Jump to content
Not connected, Your IP:


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by Staff

  1. IMPORTANT CORRECTION TO THE PREVIOUS MESSAGE. If you define a "quick" connection mode at boot, iBluetit will consider and respect white and black list directives included in bluetit.rc during the connection at bootstrap. Therefore, the proposed solution is optimal and does not require Goldcrest: just remember to change connection mode to quick (and do not set it to country), and define white lists according to the conditions written in our previous message (i.e. three empty intersection subsets, one subset per device). Kind regards
  2. @cannac Hello! You have related options in Goldcrest. If the white list must be global and respected by all users, superuser must define it in Bluetit run control file. If the white list can be decided each time by any user inside airvpn group, then superuser must not define it in Bluetit run control file. The related Goldcrest options, which can be specified on the command line only, and not in goldcrest.rc file, are: --air-white-server-list, -G : AirVPN white server list <list> --air-black-server-list, -M : AirVPN black server list <list> Please see also: https://airvpn.org/suite/readme/#controlling-goldcrest-client Kind regards
  3. @cannac Hello! A solution which might meet your needs is partitioning the US Air VPN servers set into three empty intersection subsets, one per device, compiling airwhitserverlist directive with a unique subset in each device, and finally restarting the three connections via Goldcrest on the US country basis. and finally defining the connection mode in bluetit.rc as quick. If the connection mode is not defined as quick Bluetit ignores white and black lists but it does not warn you. A warning in the log and a clarification on the documentation will be implemented. By doing so you will never have two or more devices connecting to the same server. when the air-connect command for the same country is issued by different clients in different devices. If Bluetit connects during the machine bootstrap, remember to send disconnect first: enabled persistent network lock by directive networklockpersist ensures no traffic leak outside the VPN tunnel. In a future Bluetit version we might implement a new Bluetit run control file directive defining a white list for automatic connection at bootstrap so that you will not need to send a connection order via a client later on. Kind regards
  4. Hello! Yes, of course, you get the same privacy protection enhancements in both connection types (provided that the VPN connection is established). In particular: your outgoing packets do not have anymore your "real" IP address when they get out of the VPN server (this is also why, in addition to privacy enhancement, we define our service as capable to provide "a layer of anonymity") you are no more subject to DNS poisoning, which is common practice with all ISP in the world including European ISPs the VPN tunnel protects you from injection of forged packets your ISP and anybody who wiretaps your ISP line can not see anymore which services you contact, which underlying protocols you use and which underlying applications you run, because of the encryption of outgoing and incoming packets between your client and the VPN server A caveat in cellular connections when it is used together with a device running iOS or Android. By Apple policy, Apple applications can bypass at will any VPN tunnel (and actually some of them already do it) Similarly, in Android systems, manufacturer's applications might potentially do the same. This is possible because you are not the administrator in Android and iOS systems and therefore you have no control on those important parts of the system which would prevent such "leaks". Therefore, when privacy protection is a priority, Android and iOS should not be trusted. What about the "anonymity layer" we mentioned earlier? The anonymity layer is provided by the first point of the list, together with the fact that we operate servers in countries where data retention is not mandatory, so we not only avoid inspecting traffic to remain a mere conduit, but we also do not log traffic metadata. So it's not an intrinsic property of a VPN, but it is related to how it is implemented in our systems. Now, this anonymity layer resists as long as we don't betray your trust AND our servers are not secretly wiretapped. How to defeat an adversary with the power to wiretap your line AND all the VPN servers you connect to? And what to do when you can't afford to trust our contractual commitment on "no logging"? This question has become relevant for more and more persons who are "high profile targets". Remember that everyone can become a "high profile target" simply by being an activist on certain matters. Every year, for example, hundreds of environmental activists are killed around the world and hundreds disappear mysteriously or suffer severe limitations on personal freedom or suffer major physical harm. And that pertains only to activism on environmental problems. Bloggers and journalists are imprisoned, as well as whistleblowers, or killed, in the so called "Western countries" too, simply for having told the truth. In certain areas of Italy, you must protect your