Staff

Hello! Actually we do not publish a report similar to the one you linked but here it is: you can take those figures, divide by 3 and get a precise estimate. Kind regards

Hello! We managed to reproduce this, but it's not a "real" problem, it looks like expected behavior but at first we were fooled too. Vivaldi opens and causes key wallet access or other operations request, when it is run inside the namespace. This may happen for example because it is run by a different user, e.g. airvpn, so the configuration file path is different and the configuration file must be created the first time. While Vivaldi waits for authorization to access the wallet, it does not allow any connection. Check any other window that should open when you run Vivaldi through cuckoo by airvpn user (it's not brought in front by the DE and Vivaldi main window doesn't throw any warning, so you might be fooled as well) and you should find the prompt for the password for your desktop wallet (KDE wallet, just to mention an example) or any equivalent tool according to your Desktop Environment. When we fill in the request (necessary only once and for all for each account), Vivaldi goes on and works perfectly fine. Kind regards

Hello! Important update: OpenVPN 2.7 and DCO deployment entered its final stage. Check the update on this thread first message. Now you can start using OpenVPN + DCO on a wide portion of AirVPN infrastructure and very soon on all of it. Kind regards & datalove

@0bacon Hello! GTK warning and dconf error do not pertain to the Suite. It's unexpected that Vivaldi can't reach the Internet. Have you allowed Bluetit to select automatically an IP address for your "aircuckoo" namespace? Can we see your new Bluetit log and /etc/airvpn/bluetit.rc content? Kind regards

Today we're starting AirVPN 16th Birthday celebrations with big discounts on longer term plans. From a two servers service located in a single country providing a handful of Mbit/s, the baby has grown up to a wide infrastructure in 23 countries on four continents! AirVPN is now one of the few major consumer VPNs that is still independent. In other words, it is not owned by large corporations with diverse interests that interfere through editorial publications or conflict with privacy protection. Since our 15th birthday celebration, our customer base has grown remarkably, and we would like to thank all the old and new customers who chose or confirmed AirVPN. AirVPN has focused on comprehensive enhancements, including: line and server expansion to accommodate the outstanding customer growth. The infrastructure can now deliver up to 1,256,000 Mbit/s. Compared to the 970,000 Mbit/s available in June 2025 this is a 29.5% increase in less than a year AmneziaWG support deployment started on the client software and infrastructure (currently completed on Eddie Android edition) the unlimited traffic quota for every and each customer subscription plan is confirmed remote inbound port forwarding feature has been confirmed for new customers too several bug fixes on the API and the account management panels On the software side: all AirVPN applications and libraries are free and open source software released under GPLv3 new, greatly improved Linux AirVPN Suite and Eddie Android editions Eddie Android edition implements, on top of several improvements, complete AmneziaWG support as well as a QUIC CPS database of real web sites enabling effective circumvention of new blocks against VPN protocols enforced in various countries If you're already our customer and you wish to extend your stay, any additional subscription will be added to your existing subscriptions and you won't lose any days. Check the promotional prices here: https://airvpn.org/buy Promotion will end on June the 16th, 2026 (UTC). Kind regards and datalove AirVPN Staff 

@0bacon Hello! AirVPN Suite 2.1.0 Release Candidate 1 is available. It addresses some problems related to your case and features a stricter check to avoid entering entire subnets for the namespace. A single address is required (in your case, anyway, you can also rely on automatic choice, since you're behind a NAT). Feel free to test the new Suite version and check whether the problems are resolved. Bluetit is linked statically against libxml2 so the problem is Cuckoo-only in the 2.0.0 Suite. On Suite 2.1.0 version, Cuckoo is no more linked (dynamically) against libxml2 because it does not need it anymore and the problem gets solved for Cuckoo too. Kind regards

Hello! We're glad to announce that AirVPN Suite 2.1.0 Release Candidate 1 is now available. It features an additional bug fix, a few more refinements on IPv6 management and improved traffic splitting namespace management. Please see the first message of this thread for complete description, full changelog and download URLs. Thank you in advance if you wish to test! Please feel free to report any glitch and bug on this thread. Kind regards

Hello! Please follow this checklist: https://airvpn.org/forums/topic/66388-port-forwarding/?do=findComment&comment=243305 Kind regards

Hello! The cause of the problem (Table = off and improper traffic splitting setup) and its solution can be found in the "best answer" post of the thread. If they don't apply to you, please feel free to open your own thread. Kind regards

Hello! Please see here for a quick solution to the quoted critical error: https://airvpn.org/forums/topic/70745-eddie-cant-connect-to-any-server/?do=findComment&comment=249545 Kind regards

