Staff

Hello! Halloween 2020 deals will end at the midnight between the 2nd and 3rd of November, UTC. Kind regards

Hello! Yes, by a community member, for pfSense 2.4.5. You can find it linked at the beginning of the instructions. For your comfort: https://nguvu.org/pfsense/pfsense-baseline-setup/ Also do not miss the following one too: https://nguvu.org/pfsense/pfsense-multi-vpn-wan/ Home page with so many interesting articles: https://nguvu.org/ Kind regards

@McLoEa Good to know, thank you for the info. We are checking how to address the issue with systemd-resolved working in that specific mode. Kind regards

@jollyroger Hello! That's correct, pre-release code is private. You can check changelog here: https://eddie.website/changelog/?software=client&format=html Kind regards

@lisaAweber Hello! We want to reply for other readers who have similar requests for dozens of different services of various kinds. In this case we can't verify because the app is a little shady, as @giganerd pointed out, but you can test yourself: you can get a three days free trial with no commitments simply by asking for it (open a ticket from your account). Kind regards

@McLoEa Hello! We don't know if it was you who pointed the support team to the following article in a ticket: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/VPACQVWRG5HCWRPBIOTBAENRT6V6PRA4/ If not, the relevant part is: systemd-resolved has various operational modes and Eddie, at the moment, can NOT handle properly the "on link" mode bypassing resolv.conf and relying on nss-resolve. In Fedora 33 systemd-resolved is configured by default in a way that Eddie does not handle correctly. Hummingbird and Bluteit, in the AirVPN Suite, can handle correctly any systemd-resolved operational mode. Disabling systemd-resolved, anyway, should resolve any issue with Eddie and OpenVPN DNS push. In a few words, the key is going back to handle DNS via resolv.conf file as usual. If you wish to disable systemd-resolved: sudo systemctl stop systemd-resolved sudo systemctl disable systemd-resolved IMPORTANT: create a new resolvc.conf file and/or restart network-manager service if necessary. Kind regards

@Krebbin Hello! We're very glad to know it. Eddie Android runs very well on a Sony Bravia TV X900 we tested, and a couple of users confirmed it works fine in another model (X950H). However, we could not manage to test it in other Sony TVs unfortunately. Can you specify your model, if you don't mind, just to add it in our db? What Android version does it run? Kind regards

@jsp21c Hello! Yes, your wait is nearly over. Eddie 2.19.5 is currently tested internally and resolves incompatibility with Windows wintun. It will be packaged with OpenVPN 2.5. Stay tuned. Kind regards

@pop22 Hello! Which Mono version do you have in your system? Try to delete file ~/.config/eddie/default.profile while Eddie is not running and check whether the problem persists or not. From a CLI: rm ~/.config/eddie/default.profile You will need to re-enter your credentials when you re-start Eddie. If the problem remains, can you please test (if you haven't already done so) the AppImage (click "AppImage" icon in the usual download page)? Quick reference to run an AppImage: https://itsfoss.com/use-appimage-linux/ Kind regards

@dr_kristau Good! And congratulations, 571 Mbit/s is a new, absolute, all time client record in our service! You and our server Comae managed to beat Wireguard performance too, that's really something. OpenVPN 2.5 has been released a couple of days ago. Deployment on all servers has been completed but before restarting them all we need to resolve a very annoying problem: apparently a bug which was not there in any beta version and in RC1, but appeared now in the final release. The bug compromises CHACHA20 negotiation on the Data Channel between OpenVPN3 and OpenVPN 2.5 (but it's fine between OpenVPN 2.5<->OpenVPN 2.5). Once we find out, isolate and fix the bug (either on client or server side) we will activate OpenVPN 2.5 on all servers and you will be able to use CHACHA20 on all of them. It's a matter of days, we hope. Kind regards

@carlsaj Hello! Watch out, your account panel shows that you have not forwarded remotely any port. You can do that in "Client Area" > "Ports" (after you have logged your account into the web site). See also: https://airvpn.org/faq/port_forwarding/ Kind regards

