Staff

Hello! Please try the following procedure: renew your certificate in the "Client Area" (instructions here: https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/ ) run Eddie on Eddie's main window uncheck "Remember me" log your account out log your account in (you'll need to re-enter your AirVPN credentials) try again a connection Main thread: Kind regards

Hello! Does the route check fail both with OpenVPN and WireGuard? Can you please publish a system report generated by Eddie just after a connection attempt has failed? Please see here to do it: https://airvpn.org/forums/topic/50663-youve-been-asked-for-a-support-filesystem-report-–-heres-what-to-do/ Kind regards

Hello! Yes, you can still use this port by changing the "Device" combo box of the specific port to "Any device", or to the name of the device you will regularly use to connect to VPN servers. Kind regards

Hello! The problem affects those users who run Eddie Desktop edition with OpenVPN and never logged out for more than a year, or use OpenVPN clients with configuration files generated before 2021. Since Eddie Desktop edition re-downloads certificates and keys only when the operator logs in, locally some certificates have expired because we extend their expiration date automatically at least one year in advance (three years normally). Please try the following procedure to quickly resolve the problem: run Eddie on Eddie's main window uncheck "Remember me" log your account out log your account in (you'll need to re-enter your AirVPN credentials) try again a connection Kind regards

@randompersona Hello! We see that you solved the problem related to the connections. Now that the main problem is solved, on top of @Hypertext1071 suggestions, please also note that you enabled your remotely forwarded port(s) for one specific device only, but you are currently connecting with different devices, so you don't have the port forwarded by the AirVPN server. Kind regards

Hello! A possible error's cause that comes to mind is a wrong copy/paste of the user.crt file content (your client certificate), can you please check? If in doubt you can generate split certificates and keys so you know exactly which is which. To do it, just turn on the "Advanced" switch available on the Configuration Generator and then enable "Split certs/keys from ovpn files". The Generator will create the following additional files not embedded anymore in the ovpn file: user.crt - the client certificate user.key - the client key ca.crt - the CA certificate of the VPN servers tls-crypt.key - the TLS Crypt key Kind regards

Hello! Can you please try with a smaller MTU (1280 bytes)? Sometimes the problem you experience is caused by the MTU size. In spite of the fact that for 6 months everything was fine with our service, some network change (by your ISP, potentially) might require a smaller MTU now. MTU = 1280 You can edit your wg configuration file with any text editor. Just change 1320 into 1280, save the file and re-start the connection to apply the change. Kind regards

what's going on? Hello! According to WireGuard your configuration file can't be parsed. A probable cause of the parsing error is the PostUp line you created, as all the other directives seem correct and created by our Configuration Generator. Please comment it out or delete it and check whether the problem gets resolved or not. If so, you have the confirmation that the error is there. In this case execute manually the various PostUp commands (with the container connected to the VPN) and check whether any error is thrown out to discern a strictly related parsing problem from a problem caused by the failure of one of the commands. Be aware that the VPN subnet (10.128.0.0/12) overlaps with one of the subnets (10.0.0.0/8) for which you want to create a route back to your host via $DROUTE. Also note that you don't have a PreDown line, which is strictly necessary when the system disconnects from the VPN to clean up the routing table and the firewall rules. Even when the parsing error is fixed, the missing clean up may prevent future connections, so we would recommend that you write proper commands (to be executed with PreDown) deleting your custom routes and firewall rules. What is the exact purpose you want to achieve with that PostUp line? Kind regards

Hello! No, it was not and it is not. Every and each machine runs on non-affected Operating Systems, typically FreeBSD and Debian 12. Debian 12 trivially is not affected because it does not include (in the official repositories we point at) the exploited xz versions 5.6.0 / 5.6.1 (and of course we did not build them from git) while in FreeBSD: Gordon Tetlow, security officer, https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html). Kind regards

