Leaderboard

Hello! The problem affects those users who run Eddie Desktop edition with OpenVPN and never logged out for more than a year, or use OpenVPN clients with configuration files generated before 2021. Since Eddie Desktop edition re-downloads certificates and keys only when the operator logs in, locally some certificates have expired because we extend their expiration date automatically at least one year in advance (three years normally). Please try the following procedure to quickly resolve the problem: run Eddie on Eddie's main window uncheck "Remember me" log your account out log your account in (you'll need to re-enter your AirVPN credentials) try again a connection Kind regards

pfsense warned me last month that some old certs were expiring so I'm not surprised that some people are seeing this results. It's unfortunate that software (eddie) or this web site didn't warn people they were using certs about to expire.

I agree with your sentiment - it takes a lot of time when you're unfamiliar with this stuff and are already busy doing something else. But it is easier than it seems. To renew the certificate: - Go to https://airvpn.org/ - Sign in - Select the "Client Area" tab - Under "VPN Devices" click the "Manage" button - Click the "Details" button - Click the "Renew" button Then do what Staff says in the above post: - run Eddie - on Eddie's main window uncheck "Remember me" - log your account out - log your account in (you'll need to re-enter your AirVPN credentials) - try again a connection

Great thank you very much, everything works again It was all stupid Thanks again

Hello! Please try the following procedure to quickly resolve the problem: run Eddie on Eddie's main window uncheck "Remember me" log your account out log your account in (you'll need to re-enter your AirVPN credentials) try again a connection Kind regards

According to this definition there is no censorship at all anywhere enforced by governments, not in North Korea, not in France, not in China... Please note that your definition is pure fantasy, if not insulting. Censorship is exactly suppression of speech, public communication, or other information subversive of the "common good", or against a given narrative, by law or other means of enforcement. The fact that censorship is enforced by law or by a government body does not make it less censorship. Furthermore, historically censorship was an exclusive matter of some central authority (the first well documented case is maybe the censorship rules to preserve the Athenian youth, infringed by Socrates, for which he was put to death, although the etymology comes from the Roman Office of Censor which had the duty to regulate on citizens' moral practices) and today censorship by governments is predominant. Even In modern times censorship through laws has been and is predominant and pervasive according to Britannica and many academic researches. Then you can discuss ad nauseam whether censorship by law is "right" or "wrong", whether France's censorship is "better" than China's censorship, but you can't change the definition of censorship, otherwise this discussion will become delirious. Kind regards

They're also living under the assumption that government is benevolent and righteous. Have they forgotten that the government of the very thing they detest (nazism) made illegal many things...was it ok because the government made them illegal?

Same problem here. Suddenly today. Downloaded latest version and installed just in case. There must be something wrong other than here locally? The suggested fix is way too complicated... That was lazy.. pointing to a description of ten thousand words to do something that probably is easy... Please give a step by step way to fix this without a million other things mixed in.

Hello! No, it was not and it is not. Every and each machine runs on non-affected Operating Systems, typically FreeBSD and Debian 12. Debian 12 trivially is not affected because it does not include (in the official repositories we point at) the exploited xz versions 5.6.0 / 5.6.1 (and of course we did not build them from git) while in FreeBSD: Gordon Tetlow, security officer, https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html). Kind regards

I use Cloudflare for my site and it's exactly as you said. See https://developers.cloudflare.com/waf/reference/cloudflare-challenges/ for details. To my knowledge, website admins can't disable these challenges if an IP has displayed suspicious behavior.

