Jump to content
Not connected, Your IP: 34.204.191.145

LZ1

Moderators
  • Content Count

    2073
  • Joined

    ...
  • Last visited

    ...
  • Days Won

    74

Reputation Activity

  1. Like
    LZ1 got a reaction from itsmefloraluca in FYI: Official NordVPN Android app transmits personal data to third parties   ...
    Hello!
     
    That's certainly interesting. Thank you for taking the time to post it here and making it available in English .
     
    I completely agree that the choice of justification is very poor in this regard.
     
    Moved topic to the proper forum.
  2. Like
    LZ1 reacted to nwlyoc in Interactive Wrapper for Eddie's CLI version   ...
    Hello,
    after I posted some suggestions for Eddie's CLI version in this thread and received some helpful information there, I set out to write my own little interface in bash for it to implement the suggestions. Being no programmer it turned out to be quite a project for me, and I would like to share it here in case anybody else prefers to run Eddie in the terminal rather than as a full GUI application. This script still uses Eddie itself, it's just a wrapper to make it as easy to use in the command line as it is as a desktop application. Screenshots are attached.
     
    Some features and advantages:
    uses less resources (top shows usually 0.3% CPU usage compared to 4-5% for the desktop version) can be exited without disconnecting interactive, sortable server list option to connect to another VPN with openconnect (since I need to do that from time to time, but it should be easy to add other connection methods as well) option to lock down the system's network traffic by default, so even without Eddie running with its own network lock there will be no leaks What to watch out for:
    The default network lock works with direct rules in firewalld because I'm using Fedora. It should be easy to change it to use iptables directly on other distributions since firewalld's direct rules are just a way to directly manipulate iptables. Once activated, the lock will stay in place until manually deactivated (also surviving reboots), so no internet connection will be possible unless connected to AirVPN or other whitelisted VPNs. AirVPN's network lock overwrites the default network lock, so there will be no interference. Check your /etc/resolv.conf file while not running Eddie (because Eddie's network lock replaces that file temporarily) to make sure your router is not set as a nameserver (so no 192.168... address). Some routers will push themselves on that list by DHCP whenever you connect to their network. Since communication with the router is allowed in the lock rules, DNS requests will be handled by the router and sent to whatever DNS server is configured there even when network traffic should be blocked. There are ways to prevent that file from being changed by DHCP, best configure network manager for that if you use it. To connect to other VPNs, their IPs must be whitelisted and DNS requests for their domains must be allowed in the default network lock rules. The rules for airvpn.org can be copied and adjusted. I haven't yet included an option to pass command line arguments to Eddie. So if you need to set more advanced options like black-/whitelists, use of certain protocols etc., you need to set them manually in the connect_server function. All the possible options can be found in 'man eddie-ui'. You need to insert your own API key in line 5. It can be found in your account under Client Area -> API. Without this, connections will still work, but user info and connection status in the main window will not be properly updated. I tried to only use basic system tools. The script relies mostly on dialog, awk and curl (and firewalld as described and openconnect if needed), so it should work on most systems, but I'm not sure. And, lastly, VERY IMPORTANT: As I said, I'm no programmer and new to this, so even though I tried my best to make this script secure and error free, there might very well be some bad practice, never-ever-do-this mistakes or other hiccups in there. It works well for me, but better check it yourself. Feel free to use this as you wish, I hope someone can benefit from this. I'm happy about any improvements and corrections and will update this if I find the time.

    UPDATE: A new version which uses Hummingbird and has been improved in many aspects (including automatic connection at boot) can be found here.
     
