Leaderboard

Hello! We're very glad to announce that Eddie Android edition 4.0.0 has been released This is a major update: for the first time Eddie Android edition features AmneziaWG complete support. Eddie Android edition is a fully integrated with AirVPN, free and open source client allowing comfortable connections to AirVPN servers and generic VPN servers offering compatible protocols. Eddie 4.0.0 aims primarily at adding, besides the already available OpenVPN and WireGuard, a thorough and comfortable AmneziaWG support. Source code available on GitLab: AmneziaWG is a free and open source fork of WireGuard by Amnezia inheriting the architectural simplicity and high performance of the original implementation, but eliminating the identifiable network signatures that make WireGuard easily detectable by Deep Packet Inspection (DPI) systems. It can operate in several different ways, including a fallback, "compatibility mode" with WireGuard featuring anyway various obfuscation techniques. What's new in Eddie 4.0.0 AmneziaWG support Amnezia WireGuard API stronger anti-blocking logic: ability to log in to the service and download AirVPN infrastructure and user data while connected through a profile with a specific option on the left pane ability to read and use local user data when bootstrap servers are unreachable CPS packets database of 30+ real websites, currently allowing accurate QUIC + HTTP/3 traffic mimicry to and from real web sites through AmneziaWG CPS. Each entry is easily selectable and identified by a clear label support for wrapping both IPv4 and IPv6 traffic over an IPv6 tunnel with WireGuard and AmneziaWG (previously available only with OpenVPN) new "Open with..." option on top of the usual "Share" (now renamed "Export") option to manage and export comfortably generated profiles on any Android version with any suitable application updated AmneziaWG parameters allowed ranges support of latest AmneziaWG padding features vastly improved NetworkMonitor and Tile Service updated OpenSSL, OpenVPN3-AirVPN and WireGuard libraries full compatibility from Android 5.1 to Android 16, including Android TV bug fixes see the complete changelog here: https://gitlab.com/AirVPN/EddieAndroid/-/blob/master/ChangeLog.txt?ref_type=heads AmneziaWG overview From the official documentation: https://docs.amnezia.org/documentation/amnezia-wg AmneziaWG offers: Dynamic Headers for All Packet Types (compatibility with WireGuard: YES) During tunnel initialization, the library generates a set of random constants applied to each of the four WireGuard packet formats: Init, Response, Data, Under‑Load. These constants: As a result, no two clients have identical headers, making it impossible to write a universal DPI rule. Replace predictable WireGuard packet identifiers; Shift offsets of Version/Type fields; Modify reserved bits. Handshake Length Randomization and message padding (compatibility with WireGuard: NO) In WireGuard, the Init packet is exactly 148 bytes, and the Response packet is exactly 92 bytes. AmneziaWG adds message paddings: S1: int - padding of handshake initial message S2: int - padding of handshake response message S3: int - padding of handshake cookie message S4: int - padding of transport messages Offsets of the remaining fields are automatically adjusted, and MAC tags are recalculated accordingly. In order to keep backward compatibility with WireGuard, S1, S2, S3 and S4 must be set to 0. Obfuscation Packets I1-I5 (Signature Chain) & CPS (Custom Protocol Signature) (compatibility with WireGuard: partial, with fallback) Before initiating a "special" handshake (every 120 seconds), the client may send up to five different UDP packets fully described by the user in the CPS format. In this way AmneziaWG can mimic perfectly QUIC, DNS and other protocols adding powerful methods to circumvent blocks. QUIC is particularly interesting as HTTP/3 is built on it and currently, from Chrome and other compatible browsers, 50% of traffic to/from Google is QUIC traffic. Therefore, blocking QUIC may have major disruptions for any ISP. Note that a CPS database of 30+ real web sites is available in Eddie Android edition: you can activate CPS mimicking traffic to real web sites with a tap. Eddie will take care to compile properly Amnezia's In parameters for accurate mimicry. Junk‑train (Jc) (compatibility with WireGuard: YES) Immediately following the sequence of I-packets, a series Jc of pseudorandom packets with lengths varying between Jmin and Jmax is sent. These packets blur the timing and size profile of the session start, significantly complicating handshake detection. Under‑Load Packet (compatibility with WireGuard: YES) In WireGuard, a special keep-alive packet (“Under-Load”) is used to bypass NAT timeouts. AmneziaWG replaces its fixed header with a randomized one, the value of which can be set manually. This prevents DPI from filtering short ping packets, ensuring stable tunnel connections, especially on mobile networks. How to use Eddie with AmneziaWG To enable AmneziaWG mode, just tap the connection mode available in the main and other views. It will rotate between WireGuard, AmneziaWG and OpenVPN. Set it to AmneziaWG. In its default AmneziaWG mode, Eddie will use all the possible obfuscation, except protocol mimicking, that keeps WireGuard compatibility, thus allowing connections to AirVPN servers. The default settings choice was possible thanks to the invaluable support of persons living in countries where VPN blocks are widespread. Such settings have been tested as working and capable to bypass the current blocking methods in various countries. You may consider to modify them if they are ineffective to bypass "your" specific blocks. In Settings > Advanced, you will find, at the bottom of the page, a new "Custom Amnezia WG directives" item. By tapping it you will summon a dialog that will let you customize any possible AmneziaWG parameter. You can maintain backward