Staff

Hello! This type of issue has been addressed on the beta 2, can you please test it? The crashes you experienced should not occur anymore. Keep us posted! Kind regards

Hello! Can you please try 1.0 beta 2 now? This issue has been addressed and the crash you experienced should not occur anymore. Keep us informed! Kind regards

Hello! We're glad to inform you that Eddie Android edition 1.0 beta 2 has just been released. Please test intensively and report back any anomaly, you will help us roll out Release Candidate 1 within the 15th of July as planned! Special thanks to all the beta 1 testers: thank you for your time, patience and sharp reports which have helped us improve the code and fix bugs. This beta 2 version takes advantage of the full localization which was implemented since alfa versions. We have added Italian and Spanish languages at the moment. Italian and Spanish beta testers, please feel free to report any typo or error you find in the messages, of course. Here's the changelog. Changelog 1.0 beta 2 (VC 2) - Release date: 06 July 2018 by ProMIND Miscellaneous: - [Morvotron] Added Spanish localization files - [pj] Added Italian localization files - [ProMIND] Fixed some incompatibilities in NavigatorView layouts in order to better support different devices/Api levels. This should also avoid startup crashes detected in 1.0 beta 1 - [ProMIND] Revised mono package versions and support. This should improve stability in certain devices/Api levels as well as avoiding startup crashes detected in 1.0 beta 1 AndroidManifest.xml - [ProMIND] Removed unneeded MANAGE_DOCUMENTS permission MainActivity.cs - [ProMIND] OnActivityResult(): Added a log warning for unhandled and unexpected requestCode LogActivity.cs - [ProMIND] Log timestamps (date/time) are now shown in local time format. Exported log timestamps are in UTC time. SupportTools.cs - [ProMIND] GetOpenVPNProfile(Android.Net.Uri profileUri): Profile size limit in now set to 200kb. This prevents ANR in case of huge binary files parsing - [ProMIND] ConfirmationDialog(string message): confirmation message now has "yes" and "no" buttons instead of "ok" and "cancel" Kind regards and datalove AirVPN Staff

Hello! It's an issue we should be able to resolve quickly. EDIT: it's taking longer than expected. Please use .airservers.org in the meantime. We might be dropping .airvpn.org in the near future. Kind regards

Hello! We're very glad to inform you that four new 1 Gbit/s servers located in Germany are available: Intercrus, Serpens, Tucana and Veritate. The AirVPN client will show automatically the new servers, while if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other "second generation" Air server, they support OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. Please note that these new servers will replace three older servers in Germany, and precisely Lepus, Libertas and Perseus which will be withdrawn on July the 11th, 2018. Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! Thank you. On our testing machines: Mido (Xiaomi Redmi Note 4) + LineageOS 15.1 Maguro + LineageOS 14.1 gtaxlwifi + LineageOS 14.1 we can't reproduce the crash. We see you have xposed (from the crash report). On the above machines we don't have the xposed framework, so it might be important to know whether you made some Eddie specific customization with xposed or you run some peculiar xposed module. An example: if you modify some specific Android resource such as drawer or navigationview, Android can't run them, but Eddie (the org version) relies on them in a different way than the old "com" version did (we need them to ensure compatibility with API We look forward to hearing from you. Kind regards

Hello! Noted. One of our physical testing machines is Lineage 14.1 based so we can try to reproduce the issue exactly. Can you please tell us whether you tested the previous "com.eddie.android" application? If so, can you please check and report whether you still have the Mono shared runtime library installed? If so, please delete it and check whether the crash still occurs. Kind regards

Hello! It's not "wrong", it's just in GMT to have a shared time frame without having to ask each user for their local time. In this way it's possible for us to correlate some issue with (if any) VPN servers problems and quickly discern whether the issue was on our side or not. About the date: it is of course possible to implement a local date format and export it in UTC. Log generation will be anyway deeply reviewed because the current implementation loses too much info from OpenVPN 3, and we will consider this option seriously. Good. We left the OpenVPN default included in the GitHub source code we compiled. Tag version "3.git.master" identifies (currently) the latest OpenVPN version. Keep testing, thank you very much! Kind regards

