Leaderboard

Hello! We had a similar project that is now temporarily frozen for good reasons: in real life the ability of the "AI"s to guess successfully the real destination from analysis of the VPN tunnel traffic is poor (the excellent success rates you see are achieved only in a controlled environment where the victim visits only destinations pre-determined from a tiny list) AmneziaWG is quickly becoming (*) a more universal approach that may be effective and that does not require our own proprietary solution, provided that constant rate tunnel, deterministic batching and traffic morphing are not required -- safe assumptions as DAITA doesn't aim at obtaining them (*) While early AmneziaWG releases could "only" add junk packets during handshakes, making it not suitable to replace DAITA, AmneziaWG latest release is also capable to perform padding of transport messages and modification of their header range. It can do all of the above, optionally, over a faithful imitation of a different protocol (any protocol that can be built on UDP), including specific HTTP/3 web sites initial flow mimicry. While these options efficacy in fighting AI guided traffic analysis must be verified in a controlled environment when AI abilities will improve, and in spite of the fact that AmneziaWG currently lacks the important active distortion feature that DAITA offers, together with reason 1 they are sufficient to let us prioritize AmneziaWG support in the infrastructure and our software, and freeze proprietary solutions research. Once AmneziaWG is operating in the whole infrastructure, it may be considered whether adding active distortion to match this DAITA feature, or anyway building additional features to outperform DAITA (on top of the many already available in Amnezia and not from scratch), is worth the effort or not. Kind regards

Hello! We're very glad to announce that Eddie Android edition 4.0.0 beta 2 is now available. New: how to use Eddie in network where the "bootstrap" servers can not be reached Eddie downloads user and infrastructure data, essential to use the service, from special "bootstrap servers" through an encrypted flow inside HTTP. If the bootstrap servers are blocked or the underlying protocol to port 80 is filtered out, Eddie is unable to proceed. Starting from Eddie 4 beta 2 version, the ability to retrieve such data locally has been added. Whenever bootstrap servers are unreachable, Eddie can read the latest available local data to connect to a VPN server. Once connected the bootstrap servers are again reachable and the local data are immediately updated for future usage. The local data remain valid as long as you don't need to change user. On top of all of the above, Eddie can now retrieve such data through the login procedure that now can be started even when a connection to a VPN server was previously established via a profile. Therefore, when you are in a restrictive network that blocks access to bootstrap servers, you can connect through a profile generated by AirVPN web site Configuration Generator. After this first connection, log your account in to the service by selecting the specific option on the left pane, enter your AirVPN account credentials as usual and make sure that Remember me checkbox is ticked: Eddie will download all the necessary files and store them locally. This procedure is "once and for all", at least as long as you don't need to change account. After this initial connection, Eddie will be able to log your account in to the infrastructure, retrieve servers data and establish connections without profiles and without bootstrap servers, offering again full AirVPN integration even when bootstrap servers are unreachable. Only If you change account you must repeat the procedure. New: "Open with..." option added to "Share" option Different Android versions allow management of files with different restrictions. Different apps may support different intents on specific Android versions. To enlarge total compatibility, now Eddie offers two different options to export and manage files, including generated profiles. You will find the usual "Share" option coupled with a new "Open with..." option. Some apps support only one intent, other apps only specific intents on specific Android versions, and so on. By adding this option Eddie enlarges considerably the amount of apps you will be able to open and/or share files with. New: AmneziaWG parameters range validity AmneziaWG parameter range validity has been documented in three different ways (official web site, GitHub documentation files, and developers comment) and the web site documentation that it's still official is in reality not aligned with the source code. The new parameters range validation adopted by Eddie 4.0.0 beta 2 is based now on GitHub latest documentation integrated by source code analysis. The original message of this thread has been updated accordingly. You will find on it the new download link and checksum, as well as detailed Amnezia description. If you decide to test, please report at your convenience any bug and problem in this thread. If possible generate a report from the app in a matter of seconds: by tapping the paper plane icon on the Log view bar rightmost side you will generate a full system report which will include both log and logcat and have it sent to our servers. Then you just need to send us the link the app shows you (open a ticket if you prefer to do it in private). Kind regards & datalove AirVPN Staff

Did everyone notice? The Kornephoros server achieved astonishing speeds today. As a 10Gbps server, it loaded over 5Gbps of bandwidth. I've never seen such speeds on any 10Gbps server before. What makes this server different from other 10Gbps servers? Is it the unprecedentedly powerful hardware, the data center's network environment, or AirVPN's optimization of the server's kernel? Staff can take a look and use this information to optimize other 10Gbps servers. Kornephoros is truly unexpected.

