Leaderboard

Hello! We're very glad to announce that Eddie Android edition 4.0.0 Release Candidate 1 is now available. New CPS QUIC database: now Eddie features a CPS database of more than 30 real web sites allowing accurate QUIC + HTTP/3 mimicry of real services through AmneziaWG. Each database entry is identified by a clear label for immediate selection in the app's settings. Eddie will take care to compile AmneziaWG In parameters accordingly: no need for manual input, which anyway remains an available option. This addition significantly bolsters Eddie's arsenal against blocks. New: IPv4 and IPv6 traffic can now be wrapped over an IPv6 tunnel with WireGuard and AmneziaWG too. Minor bug fixes The original message of this thread has been updated accordingly. You will find on it the new download link and checksum, as well as detailed Amnezia description. If you decide to test, please report at your convenience any bug and problem in this thread. If possible generate a report from the app in a matter of seconds: by tapping the paper plane icon on the Log view bar rightmost side you will generate a full system report which will include both log and logcat and have it sent to our servers. Then you just need to send us the link the app shows you (open a ticket if you prefer to do it in private). Kind regards & datalove AirVPN Staff

Hi, I'd like to suggest a feature that lets user to use a hostname that resolves to the best server from a user-defined list of servers. It will be similar to *.vpn.airdns.org but only resolves to one of the servers in the user-defined list. Eddie has a feature that works similarly by adding servers to allowlist. However, when Eddie can't be used, it is inconvenient. I hope you consider this suggestion. Thank you and have a nice day. Regards,

Hello! We're very glad to announce a special promotion on our long term Premium plans for the end of Summer or Winter, according to the hemisphere you live in. You can get prices as low as 2.06 €/month with a three years plan, which is a 70% discount when compared to monthly plan price of 7 €. If you're already our customer and you wish to stay aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day. Please check plans special prices on https://airvpn.org and https://airvpn.org/buy Promotion expires on 2026-03-31 UTC. Kind regards & datalove AirVPN Staff

Hello! Or that any "Network Lock" mode is disabled by setting "Network Lock" box to "None" in "Preferences" > "Network Lock" window (default: "Automatic"), as it is indeed the case according to the system report (important option not at default: netlock.connection false) and considering that the user's system does have nft and iptables-* installed. Splitting the different cases with different messages and logging them will be suggested to devs. Kind regards

Hello! We're not ignoring it, did you read the update on the first message of this thread? Kind regards

