Leaderboard

Hello! We're very glad to inform you that two new 10 Gbit/s full duplex servers located in Chicago (IL), USA, are available: Meridiana and Sadalsuud. The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard.  Meridiana and Sadalsuud support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor : https://airvpn.org/servers/Meridiana https://airvpn.org/servers/Sadalsuud Do not hesitate to contact us for any information or issue. Kind regards & datalove AirVPN Staff

Hello! We're very glad to inform you that two new 10 Gbit/s full duplex servers located in New York City, USA, are available: Sadalmelik and Unurgunite. The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard.  Sadalmelik and Unurgunite support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor : https://airvpn.org/servers/Sadalmelik https://airvpn.org/servers/Unurgunite Do not hesitate to contact us for any information or issue. Kind regards & datalove AirVPN Staff

Hello! Today we're starting AirVPN 15th Birthday celebrations with big discounts on longer term plans. From a two servers service located in a single country providing a handful of Mbit/s, the baby has grown up to a wide infrastructure in 23 countries on four continents! AirVPN is now one of the few major consumer VPNs that is still independent. In other words, it is not owned by large corporations with diverse interests that interfere through editorial publications or conflict with privacy protection. Since our 14th birthday celebration, our customer base has grown impressively, and we would like to thank all the old and new customers who chose or confirmed AirVPN. AirVPN has focused on comprehensive enhancements, including: line and server expansion to accommodate the outstanding customer growth. The infrastructure can now deliver up to 970,000 Mbit/s. Compared to the 694,000 Mbit/s available in May 2024, this is a 39.7% increase in a single year yet another thorough rewrite of remote inbound port forwarding logic to offer greater convenience and true scalability. The new implementation was designed to meet the growing demand for remote inbound port forwarding the unlimited traffic quota for every and each customer subscription plan has never been modified On the software side: all AirVPN applications and libraries are free and open source software released under GPLv3 new, greatly improved Eddie Desktop and Eddie Android editions Eddie Android edition implements a new community request: an opt-in GPS spoofing feature integrated with the infrastructure in order to provide coordinates consistent with the location of the VPN server the device is connected to Eddie Desktop edition new version included several bug fixes and the new CLI edition is built on .NET7. Thus, it no longer needs Mono (Linux, macOS) and is built without Xamarin (macOS) the development of traffic splitting features on an application basis, already available in AirVPN Eddie Android and Android TV edition, and implemented on the AirVPN Suite for Linux last year, has been improved together with the new Suite features during the year long internal and community tests the OpenVPN3-AirVPN library is actively maintained as usual. If you're already our customer and you wish to extend your stay, any additional subscription will be added to your existing subscriptions and you won't lose any days. Check the promotional prices here: https://airvpn.org/buy Promotion will end on June the 12th, 2025 (UTC). Kind regards and datalove AirVPN Staff 

Hello! We're very glad to inform you that a new 10 Gbit/s full duplex server located in Denver (CO), USA, is available: Torcular. The AirVPN client will show automatically the new server; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. Torcular supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor . Do not hesitate to contact us for any information or issue. Kind regards & datalove AirVPN Staff

I opened a ticket back in January, 2025 about Chicago's problems. The response was: "Expansions in the USA are on the table and management can act in the near future."

Just curious if there are any upcoming server upgrades or additions planned for the Chicago area. It would be great to have at least one multi-gig server there, considering how utilized or nearly maxed out the existing servers are.

Yes, more servers in Chicago are very much needed.

Hello! It must be a bug in the Configuration Generator: only Marsic and Telescopium should be shown when "2.6 DCO" is selected. We are going to investigate. Thank you for the head up. Kind regards

Happy Birthday. New member here, really liking the service.

well was a really good run, GOD bless you all 🎁

Happy Birthday!!!

I do not get good speeds with Toronto / Montreal servers. I do not get good speeds even with Wurren (10G server in Toronto). Are there any plans to have new 10 G servers like we just got for NY?

now we just need more servers in the canadian/ontario region please!

@8R27ZREEY9HFCJIO5W3E Hello! You should provide more information to allow the community to help you, starting from your Operating System name and version, the software you run to connect to the VPN servers, the log of this software while the problem is taking place. Also remember that you can get dedicated assistance from AirVPN support team by opening a ticket (click "Contact us" while you're logged in to the web site). Kind regards

