Leaderboard

Hello! We're very glad to inform you that a new Eddie Air client version has been released: 2.24 beta. It is ready for public beta testing. How to test our experimental release: Go to download page of your OS Click the button Switch to EXPERIMENTAL Download and install This is a new version of Eddie Desktop (Windows / Linux / MacOS). We know there is still 2.21.8 as stable, and 2.22.x and 2.23.x series never reached the stable version. We hope that this version 2.24.x will be tested and reach a stable release. Internally (in terms of development and code) it represents a significant step forward for us: the CLI editions are compiled with dotnet 7, without Mono, Xamarin and any dependency on NetFramework (Windows) or Mono (Linux, MacOS). All CLI projects can be opened in Visual Studio Code and debugged on any OS (macOS, Linux, Windows) without the need to use Xamarin, Visual Studio or Visual Studio for Mac. A new UI is in the works that will finally remove the dependency on Mono and Xamarin, but we don't have a release date to announce yet. The MacOS CLI is new (previously there was only the UI, or the UI with "-cli"), and it's also native for arm64. Overall, there has been a significant effort to clean up and modernise the code, and to prepare our build/deploy scripts for the new UI as well. We understand that there are still tickets or posts that we haven't responded to yet, but we preferred to complete this step first. Main changelog: [new] WireGuard is now the default communication protocol [new] All CLI editions can be compiled and debugged with VSCode and .NET7 [new] [macOS] CLI-only edition, built with .NET7, without Xamarin [new] New commandline only option "elevated.method" [change] OpenVPN 2.6.9 [change] [linux] CLI edition, built with .NET7, without Mono [change] [linux] .deb and .rpm, removed Mono dependency [change] [linux] .deb package tries to initialize elevated service at install/uninstall, .rpm package still missing this feature. [change] [windows] CLI edition, built with .NET7 [change] [all] Better management of SIGTERM signal [change] [all] Don't check if app dir is writable for portable-mode, now managed by presence of "portable.txt". [bugfix] [linux] terminal issue with sudo elevation [deprecation] [all] -cli mode for UI. Use CLI edition directly, now available in all supported platform. [deprecation] [windows] Vista builds [deprecation] [windows] Windows Firewall Network Lock mode [deprecation] [linux] x86 builds [deprecation] [linux] Portable Mono builds

Typo in the first paragraph. The server name is written as "Meleph"

That is a silly and childish question. How do you expect staff to answer that? Since I am not staff or related in any way with AirVPN, I will give you a point of view for this from just a normal fellow in your community. Staff clearly mentioned that there is a legal framework in place. Law should not be commented but obeyed. Which is why AirVPN is obeying and respecting the law, and not allowing customers from Italy. Since there is no legal requirement to ask for face scan or identity card when registering a VPN account, the only way for the service to know where you are ordering from is the IP address you are placing the order from. How will the service know you are buying via a different VPN in the first place? It's not like there is a public record of all VPN addresses (unlike there is a public record for all IP addresses that are flagged in Italy for example) - that could perfectly be a normal IP address. There's a huge chance the provider will not even know you are using a VPN at all when buying. If the IP address of that VPN or proxy or whatever you are using is not in Italy, how will the provider know you are from Italy? You have to click a checkbox to confirm you are not Italian, so the provider has the confirmation that they are applying the correct policy. But it's against the privacy rights to request for ID card copy or facial scan, so it's up to you to provide the accurate information If you order via Tor for example, via the .onion address of AirVPN, how can it be known? So, obviously you must NOT be an Italian if you are purchasing your VPN from there, you are resident of Tor-onion-land. I recommend closing this post for future replies, as the main message has been properly sent, and to prevent more confusing stuff - in case the legal framework will be reversed in Italy (as it should because it's madness, but then again this is something too big and beyond powers to talk here) a new announcement will be made confirming the acceptance of Italian customers.

