Leaderboard

Hello! We are very pleased to inform you that we are taking the necessary steps to completely renovate our infrastructure in the United Kingdom. The current servers will be dismissed and replaced by six 10 Gbit/s servers with newer and much more powerful hardware. Each 10 Gbit/s server will be connected to a full duplex 10 Gbit/s dedicated line and port. Each new server replaces 2.5 current 1 Gbit/s servers in order to increase remarkably the available bandwidth per connected client. At the end of the upgrade, UK will offer a theoretical peak of 60 Gbit/s (full duplex) instead of the current 15 Gbit/s, through adequately powerful servers. According to our plan, three servers will be located in London and three in Manchester. The new servers will start operations around 19-22 February 2026. Current 1 Gbit/s servers will cease operations on the night between 28 February and 01 March (UTC). Any plan changes and/or delays will be communicated promptly. Kind regards & datalove AirVPN Staff

Hello! Starting from February 1st, 2026, Debian (e.g. Trixie) enforces stricter OpenPGP policies and no longer accepts repository signatures involving SHA1-based certifications. As a result, users may see errors such as: Get:4 http://eddie.website/repository/apt stable InRelease [3,954 B] Err:4 http://eddie.website/repository/apt stable InRelease Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on C181AC89FA667E317F423998513EFC94400D7698 is not bound: No binding signature at time 2025-01-14T13:07:46Z because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z Warning: OpenPGP signature verification failed: http://eddie.website/repository/apt stable InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on C181AC89FA667E317F423998513EFC94400D7698 is not bound: No binding signature at time 2025-01-14T13:07:46Z because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z Error: The repository 'http://eddie.website/repository/apt stable InRelease' is not signed. Notice: Updating from such a repository can't be done securely, and is therefore disabled by default. Notice: See apt-secure(8) manpage for repository creation and user configuration details. This was caused by an outdated signing key certification used by the repository. Solution The repository signing key has been regenerated and the repository is now correctly signed again. To restore updates, please re-import the updated maintainer key: curl -fsSL https://eddie.website/repository/keys/eddie_maintainer_gpg.key | sudo tee /usr/share/keyrings/eddie.website-keyring.asc > /dev/null Then run: sudo apt update Sorry for the inconvenience, and thanks for your patience. Kind regards

Hello! Interesting thread indeed, thank you. Our position is close to the EFF position you can read here: https://www.eff.org/deeplinks/2025/08/no-uks-online-safety-act-doesnt-make-children-safer-online We will keep you informed. So far, you probably know well our approach with similar, lower or higher requests from Russia, China and a few other countries, and there's no plan at the moment to change our position. In general, we think that it is impossible that those persons who advance, propose or defend such dangerous laws in so called democracies are in good faith (except in peculiar cases where they suffer from some mental illness or carry a neurological deficit). They have an hidden agenda developed on the myth of pervasive control but more importantly fueled by monetary reward. Yes, that's a motivational reason, maybe almost as strong as monetary reward and votes. Moreover, there is a real possibility that such laws lead on the short run to an increase in support (and therefore votes) which, net of dissent, is positive, even though by tiny tenths of percentage which are anyway not negligible for an embarrassingly inept ruling class that's incapable of developing serious strategies to improve the life of teenagers and children. Their total failure is proven by the official data (England and Whales police records in this case) that show a dramatic rise of sexual offenses against children in the UK in the last 5 years in spite of (and someone could even argue because of) more and more laws allegedly thought to protect children. Where does this 0.1% come from? If you want to stay real please adjust this quota (since 2025, start multiplying that percentage by 250 to begin with). Furthermore, there's no money involved to use Tor, its usage is totally free and well beyond Ofcom abilities to control it. However, it's true that people may find it boring because it's like 10 times slower than a VPN with a decent infrastructure. It would indeed. However, we seriously doubt that the ramshackle British institutions, always short of funds, can surpass the GFW designers and maintainers in efficiency, competence and grandeur of operation. And note that the GFW is routinely bypassed nowadays by the most and least skilled to connect to a wide range of VPNs. Our aggregate data show that this claim is deeply incorrect, at least for AirVPN, if we consider p2p improper usage quantified by DMCA and other warnings. It's not the majority, on the contrary it is a tiny minority. Where does this assumption come from? We would like to assess official stats to compare them with what we gather on the field. Kind regards