This is an updated version of this guide. I hope it gets moved soon to the guides section. This guide should be complete now, but please note that the IPv6 port forwarding might not be 100% complete. Any advice is appreciated. Disclaimer In general, DO NOT TRUST ME! I'm not a security expert. I do not know what I'm doing here! This guide is based on: OPNsense 24.7.12_4-amd64 FreeBSD 14.1-RELEASE-p6 OpenSSL 3.0.15 Update: 2025-03-27: I updated to the latest version and this Guide is still correct OPNsense 25.1.4_1-amd64 FreeBSD 14.2-RELEASE-p1 OpenSSL 3.0.16 It should work in previous and future versions of OPNsense, but I can't guarantee it This guide is based on the official Instructions but required modification: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html it is also based on this guide. It's however not 100% correct, so I adjusted base on the official OPNsense guide and included the IPv6 setup. This is why I started a new guide instead of altering my previous one, inspired by the original Sj0r guide. 1. Preparation (not required if you access the firewall from LAN) Some advice here… Opening the WAN interface to allow administration is not good! I am doing this because the firewall sits in my private LAN, and I'm not doing any port forwarding on my main router ! If your firewall is connected directly to the internet, do not do this! Again, in general, DO NOT TRUST ME! I'm not a security expert. I do not know what I'm doing here! Now that you know it… 1.1 Deselect “Block private networks” and “Block bogon networks” in Interfaces → WAN. After doing so: hit save and “Apply changes”. 1.2 Select "Disable reply-to" in Firewall → Settings → Advanced. Hit save at the end. 1.3 Add incoming WAN rule to allow administration. Go to Firewall → Rules → WAN Add a TCP rule from "WAN net" to "This Firewall" on HTTPs. 2. Information gathering. We'll grab some info that we need to configure the WireGuard Tunnel. 2.1 Login to the AirVPN Website. 2.2 Got to VPN Devices. 2.3 Add a new device. 2.4 Go to Config Generator. 2.5 In "Choose your OS" select "router". 2.6 In "Choose protocols" select "WireGuard. 2.7 In "Choose your device/connection" Select the device you have created in 2.3 2.8 Select your country under "By Countries". I selected Germany this time. 2.9 Scroll way down and download your config. This is an example of a WireGuard config: (the keys and IP are random and will not work, use your own) [Interface] Address = 10.10.10.10/32 PrivateKey = X72xgdx23XDomnSXmcy#S4Jc#9Y5G*vU$wg^n499yn6 MTU = 1320 DNS = 10.128.0.1 [Peer] PublicKey = VTSQ77Uk4^&RY4h%S$#9h8PR2T&xyya&yPTtk6oD^m$ PresharedKey = b7&&7bntmCS5q%&4J*mSKBAUvV4XEqHerwscvbappXQ Endpoint = nl3.vpn.airdns.org:1637 AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 15 3. Setup IPv6 base configuration on your LAN. We need to ensure that IPv6 communication is working on your LAN interface before we establish the VPN tunnel. Please note that I do not have an IPv6 address configured on my WAN interface to be distributed to LAN for security. Instead, I use a ULA address on the LAN. For those who do not know what ULA addresses are, these are the IPv6 equivalent to IPv4 private addresses like 10.x or 192.168.x. They are only routable on the LAN, and you will not be able to use them to reach an IPv6 destination on the internet. 3.1 WAN 3.1.1 Go to Interfaces → WAN The WAN interface looks like this: 3.2 LAN 3.2.1 Go to Interfaces → LAN The LAN interface looks like this in the upper section: Now we set up the IPv6 Configuration. 3.2.2 generate yourself a ULA address using this site: https://unique-local-ipv6.com/ 3.2.3 Enter the IPv6 network you have generated into the “IPv6 address” field and add “::1” at the end. Hit Save. 3.3 LAN DHCP IPv6 3.3.1 Go to Services → ISC DHCPv6 → LAN 3.3.2 In the Range section under from add your IPv6 network address from 3.2.2 and add a “::1000” to the end. In the to section, add your IPv6 network address again and this time add a “::2000” to the end. Hit Save at the bottom of the page. 3.4 Router advertisement 3.4.1 Go to Services → Router Advertisement → LAN 3.4.2 Set Router Advertisements to Managed Hit Save at the bottom of the page. 3.5 Test IPv6 configuration Now you should test if you can ping the OPNsense firewall IPv6 address from the LAN. 3.5.1 Connect a client to the LAN 3.5.2 On Linux or Windows, open a terminal and type ping -6 and the IPv6 from 3.2.1 ending with ::1 like “ping -6 fd2d:7173:d519::1”. This needs to be successful! If this is not successful, fix it! Only continue once this is successful!!! 4. WireGuard configuration. In the current Version of OPNsense you do not need to install the WireGuard plugin, this is already installed. 4.1 Peer configuration 4.1.1 in OPNsense go to VPN → WireGuard → Peers. 4.1.2 Create a peer with the following information: 4.1.3 Name: wg_airvpn_<country code>. Mine is called WG-AirVPN-DE 4.1.4 Public key: <PublicKey under heading [Peer] of your generated WG Config> 4.1.5 Pre-shared key <presharedKey under heading [Peer] of your generated WG Config> 4.1.6 Allowed IP's: 0.0.0.0/0 and ::/0 for IPv6 support 4.1.7 Endpoint Address: <Endpoint under heading [Peer] of your generated WG Config> 4.1.8 Endpoint port: 1637 (default port) 4.1.9 Keepalive interval: 15 (default interval) 4.2 Instance configuration 4.2.1 In OPNsense go to VPN → Wireguard → Settings → Instances 4.2.2 Create an instance with the following information: 4.2.3 Enable Advanced Mode. (upper left corner) 4.2.4 Name: <Endpoint Name i.e. WG-Inst-AirVPN-DE> 4.2.5 Private Key: <PrivateKey under heading [Interface] of your generated WG Config> 4.2.6 MTU: 1320 4.2.7 DNS servers <DNS Servers of your generated WG Config> 4.2.8 Tunnel Address: <Address including /32 under harding [Interface] of your generated WG Config> Please review the screenshot below. For IPv6 add the given address and instead of /128 chose /64 to reach the gateway for gateway monitoring. 4.2.9 Peers: <select peer that you created with step 4.1> 4.2.10 Disable routes: Enabled. 4.2.11 Gateway: 10.128.0.1 Hit Save 4.3 Enable WireGuard configuration Go to VPN → WireGuard → Instance and click on "Enable WireGuard" 4.4 Assign WireGuard Interface 4.4.1 in OPNsense go to Interfaces → Assignments 4.4.2 You'll find a “wg0(WireGuard - WG-Inst-AirVPN-DE)” (or similar) interface. 4.4.3 Type a Description, I've picked “[IntAirVPNDE]” and click Add. 4.5 Enable the Interface 4.5.1 Interfaces → Assignments → [IntAirVPNDE] 4.5.2 Enable: Enable the Interface. No further configuration required. Ensure the “Block private networks” and “Block bogon networks” options are not selected, as shown below. 4.6 Create a gateway - IPv4 4.6.1 In OPNsense go to System → Gateways → Configuration 4.6.2 Add a Gateway with the following information: 4.6.3 Name: GW-AirVPN-DE-v4 4.6.4 Interface: Select IntAirVPNDE as created in step 4.4 4.6.5 Address Family: IPv4 4.6.6 IP address: 10.128.0.1 4.6.7 Far Gateway: Enabled 4.6.8 Disable Gateway Monitoring: Disabled. 4.6.9 Monitor IP: 10.128.0.1 4.7 Create a gateway - IPv6 4.7.1 In OPNsense go to System → Gateways → Configuration 4.7.2 Add a Gateway with the following information: 4.7.3 Name: GW-AirVPN-DE-v6 4.7.4 Interface: Select IntAirVPNDE as created in step 4.4 4.7.5 Address Family: IPv6 4.7.6 IP address: fd7d:76ee:e68f:a993::1 (use the IPv6 DNS server from the WG Config) 4.7.7 Far Gateway: Enabled 4.7.8 Disable Gateway Monitoring: Disabled. 