Staff

@0bacon Hello! Did the problem get resolved after hardware was repaired and you upgraded to AirVPN Suite 2.1.0? Kind regards

Hello! Thank you for your patience to reply to the numerous questions by the support team on your ticket. We re-publish the outcome here for Kubernetes users' and readers' comfort, and for future reference. Bluetit relies on filesystem-level operation to create the resolv.conf backup. In your setup, /etc/airvpn and /etc/resolv.conf are in different file systems. Therefore Linux kernel will return EXDEV ("cross-device link") error when Bluetit tries to move, via stdlib rename() method, /etc/resolv.conf into /etc/airvpn/ Possible work-around: Have /etc/airvpn and /etc/resolv.conf into the same file system, OR don't allow Bluetit to manage DNS by setting, inside bluetit.rc run control file, this directive: ignorednspush on and let the pod manage the DNS. You will not use anymore VPN DNS, but DNS queries will be tunneled anyway. You can still set your favorite DNS (even VPN DNS, if needed), but you have to set it manually. In a future Bluetit version we'll see how to improve Suite compatibility with Kubernetes (and possibly other environments). Kind regards

Hello! Since OpenVPN and WireGuard fail too, this is not an Eddie-specific problem. However, an Eddie system report could help us understand what goes wrong. Please see here to send a system report generated by Eddie: Kind regards

Hello! Of course. Eddie offers a GUI with a one-click connection button, but the case of firewalld is so special to be a very rare exception requiring manual intervention by the system administrator. We can't allow Eddie to manipulate your system in such a profound way. Note that Eddie will work anyway, but you can't use Network Lock to prevent leaks, because firewalld takes exclusive ownership of the firewall rules (Network Lock is based on firewall rules). And after all, do not underestimate yourself. The steps to fix the situation are very simple and "once and for all". Let's break the steps down: 1. Open a terminal (aka shell or Console or Konsole) from your Desktop Environment 2. Type the following command: sudo nano /etc/firewalld/firewalld.conf 3. You are now inside the "nano" editor, editing the firewalld configuration file with administrator (root) privileges. Move with the cursor arrow keys between the options and enter the following line: NftablesTableOwner=no make sure you press ENTER at the end of the line (so the line stays alone between all the other options, anywhere). 4. Save the file by pressing CTRL + O (keep CTRL pressed, and type O) 5. Exit the editor by pressing CTRL + X 6. Restart firewalld with the command (on the terminal): sudo systemctl restart firewalld Kind regards

