Jump to content
Not connected, Your IP:


  • Content Count

  • Joined

  • Last visited

  • Days Won


Reputation Activity

  1. Like
    LZ1 got a reaction from LMawery in Not network access while connected to OpenVPN   ...
    It just depends on how many resources you allocate to the VM.
    If you have a system with for example 8GB RAM, on newish hardware, it's possible to play games with a VM open. It depends on the games too of course.
    Otherwise it's just a case of
    Downloading a Linux .iso file. (You can pick Linux Mint or Ubuntu if you're new to it) Following the aforementioned link to download the VM software and set up a VM. Point the VM to the downloaded .iso file. Start up the VM and install Eddie in it. Then take a snapshot - which is like saving your progress. Then when you want to torrent, you start the VM software, load the saved snapshot and start torrenting. Inside the VM where Eddie is running, you'll have an AirVPN IP address. This is the guest OS.
    While your Windows system that you used to install the VM software on, is the host OS. Here your IP isn't being hidden when you browse the web.
    Even if it looks like a long process, it becomes super quick once you know it. I can firmly recommend getting to know VirtualBox and how to do the above mentioned things .
  2. Like
    LZ1 reacted to Guest in Eddie Android edition 2.1 beta released   ...
    After testing RC1:
    1: Please can we disable all foreground app notifications? It's a bit annoying having to dismiss a popup saying you are connected, the status bar tells me that. It's one of the perks of OpenVPN for Android since it gets out of your way.
    2: Package chooser bug is fixed.
    3: Interestingly, if I have an app that relies on the local network, even if I blacklist the app, and set the "exclude local network" option to on, it still doesn't see it on the local network. This is if the option "block connections without a VPN" is selected in Android settings. So my conclusion is Android does something to prevent even local networks talking within the tunnel.
    4: Possible integration with the client area to see other connected devices, manage keys etc.
    5: IPleak integration: It'd be nice to quickly see what IP leak says without having to go to IPleak, maybe a separate tab and a button you can press to fetch info.
  3. Like
    LZ1 got a reaction from Valerian in New plan and lower prices   ...
    That's brilliant stuff, Staff.
    Suggestion: Why don't you just add a separate button next to the first plan, called Request Free Trial or Request 3 Day Free Trial, which links to https://airvpn.org/contact/ page, instead of putting it on the same button as the 2 euro plan?
    Because I think it's potentially confusing - if the user wants a free trial, they'll click the 2 euro plan and proceed to checkout and then wonder why they still need to pay.
  4. Like
    LZ1 got a reaction from Flx in Most Common Problems & Their Suggested Solutions   ...
    I thought it was time to try and collect some of the wisdom floating around and see if we can't create a single thread for solving some of the most common and annoying repeat-issues. So how about it !
    I define "common problems" as: if I'm getting a deja-vu every third time I post . Staff will have broken the Matrix by this point.
    Each problem will have its own headline and then with any number of solution-oriented links appended underneath. For this reason, this grand list isn't final and is meant to be updated continually.
    Naturally, the higher the link number for a solution, the more obscure the solutions are probably getting.

    Warning: solutions aren't guaranteed. As with anything technical, trial and error is a core skill 
    Problem: Bootstrap Failed. Solutions: https://airvpn.org/topic/30824-bootstrap-failed-since-a-week/ Problem: No Internet connection after shutting down AirVPN and/or can only use Internet while AirVPN is on. Solutions: https://airvpn.org/topic/14829-can-only-connect-to-the-internet-browser-through-airvpn/?do=findComment&comment=30509 Windows only: https://airvpn.org/topic/13584-connection-problem-when-not-using-airvpn/?p=38800 MacOS only: https://airvpn.org/topic/27993-cant-connect-to-internet-without-using-airvpn/ https://airvpn.org/topic/21194-virtualbox-is-this-air-vpn-also-cant-connect-internet-unless-signed-in/ Problem: Cannot connect to any AirVPN server. Solutions: https://airvpn.org/topic/22140-cannot-connect-to-german-servers-anymore/ https://airvpn.org/topic/22066-cant-seem-to-connect-to-any-servers/ https://airvpn.org/topic/21418-new-to-airvpn-installed-avpn-on-surface-wwindows-10-cannot-connect-at-school-can-connect-fine-at-most-other-locations/?p=55515 Problem: Issues with Curl. Solutions: https://airvpn.org/topic/27369-cannot-login-curl-is-required/ Problem: Bad packet ID (may be a replay) Solutions: https://airvpn.org/topic/14094-weird-log-entries/ Problem: Being censored and/or speeds being throttled/shaped by ISP or Government. Solutions: https://airvpn.org/topic/28847-connections-from-china/  
    Problem: MacOS client can't connect. Solutions: https://airvpn.org/topic/18251-airvpn-mac-client-problems/  
    Problem: Checking route IPv6 Failed. Solutions: https://airvpn.org/topic/29401-checking-route-ipv6-failed-cannot-connect-to-vpn-server-using-eddie/  
    Problem: Waiting for TUN/TAP to come up. Solutions: https://airvpn.org/topic/26072-route-gateway-is-not-reachable-on-any-active-network-adapters-10401/?do=findComment&comment=70761 Windows only: https://airvpn.org/topic/17440-guide-fix-for-tap-adapter-in-windows/ Windows only: https://airvpn.org/topic/30043-taptun-interface-wont-come-up/  
    Problem: Experiencing slow and/or fluctuating speeds in general. Solutions: https://airvpn.org/topic/30739-every-vpn-is-slow-for-me-despite-the-well-reviewed-vpns-im-trying-is-it-possible-my-isp-is-causing-this-i-feel-like-someones-playing-a-joke-on-me/?p=80014 https://airvpn.org/topic/18635-looking-for-fast-server-eu-that-goes-beyond-30-40mbit/?p=44998 For online gaming: https://airvpn.org/topic/30135-frequent-spikes-lag-on-videogames/?p=79046 https://airvpn.org/topic/1947-for-those-wondering-about-speed-performance/?p=1967 https://airvpn.org/topic/26157-airvpn-slowing-down-other-machines-in-network/ https://airvpn.org/topic/26117-slow-speed-sort-of/?p=70906 https://airvpn.org/topic/20812-very-very-slow-dns-lookup/ https://airvpn.org/topic/23743-download-speeds-dropping-to-zero-and-going-up-and-down/  
    Problem: Slow torrent speeds and/or disconnects. Solutions: https://airvpn.org/topic/28082-torrent-on-airvpn-speed-is-very-poor/ https://airvpn.org/topic/26218-slow-torrent-speeds/ https://airvpn.org/topic/23936-repeatedly-getting-disconnects-while-torrenting/ https://airvpn.org/topic/23499-slow-torrenting-speed/ https://airvpn.org/topic/23070-solved-p2p-slow-over-udp-and-fast-over-tcp/ https://airvpn.org/topic/22716-poor-torrenting-connection/ Solutions are in link form without any explanatory text - at least not yet - so that the thread OP stays looking simple and uncluttered, where it's easy to find out what your problem is .
