!The VPN Manger is a great addon, once you have managed to feed it with data in the right way! Some passages are translated with www.DeepL.com/Translator
  8. 1 point
    aaah, yes, that did it! No more leak. Thank you so much to both of you guys!
  9. 1 point
    Check to which interface/IP address your torrent client binds. Set it to "Connexion au réseau local" or "TAP-Windows Adapter v9", whatever it shows up as. In qBittorrent you can set this in the Advanced section of its settings.
  10. 1 point

    ANSWERED IP leaking and proxy servers?

    It seems you didn't turn this feature on . It'll also still be perfectly possible to torrent with this turned on. On ipleak, you can similarly download a test torrent to confirm this.
  11. 1 point

    Torrent traffic

    If you're on a line beyond 100 MBit/s downlink, then it's entirely possible.
  12. 1 point
    Technical preview highlighted in blue https://build.openvpn.net/downloads/snapshots/openvpn-install-2.5_git-I607-Win10.exe
  13. 1 point
    Interesting thing I came across. Surprised to see no talk of this in the forum yet. https://lists.zx2c4.com/pipermail/wireguard/2019-September/004580.html
  14. 1 point
    You can still get it from snapshots if Beta1 Beta2 or Beta3 does not work in your case. https://build.openvpn.net/downloads/snapshots/
  15. 1 point

    ANSWERED IP leaking and proxy servers?

    Hello! You can start by considering updating your client from mid-2018 to 2020 .
  16. 1 point
    Chances are it's not only the torrent client leaking, but all applications, in which case a support file from Eddie would help. In Logs tab, click the lifebelt icon and paste or upload the output here.
  17. 1 point
    Hey all! I ran into an issue the other day when setting up AirVPN where I found alot of the AirVPN IP's appear to be blocked by my ISP. In my quest to resolve this issue, I ended up creating a script that uses fping and dig to get all the IPs for a region, check that they work, and add those to your AirVPN configuration. I figured this script might be helpful to some, so I'd share it here. You can download it here: https://gist.github.com/zikeji/144247cb20793a5a7c65653e5f7c572b A simple one line to download it and set the executable bit: wget https://gist.githubusercontent.com/zikeji/144247cb20793a5a7c65653e5f7c572b/raw/a414cc4f6828904992f18e0a0bdecf6cf5e4f85c/airvpn_remotes.sh -q -O airvpn_remotes.sh && chmod +x airvpn_remotes.sh Warning: Remember, for your safety ALWAYS review a downloaded script before executing it! The command's help output: airvpn_remotes.sh Description: Use dig and fping generate multiple remotes for an AirVPN config, replacing existing remote(s), and ignoring IPs that aren't responding. Remotes are placed in order of lowest ping to highest. Usage: airvpn_remotes.sh [--port=<int>] [--query=<fqdn>] [--ipv4] [--ipv6] [--remote-random] [--in-place] [input-file] airvpn_remotes.sh -h | --help Options: -h, --help Show this screen. -p <int>, --port=<fqdn> Override the port supplied on each remote line [default: 443]. -q <fqdn>, --query=<fqdn> Supply the DNS record you wish to query to use the IPs from [default: ca.all.vpn.airdns.org]. -s <ns>, --server=<ns> The name server you wish to query the records against [default: ns1.airvpn.org]. -c <int>, --count=<int> Change the amount of pings ran by fping for more accurate ping sorting [default: 4]. -4, --ipv4 Only query IPv4. -6, --ipv6 Only query IPv6. -r, --remote-random Add remote-random to the AirVPN config (this will cause OpenVPN to randomize the server order when connecting). -i<ext>, --in-place=<ext> Edit the file in place (makes backup if extension supplied), ignored if no input file is supplied. The first non-option argument is the name of the input file; if no input file is specified, then the standard input is read. All other non-option arguments after the first are ignored. You'll need to ensure dig and fping are installed on your distribution before you can use it. Additionally, if your system doesn't support IPv6 it'll only return IPv4 be default (because naturally pinging the IPv6 addresses will fail). And finally, I've only tested the script on Ubuntu 20.04, but hopefully you don't run into trouble. By default the script checks the DNS record AirVPN maintains for all of CA's servers. You can find out more about the records option here: https://airvpn.org/faq/servers_ip/ The help file should be pretty clear as to how to use the script, but I'll provide an example. I want to update my AirVPN.ovpn file with new remotes that'll be executed randomly and only include IPv4 remotes, and I want them from the Netherlands. Additionally, instead of connecting in order I want it to connect to a random server defined in the config. Since I use port 1194 instead of port 443, I also want each remote to use port 1194 instead of the default. I also want it to backup my original config before overwriting it. I would run: ./airvpn_remotes.sh -r4 -qnl.all.vpn.airdns.org -p1194 -iold AirVPN.ovpn Which would remove any lines from my AirVPN conf that are a remote or a remote-random and add the new remotes, sorted by lowest ping first (which is irrelevant because we're also adding remote-random). Hopefully this script might be useful for someone else as well!
  18. 1 point
    And you are supposed to be Jason Bourne?
  19. 1 point
    Resolve a DNS name to an IP and vice versa: airvpn.org <--> 2001:41d0:a:6034:: Ping a host, if it pings you back, it's online and reachable: $ ping airvpn.org -c4 PING airvpn.org(2001:41d0:a:6034:: (2001:41d0:a:6034::)) 56 data bytes 64 bytes from 2001:41d0:a:6034:: (2001:41d0:a:6034::): icmp_seq=1 ttl=56 time=19.4 ms 64 bytes from 2001:41d0:a:6034:: (2001:41d0:a:6034::): icmp_seq=2 ttl=56 time=17.9 ms 64 bytes from 2001:41d0:a:6034:: (2001:41d0:a:6034::): icmp_seq=3 ttl=56 time=18.6 ms 64 bytes from 2001:41d0:a:6034:: (2001:41d0:a:6034::): icmp_seq=4 ttl=56 time=18.9 ms --- airvpn.org ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3006ms rtt min/avg/max/mdev = 17.909/18.702/19.414/0.548 ms .
  20. 1 point
    Highly doubt that Discord is targetting VPNs, likely it is the IP address you are connected to have history of bad actors which lead them to send that warning. Keep in mind, it is common for website/services to ban VPN's IP due to bad actors. If you use the different server and you didn't get that warning, likely they are banning that specific IP due to those people. VPN is a double-edged sword, It brings privacy and at the same time, it attracted bad actors. It sucks but that is the way of internet life.
  21. 1 point

