Staff

@Saken Hello! We have multiple reports from several customers that show your very same problem. We paste below a solution from the support team which so far has worked fine for most of those customers. Kind regards ==== Please make sure that no antivirus or packet filtering tool interfere. Then, we recommend a test with the wintun driver (a new driver for the virtual tun/tap network adapter used by OpenVPN). It is remarkably more efficient than the TAP-Windows driver and it should also resolve the problem you are experiencing now. 1) Install OpenVPN 2.5 tech preview with wintun driver. You can download it from here: https://openvpn.net/download/openvpn-2-5_git-wintun-technology-preview/ Please make sure that the installer installs the wintun driver too. 2) Configure Eddie to run the new OpenVPN you have installed: from Eddie's main window select "Preferences" > "Advanced" in "OpenVPN custom path" select the proper OpenVPN binary file you have installed in point 1, through the file requester (by default and assuming that your HDD is C, it will be C:/Program Files/openvpn/bin/openvpn.exe) click "Save" 3) Configure Eddie to send a directive to OpenVPN to use the wintun driver: select "Preferences" > "OVPN Directives" from Eddie's main window in the directives field enter the following line: windows-driver wintun press ENTER at the end of the line click "Save" Test again connections to AirVPN servers via Eddie. Make sure to pick servers with high bandwidth availability, check in Eddie "Servers" window or here https://airvpn.org/status Kind regards ====

@Mrd0708 Hello! By default Hummingbird enables network lock. See also --network-lock option. Another good place where you can start Hummingbird at boot is /etc/rc.local If you stop Hummingbird properly with a SIGTERM, network lock will be disabled. If you wish to test network lock when Hummingbird is not running, kill Hummingbird with no grace: sudo kill -9 `pidof hummingbird` Your system will remain with firewall's network lock rules and VPN DNS set. When you're done, to restore your previous system settings, re-run Hummingbird with --recover-network option only. Kind regards

@harryhoudini Hello! You can achieve what you want in a minute or so. While Eddie is NOT running configure your firewall to block all traffic to the Internet. Make sure to allow traffic to and from localhost to avoid possible malfunction, and consider your local network too. When you run Eddie, activating Network Lock will also allow communications with Air infrastructure. When you shut down Eddie, the traffic to the Internet will be blocked again. Kind regards

Hello! We're sorry, inbound port forwarding currently does not work in IPv6. Kind regards

@ravenkor The surface attack would increase dramatically, therefore it's unlikely that they will be re-allowed in the future. If you know exactly what you're doing and you have understood how your scenario might be exploited to escalate privileges and gain control of your machine by an attacker who could manage to break in with limited (normal user) privileges, consider to run OpenVPN directly (without Eddie) so you can have a granular as well as thorough control of your security environment. Kind regards

Unfortunately, wireguard is blocked in China, doesn't work anymore through WG protocol..................I have tested Astrill/Torguard/VPNac woth their WG protocol...........confirmed by torguard staff........ damn.......... Wireguard is not designed to bypass blocks. It's sufficient blocking UDP (or strongly shaping outgoing UDP packets) to make Wireguard unusable, and that's more and more common practice on many mobile ISPs in every continent and country. Forget connections over stunnel and don't even fantasize about connections over SSH. There are also other important limitations and concerns, anyway we will make them all very clear when we offer Wireguard. Please use OpenVPN as usual to bypass China blocks. Kind regards

Hello! "up" and "down" are no more allowed by Eddie. Consider to replace them with Eddie's events (VPN Up, VPN down), so you are sure that the scripts or binaries run by the events are NOT run with superuser privileges. OpenVPN would run them with superuser privileges, which is very risky snd makes your system vulnerable to attacks aimed to privilege escalation. Kind regards

Hello, in your Linux computer, check: $ sha256sum org.airvpn.eddie.apk 600e808c59d29b74ff969fac5add7afcf6ef0d89bddac403c976d3073c0693f3 org.airvpn.eddie.apk Kind regards

@quorion Hello! What is your Operating System exact version? Do you experience problems with OpenVPN custom directives, events or both? About events: since Eddie 2.18 events open a shell with your user privileges and run inside that shell what you specify with your user privileges and no more with superuser privileges. It's an essential security feature, it was too reckless and dangerous to run any event with root/administrator privileges. Now it's users' responsibility to escalate privileges, when absolutely necessary, from a binary or a script linked to an event. Kind regards

Hello! airvpn.dev is a web site aimed to maximum "web security" for maximum rating on SSL Labs without compromises (for example only TLS 1.3 and 1.2 are allowed and only the strongest cipher suites can be negotiated). As a result several Operating Systems can't even access that web site that remains essentially an exercise. https://www.ssllabs.com/ssltest/analyze.html?d=airvpn.dev&s=95.211.138.143 It is debatable whether re-direction from a web site to another through links published in a forum is safe or not with a specific warning. In our production web sites we allow linking, and we publish a warning before proceeding when a user clicks an URL. In airvpn.dev such operation is currently not allowed. If you want to be re-directed from airvpn.dev to an external web site, copy and paste the URL on your browser. Kind regards

Hello! Maybe from inside your docker container the modification of system files is not allowed, it would sound correct under a security point of view. Changing system DNS is not a trivial operation and only a superuser can do it. Kind regards

