Leaderboard

Hello! We're very glad to announce that Eddie Android edition 4.0.0 Release Candidate 1 is now available. New CPS QUIC database: now Eddie features a CPS database of more than 30 real web sites allowing accurate QUIC + HTTP/3 mimicry of real services through AmneziaWG. Each database entry is identified by a clear label for immediate selection in the app's settings. Eddie will take care to compile AmneziaWG In parameters accordingly: no need for manual input, which anyway remains an available option. This addition significantly bolsters Eddie's arsenal against blocks. New: IPv4 and IPv6 traffic can now be wrapped over an IPv6 tunnel with WireGuard and AmneziaWG too. Minor bug fixes The original message of this thread has been updated accordingly. You will find on it the new download link and checksum, as well as detailed Amnezia description. If you decide to test, please report at your convenience any bug and problem in this thread. If possible generate a report from the app in a matter of seconds: by tapping the paper plane icon on the Log view bar rightmost side you will generate a full system report which will include both log and logcat and have it sent to our servers. Then you just need to send us the link the app shows you (open a ticket if you prefer to do it in private). Kind regards & datalove AirVPN Staff

Hi, I'd like to suggest a feature that lets user to use a hostname that resolves to the best server from a user-defined list of servers. It will be similar to *.vpn.airdns.org but only resolves to one of the servers in the user-defined list. Eddie has a feature that works similarly by adding servers to allowlist. However, when Eddie can't be used, it is inconvenient. I hope you consider this suggestion. Thank you and have a nice day. Regards,

Hello! We're very glad to announce a special promotion on our long term Premium plans for the end of Summer or Winter, according to the hemisphere you live in. You can get prices as low as 2.06 €/month with a three years plan, which is a 70% discount when compared to monthly plan price of 7 €. If you're already our customer and you wish to stay aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day. Please check plans special prices on https://airvpn.org and https://airvpn.org/buy Promotion expires on 2026-03-31 UTC. Kind regards & datalove AirVPN Staff

Hello! We're very glad to announce that Eddie Android edition 4.0.0 beta 3 is now available.  New: AmneziaWG padding S3 and S4 parameters supported New: additionally enhanced ability to use locally stored user and servers data against bootstrap servers blocks improved AmneziaWG support taking into account latest documentation clarifications with experimental confirmations improved Tile Service updated libraries: now linked against OpenVPN3-AirVPN 3.12 and OpenSSL 3.6.1 bug fixes to resolve app instability bug fix to resolve tile button improper behavior minor bug fix Please find complete changelog, additional information and download link on the first message of this thread. If you decide to test, please report at your convenience any bug and problem in this thread. If possible generate a report from the app in a matter of seconds: by tapping the paper plane icon on the Log view bar rightmost side you will generate a full system report which will include both log and logcat and have it sent to our servers. Then you just need to send us the link the app shows you (open a ticket if you prefer to do it in private). Kind regards & datalove AirVPN Staff

Hello! Or that any "Network Lock" mode is disabled by setting "Network Lock" box to "None" in "Preferences" > "Network Lock" window (default: "Automatic"), as it is indeed the case according to the system report (important option not at default: netlock.connection false) and considering that the user's system does have nft and iptables-* installed. Splitting the different cases with different messages and logging them will be suggested to devs. Kind regards

Hello! We're not ignoring it, did you read the update on the first message of this thread? Kind regards

Youtube is asking for login now over all new UK servers.. What a pain in the arse Youtube is. Any ideas? I hate creating a google account only for that

Hello! Welcome aboard. 1. Yes, correct. 2. Yes, correct. 3. With a port linked to "All devices" this is not possible, because you create an unsupported case in forwarding rules, i.e. the same packet to a specific VPN server public IP address port should be forwarded to the port of multiple VPN IP addresses. This is not implemented and also poses a technical challenge in our infrastructure that's not trivial. To overcome this situation you must use unique key pair for each device and take care to link each port to a single device. Alternatively, a simpler solution is just connecting each device to a different VPN server (your 2nd scenario). Kind regards

I'm not sure how viable would be to have a UK region going forward... UK daddy government is constantly forcing ISPs to block access to sites. I had a number of trackers failing in Prowlarr and the reason was the above. So I had switched over to another region, although I'd love to use the shiny new UK servers. Also Cloudflare has been acting weird lately

I need more features but I do stick with AirVPN! Please give us dark mode, an easy way of doing split tunneling as well and maybe sort out something so tailscale can work side by side so we can have our computer meshes working outside the tunnel!