4.7.9 Monitor IP: fd7d:76ee:e68f:a993::1 (same as 4.7.6) 5. Alias Create at least one alias for the DNS configuration to prevent DNS leaks. You might want to create a separated alias for clients you want to run through the VPN, but as I do not need this, I skip it. The idea of how to set this up is similar. Please note for DNS leaks, there are multiple ways to prevent DNS leaks. I tested mine using ipleak.net and dnsleaktest.com. There is also a complete section about dealing with DNS leaks in the OPNSense guide. 5.1 Alias setup 5.1.1 Create the DNS alias. Firewall → Aliases 5.1.2 Click add 5.1.3 Enable: selected 5.1.4 Name: VPN_DNS_Server 5.1.5 Type: Host(s) 5.1.6 Content: 10.4.0.1, 10.128.0.1, 10.5.0.1, 10.7.0.1, fd7d:76ee:e68f:a993::1 5.2 Forward all DNS queries to the VPN DNS servers This might collide if you got clients on your LAN which should not go through the VPN, so this might need adjustments then. 5.2.1 Go to Firewall → NAT → Port Forward and click "+" to add a new rule. 5.2.2 Interface: LAN 5.2.3 TCP/IP Version: IPv4+IPv6 5.2.4 Protocol: TCP/UPD 5.2.5 Source: LAN net 5.2.6 Destination: Any 5.2.7 Destination port range: from: DNS to: DNS 5.2.8 Redirect target IP: VPN_DNS_Server (the Alias created in 5.1) 5.2.9 Redirect target port: DNS 5.2.10 Description: Redirect DNS requests from LAN to VPN DNS servers 5.2.11 NAT reflection: Disabled 5.2.12 Filter rule association: None 6. Outbound NAT 6.1 Switch to hybrid rules 6.1.1 Go to Firewall → NAT → Outbound 6.1.2 Select "Hybrid outbound NAT rule generation" 6.1.3 Click Save then apply the change 6.2 Add IPv4 outbound rule 6.2.1 Click the "+" to add a new rule 6.2.2 Interface: IntAirVPNDE (the interface created in 4.4) 6.2.3 TCP/IP Version: IPv4 6.2.4 Protocol: Any 6.2.5 Source address: LAN net 6.2.6 Source port: Any 6.2.7 Destination address: Any 6.2.8 Destination port: Any 6.2.9 Translation / target: Interface address 6.2.10 Pool Options: Default 6.2.11 Description: LAN to AirVPN-DE IPv4 6.3 Add IPv6 outbound rule 6.3.1 Click the "+" to add a new rule 6.3.2 Interface: IntAirVPNDE (the interface created in 4.4) 6.3.3 TCP/IP Version: IPv6 6.3.4 Protocol: Any 6.3.5 Source address: LAN net 6.3.6 Source port: Any 6.3.7 Destination address: Any 6.3.8 Destination port: Any 6.3.9 Translation / target: Interface address 6.3.10 Pool Options: Default 6.3.11 Description: LAN to AirVPN-DE IPv6 7. LAN to VPN firewall rule With this rule, we point all LAN clients through the VPN. 7.1 IPv4 LAN to VPN rule 7.1.1 Go to Firewall → Rules → LAN and click on the "+" to add a new rule 7.1.2 Action: Pass 7.1.3 Quick: Apply the action immediately on match. (make sure it's enabled, as shown in the screenshot) 7.1.4 Interface: LAN 7.1.5 Direction: In 7.1.6 TCP/IP Version: IPv4 7.1.7 Protocol: Any 7.1.8 Source: LAN net 7.1.9 Destination: Any 7.1.10 Description: LAN to VPN IPv4 7.1.11 Gateway: GW-AirVPNDE-v4 - 10.128.0.1 (Created in 4.6) 7.2 IPv6 LAN to VPN rule 7.2.1 Go to Firewall → Rules → LAN and click on the "+" to add a new rule 7.2.2 Action: Pass 7.2.3 Quick: Apply the action immediately on match. (make sure it's enabled, as shown in the screenshot) 7.2.4 Interface: LAN 7.2.5 Direction: In 7.2.6 TCP/IP Version: IPv6 7.2.7 Protocol: Any 7.2.8 Source: LAN net 7.2.9 Destination: Any 7.2.10 Description: LAN to VPN IPv6 7.2.11 Gateway: GW-AirVPNDE-v6 - fd7d:76ee:e68f:a993::1 (Created in 4.7) 7.3 Block all other traffic rule This ensures that all other traffic is blocked. It's not really needed but gives me a better feeling. It will collide if you got clients on your LAN which do not run through the VPN. 7.3.1 Go to Firewall → Rules → LAN and click on the “+” to add a new rule 7.3.2 Action: Block 7.3.3 Quick: Apply the action immediately on match. (make sure it's enabled, as shown in the screenshot) 7.3.4 Interface: LAN 7.3.5 Direction: In 7.3.6 TCP/IP Version: IPv4 + IPv6 7.3.7 Protocol: Any 7.3.8 Source: LAN net 7.3.9 Destination: Any 7.3.10 Description: Block all other traffic LAN to VPN IPv6 7.3.11 Gateway: default Make sure these new rules are on top of the LAN firewall rules. If they are not, traffic might go through other rules and not through the VPN. 8. Port Forwarding for applications like BitTorrent If you want to make one or more clients reachable from the internet, like you need to do when you are doing file-sharing, follow the below to make it work for Pv4 and IPv6. Please note that this is confirmed to working with IPv4, but I'm not 100% sure how to make this fully work with IPv6. You can use an IPv6 port testing tool to confirm that the port is indeed open, but not many IPv6 clients really manage to connect to me. There must be something else I'm missing here. Please help me to get this right so we can complete this guide. So far, this functionality is limited. Ensure that you got the Port Forwarding properly configured in the AirVPN Member section. You need a port from the :1 pool and this port needs to be forwarded to the device configured in 2.3 8.1 Setup IPv4 Firewall rule for incoming connections 8.1.1 Go to Firewall → Rules → IntAirVPNDE 8.1.2 Action: Pass 8.1.3 Quick: Apply the action immediately on match. (make sure it's enabled, as shown in the screenshot) 8.1.4 Interface: IntAirVPNDE 8.1.5 Direction: In 8.1.6 TCP/IP Version: IPv4 8.1.7 Protocol: TCP/UDP 8.1.8 Destination: *the IPv4 address of your client*/32 8.1.9 Destination port range: *your port* 8.1.10 Description: YourRule IPv4 8.1.11 Advanced features: Enabled 8.1.12 reply-to: GW-AirVPN-DE-v4 10.128.0.1 8.2 Setup IPv6 Firewall rule for incoming connections This is equal to the 8.1 setup. Differences are marked bold: 8.2.1 Go to Firewall → Rules → IntAirVPNDE 8.2.2 Action: Pass 8.2.3 Quick: Apply the action immediately on match. (make sure it's enabled, as shown in the screenshot) 8.2.4 Interface: IntAirVPNDE 8.2.5 Direction: In 8.2.6 TCP/IP Version: IPv6 8.2.7 Protocol: TCP/UDP 8.2.8 Destination: *the IPv6 address of your client*/128 8.2.9 Destination port range: *your port* 8.2.10 Description: YourRule IPv6 8.2.11 Advanced features: Enabled 8.2.12 reply-to: GW-AirVPN-DE-v6 fd7d:76ee:e68f:a993::1 8.3 Port Forwarding IPv4 8.3.1 Go to Firewall → NAT → Port Forward, click “*” to create a new rule 8.3.2 Interface: IntAirVPNDE 8.3.3 TCP/IP Version: IPv4 8.3.4 Protocol: TCP/UDP 8.3.5 Destination: This Firewall 8.3.6 Destination port range: The port range from 8.1.9 and the Member section 8.3.7 Redirect target IP: Same as 8.1.8 8.3.8 Redirect target port: same as 8.3.6 8.3.9 Description: YourPortForward 8.3.10 NAT reflection: Disabled 8.3.11 Filter rule association: None 8.4 Port Forwarding IPv6 same as 8.3 just with the IPv6 adjustments 8.4.1 Go to Firewall → NAT → Port Forward, click “*” to create a new rule 8.4.2 Interface: IntAirVPNDE 8.4.3 TCP/IP Version: IPv6 8.4.4 Protocol: TCP/UDP 8.4.5 Destination: This Firewall 8.4.6 Destination port range: The port range from 8.2.9 and the Member section 8.4.7 Redirect target IP: Same as 8.2.8 8.4.8 Redirect target port: same as 8.4.6 8.4.9 Description: YourPortForward 8.4.10 NAT reflection: Disabled 8.4.11 Filter rule association: None That should be it. Please tell me if you got any issue.

