Staff

Hello! Thank you very much for the log. We are considering the issue carefully and we wish to resolve it in 2.1 beta 1 already. Kind regards

Hello! Yes, you have plenty of options. Some suggestions. First, see the documentation here: https://airvpn.org/topic/14378-how-can-i-get-vpn-servers-entry-ip-addresses/ Then consider how the "remote" OpenVPN directive works. An ovpn configuration file with the following directives, for example: remote-random remote nl3.vpn.airdns.org 443 remote be3.vpn.airdns.org 443 might meet your needs, by connecting your client machine to the entry-IP address 3 (port 443) of the "best" server either in the Netherlands or Belgium. You can edit any ovpn file with a text editor, or enter custom directives while you use the Configuration Generator itself. Kind regards

Hello! Just keep in mind that we have not paid a cent to VPNPro reviews. It's a relevant information. Additionally, this web site seems specialized in VPN for consumers' reviews, but it fails to mention even the most relevant facts for potential VPN customers. Example: which VPN apps send your personal data to third parties without your knowledge and consent is in our opinion a key information, which is totally missing in the web site (check the review of NordVPN, for example: no mention of this fact, which is notorious and well documented, see for example https://www.kuketz-blog.de/android-nordvpn-uebermittelt-e-mail-adresse-an-tracking-anbieter ). In general, we can confirm anytime that nowadays environment of "VPN reviews" web sites is a world mainly aimed to make easy money without any respect for the customer. VPNs are asked to pay for reviews, are asked to pay more for one more star, more visibility, higher rank in one out of dozens of categories, etc. etc. And obviously some of them are very happy to pay, because they do not have and decent code of conduct or any mission but maximizing profits. The fact that AirVPN does not contribute to such disgusting practices is jut a consequence of its mission, even though nowadays it might even look like something to be proud of, instead of normal, honest behavior and good business practice. Kind regards

Hello, if your devices end up to the same OpenVPN daemon of the same VPN server you will have a conflict and the last device on the same daemon will cause a disconnection of the previous one, if you use the same certificate/key pair on all devices, thus triggering a loop of connections/disconnections to each device in case all the devices are assigned the same OpenVPN daemon repeatedly. You can't know in advance which OpenVPN daemon you will connect to. Each daemon lives in its subnet and its CPU core and only the VPN server load balancing system decides, for each new OpenVPN connection, which daemon must welcome a client, according to the lowest load. For such purposes, i.e. every time multiple connections to the same VPN server are required, you should take care to use different client certificate/key pairs on each device. Our accounts control panel makes pairs management fast and easy. Please check also here: https://airvpn.org/topic/26209-how-to-manage-client-certificatekey-pairs/ Kind regards

Hello! That's actually unexpected. Switching networks (even from WiFi to LTE and vice-versa) must not cause problems to Eddie and must not, in general, trigger a lock. Eddie receives the correct messages pertaining to network switching by Android. First Eddie pauses the VPN, and when the new network is operational a new connection is established from the previous paused status, so no leak occurs and no VPN lock is necessary. The above is confirmed by countless tests by us and by testers on a multitude of different devices and Android versions, so when/if you have time, might you send us Eddie log taken just after the problem you mention has occurred? Kind regards

Hello and welcome aboard! Have a look here: https://airvpn.org/topic/14378-how-can-i-get-vpn-servers-entry-ip-addresses/ Now, every server has a rating which is based on a formula which takes into consideration ISP reputation, round trip times between a server and all the other ones, load and available bandwidth. Once a "best" server is computed for EACH zone (country, continent or planet) the various entry-IP addresses are entered into the proper DNS records. Records are updated every 5 minutes while *.airdns.org TTL is 1 hour. Kind regards

Hello! We remind you that this is NOT an issue: each time you have a lock, Eddie has saved you from a traffic leak outside the VPN tunnel. When OpenVPN can't maintain a connection, a common and expected problem in mobility, it can't do anything but quitting and trying to re-connect. Here Eddie enters into play and "saves your ass". No other OpenVPN app has a similar, best effort leak prevention. Keep in mind that no high privilege is allowed to Eddie, so a real leak prevention based on system packet filtering table is not possible (you are not in control of Android lower layer), so this trick is the leaks prevention best effort currently available in Android apps ecosystem. We confirm that next Eddie version will offer the option to disable the lock, which will be useful to those who don't care about traffic leaks. When VPN lock feature is disabled, Eddie will simply try to reconnect just like any other OpenVPN based app does, and you will be able to have all the traffic leaks you wish. Kind regards