Hello! Good catch. Large corporations and conglomerates are often wealthier, faster and much more efficient than most or all government bodies. Shifting the surveillance role to private entities serves a dual purpose: to address the incompetence and lack of funding in public institutions, ravaged by decades of malpractice and corruption, and to increase the profits of conglomerates both directly and indirectly. Surveillance raises the cost of dissent, pushes self-censorship, reduce participation in protests etc. The key issue is not merely whether surveillance exists, but who controls it, how it is regulated, and whether there are effective checks on its abuse. Once surveillance is mainly up to conglomerates and judicial overview is weak or absent, it works in tandem with other capabilities of the conglomerates themselves: control of platforms, restriction on opposition and competitors, restrictions against political parties not supporting laws favorable for the conglomerates purposes. This has already happened multiple times and probably the more you give surveillance roles to large corporations, the more it will occur and possibly in more covert manners. And yes, this is clearly proven by Shoshana Zuboff's work you mentioned, at least in Western countries. An article more recent than the 7 years old book that you cited is available here: https://journals.sagepub.com/doi/10.1177/26317877221129290 It sounds good, but like in child protection the devil is in the details. The current UK legislation the OP was talking about, after we examined it a second time, seems to favor the direction you fear, provided that you replace "far-left" or "far-right" with the political group a conglomerate supports. It adds precious tools that enhance the possibility to influence large parts of the population by the corporation themselves. Age verification out of any oversight and potentially through gathering ID cards seems a small, maybe inessential step, but on the contrary it is very instrumental (just think of the power of adding to accurate profiling a real ID document of the profiled person, with real exact address, accurate photo, fiscal code...), also possibly a prelude to "chat control" and data retention (again exclusively up to private entities with no real judicial overview, as far as we can see). The Act does not "force" a private entity to store your ID card, but "allows" the private entity to do it. It also does not say "delete it after a few minutes", it just says "preserve it only for the time it's necessary and to prove your compliance", very ambiguous. Too tempting an opportunity for a lot of corporations! To continue with your parallelism with the offline life, it would be as if you authorize a tobacco shop or a market selling alcohol not only to ask for your ID card in order to verify that you're at least 21 (or 18), but to make an accurate, integral scan of the card and preserve it and create a database of accurate images of ID cards with no judicial oversight at all. This document preservation and database creation was privilege of very limited categories (such as public utilities providers). This UK Act changed radically everything. If judicial oversight, transparency requirements, antitrust enforcement, and democratic accountability are weak, as it already happens in Europe and UK due to budget restraints, government body inefficiency and lawmakers large scale corruption (*), surveillance capabilities can become intertwined with market power and political power, creating opportunities to shape public discourse, influence political outcomes, disadvantage competitors, pressure policymakers and filter out hostile politicians. Historical examples (including digital authoritarianism in USA and EU mentioned by @fsy) suggest that such risks are real, although the extent and mechanisms vary considerably across cases. By considering our mission, it is unavoidable that we strongly oppose age verification through ID cards as well as any form of blanket data retention. We would also like to add a question: are the lawmakers sure that a person under 18 is safer by surfing the Internet without a VPN than by surfing while connected to a reputable VPN? (*) For a proof of large scale corruption at least in the European Parliament from the Qatargate and on, see https://www.ftm.eu/articles/european-parliamentarians-involved-in-hundreds-of-scandals - 25% of MEPs have been involved in investigations about or found guilty of various crimes, from harassment to corruption. This is indeed on the agenda according to some rants of the Vice President of the Commission (no doubt that VPNs are a pain in the ass for some people), but we would like to remind that the highest judicial body of the EU, the CJEU, affirmed three times, with legally binding decisions, in three different cases that blanket data retention is in breach of fundamental rights and therefore no Member State can force any Internet operator to perform pre-emptive, blanket and indiscriminate retention of traffic metadata or data: https://airvpn.org/forums/topic/57288-general-questions/?do=findComment&comment=230078 Kind regards

Hello! It's a deliberate choice, like in airvpn.dev - security high level. If you want to "follow links" from the Tor site or airvpn.dev you must type or copy and paste the URL manually on your browser bar. A serious problem that comes to mind occurs if the link: opens a browser other than Tor Browser; launches external applications; downloads files that are then opened outside of Tor. In these cases, you could expose your real IP address or other identifying information. So when we want to offer higher protection disabling one or two clicks re-direction can be a wise choice. Kind regards

hello. can you give some screenshots for this two moments? Hello! 1. Go to "Settings" > "Advanced" > "Custom AmneziaWG directives", turn on "Enable CPS" switch, disable "Random Presets" and select a web site from the list appearing after you tap on "Preset". Make sure you tap "OK" at the end to confirm (if you just tap "Back" button, the settings will not be stored). 2. Go back to the main view, select "AIRVPN SERVER", long tap the country or the specific server you want to generate and export a configuration file for, and select "Export AmneziaWG profile" or "Open AmneziaWG profie with..." according to your needs. Kind regards

Hello! Obviously! Same in Italy, Germany, France and probably all EU countries. In Italy if police needs a positive identification while you're walking freely around and you don't have an ID card with you, police can and must use other methods (with the inconvenience that you may be required to waste a lot of time) and there is not even a fine for that. The vision of the previous moderator is very conservative and probably the basis of totalitarian regimes. 😅 Kind regards

