Leaderboard

Yes, direct OpenVPN, Wireguard and even Tor is now blocked at the TLS handshake stage, because any traffic containing no recognizable data is now rejected by default (just like in China). Currently this may be circumvented by using SSH or SSL wrapping. More on how to set up an SSH tunnel is here, and the same about SSL is here. The method is this: you first start an SSL or an SSH client in proxy mode, it connects to a remote AirVPN server, then you start a normal OpenVPN client but specifying it to connect to 127.0.0.1:proxy_port instead of a remote AirVPN server. All the needed settings are already in the config files generated by the Config Generator. The connection will still be slow and possibly unreliable. I guess DPI is trying to analyze all traffic going to the foreign servers (besides YouTube, Google, etc.) and throttles it if some statistical patterns are detected. The solution for Tor is to use a webtunnel bridge - those were recently implemented and use the same "fake HTTPS traffic" approach.

Hello and thank you for your tests! Excellent. Kudos to the new WireGuard library too. In the unit file targets you can see that systemd must start Bluetit only when the network is up (Wants=network-online.target). Bluetit also waits some more time for a valid gateway, see here: The above log entry seems to confirm that systemd is right and the network is really up but of course the fact that the network is up does not guarantee that the system's upstream router has a valid Internet connection. If the router does not have Internet connectivity, the incident wouldn't be a systemd or bluetit fault. We will investigate. In which distribution do you experience this? OK. By starting the connection with Goldcrest you may rely on the conn-stat-interval n option, where n is in seconds (please consult the user's manual for more details). You may also consider async for more tasks: the new asynchronous mode adds some interactivity, please check the new manual. However conn-stat-interval is not available in bluetit.rc. Thus, if you don't start a connection via Goldcrest, your approach is the way to go at a first glance. We'll consider your suggestion. Thanks again, keep testing! Kind regards

