Leaderboard

Hello! We're very glad to inform you that a new Eddie Air client version has been released: 2.25 beta. It is ready for public beta testing. How to test our experimental release: Go to download page of your OS Click the button Switch to EXPERIMENTAL Download and install This is a new version of Eddie Desktop (Windows / Linux / MacOS). The primary purpose of this release is to address several specific issues, including a significant CVE affecting macOS only. We expect it to be promoted to STABLE shortly. We are currently working on a substantial codebase refactoring aimed at evolving Eddie Desktop into a more modern client. Main changelog: [change] [all] Encrypted profiles: save with PBKDF2-SHA256; backward-compatible decrypt of SHA-1 profiles [bugfix] [linux] Fix for distro without systemd [change] [all] Fine-tuning of "netlock.allow_ping" option [new] [all] "netlock.allow_ndp", default true [change] [all] OpenVPN 2.6.17 [bugfix] [macOS] CVE-2025-14979: fix (shortcut-cli removed) [change] [windows] hardened SSH key file permissions to reliably remove orphaned ACL entries and prevent "bad permissions" errors [change] [windows] Updated projects and scripts to Visual Studio 2026 Kind regards & datalove AirVPN Staff

Hello! We're very glad to announce a special promotion on our long term Premium plans for the end of Summer or Winter, according to the hemisphere you live in. You can get prices as low as 2.06 €/month with a three years plan, which is a 70% discount when compared to monthly plan price of 7 €. If you're already our customer and you wish to stay aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day. Please check plans special prices on https://airvpn.org and https://airvpn.org/buy Promotion expires on 2026-03-31 UTC. Kind regards & datalove AirVPN Staff

Hello! We're very glad to announce that Eddie Android edition 4.0.0 beta 3 is now available.  New: AmneziaWG padding S3 and S4 parameters supported New: additionally enhanced ability to use locally stored user and servers data against bootstrap servers blocks improved AmneziaWG support taking into account latest documentation clarifications with experimental confirmations improved Tile Service updated libraries: now linked against OpenVPN3-AirVPN 3.12 and OpenSSL 3.6.1 bug fixes to resolve app instability bug fix to resolve tile button improper behavior minor bug fix Please find complete changelog, additional information and download link on the first message of this thread. If you decide to test, please report at your convenience any bug and problem in this thread. If possible generate a report from the app in a matter of seconds: by tapping the paper plane icon on the Log view bar rightmost side you will generate a full system report which will include both log and logcat and have it sent to our servers. Then you just need to send us the link the app shows you (open a ticket if you prefer to do it in private). Kind regards & datalove AirVPN Staff

Hello! We're not ignoring it, did you read the update on the first message of this thread? Kind regards

I'm not entirely sure what's going on. I can't access airvpn.org from the clearnet (currently posting via Tor.) DNS does not even seem to return an A or AAAA record currently. I tried my own recursive resolver which is my default and various public DNS servers. It came to my attention about an hour ago. Are you aware of this and is there an estimate for when it is going to be fixed?

Hello! We're very glad to inform you that six new 10 Gbit/s full duplex servers located in Manchester and London (UK) are available: Amansinaya, Arber, Baiduri (London), Bubup, Cebo, Caophraya (Manchester). The first three mentioned servers are located in London, the other ones in Manchester. This addition replaces any previous UK 1 Gbit/s server in order to upgrade the whole UK infrastructure to 10 Gbit/s only servers, with per server 10 Gbit/s dedicated lines and ports, and modern hardware as announced here: https://airvpn.org/forums/topic/79154-uk-infrastructure-upgrade-to-10-gbits-full-duplex/ The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. They support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor . Click a server name to display specific server stats. Do not hesitate to contact us for any information or issue. Kind regards & datalove AirVPN Staff

