Staff

Hello! Does anyone experience the following problem with "OpenVPN over SSL" connections in Linux, or similar issues in other systems? We have been asked to post it here by one of our customers. Can you please test on your systems? Hello, I have just installed your new Eddie client (2.18.2 beta) to try out i was on the previous (stable) version until now.Operation system is Debian based with latest update's However SSL protocol connections do not seam to work for me now thay did work before the Eddie update, and ssl works with the previous Eddie version on a windows client. I have attached logs for each connection attempt all are successful except for the SSL option. All UDP SSH and other protocols/servers connect fine except when using SSL Is there any issues with ssl at the moment. Please let me know how to proceed or if any further information is required. Thank you for your time. SSL I 2019.09.13 14:05:58 - Checking authorization ... ! 2019.09.13 14:05:59 - Connecting to Lacerta (Canada, Montreal) . 2019.09.13 14:05:59 - Routes, added a new route, 87.101.92.172 for gateway 192.168.239.2 . 2019.09.13 14:05:59 - SSL > 2019.09.13 14:05:59 LOG5[ui]: stunnel 5.55 on x86_64-pc-linux-gnu platform . 2019.09.13 14:05:59 - SSL > 2019.09.13 14:05:59 LOG5[ui]: Compiled/running with OpenSSL 1.1.1c 28 May 2019 . 2019.09.13 14:05:59 - SSL > 2019.09.13 14:05:59 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP . 2019.09.13 14:05:59 - SSL > 2019.09.13 14:05:59 LOG5[ui]: Reading configuration from file /home/unknown/.config/eddie/33e6d2ca44d2221880152d327a2db718cd5ffb8384b6377c13b1ffe5fb94550f.tmp.ssl . 2019.09.13 14:05:59 - SSL > 2019.09.13 14:05:59 LOG5[ui]: UTF-8 byte order mark detected . 2019.09.13 14:05:59 - SSL > 2019.09.13 14:05:59 LOG5[ui]: FIPS mode disabled . 2019.09.13 14:05:59 - SSL > 2019.09.13 14:05:59 LOG6[ui]: Initializing service [openvpn] . 2019.09.13 14:05:59 - SSL > 2019.09.13 14:05:59 LOG4[ui]: Service [openvpn] needs authentication to prevent MITM attacks . 2019.09.13 14:05:59 - SSL > 2019.09.13 14:05:59 LOG5[ui]: Configuration successful . 2019.09.13 14:05:59 - SSL > 2019.09.13 14:05:59 LOG6[ui]: Service [openvpn] (FD=9) bound to 127.0.0.1:37073 . 2019.09.13 14:05:59 - SSL > 2019.09.13 14:05:59 LOG3[ui]: Cannot create pid file /var/run/stunnel4.pid . 2019.09.13 14:05:59 - SSL > 2019.09.13 14:05:59 LOG3[ui]: create: Permission denied (13) ! 2019.09.13 14:05:59 - Disconnecting

@amilino Older than 2.18 Eddie version stored a profile in ~/.airvpn with the name "default.xml". Eddie 2.18.2 stores the profile in ~/.config/eddie and names it default.profile. So default.xml comes from some older Eddie that you were running with user "root" (and NOT with a normal user in the sudoers). What does su have to do with sudo? Just to verify whether Eddie has at least created the proper directory, can you tell us whether the following directories of your regular account: ~/.config/eddie ~/.config exist or not? Kind regards

This folder does not exist. Hello! That might be the problem. If you have removed ~/.config for your account please re-create it and try to re-run Eddie. If you are connecting to your Raspberry as superuser please switch to a normal user and then run Eddie. Another potential cause which may explain the error message you reported might be when your user is not a sudoer. In this case Eddie UI can't launch Eddie backend (another binary file) with root privileges from the account itself, so it will try to do it from root account, if possible (on some systems like Ubuntu root account exists but is disabled by default). Kind regards

