Staff

Hello! All AirVPN servers support IPv6 except Kitalpha and Metallah, which are operational inside datacenters that do not have an IPv6 infrastructure at all. Unfortunately, intermittent IPv6 related problems affect the servers you mentioned. Such problems are caused by IPv6 "black outs" in the respective datacenter. We have already contacted datacenter technicians asking for a problem resolution. Kind regards

Version 2.18.7 (Wed, 29 Jan 2020 13:54:35 +0000) [bugfix] - Update notification for beta versions [bugfix] - Windows - Message when driver installation is denied [bugfix] - macOS - Fix of error "hummingbird not allowed: Not owned by root". [bugfix] - Linux - Fix of error "Client not allowed: [...] parent process (spot mode)", CLI edition with sudo [bugfix] - Fix of error "Failed to connect to ... port 89: Connection refused" when using Hummingbird in SSL/SSH mode [bugfix] - Better exception management to avoid some crash (especially when related to Mono) [bugfix] - Linux - Arch deployment and AUR management [bugfix] - Tor Cookie/Password detection in every supported OS [bugfix] - Updated 'curl' binary in Windows and CA file [change] - macOS - Minor info.plist update in CLI edition [change] - Windows/Linux - OpenVPN Management skip [change] - In 'Latency mode', now load and users have minor impact on score.

@usefulvid Thank you. We have reviewed the four tickets (all by the same user) which in your opinion hint to bad support and we don't agree with you. They have all been handled very professionally as far as we can see, and in our opinion, even when the problem of the user was unrelated to AirVPN and therefore totally out of the scope and competence of the support team. Kind regards

@monstrocity Hello, we're very glad to see that the problem is resolved. 2048 packets make the output queue huge, but actually it is proportional to the amount of concurrent connections limit you have set in your torrent software. qBittorrent comes with a limit of 500 by default. The other error you report pertains to a disconnection, unrelated to TCP_OVERFLOW. If you get such disconnections more often when you torrent, please warn us. For the readers: overflow in the TCP output queue is a problem that does not exist in UDP. Kind regards

@56Kmodem @monstrocity Updated thread with a tested solution which hopefully will be confirmed by you both is here: Kind regards

@monstrocity Please increase the maximum amount of packets allowed in the TCP queue with directive tcp-queue-limit n (n is the amount of packets) according to the amount of concurrent, global TCP connections your system needs when you run a BitTorrent software. OpenVPN 3 default limit is 64 packets. For example, add to your profile the following line: tcp-queue-limit 256 Please test again and check whether the problem is resolved. Of course consider to increase the amount of packets beyond 256 if you see the problem persisting. Your feedback is very much appreciated. Kind regards

@inradius It's exactly the contrary. Canada servers rarely need to provide more than 33% bandwidth they are capable of. Even considering the 40% you mention, our infrastructure in Canada is largely OVER sized with enormous availability of traffic and bandwidth. On 90% of the time, you have 18 Gbit/s availability in Canada which is never used by anyone. The issues you mention can not be related to servers available bandwidth, you must have some problem on your side or something else, outside our servers, is the cause of the problem with YouTube etc. Adding servers would be perfectly useless in your case. You might like to open a ticket to investigate the issue more properly. Kind regards

@usefulvid 1) CHACHA20 is not experimental on the client side but yes, it is experimental on the server side because OpenVPN 2.5 is still not in stable phase, although it was promised for November/December 2019. That's why we prefer to clarify it. 2) We don't know why they stick to obsolete versions. OpenVPN 2.4 without tls-crypt supports OpenVPN up to 2.2 so it is not a problem for Windows XP and onwards... OpenVPN 2.3.x should not be necessary anymore for any backward compatibility. Thanks for the answers. Staff account does not have PM enabled for flood reasons, please contact us at your convenience either at info@airvpn.org or open a ticket with usefulvid subject (or from your usefulvid account). Kind regards

@usefulvid Are we correct in noticing that no mention of CHACHA20-POLY1305 (boosting performance of non AES-NI supporting devices and adding dramatically battery life of battery based devices) has been done? If we are right, has it been omitted because it is not considered relevant, or for some other reason? Also, is the fact that AirVPN develops OpenVPN 3 not perceived as relevant by your audience? Candid questions whose answers may be useful to us, but of course feel free to not answer. Important disclaimer for the readers: the author of the review has never been paid, either directly or indirectly, by AirVPN. Congratulations for being one of the few who did not ask for money "or else...". Kind regards

@usefulvid Please point us to the ticket that has not been answered properly. Kind regards

@giganerd Hi, it should be "impossible" and not "more difficult" by deep inspecting the packets. Are you aware of any new method that can find out you're using OpenVPN by only analyzing the flow (i.e. without knowing that on the destination IP address OpenVPN answers)? Kind regards

@monstrocity Hello! Bug detected and under investigation. It involves all versions of OpenVPN 3 library (not only our fork unfortunately) so it must be something we have been dragging with us since the very beginning, OR (worst case scenario) something related to asio library (hopefully not). If you have the option to use UDP, please do it, otherwise stay tuned, we have given very high priority to the bug. Kind regards

