Staff

Social engineering is not required. The attacker just needs to find the forwarded ports. A very quick and easy one-minute job. M247 offers a service which meets and has always met all of our technical requirements at a fair price. It's really something because as you know we are quite demanding. However, we do not want to stay bound with a single provider (simply for failover and redundancy considerations, it has notbhing to do with M247 quality of service), that's why we will not exceed around 25% of our infrastructure with M247. Kind regards

Hello! Please try the following settings: - from Eddie main window select "Preferences" > "Networking" - set the "IPv6 layers" combo box to "Blocked" - click "Save" Alternative solution: upgrade to OpenVPN 2.4 or higher version. Explanation: OpenVPN versions older than 2.4 do not handle IPv6 properly. So our servers do not perform the IPv6 push when they detect older versions, in order to not break retro-compatibility. However Eddie (for a bug in 2.15.x and 2.16.x, fixed in 2.17.2beta) tries anyway to check the IPv6 route in the tunnel and it obviously fails. Kind regards

Hello! Any packet received (through a remotely forwarded port) from the IP address that is also the public entry IP address of the VPN server will be replied to that same IP address from your "real" public IP address. When public entry and exit-IP addresses match (i.e it's only one address) an attacker can simply enter the same VPN and send packets to all the forwarded ports (finding the forwarded ports is of course a "two-seconds" task) and receive replies from the real IP addresses of every and each VPN node. When entry and exit-IP addresses are different, the above can't happen, since listening services can't receive unsolicited packets from anywhere with entry-IP address as origin. Therefore, the PIA configuration you mention is wrong and dangerous when remote port forwarding is available and at least two nodes can connect to the same VPN. If only one node can connect, then it's unsafe for different reasons (weak anonymity layer). Therefore, avoid VPNs which do not provide this basic security configuration (lacking this setup is also a worrying symptom suggesting that they lack proper networking knowledge). If that's not possible, at least avoid remote port forwarding completely when entry and exit-IP addresses are the same, and make sure that you're not the only one connecting to that virtual network. Kind regards

Hello! It is a very essential security feature which protects all of your AirVPN data (username, password, certificates, keys...). Eddie makes every effort to save battery and what you suggest is somehow problematic because it may decrease battery life. Currently Eddie is the only OpenVPN based application which ensures a longer than "OpenVPN for Android" and "openvpn-connect" battery life, therefore we are hesitant to add any non-strictly essential feature which would potentially drain more energy per time unit. Thank you very much! Your suggestions will be kept in due consideration. Kind regards

Hello! In the other devices do you run Eddie as well? In OpenVPN for Android do you run OpenVPN 2.5 or OpenVPN 3 library as engine? Can you name such servers to let us test (in private, if you don't want to report here)? Is the "persistent notification" option enabled? If it's disabled Android can suddenly stop the VPN connection in various circumstances. Kind regards

Hello, it is a real disconnection. Eddie should enter the lock state and the device should have no traffic. Operator's manual intervention is required, thus option to stop in good time any program whose traffic must not be leaked is available. Do you experience something different? KEEPALIVE_TIMEOUT is triggered (with AirVPN and most of other OpenVPN based services) when no reply to any in-tunnel ping is received for 60 seconds. An in-tunnel ping is sent every 10 seconds. If you experience frequent timeouts of the above kind, try to get a stronger mobile signal and test different servers in various locations. Kind regards

Hello! If you blindly trust the feature you mention, in the "Settings" you can tell Eddie to not pause VPN while screen is off (battery will have a shorter life), disable the persistent notification and disable the persistent tun interface. Kind regards

Hello! Eddie (both 1.0 and 2.0) feature a best effort leak prevention. Eddie will also notify you with any relevant event pertaining to the VPN or the network. Once connected to the VPN, therefore, you will know whether the connection is alive or not. If you test version 2.0 beta please send us your feedback at your convenience. Kind regards

Hello! Five simultaneous connection slots are available per account. That said, Eddie Android edition 1.0 is compatible with Android, but in general not with all Android TV systems. Eddie 1.0 will run fine in those Android TV systems which the SAF has not been removed from and where mouse emulation is available. Eddie Android edition 2.0 (currently in beta public testing) is fully compatible with Android TV, even with those systems lacking SAF and/or mouse emulation. Would you like to test it? It passed very successfully the alpha internal testing after all. If so, please see here: https://airvpn.org/topic/30421-eddie-android-edition-20-beta-1-released/ Eddie Android 2.0 final (stable) release is planned for November the 23rd, 2018. Kind regards

It makes tons of sense, trust us, we have so many years of experience about it. The jurisdiction separation makes important distinctions in legal and illegal traffic wiretapping. If you live in a country controlled by a regime which is not friendly toward human rights, the rule is even more important. Anyway it's important in general because the coordinated, legal wiretapping in different jurisdictions require at least the intervention of a magistrate and international cooperation and leaves significant less room to arbitrary wiretapping; while illegal wiretapping might have more issues in breaking physical access into machines in different countries, or more issues in traffic correlation. Kind regards