    Feel free to contribute with your own helpful links. The more feedback this thread gets, the quicker it can be improved and hopefully made useful.
  5. Like
    LZ1 reacted to Staff in New plan and lower prices   ...
    We're very glad to inform you that for the first time in 8 years we have decided to modify our prices to encourage and reward longer terms commitments.
    While the shorter term plans remain basically unaltered, we have remarkably lowered prices of the long term plans and we have also added a brand new 3 Years plans for those who like to take greatest advantage from long commitments.
    Check out the new price list here:
    Kind regards and datalove
    AirVPN Staff
  6. Like
    LZ1 got a reaction from chuckens in El Capitan 10.11.6   ...
    Which Eddie client is this? I'm not sure how it works on Mac, but if the Stable release doesn't work, you could try the Beta client.
    Instructions can be found in my signature .
  7. Like
    LZ1 reacted to Staff in First impression issues with Eddie for Android.   ...
    We are very glad to inform you that this feature is already implemented. Make sure you run Eddie 2.0 or 2.0.1. In the server view you can define a white list of server(s) according to your preferences.
    This feature is missing but you have the option to sort the servers in many ways, even ways which dynamically sort the list according to some server property, for example server load, as you might have noticed.
    This feature is already implemented: just make sure that Eddie is the app selected for the proper mimetype (for the ovpn files).  However, auto-connection when the ovpn file is imported is missing, we can plan to implement it
    Nice suggestion, thank you.
    Even this feature can be implemented, yes. We'll think about it.
    Thank you!
    Kind regards
  8. Like
    LZ1 got a reaction from Jeremyx3 in Yet another IP Leak question   ...
    Using Eddie with Network Lock enabled would also prevent WebRTC leaks .
  9. Like
    LZ1 got a reaction from itsmefloraluca in FYI: Official NordVPN Android app transmits personal data to third parties   ...
    That's certainly interesting. Thank you for taking the time to post it here and making it available in English .
    I completely agree that the choice of justification is very poor in this regard.
    Moved topic to the proper forum.
  10. Like
    LZ1 reacted to nwlyoc in Interactive Wrapper for Eddie's CLI version   ...
    after I posted some suggestions for Eddie's CLI version in this thread and received some helpful information there, I set out to write my own little interface in bash for it to implement the suggestions. Being no programmer it turned out to be quite a project for me, and I would like to share it here in case anybody else prefers to run Eddie in the terminal rather than as a full GUI application. This script still uses Eddie itself, it's just a wrapper to make it as easy to use in the command line as it is as a desktop application. Screenshots are attached.
    Some features and advantages:
    uses less resources (top shows usually 0.3% CPU usage compared to 4-5% for the desktop version) can be exited without disconnecting interactive, sortable server list option to connect to another VPN with openconnect (since I need to do that from time to time, but it should be easy to add other connection methods as well) option to lock down the system's network traffic by default, so even without Eddie running with its own network lock there will be no leaks What to watch out for:
    The default network lock works with direct rules in firewalld because I'm using Fedora. It should be easy to change it to use iptables directly on other distributions since firewalld's direct rules are just a way to directly manipulate iptables. Once activated, the lock will stay in place until manually deactivated (also surviving reboots), so no internet connection will be possible unless connected to AirVPN or other whitelisted VPNs. AirVPN's network lock overwrites the default network lock, so there will be no interference. Check your /etc/resolv.conf file while not running Eddie (because Eddie's network lock replaces that file temporarily) to make sure your router is not set as a nameserver (so no 192.168... address). Some routers will push themselves on that list by DHCP whenever you connect to their network. Since communication with the router is allowed in the lock rules, DNS requests will be handled by the router and sent to whatever DNS server is configured there even when network traffic should be blocked. There are ways to prevent that file from being changed by DHCP, best configure network manager for that if you use it. To connect to other VPNs, their IPs must be whitelisted and DNS requests for their domains must be allowed in the default network lock rules. The rules for airvpn.org can be copied and adjusted. I haven't yet included an option to pass command line arguments to Eddie. So if you need to set more advanced options like black-/whitelists, use of certain protocols etc., you need to set them manually in the connect_server function. All the possible options can be found in 'man eddie-ui'. You need to insert your own API key in line 5. It can be found in your account under Client Area -> API. Without this, connections will still work, but user info and connection status in the main window will not be properly updated. I tried to only use basic system tools. The script relies mostly on dialog, awk and curl (and firewalld as described and openconnect if needed), so it should work on most systems, but I'm not sure. And, lastly, VERY IMPORTANT: As I said, I'm no programmer and new to this, so even though I tried my best to make this script secure and error free, there might very well be some bad practice, never-ever-do-this mistakes or other hiccups in there. It works well for me, but better check it yourself. Feel free to use this as you wish, I hope someone can benefit from this. I'm happy about any improvements and corrections and will update this if I find the time.