Hello! We were easy prophets in this case. The catastrophic blackout referred to in the article is a concrete example of the risk we denounced, a violation of fundamental rights, a confirmation of the wisdom of our decision and a demonstration of the irresponsible and odious frivolity of decisions taken by private actors. Our infrastructure must not be polluted by repugnant decisions taken by private entities that seem to have little or no technical competence and that, so far, enjoy impunity for any mistake, no matter how serious. Kind regards

I feel for the Italians, but how can you challenge a corrupt government "this is all part of the plan" not country specific but world-wide ! One small step for Italy, one giant leap for World domination

Hey, pictures would make this post indeed so much better. So, I have done it and posted below. Please note the following: My OPNsense Firewall is "clean" I did a factory reset before conducting the steps and completing the guide. For simplicity, I copy and pasted most of the Text but added it with the missing pictured and did fix where I believe it was necessary. All Credits for this goes to the original poster @Sj0rs I configure OPNsense from the WAN interface. To do this, I did the following steps as a preparation before this guide. Disclaimer In general, DO NOT TRUST ME ! I'm not a security expert. I do not know what I'm doing here ! Preparation (not required if you access the firewall from LAN) Some advice here… Opening the WAN interface to allow administration is not good ! I am doing this because the firewall sits in my private LAN, and I'm not doing any port forwarding on my main router ! If your firewall is connected directly to the internet, do not do this ! Again, in general, DO NOT TRUST ME ! I'm not a security expert. I do not know what I'm doing here ! Now that you know it… 1. Deselect "Block private networks" and "Block bogon networks" in Interfaces → WAN. After doing so: hit save and "Apply changes". 2. Select "Disable reply-to" in Firewall → Settings → Advanced. Hit save at the end. 3. Add incoming WAN rule to allow administration. Go to Firewall → Rules → WAN Add a TCP rule from "WAN net" to "This Firewall" on HTTPs. Step 1. Information gathering. We'll grab some info that we need to configure the WireGuard Tunnel. Go to the Client Area. Got to VPN Devices. Add a device or edit your existing device. Note your Public Key and IPv4 under the heading "WireGuard" Go back to the Client Area. Go to Config Generator Select "router" under "Choose your OS" Select "WireGuard under "Choose protocols" Select your country under "By Countries". I selected Netherlands Scroll way down and download your config. This is an example of a WireGuard config: (the keys and IP are random and will not work, use your own) [Interface] Address = 10.10.10.10/32 PrivateKey = X72xgdx23XDomnSXmcy#S4Jc#9Y5G*vU$wg^n499yn6 MTU = 1320 DNS = 10.128.0.1 [Peer] PublicKey = VTSQ77Uk4^&RY4h%S$#9h8PR2T&xyya&yPTtk6oD^m$ PresharedKey = b7&&7bntmCS5q%&4J*mSKBAUvV4XEqHerwscvbappXQ Endpoint = nl3.vpn.airdns.org:1637 AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 15 Step 2. Create the Tunnel configuration. Pre Configuration — Install WireGuard plugin 0.1 Go to System → Firmware → Plugins and install the "os-wireguard" plugin. Peer configuration: in OPNsense go to VPN → WireGuard → Settings → Peers. Create a peer with the following information: Name: wg_airvpn_<country code>. Mine is called wg_airvpn_nl Public key: <PublicKey under heading [Peer] of your generated WG Config> Pre-shared key <presharedKey under heading [Peer] of your generated WG Config> Allowed IP's: 0.0.0.0/0 Endpoint Address: <Endpoint under heading [Peer] of your generated WG Config> Endpoint port: 1637 (default port) Keepalive interval: 15 (default interval) Click "Save" and you should see the below Instance configuration: in OPNsense go to VPN → Wireguard → Settings → Instances Create an instance with the following information: Enable Advanced Mode. (upper left corner) Name: <Endpoint Name i.e. nl.vpn.airdns.org> Public Key: <Public Key as noted with step 1.4> Private Key: <PrivateKey under heading [Interface] of your generated WG Config> Listen Port: 1637 MTU: 1320 Tunnel Address: <Address including /32 under harding [Interface] of your generated WG Config> Peers: <select peer that you created with step 2.2> Disable routes: Enabled. Hit the "Save" button. Enable WireGuard configuration Go to VPN → Wireguard → Settings → General and click on "Enable