Staff

@pfolk Hello! Do you already use wintun driver, especially on the i5 machine? If not, try it, as the TAP-Windows driver is infamous to cause bottlenecks on some (but not all) Windows systems. The performance on the i7 based machine is fine (400 Mbit/s), but the one on the i5 based machine (200 Mbit/s) seems a little low and you might have a cap caused by the TAP driver (if you haven't already switched to wintun). Which exact i5 processor do you have? Buffer size is fine. Make sure to use AES and not CHACHA20 as your systems should support AES-NI. Kind regards

@bluesjunior It was just for the specific case of the customer who had previously installed some OpenVPN 2.5 beta version that did not support data-ciphers directive. Therefore OpenVPN failed when Eddie ran it with a profile containing that directive, which is supported by OpenVPN 2.5 release. Kind regards

@suroh Hello! We're glad to know that the quick fix resolved the issue. Yes, it's intentional, as it is a more flexible and secure solution allowing exclusive aivpn user setup, place for its files etc., log into its own session to run Goldcrest or any other Bluetit client. Sure, you can do as you prefer, or you can even add your own user to the airvpn group, according to your security needs and preferences, but consider seriously not to run Goldcrest with root privileges and not to add airvpn user to the sudo-ers. By doing the above, you would jeopardize a portion of the security model offered by the client-daemon architecture. Kind regards

@suroh Hello! OK, please hold on, we will release a fixed installation script very soon. If you want to edit install.sh for a dirty hot fix (let us know if it works): 1) Find the line: if [ ! -d "/etc/dbus-1" ] || [ ! -d "/etc/dbus-1/system.d" ]; then and replace it with if [ ! -d "/etc/dbus-1/system.d" ] && [ ! -d "/usr/share/dbus-1/system.d" ]; then 2) Find the lines: cp etc/dbus-1/system.d/* /etc/dbus-1/system.d chmod 644 /etc/dbus-1/system.d/org.airvpn.* and replace them both with the following block of text: if [ -d "/etc/dbus-1/system.d" ]; then cp etc/dbus-1/system.d/* /etc/dbus-1/system.d chmod 644 /etc/dbus-1/system.d/org.airvpn.* fi if [ -d "/usr/share/dbus-1/system.d" ]; then cp etc/dbus-1/system.d/* /usr/share/dbus-1/system.d chmod 644 /usr/share/dbus-1/system.d/org.airvpn.* fi Please note that the uninstall script will also have to be adapted (the fix will include a new uninstall.sh). Kind regards

@6gh54F4 @suroh Hello! Can you please send us the installed D-Bus related packages in your system? Can you tell us whether, in your system: /etc/dbus-1 /etc/dbus-1/system.d /usr/share/dbus-1/system.d exist or not? @suroh, can you please specify your distribution too? Kind regards

Hello! We're very glad to inform you that a new stable release of Eddie is now available for Linux (various ARM based architectures included), Mac, Windows. Eddie is a free and open source (GPLv3) OpenVPN GUI and CLI by AirVPN with many additional features such as: traffic leaks prevention via packet filtering rules DNS handling optional connections over Tor or a generic proxy customizable events traffic splitting on a destination IP address or host name basis complete and swift integration with AirVPN infrastructure white and black lists of VPN servers ability to support IPv4, IPv6 and IPv6 over IPv4 What's new in Eddie 2.19.7 enhanced wintun support in Windows, resolving TAP driver adapter issues and boosting performance Hummingbird 1.1.1 support in Linux and macOS for increased performance (up to 100% boost in macOS i7 systems when compared against OpenVPN 2) portable version for macOS which does not require Mono package installation nftables support by Network Lock in Linux via nft new aarch64 support through a Raspberry OS 64 bit beta specific build improved IPv6 support many bug fixes Eddie GUI and CLI now run with normal user privileges, while only a "backend" binary, which communicates with the user interface with authentication, gains root/administrator privileges, with important security safeguards in place: stricter parsing is enforced before passing a profile to OpenVPN in order to block insecure OpenVPN directives external system binaries which need superuser privileges (examples: openvpn, iptables, hummingbird) will not be launched if they do not belong to a superuser Eddie events are no more run with superuser privileges: instead of trusting blindly user's responsibility and care when dealing with events, now the user is required to explicitly operate to run something with high privileges, if necessary Backend binary is written in C++ on all systems (Windows included), making the whole application faster. Settings, certificates and keys of your account stored on your mass storage can optionally be encrypted on all systems either with a Master Password or in a system key-chain if available. Eddie 2.19.7 can be downloaded here: https://airvpn.org/linux - Linux version https://airvpn.org/macos - Mac version https://airvpn.org/windows - Windows version Eddie is free and open source software released under GPLv3. Source code is available on GitHub: https://github.com/AirVPN/Eddie Complete changelog can be found here. Kind regards & datalove AirVPN Staff