    UPDATE: A new version which uses Hummingbird and has been improved in many aspects (including automatic connection at boot) can be found here.
    #!/bin/bash # an interactive shell script to control the command line version of the AirVPN Eddie client and openconnect more comfortably PROFILE_PATH="$HOME/.airvpn/default.xml" API_KEY="<your api key>" DIALOG_OK=0 DIALOG_CANCEL=1 DIALOG_EXTRA=3 DIALOG_ESC=255 HEIGHT=0 WIDTH=0 BACKTITLE="VPN Control" FORMAT="text" URL="https://airvpn.org/api/" PID=$$ function check_sudo { # check if user has sudo privileges sudo -vn &> /dev/null # gain sudo privileges for commands that need it (better than running everything with sudo) if [ $? = "1" ] then unset EXIT_STATUS_SUDO PASS_PROMPT="Establishing VPN connections and changing network traffic rules requires root privileges. Please enter your password:" until [ "$EXIT_STATUS_SUDO" = "0" ] do dialog \ --backtitle "$BACKTITLE" \ --title "Password Needed" \ --output-fd 1 \ --insecure \ --passwordbox "$PASS_PROMPT" 11 35 | xargs printf '%s\n' | sudo -Svp '' &> /dev/null EXIT_STATUS_PIPE=( "${PIPESTATUS[@]}" ) EXIT_STATUS_DIALOG="${EXIT_STATUS_PIPE[0]}" EXIT_STATUS_SUDO="${EXIT_STATUS_PIPE[2]}" EXIT_SUDO_TEST="${EXIT_STATUS_PIPE[2]}" PASS_PROMPT="The password you entered is incorrect. Please try again:" case $EXIT_STATUS_DIALOG in $DIALOG_CANCEL|$DIALOG_ESC) return 1 ;; esac done # keep sudo permission until script exits or permissions are revoked (e.g. when computer goes to sleep) while [ "$EXIT_SUDO_TEST" = "0" ]; do sudo -vn; EXIT_SUDO_TEST=$?; sleep 60; kill -0 "$PID" || exit; done &> /dev/null & fi return 0 } function get_list { SERVICE_NAME="status" ARGS="{ \"format\":\"$FORMAT\", \"service\":\"$SERVICE_NAME\" }" timeout --signal=SIGINT 10 curl -s -d "$ARGS" -X POST "$URL" > "/tmp/.eddie_server_list.txt" } function sort_list { # pipe server status list to awk, filter out unnecessary stuff, # combine lines that relate to same server into single lines which are saved as array, # loop through array to format info, # print array and sort according to options, # add numbers to list for menu LIST=$(awk -F '[.]' \ 'BEGIN{OFS=";"} \ /^servers/ && !/ip_/ && !/country_code/ {c=$2; \ if (c in servers) servers[c]=servers[c] OFS $3; \ else servers[c]=$3; \ for (k in servers) gsub(/;bw=/, " :", servers[k]); \ for (k in servers) gsub(/;bw_max=/, "/", servers[k]); \ for (k in servers) gsub(/;currentload=/, " :", servers[k]); \ for (k in servers) gsub(/;health=/, "%:", servers[k]); \ for (k in servers) gsub(/;.*=/, ":", servers[k]); \ for (k in servers) gsub(/^.*=/, "", servers[k])} \ END{ \ for (c in servers) print servers[c]}' "/tmp/.eddie_server_list.txt" | sort -t ":" $1 | awk -F '[;]' 'BEGIN{OFS=":"} {print v++";"$1}') } function get_userinfo { SERVICE_NAME="userinfo" ARGS="{ \"format\":\"$FORMAT\", \"service\":\"$SERVICE_NAME\", \"key\":\"$API_KEY\" }" # filter specific lines, save values to variables after protecting whitespace read U_LOGIN U_EXP U_CONNECTED U_DEVICE U_SERVER_NAME U_SERVER_COUNTRY U_SERVER_LOCATION U_TIME <<< $( \ timeout --signal=SIGINT 10 curl -s -d "$ARGS" -X POST "$URL" | \ awk -F '[=]' \ 'BEGIN{ORS=";"} \ /^user.login|^user.expiration_days|^user.connected|^sessions.*device_name|^connection.server_name|^connection.server_country=|^connection.server_location|^connection.connected_since_date/ \ {print $2}' | \ sed 's/\ /\\\ /g' | sed 's/;/\ /g' \ ) if [ "$U_CONNECTED" = "1" ] then U_CONNECTED="connected" U_SERVER_FULL="$U_SERVER_NAME ($U_SERVER_LOCATION, $U_SERVER_COUNTRY)" U_TIME=$(date -d "$U_TIME UTC" +"%m/%d/%Y %H:%M:%S") else U_CONNECTED="not connected" U_SERVER_FULL="--" U_TIME="--" fi } function connect_server { if [ "$KILLED" = "true" ] then # create pipes to process status of client if [ ! -p "/tmp/.eddie_fifo1" ] then mkfifo "/tmp/.eddie_fifo1" fi if [ ! -p "/tmp/.eddie_fifo2" ] then mkfifo "/tmp/.eddie_fifo2" fi # run eddie in background and detached from current window, pipe output to named pipe (sudo eddie-ui --cli --netlock --connect --server="$1" --profile="$PROFILE_PATH" | tee "/tmp/.eddie_fifo2" &> "/tmp/.eddie_fifo1" &) cat "/tmp/.eddie_fifo2" | dialog --backtitle "$BACKTITLE" --title "Connecting to AirVPN..." --progressbox 20 80 & timeout --signal=SIGINT 60 grep -q -m 1 "Initialization Sequence Completed" "/tmp/.eddie_fifo1" INIT_EXIT=$? pkill -f cat.*eddie_fifo2 if [ $INIT_EXIT = "0" ] then get_userinfo else U_CONNECTED="error during connection attempt" U_SERVER_FULL="--" U_TIME="--" fi else U_CONNECTED="error during disconnection" U_SERVER_FULL="--" U_TIME="--" fi } function disconnect_server { # check for running instance of eddie pgrep -f mono.