Hello! We're very glad to announce that Eddie Android edition 4.0.0 has been released This is a major update: for the first time Eddie Android edition features AmneziaWG complete support. Eddie Android edition is a fully integrated with AirVPN, free and open source client allowing comfortable connections to AirVPN servers and generic VPN servers offering compatible protocols. Eddie 4.0.0 aims primarily at adding, besides the already available OpenVPN and WireGuard, a thorough and comfortable AmneziaWG support. Source code available on GitLab: AmneziaWG is a free and open source fork of WireGuard by Amnezia inheriting the architectural simplicity and high performance of the original implementation, but eliminating the identifiable network signatures that make WireGuard easily detectable by Deep Packet Inspection (DPI) systems. It can operate in several different ways, including a fallback, "compatibility mode" with WireGuard featuring anyway various obfuscation techniques. What's new in Eddie 4.0.0 AmneziaWG support Amnezia WireGuard API stronger anti-blocking logic: ability to log in to the service and download AirVPN infrastructure and user data while connected through a profile with a specific option on the left pane ability to read and use local user data when bootstrap servers are unreachable CPS packets database of 30+ real websites, currently allowing accurate QUIC + HTTP/3 traffic mimicry to and from real web sites through AmneziaWG CPS. Each entry is easily selectable and identified by a clear label support for wrapping both IPv4 and IPv6 traffic over an IPv6 tunnel with WireGuard and AmneziaWG (previously available only with OpenVPN) new "Open with..." option on top of the usual "Share" (now renamed "Export") option to manage and export comfortably generated profiles on any Android version with any suitable application updated AmneziaWG parameters allowed ranges support of latest AmneziaWG padding features vastly improved NetworkMonitor and Tile Service updated OpenSSL, OpenVPN3-AirVPN and WireGuard libraries full compatibility from Android 5.1 to Android 16, including Android TV bug fixes see the complete changelog here: https://gitlab.com/AirVPN/EddieAndroid/-/blob/master/ChangeLog.txt?ref_type=heads AmneziaWG overview From the official documentation: https://docs.amnezia.org/documentation/amnezia-wg AmneziaWG offers: Dynamic Headers for All Packet Types (compatibility with WireGuard: YES) During tunnel initialization, the library generates a set of random constants applied to each of the four WireGuard packet formats: Init, Response, Data, Under‑Load. These constants: As a result, no two clients have identical headers, making it impossible to write a universal DPI rule. Replace predictable WireGuard packet identifiers; Shift offsets of Version/Type fields; Modify reserved bits. Handshake Length Randomization and message padding (compatibility with WireGuard: NO) In WireGuard, the Init packet is exactly 148 bytes, and the Response packet is exactly 92 bytes. AmneziaWG adds message paddings: S1: int - padding of handshake initial message S2: int - padding of handshake response message S3: int - padding of handshake cookie message S4: int - padding of transport messages Offsets of the remaining fields are automatically adjusted, and MAC tags are recalculated accordingly. In order to keep backward compatibility with WireGuard, S1, S2, S3 and S4 must be set to 0. Obfuscation Packets I1-I5 (Signature Chain) & CPS (Custom Protocol Signature) (compatibility with WireGuard: partial, with fallback) Before initiating a "special" handshake (every 120 seconds), the client may send up to five different UDP packets fully described by the user in the CPS format. In this way AmneziaWG can mimic perfectly QUIC, DNS and other protocols adding powerful methods to circumvent blocks. QUIC is particularly interesting as HTTP/3 is built on it and currently, from Chrome and other compatible browsers, 50% of traffic to/from Google is QUIC traffic. Therefore, blocking QUIC may have major disruptions for any ISP. Note that a CPS database of 30+ real web sites is available in Eddie Android edition: you can activate CPS mimicking traffic to real web sites with a tap. Eddie will take care to compile properly Amnezia's In parameters for accurate mimicry. Junk‑train (Jc) (compatibility with WireGuard: YES) Immediately following the sequence of I-packets, a series Jc of pseudorandom packets with lengths varying between Jmin and Jmax is sent. These packets blur the timing and size profile of the session start, significantly complicating handshake detection. Under‑Load Packet (compatibility with WireGuard: YES) In WireGuard, a special keep-alive packet (“Under-Load”) is used to bypass NAT timeouts. AmneziaWG replaces its fixed header with a randomized one, the value of which can be set manually. This prevents DPI from filtering short ping packets, ensuring stable tunnel connections, especially on mobile networks. How to use Eddie with AmneziaWG To enable AmneziaWG mode, just tap the connection mode available in the main and other views. It will rotate between WireGuard, AmneziaWG and OpenVPN. Set it to AmneziaWG. In its default AmneziaWG mode, Eddie will use all the possible obfuscation, except protocol mimicking, that keeps WireGuard compatibility, thus allowing connections to AirVPN servers. The default settings choice was possible thanks to the invaluable support of persons living in countries where VPN blocks are widespread. Such settings have been tested as working and capable to bypass the current blocking methods in various countries. You may consider to modify them if they are ineffective to bypass "your" specific blocks. In Settings > Advanced, you will find, at the bottom of the page, a new "Custom Amnezia WG directives" item. By tapping it you will summon a dialog that will let you customize any possible AmneziaWG parameter. You can maintain backward