Jump to content
Not connected, Your IP: 18.206.238.176

Leaderboard


Popular Content

Showing content with the highest reputation since 06/08/20 in all areas

  1. 4 points
    Staff

    New 1 Gbit/s server available (AT)

    Hello! We're very glad to inform you that a new 1 Gbit/s server located in Vienna (AT) is available: Beemim. The AirVPN client will show automatically the new server; if you use any other OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other "second generation" Air server, Beemim supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/Beemim/ Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team
  2. 3 points
    Hello! We updated right now the footer and specs page with the new address. There are some points where our CMS still redirects to SSL version, we are working to fix all of them, please be patient. Kind regards
  3. 3 points
    @HannaForest @philips @giganerd Hello! We made a Onion v3 address. The hidden service is provided by a dedicated server through http (no certificate warning), and we added HTTP-header "onion-location" that recommends the .onion version. Kind regards
  4. 2 points
    Staff

    Hummingbird 1.1.0 released

    Hello! We're very glad to inform you that we have just released Hummingbird 1.1.0, featuring: both SystemV-style init and systemd support for Linux update to the latest OpenVPN3-AirVPN and asio libraries Hummingbird is AirVPN's free and open source OpenVPN 3 client based on AirVPN's OpenVPN 3 library fork. Hummingbird is available for: Linux x86-64 (reasonably recent distribution on par with Debian 9 libraries and kernel is required) Linux ARM 32 (example: Raspbian for Raspberry Pi) Linux ARM 64 (example: Ubuntu 19 and 20 for Raspberry Pi) macOS (Mojave or higher version required - please read important notes for Mac users at the end of the announcement) Main features: Lightweight and stand alone binary No heavy framework required, no GUI Tiny RAM footprint Lightning fast Based on OpenVPN 3 library fork by AirVPN with tons of critical bug fixes from the main branch, new ciphers support and never seen before features ChaCha20-Poly1305 cipher support on both Control and Data Channel providing great performance boost on ARM, Raspberry PI and any Linux-based platform not supporting AES-NI. Note: ChaCha20 support for Android had been already implemented in our free and open source Eddie Android edition robust leaks prevention through Network Lock based either on iptables, nftables or pf through automatic detection proper handling of DNS push by VPN servers, working with resolv.conf as well as any operational mode of systemd-resolved additional features For a thorough Hummingbird overview please consult https://airvpn.org/hummingbird/readme/ Hummingbird 1.1.0 adds support to Linux systems based on SystemV-style init https://en.wikipedia.org/wiki/Init#SYSV too, while the previous versions supported Linux systemd based systems only. Therefore, we gladly achieve compatibility with 35 additional Linux distributions: https://distrowatch.com/search.php?ostype=All&category=All&origin=All&basedon=All&notbasedon=None&desktop=All&architecture=All&package=All&rolling=All&isosize=All&netinstall=All&language=All&defaultinit=SysV&status=Active#simple We think it's important to support Init Freedom: https://devuan.org/os/init-freedom because systemd is POSIX incompatible and because, as the UNIX Veteran Admin collective noticed in 2014 when they announced a Debian fork: This situation prospects a lock in systemd dependencies which is de-facto threatening freedom of development and has serious consequences for Debian, its upstream and its downstream. You can download Hummingbird for Linux (all flavors) and macOS respectively here: https://airvpn.org/linux and here: http://airvpn.org/macos Important notes for macOS users From now on we provide both a signed, code-hardened, notarized version and a non-notarized version of Hummingbird for macOS. The notarized version is available essentially for those users who prefer it, but it is not recommended. The notarized version will run without blocks by Apple's Gatekeeper, but will let Apple correlate your real IP address, Apple ID and other data potentially disclosing your identity to the fact that you run, and when you did it for the first time, an application by AirVPN. If that's not acceptable for you, just download the tarball package .tar.gz (it is NOT notarized and NOT signed with our Apple developer ID on purpose) and include it in the exceptions to run non-notarized programs. In the future this could not be allowed anymore, but at the moment it is. For a more thorough explanations on important privacy issues caused by Apple and notarization please see for example here https://lapcatsoftware.com/articles/notarization-privacy.html and here https://lapcatsoftware.com/articles/catalina-executables.html Kind regards & datalove AirVPN Staff
  5. 2 points
    Staff

    Hummingbird 1.1.0 beta 1 released

    Hello! We're very glad to inform you that we have just released Hummingbird 1.1.0 beta 1, featuring: SystemV-style init support for Linux update to the latest OpenVPN3-AirVPN and asio libraries Hummingbird is AirVPN's free and open source OpenVPN 3 client based on AirVPN's OpenVPN 3 library fork. Hummingbird is available for: Linux x86-64 Linux ARM 32 (example: Raspbian for Raspberry Pi) Linux ARM 64 macOS (Mojave or higher version required) For a thorough Hummingbird overview please consult https://airvpn.org/hummingbird/readme/ Hummingbird 1.1.0 adds support to Linux systems based on SystemV-style init https://en.wikipedia.org/wiki/Init#SYSV, while the previous versions supported Linux systemd based systems only. Therefore, we gladly achieve compatibility with 35 additional Linux distributions: https://distrowatch.com/search.php?ostype=All&category=All&origin=All&basedon=All&notbasedon=None&desktop=All&architecture=All&package=All&rolling=All&isosize=All&netinstall=All&language=All&defaultinit=SysV&status=Active#simple We think it's important to support Init Freedom: https://devuan.org/os/init-freedom because systemd is POSIX incompatible and because, as the UNIX Veteran Admin collective noticed in 2014 when they announced a Debian fork: This situation prospects a lock in systemd dependencies which is de-facto threatening freedom of development and has serious consequences for Debian, its upstream and its downstream. Download URLs follow. Linux x86-64: https://gitlab.com/AirVPN/hummingbird/-/blob/master/binary/hummingbird-linux-x86_64-1.1.0-beta-1.tar.gz https://gitlab.com/AirVPN/hummingbird/-/blob/master/binary/hummingbird-linux-x86_64-1.1.0-beta-1.tar.gz.sha512 Linux armv7l (ARM 32 bit): https://gitlab.com/AirVPN/hummingbird/-/blob/master/binary/hummingbird-linux-armv7l-1.0.3.tar.gz.sha512 https://gitlab.com/AirVPN/hummingbird/-/blob/master/binary/hummingbird-linux-armv7l-1.1.0-beta-1.tar.gz Linux aarch64 (ARM 64 bit): https://gitlab.com/AirVPN/hummingbird/-/blob/master/binary/hummingbird-linux-aarch64-1.1.0-beta-1.tar.gz https://gitlab.com/AirVPN/hummingbird/-/blob/master/binary/hummingbird-linux-aarch64-1.1.0-beta-1.tar.gz.sha512 macOS (please note: beta version is not notarized): https://gitlab.com/AirVPN/hummingbird/-/blob/master/binary/hummingbird-macos-1.1.0-beta-1.tar.gz https://gitlab.com/AirVPN/hummingbird/-/blob/master/binary/hummingbird-macos-1.1.0-beta-1.tar.gz.sha512 Kind regards & datalove AirVPN Staff
  6. 2 points
    Hello! We would like to inform you that we have made every effort to ensure AirVPN full and efficient operation during the pandemic caused by SARS-CoV-2. In order to reduce hazard and safeguard health, AirVPN staff and personnel work exclusively from home and worked from home well before the current situation appeared clearly as a pandemic Each member has a landline and one or more mobile lines, when possible in different infrastructures, to maximize likelihood to stay connected to the Internet 24/7 AirVPN system is more efficiently automated and basic functioning requires no manual interventions, even for several months (if kernel upgrades hadn't been necessary, we would have had servers uptime of 4 years or more) AirVPN inner staff members have now overlapping competences. Therefore if a key member, including a founder, is forced to stop working, the other ones can carry out his/her functions Emergency funds already secured in the past in different facilities as well as banks remain unaltered and ensure AirVPN financial health for a very long time even in very harsh scenarios. However, we would like to assure you that they are not needed at all currently, quite the contrary. In the last 10 days we have experienced a substantial increase in the growth of our customer base We have been informed by our most important partners and providers of housing and hosting in Europe, America and Asia they they are, and expect to, remain fully operational Kind regards AirVPN Staff
  7. 1 point
    FezzyWig

    Router recommendations

    Would recommend a Netgate SG-1100 as your wired router front-end. It's about $170. You can customize almost any setting since it's using PFSense as the firewall and BSD as the OS. Then, you can use your current wifi as an AP only, depending, of course, on your home layout. I use OpenWRT on my wifi AP and it works extremely well. Caveat - I only connect to AirVPN on my desktop. I don't run it through the sg-1100. I could if I wanted to, but given all the problems with locality, rather than create a bunch of client and software exceptions, I will just go online with my desktop, or connect to AirVPN using a mobile app if a need arises. I also use PFBlocker on the SG-1100 and it does a great job filtering all the network garbage and ads. Hope this helps!
  8. 1 point
    Staff

