Leaderboard

Hello! The problem affects those users who run Eddie Desktop edition with OpenVPN and never logged out for more than a year, or use OpenVPN clients with configuration files generated before 2021. Since Eddie Desktop edition re-downloads certificates and keys only when the operator logs in, locally some certificates have expired because we extend their expiration date automatically at least one year in advance (three years normally). Please try the following procedure to quickly resolve the problem: run Eddie on Eddie's main window uncheck "Remember me" log your account out log your account in (you'll need to re-enter your AirVPN credentials) try again a connection Kind regards

pfsense warned me last month that some old certs were expiring so I'm not surprised that some people are seeing this results. It's unfortunate that software (eddie) or this web site didn't warn people they were using certs about to expire.

I agree with your sentiment - it takes a lot of time when you're unfamiliar with this stuff and are already busy doing something else. But it is easier than it seems. To renew the certificate: - Go to https://airvpn.org/ - Sign in - Select the "Client Area" tab - Under "VPN Devices" click the "Manage" button - Click the "Details" button - Click the "Renew" button Then do what Staff says in the above post: - run Eddie - on Eddie's main window uncheck "Remember me" - log your account out - log your account in (you'll need to re-enter your AirVPN credentials) - try again a connection

Great thank you very much, everything works again It was all stupid Thanks again

Hello! Please try the following procedure to quickly resolve the problem: run Eddie on Eddie's main window uncheck "Remember me" log your account out log your account in (you'll need to re-enter your AirVPN credentials) try again a connection Kind regards

According to this definition there is no censorship at all anywhere enforced by governments, not in North Korea, not in France, not in China... Please note that your definition is pure fantasy, if not insulting. Censorship is exactly suppression of speech, public communication, or other information subversive of the "common good", or against a given narrative, by law or other means of enforcement. The fact that censorship is enforced by law or by a government body does not make it less censorship. Furthermore, historically censorship was an exclusive matter of some central authority (the first well documented case is maybe the censorship rules to preserve the Athenian youth, infringed by Socrates, for which he was put to death, although the etymology comes from the Roman Office of Censor which had the duty to regulate on citizens' moral practices) and today censorship by governments is predominant. Even In modern times censorship through laws has been and is predominant and pervasive according to Britannica and many academic researches. Then you can discuss ad nauseam whether censorship by law is "right" or "wrong", whether France's censorship is "better" than China's censorship, but you can't change the definition of censorship, otherwise this discussion will become delirious. Kind regards

They're also living under the assumption that government is benevolent and righteous. Have they forgotten that the government of the very thing they detest (nazism) made illegal many things...was it ok because the government made them illegal?

Same problem here. Suddenly today. Downloaded latest version and installed just in case. There must be something wrong other than here locally? The suggested fix is way too complicated... That was lazy.. pointing to a description of ten thousand words to do something that probably is easy... Please give a step by step way to fix this without a million other things mixed in.

Hello! No, it was not and it is not. Every and each machine runs on non-affected Operating Systems, typically FreeBSD and Debian 12. Debian 12 trivially is not affected because it does not include (in the official repositories we point at) the exploited xz versions 5.6.0 / 5.6.1 (and of course we did not build them from git) while in FreeBSD: Gordon Tetlow, security officer, https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html). Kind regards

I use Cloudflare for my site and it's exactly as you said. See https://developers.cloudflare.com/waf/reference/cloudflare-challenges/ for details. To my knowledge, website admins can't disable these challenges if an IP has displayed suspicious behavior.

Hey all, Just made the switch to Air today. Like many of you, I jumped ship due to another popular VPN service ceasing support for port forwarding. So far I'm loving what I've seen from the community and the actual real communication from AirVPN themselves, that's awesome to see. In a way I'm glad this happened as I was forced to discover Air. What I am missing however is the speed. I know the Aussie server was added and swiftly removed due to Australia's oppressive privacy nature, and I completely understand this. I also am grateful a second NZ server was recently added. Having said that, I'm struggling to break past 300mbps out of a 1gbps connection where previously I was cracking around 700mbps. Granted that service did provide 10gbps Australian servers in my city, I'm wondering if anyone else from Australia has tweaked anything with good results like MTU sizes etc, or if perhaps making one of those NZ servers 10gbps is considered or planned at some point. I hope it's obvious I'm in no way complaining about Air, I really like it, though I feel with NZ being the main line to the Australian client base, those servers should be pretty beefy. As beefy as feasibly possible in fact. Simply more bandwidth would absolutely round out Aussie satisfaction with what is really our 1 of 2 options now. It's really our only option if you care about static port forwarding. Thoughts? Cheers.

