Staff

Hello! Nothing wrong, it's possible that the third party service is malfunctioning. Are you able to reach your listening service from the Internet? Kind regards

Hello! This is potentially the problem, We can't be sure because for some unfathomable reason you deleted once again the endpoint address and the port. Or did you literally enter "#ip" and "#port"? By the way, when VPN_SERVICE_PROVIDER environment variable is set to an integrated VPN such as AirVPN (as it is in your case) you can rely on more proper variables that will prevent you from entering wrong addresses and/or ports. Please set the proper environment variables, delete the quoted ones (quoted here above), and check whether the problem gets resolved. Please see here again: https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/airvpn.md Kind regards

Hello! Something is blocking the creation of the virtual network interface that WireGuard needs, so it was not an Eddie's problem. Do you run any antimalware tool that might be blocking networking operations and/or blocking software that needs to modify network configuration with administrator privileges? Kind regards

Hello! Not anymore, and even less in the near future. HTTP/3 is quickly spreading. Today, HTTP/3 is used by 36.5% of all the websites, including major web sites inside countries that enforce blocks against VPN. Furthemore, blocking UDP as such is no more realistic, not even in China, where UDP has become an instrumental protocol for many companies in any sector (video streaming, video conference, VoIP, marketing, social media marketing, regime propaganda and more), for regime aligned or regime owned activities. In China you have a near 100% success rate and no shaping (apart from the normal shaping for anything outside China) with the current Amnezia "weak obfuscation" (no CPS) implementation, i.e. at the moment you don't even need QUIC mimicking (which is anyway available and very effective). Currently, bypassing blocks via UDP than via TCP is more efficient in China. At the moment there is nothing more effective than mimicking QUIC with the signature / fingerprint of an existing web site that's not blocked, and you have this option right now. We see > 95% success rate, which is better than the success rates of SSH (not exceeding 75%), shadowsocks and XRay, V2Ray etc (but a lot faster!). The success rate is similar to any VPN protocol over HTTP/2, but, again, dramatically faster. We're glad to know it. It is also very flexible. Thanks to CPS, you may mimic any transport layer protocol built on UDP, for example DNS, QUIC, SIP. Kind regards

Hello! The problem is that WireGuard doesn't start. Please try a re-installation from the official package available here: https://www.wireguard.com/install/ Then test WireGuard native utilities to connect, in order to discern whether the problem is Eddie specific or not. Instructions are available here: https://airvpn.org/windows/wireguard/gui/ Kind regards

Hello! Please set MTU to 1280 bytes and test again. If the problem persists please test from the host, without containers, to determine whether it's a GlueTun specific problem or not. Keep MTU to 1280 bytes and increase at small steps. Kind regards

Thank you! Please use the Configuration Generator. Turn on the "Advanced" switch. Generate a file with the Configuration Generator for WireGuard for the server or country you want to test. Download the file and edit it with any text editor. To begin with, add these parameters in the [Interface] section: Jc = 20 Jmin = 50 Jmax = 1000 S1 = 0 S2 = 0 H1 = 3 H2 = 1 H3 = 4 H4 = 2 Import the file into your PC AmneziaWG client, or use it with the AirVPN Suite component Hummingbird, and even in Eddie 4.0.0 (you can do it in the "VPN profiles" view once the file is in your Android device) and use it to test a connection in Amnezia mode. If it fails please try a connection directly from Eddie, without profile, in Amnezia WG. If it fails too enable QUIC mimicking in "Settings" > "Advanced" > "Custom AmneziaWG directives" and test again a connection. Keep us posted! Kind regards

Hello! It's available right now if you can edit the generated file. An integration with the configuration generator will require time so we suggest that you test by editing your own file (generated by the CG for WireGuard). Integration with Eddie Android edition is already available in the 4.0.0 beta version. ~100% success at the moment comes from reports from Russia and China. It would be good to have an additional report from Uzbekistan. 😋 Kind regards

Hello! We're very glad to know that the problem is solved. From the OpenVPN manual: Since mssfix 1280 resolved the problem, a plausible explanation that comes to mind is that before the problem started your network had frames fitting the previous MTU, and this is no more possible now So, it could be a change on your ISP side. Kind regards

Hello! Please note that the ability to connect over a generic HTTP, HTTPS, SOCKS4 and SOCKS5 proxies, especially those only supporting TCP, is an OpenVPN strong feature that's not matched by WireGuard. The flexibility and ease of OpenVPN to do it is very important for anyone connecting from behind a proxy (such a corporate proxy). This is a feature that we do no want to lose so phasing out OpenVPN in its entirety is not on the table at the moment. Another similar, powerful feature that WireGuard can not offer is establishing an SSH tunnel, or a TLS one (by stunnel typically) and then connect OpenVPN over it. However, a balanced approach is possible, and we are already moving toward that direction. For example, our kernel networking tuning is preferring WireGuard needs, not OpenVPN ones, although the approach is not too unbalanced. In the future we might also consider to lower the amount of concurrent OpenVPN processes we run on servers (we do it to aid balancing for the notorious problem you mention and for which a stable and easy to maintain DCO would be a solution). Kind regards

Hello! We have a report that makes us suspect that in Uzbekistan it's the IP addresses of various VPN servers (not only AirVPN, other VPN too), to be blocked "unconditionally". Anyway AmneziaWG is worth a test, with and without QUIC mimicking, toward all the wg ports of our servers. It has an incredibly high rate of success in Russia and China (higher than OpenVPN over SSH and shadowsocks) so it's definitely worth a test. Please keep us posted as we have literally three reports only from Uzbekistan including yours... If you need some parameters to test check here: https://airvpn.org/forums/topic/77633-eddie-android-edition-400-preview-available/?do=findComment&comment=258644 and here: https://airvpn.org/forums/topic/59479-block-vpn-in-russia/?do=findComment&comment=237288 If you need some suggestions for the parameters In in order to mimic QUIC connection to some specific web site known to be not blocked in countries controlled by VPN hostile regimes, please contact our support team in private by opening a ticket. Kind regards

Hello! Please note that the TLS handshake and anything else is performed by and between your system and the final web (or other service) servers. The VPN server is not a part of this process. Of course airvpn.org and ipleak.net do not block AirVPN servers. We would rather suspect some MTU related problem. Try to add in your OpenVPN configuration the following directive: mssfix 1280 Can you also test, in the problematic system, a connection by running OpenVPN directly and not relying on the network-manager-ovpn plugin? In the past it caused several different problems and it was deprecated. If the problem persists please test with ufw completely disabled. Do you mean that the problem doesn't appear at all on different systems using the same OpenVPN connection mode (entry-IP address, port and protocol)? Kind regards

Hello! Yes, as the default settings are not adequate for high load and high throughput servers. Kind regards

Hello! Reading it is not sufficient, then you have to change your configuration accordingly. How did you add the end point (destination VPN server)? Kind regards

@Bobo90 Hello! Your compose file lacks the proper setting of the FIREWALL_VPN_INPUT_PORTS environment variable. If you set it on the command line options fine, but if not you must add it and set it properly. The FIREWALL_VPN_INPUT_PORTS environment variable in Gluetun specifies a comma-separated list of ports that must be allowed through the firewall. Without it, packets forwarded by the VPN server will be dropped by GlueTun firewall. About this error: "ERROR [vpn] finding a VPN server: target IP address not found: in 250 filtered connections". you should be able to resolve it by reading the documentation specific for AirVPN: https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/airvpn.md Kind regards