Leaderboard

Hello! We're very glad to announce that Eddie Android edition 4.0.0 Beta 1 is now available. This is a major update: for the first time Eddie Android edition features AmneziaWG complete support. Eddie Android edition is a fully integrated with AirVPN, free and open source client allowing comfortable connections to AirVPN servers and generic VPN servers offering compatible protocols. Eddie 4.0.0 aims primarily at adding, besides the already available OpenVPN and WireGuard, a thorough and comfortable AmneziaWG support. AmneziaWG is a free and open source fork of WireGuard by Amnezia inheriting the architectural simplicity and high performance of the original implementation, but eliminating the identifiable network signatures that make WireGuard easily detectable by Deep Packet Inspection (DPI) systems. It can operate in several different ways, including a fallback, "compatibility mode" with WireGuard featuring anyway various obfuscation techniques. What's new in Eddie 4.0.0 AmneziaWG support Amnezia WireGuard API updated OpenSSL, OpenVPN3-AirVPN and WireGuard libraries see the complete changelog below AmneziaWG overview From the official documentation: https://docs.amnezia.org/documentation/amnezia-wg AmneziaWG offers: Dynamic Headers for All Packet Types (compatibility with WireGuard: YES) During tunnel initialization, the library generates a set of random constants applied to each of the four WireGuard packet formats: Init, Response, Data, Under‑Load. These constants: Replace predictable WireGuard packet identifiers; Shift offsets of Version/Type fields; Modify reserved bits. As a result, no two clients have identical headers, making it impossible to write a universal DPI rule. Handshake Length Randomization (compatibility with WireGuard: NO) In WireGuard, the Init packet is exactly 148 bytes, and the Response packet is exactly 92 bytes. AmneziaWG adds pseudorandom prefixes S1 and S2 (0-64 bytes by default): len(init) = 148 + S1 len(resp) = 92 + S2 Offsets of the remaining fields are automatically adjusted, and MAC tags are recalculated accordingly. In order to keep backward compatibility with WireGuard, S1 and S2 must be set to 0. Obfuscation Packets I1-I5 (Signature Chain) & CPS (Custom Protocol Signature) (compatibility with WireGuard: partial, with fallback) Before initiating a "special" handshake (every 120 seconds), the client may send up to five different UDP packets fully described by the user in the CPS format. In this way AmneziaWG can mimic perfectly QUIC, DNS and other protocols adding powerful methods to circumvent blocks. QUIC is particularly interesting as HTTP/3 is built on it and currently, from Chrome and other compatible browsers, 50% of traffic to/from Google is QUIC traffic. Therefore, blocking QUIC may have major disruptions for any ISP. Junk‑train (Jc) (compatibility with WireGuard: YES) Immediately following the sequence of I-packets, a series Jc of pseudorandom packets with lengths varying between Jmin and Jmax is sent. These packets blur the timing and size profile of the session start, significantly complicating handshake detection. Under‑Load Packet (compatibility with WireGuard: YES) In WireGuard, a special keep-alive packet (“Under-Load”) is used to bypass NAT timeouts. AmneziaWG replaces its fixed header with a randomized one, the value of which can be set manually. This prevents DPI from filtering short ping packets, ensuring stable tunnel connections, especially on mobile networks. How to use Eddie with AmneziaWG To enable AmneziaWG mode, just tap the connection mode available in the main and other views. It will rotate between WireGuard, AmneziaWG and OpenVPN. Set it to AmneziaWG. In its default AmneziaWG mode, Eddie will use all the possible obfuscation, except protocol mimicking, that keeps WireGuard compatibility, thus allowing connections to AirVPN servers. The default settings choice was possible thanks to the invaluable support of persons living in countries where VPN blocks are widespread. Such settings have been tested as working and capable to bypass the current blocking methods in various countries. You may consider to modify them if they are ineffective to bypass "your" specific blocks. In Settings > Advanced, you will find, at the bottom of the page, a new "Custom Amnezia WG directives" item. By tapping it you will summon a dialog that will let you customize any possible AmneziaWG parameter. You can maintain backward compatibility with WireGuard in the dialog WireGuard section, or enable the full AmneziaWG support in the Amnezia section, which is not compatible (at the moment) with AirVPN WireGuard servers. This mode will be mostly valuable in a not distant future, when AirVPN servers will start to support AmneziaWG natively. You may also enable QUIC or DNS mimicking for additional obfuscation efficacy. In order to maintain WireGuard backward compatibility, with or without QUIC or DNS mimicking, you must set: S1 = S2 = 0 Hn ∈ {1, 2, 3, 4} H1 ≠ H2 ≠ H3 ≠ H4 Furthermore, do not exceed the valid limit of the J parameters (anyway Eddie will not let you do it). In this preview version, Eddie's formal control of the input data is based on the following document. We strongly recommend you read it if you need to modify manually parameters: https://github.com/amnezia-vpn/amneziawg-linux-kernel-module?tab=readme-ov-file#configuration Please do not modify In parameters if you don't know exactly what you're doing. Eddie implements QUIC and DNS mimicking and random obfuscation packets for each specific "I" parameter (by using the corresponding "Generate" button). You can enable them with a tap on the proper buttons. You may mimic QUIC and DNS even to connect to WireGuard based servers. When you enable QUIC mimicking and you maintain WireGuard backward compatibility, you add a powerful tool against blocks, because the first packets will be actual QUIC packets. AmneziaWG will fall back to WireGuard compatibility very soon. However, when DPI and SPI tools, and demultiplexers in general, identify the initial QUIC flow, most of them will be unable to detect a WireGuard flow for several minutes. This has been tested thoroughly with deep packet inspection on Linux and FreeBSD based machines by AirVPN staff. Therefore, in different blocking scenarios the QUIC mimicking increases likelihood of successful block bypass. NOTE: the same does not happen with DNS mimicking. In this case DPI / SPI tools identify the stream initially as DNS, but are much quicker (just in a few dozens of packets) to identify the stream as WireGuard's, after the initial DNS identification. If you decide to test, please report at your convenience any bug and problem in this thread. If possible generate a report from the app in a matter of seconds: by tapping the paper plane icon on the Log view bar rightmost side you will generate a full system report which will include both log and logcat and have it sent to our servers. Then you just need to send us the link the app shows you (open a ticket if you prefer to do it in private). Download link, checksum and changelog https://eddie.website/repository/Android/4.0.0-Beta1/EddieAndroid-4.0.0-Beta-1.apk This is a build debug package and side load is mandatory. $ sha256sum EddieAndroid-4.0.0-Beta-1.apk 617269290a0406237646cc0885e5b10f3916252f89fe82ba9ccb947354980fcb EddieAndroid-4.0.0-Beta-1.apk Changelog 4.0.0 (VC 37) - Release date: 26 November 2025 by ProMIND Native Library [ProMIND] updated to version 4.0.0, API 10 [ProMIND] added Amnezia WireGuard API [ProMIND] updated to OpenVPN-AirVPN 3.12 (20251126) AirVPNUser.java [ProMIND] getWireGuardProfile(): added Amnezia support ConnectAirVPNServerFragment.java [ProMIND] showConnectionInfo(): added AmneziaWG logo display [ProMIND] onCreateContextMenu(): added AmneziaWG items [ProMIND] onContextItemSelected(): added AmneziaWG items [ProMIND] added method loadVPNProfile() ConnectVpnProfileFragment.java [ProMIND] added Amnezia support EddieLibraryResult.java [ProMIND] added Amnezia WireGuard API QuickConnectFragment.java [ProMIND] onCreateView(): added AmneziaWG logo display [ProMIND] updateStatusBox(): added AmneziaWG logo display SettingsActivity.java [ProMIND] added "Custom AmneziaWG directives" setting SettingsManager.java [ProMIND] added Amnezia specific settings and methods SupportTools.java [ProMIND] removed method getVPNProfile() VPN.java [ProMIND] added methods enableAmneziaWireGuard() and isWireGuardAmneziaEnabled() VPNManager.java [ProMIND] added method isWireGuardAmneziaEnabled() VPNProfileDatabase.java [ProMIND] added AMNEZIA type WebViewerActivity.java [ProMIND] EddieWebViewClient.shouldOverrideUrlLoading(): it now properly opens android asset files WireGuardClient.java [ProMIND] added WireGuard tunnel node to constructor [ProMIND] added methods for generating Amnezia's junk settings WireGuardTunnel.java [ProMIND] added support for Amnezia WireGuard [ProMIND] added Mode enum [ProMIND] added tunnel node to constructor EddieLibrary.java [ProMIND] added Amnezia WireGuard API Kind regards & datalove AirVPN Staff

