Staff

Hello! Not entirely, because we aim at maintaining approximately the current redundancy. The reason is that for redundancy considerations and non linear CPU load on amount of connected clients we cannot deem one 3 Gbit/s server as equivalent to three 1 Gbit/s servers and even less so 10 Gbit/s server equivalent to ten 1 Gbit/s server. In this specific case four servers have been replaced by four servers (if you add up the other 10 Gbit/s server in Los Angeles) and more should come in Florida. Kind regards

Hello! Excellent, please keep us posted (moderators will keep the thread open for the readers and your valuable information on the test). Let us know whether you need help in order to build Gluetun in Raspberry OS 64 bit. Kind regards

@firefox4dawin Hello! Apparently, something is blocking either UDP or OpenVPN. Please check any antimalware and packet filtering tool (including QoS tools) both on your system and router. If you find nothing blocking, try to switch to WireGuard and check what happens: from Eddie's main window please select "Preferences" > "Protocols" uncheck "Automatic" select any line with WireGuard. The line will be highlighted. click "Save" and re-start a connection to apply the change please make sure to test a few servers in different locations around your node If WireGuard can connect, the problem is OpenVPN specific. Otherwise, UDP might be blocked and you can try an OpenVPN over TCP connection. Again change connection mode as described above, but this time pick: OpenVPN protocol TCP port 443 entry-IP address 3 (THREE) Please update the thread when you can. Also feel free to open a ticket for direct assistance by the AirVPN Support Team. Kind regards

@dersik Hello! Eddie doesn't support traffic splitting on an application basis, we're sorry. This feature is available in the AirVPN Suite 2 preview versions for x86-64 based Linux systems. A build for ARM 64 bit will be ready in the near future, please stay tuned: https://airvpn.org/forums/topic/56704-linux-airvpn-suite-200-preview-available/ The Suite (which lacks a GUI that anyway you don't need) will let you use reverse traffic splitting. It's not what you aim for, because the Suite tunnels everything except what you run outside the tunnel, while you need the "complementary" thing (i.e. tunnel nothing but one application) but it might be useful anyway. Alternatively, containers can be considered, so that only a container traffic is tunneled.The torrent program would run in the container. Gluetun features native AirVPN support but we have never tried to build it on a Raspberry OS (did anybody tried this?) but it is possible according to documentation and some reports. Gluetun is based on Alpine for a Docker image with a very small RAM footprint. Kind regards

Hello! MTU is critical in layer 3 VPN connections. If the MTU exceeds the frame size in your network, packets don't fit and must be re-transmitted. You will see this only when the packet to be wrapped is too big. Therefore, with some web sites or services packet should be re-transmitted forever and the site will never load. With other services you might notice nothing wrong. WireGuard IPv4 link MTU default settings (from 1360 to 1420 bytes) may be too big to some networks and apparently that was the cause of the problem you experienced. MTU should be set to the maximum possible working value beyond which problems start to appear, as larger MTU may allow higher performance. See also Kind regards

Hello! Please type on any terminal: man eddie-ui Please see also: https://eddie.website/support/cli/ Kind regards

Hello! We're very glad to inform you that a new 3 Gbit/s (full duplex) server located in Raleigh, NC (USA) is available: Polis. Polis supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. The AirVPN client will show automatically the new server; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses and 4096 bit DH key not shared with any other VPN server. You can check the status as usual in our real time servers monitor: https://airvpn.org/servers/Polis Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Staff

@irxhnfdptv Thank you very much for your tests! The problem is now understood and a fix is coming on the next alpha version which will be out in the very near future, stay tuned! Kind regards

Hello! We're very glad to inform you that two new 3 Gbit/s (full duplex) server located in San José, CA (USA) are available: Bunda and Imai. They support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses and 4096 bit DH key not shared with any other VPN server. You can check the status in our real time servers monitor: https://airvpn.org/servers/Bunda https://airvpn.org/servers/Imai Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Staff

@irxhnfdptv Thanks, so it looks like the problem is Bluetit-specific. Can you please send us (here or in private) the complete Bluetit log, taken after the problem has occurred, that you can print with the following command? sudo journalctl | grep bluetit Kind regards