compatibility with WireGuard in the dialog WireGuard section, or enable the full AmneziaWG support in the Amnezia section, which is not compatible (at the moment) with AirVPN WireGuard servers. This mode will be mostly valuable in a not distant future, when AirVPN servers will start to support AmneziaWG natively. You may also enable QUIC or DNS mimicking for additional obfuscation efficacy. In order to maintain WireGuard backward compatibility, with or without QUIC or DNS mimicking, you must set: S1 = S2 = S3 = S4 = 0 Hn ∈ {1, 2, 3, 4} H1 ≠ H2 ≠ H3 ≠ H4 Furthermore, do not exceed the valid limit of the J parameters (anyway Eddie will not let you do it). In this preview version, Eddie's formal control of the input data is based on the following document. We strongly recommend you read it if you need to modify manually parameters: https://github.com/amnezia-vpn/amneziawg-linux-kernel-module?tab=readme-ov-file#configuration Custom Protocol Signature with database included Working in AmneziaWG mode, Eddie implements QUIC and DNS mimicry and obfuscation packets for each specific "I" parameter (by using the corresponding "Generate" button). You can enable them with a tap on the proper buttons. You may mimic QUIC and DNS even to connect to WireGuard based servers. Please do not modify In parameters if you don't know exactly what you're doing. Eddie's CPS database is available at your fingertip for accurate mimicry of traffic to and from real web sites using HTTP/3 (other protocols may be added in the future), so you don't need to look for and enter specific sequences. Settings > Advanced > Custom AmneziaWG directives > Enable CPS > Presets > select the web site whose traffic must be imitated . Currently, you can find a database that contains more than 30 actual packet signatures and sequences of real web sites. Select one and Eddie will adjust all the parameters automatically and will use them in the next AmneziaWG connection. When you enable QUIC mimicking and you maintain WireGuard backward compatibility, you add a powerful tool against blocks, because the first packets will be actual QUIC packets. AmneziaWG will fall back to WireGuard compatibility very soon. However, when DPI and SPI tools, and demultiplexers in general, identify the initial QUIC flow, most of them will be unable to detect a WireGuard flow for several minutes. This has been tested thoroughly with deep packet inspection on Linux and FreeBSD based machines by AirVPN staff. Therefore, in different blocking scenarios the QUIC mimicry increases likelihood of successful block bypass. NOTE: the same does not happen with DNS mimicry. In this case DPI / SPI tools identify the stream initially as DNS, but are much quicker (just in a few dozens of packets) to identify the stream as WireGuard's, after the initial DNS identification. How to use Eddie in network where the "bootstrap" servers can not be reached Eddie downloads user and infrastructure data, essential to use the service, from special "bootstrap servers" through an encrypted flow inside HTTP. If the bootstrap servers are blocked or the underlying protocol to port 80 is filtered out, Eddie is unable to proceed. Starting from this Eddie 4 version, the ability to retrieve such data locally has been added. Whenever bootstrap servers are unreachable, Eddie can read the latest available local data to connect to a VPN server. Once connected the bootstrap servers are again reachable and the local data are immediately updated for future usage. The local data remain valid as long as you don't need to change user. On top of all of the above, Eddie can now retrieve such data through the login procedure that now can be started even when a connection to a VPN server was previously established via a profile. Therefore, when you are in a restrictive network that blocks access to bootstrap servers, you can connect through a profile generated by AirVPN web site Configuration Generator. After this first connection, log your account in to the service by selecting the specific option on the left pane, enter your AirVPN account credentials as usual and make sure that Remember me checkbox is ticked: Eddie will download all the necessary files and store them locally. This procedure is "once and for all", at least as long as you don't need to change account. After this initial connection, Eddie will be able to log your account in to the infrastructure, retrieve servers data and establish connections without profiles and without bootstrap servers, offering again full AirVPN integration even when bootstrap servers are unreachable. Only If you change account you must repeat the procedure. New: "Open with..." option added to "Export" option Different Android versions allow management of files with different restrictions. Different apps may support different intents on specific Android versions. To enlarge total compatibility, now Eddie offers two different options to export and manage files, including generated profiles. You will find the usual "Share" option (note: now renamed into "Export") coupled with a new "Open with..." option. Some apps support only one intent, other apps only specific intents on specific Android versions, and so on. By adding this option Eddie enlarges considerably the amount of apps you will be able to open and/or share files with. Download link, checksum and changelog Eddie Android edition 4.0.0 APK direct download quick link: https://airvpn.org/tv Eddie Android edition 4.0.0 is also available on the Google Play Store. https://play.google.com/store/apps/details?id=org.airvpn.eddie Changelog is available here: https://gitlab.com/AirVPN/EddieAndroid/-/blob/master/ChangeLog.txt?ref_type=heads SHA-256 checksum if you prefer to download from our web site and side load the app: $ sha256sum EddieAndroid-4.0.0-VC38.apk 12322926f12d45f8e918173ae30f88cdef03f0fe323f30abf00cef6c033d8dae EddieAndroid-4.0.0-VC38.apk Kind regards & datalove AirVPN Staff

