Staff

2 hours ago, ksdlajfvhfukefdil said:

There is only one server in Taiwan (sulafat) and it has been down for 5 day. Is there any update? Can get we get an ETA?

Hello!

Sulafat is now up. The problem was that some of its IP addresses remained null-routed after a flood attack.

Kind regards
 

9 hours ago, Pwbkkee said:

Only 2.0.0 RC2 has this issue; all previous versions of Bluetit exited cleanly.

Thank you, under investigation.
 

Quote

it also allows me to run Goldcrest in the background without using screen

screen or any other multiplexer is unnecessary thanks to the async mode (option --async). We will keep you posted.

Kind regards
 

@Pwbkkee

Hello and thank you for your tests!

Please post at your convenience the complete Bluetit log to let us investigate.

Suite components are designed after a client-daemon architecture, where Bluetit is a real daemon (not a generic service, a real daemon) and Goldcrest is a client. Your setup is odd and poses a few problems, since you turn a client into a service and you try to have a service-service arch.

What is it that you can't do with current architecture that forces you into this sort of aberration? For example, in your case if you want Bluetit to connect by itself you don't need an auxiliary service, you can do it through the run control directives in bluetit.rc file and you would have a connection as soon as Bluetit comes up, instead of being forced to wait for yet another service to come up.

Kind regards
 

45 minutes ago, IAmFlash said:

I am not getting good speed at all with this server for some reason. Anyone else has same issue ?

Hello!

Yes, a problem with the network interface arose, we're sorry. We are bringing the server down. We will work with the datacenter technicians to resolve the issue.

Kind regards
 

Hello!

50 minutes ago, opperska said:

Thank you for this.

I tried to connect using those optional variables and removing the wireguard endpoint and port, however, when I tried to connect on SERVER_COUNTRIES:Taiwan, it couldn’t connect and when I put Singapore, connection works.

Hello!

Thanks, this is a matter for GlueTun developer, we would recommend that you contact him and explain the problem. Please note that in the compose file you set a variable with the = char, not with : .

Kind regards
 

18 hours ago, opperska said:

Anyone can help me to resolve my issue to connect to the Taiwan Endpoint only?

Hello!

When VPN_SERVICE_PROVIDER is set to airvpn the optional environment variables deciding the end point are:

• SERVER_COUNTRIES: Comma separated list of countries
• SERVER_REGIONS: Comma separated list of regions
• SERVER_CITIES: Comma separated list of cities
• SERVER_NAMES: Comma separated list of server names
• SERVER_HOSTNAMES: Comma separated list of server hostnames

https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/airvpn.md

If you feel that this is a bug or unexpected behavior (we see your point: WIREGUARD_ENDPOINT_IP should not be ignored when a non-generic VPN provider is selected, as it apparently happens in your case), the matter should be reported to GlueTun's developer. Please keep in mind that GlueTun is fully compatible and well integrated with AirVPN but it is not developed by AirVPN so every issue should be reported properly also here: https://github.com/qdm12/gluetun-wiki/issues

Kind regards
 

1 hour ago, Fineas said:

Hello, I got a problem selecting ports on client area. I just cant open any port and get the error "The requested port is not available". Did not have any problem enabling last year my only open port .
I use zorinos and eddie gui.Could be a bug or its just me? My firewall is off. Thanks

Hello!

Your setup is fine and we can reach your listening software through the port that you remotely forwarded. If you need more ports please make sure to pick a free port (the proper tools on the bottom of your AirVPN account port panel will let you find free ports) or just let the system pick a free one for you by leaving the "Port number" field blank and clicking the '+' button.

Kind regards
 

1 minute ago, spinmaster said:

Great news. As mentioned before, but I am using an M4 Mac: is there a reason you only list availability, specifically for M1-M3 and not for all M*?

Hello!

Thank you!  No reason apart from obsolescence of the announcement. Build is anyway for M1.

Kind regards
 

13 hours ago, av942253 said:

On 4/6/2025 at 8:29 PM, Staff said:

You need to set permanent Windows Filtering Platform rules that block outgoing traffic, except traffic to the local network and for DHCP purposes.

I am also interested in this, but I didn't get it working. Could you please provide more details on how to set it up? A few snippets for the Powershell would be very helpful. Allowing DHCP traffic out, seems to be an default rule with Windows 10.

Hello!

Something like this will do the trick, starting from a clean status and Windows Firewall enabled. Make sure you operate from a Powershell with administrator privileges. The rules will survive at reboot. You must adjust your local network address/netmask (change 192.168.0.0/16 and fe80::/10 if necessary). Do not proceed if you don't understand exactly every single command; instead, get documented first.
 

netsh advfirewall set allprofiles firewallpolicy blockoutbound
netsh advfirewall firewall add rule name="Allow DHCPv4" protocol=UDP dir=out localport=67,68 action=allow
netsh advfirewall firewall add rule name="Allow DHCPv6" protocol=UDP dir=out localport=546,547 action=allow
netsh advfirewall firewall add rule name="Allow Local IPv4 Network" protocol=TCP dir=out remoteip=192.168.0.0/16 action=allow
netsh advfirewall firewall add rule name="Allow Local IPv6 Network" protocol=TCP dir=out remoteip=fe80::/10 action=allow

You may also consider to backup the rules and enable them only when needed, instead of keeping them permanent. Check your system manual to do this.