Hello! We're very glad to inform you that the Black Friday weeks have started in AirVPN! Save up to 74% when compared to one month plan price Check all plans and discounts here: https://airvpn.org/buy If you're already our customer and you wish to jump aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day. AirVPN is one of the oldest and most experienced consumer VPN on the market, operating since 2010. It never changed ownership and it was never sold out to data harvesting or malware specialized companies as it regrettably happened to several competitors. Ever since 2010 AirVPN has been faithful to its mission. AirVPN does not inspect and/or log client traffic and offers: five simultaneous connections per account (additional connection slots available if needed) state of the art and flexible inbound remote port forwarding active daemons load balancing for unmatched high performance - current 'all time high' on client side is 730 Mbit/s with OpenVPN and 2000 Mbit/s with WireGuard flexible and customizable opt-in block lists protecting you from adware, trackers, spam and other malicious sources. You can customize answers or exceptions globally, at account level or even at single device level. powerful API IPv6 full support comfortable management of your client certificates and keys AES-GCM and ChaCha20 OpenVPN ciphers on all servers Perfect Forward Secrecy with unique per-server 4096 bit Diffie-Hellman keys internal DNS. Each server runs its own DNS server. DNS over HTTPS and DNS over TLS are also supported. free and open source software client side software support to traffic splitting on an application basis on Android and Linux and on a destination basis on Windows and macOS GPS spoofing on Android application AirVPN is the only VPN provider which is actively developing OpenVPN 3 library with a fork that's currently 330 commits ahead of OpenVPN master and adds key features and bug fixes for a much more comfortable and reliable experience: https://github.com/AirVPN/openvpn3-airvpn AirVPN, in accordance with its mission, develops only free and open source software for many platforms, including Android, Linux (both x86 and ARM based systems), macOS and Windows. Promotion due to end on 2025-12-03 (UTC). Kind regards & datalove AirVPN Staff

We have kept the OP message to show the pervasiveness of the PRC's propaganda lackeys. We consider Taiwan (Republic of China) to be independent and autonomous from the PRC (People's Republic of China), as it is in fact. ipleak uses MaxMind and IANA databases to display results, and we are pleased that these are aligned with an anti-imperialist and democratic vision that is clearly unpalatable to the dictatorial regime of the PRC, which sees it as an obstacle to its expansionist ambitions.

With IPv6 allowing practically infinite IPs it should be possible to assign a dedicated IPv6 address to each connection, allowing incoming connections to any port to be forwarded. This would be a great way to circumvent the port forwarding restrictions on IPv4 that exist because multiple clients have to share the same exit IP, and I think would make for a nice optional feature.

Hello! Please follow this message to quickly resolve the issue: https://airvpn.org/forums/topic/26548-linux-ip-6-addr-add-failed/?do=findComment&comment=72069 The OP problem might be different so your case should not be discussed here. Kind regards

I mean, the guarantee is actually in mbps. I wish they guaranteed 4gbps!

While I love that you continue to support OpenVPN would you please reconsider a few WireGuard‑only 10–20 Gbit servers to quantify the uplift for users who prioritize raw speed and low latency? It’s my understanding that OpenVPN server processes are single‑threaded and CPU‑intensive. Co‑hosting OpenVPN and WireGuard on the same high‑capacity host (10–20 Gbit) can constrain aggregate throughput under load because per‑core bottlenecks caps per‑host headroom when many OpenVPN clients are active. In cities where you have multiple 20 Gbit servers like New York dedicating one to Wireguard doesn't seem unreasonable? Thank you for your consideration.

Hi Archaon1, I'm glad I could help you. Six months ago, I was just a newbie, but thanks to the community's help, I grew rapidly. Now, I can finally help others too. That's the meaning of a community. Haha, it's really satisfying to help others. 🎉🎉🎉

Hello! After a year of using AirVPN I'm very happy with the product. Website has no bloat whatsoever and it's super easy to find what you are looking for. A huge plus goes out for having an active forum available! Much better option compared to social media idiocies. Also port forwarding has been executed greatly - many other VPN services miss that altogether but even those which support it can't match AirVPN's easy-to-use robust system. Config generator is a great plus too since I'm using both WireGuard app and WireSock depending on the situation and needs. Both run just fine and very few VPN's could match this level of usability. I sometimes have dissapointing speeds with P2P, but usually a simple server change fixes it. Overall very happy customer. Please have a beer AirVPN staff, you've deserved it!

