Leaderboard

Hello! The problem affects those users who run Eddie Desktop edition with OpenVPN and never logged out for more than a year, or use OpenVPN clients with configuration files generated before 2021. Since Eddie Desktop edition re-downloads certificates and keys only when the operator logs in, locally some certificates have expired because we extend their expiration date automatically at least one year in advance (three years normally). Please try the following procedure to quickly resolve the problem: run Eddie on Eddie's main window uncheck "Remember me" log your account out log your account in (you'll need to re-enter your AirVPN credentials) try again a connection Kind regards

pfsense warned me last month that some old certs were expiring so I'm not surprised that some people are seeing this results. It's unfortunate that software (eddie) or this web site didn't warn people they were using certs about to expire.

I agree with your sentiment - it takes a lot of time when you're unfamiliar with this stuff and are already busy doing something else. But it is easier than it seems. To renew the certificate: - Go to https://airvpn.org/ - Sign in - Select the "Client Area" tab - Under "VPN Devices" click the "Manage" button - Click the "Details" button - Click the "Renew" button Then do what Staff says in the above post: - run Eddie - on Eddie's main window uncheck "Remember me" - log your account out - log your account in (you'll need to re-enter your AirVPN credentials) - try again a connection

Great thank you very much, everything works again It was all stupid Thanks again

Hello! Please try the following procedure to quickly resolve the problem: run Eddie on Eddie's main window uncheck "Remember me" log your account out log your account in (you'll need to re-enter your AirVPN credentials) try again a connection Kind regards

According to this definition there is no censorship at all anywhere enforced by governments, not in North Korea, not in France, not in China... Please note that your definition is pure fantasy, if not insulting. Censorship is exactly suppression of speech, public communication, or other information subversive of the "common good", or against a given narrative, by law or other means of enforcement. The fact that censorship is enforced by law or by a government body does not make it less censorship. Furthermore, historically censorship was an exclusive matter of some central authority (the first well documented case is maybe the censorship rules to preserve the Athenian youth, infringed by Socrates, for which he was put to death, although the etymology comes from the Roman Office of Censor which had the duty to regulate on citizens' moral practices) and today censorship by governments is predominant. Even In modern times censorship through laws has been and is predominant and pervasive according to Britannica and many academic researches. Then you can discuss ad nauseam whether censorship by law is "right" or "wrong", whether France's censorship is "better" than China's censorship, but you can't change the definition of censorship, otherwise this discussion will become delirious. Kind regards

They're also living under the assumption that government is benevolent and righteous. Have they forgotten that the government of the very thing they detest (nazism) made illegal many things...was it ok because the government made them illegal?

Same problem here. Suddenly today. Downloaded latest version and installed just in case. There must be something wrong other than here locally? The suggested fix is way too complicated... That was lazy.. pointing to a description of ten thousand words to do something that probably is easy... Please give a step by step way to fix this without a million other things mixed in.

Hello! No, it was not and it is not. Every and each machine runs on non-affected Operating Systems, typically FreeBSD and Debian 12. Debian 12 trivially is not affected because it does not include (in the official repositories we point at) the exploited xz versions 5.6.0 / 5.6.1 (and of course we did not build them from git) while in FreeBSD: Gordon Tetlow, security officer, https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html). Kind regards

I use Cloudflare for my site and it's exactly as you said. See https://developers.cloudflare.com/waf/reference/cloudflare-challenges/ for details. To my knowledge, website admins can't disable these challenges if an IP has displayed suspicious behavior.