@irxhnfdptv Hello! WireGuard can't connect. Might it be blocked in your network? If you try a connection with the native WireGuard client for Linux, is it successful? You can generate a profile for WireGuard on our Configuration Generator available in your AirVPN account "Client Area". By testing the WireGuard client directly you may let us discern whether the problem is Bluetit-specific or not. Kind regards

Hello! The main reasons: for companies whose core business is based on personal data harvesting and reselling (with or without the consent of the data subject) VPNs are a part of a serious threat e-commerce companies consider connections from VPNs more risky for fraud attempts by the hobbyist, implementing a generic black list which includes VPN and Tor exit nodes IP addresses may be seen (probably wrongly we dare to say) as an added security filter against cracking attempts Kind regards

Hello! The web server might bind to any interface so please make sure that you keep our software "Network Lock" option enabled to prevent any traffic leak outside the VPN tunnel. Kind regards

Hello! @cccthats3cs Thank you very much, those documents are interesting indeed. All the matter is indeed a risk which we warned our users about according to their threat model since AirVPN's birth. The described investigation techniques may be instrumental to bring to justice criminals without enforcing provider to blanket data retention, and therefore they show once again the correctness of the Court of Justice of the European Union which forbade repeatedly EU Member States to oblige any ISP to perform blanket data retention. We're also pleased to see that AirVPN made no technical mistake instrumental to the suspect's incrimination and that a "trap and trace" device had to be physically installed outside AirVPN servers Unfortunately the same methods might also be used by powerful crime organizations or agencies of regimes hostile to human rights to find out and suppress activists, "dissidents" and limit freedom of expression and information. For this reason we wrote extensively about how to defeat easily such powerful adversaries (provided of course that your system is pristine, not compromised, an essential pre-requisite). In 2012 we published this for example: https://airvpn.org/forums/topic/54-using-airvpn-over-tor/?tab=comments#comment-1745 Multiple times we warned about the danger of "black boxes" and it's not incidental that "OpenVPN over Tor", for example, has been implemented in our mainstream software since 2011 or 2012 and it is advertised in the home page while Tor is also listed in the "Download" > "Other technologies" section. Kind regards

Hello! We inform you that the following servers are being withdrawn: Servers: 1+1 Gbit/s Alkes, Merope, Sabik (Los Angeles, California) Reason: not meeting our requirements anymore for hardware and lines. Replacement: yes, two 3+3 Gbit/s servers in San Jose (California), planned for January the 14th 2024 or earlier, on top of the new (already active) 10 Gbit/s server in Los Angeles (Saclateni). Servers: 1+1 Gbit/s Pollux (Jacksonville, Florida) Reason: not meeting our requirements anymore for hardware and line. Replacement: yes, one 3+3 Gbit/s servers in Raleigh (North Carolina, planned for January the 16th 2024 or earlier) + expansion in Miami planned for the near future. Kind regards and datalove AirVPN Staff

Hello! This is an ancient problem on some very old Eddie version (2.18), while the forced shut down is CORRECT AND EXPECTED if you don't disable the exit confirmation prompt, do you really have an identical problem with latest releases? Please open your own thread and also open a ticket (attach a system report, please). The problem might be slightly different or the same or it could be just an expected behavior, in any case this is probably not the correct thread. Kind regards

Hello! Please see here for a quick and easy solution: https://airvpn.org/forums/topic/56643-stuck-in-a-broken-route-never-connects/?do=findComment&comment=225323 Kind regards

Hello! Please jump to the thread linked by @monstrocity for a variety of workarounds and some explanations. In this very moment you can access Reddit from Netherlands, Switzerland and other Europe VPN servers, even without logging in. From other servers you will need to log in to Reddit to be able to read subreddits. Kind regards

Hello! For the purpose of domain name resolutions, VPN server scores are computed on the following variables: average ping (between VPN servers themselves); average load; average users; known issues; ISP reliability. In the case of Xuange, currently it does not achieve the "best" score in Europe or in Switzerland because the amount of connected users is sufficiently high to outweigh the amount of free bandwidth. Kind regards

@dersik Hello! The problem is under the attention of Eddie's developer. To start Eddie without GUI, please note the "--clie" typo. The correct option is "--cli". You might still experience problems, even without the GUI, but it's worth a test. Do you need to connect over WireGuard or OpenVPN? Kind regards