Hello! We're very glad to announce that Eddie Android edition 4.0.0 beta 2 is now available. New: how to use Eddie in network where the "bootstrap" servers can not be reached Eddie downloads user and infrastructure data, essential to use the service, from special "bootstrap servers" through an encrypted flow inside HTTP. If the bootstrap servers are blocked or the underlying protocol to port 80 is filtered out, Eddie is unable to proceed. Starting from Eddie 4 beta 2 version, the ability to retrieve such data locally has been added. Whenever bootstrap servers are unreachable, Eddie can read the latest available local data to connect to a VPN server. Once connected the bootstrap servers are again reachable and the local data are immediately updated for future usage. The local data remain valid as long as you don't need to change user. On top of all of the above, Eddie can now retrieve such data through the login procedure that now can be started even when a connection to a VPN server was previously established via a profile. Therefore, when you are in a restrictive network that blocks access to bootstrap servers, you can connect through a profile generated by AirVPN web site Configuration Generator. After this first connection, log your account in to the service by selecting the specific option on the left pane, enter your AirVPN account credentials as usual and make sure that Remember me checkbox is ticked: Eddie will download all the necessary files and store them locally. This procedure is "once and for all", at least as long as you don't need to change account. After this initial connection, Eddie will be able to log your account in to the infrastructure, retrieve servers data and establish connections without profiles and without bootstrap servers, offering again full AirVPN integration even when bootstrap servers are unreachable. Only If you change account you must repeat the procedure. New: "Open with..." option added to "Export" option Different Android versions allow management of files with different restrictions. Different apps may support different intents on specific Android versions. To enlarge total compatibility, now Eddie offers two different options to export and manage files, including generated profiles. You will find the usual "Share" option (note: now renamed into "Export") coupled with a new "Open with..." option. Some apps support only one intent, other apps only specific intents on specific Android versions, and so on. By adding this option Eddie enlarges considerably the amount of apps you will be able to open and/or share files with. New: AmneziaWG parameters range validity AmneziaWG parameter range validity has been documented in three different ways (official web site, GitHub documentation files, and developers comment) and the web site documentation that it's still official is in reality not aligned with the source code. The new parameters range validation adopted by Eddie 4.0.0 beta 2 is based now on GitHub latest documentation integrated by source code analysis. The original message of this thread has been updated accordingly. You will find on it the new download link and checksum, as well as detailed Amnezia description. If you decide to test, please report at your convenience any bug and problem in this thread. If possible generate a report from the app in a matter of seconds: by tapping the paper plane icon on the Log view bar rightmost side you will generate a full system report which will include both log and logcat and have it sent to our servers. Then you just need to send us the link the app shows you (open a ticket if you prefer to do it in private). Kind regards & datalove AirVPN Staff

Hello Staff team, as OpenVPN 2.7 and the latest Linux Kernel 6.16 have now streamlined the integration of the ovpn driver, DCO has become the new performance standard. OpenVPN Data Channel Offload (DCO): The Definitive Guide to the Performance Boost Making OpenVPN The Fastest VPN Protocol Other companies such as ExpressVPN and Norton VPN have already integrated DCO to offer their users these performance gains. Implementing this would keep your service competitive and provide a much smoother experience for those of us who prefer the OpenVPN protocol for its maturity and security. Do you have OpenVPN DCO on your current technical roadmap? I look forward to hearing your thoughts on this. Kind regards.

"We are currently working on a substantial codebase refactoring aimed at evolving Eddie Desktop into a more modern client." More than needed. The UI looks like one of XP times. Not a single other provider uses a ancient UI like that. I also need to use a 3. party Client (WireSock) to use application/folder split tunneling. Application Split-Tunneling is also something every single other provider has since a long time now. The reason i use Air is trust. If i look at the outdated applications i raither use other providers who hold theirs more up to date but most i just dont trust at all so im stucked with Air and a 3. party application for now since i use split-tunneling 24/7.

I'm inclined to write: seeing as the post has absolutely no information to start troubleshooting. Unless you expect someone to hack into your system. Or read your mind. Let's start with something simple anyone can do. Close Eddie, reopen, try a connection, then provide a system report..