    #!/bin/bash # an interactive shell script to control the command line version of the AirVPN Eddie client and openconnect more comfortably PROFILE_PATH="$HOME/.airvpn/default.xml" API_KEY="<your api key>" DIALOG_OK=0 DIALOG_CANCEL=1 DIALOG_EXTRA=3 DIALOG_ESC=255 HEIGHT=0 WIDTH=0 BACKTITLE="VPN Control" FORMAT="text" URL="https://airvpn.org/api/" PID=$$ function check_sudo { # check if user has sudo privileges sudo -vn &> /dev/null # gain sudo privileges for commands that need it (better than running everything with sudo) if [ $? = "1" ] then unset EXIT_STATUS_SUDO PASS_PROMPT="Establishing VPN connections and changing network traffic rules requires root privileges. Please enter your password:" until [ "$EXIT_STATUS_SUDO" = "0" ] do dialog \ --backtitle "$BACKTITLE" \ --title "Password Needed" \ --output-fd 1 \ --insecure \ --passwordbox "$PASS_PROMPT" 11 35 | xargs printf '%s\n' | sudo -Svp '' &> /dev/null EXIT_STATUS_PIPE=( "${PIPESTATUS[@]}" ) EXIT_STATUS_DIALOG="${EXIT_STATUS_PIPE[0]}" EXIT_STATUS_SUDO="${EXIT_STATUS_PIPE[2]}" EXIT_SUDO_TEST="${EXIT_STATUS_PIPE[2]}" PASS_PROMPT="The password you entered is incorrect. Please try again:" case $EXIT_STATUS_DIALOG in $DIALOG_CANCEL|$DIALOG_ESC) return 1 ;; esac done # keep sudo permission until script exits or permissions are revoked (e.g. when computer goes to sleep) while [ "$EXIT_SUDO_TEST" = "0" ]; do sudo -vn; EXIT_SUDO_TEST=$?; sleep 60; kill -0 "$PID" || exit; done &> /dev/null & fi return 0 } function get_list { SERVICE_NAME="status" ARGS="{ \"format\":\"$FORMAT\", \"service\":\"$SERVICE_NAME\" }" timeout --signal=SIGINT 10 curl -s -d "$ARGS" -X POST "$URL" > "/tmp/.eddie_server_list.txt" } function sort_list { # pipe server status list to awk, filter out unnecessary stuff, # combine lines that relate to same server into single lines which are saved as array, # loop through array to format info, # print array and sort according to options, # add numbers to list for menu LIST=$(awk -F '[.]' \ 'BEGIN{OFS=";"} \ /^servers/ && !/ip_/ && !/country_code/ {c=$2; \ if (c in servers) servers[c]=servers[c] OFS $3; \ else servers[c]=$3; \ for (k in servers) gsub(/;bw=/, " :", servers[k]); \ for (k in servers) gsub(/;bw_max=/, "/", servers[k]); \ for (k in servers) gsub(/;currentload=/, " :", servers[k]); \ for (k in servers) gsub(/;health=/, "%:", servers[k]); \ for (k in servers) gsub(/;.*=/, ":", servers[k]); \ for (k in servers) gsub(/^.*=/, "", servers[k])} \ END{ \ for (c in servers) print servers[c]}' "/tmp/.eddie_server_list.txt" | sort -t ":" $1 | awk -F '[;]' 'BEGIN{OFS=":"} {print v++";"$1}') } function get_userinfo { SERVICE_NAME="userinfo" ARGS="{ \"format\":\"$FORMAT\", \"service\":\"$SERVICE_NAME\", \"key\":\"$API_KEY\" }" # filter specific lines, save values to variables after protecting whitespace read U_LOGIN U_EXP U_CONNECTED U_DEVICE U_SERVER_NAME U_SERVER_COUNTRY U_SERVER_LOCATION U_TIME <<< $( \ timeout --signal=SIGINT 10 curl -s -d "$ARGS" -X POST "$URL" | \ awk -F '[=]' \ 'BEGIN{ORS=";"} \ /^user.login|^user.expiration_days|^user.connected|^sessions.*device_name|^connection.server_name|^connection.server_country=|^connection.server_location|^connection.connected_since_date/ \ {print $2}' | \ sed 's/\ /\\\ /g' | sed 's/;/\ /g' \ ) if [ "$U_CONNECTED" = "1" ] then U_CONNECTED="connected" U_SERVER_FULL="$U_SERVER_NAME ($U_SERVER_LOCATION, $U_SERVER_COUNTRY)" U_TIME=$(date -d "$U_TIME UTC" +"%m/%d/%Y %H:%M:%S") else U_CONNECTED="not connected" U_SERVER_FULL="--" U_TIME="--" fi } function connect_server { if [ "$KILLED" = "true" ] then # create pipes to process status of client if [ ! -p "/tmp/.eddie_fifo1" ] then mkfifo "/tmp/.eddie_fifo1" fi if [ ! -p "/tmp/.eddie_fifo2" ] then mkfifo "/tmp/.eddie_fifo2" fi # run eddie in background and detached from current window, pipe output to named pipe (sudo eddie-ui --cli --netlock --connect --server="$1" --profile="$PROFILE_PATH" | tee "/tmp/.eddie_fifo2" &> "/tmp/.eddie_fifo1" &) cat "/tmp/.eddie_fifo2" | dialog --backtitle "$BACKTITLE" --title "Connecting to AirVPN..." --progressbox 20 80 & timeout --signal=SIGINT 60 grep -q -m 1 "Initialization Sequence Completed" "/tmp/.eddie_fifo1" INIT_EXIT=$? pkill -f cat.*eddie_fifo2 if [ $INIT_EXIT = "0" ] then get_userinfo else U_CONNECTED="error during connection attempt" U_SERVER_FULL="--" U_TIME="--" fi else U_CONNECTED="error during disconnection" U_SERVER_FULL="--" U_TIME="--" fi } function disconnect_server { # check for running instance of eddie pgrep -f mono.*eddie-ui &> /dev/null if [ $? = 0 ] then # kill process and wait for confirmation from process output if [ -p "/tmp/.eddie_fifo1" -a -p "/tmp/.eddie_fifo2" ] then sudo pkill -2 -f mono.*eddie-ui & cat "/tmp/.eddie_fifo1" | dialog --backtitle "$BACKTITLE" --title "Disconnecting AirVPN..." --progressbox 20 80 & timeout --signal=SIGINT 10 grep -q -m 1 "Shutdown complete" "/tmp/.eddie_fifo2" else # in case connection was started without this script sudo pkill -2 -f mono.*eddie-ui sleep 5 fi # give some time to completely close process, without sleep it's too early for new connection sleep 3 pgrep -f mono.*eddie-ui &> /dev/null if [ $? = 1 ] then KILLED1="true" else KILLED1="false" fi else KILLED1="true" fi # check for running instance of openconnect pgrep -f "openconnect.*--" &> /dev/null if [ $? = 0 ] then sudo pkill -2 -f "openconnect.*--" sleep 1 pgrep -f "openconnect.