Hello! Thank you for the information. So the block is against us specifically, not against OpenVPN. Good to know. Draw your own conclusions about Zone Alarm "quality". We're not in the position to make recommendations on a specific tool, but we can tell you what to avoid: Kaspersky Internet Security 2018 (but this is a recognized bug which could be fixed in the future by Kaspersky) Avast, a minor problem: it removes/quarantines from your system curl.exe which is a tool for HTTP(S) used by Eddie Kind regards

In addition to giganerd's reply, we would like to add that starting from Eddie 2.14 a new system capable to circumvent Fortinet blocks which are specifically meant against Eddie, not against OpenVPN (and any other block against our bootstrap servers) has been implemented. That was necessary because in this case to provide comfort Eddie enlarges the block surface, it's unavoidable if you don't want to use pre-generated configs for OpenVPN. Kind regards

For convenience this thread is locked and the reports about Edide bugs etc. will continue here: https://airvpn.org/topic/26549-eddie-android-edition/?do=findComment&comment=75371 Kind regards

@giganerd Thank you. You must have downloaded the old version "com". We have now unpublished it from the store to prevent any further confusion, we apologize for any inconvenience. The reported crash might be caused by a missing OS support. RR is a "bleeding edge" ROM which is known to enhance performance at the price of low level compatibility, which is the case with Eddie using native libraries. Probably you will experience the very same crash even with the new release "org.airvpn.eddie", can you please try? In any case an investigation on this crash has been initiated. Kind regards

Hello! With the permission of the user, we reproduce here the intercourse between this user and Kaspersky support team, in order to keep you updated and let you know that Kaspersky IS aware of the problem but is not acting effectively to resolve it. Please find attached, if you are interested following my email exchanges with Kaspersky regarding my claim on AirVPN / Kaspersky bug: /_20 june 2018 fr__om Kaspersky_ :/ /Dear customer// //We thank you for your patience.// // //Please follow the instructions provided below:// // //1. Launch Kaspersky Internet Security// //2. Click Configuration> Protection// //3. Disable all protection modules.// //4. Restart your computer.// //5. Try to connect via AIRVPN.// // //Please inform us if it works, please tell us and then do this:// //1. Launch Kaspersky Internet Security// //2. Click Configuration> Protection// //3. Activate the Antivirus Files module.// // //If it works, please let us know, otherwise activate one by one the modules until the problem appears (always disabling the other modules so that it only has one active at a time) and then do what follows:// // //Please send us the traces of the problem you are having:// // //1. Disable all components in the protection.// //Click Configuration (gear icon)> Protect and disable all components (the switch to the right of each component should turn gray).// // //2. Activate only the component of the protection that is recognized as the source of the error.// // //3. Activate the recording.// //To do this, click on the "Technical Support" icon (headphone icon with headphones, bottom right of the gear icon), then click "Support Tools" and then "Activate Registration" , and then restart your computer.// // //4. Reproduce the problem.// // //5. Disable the recording.// //To do this, click again on Technical Support> Support Tools and finally "Disable Registration" (the small red square).// // //6. Reactivate all modules of the protection you were using.// // //7. Please send us the report of Kaspersky's analysis:// // //Once the tracing has been deactivated, please click on "Send the report to the Technical Support" and then on "Save the report" at the bottom right.// //Enter the no trace by clicking "Save".// // //8. Please send this archive as an attachment, in response to this message./ // _Here is *my answer to Kaspersky lab*__on 02 july 2018 _: -When all modules are disabled, AirVPN Eddie connects normally. -When only the *Antivirus module files* is activated, the connection is normal too -When only *Internet Antivirus* is enabled, Error No AirVPN connection report in PJ -*Anti-banners* alone enabled also causes problem, no VPN connection from the beginning (see PJ) -*Program Manager *also causes problems after a few minutes. Sometimes it takes a while to disconnect! -*Bank protection *also prevents Eddie AirVPN's connection from the very beginning ... _Conclusion :_ on modules that do not seem to be problematic at first, the connection break can occur later ! I feel like I'm doing your job because the problem of incompatibility seems to appear in most users of AirVPN / Kaspersky/ windows in most modules at one time or another ... I'm not the alone. I'm getting discouraged