Hey all, Just made the switch to Air today. Like many of you, I jumped ship due to another popular VPN service ceasing support for port forwarding. So far I'm loving what I've seen from the community and the actual real communication from AirVPN themselves, that's awesome to see. In a way I'm glad this happened as I was forced to discover Air. What I am missing however is the speed. I know the Aussie server was added and swiftly removed due to Australia's oppressive privacy nature, and I completely understand this. I also am grateful a second NZ server was recently added. Having said that, I'm struggling to break past 300mbps out of a 1gbps connection where previously I was cracking around 700mbps. Granted that service did provide 10gbps Australian servers in my city, I'm wondering if anyone else from Australia has tweaked anything with good results like MTU sizes etc, or if perhaps making one of those NZ servers 10gbps is considered or planned at some point. I hope it's obvious I'm in no way complaining about Air, I really like it, though I feel with NZ being the main line to the Australian client base, those servers should be pretty beefy. As beefy as feasibly possible in fact. Simply more bandwidth would absolutely round out Aussie satisfaction with what is really our 1 of 2 options now. It's really our only option if you care about static port forwarding. Thoughts? Cheers.

I would highly like it if AirVPN upgraded their servers to 10Gbps as quite often the NZ servers are very busy. No wonder why it is hard to get max speeds if they are this busy. I have sometimes seen them like 1800Mbps bandwidth throughput. Don't get me wrong, AirVPN is a good service, I just feel they need more Bandwidth in some locations like NZ because in NZ we have super fast Fibre connection speeds, some households have 1Gbps or more and that can easily use all bandwidth on the VPN server.

I'd suggest you to move the wireguard configuration file to /etc/wireguard then make that folder accessible for the root user only sudo chown root:root -R /etc/wireguard && sudo chmod 600 -R /etc/wireguard then enable the systemd service to launch it at startup with systemctl enable wg-quick@here_goes_the_name_of_your_config_file_without_the_.config_extension

To avoid any interruptions, I’d go to client area -> devices and create a new device. Then generate a new OpenVPN config: * check advanced settings * choose your new device * check OpenVPN * check Separate keys/certs * download archive and extract * import new ca.crt * import new user.crt * select new cert in OpenVPN settings

“The Netherlands hosts some of the world’s largest internet exchanges. This obliges us to make the best use of these exchanges for our national security. With the Temporary Cyber Act, we will make optimum use of the data carried on our cables to protect The Netherlands against Russian and Chinese hackers” – Dutch government announcement Of specific note, this law vastly expands when the Dutch agencies can perform SIGINT on Dutch Internet Exchanges like the Amsterdam Internet Exchange. These powers extend to any form of communication, including private peering and Private Network Interconnects (PNI). Every cable must be made available for ’exploration’, and it is likely that due to the wording in the new law, any request for such examination will be granted by the commission that rules on these things. Such exploration includes the right to send data to foreign intelligence agencies, including non-European ones. https://berthub.eu/articles/posts/dutch-intelligence-and-security-law/ Will this affect AIRvpn's Dutch servers? Will Dutch servers be able to guarantee AIRvpn's users privacy?

Tested. The portable and AppImage versions of 2.24.2 both have the same issue.

Hi, I'm on Linux Mint 21.1 and I've installed the Eddie client (version 2.21.8, installed via apt). When I open the Eddie window, I can use it to connect to the VPN, but if I close the window, it closes the VPN connection. I would expect the connection to stay up when the client window is closed. Is there any way to do that? I've looked it up and it doesn't seem to be a common issue. If this is a normal feature of Eddie, would switching to a CLI client solve the problem? Or would I need that terminal window to stay up as well? Thanks! Edit : I found the answer, im putting it here in case other people have the same question : simply right-click the tray icon and select "hide main window", very easy

Hello! We inform you that all Latvia servers entry and exit IP addresses are being changed. The list of servers by name can be found here: https://airvpn.org/status - search for "Latvia". If you run Eddie Desktop edition, Eddie Android edition, or Bluetit + Goldcrest, no action is required as the software will update automatically all the data. If you run any program based on configuration files containing specific references to IP addresses of Latvia servers, then you will need to re-generate the file(s) after the operation has been completed. You can do it as usual through the Configuration Generator available in your AirVPN account "Client Area". If you use Latvia servers as a gateway to restricted services based on filtering anything different from Latvia servers exit IP addresses, please act properly to avoid any lock out. This major change is part of a series of operations that will allow a much needed and used AirVPN feature to be significantly powered up. More on this in the near future. Kind regards & datalove AirVPN Staff