Hello Staff team, as OpenVPN 2.7 and the latest Linux Kernel 6.16 have now streamlined the integration of the ovpn driver, DCO has become the new performance standard. OpenVPN Data Channel Offload (DCO): The Definitive Guide to the Performance Boost Making OpenVPN The Fastest VPN Protocol Other companies such as ExpressVPN and Norton VPN have already integrated DCO to offer their users these performance gains. Implementing this would keep your service competitive and provide a much smoother experience for those of us who prefer the OpenVPN protocol for its maturity and security. Do you have OpenVPN DCO on your current technical roadmap? I look forward to hearing your thoughts on this. Kind regards.

They said earlier that it is coming to other platforms, but can't help but wish for it to come soon. SSH>TCP and SSL>TCP works so far, but some servers are weird in terms of speed and being able to connect on some days. Hopefully amnezia support for pc comes soon.

"We are currently working on a substantial codebase refactoring aimed at evolving Eddie Desktop into a more modern client." More than needed. The UI looks like one of XP times. Not a single other provider uses a ancient UI like that. I also need to use a 3. party Client (WireSock) to use application/folder split tunneling. Application Split-Tunneling is also something every single other provider has since a long time now. The reason i use Air is trust. If i look at the outdated applications i raither use other providers who hold theirs more up to date but most i just dont trust at all so im stucked with Air and a 3. party application for now since i use split-tunneling 24/7.

I'm inclined to write: seeing as the post has absolutely no information to start troubleshooting. Unless you expect someone to hack into your system. Or read your mind. Let's start with something simple anyone can do. Close Eddie, reopen, try a connection, then provide a system report..

Consider Kagi. You get a search engine that's actually not selling your data, and access to all the AI models to boot.

I've made a Linux shell script for batch-conversion of WireGuard .conf files making them AmneziaWG (awg) compatible: https://github.com/zimbabwe303/awg_conf_patch When patching it shuffles the H1..4 parameters; to re-shuffle you can just re-run it over the same files again. It also can shorten .conf file names generated with the AirVPN config generator to facilitate their usage with the 3rd-party smartphone WireGuard clients such as WG Tunnel (which uses AmneziaWG instead of the vanilla WireGuard).

After having issues configuring AirVPN with Gluetun, and seeing many others with similar issues, I decided to fork the Gluetun project, strip out all the stuff I didn't want (OpenVPN, SOCKS, other providers)... here it is: Gluetun-AirVPN-Edition, supporting ONLY AirVPN and only WireGuard with a bunch on unique features. Still putting it together, but please feel free to take a look and hope you find it useful. https://github.com/wolffcatskyy/gluetun-airvpn-edition

Yeah, the lockup is a problem worth investigating (for the devs), but the underlying cause is it not detecting tools that are clearly there, which is just as puzzling. Explains the report output, then. Thanks!

Hello! Available in "Settings" > "System" > "Application Filter Type" > select white or black list, then compile the list on the new "Select applications to be *listed" menu item that will appear. BLACK LIST enabled: all the traffic is tunneled except the traffic of the black listed app(s). WHITE LIST enabled: only white listed apps will have their traffic tunneled. Kind regards

In Eddie Preferences > Protocols, untick Automatic and select UDP port 443. Retry a connection. If it still doesn't work, provide a system report instead of only the logs. .

