-
Content Count
11858 -
Joined
... -
Last visited
... -
Days Won
2152
Everything posted by Staff
-
Eddie Android does not work in the work profile.
Staff replied to justi's topic in Eddie - AirVPN Client
Hello! Yes, 4.1.0 preview is available, but <c> tag for I parameters is still included. However, after having considered that <c> was documented a year ago but it is still (at the time of this writing) unsupported, it was decided that <c> will be not used on the next Eddie Android edition 4.1.0 beta 2. Please see here: https://airvpn.org/forums/topic/80787-eddie-android-edition-410-preview-available/ Kind regards -
Hello! Eddie does use the <c> tag, only for complete QUIC mimicry of a few real web sites. However, this issue exists and is still open: https://github.com/amnezia-vpn/amneziawg-go/issues/120 Eddie used <c> in some signatures because it was documented. If it remains unimplemented, we can remove it from the next Eddie version. In the meantime you can simply delete it when you need the profile in AmneziaWG native software (by editing the configuration file with any text editor) or use only those signatures which don't include <c> tag (there are many in Eddie Android edition's CPS database). Kind regards
-
Eddie Android does not work in the work profile.
Staff replied to justi's topic in Eddie - AirVPN Client
@justi Hello! This is exactly a specific Go-related problem triggered by Eddie that must be resolved by Eddie 4.1.0, can you please test the preview version if possible and report back at your convenience? https://airvpn.org/forums/topic/80641-eddie-desktop-edition-226-beta-released/ Kind regards -
Hello! We're very glad to announce the Eddie Android edition 4.1.0 preview is available Eddie Android edition 4.1.0 development focuses exclusively on improving stability by introducing a new custom AirVPN library that combines wg-go and amneziawg-go into a single runtime. This architectural change addresses a fundamental constraint of the Go runtime. Go was designed with the assumption that only one runtime instance exists per process and does not support multiple independent runtimes within the same process. Consequently, the runtime assumes exclusive ownership of global resources such as the heap, scheduler, stack management, and other core runtime components. The current production version had been linked against two separate Go-based libraries since support for Amnezia WireGuard was introduced. Despite the precautions implemented, on a small subset of devices, this configuration still resulted in crashes during approximately 1% to 5% of application launches. Analysis showed that all such crashes originated from Go runtime components, most notably the garbage collector. By consolidating both libraries into a single Go runtime, Eddie Android Edition 4.1.0 is expected to eliminate these crashes across all supported devices. Eddie Android Edition 4.1.0 also includes updated libraries and dependencies. Please refer to the changelog below for additional details. Download link, checksum and changelog https://eddie.website/repository/Android/4.1.0-Beta1/EddieAndroid-4.1.0-beta-1.apk This is a build debug package and side load is mandatory. If you decide to test, please report at your convenience any bug and problem in this thread. If possible generate a report from the app in a matter of seconds: by tapping the paper plane icon on the Log view bar rightmost side you will generate a full system report which will include both log and logcat and have it sent to our servers. Then you just need to send us the link the app shows you (open a ticket if you prefer to do it in private). $ sha256sum EddieAndroid-4.1.0-beta-1.apk 29aa7e43126a07c03581ab6249e3e23712257c6bb6d37049ebda31148254b162 EddieAndroid-4.1.0-beta-1.apk Changelog 4.1.0 beta 1 (VC 39) - Release date: 14 July 2026 by ProMIND Native Library [ProMIND] updated to OpenVPN-AirVPN 3.12 (20260714) [ProMIND] updated to OpenSSL version 3.6.3 [ProMIND] Updated to version 