I would highly like it if AirVPN upgraded their servers to 10Gbps as quite often the NZ servers are very busy. No wonder why it is hard to get max speeds if they are this busy. I have sometimes seen them like 1800Mbps bandwidth throughput. Don't get me wrong, AirVPN is a good service, I just feel they need more Bandwidth in some locations like NZ because in NZ we have super fast Fibre connection speeds, some households have 1Gbps or more and that can easily use all bandwidth on the VPN server.

I'd suggest you to move the wireguard configuration file to /etc/wireguard then make that folder accessible for the root user only sudo chown root:root -R /etc/wireguard && sudo chmod 600 -R /etc/wireguard then enable the systemd service to launch it at startup with systemctl enable wg-quick@here_goes_the_name_of_your_config_file_without_the_.config_extension

To avoid any interruptions, I’d go to client area -> devices and create a new device. Then generate a new OpenVPN config: * check advanced settings * choose your new device * check OpenVPN * check Separate keys/certs * download archive and extract * import new ca.crt * import new user.crt * select new cert in OpenVPN settings

Hello everyone! We hereby publish the Community Forum policy in response to requests for clarification as apparently the generic invitations to comply to Netiquette are not sufficient. We will spread this information throughout the platform if necessary. This document pertains only to Community forums and not to AirVPN forums for official AirVPN communications and guides, where only AirVPN staff can open new threads. The Community Forums are managed and maintained by AirVPN, inside its own infrastructure, and are intended to be an environment to: improve AirVPN services through community driven suggestions provide an old style, relaxed platform for customers to get technical help in addition to the core assistance provided by the professional AirVPN customer care and support team. Community forum is open to everybody, including non-AirVPN customers, and moderated by AirVPN staff. Community moderators may be appointed by AirVPN staff on a voluntary basis to improve moderation. Messages posted on the forums and authors must comply with the following rules: Message content and author's behavior must respect Netiquette rules as described here: https://www.britannica.com/topic/netiquette Content must be rigorously on topic. The topic is specified in the description of each forum or made explicit in the name itself. Any form of explicit or surreptitious advertising for third party companies or private activities is prohibited. Moderators have the task to enforce compliance with the above rules. Messages that violate the rules can be deleted. When possible, moderators will inform the author about the infringement. Authors of two or more messages whose content violates the rules can have their accounts temporarily prevented from posting in the forum. If the author of a message reputes that a moderator made a mistake in the moderation actvity, communication with the moderator is encouraged. If the author is still unsatisfied by communication with the moderator, AirVPN staff can be contacted at info@airvpn.org. The staff undertakes to examine author's' complaints within a reasonable time not exceeding 30 days. Kind regards and datalove AirVPN Staff

Hello! We inform you that all Latvia servers entry and exit IP addresses are being changed. The list of servers by name can be found here: https://airvpn.org/status - search for "Latvia". If you run Eddie Desktop edition, Eddie Android edition, or Bluetit + Goldcrest, no action is required as the software will update automatically all the data. If you run any program based on configuration files containing specific references to IP addresses of Latvia servers, then you will need to re-generate the file(s) after the operation has been completed. You can do it as usual through the Configuration Generator available in your AirVPN account "Client Area". If you use Latvia servers as a gateway to restricted services based on filtering anything different from Latvia servers exit IP addresses, please act properly to avoid any lock out. This major change is part of a series of operations that will allow a much needed and used AirVPN feature to be significantly powered up. More on this in the near future. Kind regards & datalove AirVPN Staff

Latvia

Right, I'm now up and running again after re-flashing my router to the latest version of DD-WRT. Using the same keys and certs as before, but now it just works. The main difference I can see is that the new firmware is using OpenVPN 2.5. The problem I have now is getting my NAS setup working, but that's nothing to do with the VPN side of things... 👍

