Jump to content
Not connected, Your IP: 18.234.255.5

Leaderboard


Popular Content

Showing content with the highest reputation since 10/24/20 in all areas

  1. 6 points
    Staff

    Spooky Halloween 2020 deals

    Hello! We reluctantly have to announce gloomy news to you all: Spooky Halloween Deals are now available in AirVPN... Save up to 74% on AirVPN longer plans (*) (*) When compared to 1 month plan price Check all plans and discounts here: https://airvpn.org/plans If you're already our customer and you wish to jump aboard for a longer period any additional plan will be added on top of already existing subscriptions and you will not lose any day. Every plan gives you all the features that made AirVPN a nightmare for snoopers and a scary service for competitors: active OpenVPN 3 open source development ChaCha20 cipher on OpenVPN Data Channel for higher performance and longer battery life on tablets and smart phones IPv6 support, including IPv6 over IPv4 configurable remote port forwarding refined load balancing to squeeze every last bit per second from VPN servers free and open source software for Android, Linux, Mac and Windows easy "Configuration Generator" web interface for access through third party software guaranteed minimum bandwidth allocation GDPR compliance and very high standards for privacy protection no log and/or inspection of clients' traffic effective traffic leaks prevention by AirVPN software Tor support via AirVPN software on Linux, Mac and Windows various cryptocurrencies accepted without any intermediary crystal clear, easy to read Privacy Notice and Terms https://airvpn.org/privacy No tricks, only treats! Grim regards & datathrills AirVPN Staff
  2. 6 points
    Staff

    CHACHA20-POLY1305 on all servers

    Hello! We're very glad to announce all VPN servers progressive upgrade to Data Channel CHACHA20-POLY1305 cipher and TLS 1.3 support. UPDATE 18-Nov-2020: upgrade has been completed successfully on all AirVPN servers. The upgrade requires restarting OpenVPN daemons and some other service. Users connected to servers will be disconnected and servers during upgrade will remain unavailable for two minutes approximately. In order to prevent massive, simultaneous disconnections, we have scheduled a progressive upgrade in 15 days, starting from tomorrow 5 Nov 2020. Please see the exact schedule at the bottom of this post, in the attached PDF file. Servers marked as "OK" have been already upgraded and you can use CHACHA20-POLY1305 with them right now. When should I use CHACHA20-POLY1305 cipher on OpenVPN Data Channel? In general, you should prefer CHACHA20 over AES on those systems which do not support AES-NI (AES New Instructions). CHACHA20 is computationally less onerous, but not less secure, than AES for CPUs that can't rely on AES New Instructions. If you have an AES-NI supporting CPU and system, on the contrary you should prefer AES for higher performance. How can I use CHACHA20-POLY1305 on AirVPN? CHACHA20-POLY1035 on Data Channel is supported by OpenVPN 2.5 or higher versions and OpenVPN3-AirVPN library. In Eddie Android edition, open "Settings" > "AirVPN" > "Encryption algorithm" and select CHACHA20-POLY1305. Eddie Android edition will then filter and connect to VPN servers supporting CHACHA20-POLY1305 and will use the cipher both on Control and Data channels. In our web site Configuration Generator, after you have ticked "Advanced Mode", you can pick OpenVPN version >=2.5, and also select "Prefer CHACHA20-POLY1305 cipher if available". If you're generating a configuration file for Hummingbird, select OpenVPN3-AirVPN: the configuration file needs to be different, because some new directives of OpenVPN 2.5 are not supported in OpenVPN3, and Hummingbird is based on OpenVPN3-AirVPN. In Eddie desktop edition, upgrade to 2.19.6 version first. Then select the above mentioned option. However, most desktop computers support AES-NI, so make sure to check first, because using CHACHA20-POLY1305 on such systems will cause performance harm when you go above 300 Mbit/s (if you stay below that performance, probably you will not notice any difference). Also note that if your system does not have OpenVPN 2.5 or higher version you will not be able to use CHACHA20-POLY1305. If you wish to manually edit your OpenVPN 2.5 profile to prefer CHACHA20 on Data Channel when available: delete directive cipher add the following directive: data-ciphers CHACHA20-POLY1305:AES-256-GCM Pending Upgrade Server Schedule Kind regards and datalove AirVPN Staff
  3. 3 points
    Staff

    Wireguard plans

    @wireguard User "wireguard" is not an account with a valid AirVPN plan If you really wanted to show your support to AirVPN and prove that you are a customer, you would have written from an account with a valid plan. In reality, accounts like "wireguard" seem to be created with the only purpose to pump something and defame something else. From now on, write only from an account that has valid plan, to show that you are in good faith. Our plans about putting Wireguard into production in the near future have been published with a lot of details, albeit without a precise release date (and we have thoroughly explained why), so we will not write again for the nth time about them. About performance, please provide details as we do frequently. Currently we outperform Wireguard with our setup in AES-NI supporting systems, as you can see from our and our customers' tests, while Wireguard can outperform OpenVPN in CHACHA20 in non-AES-NI supporting systems. . When we put Wireguard into production, OpenVPN will stay, so investing in our own OpenVPN development is perfectly fine. Just a few reasons that make OpenVPN superior to Wireguard for many, different needs: it's faster than Wireguard in AES-NI supporting systems when it uses AES. Have a look here! it can be connected over stunnel, SSH, SOCKS5 and HTTP proxies, and Tor swiftly even for the above reason, for an ISP it's not so easy to block OpenVPN, while it's trivial to block Wireguard it supports TCP it supports dynamic IP address assignment it supports DNS push it does not hold in a file your real IP address when a connection is closed a significant part of our customers will not be able to use Wireguard effectively, simply because UDP is totally blocked in their countries or by their ISPs UDP blocking and heavy shaping are becoming more and more widespread among mobile ISPs, making Wireguard slower than OpenVPN in TCP even in mobile devices, or not working at all in mobility About Torvalds and Linux kernel, you only tell a part of the story. Wireguard was first put in some Linux kernel line when Wireguard was still in beta testing and no serious audit was performed, and not put in a kernel milestone release. A further note about battery draining you mentioned in one of your previous messages: our app Eddie Android edition and Wireguard, when used with the SAME bandwidth and the SAME cipher (CHACHA20-POLY1305), consume battery approximately in the same way, so that's yet another inessential point that does not support your arguments and show once more that our investments have been wise. Finally, let's spread a veil on your embarrassing considerations on ciphers, security, privacy and NSA. Let's underline only that CHACHA20.-POLY1305 is very strong, the cipher algorithm in itself (if implemented correctly) is not a Wireguard problem in any way. It would be a reason of deep concern if Wireguard needed OpenVPN defamation to convince us that it's a good software. Unfortunately various bogus accounts have been created with such assumption and purpose, and the hidden agenda is no more hidden. Kind regards
  4. 3 points
    Oh wow... . 2020.11.04 21:00:21 - OpenVPN > open_tun . 2020.11.04 21:00:21 - OpenVPN > wintun device [Local Area Connection] opened It worked ! First time ever on my computer. --- Edit: Wrong thread, now I see the other ones about Eddie 2.19.5, but... well, here it is, it works ! Microsoft Windows [Version 10.0.19042.572] ( aka 20H2 ), WinTUN driver installed and connection to AirVPN was blazing fast ! Typing this message through the VPN 😉
  5. 3 points
    Staff