4.1.0, API 11 [ProMIND] Removed library libwg-go dependecy [ProMIND] Removed library libamneziawg-go dependency [ProMIND] Introduced library libeddiewg. Custom AirVPN Go library combining wg-go and amneziawg-go [ProMIND] api.h, api.cpp: added functions eddiewgLibraryName, eddiewgLibraryQualifiedName, eddiewgLibraryVersion and eddiewgLibraryReleaseDate, implementing the corresponding calls to libeddiewg, both C and JNI EddieApplication.java [ProMIND] onCreate(): call eddiewgLibraryQualifiedName and log output EddieLibrary.java [ProMIND] Added definitions for native library calls eddiewgLibraryName, eddiewgLibraryQualifiedName, eddiewgLibraryVersion and eddiewgLibraryReleaseDate Kind regards & datalove AirVPN Staff
-
ANSWERED gluetun/openvpn previously working now won't connect
Staff replied to nethole's topic in Troubleshooting and Problems
Hello! The infrastructure is upgrading to OpenVPN 2.7 with DCO (Data Channel Offload) support. However, this upgrade doesn't break compatibility with OpenVPN 2.4 and higher versions, and you're running OpenVPN 2.5. Try to upgrade to OpenVPN 2.6 or 2.7 just in case and check whether the problem gets resolved. Also test WireGuard, which has not been modified (the kernel module gets upgraded with the kernel upgrade of course). To see the list of upgraded servers, you can go to your AirVPN account "Client Area", enter the "Config Generator", turn on the "Advanced" switch, and select "2.6 DCO" in the "OpenVPN profile" combo box. The CG will show only the servers running OpenVPN 2.7 and DCO module. Kind regards -
ANSWERED "Eddie - Unlock" window showing up
Staff replied to robertoohoho's topic in Troubleshooting and Problems
@robertoohoho Hello! You have set either a Master Password or system key wallet password protection to encrypt Eddie's configuration file. If you can't remember the password, you have no choice but to delete Eddie's configuration file while Eddie is not running. At the next run Eddie will create a new configuration file with default settings and no password-led encryption. To delete Eddie's configuration file on macOS, from a terminal opened by the same account that installed Eddie: rm ~/.config/eddie/* Kind regards -
Version 2.26.2 (Thu, 09 Jul 2026 11:19:55 +0000) [fix] [linux] Fix elevated startup on distros without systemctl (e.g. Devuan/sysvinit) [fix] [all] Emit disable-dco in generated OpenVPN config when startup options are incompatible with data channel offload [fix] [windows] Harden elevated named pipe against pipe-name squatting (FIRST_PIPE_INSTANCE, single instance) [change] [all] Misc fixes and general cleanup
-
android ANSWERED Whitelist under eddie Android seems not working
Staff replied to moejoe's topic in Eddie - AirVPN Client
Hello! Black list enabled: all traffic inside the VPN tunnel except the traffic of the black listed applications which goes outside the tunnel. White list enabled: all traffic outside the VPN tunnel except the traffic of the white listed applications which goes inside the tunnel. When you define a whitelist with a single app for per-app traffic splitting purposes, only that app traffic will be tunneled. The system process traffic will not be tunneled, and any other non-white listed app traffic will not be tunneled. So the behavior you observe seems just fine, but please feel free to elaborate if we misunderstood. Kind regards -
@moejoe Hello! Configuring DNS blocks through the app is currently not possible, we're sorry, but you can have different profiles by using the option to link specific DNS block settings to each key ("device"). Then you can easily switch between devices to switch DNS blocks, although a re-connection is required for each switch. Kind regards
-
For now, we ask you to ignore that message. It is caused by the fact that the current macOS UI is written in Xamarin, which does not support arm64 compilation. One of our goals is to release a new modern UI, natively compiled for arm64, before this restriction becomes a problem.