Hello! If you install the deb package, Eddie will run the OpenVPN and stunnel version installed in the system. You should upgrade them, as in Ubuntu 16 the OpenVPN version that's available in Ubuntu repositories is 2.3.10. If you run the portable version, Eddie comes packaged with OpenVPN 2.4.6 and anyway you can set (in "Preferences" > "Advanced") the path and name of the OpenVPN binary you prefer. Kind regards

Thanks! I did figure the blacklist/whitelist functionality out, and checked that Signal was being ignored when I opened the VPN connection . So it works when I start the VPN, but after some time Signal stops receiving and sending. As soon as I disconnect the VPN I get a deluge of messages and notifications. If the whitelist/blacklist could be made to work consistently this would be the solution. Too bad it's Signal not working because it's one of those I have to have working at all times. The Eddie app is otherwise nearly perfect. Hello! Understood: you would need that black listed applications are not involved by any lock so that they keep any network functionality regardless any problem with the VPN. It's quite challenging at a first glance! We will think about it. You should not have it because ovpn-connect does not feature a lock like Eddie does. You will be able to mimic this behavior in Eddie 2.1 by disabling the lock, however the big challenge is allowing traffic to black listed apps even when the lock feature is on... Kind regards

Hello! Actually this is unexpected, unless you talk about the Master Password. Can you please make sure that "Remember AirVPN login" is enabled in the "Settings" view? About the Master Password, it must be either required every time you start the app from scratch (and therefore the file with sensitive data must be decrypted) or never (if you only use profiles). Feel free to clarify. Kind regards

Hello! If you define an applications white list, all and only the apps in the white list will have their traffic tunneled. All the other apps will have their traffic NOT tunneled. If you define an applications black list, the apps in the black list will have their traffic NOT tunneled, while all the other apps will have their traffic tunneled. Kind regards

Hello! Eddie locks the traffic when a critical connection error occurs exactly to prevent traffic leaks outside the VPN tunnel. Before you unlock the communications, you can shut down applications etc. Each time you see a lock, Eddie has saved you from a traffic leak. Other applications don't lock the communications, instead they try to re-connect, so you have traffic leaks and you are not aware of them. Preventing line problems is of course physically impossible. However Eddie will prevent the tunnel destruction when the physical connection goes down, by locking the communications to the tunnel, and therefore will prevent traffic leaks in such cases. You have traffic leaks and you are happy because you are not aware of them. Next Eddie version will feature the option to disable the lock feature. When the lock is disabled, Eddie will just try to re-connect asap, just like all the other apps do. In this way you can have traffic leaks and remain happily unaware of them, just like it happens with any other OpenVPN based application now. Disabling the lock feature will not be recommended, but we understand that it may be a useful option when you don't care about leaks. Just turn off the "App power monitor" feature or at least allow (in the settings) your OpenVPN based application to run in the background in any case. See here for more insights: https://phandroid.com/2017/04/26/how-to-stop-galaxy-s8-from-sleeping-apps Kind regards

Well, at least on rooted devices this is not a problem since you are free to change such a behavior. Kind regards

Hello! We are very glad to inform you that this feature is already implemented. Make sure you run Eddie 2.0 or 2.0.1. In the server view you can define a white list of server(s) according to your preferences. This feature is missing but you have the option to sort the servers in many ways, even ways which dynamically sort the list according to some server property, for example server load, as you might have noticed. This feature is already implemented: just make sure that Eddie is the app selected for the proper mimetype (for the ovpn files). However, auto-connection when the ovpn file is imported is missing, we can plan to implement it Nice suggestion, thank you. Even this feature can be implemented, yes. We'll think about it. Thank you! Kind regards

Hello! Unfortunately no dedicated effort by Eddie devs can solve this "problem". Eddie runs with your own privileges in Android, so there's nothing you can do against what the system administrator (which is not you) of your device decides to do. Rooting the device would give you back root access to it, however Eddie is thought for un-rooted devices, since rooting an Android device and maintain it is a procedure which is quite difficult for the average user. That said, the typical manufacturer which decided to freeze background apps (Samsung) provides you with the option to disable such a feature, so in this case the problem you mention can be solved in a few seconds. Kind regards

Hello! Yes, this is expected. It's the purpose of VPN lock: preventing leaks outside the VPN tunnel, within the limits enforced by limited privileges. You need to shut down apps before you start a new connection to prevent leaks. You can't prevent system apps traffic leaks, which would occur anyway in un-rooted devices. By setting system packet filtering rules in the Linux packet filtering table. This is possible only in rooted devices, though. By default Android devices allow only unprivileged access and you're not the administrator of your device. You can't therefore use a firewall to modify the Linux packet filtering table, or access directly Linux parts without passing through the upper Android layers. Yes, this will be possible in the next Eddie version. By disabling VPN lock Eddie will behave just like "OpenVPN for Android" or "openvpn-connect" and many other OpenVPN based applications of our competitors, allowing free leaks at any time. Disable VPN lock only when you can afford traffic leaks outside the VPN tunnel by any app at any time. Unfortunately not, for the same reason explained above: Eddie Android and you are not in control of your system. Kind regards