Consider Kagi. You get a search engine that's actually not selling your data, and access to all the AI models to boot.

I've made a Linux shell script for batch-conversion of WireGuard .conf files making them AmneziaWG (awg) compatible: https://github.com/zimbabwe303/awg_conf_patch When patching it shuffles the H1..4 parameters; to re-shuffle you can just re-run it over the same files again. It also can shorten .conf file names generated with the AirVPN config generator to facilitate their usage with the 3rd-party smartphone WireGuard clients such as WG Tunnel (which uses AmneziaWG instead of the vanilla WireGuard).

Hello! Please note that OpenVPN 2.6 and higher versions (i.e. the OpenVPN version you meet on the servers) will push in any case IPv6 gateway, routes etc. Yes, we need to consider whether disabling the now misleading option completely on the CG. Kind regards

After having issues configuring AirVPN with Gluetun, and seeing many others with similar issues, I decided to fork the Gluetun project, strip out all the stuff I didn't want (OpenVPN, SOCKS, other providers)... here it is: Gluetun-AirVPN-Edition, supporting ONLY AirVPN and only WireGuard with a bunch on unique features. Still putting it together, but please feel free to take a look and hope you find it useful. https://github.com/wolffcatskyy/gluetun-airvpn-edition

Yeah, the lockup is a problem worth investigating (for the devs), but the underlying cause is it not detecting tools that are clearly there, which is just as puzzling. Explains the report output, then. Thanks!

In Eddie Preferences > Protocols, untick Automatic and select UDP port 443. Retry a connection. If it still doesn't work, provide a system report instead of only the logs. .

Dark mode pretty please!! Keep up the good work! Thanks

Hello! We're glad to inform you that we have just released: "Road To OpenVPN 2.6" migration plan - https://airvpn.org/road_to_openvpn26/ A new version of Config Generator with options related to OpenVPN 2.6 A new Eddie Desktop beta release (2.23.0) related to the road above, feature-locked to reach stable release https://airvpn.org/forums/topic/56428-eddie-desktop-223-beta-released/ A new server (Marsic), the first running OpenVPN 2.6 powered by DCO (server-side) and ready for client-side DCO. UPDATE 2026-03-12 After careful evaluation and considering that: DCO for OpenVPN 2.6 is now considered obsolete the new DCO is aimed at OpenVPN 2.7 only DCO kernel module is included on mainline Linux kernel starting from 6.16 AirVPN VPN infrastructure is based on kernel 6.12 and OpenVPN 2.6 (typical setup of Debian 13, RHEL 10 etc.) OpenVPN usage declined dramatically: today only 24% of connections are based on OpenVPN, and the decline continues at a steady pace the combination of WireGuard and AmneziaWG is more effective than OpenVPN over TCP at bypassing blocks valuable packet payload padding (against encrypted traffic pattern analysis) is offered by AmneziaWG and not DCO: the plan has been momentarily frozen. It can be re-activated when the VPN infrastructure moves to kernel 6.16 (or higher version) and OpenVPN 2.7. Our priority goes to wider AmneziaWG support, on the client software first and then on the server side too (important especially for padding). Kind regards & datalove AirVPN Staff

Hello! After using Eddie 2.25.0 beta for several days (my machine is a Macbook Pro M4 with MacOS Tahoe 26.3.1), I still have the same issue of Eddie disconnecting everytime the Macbook goes to sleep mode (when I don't use it for like 15-30 minutes). When I use it again, Eddie has disconnected once or several times (like every 15/20mn, then it connects by itself to another server). Except this issue, everything is working fine with Eddie. Is there any fix coming regarding next stable version of Eddie ? I've read on various forums about people having the same issue with other VPNs (Wireguard protocol) and Mac OS Tahoe. I had this issue with Eddie previous version too. (Air VPN team advised me to report this issue here, I have already opened a support request).

Works now, thanks.