    AirVPN 10th birthday celebrations

    Hello! Today we're starting AirVPN tenth birthday celebrations! From a two servers service located in a single country providing a handful of Mbit/s, the baby has grown up to a wide infrastructure in 22 countries in three continents, providing now 240,000+ Mbit/s to tens of thousands of people around the world. In 2019 and 2020, software development enhancement has paid off: now AirVPN develops on its own an OpenVPN3 forked library which resolves various problems from the main branch and adds new features. The library is used in Hummingbird, a free and open source software for Linux and Mac, known for its speed and compactness, in Eddie Android edition and in a new software which will be announced in June. Hummingbird has been released even for ARM based Linux devices, and runs fine for example in Raspberry PI. Eddie Desktop edition has been extensively rewritten to improve performance, reliability and security. Now anything not related to the user interface is written in C++ and a lot of security hardening has been implemented. Total compatibility with macOS Catalina, Windows 10 and latest Linux distributions has been achieved, and specific packages for various, widespread Linux distributions are available for easier installation. Eddie can act as a GUI for Hummingbird in Linux and Mac, while in Windows, Eddie can also be easily configured to run OpenVPN 2.5 with the wintun driver to achieve remarkable OpenVPN performance boost and put Windows on par with other systems OpenVPN throughput ability. Furthermore, the wintun driver resolves various problems which affected TAP-Windows driver. Development for OpenBSD and FreeBSD has been unfortunately re-planned but we're glad to announce here that it will continue, starting from summer 2020. All AirVPN applications and libraries are free and open source software released under GPLv3. We think that it's somehow surprising that AirVPN not only survived, but even flourished for 10 years, in an increasingly competitive market and increasingly privacy hostile environment. No whistles and bells, no marketing fluff, no fake locations, no advertising on mainstream media, a transparent privacy policy, no trackers on the web site or in mobile applications, no bullshit of any kind in our infrastructure to sell your personal data to any personal data merchant, and above all a clear mission that is the very reason which AirVPN operates for https://airvpn.org/mission , are probably, all together, the factors which allowed such a small "miracle" and maybe make AirVPN unique. Thank you all, you users, customers, members of the community, moderators, developers: the small "miracle" happened because of you, because you saw something in AirVPN. Kind regards and datalove AirVPN Staff
  9. 1 point
    Hello, last year I had written a wrapper for Eddie's CLI version (in bash) to be able to use it more easily and extensively in the linux command line like the GUI, but with less resources. I have used it since then every day without problems, but now I have finally gotten to overhaul it and adjust it to Hummingbird because it is just so much faster! I also tried to make it more easy to configure (by having a separate configuration file) and added some new functionality like support (and automatic recognition) of iptables and nftables to lock down the system even without being connected to AirVPN and automatic connection at boot with a systemd unit. Again, feel free to use this as you wish, I hope someone can benefit from this. I'm happy about any improvements and corrections and will update this if I find the time. Features graphical interface in the command line to connect to AirVPN with Hummingbird (no Eddie involved) runs in background, the interface can be closed/opened anytime without affecting the running connection possibility to connect to any server with just one ovpn configuration file easily connect to a random server, to a recommended server, to the recommended server of a specific country or to a specific server sortable list of all servers including info like used bandwidth, load and number of users possibility to connect to other VPNs with openconnect lock down system by default (permanently if you want), so even without AirVPN/Hummingbird running there won't be any unwanted network traffic automatically establish connection at boot (which can later be controlled via the interface) logging of Hummingbird's output (number of days to keep logs for can be adjusted) system notifications to let you know what happens in the background Some general notes The default network lock determines, like Hummingbird itself, if iptables, iptables-legacy or nftables is available on your system and will use the first one found in that list. You can overwrite that by specifying which one to use in the configuration file. Once activated, the lock will stay in place until manually deactivated, so no internet connection will be possible unless connected to AirVPN or other whitelisted VPNs. You can make the lock permanent (or rather activate at boot) by enabling that option in the configuration file. AirVPN's network lock overwrites the default network lock, so there will be no interference. IMPORTANT: If you have any frontend firewall for iptables/nftables running, you might to disable that or read up on how it might interfere with rule changes you make directly via iptables/nft. The same thing applies if you use just Hummingbird itself. If you enable the default permanent network lock, it will write the lock rules at boot, most likely overwriting rules by firewalld or the like, but other enabled firewalls might interfere later. Also important: If you have SELinux and you want to use nftables for Hummingbird starting at boot, you have to create a SELinux exception for nft bcause otherwise it will be denied and Hummingbird starts without setting up its own lock, thus leaving you unprotected (AirVPN staff is aware of this issue). You can do that with audit2allow. Follow for example this guide to troubleshoot the problem and fix it with the solution given by sealert. Check your /etc/resolv.conf file while not running Hummingbird (because Hummingbird's network lock replaces that file temporarily) to make sure your router is not set as a nameserver (so no 192.168... address). Some routers will push themselves on that list by DHCP whenever you connect to their network. Since communication with the router is allowed in the lock rules, DNS requests will be handled by the router and sent to whatever DNS server is configured there even when network traffic should be blocked. There are ways to prevent that file from being changed by DHCP, best configure network manager for that if you use it. To connect to other VPNs, their IPs must be whitelisted and DNS requests for their domains must be allowed in the default network lock rules (netfilter_ipbatles.rulesipv4/ipv6 and/or netfilter_nftables.rules). Only edit those files with the default network lock deactivated. The rules for airvpn.org can be copied and adjusted. You can set custom options for Hummingbird in the interface or the configuration file. All the possible options can be found in the Hummingbird manual or with sudo hummingbird --help Apart from dialog I tried to only use basic system tools. The scripts will check if everything needed is present, if not they will exit. At least bash 4 is needed. The scripts rely mostly on dialog, awk and curl (and iptables/nft as described and openconnect if needed), so it should work on most systems. I wrote and tested this on Fedora 32 with Hummingbird 1.0.3. It should be possible to use any ovpn config file generated by the AirVPN's config generator. Even with the file for one specific server it should be possible to connect to any other server because the server override function is used here. I haven't tested that extensively though and just use the config file for earth. AirVPN's API seems to be a little unreliable sometimes as in not correctly reporting the connection status. Sometimes the API reports me not being connected although I am connected to an AirVPN server. This is no big deal, it just means that the connection status sometimes may be shown falsely as disconnected. If you have the default network lock activated, no traffic would be possible if you were actually disconnected. And, lastly, VERY IMPORTANT: I am still no programmer and do this only on this on the side, so even though I tried my best to make these scripts secure and error free, there might very well be some bad practice, never-ever-do-this mistakes or other hiccups in there. It works very well for me (and has for quite a while by now), but better check it yourself. Installation Make sure you have the prerequisites installed: dialog, bash >=4, curl and awk. Copy the content of all the files to separate files on your computer, name them accordingly, and put them in the appropriate folders. It says where they belong above the file contents. Make sure to change the ownership of the systemd unit file to root:root and give the scripts execute permissions. Alternatively download the VPNControl.tar, cd into the directory where VPNControl.tar has been downloaded to and enter the following commands: tar -xvf VPNControl.tar mkdir -p "$HOME/.vpncontrol/config" && mkdir "$HOME/.vpncontrol/logs" mv vpncontrol.conf "$HOME/.vpncontrol/config/" mv netfilter_* "$HOME/.vpncontrol/config/" mv VPNControl.sh "$HOME/.local/bin/" sudo mv airvpn_boot.sh "/usr/local/bin/" sudo chown root:root airvpn.service sudo mv airvpn.service "/etc/systemd/system/" Generate a config file with AirVPN's OpenVPN Config Generator (I use the one for "Earth", but theoretically it should work with any) and put it in the config directory. Adjust the path name in the configuration file. The script assumes you have all the configuration files in the folder $HOME/.vpncontrol/config/, logs in $HOME/.vpncontrol/logs/ and the boot script in /usr/local/bin/. In the airvpn_boot.sh-script you have to adjust the path for the source command (line 34) to point to the configuration file. If you want to use different locations, you have to change them in the configuration file and (for the boot script) in the systemd unit file. If you want to use a different location for the configuration file itself, you have the change the VPNCONTROL_CONFIG variable in the VPNControl.sh-script and again the source path in the airvpn_boot.sh-script. The VPNControl.sh-script is meant to be run as a regular user. If you want to run it as root, you have to for sure change the VPNCONTROL_CONFIG variable from the previous step. Otherwise it should be possible to run it as root without problems (except notifications), but I haven't tested it. You need to insert your own API key in the configuration file. It can be found in your account under Client Area -> API. Without this, connections will still work, but user info and connection status in the main window will not be properly updated. Enable the systemd unit with sudo systemctl daemon-reload sudo systemctl enable airvpn.service If you use a setup where bash cannot be found at '/usr/bash', you have to change the path in the unit accordingly. Also I ran into a problem where systemctl complained that it couldn't find the unit. I don't know what the cause was (pretty sure the ownership and permissions were right), but it worked after I duplicated another .service file already present in /etc/systemd/system (with sudo cp) and then renamed it and exchanged the contents. Disable firewall frontends if needed (e. g. firewalld) and if you want to use the default network lock. (Firewall daemons don't necessarily interfere, but have the ability to overwrite the lock any time.) DONE! Now Hummingbird will try to establish a connection after boot. You can call the control script at any time with VPNControl.sh and disconnect/reconnect/do whatever. The script can be exited without affecting the running connection. Files These are all the necessary files (scripts and configuration files) with their default locations. Be aware that there might be a problem when manually copying the contents from here to text files where unwanted characters are inserted. If that's the case, please download the attached archive (at the very bottom of this post) and use the files from there. For the future I plan to put this somewhere more easily accessible like Gitlab. This is the main script, the interface. $HOME/.local/bin/VPNControl.sh #!/bin/bash # interactive shell script to control the command line version of the AirVPN Hummingbird client and openconnect more comfortably and extensively # originally created in January 2019 for Eddie, updated for use with Hummingbird in June 2020 # check if at least bash 4 is used if [ "${BASH_VERSINFO[0]}" -lt "4" ] then echo "This sript can only be run with bash 4 or higher." exit fi # check if necessary programs are installed PROGRAMS=( hummingbird dialog curl awk ) MISSING="false" for p in "${PROGRAMS[@]}" do command -v $p $> /dev/null if [ ! $? = "0" ] then echo "Please install $p to use this script." MISSING="true" fi done if [ "$MISSING" = "true" ] then exit fi # check which network filter is available (determined NETFILTER will be overriden if set in config file) NETFILTERS_AVAILABLE=( iptables iptables-legacy nft ) NETFILTER="none" for n in "${NETFILTERS_AVAILABLE[@]}" do command -v $n $> /dev/null if [ $? = "0" ] then NETFILTER="$n" break fi done # source variables which are subject to change from config file VPNCONTROL_CONFIG="$HOME/.vpncontrol/config/vpncontrol.conf" source "$VPNCONTROL_CONFIG" # variables which probably won't have to be changed DIALOG_OK=0 DIALOG_CANCEL=1 DIALOG_HELP=2 DIALOG_EXTRA=3 DIALOG_ITEM_HELP=4 DIALOG_ESC=255 HEIGHT=0 WIDTH=0 BACKTITLE="VPN Control" FORMAT="text" URL="https://airvpn.org/api/" COLS=$( tput cols ) ROWS=$( tput lines ) PID=$$ # set network-lock argument for hummingbird depending on available backends if [ "$NETFILTER" = "nft" ] then NETFILTER_HUM="nftables" elif [ "$NETFILTER" = "iptables" -o "$NETFILTER" = "iptables-legacy" ] then NETFILTER_HUM="iptables" else NETFILTER_HUM="on" fi function check_sudo { # check if user has sudo privileges sudo -vn &> /dev/null # gain sudo privileges for commands that need it (better than running everything with sudo) if [ $? = "1" ] then unset EXIT_STATUS_SUDO #PASS_PROMPT="Establishing OpenVPN connections and checking and changing network traffic rules requires root privileges. Please enter your password:" until [ "$EXIT_STATUS_SUDO" = "0" ] do dialog \ --backtitle "$BACKTITLE" \ --title "Password Needed" \ --output-fd 1 \ --insecure \ --passwordbox "$PASS_PROMPT" 11 35 | xargs printf '%s\n' | sudo -Svp '' &> /dev/null EXIT_STATUS_PIPE=( "${PIPESTATUS[@]}" ) EXIT_STATUS_DIALOG="${EXIT_STATUS_PIPE[0]}" EXIT_STATUS_SUDO="${EXIT_STATUS_PIPE[2]}" EXIT_SUDO_TEST="${EXIT_STATUS_PIPE[2]}" PASS_PROMPT="The password you entered is incorrect. Please try again:" case $EXIT_STATUS_DIALOG in $DIALOG_CANCEL|$DIALOG_ESC) return 1 ;; esac done # keep sudo permission until script exits or permissions are revoked (e.g. when computer goes to sleep) while [ "$EXIT_SUDO_TEST" = "0" ]; do sudo -vn; EXIT_SUDO_TEST=$?; sleep 60; kill -0 "$PID" || exit; done &> /dev/null & fi return 0 } function get_list { SERVICE_NAME="status" timeout --signal=SIGINT 10 curl -s "$URL$SERVICE_NAME/?format=$FORMAT" > "/tmp/.airvpn_server_list.txt" } function sort_list_servers { # pipe server status list to awk, filter out unnecessary stuff, # combine lines that relate to same server into single lines which are saved as array, # loop through array to format info, # print array and sort according to options, # add numbers to list for menu LIST_SERVERS=$(awk -F '[.]' \ 'BEGIN{OFS=";"} \ /^servers/ && !