*eddie-ui &> /dev/null if [ $? = 0 ] then # kill process and wait for confirmation from process output if [ -p "/tmp/.eddie_fifo1" -a -p "/tmp/.eddie_fifo2" ] then sudo pkill -2 -f mono.*eddie-ui & cat "/tmp/.eddie_fifo1" | dialog --backtitle "$BACKTITLE" --title "Disconnecting AirVPN..." --progressbox 20 80 & timeout --signal=SIGINT 10 grep -q -m 1 "Shutdown complete" "/tmp/.eddie_fifo2" else # in case connection was started without this script sudo pkill -2 -f mono.*eddie-ui sleep 5 fi # give some time to completely close process, without sleep it's too early for new connection sleep 3 pgrep -f mono.*eddie-ui &> /dev/null if [ $? = 1 ] then KILLED1="true" else KILLED1="false" fi else KILLED1="true" fi # check for running instance of openconnect pgrep -f "openconnect.*--" &> /dev/null if [ $? = 0 ] then sudo pkill -2 -f "openconnect.*--" sleep 1 pgrep -f "openconnect.*--" &> /dev/null if [ $? = 1 ] then KILLED2="true" # somehow openconnect doesn't receive SIGINT and shuts down improperly, # so vpnc can't restore resolv.conf by itself sudo cp "/var/run/vpnc/resolv.conf-backup" "/etc/resolv.conf" else KILLED2="false" fi else KILLED2="true" fi if [ "$KILLED1" = "true" -a "$KILLED2" = "true" ] then KILLED="true" else KILLED="false" fi } function define_lock { if [ "$1" = "activate" ] then GAUGE_TITLE="Activating Network Lock" RULE_ACTION="add-rule" elif [ "$1" = "deactivate" ] then GAUGE_TITLE="Deactivating Network Lock" RULE_ACTION="remove-rule" else return 1 fi GAUGE_BODY="$1" IPRULES=(\ #allow loopback "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter INPUT 0 -i lo -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 0 -o lo -j ACCEPT" \ #allow lan (out) and broadcasting/dhcp "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 0 -s -d -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter INPUT 0 -s -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 0 -d -j ACCEPT" \ # allow tun device to communicate (so any VPN connection should be possible, also without Air, but respective DNS requests must be allowed) "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter FORWARD 0 -o tun+ -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter FORWARD 0 -i tun+ -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 998 -o tun+ -j ACCEPT" \ # optional masquerade rule (NAT/ports) "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 nat POSTROUTING 0 -o tun+ -j MASQUERADE" \ # allow ipv4 only to airvpn.org for status update # allow DNS query to resolve hostname (hex string reads "06 airvpn 03 org" - numbers are counting bits), # restrict packet length to length of this specific request package (might change?) to avoid hijacking # of query (very unlikely I guess, but who cares if we're already being paranoid for the fun of it), # whitelist destination IP for TCP handshake "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 1 -p udp --dport 53 -m string --hex-string '|06 61697276706e 03 6f7267|' --algo bm -m length --length 0:126 -m recent --set -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 1 -p tcp --dport 53 -m string --hex-string '|06 61697276706e 03 6f7267|' --algo bm -m length --length 0:126 -m recent --set -j ACCEPT" \ # add rules for other domains you wish to allow DNS requests to here (packet length can be determined with e.g. wireshark) and adjust array index # # allow SYN request to whitelisted IP to initiate handshake, remove IP from whitelist "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 1 -p tcp --syn --dport 53 -m recent --remove -j ACCEPT" \ # allow outgoing connection to Air's IP "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 1 -d -j ACCEPT" \ # add rules for other IPs you wish to allow connections to here # # allow communication "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter INPUT 1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT" \ # drop outgoing ipv4 (if not specifically allowed by other rules) "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 999 -j DROP" \ # block incoming ipv4 "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter INPUT 999 -j DROP" \ # drop all ipv6 "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv6 filter OUTPUT 0 -j DROP" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv6 filter INPUT 0 -j DROP" \ # reload and restart firewalld to activate permanent rule changes "sudo firewall-cmd --reload" \ "sudo systemctl restart firewalld"\ ) toggle_lock } function toggle_lock { PERCENTAGE_STEP=$(awk -v rules="${#IPRULES[@]}" 'BEGIN {print 100/rules}') PERCENTAGE=0 COUNTER=0 # initial window dialog --backtitle "$BACKTITLE" \ --title "$GAUGE_TITLE" \ --mixedgauge "Applying iptable rules to $GAUGE_BODY the default network lock..." 35 80 "$(awk -v per="$PERCENTAGE" 'BEGIN {printf "%.0f", per}')" \ "Allow Loopback IN" "${RESULT[0]}" \ "Allow Loopback OUT" "${RESULT[1]}" \ "Allow LAN OUT" "${RESULT[2]}" \ "Allow DHCP IN" "${RESULT[3]}" \ "Allow DHCP OUT" "${RESULT[4]}" \ "Allow tun out FORWARD" "${RESULT[5]}" \ "Allow tun in FORWARD" "${RESULT[6]}" \ "Allow tun out OUT" "${RESULT[7]}" \ "tun masquerade" "${RESULT[8]}" \ "Allow DNS via UDP to airvpn.org" "${RESULT[9]}" \ "Allow DNS via TCP to airvpn.org" "${RESULT[10]}" \ "Allow connection initiation" "${RESULT[11]}" \ "Allow traffic to airvpn.org" "${RESULT[12]}" \ "Allow established connections" "${RESULT[13]}" \ "Block IPv4 OUT" "${RESULT[14]}" \ "Block IPv4 IN" "${RESULT[15]}" \ "Block IPv6 OUT" "${RESULT[16]}" \ "Block IPv6 IN" "${RESULT[17]}" \ "activate changes" "${RESULT[18]}" \ "restart firewalld" "${RESULT[19]}" for i in "${IPRULES[@]}" do RESULT["$COUNTER"]=$(eval $i) (( COUNTER++ )) PERCENTAGE=$(awk -v per="$PERCENTAGE" -v per_step="$PERCENTAGE_STEP" 'BEGIN {print per+per_step}') # progress window dialog --backtitle "$BACKTITLE" \ --title "$GAUGE_TITLE" \ --mixedgauge "Applying iptable rules to $GAUGE_BODY the default network lock..." 35 80 "$(awk -v per="$PERCENTAGE" 'BEGIN {printf "%.0f", per}')" \ "Allow Loopback IN" "${RESULT[0]}" \ "Allow Loopback OUT" "${RESULT[1]}" \ "Allow LAN OUT" "${RESULT[2]}" \ "Allow DHCP IN" "${RESULT[3]}" \ "Allow DHCP OUT" "${RESULT[4]}" \ "Allow tun out FORWARD" "${RESULT[5]}" \ "Allow tun in FORWARD" "${RESULT[6]}" \ "Allow tun out OUT" "${RESULT[7]}" \ "tun masquerade" "${RESULT[8]}" \ "Allow DNS via UDP to airvpn.org" "${RESULT[9]}" \ "Allow DNS via TCP to airvpn.org" "${RESULT[10]}" \ "Allow connection initiation" "${RESULT[11]}" \ "Allow traffic to airvpn.org" "${RESULT[12]}" \ "Allow established connections" "${RESULT[13]}" \ "Block IPv4 OUT" "${RESULT[14]}" \ "Block IPv4 IN" "${RESULT[15]}" \ "Block IPv6 OUT" "${RESULT[16]}" \ "Block IPv6 IN" "${RESULT[17]}" \ "activate changes" "${RESULT[18]}" \ "restart firewalld" "${RESULT[19]}" done # final window to show results dialog --backtitle "$BACKTITLE" \ --title "$GAUGE_TITLE" \ --mixedgauge "Applying iptable rules to $GAUGE_BODY the default network lock..." 35 80 "$(awk -v per="$PERCENTAGE" 'BEGIN {printf "%.0f", per}')" \ "Allow Loopback IN" "${RESULT[0]}" \ "Allow Loopback OUT" "${RESULT[1]}" \ "Allow LAN OUT" "${RESULT[2]}" \ "Allow DHCP IN" "${RESULT[3]}" \ "Allow DHCP OUT" "${RESULT[4]}" \ "Allow tun out FORWARD" "${RESULT[5]}" \ "Allow tun in FORWARD" "${RESULT[6]}" \ "Allow tun out OUT" "${RESULT[7]}" \ "tun masquerade" "${RESULT[8]}" \ "Allow DNS via UDP to airvpn.org" "${RESULT[9]}" \ "Allow DNS via TCP to airvpn.org" "${RESULT[10]}" \ "Allow connection initiation" "${RESULT[11]}" \ "Allow traffic to airvpn.org" "${RESULT[12]}" \ "Allow established connections" "${RESULT[13]}" \ "Block IPv4 OUT" "${RESULT[14]}" \ "Block IPv4 IN" "${RESULT[15]}" \ "Block IPv6 OUT" "${RESULT[16]}" \ "Block IPv6 IN" "${RESULT[17]}" \ "activate changes" "${RESULT[18]}" \ "restart firewalld" "${RESULT[19]}" sleep 2 unset RESULT check_lock } function check_lock { # check for success (not really though, needs improvement) LOCK_RULES=$( sudo firewall-cmd --direct --permanent --get-all-rules | wc -l ) if [ "$LOCK_RULES" -gt 16 ] then LOCK_ACTIVE="active" else LOCK_ACTIVE="inactive" fi } function yesno { dialog \ --backtitle "$BACKTITLE" \ --title "$1" \ --clear \ --yesno "$2" \ $HEIGHT $WIDTH EXIT_STATUS=$? } check_sudo if [ $? = "1" ] then clear exit fi get_userinfo # if currently connected by openconnect, set status to unknown (connection could have been established outside of this script) pgrep openconnect &> /dev/null if [ $? = 0 ] then U_CONNECTED="connected (openconnect)" U_SERVER_FULL="unknown" U_TIME="unknown" fi check_lock while true; do exec 3>&1 selection=$(dialog \ --cr-wrap \ --backtitle "$BACKTITLE" \ --title "Main Menu" \ --clear \ --cancel-label "Quit" \ --menu "This is a control script for VPN connections, primarily for Eddie, the AirVPN client.\nThis script can be exited and re-entered without affecting a running connection.