identity even if you write a few substantiated rows anywhere on the web against some minor political figure in your tiny district when that political figure has ties with the organized crime, and we know that something similar happened in other EU countries. We could go on with plenty of horrendous exemplary cases, which took place even in "Western countries", where a more effective layer of anonymity would have saved, during the years, thousands of lives, but let's answer the original question on how to improve the anonymity layer and defeat a powerful adversary with this old article of ours: https://airvpn.org/forums/topic/54-using-airvpn-over-tor/?tab=comments#comment-1745 So, we wrote the above article many years ago, which may help high profile targets. Keep in mind that everything starts from the assumption that your system is NOT compromised. If it is, any VPN, Tor, Tor over VPN, will be useless. So we come to other important limitations you must be aware of: a VPN does not protect your device a VPN is useless if your device is compromised, and some systems such as Android and iOS may be compromised in a matter of minutes by a powerful entity that comes to know your IP address a VPN must not be meant as an anti-cracking tool: the only protection against some types of cracks is no remote port forwarding, which is mild a VPN can not hide your personal data or identity if you send out personal information inside your traffic flow and the recipient of such information is compromised, or if you send it out in public a VPN does not prevent correlations when you mix identities, i.e. it can't protect you from your own behavior, therefore take care not to mix identities inside and outside the VPN. Trivial, maybe stupid, example. if you have used an e-mail account without VPN, and then you use it from the VPN, the mail provider and other entities can still come to know your real identity via IP address of your past connections on record or other data. a VPN does not hide your system and browser fingerprint. For highly sensitive information transmission when your identity must not be disclosed, avoid the WWW completely (recommended solution). However, if you are compelled to rely on the WWW, at least use the Tor Browser Kind regards
  5. Hello! Of course. That's the risk with WebRTC: the disclosure of the "real" IP address when you don't want that. The "noble" purpose is allowing two or more peers to connect directly with each other for video chats and so on. Each peer must know the public IP address of the other ones to accomplish the task. WebRTC (when it is active) provides developers with an API which can disclose it. See https://webrtc.org/getting-started/peer-connections and following docs. https://webrtc.org/getting-started/peer-connections As long as the local address is private and assigned by your home router, that's the only case of no concern. With OpenVPN, disclosure of the tun address is not a concern, right, because we are unable to correlate a VPN IP address to a user when the connection is over. But it's not all good in general, unfortunately: with Wireguard, disclosure of the tun address (the VPN IP address) is risky too, because of the bijection between client keys and static VPN IP addresses which Wireguard also mandates to replicate in a file on every server. Under this respect we can only mitigate the problem by randomizing IP addresses assigned to keys and deleting periodically the file entries when we suppose a client is no more connected (Wireguard lacks even the disconnection notification feature by explicit design). But in the whole time between deletions, we know who is who, and we must provide this information for example after a court order, which could also include prohibition to delete relevant data whereas it is an ACTIVE action that we (and not some third-party app) perform in spite of lack of technical necessity. Kind regards
  6. Hello! In this case just send us, if you have time and will, the crash message from Eddie 2.20. An important suggestion: you should never use VPNetMon. it is insecure by design, not able to prevent most types of leaks (wrong binding, UPnP, NAT-PMP... by your torrent software) and it's dangerous, as it may kill forcefully applications causing their data corruption in your HDD/SSD. Furthermore it is not able to prevent leaks, not even in ordinary disconnections if it can't detect them, if the CPU has a high load, or if the app hangs. Use Network Lock instead. Activate it before you start a connection by clicking the big button on the main Eddie window. Network Lock prevents any type of leaks, even if Eddie or OpenVPN crash, because it is a set of firewall rules. Eddie was not stuck, it was just waiting for the application to return an exit code. You can tell Eddie to not wait and go on as we wrote. In this case Eddie will run the application only, and will immediately forget it and move on. When you define the command for an event, the window shows "Wait end of process". By default it is ticked. You can de-tick it in order to make Eddie not wait for the end of the process. We don't see how we could make it "a bit more user friendly"... anyway, now you know. Kind regards