*--" &> /dev/null if [ $? = 1 ] then KILLED2="true" # somehow openconnect doesn't receive SIGINT and shuts down improperly, # so vpnc can't restore resolv.conf by itself sudo cp "/var/run/vpnc/resolv.conf-backup" "/etc/resolv.conf" else KILLED2="false" fi else KILLED2="true" fi if [ "$KILLED1" = "true" -a "$KILLED2" = "true" ] then KILLED="true" else KILLED="false" fi } function define_lock { if [ "$1" = "activate" ] then GAUGE_TITLE="Activating Network Lock" RULE_ACTION="add-rule" elif [ "$1" = "deactivate" ] then GAUGE_TITLE="Deactivating Network Lock" RULE_ACTION="remove-rule" else return 1 fi GAUGE_BODY="$1" IPRULES=(\ #allow loopback "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter INPUT 0 -i lo -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 0 -o lo -j ACCEPT" \ #allow lan (out) and broadcasting/dhcp "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 0 -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter INPUT 0 -s 255.255.255.255 -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 0 -d 255.255.255.255 -j ACCEPT" \ # allow tun device to communicate (so any VPN connection should be possible, also without Air, but respective DNS requests must be allowed) "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter FORWARD 0 -o tun+ -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter FORWARD 0 -i tun+ -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 998 -o tun+ -j ACCEPT" \ # optional masquerade rule (NAT/ports) "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 nat POSTROUTING 0 -o tun+ -j MASQUERADE" \ # allow ipv4 only to airvpn.org for status update # allow DNS query to resolve hostname (hex string reads "06 airvpn 03 org" - numbers are counting bits), # restrict packet length to length of this specific request package (might change?) to avoid hijacking # of query (very unlikely I guess, but who cares if we're already being paranoid for the fun of it), # whitelist destination IP for TCP handshake "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 1 -p udp --dport 53 -m string --hex-string '|06 61697276706e 03 6f7267|' --algo bm -m length --length 0:126 -m recent --set -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 1 -p tcp --dport 53 -m string --hex-string '|06 61697276706e 03 6f7267|' --algo bm -m length --length 0:126 -m recent --set -j ACCEPT" \ # add rules for other domains you wish to allow DNS requests to here (packet length can be determined with e.g. wireshark) and adjust array index # # allow SYN request to whitelisted IP to initiate handshake, remove IP from whitelist "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 1 -p tcp --syn --dport 53 -m recent --remove -j ACCEPT" \ # allow outgoing connection to Air's IP "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 1 -d 5.196.64.52 -j ACCEPT" \ # add rules for other IPs you wish to allow connections to here # # allow communication "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter INPUT 1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT" \ # drop outgoing ipv4 (if not specifically allowed by other rules) "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 999 -j DROP" \ # block incoming ipv4 "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter INPUT 999 -j DROP" \ # drop all ipv6 "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv6 filter OUTPUT 0 -j DROP" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv6 filter INPUT 0 -j DROP" \ # reload and restart firewalld to activate permanent rule changes "sudo firewall-cmd --reload" \ "sudo systemctl restart firewalld"\ ) toggle_lock } function toggle_lock { PERCENTAGE_STEP=$(awk -v rules="${#IPRULES[@]}" 'BEGIN {print 100/rules}') PERCENTAGE=0 COUNTER=0 # initial window dialog --backtitle "$BACKTITLE" \ --title "$GAUGE_TITLE" \ --mixedgauge "Applying iptable rules to $GAUGE_BODY the default network lock..." 35 80 "$(awk -v per="$PERCENTAGE" 'BEGIN {printf "%.0f", per}')" \ "Allow Loopback IN" "${RESULT[0]}" \ "Allow Loopback OUT" "${RESULT[1]}" \ "Allow LAN OUT" "${RESULT[2]}" \ "Allow DHCP IN" "${RESULT[3]}" \ "Allow DHCP OUT" "${RESULT[4]}" \ "Allow tun out FORWARD" "${RESULT[5]}" \ "Allow tun in FORWARD" "${RESULT[6]}" \ "Allow tun out OUT" "${RESULT[7]}" \ "tun masquerade" "${RESULT[8]}" \ "Allow DNS via UDP to airvpn.org" "${RESULT[9]}" \ "Allow DNS via TCP to airvpn.org" "${RESULT[10]}" \ "Allow connection initiation" "${RESULT[11]}" \ "Allow traffic to airvpn.org" "${RESULT[12]}" \ "Allow established connections" "${RESULT[13]}" \ "Block IPv4 OUT" "${RESULT[14]}" \ "Block IPv4 IN" "${RESULT[15]}" \ "Block IPv6 OUT" "${RESULT[16]}" \ "Block IPv6 IN" "${RESULT[17]}" \ "activate changes" "${RESULT[18]}" \ "restart firewalld" "${RESULT[19]}" for i in "${IPRULES[@]}" do RESULT["$COUNTER"]=$(eval $i) (( COUNTER++ )) PERCENTAGE=$(awk -v per="$PERCENTAGE" -v per_step="$PERCENTAGE_STEP" 'BEGIN {print per+per_step}') # progress window dialog --backtitle "$BACKTITLE" \ --title "$GAUGE_TITLE" \ --mixedgauge "Applying iptable rules to $GAUGE_BODY the default network lock..." 35 80 "$(awk -v per="$PERCENTAGE" 'BEGIN {printf "%.0f", per}')" \ "Allow Loopback IN" "${RESULT[0]}" \ "Allow Loopback OUT" "${RESULT[1]}" \ "Allow LAN OUT" "${RESULT[2]}" \ "Allow DHCP IN" "${RESULT[3]}" \ "Allow DHCP OUT" "${RESULT[4]}" \ "Allow tun out FORWARD" "${RESULT[5]}" \ "Allow tun in FORWARD" "${RESULT[6]}" \ "Allow tun out OUT" "${RESULT[7]}" \ "tun masquerade" "${RESULT[8]}" \ "Allow DNS via UDP to airvpn.org" "${RESULT[9]}" \ "Allow DNS via TCP to airvpn.org" "${RESULT[10]}" \ "Allow connection initiation" "${RESULT[11]}" \ "Allow traffic to airvpn.org" "${RESULT[12]}" \ "Allow established connections" "${RESULT[13]}" \ "Block IPv4 OUT" "${RESULT[14]}" \ "Block IPv4 IN" "${RESULT[15]}" \ "Block IPv6 OUT" "${RESULT[16]}" \ "Block IPv6 IN" "${RESULT[17]}" \ "activate changes" "${RESULT[18]}" \ "restart firewalld" "${RESULT[19]}" done # final window to show results dialog --backtitle "$BACKTITLE" \ --title "$GAUGE_TITLE" \ --mixedgauge "Applying iptable rules to $GAUGE_BODY the default network lock..." 35 80 "$(awk -v per="$PERCENTAGE" 'BEGIN {printf "%.0f", per}')" \ "Allow Loopback IN" "${RESULT[0]}" \ "Allow Loopback OUT" "${RESULT[1]}" \ "Allow LAN OUT" "${RESULT[2]}" \ "Allow DHCP IN" "${RESULT[3]}" \ "Allow DHCP OUT" "${RESULT[4]}" \ "Allow tun out FORWARD" "${RESULT[5]}" \ "Allow tun in FORWARD" "${RESULT[6]}" \ "Allow tun out OUT" "${RESULT[7]}" \ "tun masquerade" "${RESULT[8]}" \ "Allow DNS via UDP to airvpn.org" "${RESULT[9]}" \ "Allow DNS via TCP to airvpn.org" "${RESULT[10]}" \ "Allow connection initiation" "${RESULT[11]}" \ "Allow traffic to airvpn.org" "${RESULT[12]}" \ "Allow established connections" "${RESULT[13]}" \ "Block IPv4 OUT" "${RESULT[14]}" \ "Block IPv4 IN" "${RESULT[15]}" \ "Block IPv6 OUT" "${RESULT[16]}" \ "Block IPv6 IN" "${RESULT[17]}" \ "activate changes" "${RESULT[18]}" \ "restart firewalld" "${RESULT[19]}" sleep 2 unset RESULT check_lock } function check_lock { # check for success (not really though, needs improvement) LOCK_RULES=$( sudo firewall-cmd --direct --permanent --get-all-rules | wc -l ) if [ "$LOCK_RULES" -gt 16 ] then LOCK_ACTIVE="active" else LOCK_ACTIVE="inactive" fi } function yesno { dialog \ --backtitle "$BACKTITLE" \ --title "$1" \ --clear \ --yesno "$2" \ $HEIGHT $WIDTH EXIT_STATUS=$? } check_sudo if [ $? = "1" ] then clear exit fi get_userinfo # if currently connected by openconnect, set status to unknown (connection could have been established outside of this script) pgrep openconnect &> /dev/null if [ $? = 0 ] then U_CONNECTED="connected (openconnect)" U_SERVER_FULL="unknown" U_TIME="unknown" fi check_lock while true; do exec 3>&1 selection=$(dialog \ --cr-wrap \ --backtitle "$BACKTITLE" \ --title "Main Menu" \ --clear \ --cancel-label "Quit" \ --menu "This is a control script for VPN connections, primarily for Eddie, the AirVPN client.\nThis script can be exited and re-entered without affecting a running connection.\n\nUser: $U_LOGIN\nDays Until Expiration: $U_EXP\n\nDefault Network Lock: $LOCK_ACTIVE\n\nStatus: $U_CONNECTED\nServer: $U_SERVER_FULL\nConnected Since: $U_TIME\n\nPlease select one of the following options:" $HEIGHT $WIDTH 6 \ "0" "Connect to Recommended Server" \ "1" "Connect to Specific Server" \ "2" "Connect via openconnect" \ "3" "Disconnect" \ "4" "Refresh User Info" \ "5" "Toggle Default Network Lock" \ 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) yesno "Quit" "Exit Script?" case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) break ;; esac ;; esac case $selection in 0 ) check_sudo if [ $? = "0" ] then disconnect_server connect_server "" fi ;; 1 ) while true; do exec 3>&1 SERVER_SORT=$(dialog \ --backtitle "$BACKTITLE" \ --title "Sort Server List" \ --no-collapse \ --ok-label "sort ascending" \ --extra-button \ --extra-label "sort descending" \ --menu "Please choose how you want to sort the server list." \ 14 0 7 \ "1" "Name" \ "2" "Country" \ "3" "Location" \ "4" "Continent" \ "5" "Bandwidth" \ "6" "Users" \ "7" "Load" \ 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) break ;; $DIALOG_EXTRA) SERVER_SORT_OPTION="r" ;; $DIALOG_OK) SERVER_SORT_OPTION="" ;; esac if [ "$SERVER_SORT" = "5" -o "$SERVER_SORT" = "6" -o "$SERVER_SORT" = "7" ] then SERVER_NUM_OPTION="n" else SERVER_NUM_OPTION="" fi if [ ! -f "/tmp/.eddie_server_list.txt" ] then get_list fi while true do sort_list "-k$SERVER_SORT,$SERVER_SORT$SERVER_SORT_OPTION$SERVER_NUM_OPTION" IFS=$';\n' exec 3>&1 SERVER_NMBR=$(dialog \ --backtitle "$BACKTITLE" \ --title "Server List" \ --colors \ --no-collapse \ --extra-button \ --extra-label "Refresh List" \ --column-separator ":" \ --menu "Choose a server from the list to connect to it. (Press ESC to go back.)\n\n\Zb # Name Country Location Continent Bandwidth Users Load Health\ZB" \ 40 102 31 $LIST 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- IFS=$' \t\n' case $EXIT_STATUS in $DIALOG_CANCEL) break 2 ;; $DIALOG_ESC) break ;; $DIALOG_EXTRA) get_list ;; $DIALOG_OK) check_sudo if [ $? = "0" ] then SELECTED_SERVER=$(printf -- '%s\n' "${LIST[@]}" | grep "^$SERVER_NMBR;" | cut -d ";" -f 2 | cut -d ":" -f 1) disconnect_server connect_server "$SELECTED_SERVER" break 2 fi ;; esac done done ;; 2 ) exec 3>&1 # adjust field lengths if necessary CONNECT_INFO=$(dialog \ --backtitle "$BACKTITLE" \ --title "VPN via openconnect" \ --insecure \ --mixedform "Please provide your login credentials to connect to a VPN via openconnect:\n(Leave unneeded fields blank and type options as in command line, separated by space.)" $HEIGHT $WIDTH 6 \ "Server:" 1 1 "" 1 21 25 0 0 \ "Group:" 2 1 "" 2 21 25 0 0 \ "User:" 3 1 "" 3 21 25 0 0 \ "Password:" 4 1 "" 4 21 25 0 1 \ "Additional Options:" 5 1 "" 5 21 25 0 0 \ 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) check_sudo if [ $? = "0" ] then disconnect_server if [ "$KILLED" = "true" ] then if [ ! -p "/tmp/.eddie_fifo1" ] then mkfifo "/tmp/.eddie_fifo1" fi ALT_SERVER=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 1) ALT_GROUP=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 2) ALT_USER=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 3) ALT_PASS=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 4) ALT_OPTS=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 5) echo "$ALT_PASS" | (sudo openconnect $ALT_OPTS --authgroup=$ALT_GROUP --user=$ALT_USER --passwd-on-stdin $ALT_SERVER &> "/tmp/.eddie_fifo1" &) timeout --signal=SIGINT 3 cat "/tmp/.eddie_fifo1" | dialog --backtitle "$BACKTITLE" --title "Connecting via openconnect..." --timeout 5 --programbox 20 80 U_CONNECTED="connected" U_SERVER_FULL="$ALT_SERVER" U_TIME=$(date +"%m/%d/%Y %H:%M:%S") else U_CONNECTED="error during disconnection" U_SERVER_FULL="--" U_TIME="--" fi fi ;; esac ;; 3 ) check_sudo if [ $? = "0" ] then disconnect_server if [ "$KILLED" = "true" ] then get_userinfo else U_CONNECTED="error during disconnection" U_SERVER_FULL="--" U_TIME="--" fi if [ -p "/tmp/.eddie_fifo1" ] then rm "/tmp/.eddie_fifo1" fi if [ -p "/tmp/.eddie_fifo2" ] then rm "/tmp/.eddie_fifo2" fi fi ;; 4 ) get_userinfo ;; 5 ) pgrep -f mono.*eddie-ui &> /dev/null if [ $? = 0 ] then dialog --backtitle "$BACKTITLE" --title "Toggle Network Lock" --timeout 3 --msgbox "You need to be disconnected to change network traffic rules." 10 35 else if [ "$LOCK_ACTIVE" = "inactive" ] then yesno "Toggle Network Lock" "Are you sure you want to activate the default network lock and block all connections while not connected to (any) VPN?" case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) check_sudo if [ $? = "0" ] then define_lock "activate" fi ;; esac else yesno "Toggle Network Lock" "Are you sure you want to deactivate the default network lock and allow all connections, even when not connected to a VPN?" case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) check_sudo if [ $? = "0" ] then define_lock "deactivate" fi ;; esac fi fi ;; esac done clear