@JackParsons Hello! Eddie 2.13.6 should run on your system. To download it, on the Linux download page please select "Other versions", click "2.13.6" and the download page will point to that version. Before installing Eddie 2.13.6 please make sure to delete the configuration file (default.xml in older Eddie versions, default.profile in newer version) to avoid incompatibilities of the configuration file due to a downgrade. If even Eddie 2.13.6 can't run on your system, then you could prepare a configuration file compatible with your OpenVPN 2.3.2: in the Configuration Generator turn the "Advanced" switch on set the "OpenVPN profile" combo box to "2.4" select a connection with OpenVPN to entry-IP address ONE (this is essential to avoid tls-crypt, unsupported by 2.3) download and use the configuration file as usual Please consider anyway to upgrade your system for security reasons. Kind regards

Hello @Staff can you please tell me how the speed is calculated and what is the delay between each update. Im currently breaking the record but my downloads are always finished when it update.

Thanks for reply. This is where it gets complicated. 1. OpenVPN wants a ta.key (presumably to go with the ca.crt?) at service.vpn.manager/Downloads/AirVPN But 'Advanced' Config Generator doesn't seem to generate that file, instead it generates tls-crypt.key (not sure here??) Fixing that looks like a rabbit hole to me! 2. Switching to WireGuard looks to be a better solution long term, but (unless anyone can point to easy install on Raspberry Pi OSMC??) that also looks like a rabbit hole! While v much respecting AirVPN staff, the problem looks to be that regular Config Gen is including a now out-of-date ca.crt file - as of 8th April. That is, if I delete all VPN files (using the OpenVPN Utility), new ovpn files from regular Config Gen include the out-of-date ca.crt file. I'm sure there are sound reasons why you don't want to fix that, but for me this seems to mean AirVPN no longer works on my setup, which is a shame. All help gratefully accepted. Thanks.

Hello! You need to re-generate your configuration files through the Configuration Generator available in your AirVPN account "Client Area". Explanation: https://airvpn.org/forums/topic/58289-openvpn-certificate-has-expired/?do=findComment&comment=231319 Kind regards

Hello! Please see here for a possible explanation and easy solution: https://airvpn.org/forums/topic/58289-openvpn-certificate-has-expired/?tab=comments#comment-231319 Kind regards

sha1 being used which is for old tls-auth configs but only staff can quickly say if the entry IP is 1 or 2 and not 3 or 4. that is to say, I'm guessing you and several others are getting tls-auth and tls-crypt things mixed up. edit: Ok I see your post below mine that shows you used a tls-auth config.

Hello! Problem confirmed and under investigation. It is caused by an unexpected sluggishness of the first bootstrap server. If the first bootstrap server fails, Eddie will try the second one (timeout: 45 seconds), and then the third one (again 45 seconds timeout) and so on, so everything will work although the initial connection gets delayed. EDIT: problem solved. Kind regards

Hello! This new problem is unrelated and it is caused by an unexpected sluggishness of the first bootstrap server. We have opened an investigation just while you were writing the message. If the first bootstrap server fails, Eddie will try the second one (timeout: 45 seconds), and then the third one (again 45 seconds timeout) and so on, so everything will work although the initial connection gets delayed. EDIT: problem was solved at 6 PM CEST. Kind regards

Hello! Please try the following procedure: renew your certificate in the "Client Area" (instructions here: https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/ ) run Eddie on Eddie's main window uncheck "Remember me" log your account out log your account in (you'll need to re-enter your AirVPN credentials) try again a connection Main thread: Kind regards

Hello! We're very glad to inform you that two new 10 Gbit/s servers located in Alblasserdam (the Netherlands) are available: Menkent and Piautos. The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. The servers support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses and 4096 bit DH key not shared with any other VPN server. You can check the status as usual in our real time servers monitor: https://airvpn.org/servers/Menkent https://airvpn.org/servers/Piautos Do not hesitate to contact us for any information or issue. Kind regards and datalove

