Leaderboard

Eddie 2.24.6 Desktop Edition released Hello! We're very glad to inform you that a new stable release of Eddie is now available for Linux (various ARM based architectures included, making it compatible with several Raspberry Pi systems), macOS, Windows. Special thanks to all the beta testers, whose invaluable contributions and suggestions in the last months have helped developers fix several bugs and improve the overall stability of the software. Eddie is a free and open source (GPLv3) OpenVPN GUI and CLI by AirVPN with many additional features such as: traffic leaks prevention via packet filtering rules DNS handling optional connections over Tor or a generic proxy customizable events traffic splitting on a destination IP address or host name basis complete and swift integration with AirVPN infrastructure with OpenVPN and WireGuard white and black lists of VPN servers ability to support IPv4, IPv6 and IPv6 over IPv4 What's new in Eddie 2.24.6 WireGuard is the new communication protocol by default, while OpenVPN remains available for any necessity CPU usage optimization update of packaged binaries and libraries new options to customize WireGuard improved management and configuration of bootstrap servers (qualified domain names are now possible too) systemd-resolved (Linux) enhanced compatibility for all working modes improved management of SIGTERM signal several bug fixes Operating and architectural notes Eddie GUI and CLI run with normal user privileges, while a "backend" binary, which communicates to the user interface with authentication, gains root/administrator privileges, with important security safeguards in place: strict parsing is enforced before passing a profile to OpenVPN in order to block insecure OpenVPN directives external system binaries which need superuser privileges (examples: openvpn, iptables, hummingbird) will not be launched if they do not belong to a superuser Eddie events are not run with superuser privileges: instead of trusting blindly user's responsibility and care when dealing with events, the user is required to explicitly operate to run something with high privileges, if strictly necessary Backend binary is written in C++ on all systems (Windows included), making the whole application faster. Settings, certificates and keys of your account stored on your mass storage can optionally be encrypted on all systems either with a Master Password or in a system key-chain if available. Download Eddie 2.24.6 Eddie 2.24.6 can be downloaded here: https://airvpn.org/linux - Linux version (several architectures and various distribution specific packages for easier installation) https://airvpn.org/macos - Mac version https://airvpn.org/windows - Windows version Eddie is free and open source software released under GPLv3. Source code is available on GitHub: https://github.com/AirVPN/Eddie Complete changelog can be found here. Kind regards & datalove AirVPN Staff

Sounds like you are making great progress, congrats! It sounds to me like everything is working as it should now, so we need to either: reset your expectations and correct your assumptions, or have you communicate why you think something should work a certain way or what your goals are. Putting your first and third posts together, it sounds like you expect to see the WebGUI on multiple ports. Can you explain why you would want that? I'm not going to say you couldn't engineer that, but I'm going to challenge your thinking here. Let's assume your machine has a local network static IP of 10.77.77.42; you access the WebGUI with http://10.77.77.42:8082 right? Why do you need additional access on port 27586? Are you trying to admin qBittorrent from outside your network? You haven't stated that before which is why I ask. Many users are uncomfortable exposing their WebGUI to the world, so you need to be clear that this is your desire (and secure it with https before doing so!). How many ports do you have forwarded from AirVPN? Are ports 8082 and 27586 in pool #2 (saving pool #1 ports for P2P users is the goal here)? Your line "FIREWALL_VPN_INPUT_PORTS=8082,27586,27587" isn't going to work unless all three of those ports are forwarded from AirVPN. I believe the most common use case is to only forward the torrenting port from pool #1 (27587) keeping the WebGUI port just for local network use. Lets check your devices to ensure they are not an issue. When you go to the devices screen have you set up a device? Then in the ports screen is that device linked to the port (in the dropdown)? And when making your config file did you select that device? When working correctly, the sessions screen should list your device at the top of the card when connected.

I guess I should document the process for those who don't know how to do it. I run a DE so I want to launch the eddie gui on startup for my user rather than cli. 1. As the wanted user, create a file ~/.config/systemd/user/eddie-ui.service 2.Configure as needed but I did [Unit] Description=eddie-ui user service [Service] ExecStart=eddie-ui Restart=always RestartSec=10s TimeoutStopSec=10 [Install] WantedBy=default.target As is there's a bug where when sigterm is sent it will timeout after the default 90 seconds and the process gets sent sigkill to kill it so you might want to reconfigure that so you don't have to wait as I did. I'm not sure the best way to work around that but I found that waiting 10 seconds is enough for eddie to close connections and past that it sits there doing nothing before getting killed by sigkill so I expedited it. You have to let it send sigterm first, if you switch it to sigkill, openvpn gets stuck open. 3. systemctl --user enable eddie-ui.service 4. systemctl --user start eddie-ui.service If you want to configure the service for all users, use the --global option. so systemctl --user --global then enable disable start stop etc. Also, your DE probably has an easy way to autostart applications or run commands for you but I switch DEs and WMs constantly and remove and install new ones so this is easier for me to set once and never again.