Thanks for reply. This is where it gets complicated. 1. OpenVPN wants a ta.key (presumably to go with the ca.crt?) at service.vpn.manager/Downloads/AirVPN But 'Advanced' Config Generator doesn't seem to generate that file, instead it generates tls-crypt.key (not sure here??) Fixing that looks like a rabbit hole to me! 2. Switching to WireGuard looks to be a better solution long term, but (unless anyone can point to easy install on Raspberry Pi OSMC??) that also looks like a rabbit hole! While v much respecting AirVPN staff, the problem looks to be that regular Config Gen is including a now out-of-date ca.crt file - as of 8th April. That is, if I delete all VPN files (using the OpenVPN Utility), new ovpn files from regular Config Gen include the out-of-date ca.crt file. I'm sure there are sound reasons why you don't want to fix that, but for me this seems to mean AirVPN no longer works on my setup, which is a shame. All help gratefully accepted. Thanks.

I was doubtful, but it worked!!! Thank you so much!!! For the benefit of everybody, here are screenshots of my working configuration

@eltznth Hello! Yes, TLS Crypt seems fully supported. Set the "TLS Control Channel security" combo box to "Encrypt channel" Set the "Compression" combo box to "LZO Adaptive" Check "Verify certificate" Do not enable server certificate verification by name, leave the "Verify server certificate" combo box to "No". Kind regards

Hello! No, they remain in the same one. Even same rack, same switch etc. Kind regards

Hello! Problem confirmed and under investigation. It is caused by an unexpected sluggishness of the first bootstrap server. If the first bootstrap server fails, Eddie will try the second one (timeout: 45 seconds), and then the third one (again 45 seconds timeout) and so on, so everything will work although the initial connection gets delayed. EDIT: problem solved. Kind regards

Hello! This new problem is unrelated and it is caused by an unexpected sluggishness of the first bootstrap server. We have opened an investigation just while you were writing the message. If the first bootstrap server fails, Eddie will try the second one (timeout: 45 seconds), and then the third one (again 45 seconds timeout) and so on, so everything will work although the initial connection gets delayed. EDIT: problem was solved at 6 PM CEST. Kind regards

Thanks, this solved the problem for me.

Hello! The client certificates expiration dates were extended well in advance, a year ago (there is no certificate expiring in 2024), so no warning in the web site was indeed due. ca.crt expiring in 2024 was extended in 2021 (this time we went for 100 years, up to 2121). Here the problem is that Eddie Desktop edition re-downloads the certificates only when the user logs in, so the issue in this thread is caused by expired local certificates. The problem therefore affects those users with Eddie Desktop edition who created their account before 2015 and never logged out in the last thirteen months (indeed best customers!), and use OpenVPN and not WireGuard, or those users who never re-downloaded the ca.crt ever since 2021. If your pfSense system warned you of imminent certificate expiration, then most probably you are (were) using the client certificate downloaded before the automated expiration date extension: just re-download and check whether the problem gets sorted out. Surely and definitely we can add in Eddie Desktop edition a forced re-download, similarly to what Eddie Android and Bluetit do, which happens even when the user never logs out, but we can't do it for third party software, of course. Kind regards

Thanks to all staff and members for your quick response - Eddie is now up and running as before. I found that once you log out and go to log in again it's best to delete and re-enter your username and password to log in. Thanks again everyone

++ Thank you.

Thanks, renewing the key in the "client area / manage VPN devices" worked for me, too.

Looks like a lot of people are having the same issue today! The fix suggested above (renew, log out, log in) worked. Thanks!

Thanks, renewing the key in the "client area / manage VPN devices" worked

I believe you don't set VPN_ENDPOINT_IP, rather try using SERVER_NAMES. Also for port forwarding, change it to FIREWALL_VPN_INPUT_PORTS=41870. You can find more information here: https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/airvpn.md. If the server you want is not on the list then just follow the instructions for custom Wireguard configuration, which can be found here: https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/custom.md. Hope this helps!