Kind regard
 

12 hours ago, klobs182 said:

Is this or something similar possible?

Hello!

Yes, perfectly possible. Just configure your application(s) to connect to your proxy and use it/them while the system is connected to the VPN.

Kind regards
 

@Hitotsume

Hello!

Traffic splitting on a destination address basis is not implemented in the Suite and as a consequence exceptions to Network Lock are not available from the options: you would need to add specific rule(s) after the lock has been enforced. However, in your case this is not necessary as Network Lock already allows local networks. Furthermore, the Suite may take care to avoid VPN traffic tunneling into the local network even with WireGuard (default behavior). The behavior can be set through the specific option allowprivatenetwork as you might already know from the manual:

* allowprivatenetwork (yes/no) Control how the local and private network
  traffic can pass through the Network Lock. When disabled, only VPN traffic is
  allowed through the Network Lock. When enabled local and private network traffic,
  as well as VPN traffic, is allowed to pass through the Network Lock. Default: yes

Please note that WireGuard support and configuration of Network Lock behavior for local network are implemented on AirVPN Suite 2.0.0, currently available as Release Candidate 2:
https://airvpn.org/forums/topic/66706-linux-airvpn-suite-200-preview-available/

AirVPN Suite 2.0.0 also implements traffic splitting on an application basis. Although not required in your specific case, since from your description it sounds like you need to connect to sshd only locally, in various scenarios per app traffic splitting may be more useful and/or a valid replacement of traffic splitting on a destination basis. In your case, if you need to have sshd traffic outside the VPN tunnel (i.e. you explicitly want to leak SSH traffic outside the VPN tunnel so that you can reach sshd from the Internet without pointing to AirVPN server addresses and without AirVPN remote port forwarding) it's preferable to just split ssh traffic (read the 2.0.0 user's manual to achieve in a very simple way this purpose if it is necessary).

Kind regards
 

On 5/12/2025 at 4:39 PM, Dunmer1E700 said:

Thank you for looking into this! I will watch the News and Announcements sub-forum for the release of Release Candidate 2

Hello!

AirVPN Suite 2.0.0 RC 2 is now out and the error you found has been addressed. Can you please test again and report back at your convenience?

Kind regards
 

Hello!

We're very glad to inform you that Hummingbird 2.0.0 Release Candidate 2 is now available for macOS, both for Intel and M1/M2/M3 based systems. The links to the latest RC 2 and the main changes have been updated in the first message of this thread. This version does not differ from RC 1: RC 2 is out just for cross platform versioning consistency.

Kind regards

Hello!

We're very glad to inform you that AirVPN Suite 2.0.0 Release Candidate 2 for Linux is now available. The original post is updated to show the new download URLs. The important improvements over RC 1 are:

• Cuckoo's design flaw has been fixed. Now cuckoo can be run when no graphic environment is installed
• added check and warning to clearly inform the user when firewalld is configured to be the exclusive owner of its tables / chains / rules
• in case VPN is busy in a pending process (such as reconnecting) stop_connection command is not performed by Bluetit, thus avoiding potential problems
• a few changes to greatly improve network management during sessions based on WireGuard
• libxml2 is now statically linked. This pondered decision was driven by various problems caused by a few Linux distributions inconsistencies with established practices and standards
• linked against the new OpenVPN3-AirVPN 3.12 library

  Please read here, it's very important: https://airvpn.org/forums/topic/70164-linux-network-lock-and-firewalld/

Please note that compatibility with Debian 10 and its derivatives, that reached end of long term support and end of life on June 2024, is lost even for the legacy version, mainly because the Suite is now C++20 compliant. The legacy version remains suitable for Debian 11 and its derivatives.

Kind regards

11 hours ago, Scott Hatfield said:

SOLVED, checked logs, had to chown the open vpn. 

Solved. More details:
https://airvpn.org/forums/topic/70745-eddie-cant-connect-to-any-server/?do=findComment&comment=249545

Kind regards
 

@arcanapluvia

Hello!

The AirVPN Suite offers complete integration with the AirVPN infrastructure, a client/daemon architecture, connections via OpenVPN3-AirVPN and WireGuard, Network Lock compatible with any currently available Linux firewall, per app traffic splitting, synchronous and asynchronous modes, and several other features that you don't have with the native OpenVPN and WireGuard clients. As far as we can evaluate from the feedback the most required features are the infrastructure integration, the Network Lock and the traffic splitting on an application basis, all available in a very light daemon with minimal RAM footprint.