Hello! Thanks for the report. This (the switch Enable/Disable/Enable) should not be necessary, so the problem was unexpected and deserves an investigation, thank you again. Kind regards

Hello! Yes, as you might have already noticed:Kind regards

wow there's a lot of NY bandwidth now. very nice.

@Staff Thank you for the quick answer! I tried to mess around with this but, in all honesty, I'm not that computer-savvy, and I have no idea what I'm doing. I‌ extracted the .tar file and ran install.sh as root, "yes" to everything, it said "Done", and that's that. You've done great work and it looks like it works for everyone else. My only feedback is to have a GUI like with Eddie, for people like me Thanks for the answer, Suite, and everything else.

Hello! OK sorry, we misunderstood the question then. No, it will not work. We'll update this thread when possible. Kind regards

The FAQ at https://airvpn.org/faq/servers_ip/ says that dns1.airvpn.org is the authoritative DNS server. I've been querying this DNS server for a few years now using the dig command shown in the FAQ. Since my ISP uses 464xlat, I'm now planning to switch to an ipv6 only network at home. I noticed that dns1.airvpn.org itself does not have an AAAA record and would not be available over ipv6. Is this something you can fix, or is there a different domain name that has the AAAA record pointing to your authoritative DNS server?

Hello! The unlimited traffic has nothing to do with slowing or not slowing down servers. The bandwidth allocation per connection slot as well as the amount of simultaneous connections inside the tunnel originated by each slot are crucial factors in this case and both those variables have been addressed in AirVPN ever since a decade ago. There's no need to limit the traffic in a given time frame for the purpose you mention; in fact, it would be ineffective. Kind regards

Hello! Passepartout can be run to connect to AirVPN servers by importing a WireGuard or OpenVPN profile generated by AirVPN's Configuration Generator. Kind regards

You need to use only junk packets settings, don't use handshake modifiers

Hi, since other VPN providers offers clients for windows with app based split tunneling... Is there some windows client app i can use with AirVPN where i can setup app-based split tunneling? please don't link me to the guide in the forum for split tunneling, i want to put all through the tunnel except some apps (and these apps should be excluded from the tunnel) best regards, Thomas

Hello! Starting from version 2.3, firewalld by default owns exclusively nftables tables generated by itself, thus preventing Eddie, Bluetit and Hummingbird Network Lock related operations. If you want to have Network Lock enabled and firewalld running at the same time, then you must configure firewalld by setting the following option: NftablesTableOwner=no in firewalld's configuration file, usually /etc/firewalld/firewalld.conf . After you have edited the configuration file with any text editor with root privileges, reload firewalld configuration or restart firewalld, and only then (re)start Bluetit, Hummingbird or Eddie. Additional insights: https://discussion.fedoraproject.org/t/firewalld-add-flags-owner-persist-in-fedora-42/148835 https://forums.rockylinux.org/t/rocky-9-5-breaks-netfilter/16551 Kind regards

WireSock has worked fine for me

AirVPN use has gone up so much over the last year or so that I think they're struggling to keep up with demand.

Ho Canada... Severs are pretty much sutured all day long, worst during weekends.

I'm using the portable Linux version on Debian 12. I spent about an hour fighting with Eddie today trying to upgrade to the latest version. It turned out that it wasn't connecting to a server because it was defaulting to WireGuard whereas the old version I was using defaulted to OpenVPN. I had to dig in to the configurations to find that there is a command-line option '--mode.type="openvpn"' . This should be an obvious GUI option to avoid users the headache. Also, I'm not sure why WireGuard isn't working, but I don't see it bundled in the portable zip, that could be the reason?

There are a ton of Ontario servers, what are you takling about?

That's exactly the issue I'm having, and I don't know why that happens (or rather, why nothing is happening). If OpenVPN is to be believed, tun on server and dco on client is possible (and vice versa). In any case, ovpn-dco is apparently mature enough to be included in net-next, so it's queued for kernel 6.16.