  7. @airsupportusertempforum @cannac Hello! Those problems you mention should be different and unrelated. When Bluetit gets stuck in a loop of re-connections caused by OpenVPN3-AirPVN inability to reconnect to the same server, no --recover-network should be necessary, provided that you stop Bluetit properly, or you just send a disconnect command. Then you can send an air-connect command or what you need. The OpenVPN3 inability to re-connect when you abruptly disconnect, and later re-connect, the Ethernet cable will be investigated. As far as we can see it may occur with OpenVPN 2 too and we suspect to know why. In such cases anyway a disconnection followed by a connection resolves the issue both with OpenVPN3-AirVPN and OpenVPN 2. The problem mentioned by @cannac has not been reproduced unfortunately. and we have no clues or suggestions at the moment. Can you tell us your Linux distribution name and version and describe the problem which forced you to change the symlink? Kind regards
  8. Hello, Eddie can run scripts and binaries when certain events take place and: wait for the script/binary/whatever run by the event to return an exit code, OR run & forget & move on (no wait, defined as asynchronous mode in the documentation) From your description you needed solution 2, with a kill to the same process at the next suitable event. About the kill, do as @OpenSourcerer wrote in a previous message. Yes, the feature you want was implemented in 2014 or so, but it needs to be documented.for the GUI. Currently it's documented on the CLI guide and on the man. Anyway now you know and it's quite intuitive, enjoy! https://eddie.website/support/cli/ See: event.app.start.filename - Filename of the script/executable to launch on event. event.app.start.arguments - Arguments of the script/executable. event.app.start.waitend - Use True if the software needs to wait the end (synchronous) or False to be asynchronous. Default: True event.app.stop.filename - Filename of the script/executable to launch on event. event.app.stop.arguments - Arguments of the script/executable. event.app.stop.waitend - Use True if the software needs to wait the end (synchronous) or False to be asynchronous. Default: True etc. You can achieve all of the above in the GUI too. Can you verify whether the unexpected crash (we can't reproduce it) persists with Eddie 2.21 beta version? If so, would you be so kind to send us the whole crash message? To download Eddie latest beta version please see here: https://airvpn.org/forums/topic/49638-eddie-desktop-221-beta-released/ Kind regards
  9. Probably not, the screenshot is not extremely clear but it seems WebRTC test displays the private IP address of @BobbyTee system network interface ( @BobbyTee - the ipleak test thus seems completely fine but please check the above anyway Kind regards
  10. Hello! We're very glad to inform you that the alpha 2 version is now available. It implements new features you can check on the first thread post and an extensive rewrite of the native library. Please find the download URL and all the news on the first post. Thank you very much for your tests! Please report any glitch, bug and unexpected behavior! Kind regards
  11. Hello! We're glad to inform you that AirVPN from now on accepts payments via Amazon Pay too. The new gateway will let users with an Amazon account to get AirVPN plans quickly and swiftly by using their own Amazon account. Amazon Pay is added on top of PayPal and 2Checkout/Avangate (Verifone) gateways in order to offer a thorough range of payment methods which include bank transfers and all the most widespread credit cards. Once again we remind you anyway that for better privacy purposes we accept directly (without intermediaries) cryptocurrencies, which remain the favorite choice if you need to prevent disclosure of your AirVPN purchase to financial entities or human rights hostile regimes. Kind regards & datalove AirVPN Staff
  12. @bestinshow Hello! You're right, losing settings and data should not happen during upgrades, save for when you upgrade from Eddie versions older than 2.12 to the current version. It's therefore an unexpected event. And yes, "default.profile" (or other files, if you entered new profiles with new names on the settings) is the file keeping all the data and settings. Kind regards
  13. Hello! We can't answer for ProtonVPN, but in case of AirVPN or Tor, the answer is yes provided that: the activist never connected from his real IP address to ProtonMail since when the wiretapping and gag orders ware issued on enforced on ProtonMail the activist never wrote to some infiltrator information which could have disclosed his identity the activist always used gpg to encrypt e-mail content, so that the content was hidden to anyone wiretapping Proton servers All of the above is limited to disclosing the identity only through Proton order and French data retention (remember that France data retention is in breach of the CJEU legally binding decisions, because blanket data retention is enforced on ISPs). If other investigation methods were used (for example by relying on finding e-mail recipients, identifying them and forcing them to reveal the activist identity), the activist identity could have been disclosed anyway, but not through Proton forced co-operation. Kind regards