Hello! Please see here: https://airvpn.org/forums/topic/79065-eddie-desktop-apt-repository-signing-key-update/ Kind regards

I open a support request https://airvpn.org/contact/

@thetechnerd @MikeHawkener Hello! Some additional related information that may be valuable for you both. When you run OpenVPN: the assigned VPN IP address depends on the daemon of the VPN server you connect to. Each one lives in a separated /24 subnet somewhere inside 10.0.0.0/10 When you run WireGuard: WireGuard lacks any DHCP feature it lives in a unique, gigantic 10.128.0.0/10 subnet throughout the whole AirVPN infrastructure the VPN IP address of each node is linked permanently to the node's key and it is unique in the whole WireGuard address space thus you will have always the same VPN IP address when you use the same key and you don't renew it, no matter which VPN server you connect to Kind regards

Hello! We're very glad to inform you that three new 10 Gbit/s full duplex servers located in Toronto (Ontario), Canada, are available: Castula, Chamukuy and Elgafar. The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. They support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor : https://airvpn.org/servers/Castula https://airvpn.org/servers/Chamukuy https://airvpn.org/servers/Elgafar/ Do not hesitate to contact us for any information or issue. Kind regards & datalove AirVPN Staff

Its a shame. These were among the absolute fastest (especially Chumukay) when they came on board. They smoked the high powered Chicago servers but they are not reliable for the past week or two. Right across the border in Chicago apparently nobody is attacking those servers.

Singapore needs a 10G server. All the servers are very congested and are super slow. Thank you.

Hello! Eddie Android edition 4.0.0 beta 2 is now available featuring improved AmneziaWG support and strengthened logic against AirVPN bootstrap server blocks: https://airvpn.org/forums/topic/77633-eddie-android-edition-400-preview-available/ Kind regards

Hello! We had a similar project that is now temporarily frozen for good reasons: in real life the ability of the "AI"s to guess successfully the real destination from analysis of the VPN tunnel traffic is poor (the excellent success rates you see are achieved only in a controlled environment where the victim visits only destinations pre-determined from a tiny list) AmneziaWG is quickly becoming (*) a more universal approach that may be effective and that does not require our own proprietary solution, provided that constant rate tunnel, deterministic batching and traffic morphing are not required -- safe assumptions as DAITA doesn't aim at obtaining them (*) While early AmneziaWG releases could "only" add junk packets during handshakes, making it not suitable to replace DAITA, AmneziaWG latest release is also capable to perform padding of transport messages and modification of their header range. It can do all of the above, optionally, over a faithful imitation of a different protocol (any protocol that can be built on UDP), including specific HTTP/3 web sites initial flow mimicry. While these options efficacy in fighting AI guided traffic analysis must be verified in a controlled environment when AI abilities will improve, and in spite of the fact that AmneziaWG currently lacks the important active distortion feature that DAITA offers, together with reason 1 they are sufficient to let us prioritize AmneziaWG support in the infrastructure and our software, and freeze proprietary solutions research. Once AmneziaWG is operating in the whole infrastructure, it may be considered whether adding active distortion to match this DAITA feature, or anyway building additional features to outperform DAITA (on top of the many already available in Amnezia and not from scratch), is worth the effort or not. Kind regards

