Staff

Hello! DNS leaks are client side, they have nothing to do with specific servers, obviously. The method you mention to conclude that your system suffers DNS leaks is not reliable. Please make sure that your browser DNS bypass is disabled and then browse https://ipleak.net to get a more significant set of data to determine whether you have leaks or not. Kind regards

Hello! We're very glad to inform you that we have just released Hummingbird 1.1.0, featuring: both SystemV-style init and systemd support for Linux update to the latest OpenVPN3-AirVPN and asio libraries Hummingbird is AirVPN's free and open source OpenVPN 3 client based on AirVPN's OpenVPN 3 library fork. Hummingbird is available for: Linux x86-64 (reasonably recent distribution on par with Debian 9 libraries and kernel is required) Linux ARM 32 (example: Raspbian for Raspberry Pi) Linux ARM 64 (example: Ubuntu 19 and 20 for Raspberry Pi) macOS (Mojave or higher version required - please read important notes for Mac users at the end of the announcement) Main features: Lightweight and stand alone binary No heavy framework required, no GUI Tiny RAM footprint Lightning fast Based on OpenVPN 3 library fork by AirVPN with tons of critical bug fixes from the main branch, new ciphers support and never seen before features ChaCha20-Poly1305 cipher support on both Control and Data Channel providing great performance boost on ARM, Raspberry PI and any Linux-based platform not supporting AES-NI. Note: ChaCha20 support for Android had been already implemented in our free and open source Eddie Android edition robust leaks prevention through Network Lock based either on iptables, nftables or pf through automatic detection proper handling of DNS push by VPN servers, working with resolv.conf as well as any operational mode of systemd-resolved additional features For a thorough Hummingbird overview please consult https://airvpn.org/hummingbird/readme/ Hummingbird 1.1.0 adds support to Linux systems based on SystemV-style init https://en.wikipedia.org/wiki/Init#SYSV too, while the previous versions supported Linux systemd based systems only. Therefore, we gladly achieve compatibility with 35 additional Linux distributions: https://distrowatch.com/search.php?ostype=All&category=All&origin=All&basedon=All&notbasedon=None&desktop=All&architecture=All&package=All&rolling=All&isosize=All&netinstall=All&language=All&defaultinit=SysV&status=Active#simple We think it's important to support Init Freedom: https://devuan.org/os/init-freedom because systemd is POSIX incompatible and because, as the UNIX Veteran Admin collective noticed in 2014 when they announced a Debian fork: This situation prospects a lock in systemd dependencies which is de-facto threatening freedom of development and has serious consequences for Debian, its upstream and its downstream. You can download Hummingbird for Linux (all flavors) and macOS respectively here: https://airvpn.org/linux and here: http://airvpn.org/macos Important notes for macOS users From now on we provide both a signed, code-hardened, notarized version and a non-notarized version of Hummingbird for macOS. The notarized version is available essentially for those users who prefer it, but it is not recommended. The notarized version will run without blocks by Apple's Gatekeeper, but will let Apple correlate your real IP address, Apple ID and other data potentially disclosing your identity to the fact that you run, and when you did it for the first time, an application by AirVPN. If that's not acceptable for you, just download the tarball package .tar.gz (it is NOT notarized and NOT signed with our Apple developer ID on purpose) and include it in the exceptions to run non-notarized programs. In the future this could not be allowed anymore, but at the moment it is. For a more thorough explanations on important privacy issues caused by Apple and notarization please see for example here https://lapcatsoftware.com/articles/notarization-privacy.html and here https://lapcatsoftware.com/articles/catalina-executables.html Kind regards & datalove AirVPN Staff