Logbook of an old salt, written on the first day of a fresh two-year voyage aboard the proud AirVPN fleet: Brethren and sister privateers, The yearly discount chest has been opened once again, and I have filled my hold with twenty-four more months of wind. While the quartermaster counts the gold, let this weathered mariner raise a weather-beaten voice: We need a berth in Poland. One single, sturdy server flying the white-and-red banner would save an entire nation of sailors from slow death by a thousand of exceptions. Behold the enemies that lie in wait in Polish waters: The heavy galleon Poczta Polska (Polish Post) and her tender Envelo (online postage)The ironclad banks that fire broadsides the moment a foreign IP drops anchorThe judicial fortresses and their batteriesLegal archives, university libraries, and even honest merchant carracks All of them roar: “No foreign keel shall pass!” The only way to trade with them is to rip plank after plank from our own hulls – dozens, sometimes hundreds of holes in iptables so the cannonballs of “access denied” fly straight through. (Call it split-tunneling if ye be landlubbers; we call it scuttling the ship to save the cargo.) I have sailed these waters for years in the AirVPN flotilla, and the oceans grow darker every season. Ports that once welcomed us now slam the gates. The great YouTube leviathan mistakes every one of our frigates for a pirate bot and demands we strike our colours and show papers none of us will ever sign. So we dance the server hornpipe – Netherlands to Switzerland to Sweden to Canada – tacking frantically until one harbour opens its arms for a fleeting moment, only to chase us out again before the song is over. Need to see them Canadian iron beasts racing the prairie? We glide in under Japanese colours, drop anchor for a fleeting moment of peace… then, the instant the port starts sniffing at our false ensign, we cut the cable and fly before the black-list cannonade roars. This be not the fault of our admirable Admiral and the crew – ‘tis the spirit of the age trying to chain the very sea itself – but one safe haven on Polish soil would turn a gauntlet of fire into a calm inland lake for all local hands. May fair winds fill AirVPN sails forever! May the fleet grow stronger every year! Hail Poland! Hail AirVPN! Hail all ye beautiful bastards and bitches who still believe the high seas should be free! Yours in rum and packets, An old Polish privateer 🇵🇱

AIRVPN DOES NOT RECOGNIZE ANYMORE VERISIGN, AFILIAS AND ICANN AUTHORITY. OUR COMMITMENT AGAINST UNITED STATES OF AMERICA UNFAIR AND ILLEGAL DOMAIN NAMES SEIZURES. The United States of America authorities have been performing domain names seizures since the end of 2010. The seizures have been performed against perfectly legal web-sites and/or against web-sites outside US jurisdiction. Administrators of some of those web-sites had been previously acquitted of any charge by courts in the European Union. The domain name seizures affect the world wide web in its entirety since they are performed bypassing the original registrar and forcing VeriSign and Afilias (american companies which administer TLDs like .org, .net, .info and .com) to transfer the domain name to USA authorities property. No proper judicial overview is guaranteed during the seizure. Given all of the above, we repute that these acts: - are a violation of EU citizens fundamental rights, as enshrined in the European Convention on Human Rights; - are an attack against the Internet infrastructure and the cyberspace; - are a strong hint which shows that decision capacities of USA Department of Justice and ICE are severely impaired; and therefore from now on AirVPN does not recognize VeriSign, Afilias and/or ICANN authority over domain names. AirVPN refuses to resolve "seized" domain names to the IP address designated by USA authorities, allowing normal access to the original servers' websites / legitimate Ip addresses. In order to fulfil the objective, we have put in place an experimental service which is already working fine. If you find anomalies, please let us know, the system will surely improve in time. Kind regards AirVPN admins

Hello! This is interesting. We are gradually activating IPv6 on every server, but you have IPv6 disabled at OS level, and this causes a fatal error. For the moment, you can: - Reactivate IPv6 No good reason is known to disable IPv6 at OS level. If you are scared about IPv6 leak when connecting to servers without IPv6 support, a cleaner solution is simply blocking IPv6 traffic with ip6tables. OR - Append the following directives in your .ovpn files: pull-filter ignore "route-ipv6" pull-filter ignore "redirect-gateway ipv6" pull-filter ignore "dhcp-option DNS6" pull-filter ignore "tun-ipv6" pull-filter ignore "ifconfig-ipv6" redirect-gateway def1 bypass-dhcp This will skip IPv6 configuration of tunnel and avoid your error. We are considering related options to Config Generator. Kind regards

I think so. My VPN functions the same as before, and I'm able to connect to blocked websites.

Hello! Great news! I captured the first QUIC packet accessing bing.com using Wireshark and used that packet to create a complete CPS, with I1-I5 parameters in the following file. Using this CPS, I successfully connected to a US server and achieved good speed and stability. In my network environment, this was more effective than random CPS packets. Everyone can test this set of parameters (it needs to be accessible without a VPN to bing.com). I welcome any better optimization suggestions from everyone. Jc = 8 Jmin = 86 Jmax = 892 S1 = 0 S2 = 0 H1 = 2 H2 = 3 H3 = 4 H4 = 1 I1 = ... I2 = ... I3 = ... I4 = ... I5 = ... CPS I1-I5(bing.com-initial QUIC).txt

Hello! Many thanks for all these information and insight. Indeed I completely agree with what you state. Meanwhile, I identified the culprit of plasmashell crashing: a system resource plasmoid I use on the Plasma desktop background. If I remove it, no crashes happen anymore. So the safe solution is to report it to its owner/author. Despite this I was unable to crash and end Eddie GUI gracefully, so I might have misidentified this happening. That said I will keep an eye and report again if I find a reproducible way. And I understand this is beyond your control and thank you very much for the feedback. Kind regards!

I’m with @CentralPivot on this Topic. Would be lovely for FileSharing etc. and I don’t see any Downsides @Tech Jedi Alex suggests applying. Using a shared IPv6 obviously needs to be the Default. But @CentralPivot seems to suggest for it to work in a similar Way as Port Forwarding does now: Activate it and get a completely forwarded v6 for In&Out instead of a Port on a v4. (Having a (semi) fixed v6 helps with getting a positive Rating in BitTorrent Swarms.) Maybe a fresh IPv6 on Reconnects as an Option? For my Use Cases Peers without v6 are completely irrelevant to be honest, but v4 Port Forwarding doesn’t need to stop working for that Feature to exist? In the other Direction there are quite a few ISPs in the World that only do v4 via Gateways for their Users, because getting IPv4-Addresses for their Customers is impossible. IPv6 has been a "Draft" since 1998 and a Standard since late 2017…

Looking in Eddie, I can deduce a possible reason. If the scoring rule is set to Speed, which is the default, only four servers actually get a non-zero score, putting only those four into consideration of the Connect to best server function. The client count reflects that. I quick-tested a connection to Sweden on Android, and Copernicus was chosen to be the best server.. huh. Also interesting: The first three are hosted by Altushost, Segin is Netrouting, rest seems to be Kustbandet. ISP might play a role here, too.