@Stalinium Yes, the packets you obtain yourself are better suited to your network environment. If you find that troublesome, you can also try other people's parameters. Here are my parameters. Jc = 8 Jmin = 86 Jmax = 892 S1 = 0 S2 = 0 H1 = 2 H2 = 3 H3 = 4 H4 = 1 I1 = ... I2 = ... I3 = ... I4 = ... I5 = ... CPS I1-I5(bing.com-initial QUIC).txt

Jc = 10 Jmin = 53 Jmax = 488 S1 = 0 S2 = 0 H1 = 2 H2 = 4 H3 = 1 H4 = 3 I1 = <b 0xc800000001142041eb35d428321d4c7b5a54f4a25b2eb42b1473144d6f82c2a7fb72748e0ec1cb05dbee502b24ad1f008000047c54b2c6fd1b8d38cc5b2898ffb4ab45a98e34500df11f17d7a00e6feee8b1689e65d3de8267c53ab147353c33bb36072efc65b807af56031e5531651e06f604b15a2cffe4ac57a2611c5b4ed0de39c051de95ad48ca096859db12be3164a2b4c4780c20889a6d9f592cb30b7c0de1636492f9c708ba5ef94c62ff52355782fdc80a7cb7c271004b31164f17ae1164b2a6879182d4e43c06cc29803ee6817da5f08a2c43757cc0f1748ef45fd8b69559b96ecc22828bf5eb9c5796db363da6cd1e675808ff1fa60ed2f226ea9347b6aead0a77419dbea8c03053c6c78e98652faa8b3d7c266d508586f2bc642b55adadbfbeae7d36bf1555e5769b8bf21f81908da3418882937d394e73284fa254926373aeb3d9093f837281c533688e29dacf3d798a36e32ae5d06683b4fba6031652f3abd817d4e585dc8682d2fc661d58242f9148cf051ecd0bfc4d3d1ebbd5db752567389710d3f39d963e01d39240e79a83e5043455609733b00cf2abec95270125882327c93bb2702d2beb03fcf8e5df1234e10f28768d76458f5380a256c27d6623774deabcd327c845e1398006bf288fd3732ea36d13a661ee551d024403283bfde1213ff4e767fefac1db3a2555ae0ffc5ab72251c269bc5115cf4bb65280ffa35c62468801e191131d35ad081659abb97a8fbe26049556ffe87f4d7f592a6f4423133e79661a26928511288cf98e54e34a4e8ecdd4d8c6e1af469ded38a159d625e45e549b3a711ef293f7930040c72b7cd975045ed7e629b60104cced6cb5afb75712eefd60bd705c040bf2143de63d2f637f825c69e53034e183aadb94858d63f2506d42d4faed810ba98172d2340b9d2eb63a4665a5480124f6ce5369cccf2bf18d512fc1b52c0ae7f64ca4380a17d19882b69bcda00277f73b8e02160cddfd913b807149e8519cfbdcb216b80a377a735ad31b87b41c7fb966ebcaae7213e6d4915beb845f926f6e29a284ea11a4f3a63ed22a61d0110cd33b1c31a8a0538b312e9266b773621cdeb9aa862db0d99e04b3cfa1e9ab03ff35cf6a6d3b72be1a6e039104547f9041e007d02c3769510d507f07ea3ebf38a326a9d82977a1cd32b25af02ccf1ddac08389dfb0a30932161f20b53b7a19b6fa8850d86f67b4420eb65f5ed45ba282ad1b82bf341cb9ad3b36437a1f007ad98ce2058fef118a650c908ac9c8cfaffc6eb37f203946a05b1d1698a0e325fc25594d41df81e5984486209aaf3ec854bea023663a7b8c63d31aea21921dcfca5d828b10fca0dd0855ffcaf4e9f0ae83372ff1674f2229954b7dd5dedff81a34aea41537f4536a86a746fa1e28c06985bc029e76df04d383fa7559679d67aa53e153663653ea75cc29a400e20f7ec5c55d13669d08eb9a5615b6871f51c08fde02ddb3bdaa0cc28ef207c6ff51f52bbd3cd49fab6708db0ccda23c7cfd6bd7aae5143b4a88aedf4d232ef39645ddb5bfe794b3e7175cb0b355c4f44df07b53bc48c11e80c3b62319f6a26f8a9b300306c2077b3c0a06028ed9cc2ffabb9984500cd98420b58a6649be2ac1969c3cc2b2fe62dae03c4e48b080ae812c7e105f45fc4ad3544e46d38e25662177644d6ea87e99a892> It is highly preferred that you get your own QUIC packet for I1. You could do that with Wireshark and "curl --http3-only (possibly any Russian website that is whitelisted)" . Select first QUIC Initial packet, right click "QUIC IETF" below -> Copy -> Copy as a Hex Stream. (Mozilla Firefox QUIC packets did not work for 16 kbyte blocked subnets for me)