@Pi77Bull Thank you very much, we will investigate the problem. At least the units are fine. Note that you didn't need firewalld installation, so you can safely uninstall it if you wish so. You didn't need to remove ufw.service in the "Requires" line as well, it is ignored if missing. The main problem (which does not occur in Debian) now is in Bluetit itself, which waits forever for a network connection that's already available. We are investigating and we will keep you posted! Kind regards

We see you managed to solve the problem, welcome back! Kind regards

Actually, it is possible to chain AirVPN connections so that you enter from one country and exit from another, if you are using Linux. Keep in mind though that doing so will consume 2 airvpn sessions out of the 5 you are allowed instead of just 1. To do that, here are the steps you need to follow: 1. Set up a systemd-nspawn container that connects to the AirVPN server in Miami 2. Keep in mind the entry ipv4 of the AirVPN server you want to exit from. You can find this in the Endpoint= line in the wireguard conf you download. 3. Set up IP Masquerading in the container from step 1 using iptables -t nat -A POSTROUTING -i host0 -o (name of AirVPN wireguard interface) -j MASQUERADE 4. Remember to also allow ip forwarding on both the contaienr and the host machine 5. On the host machine, run ip rule add to (whatever entry address the miami server has) lookup main and ip route add (whatever the entry address of the airvpn server you want to exit from is) via (whatever the address of the systemd-nspawn container is). 6. Adjust the MTU of the inner VPN(the one where you want to exit from) to 1340 7. Start the inner VPN 8. Run ip rule show. Make sure that whatever ip rule that wiregaurd setup has a lower priority than the rule you entered in step 4. If you need more help, feel free to ask.

How do points 1, 2, 3 and 5 lead to such a conclusion? Just because it's Russian doesn't mean it's bad. Not everything from Russia is somehow connected to Russian politics; please take care to keep these matters separate. Only point 4 is a bit strange, but it'd be strange if it were an EU or US service, too. Let's not use the word "honeypot" here prematurely before any real analysis. Otherwise it's just FUD.

Hello! Please test Eddie 2.24: https://airvpn.org/forums/topic/57401-eddie-desktop-224-beta-released/ Eddie features support with proper DNS management for every systemd-resolved (a ramshackle systemd component that would have the ambition to offer name resolution to applications) mode from version 2.23.2. Previous versions do not handle correctly a specific systemd-resolved working mode which will cause DNS leaks. If you're running some older Eddie version, including the current stable release, and your Mint has systemd-resolved running and working in on-link mode bypassing /etc/resolv.conf, we may have a rational explanation of the situation. However, the discrepancy between https://ipleak.net and the web site you mention remains unexplained. Kind regards

I've said it, I'll repeat it, even if Fred is right: "Most people don't want to hear the truth because they don't want their illusions destroyed" - Friedrich Nietzsche Regardless of what Proton or any Swiss service claims, Swiss law OBLIGES any "telecommunication company" to intercept and keep "ANY DATA" in "UNENCRYPTED FORMAT" which transits in or out of its country borders, for "AT LEAST 6 MONTHS" for the event law enforcement "ASKS". The asking part is without need for a court order or investigation warrant. The unencrypted part is where the telecommunications company becomes liable for any alleged wrongdoing which they can not provide the information unencrypted of. You can blame Swiss based services to not clearly advertise this. You can't blame them for complying, it is their arse or the wrongdoers... The pressure point is who "stores" the data. For example VPN keys at for example Proton, anyone? Since it can be asking without warrant or court order, it does not oblige law enforcement to do anything with it … They can let you stink for years, and when it matters to the Swiss use that as a pressure point to obtain something else they suddenly may want from you. Classic Swiss. Now it is particular: any connection going through the border. So if you are in Switzerland and your connection and data stays in Switzerland, well, the obligation does not exist. (as if a company will bear the cost burden to differentiate …) No, its just the Swiss don't like their secrecy shit kept, because if so and if ever used in court the public prosecutor has to order the destruction and inadmissibility of the evidence and it becomes an awkward display. Imagine if someone took it to ECHR, the only leg would be national security, no longer national interest or catching bad guys. AVPN (may) does not log connections, and (may) does have a good contract with their Swiss data center. Reality is the Swiss data center has to log anything which crosses the border for the Stasi . You're only a little safer if the keys can not be found in Schwein-e-land. Not saying the other countries are better, but Swiss services (dare I misbehave and suggest crooks?) like Proton, crap away from them as far as you can. If you like the Swiss funny concept of privacy and security, pay attention to certificates of web sites like Zoho being "safe" and "private" because hosted and served from Sierre for example There is no such thing as privacy online, only making life a bit more difficult to those who wish to know the colour of your underpants, when you last did your laundry, and what detergent you used...

