Staff

@Maggie144 Hello! Since Network Lock is enforced via pf rules, which act directly on the kernel filtering table, it is not plausible that Apple services can bypass them. Leaks observed on Catalina and Big Sur with other software (not our software) take place because filtering rules are enforced via specific network API. The specific network filtering exceptions (for Apple programs) hard coded in macOS Catalina and Big Sur filtering API, which caused a lot of controversies (and rightly so), allow the horrendous behavior. Actually, lack of traffic leaks when Eddie or Hummingbird Network Lock is active on Intel Mac has been thoroughly verified by us through external network sniffers. We confirm that nothing, including Apple services and apps, is able to bypass the firewall (pf) rules. We can perform the same verification on Mac M1 in the near future. The problem in iOS is worse and can't be resolved, because in iOS devices you are not in control of the device filtering table (and you are not in control of the device in general). Anyway we do not write software for iOS, as you know. Should, in the future, "Apple Silicon" platforms evolve in iOS-like system which the user can not control, then they will be unsuitable for purposes where privacy and a layer of anonymity are a priority. We doubt anyway that Apple will expel its own customers from administrative device control like it did with iOS, but let's wait and see. Kind regards

Hello! We're very glad to announce that we have just released Hummingbird for Apple M1 based machines. Hummingbird is a robust, light-weight and very fast OpenVPN 3 command line tool for Linux and macOS offering DNS handling and rock solid traffic leaks prevention out of the box. It's the first time that OpenVPN 3 library and Hummingbird are available as native software in M1 based Mac computers, providing faster execution speed and higher performance. As usual Hummingbird uses our OpenVPN 3 AirVPN library fork, which includes bug fixes and very important features missing in the main branch. Please find overview, details, documentation and download link here: Kind regards

@watcherblue Hello! You can try to disable the route check, so you can determine whether it was a "false positive" or Eddie was right: in "Preferences" > "Advanced" window de.-tick "Check if the tunnel works" and click "Save" in "Preferences" > "DNS" window de-tick "Check Air VPN DSN" enable "Network Lock" from Eddie's main window for additional safety If you see no traffic after the connection, Eddie was right in detecting a route failure, and some other problem is ongoing. If everything is fine, on the contrary, Eddie was wrong (and it remains to be seen why). Kind regards

@OpenSourcerer Understood now, thank you. Kind regards

@dL4l7dY6 Hello! What is the operating system running in your Pi device? Kind regards

Hello! For 2FA we already offer TOTP, which (we think, as far as we can see on documentation after a quick glance) is supported by YubiKey, can you check? Kind regards

@Searching Hello! OK. First of all, can you please make sure that Hummingbird can run successfully? Please run it from a terminal, do not even launch Eddie. Hummingbird documentation and manual: https://airvpn.org/hummingbird/readme/ Let's check binary file ownership too, just in case: please provide us with the output of (when you are in the correct directory): ls -l hummingbird Kind regards

Hello! Please upgrade Eddie at your earliest convenience. You have reported a terrible and actual bug, but it affected only one of the (very) old Eddie versions. Kind regards

@tomMarvoloRiddle Hello! openvpn-connect can be configured as a VPN On Demand application. "VPN-On-Demand ... allows a VPN profile to specify the conditions under which it will automatically connect." Setup is not trivial and requires some patience and time, please see here: https://openvpn.net/vpn-server-resources/faq-regarding-openvpn-connect-ios/#can-i-use-ios-6-vpn-on-demand-with-openvpn Not all OpenVPN services meets "VPN on Demand" requirements. The necessary requisites are met by AirVPN. Kind regards

Hello! We inform you that the following servers located in the Netherlands: Alphecca Alphard Alzirr Asellus Alphirk Chara Matar Phaet are having their IP addresses changed as a necessary datacenter restructuring. What you need to do If you run Eddie (all desktop and Android editions), data will be updated automatically. No action is required. If you have OpenVPN profiles pointing to those servers qualified domain names, everything will be updated automatically. No action is required. If you have OpenVPN profiles pointing directly to those servers IP addresses, you will necessarily have to re-generate such profiles. Kind regards AirVPN Staff

@FunThomas We did not change anything at all... and as we explained the requests you mentioned came from your system itself. Anyway we're glad to know that the mentioned problem is not occurring. Enjoy AirVPN! Kind regards

@Searching Hello! Sure, that test was essential to understand whether the problem was Eddie-specific or involved Hummingbird, it did not imply that we want you to renounce to Eddie. Now that we know that Hummingbird runs just fine, we know that the problem is Eddie-specific and we can investigate with the help of Eddie's developer. First of all, please make sure that Hummingbird belongs to root. Eddie will refuse to run with root privileges a binary file that does not belong to root, and rightly so: it's an important security feature to prevent some kind of attacks aimed at escalating privileges and taking machine control when the attacker can not gain root privileges in the first attack phase. In order to change ownership of Humminbird, open a terminal and issue the following command: sudo chown root /usr/bin/hummingbird The above command will assign Hummingbird to superuser ("root") ownership. We mention /usr/bin because you wrote that you have moved Hummingbird there, but of course enter the correct path if you moved it again. Then re-start Eddie and check whether "Use Hummingbird" is still grayed out or not. Kind regards

