Staff

@dedo299 Hello and thank you for your report! We're sorry, we can't understand how it's possible that the packaged Hummingbird 1.0.2 with Eddie for Mac is different than the official Hummingbird 1.0.2, we will investigate. In the meantime, please delete the Hummingbird version you currently have, download Hummingbird (from GitLab or our web site) NOT packaged with Eddie, put it in your command path and compare whether those problems you mention (which problems? feel free to be specific) are resolved or not. If the problems persist, please also consider to run Hummingbird alone to compare. When Eddie runs Hummingbird, Network Lock and DNS are handled by Eddie and not Hummingbird. When you run Hummingbird alone, of course, Network Lock and DNS are handled by Hummingbird itself. Direct link to download Hummingbird 1.0.2 for macOS (Mojave or Catalina required): https://gitlab.com/AirVPN/hummingbird/-/blob/master/binary/hummingbird-macos-1.0.2.tar.gz Kind regards

@dbuero Yes, on top of that CHACHA20 will not give you any boost if your system supports AES-NI. About AES-128-GCM, it can be beneficial for performance only if the conditions we specified were met. Kind regards

@dbuero Hello! CHACHA20-POLY1305 is available only on the servers running OpenVPN 2.5 beta, you can recognize them marked in yellow with the sentence "Experimental ChaCha20" (one in Canada, one in the USA, two in the Netherlands and one in Singapore). You can safely ignore those warnings - it's important however that you run OpenVPN 2.4 or higher version. Kind regards

@dbuero ncp-disable directive disables “negotiable crypto parameters” for the Data Channel. Therefore, the client becomes free to pick a cipher for the Data Channel in the cipher directive, if such cipher is supported on the server side. Without ncp-disable it's expected that you get the error you mention, except for the 1st "favorite" cipher the VPN server wants to negotiate (AES-256-GCM). That's also the reason why we say that AES-GCM has priority over CBC: the CG will generate "cipher AES-256-CBC" for backward compatibility with those OpenVPN old versions that don't support ncp and/or AES-GCM, but newer OpenVPN versions will negotiate AES-GCM. cipher none is not available in any case, as our servers are not configured to admit unencrypted connections for obvious reasons. Anyway, unless your system is loaded by other tasks, a single i7 core (which implements AES New Instructions) can perfectly handle your peak bandwidth, especially when AES-NI is supported by the system. If you see anyway that a core is at capacity (it can happen if your system is loaded by other tasks), try our suggestion: ncp-disable cipher AES-128-GCM Don't bother with CHACHA20-POLY1305 if your system supports AES-NI. Kind regards

Thanks! So, you get a segmentation fault even when you disable network lock? --network-lock off Kind regards

@dbuero In AES New Instructions supporting systems AES-GCM encryption and decryption is indeed faster than AES-CBC. In our service the default cipher for OpenVPN Data Chanell is AES-256-GCM, not CBC. If you see that the core which OpenVPN runs in is at capacity while your system approaches the peak performance consider to use a lighter cipher, for example AES-128-GCM. Add the following directives: ncp-disable cipher AES-128-GCM Of course if your system does not support AES-NI then CHACHA20-POLY1305 should be preferred. Kind regards

@dbuero Understood. The article does not say that OpenVPN is crap for high speed lines, quite the contrary in fact. About getting 315 Mbit/s on our infrastructure (i.e. 630 Mbit/s on the server) well, that's a good outcome, hands down, because our servers are connected to 1 Gbit/s ports and lines. Anyway increase your buffers again, try 2 MB buffers: rcvbuf 2097152 sndbuf 2097152 Kind regards

Where have you read such idiotic nonsense?

@m1ster We can't see the attachment, something is not working properly. can you send it to support@airvpn.org please ? Kind regards

@bm9vbmUK Hello! Can you please force usage of nftables and check what happens? Use the following option and argument when you run Hummingbird: --network-lock nftables Kind regards

@m1ster Hello! Can you also give us your Android mediaplayer brand and model? Can you send us Eddie log taken before you try to start a connection (we will be able to see important information about system hardware and configuration). OpenVPN for Android can invoke OpenVPN 2.5 or use its OpenVPN 3 library, can you check whether when configured to use OpenVPN 3 it works fine or not? You can switch from OpenVPN 2 to OpenVPN 3 in the settings. Kind regards

@m1ster Hello! Something goes terribly wrong when the tun interface is accessed: does "OpenVPN for Android" work on the very same box? What brand and model is it? Kind regards

@livovo Hello! Just use Tor after you have connected to some VPN server. Tor renews circuit for different streams and at the same time your ISP (and any other entity wiretapping your line or acting with your ISP complicity) will not see that you're using Tor. Only limitation is that Tor does not support UDP. Kind regards

Important update pertaining to Amnesty International: Position of Amnesty International changed on late February 2020: https://www.amnesty.org/en/get-involved/take-action/julian-assange-usa-justice/ when Amnesty asked: thus recognizing that Assange is a political prisoner, as he is charged for his publishing activities. Kind regards and datalove AirVPN

Hello! We're very glad to inform you that a new 1 Gbit/s server located in Tallinn (EE) is available: Alruba. The AirVPN client will show automatically the new server; if you use any other OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other "second generation" Air server, Alruba supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/alruba Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