\n\nUser: $U_LOGIN\nDays Until Expiration: $U_EXP\n\nDefault Network Lock: $LOCK_ACTIVE\n\nStatus: $U_CONNECTED\nServer: $U_SERVER_FULL\nConnected Since: $U_TIME\n\nPlease select one of the following options:" $HEIGHT $WIDTH 6 \ "0" "Connect to Recommended Server" \ "1" "Connect to Specific Server" \ "2" "Connect via openconnect" \ "3" "Disconnect" \ "4" "Refresh User Info" \ "5" "Toggle Default Network Lock" \ 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) yesno "Quit" "Exit Script?" case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) break ;; esac ;; esac case $selection in 0 ) check_sudo if [ $? = "0" ] then disconnect_server connect_server "" fi ;; 1 ) while true; do exec 3>&1 SERVER_SORT=$(dialog \ --backtitle "$BACKTITLE" \ --title "Sort Server List" \ --no-collapse \ --ok-label "sort ascending" \ --extra-button \ --extra-label "sort descending" \ --menu "Please choose how you want to sort the server list." \ 14 0 7 \ "1" "Name" \ "2" "Country" \ "3" "Location" \ "4" "Continent" \ "5" "Bandwidth" \ "6" "Users" \ "7" "Load" \ 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) break ;; $DIALOG_EXTRA) SERVER_SORT_OPTION="r" ;; $DIALOG_OK) SERVER_SORT_OPTION="" ;; esac if [ "$SERVER_SORT" = "5" -o "$SERVER_SORT" = "6" -o "$SERVER_SORT" = "7" ] then SERVER_NUM_OPTION="n" else SERVER_NUM_OPTION="" fi if [ ! -f "/tmp/.eddie_server_list.txt" ] then get_list fi while true do sort_list "-k$SERVER_SORT,$SERVER_SORT$SERVER_SORT_OPTION$SERVER_NUM_OPTION" IFS=$';\n' exec 3>&1 SERVER_NMBR=$(dialog \ --backtitle "$BACKTITLE" \ --title "Server List" \ --colors \ --no-collapse \ --extra-button \ --extra-label "Refresh List" \ --column-separator ":" \ --menu "Choose a server from the list to connect to it. (Press ESC to go back.)\n\n\Zb # Name Country Location Continent Bandwidth Users Load Health\ZB" \ 40 102 31 $LIST 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- IFS=$' \t\n' case $EXIT_STATUS in $DIALOG_CANCEL) break 2 ;; $DIALOG_ESC) break ;; $DIALOG_EXTRA) get_list ;; $DIALOG_OK) check_sudo if [ $? = "0" ] then SELECTED_SERVER=$(printf -- '%s\n' "${LIST[@]}" | grep "^$SERVER_NMBR;" | cut -d ";" -f 2 | cut -d ":" -f 1) disconnect_server connect_server "$SELECTED_SERVER" break 2 fi ;; esac done done ;; 2 ) exec 3>&1 # adjust field lengths if necessary CONNECT_INFO=$(dialog \ --backtitle "$BACKTITLE" \ --title "VPN via openconnect" \ --insecure \ --mixedform "Please provide your login credentials to connect to a VPN via openconnect:\n(Leave unneeded fields blank and type options as in command line, separated by space.)" $HEIGHT $WIDTH 6 \ "Server:" 1 1 "" 1 21 25 0 0 \ "Group:" 2 1 "" 2 21 25 0 0 \ "User:" 3 1 "" 3 21 25 0 0 \ "Password:" 4 1 "" 4 21 25 0 1 \ "Additional Options:" 5 1 "" 5 21 25 0 0 \ 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) check_sudo if [ $? = "0" ] then disconnect_server if [ "$KILLED" = "true" ] then if [ ! -p "/tmp/.eddie_fifo1" ] then mkfifo "/tmp/.eddie_fifo1" fi ALT_SERVER=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 1) ALT_GROUP=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 2) ALT_USER=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 3) ALT_PASS=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 4) ALT_OPTS=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 5) echo "$ALT_PASS" | (sudo openconnect $ALT_OPTS --authgroup=$ALT_GROUP --user=$ALT_USER --passwd-on-stdin $ALT_SERVER &> "/tmp/.eddie_fifo1" &) timeout --signal=SIGINT 3 cat "/tmp/.eddie_fifo1" | dialog --backtitle "$BACKTITLE" --title "Connecting via openconnect..." --timeout 5 --programbox 20 80 U_CONNECTED="connected" U_SERVER_FULL="$ALT_SERVER" U_TIME=$(date +"%m/%d/%Y %H:%M:%S") else U_CONNECTED="error during disconnection" U_SERVER_FULL="--" U_TIME="--" fi fi ;; esac ;; 3 ) check_sudo if [ $? = "0" ] then disconnect_server if [ "$KILLED" = "true" ] then get_userinfo else U_CONNECTED="error during disconnection" U_SERVER_FULL="--" U_TIME="--" fi if [ -p "/tmp/.eddie_fifo1" ] then rm "/tmp/.eddie_fifo1" fi if [ -p "/tmp/.eddie_fifo2" ] then rm "/tmp/.eddie_fifo2" fi fi ;; 4 ) get_userinfo ;; 5 ) pgrep -f mono.*eddie-ui &> /dev/null if [ $? = 0 ] then dialog --backtitle "$BACKTITLE" --title "Toggle Network Lock" --timeout 3 --msgbox "You need to be disconnected to change network traffic rules." 10 35 else if [ "$LOCK_ACTIVE" = "inactive" ] then yesno "Toggle Network Lock" "Are you sure you want to activate the default network lock and block all connections while not connected to (any) VPN?" case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) check_sudo if [ $? = "0" ] then define_lock "activate" fi ;; esac else yesno "Toggle Network Lock" "Are you sure you want to deactivate the default network lock and allow all connections, even when not connected to a VPN?" case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) check_sudo if [ $? = "0" ] then define_lock "deactivate" fi ;; esac fi fi ;; esac done clear

  11. Like
    LZ1 got a reaction from itsmefloraluca in FYI: Official NordVPN Android app transmits personal data to third parties   ...