compatibility with WireGuard in the dialog WireGuard section, or enable the full AmneziaWG support in the Amnezia section, which is not compatible (at the moment) with AirVPN WireGuard servers. This mode will be mostly valuable in a not distant future, when AirVPN servers will start to support AmneziaWG natively. You may also enable QUIC or DNS mimicking for additional obfuscation efficacy. In order to maintain WireGuard backward compatibility, with or without QUIC or DNS mimicking, you must set: S1 = S2 = S3 = S4 = 0 Hn ∈ {1, 2, 3, 4} H1 ≠ H2 ≠ H3 ≠ H4 Furthermore, do not exceed the valid limit of the J parameters (anyway Eddie will not let you do it). In this preview version, Eddie's formal control of the input data is based on the following document. We strongly recommend you read it if you need to modify manually parameters: https://github.com/amnezia-vpn/amneziawg-linux-kernel-module?tab=readme-ov-file#configuration Custom Protocol Signature with database included Working in AmneziaWG mode, Eddie implements QUIC and DNS mimicry and obfuscation packets for each specific "I" parameter (by using the corresponding "Generate" button). You can enable them with a tap on the proper buttons. You may mimic QUIC and DNS even to connect to WireGuard based servers. Please do not modify In parameters if you don't know exactly what you're doing. Eddie's CPS database is available at your fingertip for accurate mimicry of traffic to and from real web sites using HTTP/3 (other protocols may be added in the future), so you don't need to look for and enter specific sequences. Settings > Advanced > Custom AmneziaWG directives > Enable CPS > Presets > select the web site whose traffic must be imitated . Currently, you can find a database that contains more than 30 actual packet signatures and sequences of real web sites. Select one and Eddie will adjust all the parameters automatically and will use them in the next AmneziaWG connection. When you enable QUIC mimicking and you maintain WireGuard backward compatibility, you add a powerful tool against blocks, because the first packets will be actual QUIC packets. AmneziaWG will fall back to WireGuard compatibility very soon. However, when DPI and SPI tools, and demultiplexers in general, identify the initial QUIC flow, most of them will be unable to detect a WireGuard flow for several minutes. This has been tested thoroughly with deep packet inspection on Linux and FreeBSD based machines by AirVPN staff. Therefore, in different blocking scenarios the QUIC mimicry increases likelihood of successful block bypass. NOTE: the same does not happen with DNS mimicry. In this case DPI / SPI tools identify the stream initially as DNS, but are much quicker (just in a few dozens of packets) to identify the stream as WireGuard's, after the initial DNS identification. How to use Eddie in network where the "bootstrap" servers can not be reached Eddie downloads user and infrastructure data, essential to use the service, from special "bootstrap servers" through an encrypted flow inside HTTP. If the bootstrap servers are blocked or the underlying protocol to port 80 is filtered out, Eddie is unable to proceed. Starting from this Eddie 4 version, the ability to retrieve such data locally has been added. Whenever bootstrap servers are unreachable, Eddie can read the latest available local data to connect to a VPN server. Once connected the bootstrap servers are again reachable and the local data are immediately updated for future usage. The local data remain valid as long as you don't need to change user. On top of all of the above, Eddie can now retrieve such data through the login procedure that now can be started even when a connection to a VPN server was previously established via a profile. Therefore, when you are in a restrictive network that blocks access to bootstrap servers, you can connect through a profile generated by AirVPN web site Configuration Generator. After this first connection, log your account in to the service by selecting the specific option on the left pane, enter your AirVPN account credentials as usual and make sure that Remember me checkbox is ticked: Eddie will download all the necessary files and store them locally. This procedure is "once and for all", at least as long as you don't need to change account. After this initial connection, Eddie will be able to log your account in to the infrastructure, retrieve servers data and establish connections without profiles and without bootstrap servers, offering again full AirVPN integration even when bootstrap servers are unreachable. Only If you change account you must repeat the procedure. New: "Open with..." option added to "Export" option Different Android versions allow management of files with different restrictions. Different apps may support different intents on specific Android versions. To enlarge total compatibility, now Eddie offers two different options to export and manage files, including generated profiles. You will find the usual "Share" option (note: now renamed into "Export") coupled with a new "Open with..." option. Some apps support only one intent, other apps only specific intents on specific Android versions, and so on. By adding this option Eddie enlarges considerably the amount of apps you will be able to open and/or share files with. Download link, checksum and changelog Eddie Android edition 4.0.0 APK direct download quick link: https://airvpn.org/tv Eddie Android edition 4.0.0 is also available on the Google Play Store. https://play.google.com/store/apps/details?id=org.airvpn.eddie Changelog is available here: https://gitlab.com/AirVPN/EddieAndroid/-/blob/master/ChangeLog.txt?ref_type=heads SHA-256 checksum if you prefer to download from our web site and side load the app: $ sha256sum EddieAndroid-4.0.0-VC38.apk 12322926f12d45f8e918173ae30f88cdef03f0fe323f30abf00cef6c033d8dae EddieAndroid-4.0.0-VC38.apk Kind regards & datalove AirVPN Staff