    ANSWERED OpenVPN & Linux (Mint)

    1 default via dev tun0 proto static metric 50 2 default via dev enp0s31f6 proto dhcp metric 100 3 dev tun0 proto kernel scope link src metric 50 4 via dev enp0s31f6 proto static metric 100 5 dev enp0s31f6 scope link metric 1000 6 dev enp0s31f6 proto kernel scope link src metric 100 7 dev enp0s31f6 proto static scope link metric 100 Line 1 is a default route via VPN (interface tun0) with a lower metric, therefore higher priority, than the other default route via your router in line 2 (50 vs. 100). This gives the VPN route priority. Therefore I can confirm that everything is routed through the VPN server. The only exceptions are line 4, the VPN server's IP, and line 6 which is your local network. IPv6 routes are negligible here; you don't seem to have IPv6 connectivity in your network.
  22. 1 point

    ANSWERED OpenVPN & Linux (Mint)

    Of course yes, and this on all platforms. But if you want a verification, enter these into a terminal while connected and post their output here: $ ip -4 r $ ip -6 r With 100 Mbit/s you should be downloading with more than 10 MB/s. Can you try a well seeded torrent like Ubuntu and see what throughput you get out of it? Not when connected with the router, of course.
  23. 1 point
  24. 1 point
    system_vpn_lock: true Just a remark: Since you are using Android 10, the VPN lock in Eddie is not needed. Consider setting up Always-On VPN option of Android and select Eddie as the VPN app. You will get a more sophisticated Network Lock this way. system_pause_vpn_when_screen_is_off: true This option is also potentially problematic in regard to your problem, but also as a whole. Everytime you turn off your screen, the VPN connection is disconnected, but not closed. This might provoke problems with connectivity. As for the log output, did I get it right that you changed from WIFI to WIFI, as in, from one network to another and not WIFI to 3G/4G or vice versa?
  25. 1 point
    The nearest to your physical location without vpn.
  26. 1 point
    Go to speedtest.net and find the nearest data server to your location. Record the url of that data server and go to the Servers tab on Air. Click on Check where it says Checking routes with the google address. Enter the data server url you got from speedtest and click Search. You'll have to refresh the page several times before most of the servers display a ping. Then, find the server with the lowest ping value (in or near your home country) and connect to it. If you're concerned about the load of a particular server, you can check it on the Server page. The server with the lowest ping and lowest load will be the 'best' choice statistically.
  27. 1 point

    Ports already reserved

    When you are going to forward a port you can leave it blank and it will pick a port number that is free for you. This way there's no to be trying and getting ports already reserved message. Then set that port on your app to use and you'll be ready to go. Hope this helps.
  28. 1 point
    Hi! I had your exact same error and Staff told me this: Please try to add the following custom directive in "Preferences" > "OVPN Directives": reneg-sec 1500 (it forces key renegotiation every 1500 seconds from client side, instead of waiting for server) and the problem should be greatly mitigated or even resolved. Hope this can help!
  29. 1 point
    That is actually a good bit of info for future problems, so thank you for sharing the final solution so we can reference it in threads to come. Enjoy!
  30. 1 point
    So, between all the suggestions all of you have made and suggestions from AIR support via e-mail, I finally got everything back to normal. Support kept telling me that the password it was asking for was a "master password" that I used when I first installed Eddie (I don't remember any such master password. In any case, after finally deleting default.xml (thanks giganerd) and rebooting and reinstalling, I still had the same problem. However, a new e-mail from support mentioned another file - ~/.airvpn/eddie, that I didn't realize I had to delete as well. So, after deleting both files, unistalling Eddie completely, rebooting and reinstalling Eddie 2.19.4, I finally got everything to work and back to normal. Thanks to all you tech whizzes for all your help. This is an awesome group of support staff and users!! Onward ho! Problem solved!
  31. 1 point
    When using the mentioned sudo -i as an example, a sample entry in /var/log/auth.log (or with dmesg -f auth) would look like this: Aug 21 15:08:57 computername sudo: sudoer : TTY=pts/1 ; PWD=/home/sudoer ; USER=root ; COMMAND=/bin/bash Aug 21 15:08:57 computername sudo: pam_unix(sudo:session): session opened for user root by sudoer(uid=0) So it's not only logged who did it, but also when, where and what, followed by PAM stating if authentication was successful or not. macOS path to the profile is by default /Users/(username)/.eddie/default.profile, for older versions /Users/(username)/.airvpn/default.profile. Note that .airvpn and .eddie are hidden folders. You need to explicitly configure Finder to show them. Should be a simple option somewhere in its settings.
  32. 1 point
    I want to make something clear. My Windows install (1709) is purely for gaming and AirVPN was great in the past for fixing routing / being stable (I also use it for other stuff on a dual boot too). Everywhere I go I hear "update windows" "sfc /scannow", all that jargon. I could write an essay on why I use 1709 and want the most stable OS / framerate / frametimes / DPC latency. It's really niche community but the end result is amazing. My point is, I want to get AirVPN working and not be lectured on my Windows install which happens everywhere I go. I have a question, what Windows services do I need to get AirVPN running? Base Filtering Engine gets the UI up and running but it constantly connects / disconnects and does not work which is why I was asking if anybody knew what Windows service was required. My Windows install works with 99% of things and AirVPN is the only thing I've not been able to get working which is why I've came here to get some help as I'm at a standstill. Thanks guys, I hope you can understand.
  33. 1 point
    Gigabit connection here, from Canada. I'm able to reach more than 600Mbps. Here is how: - wintun and OpenVPN 2.5 - ChaCha20 server - Ethernet connection I'm very happy with the speed after a lot of testing.
  34. 1 point