@supermanvthanos Hello! Set the link MTU size identical to the size set by Mullvad and then increase at little steps. 20 bytes by 20 bytes. Consider that: Mullvad software forces the MTU size to 1280 bytes (at least some time ago, we don't know whether they changed it recently) Eddie 2.21.8 lets WireGuard set the MTU size and it does not offer an option to change it. If WireGuard makes a wrong choice Eddie 2.21 can't fix it Eddie 2.23.x sets MTU size to 1320 bytes but also lets you change it in Preferences > WireGuard window, a new feature. If you want to test it: https://airvpn.org/forums/topic/56428-eddie-desktop-223-beta-released/ if you run native WireGuard utilities you can change MTU size by entering the directive MTU = n, where n is in bytes, in the [Interface] section of the configuration file. You can edit it with any text editor each time you change MTU size you must re-start the connection to apply the change. Perform the speed tests to fine tune and find the optimal MTU size for your network. Rationale: too small and too big MTU sizes deeply impair performance. In the first case there's a waste of room in the frame, in the second case a whole packet must be re-sent for each packet too large for the frame. Feel free to open a ticket if you need support directly from the AirVPN support team. This is the community forum so it's not the proper place as the community can't do anything about it obviously. If you decide for a refund you will need to open a ticket (click "Contact us" on the web site or write to support@airvpn.org). Kind regards

Hello! You can always know for sure that your web traffic and any other traffic did not leak, provided that you enable "Network Lock" option in Eddie. This feature is a set of firewall rules, so even if Eddie crashes you know that no leaks can occur (unless you reset the firewall rules with root privileges, of course ). Yes, it seems comfortable. Actually, you don't even need double hop and a SOCKS proxy to exit on different countries with different containers. You may connect directly each container to a different country server without double-hop and therefore you will have remarkably higher performance on each tunnel and for the whole container, so you are not limited to a single program, and you are not limited to TCP (and not even limited to WireGuard, just in case you need OpenVPN for some blocking or other reason). The limit is 5 concurrent connection slots, which should be anyway enforced to prevent "infinite account sharing" of course. On the other hand, switching proxy directly from inside Firefox is faster if you need only Firefox and the useless double hop performance hit may appear as a fair price to pay. Currently you can do it in AirVPN but with external proxies, since we have no plans to operate directly SOCKS5 proxies at the moment. The proxy will anyway see only the VPN server exit-IP address and together with end to end encryption you would be fine. Kind regards

Hello! The Kaspersky VPN interface causes a critical error to OpenVPN: To solve the problem please set Eddie to ignore any alien interface: Select from Eddie's main window Preferences > Networking, write eddie in the "VPN interface name" field click Save. You may also consider to switch to WireGuard to bypass the alien interface. You can do it in Preferences > Protocols window. Uncheck Automatic, select a WireGuard connection mode and click Save. Kind regards

Hello! Effective "Kill switches" are available in Merlin WRT (set Block routed clients if tunnel goes down option to Yes), Tomato and DD-WRT (check Killswitch box). On older OpenWRT versions and other routers supporting OpenVPN or WireGuard you can implement a "kill switch" via specific rules once and for all. The additional SOCKS proxy connection you mention based on SOCKS proxy available inside the VPN does not solve the leaks hazard. It may prevent leaks only for those applications which are explicitly and manually configured to connect to the proxy inside the VPN. Any other application and especially any system process will not have such protection. It is advisable that you enable a proper method of preventing leaks, which will take just a few seconds and is explicitly implemented in any modern router firmware, instead of this somehow flimsy and partial "solution" which is not and should not be advertised as a general traffic leaks prevention method and which provides a false and therefore dangerous sense of security, as your own message hints to. Furthermore, Mullvad introduced this complication in order to be able to guarantee that you always appear on the Internet with the same IP address when you connect to the same VPN server and when an app will "proxy" the traffic. That's not necessary in AirVPN where you already and always have the same public IP address when you connect to the same VPN server. Kind regards

Hello! Can you publish or send through a private ticket a system report generated by Eddie (the Air software client) just after the problem has occurred? Please see here to do so: Kind regards