/ip_/ && !/country_code/ {c=$2; \ if (c in servers) servers[c]=servers[c] OFS $3; \ else servers[c]=$3; \ for (k in servers) gsub(/;bw=/, " :", servers[k]); \ for (k in servers) gsub(/;bw_max=/, "/", servers[k]); \ for (k in servers) gsub(/;currentload=/, " :", servers[k]); \ for (k in servers) gsub(/;health=/, "%:", servers[k]); \ for (k in servers) gsub(/;.*=/, ":", servers[k]); \ for (k in servers) gsub(/^.*=/, "", servers[k])} \ END{for (c in servers) print servers[c]}' "/tmp/.airvpn_server_list.txt" | sort -t ":" $1) LIST_SERVERS=$( echo "$LIST_SERVERS" | sed 's/:/;/' ) } function sort_list_countries { LIST_COUNTRIES=$(awk -F '[.]' \ 'BEGIN{OFS=";"} \ /^countries/ && (/country_name/ || /country_code/) {c=$2; \ if (c in countries) countries[c]=countries[c] OFS $3; \ else countries[c]=$3; \ for (k in countries) gsub(/;.*=/, ":", countries[k]); \ for (k in countries) gsub(/^.*=/, "", countries[k])} \ END{for (c in countries) print countries[c]}' "/tmp/.airvpn_server_list.txt" | sort -t ":" -d) } function get_userinfo { SERVICE_NAME="userinfo" # filter specific lines, save values (after "=") to variables after protecting whitespace read U_LOGIN U_EXP U_CONNECTED U_DEVICE U_SERVER_NAME U_SERVER_COUNTRY U_SERVER_LOCATION U_TIME <<< $( \ timeout --signal=SIGINT 10 curl -s "$URL$SERVICE_NAME/?key=$API_KEY&format=$FORMAT" | \ awk -F '[=]' \ 'BEGIN{ORS=";"} \ /^user.login|^user.expiration_days|^user.connected|^sessions.*device_name|^connection.server_name|^connection.server_country=|^connection.server_location|^connection.connected_since_date/ \ {print $2}' | \ sed 's/\ /\\\ /g' | sed 's/;/\ /g' \ ) if [ "$U_CONNECTED" = "true" ] then U_CONNECTED="connected" U_SERVER_FULL="$U_SERVER_NAME ($U_SERVER_LOCATION, $U_SERVER_COUNTRY)" U_TIME=$(date -d "$U_TIME UTC" +"%a %d. %b %Y %H:%M:%S") else U_CONNECTED="not connected" U_SERVER_FULL="--" U_TIME="--" fi } function connect_server { if [ "$KILLED" = "true" ] then DATE=$( date +%Y%m%d ) LOG_NAMES=($( ls "$LOG_PATH" | grep hummingbird.*log | sort -d )) LOG_NR=${#LOG_NAMES[@]} LOG_CURRENT="$LOG_PATH/hummingbird_current_$DATE.log" # if no log files should be kept, discard current logfile after process finishes, otherwise append to log file of current date if [ "$LOG_DAYS" = "0" ] then LOG_FINISH="/dev/null" else LOG_FINISH="$LOG_PATH/hummingbird_$DATE.log" fi if [ "$LOG_NR" -gt "0" ] then # check if newest log file is from today and if not, increase counter, so with the upcoming logfile the file limit will be kept if [ ! $( echo ${LOG_NAMES[-1]/#hummingbird_/} | cut -d "." -f 1 ) = "$DATE" ] then LOG_NR=$(( $LOG_NR+1 )) fi # check if more logs (including the upcoming one) are present than there should be and if so, remove oldest ones if [ "$LOG_NR" -gt "$LOG_DAYS" ] then cd "$LOG_PATH" rm "${LOG_NAMES[@]:0:(( $LOG_NR-$LOG_DAYS ))}" cd - fi fi # run hummingbird in background and detached from current window, write output to logfile, read it from there to dialog and catch sign of successful connection # hummingbird's timeout option is used, so it has enough time after sleep to recover without trying forever; TIMEOUT variable is used to try another server after some time when it is reasonable to not expect a successful connection anymore (sudo hummingbird $HUM_OPTIONS --network-lock "$NETFILTER_HUM" --timeout "$TIMEOUT_REC" --server "$1"."$DOMAIN" "$CONFIG_PATH" &> "$LOG_CURRENT"; notify-send "AirVPN" "Hummingbird process has finished."; sleep 1; cat "$LOG_CURRENT" >> "$LOG_FINISH"; rm "$LOG_CURRENT") & tail -f -n 5 "$LOG_CURRENT" | dialog --backtitle "$BACKTITLE" --title "Connecting to AirVPN (Server: $1) ..." --progressbox 20 80 & tail -f -n 5 "$LOG_CURRENT" | timeout --signal=SIGINT "$TIMEOUT_CON" grep -q -m 1 "EVENT: CONNECTED" INIT_EXIT=$? pkill -f tail.*hummingbird_current if [ "$INIT_EXIT" = "0" ] then sleep 1 get_userinfo notify-send "AirVPN" "VPN connection successfully established to AirVPN's server $U_SERVER_FULL." else U_CONNECTED="error during connection attempt" U_SERVER_FULL="--" U_TIME="--" sudo pkill -2 hummingbird notify-send "AirVPN" "Connection attempt to an AirVPN server has failed." # need to wait long enough, so "current" log file is deleted before next connection attempt, otherwise file counter will be too high and delete other log files (takes arount +20ms, but sometimes more, so better to add 1s) sleep 2 fi else U_CONNECTED="error during disconnection" U_SERVER_FULL="--" U_TIME="--" fi } function connect_openconnect { if [ "$KILLED" = "true" ] then DATE=$( date +%Y%m%d ) LOG_NAMES=($( ls "$LOG_PATH" | grep openconnect.*log | sort -d )) LOG_NR=${#LOG_NAMES[@]} # if no log files should be kept, discard current logfile after process finishes, otherwise append to log file of current date if [ "$LOG_DAYS" = "0" ] then LOG_FINISH="/dev/null" else LOG_FINISH="$LOG_PATH/openconnect_$DATE.log" fi if [ "$LOG_NR" -gt "0" ] then # check if newest log file is from today and if not, increase counter, so with the upcoming logfile the file limit will be kept if [ ! $( echo ${LOG_NAMES[-1]/#openconnect_/} | cut -d "." -f 1 ) = "$DATE" ] then LOG_NR=$(( $LOG_NR+1 )) fi # check if more logs (including the upcoming one) are present than there should be and if so, remove oldest ones if [ "$LOG_NR" -gt "$LOG_DAYS" ] then cd "$LOG_PATH" rm "${LOG_NAMES[@]:0:(( $LOG_NR-$LOG_DAYS ))}" cd - fi fi ALT_SERVER=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 1) ALT_GROUP=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 2) ALT_USER=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 3) ALT_PASS=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 4) ALT_OPTS=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 5) echo "$ALT_PASS" | (sudo openconnect $ALT_OPTS --authgroup=$ALT_GROUP --user=$ALT_USER --passwd-on-stdin $ALT_SERVER &> "$LOG_PATH/openconnect_current_$DATE.log"; notify-send "Openconnect" "Openconnect process has finished."; sleep 1; cat "$LOG_PATH/openconnect_current_$DATE.log" >> "$LOG_FINISH"; rm "$LOG_PATH/openconnect_current_$DATE.log") & timeout --signal=SIGINT 3 tail -f -n 20 "$LOG_PATH/openconnect_current_$DATE.log" | dialog --backtitle "$BACKTITLE" --title "Connecting via openconnect ..." --timeout 5 --programbox 20 80 U_CONNECTED="connected" U_SERVER_FULL="$ALT_SERVER" U_TIME=$(date +"%a %d. %b %Y %H:%M:%S") else U_CONNECTED="error during disconnection" U_SERVER_FULL="--" U_TIME="--" fi } function disconnect_server { # check for running instance of hummingbird HUM_PID=$( pgrep hummingbird ) if [ $? = 0 ] then # kill process and wait for confirmation from process output # check if running instance of hummingbird is writing to logfile and if so, listen there for confirmation sudo ls -l "/proc/$HUM_PID/fd" | grep hummingbird_current &> /dev/null if [ $? = 0 ] then sudo pkill -2 hummingbird & tail -f -n 5 "$LOG_PATH/hummingbird_current_"* | dialog --backtitle "$BACKTITLE" --title "Disconnecting from AirVPN ..." --progressbox 20 80 & tail -f -n 5 "$LOG_PATH/hummingbird_current_"* | timeout --signal=SIGINT 3 grep -q -m 1 "Thread finished" pkill -f tail.*hummingbird_current else # in case connection was started without this script sudo pkill -2 hummingbird sleep 2 fi # give some time to completely close process, without sleep it's too early for new connection sleep 1 pgrep hummingbird &> /dev/null if [ $? = 1 ] then KILLED1="true" notify-send "AirVPN" "VPN connection has been stopped successfully." else KILLED1="false" notify-send "AirVPN" "An error has occured during the disconnection attempt." fi else KILLED1="true" fi # check for running instance of openconnect pgrep -f "openconnect.*--" &> /dev/null if [ $? = 0 ] then pkill -2 -f "openconnect.*--" sleep 1 pgrep -f "openconnect.*--" &> /dev/null if [ $? = 1 ] then KILLED2="true" notify-send "AirVPN" "VPN connection to openconnect has been stopped successfully." # somehow openconnect doesn't receive SIGINT and shuts down improperly, # so vpnc can't restore resolv.conf by itself sudo cp "/var/run/vpnc/resolv.conf-backup" "/etc/resolv.conf" else KILLED2="false" notify-send "AirVPN" "An error has occured during the attempt to disconnect from openconnect." fi else KILLED2="true" fi if [ "$KILLED1" = "true" -a "$KILLED2" = "true" ] then KILLED="true" else KILLED="false" fi } function toggle_lock { if [ "$1" = "activate" ] then if [ "$NETFILTER" = "iptables-legacy" ] then sudo iptables-legacy-save > "${NETFILTER_RULES_IPTABLES}ipv4.backup" sudo ip6tables-legacy-save > "${NETFILTER_RULES_IPTABLES}ipv6.backup" sudo iptables-legacy-restore < "${NETFILTER_RULES_IPTABLES}ipv4" sudo ip6tables-legacy-restore < "${NETFILTER_RULES_IPTABLES}ipv6" elif [ "$NETFILTER" = "iptables" ] then sudo iptables-save > "${NETFILTER_RULES_IPTABLES}ipv4.backup" sudo ip6tables-save > "${NETFILTER_RULES_IPTABLES}ipv6.backup" sudo iptables-restore < "${NETFILTER_RULES_IPTABLES}ipv4" sudo ip6tables-restore < "${NETFILTER_RULES_IPTABLES}ipv6" elif [ "$NETFILTER" = "nft" ] then # put command to flush ruleset at top of backup file, so when it is loaded to restore the old rules, all previous rules are deleted in the same transaction (would take 2 transacions otherwise) echo "flush ruleset" > "${NETFILTER_RULES_NFTABLES}.backup" sudo nft list ruleset >> "${NETFILTER_RULES_NFTABLES}.backup" sudo nft -f "${NETFILTER_RULES_NFTABLES}" fi elif [ "$1" = "deactivate" ] then if [ "$NETFILTER" = "iptables-legacy" ] then if [ -s "${NETFILTER_RULES_IPTABLES}ipv4.backup" ] then sudo iptables-legacy-restore < "${NETFILTER_RULES_IPTABLES}ipv4.backup" sudo rm "${NETFILTER_RULES_IPTABLES}ipv4.backup" else sudo iptables-legacy -F sudo iptables-legacy -t nat -F fi if [ -s "${NETFILTER_RULES_IPTABLES}ipv6.backup" ] then sudo ip6tables-legacy-restore < "${NETFILTER_RULES_IPTABLES}ipv6.backup" sudo rm "${NETFILTER_RULES_IPTABLES}ipv6.backup" else sudo ip6tables-legacy -F sudo ip6tables-legacy -t nat -F fi elif [ "$NETFILTER" = "iptables" ] then if [ -s "${NETFILTER_RULES_IPTABLES}ipv4.backup" ] then sudo iptables-restore < "${NETFILTER_RULES_IPTABLES}ipv4.backup" sudo rm "${NETFILTER_RULES_IPTABLES}ipv4.backup" else sudo iptables -F sudo iptables -t nat -F fi if [ -s "${NETFILTER_RULES_IPTABLES}ipv6.backup" ] then sudo ip6tables-restore < "${NETFILTER_RULES_IPTABLES}ipv6.backup" sudo rm "${NETFILTER_RULES_IPTABLES}ipv6.backup" else sudo ip6tables -F sudo ip6tables -t nat -F fi elif [ "$NETFILTER" = "nft" ] then if [ -s "${NETFILTER_RULES_NFTABLES}.backup" ] then sudo nft -f "${NETFILTER_RULES_NFTABLES}.backup" sudo rm "${NETFILTER_RULES_NFTABLES}.backup" else sudo nft flush ruleset fi fi else return 1 fi check_lock if [ "$LOCK_ACTIVE" = "inactive" ] then dialog --backtitle "$BACKTITLE" --title "Default Network Lock Inactive" --msgbox "$MISSINGRULES" $HEIGHT $WIDTH elif [ "$LOCK_ACTIVE" = "active" ] then dialog --backtitle "$BACKTITLE" --title "Default Network Lock Active" --timeout 3 --msgbox "The default network lock is active." $HEIGHT $WIDTH else return 1 fi } function check_lock { if [ "$NETFILTER" = "iptables-legacy" ] then # load rules from ruleset file into array (only -A rules (append) are loaded), prefix with iptables or ip6tables command as fitting, change -A (append) to -C (check) mapfile -t IPRULESIPV4 < <(grep -e "-A " "${NETFILTER_RULES_IPTABLES}ipv4" | sed -e 's/^\(.*\)/sudo iptables-legacy \1/' -e 's/\ -A / -C /') mapfile -t IPRULESIPV6 < <(grep -e "-A " "${NETFILTER_RULES_IPTABLES}ipv6" | sed -e 's/^\(.*\)/sudo ip6tables-legacy \1/' -e 's/\ -A / -C /') LOCK_ACTIVE="error while checking" # only checks for presence of rules, not for order; if not present in default table (filter), check in other tables MISSINGRULES="The following rules are not present:\n" for i in "${IPRULESIPV4[@]}" do eval "$i" &> /dev/null if [ ! $? = "0" ] then eval "${i/legacy/legacy -t nat}" &> /dev/null fi if [ ! $? = "0" ] then eval "${i/legacy/legacy -t mangle}" &> /dev/null fi if [ ! $? = "0" ] then eval "${i/legacy/legacy -t raw}" &> /dev/null fi if [ ! $? = "0" ] then eval "${i/legacy/legacy -t security}" &> /dev/null fi if [ ! $? = "0" ] then MISSINGRULES="$MISSINGRULES\nIPv4: $i" LOCK_ACTIVE="inactive" fi done for i in "${IPRULESIPV6[@]}" do eval "$i" &> /dev/null if [ ! $? = "0" ] then eval "${i/legacy/legacy -t nat}" &> /dev/null fi if [ ! $? = "0" ] then eval "${i/legacy/legacy -t mangle}" &> /dev/null fi if [ ! $? = "0" ] then eval "${i/legacy/legacy -t raw}" &> /dev/null fi if [ ! $? = "0" ] then eval "${i/legacy/legacy -t security}" &> /dev/null fi if [ ! $? = "0" ] then MISSINGRULES="$MISSINGRULES\nIPv6: $i" LOCK_ACTIVE="inactive" fi done if [ "$LOCK_ACTIVE" = "inactive" ] then MISSINGRULES="${MISSINGRULES//sudo iptables -C /}\n\nPlease check manually." MISSINGRULES="${MISSINGRULES//sudo ip6tables -C /}" else LOCK_ACTIVE="active" fi elif [ "$NETFILTER" = "iptables" ] then # load rules from ruleset file into array (only -A rules (append) are loaded), prefix with iptables or ip6tables command as fitting, change -A (append) to -C (check) mapfile -t IPRULESIPV4 < <(grep -e "-A " "${NETFILTER_RULES_IPTABLES}ipv4" | sed -e 's/^\(.