I noticed recently that there are 8 servers that now appear to support DCO. That is, in the config generator they appear when openvpn 2.6 is selected. However, when I tried connecting to one in the same way I connect successfully to Marsic no traffic flowed through the tunnel. Are those servers appearing in the DCO list in error or is DCO intended to work for those servers? Thanks. edit: looked again and now there are 12 servers that appear with openvpn 2.6 selected

Very nice to have another option for the interior US. Thank you!

How am I supposed to edit this? If I uncheck "Automatic" all I can seem to be able to do is to highlight individual rows, but there aren't any other options. Drag, Right click, middle click, double click, del button don't do anything.

Hello! AirVPN Suite 2.0.0 beta 5 implements the required features: https://airvpn.org/forums/topic/66706-linux-airvpn-suite-200-preview-available/?do=findComment&comment=247401 Kind regards

Hello! A very important update which improves the system dramatically has been finalized. Now you don't have to worry anymore about pools and p2p programs. Find the new features in the original message. The paragraphs that do not apply anymore appear with strike through characters. The new system is simpler, fully scalable and with zero impact on current and future users. Enjoy AirVPN! Kind regards & datalove AirVPN Staff

Could you please elaborate on this, perhaps give an example with a fake string ip for your http example, because what you wrote as example is kind've confusing as to what I am supposed to write into the custom server access url. Also is that all you did? Create the port, manually specify the port in the plex "remote access" page, and then add what url in the network settings? I have the same question for you, could you please tell me exactly what you did to get it working? I've changed the local port to what plex is expecting (32400), but then how did you configure it in plex to connect correctly? For some reason the private ip address in plex becomes [Real IPV6 Address]:32400, but the public ip does become [VPN IPV4 address]:[VPN Generated Port]. I also noticed that the public exit IP in the AirVPN eddie desktop app is different (very slightly) compared to what is shown on the "test connection" screen after clicking said button on the forwarded ports page Is the private ip supposed to be: [real ip address: 32400] and the public being [VPN address: VPN Port]? Honestly if anybody could just give me a step-by-step of what they do (from activating VPN connection, to starting Plex server, to connecting to port), I'm still so lost, but I am glad others are finding solutions on this topic.

Hi @OpenSourcerer, no, I`m not Sj0rs. If you scroll a bit down in his guide you wil lsee I "enhanced" his guide with Pictures, mentioning that this is based on his guide. As you can see his Guide does not have any IPv6 setup and as this was requested I thought it would be good to include it. While testing on my own how to acceive it, I found several "misconfiguratins" in his guide. Therefore I thought it might be good to create a complete new one. And to be boldly honest, yes the old guide should be marked as "deprecated" once I got the time to finish this guide. (Hope to do this today). Same as, if someone writes another guide adding value to the config can superseed my guide. Sj0rs has not ever replyed in his own guide, so I think he won`t even care what happes with his guide. He didn`t even bother to add pictures when asked nicely in the forum. If you feel it`s rude from me putting up a guide, let me know I can spend my time with other things then. My Setup is like 99% working so no need for me to post this here, I just wanted to give something back to the community as some of the guidance I`ve found in this forum.

Hello I am experiencing the same issue as in this post starting approximately 1 hour ago. https://airvpn.org/forums/topic/49412-fetch-url-errorssl-peer-certificate-or-ssh-remote-key-was-not-ok/ I am on Eddie 2.24.5 (I think this was a beta version, to fix some other issue). The fix as mentioned by rosewellzz in the thread above worked for me. > Getting the same issue, only way I got it to work was to [DNS Panel] unitick "Check AirVPN DNS" ; untick "Ensure DNS Lock" on the [Advanced Panel] untick "Check if the tunnel works". As an aside my system crashed and could be related to that although my troubleshooting as of current was unsuccessful and my system is working normally in all other regards, and to access the internet and make this post connected to AirVPN with the above workaround. Thanks

on Mac 3.2 GHz 6-Core Intel Core i7, MacOs Sequoia Version 15.3 the hang over the speed and conecction time report on the main window is still there, occurred after 26:07:13 hrs of service, as before VPN is still up an running. Seem an hard bug to be fixed... the only way to fix it is to to restart the Mac.

Hi, I would like to set up split-tunneling by using the "routes" tab within the Eddie client (Windows). I want all traffic to be sent outside of the tunnel, except for my torrent client qBittorrent like it is described in this forum post. Unfortunately, the comment by the staff member did not include an explanation with steps how to do this exactly. I want to be sure that I am doing it correctly, so just guessing or trial and error is not an option, as I am worried about exposing my IP address if I do not set it up correctly. I was not able to find an explanation for this as all the other forum posts that I found only explained how to do it with using external software and not the Eddie client. My knowledge about networking is somewhat limited. So how exactly do I either exclude all traffic except from the tunnel except for the one specified? And how do I know which IP addresses I need to include for qBittorrent? are there multiple or just one? If someone knows how to see which one(s) it is in the "execution log" within qBittorrent please let me know. Adding these details in case they make a difference: I have port forwarding set up and use wireguard as a protocol and I have the Web-UI enabled to use with Prowlarr. I don't know if I am using IPv4 and/or IPv6.

Upgraded from the previous stable version and unfortunately, this release is a huge step backwards. UI performance is simply horrendous (Arch-based EndeavourOS with Plasma 6.2.5 running under X11) There are: - lags and delays when highlighting or clicking various UI elements (tabs or buttons) - delays, glitches, and stuttering when scrolling through the server list - degraded pinger showing inaccurate results (100-200-something ms for locations which usually give me 20-30ms; thankfully, the actual VPN connection performs as expected) - glitches when minimizing and maximizing app (transparent window for a sec or so) - broken formatting on Overview page (public exit IP) All in all, during my 4+ years with Air, sadly this is the first time I'm seeing such an unpolished piece of software. S

Thank you so much for your touching words and stellar feedback. And for your commitment in so many years. However, were you really under the illusion that you could escape so easily? Kind regards