Hello! Excellent. We also see the ports as open, we can reach your service(s) from the Internet and we receive back a proper reply. The port tester is successful but remember that the test is only over TCP. Kind regards

Hello! This is an error, please set an IP address for the namespace virtual interface, not a whole subnet. Do you mean that the problem started when you deleted and re-created /etc/netns, or it was solved when you did this? Can you please send us the output of: ls -l /etc Furthermore, please send us the complete Bluetit log, that you can generate with: sudo journalctl | grep bluetit > bluetit.log # if you have systemd based Arch sudo grep bluetit /var/log/syslog > bluetit.log # if you have Arch-systemd-free cuckoo: error while loading shared libraries: libxml2.so.2: cannot open shared object file: No such file or directory Yes, this is a required library. It is pre-installed on many distributions and we considered it as available by default. We shall ponder revising the minimum requisites list, thank you. Kind regards

Hello! Confirmed. This is a bug that has been lurking in the code for a long time (probably since the early 2.0.0 testing versions). It has been addressed so you will see a fix on the next version already. Thank you for your tests! Kind regards

Hello! AMule uses both TCP and UDP protocols for different functions. TCP is primarily used for client-to-client transfers and connections to eDonkey servers, while UDP is used for extended protocol features, according to Wikipedia. For your account you have forwarded a few UDP only ports. Please change them to "TCP and UDP" and test again. Furthermore, if your system is Windows, make sure that the Windows Firewall (or Defender etc.) allows incoming packets for aMule on both private and public networks: if the VPN is considered a public network (check it out) by default incoming packets will be rejected or dropped. Kind regards

Hello! We're glad to inform you that AirVPN Suite 2.1.0 beta 1 is now available. Packages for ARM 64 bit architecture are available as well, if you wish to test. https://airvpn.org/forums/topic/80022-linux-airvpn-suite-210-preview-available/ Kind regards

Hello! We're very glad to inform you that AirVPN 2.1.0 beta 1 is now available. Please check here: https://airvpn.org/forums/topic/80022-linux-airvpn-suite-210-preview-available/ This version includes even more bug fixes and IPv6 management improvements. It is linked against updated libraries. NEW BLUETIT AND GOLDCREST OPTION air-4to6 Enables or disables IPv4 over IPv6 for AirVPN connection. This option is available when the tunnel is built on IPv6, i.e. air-ipv6 on. When air-4to6 option is on or omitted, both IPv4 and IPv6 traffic will be sent over the IPv6 tunnel. Values: on | off . Default: on Kind regards

Hello! Thank for your choice! The infrastructure servers are updated periodically and rebooted on a scheduled, slow rotation to avoid excessive disruptions, except when an urgent update is absolutely necessary. On the 1st of May, an urgent update became essential to address a paramount, critical vulnerability affecting all Linux kernels. Therefore, after having verified that no exploit was attempted on the servers, and after applying a temporary patch preventing the exploit, we proceeded at a rapid pace to update all kernels and reboot the servers in large batches to complete all updates within 24 hours. Kind regards

Hello! Roughly 30% to 50% of peers in a typical Linux distro swarm have working IPv6 connectivity. However, BitTorrent clients or systems may prefer IPv4 and the perceived percentage of IPv6 peers can be dramatically lower. Kind regards

Hello! We can't provide an ETA right now but stay tuned. Are you sure that blocks from Russia are effective when you use QUIC CPS of a real .ru website? According to a few reports, that's good to bypass current blocks. However, it must be said that different ISPs implement different blocking techniques. Kind regards

Hello! Syntax error. Check our previous message and fix accordingly, there's an undue space character between "Nftables" and "TableOwner" that must be deleted, otherwise the option is not recognized. Kind regards

Hello! We already told you where to look at and you already provided evidence of the duplicate and exposing Bluetit's bug, don't worry and thank you. No further action is required at the moment. You must see that Bluetit's warning about exclusive tables ownership disappears and Network Lock now works properly. firewalld exclusive tables ownership prevents Network Lock from working properly on any Suite version, obviously. Kind regards

Hello! Exactly. Add it (you can edit the file with any text editor with root privileges), set it to "no" and verify that the issue gets resolved. NftablesTableOwner=no then re-start firewalld. This is vital to let Bluetit operate "Network Lock" properly. Exclusive ownership of the firewall tables must be pondered on a case by case basis. In this case if you wish to enable "Network Lock" you can't assign exclusive ownership of the tables to firewalld. You have two default routes via 192.168.178.1 on the same interface (enp6s0), one without explicit metric (so metric 0) and one with metric 100. Such duplicates are harmless in general but Bluetit detects them, probably fails to understand that the metric of one of them is 0, and throws a critical error believing that the metric is the same for both. We'll work on the matter carefully. In the meantime just delete the duplicate route and configure your interface either fully static or fully DHCP to keep on testing Kind regards