*\)/sudo iptables \1/' -e 's/\ -A / -C /') mapfile -t IPRULESIPV6 < <(grep -e "-A " "${NETFILTER_RULES_IPTABLES}ipv6" | sed -e 's/^\(.*\)/sudo ip6tables \1/' -e 's/\ -A / -C /') LOCK_ACTIVE="error while checking" # only checks for presence of rules, not for order; if not present in default table (filter), check in other tables MISSINGRULES="The following rules are not present:\n" for i in "${IPRULESIPV4[@]}" do eval "$i" &> /dev/null if [ ! $? = "0" ] then eval "${i/tables/tables -t nat}" &> /dev/null fi if [ ! $? = "0" ] then eval "${i/tables/tables -t mangle}" &> /dev/null fi if [ ! $? = "0" ] then eval "${i/tables/tables -t raw}" &> /dev/null fi if [ ! $? = "0" ] then eval "${i/tables/tables -t security}" &> /dev/null fi if [ ! $? = "0" ] then MISSINGRULES="$MISSINGRULES\nIPv4: $i" LOCK_ACTIVE="inactive" fi done for i in "${IPRULESIPV6[@]}" do eval "$i" &> /dev/null if [ ! $? = "0" ] then eval "${i/tables/tables -t nat}" &> /dev/null fi if [ ! $? = "0" ] then eval "${i/tables/tables -t mangle}" &> /dev/null fi if [ ! $? = "0" ] then eval "${i/tables/tables -t raw}" &> /dev/null fi if [ ! $? = "0" ] then eval "${i/tables/tables -t security}" &> /dev/null fi if [ ! $? = "0" ] then MISSINGRULES="$MISSINGRULES\nIPv6: $i" LOCK_ACTIVE="inactive" fi done if [ "$LOCK_ACTIVE" = "inactive" ] then MISSINGRULES="${MISSINGRULES//sudo iptables -C /}\n\nPlease check manually." MISSINGRULES="${MISSINGRULES//sudo ip6tables -C /}" else LOCK_ACTIVE="active" fi elif [ "$NETFILTER" = "nft" ] then # only checks if named tables from netfilter config file are present NFT_LOCK_TABLES=$( sudo nft list ruleset | grep "_lock" | wc -l ) if [ "$NFT_LOCK_TABLES" -ge "3" ] then LOCK_ACTIVE="active" else LOCK_ACTIVE="inactive" MISSINGRULES="The default network lock is deactivated. The nft tables with rules for the default network lock are not loaded." fi else return 1 fi } function yesno { dialog \ --backtitle "$BACKTITLE" \ --title "$1" \ --clear \ --yesno "$2" \ $HEIGHT $WIDTH EXIT_STATUS=$? } get_userinfo # if currently connected by openconnect, set status to unknown (connection could have been established outside of this script) pgrep -f "openconnect.*--" &> /dev/null if [ $? = 0 ] then U_CONNECTED="connected (openconnect)" U_SERVER_FULL="unknown" U_TIME="unknown" fi # set default message for network lock status, so password doesn't have to be entered when starting the script to check status if [ "$NETFILTER" = "none" ] then LOCK_ACTIVE="None of the supported network filters are available, so the default network lock cannot be used." else LOCK_ACTIVE="Select option 8 to check lock status." fi while true; do exec 3>&1 selection=$(dialog \ --cr-wrap \ --backtitle "$BACKTITLE" \ --title "Main Menu" \ --clear \ --cancel-label "Quit" \ --menu "This is a control script for VPN connections, primarily for AirVPN's Hummingbird client.\nThis script can be exited and re-entered without affecting a running connection.\n\nUser: $U_LOGIN\nDays Until Expiration: $U_EXP\n\nDefault Network Lock: $LOCK_ACTIVE\n\nStatus: $U_CONNECTED\nServer: $U_SERVER_FULL\nConnected Since: $U_TIME\n\nPlease select one of the following options:" $HEIGHT $WIDTH 9 \ "0" "Connect to Recommended Server" \ "1" "Connect to Recommended Server of Country" \ "2" "Connect to Specific Server" \ "3" "Connect to Random Server" \ "4" "Set Options for Hummingbird" \ "5" "Connect via Openconnect" \ "6" "Disconnect" \ "7" "Refresh User Info" \ "8" "Check Default Network Lock Status" \ "9" "Toggle Default Network Lock" \ 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) yesno "Quit" "Exit Script?" case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) break ;; esac ;; esac case $selection in 0 ) PASS_PROMPT="Connecting to and disconnecting from AirVPN with hummingbird requires root privileges. Please enter your password:" check_sudo if [ $? = "0" ] then disconnect_server #get_list DOMAIN="vpn.airdns.org" INIT_EXIT="1" connect_server "earth" if [ ! "$INIT_EXIT" = "0" ] then count="1" for s in "${SERVERS_BEST_EU[@]}" do connect_server "$s" if [ "$INIT_EXIT" = "0" ] then break else (( count++ )) fi if [ "$count" -ge 5 ] then break fi done fi if [ ! "$INIT_EXIT" = "0" ] then for s in "${SERVERS_BEST_REST[@]}" do connect_server "$s" if [ "$INIT_EXIT" = "0" ] then break else (( count++ )) fi if [ "$count" -ge 7 ] then notify-send "AirVPN" "Connection unsuccessful after $count failed attempts." break fi done fi fi ;; 1 ) if [ ! -s "/tmp/.airvpn_server_list.txt" ] then get_list fi while true do sort_list_countries IFS=$':\n' exec 3>&1 COUNTRY_NAME=$(dialog \ --backtitle "$BACKTITLE" \ --title "Country List" \ --colors \ --no-collapse \ --column-separator ":" \ --menu "Choose a country from the list to connect to.\n\n\Zb Country Country Code\ZB" \ 30 50 31 $LIST_COUNTRIES 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- IFS=$' \t\n' case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) break ;; $DIALOG_OK) PASS_PROMPT="Connecting to and disconnecting from AirVPN with hummingbird requires root privileges. Please enter your password:" check_sudo if [ $? = "0" ] then SELECTED_COUNTRY=$(printf -- '%s\n' "${LIST_COUNTRIES[@]}" | grep "^$COUNTRY_NAME" | cut -d ":" -f 2 ) disconnect_server DOMAIN="vpn.airdns.org" connect_server "$SELECTED_COUNTRY" break fi ;; esac done ;; 2 ) while true; do exec 3>&1 SERVER_SORT=$(dialog \ --backtitle "$BACKTITLE" \ --title "Sort Server List" \ --no-collapse \ --ok-label "sort ascending" \ --extra-button \ --extra-label "sort descending" \ --menu "Please choose how you want to sort the server list." \ 14 0 7 \ "1" "Name" \ "2" "Country" \ "3" "Location" \ "4" "Continent" \ "5" "Bandwidth" \ "6" "Users" \ "7" "Load" \ 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) break ;; $DIALOG_EXTRA) SERVER_SORT_OPTION="r" ;; $DIALOG_OK) SERVER_SORT_OPTION="" ;; esac if [ "$SERVER_SORT" = "5" -o "$SERVER_SORT" = "6" -o "$SERVER_SORT" = "7" ] then SERVER_NUM_OPTION="n" else SERVER_NUM_OPTION="" fi if [ ! -s "/tmp/.airvpn_server_list.txt" ] then get_list fi while true do sort_list_servers "-k$SERVER_SORT,$SERVER_SORT$SERVER_SORT_OPTION$SERVER_NUM_OPTION" IFS=$';\n' exec 3>&1 SELECTED_SERVER=$(dialog \ --backtitle "$BACKTITLE" \ --title "Server List" \ --colors \ --no-collapse \ --extra-button \ --extra-label "Refresh List" \ --column-separator ":" \ --menu "Choose a server from the list to connect to it. (Press ESC to go back.)\n\n\Zb Name Country Location Continent Bandwidth Users Load Health\ZB" \ 40 102 31 $LIST_SERVERS 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- IFS=$' \t\n' case $EXIT_STATUS in $DIALOG_CANCEL) break 2 ;; $DIALOG_ESC) break ;; $DIALOG_EXTRA) get_list ;; $DIALOG_OK) PASS_PROMPT="Connecting to and disconnecting from AirVPN with hummingbird requires root privileges. Please enter your password:" check_sudo if [ $? = "0" ] then disconnect_server DOMAIN="airvpn.org" connect_server "$SELECTED_SERVER" break 2 fi ;; esac done done ;; 3 ) PASS_PROMPT="Connecting to and disconnecting from AirVPN with hummingbird requires root privileges. Please enter your password:" check_sudo if [ $? = "0" ] then disconnect_server get_list INIT_EXIT="1" count="0" while [ ! "$INIT_EXIT" = "0" ] do i="0" while [ $i -le 20 ] do RAN_SERVER_NM=$( grep -E "servers\..+\.public_name" /tmp/.airvpn_server_list.txt | shuf -n1 | cut -d "." -f 2 ) RAN_SERVER_HEALTH=$( grep "servers\.$RAN_SERVER_NM\.health" /tmp/.airvpn_server_list.txt | cut -d "=" -f 2 ) if [ "$RAN_SERVER_HEALTH" = "ok" ] then RAN_SERVER=$( grep "servers\.$RAN_SERVER_NM\.public_name" /tmp/.airvpn_server_list.txt | cut -d "=" -f 2 ) break fi (( i++ )) done if [ "$i" -eq 20 ] then break elif [ "$count" -ge 7 ] then notify-send "AirVPN" "Connection unsuccessful after $count failed attempts." break fi DOMAIN="airvpn.org" connect_server "$RAN_SERVER" (( count++ )) done fi ;; 4 ) exec 3>&1 HUM_OPTIONS=$(dialog \ --backtitle "$BACKTITLE" \ --title "Set custom Hummingbird options" \ --extra-button \ --extra-label "Make options permanent" \ --form "If you want to use custom options for hummingbird, you can enter them here.\nType them like you would in the command line, separated by a space (e. g. --proto tcp --ignore-dns-push).\nNote that the options --timeout, --network-lock and --server are already used and can't be set here.\nThese options will override the ones you might have set in configuration file and will only be used for connections you make until you close the script. You can make them permanent with the button below (navigate with <TAB>)." $HEIGHT $WIDTH 5 \ "Options:" 5 1 "$HUM_OPTIONS" 5 10 50 100 \ 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_EXTRA) sed -i -e '/^HUM_OPTIONS/d' "$VPNCONTROL_CONFIG" echo "HUM_OPTIONS=\"$HUM_OPTIONS\"" >> "$VPNCONTROL_CONFIG" ;; $DIALOG_OK) ;; esac ;; 5 ) exec 3>&1 # adjust field lengths if necessary CONNECT_INFO=$(dialog \ --backtitle "$BACKTITLE" \ --title "VPN via openconnect" \ --insecure \ --mixedform "Please provide your login credentials to connect to a VPN via openconnect:\n(Leave unneeded fields blank and type options as in command line, separated by space.)" $HEIGHT $WIDTH 6 \ "Server:" 1 1 "" 1 21 25 0 0 \ "Group:" 2 1 "" 2 21 25 0 0 \ "User:" 3 1 "" 3 21 25 0 0 \ "Password:" 4 1 "" 4 21 25 0 1 \ "Additional Options:" 5 1 "--no-dtls" 5 21 25 0 0 \ 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) PASS_PROMPT="Establishing OpenVPN connections requires root privileges. Please enter your password:" check_sudo if [ $? = "0" ] then disconnect_server connect_openconnect fi ;; esac ;; 6 ) PASS_PROMPT="Disconnecting from AirVPN with hummingbird requires root privileges. Please enter your password:" check_sudo if [ $? = "0" ] then disconnect_server if [ "$KILLED" = "true" ] then get_userinfo else U_CONNECTED="error during disconnection" U_SERVER_FULL="--" U_TIME="--" fi fi ;; 7 ) get_userinfo ;; 8 ) if [ "$NETFILTER" = "none" ] then dialog --backtitle "$BACKTITLE" --title "Network Lock Not Available" --timeout 3 --msgbox "$LOCK_ACTIVE" 10 35 else pgrep hummingbird &> /dev/null if [ $? = 0 ] then dialog --backtitle "$BACKTITLE" --title "Check Default Network Lock" --timeout 8 --msgbox "Default network lock can only be checked when hummingbird is not running since it has it's own network lock overriding the default one." 10 35 else PASS_PROMPT="Checking network traffic rules requires root privileges. Please enter your password:" check_sudo check_lock if [ "$LOCK_ACTIVE" = "inactive" ] then dialog --backtitle "$BACKTITLE" --title "Default Network Lock Inactive" --msgbox "$MISSINGRULES" $HEIGHT $WIDTH elif [ "$LOCK_ACTIVE" = "active" ] then dialog --backtitle "$BACKTITLE" --title "Default Network Lock Active" --timeout 3 --msgbox "The default network lock is active." $HEIGHT $WIDTH else return 1 fi fi fi ;; 9 ) if [ "$NETFILTER" = "none" ] then dialog --backtitle "$BACKTITLE" --title "Network Lock Not Available" --timeout 3 --msgbox "$LOCK_ACTIVE" 10 35 else pgrep hummingbird &> /dev/null if [ $? = 0 ] then dialog --backtitle "$BACKTITLE" --title "Toggle Network Lock" --timeout 3 --msgbox "You need to be disconnected to change network traffic rules." 10 35 else check_lock if [ "$LOCK_ACTIVE" = "inactive" ] then yesno "Toggle Network Lock" "Are you sure you want to activate the default network lock and block all connections while not connected to (any) VPN?" case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) PASS_PROMPT="Changing network traffic rules requires root privileges. Please enter your password:" check_sudo if [ $? = "0" ] then toggle_lock "activate" fi ;; esac elif [ "$LOCK_ACTIVE" = "active" ] then yesno "Toggle Network Lock" "Are you sure you want to deactivate the default network lock and allow all connections, even when not connected to a VPN?" case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) PASS_PROMPT="Changing network traffic rules requires root privileges. Please enter your password:" check_sudo if [ $? = "0" ] then toggle_lock "deactivate" fi ;; esac else return 1 fi fi fi ;; esac done clear This is the script that tries to establish a connection at boot. /usr/local/bin/airvpn_boot.sh #!/bin/bash # script to connect to recommended AirVPN server, created to be used in systemd unit at boot # check if necessary programs are installed PROGRAMS=( hummingbird curl ) MISSING="false" for p in "${PROGRAMS[@]}" do command -v $p $> /dev/null if [ ! $? = "0" ] then MISSING="true" fi done if [ "$MISSING" = "true" ] then exit fi # check which network filter is available (determined NETFILTER will be overriden if set in config file) NETFILTERS_AVAILABLE=( iptables iptables-legacy nft ) NETFILTER="none" for n in "${NETFILTERS_AVAILABLE[@]}" do command -v $n $> /dev/null if [ $? = "0" ] then NETFILTER="$n" break fi done # source variables which are subject to change from config file source "/home/<USER>/.vpncontrol/config/vpncontrol.conf" # set network-lock argument for hummingbird depending on available backends if [ "$NETFILTER" = "nft" ] then NETFILTER_HUM="nftables" elif [ "$NETFILTER" = "iptables" -o "$NETFILTER" = "iptables-legacy" ] then NETFILTER_HUM="iptables" else NETFILTER_HUM="on" fi # in order to correctly send notifications via notify-send as root, DISPLAY variable must be set (only on X, not on Wayland) and DBUS_SESSION_BUS_ADDRESS (automatically set based on username) #DISPLAY=:0 USER_ID=$( id -u $SCRIPT_USER ) DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$USER_ID/bus" function activate_lock { # use detour with cat because SELinux denies direct read/write access for iptables and nft (actually nft was only denied write access, couldn't read for other permission reason, but this way it works) if [ "$NETFILTER" = "iptables-legacy" ] then iptables-legacy-save | cat > "${NETFILTER_RULES_IPTABLES}ipv4.backup" ip6tables-legacy-save | cat > "${NETFILTER_RULES_IPTABLES}ipv6.backup" cat "${NETFILTER_RULES_IPTABLES}ipv4" | iptables-legacy-restore cat "${NETFILTER_RULES_IPTABLES}ipv6" | ip6tables-legacy-restore elif [ "$NETFILTER" = "iptables" ] then iptables-save | cat > "${NETFILTER_RULES_IPTABLES}ipv4.backup" ip6tables-save | cat > "${NETFILTER_RULES_IPTABLES}ipv6.backup" cat "${NETFILTER_RULES_IPTABLES}ipv4" | iptables-restore cat "${NETFILTER_RULES_IPTABLES}ipv6" | ip6tables-restore elif [ "$NETFILTER" = "nft" ] then # put command to flush ruleset at top of backup file, so when it is loaded to restore the old rules, all previous rules are deleted in the same transaction (would take 2 transacions otherwise) echo "flush ruleset" > "${NETFILTER_RULES_NFTABLES}.backup" nft list ruleset | cat >> "${NETFILTER_RULES_NFTABLES}.backup" cat "${NETFILTER_RULES_NFTABLES}" | nft -f - fi } function connect_server { DATE=$( date +%Y%m%d ) # names and number of currently present logs LOG_NAMES=($( ls "$LOG_PATH" | grep hummingbird.