  3. Like
    LZ1 got a reaction from itsmefloraluca in FYI: Official NordVPN Android app transmits personal data to third parties   ...
    Hello!
     
    That's certainly interesting. Thank you for taking the time to post it here and making it available in English .
     
    I completely agree that the choice of justification is very poor in this regard.
     
    Moved topic to the proper forum.
  4. Like
    LZ1 reacted to giganerd in FYI: Official NordVPN Android app transmits personal data to third parties   ...
    A german IT security blogger recently discovered that NordVPN's official android app transmits personally identifiable information to NordVPN and a few third parties.
     
    The checked version of their app is v3.9.8 which seems a few versions behind the current branch but still fairly recent.
    The blogger discovered that a user's Google mail address along with the advertising ID and a bit of other info are sent to Iterable, AppsFlyer and Tune along with some Google services like Analytics - all seemingly without the user's consent and even without mentioning it in the app's ToS.
     
    Of course customer support has been asked as well. Their answer was not satisfactory:
     
     
    Everyone interested in some of the HTTP POSTs discovered can look at them in the article linked above. The article itself is German-language, but it doesn't contain more info than this, only a bit of the writer's opinion which I share: It's very questionable that a "no-log" or even "privacy-centered" VPN provider like NordVPN is bold enough to state "marketing reasons" as their justification to track users of their Android app. Even worse that this tracking is performed by third parties who will most likely use this data in cross-referencing...
     
    Try to avoid NordVPN. Searching for "NordVPN" in this forum alone will yield more than enough reason. One in three newly created threads is about them.
  5. Like
    LZ1 reacted to Staff in two sessions to same server causes 2 minute restarts ad infinitum   ...
    Hello!
     
    If you resolve a country or a continent or a planet name to determine which VPN server the system will connect to, what you experience is not a bug. When you connect multiple devices with the same key to the same OpenVPN daemon, only the last one receives properly packets, and will cause a disconnection to all the other ones. Not only this is not an OpenVPN bug, but this is a very appropriate and correct behavior: the opposite would be a real catastrophe!
     