Version 2.19.3 (Tue, 16 Jun 2020 14:36:31 +0000) [bugfix] Windows NSIS, vc_redist.exe, from '/q' to '/install /passive /norestart'. [bugfix] Windows, System Report rare hang if IPv6 not available [bugfix] macOS, CLI edition error at boot in Portable Mono [bugfix] macOS, Notarization of packages [bugfix] macOS; "Unable to obtain elevated privileges (required): Object reference not set to an instance of an object" [bugfix] Linux, modprobe issue with zstd [new] Linux, new aarch64 build (for Raspberry OS 64 bit beta) [new] macOS, CLI portable without Mono [change] Bundled with latest OpenVPN, Hummingbird, stunnel [change] Minor UI fixes, font size in some linux distro, path normalization etc. Other feedback is under investigation, please have patience. Thx. Arch Linux package will be available as soon as possible. Direct APT repository for new aarch64 doesn't work yet, issue will be fixed as soon as possible.

@deltaman8 Hello! It's not an Eddie's problem for sure, as Eddie has nothing to do with remote inbound port forwarding. According to your description, especially here: it might be a problem on our side. Could you please open a ticket to start a more thorough investigation by the technical support persons? Kind regards

Hello! Thank you for your choice. In Eddie Android edition, you have connection settings for the quick, automatic connection option and then you can have specific connection settings for specific servers. Eddie can also rotate connection modes automatically when a connection mode fails to connect (it will try different transport protocols, different destination ports and different servers progressively). Maybe you have configured TCP for one thing and you use the other, so you end up always with UDP. There is only one exception to all of the above: the protocol for OpenVPN Data Channel, which will be always the same both for quick and servers connections (deliberate design reason, because not all of our servers support CHACHA20-POLY1305 on the Data Channel). Also remember that if you use an external profile, Eddie will respect the settings of the profile: it will override "Quick connect" and "Servers" settings (very useful for different providers and other aims). To set specific servers settings, including protocol, tap the gear icon in the AIRVPN SERVER view. To set your own default settings for the quick mode, use Settings > AirVPN and remember to set Quick connection mode to Use default options only and not Automatic. Kind regards

Hello! When you enter suspension state systemd sends SIGHUP to processes.Hummingbird reacts with "restart connection" when it receives SIGHUP. Core dump is unexpected and under investigation. @eburom The systemd unit is formally correct. Kind regards

@Pompelmo The reason is based on how OpenVPN works. You can't have two connections with identical certificate to the same daemon,: each subsequent connection will break the previous one. Anyway, if you don't need remote inbound port forwarding, you can connect multiple devices to the same VPN server by using a different certificate and key pair on each device, as explained in our guide here: https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/ Kind regards

Hello! It's very important to point out that Hummingbird is a process running in the userspace of a superuser. It is not designed to be a service. A real daemon is being developed and you will hear news soon. That said, we need additional information, and specifically: - what dependencies have been declared and their level - when Hummingbird is started (in particular before or after the network layer) - how and when systemd unit launches the service (we guess it's defined as a service and not as a target) About the core dump, please feel free to send us a bt (in a ticket or attached to an e-mail to support@airvpn.org ). Did you notice any change after some Arch update? Kind regards

@lindaburger Hello! We apologize for any inconvenience, it was a temporary problem on our side. Can you please try again now? [EDIT] IMPORTANT You might still have a JavaScript script causing the problem cached in the browser: make sure to delete or refresh (usually hit F5 on the web site page) your browser's cache if you still don't see "Download" button. Kind regards

@Maggie144+ Hello and thank you! Yes, of course: from Eddie's main window select "Preferences" > "Advanced" tick "Use Hummingbird if available" click "Save" copy Hummingbird binary file in a directory included in the commands path (you will need root privileges to do so) Re-start Eddie to apply the changes and use Hummingbird via Eddie. Kind regards