*log | sort -d )) LOG_NR=${#LOG_NAMES[@]} # if no log files should be kept, discard current logfile after process finishes, otherwise append to log file of current date if [ "$LOG_DAYS" = "0" ] then LOG_FINISH="/dev/null" else LOG_FINISH="$LOG_PATH/hummingbird_$DATE.log" fi # check if newest log file is from today and if not, increase counter, so with the upcoming logfile the file limit will be kept and create final log file as user, so the user can write to it later if [ "$LOG_NR" -gt "0" ] then if [ ! $( echo ${LOG_NAMES[-1]/#hummingbird_/} | cut -d "." -f 1 ) = "$DATE" ] then LOG_NR=$(( $LOG_NR+1 )) if [ ! "$LOG_DAYS" = "0" ] then su "$SCRIPT_USER" -c "touch $LOG_FINISH" fi fi # check if more logs (including the upcoming one) are present than there should be and if so, remove oldest ones if [ "$LOG_NR" -gt "$LOG_DAYS" ] then cd "$LOG_PATH" rm "${LOG_NAMES[@]:0:(( $LOG_NR-$LOG_DAYS ))}" cd - fi else su "$SCRIPT_USER" -c "touch $LOG_FINISH" fi su "$SCRIPT_USER" -c "notify-send 'AirVPN' 'Connecting to AirVPN ...'" # run hummingbird in background (and send notification when process finishes), pipe output to log (hummingbird $HUM_OPTIONS --network-lock "$NETFILTER_HUM" --timeout "$TIMEOUT_REC" --server "$1".vpn.airdns.org "$CONFIG_PATH" &>> "$LOG_PATH/hummingbird_current_$DATE.log"; su "$SCRIPT_USER" -c "notify-send.sh 'AirVPN' 'Hummingbird process has finished.'"; sleep 1; cat "$LOG_PATH/hummingbird_current_$DATE.log" >> "$LOG_FINISH"; rm "$LOG_PATH/hummingbird_current_$DATE.log") & # monitor log to catch sign of successful connection tail -f -n 5 "/$LOG_PATH/hummingbird_current_$DATE.log" | timeout --signal=SIGINT "$TIMEOUT_CON" grep -q -m 1 "EVENT: CONNECTED" INIT_EXIT=$? pkill -f tail.*hummingbird_current if [ "$INIT_EXIT" = "0" ] then # send notification as regular user for it to be sent and displayed correctly su "$SCRIPT_USER" -c "notify-send 'AirVPN' 'VPN connection successfully established.'" exit else pkill -2 hummingbird su "$SCRIPT_USER" -c "notify-send 'AirVPN' 'Connection attempt to an AirVPN server has failed.'" # need to wait long enough, so "current" log file is deleted before next connection attempt, otherwise file counter will be too high and delete other log files (takes around +20ms, but sometimes more, so better to add 1s) sleep 2 fi } INIT_EXIT="1" if [ "$DEFAULT_NETLOCK" = "enabled" ] then activate_lock fi # try to connect to recommended servers (first EU, then rest of the world; change order/adjust server lists if desired) connect_server "earth" if [ ! "$INIT_EXIT" = "0" ] then # count connection attempts in order to stop after certain number count="1" for s in "${SERVERS_BEST_EU[@]}" do connect_server "$s" if [ $INIT_EXIT = "0" ] then break else (( count++ )) fi if [ "$count" -ge 3 ] then break fi done fi if [ ! "$INIT_EXIT" = "0" ] then for s in "${SERVERS_BEST_REST[@]}" do connect_server "$s" if [ $INIT_EXIT = "0" ] then break else (( count++ )) fi if [ "$count" -ge 5 ] then su "$SCRIPT_USER" -c "notify-send 'AirVPN' 'Connection unsuccessful after '$count' failed attempts." break fi done fi exit This is the configuration file for both of the scripts. Most necessary adjustments can be made here, so the scripts don't have to be edited (except for correctly pointing at this file). $HOME/.vpncontrol/config/vpncontrol.conf #!/bin/bash # This file is part of the VPNControl configuration. # settings for AirVPN control scripts (airvpn_boot.sh and VPNControl.sh) # user in whose directory all the necessary files are stored (usually you); this is just used for this configuration file to make paths easier to change, but paths can also be changed individually SCRIPT_USER="<USER>" # path to ovpn configuration file; make sure to use absolute path without variables like $HOME since boot script is run as root CONFIG_PATH="/home/$SCRIPT_USER/.vpncontrol/config/AirVPN_All-servers_UDP-443.ovpn" # path to directory for log files (don't put a trailing slash); make sure to use absolute path without variables like $HOME since boot script is run as root LOG_PATH="/home/$SCRIPT_USER/.vpncontrol/logs" # number of days for which logs are being kept (last days with connections via hummingbird, don't have to be consecutive); if "0" there will still be a log for the current connection which will be deleted after the connection ends LOG_DAYS="3" # seconds for which the connection to a server should be attempted before aborting (and when not trying to connect to a specific server moving on to the next one) TIMEOUT_CON="12" # seconds for which hummingbird should try to restore the connection in case connectivity is lost (mostly relevant after computer wakes up from sleep; this uses hummingbird's own --timeout option, but not sure how it handles it: if it applies to dropped VPN connection itself, network interface being down or only pausing the process e.g. by sleep) TIMEOUT_REC="60" # order of countries (and continents to try overall recommended server first) when trying recommended servers SERVERS_BEST_EU=( europe nl be at bg ch cz de ee es gb lv no ro rs se ua ) SERVERS_BEST_REST=( america asia ca us jp br hk sg ) # backend for default network lock, will by default use (just like hummingbird) the first available of iptables, iptables-legacy or nft; uncomment if you want to use a specific one of those #NETFILTER="nft" # uncomment if you want to lock down the system by default (applies the default network lock at boot) #DEFAULT_NETLOCK="enabled" # path to file with rules for default network lock (needs to be present only for used backend, but both can be specified) NETFILTER_RULES_IPTABLES="/home/$SCRIPT_USER/.vpncontrol/config/netfilter_iptables.rules" NETFILTER_RULES_NFTABLES="/home/$SCRIPT_USER/.vpncontrol/config/netfilter_nftables.rules" # API key to access user specific AirVPN info API_KEY="<YOUR PERSONAL API KEY>" # set custom options for hummingbird like in the commented example; will be temporarily overwritten if you enter new ones in the control script #HUM_OPTIONS="--proto tcp --ignore-dns-push" This is the systemd unit file that integrates the boot script into the system's boot process. It has to be owned by root. /etc/systemd/system/airvpn.service [Unit] Description=AirVPN Client (hummingbird) Wants=network-online.target After=network-online.target [Service] Type=forking ExecStart=/usr/bash /usr/local/bin/airvpn_boot.sh Restart=no [Install] WantedBy=multi-user.target These are the configuration files for the default network lock using iptables. These rules block all IPv4 traffic by default except some things like local traffic and traffic to airvpn.org. The rules in the second file block all IPv6 traffic. $HOME/.vpncontrol/config/netfilter_iptables.rulesipv4 # This file is part of the VPNcontrol configuration. # default network lock iptables rules for IPv4 traffic # nat table: optional masquerade rule (NAT/ports) *nat :PREROUTING ACCEPT :INPUT ACCEPT :OUTPUT ACCEPT :POSTROUTING ACCEPT -A POSTROUTING -o tun+ -j MASQUERADE COMMIT # mangle table: no rules applied *mangle :PREROUTING ACCEPT :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT :POSTROUTING ACCEPT COMMIT # raw table: no rules applied *raw :PREROUTING ACCEPT :OUTPUT ACCEPT COMMIT # security table: no rules applied *security :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT COMMIT # filter table: all traffic blocked with some exceptions: *filter :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT # allow loopback IN -A INPUT -i lo -j ACCEPT # allow broadcastin/dhcp IN -A INPUT -s 255.255.255.255/32 -j ACCEPT # allow communication for established connections (that were allowed with these rules) -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # block all other incoming traffic -A INPUT -j DROP # allow tun device to communicate (so any VPN connection should be possible, also without Air, but respective DNS requests must be allowed)) -A FORWARD -o tun+ -j ACCEPT -A FORWARD -i tun+ -j ACCEPT # allow loopback OUT -A OUTPUT -o lo -j ACCEPT # allow LAN OUT -A OUTPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT # allow link-local OUT -A OUTPUT -s 169.254.0.0/16 -d 169.254.0.0/16 -j ACCEPT # allow broadcastin/dhcp OUT -A OUTPUT -d 255.255.255.255/32 -j ACCEPT # allow IPv4 traffic via UDP and TCP only to airvpn.org for status update # allow DNS query to resolve hostname (hex string reads "06 airvpn 03 org" - numbers are counting bits), # restrict packet length to length of this specific request package (might change?) to avoid hijacking of query (very unlikely I guess, but who cares if we're already being paranoid for the fun of it), # whitelist destination IP for TCP handshake -A OUTPUT -p udp -m udp --dport 53 -m string --hex-string "|0661697276706e036f7267|" --algo bm --to 65535 -m length --length 0:126 -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 53 -m string --hex-string "|0661697276706e036f7267|" --algo bm --to 65535 -m length --length 0:126 -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource -j ACCEPT # allow SYN request to whitelisted IP to initiate handshake, remove IP from whitelist -A OUTPUT -p tcp -m tcp --dport 53 --tcp-flags FIN,SYN,RST,ACK SYN -m recent --remove --name DEFAULT --mask 255.255.255.255 --rsource -j ACCEPT # allow outgoing connection to Air's IP -A OUTPUT -d 5.196.64.52/32 -j ACCEPT # allow tun device to communicate (so any VPN connection should be possible, also without Air, but respective DNS requests must be allowed)) -A OUTPUT -o tun+ -j ACCEPT # block all other outgoing traffic -A OUTPUT -j DROP COMMIT $HOME/.vpncontrol/config/netfilter_iptables.rulesipv6 # This file is part of the VPNcontrol configuration. # iptables rules for IPv6 traffic # nat table: no rules applied *nat :PREROUTING ACCEPT :INPUT ACCEPT :OUTPUT ACCEPT :POSTROUTING ACCEPT COMMIT # mangle table: no rules applied *mangle :PREROUTING ACCEPT :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT :POSTROUTING ACCEPT COMMIT # raw table: no rules applied *raw :PREROUTING ACCEPT :OUTPUT ACCEPT COMMIT # security table: no rules applied *security :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT COMMIT # filter table: block all traffic *filter :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT -A INPUT -j DROP -A OUTPUT -j DROP COMMIT This is the configuration file for the default network lock using nftables. These rules block all IPv4 traffic by default except some things like local traffic and traffic to airvpn.org. They also block all IPv6 traffic. $HOME/.vpncontrol/config/netfilter_nftables.rules flush ruleset table inet nat_lock { chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; } chain INPUT { type nat hook input priority 100; policy accept; } chain OUTPUT { type nat hook output priority -100; policy accept; } chain POSTROUTING { type nat hook postrouting priority srcnat; policy accept; oifname "tun*" masquerade comment "optional masquerade rule (NAT/ports)" } } table ip filter_lock { set whitelist { type ipv4_addr; flags timeout; } chain INPUT { type filter hook input priority filter; policy drop; iifname "lo" accept comment "allow loopback IN" ip saddr 255.255.255.255/32 accept comment "allow broadcastin/dhcp IN" ct state established,related accept comment "allow communication for established connections (that were allowed with these rules)" } chain FORWARD { type filter hook forward priority filter; policy drop; oifname "tun*" accept iifname "tun*" accept } chain OUTPUT { type filter hook output priority filter; policy drop; oifname "lo" accept comment "allow loopback OUT" ip saddr 192.168.0.0/16 ip daddr 192.168.0.0/16 accept comment "allow LAN OUT" ip saddr 169.254.0.0/16 ip daddr 169.254.0.0/16 accept comment "allow link-local OUT" ip daddr 255.255.255.255/32 accept comment "allow broadcastin/dhcp OUT" # allow DNS query to resolve hostname (hex string reads "06 airvpn 03 org" (prefixed with 0x, suffixed with 00) - numbers are counting bits), whitelist destination IP for TCP handshake" udp dport 53 @th,160,120 0x0661697276706e036f726700 meta length 0-126 update @whitelist { ip saddr } accept comment "allow DNS query to resolve hostname" tcp dport 53 @th,160,120 0x0661697276706e036f726700 meta length 0-126 update @whitelist { ip saddr } accept comment "allow DNS query to resolve hostname" tcp dport 53 tcp flags & (fin|syn|rst|ack) == syn update @whitelist { ip saddr timeout 1s } accept comment "allow SYN request to whitelisted IP to initiate handshake, remove IP from whitelist" ip saddr @whitelist accept comment "allow outgoing traffic from addresses in whitelist" ip daddr 5.196.64.52/32 accept comment "allow outgoing connection to Air's IP" # allow tun device to communicate (so any VPN connection should be possible, also without Air, but respective DNS requests must be allowed) oifname "tun*" accept comment "allow tun device to communicate" } } table ip6 filter_lock { chain INPUT { type filter hook input priority filter; policy drop; } chain FORWARD { type filter hook forward priority filter; policy drop; } chain OUTPUT { type filter hook output priority filter; policy drop; } } VPNConrol.tar VPNControl.tar
  10. 1 point
    eburom