    Eddie Desktop 2.19beta released

    Version 2.19.5 (Wed, 04 Nov 2020 11:22:24 +0000) [bugfix] Minor bugfixes [bugfix] Occasionally wrong order in DNS restoring [change] OpenVPN 2.5.0 - Hummingbird 1.1.0 [change] Minor changes The primary objective of this version is OpenVPN 2.5.0. Other issues are still under investigation, thx. AUR (Arch repository) will be updated ASAP.
  6. 2 points
    Staff

    Wireguard plans

    @Flx The first message was approved by some moderator in the wrong thread, not a big deal. Then we moved the message on its own thread, this one. Then user "wireguard" posted more messages which were all approved by some moderator. @Brainbleach Of course. We were replying to "wireguard" who invites surreptitiously to punish AirVPN because AirVPN uses and develops actively OpenVPN: "Needless to say, investing in AirVPN means investing in OpenVPN, and that's not acceptable to me at this point," . He/she also kept claiming that "it's time to retire OpenVPN" (sic), that OpenVPN is a "truly disgusting hack" (sic) and so on,. showing his/her embarrassing ignorance and lack of good faith. Nothing to do with your messages. Funny how bogus account writers are so eager to become from time to time AirVPN software lead developers, general managers for AirVPN strategies, marketing directors and more. 😀 We wanted to prove beyond any reasonable doubt that his/her claim are unreasonable and based on wrong assumptions and terrible omissions, showing how Wireguard can not replace OpenVPN for a significant percentage of our customers and how our OpenVPN development has been beneficial for many users around the world. That said, we claimed that Wireguard needed to be developed and tested further years ago, so at the time our claim was totally reasonable. We also claimed years ago that the problem was not with CHACHA20 which to the best of nowadays knowledge is a very robust and secure cipher. Now the problems are different because Wireguard is asked to offer something which it was not designed for, i.e. providing some kind of anonymity layer. Such problems include lack of DNS push, lack of dynamic IP address assignment (with subsequent problems with client key-private address static correspondence, a very tough legal problem for us but above all for our customers), need of keeping client real IP address stored in a file. We have resolved them one by one with external software and internal work around. Once the problems are resolved in a robust way, which means testing thoroughly the adopted work-around, we can offer Wireguard, not earlier. Kind regards
  7. 2 points
    Staff

    NetworkLock on macOS 11

    @jeuia3e9x74uxu6wk0r2u9kdos @korsko @Overkill Hello! Both AirVPN software for macOS, Eddie and Hummingbird, enforce Network Lock via pf rules, therefore nothing changes and leaks prevention stays as effective as usual even in macOS Big Sur. Kind regards
  8. 2 points
    Clodo, thanks. 2.19.6. is working great, stay safe🤗 Just 1 thing. Should in settings networking layer inside tunnel ipv4 if issue is deteced be ticked. It isn't by default! ipv6 is. Thanks
  9. 2 points
    Clodo

    Eddie Desktop 2.19beta released

    All of your: please retry the latest beta version, contain the fix. Thanks.
  10. 2 points
    Clodo

    Eddie Desktop 2.19beta released

    Hi, we compile Eddie with Raspberry OS 64 beta (based on Debian). I don't have currently an Ubuntu rPI for testing. Anyway in the latest release we fix a bug related to elevation in CLI mode under Linux, please recheck. Please note also that aarch64 edition of Eddie include OpenVPN 2.4.8 (armv7 and other platform include the latest 2.5.0). This because OpenVPN build process is not still updated to support aarch64, it's a pending issue.
  11. 2 points
    abang

    ipleak.net DNS zone is broken

    This conclusion is wrong. I did not talk about the "Authority records". I wrote, the AA-bit in the DNS Flags is not set. And this violates the DNS protocol! Actually a "PowerDNS Recursor" can not resolve your domain name because the AA-bit was not set. And this is not a PowerDNS fault! It must be a configuration fault.
  12. 2 points
    After installing the Wintun adapters on my Win10 desktop PC a while back my dl speed rose from around 30-45Mbps to around 110-120Mbps on my then 200Mbps Virgin Media broadband. A month ago I upgraded to the VM 500Mbps package and at first I could only get 180-200Mbps D/L speed. I immediately blamed Virgin but when I solved it it was nothing to do with Virgin but my Linksys router. I run the VM SH3.0 in modem mode into my Linksys EA7500 router. I have one cat7 ethernet cable running from the router to my PC and another running to the Samsung tv in my living room. Other than that I have my wifes laptop, mobile and the Virgin Tivo box running on the Linksys Wi-Fi. In the Linksys settings there is a box in the prioritization options which you need to set with your broadband subscription speed x 1024. In my case when I had the VM 200Mbps package it was set at 204,800. When I remembered this I went into the Linksys settings and changed to 512,000 and hey presto I was getting 380 - 400Mbps straight away. I have also found that the server you choose to connect to at AirVPN and the time of day also has a bearing on your connection speed, which is why I have a preferred list of Air servers which have given me excellent d/l speeds in the past and do an online speedtest each time I connect to ensure I get a good connection. Something else is that I only use AirVPN a couple of hours in the early mornings and an occasional Sat/Sun afternoon, perhaps if you are using AirVPN 24/7 these results will not match I don't know but I am quite happy getting 50-75% of my broadband connection via AirVPN and 100% the rest of the time all things considered.
  13. 2 points
    flat4

    Spooky Halloween 2020 deals

    Another year yay!
  14. 2 points
    NoiselessOwl

    Spooky Halloween 2020 deals

    Thank you! Added two more years to my sub!
  15. 2 points
    MrAndersonX

    Spooky Halloween 2020 deals

    Renewed for three years. Thank you!
  16. 2 points
    Flx

    Spooky Halloween 2020 deals

    Thank you!
  17. 2 points
    Thank you so much guys!
  18. 2 points
    JasonBourne