Open a ticket and receive support in a matter of a few hours, instead of spending time in a sterile controversy. Community forums are for the community by the community, we might read them or not, answer to messages or not. Kind regards

@elbrownos Hello! According to: Fri Apr 24 22:09:51.756 2020 WARNING: Cannot resolve earth.vpn.airdns.org your system can't resolve names. Maybe connectivity is down, between your router and ISP. If that's the case, have you tried to leave Hummingbird running until connectivity is restored? Kind regards

@arteryshelby Hello! Yes, at the moment total country replacement with Estonia and Latvia (both already active). Kind regards

@bluesjunior According to your report you can safely stay with Eddie 2.18.9. Since you are just fine with 2.18.9 you have no real incentive to start beta testing as there is no performance improvement with 2.19.2. Check anyway the bug fixes on the changelog. Should one of those bugs become a problem for you at any time, then you should consider to upgrade. Kind regards

Version 2.19.2 (Tue, 21 Apr 2020 12:42:14 +0000) [bugfix] - Linux - Fixed crash at startup [bugfix] - Windows - Fixed an issue about detection of wintun driver Other feedbacks are under investigation. Thx.

@ecabdf Hello! Yes, even our 1st gen, very old FireStick can stream HD with no problems even with OpenVPN on AES-256 - and you have also the option to gain more performance with CHACHA20-POLY1305. We see that the LG B8 features a CPU that's at least as powerful as the 2nd generation Firestick, so no problems for it as well. Kind regards

@C3emfcb0Nzt0xiDj It doesn't look like a server or server line problem. You can see from the ping matrix that there is no packet loss between servers in the countries you mention. For a cross-check this is what we see from a couple of ISPs from Italy: $ ping -i 0.2 -W 0.2 -c 100 -q 134.19.179.170 PING 134.19.179.170 (134.19.179.170) 56(84) bytes of data. --- 134.19.179.170 ping statistics --- 100 packets transmitted, 100 received, 0% packet loss, time 19869ms rtt min/avg/max/mdev = 35.528/37.343/50.654/2.551 ms Another cross-check comes from @giganerd who uses your very same ISP so the matter is quite puzzling. Can you have your ISP perform a remote check on your nearest DSLAM and last mile? Kind regards

@rymar Hello! The bug is when you shut down Eddie properly and at the next run you find "Recovery" messages etc. etc. If you don't shut down Eddie properly, such messages are correct and expected. The bug does not come out regularly and it's hard to spot, we are investigating. In the meantime you can safely ignore the issue. Kind regards

@rymar Hello! It's a bug and we are investigating. You can in the meantime safely ignore it as it does not affect anything. Can you confirm that you get the following log: even after you have shut Eddie down properly? Kind regards

@giganerd Hi! With OpenVPN 2 we outperform the current data set we have about IPsec on equal terms, as we achieve 1.7 Gbit/s on a Xeon E3-1230 with 300 connected clients in UDP and AES-256-GCM in Data Channel. It must be said however that IPsec works in the kernel space, while OpenVPN in the user space, so IPsec has a significant advantage under this respect. If the data set we have refers to an L2TP/IPsec implementation, that boost might be lost because you need time to convert IPsec to L2TP - and we have not considered the issue so far. On the other hand, OpenVPN community claimed in late 2019 to open source the Linux kernel module of OpenVPN, and that could dramatically outperform IPsec even more (and outperform Wireguard too with AES-NI supporting systems as Wireguard does not support AES). https://openvpn.net/openvpn-hackathon-2019/ "The team expects to open source their kernel module in Q1 of 2020 and afterwards work on merging it into the kernel mainline." If you have any experimental data set showing IPsec beating the performance of OpenVPN 2 in our optimized setup please let us know. On top of that, we must also say that when we founded AirVPN in 2010 we preferred OpenVPN not on performance evaluations, but because the suspicion that NSA had compromised IPsec appeared legitimate. Later, such suspicions appeared even more legitimate, see for example the "Snowden documents" (Bullrun program, for example https://www.mail-archive.com/cryptography@metzdowd.com/msg12325.html) as well as https://weakdh.org/imperfect-forward-secrecy.pdf page 9. Kind regards

@GhastMaster OK, fine! It means the problem was not caused by the bug we have detected. Well, we're glad to know anyway that the problem is resolved. Kind regards

@GhastMaster Hummingbird uses OpenVPN3-AirVPN library which is remarkably more efficient than OpenVPN 2, so a slight throughput improvement is possible. You should also notice connections and disconnections up to 200 times faster than OpenVPN 2. Kind regards

Hello! It's a bug, we have detected it and it will be fixed soon. To resolve the situation in the meantime: open a terminal type the command sudo rm /etc/airvpn/* set your favorite DNS with your system utilities Now Hummingbird will be able to run properly again. Kind regards

Hello! Yes, already checked in another thread months ago, no traffic leaks. Remember that Windows does not reset sockets when routing table and default gateway change but Network Lock prevents leaks. Specifically tested for telemetry service. Firewall rules ensure no traffic leaks but then again you might have processes from the manufacturer that secretly modify the system packet filtering table and then restore them without leaving traces. It's not rational running a closed source Operating System nowadays but that's what most people prefer (at least in the Desktop market), so we provide solutions to minimize risks. Kind regards