Dark mode pretty please!! Keep up the good work! Thanks

Hello! We're glad to inform you that we have just released: "Road To OpenVPN 2.6" migration plan - https://airvpn.org/road_to_openvpn26/ A new version of Config Generator with options related to OpenVPN 2.6 A new Eddie Desktop beta release (2.23.0) related to the road above, feature-locked to reach stable release https://airvpn.org/forums/topic/56428-eddie-desktop-223-beta-released/ A new server (Marsic), the first running OpenVPN 2.6 powered by DCO (server-side) and ready for client-side DCO. UPDATE 2026-03-12 After careful evaluation and considering that: DCO for OpenVPN 2.6 is now considered obsolete the new DCO is aimed at OpenVPN 2.7 only DCO kernel module is included on mainline Linux kernel starting from 6.16 AirVPN VPN infrastructure is based on kernel 6.12 and OpenVPN 2.6 (typical setup of Debian 13, RHEL 10 etc.) OpenVPN usage declined dramatically: today only 24% of connections are based on OpenVPN, and the decline continues at a steady pace the combination of WireGuard and AmneziaWG is more effective than OpenVPN over TCP at bypassing blocks valuable packet payload padding (against encrypted traffic pattern analysis) is offered by AmneziaWG and not DCO: the plan has been momentarily frozen. It can be re-activated when the VPN infrastructure moves to kernel 6.16 (or higher version) and OpenVPN 2.7. Our priority goes to wider AmneziaWG support, on the client software first and then on the server side too (important especially for padding). Kind regards & datalove AirVPN Staff

Hello! We're very glad to inform you that three new 10 Gbit/s full duplex servers located in Toronto (Ontario), Canada, are available: Castula, Chamukuy and Elgafar. The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. They support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor : https://airvpn.org/servers/Castula https://airvpn.org/servers/Chamukuy https://airvpn.org/servers/Elgafar/ Do not hesitate to contact us for any information or issue. Kind regards & datalove AirVPN Staff

Hello! We're very glad to inform you that six new 10 Gbit/s full duplex servers located in Manchester and London (UK) are available: Amansinaya, Arber, Baiduri (London), Bubup, Cebo, Caophraya (Manchester). The first three mentioned servers are located in London, the other ones in Manchester. This addition replaces any previous UK 1 Gbit/s server in order to upgrade the whole UK infrastructure to 10 Gbit/s only servers, with per server 10 Gbit/s dedicated lines and ports, and modern hardware as announced here: https://airvpn.org/forums/topic/79154-uk-infrastructure-upgrade-to-10-gbits-full-duplex/ The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. They support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor . Click a server name to display specific server stats. Do not hesitate to contact us for any information or issue. Kind regards & datalove AirVPN Staff

Roughly 60 GB. Always on. And if I did provide liberation services to the world, I would still stay below 100

Its a shame. These were among the absolute fastest (especially Chumukay) when they came on board. They smoked the high powered Chicago servers but they are not reliable for the past week or two. Right across the border in Chicago apparently nobody is attacking those servers.

Hello! Yes, current DDoS / flood unfortunately. Kind regards

Do you know why these new servers are having high packet loss?

Loving these new speedy servers! Would love to see some upgrades to the 2 overworked connections in Montreal.

Hi. Any plans for Eddie PC edition + AmneziaWG ?