    Spooky Halloween 2020 deals

    I ❤️ AIRVPN! Added three more years to my subscrition! 🎃 Happy Halloween to all AirVPN staff and its subscribers! You guys and gals rock 😍
  19. 2 points
    Oh wow, this was a long time ago. Virgin Media claim they're not blocking or traffic shaping OpenVPN traffic but it's clear we don't get the throughput we expect. I'm still unclear on what's causing that. To get around it I had to stunnel to airvpn and then run openvpn over that stunnel. Which sounds like a faff, and to some extent it is, but it works just fine. You might suffere a bit with the CPU overhead of running 2 connections on a Raspberry PI but give it a go and see what happens.
  20. 1 point
    Hello! We're very glad to introduce a new software suite for Linux which is ready for public beta testing. The suite includes the well known Hummingbird software, updated to the latest OpenVPN AirVPN library, and introduces for the first time a D-Bus controlled, real daemon, Bluetit, as well as a command line client, Goldcrest, to interact with Bluetit. The client-daemon architecture we introduce for the first time in our software offers a more robust security model and provides system administrators with a fine-grained, very flexible access control. Bluetit is fully integrated with AirVPN. The daemon is accessed through a D-Bus interface by providing specific methods and interface in order to give full support to OpenVPN connection and AirVPN functionality, including - but not limited to - quick automatic connection to the best AirVPN server for any specific location as well as any AirVPN server or country. When we get out of the beta testing, we plan to document Bluetit interface to let anyone write a custom client and talk with the daemon. Furthermore, Goldcrest will evolve in the near future and will include an ncurses based TUI which will be very comfortable when you don't want to rely on command line options while a new Bluetit client, based on Qt, will be developed in the future, for those who prefer a GUI. The suite is currently available for Linux x86-64, i686 (32 bit distributions), arm7l (for example Raspbian and other ARM 32 bit based systems) and aarch64 (ARM 64 bit). Please note that the source code will be published with the stable release as usual. The software will be licensed under GPLv3. AirVPN Suite for Linux AirVPN’s free and open source OpenVPN 3 suite based on AirVPN’s OpenVPN 3 library fork Version 1.0.0 Beta 1 - Release date 18 November 2020 Main features: Bluetit: lightweight D-Bus controlled system daemon providing full connectivity to AirVPN servers and generic OpenVPN servers Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN servers Hummingbird: lightweight and standalone client for generic OpenVPN server connection Linux i686, x86-64, arm7l and arm64 (Raspberry) support Full integration with systemd, SysVStyle-init and chkconfig No heavy framework required, no GUI Tiny RAM footprint Lightning fast Based on OpenVPN 3 library fork by AirVPN version 3.6.6 with tons of critical bug fixes from the main branch, new cipher support and never seen before features ChaCha20-Poly1305 cipher support on both Control and Data Channel providing great performance boost on ARM, Raspberry PI and any Linux based platform not supporting AES-NI. Note: ChaCha20 support for Android had been already implemented in our free and open source Eddie Android edition Robust leaks prevention through Network Lock based either on iptables, nftables or pf through automatic detection Proper handling of DNS push by VPN servers, working with resolv.conf as well as any operational mode of systemd-resolved additional features Full documentation: README.md Download links: Linux x86-64: https://eddie.website/repository/AirVPN-Suite/1.0-beta1/AirVPN-Suite-x86_64-1.0beta1.tar.gz Linux x-86-64 sha512 check file: https://eddie.website/repository/AirVPN-Suite/1.0-beta1/AirVPN-Suite-x86_64-1.0beta1.tar.gz.sha512 Linux i686: https://eddie.website/repository/AirVPN-Suite/1.0-beta1/AirVPN-Suite-i686-1.0beta1.tar.gz Linux i686 sha512 check file: https://eddie.website/repository/AirVPN-Suite/1.0-beta1/AirVPN-Suite-i686-1.0beta1.tar.gz.sha512 Linux arm7l: https://eddie.website/repository/AirVPN-Suite/1.0-beta1/AirVPN-Suite-armv7l-1.0beta1.tar.gz Linux arm7l sha512 check file: https://eddie.website/repository/AirVPN-Suite/1.0-beta1/AirVPN-Suite-armv7l-1.0beta1.tar.gz Linux aarch64: https://eddie.website/repository/AirVPN-Suite/1.0-beta1/AirVPN-Suite-aarch64-1.0beta1.tar.gz Linux aarch64 sha512 check file: https://eddie.website/repository/AirVPN-Suite/1.0-beta1/AirVPN-Suite-aarch64-1.0beta1.tar.gz.sha512 Please report bugs and any problem in this thread, thank you! Kind regards AirVPN Staff
  21. 1 point
    @staff Thanks for the update for your information my system is linux unstable : System: Host: desktop Kernel: 5.9.9-towo.2-siduction-amd64 x86_64 bits: 64 Desktop: Cinnamon 4.6.7 Distro: siduction 18.3.0 Patience - cinnamon - (202010261730) p.s. oops on the example - I have been running goldcrest as a normal user not as root...........😳 regards pjnsmb
  22. 1 point
    For the Arch users among us, I wrote a simple PKGBUILD to allow quick install, future upgrading and removal. Nothing serious, but you may use it. Simple means, it's not on AUR or something; let's wait for the release before uploading it there. PKGBUILD.tar $ tar -x PKGBUILD.tar $ makepkg $ sudo pacman -U *.tar.zst .
  23. 1 point
    Shiver Me Whiskers