  14. Hello! Our first 10 Gbit/s lines dedicated only to our servers were used for the first time in Dallas, Texas, several years ago. One line is for the VPN servers and another one for the Tor nodes by Quintex. Then we had four (now six) 10 Gbit/s lines in the Netherlands. Each line was and is shared by 10 or 11 of our servers. Then Xuange came, in Switzerland, that was the first one with an exclusive 10 Gbit/s line. Ain then followed and has been the last one at the moment. As @OpenSourcerer says, prices in some locations (such as Tokyo) are too high for 10 Gbit/s and at least 600 TB traffic per month for a single server (2 Gbit/s 24/7 means you generate 600 TB in a month). Moreover, in order to beat the usual 1 Gbit/s full duplex, more powerful hardware is needed and a different software approach too. Even so, on Xuange and Ain we could not manage to squeeze more than 3-4 Gbit/s (in total, up+down) when more than 150 clients are connected, and even the most powerful CPUs available on the market, running one OpenVPN instance per virtual core, suffer. The whole system get choked if we go up to 300 clients, which would be the minimum amount required to run those servers without losing money. Wireguard might help but it's uncertain and anyway many core customers of ours don't accept it for the notorious privacy problems, other customers can't use it for UDP blocks/shaping and so on, so we can't and we won't drop OpenVPN in any case. EDIT: it's not only a pure AES/CHACHA20 processing power issue, but also a conntrack and packert mangling huge queue related issue, which gets intertwined with pure encryption/decryption processing power problems. - pj For us, the cost per user to be provided with high bandwidth is remarkably higher with dedicated 10 Gbit/s single server lines, because we experimentally see that we can not put on such a server 10 times the users a 1 Gbit/s server can handle (unless we wanted to lower the quality of service, which is not on the table). Therefore, if we want to keep the same prices and at the same time we don't want to oversell, offering an infrastructure all based on a 10 Gbit/s line per server for 2.75 EUR/month (the current price for 3 years subscriptions) is not realistic. Remember that year after year prices of AirPVN went down or remained unchanged, and today AirVPN is probably the less expensive VPN around (ruled out the free ones, as they profile you or do worse things too). Maybe in the future, or maybe with a different pricing, migration to all "10 Gbit/s servers" could be pursued. We're not "over-cautious" but realistic: in the last 5-6 years, while other VPN services accumulated important debts surpassing tens and tens of USD millions (think about PIA mother company, which went down for more than 30 millions in just 3 or 4 years; and other big ones, which are forced to oversell and continuously pay for favorable bogus reviews hiding overselling in order to survive) AIrVPN never ever had debts. Who would be interested in paying more (probably x3 or even x4) to have access to 10 Gbit/s dedicated lines (one line per server) on a wide variety of AirVPN locations with the usual AirVPN quality? We might start a survey to know. Kind regards
  15. And you avoid the TCP over TCP meltdown effect, i.e. when "lower and upper layers (which both are running their own version of congestion control algorithm) start competing with each other and in fact worsening the situation at each try. This is specially true for slow links and could result in terribly slow connections and constant freezing". https://hamy.io/post/0002/openvpn-tcp-or-udp-tunneling/
  16. UPDATE 3 Sep 2021 Replacement has been completed. Kind regards
  17. Hello! We confirm the problem. We have now resolved it. We deeply apologize for the inconvenience. Kind regards
  18. Hello and thank you for your choice! We confirm the problem. We are working to resolve it as soon as possible. We deeply apologize for the inconvenience. Kind regards
  19. @airvpnforumuser Hello! All the code examples in the manual are in C++. C++ for the AirVPN Suite has been picked for a variety of reasons including high portability, speed and efficiency. From page 10: We do not rule out other programming interfaces for other languages according to requests in the future. Kind regards
  20. @airvpnforumuser Yes, the option to not use the Master Password will be implemented. Not in alpha 2 but probably during the beta stage. Anyway, it will be implemented before we reach the stable release. Maybe. Would you like to collect the logcat (and send it to us) just after the problem has occurred, so we can verify what happens exactly? Hopefully it's not a crash for some Eddie bug but let's see, alpha and beta testing aim at finding out bugs. Feel free to keep us informed. https://developer.android.com/studio/command-line/logcat Kind regards