Hello! What problem do you experience? Default location for Eddie's default.profile file is ~/.config/eddie Kind regards

Hello! OpenVPN is correct: 19700101 00:00:21 N VERIFY ERROR: depth=1 error=certificate is not yet valid: C=IT ST=IT L=Perugia O=airvpn.org CN=airvpn.org CA emailAddress=info@airvpn.org Our certificate is not valid on 01 Jan 70. Setting the correct date and time will solve the issue. Kind regards

Version 2.18.2 beta (Thu, 12 Sep 2019 15:59:45 +0000) [change] Linux - FIxed a Lintian error on some distributions [bugfix] Linux - Netlock issue if IPv6 is disabled via GRUB ('Address family not supported by protocol' error) [bugfix] Linux - Sometimes Eddie doesn't close [bugfix] Linux - Arch issue with elevation, also restored .xz packages [bugfix] Windows - Issues with username with spaces [bugfix] macOS - Dump PF output and file in logs in case of failure [change] macOS - Notifications, better layout with icons [change] Added Boost in Libraries [bugfix] Minor UI changes

Hello @Blimeychum we are very glad to know it. Eddie's default settings are fine in most cases: you can fine tune Eddie from the "Settings" view but if you are comfortable right now there's no reason to change settings. A new Eddie Android edition guide is almost ready and will be published soon. Kind regards

Hello! Yes. it might be the problem we underlined. What happens if you run Eddie Android edition in your FireStick? Eddie Android edition is available in the Amazon Appstore too: https://www.amazon.com/Eddie-AirVPN-official-OpenVPN-GUI/dp/B07KTD6DH9/ref=sr_1_1?keywords=eddie+airvpn&qid=1568227286&s=gateway&sr=8-1 Kind regards

Hello! What is the browser you used to download the generated configuration files? The error you get is usually caused by the fact that the browser downloads the whole HTTP page instead of the actual file. This happens for example with Chrome for iOS and the old "Android browser". We are looking forward to hearing from you. Kind regards

Hi! Please feel free to be specific on those texts: fixing errors is the main purpose of beta testing! Kind regards

Hello! We're very glad to inform you that a new Eddie Air client version has been released: 2.18beta. It is ready for public beta testing. How to test our experimental release: Go to download page of your OS Click on Other versions Click on Experimental Look at the changelog if you wish Download and install Please see the changelog: https://eddie.website/changelog/?software=client&format=html In this release, we changed all source code from the ground up, to separate what needs superuser privileges and what not. PLEASE CONSIDER THIS A BETA VERSION. Don't use it for real connection, it's only for those who want to collaborate to the project as beta-tester. We hope to raise now the frequency of feedback replies here and Eddie releases.

Hello! That must be seen and evaluated. While Eddie reconnects traffic leaks are of course expected, unless you have activated the proper options in Android 8 or 9 (or you enable VPN Lock in Eddie). Can you open a ticket and send us a complete log? Kind regards

Hello! @Glockdoc @kbps You have reported the effect of "VPN Lock" option which is the only safe method to prevent leaks in Android 5-6-7 in case of unrecoverable disconnection. Every time you see a lock, Eddie has saved you from traffic leaks outside the VPN tunnel. You can disable "VPN Lock" in "Settings" > "VPN" view. When VPN lock is disabled Eddie will re-connect as soon as possible. Note that traffic leaks become possible, just like it happens in any other OpenVPN based application for Android. If you run Android 8 or 9 you can set proper system options to minimize the likelihood of traffic leaks outside the tunnel, making VPN lock no more necessary. Please check here: https://airvpn.org/forums/topic/44623-eddie-for-android-network-lock/ Kind regards

It works with Hulu and Netflix USA (only USA), provided that you use VPN DNS (default settings with our software). However, HOW to subscribe to Hulu is a problem we can't of course handle. Kind regards