Hello! We're very glad to announce that Eddie Android edition 4.0.0 beta 2 is now available. New: how to use Eddie in network where the "bootstrap" servers can not be reached Eddie downloads user and infrastructure data, essential to use the service, from special "bootstrap servers" through an encrypted flow inside HTTP. If the bootstrap servers are blocked or the underlying protocol to port 80 is filtered out, Eddie is unable to proceed. Starting from Eddie 4 beta 2 version, the ability to retrieve such data locally has been added. Whenever bootstrap servers are unreachable, Eddie can read the latest available local data to connect to a VPN server. Once connected the bootstrap servers are again reachable and the local data are immediately updated for future usage. The local data remain valid as long as you don't need to change user. On top of all of the above, Eddie can now retrieve such data through the login procedure that now can be started even when a connection to a VPN server was previously established via a profile. Therefore, when you are in a restrictive network that blocks access to bootstrap servers, you can connect through a profile generated by AirVPN web site Configuration Generator. After this first connection, log your account in to the service by selecting the specific option on the left pane, enter your AirVPN account credentials as usual and make sure that Remember me checkbox is ticked: Eddie will download all the necessary files and store them locally. This procedure is "once and for all", at least as long as you don't need to change account. After this initial connection, Eddie will be able to log your account in to the infrastructure, retrieve servers data and establish connections without profiles and without bootstrap servers, offering again full AirVPN integration even when bootstrap servers are unreachable. Only If you change account you must repeat the procedure. New: "Open with..." option added to "Export" option Different Android versions allow management of files with different restrictions. Different apps may support different intents on specific Android versions. To enlarge total compatibility, now Eddie offers two different options to export and manage files, including generated profiles. You will find the usual "Share" option (note: now renamed into "Export") coupled with a new "Open with..." option. Some apps support only one intent, other apps only specific intents on specific Android versions, and so on. By adding this option Eddie enlarges considerably the amount of apps you will be able to open and/or share files with. New: AmneziaWG parameters range validity AmneziaWG parameter range validity has been documented in three different ways (official web site, GitHub documentation files, and developers comment) and the web site documentation that it's still official is in reality not aligned with the source code. The new parameters range validation adopted by Eddie 4.0.0 beta 2 is based now on GitHub latest documentation integrated by source code analysis. The original message of this thread has been updated accordingly. You will find on it the new download link and checksum, as well as detailed Amnezia description. If you decide to test, please report at your convenience any bug and problem in this thread. If possible generate a report from the app in a matter of seconds: by tapping the paper plane icon on the Log view bar rightmost side you will generate a full system report which will include both log and logcat and have it sent to our servers. Then you just need to send us the link the app shows you (open a ticket if you prefer to do it in private). Kind regards & datalove AirVPN Staff

giga omega based kornephoros was struggling to cope with extra demand after wurren was decommissioned. this is gonna be awesome.

Yes, I know. I wrote the whole guide back in 2012 and it's only been updated by scant few other users since then. I had the least amount of problems with Tomato than with any other router firmware I've ever used. Just brilliant. I wish it were still maintained.

Congratulations on the launch. This is great news for CA which has had most of its 2 Gbit/s servers pretty saturated during peak hours. Hopefully the ghost of Wurren does not come back to haunt us.

Yes. This is because the ISP has blocked the boot server. Please open the ticket to obtain the private boot server from the staff, or wait for the subsequent Android version update. It is said that in the subsequent version, the login information will be saved locally. Then, there will be no need to log in every time. Just log in once and you can use it as before, just like the computer version.

So i still can't reach airvpn servers in .Ru for logging in from my phone. Here is what i have: I can use airvpn from my PC, found a solution, but there is no such configuration for a phone. I try amnezia in the same networtk via wifi and can't even log in. But works fine if i start other vpn and open airvpn app, i get my subscriprion plan and other information. Should i ask support for private workaround solution?

Original message by @Pit61 . It updates the setup for FreshTomato based routers. Here is my working Open VPN config on a Netgear R7000 with Fresh Tomato:

Hello! We're glad to inform you that AmneziaWG support has been implemented in Eddie Android edition 4.0.0 beta 1 and it will be progressively implemented in all the other AirVPN software. https://airvpn.org/forums/topic/77633-eddie-android-edition-400-preview-available/ Eddie Android edition public beta testing is going very well and the development team is optimistic about a near future release. This is only partially true. When you use CPS on your side and you connect to a WireGuard based server, demultiplexers will identify the traffic according to the CPS settings (QUIC, DNS...) only initially. They will soon be able to detect the traffic as WireGuard traffic. With DNS mimicking this happens just after the handshake, while with QUIC the inspection tools need much more time. We can confirm the above after several experimental tests we repeatedly performed with deep packet inspection. Anyway QUIC mimicking is effective and actually it can nowadays bypass in about 100% of the cases the blocks in both Russia and China. But we have planned to support Amnezia on the server side too, because the current method is anyway not so strong on the long run. When we have Amnezia on the server side too, no tool is able to ever identify the traffic as WireGuard traffic: it remains indefinitely identified as QUIC. Currently we are still at a testing phase, but the outcome so far is very promising. Stay tuned! Kind regards