@dr_kristau Hello! Thanks for the detailed report. Yes, Wireguard with CHACHA20 peaks 541 Mbit/s whereas OpenVPN peaks 400 Mbit/s. We can't explain why, in OpenVPN, CHACHA20 is faster than AES even in an i7 (which supports AES-NI). AES should be faster. Maybe it was due only to the momentary network heavy usage you mention? Is the library linked by OpenVPN enabled to AES-NI (if it's OpenSSL, it should be by default in any recent version)? Kind regards

@dr_kristau Thanks, let us know. With Wireguard the performance loss you get with CHACHA20 in an AES-NI supporting CPU is more than compensated by the fact that Wireguard runs in the kernel space, while OpenVPN in the userspace (and does not scale in multicore processors). You will not get the same Wireguard performance with OpenVPN CHACHA20 in your Celeron, because of that very fact. In our infrastructure, anyway, even with Wireguard, you should not expect more than 400-500 Mbit/s, because no server usually has more than 800-900 Mbit/s free (things might change in the future with 10 Gbit/s line per single server). Kind regards

@dr_kristau Hello! it's strange that the router has a peak of 85 Mbit/s in upload and 17 in download. It makes us think about traffic shaping in download. Do you have your ISP traffic shaping (or traffic management) policy? By the way, with that configuration OpenVPN 2.5 will not negotiate CHACHA20 on the Data Channel. If you check the log, you should see that you're still with AES-256-GCM. Modify in the following way: delete line cipher CHACHA20-POLY1305 add lines: data-ciphers CHACHA20-POLY1305 data-ciphers-fallback AES-256-CBC Check in the log that OpenVPN 2.5 uses CHACHA20 in the Data Channel. You should see: Yes. 310 Mbit/s with an i7 and AES-256-GCM is expected. It means 620 Mbit/s on the server and it's more or less what we detect from a fiber line in Italy. We managed to beat that performance on the client side toward our VPN servers only from dedicated lines of dedicated servers. Even 85 Mbit/s with the Celeron in AES-256-GCM sound quite reasonable. It remains to be seen why the router in download becomes so sluggish (17 Mbit/s instead of 85 Mbit/s). Finally, feel free to let us know the performance you will get with CHACHA20, we're curious to see what happens with a Celeron. Kind regards

@dr_kristau Hello! Yes, AES-256-GCM is computationally hard for non AES-New Instructions supporting CPUs. Also consider that OpenVPN 2 does not scale and runs in a single thread of a single core, in the userspace. You have a very slight performance improvement when OpenVPN is linked against mbedTLS and not OpenSSL, but it's not really essential.. With your Celeron you should get significant performance improvement with CHACHA20-POLY1305 cipher for Data Channel. For that, you will need OpenVPN 2.5 or higher version (OpenVPN 2.5 stable version was released yesterday). We have completed deployment of OpenVPN 2.5 on all servers now and while we restart the daemons, more and more VPN servers will offer CHACHA20-POLY1305 on both Data and Control Channel. At the moment, you can have CHACHA20-POLY1305 on the servers marked as "Experimental". Remember that OpenVPN 2.5 or higher version is required, as older versions do not support CHACHA20 on Data Channel. Kind regards

Hello! TLS 1.3 is only available on experimental servers, and only on those servers where OpenVPN 2.5 is linked against OpenSSL, because mbedTLS does not support TLS 1.3. When we deploy OpenVPN 2.5 on all servers, it will be linked against OpenSSL, so TLS 1.3 will be available on all servers Keep in mind anyway that, so far, TLS 1.3 with OpenVPN is inessential. Kind regards

Hello! On a 1 Gbit/s fiber line in Italy which does not suffer traffic shaping we record about 330 Mbit/s with Hummingbird and an Intel i7 (in a Fedora 32 system), with AES-256-GCM on Data Channel and connections to Belgium and the Netherlands servers. Hummingbird uses OpenVPN3 linked against mbedTLS, but we record same performance with OpenVPN 2 linked against OpenSSL. Similar, consistent speeds are recorded by many users. Consider that we have in particular a couple of customers who connect only from dedicated servers and keep their speed (with OpenVPN 2 or 3) constantly at 480 Mbit/s (i.e. 960 Mbit/s on the server). What are your system, CPU, OS? Are you sure that your ISP does not enforce traffic shaping and that your CPU is not the bottleneck? Have you tested several servers to maximize likelihood of good peering between your ISP and our transit providers? Kind regards