@randompersona Hello! We see that you solved the problem related to the connections. Now that the main problem is solved, on top of @Hypertext1071 suggestions, please also note that you enabled your remotely forwarded port(s) for one specific device only, but you are currently connecting with different devices, so you don't have the port forwarded by the AirVPN server. Kind regards

@Pi77Bull Thank you very much, we will investigate the problem. At least the units are fine. Note that you didn't need firewalld installation, so you can safely uninstall it if you wish so. You didn't need to remove ufw.service in the "Requires" line as well, it is ignored if missing. The main problem (which does not occur in Debian) now is in Bluetit itself, which waits forever for a network connection that's already available. We are investigating and we will keep you posted! Kind regards

That depends who you are hiding the sensitive, private data from, and whether it was already encrypted before you sent it through AirVPN. If who you are hiding it from has no power over the jurisdiction of the AirVPN server you connected to AND no power over the jurisdiction that you are sending your data to, NOR over any intermediate points between the AirVPN server and the final destination of your data, and the data was not encrypted to begin with, then yes, your security has improved a little, because your data is now being decrypted in a jurisdiction that your adversary has no power over. In this sense, AirVPN prevents adversaries from sniffing your data. However, in today's internet, it is bad practice to rely on your adversary not being in any jurisdiction, because it is hard(but not impossible) to know the full path that your data travels over, especially once it leaves the AirVPN server. It would be better if you had encrypted the data BEFORE sending it through AirVPN. If the data was already end-to-end encrypted so that only your intended recipient can decrypt your data, then AirVPN helps only in the sense that 3rd part observers will not know that YOU are the one sending data to your intended recipient(provided that your recipient is not cooperating with your adversary and has not been compromised by your adversary). If your goal is to hide your data from everybody other than your intended recipient (this would be the norm), but you do not care that people see that you are sending something to your intended recipient (provided that they cannot understand what you are sending), then using AirVPN would not really improve your security. If your goal is to hide your data from everybody other than your intended recipient and you do not want them to know that you are even sending anything to your intended recipient (they will still see that you are sending something to AirVPN, not that they can understand what you are sending), then yes, AirVPN does improve your security. Either way, it would be best to encrypt your data end-to-end before sending it. DO NOT rely on AirVPN to keep the data encrypted end-to-end, because the only way AirVPN can send the data to your recipient is to decrypt your data and send it to the recipient.

Hello! If you run Eddie Desktop edition you can pick a specific server from the "Servers" window, or you can let Eddie pick a server automatically. If you run Eddie Android edition you can pick a specific server on the "AIRVPN SERVER" view, or you can let Eddie pick a server automatically. If you run Goldcrest and Bluetit, you can pick a server through the proper option air-server in Goldcrest or airserver Bluetit run control file. If you run a program which reads a configuration file, for example the official WireGuard or OpenVPN software, you can generate as many configuration files as you wish from the Configuration Generator available in your AirVPN account Client Area. Generate configuration files according to your needs. The guide to getting started is available here: https://airvpn.org/forums/topic/18339-guide-to-getting-started-links-for-advanced-users/ Answers to frequently asked questions are available here: https://airvpn.org/faqs/ Kind regards

Looks like the old.reddit method doesn't work anymore but found a great solution if you're a ublock origin or adguard user. copy/paste of reddit comment so blocked users can see it. Go to your uBlock Origin / AdGuard filter settings page and add this custom filter (in uBlock Origin it's under the "My filters" tab): reddit.com#%#//scriptlet('set-cookie-reload', 'reddit_session', '0') This will automatically create the reddit_session cookie as described in the post above. You have to make sure that you are using the latest uBlock Origin or AdGuard extension, because the cookie filter syntax has only been added recently to uBlock Origin. (The above filter only works with uBO version 1.53.0 or higher) Here are some more techy details about the cookie filter: It will create a session cookie, which will only last until the browser is closed. (This is good because see 2. and 3.) You will not be able to log-in to reddit while the cookie is set. (Also applies to manual method in the original post) If you want to log-in to reddit, you will have to remove or comment out the custom filter, then close and re-open your browser. Doing this will clear the session cookie and prevent your adblocker from automatically creating the fake session cookie again. You can comment out custom filters by prefixing them with an exclamation mark, e. g.: !reddit.com#%#//scriptlet('set-cookie-reload', 'reddit_session', '0') The cookie value is set to '0', this is a limitation of the new cookie filter syntax. Can't make it empty as of now unfortunately. It works fine with the value set to '0' though. reddit comment

Done for you :)

Thank you. This works.