    speedtest comparison

    Hello, I'm a bit of a noob when it comes to these things I downloaded Eddie 2.19.5, installed it on Windows 10, connected, and started downloading... It used "wintun", and I think connected via AES-256-GCM . 2020.11.19 16:28:18 - Eddie version: 2.19.5 / windows_x64, System: Windows, Name: Windows 10 Enterprise, Version: Microsoft Windows NT 10.0.19042.0, Mono/.Net: v4.0.30319 . 2020.11.19 16:28:19 - Tun Driver - 0901: 9.24.3; wintun: 0.8 . 2020.11.19 16:28:19 - OpenVPN - Version: 2.5.0 - OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10 (C:\Program Files\AirVPN\openvpn.exe) . 2020.11.19 16:28:19 - SSH - Version: plink 0.73 . 2020.11.19 16:28:19 - Build platform: 64-bit x86 Windows . 2020.11.19 16:28:19 - Compiler: clang 7.0.0 (tags/RELEASE_700/final), emulating Visual Studio 2013 (12.0), _MSC_VER=1800 . 2020.11.19 16:28:19 - Source commit: 745ed3ad3beaf52fc623827e770b3a068b238dd5 (C:\Program Files\AirVPN\plink.exe) . 2020.11.19 16:28:19 - SSL - Version: stunnel 5.56 (C:\Program Files\AirVPN\stunnel.exe) I 2020.11.19 16:28:20 - Ready . 2020.11.19 16:28:20 - Collect information about AirVPN completed I 2020.11.19 16:28:22 - Session starting. I 2020.11.19 16:28:22 - Checking authorization ... ! 2020.11.19 16:28:22 - Connecting to Tarazed (Netherlands, Alblasserdam) . 2020.11.19 16:28:23 - OpenVPN > OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020 . 2020.11.19 16:28:23 - OpenVPN > Windows version 10.0 (Windows 10 or greater) 64bit . 2020.11.19 16:28:23 - OpenVPN > library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10 . 2020.11.19 16:28:23 - OpenVPN > Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key . 2020.11.19 16:28:23 - OpenVPN > Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication . 2020.11.19 16:28:23 - OpenVPN > Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key . 2020.11.19 16:28:23 - OpenVPN > Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication . 2020.11.19 16:28:23 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]213.152.161.135:443 . 2020.11.19 16:28:23 - OpenVPN > Socket Buffers: R=[65536->262144] S=[65536->262144] . 2020.11.19 16:28:23 - OpenVPN > UDP link local: (not bound) . 2020.11.19 16:28:23 - OpenVPN > UDP link remote: [AF_INET]213.152.161.135:443 . 2020.11.19 16:28:23 - OpenVPN > TLS: Initial packet from [AF_INET]213.152.161.135:443, sid=f7f5cc8d 3b14c77f . 2020.11.19 16:28:23 - OpenVPN > VERIFY KU OK . 2020.11.19 16:28:23 - OpenVPN > Validating certificate extended key usage . 2020.11.19 16:28:23 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2020.11.19 16:28:23 - OpenVPN > VERIFY EKU OK . 2020.11.19 16:28:23 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Tarazed, emailAddress=info@airvpn.org . 2020.11.19 16:28:23 - OpenVPN > Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA . 2020.11.19 16:28:23 - OpenVPN > [Tarazed] Peer Connection Initiated with [AF_INET]213.152.161.135:443 ... . 2020.11.19 16:28:23 - OpenVPN > Data Channel: using negotiated cipher 'AES-256-GCM' . 2020.11.19 16:28:23 - OpenVPN > Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key . 2020.11.19 16:28:23 - OpenVPN > Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key ... . 2020.11.19 16:28:23 - OpenVPN > open_tun . 2020.11.19 16:28:23 - OpenVPN > wintun device [WinTUN] opened ... ! 2020.11.19 16:28:31 - Connected. . 2020.11.19 16:28:31 - OpenVPN > Initialization Sequence Completed (removed some unimportant stuff especially at the end to keep the log to keep it short, I have over 10 NIC devices due to use of VMs, makes the log huge) ISP is KPN (Netherlands), fiber, so I am pretty close to your VPN servers, 1 gbit plan ( 1000/500 ) Computer config: AMD Ryzen 7 3700X, DDR4-3733 CL16, 2.5 gbits LAN all the way to the KPN Router (that came with the plan, didn't use any fancy expensive router) I think the AMD CPU has very good AES acceleration, because during those transfer I barely noticed any CPU utilization at all... like 20% on one single core ?
  24. 1 point
    Monotremata

    Eddie Desktop 2.19beta released

    Good to know, they said they were going to make that available when they released v5 but they forgot to tell everyone they posted that bit of info. korsko and wugamuga both had it happen without Little Snitch installed though. That bug might be affecting more than just Network Extensions.
  25. 1 point
    wugamuga

    Eddie Desktop 2.19beta released

    To be helpful to me, and to others, can you clarify what Arch is and what Stunnel is? And how to use it with Eddie, preferably on a Mac.
  26. 1 point
    Staff

    CHACHA20-POLY1305 on all servers

    @mith_y2k Hello! You can simply re-start Hummingbird with the option you mention. Enjoy CHACHA20! Kind regards
  27. 1 point
    debu

    Eddie Desktop 2.19beta released

    I got the same error message as Cambell (who posted above) on a Win10 2004 machine and had to roll back to latest stable version of Eddie. No problems with 2.19.5 on a Win 10 1909 or Win7 32 bit machine.
  28. 1 point
    Polius

    How To Set Up pfSense 2.3 for AirVPN

    Ok guys, the problem is resolved. It's my firewall rule blocking the connection...there's nothing wrong with using TCP or UDP, that's not the problem. They both will work. Also, for people who are stuck: DO NOT FOLLOW THIS GUIDE!! If you follow this guide, you will fail, as it's outdated and a lot of settings are not shown and if do follow it, you won't know where the problem is. Do follow this guide https://nguvu.org/pfsense/pfsense-baseline-setup/ It's updated with the latest settings. For example, in pfsense 2.4.5, we have "TLS Key Usage Mode:" in OpenVPN Client settings and you have to toggle it to "TLS Encryption and Authentication". If you leave it as "TLS Authentication", which is the default, your connection will fail. (If you follow this guide, you will skip it altogether and your connection will fail) Hope this helps someone out there and thanks for whoever authors nguvu.org, it's literally saving lives!
  29. 1 point
    zsam288

    UAE (Dubai) VPN Problems

    I'm in the UAE and using UDP443 with entry IP 4 and no issues with speed throttling or dropped connections can reach 250mbit no other customs settings used
  30. 1 point
  31. 1 point
    @jeuia3e9x74uxu6wk0r2u9kdos Hello! Eddie 2.19.5, supporting OpenVPN 2.5 and wintun, is now available: https://airvpn.org/forums/topic/46329-eddie-desktop-219beta-released/?do=findComment&comment=125941 Kind regards
  32. 1 point
    zsam288

    Eddie Desktop 2.19beta released

    Which OS are you using?. I am using Windows 10 v2004 + October update and AirVPN v2.19.4 and the Wintun driver is working just fine for me. Problem is it doesn't work with newer versions of the 2.5.0 openvpn ; has been clarified by the dev it is only working with some betas
  33. 1 point
    BlueBanana

    How do i get out of ipv6?

    You can disable IPv6 connectivity in the client under "Networking":
  34. 1 point
    akela27

    Spooky Halloween 2020 deals

    Added 3 more years (my third subscription). Thanks for the discount. Akela27
  35. 1 point
    Hiya, Its a Sony KD-48A9 48-inch OLED TV, running Android 9.
  36. 1 point
    It's 3:00 AM here, so I'm going to assume I'm dreaming. Dreaming that someone on the forums wrote there is actually FTTH in a German city. When I wake up, it won't be there. You will see. I… I just… need to go to bed… that's all… you will see. 🤪
  37. 1 point
    simon_ygc

    Spooky Halloween 2020 deals

    Please ignore my Contact message. I now understand the discount pricing having read this post. Thank you, I've renewed for 3 years.
  38. 1 point
    flat4

    Spooky Halloween 2020 deals

    No they get added to what you have
  39. 1 point
    The default route actually has got a reasonably high metric, which is 100. So if you want to route something outside of the tunnel, you specify the metric to be 99 or lower. See? Here OpenVPN adds a route to the OpenVPN server, and the metric is 1 because we want this to be used under all circumstances. So add your routes with a metric between 2 and 99.
  40. 1 point
    BlueBanana

    Spooky Halloween 2020 deals

    Thanks for this!
  41. 1 point
    Flx

    ANSWERED Unable to Connect

    Disable IPv6 and try connecting IPv4. Other than this disable/uninstall the TAP-adapter and let Eddie install a new one.
  42. 1 point
    Maggie144