This guide will explain how to setup OpenVPN in a way such that only select programs will be able to use the VPN connection while all other life continues as usual. Please read this notice before applying the guide Advantages: fail-free "kill switch" functionality (actually better than 98% of VPNs out there) continue using another VPN as primary or don't reroute any other traffic at all nobody, not even peers on LAN, will be able to connect to your torrent client (the only way: through the VPN connection) - eliminating unintended leaks Disadvantage: the apps will still use your default DNS for hostname lookups (secure your DNS separately!) See two more drawings at the end. The guide is applicable to all VPN providers who don't restrict their users to use the OpenVPN client. The method however is universally applicable. It was made with examples from Windows, but with Linux/BSD you will only need little tweaking to do. Specifically, net_gateway placeholder may not available and that's all there is to it. Android clients are probably too limited for this task and lack options we need. - Since there'll be a lot of text, sections titled in (parantheses) are entirely optional to read. The other guide by NaDre is old (2013), hard to read and pursues a slightly different approach. A Staff member actually posted a good first comment there, that's what we're gonna do. (Preface) The BitTorrent as a network is entirely public. Through the decentralized technology called DHT, everyone in the world can find out what torrents you are presumably participating in (this does not apply to private trackers who disable DHT). Clearly this creates an unhealthy atmosphere for privacy of users, e.g. one could find out the OS distribution one is using for a more targetted attack etc. Sometimes the ISPs are outright hostile to peer-to-peer technologies due to the traffic and bandwidth these are consuming. Instead of upgrading dated infrastructure, they cripple their users instead. There are many reasons to use a VPN, that was but a limited selection. ("Split-tunneling") This has become somewhat a marketing term nowadays, but actually explains the nature of the traffic flow well. In this guide only the programs set to use the VPN connection will use it, nothing else. All your traffic goes past the VPN while torrent client traffic (or any other selected program) uses only the VPN connection. ("Kill switch") We'll literally nail it using software settings of your program (the torrent client). This is a marketing-loaded name. In short: if the VPN connection is not available, no traffic ought to be sent bypassing it. In most cases where you have a VPN redirect all your system traffic - you should not rely on it as a feature. The OpenVPN software on Windows is not 100% proof, based on empirical evidence (reconnects and startup/shutdown phases) and some other VPN providers do no better (based on comments and stories). The only bulletproof solution: the VPN tunnel is set up on an intermediary device your PC is connected to - your end device (the PC) has no chance whatsoever to bypass the tunnel in that case. If the VPN provider uses a firewall under the hood, that's good too but with this guide you will not need a firewall nor rely on the VPN software. ("Dual-hop") With the knowledge and methods from this guide you will be able to daisy-chain multiple VPN servers. In essence, your traffic passes PC->VPN1->VPN2->Destination. This was not intended for this guide nor with AirVPN, it's finicky and I wouldn't recommend it myself without a real need and skills to automate the setup and configuration. How it will work Many users (aka mostly idiots on Reddit) are running in circles like qBittorrent is the only client (or probably the only application in the universe, unconfirmed) that can be set to use a certain VPN. Here's the technicality: this is called 'binding' - you can 'bind to IP' which will force the app to use a specific IP address and nothing else. If it cannot use the IP (when VPN is disconnected) then it will not be able to do any networking at all. The OS will deny any communication with the internet: boom! Here's your praised 'kill switch' and 'split-tunneling', 2-in-1. This is the next best bulletproof solution (the only better alternative is to use an intermediary VPN device, as any software could choose a different interface now to communicate with the internet). In a broader sense, you want to 'bind to a network interface' - your client will use any available IPs from the VPN interface - making it ready for IPv4 and IPv6. Oh and you don't need to change the IP once the VPN connection changes to another server. The OS handles the rest. Examples of programs that can bind to user-defined addresses include: (Windows) ping, tracert (IPv6-only, WTF?), curl and wget, and many others, including your favorite torrent client You will find guides online how to do that in your client or just look in settings. (Linux-specific differences of the guide) If you are a Linux/*nix user, there're some minor changes to the quick guide below: * Create custom VPN interface: Create with ip tuntap command. The below line will create 5 interfaces "tun-air1" etc. for YOUR user. Specifying your user allows OpenVPN to drop root rights after connection and run under your user (security). AirVPN allows up to 5 connections. If you have no use for this, create only one. Note: User-owned tunnel interfaces allow to be used by your non-root $user account, but there're issues with running OpenVPN without elevated permissions as $user user="$(whoami)"; for i in {1..5}; do sudo ip tuntap add dev "tun-airvpn$i" mode tun user "$user" group "$user"; done Check their existance with ip -d a -- the interfaces will not be shown under /dev/tun* ALTERNATIVE: openvpn --mktap/--mktun. See manual with man openvpn * Select custom VPN interface: This config part differs from Windows, very confusing. Steps: 1. Replace "dev-node" in config with "dev" 2. Add "dev-type tun" or "tap". Example of config: # if you have these defined multiple times, last entries override previous entries dev tun-airvpn1 # previously dev-node dev-type tun # previously "dev tun" on Windows There're no more differences. In-depth explanation: If you try to use dev-node like for Windows, you will see: OpenVPN log: ERROR: Cannot open TUN/TAP dev /dev/tun-airvpn1: No such file or directory (errno=2) Example strace of error: openat(AT_FDCWD, "/dev/tun-airvpn1", O_RDWR) = -1 ENOENT (No such file or directory) OpenVPN cannot find the TUN/TAP with the name? No, on Linux/*nix/*BSD dev-node has a totally different meaning. Dev-node specifies where the control interface with the kernel is located. On Linux it's usually /dev/node/tun, for the "mknode" command. If OpenVPN can't detect it for some reason, then you'd need to use dev-node. Finally you can start OpenVPN from terminal: sudo openvpn --config 'path/to/config.ovpn' --user mysystemusername --group mysystemusergroup PS: There're issues when running OpenVPN under your current $user. I think the problem was that it couldn't remove added routes after a disconnect. Instead run OpenVPN as root (isn't a good advice but it's what works) Windows Quick Guide Go to the folder where you installed OpenVPN and its exe files: 'C:\Program Files\OpenVPN\' Open CMD inside the 'bin' folder: Hold Shift + Right Click the 'bin' folder -> 'Open Command Window here' We will use tapctl.exe to create a new VPN network interface solely for use with AirVPN (to look around: run "tapctl.exe" or "tapctl.exe help") C:\Program Files\OpenVPN\bin>tapctl create --name AirVPN-TAP {FDA13378-69B9-9000-8FFE-C52DEADBEEF0} C:\Program Files\OpenVPN\bin> A TAP interface is created by default. I have not played enough with Wireguard's TUN to recommend it. You can check it out, it will be under adapters in your Windows network settings Important: Configure your app/torrent client to use this 'AirVPN-TAP' interface. This is what ensures your traffic never leaks. It may appear under a different name, in such case find out which one it is in the output of 'ipconfig /all' (enter this into CMD) If your client does not allow to bind to a general interface but a specific IP (poor decision) then connect to the VPN first to find out the local IP within the VPN network. In this case with AirVPN you may only use one single server or you'll have to constantly change the IP in settings. Generate AirVPN configs where you connect to the server via IPv4! This is important Add these to the .ovpn config files (either under 'Advanced' on the config generator page or manually to each config file) # NOPULL START route-nopull # IF YOU DO NOT USE ANOTHER VPN THAT TAKES OVER ALL YOUR TRAFFIC, USE "net_gateway" (just copy-paste all of this) # net_gateway WILL BE AUTOMATICALLY DETERMINED AND WILL WORK IF YOU CONNECT THROUGH OTHER NETWORKS LIKE A PUBLIC WIFI # personally, due to a second VPN, I had to specify my router IP explicitly instead of net_gateway: 192.168.69.1 # "default"/"vpn_gateway"/"remote_host"/"net_gateway" are allowed placeholders for IPv4 route remote_host 255.255.255.255 net_gateway route 10.0.0.0 255.0.0.0 vpn_gateway route 0.0.0.0 0.0.0.0 default 666 route-ipv6 ::/0 default 666 dev-node AirVPN-TAP # END OF NOPULL Test if the