Youtube is asking for login now over all new UK servers.. What a pain in the arse Youtube is. Any ideas? I hate creating a google account only for that

Hello! Welcome aboard. 1. Yes, correct. 2. Yes, correct. 3. With a port linked to "All devices" this is not possible, because you create an unsupported case in forwarding rules, i.e. the same packet to a specific VPN server public IP address port should be forwarded to the port of multiple VPN IP addresses. This is not implemented and also poses a technical challenge in our infrastructure that's not trivial. To overcome this situation you must use unique key pair for each device and take care to link each port to a single device. Alternatively, a simpler solution is just connecting each device to a different VPN server (your 2nd scenario). Kind regards

I need more features but I do stick with AirVPN! Please give us dark mode, an easy way of doing split tunneling as well and maybe sort out something so tailscale can work side by side so we can have our computer meshes working outside the tunnel!

Hello Staff team, as OpenVPN 2.7 and the latest Linux Kernel 6.16 have now streamlined the integration of the ovpn driver, DCO has become the new performance standard. OpenVPN Data Channel Offload (DCO): The Definitive Guide to the Performance Boost Making OpenVPN The Fastest VPN Protocol Other companies such as ExpressVPN and Norton VPN have already integrated DCO to offer their users these performance gains. Implementing this would keep your service competitive and provide a much smoother experience for those of us who prefer the OpenVPN protocol for its maturity and security. Do you have OpenVPN DCO on your current technical roadmap? I look forward to hearing your thoughts on this. Kind regards.

They said earlier that it is coming to other platforms, but can't help but wish for it to come soon. SSH>TCP and SSL>TCP works so far, but some servers are weird in terms of speed and being able to connect on some days. Hopefully amnezia support for pc comes soon.

"We are currently working on a substantial codebase refactoring aimed at evolving Eddie Desktop into a more modern client." More than needed. The UI looks like one of XP times. Not a single other provider uses a ancient UI like that. I also need to use a 3. party Client (WireSock) to use application/folder split tunneling. Application Split-Tunneling is also something every single other provider has since a long time now. The reason i use Air is trust. If i look at the outdated applications i raither use other providers who hold theirs more up to date but most i just dont trust at all so im stucked with Air and a 3. party application for now since i use split-tunneling 24/7.

I'm inclined to write: seeing as the post has absolutely no information to start troubleshooting. Unless you expect someone to hack into your system. Or read your mind. Let's start with something simple anyone can do. Close Eddie, reopen, try a connection, then provide a system report..

Consider Kagi. You get a search engine that's actually not selling your data, and access to all the AI models to boot.

I've made a Linux shell script for batch-conversion of WireGuard .conf files making them AmneziaWG (awg) compatible: https://github.com/zimbabwe303/awg_conf_patch When patching it shuffles the H1..4 parameters; to re-shuffle you can just re-run it over the same files again. It also can shorten .conf file names generated with the AirVPN config generator to facilitate their usage with the 3rd-party smartphone WireGuard clients such as WG Tunnel (which uses AmneziaWG instead of the vanilla WireGuard).

Hello! Please note that OpenVPN 2.6 and higher versions (i.e. the OpenVPN version you meet on the servers) will push in any case IPv6 gateway, routes etc. Yes, we need to consider whether disabling the now misleading option completely on the CG. Kind regards

After having issues configuring AirVPN with Gluetun, and seeing many others with similar issues, I decided to fork the Gluetun project, strip out all the stuff I didn't want (OpenVPN, SOCKS, other providers)... here it is: Gluetun-AirVPN-Edition, supporting ONLY AirVPN and only WireGuard with a bunch on unique features. Still putting it together, but please feel free to take a look and hope you find it useful. https://github.com/wolffcatskyy/gluetun-airvpn-edition

Hello! Available in "Settings" > "System" > "Application Filter Type" > select white or black list, then compile the list on the new "Select applications to be *listed" menu item that will appear. BLACK LIST enabled: all the traffic is tunneled except the traffic of the black listed app(s). WHITE LIST enabled: only white listed apps will have their traffic tunneled. Kind regards

In Eddie Preferences > Protocols, untick Automatic and select UDP port 443. Retry a connection. If it still doesn't work, provide a system report instead of only the logs. .

Dark mode pretty please!! Keep up the good work! Thanks

Hello! We're glad to inform you that we have just released: "Road To OpenVPN 2.6" migration plan - https://airvpn.org/road_to_openvpn26/ A new version of Config Generator with options related to OpenVPN 2.6 A new Eddie Desktop beta release (2.23.0) related to the road above, feature-locked to reach stable release https://airvpn.org/forums/topic/56428-eddie-desktop-223-beta-released/ A new server (Marsic), the first running OpenVPN 2.6 powered by DCO (server-side) and ready for client-side DCO. UPDATE 2026-03-12 After careful evaluation and considering that: DCO for OpenVPN 2.6 is now considered obsolete the new DCO is aimed at OpenVPN 2.7 only DCO kernel module is included on mainline Linux kernel starting from 6.16 AirVPN VPN infrastructure is based on kernel 6.12 and OpenVPN 2.6 (typical setup of Debian 13, RHEL 10 etc.) OpenVPN usage declined dramatically: today only 24% of connections are based on OpenVPN, and the decline continues at a steady pace the combination of WireGuard and AmneziaWG is more effective than OpenVPN over TCP at bypassing blocks valuable packet payload padding (against encrypted traffic pattern analysis) is offered by AmneziaWG and not DCO: the plan has been momentarily frozen. It can be re-activated when the VPN infrastructure moves to kernel 6.16 (or higher version) and OpenVPN 2.7. Our priority goes to wider AmneziaWG support, on the client software first and then on the server side too (important especially for padding). Kind regards & datalove AirVPN Staff