    asus wrt merlin connection issues

    AND, after a quick test, it works fine. I went for the IPv6 Passthrough option. No idea if that's right or wrong, but it works.
  35. 1 point
    Was able to sold the issue with an uninstall, reboot and reinstall so make sure to give that a go.
  36. 1 point
    This more of a warning than a request for support. After upgrading yesterday to Windows 10 Home Version 2004, the experimental wintun adapter installed from the openvpn 2.5 git wintun technology preview installer is no available in Adapter Settings. Trying to reinstall from this version was unsuccessful. Has anyone else noticed this? If so, has anyone had any luck reinstalling the adapter? Could you share how you did it? Thanks very much
  37. 1 point
    Hello @Pompelmo For the sake of clarity I would like to add a little disambiguation of devices as it can lead to confusion. From now on I will refer to one of its meanings in CAPITAL letters to distinguish what I'm referring to on every moment. The two meanings are: devices: as your computes, cell phones .. DEVICES: Names you can create on your user area for different certificates to use in your connections. As for AirVPN, they let you have 5 simultaneous connections for each account. Those connections can be from 5 different devices connecting as the same DEVICE (using that certificate) or from a different combination of DEVICES used from your devices. So the thing is: ¿Can you connect 2 or more devices to the same server? Well, you can, as long as they don't use the same certificate so you must use different DEVICES for this. The only catch of this multiple DEVICES connecting to the same server will be that port forwarding wont work normally on those servers with multiple connections from the same user. Hope I didn't do it more confusing than it already was.
  38. 1 point
    I have to say, Wintun is a whole heap more stable then TAP in W10.
  39. 1 point
    Personally I think that we should trust the Staff and AirVPN. We trust this service to protect our privacy, and AirVPN's mission statement (https://airvpn.org/mission/) is crystal clear. I don't think they are a bunch of lazy masochists who like scourging themselves with hundred of thousands lines of code instead of few thousands, they are people interested in standing by what they have written and when they say that they prefer using technologies validated, audited and tested they are just doing what we pay them for: protect OUR privacy and freedom; moreover, the service is not just used by Netflix users, torrenting people, and so on, but also by activists, NGOs, journalists and dissidents who can seriously risk their life if their privacy is left "unprotected" because the software they are using has not been properly and thoroughly tested. At the moment, to my knowledge, AirVPN is using the state of art (technically a bit more because they have improved OpenVPN forking it) of the VPN technologies to protect users' privacy both on desktop and mobile. When, and if, the time will come, and Wireguard will be the de facto industry standard (because audited, tested, validated in different case scenarios over the months/years) and will replace OpenVPN because it has 1) better performances 2) stronger user's privacy protection and it will be 3) easier to maintain I'm more than sure that it will be adopted also by AirVPN.
  40. 1 point

    100 errors?