Quick feedback after using 2.0.0 Beta 1 for 10 days. Just as stable as 1.3.0, no issue. Speed boost with Wireguard is significant. The only minor inconvenience I experienced is that sometimes (occurred 4 times since May 14th out of 20+ suspend/resume in total), bluetit couldn't reconnect after resuming from suspend (log below). I had to restart the service manually with: # systemctl restart bluetit.service else it seems that it would have been stuck forever (waited a few minutes). It seems that bluetit tries to reconnect too early after resuming and the network isn't up yet. Maybe this could be fixed by adjusting bluetit-resume.service? May 19 18:41:14 bluetit[848508]: Bluetit daemon started with PID 848508 May 19 18:41:14 bluetit[848508]: External network is reachable via IPv4 gateway 192.168.1.254 through interface eno1 May 19 18:41:14 bluetit[848508]: Successfully connected to D-Bus May 19 18:41:14 bluetit[848508]: Reading run control directives from file /etc/airvpn/bluetit.rc May 19 18:41:14 systemd[1]: Starting AirVPN Bluetit Daemon... May 19 18:41:14 bluetit[848508]: IPv6 is available in this system May 19 18:41:14 systemd[1]: bluetit.service: Can't open PID file /etc/airvpn/bluetit.lock (yet?) after start: No such file or directory May 19 18:41:14 systemd[1]: Started AirVPN Bluetit Daemon. May 19 18:41:14 bluetit[848508]: System country set to <redacted> by Bluetit policy. May 19 18:41:14 bluetit[848508]: Default VPN type for AirVPN connections is set to WireGuard May 19 18:41:14 bluetit[848508]: Bluetit successfully initialized and ready May 19 18:41:14 bluetit[848508]: Enabling persistent network filter and lock May 19 18:41:14 bluetit[848508]: Network filter and lock are using /bin/iptables-legacy May 19 18:41:14 bluetit[848508]: iptables-nft rules found. Enabling iptables-nft save and restore modes. May 19 18:41:14 bluetit[848508]: Kernel module iptable_filter is already loaded May 19 18:41:14 bluetit[848508]: Kernel module iptable_nat is already loaded May 19 18:41:14 bluetit[848508]: Kernel module iptable_mangle is already loaded May 19 18:41:14 bluetit[848508]: Kernel module iptable_security is already loaded May 19 18:41:14 bluetit[848508]: Kernel module iptable_raw is already loaded May 19 18:41:14 bluetit[848508]: Kernel module ip6table_filter is already loaded May 19 18:41:14 bluetit[848508]: Kernel module ip6table_nat is already loaded May 19 18:41:14 bluetit[848508]: Kernel module ip6table_mangle is already loaded May 19 18:41:14 bluetit[848508]: Kernel module ip6table_security is already loaded May 19 18:41:14 bluetit[848508]: Kernel module ip6table_raw is already loaded May 19 18:41:14 bluetit[848508]: Network filter successfully initialized May 19 18:41:14 bluetit[848508]: Private network is allowed to pass the network filter May 19 18:41:14 bluetit[848508]: Persistent network filter and lock successfully enabled. Private network is allowed. May 19 18:41:14 bluetit[848508]: Starting AirVPN WireGuard boot connection May 19 18:41:14 bluetit[848508]: AirVPN Manifest updater thread started May 19 18:41:14 bluetit[848508]: Default AirVPN Manifest update interval is 15 minutes May 19 18:41:14 bluetit[848508]: AirVPN Manifest update suspended: AirVPN boot connection initialization in progress May 19 18:41:14 bluetit[848508]: Trying to load the local instance of AirVPN Manifest May 19 18:41:14 bluetit[848508]: Persistent Network Lock and Filter is enabled May 19 18:41:14 bluetit[848508]: Adding AirVPN bootstrap server 63.33.78.166/32 to network filter May 19 18:41:14 bluetit[848508]: Adding AirVPN bootstrap server 52.48.66.85/32 to network filter May 19 18:41:14 bluetit[848508]: Adding AirVPN bootstrap server 54.93.175.114/32 to network filter May 19 18:41:14 bluetit[848508]: Adding AirVPN bootstrap server 63.33.116.50/32 to network filter May 19 18:41:14 bluetit[848508]: Adding AirVPN bootstrap server 2a03:b0c0:0:1010::9b:c001/128 to network filter May 19 18:41:14 bluetit[848508]: AirVPN bootstrap servers are now allowed to pass through the network filter May 19 18:41:14 bluetit[848508]: Logging in AirVPN user 183aTr78f9o May 19 18:41:14 bluetit[848508]: AirVPN Manifest successfully retrieved from local instance May 19 18:41:14 bluetit[848508]: Updating AirVPN Manifest May 19 18:41:14 bluetit[848508]: Trying connection to AirVPN bootstrap server at http://54.93.175.114 May 19 18:41:14 bluetit[848508]: Cannot connect host: Couldn't connect to server May 19 18:41:14 bluetit[848508]: Trying connection to AirVPN bootstrap server at http://52.48.66.85 May 19 18:41:14 bluetit[848508]: Trying connection to AirVPN bootstrap server at http://52.48.66.85 May 19 18:41:14 bluetit[848508]: Cannot connect host: Couldn't connect to server May 19 18:41:14 bluetit[848508]: Trying connection to AirVPN bootstrap server at http://63.33.116.50 May 19 18:41:14 bluetit[848508]: Cannot connect host: Couldn't connect to server May 19 18:41:14 bluetit[848508]: Trying connection to AirVPN bootstrap server at http://63.33.78.166 May 19 18:41:14 bluetit[848508]: Cannot connect host: Couldn't connect to server May 19 18:41:14 bluetit[848508]: Trying connection to AirVPN bootstrap server at http://63.33.78.166 May 19 18:41:14 bluetit[848508]: Cannot connect host: Couldn't connect to server May 19 18:41:14 bluetit[848508]: Trying connection to AirVPN bootstrap server at http://82.196.3.205 May 19 18:41:14 bluetit[848508]: Cannot connect host: Couldn't connect to server May 19 18:41:14 bluetit[848508]: Trying connection to AirVPN bootstrap server at http://63.33.116.50 May 19 