    Each computer can't know what any other is doing, unless you query Air API to determine the status of your account and make connection decisions accordingly. However, to connect multiple devices to the same servers, we already offer the option to use multiple client certificate/key pairs by the same account:
    https://airvpn.org/topic/26209-how-to-manage-client-certificatekey-pairs
     
    The other problem you mention. i.e. that a VPN server which goes down is still the "best" server according to some FQDN, is due to TTL. Actually, our authoritative DNS update the records every 2 minutes, but TTL is 1 hour, so on average you might have some DNS server updating the records after 30 minutes.
     
     
    Now that you know that this is not true, let's go deeper into the matter. An OpenVPN daemon runs always in the same core of a CPU. Even with AES-NI supporting CPUs, it's impossible, with our ciphers, to squeeze the full bandwidth we have available. Therefore, some sort of balancing becomes necessary.
     
    Last year we implemented a new balancing system which turned out to work very well. Each VPN server runs as many OpenVPN daemons as possible (according to the CPU cores amount), and each daemon lives in its own private subnet. Servers welcome OpenVPN clients at kernel level by sending them to the OpenVPN daemon which is running in the least loaded core. It was a huge improvement when compared to the previous, relatively rudimentary in comparison, load balancing.
     
    In this way we have been able to break the previous 900 Mbit/s limit on a single server (we touched around 1.7 Gbit/s on a server with hundreds of connected clients).
     
    Therefore, when multiple clients with the same pair connect to the same VPN server, they might have no problems if they are sent to different OpenVPN daemons. However, the likelihood that it happens when such connections occur at the same time is very tiny, because load core competition can cause a core supremacy change in a longer time, given the redundancy of our infrastructure. Anyway, it's not the correct approach, as you experienced.
     
    Our users who want to achieve the purpose need therefore to take care, as it is perfectly normal and somehow even trivial, of their own devices by managing correctly the client pairs. It's a 30 seconds job in general and we provide all the necessary tools with an extremely comfortable graphic interface, both on our web site and in our free and open source software for Android, Linux, Mac and Windows.
     
    Kind regards
     
    P.S. We fixed the typo in the thread ("ad infinitem" --> "ad infinitum")
  6. Like
    LZ1 reacted to giganerd in Android tv box verliert Verbindung ~60 min   ...
    It's a freaking disease, ever since Mr. wolke68 started a thread in german...
  7. Like
    LZ1 got a reaction from flat4 in What's your e-mail provider?   ...
    Hello!
     
    I don't think it has been mentioned, so I thought it would be relevant to point out that AirVPN doesn't require the use of a valid e-mail account in order to sign up.
  8. Like
    LZ1 reacted to ixochina in Alternative for China 2018 (a second VPN)   ...
    I can personally confirm that TCP port 443 works always and UDP as well - but not as always as TCP. We are into 2019 and still Airvpn is working perfectly in China. Connecting via Eddie is a sure way to go.
  9. Like
    LZ1 reacted to giganerd in Guide To Getting Started + Links For Advanced Users   ...
    ... Kitalpha being the only exception due to missing IPv6 support, rest of the features are there. Makes it a Gen1.9 server.
     
    I'm beginning to like these summaries..
  10. Like
    LZ1 got a reaction from Freejumping in Eddie and Fire Stick   ...
    For reference, in case anyone wondered.
  11. Like
    LZ1 got a reaction from ruler2016 in Guide To Getting Started + Links For Advanced Users   ...
    It's that time of year again guys and gals
    Added guidance on how to use Amazon Fire Stick with AirVPN, to the guides section. An update from Staff on this, that it can be used with Android Eddie! Added a mini-guide by Staff on how to test for traffic shaping being carried out on your connection, to the guides section. Added a notice about the availability of Eddie for Android, to the getting started section. Along with why it sadly won't be coming to iOS until Apple changes its policies. Added clarification to the getting started with AirVPN section, that a valid e-mail address is NOT required. Added clarification to the same section as above, that the login name is what's used for Eddie and not the forum display name. Thanks giganerd and co. Added Staffs recommendation for potentially making online gaming through AirVPN more responsive, by changing buffer sizes, to the after downloading Eddie section. Added notice to Other Noteworthy Resources section, that AirVPN does not make use of paid-for reviews. Unlike so many other VPNs. Added AirVPNs expansion on the debate surrounding transparency and security through obscurity. Added to the security question in First Questions section, point 10. Added corrado's alternative VPN client for Linux users, to the Other Noteworthy Resources section. It's very impressive work. Thank you for your contribution. Changed (the 1 instance) use of hooktube links to regular youtube links, in the Other Noteworthy Resources section. It was meant to be more private this way, but hooktube has since then been kneecapped. Removed links to BestVPN in the Other Noteworthy Resources section. Air was #1 for Encryption, Tor-use & loglessness while Douglas Crawford was writing and still is, following any honest review. Now it's solely paid-for reviews and since Air doesn't pay for any reviews, competitors get put on a highly dubious pedestal. Besides the very flaky review criteria; how can a Pros and Cons list contain "Pros" of a temporary type such as "XYZ has a Christmas sale of 75% OFF!" ? Thus not worth any consideration.  
    @salacronix I'm sorry, I don't know. But feel free to create your own thread regardless .
    @ironmikezero Thank you, that's excellent to hear!
    @JimTheOwl That sort of thing is usually in the Guides/How-To section of my guide. There's a discussion about it for MacOS here. A how-to for GNU/Linux here. Regardless of OS, it is NOT recommended. If you only hibernate your PC instead of shutting it down completely and Eddie stays on, then at least on Linux and Windows, you won't need to re-enter a password.
     
    Besides all that, I thought it could be fun to summarise some of the biggest things which happened with AirVPN in 2018. There's no newsletter that I know of and since I basically live on the forums anyway, then why not help everyone else keep track of the biggest changes, since they're so easy to lose sight of . I might do it again next year if it's worth it.
     
