Leaderboard

Hello, last year I had written a wrapper for Eddie's CLI version (in bash) to be able to use it more easily and extensively in the linux command line like the GUI, but with less resources. I have used it since then every day without problems, but now I have finally gotten to overhaul it and adjust it to Hummingbird because it is just so much faster! I also tried to make it more easy to configure (by having a separate configuration file) and added some new functionality like support (and automatic recognition) of iptables and nftables to lock down the system even without being connected to AirVPN and automatic connection at boot with a systemd unit. Again, feel free to use this as you wish, I hope someone can benefit from this. I'm happy about any improvements and corrections and will update this if I find the time. Features graphical interface in the command line to connect to AirVPN with Hummingbird (no Eddie involved) runs in background, the interface can be closed/opened anytime without affecting the running connection possibility to connect to any server with just one ovpn configuration file easily connect to a random server, to a recommended server, to the recommended server of a specific country or to a specific server sortable list of all servers including info like used bandwidth, load and number of users possibility to connect to other VPNs with openconnect lock down system by default (permanently if you want), so even without AirVPN/Hummingbird running there won't be any unwanted network traffic automatically establish connection at boot (which can later be controlled via the interface) logging of Hummingbird's output (number of days to keep logs for can be adjusted) system notifications to let you know what happens in the background Some general notes The default network lock determines, like Hummingbird itself, if iptables, iptables-legacy or nftables is available on your system and will use the first one found in that list. You can overwrite that by specifying which one to use in the configuration file. Once activated, the lock will stay in place until manually deactivated, so no internet connection will be possible unless connected to AirVPN or other whitelisted VPNs. You can make the lock permanent (or rather activate at boot) by enabling that option in the configuration file. AirVPN's network lock overwrites the default network lock, so there will be no interference. IMPORTANT: If you have any frontend firewall for iptables/nftables running, you might to disable that or read up on how it might interfere with rule changes you make directly via iptables/nft. The same thing applies if you use just Hummingbird itself. If you enable the default permanent network lock, it will write the lock rules at boot, most likely overwriting rules by firewalld or the like, but other enabled firewalls might interfere later. Also important: If you have SELinux and you want to use nftables for Hummingbird starting at boot, you have to create a SELinux exception for nft bcause otherwise it will be denied and Hummingbird starts without setting up its own lock, thus leaving you unprotected (AirVPN staff is aware of this issue). You can do that with audit2allow. Follow for example this guide to troubleshoot the problem and fix it with the solution given by sealert. Check your /etc/resolv.conf file while not running Hummingbird (because Hummingbird's network lock replaces that file temporarily) to make sure your router is not set as a nameserver (so no 192.168... address). Some routers will push themselves on that list by DHCP whenever you connect to their network. Since communication with the router is allowed in the lock rules, DNS requests will be handled by the router and sent to whatever DNS server is configured there even when network traffic should be blocked. There are ways to prevent that file from being changed by DHCP, best configure network manager for that if you use it. To connect to other VPNs, their IPs must be whitelisted and DNS requests for their domains must be allowed in the default network lock rules (netfilter_ipbatles.rulesipv4/ipv6 and/or netfilter_nftables.rules). Only edit those files with the default network lock deactivated. The rules for airvpn.org can be copied and adjusted. You can set custom options for Hummingbird in the interface or the configuration file. All the possible options can be found in the Hummingbird manual or with sudo hummingbird --help Apart from dialog I tried to only use basic system tools. The scripts will check if everything needed is present, if not they will exit. At least bash 4 is needed. The scripts rely mostly on dialog, awk and curl (and iptables/nft as described and openconnect if needed), so it should work on most systems. I wrote and tested this on Fedora 32 with Hummingbird 1.0.3. It should be possible to use any ovpn config file generated by the AirVPN's config generator. Even with the file for one specific server it should be possible to connect to any other server because the server override function is used here. I haven't tested that extensively though and just use the config file for earth. AirVPN's API seems to be a little unreliable sometimes as in not correctly reporting the connection status. Sometimes the API reports me not being connected although I am connected to an AirVPN server. This is no big deal, it just means that the connection status sometimes may be shown falsely as disconnected. If you have the default network lock activated, no traffic would be possible if you were actually disconnected. And, lastly, VERY IMPORTANT: I am still no programmer and do this only on this on the side, so even though I tried my best to make these scripts secure and error free, there might very well be some bad practice, never-ever-do-this mistakes or other hiccups in there. It works very well for me (and has for quite a while by now), but better check it yourself. UPDATE As of 2020/08/29 this project including updates, changelog and further instructions is publicly available on GitLab. There it can be more easily examined, downloaded and updated. Thus I have removed the scripts, installation instructions and the archive with all the files from this post. Check out the GitLab project for the newest version.

So, between all the suggestions all of you have made and suggestions from AIR support via e-mail, I finally got everything back to normal. Support kept telling me that the password it was asking for was a "master password" that I used when I first installed Eddie (I don't remember any such master password. In any case, after finally deleting default.xml (thanks giganerd) and rebooting and reinstalling, I still had the same problem. However, a new e-mail from support mentioned another file - ~/.airvpn/eddie, that I didn't realize I had to delete as well. So, after deleting both files, unistalling Eddie completely, rebooting and reinstalling Eddie 2.19.4, I finally got everything to work and back to normal. Thanks to all you tech whizzes for all your help. This is an awesome group of support staff and users!! Onward ho! Problem solved!

When using the mentioned sudo -i as an example, a sample entry in /var/log/auth.log (or with dmesg -f auth) would look like this: Aug 21 15:08:57 computername sudo: sudoer : TTY=pts/1 ; PWD=/home/sudoer ; USER=root ; COMMAND=/bin/bash Aug 21 15:08:57 computername sudo: pam_unix(sudo:session): session opened for user root by sudoer(uid=0) So it's not only logged who did it, but also when, where and what, followed by PAM stating if authentication was successful or not. macOS path to the profile is by default /Users/(username)/.eddie/default.profile, for older versions /Users/(username)/.airvpn/default.profile. Note that .airvpn and .eddie are hidden folders. You need to explicitly configure Finder to show them. Should be a simple option somewhere in its settings.

Hello @Pompelmo For the sake of clarity I would like to add a little disambiguation of devices as it can lead to confusion. From now on I will refer to one of its meanings in CAPITAL letters to distinguish what I'm referring to on every moment. The two meanings are: devices: as your computes, cell phones .. DEVICES: Names you can create on your user area for different certificates to use in your connections. As for AirVPN, they let you have 5 simultaneous connections for each account. Those connections can be from 5 different devices connecting as the same DEVICE (using that certificate) or from a different combination of DEVICES used from your devices. So the thing is: ¿Can you connect 2 or more devices to the same server? Well, you can, as long as they don't use the same certificate so you must use different DEVICES for this. The only catch of this multiple DEVICES connecting to the same server will be that port forwarding wont work normally on those servers with multiple connections from the same user. Hope I didn't do it more confusing than it already was.

All connected to the same server should work, you just have to choose a different protocol/port for each one