Staff

Hello! Understood. This is typical with dynamic blocking by GFW and other blocking tools. Remember that GFW (and other blocking tools) behavior is not deterministic, as clearly disclosed and proved at the USENIX Security Symposium 2025. We have already put in place methods capable to defeat the GFW in most circumstances (probably 85% success rate), as you have noticed, and when you are blocked by some heuristic decision of the GFW you necessarily need some trial and error. We are working to increase the success rate even more, stay tuned in the near future. No, this is not the case. OpenVPN eats resources but not in a critical way, and it will require less and less resources while more and more clients switch to WireGuard or AmneziaWG. According to your description, to the lack of any warning by our monitoring system, and the fact the we have no similar complaints from Western countries, we feel comfortable to say that this is not a server side problem. Kind regards

Hello! It could. Feel free to try it. Let us double check in order to ascertain that the problem is not on the server side: can you please send us the names of the servers you experience this problem on? Kind regards

Hello! This is a problem caused by blocks though, not a server problem. Kind regards

Hello! With WireGuard it's a very good choice as the DNS server IP address (10.128.0.1) is also the VPN gateway address, on every and each server since the WireGuard network is one. With OpenVPN, you have different subnet on every server though and you can't rely on a fixed address. 10.4.0.1 is available on every server for DNS queries but does not respond to ping. You could consider to extract the gateway from the tun interface settings at each connection and ping that gateway. Kind regards

Hello! Nothing wrong, it's possible that the third party service is malfunctioning. Are you able to reach your listening service from the Internet? Kind regards

Hello! This is potentially the problem, We can't be sure because for some unfathomable reason you deleted once again the endpoint address and the port. Or did you literally enter "#ip" and "#port"? By the way, when VPN_SERVICE_PROVIDER environment variable is set to an integrated VPN such as AirVPN (as it is in your case) you can rely on more proper variables that will prevent you from entering wrong addresses and/or ports. Please set the proper environment variables, delete the quoted ones (quoted here above), and check whether the problem gets resolved. Please see here again: https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/airvpn.md Kind regards

Hello! Something is blocking the creation of the virtual network interface that WireGuard needs, so it was not an Eddie's problem. Do you run any antimalware tool that might be blocking networking operations and/or blocking software that needs to modify network configuration with administrator privileges? Kind regards

Hello! Not anymore, and even less in the near future. HTTP/3 is quickly spreading. Today, HTTP/3 is used by 36.5% of all the websites, including major web sites inside countries that enforce blocks against VPN. Furthemore, blocking UDP as such is no more realistic, not even in China, where UDP has become an instrumental protocol for many companies in any sector (video streaming, video conference, VoIP, marketing, social media marketing, regime propaganda and more), for regime aligned or regime owned activities. In China you have a near 100% success rate and no shaping (apart from the normal shaping for anything outside China) with the current Amnezia "weak obfuscation" (no CPS) implementation, i.e. at the moment you don't even need QUIC mimicking (which is anyway available and very effective). Currently, bypassing blocks via UDP than via TCP is more efficient in China. At the moment there is nothing more effective than mimicking QUIC with the signature / fingerprint of an existing web site that's not blocked, and you have this option right now. We see > 95% success rate, which is better than the success rates of SSH (not exceeding 75%), shadowsocks and XRay, V2Ray etc (but a lot faster!). The success rate is similar to any VPN protocol over HTTP/2, but, again, dramatically faster. We're glad to know it. It is also very flexible. Thanks to CPS, you may mimic any transport layer protocol built on UDP, for example DNS, QUIC, SIP. Kind regards

Hello! The problem is that WireGuard doesn't start. Please try a re-installation from the official package available here: https://www.wireguard.com/install/ Then test WireGuard native utilities to connect, in order to discern whether the problem is Eddie specific or not. Instructions are available here: https://airvpn.org/windows/wireguard/gui/ Kind regards

Hello! Please set MTU to 1280 bytes and test again. If the problem persists please test from the host, without containers, to determine whether it's a GlueTun specific problem or not. Keep MTU to 1280 bytes and increase at small steps. Kind regards

Thank you! Please use the Configuration Generator. Turn on the "Advanced" switch. Generate a file with the Configuration Generator for WireGuard for the server or country you want to test. Download the file and edit it with any text editor. To begin with, add these parameters in the [Interface] section: Jc = 20 Jmin = 50 Jmax = 1000 S1 = 0 S2 = 0 H1 = 3 H2 = 1 H3 = 4 H4 = 2 Import the file into your PC AmneziaWG client, or use it with the AirVPN Suite component Hummingbird, and even in Eddie 4.0.0 (you can do it in the "VPN profiles" view once the file is in your Android device) and use it to test a connection in Amnezia mode. If it fails please try a connection directly from Eddie, without profile, in Amnezia WG. If it fails too enable QUIC mimicking in "Settings" > "Advanced" > "Custom AmneziaWG directives" and test again a connection. Keep us posted! Kind regards

Hello! It's available right now if you can edit the generated file. An integration with the configuration generator will require time so we suggest that you test by editing your own file (generated by the CG for WireGuard). Integration with Eddie Android edition is already available in the 4.0.0 beta version. ~100% success at the moment comes from reports from Russia and China. It would be good to have an additional report from Uzbekistan. 😋 Kind regards