Hello! We're very glad to announce a special promotion on our long terms Premium plans. You can get prices as low as 2.20 €/month with a three years plan, which is a 68% discount when compared to monthly plan price of 7 €. You can also send an AirVPN plan as a gift: you have the option to print or send a colorful, dedicated picture with the code to activate the plan. You can do it in your account Client Area -> Your membership: Purchase and credit -> Print X-Mas after you have bought a coupon. If you're already our customer and you wish to stay aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day. Please check plans special prices on https://airvpn.org and https://airvpn.org/buy --- Promotion will end on January the 8th, 2026 (UTC). AirVPN does not inspect and/or log client traffic and offers: five simultaneous connections per account (additional connection slots available if needed) inbound remote port forwarding unmatched high performance - current 'all time high' on client side is 730 Mbit/s with OpenVPN and 2100 Mbit/s with WireGuard flexible and customizable opt-in block lists protecting you from adware, trackers, spam and other malicious sources. You can customize answers or exceptions globally, at account level or even at single device level. powerful API IPv6 full support comfortable management of your client certificates and keys AES-GCM and ChaCha20 OpenVPN ciphers on all servers Perfect Forward Secrecy with unique per-server 4096 bit Diffie-Hellman keys internal DNS. Each server runs its own DNS server. DNS over HTTPS and DNS over TLS are also supported. free and open source software client side software support to traffic splitting on an application basis on Android and Linux and on a destination basis on Windows and macOS GPS spoofing on Android application AirVPN, in accordance with its mission, develops only free and open source software for many platforms, including Android, Linux (both x86 and ARM based systems), macOS and Windows. Promotion due to end on 2026-02-08 (UTC). Kind regards & datalove AirVPN Staff

🙄

Hello! An update: https://www.eff.org/deeplinks/2025/12/after-years-controversy-eus-chat-control-nears-its-final-hurdle-what-know Kind regards

Thank you!

I must commend the AI here – I wouldn't have thought of asking you whether you installed Eddie from scratch or copied over the profile. Most of the times those AIs catch mentions of one or two words in contexts of other words and hallucinate about the rest of the meaning, but this one was a good answer.

Hello! With WireGuard it's a very good choice as the DNS server IP address (10.128.0.1) is also the VPN gateway address, on every and each server since the WireGuard network is one. With OpenVPN, you have different subnet on every server though and you can't rely on a fixed address. 10.4.0.1 is available on every server for DNS queries but does not respond to ping. You could consider to extract the gateway from the tun interface settings at each connection and ping that gateway. Kind regards

That’s a really solid breakdown, and it honestly explains why people get tripped up with TikTok mods and similar apps. Back in the XDA and GitHub days, trust came from the community, not from some shiny website repeating “safe” fifteen times. What you said about real modders avoiding those polished download pages is spot on. I was chatting with someone at SEO Discovery about this kind of thing recently, and they mentioned how those overly SEO-optimized sites tend to target people who don’t know the difference between a genuine project and a sketchy clone. Your experience pretty much lines up with that.

I'll look into it, thank you

For the sake of so-called security, Windows' system permission design can sometimes be quite annoying. When I installed Windows, I configured Huorong Security Software with the highest privileges, locking the core Windows processes from being tampered with. For any operations requiring high privileges, I use Huorong Security Software's toolbox, which can solve the problem with a single click, saving me a lot of trouble.

Emule, I'm glad to see that this side of internet isn't dead! Little question if i may : i used unlocker to get rid of the files. Windows was saying that i needed the authorisation of ThrustDLL or something like that. How would you have granted yourself a higher authority...on your own pc? (The classic windows "I bought you, I assembled you...I OWN YOUUUU")

I installed AmneziaVPN, downloaded generated configuration (Nederland) UPD 1637 and connected. It works with and without these changes in [Interface] section. I did not change any other config values in AmneziaVPN. Now, I tried to use EddieUI with default params and it works too! Looks like domestic regulators have holiday in Uzbekistan... I will try again tomorrow.

Yes, the addition of the AmneziaWG protocol can solve the connection problems for most people at present, and I hope that AmneziaWG can be used for a long time. If in the future, when the existing protocol can no longer connect, I believe that AirVPN will add a new protocol to solve the connection problem. I will always believe in your technology and capabilities, and I believe that you will always let us breathe real internet. I will always love you, AirVPN. Keep it up!😘😘😘

Traveling to Uzbekistan. I cannot connect to any AirVpn server anymore. It worked fine in USA. Any protocol available in Eddie UI do not work. Unfortunately I paid for the whole year of AirVPN service. Looks like the XRay or something similar is the way to go...

Good morning! First of all, congratulations on the amazing work behind AirVPN. I'm writing to request the option to connect to a server through the API. There is an option to disconnect, but the option to automatically connect to a server does not seem to be available. I was wondering if it would be possible to add this functionality. Best regards, and thank you in advance.

Do you intend to add it to PC's client at some point as well?

Hello! Yes. The kernel already does a wonderful job to distribute fairly bandwidth, aided by the excellent ability to scale of WireGuard. OpenVPN is a little more problematic but we force a round robin distribution of peers on different instances to balance core load. Where a limit must be enforced artificially is in the amount of concurrent connections INSIDE the tunnel. Normally we allow the maximum amount supported by a powerful home router, i.e. 20000 concurrent connections per node. This limit is usually not even noticed by the users as it is well beyond the usage of virtually all of our user base. Kind regards

It's mostly M247 with some others sprinkled all around, like Netrouting, Leaseweb, etc.

Read Finanztip's article on internet providers first, it's got most of that info. No such thing with DSL or Fiber. Though, you should care about latency as it impacts the throughput. Well, I've been using Telekom for more than a decade now (with a short two year pause when I lived in Hannover where I had to use Vodafone Kabel DE, it was enough to never subscribe to them again). Never had problems with VPN connections with Telekom.

Absolutely stay with qbittorrent. It still functions perfectly well on MacOS, and you can still bind it to the VPN to avoid leaks which you cannot do with other clients.

as far as i know its all leased after stringent vetting process. servers have been discontinued at times in places which the safety and quality can't be reasonably assured.