Please note that only the Suite 2.0.0 offers all of the above, and it is currently at Release Candidate stage:
https://airvpn.org/forums/topic/66706-linux-airvpn-suite-200-preview-available/

Apart from the regular user, for the developer Bluetit exposes a D-Bus interface which can be used by client applications in order to control the daemon (thorough developer's manual included). So it is also instrumental to develop clients or have a deep look at how the infrastructure works.
 

Quote

I struggled for a couple hours, getting nowhere. I'm no expert, but I normally can figure out CLI software

Normally you should be up and running in a couple of minutes. If you still experience issues with 2.0.0 version after you have read the user's manual please do not hesitate to open a ticket. Remember to declare your distribution name and version and if possible include a Bluetit log (for example if you are in a systemd based system you can extract it through journalctl).

Kind regards
 

@jhg23

Hello!

A plausible explanation is that the browser downloaded the whole page and not the actual profile. Please try with another browser or use the QR code with the aid of a computer. If a different browser solves the issue, can you please tell us which browser caused it?

Kind regards
 

12 hours ago, copykitty said:

https://dnsviz.net/d/airvpn.org/dnssec/

There are dangling DS records. Breaks DNSSEC for strict resolvers.

Hello!

It's all pre-defined by GoDaddy and nothing can be configured on our side, unfortunately. We will query GoDaddy and warn them about the issue. We own and control authoritative DNS for almost all of our domain names but not for airvpn.org. to add redundancy.

Kind regards
 

16 hours ago, rkp said:

I set permanent Windows Filtering Platform rules that block outgoing traffic, except traffic to the local network and for DHCP purposes.But now of course no connection to AirVPN is possible. How to deal with this? 

Hello!

Already explained in the previous post: enable Network Lock to allow connections to AirVPN infrastructure.

Kind regards
 

Hello!

Thank you for the feedback!
 

7 hours ago, 477277 said:

why does operating 20 tor nodes cost 6k per year?  Shouldn't it be like, I don't know, way less?

That's our contribution to cover the expenses. Just check the price for each 10 Gbit/s full duplex unmetered dedicated line for 1 year to get an idea of expenses for the network traffic, then also consider the depreciation of 20 servers and their maintenance (hardware replacements, manpower maintenance hours...) over the years. It's not like managing a VPS with a few TB per month and a few Mbit/s shared line, and we're talking about exit nodes.

Kind regards
 

1 hour ago, almarateogoza said:

it SOMETIMES switches the IP address to some random country that isnt even owned by airvpn (from whois info). This makes no sense since i have only one peer configured that is to a single airvpn server.

Does anyone have any idea how to fix this? I have problems with my private tracker

Hello!

If the private tracker IP address ended inside some geo-routing for whatever reason (accessibility, or because it is inside some address block that necessitates geo-routing) this behavior would get an explanation. Please disable geo-routing on your AirVPN account DNS panel by switching "AirVPN anti-geolocation system" combo box to "Not active", start a new connection and verify whether the problem disappears or not. 

Kind regards
 

@discov

Hello!

We removed the files attached to your message because they contained your private key. You should proceed to renew it immediately from your AirVPN account "Devices" panel.

After that, in order to generate a configuration working with tls-auth, on the Configuration Generator simply select entry-IP address 1 after you have turned on the "Advanced" switch and you have selected "2.4" on the "Ovpn profile" combo box.

Kind regards
 

14 hours ago, 183aTr78f9o said:

@Staff
Are NixOS packages planned at some point, after the stable version is released? Just curious.

Hello!

The Suite distribution concept avoids any specific package manager for their excessive proliferation. Most of these package managers are incompatible with each other. We count nowadays 18 package managers on 800+ different distributions. Development team is committed to offering exclusively tarballs and an installation script written in sh to ensure compatibility with a wide range of distributions. 

Kind regards
 

@discov

Hello!

Thank you very much.

OpenVPN 2.4 is the oldest supported version but you can try to use 2.4 profiles and a connection to entry-IP address 1 to avoid tls-crypt which is not supported by 2.3.x but it is mandatory on entry-IP addresses 3 and 4. Entry-IP addresses 1 and 2 still support tls-auth, supported by OpenVPN 2.3 as well.

Also consider that OpenVPN 2.3.7 is affected by many bugs which can potentially interfere with the connection. Please try to upgrade, if possible, to OpenVPN 2.3.17, the latest release of 2.3 branch:
https://community.openvpn.net/Changelogs/ChangesInOpenVPN23

If it is not possible to upgrade and you see from the log that the failure is caused by something related to IPv6, consider to disable IPv6 and refuse the IPv6 related push; you have this option on the Configuration Generator, or you can simply delete the following directives from the configuration file:

push-peer-info
setenv IPV6=yes

Kind regards