Hi all, I've always been trying to maximize my seeding speeds when using qBittorrent, and a lot of information I found online was not very helpful. My setup is qBittorrent 4.3.9 from hotio with Gluetun on TrueNAS Fangtooth. My best speeds have been obtained on the servers Taiyangshou and Vindemiatrix with WireGuard. I am in North America, but I don't think latency matters as much as I originally thought for P2P use cases. These two servers in the Netherlands have been very nice and I definitely recommend trying out different servers. In my use case, I have hundreds of larger torrents, maybe half are 50 GB+. I have found that since I am using hard drives, the random reads will quickly overwhelm them even with ARC and L2ARC, thus setting the "Global maximum number of upload slots" is very useful (this is the only one I have turned on in the "Connection" tab). This limits the total number of peers you can upload to globally, and the idea is that you limit the total amount of random reads this way. The magic number that works the best for me is 50, and I recommend trying around this range by increments of 5 might work nice. Additionally, I could keep increasing the "Global maximum number of upload slots" without much rise in iowait, but total throughput would decrease. Therefore, when optimizing this setting it is a balance between enough slots to saturate your bandwidth, but not too much where it spreads the bandwidth too thin and negatively impacts total throughput. I have also attached the advanced settings that I changed which seemed to make the greatest impact. Send buffer watermark: 6144 KiB Send buffer low watermark: 3072 KiB Send buffer watermark factor: 200 % Socket backlog size: 4096 I hope this is helpful! Best, Hypertext1071 Edit: For further tuning this might be helpful: https://github.com/felikcat/seedbox-tutorial. Edit 2: Using the settings from here: https://github.com/felikcat/seedbox-tutorial, including the sysctl configuration completely saturate my line speed. I was trying to search for qBittorrent in particular, and thus wasn't able to find results that were generally helpful, such as network tuning.

To give some numbers, with these settings along with MTU tuning (1440 in my case since no IPv6): I have been able to roughly 2.5x my speeds from 400 Mb/s average to 1000 Mb/s average which is essentially my line speed. Also, I have seen people ask about how to use Gluetun + qBittorrent in other posts, and this is where I learned how to do it: https://wiki.serversatho.me/. I hope these resources will help!

Thank you! Please use the Configuration Generator. Turn on the "Advanced" switch. Generate a file with the Configuration Generator for WireGuard for the server or country you want to test. Download the file and edit it with any text editor. To begin with, add these parameters in the [Interface] section: Jc = 20 Jmin = 50 Jmax = 1000 S1 = 0 S2 = 0 H1 = 3 H2 = 1 H3 = 4 H4 = 2 Import the file into your PC AmneziaWG client, or use it with the AirVPN Suite component Hummingbird, and even in Eddie 4.0.0 (you can do it in the "VPN profiles" view once the file is in your Android device) and use it to test a connection in Amnezia mode. If it fails please try a connection directly from Eddie, without profile, in Amnezia WG. If it fails too enable QUIC mimicking in "Settings" > "Advanced" > "Custom AmneziaWG directives" and test again a connection. Keep us posted! Kind regards

These are the AmneziaWG parameters I use in China. This set of parameters can reliably bypass the GFW. Staff can take a look. Jc = 20; Jmin = 50; Jmax = 1000; S1 = 0; S2 = 0; H1 = 3; H2 = 1; H3 = 4; H4 = 2;

Great! Eddie finally supports AmneziaWG, and UDP finally has a masquerade protocol. Another protocol has been added to the list of protocols for bypassing China's Great Firewall.

Do you intend to add it to PC's client at some point as well?

Hey there, Taiwan is a provincial administrative region of China, an inalienable part of China’s territory. But when I checked my IP on ipleak.net, I saw Taiwan was shown with those outdated flags, which is totally wrong. These flags don’t reflect the fact that Taiwan belongs to China. Using them misrepresents Taiwan’s status and goes against the One - China principle. It’s really important to fix this mistake. Please correct the display and stop using such wrong flags. Let’s make sure the info about Taiwan is right, in line with the One - China principle. Thanks for handling this!