@anitya1 Hello! You're trying connections over IPv6 and they all fail. Please make sure that both your router and ISP support IPv6. If in doubt, try a connection over IPv4 (*). If the problem persists, can you please publish a system report generated by Eddie? Please see here: https://airvpn.org/forums/topic/50663-youve-been-asked-for-a-support-filesystem-report-–-heres-what-to-do/ (*) In Eddie, you can switch between IPv4 and IPv6 layers for the VPN connection on "Preferences" > "Networking" window. Kind regards

Hello! Can you please try again now? Kind regards

@Erquint Hello! Thank you for your tests! Beta 2 has multiple problems and it turned out to be too unstable on various Android versions. Please hold on, beta 3 is addressing the problems you experienced and coming out soon. Kind regards

I didn't bother waiting. Service seems worth it, I got a trial account and lived up to my expectations. Thank you

Hello! We're very glad to inform you that three new 10 Gbit/s full duplex servers located in Toronto (Ontario), Canada, are available: Castula, Chamukuy and Elgafar. The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. They support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor : https://airvpn.org/servers/Castula https://airvpn.org/servers/Chamukuy https://airvpn.org/servers/Elgafar/ Do not hesitate to contact us for any information or issue. Kind regards & datalove AirVPN Staff

Hi, Issue affects Windows 11/10. Air Vpn won't open window or refuses to. It goes through startup process and elevates it's permissions but never opens. Never shows as system tray Eddie icon and system tray taskbar settings has no Eddie icon. I than removed and disabled Eddie from processes. Performed regular uninstall and cleaned up any leftovers with a uninstaller app, restarted system. Downloaded and installed Eddie, restarted system. Same thing happened and no system tray icon again.

Roughly 60 GB. Always on. And if I did provide liberation services to the world, I would still stay below 100

About that.. the community already did so. Have a look at these:.

Hello! Starting from February 1st, 2026, Debian (e.g. Trixie) enforces stricter OpenPGP policies and no longer accepts repository signatures involving SHA1-based certifications. As a result, users may see errors such as: Get:4 http://eddie.website/repository/apt stable InRelease [3,954 B] Err:4 http://eddie.website/repository/apt stable InRelease Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on C181AC89FA667E317F423998513EFC94400D7698 is not bound: No binding signature at time 2025-01-14T13:07:46Z because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z Warning: OpenPGP signature verification failed: http://eddie.website/repository/apt stable InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on C181AC89FA667E317F423998513EFC94400D7698 is not bound: No binding signature at time 2025-01-14T13:07:46Z because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance because: SHA1 is not considered secure since 2026-02-01T00:00:00Z Error: The repository 'http://eddie.website/repository/apt stable InRelease' is not signed. Notice: Updating from such a repository can't be done securely, and is therefore disabled by default. Notice: See apt-secure(8) manpage for repository creation and user configuration details. This was caused by an outdated signing key certification used by the repository. Solution The repository signing key has been regenerated and the repository is now correctly signed again. To restore updates, please re-import the updated maintainer key: curl -fsSL https://eddie.website/repository/keys/eddie_maintainer_gpg.key | sudo tee /usr/share/keyrings/eddie.website-keyring.asc > /dev/null Then run: sudo apt update Sorry for the inconvenience, and thanks for your patience. Kind regards

Hi. Any plans for Eddie PC edition + AmneziaWG ?

Yes. This is because the ISP has blocked the boot server. Please open the ticket to obtain the private boot server from the staff, or wait for the subsequent Android version update. It is said that in the subsequent version, the login information will be saved locally. Then, there will be no need to log in every time. Just log in once and you can use it as before, just like the computer version.

So i still can't reach airvpn servers in .Ru for logging in from my phone. Here is what i have: I can use airvpn from my PC, found a solution, but there is no such configuration for a phone. I try amnezia in the same networtk via wifi and can't even log in. But works fine if i start other vpn and open airvpn app, i get my subscriprion plan and other information. Should i ask support for private workaround solution?