@huckleberrybear88 Hello! Unfortunately, our OpenVPN 3 library, and/or an app based on it, is not planned for iOS currently, as GPL and similar licenses remain incompatible with the Apple store terms. Obviously we can not legally close the source code or provide a binary without source code or modify the license of the source code our apps are based on (not even if we wanted, and we don't), so we can't do anything for iOS in this case. The issue has been brought into light by FSF itself in 2010: https://www.fsf.org/blogs/licensing/more-about-the-app-store-gpl-enforcement and raised a lot of attention again when Apple took down VLC from the store. It is periodically debated, for example here: https://news.ycombinator.com/item?id=12827624 That's also the reason for which openvpn-connect is the only app to use OpenVPN in iOS devices from the Apple Store (as the conditions enforced by OpenVPN Technologies to the commits by anyone is that they can change the license, close the code, redistribute it for their commercial purposes etc). Kind regards

Now and then this eccentric idea comes out. Frankly we can't see any rational reason to understand how from an amount of connections per user which can be stored into single integer variable one should jump to the idea of logging. We operate servers of our property as well as rented servers. That's another bizarre idea, which you use to jump to conclusions. Anyway if you think that a datacenter logs the traffic metadata and/or content of any and each communication to/from the devices using their lines, what is the difference between an owned and a rent server? By the way just apply partition of trust, end of the story. Kind regards

Hello! Yes, we aim to Catalina compatibility with both Eddie and the new software based on OpenVPN3-AirVPN library. Stay tuned. Kind regards

@BrazMan Hello, that's normal (expected) as the server inbound ports are the same (each VPN server has ONE exit-IP address). Kind regards

@jstephen1 @shane_b Hello, can you please mention the server(s) you experience the problem on at your convenience? Kind regards

Please let us know especially when you use exclusively ChaCha20 cipher. Kind regards

Thank you, we will investigate! Maybe we will need your complete profile to make tests (you might create a specific profile for us, with a specific client key/certificate, that you will later delete), can you open a ticket at your convenience? Kind regards

Hello! Understood. Maybe you run OpenVPN for Android on OpenVPN 2.5, while Eddie is based on OpenVPN 3 library: can you please check? Kind regards

Hello, as the data processing responsible person in AirVPN I will gladly answer publicly to your question: 1) We do not collect any personal data. 2) If, intentionally or not, you have entered personal data in any part of your account data I would recommend you ask for deletion, but anyway no data is ever sent to any third-party. 3) Amazon does not get any data, personal or not, at each login attempt or under any other circumstance. It's very singular that you have opened an account specifically to publish a collection of false, fake and bogus information, and you missed to contact us in advance before going public with your smearing. It tells me that you are not in good faith. I call moderators to curb and disrupt such an abusive behavior. They work very well, thank you. Kind regards Paolo (pj)

Hello, the bootstrap servers are contacted in encrypted form over HTTP, and not HTTPS, to try to be more effective against blocks and certificate replacement for nodes behind certain proxies. For encryption details we invite you to consult Eddie Android edition source code (in Eddie desktop edition source code you will not find some parameters in explicit form). The fact that the transport is HTTP does not imply that the stream is unencrypted obviously as explained various times in the past 7-8 years. Amazon EC2 Ireland has been chosen for uptime reasons and is only one of the variety of datacenters where bootstrap servers live. The bootstrap servers do not communicate directly with the backend servers and have no relation with the VPN servers, anyway that's very irrelevant. There are no privacy concerns at all. Do not spread false information and FUD. Why did not you contact us first? Do you REALLY think that such a macroscopic disaster would have been really implemented in AirVPN and kept for so many years? Kind regards

Hello! Eddie Android edition supports any OpenVPN server provider as it accepts totally generic OpenVPN profiles. Note, however, that not all OpenVPN 2 directives are implemented in OpenVPN 3 library: unknown directives will be ignored and not cause an error though. Also please note that pfSense is a FreeBSD distribution, Android has nothing to do with it. Kind regards