-
Version 2.26.1 (Sat, 04 Jul 2026 17:30:39 +0000) [fix] [linux] Fix nftables netlock ipv4 mangle OUTPUT chain priority typo [change] [linux] Store network lock rule backups in root-only state directory [fix] [all] Fix TOCTOU race [fix] [linux] Sanitize VPN DNS addresses written to /etc/resolv.conf [change] [all] Misc fixes and general cleanup [fix] [linux] Fixed connection on Arch (no SysV service command) [change] [all] Improved security of how the VPN configuration is handled by the privileged helper [fix] [all] Block OpenVPN directives that write files as root
-
Hello! Let's investigate it on a new thread. Kind regards
-
@taikeru Hello! We're glad to know that terminal=true solves the problem. fuzzel and rofi honor the Terminal=true field in .desktop files but they manage it according to their own settings. Please check. For stdout - but a future version can be tty-aware, stay tuned. Kind regards
-
@taikeru Hello! Thank you for your great feedback about the Suite software, much appreciated by the development guys too. Provided that the desktop user is in the airvpn group, the usage you mention should be possible with some caveat, as cuckoo needs a tty. Can you please add the following line to the .desktop file: terminal=true and test again? Kind regards
-
-
Hello! We are glad to announce that Eddie 2.26.0 beta has been released and is now available for public testing. This release is mostly about maintenance, security fixes, and compatibility work. It includes several security hardening changes, updates to OpenVPN 2.7.3 and WireGuard for Windows 1.0, improved OpenVPN driver handling on Windows, and a general cleanup of old or unused code paths. To test it: Go to the download page for your operating system. Click “Switch to EXPERIMENTAL”. Download and install Eddie 2.26.0 beta. Eddie 2.26.0 beta is available for Windows, Linux, and macOS. We are also continuing the larger work of modernizing Eddie Desktop, also with a new modern UI. We know that many requested features are still waiting, including dark mode, split tunneling, Amnezia support, and more. They are not forgotten. For this release, the focus was on fixes and updates that needed to reach users first. We expect this beta to move to stable soon. Thank you for testing, and as always for your support. Main changelog: Version 2.26.0 (Mon, 29 Jun 2026 14:29:16 +0000) [change] [all] Updated the app to .NET 10 [change] [all] Updated the legacy interface to .NET Framework 4.8.1 [change] [windows] Removed Windows 7 support [fix] [all] Cleaned WireGuard configuration generation by removing unsupported entries [change] [windows] Improved OpenVPN driver setup and adapter management on Windows [change] [windows] Removed outdated Windows driver options [change] [windows] Removed the old Windows Firewall Network Lock mode and migrated existing profiles. [change] [linux/macos/bsd] Removed unused filesystem protection handling from the elevated helper. [change] [all] Restricted elevated helper tool discovery to trusted application folders. [change] [all] Added limits to elevated helper replies to protect client memory use. [change] [all] Removed the Tor control cookie path option [fix] [all] Various security hardening fixes [fix] [windows] Fixed Windows elevated launches with long command lines [change] [windows] Improved Windows elevated argument handling to prevent extra arguments from being injected into helper tools [fix] [windows] Fixed Windows OpenVPN routing with TAP adapters [change] [windows] Updated WireGuard for Windows to version 1.0 [change] [all] Updated OpenVPN to 2.7.3 [fix] [linux] Fixed Linux AppImage cleanup. Credits GitHub #147 and #152. Thanks to ThienBienBlue. [fix] [linux] Fixed Network Lock detection on clean systems where optional nftables or iptables tools are not installed. [change] [all] Removed custom OpenVPN and Hummingbird executable path options. [change] [linux] Removed the Linux dependency on the system ICU library [change] [all] Misc fixes and general cleanup Kind regards & datalove AirVPN Staff
-
@Kiki09 Hello! You need to set FIREWALL_VPN_INPUT_PORTS environment variable, otherwise container's firewall blocks all incoming packets on the virtual network interface. Please check the manual https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/airvpn.md VPN_PORT_FORWARDING_LISTENING_PORTS has a quite different purpose. It sets up a redirection of incoming traffic from the VPN opened port to a custom localhost port of your choosing. As the GlueTun manual clearly warns, do not use this with torrent clients, or any other software that publicly announces its port, as that software would not be aware of the publicly visible port and would be announcing the private port instead (you can see more details of this explanation on our FAQ answer about p2p). Furthermore, it does not even instruct the firewall to allow incoming packets on the virtual network interface. Kind regards
-
Port Forwarding Stopped Working?
Staff replied to theradgrad's topic in Troubleshooting and Problems
@theradgrad Hello! The fact that the host is sending a RST strongly suggests the packet is making it through PF and reaching the TCP stack, where no matching listening socket exists for that specific destination IP and port. The port tester does not test UDP, only TCP. Please ascertain whether the listening program is really listening to all interfaces with: netstat -an -f inet Look specifically for something like 0.0.0.0:YYYYY or VPN_IP:YYYYY If instead it shows 127.0.0.1:YYYYY or LAN_IP:YYYYY then the kernel will immediately send RSTs for packets addressed to the VPN IP. Also, please send the output of the following commands: sudo sockstat -4 -l sudo netstat -rn Finally, a simultaneous packet capture while reproducing the issue: sudo tcpdump -ni tun0 tcp port YYYYY Kind regards -
Port Forwarding Stopped Working?