Hello! The "quick connect" feature respects the so called "golden rule" that claims that you should never connect to a VPN server located in your own jurisdiction. Currently you will need to manually select either a server from the global servers list, a server from the favorite servers list, or import the proper profile from the Configuration Generator to connect to a server located in your own country (or the country Eddie thinks you are in). This is a feature which can of course be changed. Send us your feedback, what do you guys and gals think about it? A key part of leak prevention best effort is the ability to intercept, before it's too late, certain network statūs or OpenVPN error conditions. Every condition which is going to cause a traffic leak outside the VPN tunnel will trigger a proper action to prevent it. When possible, Eddie will restore the tunnel flow. In various error conditions that's never possible and you will have to intervene manually, so you can take care to stop programs whose traffic must not be leaked before removing the lock. "Better safe than sorry" is Eddie Android founding philosophy. In an environment where the running application has limited privileges, you can't rely on a set of firewall rules or on permanent previous default gateway removal, so the task to prevent traffic leaks is challenging and requires some peculiar measures which are unnecessary in a desktop environment. Kind regards

Hello! They are made each time the application wants to estimate which country you are in. It uses a service that's inside the AirVPN infrastructure (ipleak.net), through HTTPS. It does not use external services or GPS or any geo-location method which is anyway available in an Android device. The procedure is part of the smart connection feature in automated mode. We are in an environment where many limitations must be taken into consideration: battery life, high latency networks, networks which block ICMP and more. For example, relying on hundreds and hundreds of pings to determine the lowest round trip times between VPN servers and your node would be an unreliable, battery unconscious and, in many cases, intolerably slow operation. Allowing the application to get the geo-location information (it only needs the country information) will make automatic connections remarkably more accurate. It is a quick, battery conscious, privacy aware procedure. It does not send to AirVPN infrastructure any information that AirVPN servers (including ipleak.net) already receive every time you connect. Kind regards

Hello! We're glad to inform you that we are opening the beta testing phase of our free and open source software Eddie for Android version 2.0. Version 2.0 is a quantum leap when compared to 1.0. It tries to meet most, if not all, of our community requirements and keeps the promises we made: swift and full AirVPN integration as well as Android TV extended compatibility. As usual Eddie is free and open source software released under GPLv3. Note that on 11-20-18 a new version (2.0 beta 2) has been released. Note that on 11-21-18 a new version (2.0 beta 3) has been released. Note that on 11-23-18 version 2.0 stable has been released, so this topic was locked. Please continue here: https://airvpn.org/topic/30774-eddie-android-edition-20-released/ You can participate to the beta testing by joining the beta community in the Google Play Store here: https://play.google.com/apps/testing/org.airvpn.eddie You can also download the Eddie Android 2.0 beta 3 apk directly from our repository: https://eddie.website/repository/eddie/android/2.0beta3/org.airvpn.eddie.apk The application is fully localized and we look for translators, especially for translations into simplified and traditional Chinese. Korean, Japanese, and many other languages are welcome. If you wish to translate (from English) please contact info@airvpn.org for every detail. Eddie Android 2.0 adds tons of new features while keeping all the appreciated old ones: Free and open source OpenVPN GUI based on OpenVPN 3The only Android application officially developed by AirVPNRobust, best effort prevention of traffic leaks outside the VPN tunnelBattery-conscious applicationLow RAM footprintErgonomic and friendly interfaceAbility to start and connect the application at device bootOption to define which apps must have traffic inside or outside the VPN tunnel through white and black listLocalization in English, French, Italian, Spanish. TurkishNew features: Full integration with AirVPNEnhanced security thanks to locally stored encrypted data through master passwordQuick one-tap connection and smart, fully automated server selectionSmart server selection with custom settingsManual server selectionSmart attempts to bypass OpenVPN blocks featuring protocol and server fail-overFull Android TV compatibility including D-Pad support. Mouse emulation is not required.Enhancements aimed to increase accessibility and comfort to visually impaired personsAirVPN servers sorting optionsCustomizable "Favorite" and "Forbidden" serversOpenVPN mimetype support to import profiles from external applicationsLocalization in German, Portuguese and RussianIf you test this new version, do not hesitate to report bugs, problems, considerations and any other feedback in this thread. You will help us reach a stable version more quickly. Please remember to report all the device information (brand, model, Android version, environment) as well as the log taken after the problem is occurred (when and if possible). Changelog 2.0 Beta 3 (VC 12) - Release date: 21 November 2018 by ProMIND QuickConnectionFragment.java - [ProMIND] Changed connection requirements for auto connection mode. IPv4 is now the minimum requirement. - [ProMIND] Show a disconnection dialog in case user cancels the connection procedure - [ProMIND] Notify user in case a favorite server is about to be connected - [ProMIND] Connection progress dialog is now properly dismissed at the end of server list connection Changelog 2.0 Beta 2 (VC 11) - Release date: 20 November 2018 by ProMIND - [giganerd] Added German localization - [giganerd] Added Russian localization - [morvotron] Added Portuguese localization - [ProMIND] Added accessibility support to spinners and buttons without text OpenVPNTunnel.java - [ProMIND] onEvent() now properly manages TCP errors in Quick Connection mode and avoids connection cycling when VPN is connected SettingsActivity.java - [ProMIND] Added setting and functionality for allowing quick connection to connect local (same country) servers AirVPNServerProvider.java - [ProMIND] Changed selection algorithm in order to include local (same country) servers when requested QuickConnectionFragment.java - [ProMIND] Quick connection button can now be used to disconnect any VPN connection Changelog 2.0 (VC 10) - Release date: 14 November 2018 by ProMIND - [ProMIND] Added classes for AirVPN connection, management and integration with AirVPN servers. - [ProMIND] Added classes for AirVPN user login, logout and profiles. - [ProMIND] Quick connection to AirVPN. Full connection support with determination of best server, protocol and mode, including server failover. - [ProMIND] Server connection to AirVPN compliant to AirVPN server list. Creation of favorite and forbidden lists. - [ProMIND] New user interface design - [ProMIND] Full Android TV support, including Storage Access Framework (Android SAF, when available) and full support for d-pad navigation. - [ProMIND] OpenVPN mimetype support. Import OpenVPN profiles from external applications. Native Library 1.3.1 - [ProMIND] Added new APIs for system information - [ProMIND] Updated boost library to 1.68.0 - [ProMIND] Updated to latest OpenVPN3 release Kind regards & datalove AirVPN Staff