  21. Thank you for your feedback! It's a superior solution but it's not limited to "command line-binaries". Surely you have totally missed what Bluetit does. Read the documentation to understand more. On another subject, divergent from what? Maybe you don't realize that when we took OpenVPN3 it could not even run in Linux. No alternative was available, even for the reason explained by @OpenSourcerer There is no divergence, at least not in the wicked sense you mean. Read on to understand why, on top of OpenSourcerer considerations. No doubts that a GTK based interface has not been delivered for Eddie, and no doubts that it was a promise by Eddie chief developer which was not fulfilled, mainly because Eddie was split between frontend and backend (with the backend entirely rewritten in C++ to make it free from Mono), and because the Linux and Mac sofrtware have been re-considered for Qt, which we now consider more efficient than GTK and available in other systems we're interested in (macOS, FreeBSD). Firecrest (another client for Bluetit) plans include Qt and not GTK However, it's not true that the new development team (i.e. the one not working on Eddie desktop) spent five years for a fork, obviously. The total work on the fork so far can be summed up to just a few months in total during all the years. We do not see any "divergence" either, since OpenVPN3-AirVPN maintains full compatibility with OpenVPN 2.2 servers and higher versions, including OpenVPN 2.5. It also maintains full compatibility with profiles and directives according to OpenVPN 2 branch. We were careful not only to comply to the new OpenVPN 2.5 requirements, but even not to hurt backward compatibility with servers running older OpenVPN versions. So all the software can be used to connect to any OpenVPN based system, not only AirVPN: no divergence, no isolated ecosystem. Between 2018 and 2021, i.e. three years and a half and not five, OpenVPN3 rewrite in several parts to make it work properly has been a fraction of the work: Eddie Android edition was totally rewritten to get rid of Mono completely seven Eddie Android edition versions were released five Hummingbird versions were released, three Bluetit and Goldcrest versions were released Hummingbird has been ported to macOS the (in our opinion outstanding) Bluetit Developer's Reference Manual has been written some more work behind the scenes has been accomplished. In particular, careful Bluetit engineering and development has been rewarded by a software (incidentally a real daemon), which was never seen before in the OpenVPN clients world. OpenVPN3 by AirVPN is 108 commits ahead of the main branch, the library works very well in Linux and obeys to OpenVPN 2.5 server new options and handshake requirements, a thing that can't be said of the main branch, at least up to a few months ago. The delay of a GTK based GUI for Eddie has triggered a variety of new projects that have brought to Linux and Android users superior solutions never offered before by anybody, so at the end of the day Linux and Android users have had something much better and more will come. Kind regards
  22. Hello! The intentions of Eddie chief developer remained intentions, unfortunately. However, getting rid of Mono blob was a task which has been accomplished in Linux and macOS. The development lines for Linux have changed and the most important outcome has been the AirVPN Suite which features a fully documented, real daemon, an exclusive software with a complete reference manual which nobody has ever offered. Even Eddie Android edition, another important software which we released after 2016, does not require Mono for Android. Development of Eddie Desktop edition on one side, and Eddie Android edition, OpenVPN3-AirVPN and AirVPN Suite on the other side, have been completely split. Different development cycles, teams and plans. Bluetit also uses OpenVPN3-AirVPN library, a fork of the original OpenVPN 3 library which features very important improvements. OpenVPN3-AirVPN library, currently used by Eddie Android edition, Hummingbird in macOS and Linux, and Bluetit in Linux, has been another important development branch in the last years in AirVPN. The AirVPN Suite offers an option to all Linux users to completely drop Eddie and Mono. You can follow the "News" forum for all the information and announcements. AirVPN Suite User's Documentation: https://airvpn.org/suite/readme/ Bluetit Developer's Reference Manual: https://gitlab.com/AirVPN/AirVPN-Suite/-/blob/master/docs/Bluetit-Developers-Reference-Manual.pdf OpenVPN3-AirVPN library (108 commits ahead of the main branch currently): https://github.com/AirVPN/openvpn3-airvpn Kind regards
  23. @WYjNh056OGEG2tgNvV4iHzoNNU Hello! Please compare stability with OpenVPN 2 and report everything in a ticket. Please include complete Bluetit log and your Linux distribution name and version. You can print Bluetit log with command sudo journalctl | grep bluetit Kind regards
  24. Hello! We apologize for the late reply about the quoted comment: we do not publish source code of alpha, beta, RC etc. versions, but only of stable releases. Kind regards
  25. @airvpnforumuser Hello! Please check Bluetit Developer's Reference Manual chapter 5.5, Bluetit events, p. 64. You already have it. Note incidentally that all Goldcrest options are worked out through Bluetit methods. Bluetit exposes a D-Bus interface and the D-Bus IPC daemon lets your software call a wide variety of methods. Detailed reference can be found in Chapter 5, Bluetit D-Bus Interface, pp. 53 and following ones. For the specific example you mention, the connection_stats public method is what you need. Please check Bluetit Developer's Reference Manual 5.4, Public D-Bus methods, and 5.4.16 connection_stats, p. 61. Kind regards
  • Create New...