Staff replied to theradgrad's topic in Troubleshooting and Problems
@theradgrad Hello! In reality your current error message is connection refused (111). It means in general that the packets were forwarded and reached the destination (your node), but it actively reset the connection via TCP RST. We have also checked in real time on the server you mention and packets are properly forwarded from the correct ports to your VPN IP address:port. Please make sure that tun0 is the correct interface name. If it is, the fact that the packets reach the OpenBSD host and it actively replies with a TCP RST suggests the kernel accepted the packet but decided there was no valid listening socket or the packet didn't belong to an existing connection. Please follow this checklist: https://airvpn.org/forums/topic/66388-port-forwarding/?do=findComment&comment=243305 Kind regards -
@0bacon Hello! Did the problem get resolved after hardware was repaired and you upgraded to AirVPN Suite 2.1.0? Kind regards
-
ANSWERED No DNS on AirVPN Suite on an Ubuntu Container
Staff replied to Titums's topic in AirVPN Suite
Hello! Thank you for your patience to reply to the numerous questions by the support team on your ticket. We re-publish the outcome here for Kubernetes users' and readers' comfort, and for future reference. Bluetit relies on filesystem-level operation to create the resolv.conf backup. In your setup, /etc/airvpn and /etc/resolv.conf are in different file systems. Therefore Linux kernel will return EXDEV ("cross-device link") error when Bluetit tries to move, via stdlib rename() method, /etc/resolv.conf into /etc/airvpn/ Possible work-around: Have /etc/airvpn and /etc/resolv.conf into the same file system, OR don't allow Bluetit to manage DNS by setting, inside bluetit.rc run control file, this directive: ignorednspush on and let the pod manage the DNS. You will not use anymore VPN DNS, but DNS queries will be tunneled anyway. You can still set your favorite DNS (even VPN DNS, if needed), but you have to set it manually. In a future Bluetit version we'll see how to improve Suite compatibility with Kubernetes (and possibly other environments). Kind regards -
ANSWERED Cant connect on Kodachi Linux.
Staff replied to Sh4d0w66's topic in Troubleshooting and Problems
Hello! Since OpenVPN and WireGuard fail too, this is not an Eddie-specific problem. However, an Eddie system report could help us understand what goes wrong. Please see here to send a system report generated by Eddie: Kind regards -
Hello! Of course. Eddie offers a GUI with a one-click connection button, but the case of firewalld is so special to be a very rare exception requiring manual intervention by the system administrator. We can't allow Eddie to manipulate your system in such a profound way. Note that Eddie will work anyway, but you can't use Network Lock to prevent leaks, because firewalld takes exclusive ownership of the firewall rules (Network Lock is based on firewall rules). And after all, do not underestimate yourself. The steps to fix the situation are very simple and "once and for all". Let's break the steps down: 1. Open a terminal (aka shell or Console or Konsole) from your Desktop Environment 2. Type the following command: sudo nano /etc/firewalld/firewalld.conf 3. You are now inside the "nano" editor, editing the firewalld configuration file with administrator (root) privileges. Move with the cursor arrow keys between the options and enter the following line: NftablesTableOwner=no make sure you press ENTER at the end of the line (so the line stays alone between all the other options, anywhere). 4. Save the file by pressing CTRL + O (keep CTRL pressed, and type O) 5. Exit the editor by pressing CTRL + X 6. Restart firewalld with the command (on the terminal): sudo systemctl restart firewalld Kind regards
-
Hello! Good catch. Large corporations and conglomerates are often wealthier, faster and much more efficient than most or all government bodies. Shifting the surveillance role to private entities serves a dual purpose: to address the incompetence and lack of funding in public institutions, ravaged by decades of malpractice and corruption, and to increase the profits of conglomerates both directly and indirectly. Surveillance raises the cost of dissent, pushes self-censorship, reduce participation in protests etc. The key issue is not merely whether surveillance exists, but who controls it, how it is regulated, and whether there are effective checks on its abuse. Once surveillance is mainly up to conglomerates and judicial overview is weak or absent, it works in tandem with other capabilities of the conglomerates themselves: control of platforms, restriction on opposition and competitors, restrictions against political parties not supporting laws favorable