Hello! We're very glad to inform you that three new 10 Gbit/s full duplex servers located in Toronto (Ontario), Canada, are available: Castula, Chamukuy and Elgafar. The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. They support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor : https://airvpn.org/servers/Castula https://airvpn.org/servers/Chamukuy https://airvpn.org/servers/Elgafar/ Do not hesitate to contact us for any information or issue. Kind regards & datalove AirVPN Staff

Hello! Eddie Android edition 4.0.0 beta 2 is now available featuring improved AmneziaWG support and strengthened logic against AirVPN bootstrap server blocks: https://airvpn.org/forums/topic/77633-eddie-android-edition-400-preview-available/ Kind regards

Hello! On Eddie 2.22 and higher versions you can "fix" the interface name by setting it on Eddie's "Preferences" > "Networking" window (make sure you pick an interface name that's valid in your system). Kind regards

@3x3x3 Hello! Assuming that the notices are genuine, we need to remind you that VPN usage must be compliant to the relevant legal framework of the country the VPN server is in. With all of the above said, you must make sure you do not suffer traffic leaks outside the VPN tunnel. If you run AirVPN software, this is easily achieved by activating Network Lock which is also active by default during connections (opt out). You also must make sure that you don't start the torrent software before you have connected to some VPN server if you don't run AirVPN software. Network Lock is a set of firewall rules that remain in place even in case of software crash and protect you from leaks even when the torrent software is configured in a way that permits it to bypass the VPN tunnel (typical example: UPnP enabled). Please read AirVPN FAQ and starting guide, you will get plenty of useful information and avoid unpleasant consequences by improper usage. All the important links are included in the welcome message and you can start from here: https://airvpn.org/forums/topic/18339-guide-to-getting-started-links-for-advanced-users FAQ: https://airvpn.org/faq Binding a software to the VPN network interface is another excellent layer of defense. It is highly valuable in case of a "momentary lapse of reason", for example if you completely forget to fire up AirVPN software (or your favorite software) and you start the torrent program with already active torrents. Interface binding is a simple setting if supported by your torrent program. Procedure varies according to the program you run, please read your software documentation. Kind regards

Congratulations on the launch. This is great news for CA which has had most of its 2 Gbit/s servers pretty saturated during peak hours. Hopefully the ghost of Wurren does not come back to haunt us.

How can the load percentage be conveyed even clearer in your opinion? Those are highly subjective things depending on your setup, and I don't want to see them as data points in a server overview showing factual data valid for everyone the same way. Load (= bandwidth usage), number of clients and RTT between the servers are factual data valid for everyone, whereas your own latency and "connection quality metrics" are the result of your client's configuration, connection type and its config, ISP, routes, etcetc. I mean, what is even the definition of "connection quality" in your own words? Preferably something that is valid for you, me and the random reader of this thread at the same time.

Kinda unrelated but this server has been going down a lot in the last few weeks.

Kornephoros is airvpns better 10gb server in canada. it almost gives me full speeds on my home server(connected via wifi) funny enough their now decommissioned wurren was a pretty crappy in my experience. i was never able to get more than 80mbit on wurren even though it was also supposedly a 10gbit server... even regular 1gbit server outperformed wurren

That's incredible! It seems the server hardware wasn't that bad; perhaps it was just maintained two days ago? Or maybe the hardware was replaced? I see that this server only has 280+ users. Could it be a user issue? More users using the Wireguard protocol can indeed bring higher bandwidth usage. If the AmneziaWG protocol becomes widespread, it would be incredible if even 10G servers could be fully utilized.😄😄😄

Maximum of 7.3 Gb/s on Terebellum. I think most users are probably not using that much bandwidth to push the 10 Gb/s servers to their max.