@airdev Android app must be extensively rewritten to meet new Google requirements for Android 9 and 10. No reason to hurry as the app does everything we and our customers need. It's not written anywhere that an app that works perfectly must be "frequently updated". About Eddie the development is slow, you are correct, but Mac and Linux users can now count on a totally different stable application which is also evolving in something more (i.e. a real daemon with frontend applications). Once completed with a GUI, even Windows development will become faster, as Eddie for Windows can be prioritized over Linux and Mac. We have invested a lot of time to fix critical bugs on OpenVPN3 library (which could not even work properly in Linux) and implement new key features. It's an investment in development time that may make the naive observer think that Air development is slow, but such investment will be repaid with high interests rate in the very near future. Last but not least the development of OpenVPN 3-AirVPN by AirVPN has shaken OpenVPN community and symptoms that the community is waking up have appeared. If OpenVPN3 community wakes up even our fork will require less development time, obviously. Kind regards

@Access everywhere Please pick freely according to your preferences. Hummingbird is much faster, has a tiny RAM footprint (less than 10 MB), it's based on OpenVPN3-AirVPN library, and does not require Mono, but it lacks a GUI (it will evolve with a daemon and GUI only in the near future) and many features of OpenVPN 2 and Eddie. Eddie is remarkably features richer (full integration with AirVPN infrastructure, customized routes, customized events, OpenVPN over Tor are just a few of several significant features that Hummingbird totally misses), offers a complete GUI, but it is much slower and has a huge RAM footprint (exceeding 1 GB in Linux for example). Please note that you can run Hummingbird through Eddie (Eddie 2.18.7 or higher version required) simply by ticking "Use Hummingbird if available" in "Preferences" > "Advanced" window and copying the Hummingbird binary anywhere in your commands path. In this way Eddie will run Hummingbird instead of OpenVPN 2 and you will have the hardened security of Hummingbird vs. OpenVPN 2, as well as a significant performance boost in various phases (during connection and disconnection Hummingbird is up to 300 times faster than OpenVPN 2). Kind regards

@Lee47 Wireguard only supports CHACHA20 in UDP. OpenVPN supports it too. Can you check OpenVPN with CHACHA20? It can be an interesting comparison. Of course the reason might be different: for example, if you run Windows, you might have used different drivers, or simply some other problem on your side, Also, Wireguard is still largely unnoticed because it is not used a lot (and rightly so as it is in beta testing), so ISPs are not yet interested to identify its fingerprint (which is a trivial task because Wireguard does not support any obfuscation technique and can not connect over proxy as it does not support TPC) and disrupt it. The maximum throughput achieved with OpenVPN and Virgin in AirVPN has been 500 Mbit/s by a user in this thread, which is also near the physical limit of our servers (500 Mbit/s on the client side are 1 Gbit/s on the server side). We would bet that you can't beat that performance with Wireguard, especially with AES-NI supporting systems, where the high throughput becomes more and more relevant and put CHACHA20 at a disadvantage (the only boost here is running in kernel space - but not in Android and many clients - which might not compensate AES New Instructions power), so the discrepancy must be found elsewhere. Kind regards

@giganerd That's correct, it's important to know that nftables is currently not supported by Eddie. Kind regards

Hello! You're right, Eddie 2.16 can not run in your environment. Can you please test Eddie 2.18.7 beta? Now the GUI runs with ordinary user privileges (no more GUI running with root privileges) and is run by the account of the DE you use. Other changes have been implemented and compatibility with Wayland should now be 100% - last but not least Eddie backend, running with root privileges, does not need anymore Mono framework (it is written in C++) To test Eddie 2.18.7 beta please see here: https://airvpn.org/forums/topic/45326-eddie-desktop-218beta-released/ Kind regards

@CRC89 Hello! Alternatively, you can wait for a real daemon for Linux. We currently do not offer it but the gap will be filled very soon: a daemon based on Hummingbird is in advanced stage of development and we will release a public alpha version with a CLI client to drive it in the very near future. Kind regards

@Androidlinux Hello! Currently not, we're sorry (you need to send a kill signal to Hummingbird and restart it with a new profile, which is not exactly what you ask for), but this feature will be available in the frontend+daemon solution. Hummingbird will be maintained as a stand alone binary and will also evolve in to a new software. The daemon is already in advanced development stage and initially we will release it together with a CLI frontend. Immediately after that, development of a GUI for the daemon, based on Qt, will begin. Kind regards

Hello! You can't, as you don't have iptables currently. Use nftables instead. Proceed only if you exactly know what you're doing, as Network Lock on the fly changes might cause unintended leaks. Kind regards

Hello! In Linux you can run Hummingbird. It uses our OpenVPN3-AirVPN library which supports CHACHA20 on the Data Channel. Please see here, you will also find instructions on how to configure Hummingbird to use CHACHA20-POLY1305: https://airvpn.org/hummingbird/readme/ Remember to use a profile generated only for the servers which support CHACHA20-POLY1305. They are marked yellow with the phrase "Experimental CHACHA20" in the Configuration Generator or in our web site servers monitor: https://airvpn.org/status NOTE: if your Linux system supports AES-NI then AES cipher may have higher performance than CHACHA20 cipher. Kind regards

@83jd0whx38ns Hello! What is your exact distribution? We have found the problem for example in Debian unstable, and it's a problem of the distribution with the implementation of iptables legacy with nftables. If that's your case too, force Hummingbird to use nftables for Network Lock and the problem should get resolved. https://airvpn.org/hummingbird/readme/ Check the instructions and remember to run Hummingbird with the additional option: --network-lock nftables Remember that Hummingbird (for a good reason aimed to prevent conflicts) by default prefers iptables-legacy over nftables if both are found in a system. However, if iptables legacy exists but does not provide table 'security' then Network Lock can't work because iptables legacy itself does not work properly. We are looking forward to hearing from you. Kind regards AirVPN Support Team