Hello! We're very glad to know that the problem is solved. From the OpenVPN manual: Since mssfix 1280 resolved the problem, a plausible explanation that comes to mind is that before the problem started your network had frames fitting the previous MTU, and this is no more possible now So, it could be a change on your ISP side. Kind regards

Hello! Please note that the ability to connect over a generic HTTP, HTTPS, SOCKS4 and SOCKS5 proxies, especially those only supporting TCP, is an OpenVPN strong feature that's not matched by WireGuard. The flexibility and ease of OpenVPN to do it is very important for anyone connecting from behind a proxy (such a corporate proxy). This is a feature that we do no want to lose so phasing out OpenVPN in its entirety is not on the table at the moment. Another similar, powerful feature that WireGuard can not offer is establishing an SSH tunnel, or a TLS one (by stunnel typically) and then connect OpenVPN over it. However, a balanced approach is possible, and we are already moving toward that direction. For example, our kernel networking tuning is preferring WireGuard needs, not OpenVPN ones, although the approach is not too unbalanced. In the future we might also consider to lower the amount of concurrent OpenVPN processes we run on servers (we do it to aid balancing for the notorious problem you mention and for which a stable and easy to maintain DCO would be a solution). Kind regards

Hello! We have a report that makes us suspect that in Uzbekistan it's the IP addresses of various VPN servers (not only AirVPN, other VPN too), to be blocked "unconditionally". Anyway AmneziaWG is worth a test, with and without QUIC mimicking, toward all the wg ports of our servers. It has an incredibly high rate of success in Russia and China (higher than OpenVPN over SSH and shadowsocks) so it's definitely worth a test. Please keep us posted as we have literally three reports only from Uzbekistan including yours... If you need some parameters to test check here: https://airvpn.org/forums/topic/77633-eddie-android-edition-400-preview-available/?do=findComment&comment=258644 and here: https://airvpn.org/forums/topic/59479-block-vpn-in-russia/?do=findComment&comment=237288 If you need some suggestions for the parameters In in order to mimic QUIC connection to some specific web site known to be not blocked in countries controlled by VPN hostile regimes, please contact our support team in private by opening a ticket. Kind regards

Hello! Please note that the TLS handshake and anything else is performed by and between your system and the final web (or other service) servers. The VPN server is not a part of this process. Of course airvpn.org and ipleak.net do not block AirVPN servers. We would rather suspect some MTU related problem. Try to add in your OpenVPN configuration the following directive: mssfix 1280 Can you also test, in the problematic system, a connection by running OpenVPN directly and not relying on the network-manager-ovpn plugin? In the past it caused several different problems and it was deprecated. If the problem persists please test with ufw completely disabled. Do you mean that the problem doesn't appear at all on different systems using the same OpenVPN connection mode (entry-IP address, port and protocol)? Kind regards

Hello! Yes, as the default settings are not adequate for high load and high throughput servers. Kind regards

Hello! Reading it is not sufficient, then you have to change your configuration accordingly. How did you add the end point (destination VPN server)? Kind regards

@Bobo90 Hello! Your compose file lacks the proper setting of the FIREWALL_VPN_INPUT_PORTS environment variable. If you set it on the command line options fine, but if not you must add it and set it properly. The FIREWALL_VPN_INPUT_PORTS environment variable in Gluetun specifies a comma-separated list of ports that must be allowed through the firewall. Without it, packets forwarded by the VPN server will be dropped by GlueTun firewall. About this error: "ERROR [vpn] finding a VPN server: target IP address not found: in 250 filtered connections". you should be able to resolve it by reading the documentation specific for AirVPN: https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/airvpn.md Kind regards

Hello, there's at least one Usenet provider that caps traffic of any VPN competitor to boost its own offer. This is an anti-competitive practice. Thank you for not advertising. With that said please open a ticket to investigate, especially if you get poor performance when you access any other service while connected to the VPN. Kind regards

Hello! Can you tell us your OS name and version and which Eddie version you're running? Kind regards

@airvpn12345 Hello! It's not an authorization problem, but WireGuard traffic is blocked. Can you please check any antimalware tool on your system, as well as the Windows Defender firewall, and make sure that they do not interfere with UDP and WireGuard traffic? Please check also your router and disable, if active, any traffic management tool. Kind regards

Hello! Please make sure that Eddie is not configured to connect automatically at startup on "Preferences" > "General" window. If the problem persists and you do not recognize the session(s) it is necessary to keep into consideration a possible unauthorized use of your account. Please change your AirVPN user password (pick a strong password you do not use anywhere else) and renew your keys to cut out any potential fraudulent user, please see here: https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/ Kind regards

Hello! You need to log your account out and in again. When "Remember me" is active, Eddie Desktop edition stores locally all the information. The idea is that when you're in a network that prevents bootstrap servers access, you can count on a reliable local copy to get the vital connection information. In order to force Eddie to update this copy, it is necessary to log the account out and then log it in again (from Eddie's main window). This is not necessary in Eddie Android edition which keeps a local copy but tries anyway to update it whenever possible. Kind regards

Yes that was clear. Now, is there Eddie's tray icon or not in the system tray after you have closed the promotional window? Kind regards