That's because the AirVPN team didn't write a forums software from scratch, they picked an existing software and adapted it to the special needs of their infrastructure. A gender field in users' profiles is not a special need, given that 98% of people around here don't bother changing profile settings, let alone edit their profile. IP.Board is a "generic" forums software which can be used in many environments. In some of them contact info, birthdays and genders make sense. In some of them, including airvpn.org, they don't.

this is actually a post....... Ich bin ein Berliner

I've started using NixOS a few weeks ago and I've been trying to get Linux Suite working on it lately. I have zero experience writing Nix derivations so I basically tried to replicate the install.sh script from the tarball. Note that I've been trying to get it working for my use case (x86_64 only). What I got working: Binaries / resource files copied to the Nix Store and binaries somewhat working i.e. I can run ❯ goldcrest --version Used nix-ld for this: programs.nix-ld = { enable = true; libraries = with pkgs; [ dbus openssl libgcc ]; }; Since bluetit seems to expect resource files to be present in /etc/airvpn, I used environment.etc to copy them from the Nix store. Regarding D-Bus config files, since /etc/dbus-1 directory already exists and is a symlink to /etc/static/dbus-1, I wasn't able to write in this directory. I had to use system.activationScripts to copy the two D-Bus config files in one of the possible paths (see get_dbus_path() function in the install script). airvpn group created (I don't need airvpn user) bluetit.service / bluetit-suspend.service / bluetit-resume.service units written with systemd.services Nix option Custom bluetit.rc with my own settings and sensitive values set as agenix secrets. Zsh completions (only added Zsh because that's my interactive shell, I don't use Bash) Ideally of course, a proper Nix derivation would "Nixify" everything: airvpn user/group creation, all bluetit.rc options, whether the systemd units should be enabled or not, shell completions... but that's far beyond my abilities. What I couldn't get working: cuckoo binary ownership and permissions The installer script has: chown root:airvpn $BIN_DIR/cuckoo chmod u+s $BIN_DIR/cuckoo but I couldn't replicate this. Nix would give "permission denied" every time when rebuilding the system. root:airvpn ownership wouldn't work because the airvpn group wasn't created yet. I tried setting a gid to the airvpn group and use root:1000 instead but that didn't make any difference. Likewise, chmod u+s would result in "permission denied" error. I guess we're just not supposed to change files ownership in the Nix Store. Not sure why the chmod u+s wouldn't work though, considering the other chmod commands work. Maybe it's not that big of a deal, I don't know. any VPN connection This is obviously the biggest issue, making the program completely useless for now. Despite having binaries apparently working, I couldn't connect to any AirVPN server. First, I got DNSManagerException: systemctl: command not found: ❯ journalctl -b -u bluetit.service systemd[1]: Starting AirVPN Bluetit Daemon... bluetit[21208]: Starting Bluetit - AirVPN WireGuard/OpenVPN3 Service 2.0.0 - 22 July 2025 bluetit[21208]: OpenVPN core 3.12 AirVPN (20250606) linux x86_64 64-bit bluetit[21208]: Copyright (C) 2012- OpenVPN Inc. All rights reserved. bluetit[21208]: SSL Library: OpenSSL 3.4.2 1 Jul 2025 bluetit[21208]: AirVPN WireGuard Client 2.0.0 Linux x86_64 64-bit bluetit[21242]: Bluetit daemon started with PID 21242 bluetit[21242]: Reading run control directives from file /etc/airvpn/bluetit.rc bluetit[21242]: Network check mode is airvpn bluetit[21242]: Creating AirVPN Boot server list systemd[1]: Started AirVPN Bluetit Daemon. bluetit[21242]: Added server http://63.33.78.166 bluetit[21242]: Added server http://54.93.175.114 bluetit[21242]: Added server http://82.196.3.205 bluetit[21242]: Added server http://63.33.116.50 bluetit[21242]: Added server http://[2a03:b0c0:0:1010::9b:c001] bluetit[21242]: Added server http://bootme.org bluetit[21242]: Boot server http://bootme.org resolved into IPv4 82.196.3.205/32 IPv6 2a03:b0c0:0:1010::9b:c001/128 bluetit[21242]: AirVPN Boot server list successfully created. Added 6 servers. bluetit[21242]: AirVPN connectivity attempt 1 in progress bluetit[21242]: Successfully connected to AirVPN server <redacted> bluetit[21242]: External network is reachable via IPv4 gateway <redacted> through interface <redacted> bluetit[21242]: Successfully connected to D-Bus bluetit[21242]: DNSManagerException: systemctl: command not found bluetit[21242]: Sending event 'event_end_of_session' bluetit[21242]: Bluetit successfully terminated systemd[1]: bluetit.service: Main process exited, code=exited, status=1/FAILURE systemd[1]: bluetit.service: Failed with result 'exit-code'. systemd[1]: bluetit.service: Consumed 37ms CPU time, 7.3M memory peak, 12.4M read from disk, 120K written to disk, 60B incoming IP traffic, 164B outgoing IP traffic. I first tried adding Environment = "PATH=/run/current-system/sw/bin:$PATH"; to systemd.services.bluetit.serviceConfig, but that didn't make any difference. Creating a symlink allowed to get rid of the error: ❯ sudo ln -s /run/current-system/sw/bin/systemctl /bin/systemctl But still: With networklockpersist on: "NetFilterException: No usable firewall found in this system" With networklockpersist iptables: "NetFilterException: iptables or iptables legacy is not available in this system" With networklockpersist nftables: "NetFilterException: nftables is not available in this system" Creating symlinks also allowed to get rid of the errors: ❯ sudo ln -s /run/current-system/sw/bin/iptables /bin/iptables ❯ sudo ln -s /run/current-system/sw/bin/iptables-save /bin/iptables-save ❯ sudo ln -s /run/current-system/sw/bin/iptables-restore /bin/iptables-restore ❯ sudo ln -s /run/current-system/sw/bin/ip6tables /bin/ip6tables ❯ sudo ln -s /run/current-system/sw/bin/ip6tables-restore /bin/ip6tables-restore ❯ sudo ln -s /run/current-system/sw/bin/ip6tables-save /bin/ip6tables-save ❯ sudo ln -s /run/current-system/sw/bin/nft /bin/nft Then, more errors. With networklockpersist iptables: Goldcrest - AirVPN Bluetit Client 2.0.0 - 22 July 2025 Reading run control directives from file /root/.config/goldcrest.rc Bluetit - AirVPN WireGuard/OpenVPN3 Service 2.0.0 - 22 July 2025 OpenVPN core 3.12 AirVPN (20250606) linux x86_64 64-bit Copyright (C) 2012- OpenVPN Inc. All rights reserved. OpenSSL 3.4.2 1 Jul 2025 AirVPN WireGuard Client 2.0.0 Linux x86_64 64-bit Successfully restored DNS and network filter settings WARNING: Backup copy of resolv.conf not found. DNS settings do not need to be restored. Scanning for system DNS addresses Found system IPv4 DNS <redacted> Found 1 system DNS address Command not found Command not found WARNING: Backup copy of network filter not found. Network settings do not need to be restored. Network filter and lock are using /bin/iptables ERROR: system 'modules.builtin' does not exist. ERROR: system 'modules.builtin' does not exist. ERROR: system 'modules.builtin' does not exist. ERROR: system 