Did everyone notice? The Kornephoros server achieved astonishing speeds today. As a 10Gbps server, it loaded over 5Gbps of bandwidth. I've never seen such speeds on any 10Gbps server before. What makes this server different from other 10Gbps servers? Is it the unprecedentedly powerful hardware, the data center's network environment, or AirVPN's optimization of the server's kernel? Staff can take a look and use this information to optimize other 10Gbps servers. Kornephoros is truly unexpected.

Hello! The "range" is specified by mask /32, so it's this single unique address. Yes, it's plausible that some past event flagged the IP address. We don't know the internals of Tailscale but definitely this behavior should be investigated. Why an attempted connection to this specific IP address and why this port? Kind regards

Hello! There's nothing listening to port 54037 on any AirVPN server. We can't see why Tailscale seeks a connection to it, anyway we are sure now that there's no malware there as there's nothing. Probably Malwarebytes behavior comes from some past event or it's yet another over-blocking case. Kind regards

the effective MTU of the tunnel is limited by the smallest MTU anywhere along the path Hello! On our servers the MTU limit is 1420 bytes on a standard Ethernet frame because of IPv6 over IPv4. For PPPoE see also https://www.hitoha.moe/wireguard-mtu-over-pppoe/ So, if you set 1432 bytes MTU for your WireGuard interface, the fragmentation will occur on our servers, not on your side. The upper, actual limit is the lowest MTU in the path, in other words the smallest MTU on the path silently limits the tunnel. The 12 bytes difference may be negligible and most packets will not be fragmented, and you will not see fragmentation on your side, but you could notice a performance hit on upload (upload from you to the server we mean). Kind regards

@Zack Hello! The IP address you mention is assigned to AirVPN server Asellus in the Netherlands. Please mention explicitly port Y, we want and must verify what your app (mention the app too if possible) will find on that port, it's important. Kind regards

Thanks a lot for the quick fix and the clear instructions! I removed my temporary Sequoia policy workaround, re-imported the updated maintainer key as posted, and apt update is working again on Debian Trixie. Much appreciated.

Hi, since 2026-02-01 my Debian Trixie system can’t update the Eddie APT repo. Debian repos are fine, only eddie.website fails. Error: http://eddie.website/repository/apt stable InRelease sqv: Policy rejected signature because SHA1 is not considered secure since 2026-02-01T00:00:00Z Key: C181AC89FA667E317F423998513EFC94400D7698 Is there an updated repo signing key / re-signed InRelease available (SHA256+), or a recommended fix/workaround until it’s updated? Thanks!

Thanks for sharing. This workaround helped on my system too. I’ll use it temporarily, but a proper fix would be an updated/reissued repo signing key (no SHA1). Any update from the maintainers?

Had this Problem yesterday too and found a Workaround. Treat this as a temporary workaround. apt uses "Sequoia PGP" to verify signatures. By default, sqv is configured to accept the SHA1 hash algorithm only until Feb 1st 2026. To Resolve this for a period of Time, reconfigure sqv, copy /usr/share/apt/default-sequoia.config to /etc/crypto-policies/back-ends/apt-sequoia.config, and change the date from 2026.02.01 to 2026.06.01 in the line the Repo should Update again until 2026.06.01, better Solution would be an updated signing Key.