@Stalinium Yes, the packets you obtain yourself are better suited to your network environment. If you find that troublesome, you can also try other people's parameters. Here are my parameters. Jc = 8 Jmin = 86 Jmax = 892 S1 = 0 S2 = 0 H1 = 2 H2 = 3 H3 = 4 H4 = 1 I1 = ... I2 = ... I3 = ... I4 = ... I5 = ... CPS I1-I5(bing.com-initial QUIC).txt

This wouldn't really interact with the existing port forwarding system at all. The point is to not have to forward any ports at all, all traffic to your public IP would automatically be forwarded to you, circumventing the entire port forwarding mechanism. The advantage is that you don't have a limitation on the number of forwarded ports anymore or restrictions on which exact ports are available. You'd have access to the entire range of 65535 ports. This is useful for several scenarios, for example if you have multiple clients that need port forwarding you run out very fast. It's also useful for punching through restricted networks or heavily NATed/CG-NATed networks and get a publicly addressable IP. Useful if I want to e.g. share a file with someone on IRC but we're both behind CG-NAT, or if I want to spin up a http server to show off a demo but the cafe I'm at blocks incoming port 80. As for the server infrastructure, stateless address translation is less resource intensive than stateful NAT, so the more popular of a feature this is the less the routing overhead on the servers will be. There's plenty of ways for spammers and other evildoers to do that for free already, they wouln't need an AirVPN subscribtion to get trillions of ipv6 addresses. Which is why with ipv6 nobody blocks on a per-address level, but prefixes.

Jc = 10 Jmin = 53 Jmax = 488 S1 = 0 S2 = 0 H1 = 2 H2 = 4 H3 = 1 H4 = 3 I1 = <b 0xc800000001142041eb35d428321d4c7b5a54f4a25b2eb42b1473144d6f82c2a7fb72748e0ec1cb05dbee502b24ad1f008000047c54b2c6fd1b8d38cc5b2898ffb4ab45a98e34500df11f17d7a00e6feee8b1689e65d3de8267c53ab147353c33bb36072efc65b807af56031e5531651e06f604b15a2cffe4ac57a2611c5b4ed0de39c051de95ad48ca096859db12be3164a2b4c4780c20889a6d9f592cb30b7c0de1636492f9c708ba5ef94c62ff52355782fdc80a7cb7c271004b31164f17ae1164b2a6879182d4e43c06cc29803ee6817da5f08a2c43757cc0f1748ef45fd8b69559b96ecc22828bf5eb9c5796db363da6cd1e675808ff1fa60ed2f226ea9347b6aead0a77419dbea8c03053c6c78e98652faa8b3d7c266d508586f2bc642b55adadbfbeae7d36bf1555e5769b8bf21f81908da3418882937d394e73284fa254926373aeb3d9093f837281c533688e29dacf3d798a36e32ae5d06683b4fba6031652f3abd817d4e585dc8682d2fc661d58242f9148cf051ecd0bfc4d3d1ebbd5db752567389710d3f39d963e01d39240e79a83e5043455609733b00cf2abec95270125882327c93bb2702d2beb03fcf8e5df1234e10f28768d76458f5380a256c27d6623774deabcd327c845e1398006bf288fd3732ea36d13a661ee551d024403283bfde1213ff4e767fefac1db3a2555ae0ffc5ab72251c269bc5115cf4bb65280ffa35c62468801e191131d35ad081659abb97a8fbe26049556ffe87f4d7f592a6f4423133e79661a26928511288cf98e54e34a4e8ecdd4d8c6e1af469ded38a159d625e45e549b3a711ef293f7930040c72b7cd975045ed7e629b60104cced6cb5afb75712eefd60bd705c040bf2143de63d2f637f825c69e53034e183aadb94858d63f2506d42d4faed810ba98172d2340b9d2eb63a4665a5480124f6ce5369cccf2bf18d512fc1b52c0ae7f64ca4380a17d19882b69bcda00277f73b8e02160cddfd913b807149e8519cfbdcb216b80a377a735ad31b87b41c7fb966ebcaae7213e6d4915beb845f926f6e29a284ea11a4f3a63ed22a61d0110cd33b1c31a8a0538b312e9266b773621cdeb9aa862db0d99e04b3cfa1e9ab03ff35cf6a6d3b72be1a6e039104547f9041e007d02c3769510d507f07ea3ebf38a326a9d82977a1cd32b25af02ccf1ddac08389dfb0a30932161f20b53b7a19b6fa8850d86f67b4420eb65f5ed45ba282ad1b82bf341cb9ad3b36437a1f007ad98ce2058fef118a650c908ac9c8cfaffc6eb37f203946a05b1d1698a0e325fc25594d41df81e5984486209aaf3ec854bea023663a7b8c63d31aea21921dcfca5d828b10fca0dd0855ffcaf4e9f0ae83372ff1674f2229954b7dd5dedff81a34aea41537f4536a86a746fa1e28c06985bc029e76df04d383fa7559679d67aa53e153663653ea75cc29a400e20f7ec5c55d13669d08eb9a5615b6871f51c08fde02ddb3bdaa0cc28ef207c6ff51f52bbd3cd49fab6708db0ccda23c7cfd6bd7aae5143b4a88aedf4d232ef39645ddb5bfe794b3e7175cb0b355c4f44df07b53bc48c11e80c3b62319f6a26f8a9b300306c2077b3c0a06028ed9cc2ffabb9984500cd98420b58a6649be2ac1969c3cc2b2fe62dae03c4e48b080ae812c7e105f45fc4ad3544e46d38e25662177644d6ea87e99a892> It is highly preferred that you get your own QUIC packet for I1. You could do that with Wireshark and "curl --http3-only (possibly any Russian website that is whitelisted)" . Select first QUIC Initial packet, right click "QUIC IETF" below -> Copy -> Copy as a Hex Stream. (Mozilla Firefox QUIC packets did not work for 16 kbyte blocked subnets for me)