for the conglomerates purposes. This has already happened multiple times and probably the more you give surveillance roles to large corporations, the more it will occur and possibly in more covert manners. And yes, this is clearly proven by Shoshana Zuboff's work you mentioned, at least in Western countries. An article more recent than the 7 years old book that you cited is available here: https://journals.sagepub.com/doi/10.1177/26317877221129290 It sounds good, but like in child protection the devil is in the details. The current UK legislation the OP was talking about, after we examined it a second time, seems to favor the direction you fear, provided that you replace "far-left" or "far-right" with the political group a conglomerate supports. It adds precious tools that enhance the possibility to influence large parts of the population by the corporation themselves. Age verification out of any oversight and potentially through gathering ID cards seems a small, maybe inessential step, but on the contrary it is very instrumental (just think of the power of adding to accurate profiling a real ID document of the profiled person, with real exact address, accurate photo, fiscal code...), also possibly a prelude to "chat control" and data retention (again exclusively up to private entities with no real judicial overview, as far as we can see). The Act does not "force" a private entity to store your ID card, but "allows" the private entity to do it. It also does not say "delete it after a few minutes", it just says "preserve it only for the time it's necessary and to prove your compliance", very ambiguous. Too tempting an opportunity for a lot of corporations! To continue with your parallelism with the offline life, it would be as if you authorize a tobacco shop or a market selling alcohol not only to ask for your ID card in order to verify that you're at least 21 (or 18), but to make an accurate, integral scan of the card and preserve it and create a database of accurate images of ID cards with no judicial oversight at all. This document preservation and database creation was privilege of very limited categories (such as public utilities providers). This UK Act changed radically everything. If judicial oversight, transparency requirements, antitrust enforcement, and democratic accountability are weak, as it already happens in Europe and UK due to budget restraints, government body inefficiency and lawmakers large scale corruption (*), surveillance capabilities can become intertwined with market power and political power, creating opportunities to shape public discourse, influence political outcomes, disadvantage competitors, pressure policymakers and filter out hostile politicians. Historical examples (including digital authoritarianism in USA and EU mentioned by @fsy) suggest that such risks are real, although the extent and mechanisms vary considerably across cases. By considering our mission, it is unavoidable that we strongly oppose age verification through ID cards as well as any form of blanket data retention. We would also like to add a question: are the lawmakers sure that a person under 18 is safer by surfing the Internet without a VPN than by surfing while connected to a reputable VPN? (*) For a proof of large scale corruption at least in the European Parliament from the Qatargate and on, see https://www.ftm.eu/articles/european-parliamentarians-involved-in-hundreds-of-scandals - 25% of MEPs have been involved in investigations about or found guilty of various crimes, from harassment to corruption. This is indeed on the agenda according to some rants of the Vice President of the Commission (no doubt that VPNs are a pain in the ass for some people), but we would like to remind that the highest judicial body of the EU, the CJEU, affirmed three times, with legally binding decisions, in three different cases that blanket data retention is in breach of fundamental rights and therefore no Member State can force any Internet operator to perform pre-emptive, blanket and indiscriminate retention of traffic metadata or data: https://airvpn.org/forums/topic/57288-general-questions/?do=findComment&comment=230078 Kind regards
-
Hello! It's a deliberate choice, like in airvpn.dev - security high level. If you want to "follow links" from the Tor site or airvpn.dev you must type or copy and paste the URL manually on your browser bar. A serious problem that comes to mind occurs if the link: opens a browser other than Tor Browser; launches external applications; downloads files that are then opened outside of Tor. In these cases, you could expose your real IP address or other identifying information. So when we want to offer higher protection disabling one or two clicks re-direction can be a wise choice. Kind regards