Yes, works for me too.

Loving these new speedy servers! Would love to see some upgrades to the 2 overworked connections in Montreal.

Every time a VPN connection is started, there is a chance Eddie will crash, most often by the third connection attempt. Here, I just tapped on the same server (but it could be any server) three times, then Eddie quit and the VPN disconnected. This doesn't happen with Eddie 3.3.0. https://eddie.website/report/46708ecc/

finally managed to connect via my phone, thanks to New app version. If you are located in .Ru just use any free working vpn to reach airvpn server to log in, than disconnect and use airvpn. For me worked amnezia with default parameters. Thanks staff for your work.

Hello! We think that the problem is on your side. Castula is absolutely perfect just like other servers you experience this problem on. We have no complaints whatsoever about any of the servers you mention. Note that Castula, Chamukuy, and Elgafar are all connected to the same upstream in the same small subnet. Your tests have been instrumental to make us aware of the problem (SYN flood and similar events) frequently occurring on specific Canadian servers, so thank you! A good thing you can do on your side is black listing the servers that don't work well for you. You have anyway a vast range to pick from. Keep us informed if the problem suddenly appears on one or more of the servers that are perfectly fine for you now. Kind regards

I've been with AirVPN for a long, long time. I wrote the original Tomato router guide. I've never had problems like this before. The packet loss is very persistent. Kornephoros is the only node in eastern Canada where I am not having any problems. It's a meganode and that may speak to its capacity to handle large volumes of packets. I was getting the same packet loss in NYC on Muliphein, but that suddenly resolved. Still, half of the six NYC meganodes are jittery, with lots of latency spikes. I just rechecked everything. I also checked both the first and second hops off each VPN node to make sure that the packet loss is consistent and not localized to one node/router. Can anyone at AirVPN figure out what's going on? I already talked to both my ISP and carrier about this and can completely rule out any problems with my connection physically, or at layers 2 or 3. See below for the latency and packet loss numbers. Lacerta: 96 of 100 packets returned successfully : 4.0% PACKET LOSS Round Trip Time (in milliseconds) Maximum/ Minimum/Average: 146/0/75 Ross: 98 of 100 packets returned successfully : 2.0% PACKET LOSS Round Trip Time (in milliseconds) Maximum/ Minimum/Average: 166/0/58 Cephei: 95 of 100 packets returned successfully : 5.0% PACKET LOSS Round Trip Time (in milliseconds) Maximum/ Minimum/Average: 24/0/18 Kornephoros: 100 of 100 packets returned successfully : 0.0% PACKET LOSS Round Trip Time (in milliseconds) Maximum/ Minimum/Average: 32/0/18 Mintaka: 93 of 100 packets returned successfully : 7.0% PACKET LOSS Round Trip Time (in milliseconds) Maximum/ Minimum/Average: 76/0/21 Tejat: 86 of 100 packets returned successfully : 14.0% PACKET LOSS Round Trip Time (in milliseconds) Maximum/ Minimum/Average: 23/0/19 Tyl: 95 of 100 packets returned successfully : 5.0% PACKET LOSS Round Trip Time (in milliseconds) Maximum/ Minimum/Average: 24/0/18 Muliphein: 100 of 100 packets returned successfully : 0.0% PACKET LOSS Round Trip Time (in milliseconds) Maximum/ Minimum/Average: 262/0/31 Paikauhale: 100 of 100 packets returned successfully : 0.0% PACKET LOSS Round Trip Time (in milliseconds) Maximum/ Minimum/Average: 50/0/28 Sadalmelik: 100 of 100 packets returned successfully : 0.0% PACKET LOSS Round Trip Time (in milliseconds) Maximum/ Minimum/Average: 193/0/30 Terebellum: 100 of 100 packets returned successfully : 0.0% PACKET LOSS Round Trip Time (in milliseconds) Maximum/ Minimum/Average: 280/0/40 Unukalhai: 100 of 100 packets returned successfully : 0.0% PACKET LOSS Round Trip Time (in milliseconds) Maximum/ Minimum/Average: 44/0/28 Unurgunite: 100 of 100 packets returned successfully : 0.0% PACKET LOSS Round Trip Time (in milliseconds) Maximum/ Minimum/Average: 86/0/29