18:41:14 bluetit[848508]: Cannot connect host: Couldn't connect to server May 19 18:41:14 bluetit[848508]: AirVPN login error: Cannot connect host: Couldn't connect to server May 19 18:41:14 bluetit[848508]: Cannot connect host: Couldn't connect to server May 19 18:41:14 bluetit[848508]: Trying connection to AirVPN bootstrap server at http://54.93.175.114 May 19 18:41:14 bluetit[848508]: ERROR: AirVPN login failed for user 183aTr78f9o May 19 18:41:14 bluetit[848508]: Cannot connect host: Couldn't connect to server May 19 18:41:14 bluetit[848508]: Session network filter and lock rollback successful May 19 18:41:14 bluetit[848508]: Persistent network filter and lock are enabled May 19 18:41:14 bluetit[848508]: Sending event 'event_end_of_session' May 19 18:41:14 bluetit[848508]: AirVPN Manifest successfully retrieved from local instance May 19 18:41:14 bluetit[848508]: AirVPN Manifest update interval is now set to 30 minutes May 19 18:41:26 bluetit[848508]: Requested method "version" May 19 18:41:26 bluetit[848508]: Requested method "openvpn_info" May 19 18:41:26 bluetit[848508]: Requested method "openvpn_copyright" May 19 18:41:26 bluetit[848508]: Requested method "ssl_library_version" May 19 18:41:26 bluetit[848508]: Requested method "wireguard_info" May 19 18:41:26 bluetit[848508]: Requested method "network_lock_status -> Persistent Network Lock and Filter is enabled. (using iptables) Private network is allowed." May 19 18:41:26 bluetit[848508]: Requested method "list_pushed_dns" May 19 18:41:31 bluetit[848508]: Requested method "version" May 19 18:41:31 bluetit[848508]: Requested method "openvpn_info" May 19 18:41:31 bluetit[848508]: Requested method "openvpn_copyright" May 19 18:41:32 bluetit[848508]: Requested method "ssl_library_version" May 19 18:41:32 bluetit[848508]: Requested method "wireguard_info" May 19 18:41:32 bluetit[848508]: Requested method "network_lock_status -> Persistent Network Lock and Filter is enabled. (using iptables) Private network is allowed." May 19 18:41:32 bluetit[848508]: Requested method "list_pushed_dns" May 19 18:41:37 bluetit[848508]: Requested method "version" May 19 18:41:37 bluetit[848508]: Requested method "openvpn_info" May 19 18:41:37 bluetit[848508]: Requested method "openvpn_copyright" May 19 18:41:37 bluetit[848508]: Requested method "ssl_library_version" May 19 18:41:37 bluetit[848508]: Requested method "wireguard_info" May 19 18:41:37 bluetit[848508]: Requested method "network_lock_status -> Persistent Network Lock and Filter is enabled. (using iptables) Private network is allowed." May 19 18:41:37 bluetit[848508]: Requested method "list_pushed_dns" May 19 18:41:37 bluetit[848508]: Requested method "version" May 19 18:41:37 bluetit[848508]: Requested method "openvpn_info" May 19 18:41:37 bluetit[848508]: Requested method "openvpn_copyright" May 19 18:41:37 bluetit[848508]: Requested method "ssl_library_version" May 19 18:41:37 bluetit[848508]: Requested method "wireguard_info" May 19 18:41:37 bluetit[848508]: Requested method "network_lock_status -> Persistent Network Lock and Filter is enabled. (using iptables) Private network is allowed." May 19 18:41:37 bluetit[848508]: Requested method "list_pushed_dns" May 19 18:41:38 bluetit[848508]: Requested method "version" May 19 18:41:38 bluetit[848508]: Requested method "openvpn_info" May 19 18:41:38 bluetit[848508]: Requested method "openvpn_copyright" May 19 18:41:38 bluetit[848508]: Requested method "ssl_library_version" May 19 18:41:38 bluetit[848508]: Requested method "wireguard_info" May 19 18:41:38 bluetit[848508]: Requested method "network_lock_status -> Persistent Network Lock and Filter is enabled. (using iptables) Private network is allowed." May 19 18:41:38 bluetit[848508]: Requested method "list_pushed_dns" May 19 18:41:58 bluetit[848508]: Requested method "version" May 19 18:41:58 bluetit[848508]: Requested method "openvpn_info" May 19 18:41:58 bluetit[848508]: Requested method "openvpn_copyright" May 19 18:41:58 bluetit[848508]: Requested method "ssl_library_version" May 19 18:41:58 bluetit[848508]: Requested method "wireguard_info" May 19 18:41:58 bluetit[848508]: Requested method "network_lock_status -> Persistent Network Lock and Filter is enabled. (using iptables) Private network is allowed." May 19 18:41:59 bluetit[848508]: Requested method "list_pushed_dns" On a different note: Any chance goldcrest could have a similar option than journalctl -f, --follow -f, --follow Show only the most recent journal entries, and continuously print new entries as they are appended to the journal. This would be useful to monitor goldcrest --bluetit-status I know I could use watch but unfortunately it doesn't play well with tailspin that I'm using for highlighting. Currently I'm using a simple while loop but clearing the screen every few seconds isn't as readable as a "natural" refreshing: $ while true; do goldcrest --bluetit-status | tspin sleep 10 clear done

Hello! mbedTLS does not support x509. It's not needed by the Suite but maybe the linker enters the error state anyway, or maybe the mbedTLS libraries and include files are misaligned in your system. Can you please try with OpenSSL (which is the default setting)? Please set SSL_LIB_TYPE variable to OPENSSL: SSL_LIB_TYPE=OPENSSL in the following scripts: https://gitlab.com/AirVPN/AirVPN-Suite/-/blob/master/build-bluetit.sh?ref_type=heads https://gitlab.com/AirVPN/AirVPN-Suite/-/blob/master/build-bluetit-static.sh?ref_type=heads Kind regards

You've been asked for a system report a year ago, and now we're asking it again.