configuration works. Full tests, don't leave it up to chance. In-depth explanation of the OpenVPN config route-nopull rejects any networking routes pushed to you by the server, we will write our own route remote_host 255.255.255.255 <router IP> we tell our system that, to reach remote_host (the AirVPN server IP), it must send traffic to <router IP>. The subnet mask 255.255.255.255 says that this only applies to this single IP set <router IP> to be net_gateway (only for Windows users, check availability on other platforms) <router IP> may be any of the OpenVPN placeholders too, for example "net_gateway" should work universally (you avoid hard-coding the router IP and if it ever changes: wondering years later why the config no longer works) <router IP> is "192.168.1.1" in my case, for my home router that connects me to the internet. route 10.0.0.0 255.0.0.0 vpn_gateway we tell our system that all 10.x.x.x traffic will be sent to the AirVPN server the internal VPN network with AirVPN is always on the 10.0.0.0 - 10.255.255.255 network range. The subnet mask reflects that. However this may interfere with other VPNs if you ever need to be connected to both at once. I will not go into detail on this. What you need to do is to be more specific with 10.x.x.x routes in this config, i.e. instead of /8 subnet, only route the specific /24 subnet of the current VPN server (AirVPN uses a /24 subnet for your connections on each VPN server -> 10.a.b.0 255.255.255.0) vpn_gateway is one of OpenVPN placeholders route 0.0.0.0 0.0.0.0 default 666 allow routing of ANY traffic via the VPN we set the metric to 666, metric defined as path cost (historically) so setting it to a high value will make sure no normal connection runs through it, unless specifically bound to the VPN IP. route-ipv6 ::/0 default 666 same for IPv6. How many can claim they have working VPN IPv6 setup? Welcome in the future. IPv6 is over 20 years old at this point anyhow. dev-node AirVPN-TAP (Windows-only) tell OpenVPN to ONLY use this network interface to create the VPN tunnel on. Nothing should interfere with our setup now That's all, folks! Note: Somehow on Windows my AirVPN connection receives a wrong internal IP that doesn't enable networking at first. In my case I need to wait 1-3 minutes until OpenVPN reconnects itself based on ping timeout: after the reconnect I receive another IP and everything starts to work. I do not know whether it's an OpenVPN or a Windows bug. One last note: using multiple VPNs Actually this will work, that's how I roll. As long as both VPNs don't clash by using the same 10.0.0.0/8 subnet. If this happens, you will need to change Line 5 to point to a more specific (aka smaller) subnet tailored to your AirVPN server. Specifying a 10.x.x.0/24 subnet for routing will surely do (subnet mask: 255.255.255.0). Just be aware that you cannot practically use the same IP range in both networks at the same time (well, you'd need to bind the application you are using to either interface, which you cannot do with a browser or the printing service in case of internal resources). (The story of broken net_gateway) For this placeholder, OpenVPN attempts to determine your 'default gateway', i.e. the router all your internet traffic passes through. It normally works, but may not be supported on other platforms (Linux, sigh). However it has one unintended side-effect: if you already have a VPN that reroutes all your traffic, net_gateway will make all AirVPN traffic go through the first VPN: Your traffic -> VPN1 -> Internet Torrent traffic -> VPN1 -> AirVPN -> Internet That's the unintended dual-hop. Surely you can extend that scheme to 3,4,n-hops if you fiddle enough with routing, subnet masks and correct order. I'm not responsible for headaches We avoid that behavior with Line 4 from our config - the remote_host line forces the AirVPN traffic to go straight to the internet (through your LAN router). One more thing: net_gateway is not available for IPv6 routes in OpenVPN. That's why it currently only works with a IPv4 connection to the VPN server. (Crash course: Subnet masks) You've seen the weird number 255.0.0.0 above. You should refer to other pages for a proper explanation, but basically this is a very simple way for computers to determine the range of IP addresses that are part of a network (a subnet). What's simple for computers is very hard to grasp for us humans. 255 means there are NO changes allowed to the first set of IP numbers. I.e. the 10 in 10.0.0.0 always stays a 10. 0 means all numbers can be used. I.e. the zeroes in 10.0.0.0 can be (0-255), lowest address is 10.0.0.1 and the last address is 10.255.255.254 (technically, 10.0.0.0 is the first and the last 10.255.255.255 is reserved for 'broadcast') Any number in between denotes ... a range in between. 2^(32-prefix)=number. Number is the amount of available addresses and prefix is called the subnet prefix. Both are meant to describe the same thing. For 10.0.0.0/26 or 10.0.0.0 with subnet mask of 255.255.255.192 you get addresses in range 10.0.0.0-10.0.0.64 -- 2^(32-26) = 64. Similarly you can convert the subnet mask into the prefix number and work from there; or eyeball it: 256-192 = 64. (Two ways to accomplish routing) If you have two equal routes, e.g. 0.0.0.0 goes through VPN with metric 666 0.0.0.0 goes through LAN router with metric 10 then obviously the default route for a packet will travel through (2) - because it's a cheaper path. Unless an application specifies to talk only on the VPN interface. However a different rule applies whenever a more specific route exists 0.0.0.0/0 goes through VPN2 with metric 666 0.0.0.0/0 goes through LAN router with metric 10 0.0.0.0/1 goes through VPN1 with metric 30 128.0.0.0/1 goes through VPN1 with metric 30 Here the routes (3) and (4) cover the entire addressing space, just like 0.0.0.0/0. However because they are more specific, they'll be preferred for all traffic because these routes are more selective. This is how OpenVPN does override system routing with VPN routing by default. This is also what the other guide attempted as well, by pushing four {0,64,128,192}.0.0.0/2 routes. Since that was more specific, it would in return override the 0,128 routes and so on. We can calculate how many multi-hops we would be able to do with this method: IPv4 has 32 bits, we will not touch the last 8 bits of the subnets. That leaves us then with 24 bits or 24 maximum amount of hops. Theoretically. The routing table would be outright f---- to look at. This method is a bit more 'secure' in a way because you don't need to rely on overriding a certain metric value, you just slap a more specific route on top and it's automatically made default. Also you don't need to override the default gateway (router) and all that junk. However with my preferred method (first) you can quite easily do DIY dual-hop routing: 0.0.0.0/0 goes through VPN2 with metric 666 0.0.0.0/0 goes through LAN router with metric 10 0.0.0.0/1 goes through VPN1 with metric 30 128.0.0.0/1 goes through VPN1 with metric 30 <VPN2-IP>/32 goes through VPN1 with metric (any) Such a setup will make sure that all traffic destined for the internet (hits 3 and 4) will go through VPN1. If a program specifies the VPN2 network interface, then VPN2 will be reached via VPN1 first (you->VPN1->VPN2). This is quite 'quizzacious' to set up/control. Not part of this guide. As a part of this guide we told the system to route VPN2 via router on LAN. Yet you could indeed chain multiple VPNs this way and force the VPN1 to not only catch all traffic but also be chained via multiple VPNs itself so you would not need to manually set programs. I've seen scripts online for that purpose. Although be aware of MTU issues due to encapsulation. Troubleshooting tips TEST. SERIOUSLY, TEST YOUR SETUP BEFORE ENGAGING YOUR DATA CANNONS! A couple hours now are infinitely many times more worth than a 'leaked' mistake and headaches later on. https://ipleak.net/ - tests your client's default connection route. It would not tell you if your client is alternatively available on LAN for example. If you followed this guide and set up your client correctly, it will not be available on LAN etc. See the images below: 'without interface binding' (most newbie users) and 'with interface binding' (this guide) Wireshark to inspect how the traffic is actually flowing. Follow online tutorials, you only need to select the right network interfaces and filter traffic by port/IP (tcp/udp and your local or VPN IP) curl to send network requests. Like ifconfig.co / ifconfig.io will respond with the IP address it sees you as: curl --interface <your computer IP> http://ifconfig.co curl --interface 192.168.1.42 http://ifconfig.co # for IPv4 or IPv6, default route curl -4 http://ifconfig.co curl -6 http://ifconfig.co > route -4 print and > route -6 print on Windows. To compare the outputs, you can use Notepad++ with the compare plugin (you need two documents open, one in left and another in right pane before comparing). PS: AirVPN configuration generator does not support #comment lines. Please fix. Sorry Linux users, maybe another time I will write something tailored to you. But I believe you are smart cookies and will adapt the OS-specific steps to fulfill this guide's goal.