Hello! We're very glad to announce that Eddie Android edition 4.0.0 beta 3 is now available.  New: AmneziaWG padding S3 and S4 parameters supported New: additionally enhanced ability to use locally stored user and servers data against bootstrap servers blocks improved AmneziaWG support taking into account latest documentation clarifications with experimental confirmations improved Tile Service updated libraries: now linked against OpenVPN3-AirVPN 3.12 and OpenSSL 3.6.1 bug fixes to resolve app instability bug fix to resolve tile button improper behavior minor bug fix Please find complete changelog, additional information and download link on the first message of this thread. If you decide to test, please report at your convenience any bug and problem in this thread. If possible generate a report from the app in a matter of seconds: by tapping the paper plane icon on the Log view bar rightmost side you will generate a full system report which will include both log and logcat and have it sent to our servers. Then you just need to send us the link the app shows you (open a ticket if you prefer to do it in private). Kind regards & datalove AirVPN Staff

I didn't bother waiting. Service seems worth it, I got a trial account and lived up to my expectations. Thank you

Hello! We're very glad to inform you that three new 10 Gbit/s full duplex servers located in Toronto (Ontario), Canada, are available: Castula, Chamukuy and Elgafar. The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. They support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor : https://airvpn.org/servers/Castula https://airvpn.org/servers/Chamukuy https://airvpn.org/servers/Elgafar/ Do not hesitate to contact us for any information or issue. Kind regards & datalove AirVPN Staff

These were very much needed so I'm glad to see them added to the list

Roughly 60 GB. Always on. And if I did provide liberation services to the world, I would still stay below 100

Most of the encryption algorithms are handled by hardware, using CPU extensions. But packet switching still requires vanilla CPU power. So yeah, CPU horsepower still required but not as much as the days of old. Also the newer, more efficient ciphers help a lot as well.

With 300+ users you would need some beefy CPUs in the server. I would guess that is the bottleneck, not the actual connection. VPNs are encrypted and require the processing power to handle the number of users connected. Not sure what their server specs actually are, but would be curious to know.

Its a shame. These were among the absolute fastest (especially Chumukay) when they came on board. They smoked the high powered Chicago servers but they are not reliable for the past week or two. Right across the border in Chicago apparently nobody is attacking those servers.

Hello! Yes, current DDoS / flood unfortunately. Kind regards

Do you know why these new servers are having high packet loss?

Hi. Any plans for Eddie PC edition + AmneziaWG ?

Hello! We're very glad to announce that Eddie Android edition 4.0.0 beta 2 is now available. New: how to use Eddie in network where the "bootstrap" servers can not be reached Eddie downloads user and infrastructure data, essential to use the service, from special "bootstrap servers" through an encrypted flow inside HTTP. If the bootstrap servers are blocked or the underlying protocol to port 80 is filtered out, Eddie is unable to proceed. Starting from Eddie 4 beta 2 version, the ability to retrieve such data locally has been added. Whenever bootstrap servers are unreachable, Eddie can read the latest available local data to connect to a VPN server. Once connected the bootstrap servers are again reachable and the local data are immediately updated for future usage. The local data remain valid as long as you don't need to change user. On top of all of the above, Eddie can now retrieve such data through the login procedure that now can be started even when a connection to a VPN server was previously established via a profile. Therefore, when you are in a restrictive network that blocks access to bootstrap servers, you can connect through a profile generated by AirVPN web site Configuration Generator. After this first connection, log your account in to the service by selecting the specific option on the left pane, enter your AirVPN account credentials as usual and make sure that Remember me checkbox is ticked: Eddie will download all the necessary files and store them locally. This procedure is "once and for all", at least as long as you don't need to change account. After this initial connection, Eddie will be able to log your account in to the infrastructure, retrieve servers data and establish connections without profiles and without bootstrap servers, offering again full AirVPN integration even when bootstrap servers are unreachable. Only If you change account you must repeat the procedure. New: "Open with..." option added to "Export" option Different Android versions allow management of files with different restrictions. Different apps may support different intents on specific Android versions. To enlarge total compatibility, now Eddie offers two different options to export and manage files, including generated profiles. You will find the usual "Share" option (note: now renamed into "Export") coupled with a new "Open with..." option. Some apps support only one intent, other apps only specific intents on specific Android versions, and so on. By adding this option Eddie enlarges considerably the amount of apps you will be able to open and/or share files with. New: AmneziaWG parameters range validity AmneziaWG parameter range validity has been documented in three different ways (official web site, GitHub documentation files, and developers comment) and the web site documentation that it's still official is in reality not aligned with the source code. The new parameters range validation adopted by Eddie 4.0.0 beta 2 is based now on GitHub latest documentation integrated by source code analysis. The original message of this thread has been updated accordingly. You will find on it the new download link and checksum, as well as detailed Amnezia description. If you decide to test, please report at your convenience any bug and problem in this thread. If possible generate a report from the app in a matter of seconds: by tapping the paper plane icon on the Log view bar rightmost side you will generate a full system report which will include both log and logcat and have it sent to our servers. Then you just need to send us the link the app shows you (open a ticket if you prefer to do it in private). Kind regards & datalove AirVPN Staff