@Tech Jedi Alex Hello! Just to point out that age verification should have nothing to do with identity check. Various countries, the European Commission and some Italian bodies are studying methods of age verification that don't force the citizen to show his/her ID card at any step, and surely not to private entities they don't even know. If the UK wants to implement age verification through identity verification we don't know, but it would be a giant mistake that would allow potentially shady entities to steal and build highly reliable ID databases with huge monetary value on the black market. The Discord Hack catastrophe is a useful reminder https://www.404media.co/the-discord-hack-is-every-users-worst-nightmare/ Then of course you can debate ad nauseam about whether it is right or wrong that a person younger than 21, 18 or 16 should be forbidden to connect to a virtual private network, Tor, proxy, etc. For the readers, our position is close to EFF position, see here: https://www.eff.org/issues/age-verification We were with EDRi and EFF as usual, how can you not know?! Check our mission and endorsement page. The same must be said of some other VPNs to be honest. Kind regards

Hello! Eddie Android edition also features a database of 30+ QUIC signatures of real web sites, including Russia and China web sites. Each signature can be selected with a tap from the list. Eddie Android edition can also generate and export an AmneziaWG configuration file with the selected CPS to be directly used on different platforms and other Amnezia compatible software. Kind regards

Hello and thank you for the head up! Can you tell us whether they block .info too? Kind regards

Hello! We're very glad to inform you that Hummingbird 2.1.0 for macOS is available. Different native versions for Intel and ARM M1/M2/M3/M4/M5 based Mac computers are available for maximum performance. On Intel based Mac systems, macOS 10.14 Mojave or higher version is required. On ARM Mx based Mac systems, macOS 11 Big Sur or higher version is required. Hummingbird is free and open source released under GPLv3: https://gitlab.com/AirVPN/AirVPN-Suite Main features Lightweight and stand alone binary client supporting both OpenVPN and WireGuard No heavy framework required, no GUI Small RAM footprint Lightning fast Based on OpenVPN 3 library fork by AirVPN and WireGuard Robust leaks prevention through Network Lock based on pf Proper handling of DNS push by VPN servers New, more flexible Network Lock What's new all libraries and dependencies have been updated minor bug fixes Important note for high speed line users Because of some architectural specifications and implementation in macOS Hummingbird may warn the user about shortage of buffer space, specifically when connected with the UDP. This condition is signaled by Hummingbird with the below messages in the log: UDP send exception: send: No buffer space available ERROR: NETWORK_SEND_ERROR The error is caused by the maximum network sockets size set in macOS, a value usually small and unsuited for modern high speed networks. The solution consists in increasing the maximum allowed size for socket buffers and, in case the problem persists, the number of mbuf clusters. The procedure is simple, please find out all the details in the manual. Open the README.md file with any viewer and consult the "Note on macOS and UDP" section. Download the software here: https://airvpn.org/macos/hummingbird/ Kind regards & datalove AirVPN Staff

Hello! We're very glad to inform you that AirVPN Suite version 2.1.0 is now available for x86-64 and ARM based Linux systems. Our deepest gratitude is extended to the members of the outstanding testing community, whose generous support and discerning feedback have proved invaluable in identifying and resolving numerous issues. The 2.1.0 Suite includes: Bluetit: lightweight, ultra-fast D-Bus controlled system daemon providing full connectivity and integration to AirVPN servers, or generic OpenVPN and WireGuard servers. Bluetit can also enforce Network Lock and/or connect the system to AirVPN during the system bootstrap Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN and WireGuard servers Hummingbird: lightweight and standalone binary for generic OpenVPN and WireGuard server connections Cuckoo: traffic split manager, granting full access and functionality to AirVPN's traffic split infrastructure airsu: a "run and forget" tool to automatically set and enable the user environment for the X.Org or Wayland based ecosystem without any user input WHAT'S NEW NEW: extensive rewrite and improvement of network availability and default gateway detection NEW: option to tunnel or not IPv4 traffic over an IPv6 tunnel with air4to6 client option and airvpn4to6 run control directive (check the updated user's manual for details) NEW: cuckoo does not require libxml2 anymore updated libraries bug fix: Bluetit doesn't crash anymore with very large routing tables bug fix: IPv6 addresses parsing and management don't fail anymore in specific circumstances bug fix: airsu bash script doesn't fail anymore when the shell of the user starting it is not bash AirVPN Suite 2.1.0 is free and open source software released under GPLv3. Source code is available on GitLab: https://gitlab.com/AirVPN/AirVPN-Suite AirVPN Suite 2.1.0 is available for x86-64, AArch64 (ARM 64 bit) and armv7l (ARM 32 bit) architectures. Legacy versions are also available. https://airvpn.org/linux/suite/ AirVPN Suite resources, links and forum: https://airvpn.org/forums/topic/79336-airvpn-suite-resources/ Kind regards & datalove AirVPN Staff