@eburom Hello! Yes, exactly. Kind regards

Hello! We're very glad to inform you that we have just released Hummingbird 1.1.0 beta 1, featuring: SystemV-style init support for Linux update to the latest OpenVPN3-AirVPN and asio libraries Hummingbird is AirVPN's free and open source OpenVPN 3 client based on AirVPN's OpenVPN 3 library fork. Hummingbird is available for: Linux x86-64 Linux ARM 32 (example: Raspbian for Raspberry Pi) Linux ARM 64 macOS (Mojave or higher version required) For a thorough Hummingbird overview please consult https://airvpn.org/hummingbird/readme/ Hummingbird 1.1.0 adds support to Linux systems based on SystemV-style init https://en.wikipedia.org/wiki/Init#SYSV, while the previous versions supported Linux systemd based systems only. Therefore, we gladly achieve compatibility with 35 additional Linux distributions: https://distrowatch.com/search.php?ostype=All&category=All&origin=All&basedon=All&notbasedon=None&desktop=All&architecture=All&package=All&rolling=All&isosize=All&netinstall=All&language=All&defaultinit=SysV&status=Active#simple We think it's important to support Init Freedom: https://devuan.org/os/init-freedom because systemd is POSIX incompatible and because, as the UNIX Veteran Admin collective noticed in 2014 when they announced a Debian fork: This situation prospects a lock in systemd dependencies which is de-facto threatening freedom of development and has serious consequences for Debian, its upstream and its downstream. Download URLs follow. Linux x86-64: https://gitlab.com/AirVPN/hummingbird/-/blob/master/binary/hummingbird-linux-x86_64-1.1.0-beta-1.tar.gz https://gitlab.com/AirVPN/hummingbird/-/blob/master/binary/hummingbird-linux-x86_64-1.1.0-beta-1.tar.gz.sha512 Linux armv7l (ARM 32 bit): https://gitlab.com/AirVPN/hummingbird/-/blob/master/binary/hummingbird-linux-armv7l-1.0.3.tar.gz.sha512 https://gitlab.com/AirVPN/hummingbird/-/blob/master/binary/hummingbird-linux-armv7l-1.1.0-beta-1.tar.gz Linux aarch64 (ARM 64 bit): https://gitlab.com/AirVPN/hummingbird/-/blob/master/binary/hummingbird-linux-aarch64-1.1.0-beta-1.tar.gz https://gitlab.com/AirVPN/hummingbird/-/blob/master/binary/hummingbird-linux-aarch64-1.1.0-beta-1.tar.gz.sha512 macOS (please note: beta version is not notarized): https://gitlab.com/AirVPN/hummingbird/-/blob/master/binary/hummingbird-macos-1.1.0-beta-1.tar.gz https://gitlab.com/AirVPN/hummingbird/-/blob/master/binary/hummingbird-macos-1.1.0-beta-1.tar.gz.sha512 Kind regards & datalove AirVPN Staff

@hawkflights Hello! Excellent. Can you please report IPv6 problems you still experience, at your convenience? Kind regards

@mith_y2k Hello! On top of what @eburom correctly pointed out, please take care to add option --ncp-disable, otherwise the server will enforce its chosen cipher through ncp, i.e. AES-256-GCM. In the USA, we support CHACHA20-POLY1305 in a Dallas server, Chamaeleon, so you will need to generate a specific configuration for that server. In the web site servers monitor https://airvpn.org/status you can find (in yellow) all the servers running OpenVPN 2.5 and supporting CHACHA20-POLY1305 on the Data Channel. Kind regards

Hello! We updated right now the footer and specs page with the new address. There are some points where our CMS still redirects to SSL version, we are working to fix all of them, please be patient. Kind regards

@HannaForest @philips @giganerd Hello! We made a Onion v3 address. The hidden service is provided by a dedicated server through http (no certificate warning), and we added HTTP-header "onion-location" that recommends the .onion version. Kind regards

@Veep Peep Hello! Try to delete file default.profile while Eddie is not running, then re-run Eddie. Looking at the log you can see the location of that file, it is shown in the initial log entries. Kind regards

Hello! We're very glad to inform you that a new 1 Gbit/s server located in Vienna (AT) is available: Beemim. The AirVPN client will show automatically the new server; if you use any other OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other "second generation" Air server, Beemim supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/Beemim/ Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! The configuration looks almost fine. Just enable "DHT" and "Peer Exchange". Kind regards