    NetworkLock on macOS 11

    thanks for reply. Seems in VM pf still blocks without issue $ echo "block all" > /etc/pf.conf $ pfctl -e $ ping http://apple.com thank goodness.
  43. 1 point
    Staff

    Server IP address change: Pisces

    Hello! We inform you that in the next days server Pisces will change IP addresses. We are upgrading server hardware and in this case IP address change is necessary. Server name, datacenter provider and transit provider will not change. If you run Eddie, the change will be automatically acknowledged. If you use some OpenVPN profile pointing specifically to Pisces, you will need to re-generate it when the switch occurs. Kind regards & datalove AirVPN Staff
  44. 1 point
    whiskey_76

    Won't Connect at checking Ipv6

    Toggle layer IPV6 to blocked. On the second menu just switch it to IPV6 blocked and it should connect?
  45. 1 point
    jeuia3e9x74uxu6wk0r2u9kdos

    Wireguard

    https://restoreprivacy.com/wireguard/ AirVPN has also chimed in over WireGuard’s implications for anonymity, as explained in their forum: Wireguard, in its current state, not only is dangerous because it lacks basic features and is an experimental software, but it also weakens dangerously the anonymity layer. Our service aims to provide some anonymity layer, therefore we can’t take into consideration something that weakens it so deeply. We will gladly take Wireguard into consideration when it reaches a stable release AND offers at least the most basic options which OpenVPN has been able to offer since 15 years ago. The infrastructure can be adapted, our mission can’t. In their forums, AirVPN further explained why WireGuard simply does not meet their requirements: Wireguard lacks dynamic IP address management. The client needs to be assigned in advance a pre-defined VPN IP address uniquely linked to its key on each VPN server. The impact on the anonymity layer is catastrophic; Wireguard client does not verify the server identity (a feature so essential that it will be surely implemented when Wireguard will be no more an experimental sofware); the impact on security caused by this flaw is very high; TCP support is missing (third party or anyway additional code is required to use TCP as the tunneling protocol, as you suggest, and that’s a horrible regression when compared to OpenVPN); there is no support to connect Wireguard to a VPN server over some proxy with a variety of authentication methods. Despite these concerns, many VPN services are already rolling out full WireGuard support. Other VPNs are watching the project and are interested in implementing WireGuard after it has been thoroughly audited and improved. In the meantime, however, as AirVPN stated in their forum: “We will not use our customers as testers.”
  46. 1 point
    Staff