@Pi77Bull Thank you very much, we will investigate the problem. At least the units are fine. Note that you didn't need firewalld installation, so you can safely uninstall it if you wish so. You didn't need to remove ufw.service in the "Requires" line as well, it is ignored if missing. The main problem (which does not occur in Debian) now is in Bluetit itself, which waits forever for a network connection that's already available. We are investigating and we will keep you posted! Kind regards

@Pi77Bull Hello! The run control file is fine (you can comment out networklock as it is bypassed by networklockpersist but it's irrelevant), Bluetit remains stuck waiting for the network (or the gateway) indefinitely. This is related to systemd management and deserves additional investigation during this testing phase, so let's approach the problem differently in the meantime. Consider the following files to define units: bluetit-suspend.service [Unit] Description=AirVPN Bluetit Daemon Suspend, Sleep, Hibernate Before=suspend.target Before=suspend-then-hibernate.target Before=hibernate.target Before=hybrid-sleep.target Before=sleep.target [Service] Type=forking ExecStart=systemctl stop bluetit.service [Install] WantedBy=suspend.target WantedBy=suspend-then-hibernate.target WantedBy=hibernate.target WantedBy=hybrid-sleep.target WantedBy=sleep.target bluetit-resume.service [Unit] Description=AirVPN Bluetit Daemon Resume after Suspend, Sleep, Hibernate Requires=network-online.target firewalld.service ufw.service dbus-daemon.service dbus.socket After=suspend.target After=suspend-then-hibernate.target After=hibernate.target After=hybrid-sleep.target After=sleep.target [Service] Type=forking PIDFile=/etc/airvpn/bluetit.lock ExecStart=/sbin/bluetit TimeoutStopSec=90 KillSignal=SIGTERM KillMode=mixed SendSIGKILL=no [Install] WantedBy=suspend.target WantedBy=suspend-then-hibernate.target WantedBy=hibernate.target WantedBy=hybrid-sleep.target WantedBy=sleep.target Create both files with the content we sent you and put them both in /etc/systemd/system . Finally activate the units with (root privileges required): systemctl daemon-reload systemctl enable bluetit-suspend.service systemctl enable bluetit-resume.service Try again suspension and/or hibernation and verify whether Bluetit re-connects successfully when the system is resumed (we successfully tested in Debian 12 at the moment). Please keep us posted. If any problem arises, please describe it and also send us the complete Bluetit log: sudo journalctl | grep bluetit Kind regards

@Pi77Bull Hello! The first start seems OK (the warning by systemd about a missing PID file is fine). Since Bluetit does not enable Network Lock and does not connect maybe the /etc/bluetit.rc /etc/airvpn/bluetit.rc file does not include the correct settings... can we see it? Checking this file may also shed some light on the critical error "Destination address required". Kind regards

Hello! A possible explanation is that this Merlin WRT edition does not support IPv6 over IPv4. We saw this problem in some DD-WRT firmware too in past years. If nothing can be done you may perhaps consider to disable IPv6 on the router. Excellent! The captchas can appear when the connection comes from VPN servers, Tor exit nodes and proxies, yes. It's a standard Cloudflare feature aimed at protection (as it happens not infrequently, connections from datacenters are considered more risky than connections from residential lines), and we're not sure whether the web site owners behind Cloudflare can disable it or not. Kind regards

@Pi77Bull Hello! Since your Linux system is based on systemd you can consider to automate the procedure with a script which systemd executes when the system wakes up. systemd looks for your scripts in /usr/lib/systemd/system-sleep when the system is suspended and un-suspended (to be verified when it resumes from a full hibernation and not from a suspension, though). A tested example in Ubuntu and Debian which works with sleep/wake-up (suspend/resume) and should work in any systemd based system: Just before the system is suspended, goldcrest orders Bluetit to disconnect. When the system is un-suspended Bluetit is re-started (so it connects since you have activated the connection at boot option in bluetit.rc). Networking is not made available until all scripts in the /usr/lib/systemd/system-sleep directory finish executing, therefore you should not have traffic leaks, provided that Bluetit is configured with networlockpersist on. Kind regards

