Staff

Thanks! I did figure the blacklist/whitelist functionality out, and checked that Signal was being ignored when I opened the VPN connection . So it works when I start the VPN, but after some time Signal stops receiving and sending. As soon as I disconnect the VPN I get a deluge of messages and notifications. If the whitelist/blacklist could be made to work consistently this would be the solution. Too bad it's Signal not working because it's one of those I have to have working at all times. The Eddie app is otherwise nearly perfect. Hello! Understood: you would need that black listed applications are not involved by any lock so that they keep any network functionality regardless any problem with the VPN. It's quite challenging at a first glance! We will think about it. You should not have it because ovpn-connect does not feature a lock like Eddie does. You will be able to mimic this behavior in Eddie 2.1 by disabling the lock, however the big challenge is allowing traffic to black listed apps even when the lock feature is on... Kind regards

Hello! Actually this is unexpected, unless you talk about the Master Password. Can you please make sure that "Remember AirVPN login" is enabled in the "Settings" view? About the Master Password, it must be either required every time you start the app from scratch (and therefore the file with sensitive data must be decrypted) or never (if you only use profiles). Feel free to clarify. Kind regards

Hello! If you define an applications white list, all and only the apps in the white list will have their traffic tunneled. All the other apps will have their traffic NOT tunneled. If you define an applications black list, the apps in the black list will have their traffic NOT tunneled, while all the other apps will have their traffic tunneled. Kind regards

Hello! Eddie locks the traffic when a critical connection error occurs exactly to prevent traffic leaks outside the VPN tunnel. Before you unlock the communications, you can shut down applications etc. Each time you see a lock, Eddie has saved you from a traffic leak. Other applications don't lock the communications, instead they try to re-connect, so you have traffic leaks and you are not aware of them. Preventing line problems is of course physically impossible. However Eddie will prevent the tunnel destruction when the physical connection goes down, by locking the communications to the tunnel, and therefore will prevent traffic leaks in such cases. You have traffic leaks and you are happy because you are not aware of them. Next Eddie version will feature the option to disable the lock feature. When the lock is disabled, Eddie will just try to re-connect asap, just like all the other apps do. In this way you can have traffic leaks and remain happily unaware of them, just like it happens with any other OpenVPN based application now. Disabling the lock feature will not be recommended, but we understand that it may be a useful option when you don't care about leaks. Just turn off the "App power monitor" feature or at least allow (in the settings) your OpenVPN based application to run in the background in any case. See here for more insights: https://phandroid.com/2017/04/26/how-to-stop-galaxy-s8-from-sleeping-apps Kind regards

Well, at least on rooted devices this is not a problem since you are free to change such a behavior. Kind regards

Hello! We are very glad to inform you that this feature is already implemented. Make sure you run Eddie 2.0 or 2.0.1. In the server view you can define a white list of server(s) according to your preferences. This feature is missing but you have the option to sort the servers in many ways, even ways which dynamically sort the list according to some server property, for example server load, as you might have noticed. This feature is already implemented: just make sure that Eddie is the app selected for the proper mimetype (for the ovpn files). However, auto-connection when the ovpn file is imported is missing, we can plan to implement it Nice suggestion, thank you. Even this feature can be implemented, yes. We'll think about it. Thank you! Kind regards

Hello! Unfortunately no dedicated effort by Eddie devs can solve this "problem". Eddie runs with your own privileges in Android, so there's nothing you can do against what the system administrator (which is not you) of your device decides to do. Rooting the device would give you back root access to it, however Eddie is thought for un-rooted devices, since rooting an Android device and maintain it is a procedure which is quite difficult for the average user. That said, the typical manufacturer which decided to freeze background apps (Samsung) provides you with the option to disable such a feature, so in this case the problem you mention can be solved in a few seconds. Kind regards

Hello! Yes, this is expected. It's the purpose of VPN lock: preventing leaks outside the VPN tunnel, within the limits enforced by limited privileges. You need to shut down apps before you start a new connection to prevent leaks. You can't prevent system apps traffic leaks, which would occur anyway in un-rooted devices. By setting system packet filtering rules in the Linux packet filtering table. This is possible only in rooted devices, though. By default Android devices allow only unprivileged access and you're not the administrator of your device. You can't therefore use a firewall to modify the Linux packet filtering table, or access directly Linux parts without passing through the upper Android layers. Yes, this will be possible in the next Eddie version. By disabling VPN lock Eddie will behave just like "OpenVPN for Android" or "openvpn-connect" and many other OpenVPN based applications of our competitors, allowing free leaks at any time. Disable VPN lock only when you can afford traffic leaks outside the VPN tunnel by any app at any time. Unfortunately not, for the same reason explained above: Eddie Android and you are not in control of your system. Kind regards

Hello! Use a profile (that you can generate with our Configuration Generator) and make sure that in the "Settings" view the option "Restore last imported OpenVPN profile" is enabled. If you reboot or turn off the device when OpenVPN is still connected through an imported profile, then Eddie will restart and reconnect to that last profile at the next device boot. Next Eddie version (whose first public beta release is expected on February the 15th) will let you handle multiple profiles at once and will let you generate profiles from settings (so you don't need to use the configuration generator in such cases). Kind regards

Hello! OpenVPN total overhead in routing mode (our setup, using tun and not tap) and with UDP as protocol is 69 bytes per packet (in reality with HMAC SHA-2 which we use it will be slightly more but that's negligible): https://openvpn.net/archive/openvpn-users/2004-11/msg00649.html With a packet, say, of standard 1500 bytes size, that's ~4.6% . Something else must enter into play in your case, because the overhead you report is largely unexpected. Packet retransmission (due to errors), important fragmentation are perhaps the first things to check. Kind regards