Hello! Network Lock is not permanent, so it will not survive a reboot. DNS settings are permanent. When you suffered a full disk error crash, probably Eddie could not restore system's previous DNS settings. VPN DNS settings remained most probably set and, since they are reachable only from inside the VPN, your system now can't resolve qualified domain names. You need to set proper DNS manually while Eddie is not running. It is a swift procedure, please see here: https://support.apple.com/guide/mac-help/change-dns-settings-on-mac-mh14127/mac If you need some suggestion on the public DNS choice, we usually recommend Quad9 and OpenNIC for their commitment to privacy and net neutrality. Primary Quad9 DNSv4 address: 9.9.9.9. OpenNIC: 195.10.195.195 See also: https://opennic.org https://quad9.net Kind regards

Hello! The critical error: OpenVPN 2.3.18 is very old and doesn't support "data-ciphers" directive which is included in configuration files for OpenVPN 2.5 and higher version. Try to generate a configuration file for OpenVPN 2.4 (*), but more importantly upgrade Tunnelblick, if possible, to a version that runs at least OpenVPN 2.4 (if possible go straight to OpenVPN 2.7). See here a thorough list of versions and pick the most recent one that's supported by your macOS: https://tunnelblick.net/cRlsNotes.html (*) OpenVPN 2.4 is also very old and abandoned but AirVPN will still support it during 2026. In the Config Generator page please turn on the "Advanced" switch, then select "2.4" on the OpenVPN profile combo box. Then generate and download as usual. The first Tunnelblick release featuring OpenVPN 2.4 is Tunnelblick 3.6.10: https://tunnelblick.net/cRlsNotesOld.html Kind regards

Hello! In Windows 11, by default "Fast Startup" is enabled, so pressing briefly the on/off button when the machine is on will cause an Hybrid Shutdown + Partial Hibernation. In turn, this causes multiple problems (not only to Eddie). If Fast Startup is enabled, please disable it and test whether the problem disappears. Also make sure that Eddie's setting available in the Preferences > UI window, "Ask confirmation at exit", is NOT checked. NOTE: long pressing the on/off button will cause a power outage and therefore possible corruption of files and file system, so this should be avoided at all costs. Kind regards

@Kevig Hello! Which Eddie version are you running? Can you test Eddie 2.25 beta (if you haven't already done so) and check whether the same problem occurs? https://airvpn.org/forums/topic/79305-eddie-desktop-edition-225-beta-released/ Is the server OS capable to manage the ACPI hardware event triggered by pushing the on/off button? For example a Linux server fully supporting the underlying BIOS is able to catch the event and start a graceful shutdown (typically via acpid or systemd-logind), and this should ensure that Eddie exits cleanly. What is the OS of the server? Does the problem occur even when the shutdown is properly performed? Kind regards

Hello! Actually we do not publish a report similar to the one you linked but here it is: you can take those figures, divide by 3 and get a precise estimate. Kind regards