Hello! Use a profile (that you can generate with our Configuration Generator) and make sure that in the "Settings" view the option "Restore last imported OpenVPN profile" is enabled. If you reboot or turn off the device when OpenVPN is still connected through an imported profile, then Eddie will restart and reconnect to that last profile at the next device boot. Next Eddie version (whose first public beta release is expected on February the 15th) will let you handle multiple profiles at once and will let you generate profiles from settings (so you don't need to use the configuration generator in such cases). Kind regards

Hello! OpenVPN total overhead in routing mode (our setup, using tun and not tap) and with UDP as protocol is 69 bytes per packet (in reality with HMAC SHA-2 which we use it will be slightly more but that's negligible): https://openvpn.net/archive/openvpn-users/2004-11/msg00649.html With a packet, say, of standard 1500 bytes size, that's ~4.6% . Something else must enter into play in your case, because the overhead you report is largely unexpected. Packet retransmission (due to errors), important fragmentation are perhaps the first things to check. Kind regards

Hello and thank you for your feedback and suggestions, they are very much appreciated. We would like to explain why we can't meet all of your requirements. The remaining points are already implemented either in Eddie 2.0.1, Eddie 2.1 (next release), or will be implemented in the future. Good suggestions. thanks. This is extremely hard to implement because you can't really rely on ICMP on mobile networks. A single ping may take hundreds of milliseconds, especially in 3G networks, but even in 4G networks, so you might need hundreds of seconds to compile for all the VPN servers the round trip times with just a couple of pings to each of them. This will drain battery as well remarkably. And for what? A couple of pings in a mobile network, due to its nature, are not relevant. Here we have a different philosophy, since we consider the Master Password a basic security feature to protect your password and your certificates. You can anyway connect at device boot via a profile. Eddie 2.1 will be able to handle multiple profiles and even create profiles from the settings, no need for the Configuration Generator. About automatic AirVPN login, it's already implemented, maybe you have missed this feature. We consider it as a very friendly feature, since it's the only effective way to prevent leaks, which in mobility can be frequent. Anyway this option can be disabled in Eddie 2.1, for those who don't care about traffic leaks outside the VPN tunnel, even permanent leaks, due to their low threat model for example. This feature, available in Android 7.1 or higher versions (while Eddie is targeted even to Android 5.1 or higher versions), might not prevent traffic leaks outside the VPN tunnel during a disconnection-reconnection loop. OpenVPN talks to Eddie, not to Android directly. Then Eddie tells Android that something went wrong. No matter how fast Eddie (or any other app) is to inform the VpnService class, traffic leaks are possible, according to our developers. Again, it depends on your threat model: if you can afford the hazard you will be able to disable VPN lock. Thank you again and enjoy AirVPN! Kind regards

Hello! It's owned by M247. Kind regards

Hello! From the command line interface you can use the following option: --network.ipv6.mode=block Kind regards

Hello! Do you have the option to upgrade to OpenVPN 2.4.x? When our servers see version 2.4 or higher, they push IPv6 routes as well, solving the problem. Alternatively, you can test Eddie 2.17 beta (if you're willing to try a beta version) which fixes the bug. Explanation: OpenVPN versions older than 2.4 do not handle IPv6 properly. So our servers do not push IPv6 routes and related directives when they detect older versions, in order to not break retro-compatibility. However Eddie (for a bug in 2.16.3, fixed in 2.17.2beta) tries anyway to check the IPv6 route in the tunnel and it obviously fails. Kind regards

Hello! We're very glad to inform you that a new 1 Gbit/s server located in New York City (NY, US) is available: Dimidium. The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). Just like every other "second generation" Air server, Dimidium supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.. You can check the server status in our real time servers monitor: https://airvpn.org/servers/dimidium Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! We're very glad to inform you that a new 1 Gbit/s server located in Japan is available: Taphao. The AirVPN client will show automatically the new server, while if you use the OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). Just like every other "second generation" Air server, Taphao supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.. You can check the server status in our real time servers monitor: https://airvpn.org/servers/taphao Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello and thank you! Anyone can just ask for a free trial period of three days by opening a ticket to the "Trial request" department. You can also send your request in a ticket. Eddie desktop edition is under a major revision and during the first/second quarter of 2019 you will see interesting news. Eddie Android edition development goes on as usual and version 2.1 public beta release is scheduled for the first half of February. What additional flexibility would you like to see in Eddie Android edition? Kind regards