Hello and thank you for your feedback and suggestions, they are very much appreciated. We would like to explain why we can't meet all of your requirements. The remaining points are already implemented either in Eddie 2.0.1, Eddie 2.1 (next release), or will be implemented in the future. Good suggestions. thanks. This is extremely hard to implement because you can't really rely on ICMP on mobile networks. A single ping may take hundreds of milliseconds, especially in 3G networks, but even in 4G networks, so you might need hundreds of seconds to compile for all the VPN servers the round trip times with just a couple of pings to each of them. This will drain battery as well remarkably. And for what? A couple of pings in a mobile network, due to its nature, are not relevant. Here we have a different philosophy, since we consider the Master Password a basic security feature to protect your password and your certificates. You can anyway connect at device boot via a profile. Eddie 2.1 will be able to handle multiple profiles and even create profiles from the settings, no need for the Configuration Generator. About automatic AirVPN login, it's already implemented, maybe you have missed this feature. We consider it as a very friendly feature, since it's the only effective way to prevent leaks, which in mobility can be frequent. Anyway this option can be disabled in Eddie 2.1, for those who don't care about traffic leaks outside the VPN tunnel, even permanent leaks, due to their low threat model for example. This feature, available in Android 7.1 or higher versions (while Eddie is targeted even to Android 5.1 or higher versions), might not prevent traffic leaks outside the VPN tunnel during a disconnection-reconnection loop. OpenVPN talks to Eddie, not to Android directly. Then Eddie tells Android that something went wrong. No matter how fast Eddie (or any other app) is to inform the VpnService class, traffic leaks are possible, according to our developers. Again, it depends on your threat model: if you can afford the hazard you will be able to disable VPN lock. Thank you again and enjoy AirVPN! Kind regards

Hello! It's owned by M247. Kind regards

Hello! From the command line interface you can use the following option: --network.ipv6.mode=block Kind regards

Hello! Do you have the option to upgrade to OpenVPN 2.4.x? When our servers see version 2.4 or higher, they push IPv6 routes as well, solving the problem. Alternatively, you can test Eddie 2.17 beta (if you're willing to try a beta version) which fixes the bug. Explanation: OpenVPN versions older than 2.4 do not handle IPv6 properly. So our servers do not push IPv6 routes and related directives when they detect older versions, in order to not break retro-compatibility. However Eddie (for a bug in 2.16.3, fixed in 2.17.2beta) tries anyway to check the IPv6 route in the tunnel and it obviously fails. Kind regards

Hello! We're very glad to inform you that a new 1 Gbit/s server located in New York City (NY, US) is available: Dimidium. The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). Just like every other "second generation" Air server, Dimidium supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.. You can check the server status in our real time servers monitor: https://airvpn.org/servers/dimidium Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! We're very glad to inform you that a new 1 Gbit/s server located in Japan is available: Taphao. The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). Just like every other "second generation" Air server, Taphao supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.. You can check the server status in our real time servers monitor: https://airvpn.org/servers/taphao Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello and thank you! Anyone can just ask for a free trial period of three days by opening a ticket to the "Trial request" department. You can also send your request in a ticket. Eddie desktop edition is under a major revision and during the first/second quarter of 2019 you will see interesting news. Eddie Android edition development goes on as usual and version 2.1 public beta release is scheduled for the first half of February. What additional flexibility would you like to see in Eddie Android edition? Kind regards

Hello! We're very glad to inform you that new 1 Gbit/s servers located in UK are available: Arion and Orbitar, respectively in London and Manchester. The AirVPN client will show automatically the new servers. If you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other "second generation" Air server, Arion and Orbitar support OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Arion and Orbitar replace Algedi and Nunki, which will be withdrawn as they consistently failed to meet the quality of service we require. You can check the servers status as usual in our real time servers monitor: https://airvpn.org/servers/arion https://airvpn.org/servers/orbitar Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! The workaround has been deployed on every Air VPN server. Can you please test now? Kind regards

Hello! There is no way to recover/reset a Master Password which is used to decrypt and encrypt your sensitive data. You need to disinstall the app (so that all the app data are deleted) and re-install it. Kind regards

Hello! Thank you very much for the report. Under investigation. Additional information which can help us remarkably: brand, model and Android version of your device (included anyway in the Eddie log)Eddie log (in the "Log" view you can share log in various ways by tapping the "Share" icon)optionally, the logcat, if you know how to get it and you have timeKind regards

Hello! We have detected an issue related to IPv6 (and not tls-crypt) and Windows which breaks micro-routing on the client side. Micro-routing works just fine and the issue affects WIndows machines only, because of a peculiar behavior of Windows DNS implementation. Customers with anything different than Windows can ignore this message. Although the problem is WIndows-related on client side, we think we can patch it from the server side without harming Android, Linux, Mac etc. We are testing. If the tests are good, deployment on all VPN servers will not take a long time. We will keep you informed. Kind regards

Agree so my subject and original post is valid and it IS a bug as BOTH servers are getting disconnected exactly in sync Hello! It's an expected and correct behavior due to how OpenVPN and more in general the Internet work. See our previous reply for more details, it looks like you missed the meaning of it. Kind regards

Hello! Eddie is under a wide and deep "re-engineering" which needs some more time. A lot of work has been done anyway, and you will see news soon! Kind regards

@NickAtNight Hello! Is it possible to take a logcat from the machine you experience this problem on? The fact that you need to re-enter credentials implies that Eddie restarted (probably crashed) and a logcat could show the cause of the problem. Keep us posted! Kind regards