Hello! We're glad to inform you that AmneziaWG support has been implemented in Eddie Android edition 4.0.0 beta 1 and it will be progressively implemented in all the other AirVPN software. https://airvpn.org/forums/topic/77633-eddie-android-edition-400-preview-available/ Eddie Android edition public beta testing is going very well and the development team is optimistic about a near future release. This is only partially true. When you use CPS on your side and you connect to a WireGuard based server, demultiplexers will identify the traffic according to the CPS settings (QUIC, DNS...) only initially. They will soon be able to detect the traffic as WireGuard traffic. With DNS mimicking this happens just after the handshake, while with QUIC the inspection tools need much more time. We can confirm the above after several experimental tests we repeatedly performed with deep packet inspection. Anyway QUIC mimicking is effective and actually it can nowadays bypass in about 100% of the cases the blocks in both Russia and China. But we have planned to support Amnezia on the server side too, because the current method is anyway not so strong on the long run. When we have Amnezia on the server side too, no tool is able to ever identify the traffic as WireGuard traffic: it remains indefinitely identified as QUIC. Currently we are still at a testing phase, but the outcome so far is very promising. Stay tuned! Kind regards

To give some numbers, with these settings along with MTU tuning (1440 in my case since no IPv6): I have been able to roughly 2.5x my speeds from 400 Mb/s average to 1000 Mb/s average which is essentially my line speed. Also, I have seen people ask about how to use Gluetun + qBittorrent in other posts, and this is where I learned how to do it: https://wiki.serversatho.me/. I hope these resources will help!

Hi all, I've always been trying to maximize my seeding speeds when using qBittorrent, and a lot of information I found online was not very helpful. My setup is qBittorrent 4.3.9 from hotio with Gluetun on TrueNAS Fangtooth. My best speeds have been obtained on the servers Taiyangshou and Vindemiatrix with WireGuard. I am in North America, but I don't think latency matters as much as I originally thought for P2P use cases. These two servers in the Netherlands have been very nice and I definitely recommend trying out different servers. In my use case, I have hundreds of larger torrents, maybe half are 50 GB+. I have found that since I am using hard drives, the random reads will quickly overwhelm them even with ARC and L2ARC, thus setting the "Global maximum number of upload slots" is very useful (this is the only one I have turned on in the "Connection" tab). This limits the total number of peers you can upload to globally, and the idea is that you limit the total amount of random reads this way. The magic number that works the best for me is 50, and I recommend trying around this range by increments of 5 might work nice. Additionally, I could keep increasing the "Global maximum number of upload slots" without much rise in iowait, but total throughput would decrease. Therefore, when optimizing this setting it is a balance between enough slots to saturate your bandwidth, but not too much where it spreads the bandwidth too thin and negatively impacts total throughput. I have also attached the advanced settings that I changed which seemed to make the greatest impact. Send buffer watermark: 6144 KiB Send buffer low watermark: 3072 KiB Send buffer watermark factor: 200 % Socket backlog size: 4096 I hope this is helpful! Best, Hypertext1071 Edit: For further tuning this might be helpful: https://github.com/felikcat/seedbox-tutorial. Edit 2: Using the settings from here: https://github.com/felikcat/seedbox-tutorial, including the sysctl configuration completely saturate my line speed. I was trying to search for qBittorrent in particular, and thus wasn't able to find results that were generally helpful, such as network tuning.