    Hello! Answered here. I'm pinning this, as it's a slightly recurring issue, which there's no need to make many threads about :).
  41. 1 point
    Hello! It sounds related to a notorious Office 365 bug which Microsoft refuses to patch so far. Please see here: https://www.macwheeler.com/windows-10-office-365-cannot-connect-over-openvpn-fixed/ Verify whether that's really the source of the problem or not. Kind regards
  42. 1 point
    Hello, after I posted some suggestions for Eddie's CLI version in this thread and received some helpful information there, I set out to write my own little interface in bash for it to implement the suggestions. Being no programmer it turned out to be quite a project for me, and I would like to share it here in case anybody else prefers to run Eddie in the terminal rather than as a full GUI application. This script still uses Eddie itself, it's just a wrapper to make it as easy to use in the command line as it is as a desktop application. Screenshots are attached. Some features and advantages: uses less resources (top shows usually 0.3% CPU usage compared to 4-5% for the desktop version) can be exited without disconnecting interactive, sortable server list option to connect to another VPN with openconnect (since I need to do that from time to time, but it should be easy to add other connection methods as well) option to lock down the system's network traffic by default, so even without Eddie running with its own network lock there will be no leaks What to watch out for: The default network lock works with direct rules in firewalld because I'm using Fedora. It should be easy to change it to use iptables directly on other distributions since firewalld's direct rules are just a way to directly manipulate iptables. Once activated, the lock will stay in place until manually deactivated (also surviving reboots), so no internet connection will be possible unless connected to AirVPN or other whitelisted VPNs. AirVPN's network lock overwrites the default network lock, so there will be no interference. Check your /etc/resolv.conf file while not running Eddie (because Eddie's network lock replaces that file temporarily) to make sure your router is not set as a nameserver (so no 192.168... address). Some routers will push themselves on that list by DHCP whenever you connect to their network. Since communication with the router is allowed in the lock rules, DNS requests will be handled by the router and sent to whatever DNS server is configured there even when network traffic should be blocked. There are ways to prevent that file from being changed by DHCP, best configure network manager for that if you use it. To connect to other VPNs, their IPs must be whitelisted and DNS requests for their domains must be allowed in the default network lock rules. The rules for airvpn.org can be copied and adjusted. I haven't yet included an option to pass command line arguments to Eddie. So if you need to set more advanced options like black-/whitelists, use of certain protocols etc., you need to set them manually in the connect_server function. All the possible options can be found in 'man eddie-ui'. You need to insert your own API key in line 5. It can be found in your account under Client Area -> API. Without this, connections will still work, but user info and connection status in the main window will not be properly updated. I tried to only use basic system tools. The script relies mostly on dialog, awk and curl (and firewalld as described and openconnect if needed), so it should work on most systems, but I'm not sure. And, lastly, VERY IMPORTANT: As I said, I'm no programmer and new to this, so even though I tried my best to make this script secure and error free, there might very well be some bad practice, never-ever-do-this mistakes or other hiccups in there. It works well for me, but better check it yourself. Feel free to use this as you wish, I hope someone can benefit from this. I'm happy about any improvements and corrections and will update this if I find the time. UPDATE: A new version which uses Hummingbird and has been improved in many aspects (including automatic connection at boot) can be found here. #!/bin/bash # an interactive shell script to control the command line version of the AirVPN Eddie client and openconnect more comfortably PROFILE_PATH="$HOME/.airvpn/default.xml" API_KEY="<your api key>" DIALOG_OK=0 DIALOG_CANCEL=1 DIALOG_EXTRA=3 DIALOG_ESC=255 HEIGHT=0 WIDTH=0 BACKTITLE="VPN Control" FORMAT="text" URL="https://airvpn.org/api/" PID=$$ function check_sudo { # check if user has sudo privileges sudo -vn &> /dev/null # gain sudo privileges for commands that need it (better than running everything with sudo) if [ $? = "1" ] then unset EXIT_STATUS_SUDO PASS_PROMPT="Establishing VPN connections and changing network traffic rules requires root privileges. Please enter your password:" until [ "$EXIT_STATUS_SUDO" = "0" ] do dialog \ --backtitle "$BACKTITLE" \ --title "Password Needed" \ --output-fd 1 \ --insecure \ --passwordbox "$PASS_PROMPT" 11 35 | xargs printf '%s\n' | sudo -Svp '' &> /dev/null