giga omega based kornephoros was struggling to cope with extra demand after wurren was decommissioned. this is gonna be awesome.

Yes, I know. I wrote the whole guide back in 2012 and it's only been updated by scant few other users since then. I had the least amount of problems with Tomato than with any other router firmware I've ever used. Just brilliant. I wish it were still maintained.

Yes. This is because the ISP has blocked the boot server. Please open the ticket to obtain the private boot server from the staff, or wait for the subsequent Android version update. It is said that in the subsequent version, the login information will be saved locally. Then, there will be no need to log in every time. Just log in once and you can use it as before, just like the computer version.

So i still can't reach airvpn servers in .Ru for logging in from my phone. Here is what i have: I can use airvpn from my PC, found a solution, but there is no such configuration for a phone. I try amnezia in the same networtk via wifi and can't even log in. But works fine if i start other vpn and open airvpn app, i get my subscriprion plan and other information. Should i ask support for private workaround solution?

Original message by @Pit61 . It updates the setup for FreshTomato based routers. Here is my working Open VPN config on a Netgear R7000 with Fresh Tomato:

Hello! We're glad to inform you that AmneziaWG support has been implemented in Eddie Android edition 4.0.0 beta 1 and it will be progressively implemented in all the other AirVPN software. https://airvpn.org/forums/topic/77633-eddie-android-edition-400-preview-available/ Eddie Android edition public beta testing is going very well and the development team is optimistic about a near future release. This is only partially true. When you use CPS on your side and you connect to a WireGuard based server, demultiplexers will identify the traffic according to the CPS settings (QUIC, DNS...) only initially. They will soon be able to detect the traffic as WireGuard traffic. With DNS mimicking this happens just after the handshake, while with QUIC the inspection tools need much more time. We can confirm the above after several experimental tests we repeatedly performed with deep packet inspection. Anyway QUIC mimicking is effective and actually it can nowadays bypass in about 100% of the cases the blocks in both Russia and China. But we have planned to support Amnezia on the server side too, because the current method is anyway not so strong on the long run. When we have Amnezia on the server side too, no tool is able to ever identify the traffic as WireGuard traffic: it remains indefinitely identified as QUIC. Currently we are still at a testing phase, but the outcome so far is very promising. Stay tuned! Kind regards

To give some numbers, with these settings along with MTU tuning (1440 in my case since no IPv6): I have been able to roughly 2.5x my speeds from 400 Mb/s average to 1000 Mb/s average which is essentially my line speed. Also, I have seen people ask about how to use Gluetun + qBittorrent in other posts, and this is where I learned how to do it: https://wiki.serversatho.me/. I hope these resources will help!

Thank you! Please use the Configuration Generator. Turn on the "Advanced" switch. Generate a file with the Configuration Generator for WireGuard for the server or country you want to test. Download the file and edit it with any text editor. To begin with, add these parameters in the [Interface] section: Jc = 20 Jmin = 50 Jmax = 1000 S1 = 0 S2 = 0 H1 = 3 H2 = 1 H3 = 4 H4 = 2 Import the file into your PC AmneziaWG client, or use it with the AirVPN Suite component Hummingbird, and even in Eddie 4.0.0 (you can do it in the "VPN profiles" view once the file is in your Android device) and use it to test a connection in Amnezia mode. If it fails please try a connection directly from Eddie, without profile, in Amnezia WG. If it fails too enable QUIC mimicking in "Settings" > "Advanced" > "Custom AmneziaWG directives" and test again a connection. Keep us posted! Kind regards

These are the AmneziaWG parameters I use in China. This set of parameters can reliably bypass the GFW. Staff can take a look. Jc = 20; Jmin = 50; Jmax = 1000; S1 = 0; S2 = 0; H1 = 3; H2 = 1; H3 = 4; H4 = 2;

Do you intend to add it to PC's client at some point as well?