    ANSWERED Status Icon

    Hi, I guess your problem is that you have eddie set to start minimized to tray. If that's the case, run eddie-ui from the command line and look for a line that says "Profile path:" Something like: Profile path: /usr/lib/eddie-ui/default.profile I don't use eddie-ui now and I was used to an xml as a profile path where you could change options easily but this file seems to be binary data. Anyway, here is where your options (such as start minimized to tray) are stored. Rename it, or move it to somewhere else (as a backup and run eddie-ui again. You will have to write your credential back and set your preferred option again, just don't check in start minimized until you fix the icon showing in system tray.
  11. 1 point
    The driver update/change has resolved this issue. It's been functional for almost a week now. thanks for you help.
  12. 1 point
    Yes, I got to witness the same symptoms with qB v4.2.5 as you describe, Mr. Camponotus – all connections are really sluggish. I reverted to v4.1.5 from Debian stable and everything is back in working order, except that qB wants to recheck all torrents again.
  13. 1 point
    I am mostly an uploader. I tried qbittorrent 3 weeks before after hearing it quite often here and on other sides. Dont know if it was the version giganerd mentioned. But with my tests, it was really unrelaiable with uploads. My BiglyBT was way faster in connecting and uploading to the same torrents (and other torrents of course to have clean connections without others knowing me already over peer exchange ect) and clients i tried with qbittorrent. BiglyBT is like BitTyrant, which was modded Azureus after his "bad" successor Vuze appeared.
  14. 1 point
    I just added in IPv6 support on my pfSense box, using AirVPN and a VLAN. Note that I already had the VPN VLAN setup and working correctly with IPv4, so this guide is only about what needed to be changed to add in IPv6 support. Recently, AirVPN has implemented IPv6 across their servers. Provided you are running a recent version of OpenVPN (>= 2.4), and you adjust your client configuration properly, you will be assigned an IPv6 address along with the typical IPv4 address. In my setup, I’m using pfSense as my firewall / router, and have several VLANs configured for various purposes. One of these VLANs is specifically for VPN usage. So the question becomes, how to take the single IPv6 address assigned from AirVPN and make it usable on a VLAN, for multiple hosts. This setup is severely sub-optimal, as IPv6 was designed to avoid NAT (there are what, 3.4x10^38 available addresses?). Given that the design of the protocol and AirVPN’s implementation are at odds, there are some problems that you will encounter. The most annoying being that browsers don’t want to use your IPv6 address, and you will continue to use IPv4, despite having everything setup “correctly.” It may be possible to overcome this with some per-host modifications (on Linux, look to /etc/gai.conf), but that is perhaps not maintainable in the long run. This problem stems from the fact that the address Air is providing is a Unique Local Address (ULA), which, by definition, is not globally routable. This address gets translated at Air’s servers into a normal, globally routable, address. But what the software on your machine sees is a ULA, and since that isn’t a globally routable IP address, the software will prefer the IPv4 address, where it is understood that NAT will probably be used. Given this implementation, I am not convinced it is worth it to setup IPv6 in this type of configuration. Having said all that, here is how I configured things to get IPv6 “working” with AirVPN on a pfSense VLAN: 1: Get an IPv6 address from AirVPN Assuming you are running a recent release of pfSense, you should have the necessary OpenVPN version for this to work (I’m on pfSense 2.4.4, which is using OpenVPN 2.4.6). Go into your OpenVPN client configuration and set “Protocol” to “UDP IPv4 and IPv6 on all interfaces (multihome)” scroll down to “Custom options” and make sure you have these 2 lines: push-peer-info; setenv UV_IPV6 yes; Save, and possibly restart the service. You should now have both IPv4 and IPv6 addresses assigned to your VPN connection 2: Create a new Gateway I can’t remember if the gateway was automatically created at this point. If not, Add a new gateway. If one was auto created, edit it. Then Make sure Interface is set to the VPN Address family is IPv6 Give it a name (VPN1_WAN_IPv6 in my case) I’ve left everything else at default settings, then set a description, and Save and reload 3: Modify your VPN VLAN From the “Interfaces” menu, select your VPN VLAN entry, then Set “IPv6 Configuration Type” to “Static IPv6” Scroll down to the “Static IPv6 Configuration” section and set an address and prefix. I chose a “random” ULA (FDxx:xxxx:xxxx:10::1). Obviously, choose hex characters in place of the “x”s and the “10” matches my vlan number. Set the prefix to /64 Leave the “use IPv4 connectivity” unchecked and the gateway set to “None” Save and reload 4: Configure Router Advertisements and/or DHCPv6 From the “Services” menu, select “DHCPv6 Server & RA” - then choose your VLAN. In my setup, I’m not bothering with DHCP, just using SLACC, so I go directly to the “Router Advertisements” tab. Set Router Mode to unmanaged Priority to Normal You may choose to put your IPv6 DNS server into the DNS configuration section (I believe Air’s server is fde6:7a:7d20:4::1 Leave everything else as is (blank) Save and reload 5: Set NAT Rules From the “Firewall” menu, select “NAT”, then go to the “Outbound” tab Click the second “Add” button Set “Interface” to your VPN gateway “Address Family” is “IPv6” Source type is “network” Source network is the ULA you setup earlier (“Fdxx:xxxx:xxxx:10::/64”) I did this using an alias. Note that the subnet drop down doesn’t list anything above a /32 (it’s meant for IPv4), so I left it at /32. Seems to work anyway. The Translation Address should be set to “Interface Address” Add in a description, if you wish, and Save and reload 6: Set Firewall Rules From the “Firewall” menu, select “Rules” and then the appropriate VLAN tab Click the second “Add” button “Action” is “Pass” “Interface” is your VLAN “Address Family” is “IPv6” Set the rules appropriately for your situation. In my case, just to get things working, I set “Protocol” to “Any” “Source” to “[VLAN] net” Click the “Display Advanced” button Scroll down to “Gateway” and select your previously configured VPN IPv6 gateway Save and reload NOTE: Be sure to move the rule you just created into the correct spot in your rules list! Remember, the rules are checked in order, so if you have a deny rule above your new pass rule in the list, it won’t work. At this point I rebooted pfSense and my VPN client machine. I now have an IPv6 address, assigned from the ULA block I setup. Visiting https://ipleak.net shows I have both IPv4 and IPv6 connectivity. Going to https://test-ipv6.com gives me a 10/10, but with the note that the browser is avoiding using the IPv6 address. See the note from AirVPN Staff about this: https://airvpn.org/topic/25140-the-issue-your-browser-is-avoiding-ipv6/ Hopefully this is helpful to someone out there. MrFricken
  15. 1 point
    Hi. I just downloaded the teatv apk for android to my S8 but I couldn't access the app, it didn't work. I have reloaded but it still has the same problem. Does anyone know what problem I'm having and what is the way to fix it?
  16. 1 point
    I strongly recommend Tixati, it have IP Filter. It works well with AirVPN.
  17. 1 point
    qB and Deluge are recommended all the time around here.
  18. 1 point
    SurprisedItWorks

    R7800 AirVPN Weird Problem

    One more resource re dd-wrt config for AirVPN: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321856 I wrote this as I first brought my first dd-wrt router online with AirVPN, and as a new Air user, I had not yet become familiar with these Air forums. So it is posted in the dd-wrt forum.
  19. 1 point
    Staff

    Hummingbird randomly stopped working

    Hello! When you enter suspension state systemd sends SIGHUP to processes.Hummingbird reacts with "restart connection" when it receives SIGHUP. Core dump is unexpected and under investigation. @eburom The systemd unit is formally correct. Kind regards
  20. 1 point
    Does it work without a VPN connection? Anyway, if you really want to talk about qBittorrent here, make sure you're doing it exactly like this. Hell of a bug report, I cry out of joy
  21. 1 point
    So you mean that this method does not work? A router is probably your best bet, then.
  22. 1 point
    Markex

    ANSWERED Connection issues

    I reinstalled openvpn program and now everything seems to working so it wasn't airvpn fault. Thanks for replies and sorry for my false accusations towards airvpn. Cheers
  23. 1 point
    iwih2gk

    AirVpn on Onion works well!

