Staff

Hello! You may be right. According to your user feeling, what is the best selection of server using quick connection mode (i.e. you do not force a white list of any type) between Eddie Desktop, Eddie Android and AirVPN Suite (if you ran two or all of them)? And what is the software that achieves the best selection inside a single forced country (when the country offers multiple servers)? Kind regards

Hello! That's correct, the routing and the firewall rules are not infringed and the queries are not treated differently. However, you may create specific environments where DNS queries are not tunneled even when everything is properly set up and Network Lock is enabled. A typical example is when you force your router address as DNS server of the machine connected to the Internet. Network Lock won't stop the traffic to this router, thus DNS query will go to the router (outside the VPN tunnel, according to the table) and then the router will forward it on to the Internet from its physical network interface with its "real" (ISP assigned) IP address. The system is adhering precisely to what it has been told to do, so it is not a DNS leak, but at the end of the day the outcome is equivalent on the client's point of view. Yes, good solution at a first glance. BIND, dnsmasq, Unbound and PowerDNS offer this feature. Kind regards

Hello! In this case you should use your hosts file, so you bypass DNS directly, no need to expose any detail in AirVPN configuration of course. You would need to disable DHCP to have static addresses for the key devices in your LAN, but we don't know if you may like this limitation. Kind regards

Hello! Thank you first and foremost for this valuable information related to the possibility that a plasmashell crash can cause sending a graceful SIGTERM to children apps etc. This should be confirmed or denied as it is relevant. From the correct and precise info that @Tech Jedi Alex provided, you now know that: Network Lock is a set of firewall rules if Eddie is properly shut down, it restores the previous firewall rules if Eddie is killed ungracefully / crashes the rules remain in place, i.e. Network Lock stays "active" Now, you have an unstable environment which might cause a proper Eddie shut down with a tranquil kill signal, so you need to either revert to a stable environment, or keep even the firewall rules that are restored as blocking rules preventing leaks, so you have a "permanent" lock. Of course, should the environment cause modifications even to the filtering table, then a "permanent" network lock becomes impossible and the only real solution is using a stable environment, which would be the healthiest and safest solution. Seeking these types of protection when the operating environment itself is seriously unstable is not logic unless it's an exercise / proof when the assessed risk in controlled condition is zero (therefore do not use this environment for sensitive activity / sensitive data flow). Kind regards

Hello! Please note that guaranteed bandwidth does not mean guaranteed speed. The weakest hop in the routing between your node and the VPN server determines the maximum performance. Nobody can guarantee anything on the Internet as soon as any interconnection with a not owned network takes place, obviously. In your case of course the poor throughput comes from a cap / bottleneck somewhere else, not in the VPN server itself, according to your description. Kind regards

Hello! You should "re-map" the VPN server remote port 33585 to your local VPN interface port 32400 by filling the "Local" field on your AirVPN account port panel. Kind regards

Hello! It's by Telecomix, a group an AirVPN founder co-operated with! https://en.wikipedia.org/wiki/Telecomix Kind regards

Hello! Yes, keep in mind that Plex always listens to port 32400 of the VPN interface, no matter what. Therefore you should "re-map" the server port 33585 to your local VPN interface port 32400 (directly on your AirVPN account port panel). Note: hot change is supported for remote port only, so when you change local port on your AirVPN account port panel, if you are already connected to the VPN please disconnect and re-connect to apply the change. Kind regards

It's so much easier on our state of the art VT100, but the bosses promised that we could have the brand new VT220 for Christmas if we behave, ROFL.

Hello! It sounds like some Mono related problem, can you check your Mono version in your system (and update it if newer version is available)? Kind regards

Hello! There is no Web UI implementation in Eddie, currently. Eddie CLI available options are here: https://eddie.website/support/cli/ Kind regards

Because we can do this only once per year: 😋

Hello! This sounds impossible indeed. There's no way that our servers can guess your public key from a random address. Kind regards

Hello! The WIREGUARD_ADDRESSES environment variable in Gluetun specifies the WireGuard IP network interface address in CIDR format; in AirVPN it is inside the big subnet 10.128.0.0/10. Kind regards

@willowvpn Hello! Please try: pull-filter ignore "ifconfig-ipv6" pull-filter ignore "route-ipv6" pull-filter ignore "redirect-gateway ipv6" pull-filter ignore "dhcp-option DNS6" pull-filter ignore "tun-ipv6" Fixed the linked message as well (it was incomplete). If the problem persists send the whole log, do not cut it. Kind regards

Merry Thrilling Christmas hohohoho heheheheh <evil grin>

Hello and welcome! Another interesting use case is when you live in a country where trying to access the Tor network raises a red flag on you but the HTTP/3 (QUIC) traffic does not. So you first circumvent the blocks via some adequate VPN related protocol that looks like QUIC and only then you fire up Tor, so the regime can't trivially infer that you're trying to use Tor. Sometimes it is more practical and safer than struggling to find Tor bridges: a risk assessment is due, on a case by case basis. Kind regards