    That's certainly interesting. Thank you for taking the time to post it here and making it available in English .
    I completely agree that the choice of justification is very poor in this regard.
    Moved topic to the proper forum.
  12. Like
    LZ1 reacted to OpenSourcerer in FYI: Official NordVPN Android app transmits personal data to third parties   ...
    A german IT security blogger recently discovered that NordVPN's official android app transmits personally identifiable information to NordVPN and a few third parties.
    The checked version of their app is v3.9.8 which seems a few versions behind the current branch but still fairly recent.
    The blogger discovered that a user's Google mail address along with the advertising ID and a bit of other info are sent to Iterable, AppsFlyer and Tune along with some Google services like Analytics - all seemingly without the user's consent and even without mentioning it in the app's ToS.
    Of course customer support has been asked as well. Their answer was not satisfactory:
    Everyone interested in some of the HTTP POSTs discovered can look at them in the article linked above. The article itself is German-language, but it doesn't contain more info than this, only a bit of the writer's opinion which I share: It's very questionable that a "no-log" or even "privacy-centered" VPN provider like NordVPN is bold enough to state "marketing reasons" as their justification to track users of their Android app. Even worse that this tracking is performed by third parties who will most likely use this data in cross-referencing...
    Try to avoid NordVPN. Searching for "NordVPN" in this forum alone will yield more than enough reason. One in three newly created threads is about them.
  13. Like
    LZ1 reacted to Staff in two sessions to same server causes 2 minute restarts ad infinitum   ...
    If you resolve a country or a continent or a planet name to determine which VPN server the system will connect to, what you experience is not a bug. When you connect multiple devices with the same key to the same OpenVPN daemon, only the last one receives properly packets, and will cause a disconnection to all the other ones. Not only this is not an OpenVPN bug, but this is a very appropriate and correct behavior: the opposite would be a real catastrophe!
    Each computer can't know what any other is doing, unless you query Air API to determine the status of your account and make connection decisions accordingly. However, to connect multiple devices to the same servers, we already offer the option to use multiple client certificate/key pairs by the same account:
    The other problem you mention. i.e. that a VPN server which goes down is still the "best" server according to some FQDN, is due to TTL. Actually, our authoritative DNS update the records every 2 minutes, but TTL is 1 hour, so on average you might have some DNS server updating the records after 30 minutes.
    Now that you know that this is not true, let's go deeper into the matter. An OpenVPN daemon runs always in the same core of a CPU. Even with AES-NI supporting CPUs, it's impossible, with our ciphers, to squeeze the full bandwidth we have available. Therefore, some sort of balancing becomes necessary.
    Last year we implemented a new balancing system which turned out to work very well. Each VPN server runs as many OpenVPN daemons as possible (according to the CPU cores amount), and each daemon lives in its own private subnet. Servers welcome OpenVPN clients at kernel level by sending them to the OpenVPN daemon which is running in the least loaded core. It was a huge improvement when compared to the previous, relatively rudimentary in comparison, load balancing.
    In this way we have been able to break the previous 900 Mbit/s limit on a single server (we touched around 1.7 Gbit/s on a server with hundreds of connected clients).
    Therefore, when multiple clients with the same pair connect to the same VPN server, they might have no problems if they are sent to different OpenVPN daemons. However, the likelihood that it happens when such connections occur at the same time is very tiny, because load core competition can cause a core supremacy change in a longer time, given the redundancy of our infrastructure. Anyway, it's not the correct approach, as you experienced.
    Our users who want to achieve the purpose need therefore to take care, as it is perfectly normal and somehow even trivial, of their own devices by managing correctly the client pairs. It's a 30 seconds job in general and we provide all the necessary tools with an extremely comfortable graphic interface, both on our web site and in our free and open source software for Android, Linux, Mac and Windows.
    Kind regards
    P.S. We fixed the typo in the thread ("ad infinitem" --> "ad infinitum")
  14. Like
    LZ1 reacted to OpenSourcerer in Android tv box verliert Verbindung ~60 min   ...
    It's a freaking disease, ever since Mr. wolke68 started a thread in german...
  15. Like
    LZ1 got a reaction from flat4 in What's your e-mail provider?   ...
    I don't think it has been mentioned, so I thought it would be relevant to point out that AirVPN doesn't require the use of a valid e-mail account in order to sign up.
  16. Like
    LZ1 reacted to ixochina in Alternative for China 2018 (a second VPN)   ...
    I can personally confirm that TCP port 443 works always and UDP as well - but not as always as TCP. We are into 2019 and still Airvpn is working perfectly in China. Connecting via Eddie is a sure way to go.
  17. Like
    LZ1 reacted to OpenSourcerer in Guide To Getting Started + Links For Advanced Users   ...
    ... Kitalpha being the only exception due to missing IPv6 support, rest of the features are there. Makes it a Gen1.9 server.
    I'm beginning to like these summaries..