Hello! Normally the changes are applied in a matter of minutes and they do not require re-connections, the forward rules are "hot swapped". However, your description hints at an undue delay, we will investigate. In order to speed up the change, if a similar problem re-surfaces, please disconnect and re-connect your system to the VPN server(s). Provided that your forwarded port(s) are enabled for all the "devices" of your account, that the forward rules are applied for all the various VPN interfaces, and that you know which exit-IP address your service is reachable on, the multi VPN configuration is not a problem. If you find that port forwarding works with a "single VPN" configuration, but stops working with a multi-VPN setup, you need to check the above again. No, this is not a cause for concern. Just keep in mind that without VPN DNS you can't use the AirVPN DNS based blocking system and the geo-routing system. Kind regards

Hello! Very glad to know it. Eddie 2.23 and older versions "Automatic" mode is OpenVPN in UDP, always. Eddie 2.24 and newer versions select what the manifest tells (currently WireGuard). WireGuard offers higher performance and efficiency, and a few privacy issues which are mitigated in our system. Please see here for an overview: https://airvpn.org/faq/wireguard/ Kind regards

wireguard is UDP only i believe so the auto is just choosing UDP

Hello! On top of the previous message we have checked your account and please note that you forwarded only one UDP port. Please check: if your listening program expects TCP packets (too) you must forward accordingly. If necessary you can change the listening protocol from your remote inbound port panel. The Protocol combo box, which is available on each port, can be set back to TCP+UDP (default setting) anytime. Kind regards

The caution is warranted – as stated, point 4 is strange. But it's like that in any part of the world. The service offerings should be scrutinized based on promises of free services, not because it's got a Russian handwriting on it. That was my entire point.

Correlation != Causation. What if the service was set up by a desperate party because Russia banned VPN usage? Don't you think it makes sense? If you are a Russian in Russia and you cannot pay for the VPN services around the world because of sanctions (those services would give you a less restricted internet, after all), wouldn't you try to find a service which accepts whatever payment processors are available to you? Exactly – learn Russian or ask someone like me to translate for you. Don't go through the world, fingers pointing in crude directions, and voicing mere suspicions. No, it doesn't. Yandex is what Google is to US, or Tencent to China – a provider of various internet services tailored to a specific ethnic group's market. Yandex has got its own networks, which includes targeted advertising and analytics. Why shouldn't Yandex be allowed to offer their services to Russian diasporas across the world? Betteridge's law of headlines states that "any headline that ends in a question mark can be answered by the word no".

How do points 1, 2, 3 and 5 lead to such a conclusion? Just because it's Russian doesn't mean it's bad. Not everything from Russia is somehow connected to Russian politics; please take care to keep these matters separate. Only point 4 is a bit strange, but it'd be strange if it were an EU or US service, too. Let's not use the word "honeypot" here prematurely before any real analysis. Otherwise it's just FUD.