Hello, last year I had written a wrapper for Eddie's CLI version (in bash) to be able to use it more easily and extensively in the linux command line like the GUI, but with less resources. I have used it since then every day without problems, but now I have finally gotten to overhaul it and adjust it to Hummingbird because it is just so much faster! I also tried to make it more easy to configure (by having a separate configuration file) and added some new functionality like support (and automatic recognition) of iptables and nftables to lock down the system even without being connected to AirVPN and automatic connection at boot with a systemd unit. Again, feel free to use this as you wish, I hope someone can benefit from this. I'm happy about any improvements and corrections and will update this if I find the time. Features graphical interface in the command line to connect to AirVPN with Hummingbird (no Eddie involved) runs in background, the interface can be closed/opened anytime without affecting the running connection possibility to connect to any server with just one ovpn configuration file easily connect to a random server, to a recommended server, to the recommended server of a specific country or to a specific server sortable list of all servers including info like used bandwidth, load and number of users possibility to connect to other VPNs with openconnect lock down system by default (permanently if you want), so even without AirVPN/Hummingbird running there won't be any unwanted network traffic automatically establish connection at boot (which can later be controlled via the interface) logging of Hummingbird's output (number of days to keep logs for can be adjusted) system notifications to let you know what happens in the background Some general notes The default network lock determines, like Hummingbird itself, if iptables, iptables-legacy or nftables is available on your system and will use the first one found in that list. You can overwrite that by specifying which one to use in the configuration file. Once activated, the lock will stay in place until manually deactivated, so no internet connection will be possible unless connected to AirVPN or other whitelisted VPNs. You can make the lock permanent (or rather activate at boot) by enabling that option in the configuration file. AirVPN's network lock overwrites the default network lock, so there will be no interference. IMPORTANT: If you have any frontend firewall for iptables/nftables running, you might to disable that or read up on how it might interfere with rule changes you make directly via iptables/nft. The same thing applies if you use just Hummingbird itself. If you enable the default permanent network lock, it will write the lock rules at boot, most likely overwriting rules by firewalld or the like, but other enabled firewalls might interfere later. Also important: If you have SELinux and you want to use nftables for Hummingbird starting at boot, you have to create a SELinux exception for nft bcause otherwise it will be denied and Hummingbird starts without setting up its own lock, thus leaving you unprotected (AirVPN staff is aware of this issue). You can do that with audit2allow. Follow for example this guide to troubleshoot the problem and fix it with the solution given by sealert. Check your /etc/resolv.conf file while not running Hummingbird (because Hummingbird's network lock replaces that file temporarily) to make sure your router is not set as a nameserver (so no 192.168... address). Some routers will push themselves on that list by DHCP whenever you connect to their network. Since communication with the router is allowed in the lock rules, DNS requests will be handled by the router and sent to whatever DNS server is configured there even when network traffic should be blocked. There are ways to prevent that file from being changed by DHCP, best configure network manager for that if you use it. To connect to other VPNs, their IPs must be whitelisted and DNS requests for their domains must be allowed in the default network lock rules (netfilter_ipbatles.rulesipv4/ipv6 and/or netfilter_nftables.rules). Only edit those files with the default network lock deactivated. The rules for airvpn.org can be copied and adjusted. You can set custom options for Hummingbird in the interface or the configuration file. All the possible options can be found in the Hummingbird manual or with sudo hummingbird --help Apart from dialog I tried to only use basic system tools. The scripts will check if everything needed is present, if not they will exit. At least bash 4 is needed. The scripts rely mostly on dialog, awk and curl (and iptables/nft as described and openconnect if needed), so it should work on most systems. I wrote and tested this on Fedora 32 with Hummingbird 1.0.3. It should be possible to use any ovpn config file generated by the AirVPN's config generator. Even with the file for one specific server it should be possible to connect to any other server because the server override function is used here. I haven't tested that extensively though and just use the config file for earth. AirVPN's API seems to be a little unreliable sometimes as in not correctly reporting the connection status. Sometimes the API reports me not being connected although I am connected to an AirVPN server. This is no big deal, it just means that the connection status sometimes may be shown falsely as disconnected. If you have the default network lock activated, no traffic would be possible if you were actually disconnected. And, lastly, VERY IMPORTANT: I am still no programmer and do this only on this on the side, so even though I tried my best to make these scripts secure and error free, there might very well be some bad practice, never-ever-do-this mistakes or other hiccups in there. It works very well for me (and has for quite a while by now), but better check it yourself. UPDATE As of 2020/08/29 this project including updates, changelog and further instructions is publicly available on GitLab. There it can be more easily examined, downloaded and updated. Thus I have removed the scripts, installation instructions and the archive with all the files from this post. Check out the GitLab project for the newest version.

The scripts have been updated and moved to GitLab for easier handling (see original post). Check out the GitLab project page for the updated scripts and everything else: https://gitlab.com/nwlyoc/vpncontrol