Hey there, Taiwan is a provincial administrative region of China, an inalienable part of China’s territory. But when I checked my IP on ipleak.net, I saw Taiwan was shown with those outdated flags, which is totally wrong. These flags don’t reflect the fact that Taiwan belongs to China. Using them misrepresents Taiwan’s status and goes against the One - China principle. It’s really important to fix this mistake. Please correct the display and stop using such wrong flags. Let’s make sure the info about Taiwan is right, in line with the One - China principle. Thanks for handling this!

Hi Everyone! Over the years there's been advice to avoid μTP in torrent clients like qBittorrent and use TCP exclusively (when using a VPN). And I have followed this advice. But now I wanted to check in again to see if that is still the case - Is it still recommended to avoid μTP? I'm asking for two reasons - 1) when this advice first came out I think we only really had OpenVPN. Now the default is Wireguard. Does that change anything? And also 2) I recently had a couple of torrents I was trying to download and they were stalled and dead. But when I enabled μTP with TCP, they sprang to life and downloaded lickety-split. So, just wanted to see if anything had changed - or whether my experience was just an anecdotal one-off. Cheers!

Hello I would like to give my personal recommendations to help with network censorship in Russia. I may not have time to write a authoritative, proper guide, but wanted to share this. Everything "clicked" once I read a comment how the DPI works to determine a new connection. Preface IP and subnet blocks came first. They completely blackhole all traffic to blocked IP addresses. The only thing you can try is IPv6 in place of IPv4. Some Air servers are blocked by IP. The Deep Packet Inspection (DPI) is a required installation for residential ISPs and (as of late) industrial networks like data centers. It works to dynamically block known protocol traffic, anything "forbidden" that's not yet in IP blocklists from above. This system was put in law many years ago. Nevertheless, the networks across the country are at various stages of rollout and their capabilities will differ. Real example: residential ISP did not block OpenVPN->Air, yet the mobile carrier did. Yet in 2024 the residential ISP upgraded their DPI system and started blocking OpenVPN too. Common methods of circumvention Mangle traffic locally to fool the DPI systems. It will allow you to connect to servers not blocked by IP (TLS SNI name detection). Proxy/VPN server: A prerequisite is an outside server, it must not have been blocked by IP. If it's a private server and OpenVPN or Wireguard work - you're lucky. However be prepared to still get blocked by DPI any day for using a VPN protocol. There are many proxy tools, especially developed to combat the Great Firewall of China. They don't run directly on Air, so this is something for self-hosting or other services to provide. We're talking about Air, so let's get that VPN working. Everything below requires you to find a reachable Air server (no direct IP blocks). The configuration server used by Eddie is IP blocked, so it won't work at all. I suggest you to generate all server configs in advance and see which are reachable from Russian networks. Airvpn.org seems to be reachable though. OpenVPN over SSH to Air It is possible to set this up on mobile, however the connection is reset after 10-30 seconds due to a lot of traffic being pushed. I used ConnectBot and it didn't restart the SSH connection properly, anyhow OpenVPN and ConnectBot had to be reconnected manually each time --> unusable. Since both apps are easily downloadable from app stores/F-Droid, this can be enough to generate and download configs from AirVPN's website in a dire situation. This connection type works like this: SSH connects to Air server, forwards a local port -> Air (internal_ip:internal_port) OpenVPN connects to local_ip:local_port and SSH sends the packets to Air's OpenVPN endpoint inside this tunnel Once the connection is established, it works like a regular OpenVPN on your system OpenVPN over stunnel to Air I haven't tried, desktop only? OpenVPN (TCP) over Tor to Air While connecting to Tor will be another adventure, do you really need a VPN if you get Tor working for browsing? If yes, I suppose it could work. I haven't tried. OpenVPN (TCP) to Air May start working after hours on Android, if the connection was established initially. Until then you'll see a lot of outgoing traffic but almost zero incoming traffic (NOT ZERO though!) It is unclear to me whether this is because Android keeps reconnecting after sleeping or sometimes it pushes so little traffic over the established connection that DPI forgets or clears the block for this connection only. OpenVPN (UDP) to Air Doesn't work. Wireguard to Air Doesn't work, it's always UDP and very easily detected. AmneziaWG client to connect to standard Wireguard Air servers This worked for me almost flawlessly. The trick of AmneziaWG is to send random trash packets before starting the connection sequence. This is what the new parameters are and some of them are compatible with standard Wireguard servers. The DPI only checks