Hey all, Just made the switch to Air today. Like many of you, I jumped ship due to another popular VPN service ceasing support for port forwarding. So far I'm loving what I've seen from the community and the actual real communication from AirVPN themselves, that's awesome to see. In a way I'm glad this happened as I was forced to discover Air. What I am missing however is the speed. I know the Aussie server was added and swiftly removed due to Australia's oppressive privacy nature, and I completely understand this. I also am grateful a second NZ server was recently added. Having said that, I'm struggling to break past 300mbps out of a 1gbps connection where previously I was cracking around 700mbps. Granted that service did provide 10gbps Australian servers in my city, I'm wondering if anyone else from Australia has tweaked anything with good results like MTU sizes etc, or if perhaps making one of those NZ servers 10gbps is considered or planned at some point. I hope it's obvious I'm in no way complaining about Air, I really like it, though I feel with NZ being the main line to the Australian client base, those servers should be pretty beefy. As beefy as feasibly possible in fact. Simply more bandwidth would absolutely round out Aussie satisfaction with what is really our 1 of 2 options now. It's really our only option if you care about static port forwarding. Thoughts? Cheers.

I would highly like it if AirVPN upgraded their servers to 10Gbps as quite often the NZ servers are very busy. No wonder why it is hard to get max speeds if they are this busy. I have sometimes seen them like 1800Mbps bandwidth throughput. Don't get me wrong, AirVPN is a good service, I just feel they need more Bandwidth in some locations like NZ because in NZ we have super fast Fibre connection speeds, some households have 1Gbps or more and that can easily use all bandwidth on the VPN server.

I'd suggest you to move the wireguard configuration file to /etc/wireguard then make that folder accessible for the root user only sudo chown root:root -R /etc/wireguard && sudo chmod 600 -R /etc/wireguard then enable the systemd service to launch it at startup with systemctl enable wg-quick@here_goes_the_name_of_your_config_file_without_the_.config_extension

Hello! Only if Network Lock option is enabled you can safely switch servers "on the fly", because Network Lock will prevent any possible traffic leak outside the VPN tunnel. Kind regards

Hello! You can either use the OpenVPN version packaged with Eddie, Hummingbird, or another version, as you prefer. To change OpenVPN version selected by Eddie, please install in your system the OpenVPN version you prefer; then, run Eddie and from its main window select "Preferences" > "Advanced". Beside the "OpenVPN custom path" field please click the file requester symbol to navigate through your file system and choose the proper OpenVPN binary file. Finally click "Save". Alternatively just type in the field the binary name with the complete, absolute path, and click "Save". Kind regards

Hello! It does. End-to-end encryption ensures data integrity and confidentiality between you and the recipient. End-to-end encryption must be used, properly and correctly, no matter what (with or without VPN, with or without Tor...). By adding AirVPN you enhance your privacy as nobody in the middle (including your ISP) comes to know that you and your recipient are communicating with each other (if necessary, you may hide your identity to your recipient too). As the Electronic Frontier Foundation pointed out, knowing who communicates with whom is a sensitive information which can be used against citizens' privacy even when the communication's content is encrypted. In this peculiar sense, privacy enhancement is also a security enhancement. In this specific case the AirVPN additional protection may or may not be necessary, according to your threat model. Let's imagine an hard case: your threat model includes an adversary which systemically wiretaps your lines. When this happens, hiding to that adversary the location of where you're uploading important amount of data is a layer of protection in itself: it may be a very good thing, and indeed a security feature, to prevent your adversary to know which datacenter you rely to store your data and so on, even when everything is encrypted. This is a real security enhancement (you cancel the knowledge of a crucial access point from the attack surface): even if the adversary can't decrypt your data, it can either destroy them, make the machine where they are stored inaccessible, or further encrypt them to ask for a ransom, if it comes to know their location and cracks the access system. Avoid it whenenver possible, but there are some cases where it comes in handy. Imagine that you have to cross the borders of a country with questionable practices towards foreign citizens and you want to avoid a compulsory, time-consuming and stressful analysis of your mobile devices or laptop (with the obligation to provide the decryption password, otherwise you will be charged as a criminal). To avoid this hugely stressful and time-consuming action, the usual solution is to upload the complete device image (heavily encrypted of course) to a service that you know you can access from abroad, and download and restore the image well after you have crossed the border. So you can cross the border with a dummy phone/tablet/laptop completely empty of any of your sensitive data, with just a few apps to make the inspection and intrusion quick and painless, or with no device at all, and then buy a new one and restore the image you have stored on some globally accessible server (of course, some passwords must necessarily remain stored in your mind). Kind regards