Hello! We managed to reproduce this, but it's not a "real" problem, it looks like expected behavior but at first we were fooled too. Vivaldi opens and causes key wallet access or other operations request, when it is run inside the namespace. This may happen for example because it is run by a different user, e.g. airvpn, so the configuration file path is different and the configuration file must be created the first time. While Vivaldi waits for authorization to access the wallet, it does not allow any connection. Check any other window that should open when you run Vivaldi through cuckoo by airvpn user (it's not brought in front by the DE and Vivaldi main window doesn't throw any warning, so you might be fooled as well) and you should find the prompt for the password for your desktop wallet (KDE wallet, just to mention an example) or any equivalent tool according to your Desktop Environment. When we fill in the request (necessary only once and for all for each account), Vivaldi goes on and works perfectly fine. Kind regards

Hello! Important update: OpenVPN 2.7 and DCO deployment entered its final stage. Check the update on this thread first message. Now you can start using OpenVPN + DCO on a wide portion of AirVPN infrastructure and very soon on all of it. Kind regards & datalove

@0bacon Hello! GTK warning and dconf error do not pertain to the Suite. It's unexpected that Vivaldi can't reach the Internet. Have you allowed Bluetit to select automatically an IP address for your "aircuckoo" namespace? Can we see your new Bluetit log and /etc/airvpn/bluetit.rc content? Kind regards

Today we're starting AirVPN 16th Birthday celebrations with big discounts on longer term plans. From a two servers service located in a single country providing a handful of Mbit/s, the baby has grown up to a wide infrastructure in 23 countries on four continents! AirVPN is now one of the few major consumer VPNs that is still independent. In other words, it is not owned by large corporations with diverse interests that interfere through editorial publications or conflict with privacy protection. Since our 15th birthday celebration, our customer base has grown remarkably, and we would like to thank all the old and new customers who chose or confirmed AirVPN. AirVPN has focused on comprehensive enhancements, including: line and server expansion to accommodate the outstanding customer growth. The infrastructure can now deliver up to 1,256,000 Mbit/s. Compared to the 970,000 Mbit/s available in June 2025 this is a 29.5% increase in less than a year AmneziaWG support deployment started on the client software and infrastructure (currently completed on Eddie Android edition) OpenVPN DCO (Data Channel Offload) support and kernel module deployment started on VPN servers the unlimited traffic quota for every and each customer subscription plan is confirmed remote inbound port forwarding feature has been confirmed for new customers too several bug fixes on the API and the account management panels On the software side: all AirVPN applications and libraries are free and open source software released under GPLv3 new, greatly improved Linux AirVPN Suite and Eddie Android editions Eddie Android edition implements, on top of several improvements, complete AmneziaWG support as well as a QUIC CPS database of real web sites enabling effective circumvention of new blocks against VPN protocols enforced in various countries If you're already our customer and you wish to extend your stay, any additional subscription will be added to your existing subscriptions and you won't lose any days. Check the promotional prices here: https://airvpn.org/buy Promotion will end on June the 15th, 2026 (UTC). Kind regards and datalove AirVPN Staff 

@0bacon Hello! AirVPN Suite 2.1.0 Release Candidate 1 is available. It addresses some problems related to your case and features a stricter check to avoid entering entire subnets for the namespace. A single address is required (in your case, anyway, you can also rely on automatic choice, since you're behind a NAT). Feel free to test the new Suite version and check whether the problems are resolved. Bluetit is linked statically against libxml2 so the problem is Cuckoo-only in the 2.0.0 Suite. On Suite 2.1.0 version, Cuckoo is no more linked (dynamically) against libxml2 because it does not need it anymore and the problem gets solved for Cuckoo too. Kind regards

Hello! We're glad to announce that AirVPN Suite 2.1.0 Release Candidate 1 is now available. It features an additional bug fix, a few more refinements on IPv6 management and improved traffic splitting namespace management. Please see the first message of this thread for complete description, full changelog and download URLs. Thank you in advance if you wish to test! Please feel free to report any glitch and bug on this thread. Kind regards

Hello! Please follow this checklist: https://airvpn.org/forums/topic/66388-port-forwarding/?do=findComment&comment=243305 Kind regards