'modules.builtin' does not exist. ERROR: system 'modules.builtin' does not exist. ERROR: system 'modules.builtin' does not exist. ERROR: system 'modules.builtin' does not exist. ERROR: system 'modules.builtin' does not exist. ERROR: system 'modules.builtin' does not exist. ERROR: system 'modules.builtin' does not exist. Network filter successfully initialized Private network is allowed to pass the network filter Ping output is allowed to pass the network filter IPv6 NDP is allowed to pass the network filter Network Lock Error: Unknown error 256 (stderr: iptables-restore: line 1 failed) Bluetit session terminated With networklockpersist nftables: Goldcrest - AirVPN Bluetit Client 2.0.0 - 22 July 2025 Reading run control directives from file /root/.config/goldcrest.rc Bluetit - AirVPN WireGuard/OpenVPN3 Service 2.0.0 - 22 July 2025 OpenVPN core 3.12 AirVPN (20250606) linux x86_64 64-bit Copyright (C) 2012- OpenVPN Inc. All rights reserved. OpenSSL 3.4.2 1 Jul 2025 AirVPN WireGuard Client 2.0.0 Linux x86_64 64-bit Successfully restored DNS and network filter settings WARNING: Backup copy of resolv.conf not found. DNS settings do not need to be restored. Scanning for system DNS addresses Found system IPv4 DNS <redacted> Found 1 system DNS address Network filter successfully restored Network filter and lock are using nftables ERROR: system 'modules.builtin' does not exist. Network filter successfully initialized Private network is allowed to pass the network filter Ping output is allowed to pass the network filter IPv6 NDP is allowed to pass the network filter Persistent network filter and lock successfully enabled. Private network is allowed. Bluetit session terminated With networklockpersist off (default): bluetit[8754]: Starting WireGuard boot connection bluetit[8754]: ERROR: system 'modules.builtin' does not exist. bluetit[8754]: ERROR: cannot load wireguard system module bluetit[8754]: Cannot load wireguard system module bluetit[8754]: Logging out AirVPN user 183aTr78f9o bluetit[8754]: AirVPN Manifest successfully retrieved from server bluetit[8754]: AirVPN Manifest update interval is now set to 30 minutes bluetit[8754]: Session network filter and lock are now disabled bluetit[8754]: Sending event 'event_end_of_session' At this point, I don't know what do try next. The main issue is likely that due to NixOS not following FHS (Filesystem Hierarchy Standard), bluetit can't find anything (binaries, kernel modules...) to work. Since Nixpkgs no longer accepts package requests, I thought I'd just ask here if someone could help or even write a proper derivation from scratch. My (terrible/sadly broken) derivation: { config, lib, pkgs, ... }: let version = "2.0.0"; airvpn-linux-suite = pkgs.stdenv.mkDerivation { pname = "airvpn-linux-suite"; inherit version; src = pkgs.fetchurl { url = "https://eddie.website/repository/AirVPN-Suite/${version}/AirVPN-Suite-x86_64-${version}.tar.gz"; # sha256 = lib.fakeSha256; sha256 = "Jt83PPHwBv/GraubQV4I7Shn+UwMvkVW2q9VIAbYDw0="; }; installPhase = '' mkdir -p $out/sbin mkdir -p $out/bin mkdir -m=750 -p $out/etc/airvpn mkdir -p $out/etc/dbus-1/system.d mkdir -p $out/etc/systemd/system mkdir -p $out/share/zsh/site-functions cp --preserve=mode bin/bluetit $out/sbin/ for f in "goldcrest" "hummingbird" "cuckoo" "airsu"; do cp --preserve=mode bin/$f $out/bin done for f in "airvpn-manifest.xml" "connection_priority.txt" "connection_sequence.csv" \ "country_continent.csv" "country_names.csv" \ "continent_names.csv" "nsswitch.conf"; do cp etc/airvpn/$f $out/etc/airvpn/ done chmod 660 $out/etc/airvpn/* cp etc/dbus-1/system.d/* $out/etc/dbus-1/system.d/ chmod 644 $out/etc/dbus-1/system.d/org.airvpn.* cp etc/site-functions/* $out/share/zsh/site-functions/ ''; meta = with lib; { description = "AirVPN free and open source suite based on AirVPN OpenVPN 3 library fork"; homepage = "https://www.airvpn.org/"; license = licenses.gpl3Plus; platforms = [ "x86_64-linux" ]; maintainers = [ maintainers.183aTr78f9o ]; }; }; customBluetitRC = # ini '' # full bluetit.rc here with custom settings ''; in { environment.systemPackages = [ airvpn-linux-suite ]; users.groups.airvpn = { }; systemd.services = { bluetit = { description = "AirVPN Bluetit Daemon"; unitConfig = { After = [ "network-online.target" "firewalld.service" "ufw.service" "dbus-daemon.service" "dbus.socket" ]; Wants = [ "network-online.target" "firewalld.service" "ufw.service" "dbus-daemon.service" "dbus.socket" ]; }; serviceConfig = { Type = "forking"; PIDFile = "/etc/airvpn/bluetit.lock"; ExecStart = "${airvpn-linux-suite}/sbin/bluetit"; Environment = "PATH=/run/current-system/sw/bin:$PATH"; TimeoutStopSec = 90; KillSignal = "SIGTERM"; KillMode = "mixed"; SendSIGKILL = "no"; }; wantedBy = [ "multi-user.target" ]; }; bluetit-resume = { description = "AirVPN Bluetit Daemon Resume after Suspend, Sleep, Hibernate"; unitConfig = { After = [ "network-online.target" "firewalld.service" "ufw.service" "dbus-daemon.service" "dbus.socket" "suspend.target" "suspend-then-hibernate.target" "hibernate.target" "hybrid-sleep.target" "sleep.target" ]; Wants = [ "network-online.target" "firewalld.service" "ufw.service" "dbus-daemon.service" "dbus.socket" ]; }; serviceConfig = { Type = "forking"; ExecStart = "${pkgs.systemd}/bin/systemctl start bluetit.service"; }; wantedBy = [ "suspend.target" "suspend-then-hibernate.target" "hibernate.target" "hybrid-sleep.target" "sleep.target" ]; }; bluetit-suspend = { description = "AirVPN Bluetit Daemon Suspend, Sleep, Hibernate"; unitConfig = { Before = [ "suspend.target" "suspend-then-hibernate.target" "hibernate.target" "hybrid-sleep.target" "sleep.target" ]; }; serviceConfig = { Type = "forking"; ExecStart = "${pkgs.systemd}/bin/systemctl stop bluetit.service"; }; wantedBy = [ "suspend.target" "suspend-then-hibernate.target" "hibernate.target" "hybrid-sleep.target" "sleep.target" ]; }; }; environment.etc = { "airvpn/airvpn-manifest.xml" = { source = "${airvpn-linux-suite}/etc/airvpn/airvpn-manifest.xml"; mode = "0660"; }; "airvpn/bluetit.rc" = { text = customBluetitRC; mode = "0660"; }; "airvpn/connection_priority.txt" = { source = "${airvpn-linux-suite}/etc/airvpn/connection_priority.txt"; mode = "0660"; }; "airvpn/connection_sequence.csv" = { source = "${airvpn-linux-suite}/etc/airvpn/connection_sequence.csv"; mode = "0660"; }; "airvpn/country_continent.csv" = { source = "${airvpn-linux-suite}/etc/airvpn/country_continent.csv"; mode = "0660"; }; "airvpn/country_names.csv" = { source = "${airvpn-linux-suite}/etc/airvpn/country_names.csv"; mode = " 0660"; }; "airvpn/continent_names.csv" = { source = "${airvpn-linux-suite}/etc/airvpn/continent_names.csv"; mode = "0660"; }; "airvpn/nsswitch.conf" = { source = "${airvpn-linux-suite}/etc/airvpn/nsswitch.conf"; mode = "0660"; }; }; system.activationScripts."airvpn-dbus-conf" = # sh '' destPath="/usr/local/etc/dbus-1/system.d" mkdir -m=755 -p "$destPath" cp "${airvpn-linux-suite}/etc/dbus-1/system.d/org.airvpn.client.conf" "$destPath/" chmod 644 "$destPath/org.airvpn.client.conf" cp "${airvpn-linux-suite}/etc/dbus-1/system.d/org.airvpn.server.conf" "$destPath/" chmod 644 "$destPath/org.airvpn.server.conf" systemctl reload dbus 2>/dev/null || true ''; }