@shortfacedbear Hello! While Eddie Windows edition does not feature traffic splitting on an application basis (i.e. the feature you would need) WireSock for Windows has emerged in the last months as a practical and efficient solution even for your needs. https://www.wiresock.net/ On Windows, WireSock allows per app traffic splitting, per app reverse traffic splitting, per IP address destination traffic splitting, and hybrid traffic splitting with an extremely simple configuration file. According to the new reports we received from some of our Windows customers, it is probably a good solution which will save you from virtualization and from any solution requiring a fairly decent system and networking competence. According to those same reports, WireSock is fully compatible with AirVPN but unfortunately it is not open source software as far as we can see. Kind regards

Hello, I recently understood how the split-tunnel works using Eddie for Linux, and I was thinking that a good use case would be to exclude google.com from the tunnel so that I don't get their captchas everytime I need to use it for search (it's not my go-to search engine, but sometimes I have to use it), but then to keep my traffic protected by the VPN when I open the search results. So, I wanted to ask other users in which scenarios do you use Eddie UI's split tunneling feature. For home banking? e-shopping? Just want to hear some ideas. Thank you all.

I want to use a split tunnel, that is, specific applications are excluded from the VPN. https://github.com/tool-maker/VPN_just_for_torrents/wiki/Running-OpenVPN-on-Linux-without-VPN-as-Default-Gateway This option is unusable. I have the desire to explicitly set certain applications outside the VPN. Please update this system to include split tunneling like Private Internet Access does.

@967819f75c Hello! No, they expire only when you revoke (or "renew") them. As you prefer. Anyway, it's not "key-value", it's a client certificate and a client key It's a unique client certificate and a unique client key (in the sense that they are unique to each client). They are a fundamental part of the authentication phase between a client and our servers. Each account can have multiple client certificates and keys for comfort and to connect multiple devices to the same OpenVPN process at the same time. As you prefer. The ticketing system is essential to receive support from our support team In the forum you get answers from the community and occasionally from some staff member (the "community" forums are by the community for the community, and staff members interfere only occasionally). The support team can be more effective and potentially more competent than a single staff member and sometimes it can find solutions that the community or some staff member missed. In 11 years AirVPN never outsourced customer care, so you can rely on personnel that works directly for AirVPN (someone since 2010!) and you can be sure that you're not sending information to third party generic support teams / call centers etc. Glad to know it. Thank you, enjoy AirVPN! Kind regards

I am running a number of services on my Ubuntu machine that I don't want or need to go through the tunnel. They are proxied using Nginx. However, as soon as I start eddie-cli, I lose external access to Nginx. I assume that's to do with the port forwarding, etc. Is there a way to tell eddie (or using routes or iptables?) to leave the Nginx out? I tried tell Nginx to bind to eno1 instead of tun0, but that didn't make a difference. I do need rutorrent to accept incoming connections via a port forwarded by airvpn. I assume (not sure if I'm correct) that I need eddie running for that to work?