Staff

Hello! We checked thoroughly and all of your tickets have been answered in an average time of 8 hours. All of them. EDIT: we want to add to make it clear to the readers and to be fair to the support team that your last ticket was replied to in 1 hour and 15 minutes. Kind regards

Hello! Currently not, Hummingbird searches in "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/homebrew/bin:/opt/homebrew/sbin". Reading the $PATH variable and add it to the search paths is an option we will consider for sure. Should WireGuard library become available for macOS too we will of course use it. As a momentary patch you can consider a symlink for wg and wireguard-go - both are used by Hummingbird. No, we don't, sorry. Hummingbird makes the OpenVPN3-AirVPN library available to macOS users in a single comfortable binary, to boost performance remarkably over OpenVPN 2 or the OpenVPN3 mainline library, but for WireGuard it is just a wrapper of the tools as we don't have the library in this environment. Since in macOS WireGuard does not run in the kernel space (no kernel module) this core feature for performance is lost and running wg tools or Hummingbird is most probably equivalent. We can't even design a kernel extension (not even if we had the time to plan it) because kexts are no longer allowed. However, with Hummingbird you have a built-in Network Lock (through pf) which wg tools don't offer and that may come very handy to prevent any possible traffic leak outside the VPN tunnel. Kind regards

@Blatantly0156 Hello! It sounds like you are experiencing this bug: https://github.com/qdm12/gluetun/issues/1407 Note this: "It might be because there is a listener going through the tunnel, but gluetun destroys that tunnel on an internal vpn restart and re-creates it. I had the same issue with the http client fetching version info/public ip info from within gluetun, and the fix was to close 'idle connections' for the http client when the tunnel is up again". Therefore, unless something changed in Gluetun, an effective solution is restarting qBittorrent (the 1st workaround explained in the bug thread). Also, try to increase the HEALTH_VPN_DURATION_INITIAL config option as various users reported that this change solved the problem. If all of the above fails, try to bind qBittorrent to the actual tun interface and make sure you're running the latest qBittorrent version. Anyway, not an AirVPN side problem, as you may be already aware of. Kind regards

Hello! It's not an expected behavior... Does the same happen with Eddie 2.24.2 beta version? Kind regards

Hello! Please remember that if the VPN connection takes place from a device that is not compromised, the upstream compromised devices will be unable to understand the traffic content, including the real destinations and sources. Your ISP does not even need to compromise the ISP router, it can just watch your traffic on their upstream equipment (data retention, DPI....). One of the core features of the service is exactly preserving data confidentiality and integrity when such data pass through insecure lines and devices. Therefore, if the connection is established by the Asus router, it is vital that the router and all the downstream devices connected to it, and their line(s), are not compromised, while it does not matter whether the upstream devices and lines of your ISP are compromised, as that will not affect data confidentiality and integrity up to the VPN servers. Always use end-to-end encryption in addition, in order to prevent our own servers from seeing the payload of your traffic and protect content integrity and confidentiality between the VPN server and the final recipient/source of the packets. Kind regards

Hello! UFW is an iptables wrapper which adds its own chains. To complicate the matter even more, UFW does not work with nftables, but probably your system is based on nftables (unless it is a very old distribution). Therefore translations iptables<->nftables are continuously needed and we have seen that some bug affects them. You should consider to drop UFW and use directly the nft userspace tool to set rules, or iptables-nft if you prefer the iptables syntax. In this last case, force Eddie to use iptables too (if Eddie finds nft in your system, it will use it) in the "Preferences" > "Network Lock" window. Kind regards

Hello! Please set permanent firewall rules that block every packet out (set the OUTPUT policy to DROP). Remember (important) to add ACCEPT rules for the following destinations: 255.255.255.255 (DHCPv4), ff02::1:2 (DHCPv6), 127.0.0.1 (localhost) and to your local network. When Network Lock is engaged, this total block will be lifted and only AirVPN servers will be reachable. When Network Lock is disengaged the previous block all rules will be restored. Kind regards