EXIT_STATUS_PIPE=( "${PIPESTATUS[@]}" ) EXIT_STATUS_DIALOG="${EXIT_STATUS_PIPE[0]}" EXIT_STATUS_SUDO="${EXIT_STATUS_PIPE[2]}" EXIT_SUDO_TEST="${EXIT_STATUS_PIPE[2]}" PASS_PROMPT="The password you entered is incorrect. Please try again:" case $EXIT_STATUS_DIALOG in $DIALOG_CANCEL|$DIALOG_ESC) return 1 ;; esac done # keep sudo permission until script exits or permissions are revoked (e.g. when computer goes to sleep) while [ "$EXIT_SUDO_TEST" = "0" ]; do sudo -vn; EXIT_SUDO_TEST=$?; sleep 60; kill -0 "$PID" || exit; done &> /dev/null & fi return 0 } function get_list { SERVICE_NAME="status" ARGS="{ \"format\":\"$FORMAT\", \"service\":\"$SERVICE_NAME\" }" timeout --signal=SIGINT 10 curl -s -d "$ARGS" -X POST "$URL" > "/tmp/.eddie_server_list.txt" } function sort_list { # pipe server status list to awk, filter out unnecessary stuff, # combine lines that relate to same server into single lines which are saved as array, # loop through array to format info, # print array and sort according to options, # add numbers to list for menu LIST=$(awk -F '[.]' \ 'BEGIN{OFS=";"} \ /^servers/ && !/ip_/ && !/country_code/ {c=$2; \ if (c in servers) servers[c]=servers[c] OFS $3; \ else servers[c]=$3; \ for (k in servers) gsub(/;bw=/, " :", servers[k]); \ for (k in servers) gsub(/;bw_max=/, "/", servers[k]); \ for (k in servers) gsub(/;currentload=/, " :", servers[k]); \ for (k in servers) gsub(/;health=/, "%:", servers[k]); \ for (k in servers) gsub(/;.*=/, ":", servers[k]); \ for (k in servers) gsub(/^.*=/, "", servers[k])} \ END{ \ for (c in servers) print servers[c]}' "/tmp/.eddie_server_list.txt" | sort -t ":" $1 | awk -F '[;]' 'BEGIN{OFS=":"} {print v++";"$1}') } function get_userinfo { SERVICE_NAME="userinfo" ARGS="{ \"format\":\"$FORMAT\", \"service\":\"$SERVICE_NAME\", \"key\":\"$API_KEY\" }" # filter specific lines, save values to variables after protecting whitespace read U_LOGIN U_EXP U_CONNECTED U_DEVICE U_SERVER_NAME U_SERVER_COUNTRY U_SERVER_LOCATION U_TIME <<< $( \ timeout --signal=SIGINT 10 curl -s -d "$ARGS" -X POST "$URL" | \ awk -F '[=]' \ 'BEGIN{ORS=";"} \ /^user.login|^user.expiration_days|^user.connected|^sessions.*device_name|^connection.server_name|^connection.server_country=|^connection.server_location|^connection.connected_since_date/ \ {print $2}' | \ sed 's/\ /\\\ /g' | sed 's/;/\ /g' \ ) if [ "$U_CONNECTED" = "1" ] then U_CONNECTED="connected" U_SERVER_FULL="$U_SERVER_NAME ($U_SERVER_LOCATION, $U_SERVER_COUNTRY)" U_TIME=$(date -d "$U_TIME UTC" +"%m/%d/%Y %H:%M:%S") else U_CONNECTED="not connected" U_SERVER_FULL="--" U_TIME="--" fi } function connect_server { if [ "$KILLED" = "true" ] then # create pipes to process status of client if [ ! -p "/tmp/.eddie_fifo1" ] then mkfifo "/tmp/.eddie_fifo1" fi if [ ! -p "/tmp/.eddie_fifo2" ] then mkfifo "/tmp/.eddie_fifo2" fi # run eddie in background and detached from current window, pipe output to named pipe (sudo eddie-ui --cli --netlock --connect --server="$1" --profile="$PROFILE_PATH" | tee "/tmp/.eddie_fifo2" &> "/tmp/.eddie_fifo1" &) cat "/tmp/.eddie_fifo2" | dialog --backtitle "$BACKTITLE" --title "Connecting to AirVPN..." --progressbox 20 80 & timeout --signal=SIGINT 60 grep -q -m 1 "Initialization Sequence Completed" "/tmp/.eddie_fifo1" INIT_EXIT=$? pkill -f cat.*eddie_fifo2 if [ $INIT_EXIT = "0" ] then get_userinfo else U_CONNECTED="error during connection attempt" U_SERVER_FULL="--" U_TIME="--" fi else U_CONNECTED="error during disconnection" U_SERVER_FULL="--" U_TIME="--" fi } function disconnect_server { # check for running instance of eddie pgrep -f mono.*eddie-ui &> /dev/null if [ $? = 0 ] then # kill process and wait for confirmation from process output if [ -p "/tmp/.eddie_fifo1" -a -p "/tmp/.eddie_fifo2" ] then sudo pkill -2 -f mono.*eddie-ui & cat "/tmp/.eddie_fifo1" | dialog --backtitle "$BACKTITLE" --title "Disconnecting AirVPN..." --progressbox 20 80 & timeout --signal=SIGINT 10 grep -q -m 1 "Shutdown complete" "/tmp/.eddie_fifo2" else # in case connection was started without this script sudo pkill -2 -f mono.*eddie-ui sleep 5 fi # give some time to completely close process, without sleep it's too early for new connection sleep 3 pgrep -f mono.*eddie-ui &> /dev/null if [ $? = 1 ] then KILLED1="true" else KILLED1="false" fi else KILLED1="true" fi # check for running instance of openconnect pgrep -f "openconnect.*--" &> /dev/null if [ $? = 0 ] then sudo pkill -2 -f "openconnect.*--" sleep 1 pgrep -f "openconnect.