I've said it, I'll repeat it, even if Fred is right: "Most people don't want to hear the truth because they don't want their illusions destroyed" - Friedrich Nietzsche Regardless of what Proton or any Swiss service claims, Swiss law OBLIGES any "telecommunication company" to intercept and keep "ANY DATA" in "UNENCRYPTED FORMAT" which transits in or out of its country borders, for "AT LEAST 6 MONTHS" for the event law enforcement "ASKS". The asking part is without need for a court order or investigation warrant. The unencrypted part is where the telecommunications company becomes liable for any alleged wrongdoing which they can not provide the information unencrypted of. You can blame Swiss based services to not clearly advertise this. You can't blame them for complying, it is their arse or the wrongdoers... The pressure point is who "stores" the data. For example VPN keys at for example Proton, anyone? Since it can be asking without warrant or court order, it does not oblige law enforcement to do anything with it … They can let you stink for years, and when it matters to the Swiss use that as a pressure point to obtain something else they suddenly may want from you. Classic Swiss. Now it is particular: any connection going through the border. So if you are in Switzerland and your connection and data stays in Switzerland, well, the obligation does not exist. (as if a company will bear the cost burden to differentiate …) No, its just the Swiss don't like their secrecy shit kept, because if so and if ever used in court the public prosecutor has to order the destruction and inadmissibility of the evidence and it becomes an awkward display. Imagine if someone took it to ECHR, the only leg would be national security, no longer national interest or catching bad guys. AVPN (may) does not log connections, and (may) does have a good contract with their Swiss data center. Reality is the Swiss data center has to log anything which crosses the border for the Stasi . You're only a little safer if the keys can not be found in Schwein-e-land. Not saying the other countries are better, but Swiss services (dare I misbehave and suggest crooks?) like Proton, crap away from them as far as you can. If you like the Swiss funny concept of privacy and security, pay attention to certificates of web sites like Zoho being "safe" and "private" because hosted and served from Sierre for example There is no such thing as privacy online, only making life a bit more difficult to those who wish to know the colour of your underpants, when you last did your laundry, and what detergent you used...

Yeah, same experience here. I keep going back to Eddie when new releases come around or the mood takes me and I tried it again a few days ago. Using Wireguard I got the same drop outs but with Openvpn it is still connected after three days now on both an S9 tablet and an S22 mobile, both Android 14. After figuring out a tasker profile to monitor Eddie's notification entry, which just altered a widget on screen, I then thought I'd try ways of restarting it if it dissapeard. Using Autoinput was my first thought but that is messy and not a reliable option in this instance. So I thought of intents which I have messed with but only by copying what others had done; never come up with my own stuff. I found out you can generate a package manifest using Android Studio which contains some or all of the intents the package listens for so am going to try that and see what it comes up with and then try some things. I'll post with updates if there are any!

You cannot remove it from the Top Users screen without removing them everywhere else as well. I believe the same class is used because the displaying of date/time strings across all of IPBoard is affected by the user's settings, changeable in the Preferences.

I have the same issue, and I hope there's a solution besides disconnecting from the VPN server or resorting to Tor just to peruse a few Reddit comments. It seems every day more and more restrictions / blocks are being applied to AirVPN IP ranges, probably other VPN providers as well. The number of websites I encounter being blocked by Cloudflare, Sucuri, or GoDaddy increases by the day. It's getting ridiculous.

This is the very first time this was reported across the forums, so I must express some confusion after your threats. Please try a clean profile first to see if that behavior is config-driven. It's found in %APPDATA%\Eddie\default.profile on Windows and ~/.config/eddie/default.profile on Linux. Rename this to something.else and launch Eddie, then see if the problem persists.

Yes that is what I assumed. The UDM demands you put a username and password in along with the ovpn file. Turns out you can put any old nonsense in for both and will connect without an issue

Not only TikTok. For example the Bitcoin network can not be controlled so a transaction from an American citizen could potentially go to a citizen of a country that's "a menace" for the USA (definition of enemy and menace is discretionary, the used language seems fine tuned to allow scope enlargement at will without judiciary supervision). Since that's not controllable, we find it potentially possible that operators might be required to block "the Bitcoin network". What's worse, according to a preliminary interpretation of the text, if in some way (difficult but personal and house search, pre-selected through the usual monitoring performed by USA ISPs, can help...) it can be proved that a USA citizen has used some tool like Tor or VPN to access any of the blocked network / services etc., that citizen will be prosecuted: civil liability up to a million of dollars, and criminal behavior subjected to up to 20 years in jail - which, if we're not mistaken, is worse than in China, Russia, and various countries controlled by human rights hostile regimes. Kind regards