Hi, recently I have found Eddie to be very stable on my Android devices using OpenVPN, not so much using Wireguard. For a while I've been using Tasker and the Autonotification add on to monitor whether Eddie was still running and alert me as such so that I could manually reconnect. I've recently been messing with intents in Tasker and learning Java (not a requirement but I was a programmer and is fun to me to learn such things) - this is a long learning curve for me since I'm not able to quickly learn stuff anymore. but I'll get there sometime. I was wondering if anyone had used intents to restart Eddie (log back in, reconnect to a server, whatever) and where to find out what intents are required to instruct Eddie to do things. I used to root my devices but not anymore since I can get to do whatever I want to using adb if I need to.

Yeah, same experience here. I keep going back to Eddie when new releases come around or the mood takes me and I tried it again a few days ago. Using Wireguard I got the same drop outs but with Openvpn it is still connected after three days now on both an S9 tablet and an S22 mobile, both Android 14. After figuring out a tasker profile to monitor Eddie's notification entry, which just altered a widget on screen, I then thought I'd try ways of restarting it if it dissapeard. Using Autoinput was my first thought but that is messy and not a reliable option in this instance. So I thought of intents which I have messed with but only by copying what others had done; never come up with my own stuff. I found out you can generate a package manifest using Android Studio which contains some or all of the intents the package listens for so am going to try that and see what it comes up with and then try some things. I'll post with updates if there are any!

I have the same issue, and I hope there's a solution besides disconnecting from the VPN server or resorting to Tor just to peruse a few Reddit comments. It seems every day more and more restrictions / blocks are being applied to AirVPN IP ranges, probably other VPN providers as well. The number of websites I encounter being blocked by Cloudflare, Sucuri, or GoDaddy increases by the day. It's getting ridiculous.

This is the very first time this was reported across the forums, so I must express some confusion after your threats. Please try a clean profile first to see if that behavior is config-driven. It's found in %APPDATA%\Eddie\default.profile on Windows and ~/.config/eddie/default.profile on Linux. Rename this to something.else and launch Eddie, then see if the problem persists.

I can confirm Mr. fishbasketballaries' information via translation as well. There is no suggestion that the VPN provider in this case was ProtonVPN. Mr. DogeX, please check and recheck the information you get next time before you post.

Perhaps DeepL's machine translation is failing me here, but it looks to me like the article only mentions that most bomb threats targeting airports are sent from IP addresses in Switzerland. Then they point out that Proton is a Switzerland based company who, in the past, has provided user identities to courts, but it does not say that this bomb threat was sent from Switzerland or whether Proton unmasked the perpetrator.

Yes that is what I assumed. The UDM demands you put a username and password in along with the ovpn file. Turns out you can put any old nonsense in for both and will connect without an issue

EDIT: I know now that this leak is coming from Firefox. Not SQUID. If you set "DNS over HTTPS" to "https://dns.google/dns-query" while everything else points somewhere else, then the "leak" is to Google. So Firefox is doing DNS look ups without relying on SQUID. Yeah. I think the binding to the specified UDP outgoing address, which is used for DNS, is not fully respected by the DNS module in squid. At some point it makes a DNS look up request in the usual way which will use the default DNS server. I didn't want to put you off. I don't see this as a big issue. Particularly if you set the default DNS for your system to Cloudflare, Google or Quad9. That is actually why I suggested it. If I feel energetic sometime I will chase it down. But then I would have to compile squid myself. I doubt I would ever convince the development team to incorporate some fix I offered. I will look at the scripts to see if I can make the scanning for addresses more bullet-proof. I don't like that these work with Eddie but not openvpn or wq-quick. I would like to believe they will work with any VPN client/wrapper.

The IP of a given server does not routinely change. Many users have IPs configured directly into routers or apps for perfectly legit reasons, and constantly changing the IPs would cause chaos. If you want to change IPs, change servers. In OpenVPN, for example, it's easy to pick randomly off a modest list. In either OpenVPN or Wireguard letting Air direct you to their "best" server of the moment in a given country or region is probably the best way to make your IP less of a known thing.

Does the IP (as shown when you go to myipaddress.com on your client) ever change if you always connect to the same server. Is there a rotation of IPs?

I have the same problem, latest version of eddie gives this notification but earlier eddie's worked out of the box. But what i see now is that it still gives me a vpn connection...but without starting the eddiegui/client?