Hello! We're very glad to inform you that a server located in Stockholm (SE) has been upgraded: Ain. Server is now connected to a 10 Gbit/s line and port, while the motherboard has been replaced with a more powerful CPU. IP addresses remain the same. You don't need to re-generate configuration files, even if you don't run our software. As usual the server includes load balancing between daemons to squeeze as much bandwidth as possible from the 10 Gbit/s line. The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other Air server, Ain supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/Ain Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

@OpenSourcerer OK. Ideally take the output just before you run Bluetit, then, if the problem occurs, save that output. Kind regards

@OpenSourcerer Hello! The output is fine. We'll be waiting for the next one to compare. What is the exact distribution? Kind regards

@OpenSourcerer Hello! Probably the kernel tells Bluetit that IPv6 layer is not available when you see the "problem". It's not enough that IPv6 is available locally in the system, of course (that's a pre-requisite only to tunnel IPv6 over IPv4). Can you give us the list and properties of all physical interfaces just before you start Bluetit with the "problem" and the exact distribution which you have this inconsistent behavior on? Kind regards

@airvpnclient Thanks! Ticket received and the matter is under investigation. We will update this thread too when we find anything relevant, for all readers. Kind regards

@Acteon Hello! It's not planned at the moment. OpenVPN over an additional SSL/TLS tunnel is nowadays made obsolete by tls-crypt. Same block circumvention abilities, much higher performance. NOTE: you can have Eddie run Hummingbird if you wish to use OpenVPN 3 AirVPN library while at the same time you want the ability to add an additional TLS tunnel by stunnel. Make sure to run Eddie 2.19.7 or higher version (older versions can't invoke Hummingbird 1.1.1 properly). Kind regards

Hello! When Bluetit starts, it asks the kernel whether the IPv6 layer is available. Furthermore, Bluetit asks systemd to be run only after the network layer is up. If systemd launches Bluetit when IPv4 layer is up but IPv6 layer is not, Bluetit correctly is started by systemd and informed by the kernel that IPv6 is not available, and will not use it during its entire run life. It is important not to rely on IPv6 when the kernel tells that it's not available, otherwise OpenVPN3 library will throw various, critical errors. You first experienced this "problem", then you reported that it was resolved, then you again report that you experience the problem, but Bluetit code in that part has never changed between beta1 and final release, so what is ridiculous here? We can't understand your hostile attitude. It comes to mind that the inconsistent behavior you report is due to the fact that Bluetit is run by systemd before the IPv6 layer is available, while when you did not detect the problem the IPv6 layer had already come up when Bluetit was started. Please check: if you find that starting Bluetit manually when the IPv6 layer is surely up does not cause the problem, then you have a confirmation of the above. Let us know. That seems correct and expected, as Goldcrest can't bypass bluetit.rc settings, by design based on very good reasons. Kind regards

@Debsin Hello and thank you for your choice! In AirVPN we have a specific setup for IPv6 push aimed at maintaining compatibility with older OpenVPN versions which had a heavily bugged IPv6 support. If you wish IPv6 push from our server you need to send the server the "IPV6" user variable set to yes. Therefore you need the following directives (add them in your "Custom configuration" box):: push-peer-info setenv UV_IPV6 yes That said, you must also be aware that some DD-WRT builds do not support IPv6 over IPv4 tunneling with OpenVPN. They keep routing IPv6 packets outside the VPN tunnel. If that's your case, you will need to disable IPv6 on the router to prevent IPv6 leaks, or connect behind the router devices directly, after you have disabled OpenVPN on the router. Kind regards

@Searching Hello! You can safely test Eddie 2.19.7 as no critical problems have been reported so far. If you experience any problem, you can easily roll back to some previous Eddie release. If that's necessary, remember to roll back to Hummingbird 1.1.0 too. If you need a link to re-download older Hummingbird version just ask us. Kind regards