Hello! We inform you that all Latvia servers entry and exit IP addresses are being changed. The list of servers by name can be found here: https://airvpn.org/status - search for "Latvia". If you run Eddie Desktop edition, Eddie Android edition, or Bluetit + Goldcrest, no action is required as the software will update automatically all the data. If you run any program based on configuration files containing specific references to IP addresses of Latvia servers, then you will need to re-generate the file(s) after the operation has been completed. You can do it as usual through the Configuration Generator available in your AirVPN account "Client Area". If you use Latvia servers as a gateway to restricted services based on filtering anything different from Latvia servers exit IP addresses, please act properly to avoid any lock out. This major change is part of a series of operations that will allow a much needed and used AirVPN feature to be significantly powered up. More on this in the near future. Kind regards & datalove AirVPN Staff

Right, I'm now up and running again after re-flashing my router to the latest version of DD-WRT. Using the same keys and certs as before, but now it just works. The main difference I can see is that the new firmware is using OpenVPN 2.5. The problem I have now is getting my NAS setup working, but that's nothing to do with the VPN side of things... 👍

Hello @Staff can you please tell me how the speed is calculated and what is the delay between each update. Im currently breaking the record but my downloads are always finished when it update.

Thanks for reply. This is where it gets complicated. 1. OpenVPN wants a ta.key (presumably to go with the ca.crt?) at service.vpn.manager/Downloads/AirVPN But 'Advanced' Config Generator doesn't seem to generate that file, instead it generates tls-crypt.key (not sure here??) Fixing that looks like a rabbit hole to me! 2. Switching to WireGuard looks to be a better solution long term, but (unless anyone can point to easy install on Raspberry Pi OSMC??) that also looks like a rabbit hole! While v much respecting AirVPN staff, the problem looks to be that regular Config Gen is including a now out-of-date ca.crt file - as of 8th April. That is, if I delete all VPN files (using the OpenVPN Utility), new ovpn files from regular Config Gen include the out-of-date ca.crt file. I'm sure there are sound reasons why you don't want to fix that, but for me this seems to mean AirVPN no longer works on my setup, which is a shame. All help gratefully accepted. Thanks.

@eltznth Hello! Yes, TLS Crypt seems fully supported. Set the "TLS Control Channel security" combo box to "Encrypt channel" Set the "Compression" combo box to "LZO Adaptive" Check "Verify certificate" Do not enable server certificate verification by name, leave the "Verify server certificate" combo box to "No". Kind regards

Hello! You need to re-generate your configuration files through the Configuration Generator available in your AirVPN account "Client Area". Explanation: https://airvpn.org/forums/topic/58289-openvpn-certificate-has-expired/?do=findComment&comment=231319 Kind regards

sha1 being used which is for old tls-auth configs but only staff can quickly say if the entry IP is 1 or 2 and not 3 or 4. that is to say, I'm guessing you and several others are getting tls-auth and tls-crypt things mixed up. edit: Ok I see your post below mine that shows you used a tls-auth config.

Hello! No, they remain in the same one. Even same rack, same switch etc. Kind regards

Hello! Problem confirmed and under investigation. It is caused by an unexpected sluggishness of the first bootstrap server. If the first bootstrap server fails, Eddie will try the second one (timeout: 45 seconds), and then the third one (again 45 seconds timeout) and so on, so everything will work although the initial connection gets delayed. EDIT: problem solved. Kind regards

Hello! This new problem is unrelated and it is caused by an unexpected sluggishness of the first bootstrap server. We have opened an investigation just while you were writing the message. If the first bootstrap server fails, Eddie will try the second one (timeout: 45 seconds), and then the third one (again 45 seconds timeout) and so on, so everything will work although the initial connection gets delayed. EDIT: problem was solved at 6 PM CEST. Kind regards

Thanks, this solved the problem for me.