Hello! We reluctantly have to announce gloomy news to you all: Spooky Halloween Deals are now available in AirVPN... Save up to 74% on AirVPN longer plans (*) (*) When compared to 1 month plan price Check all plans and discounts here: https://airvpn.org/plans If you're already our customer and you wish to jump aboard for a longer period any additional plan will be added on top of already existing subscriptions and you will not lose any day. Every plan gives you all the features that made AirVPN a nightmare for snoopers and a scary service for competitors: active OpenVPN 3 open source development ChaCha20 cipher on OpenVPN Data Channel for higher performance and longer battery life on tablets and smart phones IPv6 support, including IPv6 over IPv4 configurable remote port forwarding refined load balancing to squeeze every last bit per second from VPN servers free and open source software for Android, Linux, Mac and Windows easy "Configuration Generator" web interface for access through third party software guaranteed minimum bandwidth allocation GDPR compliance and very high standards for privacy protection no log and/or inspection of clients' traffic effective traffic leaks prevention by AirVPN software Tor support via AirVPN software on Linux, Mac and Windows various cryptocurrencies accepted without any intermediary crystal clear, easy to read Privacy Notice and Terms https://airvpn.org/privacy No tricks, only treats! Grim regards & datathrills AirVPN Staff

@183aTr78f9o @shaunography Hello! Can you post your Hummingbird log taken just after the problem has occurred? Kind regards

@MyAirVpnDotOrg Hello! From the FAQ answer: It sounds clear, as ports of different nodes (such as your router network interface ports) do not enter into play in the sentence. Maybe you don't know what a port is, hence the confusion, and here we have a problem: if we started to explain networking basics on the FAQ answers, they would risk becoming heavily pedantic and mainly useless.. Check https://en.wikipedia.org/wiki/Port_%28computer_networking%29 Feel free to add your suggestions. Kind regards

@Krebbin Hello! How to sideload and then install an APK in a Sony Bravia TV: https://community.sony.co.uk/t5/android-tv/faq-how-to-sideload-apps-on-android-tvs/td-p/2347365 Eddie APK can be downloaded by following the instructions (link provided in our earlier message: https://airvpn.org/forums/topic/29660-using-airvpn-with-eddie-client-for-android/) Enjoy AirVPN! Kind regards

@Krebbin Hello! Eddie Android edition works just fine in Sony Bravia TVs but you must side load it, after you have downloaded the APK. Once you run Eddie you don't need profiles anymore, or you can have Eddie generate profiles directly in the TV. Check here: https://airvpn.org/forums/topic/29660-using-airvpn-with-eddie-client-for-android/ Kind regards

Hello! We inform you that in the next days server Pisces will change IP addresses. We are upgrading server hardware and in this case IP address change is necessary. Server name, datacenter provider and transit provider will not change. If you run Eddie, the change will be automatically acknowledged. If you use some OpenVPN profile pointing specifically to Pisces, you will need to re-generate it when the switch occurs. Kind regards & datalove AirVPN Staff

Hello! Please check also: https://nguvu.org/pfsense/pfsense-multi-vpn-wan/ Additional ideas, information and detailed instructions to implement pfSense multiple VPN WAN with AirVPN servers, allowing fail-over and load balancing. Kind regards

If you have a proposal of a custom list aimed at blocking domain names, please open a discussion in this forum and provide: Name Description License A raw URL which our system can fetch from periodically in order to build the list It can be either a classic hosts file or a plain list of domain names. In these cases, every domain name is blocked.. Our system can also support a list which returns custom DNS records. Contact us if you want to publish a list of this kind to coordinate with us the file format. Lists that become more huge than 100.000 entries or block domains under our control-list will be automatically disabled. Community lists will be shown in "Lists - Third Party" inside "Client ⇨ DNS" section, opt-in available to AirVPN users. Developers can also obtain lists via "Client ⇨ API" section.