    I wanted to comment that onion surfing in this forum works great. Your onion link fires up quickly on my machines. When possible I like to connect using onion. Staff, thank you for continuing to improve as we move along here. Fantastic Service!!
  24. 1 point
    Staff

    Hummingbird 1.0.3 released

    Hello! We're glad to inform you that Hummingbird 1.0.3 has just been released. Hummingbird is a free and open source software by AirVPN for: Linux x86-64 Linux ARM 32 (example: Raspbian for Raspberry Pi) Linux ARM 64 macOS (Mojave or higher version required) - please do not miss important notes on macOS below based on OpenVPN3-AirVPN 3.6.4 library supporting CHACHA20-POLY1305 cipher on OpenVPN Data Channel and Control Channel. Hummingbird is very fast and has a tiny RAM footprint. AES-CBC and AES-GCM are supported as well. Version 1.0.3 uses OpenVPN3-AirVPN 3.6.4 library which had major modifications: IPv6 compatibility has been improved override logic has been improved a critical bug related to a main branch regression for TCP connections has been fixed Important: if you build Hummingbird please make sure to align to AirVPN library 3.6.4. You can't build Hummigbird 1.0.3 with library versions older than 3.6.4. Hummingbird is not aimed to Android but you can have CHACHA20-POLY1305 on Android too: please run our software Eddie Android edition, which uses our OpenVPN3-AirVPN library. Important notes for macOS users From now on we provide both a notarized version and a non-notarized version of Hummingbird for macOS. The notarized version is available essentially for those users who required it, but it is not recommended. The notarized version will run without blocks by Apple's Gatekeeper, but will let Apple correlate your real IP address, Apple ID and other data potentially disclosing your identity to the fact that you run, and when you did it for the first time, an application by AirVPN. If that's not acceptable for you, just download the tarball package .tar.gz (it is NOT notarized and NOT signed with our Apple developer ID on purpose) and include it in the exceptions to run non-notarized programs. In the future that could be no more allowed, but at the moment it is. For a more thorough explanations on important privacy issues caused by Apple and notarization please see for example here https://lapcatsoftware.com/articles/notarization-privacy.html and here https://lapcatsoftware.com/articles/catalina-executables.html Notes for Linux users x86-64 version requires a reasonably recent distribution (at least on par with Debian 9 kernel and libraries) based on systemd. A version compatible with SysVInit is anyway planned armv7l version (32 bit) has been tested in Raspberry Pi 3 and 4 with Raspbian 10. It will not run in Raspbian 9 (libraries are too old) aarch64 version (for 64 bit ARM) has been tested in Raspberry Pi4 with Ubuntu 19 and Ubuntu 20 for ARM 64 bit TCP queue limit If you connect over TCP, Hummingbird will set by default a minimum TCP outgoing queue size of 512 packets to avoid TCP_OVERFLOW errors. If you need a larger queue in TCP, the following option is now available from command line, in addition to profile directive tcp-queue-limit: --tcp-queue-limit n where n is the amount of packets. Legal range is 1-65535. We strongly recommend you to allow at least 512 packets as queue limit (default value). Larger queues are necessary when you connect in TCP and need a lot of open connections with sustained (continuous) but not necessarily high throughput, for example if you run a BitTorrent software. In such cases you can enlarge the queue as much as you need, until you stop getting TCP_OVERFLOW. It's not uncommon from our community as well as our internal tests to set 4000 packets queue limit to prevent any TCP overflow. If you connect over UDP, you can ignore all of the above. Network Lock Network Lock prevents traffic leaks outside the VPN tunnel through firewall rules. Hummingbird 1.0.3 widens --network-lock option arguments. The following arguments are now accepted: on | off | iptables | nftables | pf (default: on). If you specify on argument, or you omit --network-lock option, Hummingbird will automatically detect and use the infrastructure available on your system. Hummingbird picks the first available infrastructure between iptables-legacy, iptables, nftables and pf. Note: command line options, when specified, override profile directives, when options and profile directives have the same purpose. Binaries download URL https://gitlab.com/AirVPN/hummingbird/-/tree/master/binary Complete instructions https://airvpn.org/hummingbird/readme/ Hummingbird source code https://gitlab.com/AirVPN/hummingbird OpenVPN3-AirVPN library source code https://github.com/AirVPN/openvpn3-airvpn OpenVPN3-AirVPN library Changelog Changelog 3.6.4 AirVPN - Release date: 23 May 2020 by ProMIND - [ProMIND] [2020/05/23] completely changed the logics controlling overrides (server, port and protocol) client/ovpncli.cpp: parse_config() Properly assigned serverOverride, portOverride and protoOverride to eval.remoteList client/ovpncli.cpp: parse_config() In case serverOverride is set, remoteList is cleared and recreated with just one item containing serverOverride client/ovpncli.cpp: parse_config() In case portOverride or protoOverride is set, all the items in remoteList are changed accordingly openvpn/client/remotelist.hpp: Added public method set_transport_protocol_override() to assign the override protocol to all items in remoteList openvpn/client/cliopt.hpp: ClientOptions() now calls remote_list->set_transport_protocol_override() instead of remote_list->handle_proto_override() Hummingbird Changelog Changelog 1.0.3 - 3 June 2020 - [ProMIND] Removed --google-dns (enable Google DNS fallback) option - [ProMIND] Improved flushing logics for pf - [ProMIND] Updated to OpenVPN3-airvpn 3.6.4 *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0.2 - 4 February 2020 - [ProMIND] Updated to OpenVPN3-AirVPN 3.6.3 - [ProMIND] Added --tcp-queue-limit option - [ProMIND] --network-lock option now accepts firewall type and forces hummingbird to use a specific firewall infrastructure *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0.1 - 24 January 2020 - [ProMIND] Updated to OpenVPN3-AirVPN 3.6.2 *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 - 27 December 2019 - [ProMIND] Production release *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 RC2 - 19 December 2019 - [ProMIND] Better management of Linux NetworkManager and systemd-resolved in case they are both running - [ProMIND] Log a warning in case Linux NetworkManager and/or systemd-resolved are running *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 RC1 - 10 December 2019 - [ProMIND] Updated asio dependency *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 beta 2 - 6 December 2019 - [ProMIND] Updated to OpenVPN 3.6.1 AirVPN - [ProMIND] macOS now uses OpenVPN's Tunnel Builder - [ProMIND] Added --ignore-dns-push option for macOS - [ProMIND] Added --recover-network option for macOS *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 beta 1 - 28 November 2019 - [ProMIND] Added a better description for ipv6 option in help page - [ProMIND] --recover-network option now warns the user in case the program has properly exited in its last run - [ProMIND] NetFilter class is now aware of both iptables and iptables-legacy and gives priority to the latter *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 alpha 2 - 7 November 2019 - [ProMIND] DNS resolver has now a better management of IPv6 domains - [ProMIND] DNS resolver has now a better management of multi IP domains - [ProMIND] Minor bug fixes *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 alpha 1 - 1 November 2019 - [ProMIND] Initial public release Kind regards & datalove AirVPN Staff
  25. 1 point
    Glad it helped. Just in case someone comes across these answer I would like to rectify a couple of things from what I learned lately. It seems I was wrong about hummingbird only changing the network lock at the very beginning. (At least for the current version of hummingbird: 1.0.3). The other day I got some connection problems that led my airvpn connection to a weird state (I posted the logs in the thread where hummingbird 1.0.3 was announced). In addition to the connections state, in the logs I could find that when the system decided to reconnect, DNS and network lock got restored (back to normal) before being set again. This means that any extra rule added with the second method I proposed would get overwritten and lost. I also think that hummingbirds decision of restoring the network lock and DNS even though being for a moment is a risky move from a security point of view. (But I'm not an expert here). The part of the logs that make me think this: ... Sun Jun 7 00:58:19.242 2020 ERROR: HANDSHAKE_TIMEOUT Sun Jun 7 00:58:33.957 2020 ERROR: KEY_STATE_ERROR Sun Jun 7 00:59:19.061 2020 ERROR: KEY_STATE_ERROR Sun Jun 7 00:59:19.169 2020 ERROR: N_KEV_EXPIRE Sun Jun 7 00:59:19.169 2020 ERROR: N_KEV_EXPIRE Sun Jun 7 00:59:19.242 2020 ERROR: KEV_NEGOTIATE_ERROR Sun Jun 7 00:59:19.242 2020 ERROR: HANDSHAKE_TIMEOUT Sun Jun 7 00:59:19.242 2020 Session invalidated: KEV_NEGOTIATE_ERROR Sun Jun 7 00:59:19.242 2020 Client terminated, restarting in 2000 ms... Sun Jun 7 00:59:19.242 2020 net_route_del: 8000::/1 via fde6:7a:7d20:c9c::1 dev tun0 table 0 metric 0 Sun Jun 7 00:59:19.242 2020 net_route_del: ::/1 via fde6:7a:7d20:c9c::1 dev tun0 table 0 metric 0 Sun Jun 7 00:59:19.243 2020 net_route_del: 128.0.0.0/1 via 10.16.156.1 dev tun0 table 0 metric 0 Sun Jun 7 00:59:19.243 2020 net_route_del: 0.0.0.0/1 via 10.16.156.1 dev tun0 table 0 metric 0 Sun Jun 7 00:59:19.243 2020 net_addr_del: fde6:7a:7d20:c9c::107c/64 dev tun0 Sun Jun 7 00:59:19.243 2020 net_addr_del: 10.16.156.126/24 dev tun0 Sun Jun 7 00:59:19.243 2020 net_iface_mtu_set: mtu 1500 for tun0 Sun Jun 7 00:59:19.243 2020 net_iface_up: set tun0 down Sun Jun 7 00:59:19.244 2020 net_route_del: 185.183.106.2/32 via 192.168.1.1 dev enp62s0u1u2 table 0 metric 0 Sun Jun 7 00:59:19.244 2020 Sun Jun 7 00:59:21.240 2020 EVENT: RECONNECTING Sun Jun 7 00:59:21.241 2020 Successfully restored DNS settings Sun Jun 7 00:59:21.295 2020 Network filter successfully restored Sun Jun 7 00:59:21.295 2020 ERROR: N_RECONNECT Sun Jun 7 00:59:21.296 2020 EVENT: RESOLVE Sun Jun 7 00:59:21.296 2020 Network filter and lock is using iptables-legacy Sun Jun 7 00:59:21.313 2020 Successfully loaded kernel module iptable_filter Sun Jun 7 00:59:21.334 2020 Successfully loaded kernel module iptable_nat Sun Jun 7 00:59:21.340 2020 Successfully loaded kernel module iptable_mangle Sun Jun 7 00:59:21.345 2020 Successfully loaded kernel module iptable_security Sun Jun 7 00:59:21.351 2020 Successfully loaded kernel module iptable_raw Sun Jun 7 00:59:21.356 2020 Successfully loaded kernel module ip6table_filter Sun Jun 7 00:59:21.372 2020 Successfully loaded kernel module ip6table_nat Sun Jun 7 00:59:21.378 2020 Successfully loaded kernel module ip6table_mangle Sun Jun 7 00:59:21.383 2020 Successfully loaded kernel module ip6table_security Sun Jun 7 00:59:21.389 2020 Successfully loaded kernel module ip6table_raw Sun Jun 7 00:59:21.392 2020 Network filter successfully initialized Sun Jun 7 00:59:21.392 2020 Local IPv4 address 192.168.1.7 Sun Jun 7 00:59:21.392 2020 Local interface enp62s0u1u2 Sun Jun 7 00:59:21.392 2020 Local interface wlp2s0 Sun Jun 7 00:59:21.392 2020 Setting up network filter and lock Sun Jun 7 00:59:21.392 2020 Allowing system DNS 127.0.0.1 to pass through the network filter Sun Jun 7 00:59:21.392 2020 Adding IPv4 server 185.183.106.2 to network filter Sun Jun 7 00:59:21.411 2020 Network filter and lock successfully activated Sun Jun 7 00:59:21.411 2020 Contacting 185.183.106.2:443 via UDP Sun Jun 7 00:59:21.411 2020 EVENT: WAIT Sun Jun 7 00:59:21.411 2020 net_route_del: 185.183.106.2/32 via 192.168.1.1 dev enp62s0u1u2 table 0 metric 0 Sun Jun 7 00:59:21.411 2020 sitnl_send: rtnl: generic error: No such process (-3) Sun Jun 7 00:59:21.411 2020 net_route_best_gw query IPv4: 185.183.106.2/32 Sun Jun 7 00:59:21.411 2020 sitnl_route_best_gw result: via 192.168.1.1 dev enp62s0u1u2 Sun Jun 7 00:59:21.411 2020 net_route_add: 185.183.106.2/32 via 192.168.1.1 dev enp62s0u1u2 table 0 metric 0 Sun Jun 7 00:59:21.411 2020 Error while executing NetlinkRoute4(add: 0) enp62s0u1u2: -3 Sun Jun 7 00:59:21.411 2020 Connecting to [185.183.106.2]:443 (185.183.106.2) via UDPv4 Sun Jun 7 00:59:21.426 2020 EVENT: CONNECTING Sun Jun 7 00:59:21.426 2020 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client Sun Jun 7 00:59:21.426 2020 Peer Info: ...
  26. 1 point
    NoiselessOwl