Thanks to all staff and members for your quick response - Eddie is now up and running as before. I found that once you log out and go to log in again it's best to delete and re-enter your username and password to log in. Thanks again everyone

Thanks, renewing the key in the "client area / manage VPN devices" worked for me, too.

Looks like a lot of people are having the same issue today! The fix suggested above (renew, log out, log in) worked. Thanks!

Thanks, renewing the key in the "client area / manage VPN devices" worked

I believe you don't set VPN_ENDPOINT_IP, rather try using SERVER_NAMES. Also for port forwarding, change it to FIREWALL_VPN_INPUT_PORTS=41870. You can find more information here: https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/airvpn.md. If the server you want is not on the list then just follow the instructions for custom Wireguard configuration, which can be found here: https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/custom.md. Hope this helps!

@Pi77Bull Thank you very much, we will investigate the problem. At least the units are fine. Note that you didn't need firewalld installation, so you can safely uninstall it if you wish so. You didn't need to remove ufw.service in the "Requires" line as well, it is ignored if missing. The main problem (which does not occur in Debian) now is in Bluetit itself, which waits forever for a network connection that's already available. We are investigating and we will keep you posted! Kind regards

That depends who you are hiding the sensitive, private data from, and whether it was already encrypted before you sent it through AirVPN. If who you are hiding it from has no power over the jurisdiction of the AirVPN server you connected to AND no power over the jurisdiction that you are sending your data to, NOR over any intermediate points between the AirVPN server and the final destination of your data, and the data was not encrypted to begin with, then yes, your security has improved a little, because your data is now being decrypted in a jurisdiction that your adversary has no power over. In this sense, AirVPN prevents adversaries from sniffing your data. However, in today's internet, it is bad practice to rely on your adversary not being in any jurisdiction, because it is hard(but not impossible) to know the full path that your data travels over, especially once it leaves the AirVPN server. It would be better if you had encrypted the data BEFORE sending it through AirVPN. If the data was already end-to-end encrypted so that only your intended recipient can decrypt your data, then AirVPN helps only in the sense that 3rd part observers will not know that YOU are the one sending data to your intended recipient(provided that your recipient is not cooperating with your adversary and has not been compromised by your adversary). If your goal is to hide your data from everybody other than your intended recipient (this would be the norm), but you do not care that people see that you are sending something to your intended recipient (provided that they cannot understand what you are sending), then using AirVPN would not really improve your security. If your goal is to hide your data from everybody other than your intended recipient and you do not want them to know that you are even sending anything to your intended recipient (they will still see that you are sending something to AirVPN, not that they can understand what you are sending), then yes, AirVPN does improve your security. Either way, it would be best to encrypt your data end-to-end before sending it. DO NOT rely on AirVPN to keep the data encrypted end-to-end, because the only way AirVPN can send the data to your recipient is to decrypt your data and send it to the recipient.

Hello! If you run Eddie Desktop edition you can pick a specific server from the "Servers" window, or you can let Eddie pick a server automatically. If you run Eddie Android edition you can pick a specific server on the "AIRVPN SERVER" view, or you can let Eddie pick a server automatically. If you run Goldcrest and Bluetit, you can pick a server through the proper option air-server in Goldcrest or airserver Bluetit run control file. If you run a program which reads a configuration file, for example the official WireGuard or OpenVPN software, you can generate as many configuration files as you wish from the Configuration Generator available in your AirVPN account Client Area. Generate configuration files according to your needs. The guide to getting started is available here: https://airvpn.org/forums/topic/18339-guide-to-getting-started-links-for-advanced-users/ Answers to frequently asked questions are available here: https://airvpn.org/faqs/ Kind regards