I checked the list of AirVPN updates and saw that there has been no update to the Windows application for a year. What's happening?

Hello! As noted the claimed vulnerability and PoC was/were not filed through the proper channels. According to the report we could finally access, the vulnerability affects macOS (not Windows or Linux), only in case the user checks "Preferences->UI->CLI" in order to have "eddie-cli <options>" available in a command line interface. macOS is the only system for which the stand alone Eddie CLI version is not offered. While the report is being investigated please do not enable that option and run Hummingbird if you need a CLI based program to connect. We will update this thread and of course, should the problem be confirmed, the devs will release a new version. Kind regards

Hi, This may be the case. Regardless, the question stands: are the Eddie developers looking into this? Development of Eddie seems really lacking at present, there are several open issues on Github, particularly on Mac, that have not been fixed in spite of being reported over a year ago. The issues have not even been replied to. This really isn't filling me with confidence. Please can a member of staff assure us customers that this issue is being looked in to? And when can we expect a fix for the macOS permissions issue? Thank you.

Hello! We're very glad to announce that Eddie Android edition 4.0.0 beta 2 is now available. New: how to use Eddie in network where the "bootstrap" servers can not be reached Eddie downloads user and infrastructure data, essential to use the service, from special "bootstrap servers" through an encrypted flow inside HTTP. If the bootstrap servers are blocked or the underlying protocol to port 80 is filtered out, Eddie is unable to proceed. Starting from Eddie 4 beta 2 version, the ability to retrieve such data locally has been added. Whenever bootstrap servers are unreachable, Eddie can read the latest available local data to connect to a VPN server. Once connected the bootstrap servers are again reachable and the local data are immediately updated for future usage. The local data remain valid as long as you don't need to change user. On top of all of the above, Eddie can now retrieve such data through the login procedure that now can be started even when a connection to a VPN server was previously established via a profile. Therefore, when you are in a restrictive network that blocks access to bootstrap servers, you can connect through a profile generated by AirVPN web site Configuration Generator. After this first connection, log your account in to the service by selecting the specific option on the left pane, enter your AirVPN account credentials as usual and make sure that Remember me checkbox is ticked: Eddie will download all the necessary files and store them locally. This procedure is "once and for all", at least as long as you don't need to change account. After this initial connection, Eddie will be able to log your account in to the infrastructure, retrieve servers data and establish connections without profiles and without bootstrap servers, offering again full AirVPN integration even when bootstrap servers are unreachable. Only If you change account you must repeat the procedure. New: "Open with..." option added to "Share" option Different Android versions allow management of files with different restrictions. Different apps may support different intents on specific Android versions. To enlarge total compatibility, now Eddie offers two different options to export and manage files, including generated profiles. You will find the usual "Share" option coupled with a new "Open with..." option. Some apps support only one intent, other apps only specific intents on specific Android versions, and so on. By adding this option Eddie enlarges considerably the amount of apps you will be able to open and/or share files with. New: AmneziaWG parameters range validity AmneziaWG parameter range validity has been documented in three different ways (official web site, GitHub documentation files, and developers comment) and the web site documentation that it's still official is in reality not aligned with the source code. The new parameters range validation adopted by Eddie 4.0.0 beta 2 is based now on GitHub latest documentation integrated by source code analysis. The original message of this thread has been updated accordingly. You will find on it the new download link and checksum, as well as detailed Amnezia description. If you decide to test, please report at your convenience any bug and problem in this thread. If possible generate a report from the app in a matter of seconds: by tapping the paper plane icon on the Log view bar rightmost side you will generate a full system report which will include both log and logcat and have it sent to our servers. Then you just need to send us the link the app shows you (open a ticket if you prefer to do it in private). Kind regards & datalove AirVPN Staff

giga omega based kornephoros was struggling to cope with extra demand after wurren was decommissioned. this is gonna be awesome.