Hello, I would like some information regarding the possibility of AirVPN collecting IP addresses. AirVPN does not collect IP addresses by default, but would it be possible to set up a protocol dedicated to analyzing the behavior of a single user in particular following a judicial request? ProtonVPN makes it very clear how this logging works “upon judicial request”: https://protonvpn.com/blog/can-be-tracked-using-vpn#police Switzerland is a jurisdiction I'm familiar with, which doesn't allow a VPN provider to start recording logs about users. Is it the same in Italy? Can AirVPN staff comment on the legal requests they receive, and if they are forced to start a specific logging on a user at the request of justice? Does Italian law prevent this, or has it happened in the past? I'm an AirVPN user and I support the project being an activist too. These are just legitimate questions that I hope will be addressed by the staff. @Staff Good day to all

I currently run a linux firewall without eddie and just use openvpn client. here is what i did to protect against dns leaks and maintain privacy. i don't use windows because of privacy concerns so i don't know how well this translates. assuming you have a layer 3/4 firewall, you can try this. the network: set the interface to start disabled on bootup. this is not necessary, but will work if you're firewall is not default. then you can set your firewall before the interface is open. nothing can leak during boot because the interface did not come up. in the firewall: set policy to block on input (inbound), output, and forward (or whatever windows equivalent is). this should be the default action in case there are no specific rules to catch particular traffic. setting this means nothing passes the firewall unless you explicitly allow it. set all rules with tracking (ct state), such that no inbound traffic is allowed unless it is a response from a request you sent out. only exception is icmp and other network diagnostic protocols like traceroute, which in my opinion should be open. icmpv6 should be selectively open since it also does network setup. log all blocked traffic on the physical interface: open source and destination port 67/68, udp, inbound and outbound so your ISP can give you an IP. configure your client to not accept the dns it will give you. open destination upd port 53 or 853 only for specific IPs, typically a public DNS that advertises no logs. this is your fall back in case vpn drops or if you connect to vpn using a domain name. your ISP will see this traffic, but it will not be destined to your ISP DNS. it will pass through and go to the server you specify. i am not yet convinced encrypted dns actually hides your dns, but i would consult with a network admin. open destination tcp/udp port 1194 (or whatever port you are using for VPN). Do not use port 443 for VPN as that is the same port for https website traffic. Note: broadly speaking, destination port 53 and 853 will not be open, blocking dns leaks. this is permanent i used to have to open port 80 for AirVPN IPs to make the initial connection, but I don't see this in my firewall anymore, so it may not be necessary. if you see this in your firewall logs when attempting a vpn connection, apply this rule in the same format as above, but make sure it is limited to only just the AirVPN IPs as this would otherwise allow normal website traffic. on the tunnel interface: open source and destination port 67/68, udp, inbound and outbound so Airvpn can give you an IP. you can use AirVPN dns, or create a rule to use the public dns of your choice like on the physical interface. open destination port 53 outbound on the 10/8 IP range, or if you have a way to limit it to just the DNS that you get with VPN, that'll work. (AirVPN will give you an IP starting with 10.) open destination port ntp outbound on the 10/8 IP range (to keep the time accurate on your devices) open destination tcp port 80,443 outbound, for website traffic. 8443 for websockets if you use things like chat/voice on a website app like discord. Ongoing: open any other ports you may be using, such as Steam IPs. Check your firewall logs any time something doesn't work, and add those ports. exhibit discernment about whether to open a port, as you may see crap trying to leak out of your network, not just dns. this is expected and is keeping your stuff private. speedtest sites like to use port 8080, so open destination port 8080 (ct state new) if you want to test your speed, and on inbound, open source port 8080 (ct state established) Note: broadly speaking, destination port 53 and 853 will not be open, blocking dns leaks. this is permanent Extra Notes: starting or stopping your vpn will not change any firewall rules. you will not have access to websites unless vpn is up. this will not work if you're using port 443 for your tunnel. the tunnel port and website port needs to be different. in some countries, this may not be possible. for every outbound destination port (ct state new) opened, there should be a corresponding inbound source port (ct state established) opened as well. traffic is 2 way, outgoing request, incoming response this may not be comprehensive. my firewall has a lot more rules and i may have missed something. view your firewall logs to see what is being blocked, and see whether you need to open it. This should absolve the need for a network lock, and maintain privacy during bootup and anytime eddie is not running. check your firewall logs for traffic on port 53 over the wan interface. these will be dns leaks you prevented. A quick note about windows: Microsoft overrides the hosts files and looks for various microsoft domains it uses for telemetry gathering. it will ignore these rules. this means the standards government hosts files are no longer being followed. this is a violation of long standing networking standards and causes people to reduce trust in the rest of the windows network setup. because of this, you should no longer trust that your firewall will not be overridden by Windows and allow dns traffic through even if you explicitly blocked it. Microsoft has admitted to running a keylogger since Windows 10. i mean ... my god. linux has come a long way in usability. you no longer have to be a hacker to run it well. i would make an attempt to convert to linux. it has been 30 years since computers were around. it is no longer acceptable to be computer-illiterate. old world literacy means you know how to use a feather quill pen. modern literacy means you know how to work your way around a computer. know the tool you use to communicate. linux is a different paradigm, but it is still just a computer. It would be great if somewhere on this site is pinned exact instructions for windows. it will help those concerned and those who don't yet know they should be. for anyone knowledgeable enough, please feel free to correct any of this if it is incorrect. share the knowledge! i don't frequent this site. admins have permission to edit this. -s