Hello! Or that any "Network Lock" mode is disabled by setting "Network Lock" box to "None" in "Preferences" > "Network Lock" window (default: "Automatic"), as it is indeed the case according to the system report (important option not at default: netlock.connection false) and considering that the user's system does have nft and iptables-* installed. Splitting the different cases with different messages and logging them will be suggested to devs. Kind regards

Hello! We're very glad to announce that Eddie Android edition 4.0.0 Release Candidate 1 is now available. New CPS QUIC database: now Eddie features a CPS database of more than 30 real web sites allowing accurate QUIC + HTTP/3 mimicry of real services through AmneziaWG. Each database entry is identified by a clear label for immediate selection in the app's settings. Eddie will take care to compile AmneziaWG In parameters accordingly: no need for manual input, which anyway remains an available option. This addition significantly bolsters Eddie's arsenal against blocks. New: IPv4 and IPv6 traffic can now be wrapped over an IPv6 tunnel with WireGuard and AmneziaWG too. Minor bug fixes The original message of this thread has been updated accordingly. You will find on it the new download link and checksum, as well as detailed Amnezia description. If you decide to test, please report at your convenience any bug and problem in this thread. If possible generate a report from the app in a matter of seconds: by tapping the paper plane icon on the Log view bar rightmost side you will generate a full system report which will include both log and logcat and have it sent to our servers. Then you just need to send us the link the app shows you (open a ticket if you prefer to do it in private). Kind regards & datalove AirVPN Staff

They said earlier that it is coming to other platforms, but can't help but wish for it to come soon. SSH>TCP and SSL>TCP works so far, but some servers are weird in terms of speed and being able to connect on some days. Hopefully amnezia support for pc comes soon.

Hello! Available in "Settings" > "System" > "Application Filter Type" > select white or black list, then compile the list on the new "Select applications to be *listed" menu item that will appear. BLACK LIST enabled: all the traffic is tunneled except the traffic of the black listed app(s). WHITE LIST enabled: only white listed apps will have their traffic tunneled. Kind regards

I didn't bother waiting. Service seems worth it, I got a trial account and lived up to my expectations. Thank you

Most of the encryption algorithms are handled by hardware, using CPU extensions. But packet switching still requires vanilla CPU power. So yeah, CPU horsepower still required but not as much as the days of old. Also the newer, more efficient ciphers help a lot as well.

With 300+ users you would need some beefy CPUs in the server. I would guess that is the bottleneck, not the actual connection. VPNs are encrypted and require the processing power to handle the number of users connected. Not sure what their server specs actually are, but would be curious to know.

These are the AmneziaWG parameters I use in China. This set of parameters can reliably bypass the GFW. Staff can take a look. Jc = 20; Jmin = 50; Jmax = 1000; S1 = 0; S2 = 0; H1 = 3; H2 = 1; H3 = 4; H4 = 2;

Great! Eddie finally supports AmneziaWG, and UDP finally has a masquerade protocol. Another protocol has been added to the list of protocols for bypassing China's Great Firewall.

Do you intend to add it to PC's client at some point as well?

Hi Everyone! Over the years there's been advice to avoid μTP in torrent clients like qBittorrent and use TCP exclusively (when using a VPN). And I have followed this advice. But now I wanted to check in again to see if that is still the case - Is it still recommended to avoid μTP? I'm asking for two reasons - 1) when this advice first came out I think we only really had OpenVPN. Now the default is Wireguard. Does that change anything? And also 2) I recently had a couple of torrents I was trying to download and they were stalled and dead. But when I enabled μTP with TCP, they sprang to life and downloaded lickety-split. So, just wanted to see if anything had changed - or whether my experience was just an anecdotal one-off. Cheers!

Well, to give a completely rudimentary course in how to get it up and running: Assuming you use windows you go to the "Enter" tab on this site while logged in, click on the windows icon and download the client from there. You then install the client. Then you find the "AirVPN" icon on your desktop and click it, then choose "connect to a recommended server" and wait for it to finish connecting. Then point your web browser to https://ipleak.net/ to confirm it's working, and it doesn't show your real info anymore. This should get you started using it, at least. You should be safe with the default settings. I then recommend searching the forum for any specific features you wonder about with the client, if you need port forwarding to work you can look at some of my recent posts on here for example. Oh, you might want to turn on the network lock on the login screen as well.