Hello! We have a report from a customer of ours that confirms this bad behavior and that reports that Zone Alarm support team acknowledged the bug. If you have the time, we would recommend that you contact Zone Alarm customer care. More reports might imply a faster bug fix from them. Kind regards

Sure! This is planned. Together with various other features you find in Eddie for other platforms, it will be implemented. Kind regards

Hello! Old ca.crt certificates signed with SHA1 are no more used: the change occurred a lot of time ago, Furthermore, SHA512 is now the new default "setting" for your client certificate. You can handle your client certificate and key from your account "Client Area", please see here: https://airvpn.org/topic/26209-how-to-manage-client-certificatekey-pairs/ If you refer to OpenVPN channels, SHA1 has never been used (and not usable in OpenVPN). The authentication cipher is HMAC or, if you use an AED-ready cipher with latest OpenvPN versions (AES-256-GCM in our service), the authentication of the packets is performed by the AES cipher itself. Even if you use old OpenVPN versions which rely on HMAC SHA1 and/or do not support HMAC SHA384 and/or AES-GCM, you are perfectly safe (do not confuse HMAC SHA1 with SHA1). The math proof for this claim and additional information are reported here: https://airvpn.org/topic/21914-encryption-algorithm-solved/?do=findComment&comment=58238 Kind regards

Hello! We're very glad to announce that a brand new Eddie Android edition has been released. Please see here: https://airvpn.org/topic/26549-eddie-android-edition Kind regards and datalove AirVPN Staff

Hello! We're very glad to inform you that a new version of Eddie for Android has been released. The application ID is now org.airvpn.eddie and the released version is 1.0 beta (UPDATE 21-Sep-18: Release Candidate 5 is now available, please see https://airvpn.org/topic/26549-eddie-android-edition/page-7?do=findComment&comment=77774 ). This release replaces the previous one completely and we recommend that you switch to it. As usual Eddie is free and open source software released under GPLv3. You can participate to the beta testing by joining the beta community in the Google Play Store here https://play.google.com/apps/testing/org.airvpn.eddie Alternatively, if you don't want to access (or you have no access to) the Google Play Store, the apk ill be available soon in our web site. We aim to speed up the release cycle from now on and we confirm that Eddie will be more and more integrated with AirVPN with the progressive implementation of several functions and options that you can find in Eddie for other platforms. In addition to ARM64 support, various bug fixes, improvements and changes have been applied, including changes aimed to make Eddie more consistent with Android design best practices. For a detailed list, please see below the attached changelog. The project has been assigned to a new developer (you can see a credit mention in the changelog) under the supervision and verification, as usual, of Eddie lead programmer Clodo. Please feel free to write in this thread about this new release, what you like and what you hate, and of course any detected bug. Kind regards and datalove AirVPN Staff ChangeLog.txt