Hello! Of course... In this case you could consider a future router with WireGuard and/or OpenVPN client support, such as AsusWRT routers and routers which can be flashed with Tomato, DD-WRT, MerlinWRT etc. firmware. Kind regards

@choonietookie Hello! We have moved your message into this thread because the problem is related to the "ZeroTier" interface for both of you. The interface is apparently causing troubles to Eddie. We'll investigate. In the meantime @firefox4dawin you can disable the interface to solve the problem, as reported by choonietookie. Can you please verify (you both) whether the same problem occurs with Eddie 2.24.x (with the ZeroTier interface enabled)? Please see here to download it. https://airvpn.org/forums/topic/57401-eddie-desktop-224-beta-released/ Kind regards

@Killaconor Hello! Your router user's manual describes VPN configuration in chapter 9. https://www.manua.ls/netgear/nighthawk-cax30/manual?p=5 As far as we can see, unfortunately the router can run OpenVPN in server mode but can not be a VPN client sharing the VPN traffic with the connected devices, which is the solution you need. You can anyway connect up to 5 devices simultaneously to AirVPN servers with your account. Kind regards P.S. We also checked whether it's possible to flash DD-WRT or some other firmware, but it is not possible with this router according to the community, we're sorry.

@Antoine_b Hello! The Surfshark network adapter is causing a critical error. Please see here for an immediate solution: https://airvpn.org/forums/topic/56643-stuck-in-a-broken-route-never-connects/?do=findComment&comment=225323 Kind regards

Hello! Please check carefully https://airvpn.org/faq/port_forwarding/ : "Network Lock" will anyway protect your from this possible configuration error by preventing any traffic leak outside the VPN tunnel. For specific problems with Plex please move to the following thread: https://airvpn.org/forums/topic/57512-make-plex-server-available-externally-forever/ All the users in that thread solved any problem although it's unclear how they solved the issues, so we also recommend that you contact Plex support or community. Kind regards

@kneelb4z0d Hello! Please move to this thread (which may also help): https://airvpn.org/forums/topic/57512-make-plex-server-available-externally-forever/ Kind regards

Hello! If you run Eddie Desktop edition you can pick a specific server from the "Servers" window, or you can let Eddie pick a server automatically. If you run Eddie Android edition you can pick a specific server on the "AIRVPN SERVER" view, or you can let Eddie pick a server automatically. If you run Goldcrest and Bluetit, you can pick a server through the proper option air-server in Goldcrest or airserver Bluetit run control file. If you run a program which reads a configuration file, for example the official WireGuard or OpenVPN software, you can generate as many configuration files as you wish from the Configuration Generator available in your AirVPN account Client Area. Generate configuration files according to your needs. The guide to getting started is available here: https://airvpn.org/forums/topic/18339-guide-to-getting-started-links-for-advanced-users/ Answers to frequently asked questions are available here: https://airvpn.org/faqs/ Kind regards

Hello! The latency tests have been improved remarkably in Eddie 2.24, please feel free to test it and report back. Since Eddie 2.24 is in public beta testing, now it's a good time to report any anomaly you find, if you haven't already done so. Eddie 2.21.x is also affected by a bug which may render the latency tests slow or even stuck for a race condition. This bug is fixed in later versions. Kind regards

@kneelb4z0d Hello! You need inbound remote port forwarding, please start from here: https://airvpn.org/faq/port_forwarding/ You may also consider to use AirVPN DDNS (included in every subscription) for more comfort, please see here: https://airvpn.org/faq/ddns/ Kind regards

@Stack of computer parts Hello! You can define a white list of servers, so that Eddie will consider only servers in the white list. You may also consider to disable latency tests when you have determined the best servers for your node. Kind regards

Hello! A possible cause is related to MTU. Please try to import a WireGuard configuration file with the following directive in the [Interface] section: MTU = 1280 The Configuration Generator already adds an "MTU = 1320" line, but maybe this value is too large for your network. You can edit the file with any text editor. Kind regards