I don't understand. Except adding IP in Network route out of VPN, I don't have any solution.

How can the load percentage be conveyed even clearer in your opinion? Those are highly subjective things depending on your setup, and I don't want to see them as data points in a server overview showing factual data valid for everyone the same way. Load (= bandwidth usage), number of clients and RTT between the servers are factual data valid for everyone, whereas your own latency and "connection quality metrics" are the result of your client's configuration, connection type and its config, ISP, routes, etcetc. I mean, what is even the definition of "connection quality" in your own words? Preferably something that is valid for you, me and the random reader of this thread at the same time.

Kinda unrelated but this server has been going down a lot in the last few weeks.

Hello! We're very glad to inform you that a new 10 Gbit/s full duplex server located in Los Angeles, California, is available: Revati. The AirVPN client will show automatically the new server; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. Revati supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor , by clicking the server name. Direct link: https://airvpn.org/servers/Revati Do not hesitate to contact us for any information or issue. Kind regards & datalove AirVPN Staff

Kornephoros is airvpns better 10gb server in canada. it almost gives me full speeds on my home server(connected via wifi) funny enough their now decommissioned wurren was a pretty crappy in my experience. i was never able to get more than 80mbit on wurren even though it was also supposedly a 10gbit server... even regular 1gbit server outperformed wurren

Other VPN clients support this functionality. I don't know how it's done on the technical side. But Eddie's development on PC seems to have been abandoned. Last update is from almost a year ago. So I guess the chances for new modern features is basically 0.

🙄

I'm also confused. Perhaps the hardware isn't powerful enough? A 1Gbps server can handle 100+ users with 80% bandwidth utilization. This means a 10Gbps server would need 1000+ users to achieve the same 80% bandwidth utilization. However, in reality, a 10Gbps server experiences a significant speed drop when handling 300+ users, seemingly unable to keep up. It would be better to label it as a 3Gbps or 5Gbps server, as the actual speed difference from the advertised 10Gbps is substantial. If that's the case, it would be better to replace one 10Gbps server with ten 1Gbps servers. Maybe that's the case? I think AirVPN may have leased a 10Gbps network in the data center, but the servers can't handle that 10Gbps network. Isn't that a waste of resources? I think AirVPN can increase the number of 1Gbps servers as much as possible to make full use of network bandwidth, which would also save on server costs for AirVPN, wouldn't it?

I've seen this happen on Vindemiatrix, and I think it happened on Taiyangshou today as well (maximum is 4.8 Gb/s but that is average so likely it did surpass 5 Gb/s). I still wonder why overall bandwidth utilization of 10 Gbps servers are low (<50%), is this just due to scaling?

Hello! Not anymore, and even less in the near future. HTTP/3 is quickly spreading. Today, HTTP/3 is used by 36.5% of all the websites, including major web sites inside countries that enforce blocks against VPN. Furthemore, blocking UDP as such is no more realistic, not even in China, where UDP has become an instrumental protocol for many companies in any sector (video streaming, video conference, VoIP, marketing, social media marketing, regime propaganda and more), for regime aligned or regime owned activities. In China you have a near 100% success rate and no shaping (apart from the normal shaping for anything outside China) with the current Amnezia "weak obfuscation" (no CPS) implementation, i.e. at the moment you don't even need QUIC mimicking (which is anyway available and very effective). Currently, bypassing blocks via UDP than via TCP is more efficient in China. At the moment there is nothing more effective than mimicking QUIC with the signature / fingerprint of an existing web site that's not blocked, and you have this option right now. We see > 95% success rate, which is better than the success rates of SSH (not exceeding 75%), shadowsocks and XRay, V2Ray etc (but a lot faster!). The success rate is similar to any VPN protocol over HTTP/2, but, again, dramatically faster. We're glad to know it. It is also very flexible. Thanks to CPS, you may mimic any transport layer protocol built on UDP, for example DNS, QUIC, SIP. Kind regards