    AirVPN in the year 2018 AirVPN started out 2018 by adding the ability for users to manage their keys for all their devices. A very welcome feature, for many users. Do remember to re-login your client after changing keys . After starting out with only a few experimental servers, AirVPN successfully managed to upgrade all AirVPN servers to what is now called "Gen2" servers. These support the IPv6 protocol and other additions, such as "tls-crypt". Tls-crypt makes it much harder for outsiders to block or throttle a VPN connection. Here's an excellent explanation by Staff. Finally Eddie comes to Android! This has been asked for by so many people and it's great to no longer have to rely exclusively on third party apps. Although iOS users will remain in a pinch here. A new country was added: JAPAN. Obviously quite a popular request, now seen through. It's a little unclear if Austria was added this year or not, woops. 2018 was also the year where Air underscored its commitment to cryptocurrencies, by removing the middlemen in Bitcoin transactions and accepting it directly! AirVPN was also found rebutting a famous article online about how VPNs are meant to be untrustworthy. AFAIK this is the first time Staff answer directly to a non-forum party. This year it was Airs 8th birthday. In that time, the amount of Bandwidth and Online Sessions only seem to increase. Lastly, as can be expected, AirVPN clarified some points in its Privacy Notice, now that the EU GDPR is in effect. Server additions to individual countries: many, I think. Further, I believe there was a stealthy updating of IPB. Happy New Year to everyone
  12. Like
    LZ1 got a reaction from knighthawk in Eddie 2.17beta released   ...
    Hello!
     
    Suggestion: Staff do you think it would be reasonable to include the load and ms for the currently selected server, on the Overview page, instead of in the Servers tab, where one first has to find the server in question?
     
    The ms could go underneath Connection and perhaps a third box for load could be under the two existing upload and download boxes, in the middle. So it's still symmetrical .
  13. Like
    LZ1 reacted to go558a83nk in 11,000   ...
    Online Sessions: 15973 - BW: 71229 Mbit/s
     

  14. Like
    LZ1 got a reaction from liddelljohn in Just topped up subscriptio now VPN not connecting??   ...
    Hence why you ought to try the solution suggested by Support and relayed here by Staff, as it may circumvent such blocking.
  15. Like
    LZ1 got a reaction from B3nB3n in Bootstrap failed - since a week   ...
    Hello!
     
    May we see your logs?
     
    Are you using the latest stable release? There was an added setting to ignore those messages.
  16. Like
    LZ1 got a reaction from B3nB3n in Bootstrap failed - since a week   ...
    It's always best to list the log from start to finish .
     
    You can use a spoiler tag for the logs too.
     
    If it's just a case of hiding that bootstrap message, then please try going to Eddie>Preferences>UI>Hide Bootstrap failure window.
  17. Like
    LZ1 got a reaction from tom7812 in Just Great!   ...
    Hello!
     
    If at all possible, I'm sure you can see the usefulness of sharing what you did or think may have contributed to the increase, if at all possible .
     
    It's also great if you mention if you're torrenting or whatnot. Thank you.
  18. Like
    LZ1 got a reaction from amazeballs in Why so many servers in Texas   ...
    Hello!
     
    The most straightforward answer would be that it follows Airs requirements, while being beneficial in other aspects, such as cost.
     
    If location choices were to be solely based on what Airs customers wanted at any point in time, then Air would surely be amongst the first of companies in mankind to establish servers on Mars too .
  19. Like
    LZ1 got a reaction from cheeze in Black Friday 2018 Week   ...
    The sale will likely end on the 30th of November.
     
    Staff you might as well add one of those countdown timers for sales like this, as the Borg demand it. Resistance is futile!
  20. Like
    LZ1 reacted to peacedog in Black Friday 2018 Week   ...
    I really appreciate the AirVPN staff listening to some community members back in the summer months and offering up the 2-year option. A no-brainer for myself to sign up for after 5 years of outstanding service as well as infrastructure and security updates. It's nice being confident when explaining VPN's to someone knowing that I'm recommending the best service out there as well during that same discussion.
     
     
    Cheers to AirVPN and your entire team!
  21. Like
    LZ1 got a reaction from keikari in Black Friday 2018 Week   ...
    Hello!
     
    I liked it better when you said it was 35% Staff - but sixtyseven and a half% sounds sufficiently nerdy as well
  22. Like
    LZ1 got a reaction from itsmefloraluca in Black Friday Cyber Monday deals?   ...
    Hello!
     
    Absolutely. Please refer to the guide in my signature, which contains the full details of the sales we normally have here.
     
    It's the last question at the bottom of the First Questions section.
     
    Black Friday is the biggest AirVPN discount.
     
    Take care .
  23. Like
    LZ1 got a reaction from Flx11 in AirVPN stop you getting caught?   ...
    Hello!
     
    You can check the link in my signature for guides on how to configure torrenting correctly so that no accidents happen.
     
    Network Lock (set it to turn on at startup) + A good FOSS client like qBittorent + Setting the torrent client to use tun0 or the equivalent VPN tunnel + always starting Eddie before the torrent client + downloading the testtorrent from ipleak.net is a good combination of actions to help ensure nothing leaks .
     
    Also, just to be pedantic: there's nothing wrong or illegal with torrenting itself, as Bittorrent is just a protocol. It's *what* you torrent that has a risk associated with it.
  24. Like
    LZ1 reacted to Staff in Eddie Android edition 2.0 beta released   ...
    Hello!
     
    We're glad to inform you that we are opening the beta testing phase of our free and open source software Eddie for Android version 2.0.