  18. Like
    LZ1 got a reaction from Freejumping in Eddie and Fire Stick   ...
    For reference, in case anyone wondered.
  19. Like
    LZ1 got a reaction from ruler2016 in Guide To Getting Started + Links For Advanced Users   ...
    It's that time of year again guys and gals
    Added guidance on how to use Amazon Fire Stick with AirVPN, to the guides section. An update from Staff on this, that it can be used with Android Eddie! Added a mini-guide by Staff on how to test for traffic shaping being carried out on your connection, to the guides section. Added a notice about the availability of Eddie for Android, to the getting started section. Along with why it sadly won't be coming to iOS until Apple changes its policies. Added clarification to the getting started with AirVPN section, that a valid e-mail address is NOT required. Added clarification to the same section as above, that the login name is what's used for Eddie and not the forum display name. Thanks giganerd and co. Added Staffs recommendation for potentially making online gaming through AirVPN more responsive, by changing buffer sizes, to the after downloading Eddie section. Added notice to Other Noteworthy Resources section, that AirVPN does not make use of paid-for reviews. Unlike so many other VPNs. Added AirVPNs expansion on the debate surrounding transparency and security through obscurity. Added to the security question in First Questions section, point 10. Added corrado's alternative VPN client for Linux users, to the Other Noteworthy Resources section. It's very impressive work. Thank you for your contribution. Changed (the 1 instance) use of hooktube links to regular youtube links, in the Other Noteworthy Resources section. It was meant to be more private this way, but hooktube has since then been kneecapped. Removed links to BestVPN in the Other Noteworthy Resources section. Air was #1 for Encryption, Tor-use & loglessness while Douglas Crawford was writing and still is, following any honest review. Now it's solely paid-for reviews and since Air doesn't pay for any reviews, competitors get put on a highly dubious pedestal. Besides the very flaky review criteria; how can a Pros and Cons list contain "Pros" of a temporary type such as "XYZ has a Christmas sale of 75% OFF!" ? Thus not worth any consideration.  
    @salacronix I'm sorry, I don't know. But feel free to create your own thread regardless .
    @ironmikezero Thank you, that's excellent to hear!
    @JimTheOwl That sort of thing is usually in the Guides/How-To section of my guide. There's a discussion about it for MacOS here. A how-to for GNU/Linux here. Regardless of OS, it is NOT recommended. If you only hibernate your PC instead of shutting it down completely and Eddie stays on, then at least on Linux and Windows, you won't need to re-enter a password.
    Besides all that, I thought it could be fun to summarise some of the biggest things which happened with AirVPN in 2018. There's no newsletter that I know of and since I basically live on the forums anyway, then why not help everyone else keep track of the biggest changes, since they're so easy to lose sight of . I might do it again next year if it's worth it.
    AirVPN in the year 2018 AirVPN started out 2018 by adding the ability for users to manage their keys for all their devices. A very welcome feature, for many users. Do remember to re-login your client after changing keys . After starting out with only a few experimental servers, AirVPN successfully managed to upgrade all AirVPN servers to what is now called "Gen2" servers. These support the IPv6 protocol and other additions, such as "tls-crypt". Tls-crypt makes it much harder for outsiders to block or throttle a VPN connection. Here's an excellent explanation by Staff. Finally Eddie comes to Android! This has been asked for by so many people and it's great to no longer have to rely exclusively on third party apps. Although iOS users will remain in a pinch here. A new country was added: JAPAN. Obviously quite a popular request, now seen through. It's a little unclear if Austria was added this year or not, woops. 2018 was also the year where Air underscored its commitment to cryptocurrencies, by removing the middlemen in Bitcoin transactions and accepting it directly! AirVPN was also found rebutting a famous article online about how VPNs are meant to be untrustworthy. AFAIK this is the first time Staff answer directly to a non-forum party. This year it was Airs 8th birthday. In that time, the amount of Bandwidth and Online Sessions only seem to increase. Lastly, as can be expected, AirVPN clarified some points in its Privacy Notice, now that the EU GDPR is in effect. Server additions to individual countries: many, I think. Further, I believe there was a stealthy updating of IPB. Happy New Year to everyone
  20. Like
    LZ1 got a reaction from knighthawk in Eddie 2.17beta released   ...
    Suggestion: Staff do you think it would be reasonable to include the load and ms for the currently selected server, on the Overview page, instead of in the Servers tab, where one first has to find the server in question?
    The ms could go underneath Connection and perhaps a third box for load could be under the two existing upload and download boxes, in the middle. So it's still symmetrical .
  21. Like
    LZ1 reacted to go558a83nk in 11,000   ...
    Online Sessions: 15973 - BW: 71229 Mbit/s

  22. Like
    LZ1 got a reaction from liddelljohn in Just topped up subscriptio now VPN not connecting??   ...
    Hence why you ought to try the solution suggested by Support and relayed here by Staff, as it may circumvent such blocking.
  23. Like
    LZ1 got a reaction from B3nB3n in Bootstrap failed - since a week   ...
    May we see your logs?
    Are you using the latest stable release? There was an added setting to ignore those messages.
  24. Like
    LZ1 got a reaction from B3nB3n in Bootstrap failed - since a week   ...
    It's always best to list the log from start to finish .
    You can use a spoiler tag for the logs too.
    If it's just a case of hiding that bootstrap message, then please try going to Eddie>Preferences>UI>Hide Bootstrap failure window.
  25. Like
    LZ1 got a reaction from tom7812 in Just Great!   ...
    If at all possible, I'm sure you can see the usefulness of sharing what you did or think may have contributed to the increase, if at all possible .
    It's also great if you mention if you're torrenting or whatnot. Thank you.
  • Create New...