@Stack of computer parts Hello! Yes, the OP could do that. It's essential that the Virtual Machine is attached to the host via NAT, in this case, and not bridged. Kind regards

Hello! At a first glance it sounds like a normal packet forward (which is mandatory to have things working) between the physical network interface and OpenVPN virtual network interface. svchost.exe is a Windows system process which takes care of hundreds of different things. Again normal and ordinary. Private subnets in IPv4 can live only inside one of the following blocks: 10.0.0.0/8,. 192.168.0.0/16 and 172.16.0.0/12, so it's perfectly possible that your local network is inside 192.168.0.0/16. Once again, everything seems just fine. Kind regards

@MortenM Hello! Eddie 2.19.7 for Windows 7 has just been re-packaged, please re-download and the problem should be sorted out. Kind regards

For the readers: Ain in Stockholm has been upgraded to 10 Gbit/s line and port. https://airvpn.org/forums/topic/48885-upgrade-ain-becomes-a-10-gbits-server-se/ Kind regards

@spinmaster Hello and thank you! The name resolution problem seems related to your system DNS, Can you tell us whether you see the names resolution error only when a re-connection is attempted? In the Configuration Generator, selecting "OpenVPN >= 2.5" is fine for Hummingbird 1.1.1, because our AirVPN OpenVPN 3 library supports all the needed directives and works in an OpenVPN 2.5 compatible mode for cipher negotiation. Can you please test OpenVPN 2.5 or OpenVPN 2.4.9 with Tunnelblick and check whether you get more, less or the same stability than you have with Hummingbird? The KEEPALIVE_TIMEOUT is an ordinary error caused by connection drop (your node and the VPN server can't communicate with each other for more than a minute). Kind regards

@airvpnclient Hello! Hummingbird sets the necessary rules only (maximum optimization), while Eddie opens traffic to every AirVPN node IPv4 address, therefore it needs some thousand rules. Hummingbird is designed in a way that when a disconnection takes place, Network Lock gets disabled, while Eddie keeps Network Lock until you explicitly tell it to disable Network Lock or exit. Therefore Hummingbird is not a suitable software if you need Network Lock while disconnected, but you can consider a "permanent" Network Lock with proper rules by default, so that traffic is blocked when Hummingbird restores default rules. Bluetit will have a safer behavior, more similar to Eddie's behavior, but you need to remember (as you noticed) that currently Bluetit will not activate Network Lock if an account login fails. We are working to fix this flaw as well, and quickly, in the next imminent release already. Kind regards

@airvpnclient Thanks! The new issue you reported in OSMC is confirmed and under investigation too. Kind regards

@FunThomas Hello! That's one of your own addresses. Specifically, it's the private IPv4 address of your machine in the virtual network. Either you interpret something in some incorrect way, or you're reporting yourself scanning yourself. from your own address to the very same address. As an additional note, we remind you that, in our infrastructure, nodes in the same VPN can't communicate with each other. Kind regards

@thewolfman8326 Hello! Thanks for the report. It's possible that you have a Fedora 33-like setup, i.e. systemd-resolved configured to bypass resolv.conf, and network-manager also running. It seems that in this setup Hummingbird and Bluetit can properly handle DNS push (apart from the glitch you warn us about and which we'll take care the devs are informed about) but update-systemd-resolved script can't. We would also recommend that you run Goldcrest+Bluetit when you have resolved D-Bus issues, as the client-daemon architecture provides you with a more robust and secure solution than Hummingbird does. Kind regards

@pfolk Hello! OK, you're good. We don't think you can try anything else but please feel free to open a ticket. The support team might think of something we currently miss, you never know. Kind regards

@pfolk Hello! Settings to use wintun driver are correct. A specific Data Channel cipher can be defined by directive "data-ciphers". Check your Eddie log to see which Data Channel cipher is used (if in doubt please open a ticket and send a log to the support team). Eddie can accept custom directives in "Preferences" > "OVPN Directives" window. Some examples with ciphers supported by our servers (enter only ONE directive): data-ciphers AES-256-GCM data-ciphers AES-128-GCM data-ciphers CHACHA20-POLY1305 (do not use in AES-NI supporting machines, i.e. desktop computers usually, because performance will be lower). Kind regards

@airvpnclient Yes, every OSMC user must wait for Bluetit next version in any case. Bluetit 1.0.0 does not run properly in OSMC because of OSMC customization. Next Bluetit release will aim at full OSMC compatibility. Kind regards

@SurprisedItWorks Hello and thank you! Historically in AirVPN, you can publish any guide you wish in "General and suggestions" forum. If the guide receives a positive feedback and no critical bugs are found we usually move it either to the instructions page of a specific system or the How-To forum. keeping of course the author's name and content. If a guide is "promoted" in that way, the author usually gets some years of free access to AirVPN as a "thank you". Kind regards