    China problem

    Hello! The connection mode with the highest success rate (virtually 100%) according to our reports from China is toward port 443 (destination port not blocked by ISPs in China) of entry-IP address 3 (to have tsl-crypt and therefore full encryption of the Control Channel) in TCP (to bypass UDP blocks). DNS leaks are of course not a problem at all with our software. Kind regards
  47. 1 point
    I have the same issue. Sequence of events/tests: - Decided to finally use "Network Lock" - Result was endless loop of "Checking IPV6 Routing" -> "Disconnecting" -> "Connecting" - Read Forum suggestion to Block IPV6 altogether. - That worked, but then utorrent just sat there doing nothing - Disconnected and disabled Network Lock and then reconnected and utorrent worked fine - Allow lan/private has always been checked. - Restored IPV6 settings to normal (default) and still works fine IF "Network Lock" is not engaged. - Eddie Version 2.16.3 on Windows Vista. Otherwise, everything works great. Using UDP on port 443 on entry-IP 3 (tls-script) avoids the ISP throttling I consistently see on many other protocol/port combinations, I just had a torrent download peak at 80% of the maximum unprotected speed, using those settings - with another PC on the same LAN on AirVPN showing a stream as well. So, great performance if you get every set just right. UPDATE: This morning I had the same endless loop of "Checking IPV6 Routing" -> "Disconnecting" -> "Connecting" with Network Lock OFF. So, I again changed to IPV4 only in Network Settings and everything is fine again. I understand the eventual need for IPV6 for the address space, and that businesses are changing first - but is there currently any compelling need for home users to have support for IPV6? ==> In my home LAN, I have my devices set to use static IPV4 addresses (which is needed for two minor applications that I use in my home network). I'm wondering if this is preventing IPV6 from working correctly? 2nd UPDATE: I discovered that on my PC that solely runs utorrent, if the AirVPN server disconnectes and reconnects, then in-between, individual utorrent connections will then all connect to the unprotected Internet connection, and when AirVPN reconnects, it doesn't affect the utorrent connections, which are now connected to the unprotected Internet connection. So, Network Lock is a must for torrent program use. So, I closed utorrent, and set Eddie to IPV4 Only, and turned Network Lock back on, and this time, everything worked fine. I wonder if the problem is on the server end? An intermittent problem? Something just fixed? Also, as a newbie, I cannot post more today, so I also wanted to mention that Anonymity Check now says "VPN fingerprint MTU 1397". Is this a result of tls-script ? (wild guess)
  48. 1 point
    Haha coincidentally I did the same thing and got into it maybe more than I should have, time investment wise... Thank you for sharing though! dmenu is a cool idea, the server list part was quite a mess to get together for me. I'm no programmer, just learning this while doing, so this is probably far from elegant and "good practice", also planning to improve it, but here is what I got so far, it works: It's a script that can be run to interface with the client in the background, it doesn't have to be open and eddie will be run invisibly. You can also get a server list (although not interactive yet), show some info about the current session and put a permanent default iptables network lock in place, applied through firewalld (because I'm on Fedora). The server list and user info (and also this website) is also available with the lock turned on. The script requires only curl, awk and eddie itself (and firewalld for the lock, but that can be adjusted to iptables directly), I tried to stay with system tools. #!/bin/bash API_KEY="<your key>" FORMAT="text" URL="https://airvpn.org/api/" COLS=$( tput cols ) ROWS=$( tput lines ) HEADING1_1="This is a wrapping script for" HEADING1_2="Eddie, the AirVPN client." HEADING2_1="This script can be exited" HEADING2_2="and re-entered without" HEADING2_3="affecting a running connection." # change default prompt for select command PS3="Choose one of the options by selecting the corresponding number: " # provide options as array OPTIONS[0]="Connect to Recommended Server" OPTIONS[1]="Connect to Specific Server" OPTIONS[2]="Show List of Servers" OPTIONS[3]="Refresh User Info" OPTIONS[4]="Disconnect" OPTIONS[5]="Toggle Default Network Lock" OPTIONS[6]="Quit" function get_list { SERVICE_NAME="status" ARGS="{ \"format\":\"$FORMAT\", \"service\":\"$SERVICE_NAME\" }" # pipe server status list to awk, filter out unnecessary stuff, # combine lines that relate to same server (and country, continent, and planet) into single lines which are saved as array, # loop through arrays to format info, # sort each array and print as section, # align columns with column, # pipe to less for better readability timeout --signal=SIGINT 10 curl -d "$ARGS" -X POST "$URL" | \ awk -F '[.]' \ 'BEGIN{OFS=";"; print "Server List"} \ !/^routing/ && !/ip_/ && !/country_code/ {c=$1 OFS $2; \ if ($1 ~ /servers/ && c in servers) servers[c]=servers[c] OFS $3; \ else if ($1 ~ /servers/) servers[c]=$3; \ else if ($1 ~ /countries/ && c in countries) countries[c]=countries[c] OFS $3; \ else if ($1 ~ /countries/) countries[c]=$3; \ else if ($1 ~ /continents/ && c in continents) continents[c]=continents[c] OFS $3; \ else if ($1 ~ /continents/) continents[c]=$3; \ else if ($1 ~ /planets/ && c in planets) planets[c]=planets[c] OFS $3; \ else if ($1 ~ /planets/) planets[c]=$3; \ for (k in servers) gsub(/;bw_max=/, "/", servers[k]); \ for (k in servers) gsub(/;.*=/, ":", servers[k]); \ for (k in servers) gsub(/^.*=/, "", servers[k]); \ for (k in countries) gsub(/;bw_max=/, "/", countries[k]); \ for (k in countries) gsub(/;.*=/, ":", countries[k]); \ for (k in countries) gsub(/^.*=/, "", countries[k]); \ for (k in continents) gsub(/;bw_max=/, "/", continents[k]); \ for (k in continents) gsub(/;.*=/, ":", continents[k]); \ for (k in continents) gsub(/^.*=/, "", continents[k]); \ for (k in planets) gsub(/;bw_max=/, "/", planets[k]); \ for (k in planets) gsub(/;.*=/, ":", planets[k]); \ for (k in planets) gsub(/^.*=/, "", planets[k])} \ END{ \ print "\n:\nServers\n:\nName:Country:Location:Continent:Bandwidth:Users:Current Load:Health"; \ n=asorti(servers, servers_sorted, "@val_num_asc"); \ for (i=1; i<=n; i++) print servers[servers_sorted[i]]; \ print "\n:\nCountries\n:\nCountry:Best Server:Bandwidth:Users:Servers:Current Load:Health"; \ n=asorti(countries, countries_sorted, "@val_num_asc"); \ for (i=1; i<=n; i++) print countries[countries_sorted[i]]; \ print "\n:\nContinents\n:\nContinent:Best Server:Bandwidth:Users:Servers:Current Load:Health"; \ n=asorti(continents, continents_sorted, "@val_num_asc"); \ for (i=1; i<=n; i++) print continents[continents_sorted[i]]; \ print "\n:\nAll\n:\nPlanet:Best Server:Bandwidth:Users:Servers:Current Load:Health"; \ n=asorti(planets, planets_sorted, "@val_num_asc"); \ for (i=1; i<=n; i++) print planets[planets_sorted[i]]}' | column -t -s ':' | less } function get_userinfo { tput cup 25 0 SERVICE_NAME="userinfo" ARGS="{ \"format\":\"$FORMAT\", \"service\":\"$SERVICE_NAME\", \"key\":\"$API_KEY\" }" # filter specific lines, save values (after "=") to variables after protecting whitespace read U_LOGIN U_EXP U_CONNECTED U_SERVER_NAME U_SERVER_COUNTRY U_SERVER_LOCATION U_SERVER_BW <<< $( \ timeout --signal=SIGINT 10 curl -d "$ARGS" -X POST "$URL" | \ awk -F '[=]' \ 'BEGIN{ORS=";"} \ /^user.login|^user.expiration_days|^user.connected|^connection.server_name|^connection.server_country=|^connection.server_location|^connection.server_bw/ \ {print $2}' | \ sed 's/\ /\\\ /g' | sed 's/;/\ /g' \ ) if [ "$U_CONNECTED" = "1" ] then U_CONNECTED="connected" U_SERVER_FULL="$U_SERVER_NAME ($U_SERVER_LOCATION, $U_SERVER_COUNTRY)" else U_CONNECTED="not connected" U_SERVER_FULL="--" U_SERVER_BW="--" fi } function disconnect_server { # check for running instance of eddie pgrep -f mono.*eddie-ui &> /dev/zero if [ $? = 0 ] then U_CONNECTED="disconnecting..." print_heading # kill process and wait for confirmation from process output sudo pkill -f mono.*eddie-ui if [ -p "/tmp/.eddie_fifo" ] then timeout --signal=SIGINT 60 grep -q -m 1 "Shutdown complete" "/tmp/.eddie_fifo" else # in case connection was started without this script sleep 5 fi if [ $? = 0 ] then # give some time to completely close process, without sleep it's too early for new connection sleep 3 pgrep -f mono.