traffic within the initial traffic size window of the connection. If it doesn't find VPN connection signatures (and it doesn't due to random data) then it whitelists the connection. Wireguard then sends its connection packets and connects to Air. Full speed ahead, no throttling. The VPN connection works! What's the catch? The AmneziaWG packet configuration must be right. This worked for me across all networks I encountered: MTU: 1320 (safe value, higher MTU will give better bandwidth, if it works at all and doesn't begin to fragment packets) Junk Packet count (Jc): 31 Junk Packet minimum size (Jmin): 20 Junk Packet maximum size (Jmax): 40 Init packet junk size (S1): none (afaik only with AmneziaWG server; delete from config or try to set 0) Response packet junk size (S2): none (afaik only with AmneziaWG server; delete from config or try to set 0) Magic header settings changeable afaik only with AmneziaWG server: Init packet magic header (H1): 1 Response packet magic header (H2): 2 Underload packet magic header (H3): 3 Transport packet magic header (H4): 4 Example: [Interface] ... other default values, including MTU ... Jc=31 Jmin=20 Jmax=40 H1=1 H2=2 H3=3 H4=4 And how would you know what numbers to set? This single insight: This means flooding small random UDP packets at the beginning is the winning strategy. That's how I optimized someone's config from "sometimes it works, sometimes it doesn't" to "works 100% of the time, everywhere". You actually don't want to blast big packets and be blocked because of it. Smaller random packets are good for mobile traffic too. How would you setup AmneziaWG to connect to Air (Android)? Generate and download AirVPN Wireguard configs, for each individual server, try different entry IPs too. DO NOT USE THE DEFAULT (OFFICIAL) WIREGUARD PORT. We don't want long-term logging to highlight the working servers for the next round of IP blocks. Download AmneziaWG-Android VPN client (the Android edition is actually a fork of the official Wireguard app aka "AmneziaWG". Don't download their regular all-in-one client aka "AmneziaVPN"!): amnezia.org or https:// storage.googleapis .com/kldscp/amnezia.org or https://github.com/amnezia-vpn/amneziawg-android/releases Import Air's configs in the app Apply "Junk Packet" settings from above Try to connect Try different entry IPs and servers if the connection doesn't work. See if the server IP is completely blocked either with: ping "<entry IP>" nc -zv -w 10 "<entry IP>" "<port 80 or 2018 for OpenVPN TCP>" This is GNU netcat Keep in mind: on Android the safest way to avoid any traffic leaks is to go to system settings, Connection & sharing > VPN, or search for "VPN", click on (i) for advanced settings, Enable: "Stay Connected to VPN" & "Block All Connections not Using VPN". If you ever disconnect from VPN by using Android's system notification, you'll need to re-enable these settings. If you switch between VPN apps (like Eddie -> AmneziaWG), I suggest to make sure these settings are always enabled like this: Turn off Wi-Fi (or mobile data) For previous VPN app disable: "Stay Connected to VPN" & "Block All Connections not Using VPN" For next VPN app enable: "Stay Connected to VPN" & "Block All Connections not Using VPN" Turn on Wi-Fi / connect using next VPN app Android battery optimization: Finally, go to app's settings (or Settings-Battery then app list somewhere) and make sure the AmneziaWG app is "not optimized" for battery. This way it will not be interrupted in the background and potentially drop connection until the screen is awake. -- https://dontkillmyapp.com/ for guides and more info Thanks for reading. Big politicians are not your friends, stay strong and propagate what you truly believe in.

An other year! Thanks for your excellent service. 😀

Anyway I understand your position, no problem. Like Russians say "Сытый голодного не разумеет" ("the well-fed does never understand the hungry").

You know, it's sort of sad to think that you must fall into the darkness just because you are not belonging to the "overwhelming majority of the world". China, Russia, Belarus, Venezuela, Turkmenistan, Egypt, Turkey. Who's next? I know we are all the "third world" but we are people and want the information! If no one will lend us a hand from the greater world, where life is still okay, we won't ever make it out of the darkness.

Well, to give a completely rudimentary course in how to get it up and running: Assuming you use windows you go to the "Enter" tab on this site while logged in, click on the windows icon and download the client from there. You then install the client. Then you find the "AirVPN" icon on your desktop and click it, then choose "connect to a recommended server" and wait for it to finish connecting. Then point your web browser to https://ipleak.net/ to confirm it's working, and it doesn't show your real info anymore. This should get you started using it, at least. You should be safe with the default settings. I then recommend searching the forum for any specific features you wonder about with the client, if you need port forwarding to work you can look at some of my recent posts on here for example. Oh, you might want to turn on the network lock on the login screen as well.