Staff

@ctri Please try to delete completely everything in /etc/airvpn and start again Hummingbird. Kind regards

@dedo299 Hello! You can check whether Hummingbird is running from a task monitor, or simply via a terminal: ps aux | grep hummingbird | grep -v grep If the output is empty, hummingbird is not running. If you see two processes, Hummingbird is running. Kind regards

Hello! Please check the content of /etc/airvpn directory while Huimmingbird is NOT running. Delete the lock file hummingbird.lock if it's there: sudo rm /etc/airvpn/hummingbird.lock Also check whether /etc/resolv.conf file exists, just in case. Please feel free to keep us posted. Kind regards

Hello! Network Lock, which has been implemented for the first time "in history" of software for VPN by AirVPN in 2011/2012, covers all the limited cases foreseen by a kill switch and many more for which a kill switch is impotent. A kill switch features a very modest subset of Network Lock abilities to prevent traffic leaks outside the tunnel which are covered in any case by Network Lock with a more effective method (firewall rules). In other words, a kill switch is a totally wrong approach to prevent traffic leaks outside the tunnel, and anyway its limited abilities to fulfill leak prevention are fully covered by Network Lock. Kind regards

@wintermute1912 If traffic passes through the tun interface it's in the tunnel, so even if you want to reach 3rd parties DNS servers, the queries and their replies are tunneled, it's not a DNS leak. Even worse: in this way you will never find DNS leaks, even if they are really occurring. To verify effectively you need to check traffic from the physical network interface. Unencrypted DNS queries from the physical network interface, if not blocked by the firewall, hint to DNS leaks for real. Kind regards

@YLwpLUbcf77U Hello! https://duckduckgo.com/?q=spoof+timezone+browser&t=ffsb&ia=web Kind regards

@dedo299 Please do it if you have time: download Hummingbird from the link we provided and run it alone from a terminal (no Eddie at all). Make sure to start the correct Hummingbird binary, of course. Check whether the problems you mention are resolved. What problem do you experience exactly when you run Hummingbird via Eddie? Please note whether the same problems occur by running Hummingbird alone. About the learning curve, from what you write we are sure you can run Hummingbird in a couple of minutes already. A GUI for Hummingbird evolution (daemon+client)I is anyway being developed in the very near future. Thank you in advance. Kind regards

@dbuero Outstanding throughput for Windows, congratulations! You did not mention in this thread that you were running Windows, so we assumed that you ran a different system, sorry, we could have made you save a lot of time. Finally Windows should have a driver for a virtual network interface that allows throughput more in line to what you can get with other systems. Eddie 2.18 beta 8 has been planned to support Wintun. We are also following OpenVPN Linux kernel module (currently closed source, but they could decide to release it under some open source license during 2020). Although our servers can already reach line capacity, higher than 1 Gbit/s throughput is achieved only via multiple OpenVPN daemons, one per core. Spread the word about the performance you can get now with AirVPN and Windows! Kind regards

Hello! Thank you for your article. Just a correction on the quoted part. That's not possible because the Tor exit-node does not know your "real" and/or your "VPN" IP address. In general the exit-node receives all the traffic from middle-relays, which in turn receive the traffic from Tor guards (the entry-nodes). As far as it pertains to your purposes, consider the following setup, especially when high throughput is not a priority: connect the host over "OpenVPN over Tor" run a Virtual Machine attached to the host via NAT Tor-ify everything in the VM use end-to-end encryption, exclusively use only VM traffic for any sensitive task The above setup, we think, should meet all of your requirements. Furthermore, the main fault of "OpenVPN over Tor" (fixed circuit) is completely resolved by Tor in the VM. Kind regards

@owi123 Hello! Traffic splitting on an application basis with OpenVPN is possible on Android and Linux (via cgroups, implemented in Qomui, a free and open source software by @corrado). On Windows,the old methods with code injection aimed to bind to specific network interface are extremely dangerous as we always claimed and probably they don't work properly anymore in Win 10. However, whenever binding is possible, you can achieve the purpose on Windows. A community member @NaDre wrote extensively about that and one of his guides is permanently published in our "How-To" forum. https://airvpn.org/forums/topic/9549-traffic-splitting-guide-to-setting-up-vpn-only-for-torrenting-on-windows-thanks-to-nadre/ As usual, you can consider VM too, a heavy but at the same time extremely flexible and secure solution. You connect only a VM to the VPN (not the host), then you run those applications whose traffic must be tunneled in the VPN in the VM, and those applications whose traffic must not be tunneled in the host machine. Kind regards