Hello! The paramount IPv6 privacy problem, which was considered by many as a critical or fatal flaw compromising adoption and usage, has been resolved through privacy extensions: https://www.internetsociety.org/resources/deploy360/2014/privacy-extensions-for-ipv6-slaac/ Nowadays, ten years after that article by The Internet Society and 17 (seventeen) years after RFC 4941 virtually all widespread systems have finally adopted the very much needed privacy extensions. However, one bad apple may compromise the whole local network. See for example this paper: https://arxiv.org/abs/2203.08946 where the authors show how a single device at home that encodes its MAC address into the IPv6 address can be utilized as a tracking identifier for the entire end-user prefix. Therefore, it is good practice to verify with care every and each device and making sure that their Operating Systems implement the privacy extensions. Other than that, we can't see any serious hindrance to adopt IPv6 as far as it pertains to privacy. Furthermore, in AirVPN we picked an unorthodox approach, i.e. we implemented NAT66 with ULA, as it is one of those rare cases where it comes handy to strengthen the anonymity layer (a thoughtful analysis of the pros and cons of NAT in IPv6 can be found in the following article for example https://blogs.infoblox.com/ipv6-coe/you-thought-there-was-no-nat-for-ipv6-but-nat-still-exists/ while a pragmatic approach is here: https://blog.ipspace.net/2013/09/to-ula-or-not-to-ula-thats-question/). Switching from privacy to security, probably an informed choice can start by reading this article, that also includes other precious sources, again by the Internet Society: https://www.internetsociety.org/deploy360/ipv6/security/faq/ Kind regards

Hello! No, it is not mandatory. Please make sure not to tick "Remember me" in the sign in box. A logout due to inactivity will then be enforced. We will re-check with the web site maintainers if it's the case to lower the timeout. We have never operated a server in Hungary throughout AirVPN history. You must be confusing AirVPN with some other service. Please note that the area is well covered as we have servers in Serbia, Romania, Austria and Czech Republic. Kind regards

Ah sorry, I've only been really working on wireguard config with the wireguard client, is the alternate one(s) available via DNS? because the airdns.org domains only ever resolve to the same number of addresses as there are servers for the region/country Hello! WireGuard is available on entry IP addresses 1 and 3. Specific areas (country, continent, planet) domain names are available for every entry IP address. Please see here: https://airvpn.org/faq/servers_ip/ Kind regards

@vpn.home3 Hello! A common cause of this error is trying to import a configuration file aimed at an OpenVPN version different from the one your system runs. For example OpenVPN 2.4 does not support various OpenVPN 2.5 new directives. Please check the OpenVPN version your Asus router runs and generate the file accordingly. On the Configuration Generator please turn on the "Advanced" switch in order to see the "OpenVPN profile" combo box that lets you choose the version (2.4, 2.5, 2.6, 2.6 no-dco, 3). You can manage your keys anytime from your AirVPN account control panel (enter it by clicking "Client Area" from the upper menu of the web site). You can delete or renew a certificate/key, or you can create new, multiple certificates and keys. This is a feature AirVPN supports since so many years ago, please see here: https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/ Kind regards

Hello! Currently not, but: https://airvpn.org/forums/topic/63545-new-remote-port-forwarding-system-expansion-with-pools/?do=findComment&comment=239145 However, if you need the same IP address, that option is not relevant for you in this case. Kind regards

Hello! Pool 1 ports are the ports of exit-IP address 1, that's also the exit-IP address of all the traffic except the traffic to pool 2 and its replies. You can always check which is which on your port panel by clicking the Test button of the port you want to check. Kind regards

Hello! Yes, totally correct, at the moment. We do not despise the idea of offering control over exit addresses as well (this is something to be done very carefully, however), we await feedback from the community. Kind regards

