Leaderboard

Hello! The problem has been finally isolated. From the provider customer service, just a few hours ago: "We have located the issue with the cabling, and have asked to [...] swap cables and ports around. This will correct the issue. [...] We expect this work to be completed within 24hrs". Kind regards

Thanks for this update. The speed and connectivity is good.

Hello! We're very glad to inform you that AirVPN Suite version 2.0.0 alpha 1 is now available. UPDATE 2023-11-24: version 2.0.0 alpha 2 is now available. UPDATE 2024-05-14: version 2.0.0 beta 1 is now available. UPDATE 2024-12-16: version 2.0.0 beta 2 is now available. UPDATE 2025-02-13: version 2.0.0 beta 3 is now available. UPDATE 2025-02-14: version 2.0.0 beta 4 is now available. UPDATE 2025-04-04: version 2.0.0 beta 5 is now available. UPDATE 2025-04-16: version 2.0.0 Release Candidate 1 is now available UPDATE 2025-06-10: version 2.0.0 Release Candidate 2 is now available PLEASE NOTE THAT FROM NOW ON COMPATIBILITY WITH DEBIAN 10 AND ITS DERIVATIVES IS LOST, MAINLY BECAUSE THE SUITE IS NOW C++20 COMPLIANT. x86_64 LEGACY VERSION IS SUITABLE FOR DEBIAN 11 AirVPN Suite 2.0.0 introduces AirVPN's exclusive per app traffic splitting system, bug fixes, revised code in order to pave the way towards the final and stable release, WireGuard support, and the latest OpenVPN3-AirVPN 3.12 library. Please see the respective changelogs for a complete list of changes for each component of the suite. The 2.0.0 Release Candidate 1 Suite includes: Bluetit: lightweight, ultra-fast D-Bus controlled system daemon providing full connectivity and integration to AirVPN servers, or generic OpenVPN and WireGuard servers. Bluetit can also enforce Network Lock and/or connect the system to AirVPN during the bootstrap Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN and WireGuard servers Hummingbird: lightweight and standalone binary for generic OpenVPN and WireGuard server connections Cuckoo: traffic split manager, granting full access and functionality to AirVPN's traffic split infrastructure airsu: a "run and forget" tool to automatically set and enable the user environment for the X.Org or Wayland based ecosystem without any user input WireGuard support WireGuard support is now available in Bluetit and Hummingbird. OpenVPN or WireGuard selection is controlled by Bluetit run control file option airvpntype or by Goldcrest option -f (short for --air-vpn-type). Possible values: openvpn, wireguard. New 2.0.0 default: wireguard. Bluetit run control file (/etc/airvpn/bluetit.rc) option: airvpntype: (string) VPN type to be used for AirVPN connections. Possible values: wireguard, openvpn. Default: wireguard Goldcrest option: --air-vpn-type, -f : VPN type for AirVPN connection <wireguard|openvpn> Suspend and resume services for systemd based systems For your comfort, the installation script can create suspend and resume services in systemd based systems, according to your preferences. allowing a more proper management of VPN connections when the system is suspended and resumed. The network connection detection code has also been rewritten to provide more appropriate behavior. Asynchronous mode A new asynchronous mode (off by default) is supported by Bluetit and Goldcrest, allowing asynchronous connections. Network Lock can be used accordingly in asynchronous connections. Please consult the readme.md file included in every tarball for more information and details. Word completion on bash and zsh Auto completion is now available by pressing the TAB key when entering any Goldcrest or Hummingbird option and filename on a bash or zsh interpreter. Auto completion files are installed automatically by the installation script. AirVPN's VPN traffic splitting AirVPN Suite version 2.0.0 introduces traffic splitting by using a dedicated network namespace. The VPN traffic is carried out in the default (main) namespace, ensuring all system data and traffic to be encrypted into the VPN tunnel by default. No clear and unencrypted data are allowed to pass through the default namespace. Any non-tunneled network traffic must be explicitly requested by an authorized user with the right to run cuckoo, the AirVPN traffic split manager tool. AirVPN's traffic splitting is managed by Bluetit and configured through run control directives. The system has been created in order to minimize any tedious or extensive configuration, even to the minimal point of telling Bluetit to enable traffic splitting with no other setting. In order to enable and control AirVPN's traffic splitting, the below new run control directives for /etc/airvpn/bluetit.rc have been implemented: allowtrafficsplitting: (on/off) enable or disable traffic splitting. Default: off trafficsplitnamespace: (string) name of Linux network namespace dedicated to traffic splitting. Default: aircuckoo trafficsplitinterface: (string) name of the physical network interface to be used for traffic splitting. All the unencrypted and out of the tunnel data will pass through the specified network device/interface. In case this directive is not used and unspecified, Bluetit will automatically use the main network interface of the system and connected to the default gateway. Default: unspecified trafficsplitnamespaceinterface: (string) name of the virtual network interface to be associated to the Linux network namespace dedicated to traffic splitting. Default: ckveth0 trafficsplitipv4: (IPv4 address|auto) IPv4 address of the virtual network interface used for traffic splitting. In case it is set to 'auto', Bluetit will try to automatically assign an unused IPv4 address belonging to the system's host sub-network (/24) Default: auto trafficsplitipv6: (IPv6 address|auto) IPv6 address of the virtual network interface used for traffic splitting. In case it is set to 'auto', Bluetit will try to automatically assign an unused IPv6 address belonging to the system's host sub-network (/64) Default: auto trafficsplitfirewall: (on/off) enable or disable the firewall in Linux network namespace dedicated to traffic splitting. The firewall is set up with a minimal rule set for a very basic security model. Default: off AirVPN's traffic splitting is designed in order to minimize any further configuration from the system administrator. To actually enable traffic splitting, it is just needed to set "allowtrafficsplitting" directive to "on" and Bluetit will configure