Hello! Why should we do that? In other words, what advantages in terms of security and/or performance do a user get from Wireguard (over OpenVPN) when deployed before an audit has been performed? In terms of performance, we are concerned about this: https://www.wireguard.com/performance/ The Wireguard performance is low, while the OpenVPN reported throughput is fake. Remember that we could beat in a single core of an archaic Q6600 CPU 300 Mbit/s in 2014. In 2018 (just a couple of weeks ago) we have obtained 1.7 Gbit/s on our AES-NI optimized machine with a load of 300+ clients practically in just ONE CORE of an E3-1270 @ 3.80 Ghz with a Linux kernel 4.9 and AES-256-GCM (so we could even go higher with ChaCha20 Poly305). The fact that in the Wireguard web site not believable data for OpenVPN is published is a reason of concern. Then, the performance of Wireguard is not interesting, especially on a core of an i7 with ChaCha20. On top of that, it is unfair to deploy to our customers a service based on a software that's not yet been tested enough in our opinion. USA Senator Wyden recently recommended Wireguard to replace everything (IPsec, OpenVPN...) in USA infrastructures and recommended to recommend Wireguard to NIST: https://www.phoronix.com/scan.php?page=news_item&px=WireGuard-Senator-Recommends Why this requirement before any serious audit when we know for sure (from the Snowden documents) that plans to insert backdoors in random number generators and other cryptography-related software, and then have that very software approved by NIST, started several years ago? This is another reason of concern that maybe makes Wireguard wide deployment premature: it is safer to check deeply the software and the ECC employed first, and then deploy to the public. Remember what happened with the infamous Dual_EC_DRBG, we are not short on memory like some of our competitors are, and we are not trading your security for a fistful of dollars by riding the Wireguard hype. When and if Wireguard will prove to be as secure as OpenVPN, and capable to provide the same (or higher) performance, and provide obfuscation and more protocols choice, then we'll be very happy to experiment with it. https://en.wikipedia.org/wiki/Dual_EC_DRBG#Software_and_hardware_which_contained_the_possible_backdoor Kind regards

Hello, we operate in two datacenters in Sweden (Uppsala and Stockholm) with totally different transit providers. In some cases those who have a good peering with one do not have a good peering with the other. In some cases peering is good with them both. Have you tested them both? If you get the same low performance in both you are served by an ISP which does not have good peering with both, in which case test a different country (at the moment we are good with two datacenters in Sweden). Kind regards

Hello! The guide had been updated some time ago to reflect the changes which have been implemented on "Generation 2" servers. Please consult it to modify your Comodo settings accordingly (probably only one change is necessary, you need to enlarge the authorized private addresses of the VPN network zone to the whole range 10.0.0.0/8). Please see here for the reasons of this change: https://airvpn.org/topic/28494-tunnel-private-subnet-changed/?do=findComment&comment=75305 You can find the announcement about Gen 2 servers here: https://airvpn.org/topic/28153-ipv6-support-and-new-smart-features/ Kind regards

Hello, with default settings Eddie prevents DNS leaks through Windows Filtering Platform. The method is the same than that implemented by the "block-outside-dns" directive of OpenVPN. Additionally Eddie lowers the tun/tap interface metric to solve the flawed Windows 10 DNS handling (made even worse by the "Creator" update). Have you modified the default settings or maybe you're running some packet filtering tool which sets WFP rules? Kind regards

Hello! Try to restart Eddie with default settings, just in case the xml file is corrupt. While Eddie is not running please delete this file: C:\Users\Garry\AppData\Local\AirVPN\default.xml You will need administrator privileges to do that. When you re-run Eddie, it will create a brand new configuration file with default settings. Note that you will need to re-enter your credentials. Kind regards

Yes, the subnets are unique for each OpenVPN daemon. You can't overlap when you connect to different servers for multi-homing from the same machine, for example. However, you have several small subnets /24 on each server, one per daemon, and you can't say in advance which subnet your system will enter because of the load balancing system which "welcomes" the clients and "assigns" them to the OpenVPN daemon running in the less loaded core (at the moment of connection). The huge convenience of this implementation is that now we can break the previous throughput limits caused by the lack of "parallelization" of OpenVPN. The Moore's law is being infringed and we can't expect significantly more powerful CPus (at one core level) for a long time; in computing power advancements we will probably never experience again (at least in our life) the peaks of 1996-1998; it's time to fight the software bloat, but a fully scalable multi-core OpenVPN release is probably not coming out soon; therefore the load balancing we have implemented is an immediate break through. Kind regards

Hello! Yes, you're right. We provided the wrong information. 10.4.0.1 can be used as a DNS server from every subnet but does not reply to ICMP. Kind regards