Looks like the old.reddit method doesn't work anymore but found a great solution if you're a ublock origin or adguard user. copy/paste of reddit comment so blocked users can see it. Go to your uBlock Origin / AdGuard filter settings page and add this custom filter (in uBlock Origin it's under the "My filters" tab): reddit.com#%#//scriptlet('set-cookie-reload', 'reddit_session', '0') This will automatically create the reddit_session cookie as described in the post above. You have to make sure that you are using the latest uBlock Origin or AdGuard extension, because the cookie filter syntax has only been added recently to uBlock Origin. (The above filter only works with uBO version 1.53.0 or higher) Here are some more techy details about the cookie filter: It will create a session cookie, which will only last until the browser is closed. (This is good because see 2. and 3.) You will not be able to log-in to reddit while the cookie is set. (Also applies to manual method in the original post) If you want to log-in to reddit, you will have to remove or comment out the custom filter, then close and re-open your browser. Doing this will clear the session cookie and prevent your adblocker from automatically creating the fake session cookie again. You can comment out custom filters by prefixing them with an exclamation mark, e. g.: !reddit.com#%#//scriptlet('set-cookie-reload', 'reddit_session', '0') The cookie value is set to '0', this is a limitation of the new cookie filter syntax. Can't make it empty as of now unfortunately. It works fine with the value set to '0' though. reddit comment

Thank you. This works.

We see you managed to solve the problem, welcome back! Kind regards

wireguard is UDP only i believe so the auto is just choosing UDP

Actually, it is possible to chain AirVPN connections so that you enter from one country and exit from another, if you are using Linux. Keep in mind though that doing so will consume 2 airvpn sessions out of the 5 you are allowed instead of just 1. To do that, here are the steps you need to follow: 1. Set up a systemd-nspawn container that connects to the AirVPN server in Miami 2. Keep in mind the entry ipv4 of the AirVPN server you want to exit from. You can find this in the Endpoint= line in the wireguard conf you download. 3. Set up IP Masquerading in the container from step 1 using iptables -t nat -A POSTROUTING -i host0 -o (name of AirVPN wireguard interface) -j MASQUERADE 4. Remember to also allow ip forwarding on both the contaienr and the host machine 5. On the host machine, run ip rule add to (whatever entry address the miami server has) lookup main and ip route add (whatever the entry address of the airvpn server you want to exit from is) via (whatever the address of the systemd-nspawn container is). 6. Adjust the MTU of the inner VPN(the one where you want to exit from) to 1340 7. Start the inner VPN 8. Run ip rule show. Make sure that whatever ip rule that wiregaurd setup has a lower priority than the rule you entered in step 4. If you need more help, feel free to ask.

Hello! Please test Eddie 2.24: https://airvpn.org/forums/topic/57401-eddie-desktop-224-beta-released/ Eddie features support with proper DNS management for every systemd-resolved (a ramshackle systemd component that would have the ambition to offer name resolution to applications) mode from version 2.23.2. Previous versions do not handle correctly a specific systemd-resolved working mode which will cause DNS leaks. If you're running some older Eddie version, including the current stable release, and your Mint has systemd-resolved running and working in on-link mode bypassing /etc/resolv.conf, we may have a rational explanation of the situation. However, the discrepancy between https://ipleak.net and the web site you mention remains unexplained. Kind regards