WireGuard" Hit "Apply" Step 3. Make an exception on your WAN interface in OPNsense go to Firewall → Rules → WAN On the WAN interface, default is called WAN, create a Pass rule for IPv4/UDP port 1647 to your WAN-address. Scroll down and hit "Save". It should look like this: Step 4. Assign WireGuard Interface in OPNsense go to Interfaces → Assignments You'll find a "wg1(WireGuard - nl.vpn.airdns.org)" (or similar) interface. bind it to an interface with a name of your choice. Mine is called WAN_WG1 as is the first site-to-site WireGuard tunnel on my WAN interface. Click the "Add" button Enable the Interface Interfaces → Assignments → WAN_WG1 Enable: Enable the Interface. Dynamic gateway policy: Selected (I found it's not working without this. Not sure why) No further configuration required. Ensure the "Block private networks" and "Block bogon networks" options are not selected, as shown below. Hit "Save" and "Apply changes". Step 5. Create a gateway. Remember, we disabled the routes for the WG instance configuration? Because of that, we need to create a gateway. In OPNsense go to System → Gateways → Single Add a Gateway with the following information: Name: WAN_WG_GW Description: Interface WAN_WG1 Gateway Interface: Select WAN_WG1 as created in step 4. Address Family: IPv4 IP address: Dynamic (leave empty) Far Gateway: Enabled (this I am not sure of, but for now I'm happy it works) Disable Gateway Monitoring: enabled Hit the "Save" button. Step 6. Aliases I did not use aliases in my setup. I use the default LAN network group. Step 7. Create Outbound NAT for WireGuard. (In my setup, I use Manual Outbound Rule Generation because I like to have control) In OPNsense go to Firewall → NAT → Outbound Click "Manual outbound NAT rule generation" then "Save" then "Apply changes". Create a new Outbound NAT rule with the following information: Interface: WAN_WG1 TCP/IP version: IPv4 Protocol: Any Source Address: LAN net (or use alias) Translation /target WAN_WG1 address Description: WireGuard VPN Outbound NAT rule Click the "Save" button and then the "Apply changes" button. Step 8. Create Outbound Redirect rule. In this example we create 2 rules on our LAN interface, one for redirecting to WG, the other to prevent leaks. In OPNsense go to Firewall → Rules → LAN add an outbound Pass rule: Action: Pass Source: LAN net (or use alias) Destination: Any Gateway: WAN_WG_GW (the gateway you created in step 5.) Hit the "Save" button. Add an outbound block rule below that: Action: Block Source: LAN net Destination: Any Gateway: default Hit the "Save" button and then the "Apply changes" button. You need to disable the existing Default rules by clicking on the green arrow then "apply changes" again. (I have removed them as we do not need them anyway) Step 9. Prevent DNS leaks Create an alias to use all available AirVPN servers. Firewall → Aliases Click add Enable: selected Name: VPN_DNS Content: 10.4.0.1 128.0.1 10.5.0.1 10.7.0.1 Click Save Create NAT port forward rule. Firewall → NAT → Port Forward Click Add Interface: LAN TCP/IP Version: IPv4 Protocol: TCP/UP (DNS traffic is usually UDP, but I thought it's better to do it like this) Source: LAN net Destination: This Firewall Destination port range: DNS Redirect target IP: VPN_DNS (the alias we created in 9.1) Redirect target port: DNS NAT reflection: Disable Filter rule association: None Hit "Save", then "Apply changes". Your WG VPN tunnel should now work. Test with https://ipleak.net Step 10. Port forwarding (Optional) If you need port forwarding for something, make sure It's configured in your AirVPN Member settings ! Firewall → Rules → WAN_WG1 → Add Action: Pass Interface: WAN_WG1 Direction: In Protocol: select your protocol Source: any (or if you can define it, do this here) Destination: Single host or Network and the IP of the device Destination port range: select the port (range) reply-to: WAN_WG1_GW (this is very Important!) Hit "Save", then "Apply changes". Firewall → NAT→ Port Forward → Add Interface: WAN_WG1 Protocol: Same as in 10.5 Destination: WAN_WG1 address Destination port range: Same as in 10.8 Redirect target IP: Same as in 10.7 Redirect target port: Same as in 10.8 Hit "Save", then "Apply changes". That's it for port forwarding. Test the setting. Let me know if something is not correct or clear. END of the Guide... Everything below here can be ignored. It seems the board software adds all the pictures I have added again to the bottom of the post, so ignore everything below here ! Thanks