*--" &> /dev/null if [ $? = 1 ] then KILLED2="true" # somehow openconnect doesn't receive SIGINT and shuts down improperly, # so vpnc can't restore resolv.conf by itself sudo cp "/var/run/vpnc/resolv.conf-backup" "/etc/resolv.conf" else KILLED2="false" fi else KILLED2="true" fi if [ "$KILLED1" = "true" -a "$KILLED2" = "true" ] then KILLED="true" else KILLED="false" fi } function define_lock { if [ "$1" = "activate" ] then GAUGE_TITLE="Activating Network Lock" RULE_ACTION="add-rule" elif [ "$1" = "deactivate" ] then GAUGE_TITLE="Deactivating Network Lock" RULE_ACTION="remove-rule" else return 1 fi GAUGE_BODY="$1" IPRULES=(\ #allow loopback "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter INPUT 0 -i lo -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 0 -o lo -j ACCEPT" \ #allow lan (out) and broadcasting/dhcp "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 0 -s -d -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter INPUT 0 -s -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 0 -d -j ACCEPT" \ # allow tun device to communicate (so any VPN connection should be possible, also without Air, but respective DNS requests must be allowed) "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter FORWARD 0 -o tun+ -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter FORWARD 0 -i tun+ -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 998 -o tun+ -j ACCEPT" \ # optional masquerade rule (NAT/ports) "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 nat POSTROUTING 0 -o tun+ -j MASQUERADE" \ # allow ipv4 only to airvpn.org for status update # allow DNS query to resolve hostname (hex string reads "06 airvpn 03 org" - numbers are counting bits), # restrict packet length to length of this specific request package (might change?) to avoid hijacking # of query (very unlikely I guess, but who cares if we're already being paranoid for the fun of it), # whitelist destination IP for TCP handshake "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 1 -p udp --dport 53 -m string --hex-string '|06 61697276706e 03 6f7267|' --algo bm -m length --length 0:126 -m recent --set -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 1 -p tcp --dport 53 -m string --hex-string '|06 61697276706e 03 6f7267|' --algo bm -m length --length 0:126 -m recent --set -j ACCEPT" \ # add rules for other domains you wish to allow DNS requests to here (packet length can be determined with e.g. wireshark) and adjust array index # # allow SYN request to whitelisted IP to initiate handshake, remove IP from whitelist "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 1 -p tcp --syn --dport 53 -m recent --remove -j ACCEPT" \ # allow outgoing connection to Air's IP "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 1 -d -j ACCEPT" \ # add rules for other IPs you wish to allow connections to here # # allow communication "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter INPUT 1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT" \ # drop outgoing ipv4 (if not specifically allowed by other rules) "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 999 -j DROP" \ # block incoming ipv4 "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter INPUT 999 -j DROP" \ # drop all ipv6 "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv6 filter OUTPUT 0 -j DROP" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv6 filter INPUT 0 -j DROP" \ # reload and restart firewalld to activate permanent rule changes "sudo firewall-cmd --reload" \ "sudo systemctl restart firewalld"\ ) toggle_lock } function toggle_lock { PERCENTAGE_STEP=$(awk -v rules="${#IPRULES[@]}" 'BEGIN {print 100/rules}') PERCENTAGE=0 COUNTER=0 # initial window dialog --backtitle "$BACKTITLE" \ --title "$GAUGE_TITLE" \ --mixedgauge "Applying iptable rules to $GAUGE_BODY the default network lock..." 35 80 "$(awk -v per="$PERCENTAGE" 'BEGIN {printf "%.0f", per}')" \ "Allow Loopback IN" "${RESULT[0]}" \ "Allow Loopback OUT" "${RESULT[1]}" \ "Allow LAN OUT" "${RESULT[2]}" \ "Allow DHCP IN" "${RESULT[3]}" \ "Allow DHCP OUT" "${RESULT[4]}" \ "Allow tun out FORWARD" "${RESULT[5]}" \ "Allow tun in FORWARD" "${RESULT[6]}" \ "Allow tun out OUT" "${RESULT[7]}" \ "tun masquerade" "${RESULT[8]}" \ "Allow DNS via UDP to airvpn.org" "${RESULT[9]}" \ "Allow DNS via TCP to airvpn.org" "${RESULT[10]}" \ "Allow connection initiation" "${RESULT[11]}" \ "Allow traffic to airvpn.org" "${RESULT[12]}" \ "Allow established connections" "${RESULT[13]}" \ "Block IPv4 OUT" "${RESULT[14]}" \ "Block IPv4 IN" "${RESULT[15]}" \ "Block IPv6 OUT" "${RESULT[16]}" \ "Block IPv6 IN" "${RESULT[17]}" \ "activate changes" "${RESULT[18]}" \ "restart firewalld" "${RESULT[19]}" for i in "${IPRULES[@]}" do RESULT["$COUNTER"]=$(eval $i) (( COUNTER++ )) PERCENTAGE=$(awk -v per="$PERCENTAGE" -v per_step="$PERCENTAGE_STEP" 'BEGIN {print per+per_step}') # progress window dialog --backtitle "$BACKTITLE" \ --title "$GAUGE_TITLE" \ --mixedgauge "Applying iptable rules to $GAUGE_BODY the default network lock..." 35 80 "$(awk -v per="$PERCENTAGE" 'BEGIN {printf "%.0f", per}')" \ "Allow Loopback IN" "${RESULT[0]}" \ "Allow Loopback OUT" "${RESULT[1]}" \ "Allow LAN OUT" "${RESULT[2]}" \ "Allow DHCP IN" "${RESULT[3]}" \ "Allow DHCP OUT" "${RESULT[4]}" \ "Allow tun out FORWARD" "${RESULT[5]}" \ "Allow tun in FORWARD" "${RESULT[6]}" \ "Allow tun out OUT" "${RESULT[7]}" \ "tun masquerade" "${RESULT[8]}" \ "Allow DNS via UDP to airvpn.org" "${RESULT[9]}" \ "Allow DNS via TCP to airvpn.org" "${RESULT[10]}" \ "Allow connection initiation" "${RESULT[11]}" \ "Allow traffic to airvpn.org" "${RESULT[12]}" \ "Allow established connections" "${RESULT[13]}" \ "Block IPv4 OUT" "${RESULT[14]}" \ "Block IPv4 IN" "${RESULT[15]}" \ "Block IPv6 OUT" "${RESULT[16]}" \ "Block IPv6 IN" "${RESULT[17]}" \ "activate changes" "${RESULT[18]}" \ "restart firewalld" "${RESULT[19]}" done # final window to show results dialog --backtitle "$BACKTITLE" \ --title "$GAUGE_TITLE" \ --mixedgauge "Applying iptable rules to $GAUGE_BODY the default network lock..." 35 80 "$(awk -v per="$PERCENTAGE" 'BEGIN {printf "%.0f", per}')" \ "Allow Loopback IN" "${RESULT[0]}" \ "Allow Loopback OUT" "${RESULT[1]}" \ "Allow LAN OUT" "${RESULT[2]}" \ "Allow DHCP IN" "${RESULT[3]}" \ "Allow DHCP OUT" "${RESULT[4]}" \ "Allow tun out FORWARD" "${RESULT[5]}" \ "Allow tun in FORWARD" "${RESULT[6]}" \ "Allow tun out OUT" "${RESULT[7]}" \ "tun masquerade" "${RESULT[8]}" \ "Allow DNS via UDP to airvpn.org" "${RESULT[9]}" \ "Allow DNS via TCP to airvpn.org" "${RESULT[10]}" \ "Allow connection initiation" "${RESULT[11]}" \ "Allow traffic to airvpn.org" "${RESULT[12]}" \ "Allow established connections" "${RESULT[13]}" \ "Block IPv4 OUT" "${RESULT[14]}" \ "Block IPv4 IN" "${RESULT[15]}" \ "Block IPv6 OUT" "${RESULT[16]}" \ "Block IPv6 IN" "${RESULT[17]}" \ "activate changes" "${RESULT[18]}" \ "restart firewalld" "${RESULT[19]}" sleep 2 unset RESULT check_lock } function check_lock { # check for success (not really though, needs improvement) LOCK_RULES=$( sudo firewall-cmd --direct --permanent --get-all-rules | wc -l ) if [ "$LOCK_RULES" -gt 16 ] then LOCK_ACTIVE="active" else LOCK_ACTIVE="inactive" fi } function yesno { dialog \ --backtitle "$BACKTITLE" \ --title "$1" \ --clear \ --yesno "$2" \ $HEIGHT $WIDTH EXIT_STATUS=$? } check_sudo if [ $? = "1" ] then clear exit fi get_userinfo # if currently connected by openconnect, set status to unknown (connection could have been established outside of this script) pgrep openconnect &> /dev/null if [ $? = 0 ] then U_CONNECTED="connected (openconnect)" U_SERVER_FULL="unknown" U_TIME="unknown" fi check_lock while true; do exec 3>&1 selection=$(dialog \ --cr-wrap \ --backtitle "$BACKTITLE" \ --title "Main Menu" \ --clear \ --cancel-label "Quit" \ --menu "This is a control script for VPN connections, primarily for Eddie, the AirVPN client.\nThis script can be exited and re-entered without affecting a running connection.\n\nUser: $U_LOGIN\nDays Until Expiration: $U_EXP\n\nDefault Network Lock: $LOCK_ACTIVE\n\nStatus: $U_CONNECTED\nServer: $U_SERVER_FULL\nConnected Since: $U_TIME\n\nPlease select one of the following options:" $HEIGHT $WIDTH 6 \ "0" "Connect to Recommended Server" \ "1" "Connect to Specific Server" \ "2" "Connect via openconnect" \ "3" "Disconnect" \ "4" "Refresh User Info" \ "5" "Toggle Default Network Lock" \ 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) yesno "Quit" "Exit Script?" case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) break ;; esac ;; esac case $selection in 0 ) check_sudo if [ $? = "0" ] then disconnect_server connect_server "" fi ;; 1 ) while true; do exec 3>&1 SERVER_SORT=$(dialog \ --backtitle "$BACKTITLE" \ --title "Sort Server List" \ --no-collapse \ --ok-label "sort ascending" \ --extra-button \ --extra-label "sort descending" \ --menu "Please choose how you want to sort the server list." \ 14 0 7 \ "1" "Name" \ "2" "Country" \ "3" "Location" \ "4" "Continent" \ "5" "Bandwidth" \ "6" "Users" \ "7" "Load" \ 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) break ;; $DIALOG_EXTRA) SERVER_SORT_OPTION="r" ;; $DIALOG_OK) SERVER_SORT_OPTION="" ;; esac if [ "$SERVER_SORT" = "5" -o "$SERVER_SORT" = "6" -o "$SERVER_SORT" = "7" ] then SERVER_NUM_OPTION="n" else SERVER_NUM_OPTION="" fi if [ ! -f "/tmp/.eddie_server_list.txt" ] then get_list fi while true do sort_list "-k$SERVER_SORT,$SERVER_SORT$SERVER_SORT_OPTION$SERVER_NUM_OPTION" IFS=$';\n' exec 3>&1 SERVER_NMBR=$(dialog \ --backtitle "$BACKTITLE" \ --title "Server List" \ --colors \ --no-collapse \ --extra-button \ --extra-label "Refresh List" \ --column-separator ":" \ --menu "Choose a server from the list to connect to it. (Press ESC to go back.)\n\n\Zb # Name Country Location Continent Bandwidth Users Load Health\ZB" \ 40 102 31 $LIST 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- IFS=$' \t\n' case $EXIT_STATUS in $DIALOG_CANCEL) break 2 ;; $DIALOG_ESC) break ;; $DIALOG_EXTRA) get_list ;; $DIALOG_OK) check_sudo if [ $? = "0" ] then SELECTED_SERVER=$(printf -- '%s\n' "${LIST[@]}" | grep "^$SERVER_NMBR;" | cut -d ";" -f 2 | cut -d ":" -f 1) disconnect_server connect_server "$SELECTED_SERVER" break 2 fi ;; esac done done ;; 2 ) exec 3>&1 # adjust field lengths if necessary CONNECT_INFO=$(dialog \ --backtitle "$BACKTITLE" \ --title "VPN via openconnect" \ --insecure \ --mixedform "Please provide your login credentials to connect to a VPN via openconnect:\n(Leave unneeded fields blank and type options as in command line, separated by space.)" $HEIGHT $WIDTH 6 \ "Server:" 1 1 "" 1 21 25 0 0 \ "Group:" 2 1 "" 2 21 25 0 0 \ "User:" 3 1 "" 3 21 25 0 0 \ "Password:" 4 1 "" 4 21 25 0 1 \ "Additional Options:" 5 1 "" 5 21 25 0 0 \ 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) check_sudo if [ $? = "0" ] then disconnect_server if [ "$KILLED" = "true" ] then if [ ! -p "/tmp/.eddie_fifo1" ] then mkfifo "/tmp/.eddie_fifo1" fi ALT_SERVER=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 1) ALT_GROUP=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 