IMPORTANT UPDATE 2025-04-03 - PARTS THAT ARE NO MORE VALID APPEAR WITH STRIKE THROUGH CHARACTERS Hello! We're very glad to announce a remarkable expansion of our inbound remote port forwarding system aimed at avoiding once and for all the port exhaustion problem. The comfort and the growth problem In the AirVPN "Port Forwarding" service, unlike some of our competitors we grant that assigned ports are not server specific. We also ensure that they remain permanently reserved to an account for as long as any valid plan is active. This unique system offers unparalleled comfort as you don't have to worry about server switches, zone selections and program re-configurations. However, ports are only 65536, because the space reserved for them in a TCP/IP packet header is 2 bytes, and the inconvenience of the great comfort brought by the AirVPN service is that the port exhaustion is nearing as more and more users decide to use the service. A "no compromise" solution Our goal was to avoid port exhaustion while maintaining maximum comfort. We are introducing a new system specifically designed to achieve this goal. Now we allocate not only a port number, but a port number associated with a port pool. For example a port on pool :1 can be assigned to a user, and the same port number in pool :2 can be assigned to another user. Existing assigned port will come from the first pool (:1). Currently we offer two pools, but more pools can be added whenever necessary. Each user is assigned a specific exit IP address and therefore can access a specific port pool. While a pool nears exhaustion, new registering users are assigned to a new pool. With this method, port exhaustion is postponed indefinitely while the comfort of the service is preserved. A user never bounces back and forth different addresses and does not need to discern pools. The port panel will always show the correct IP address your node is reachable on. Furthermore DDNS will also resolve into the correct address as usual. NOTE: if you are a user who used the previous system with pool 1 and pool 2 ports, and you have a mixture of pool 1 and pool 2 ports, your setup does not change at the moment. However, as time passes by, you will have the option to bring back all of your ports to the same pool, therefore you will not have to worry anymore about different pools and specific, p2p-suitable pools. How it works Each Air VPN server sends out clients' VPN traffic through a shared exit IP address. From now on, AirVPN servers feature multiple exit IP addresses, each of which is linked to a user. Therefore we can determine which pool a port/address is associated with and route traffic accordingly. The implications for AirVPN users and customers The obvious good impact is that port availability increases dramatically. The implementation is truly scalable: the infrastructure may add just one address per VPN server to have an entirely new pool of (65536-2048) ports with no impact at all to users who had previously picked to forward ports remotely. Each user can rely indefinitely, as long as the account has a valid plan, on the same ports and the same exit-IP address. NOTE: if you are a user who used the previous system with pool 1 and pool 2 ports, your setup does not change at the moment. However, as time passes by, you will have the option to bring back all of your ports to the same pool, therefore you will not have to worry anymore about different pools and specific, p2p-suitable pools. The new system is not difficult at all and extremely similar to the previous one: simply use DDNS (*) names with port forwarding, and not the direct IP address. Your account name(s) based on AirVPN's DDNS will always resolve into the correct server's exit-IP address related to the pool of your assigned port. If you prefer to rely on IP addresses or anyway you don't want to define domain names through AirVPN's DDNS, you can find the correct IP address used by clicking the Test Open button available in your AirVPN account port panel. Please note that this IP address could change over time, so domain names defined by DDNS are a more comfortable solution. There is only a modest caveat (which could be resolved in the future), please see below. Caveat Any setup not involving manual communication on how to connect to a service, as it happens with a p2p program, does not need domain names at all. If a program transmits autonomously how it can be reached (typical examples: some blockchain wallet programs, all torrent programs), at this stage please make sure you forward a port from pool 1 for those programs. For p2p programs that allow manual announcement configuration of the IP address, you can also use pool 2. (*) DDNS is a service offered automatically for free to all accounts and included on every and each AirVPN plan. Kind regards & datalove AirVPN Staff

Hello! The selection mask which opens up when you proceed to import files is the Android selector, not managed by Eddie. When you click the import icon on the VPN PROFILE view Eddie invokes the selector and waits for its answer. We haven't noticed a malfunction in FireOS selector, we will investigate. We will update the thread if we find anything relevant. Kind regards