@Searching Hello! You can safely test Eddie 2.19.7 as no critical problems have been reported so far. If you experience any problem, you can easily roll back to some previous Eddie release. If that's necessary, remember to roll back to Hummingbird 1.1.0 too. If you need a link to re-download older Hummingbird version just ask us. Kind regards

@Searching Hello! Hummingbird 1.1.0 requires macOS Mojave or higher version, while 1.1.1 requires High Sierra or higher version. We will fix the error in the download page. There is no documentation to run Hummingbird from Eddie but it's very simple to do that. From Eddie main window select "Preferences" > "Advanced" and tick "Use Hummingbird". Eddie 2.19.7 or higher version is required (do not try with older versions because they can't launch Hummingbird 1.1.1 properly). See here to download Eddie latest beta release: https://airvpn.org/forums/topic/46329-eddie-desktop-219beta-released/ Kind regards

@airvpnclient Hello! Let us try under OSMC latest release and reproduce the issue. In the meantime please open a ticket and, if you don't mind, send us your account password (in the ticket - you can then change it even immediately after you have sent it to us) as well as your bluetit.rc file. About communications with Bluetit, default policy allows any user in group airvpn so you should not run Golcdrest with root privileges, just run it from any user in airvpn group. Normally login failure at boot would not be a problem because Network Lock would be enforced anyway, but in this case we saw issues with Network Lock too. Did you disable Network Lock in bluetit.rc ? We will keep you posted both here and in the ticket system. Kind regards

@airvpnclient Hello! Thank you for your feedback, we're very pleased to read it. However, we have found a problem in you log, unfortunately: Jan 14 21:13:57 osmc bluetit[940]: ERROR: Cannot activate network filter and lock We would like to investigate. Can you please give us your system iptables version? Kind regards

@mvjfnchd Hello! It's a bug which has been fixed in 1.1.1 version. For a quick workaround: sudo rm /etc/airvpn/* then start Hummingbird again. After the upgrade, you should not experience the issue anymore. https://airvpn.org/forums/topic/48833-linux-airvpn-suite-100-released/ Kind regards

@6gh54F4 Hello and thank you for your choice! In order to have the suite properly run, you need to install and configure the whole D-Bus infrastructure The error message "ERROR: D-Bus is not properly configured or not available " is caused by the fact that D-Bus is not properly configured or installed. If it's not installed, please install it. If it's installed, please make sure that it's active and running: sudo systemctl enable dbus.service sudo systemctl start dbus.service https://wiki.archlinux.org/index.php/D-Bus If D-Bus is already running but the problem persists, please re-contact us. Kind regards

Maybe you already know it. When a country consistently has more than 65-70% allocated (used) bandwidth, we consider the expansion. When a country has consistently more than 90% allocated bandwidth, expansion is mandatory. Currently Canada is around 55% while Sweden less than 50%. However, in Sweden, we have much stronger demand in Stockholm (better peering with various residential ISPs) than Uppsala. If you consider Stockholm as an area of its own, or equivalently Sweden as a country relying essentially on Stockholm, then you have consistently 70% allocated bandwidth. That's why expansion in Stockholm is now under evaluation with higher priority than Canada. Kind regards

@Maggie144 Hello! It's an Eddie bug which has been patched on the fly, can you please re-download the package for Mac when version 2.19.7 is available? It will be released soon. In the meantime, to get higher performance with HB 1.1.1, you can run it directly. Anyway Eddie 2.19.7 will be released very soon. EDIT: you can download now Eddie 2.19.7 featuring the fix. In https://airvpn.org/macos click "Other versions" then select "Experimental". The download page will then point to Eddie 2.19.7. Download and install as usual. Kind regards

Hello! You can now do that with Bluetit. Configuring Bluetit to connect during system bootstrap is a straightforward, very simple procedure, Furthermore, you will run a real daemon, and not a user process, therefore you have a higher security level. and you don't need a systemd unit that's questionable for a user process. Bluetit can start and connect during bootstrap of both systemd and SysV-style init based systems. https://airvpn.org/forums/topic/48833-linux-airvpn-suite-100-released/ Kind regards

Hello! You can now do that with Bluetit. Configuring Bluetit to connect during system bootstrap is a straightforward, very simple procedure, Furthermore, you will run a real daemon, and not a user process, therefore you have a higher security level. Bluetit can start and connect during bootstrap of both systemd and SysV-style init based systems. https://airvpn.org/forums/topic/48833-linux-airvpn-suite-100-released/ Kind regards