Hello! Please follow this message to quickly resolve the issue: https://airvpn.org/forums/topic/26548-linux-ip-6-addr-add-failed/?do=findComment&comment=72069 The OP problem might be different so your case should not be discussed here. Kind regards

Hello! An update: https://www.eff.org/deeplinks/2025/12/after-years-controversy-eus-chat-control-nears-its-final-hurdle-what-know Kind regards

Hello! Be aware that 4 Mbit + 4 Mbit/s of guaranteed allocation is great for the pricing of AirVPN. Our competitors offer 0.0 (best effort, no minimum allocation guaranteed). Please consider that if residential ISPs in Europe had all of their customers connected simultaneously and requiring full bandwidth at the same time, the allocation by most of such ISPs (if performed equally for each customer) would be between 0.1 and 10 Mbit/s. The biggest ISPs in Europe (example: TIM in Italy) have an average per residential customer consumption (fixed lines: in mobility much less) of 190 GB/month, which on average means 0.58 Mbit/s throughout the month. Residential networks are normally designed and sized on the basis of these values with congestion control (traffic shaping) during peak hours or any unexpected event. Guaranteeing no overselling beyond 4 + 4 Mbit/s was and is even nowadays a significant effort by AirVPN. In practice, as you can see on the "Top User Speed" chart, users can easily beat 500 Mbit/s, there is no congestion. But if all customers connected at the same time (assuming a fair distribution on all servers) then everyone would anyway have 4 Mbit/s (4 + 4 server side). Kind regards

Hello! Try to increase MTU even further, up to 1420 bytes (you can also try 1440 bytes if you never use IPv6). The reason to lower MTU is that the frame on some network is not big enough to contain 1420 bytes of WireGuard, but if you can enlarge (your network supports larger WireGuard MTU) then do it, because performance will improve. https://lists.zx2c4.com/pipermail/wireguard/2017-December/002201.html Disabling the setting you mention about geo-routing on AirVPN DNS through your account panel can improve performance should the test you perform pass through a "geo-server", which would cause a bottleneck. These geo-servers are meant essentially to bypass geo-location based blocks and they are not suitable to perform massive speed tests. If the destination node which is instrumental for your tests is routed through one of these micro-servers you will get a remarkable bias. By disabling the feature you cancel any forced "geo" or "micro" routing. Kind regards

Hello! We're very glad to announce a special promotion on our long terms Premium plans. You can get prices as low as 2.20 €/month with a three years plan, which is a 68% discount when compared to monthly plan price of 7 €. You can also send an AirVPN plan as a gift: you have the option to print or send a colorful, dedicated picture with the code to activate the plan. You can do it in your account Client Area -> Your membership: Purchase and credit -> Print X-Mas after you have bought a coupon. If you're already our customer and you wish to stay aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day. Please check plans special prices on https://airvpn.org and https://airvpn.org/buy --- Promotion will end on January the 8th, 2026 (UTC). AirVPN does not inspect and/or log client traffic and offers: five simultaneous connections per account (additional connection slots available if needed) inbound remote port forwarding unmatched high performance - current 'all time high' on client side is 730 Mbit/s with OpenVPN and 2100 Mbit/s with WireGuard flexible and customizable opt-in block lists protecting you from adware, trackers, spam and other malicious sources. You can customize answers or exceptions globally, at account level or even at single device level. powerful API IPv6 full support comfortable management of your client certificates and keys AES-GCM and ChaCha20 OpenVPN ciphers on all servers Perfect Forward Secrecy with unique per-server 4096 bit Diffie-Hellman keys internal DNS. Each server runs its own DNS server. DNS over HTTPS and DNS over TLS are also supported. free and open source software client side software support to traffic splitting on an application basis on Android and Linux and on a destination basis on Windows and macOS GPS spoofing on Android application AirVPN, in accordance with its mission, develops only free and open source software for many platforms, including Android, Linux (both x86 and ARM based systems), macOS and Windows. Promotion due to end on 2026-02-08 (UTC). Kind regards & datalove AirVPN Staff

Hello! Jc will be capped to 10 in this beta 1 version, but this does not defeat the purpose of randomization as Jc tells the quantity of junk packets that must follow CPS, not their size. However it will be important to allow more than 10 junk packets because we have reports from you and other persons according to whom an higher Jc seems to imply a higher probability to circumvent specific blocks. As usual you can force any value by editing and importing a profile, of course. Beta 2 is anyway imminent. Kind regards

Thank you very much! Noted, Jc, S1 and S2 limits come from the documentation here https://docs.amnezia.org/documentation/amnezia-wg The allowed ranges will be fixed according to logic, new documentation and source code. The crashes are under investigation. Thank you for your tests and bug reports! Kind regards

Hello! Therefore the issue should have a different cause and this is probably not the proper thread. Please open a ticket and/or a different thread at your convenience, after you have reviewed this checklist: https://airvpn.org/forums/topic/66388-port-forwarding/?do=findComment&comment=243305 Kind regards