I'm also confused. Perhaps the hardware isn't powerful enough? A 1Gbps server can handle 100+ users with 80% bandwidth utilization. This means a 10Gbps server would need 1000+ users to achieve the same 80% bandwidth utilization. However, in reality, a 10Gbps server experiences a significant speed drop when handling 300+ users, seemingly unable to keep up. It would be better to label it as a 3Gbps or 5Gbps server, as the actual speed difference from the advertised 10Gbps is substantial. If that's the case, it would be better to replace one 10Gbps server with ten 1Gbps servers. Maybe that's the case? I think AirVPN may have leased a 10Gbps network in the data center, but the servers can't handle that 10Gbps network. Isn't that a waste of resources? I think AirVPN can increase the number of 1Gbps servers as much as possible to make full use of network bandwidth, which would also save on server costs for AirVPN, wouldn't it?

I've seen this happen on Vindemiatrix, and I think it happened on Taiyangshou today as well (maximum is 4.8 Gb/s but that is average so likely it did surpass 5 Gb/s). I still wonder why overall bandwidth utilization of 10 Gbps servers are low (<50%), is this just due to scaling?

less than 100GB

Hello! Starting from version 2.3, firewalld by default owns exclusively nftables tables generated by itself, thus preventing Eddie, Bluetit and Hummingbird Network Lock related operations. If you want to have Network Lock enabled and firewalld running at the same time, then you must configure firewalld by setting the following option: NftablesTableOwner=no in firewalld's configuration file, usually /etc/firewalld/firewalld.conf . After you have edited the configuration file with any text editor with root privileges, reload firewalld configuration or restart firewalld, and only then (re)start Bluetit, Hummingbird or Eddie. Additional insights: https://discussion.fedoraproject.org/t/firewalld-add-flags-owner-persist-in-fedora-42/148835 https://forums.rockylinux.org/t/rocky-9-5-breaks-netfilter/16551 Kind regards

You're on fiber, right? Because if so, you are not the first with this, and you won't be the last. I can't wrap my head around it myself because I don't know anyone who is on fiber to test anything (I'm in Germany, after all), but all the people before you suggest that OpenVPN is problematic with fiber connections.

Hello, could you please make a tutorial? I tried this but Im doing something wrong, because the client cant connect to the AIR servers after I set the firewall rules ... A permanent network locker is for other vpn providers normal, but here? Why you dont just make a option in the Eddie client? Anyway a tutorial would be great

hello people, i have a question because of the network lock in airvpn, i activated it but 1 problem: its only working when the AIRVPN client is started, i chose airvpn auto windows start but the problem is that still with ssd its taking maybe 5 seconds to start (it starts with loading beam). the question is how can if fix that? example: the airvpn client eddie crashes (latest version ofc) -> my internet IS UNPROTECTED! thanks for any help regards