the traffic split namespace with the default options as explained above. When needed, the system administrator can finely tune the traffic splitting service by using the above directives. Power and limitations The adopted solution offers a remarkable security bonus in terms of isolation. For example, it gets rid of the dangerous DNS "leaks in" typical of cgroups based traffic splitting solutions. However, the dedicated namespace needs an exclusive IP address. If the system is behind a NAT (connected to a home router for example) this is not a problem, but if the system is not behind any NAT, i.e. it is assigned directly a public IP address, you will need another public IP address for the network namespace dedicated to traffic splitting. You will need to manually set the other public IP address on the trafficsplitipv4 or trafficsplitipv6 directive as the guessing abilities of Bluetit may work only within a private subnet. Please keep this limitation in mind especially if you want to run the Suite with per app traffic splitting on a dedicated or virtual server in some datacenter, as they are most of the times NOT behind any NAT. Introducing Cuckoo, the AirVPN traffic splitting manager tool To generate out of the tunnel traffic, any application software must be run inside the "traffic split" namespace by using the dedicated traffic split tool cuckoo which can be run by users belonging to the airvpn group only. It cannot be used by the superuser. The usage is documented in the manual and on the inline help. The traffic split namespace uses its own routing, network channels and system DNS. It will not interfere or communicate in any way with the default namespace using its own encrypted tunnel. Programs started with cuckoo are regular Linux processes and, as such, can be managed (stopped, interrupted, paused, terminated and killed) by using the usual process control tools. The programs started by cuckoo are assigned to the user who started cuckoo. As a final note, in order to work properly, the following permissions must be granted to cuckoo and they are always checked at each run. Owner: root Group: airvpn Permissions: -rwsr-xr-x (owner can read, write, execute and setuid; group can read and execute, others can read and execute) Special note for snap packages users Snap is a controversial, locking-in package management system developed by Canonical and praised by Microsoft. It packages applications as snaps, which are self-contained units that include all necessary dependencies and run in a sandboxed environment in its default namespace. Therefore, "snap" applications will bypass the order by the system via Cuckoo to have an application running in one specific namespace created for reverse traffic splitting. As a result, snap applications will jettison the Suite's reverse traffic splitting feature. Currently, you must avoid snap packages of those applications whose traffic must flow outside the VPN tunnel. The issue is particularly relevant ever since Ubuntu migrated certain packages exclusively to Snap, such as Chromium and Firefox. At the moment it is still possible to eradicate snap from various distributions, including Ubuntu, quickly. Special note for firewalld users Please read here, it's very important: https://airvpn.org/forums/topic/70164-linux-network-lock-and-firewalld/ AirVPN Switch User Tool Airsu Running an application in a graphical environment requires a user having a local environment properly set, in particular variables and access to specific sockets or cookies. They are usually set at the moment of graphical login, while they may not be properly set in case a user logged in by using the system tool su. In this specific case the user will not probably be allowed to access the graphical environment, so any GUI application will not start. AirVPN’s airsu is used for this specific purpose and configures the user environment to the current X.Org (X11) or Wayland based manager, thus allowing access to GUI applications when run through cuckoo. Note on GUI software and Web Browsers The previous limitations on browsers have been completely resolved. Furthermore, complete compatibility with Wayland based environment has been implemented. Because of the specific Linux architecture and namespaces, some applications may need to specify the graphical environment in order to start and use the currently selected window manager on an X.Org (X11) or Wayland based habitat. Cuckoo can automatically do this by “injecting” predefined options to some preset applications, in particular those based on the chromium engines, most of them being web browsers. To see the list of predefined applications, please start cuckoo with --list-preset-apps option. When running an application with cuckoo, the user should make sure to actually start a new instance. This is usually granted by starting an application from the command line (such as running it with cuckoo). By starting an application from the desktop environment this may not happen. Download AirVPN Suite 2.0.0 Release Candidate 2 ARM 64 bit: https://eddie.website/repository/AirVPN-Suite/2.0-RC2/AirVPN-Suite-aarch64-2.0.0-RC-2.tar.gz https://eddie.website/repository/AirVPN-Suite/2.0-RC2/AirVPN-Suite-aarch64-2.0.0-RC-2.tar.gz.sha512 ARM 64 bit legacy: https://eddie.website/repository/AirVPN-Suite/2.0-RC2/AirVPN-Suite-aarch64-legacy-2.0.0-RC-2.tar.gz https://eddie.website/repository/AirVPN-Suite/2.0-RC2/AirVPN-Suite-aarch64-legacy-2.0.0-RC-2.tar.gz.sha512 ARM 32 bit: https://eddie.website/repository/AirVPN-Suite/2.0-RC2/AirVPN-Suite-armv7l-2.0.0-RC-2.tar.gz https://eddie.website/repository/AirVPN-Suite/2.0-RC2/AirVPN-Suite-armv7l-2.0.0-RC-2.tar.gz.sha512 ARM 32 bit legacy: https://eddie.website/repository/AirVPN-Suite/2.0-RC2/AirVPN-Suite-armv7l-legacy-2.0.0-RC-2.tar.gz https://eddie.website/repository/AirVPN-Suite/2.0-RC2/AirVPN-Suite-armv7l-legacy-2.0.0-RC-2.tar.gz.sha512 x86-64: https://eddie.website/repository/AirVPN-Suite/2.0-RC2/AirVPN-Suite-x86_64-2.0.0-RC-2.tar.gz https://eddie.website/repository/AirVPN-Suite/2.0-RC2/AirVPN-Suite-x86_64-2.0.0-RC-2.tar.gz.sha512 x86-64 legacy: https://eddie.website/repository/AirVPN-Suite/2.0-RC2/AirVPN-Suite-x86_64-legacy-2.0.0-RC-2.tar.gz https://eddie.website/repository/AirVPN-Suite/2.0-RC2/AirVPN-Suite-x86_64-legacy-2.0.0-RC-2.tar.gz.sha512 Changelogs Changelogs are available inside each package. Kind regards & Datalove AirVPN Staff