@colorman Hello and thank you for your tests! This is a critical situation which will cause Network Lock to falter and lead to firewall system settings restore problems. Please fix it according to the quoted instructions. Should you have already adhered to the aforementioned guidance and Bluetit continues to issue that warning, we kindly ask you to apprise us forthwith. This critical error suggests that something goes wrong in Bluetit's gateway(s) detection. Probably the error shall endure even after the prior misconfiguration has been rectified. If so, please send us the output of the following commands: ip a ip route show ip route get 0.0.0.0 Kind regards

Hello! This message has been picked to experiment answers by a selected LLM. The answer has been verified manually and slightly edited. In short, the hops you mention are in Singapore. No changes in Singapore infrastructure took place to justify the change in latency you detect. Operator: locate countries of: vlan12.as06-10g.wco1.sg.m247.ro irb-1906.agg1v.wco1.sg.m247.ro be-2-3111.bb1n.wco1.sg.m247.ro All three hostnames point to infrastructure in Singapore. Here’s how that breaks down: wco1.sg.m247.ro sg is the standard country/location code for Singapore wco1 likely refers to a specific data center or site within that region m247.ro is a Romanian network provider (M247), but they operate globally So for each: vlan12.as06-10g.wco1.sg.m247.ro → Singapore irb-1906.agg1v.wco1.sg.m247.ro → Singapore be-2-3111.bb1n.wco1.sg.m247.ro → Singapore Summary: All three are part of M247’s network presence in Singapore, despite the .ro domain. Operator: Break down names with additional details These hostnames follow fairly typical ISP / backbone naming conventions. Each segment encodes device role, interface, and location. Let’s break them down piece by piece. 🌍 Common suffix (applies to all) m247.ro → Network operated by M247 (Romanian-origin ISP with global PoPs) sg → Singapore wco1 → Likely “West Coast / core site 1” (internal site code for that Singapore PoP) So all three are devices inside the same Singapore location. 1️⃣ vlan12.as06-10g.wco1.sg.m247.ro Breakdown: vlan12 A VLAN interface (Virtual LAN ID 12) Used for logical segmentation inside a router/switch as06-10g as06 → likely “access switch / aggregation switch #6” 10g → 10 Gigabit interface/uplink wco1.sg.m247.ro Location + provider (Singapore PoP) Interpretation: 👉 A VLAN interface (ID 12) on an access/aggregation switch with a 10G link 👉 Likely used for customer traffic or internal segmentation 2️⃣ irb-1906.agg1v.wco1.sg.m247.ro Breakdown: irb-1906 IRB = Integrated Routing and Bridging Interface number 1906 Common on Juniper gear (Layer 3 gateway for a VLAN) agg1v agg → aggregation router/switch 1 → device number v → possibly “virtualized” or variant of the node wco1.sg.m247.ro Same Singapore site Interpretation: 👉 A Layer 3 gateway interface (IRB) on an aggregation router 👉 Handles routing between VLANs or customer subnets 3️⃣ be-2-3111.bb1n.wco1.sg.m247.ro Breakdown: be-2-3111 BE = Bundle Ethernet (port-channel / LAG) 2 → bundle ID 3111 → internal interface identifier bb1n bb → backbone router 1 → device number n → possibly “north” (directional naming is common) wco1.sg.m247.ro Same location Interpretation: 👉 A backbone router interface using a bundled (aggregated) high-capacity link 👉 Likely part of core transit or inter-PoP connectivity 🧠 Big picture (network hierarchy) Putting them together: Access layer → as06-10g (customer-facing / edge connectivity) Aggregation layer → agg1v (traffic consolidation + routing) Backbone/core layer → bb1n (high-capacity transit) This is a classic ISP architecture: Customer VLAN → Access Switch → Aggregation Router → Backbone Router ⚠️ Important note These interpretations are informed guesses, not guaranteed facts. Naming conventions vary by provider, but M247’s style aligns closely with standard ISP practices. Kind regards

@anchoby Hello! Error 111 means that the packet reached your node but the attempted connection was actively rejected, typically through a TCP RST packet. Please follow this checklist: https://airvpn.org/forums/topic/66388-port-forwarding/?do=findComment&comment=243305 Kind regards