Hello! We're glad to inform you that Hummingbird 1.0.3 has just been released. Hummingbird is a free and open source software by AirVPN for: Linux x86-64 Linux ARM 32 (example: Raspbian for Raspberry Pi) Linux ARM 64 macOS (Mojave or higher version required) - please do not miss important notes on macOS below based on OpenVPN3-AirVPN 3.6.4 library supporting CHACHA20-POLY1305 cipher on OpenVPN Data Channel and Control Channel. Hummingbird is very fast and has a tiny RAM footprint. AES-CBC and AES-GCM are supported as well. Version 1.0.3 uses OpenVPN3-AirVPN 3.6.4 library which had major modifications: IPv6 compatibility has been improved override logic has been improved a critical bug related to a main branch regression for TCP connections has been fixed Important: if you build Hummingbird please make sure to align to AirVPN library 3.6.4. You can't build Hummigbird 1.0.3 with library versions older than 3.6.4. Hummingbird is not aimed to Android but you can have CHACHA20-POLY1305 on Android too: please run our software Eddie Android edition, which uses our OpenVPN3-AirVPN library. Important notes for macOS users From now on we provide both a notarized version and a non-notarized version of Hummingbird for macOS. The notarized version is available essentially for those users who required it, but it is not recommended. The notarized version will run without blocks by Apple's Gatekeeper, but will let Apple correlate your real IP address, Apple ID and other data potentially disclosing your identity to the fact that you run, and when you did it for the first time, an application by AirVPN. If that's not acceptable for you, just download the tarball package .tar.gz (it is NOT notarized and NOT signed with our Apple developer ID on purpose) and include it in the exceptions to run non-notarized programs. In the future that could be no more allowed, but at the moment it is. For a more thorough explanations on important privacy issues caused by Apple and notarization please see for example here https://lapcatsoftware.com/articles/notarization-privacy.html and here https://lapcatsoftware.com/articles/catalina-executables.html Notes for Linux users x86-64 version requires a reasonably recent distribution (at least on par with Debian 9 kernel and libraries) based on systemd. A version compatible with SysVInit is anyway planned armv7l version (32 bit) has been tested in Raspberry Pi 3 and 4 with Raspbian 10. It will not run in Raspbian 9 (libraries are too old) aarch64 version (for 64 bit ARM) has been tested in Raspberry Pi4 with Ubuntu 19 and Ubuntu 20 for ARM 64 bit TCP queue limit If you connect over TCP, Hummingbird will set by default a minimum TCP outgoing queue size of 512 packets to avoid TCP_OVERFLOW errors. If you need a larger queue in TCP, the following option is now available from command line, in addition to profile directive tcp-queue-limit: --tcp-queue-limit n where n is the amount of packets. Legal range is 1-65535. We strongly recommend you to allow at least 512 packets as queue limit (default value). Larger queues are necessary when you connect in TCP and need a lot of open connections with sustained (continuous) but not necessarily high throughput, for example if you run a BitTorrent software. In such cases you can enlarge the queue as much as you need, until you stop getting TCP_OVERFLOW. It's not uncommon from our community as well as our internal tests to set 4000 packets queue limit to prevent any TCP overflow. If you connect over UDP, you can ignore all of the above. Network Lock Network Lock prevents traffic leaks outside the VPN tunnel through firewall rules. Hummingbird 1.0.3 widens --network-lock option arguments. The following arguments are now accepted: on | off | iptables | nftables | pf (default: on). If you specify on argument, or you omit --network-lock option, Hummingbird will automatically detect and use the infrastructure available on your system. Hummingbird picks the first available infrastructure between iptables-legacy, iptables, nftables and pf. Note: command line options, when specified, override profile directives, when options and profile directives have the same purpose. Binaries download URL https://gitlab.com/AirVPN/hummingbird/-/tree/master/binary Complete instructions https://airvpn.org/hummingbird/readme/ Hummingbird source code https://gitlab.com/AirVPN/hummingbird OpenVPN3-AirVPN library source code https://github.com/AirVPN/openvpn3-airvpn OpenVPN3-AirVPN library Changelog Changelog 3.6.4 AirVPN - Release date: 23 May 2020 by ProMIND - [ProMIND] [2020/05/23] completely changed the logics controlling overrides (server, port and protocol) client/ovpncli.cpp: parse_config() Properly assigned serverOverride, portOverride and protoOverride to eval.remoteList client/ovpncli.cpp: parse_config() In case serverOverride is set, remoteList is cleared and recreated with just one item containing serverOverride client/ovpncli.cpp: parse_config() In case portOverride or protoOverride is set, all the items in remoteList are changed accordingly openvpn/client/remotelist.hpp: Added public method set_transport_protocol_override() to assign the override protocol to all items in remoteList openvpn/client/cliopt.hpp: ClientOptions() now calls remote_list->set_transport_protocol_override() instead of remote_list->handle_proto_override() Hummingbird Changelog Changelog 1.0.3 - 3 June 2020 - [ProMIND] Removed --google-dns (enable Google DNS fallback) option - [ProMIND] Improved flushing logics for pf - [ProMIND] Updated to OpenVPN3-airvpn 3.6.4 *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0.2 - 4 February 2020 - [ProMIND] Updated to OpenVPN3-AirVPN 3.6.3 - [ProMIND] Added --tcp-queue-limit option - [ProMIND] --network-lock option now accepts firewall type and forces hummingbird to use a specific firewall infrastructure *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0.1 - 24 January 2020 - [ProMIND] Updated to OpenVPN3-AirVPN 3.6.2 *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 - 27 December 2019 - [ProMIND] Production release *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 RC2 - 19 December 2019 - [ProMIND] Better management of Linux NetworkManager and systemd-resolved in case they are both running - [ProMIND] Log a warning in case Linux NetworkManager and/or systemd-resolved are running *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 RC1 - 10 December 2019 - [ProMIND] Updated asio dependency *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 beta 2 - 6 December 2019 - [ProMIND] Updated to OpenVPN 3.6.1 AirVPN - [ProMIND] macOS now uses OpenVPN's Tunnel Builder - [ProMIND] Added --ignore-dns-push option for macOS - [ProMIND] Added --recover-network option for macOS *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 beta 1 - 28 November 2019 - [ProMIND] Added a better description for ipv6 option in help page - [ProMIND] --recover-network option now warns the user in case the program has properly exited in its last run - [ProMIND] NetFilter class is now aware of both iptables and iptables-legacy and gives priority to the latter *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 alpha 2 - 7 November 2019 - [ProMIND] DNS resolver has now a better management of IPv6 domains - [ProMIND] DNS resolver has now a better management of multi IP domains - [ProMIND] Minor bug fixes *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog 1.0 alpha 1 - 1 November 2019 - [ProMIND] Initial public release Kind regards & datalove AirVPN Staff

@lex.luthor Hello! Unfortunately your system does not support a 2 years old glibc library (2.28), which for ARM architecture is the oldest library that Hummingbird supports. The version in your system (2.24) is more than 4 years old! Is any update to your system distribution available? Kind regards

@Hellegat Not reproducible, can you open a ticket for additional investigation? Kind regards

@c3p0 Do you still have the old profile? If so, would you send it to us? It is probably corrupt and we would like to see what happened, if possible. You might send it to us via a ticket. Thank you in any case. Kind regards

Hello! Please check whether Eddie starts minimized. Look for Eddie's tray icon in the system tray. It's a tiny cloud in a circle. Please make sure to click the "up" arrow to see even hidden tray icons. If you find the tray icon, double-click on it to raise Eddie's main window. In "Preferences" you can tell Eddie whether to start minimized or not. Kind regards

Hello! Just to point out that since Network Lock is a set of firewall rules, no traffic leak is possible if Eddie crashes. Kind regards