Thank you! Please use the Configuration Generator. Turn on the "Advanced" switch. Generate a file with the Configuration Generator for WireGuard for the server or country you want to test. Download the file and edit it with any text editor. To begin with, add these parameters in the [Interface] section: Jc = 20 Jmin = 50 Jmax = 1000 S1 = 0 S2 = 0 H1 = 3 H2 = 1 H3 = 4 H4 = 2 Import the file into your PC AmneziaWG client, or use it with the AirVPN Suite component Hummingbird, and even in Eddie 4.0.0 (you can do it in the "VPN profiles" view once the file is in your Android device) and use it to test a connection in Amnezia mode. If it fails please try a connection directly from Eddie, without profile, in Amnezia WG. If it fails too enable QUIC mimicking in "Settings" > "Advanced" > "Custom AmneziaWG directives" and test again a connection. Keep us posted! Kind regards

Hey there, Taiwan is a provincial administrative region of China, an inalienable part of China’s territory. But when I checked my IP on ipleak.net, I saw Taiwan was shown with those outdated flags, which is totally wrong. These flags don’t reflect the fact that Taiwan belongs to China. Using them misrepresents Taiwan’s status and goes against the One - China principle. It’s really important to fix this mistake. Please correct the display and stop using such wrong flags. Let’s make sure the info about Taiwan is right, in line with the One - China principle. Thanks for handling this!