@dedo299 Hello and thank you for your report! We're sorry, we can't understand how it's possible that the packaged Hummingbird 1.0.2 with Eddie for Mac is different than the official Hummingbird 1.0.2, we will investigate. In the meantime, please delete the Hummingbird version you currently have, download Hummingbird (from GitLab or our web site) NOT packaged with Eddie, put it in your command path and compare whether those problems you mention (which problems? feel free to be specific) are resolved or not. If the problems persist, please also consider to run Hummingbird alone to compare. When Eddie runs Hummingbird, Network Lock and DNS are handled by Eddie and not Hummingbird. When you run Hummingbird alone, of course, Network Lock and DNS are handled by Hummingbird itself. Direct link to download Hummingbird 1.0.2 for macOS (Mojave or Catalina required): https://gitlab.com/AirVPN/hummingbird/-/blob/master/binary/hummingbird-macos-1.0.2.tar.gz Kind regards

@dbuero Yes, on top of that CHACHA20 will not give you any boost if your system supports AES-NI. About AES-128-GCM, it can be beneficial for performance only if the conditions we specified were met. Kind regards

@dbuero Hello! CHACHA20-POLY1305 is available only on the servers running OpenVPN 2.5 beta, you can recognize them marked in yellow with the sentence "Experimental ChaCha20" (one in Canada, one in the USA, two in the Netherlands and one in Singapore). You can safely ignore those warnings - it's important however that you run OpenVPN 2.4 or higher version. Kind regards

@dbuero ncp-disable directive disables “negotiable crypto parameters” for the Data Channel. Therefore, the client becomes free to pick a cipher for the Data Channel in the cipher directive, if such cipher is supported on the server side. Without ncp-disable it's expected that you get the error you mention, except for the 1st "favorite" cipher the VPN server wants to negotiate (AES-256-GCM). That's also the reason why we say that AES-GCM has priority over CBC: the CG will generate "cipher AES-256-CBC" for backward compatibility with those OpenVPN old versions that don't support ncp and/or AES-GCM, but newer OpenVPN versions will negotiate AES-GCM. cipher none is not available in any case, as our servers are not configured to admit unencrypted connections for obvious reasons. Anyway, unless your system is loaded by other tasks, a single i7 core (which implements AES New Instructions) can perfectly handle your peak bandwidth, especially when AES-NI is supported by the system. If you see anyway that a core is at capacity (it can happen if your system is loaded by other tasks), try our suggestion: ncp-disable cipher AES-128-GCM Don't bother with CHACHA20-POLY1305 if your system supports AES-NI. Kind regards

Thanks! So, you get a segmentation fault even when you disable network lock? --network-lock off Kind regards

@dbuero In AES New Instructions supporting systems AES-GCM encryption and decryption is indeed faster than AES-CBC. In our service the default cipher for OpenVPN Data Chanell is AES-256-GCM, not CBC. If you see that the core which OpenVPN runs in is at capacity while your system approaches the peak performance consider to use a lighter cipher, for example AES-128-GCM. Add the following directives: ncp-disable cipher AES-128-GCM Of course if your system does not support AES-NI then CHACHA20-POLY1305 should be preferred. Kind regards

@dbuero Understood. The article does not say that OpenVPN is crap for high speed lines, quite the contrary in fact. About getting 315 Mbit/s on our infrastructure (i.e. 630 Mbit/s on the server) well, that's a good outcome, hands down, because our servers are connected to 1 Gbit/s ports and lines. Anyway increase your buffers again, try 2 MB buffers: rcvbuf 2097152 sndbuf 2097152 Kind regards

Where have you read such idiotic nonsense?

@m1ster We can't see the attachment, something is not working properly. can you send it to support@airvpn.org please ? Kind regards

@bm9vbmUK Hello! Can you please force usage of nftables and check what happens? Use the following option and argument when you run Hummingbird: --network-lock nftables Kind regards

@m1ster Hello! Can you also give us your Android mediaplayer brand and model? Can you send us Eddie log taken before you try to start a connection (we will be able to see important information about system hardware and configuration). OpenVPN for Android can invoke OpenVPN 2.5 or use its OpenVPN 3 library, can you check whether when configured to use OpenVPN 3 it works fine or not? You can switch from OpenVPN 2 to OpenVPN 3 in the settings. Kind regards

@m1ster Hello! Something goes terribly wrong when the tun interface is accessed: does "OpenVPN for Android" work on the very same box? What brand and model is it? Kind regards

@livovo Hello! Just use Tor after you have connected to some VPN server. Tor renews circuit for different streams and at the same time your ISP (and any other entity wiretapping your line or acting with your ISP complicity) will not see that you're using Tor. Only limitation is that Tor does not support UDP. Kind regards

Important update pertaining to Amnesty International: Position of Amnesty International changed on late February 2020: https://www.amnesty.org/en/get-involved/take-action/julian-assange-usa-justice/ when Amnesty asked: thus recognizing that Assange is a political prisoner, as he is charged for his publishing activities. Kind regards and datalove AirVPN

Hello! We're very glad to inform you that a new 1 Gbit/s server located in Tallinn (EE) is available: Alruba. The AirVPN client will show automatically the new server; if you use any other OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other "second generation" Air server, Alruba supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/alruba Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team