Hello! Maybe not for the OP as he/she wrote "without leaving AirVPN's network", but in general it could be, provided that the user is fine with Network Lock disabled. With Network Lock engaged, the user wanting to adopt this solution and at same time wanting Network Lock can improve the setup by inserting on top a specific input rule allowing packets to sshd through the physical network interface after Network Lock has been applied (because at the activation the previous rules are flushed). Furthermore, to avoid correlations sshd listening port should not be remotely forwarded by the AirVPN account since incoming connections through the VPN interface wouldn't be needed anymore. Kind regards

Hello! We added the end date on the first post, thanks. Kind regards

Hello! You can rely on inbound remote port forwarding used by the remote server, please see here: https://airvpn.org/faq/port_forwarding/ Configure sshd to listen to the remotely forwarded port, preferably on all interfaces, in order to avoid a potential lock out of remote ssh connections (if the VPN connection is not established, sshd should remain reachable on the server's real IP address), and restart sshd. Please make sure that your devices and the remote server connect to either different VPN servers (simpler solution), or by using different keys, in order to prevent conflicts with remote port forwarding. If you decide to connect different devices to the same VPN server, your remote server's ssh port should be remotely forwarded only for the key used by the remote server itself to connect to the VPN server. If necessary, please see here: https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/ On the AirVPN account port panel you can link a port to a single specific "device". Kind regards

@Mytob Hello! While we can see multiple problems, none of them seems strictly related to WireGuard. Please re-check configuration through the official guide here: https://help.ui.com/hc/en-us/articles/16357883221015-UniFi-Gateway-WireGuard-VPN-Client and don't forget to set traffic routes to let devices send traffic over the VPN if necessary. If the problem persists, we would suggest you contact Unifi support. If they reply and manage to solve the problem, please let the community know what the problem was: the info can be useful for future Unifi users. Kind regards

@DarkSilver @ipzipzap Hello! What Eddie does is ask Android to open the file selector. The system knows which one the user has associated for this operation. After that it's all delegated to the file browser app. Now, in FireOS by default the file selector is a bleak and depressing file manager that allows you to see only internal files or so. By installing something decent like Cx File Explorer (or your favorite file manager for Android TV) you should be able to resolve the problem at once. Kind regards

@thevesba123 Hello! Please bind qBittorrent to the VPN interface. You can determine its name through Eddie log (click "Log" tab on Eddie's main window) or from Windows' Control Panel, or from the command prompt (type "ipconfig /all" to list all the interfaces). If in doubt please send us a system report generated by Eddie while a VPN connection is active. Please make sure to start qBittorrent only after the VPN connection has been established successfully. From your description, your setup is already correct. Kind regards

Hello! The glitch in the expiration limit is also caused by the grace time automatically offered (maximum 48 hours). The payments are automatic if and only if you picked and authorized a recurring PayPal billing. In this case you can revoke the authorization from inside your PayPal account anytime. Kind regards

Hello! We see two different problems. Please log your account out and in again (from Eddie's main window). Then, please apply the following procedure which should solve the critical problem caused by the alien Veep-VPN interface and wrong Eddie's interface choice: https://airvpn.org/forums/topic/56643-stuck-in-a-broken-route-never-connects/?do=findComment&comment=225323 After the above, both OpenVPN and WireGuard connections should be possible. Kind regards

Hello! We're very glad to announce a special promotion on our long term Premium plans for the end of Summer or Winter, according to the hemisphere you live in.  You can get prices as low as 2.06 €/month with a three years plan, which is a 70% discount when compared to monthly plan price of 7 €. If you're already our customer and you wish to stay aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day. Please verify AirVPN features and check plans special prices on https://airvpn.org and https://airvpn.org/buy All reported discounts are computed against the 7 EUR/month plan. The sale will end on September the 24th (UTC) Kind regards & datalove AirVPN Staff