I wouldn't say that, seeing as the project seemingly recommends using its own Linux kernel module, so only specialized projects may pull this out-of-tree module and compile it into their kernels. On a standard router, maybe even if you flash it with specialized ROMs like OpenWrt, you may find Wireguard, but not AmneziaWG. It also seems to need its own forks of standard Wireguard tools which you probably won't find in some distribution families. Maybe Debian at some point, later Ubuntu, and maybe maybe Fedora. On Arch, it might surface on the AUR (or probably is), and on SuSE on the OBS. Red Hat will never adopt it, and if Enterprise is not really interested, you get into a situation where single developers, or a single group of devs, are maintaining something used commercially again. It is not sustainable; you'll never know if it'll still be there in 5 years, or if internal disputes won't force the project to be forked and developed under a different name. But standard Wireguard is developed by well-known researchers, right in the kernel, and garnered enough commercial interest that some consumer networking companies implemented it as a feature. Wireguard is sustainable. AmneziaWG is not. It will never replace standard Wireguard. Besides, the aim of Wireguard is not privacy. And most people around the forums (by topics created in the forums, at least) use the VPN not for the privacy aspect but because they want to torrent. What they're looking for is performance. You don't need AmneziaWG for that. What I'm concerned about is the relationship Wireguard <> AmneziaWG. AmneziaWG would have the obligation to behave in a way a standard Wireguard behaves if server and client differ. I don't know how Wireguard will react if those fixed parameters talked about in the docs are altered. Maybe it's not even a problem, since AmneziaWG clients can connect here normally. At least according to some threads it doesn't seem to be a problem. Dunno. But, no, a replacement is highly unlikely, both generally and specifically on AirVPN.