Hello I would like to give my personal recommendations to help with network censorship in Russia. I may not have time to write a authoritative, proper guide, but wanted to share this. Everything "clicked" once I read a comment how the DPI works to determine a new connection. Preface IP and subnet blocks came first. They completely blackhole all traffic to blocked IP addresses. The only thing you can try is IPv6 in place of IPv4. Some Air servers are blocked by IP. The Deep Packet Inspection (DPI) is a required installation for residential ISPs and (as of late) industrial networks like data centers. It works to dynamically block known protocol traffic, anything "forbidden" that's not yet in IP blocklists from above. This system was put in law many years ago. Nevertheless, the networks across the country are at various stages of rollout and their capabilities will differ. Real example: residential ISP did not block OpenVPN->Air, yet the mobile carrier did. Yet in 2024 the residential ISP upgraded their DPI system and started blocking OpenVPN too. Common methods of circumvention Mangle traffic locally to fool the DPI systems. It will allow you to connect to servers not blocked by IP (TLS SNI name detection). Proxy/VPN server: A prerequisite is an outside server, it must not have been blocked by IP. If it's a private server and OpenVPN or Wireguard work - you're lucky. However be prepared to still get blocked by DPI any day for using a VPN protocol. There are many proxy tools, especially developed to combat the Great Firewall of China. They don't run directly on Air, so this is something for self-hosting or other services to provide. We're talking about Air, so let's get that VPN working. Everything below requires you to find a reachable Air server (no direct IP blocks). The configuration server used by Eddie is IP blocked, so it won't work at all. I suggest you to generate all server configs in advance and see which are reachable from Russian networks. Airvpn.org seems to be reachable though. OpenVPN over SSH to Air It is possible to set this up on mobile, however the connection is reset after 10-30 seconds due to a lot of traffic being pushed. I used ConnectBot and it didn't restart the SSH connection properly, anyhow OpenVPN and ConnectBot had to be reconnected manually each time --> unusable. Since both apps are easily downloadable from app stores/F-Droid, this can be enough to generate and download configs from AirVPN's website in a dire situation. This connection type works like this: SSH connects to Air server, forwards a local port -> Air (internal_ip:internal_port) OpenVPN connects to local_ip:local_port and SSH sends the packets to Air's OpenVPN endpoint inside this tunnel Once the connection is established, it works like a regular OpenVPN on your system OpenVPN over stunnel to Air I haven't tried, desktop only? OpenVPN (TCP) over Tor to Air While connecting to Tor will be another adventure, do you really need a VPN if you get Tor working for browsing? If yes, I suppose it could work. I haven't tried. OpenVPN (TCP) to Air May start working after hours on Android, if the connection was established initially. Until then you'll see a lot of outgoing traffic but almost zero incoming traffic (NOT ZERO though!) It is unclear to me whether this is because Android keeps reconnecting after sleeping or sometimes it pushes so little traffic over the established connection that DPI forgets or clears the block for this connection only. OpenVPN (UDP) to Air Doesn't work. Wireguard to Air Doesn't work, it's always UDP and very easily detected. AmneziaWG client to connect to standard Wireguard Air servers This worked for me almost flawlessly. The trick of AmneziaWG is to send random trash packets before starting the connection sequence. This is what the new parameters are and some of them are compatible with standard Wireguard servers. The DPI only checks traffic within the initial traffic size window of the connection. If it doesn't find VPN connection signatures (and it doesn't due to random data) then it whitelists the connection. Wireguard then sends its connection packets and connects to Air. Full speed ahead, no throttling. The VPN connection works! What's the catch? The AmneziaWG packet configuration must be right. This worked for me across all networks I encountered: MTU: 1320 (safe value, higher MTU will give better bandwidth, if it works at all and doesn't begin to fragment packets) Junk Packet count (Jc): 31 Junk Packet minimum size (Jmin): 20 Junk Packet maximum size (Jmax): 40 Init packet junk size (S1): none (afaik only with AmneziaWG server; delete from config or try to set 0) Response packet junk size (S2): none (afaik only with AmneziaWG server; delete from config or try to set 0) Magic header settings changeable afaik only with AmneziaWG server: Init packet magic header (H1): 1 Response packet magic header (H2): 2 Underload packet magic header (H3): 3 Transport packet magic header (H4): 4 Example: [Interface] ... other default values, including MTU ... Jc=31 Jmin=20 Jmax=40 H1=1 H2=2 H3=3 H4=4 And how would you know what numbers to set? This single insight: This means flooding small random UDP packets at the beginning is the winning strategy. That's how I optimized someone's config from "sometimes it works, sometimes it doesn't" to "works 100% of the time, everywhere". You actually don't want to blast big packets and be blocked because of it. Smaller random packets are good for mobile traffic too. How would you setup AmneziaWG to connect to Air (Android)? Generate and download AirVPN Wireguard configs, for each individual server, try different entry IPs too. DO NOT USE THE DEFAULT (OFFICIAL) WIREGUARD PORT. We don't want long-term logging to highlight the working servers for the next round of IP blocks. Download AmneziaWG-Android VPN client (the Android edition is actually a fork of the official Wireguard app aka "AmneziaWG". Don't download their regular all-in-one client aka "AmneziaVPN"!): amnezia.org or https:// storage.googleapis .com/kldscp/amnezia.org or https://github.com/amnezia-vpn/amneziawg-android/releases Import Air's configs in the app Apply "Junk Packet" settings from above Try to connect Try different entry IPs and servers if the connection doesn't work. See if the server IP is completely blocked either with: ping "<entry IP>" nc -zv -w 10 "<entry IP>" "<port 80 or 2018 for OpenVPN TCP>" This is GNU netcat Keep in mind: on Android the safest way to avoid any traffic leaks is to go to system settings, Connection & sharing > VPN, or search for "VPN", click on (i) for advanced settings, Enable: "Stay Connected to VPN" & "Block All Connections not Using VPN". If you ever disconnect from VPN by using Android's system notification, you'll need to re-enable these settings. If you switch between VPN apps (like Eddie -> AmneziaWG), I suggest to make sure these settings are always enabled like this: Turn off Wi-Fi (or mobile data) For previous VPN app disable: "Stay Connected to VPN" & "Block All Connections not Using VPN" For next VPN app enable: "Stay Connected to VPN" & "Block All Connections not Using VPN" Turn on Wi-Fi / connect using next VPN app Android battery optimization: Finally, go to app's settings (or Settings-Battery then app list somewhere) and make sure the AmneziaWG app is "not optimized" for battery. This way it will not be interrupted in the background and potentially drop connection until the screen is awake. -- https://dontkillmyapp.com/ for guides and more info Thanks for reading. Big politicians are not your friends, stay strong and propagate what you truly believe in.