I've said it, I'll repeat it, even if Fred is right: "Most people don't want to hear the truth because they don't want their illusions destroyed" - Friedrich Nietzsche Regardless of what Proton or any Swiss service claims, Swiss law OBLIGES any "telecommunication company" to intercept and keep "ANY DATA" in "UNENCRYPTED FORMAT" which transits in or out of its country borders, for "AT LEAST 6 MONTHS" for the event law enforcement "ASKS". The asking part is without need for a court order or investigation warrant. The unencrypted part is where the telecommunications company becomes liable for any alleged wrongdoing which they can not provide the information unencrypted of. You can blame Swiss based services to not clearly advertise this. You can't blame them for complying, it is their arse or the wrongdoers... The pressure point is who "stores" the data. For example VPN keys at for example Proton, anyone? Since it can be asking without warrant or court order, it does not oblige law enforcement to do anything with it … They can let you stink for years, and when it matters to the Swiss use that as a pressure point to obtain something else they suddenly may want from you. Classic Swiss. Now it is particular: any connection going through the border. So if you are in Switzerland and your connection and data stays in Switzerland, well, the obligation does not exist. (as if a company will bear the cost burden to differentiate …) No, its just the Swiss don't like their secrecy shit kept, because if so and if ever used in court the public prosecutor has to order the destruction and inadmissibility of the evidence and it becomes an awkward display. Imagine if someone took it to ECHR, the only leg would be national security, no longer national interest or catching bad guys. AVPN (may) does not log connections, and (may) does have a good contract with their Swiss data center. Reality is the Swiss data center has to log anything which crosses the border for the Stasi . You're only a little safer if the keys can not be found in Schwein-e-land. Not saying the other countries are better, but Swiss services (dare I misbehave and suggest crooks?) like Proton, crap away from them as far as you can. If you like the Swiss funny concept of privacy and security, pay attention to certificates of web sites like Zoho being "safe" and "private" because hosted and served from Sierre for example There is no such thing as privacy online, only making life a bit more difficult to those who wish to know the colour of your underpants, when you last did your laundry, and what detergent you used...

Yeah, same experience here. I keep going back to Eddie when new releases come around or the mood takes me and I tried it again a few days ago. Using Wireguard I got the same drop outs but with Openvpn it is still connected after three days now on both an S9 tablet and an S22 mobile, both Android 14. After figuring out a tasker profile to monitor Eddie's notification entry, which just altered a widget on screen, I then thought I'd try ways of restarting it if it dissapeard. Using Autoinput was my first thought but that is messy and not a reliable option in this instance. So I thought of intents which I have messed with but only by copying what others had done; never come up with my own stuff. I found out you can generate a package manifest using Android Studio which contains some or all of the intents the package listens for so am going to try that and see what it comes up with and then try some things. I'll post with updates if there are any!

I have the same issue, and I hope there's a solution besides disconnecting from the VPN server or resorting to Tor just to peruse a few Reddit comments. It seems every day more and more restrictions / blocks are being applied to AirVPN IP ranges, probably other VPN providers as well. The number of websites I encounter being blocked by Cloudflare, Sucuri, or GoDaddy increases by the day. It's getting ridiculous.

Perhaps DeepL's machine translation is failing me here, but it looks to me like the article only mentions that most bomb threats targeting airports are sent from IP addresses in Switzerland. Then they point out that Proton is a Switzerland based company who, in the past, has provided user identities to courts, but it does not say that this bomb threat was sent from Switzerland or whether Proton unmasked the perpetrator.

I want to pay for one month plan , does anyone know where I can get a coupon code over 10 percent off? Can I pay in dollars or everything in EURO?

Yes that is what I assumed. The UDM demands you put a username and password in along with the ovpn file. Turns out you can put any old nonsense in for both and will connect without an issue

Does the IP (as shown when you go to myipaddress.com on your client) ever change if you always connect to the same server. Is there a rotation of IPs?

The United States is an enemy of the Internet. More and more our technology and communications are captured illegaly and stored for many years and then used against us in court. The government seems to sincerely believe that it owns the Internet and regulary hacks into foreign servers to retrieve data, seizes domain names, etc. and any citizen who can be considered a hacker under broad laws will be thrown in prison. My warning as a US citizen is to watch out, encrypt, keep everything secure, keep data offshore, and avoid any US-influenced entities such as ICANN. Thank you AirVPN for the great continued service. I've been using multiple VPN connections almost constantly for the past year everywhere and as far as I can see that will continue