*eddie-ui &> /dev/zero if [ $? = 1 ] then KILLED="true" else KILLED="false" fi else KILLED="false" fi else KILLED="true" fi } function activate_lock { echo "Activating iptable rules:" #allow loopback sudo firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 -i lo -j ACCEPT sudo firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 0 -o lo -j ACCEPT #allow lan (out) and broadcasting/dhcp sudo firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 0 -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT sudo firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 -s 255.255.255.255 -j ACCEPT sudo firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 0 -d 255.255.255.255 -j ACCEPT # allow tun device to communicate (so any VPN connection should be possible, also without Air) sudo firewall-cmd --direct --permanent --add-rule ipv4 filter FORWARD 0 -o tun+ -j ACCEPT sudo firewall-cmd --direct --permanent --add-rule ipv4 filter FORWARD 0 -i tun+ -j ACCEPT sudo firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 998 -o tun+ -j ACCEPT # optional masquerade rule (NAT/ports) #sudo firewall-cmd --direct --permanent --add-rule ipv4 nat POSTROUTING 0 -o tun+ -j MASQUERADE # allow ipv4 only to airvpn.org for status update # allow DNS query to resolve hostname (hex string reads "06 airvpn 03 org" - numbers are counting bits), # restrict packet length to length of this specific request package (might change?) to avoid hijacking # of query (very unlikely I guess, but who cares if we're already being paranoid for the fun of it), # whitelist destination IP for TCP handshake sudo firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 1 -p udp --dport 53 -m string --hex-string '|06 61697276706e 03 6f7267|' --algo bm -m length --length 0:126 -m recent --set -j ACCEPT sudo firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 1 -p tcp --dport 53 -m string --hex-string '|06 61697276706e 03 6f7267|' --algo bm -m length --length 0:126 -m recent --set -j ACCEPT # allow SYN request to whitelisted IP to initiate handshake, remove IP from whitelist sudo firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 1 -p tcp --syn --dport 53 -m recent --remove -j ACCEPT # allow outgoing connection to Air's IP sudo firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 1 -d 5.196.64.52 -j ACCEPT # allow communication sudo firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT # drop outgoing ipv4 (if not specifically allowed by other rules) sudo firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 999 -j DROP # block incoming ipv4 sudo firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 999 -j DROP # drop all ipv6 sudo firewall-cmd --direct --permanent --add-rule ipv6 filter OUTPUT 0 -j DROP sudo firewall-cmd --direct --permanent --add-rule ipv6 filter INPUT 0 -j DROP # reload and restart firewalld to activate permanent rule changes sudo firewall-cmd --reload sudo systemctl restart firewalld # check for success (not really though, needs improvement) LOCK_RULES=$( sudo firewall-cmd --direct --permanent --get-all-rules | wc -l ) if [ "$LOCK_RULES" -gt 15 ] then LOCK_ACTIVE="active" else LOCK_ACTIVE="inactive" fi print_heading } function deactivate_lock { echo "Deactivating iptable rules:" sudo firewall-cmd --direct --permanent --remove-rule ipv4 filter INPUT 0 -i lo -j ACCEPT sudo firewall-cmd --direct --permanent --remove-rule ipv4 filter OUTPUT 0 -o lo -j ACCEPT sudo firewall-cmd --direct --permanent --remove-rule ipv4 filter OUTPUT 0 -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT sudo firewall-cmd --direct --permanent --remove-rule ipv4 filter INPUT 0 -s 255.255.255.255 -j ACCEPT sudo firewall-cmd --direct --permanent --remove-rule ipv4 filter OUTPUT 0 -d 255.255.255.255 -j ACCEPT sudo firewall-cmd --direct --permanent --remove-rule ipv4 filter FORWARD 0 -o tun+ -j ACCEPT sudo firewall-cmd --direct --permanent --remove-rule ipv4 filter FORWARD 0 -i tun+ -j ACCEPT sudo firewall-cmd --direct --permanent --remove-rule ipv4 filter OUTPUT 998 -o tun+ -j ACCEPT #sudo firewall-cmd --direct --permanent --remove-rule ipv4 nat POSTROUTING 0 -o tun+ -j MASQUERADE sudo firewall-cmd --direct --permanent --remove-rule ipv4 filter OUTPUT 1 -p udp --dport 53 -m string --hex-string '|06 61697276706e 03 6f7267|' --algo bm -m length --length 0:126 -m recent --set -j ACCEPT sudo firewall-cmd --direct --permanent --remove-rule ipv4 filter OUTPUT 1 -p tcp --dport 53 -m string --hex-string '|06 61697276706e 03 6f7267|' --algo bm -m length --length 0:126 -m recent --set -j ACCEPT sudo firewall-cmd --direct --permanent --remove-rule ipv4 filter OUTPUT 1 -p tcp --syn --dport 53 -m recent --remove -j ACCEPT sudo firewall-cmd --direct --permanent --remove-rule ipv4 filter OUTPUT 1 -d 5.196.64.52 -j ACCEPT sudo firewall-cmd --direct --permanent --remove-rule ipv4 filter INPUT 1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo firewall-cmd --direct --permanent --remove-rule ipv4 filter OUTPUT 999 -j DROP sudo firewall-cmd --direct --permanent --remove-rule ipv4 filter INPUT 999 -j DROP sudo firewall-cmd --direct --permanent --remove-rule ipv6 filter OUTPUT 0 -j DROP sudo firewall-cmd --direct --permanent --remove-rule ipv6 filter INPUT 0 -j DROP sudo firewall-cmd --reload sudo systemctl restart firewalld LOCK_RULES=$( sudo firewall-cmd --direct --permanent --get-all-rules | wc -l ) if [ "$LOCK_RULES" -gt 15 ] then LOCK_ACTIVE="active" else LOCK_ACTIVE="inactive" fi print_heading } function print_heading { tput cup 0 0 printf %"$COLS"s | tr " " "#" echo -n "#"; printf %"$(( $COLS - 2 ))"s | tr " " " "; echo "#" echo -n "#"; printf %"$(( ($COLS - 2 - ${#HEADING1_1}) / 2 ))"s | tr " " " "; echo -n "$HEADING1_1"; printf %"$(( $COLS - 2 - ${#HEADING1_1} - ($COLS - 2 - ${#HEADING1_1}) / 2 ))"s | tr " " " "; echo "#" echo -n "#"; printf %"$(( ($COLS - 2 - ${#HEADING1_2}) / 2 ))"s | tr " " " "; echo -n "$HEADING1_2"; printf %"$(( $COLS - 2 - ${#HEADING1_2} - ($COLS - 2 - ${#HEADING1_2}) / 2 ))"s | tr " " " "; echo "#" echo -n "#"; printf %"$(( $COLS - 2 ))"s | tr " " " "; echo "#" echo -n "#"; printf %"$(( ($COLS - 2 - ${#HEADING2_1}) / 2 ))"s | tr " " " "; echo -n "$HEADING2_1"; printf %"$(( $COLS - 2 - ${#HEADING2_1} - ($COLS - 2 - ${#HEADING2_1}) / 2 ))"s | tr " " " "; echo "#" echo -n "#"; printf %"$(( ($COLS - 2 - ${#HEADING2_2}) / 2 ))"s | tr " " " "; echo -n "$HEADING2_2"; printf %"$(( $COLS - 2 - ${#HEADING2_2} - ($COLS - 2 - ${#HEADING2_2}) / 2 ))"s | tr " " " "; echo "#" echo -n "#"; printf %"$(( ($COLS - 2 - ${#HEADING2_3}) / 2 ))"s | tr " " " "; echo -n "$HEADING2_3"; printf %"$(( $COLS - 2 - ${#HEADING2_3} - ($COLS - 2 - ${#HEADING2_3}) / 2 ))"s | tr " " " "; echo "#" echo -n "#"; printf %"$(( $COLS - 2 ))"s | tr " " " "; echo "#" echo -n "# User: $U_LOGIN"; printf %"$(( $COLS - 9 - ${#U_LOGIN} ))"s | tr " " " "; echo "#" echo -n "# Days Until Expiration: $U_EXP"; printf %"$(( $COLS - 26 - ${#U_EXP} ))"s | tr " " " "; echo "#" echo -n "# Default Network Lock: $LOCK_ACTIVE"; printf %"$(( $COLS - 25 - ${#LOCK_ACTIVE} ))"s | tr " " " "; echo "#" echo -n "#"; printf %"$(( $COLS - 2 ))"s | tr " " " "; echo "#" echo -n "# Status: $U_CONNECTED"; printf %"$(( $COLS - 11 - ${#U_CONNECTED} ))"s | tr " " " "; echo "#" echo -n "# Server: $U_SERVER_FULL"; printf %"$(( $COLS - 11 - ${#U_SERVER_FULL} ))"s | tr " " " "; echo "#" echo -n "# Server Bandwidth: $U_SERVER_BW"; printf %"$(( $COLS - 21 - ${#U_SERVER_BW} ))"s | tr " " " "; echo "#" echo -n "#"; printf %"$(( $COLS - 2 ))"s | tr " " " "; echo "#" printf %"$COLS"s | tr " " "#" } # move to secondary screen tput smcup tput cup 0 0 # gain sudo privileges for commands that need it (better than running everything with sudo) sudo -v -p "The AirVPN client and network traffic changes requires root privileges to run. Please enter your password:" # keep sudo permission until script exits (or until computer goes to sleep - not ideal) while true; do sudo -n true; sleep 60; kill -0 "$$" || exit; done 2>/dev/null & get_userinfo LOCK_RULES=$( sudo firewall-cmd --direct --permanent --get-all-rules | wc -l ) if [ "$LOCK_RULES" -gt 15 ] then LOCK_ACTIVE="active" else LOCK_ACTIVE="inactive" fi print_heading while true; do # clear screen below heading tput cup 18 0 tput ed tput cup 19 0 select OPTION in "${OPTIONS[@]}" do case $OPTION in "${OPTIONS[0]}") disconnect_server if [ "$KILLED" = "true" ] then U_CONNECTED="connecting..." U_SERVER_FULL="--" U_SERVER_BW="--" print_heading # create pipe to process status of client if [ ! -p "/tmp/.eddie_fifo" ] then mkfifo "/tmp/.eddie_fifo" fi # run eddie in background and detached from current window, pipe output to named pipe (sudo eddie-ui --cli --netlock --connect --profile="$HOME/.airvpn/default.xml" &> "/tmp/.eddie_fifo" &) timeout --signal=SIGINT 60 grep -q -m 1 "Initialization Sequence Completed" "/tmp/.eddie_fifo" if [ $? = 0 ] then get_userinfo print_heading else U_CONNECTED="error during connection attempt" U_SERVER_FULL="--" U_SERVER_BW="--" print_heading fi else U_CONNECTED="error during disconnection" U_SERVER_FULL="--" U_SERVER_BW="--" print_heading fi break ;; "${OPTIONS[1]}") read -p 'Please type the exact server name (type "back" to go back): ' SERVER if [ "$SERVER" = "back" ] then break else disconnect_server if [ "$KILLED" = "true" ] then U_CONNECTED="connecting..." U_SERVER_FULL="--" U_SERVER_BW="--" print_heading if [ ! -p "/tmp/.eddie_fifo" ] then mkfifo "/tmp/.eddie_fifo" fi (sudo eddie-ui --cli --netlock --connect --server="$SERVER" --profile="$HOME/.airvpn/default.xml" &> "/tmp/.eddie_fifo" &) timeout --signal=SIGINT 60 grep -q -m 1 "Initialization Sequence Completed" "/tmp/.eddie_fifo" if [ $? = 0 ] then get_userinfo print_heading else U_CONNECTED="error during connection attempt" U_SERVER_FULL="--" U_SERVER_BW="--" print_heading fi else U_CONNECTED="error during disconnection" U_SERVER_FULL="--" U_SERVER_BW="--" print_heading fi break fi ;; "${OPTIONS[2]}") # return to primary screen since server list gets piped to less which # seems to interfere with tput, then move to secondary screen again tput rmcup get_list tput smcup print_heading break ;; "${OPTIONS[3]}") get_userinfo print_heading break ;; "${OPTIONS[4]}") disconnect_server if [ "$KILLED" = "false" ] then U_CONNECTED="error during disconnection" U_SERVER_FULL="--" U_SERVER_BW="--" print_heading else get_userinfo print_heading fi rm "/tmp/.eddie_fifo" break ;; "${OPTIONS[5]}") pgrep -f mono.*eddie-ui &> /dev/zero if [ $? = 0 ] then echo "You need to be disconnected to change network traffic rules." sleep 2 break fi if [ "$LOCK_ACTIVE" = "inactive" ] then read -p "Are you sure you want to activate the default network lock and block all connections while not connected to (any) VPN? [y/n]: " ANSWER if [ "$ANSWER" = "y" ] then activate_lock else break fi else read -p "Are you sure you want to deactivate the default network lock and allow all connections, even when not connected to a VPN? [y/n]: " ANSWER if [ "$ANSWER" = "y" ] then deactivate_lock else break fi fi break ;; "${OPTIONS[6]}") break 2 ;; esac done done #return to primary (original) screen tput rmcup I will hopefully update this in the future!
  49. 1 point
    Skicoach