Anyway I understand your position, no problem. Like Russians say "Сытый голодного не разумеет" ("the well-fed does never understand the hungry").

You know, it's sort of sad to think that you must fall into the darkness just because you are not belonging to the "overwhelming majority of the world". China, Russia, Belarus, Venezuela, Turkmenistan, Egypt, Turkey. Who's next? I know we are all the "third world" but we are people and want the information! If no one will lend us a hand from the greater world, where life is still okay, we won't ever make it out of the darkness.

Just to say, for anyone else who wants to know, that I think I solved this myself! 1. In routes, add the IPs that you want to be routed through the VPN. 2. In DNS, switch to "Disabled" but also add your DNS servers. 3. In Networking, untick "Remove the gateway route" and set "Layer IPv4" to "Outside Tunnel". (You can do the same for IPv6 if required. Untick "Switch to 'Block' if issue is detected.) 4. Under Network Lock select Mode: None; Incoming: Allow; Outgoing: Allow. This then seemed to work for me.

Well, to give a completely rudimentary course in how to get it up and running: Assuming you use windows you go to the "Enter" tab on this site while logged in, click on the windows icon and download the client from there. You then install the client. Then you find the "AirVPN" icon on your desktop and click it, then choose "connect to a recommended server" and wait for it to finish connecting. Then point your web browser to https://ipleak.net/ to confirm it's working, and it doesn't show your real info anymore. This should get you started using it, at least. You should be safe with the default settings. I then recommend searching the forum for any specific features you wonder about with the client, if you need port forwarding to work you can look at some of my recent posts on here for example. Oh, you might want to turn on the network lock on the login screen as well.