Hello I would like to give my personal recommendations to help with network censorship in Russia. I may not have time to write a authoritative, proper guide, but wanted to share this. Everything "clicked" once I read a comment how the DPI works to determine a new connection. Preface IP and subnet blocks came first. They completely blackhole all traffic to blocked IP addresses. The only thing you can try is IPv6 in place of IPv4. Some Air servers are blocked by IP. The Deep Packet Inspection (DPI) is a required installation for residential ISPs and (as of late) industrial networks like data centers. It works to dynamically block known protocol traffic, anything "forbidden" that's not yet in IP blocklists from above. This system was put in law many years ago. Nevertheless, the networks across the country are at various stages of rollout and their capabilities will differ. Real example: residential ISP did not block OpenVPN->Air, yet the mobile carrier did. Yet in 2024 the residential ISP upgraded their DPI system and started blocking OpenVPN too. Common methods of circumvention Mangle traffic locally to fool the DPI systems. It will allow you to connect to servers not blocked by IP (TLS SNI name detection). Proxy/VPN server: A prerequisite is an outside server, it must not have been blocked by IP. If it's a private server and OpenVPN or Wireguard work - you're lucky. However be prepared to still get blocked by DPI any day for using a VPN protocol. There are many proxy tools, especially developed to combat the Great Firewall of China. They don't run directly on Air, so this is something for self-hosting or other services to provide. We're talking about Air, so let's get that VPN working. Everything below requires you to find a reachable Air server (no direct IP blocks). The configuration server used by Eddie is IP blocked, so it won't work at all. I suggest you to generate all server configs in advance and see which are reachable from Russian networks. Airvpn.org seems to be reachable though. OpenVPN over SSH to Air It is possible to set this up on mobile, however the connection is reset after 10-30 seconds due to a lot of traffic being pushed. I used ConnectBot and it didn't restart the SSH connection properly, anyhow OpenVPN and ConnectBot had to be reconnected manually each time --> unusable. Since both apps are easily downloadable from app stores/F-Droid, this can be enough to generate and download configs from AirVPN's website in a dire situation. This connection type works like this: SSH connects to Air server, forwards a local port -> Air (internal_ip:internal_port) OpenVPN connects to local_ip:local_port and SSH sends the packets to Air's OpenVPN endpoint inside this tunnel Once the connection is established, it works like a regular OpenVPN on your system OpenVPN over stunnel to Air I haven't tried, desktop only? OpenVPN (TCP) over Tor to Air While connecting to Tor will be another adventure, do you really need a VPN if you get Tor working for browsing? If yes, I suppose it could work. I haven't tried. OpenVPN (TCP) to Air May start working after hours on Android, if the connection was established initially. Until then you'll see a lot of outgoing traffic but almost zero incoming traffic (NOT ZERO though!) It is unclear to me whether this is because Android keeps reconnecting after sleeping or sometimes it pushes so little traffic over the established connection that DPI forgets or clears the block for this connection only. OpenVPN (UDP) to Air Doesn't work. Wireguard to Air Doesn't work, it's always UDP and very easily detected. AmneziaWG client to connect to standard Wireguard Air servers This worked for me almost flawlessly. The trick of AmneziaWG is to send random trash packets before starting the connection sequence. This is what the new parameters are and some of them are compatible with standard Wireguard servers. The DPI only checks traffic within the initial traffic size window of the connection. If it doesn't find VPN connection signatures (and it doesn't due to random data) then it whitelists the connection. Wireguard then sends its connection packets and connects to Air. Full speed ahead, no throttling. The VPN connection works! What's the catch? The AmneziaWG packet configuration must be right. This worked for me across all networks I encountered: MTU: 1320 (safe value, higher MTU will give better bandwidth, if it works at all and doesn't begin to fragment packets) Junk Packet count (Jc): 31 Junk Packet minimum size (Jmin): 20 Junk Packet maximum size (Jmax): 40 Init packet junk size (S1): none (afaik only with AmneziaWG server; delete from config or try to set 0) Response packet junk size (S2): none (afaik only with AmneziaWG server; delete from config or try to set 0) Magic header settings changeable afaik only with AmneziaWG server: Init packet magic header (H1): 1 Response packet magic header (H2): 2 Underload packet magic header (H3): 3 Transport packet magic header (H4): 4 Example: [Interface] ... other default values, including MTU ... Jc=31 Jmin=20 Jmax=40 H1=1 H2=2 H3=3 H4=4 And how would you know what numbers to set? This single insight: This means flooding small random UDP packets at the beginning is the winning strategy. That's how I optimized someone's config from "sometimes it works, sometimes it doesn't" to "works 100% of the time, everywhere". You actually don't want to blast big packets and be blocked because of it. Smaller random packets are good for mobile traffic too. How would you setup AmneziaWG to connect to Air (Android)? Generate and download AirVPN Wireguard configs, for each individual server, try different entry IPs too. DO NOT USE THE DEFAULT (OFFICIAL) WIREGUARD PORT. We don't want long-term logging to highlight the working servers for the next round of IP blocks. Download AmneziaWG-Android VPN client (the Android edition is actually a fork of the official Wireguard app aka "AmneziaWG". Don't download their regular all-in-one client aka "AmneziaVPN"!): amnezia.org or https:// storage.googleapis .com/kldscp/amnezia.org or https://github.com/amnezia-vpn/amneziawg-android/releases Import Air's configs in the app Apply "Junk Packet" settings from above Try to connect Try different entry IPs and servers if the connection doesn't work. See if the server IP is completely blocked either with: ping "<entry IP>" nc -zv -w 10 "<entry IP>" "<port 80 or 2018 for OpenVPN TCP>" This is GNU netcat Keep in mind: on Android the safest way to avoid any traffic leaks is to go to system settings, Connection & sharing > VPN, or search for "VPN", click on (i) for advanced settings, Enable: "Stay Connected to VPN" & "Block All Connections not Using VPN". If you ever disconnect from VPN by using Android's system notification, you'll need to re-enable these settings. If you switch between VPN apps (like Eddie -> AmneziaWG), I suggest to make sure these settings are always enabled like this: Turn off Wi-Fi (or mobile data) For previous VPN app disable: "Stay Connected to VPN" & "Block All Connections not Using VPN" For next VPN app enable: "Stay Connected to VPN" & "Block All Connections not Using VPN" Turn on Wi-Fi / connect using next VPN app Android battery optimization: Finally, go to app's settings (or Settings-Battery then app list somewhere) and make sure the AmneziaWG app is "not optimized" for battery. This way it will not be interrupted in the background and potentially drop connection until the screen is awake. -- https://dontkillmyapp.com/ for guides and more info Thanks for reading. Big politicians are not your friends, stay strong and propagate what you truly believe in.

An other year! Thanks for your excellent service. 😀

Anyway I understand your position, no problem. Like Russians say "Сытый голодного не разумеет" ("the well-fed does never understand the hungry").