    Won't Connect at checking Ipv6

    ... also had to block Ipv6 Never had a problem until installing eddie yesterday.
  50. 1 point
    Staff

    Status of Eddie on Linux distributions

    Last update: 16 May 2018 - Related to version: Eddie 2.14.4 Any Linux distribution has at least:a different graphics server (X11, Wayland)a different desktop environment (GNOME, KDE, LXTE etc.)a package manager with a specific format (deb, rpm, tar.xf etc.)a different packaging signature for trust and securitya different method to obtain administrative privileges, required by advanced features of Eddie (also because OpenVPN requires them)a different set of packages used by our client, that sometimes have different names (for example 'stunnel4' under Debian, 'stunnel' for Fedora)maybe a different DNS management.We are working at our best to support every kind of configuration managed by our source code directly, when possible. Tested without known issuesDebian (tested 7/8/9)Ubuntu (18.04 GNOME tested)Ubuntu Mate (18.04 tested)Devuan (tested Ascii)MintArch (XFCE tested)Fedora (28 tested) With minimal issuesopenSUSE (Tumbleweed KDE tested) openSUSE (Tumbleweed GNOME tested) Works, with no tray icon.Elementary Works, but tray icon, web and folder links don't work. Fatal issues None known. Tech notesSometimes Tray icon works, but it is not shown because the desktop environment hides it. For example, latest GNOME may require a separate shell extension (generally TopIcons).Currently Eddie 2.x under Linux requires root privileges (like GParted or Synaptic Manager). Elevation is generally obtained with a polkit policy file (pkexec) if installed, otherwise fallback methods are used when available (gksu, kdesu, beesu etc.). When the UI runs as root, there are four -optional- actions that are performed as normal user: tray icon, notifications, open web links and open file folders. If it is not possible to act as a normal user, such actions are not performed at all. A totally separated UI (as a normal user) vs. root-actions (as root user, service or separate process) is currently under development. Needed improvementsMinimal lintian warnings on .deb editionGeneral info details on .deb edition (for example, reporting Proprietary as License, not true.)General info details on .rpm edition (for example, reporting Proprietary as License, not true.)Create official package for AUR and other distributions.Create packages also for CLI-only edition.Create packages based on direct source compilation.Procedures to include Eddie in official/standard repository
×
×
  • Create New...