@Bohdan Kushnirchuk Hello! How to solve: To grant Terminal full disk access (except some specific critical directories) on macOS, follow these steps: Open System Settings (or System Preferences): On macOS Ventura and later, click the Apple menu at the top-left of your screen, then choose System Settings. On macOS Monterey or earlier, choose System Preferences. Go to Privacy & Security: In System Settings (Ventura and later), select Privacy & Security in the left-hand menu. In System Preferences (Monterey and earlier), click Security & Privacy, then go to the Privacy tab. Select Full Disk Access: In the Privacy & Security or Security & Privacy tab, scroll down and click Full Disk Access in the left menu. Unlock Settings: At the bottom-left of the window, you might need to click the lock icon and enter your admin password to make changes. Add Terminal: Once the lock is open, click the + button beneath the list of apps with Full Disk Access. In the file chooser window that pops up, go to Applications > Utilities, and select Terminal. Click Open to add it to the list. Restart Terminal: Close the Terminal app if it’s open, then reopen it to apply the changes. 2. Open the terminal and change ownership of the relevant files: sudo chown root /Applications/Eddie.app/Contents/MacOS/* Kind regards

Hello! You could split the traffic of the application you run to access CS2 or Steam (a browser and/or a dedicated game client, we don't know). All the traffic of the system would continue flowing into the VPN tunnel except the specific Steam related applications traffic. While no trivial solution is available for macOS at the moment (you could consider virtualization), on Linux you can achieve app traffic splitting with the AirVPN Suite 2, on Windows with WireSock, on Android with Eddie Android edition. Kind regards

Hi @OpenSourcerer, no, I`m not Sj0rs. If you scroll a bit down in his guide you wil lsee I "enhanced" his guide with Pictures, mentioning that this is based on his guide. As you can see his Guide does not have any IPv6 setup and as this was requested I thought it would be good to include it. While testing on my own how to acceive it, I found several "misconfiguratins" in his guide. Therefore I thought it might be good to create a complete new one. And to be boldly honest, yes the old guide should be marked as "deprecated" once I got the time to finish this guide. (Hope to do this today). Same as, if someone writes another guide adding value to the config can superseed my guide. Sj0rs has not ever replyed in his own guide, so I think he won`t even care what happes with his guide. He didn`t even bother to add pictures when asked nicely in the forum. If you feel it`s rude from me putting up a guide, let me know I can spend my time with other things then. My Setup is like 99% working so no need for me to post this here, I just wanted to give something back to the community as some of the guidance I`ve found in this forum.

Ok, so i got chown working, the "Terminal" app did not have permission to modify system files and i missed the notification advising this. After fixing that i had to change wireguard-go and wg to be owned by root to allow Eddie to work, but it is now connecting.

If you notice that the connection speed drops down again increase the Jc parameter (I recommend values 10-80) and rearrange the H1, H2, H3, H4 values (they should be the numbers from 1 to 4 but their order can be any). ТСПУ is able to detect and throttle AmneziaWG and I personally had this situation twice, and twice I had to pump up the Jc parameter. Don't set it too high though: too much junk is also abnormal and potentially can become a fingerprint. According to the recent news Roskomnadzor has set a budget of 60 billion rubles (655 000 000 USD) to significantly upgrade their wonderboxes in the next 5 years. So I guess even more fun is coming. I've already bought a cheap VPS and installed Xray (VLESS-TCP-XTLS-Vision-REALITY), sing-box (Shadowsocks with 2022-blake3-aes-128-gcm) and Cloak but don't use it much to keep the IP from prematurely getting into the black lists (if they even currently exist in Russia, but in Iran they already do). May be it's all over the top but who knows the future? For now my main method of accessing the larger data world is still the good old AirVPN.

Hi, yeah no worries since I am only going to use one connection I can still use this port or I will just request another port for a different device? Anyhow this is the fixed config... I was stupid reading forum entries on how to set it up when it was all correctly stated in the readme.... : version: "3" services: gluetun: image: qmcgaw/gluetun cap_add: - NET_ADMIN networks: mvl-200: ipv4_address: 10.60.1.5 ports: - 41870:41870 - 41870:41870/udp - 80:80 environment: - VPN_SERVICE_PROVIDER=airvpn - VPN_TYPE=wireguard - WIREGUARD_PRIVATE_KEY=xxxxxxxxxxxx - WIREGUARD_PRESHARED_KEY=xxxxxxxxxxxx - WIREGUARD_ADDRESSES=xxxxxxxxxxxxxx - SERVER_COUNTRIES=Netherlands - FIREWALL_VPN_INPUT_PORTS=xxxxxxxxxxxx volumes: - /media/glueton:/gluetun maybe somebody as dumb as me googles this and it helps^^

Hello! We're very glad to inform you that we have just published the Developer's Reference Manual for Bluetit by promind. Bluetit, a core component of the AirVPN-SUITE, is a lightweight D-Bus controlled system daemon providing VPN connectivity through OpenVPN 3 AirVPN. Bluetit exposes a D-Bus interface which can be used by client applications in order to control the daemon and provide full interaction and connectivity with the whole AirVPN infrastructure. The manual covers Bluetit infrastructure and architecture and provides a complete reference for all the AirVPN’s classes on which the suite is based. The goal is to give any developer who wishes to write a Bluetit client, or a tool providing AirVPN inter-connectivity, a complete reference about the internals of both Bluetit daemon and the AirVPN–SUITE C++ classes. The tool to swiftly interact with the AirVPN infrastructure, repeatedly required by multiple AirVPN client developers in the past, is available and fully documented now. The document is a significant step forward in the VPN market and a further AirVPN's commitment to transparency and openness..The availability of a Developer's Reference Manual allows, in fact, any user or developer to successfully and proficiently build an AirVPN client to best suit her or his own needs. Should you decide to have a paper copy of the document, please consider that it is typeset for double side printing. Bluetit Developer's Reference Manual has been written and typeset in the unrivaled (ça va sans dire) LaTeX 2ε and it is released under CC BY-NC-SA 4.0 International You can download the manual here: https://gitlab.com/AirVPN/AirVPN-Suite/-/blob/master/docs/Bluetit-Developers-Reference-Manual.pdf directly from this message: Bluetit-Developers-Reference-Manual.pdf or in the AirVPN Suite for Linux download section. Kind regards & datalove AirVPN Staff

The United States is an enemy of the Internet. More and more our technology and communications are captured illegaly and stored for many years and then used against us in court. The government seems to sincerely believe that it owns the Internet and regulary hacks into foreign servers to retrieve data, seizes domain names, etc. and any citizen who can be considered a hacker under broad laws will be thrown in prison. My warning as a US citizen is to watch out, encrypt, keep everything secure, keep data offshore, and avoid any US-influenced entities such as ICANN. Thank you AirVPN for the great continued service. I've been using multiple VPN connections almost constantly for the past year everywhere and as far as I can see that will continue