@pjnsmb Hello! Hummingbird tries to use in sequence the first available firewall between iptables, iptables-legacy, nftables and pf. In your case, Hummingbird finds iptables-legacy. With IPv4 no errors seems to arise, but the problem comes out with IPv6. ip[6]tables-legacy is a wrapper to nftables, so IPv6 support in nftables might be the problem, or maybe it's a bug in ip6tables legacy in your unstable distribution (or you just disabled IPv6 support in your system, but you told us that you keep getting the error even when you re-enable it, can you confirm?). Can you please re-test Humminbird without the --ipv6 no option you enforced, just in case, and check whether the problem is the same or not? Another possible test, but it's more problematic if you need iptables syntax somewhere in your system or applications, would be removing iptables and iptables-legacy packages. In this case Hummingbird will use nftables. We can not support unstable distributions (you're running Debian Sid according to your ticket) because we can't circumvent all the possible bugs which an unstable distribution may potentially come with: it would be a wrong approach and anyway it would be an overwhelming task. However, we will offer in a near future release the option to force Hummingbird to use a firewall chosen by the user. When the option is available you will be able to force usage of nftables, bypassing iptables-legacy, if it's causing the issue. Please keep us informed if you decide to perform any of the above tests. Kind regards

Hello! We're glad to inform you that Hummingbird 1.0.1 has just been released. Hummingbird is a free and open source software by AirVPN for: Linux x86-64 Linux ARM 32 (example: Raspbian for Raspberry PI) Linux ARM 64 macOS (Mojave or higher version required) based on OpenVPN3-AirVPN 3.6 library supporting CHACHA20-POLY1305 cipher on OpenVPN Data Channel and Control Channel. Hummingbird is very fast and has a tiny RAM footprint. AES-CBC and AES-GCM are supported as well. Version 1.0.1 uses new OpenVPN3-AirVPN 3.6.2 library which features various improving minor changes and fixes an annoying bug which caused "ncp-disable" directive to be ignored in profiles. Note: command line options --ncp-disable and --cipher, when specified, override profile directives. Please consult the following page for details, changelog, instructions and download links. https://airvpn.org/hummingbird/readme/ Hummingbird source code is available here: https://gitlab.com/AirVPN/hummingbird OpenVPN3-AirVPN library source code is available here: https://github.com/AirVPN/openvpn3-airvpn Important: Hummingbird is not aimed to Android. To have CHACHA20-POLY1305 on Android, please run our software Eddie Android edition, which uses our OpenVPN3-AirVPN library. Kind regards

@pjnsmb Hello! You are still running Hummingbird directly. To run it through Eddie (so you have Network Lock by Eddie) please see here: https://airvpn.org/forums/topic/45326-eddie-desktop-218beta-released/?do=findComment&comment=103687 Kind regards

@pjnsmb Hello! Thank you very much, we will investigate. Now you can even use Hummingbird via Eddie, if you wish so, because Network Lock is enforced by Eddie even when it runs Hummingbird. Of course please make sure that Network Lock is applied properly, just in case. Kind regards

@airdev No updates. No changes or new donations in 3rd and 4th 2019 quarters Kind regards

@pjnsmb Thank you for your report! 1) We are aware of re-keying errors (ERROR: KEY_STATE_ERROR ecc.) and we are investigating. They do not cause disconnection but block Perfect Forward Secrecy. 2) Network lock can't be activated, and that's a new error never met before. We think it's related to some change in Debian 11. Can you tell us whether you get the following error: ip6tables-save v1.8.4 (legacy): Cannot initialize: Address family not supported by protocol Sat Jan 18 14:21:10.690 2020 ERROR: Cannot initialize network filter always or only sometimes? It's an important error because it prevents network lock to be enforced, therefore please keep it into consideration, we're sorry. Can you please check whether you have, in your system, both "iptables-legacy" and "ip6tables-legacy"? Can you also tell us whether your Debian kernel supports IPv6, and whether you have disabled IPv6 in some system configuration? Last but not least, can you check whether Network Lock by Eddie 2.18.6 beta is enforced correctly or not, if you have time? Kind regards

Hello! Thank you, sending to devs right now. Kind regards

Hello! Can you give us the exact Android version, as well as TV brand and model? EDIT: if you have a way to extract Eddie log from the TV, please send it to us as well (taken after the problem has occurred). Check whether one of the sharing modes in the "Log" view of Eddie is appropriate. Kind regards

Hello! Connection slots are service related, not Eddie. Please open a ticket at your convenience (if you haven't already done so) describing what you do exactly and the different behavior you see between Eddie 2.18 beta 6 and the the previous version you used. Kind regards

@Terry Stanford Hello! Can you please test Eddie 2.18.6 beta and check whether the same problem occurs or not? To download Eddie latest beta version please see here: https://airvpn.org/forums/topic/45326-eddie-desktop-218beta-released/ Bypassing password authentication to gain root privileges is possible but do NOT do it, it's an important security feature and from your message we suspect that you have no idea of the consequences of what you're asking for. Viscosity did that for mysterious reasons and it did not end well, with exploits which were soon born to gain total control of systems running Viscosity. https://www.exploit-db.com/exploits/20485 A different approach is coming soon which will offer more comfort without compromising security, unlike it happens with some reckless VPN providers. Some of them adopted unacceptable solutions, such as flagging their binaries with x+s flags, so any normal user (even a non-sudoer) could run them as superuser with no authorization, incredibly foolish and dangerous thing and it's even more astonishing that such solutions may be considered in a good light by some people. Stay tuned. Kind regards

@monstrocity Hello! Does the issue occur when you run Hummingbird alone, without having it invoked by Eddie? @56Kmodem Do you have the option to upgrade to Ubuntu 18 or 19? Kind regards

Hello! Sorry, a mistake. Please wait for the next Eddie version which will not need this procedure by you, as @Clodo wrote.. If you can't wait and you like to test right now, just enter: sudo chown root /Applications/Eddie.app/Contents/MacOS/hummingbird

Hello! It's definitely unexpected and probably an Eddie bug. We apologize for any inconvenience. Can you please send us a system report (if you prefer so, you can do it in a ticket), taken just after the problem has occurred? Click "Logs" tab, click the LIFE BELT icon, click "Copy all" icon and paste everything in your message. Kind regards