You know, it's sort of sad to think that you must fall into the darkness just because you are not belonging to the "overwhelming majority of the world". China, Russia, Belarus, Venezuela, Turkmenistan, Egypt, Turkey. Who's next? I know we are all the "third world" but we are people and want the information! If no one will lend us a hand from the greater world, where life is still okay, we won't ever make it out of the darkness.

Yes. I have a use for ddg. Anyway, thank you for helping me. Turns out I had to set MTU to 1300 in Wireguard as someone in those threads replied. It's fixed now.

Just to say, for anyone else who wants to know, that I think I solved this myself! 1. In routes, add the IPs that you want to be routed through the VPN. 2. In DNS, switch to "Disabled" but also add your DNS servers. 3. In Networking, untick "Remove the gateway route" and set "Layer IPv4" to "Outside Tunnel". (You can do the same for IPv6 if required. Untick "Switch to 'Block' if issue is detected.) 4. Under Network Lock select Mode: None; Incoming: Allow; Outgoing: Allow. This then seemed to work for me.

To fully understand this, you need to look into a concept called Network Address Translation, or NAT. We'll be looking at the following simple connection graph for the explanation: Computer <> Router <> ISP <> Website. The current number of devices in the world which can "speak" IPv4 far exceeds the (mathematical) capacity of the IPv4 address space; we'd run into collisions (two or more devices having the same IP) if all these devices get connected to the internet. So one technique to circumvent this is NAT. This method makes it so that Router gets a public IPv4 from your ISP instead of Computer. The idea is that many devices in a household or company can be operated behind Router without any of them having a public IPv4 address – they all share the public IPv4 address of the router while each of those devices behind the router are given local IPv4 addresses like 10.4.100.100 or 192.168.178.20. Let's say, you are hosting a Minecraft server or something on your computer and you want others to connect to it. Obviously the others need to reach you on a certain IP and on a certain port, and the only public IP they can use is the one from Router because Computer does not have a public IP. Now, let's say, you run the server on port 9000. You can reach it easily from within your home network because every device has a unique IPv4 in that network (= in that 192.168.178.x range for example). The others need to contact you on the Router's public IP. The problem: If they connect to Router:9000, they won't be able to connect to your server. Why? Because the Minecraft server is running on Computer and not on Router. So to tell Router that connections on its public IP and port 9000 should be redirected to Computer, you must forward remote port 9000 (= the port others will use from the internet) to local port 9000 (= the port the Minecraft server is using locally). When a connection to an AirVPN server is made, the server virtually becomes that Router in the graph. The connection graph logically stays the same: Computer <> Router (AirVPN server) <> ISP (datacenter) <> Website. NAT is used there as well, obviously, because you can't just give 80 clients connected to an AirVPN server public IPv4 addresses. So every client gets its own local IPv4 address in the 10.x.x.x range and is therefore part of a virtual network that is private, not public, hence the name Virtual Private Network. The router in your home doesn't play any role as a firewall/NAT anymore while you are connected to AirVPN. AirVPN gives you the possibility to forward ports just like you would do on your home router. If we stay with the Minecraft server example, you now need to instead tell the AirVPN server to redirect connections on its public IP on port 9000 (= the remote port) to Computer's local port 9000. With that knowledge you might realize that this: is not correct. This is the port OpenVPN uses to connect to an AirVPN server. What you do is this: Go to the port forwarding page. Simply click on Add+. The port you see there you enter in qBittorrent settings. You either wait a minute or restart qB. Profit from more throughput.

Hello and thank you! The maximum discount you can get ("up to") is 67.5% with a 2 years plan. You pay 54.60 EUR for 2 years, i.e. 2.28 EUR/month, instead of 7 EUR/month (saving exactly 67.5%). If you compare the new plan with the 1 year plan, then the special deal makes you save anyway 50% (you pay 54.60 EUR for two years, instead of 54 EUR for 1 year). Math doesn't lie, the above comparisons are perfectly legitimate and compliant to the best practices of transparent advertising and the calculations are correct. Kind regards