2) ALT_USER=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 3) ALT_PASS=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 4) ALT_OPTS=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 5) echo "$ALT_PASS" | (sudo openconnect $ALT_OPTS --authgroup=$ALT_GROUP --user=$ALT_USER --passwd-on-stdin $ALT_SERVER &> "/tmp/.eddie_fifo1" &) timeout --signal=SIGINT 3 cat "/tmp/.eddie_fifo1" | dialog --backtitle "$BACKTITLE" --title "Connecting via openconnect..." --timeout 5 --programbox 20 80 U_CONNECTED="connected" U_SERVER_FULL="$ALT_SERVER" U_TIME=$(date +"%m/%d/%Y %H:%M:%S") else U_CONNECTED="error during disconnection" U_SERVER_FULL="--" U_TIME="--" fi fi ;; esac ;; 3 ) check_sudo if [ $? = "0" ] then disconnect_server if [ "$KILLED" = "true" ] then get_userinfo else U_CONNECTED="error during disconnection" U_SERVER_FULL="--" U_TIME="--" fi if [ -p "/tmp/.eddie_fifo1" ] then rm "/tmp/.eddie_fifo1" fi if [ -p "/tmp/.eddie_fifo2" ] then rm "/tmp/.eddie_fifo2" fi fi ;; 4 ) get_userinfo ;; 5 ) pgrep -f mono.*eddie-ui &> /dev/null if [ $? = 0 ] then dialog --backtitle "$BACKTITLE" --title "Toggle Network Lock" --timeout 3 --msgbox "You need to be disconnected to change network traffic rules." 10 35 else if [ "$LOCK_ACTIVE" = "inactive" ] then yesno "Toggle Network Lock" "Are you sure you want to activate the default network lock and block all connections while not connected to (any) VPN?" case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) check_sudo if [ $? = "0" ] then define_lock "activate" fi ;; esac else yesno "Toggle Network Lock" "Are you sure you want to deactivate the default network lock and allow all connections, even when not connected to a VPN?" case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) check_sudo if [ $? = "0" ] then define_lock "deactivate" fi ;; esac fi fi ;; esac done clear
  43. 1 point
    All connected to the same server should work, you just have to choose a different protocol/port for each one
  44. 1 point
    Thanks for the data. I have seen the comparison charts come and go. This seems like a better data set than most of them. The one on TorrentFreak is dated and jaded by commercial interest. I have been using AirVPN for almost 5-years. It has been trouble free, secure, innovative and helpful. Helpful on the few occasions I needed help (read I screwed up my settings). Without fail, AirVPN has been way ahead of me when I read about an issue or looked in to check on something. I read something security related, I log in and find out AirVPN fixed that last month, or it is N/A because of their systems, software and diligence. I have been 'online' since before there was an online. Army SF Commo Guy from the late '70s, followed by ARPANet, DARPA Net, I hosted a dial-up BBS (Spitfire BBS) I had one of the USA first 3 Line Dial-Up BBS (I kid you not) and gradually grooved on and in to Netscape 1.0 and then went on to develope several of the worlds first "Million Hits a Month" websites in the '90s. I have hosted, co-hosted, co-located, T1'd, Tier 3d and had a couple of server farms and a hosting company or three of my very own. The tech companies I started in the 1980's allowed me to retire at 49. I have re-retired a couple of times since and now at 55, I am happily & permanently retired in to what I now call my OMO 'Old Man Online' life. OMO = Surfing, Reading, Goofing, Teaching, Advising, Downloading & Watching. In my almost 40-years Pre-Online, Kinda-Online, Army Online, 56,6 Dial-Up Online. ADSL Online, So-Called Hi-Speed Internet Online and finally Really Hi-Speed Internet Online, I have seen a bunch of communications companies come and go and none of them has impressed me more than AirVPN. Please note: I pay full price just like most of you. I have no current or previous business relationship with AirVPN. I am just a very satisfied AirVPN customer of 5-years. Thanks Team AirVPN PS I can get you a really good deal on some 'used' Hayes 2400 Baud Modems...
  45. 1 point
    It looks like the ultimate fix for me was to install a better/working bt client... Tixati! Prior to doing that I had performed a CIS "Ratings scan" which found a LibPocketFirewall.dll under AirVPN which I allowed... However, this never fixed the tracker issue in Transmission... and I still only saw some sporadic upload connections like I mentioned before (130k and crash, long pause, repeat). But, right after installing and setting up tixati... BAM! Upload connection looks good (and are working)... And trackers appear to be happy... AirVPN + Tixati FTW! P.S. Tixati also allowed me to bind to the TAP interface, accepted (and uses) my AirVPN port forward, and let me set a restriction to IPv4 for my connections!!!
  46. 1 point

    Das Erste - DE

    Website: http://www.ardmediathek.de/tv/Das-Erste/live?kanal=208 German TV channel Das Erste. Status: OK Native: NO Routing: All servers.
  47. 1 point

    Wilmaa - CH

    http://www.wilmaa.com For the best streaming television that Switzerland has to offer, there’s but one name, and that name is wilmaa. Status: OK Native: CH servers. Routing: All other servers.
  • Create New...