Hello! Eddie 2.16.3 (latest stable release) should not call anymore any Wayland incompatible process, can you please test this version? Kind regards

Hello! The new features are now into effect. Please see here for a summary: https://airvpn.org/topic/14378-how-can-i-get-vpn-servers-entry-ip-addresses/?p=28329 Kind regards

Hello! Try to reset both adapters (or uninstall one of them) and make sure that no OpenVPN instance (or any other program which might be locking the tun/tap interface) is running when you then launch Eddie. Select "Start" > "Control Panel" > "Network and Internet" > "Network and Sharing Center" > "Change adapter settings". Right click on the tun/tap Windows adapter and select "Disable" from the contextual menu. Right click on it again and select "Enable" Kind regards

Hello! From your description you might need the traffic of those applications OUTSIDE the VPN tunnel, so you should black list, and not white list, them. If you choose to filter according to a white list, applications in the white list will be the only ones whose traffic is tunneled.If you choose to filter according to a black list, all applications will have their traffic tunneled except those ones which are included in the black list. Kind regards

hi guys! any news? Hello! Yes, we are very glad to inform you that we are deploying this new feature on the Configuration Generator with the addition of new FQDNs. Probably everything will be available today (Nov the 7th 2018) or tomorrow for everybody. Kind regards

Hello! Absolutely. This feature will be implemented. Kind regards

@cm0s We added XMPP as a courtesy and everybody can use it from any account registered on the web site. It's not even required to use XMPP with an account "with the customer's billing information". We don't put at risk anyone with XMPP. If you don't like an additional service provided for free to everybody (and NOT restricted to AirVPN paying customers, we underline it once again) just don't use it, where's the problem? Kind regards

Hello! Please try different buffers for the OpenVPN sockets. In your case you might try to shrink them. You can change buffer sizes in Eddie window "Preferences" > "Networking". Try 128 KB and even 64 KB buffers. Such sizes are too small to get high performance but in some cases may help in online gaming, where you are more interested in response times than pure broadband alone. Kind regards

Hello, the problem seems to be intermittently even worse: as you can see you often get SERVFAIL, i.e. a failure of the authoritative DNS servers. Normally a SERVFAIL means that the authoritative DNS server is down or refuses connections from our DNS servers, we will investigate. Kind regards

Hello! Xfinity enforces traffic shaping, please check their policy. Normally OpenVPN with UDP is shaped most of the time for all broadband users, according to dozens of reports we have. According to several customers of ours, the best throughput is obtained via tls-crypt connection in TCP to port 443 (in AirVPN, you get this connection mode to VPN servers entry-IP address 3 - OpenVPN 2.4 or higher version is required). This connection mode has the ability to circumvent any specific shaping against OpenVPN and UDP, so you will remain subjected only to the general limitations and traffic shaping policies (and of course congestion, if any) enforced by Xfinity. Kind regards

Hello! Yes, this is planned in a very near future. In the meantime you can download the apk from our own repository, check the first message of this thread. Kind regards

Hello! Can you please test Eddie 2.17.2beta and check whether the problem is resolved or not? Please see here to download Eddie latest beta release: https://airvpn.org/topic/29570-eddie-217beta-released Kind regards