    torrentday.com blocked/down?

    I am able to access it just fine with and without Eddie. I used Phoenix (American) and Sham (Canadian) servers and they both shows the site just fine.
  27. 1 point
    NoiselessOwl

    ANSWERED Connection issues

    Dang it! That's what happen if I don't drink my coffee in the morning and typing out the comment.
  28. 1 point
    NoiselessOwl

    Airvpn Roadmap

    😲😲😲 Really?! Wow, I did not know that. Now everything made sense. That is very impressive because Eddie is clearly a high quality software that are primary focused on function than form. I have so much respect for those developers, shouldering that massive task for developing the software for thousand users. Now that solidify my standing with AirVPN.
  29. 1 point
    Veep Peep

    Eddie 2.16.x-->2.18.9 Issue

    All fixed with AV support. Steps: reset Firewall rules netsh advfirewall reset Then reset my tap-9 adapter default gateway Hope this help others! Thanks for the super fast support! V
  30. 1 point
    Veep Peep

    AirVPN 10th birthday celebrations

    Happy Bday AirVPN!!! Keep up the solid work! Join in Jan. 2016
  31. 1 point
    air-fun

    AirVPN 10th birthday celebrations

    As always, I discovered this topic too late ... Can respected staff to clarify the deadlines to tariff plans with discounts? In the header message, I do not see anything about it. Thanks for the best VPN!
  32. 1 point
    Hi, not an expert but I've been using hummingbird for some time and I don't think there is such a fine tuning of the network lock designed in the application. Soon there will be a new release that might address such customization, or at least the "allow local network" and such options present in eddie (hummingbird allows it and that's it). As I see it, you have 2 options: 1. Handle your firewall yourself and launch hummingbird with network lock off. 2. Manually change the rules after running hummingbird with network lock. (The suggested method might not work, explained in a post below). For the first scenario you can inspect the rules set by hummingbird for network-llock and use those as an starting point. You will have to be careful guessing the AirVPN servers entry IP so hummingbird should succeed reaching to it. For the second, you can run hummingbird from a script that also adds the rules you need. #!/bin/bash /usr/bin/hummingbird /PathToMyFile/configFile.ovpn # Alter the rules here. So when you run it everything happens fast and automatically. For what I see, even the default policy is to DROP incoming packets network-lock adds a last DROP rule that might interfere before the rules you add so I guess that you should handle that too. So I guess your additional section should look something like: iptables -D INPUT -j DROP iptables -A INPUT YOUR_CUSTOM_INPUT_RULES ... iptables -A INPUT -j DROP And something similar for whatever output rule you need. I think Hummingbird only writes rules at the very beginning. In fact, it makes a backup of the current rules, and then sets its owns. (Extended explanation in a post below). When stopped (or called with --recover-network option) it restores the original ones. So this approach should be save. As a warning, I haven't tried any of this
  33. 1 point
    This might point the way: https://github.com/tool-maker/VPN_just_for_torrents/wiki/Maintaining-SSH-Access-Using-a-VPN-on-a-Remote-Linux-Server The title says "SSH", but it is about allowing any remote access via the real interface while the VPN is the default gateway. However the firewall rules there may conflict with what Hummingbird sets up (I do not know). You may have to drop "Network Lock" and re-implement it for yourself, with necessary adjustments. You could also extend the firewall rule that applies the "connection firewall mark" to only apply the mark for one port if you wanted.
  34. 1 point
    Staff

    Wireguard response from Mullvad

    @go558a83nk The main advantage over OpenVPN in terms of performance is the fact that Wireguard runs in the kernel space while OpenVPN runs in the userspace, Cipher CHACHA20 is available in OpenVPN too. It's slower than AES in AES-NI supporting systems, so it is very relevant only in those systems which do not support AES-NI, typically mobile and embedded devices based on ARM processors. So when Wireguard can't run in the kernel space (for example when you use it in Android or iOS) you lose that gain. The fact that Wireguard does not support TCP is bad for us, because it cuts out a very remarkable percentage of our users: those who have their ISP blocking or heavily shaping UDP, those who need to pass through some proxy (which supports only TCP) to get on to the Internet, and those who need to tunnel the VPN protocol over SSH or sTunnel. Kind regards
  35. 1 point
    Maybe I can help you with this. To be clear, are you on 1803 or 1909? If you are currently on 1803, you need to update it since 1803 is two years ago. and 1909 is the current version. The warning I would assumed you are talking about Windows Defender SmartScreen? If that is the case, then I am curious why Windows Defender is throwing the warning every time you open? Possible there is an issue with Windows Defenders that is likely causing problem with the newest version of Eddie? Did you check Windows Defenders to see if something is amiss? Can you check Event Viewer to see if there is something that it logged the issue? Press Start button, then type and click on Event Viewer. When the Event Viewer is open, expand Windows Logs then click Application. Give it a moment to load all of the events, do not worry if the app suddenly non-responsive. Just give it a time to load them all. It can take up to 10 minutes. Once it loaded, scan through the list to see if you have errors. If you know the date and time when this problem occurred, it will be easier to find the error than scanning through the list because Application views have all the programs in one list. You can use the Filter options in Actions sidebar. Click on Filter Current Log... then in that dialog, tick Critical, Warning and Error then click ok. The list will be shorter and easy for you to find. You should be looking for something related to Eddie, check the description that included Eddie-UI.exe. Hopefully it is logged that it would give a hint of what is going on. Can you find the report? Did you turn on the network lock before connecting? If you did, try to connect without the network lock enabled. It is likely that it need the server list to for it to know which to connect. Once it connected, you can disconnect the VPN then re-enable Network Lock, then it should be working normally. If that is not the case, then you need to post Eddie log which will provide us the clue of what is happening with Eddie.
  36. 1 point
    Hi to all, the latest Eddie 2.18.8 experimental released today, works with wintun, please test if interested. Go to https://openvpn.net/community-downloads/, at bottom "OpenVPN 2.5_git wintun technology preview", click the "here" link and install. If you already have the right "openvpn.exe", use it directly: Eddie will install the wintun driver when needed, and also create the adapter. Eddie -> Settings -> Advanced -> OpenVPN Custom Path -> choose your "openvpn.exe" from 2.5, if already installed probably it is "C:\Program Files\OpenVPN\bin\openvpn.exe". At this point, Eddie will use OpenVPN 2.5 (but still with standard TUN driver). Eddie -> Settings -> OVPN directives -> Custom directives, add "windows-driver wintun". At this point, Eddie will use the OpenVPN 2.5 with the newest Wintun driver.
  37. 1 point
    Please stay healthy everyone!
  38. 1 point
    Staff

    Hummingbird 1.0.2 released

    @ctri Please try to delete completely everything in /etc/airvpn and start again Hummingbird. Kind regards
  39. 1 point
    Personally I think that we should trust the Staff and AirVPN. We trust this service to protect our privacy, and AirVPN's mission statement (https://airvpn.org/mission/) is crystal clear. I don't think they are a bunch of lazy masochists who like scourging themselves with hundred of thousands lines of code instead of few thousands, they are people interested in standing by what they have written and when they say that they prefer using technologies validated, audited and tested they are just doing what we pay them for: protect OUR privacy and freedom; moreover, the service is not just used by Netflix users, torrenting people, and so on, but also by activists, NGOs, journalists and dissidents who can seriously risk their life if their privacy is left "unprotected" because the software they are using has not been properly and thoroughly tested. At the moment, to my knowledge, AirVPN is using the state of art (technically a bit more because they have improved OpenVPN forking it) of the VPN technologies to protect users' privacy both on desktop and mobile. When, and if, the time will come, and Wireguard will be the de facto industry standard (because audited, tested, validated in different case scenarios over the months/years) and will replace OpenVPN because it has 1) better performances 2) stronger user's privacy protection and it will be 3) easier to maintain I'm more than sure that it will be adopted also by AirVPN.
  40. 1 point
    LZ1

    Two new 1 Gbit/s servers available (UK)

    Hello! Perhaps you should start mentioning this in your posts by default, Staff - it's not a secret anyway and only raises the transparency levels further.
  41. 1 point
    Yes, it's annoying. I know your thinking, unknown TOR exit runners, you want to help the TOR network by providing one more exit node, because kind of I am afraid of possible legal consequences running a TOR exit node over my ISP line but now I'm behind a VPN and I want to help; it's okay so far. But it's not okay to not take into consideration that some of us use services and websites which constantly try to prevent TOR exit IPs from viewing them (not limited to TOR, some try to block all anonymizer services). A TOR server will be listed on a TOR exit servers list even after you shut it down and as long as it's there we suffer from blocks. Blocks we are trying to circumvent; that's what a proxy service is good for, right? In addition, AirVPN run two exits themselves. Given the bandwidth of these servers (100 MBit/s) I don't think your contribution is a great gain in overall TOR performance as your internet connection is most probably not that fast and not that stable (I assume you use your internet to watch Netflix, play games online and the like, creating traffic which lowers performance of the node). Third, you expose AirVPN and yourself to attacks from the internet by those who want to literally destroy TOR. Attacks on AirVPN's servers will cause line problems, line problems harm the user's experience. You as a TOR exit runner (although behind a VPN) expose yourself to attacks, too: It's not the AirVPN server who gets infected because a vulnerability in the TOR software is being abused; it's your computer. Your computer gets infected, and it's most probably your personal computer with your personal information on it. Your antivirus software is just a bunch of algorithms, too, it's not supposed to detect 100% of vulnerabilites in software and prevent their abuse. And: It's you who will be marked an extremist. If you think it's easy these days to help TOR you are mistaken. Maybe installation and setup is easy, to preserve your own security by running this piece of software sadly is not. So, before you start that TOR software again, think twice. Thank you.
  42. 0 points
    I did a new install in pfsense 2.4.5 following this guide. Everything looks good, but I cant seem to get ip from DHCP server on VLAN20 (VPN). This is from the log: Jul 4 14:22:09 dhcpd DHCPOFFER on 10.0.20.100 to 94:de:80:f8:59:d4 (VPN-PC) via igb2.20 Jul 4 14:22:09 dhcpd DHCPDISCOVER from 94:de:80:f8:59:d4 (VPN-PC) via igb2.20 So it seems like the DHCP server sees the client and offer an IP in the correct subnet, but there is no DHCPACK from the client afterwards. I tried with different machines also. Other VLANs works fine. Clients gets IPs. Something I forgot for VLAN20? Some firewall rule?
×
×
  • Create New...