    Version 2.0 is a quantum leap when compared to 1.0. It tries to meet most, if not all, of our community requirements and keeps the promises we made: swift and full AirVPN integration as well as Android TV extended compatibility.
     
    As usual Eddie is free and open source software released under GPLv3.
     
    Note that on 11-20-18 a new version (2.0 beta 2) has been released.
    Note that on 11-21-18 a new version (2.0 beta 3) has been released.
     
    Note that on 11-23-18 version 2.0 stable has been released, so this topic was locked. Please continue here:
    https://airvpn.org/topic/30774-eddie-android-edition-20-released/
     
    You can participate to the beta testing by joining the beta community in the Google Play Store here:
    https://play.google.com/apps/testing/org.airvpn.eddie
     
    You can also download the Eddie Android 2.0 beta 3 apk directly from our repository:
    https://eddie.website/repository/eddie/android/2.0beta3/org.airvpn.eddie.apk
     
    The application is fully localized and we look for translators, especially for translations into simplified and traditional Chinese. Korean, Japanese, and many other languages are welcome. If you wish to translate (from English) please contact info@airvpn.org for every detail.
     
    Eddie Android 2.0 adds tons of new features while keeping all the appreciated old ones:
    Free and open source OpenVPN GUI based on OpenVPN 3 The only Android application officially developed by AirVPN Robust, best effort prevention of traffic leaks outside the VPN tunnel Battery-conscious application Low RAM footprint Ergonomic and friendly interface Ability to start and connect the application at device boot Option to define which apps must have traffic inside or outside the VPN tunnel through white and black list Localization in English, French, Italian, Spanish. Turkish New features:
    Full integration with AirVPN Enhanced security thanks to locally stored encrypted data through master password Quick one-tap connection and smart, fully automated server selection Smart server selection with custom settings Manual server selection Smart attempts to bypass OpenVPN blocks featuring protocol and server fail-over Full Android TV compatibility including D-Pad support. Mouse emulation is not required. Enhancements aimed to increase accessibility and comfort to visually impaired persons AirVPN servers sorting options Customizable "Favorite" and "Forbidden" servers OpenVPN mimetype support to import profiles from external applications Localization in German, Portuguese and Russian If you test this new version, do not hesitate to report bugs, problems, considerations and any other feedback in this thread. You will help us reach a stable version more quickly. Please remember to report all the device information (brand, model, Android version, environment) as well as the log taken after the problem is occurred (when and if possible).
     
     
    Changelog 2.0 Beta 3 (VC 12) - Release date: 21 November 2018 by ProMIND QuickConnectionFragment.java - [ProMIND] Changed connection requirements for auto connection mode. IPv4 is now the minimum requirement. - [ProMIND] Show a disconnection dialog in case user cancels the connection procedure - [ProMIND] Notify user in case a favorite server is about to be connected - [ProMIND] Connection progress dialog is now properly dismissed at the end of server list connection Changelog 2.0 Beta 2 (VC 11) - Release date: 20 November 2018 by ProMIND - [giganerd] Added German localization - [giganerd] Added Russian localization - [morvotron] Added Portuguese localization - [ProMIND] Added accessibility support to spinners and buttons without text OpenVPNTunnel.java - [ProMIND] onEvent() now properly manages TCP errors in Quick Connection mode and avoids connection cycling when VPN is connected SettingsActivity.java - [ProMIND] Added setting and functionality for allowing quick connection to connect local (same country) servers AirVPNServerProvider.java - [ProMIND] Changed selection algorithm in order to include local (same country) servers when requested QuickConnectionFragment.java - [ProMIND] Quick connection button can now be used to disconnect any VPN connection Changelog 2.0 (VC 10) - Release date: 14 November 2018 by ProMIND - [ProMIND] Added classes for AirVPN connection, management and integration with AirVPN servers. - [ProMIND] Added classes for AirVPN user login, logout and profiles. - [ProMIND] Quick connection to AirVPN. Full connection support with determination of best server, protocol and mode, including server failover. - [ProMIND] Server connection to AirVPN compliant to AirVPN server list. Creation of favorite and forbidden lists. - [ProMIND] New user interface design - [ProMIND] Full Android TV support, including Storage Access Framework (Android SAF, when available) and full support for d-pad navigation. - [ProMIND] OpenVPN mimetype support. Import OpenVPN profiles from external applications. Native Library 1.3.1 - [ProMIND] Added new APIs for system information - [ProMIND] Updated boost library to 1.68.0 - [ProMIND] Updated to latest OpenVPN3 release   
     
     
    Kind regards & datalove
    AirVPN Staff
  25. Like
    LZ1 got a reaction from bluesjunior in Router Question?.   ...
    Yes. If the Eddie client is running on your PC, you don't need to change anything on your router .
     
    Interaction with the router in this context, is normally done in order to:
    Increase the device limit. Currently you can connect and use 5 devices with your AirVPN account. But if you put the Air software on the router, this number can increase. Make all devices that connect to the Wi-Fi, run through AirVPN. Which is useful, if you can't or won't want to install Eddie on each individual device. Play around, for the sake of performance. But people who do this, know that consumer routers don't offer the absolute best VPN performance, as running a VPN directly on a consumer router, is quite taxing. An example of a non-consumer router, is the Turris Omnia, which has features meant specifically for high performance VPN use. By the sound of it, you're using 1 PC daily and to torrent from. So unless you wish to tinker for the sake of it, there's no real need to touch your router, in connection with VPN-usage. (Barring any would-be changes in settings that could improve performance in ISP-related issues, as per my first post, which turned out to not be relevant to your case.)
     
    No worries. It's one of the reasons we've got these forums .
×
×
  • Create New...