It looks like the graphs on the status page aren't working for this server? edit: ctrl+f5 did the trick, sorry

Hello! After the hardware replacement the server is apparently working very well. Should you find any anomaly do not hesitate to warn us and/or update this thread. Kind regards

Working Well Now. Tried maximizing both upload and download in parallel, and it worked like a charm! Tzulo servers are excellent in my opinion. New York-based Tzulo servers also perform really well.

Hello, I have problems when downloading with AirVPN on Ubuntu 16.04 using OpenVPN client. I have tried switching to other VPN servers, but still have problems with the download speed. The speed often goes to zero and sometimes it goes up, but then quickly drops to zero again. For example it goes up to 1.1Mbit and then slowly goes back to zero. And 1.1Mbit is not even close to my actual network speed. When I disable openvpn the download speed is back to normal. Any ideas why this is happening? Cheers!

I wasn't sure about airvpn at first, but now I'm in love with this service!

Appreciate the update!

I know it might seem a bit weird that a freshly joined member starts a discussion about a competitor. But I want to point out that I have no negative feelings for Perfect Privacy. I have been using them for a while. But there is something going on there that should concern us all. Perfect Privacy is a Germany based VPN provider that has been around for a while. In the past, they have proven more than once that they don't keep any logs and they also had a good reputation with people doing not so nice things. It was a common thing that one third of their servers have been down. But recently, something changed. They stopped updating their Warrant Canary in April. They have a forum too, but their staff entirely ignores this Warrant Canary topic. They refuse to comment on this matter. People told them they will leave if they don't update it. Others suggested they should just remove it if they don't bother updating it. Now if you think about it: If your users complain and even stop using your service, what could be a logical reason not to update the Warrant Canary? How much time would it take to do this? 3 months have passed by. At times, half their servers are down. IKEV2 is not working anymore because of some certificate error. They know about it. They say they are working on it. Even thought roughly half their servers are down or broken, their bandwidth at times see roughly around 10% usage. Unfortunately their forums is mostly in Germany. They had users defending this service for years. But now everyone and really everyone turned against the service and yet they don't seem to care. Can someone here come up with a reason why a service will suddenly stop updating the Warrant Canary and stop fixing things at the same time? For me, this sounds really bad. Talking about Perfect Privacy, they compare to services like Mullvad, AirVPN and IVPN. They have a very good reputation around privacy minded people. For me, this just sounds authorities prevent them from updating or removing it. I simply can not come up with any other explanation. Maybe you can.

Happy Birthday!! I am a brand new client. Hope to have a great and productive relationship with you into the future. Paul Keller

Hello! Starting from version 2.3, firewalld by default owns exclusively nftables tables generated by itself, thus preventing Eddie, Bluetit and Hummingbird Network Lock related operations. If you want to have Network Lock enabled and firewalld running at the same time, then you must configure firewalld by setting the following option: NftablesTableOwner=no in firewalld's configuration file, usually /etc/firewalld/firewalld.conf . After you have edited the configuration file with any text editor with root privileges, reload firewalld configuration or restart firewalld, and only then (re)start Bluetit, Hummingbird or Eddie. Additional insights: https://discussion.fedoraproject.org/t/firewalld-add-flags-owner-persist-in-fedora-42/148835 https://forums.rockylinux.org/t/rocky-9-5-breaks-netfilter/16551 Kind regards

Airvpn is dope. Had it for a while too. Also need one more content item to edit my username. Thanks, Airvpn.

Airvpn has been pretty nice. Have had it for a few years. Need to make one more content item so I can edit my username. So there's that. Thanks, Airvpn.

content

Thank you AirVPN! I love you!!!

No. Instead, remove the aur repo from your mirrorlist, remove all packages from it and rebuild them live from AUR. Cachy's aur repo is a horror made manifest, I'm hearing nothing but bad things about it.