@zimbabwe @AG999 @Upre1943 @Stalinium @Nonsense @H12345h12345 Hello! Eddie Android edition 4.0.0 preview implements full AmneziaWG support: https://airvpn.org/forums/topic/77633-eddie-android-edition-400-preview-available/ Feel free to test and report back (bug, glitches...)! Kind regards & datalove AirVPN Staff

Hey there, Taiwan is a provincial administrative region of China, an inalienable part of China’s territory. But when I checked my IP on ipleak.net, I saw Taiwan was shown with those outdated flags, which is totally wrong. These flags don’t reflect the fact that Taiwan belongs to China. Using them misrepresents Taiwan’s status and goes against the One - China principle. It’s really important to fix this mistake. Please correct the display and stop using such wrong flags. Let’s make sure the info about Taiwan is right, in line with the One - China principle. Thanks for handling this!

Some differences between yours and mine are: I also use Wireguard and I have "- WIREGUARD_PUBLIC_KEY=[redacted]" and you don't; I don't have any volumes set up, everything in the docker compose; You aren't specifying the latest image, consider using "qmcgaw/gluetun:latest"; I do not use CIDR notation for the "WIREGUARD_ADDRESSES" and you do, consider trying it without the "/32"; Are you sure your forwarded port is in AirVPN's pool #1? For P2P it has to be. For qBittorrent: again use the latest: "lscr.io/linuxserver/qbittorrent:latest" consider adding the following for robustness: "depends_on: gluetun: condition: service_healthy restart: true" You don't have "TORRENTING_PORT=[your pool #1 port number]"; Its usually best to have these in the same stack, not separate containers. Keep trying, it DOES work.

I agree with your sentiment - it takes a lot of time when you're unfamiliar with this stuff and are already busy doing something else. But it is easier than it seems. To renew the certificate: - Go to https://airvpn.org/ - Sign in - Select the "Client Area" tab - Under "VPN Devices" click the "Manage" button - Click the "Details" button - Click the "Renew" button Then do what Staff says in the above post: - run Eddie - on Eddie's main window uncheck "Remember me" - log your account out - log your account in (you'll need to re-enter your AirVPN credentials) - try again a connection

Let me just add the observation that only a few percent of domains you might be looking up in a DNS system are going to be DNSSEC signed anyway. While it's nice to have DNSSEC functioning as a sort of future proofing and for the rare cases when it matters now, becoming alarmed at its absence in a DNS system at this stage is seriously inappropriate. Example: in the US the only major financial institution that I can find that signs its DNS entries with DNSSEC is the Internal Revenue Service! Yes, irs.gov is signed, as are some other US-gov't agency sites. But the big banks do not use DNSSEC, and neither do the well-known large brokerage houses. (Every site foo.bank is a DNSSEC-signed bank site, but see https://www.register.bank/dotBANKers/# to see which banks have bothered. They're all small.) In the VPN world, AirVPN.org is signed, mullvad.net is signed, and privateinternetaccess.com is signed. Every other well-known VPN service that I've tried depends on unsigned DNS entries. So basically at present, DNSSEC from the consumer point of view is little more than a cute toy.

You're on fiber, right? Because if so, you are not the first with this, and you won't be the last. I can't wrap my head around it myself because I don't know anyone who is on fiber to test anything (I'm in Germany, after all), but all the people before you suggest that OpenVPN is problematic with fiber connections.