Staff

@Pestermess Hello! An additional suggestion: upgrade your qBittorrent software if you're running an older than 5 version. In the last days various customers resolved previous network problems with qBittorrent by upgrading. Kind regards

@Jstatt Hello! Can you please tell us the Operating System name and version as well as the qBittorrent version you're running? First and foremost, please upgrade to qBitttorrent 5 if you're running an older version. Kind regards

@nleco Hello! You get a connection refused error (111) when the port is tested, meaning that the packets have reached your system and have been actively rejected by your system (and not silently dropped). Please upgrade to qBittorrent 5 first. If the problem persists after the upgrade, please make sure that no packet filtering tool on your system blocks packets for qBittorrent. Also make sure that qBittorrent bind settings are correct: it must bind either to all network interfaces or the proper tun interface, and to "All IP addresses". Also, qBittorrent must start after the VPN connection has been already established. Kind regards

Hello! Thanks. Yes, the problem is not identical but similar to the one we imagined in our previous message. The solution is the same, i.e. the one we already suggested. For an accurate description of the issue please see here: https://airvpn.org/forums/topic/56657-cant-connect-to-anything/?do=findComment&comment=225418 Kind regards

@therealmantisman Hello! Unfortunately the primary reason of the failure is hidden because of the log cut. First, please check here if it's your case: https://airvpn.org/forums/topic/56643-stuck-in-a-broken-route-never-connects/?do=findComment&comment=225323 If the problem persists please prepare and send us (privately if you prefer so) a full system report, see here: Kind regards

@Diogenes 0 Hello! Please verify whether Eddie starts minimized by checking the system tray. Eddie's tray icon is a small cloud in a circle. If you find it then Eddie is indeed running and you can bring up its main window. Please make sure you're able to see all the tray icons by forcing the system tray to show even hidden icons (in Windows by clicking the "up" arrow). If you manage to see Eddie's main window, the setting to have Eddie start minimized or not is available in the "Preferences" > "UI" window (check or uncheck "Start minimized" according to your preference). Kind regards

Hello! It's already a VM: in order to simplify the setup you may consider not to have an additional virtualization (a Docker's container) inside the VM at the moment. Just connect the VM (via Eddie Linux edition, for example, to make things simpler), configure and run qBittorrent directly to get acquainted with it. Please follow this guide to configure a torrent program: https://airvpn.org/faq/p2p/ Only after you have everything up and running properly in the VM you may consider the complication to run another container inside the Ubuntu virtual machine (and ask yourself: is it really necessary?). Kind regards

@ss11 Hello! That's correct, and we also operate with due diligence. For example, we refuse payments from Italy credit cards and accounts. Kind regards

@Pestermess Hello! By testing your port we can see that your qBittorrent program is now reachable from the Internet (on your system connected to the VPN). We suppose you resolved the problem, can you confirm? If so, can you specify for the readers how you addressed the problem? Kind regards

Hello! If you run Eddie Desktop or Android edition, or the AirVPN Suite for Linux: you can define a "white list" of "preferred servers" that contains the single server you want to connect to. If you run Hummingbird, WireGuard native apps and any OpenVPN or WireGuard compatible wrapper: generate and use a configuration file that's server specific. Kind regards

Hello! Very good to know, thank you. We will modify the announcement accordingly. To know the second address, maybe the quickest way is forwarding a port on pool 2, connecting to the VPN server you wish and consulting the AirVPN account port panel on the web site by "testing" the port. EDIT: According to documentation, however, the vast majority of trackers doesn't accept the ip parameter. Kind regards

Hello! It may be perfectly normal if you're using only a torrent program to generate traffic, due to how the protocol works. However, it is not normal if you experience those "bandwidth holes" with other operations that should provide a steady bandwidth (for example an extensive speed test through reliable servers and multiple streams). In such a case, assuming that both the VPN server your system is connected to and the home router are not at full capacity and therefore sometimes unable to provide all the required bandwidth, the observed behavior is anomalous and deeper investigation is needed. What do you get if you perform multiple speed tests through specialized web sites (e.g. speedtest.net) or tools like iPerf? Kind regards

Hello! DNS management has been improved in Eddie 2.24.2 beta version. Some systemd-resolved questionable working modes are now handled more properly. Since Ubuntu latest releases have systemd-resolved installed and running by default, can you please test the new Eddie and check whether the problem gets resolved? Please see here: https://airvpn.org/forums/topic/57401-eddie-desktop-224-beta-released/ An alternative is disabling systemd-resolved to revert back to a more robust, UNIX-like DNS management. https://gist.github.com/zoilomora/f7d264cefbb589f3f1b1fc2cea2c844c Please let us know whether or not the suggestion you will adopt solves the problem. Kind regards

Hello! Thank you for the valuable information. We will keep it in mind for DC and ADC protocols and add it to the knowledge base. Kind regards

Hello! Thank you for linking to this interesting and well written article. Yes, it has been highlighted by Windscribe, by us, and by multiple sources as early as 2022. For example: https://airvpn.org/forums/topic/53136-vpn-companies-relationship-mesh/?tab=comments#comment-189777 and you may also like to check the search results: https://airvpn.org/search/?q=crossrider The company name, VAT ID and the Registration Code at the Chamber of Commerce of Italy is written at the bottom of each web site page. Through the European Commission VIES you can verify the company data by entering the VAT ID: https://ec.europa.eu/taxation_customs/vies/#/vat-validation If you have a subscription to a business intelligence and analytics reporting companies, for example Dun & Bradstreet, you can also get more information such as business reliability, solvency and so on, which, when correlated to other information, for example donations to specific organizations, can provide you with at least clues of what you may look for. Kind regards

@Lestrad Hello! The “Set network location” message in Windows is thrown by Windows' Network Location Awareness at each network change to help the system decide whether to treat the new network (including virtual private networks of course) as public or private. WireGuard creates a new virtual interface at the beginning of each session and destroys it at the end of the session. This is probably the main reason triggering the prompt, but the fact that you are accumulating interfaces on interfaces makes us think that you're running a bugged system such as Windows 7 or some antimalware tool which prevents WireGuard from removing the interface at the end of the session. A bug in Windows 7 caused this prompt to be re-displayed multiple times for known networks, even when there was no network change, and even when the user ticked the “Always select Public and don’t ask me again” checkbox (we assume you have already done so - if not, please do it and see whether the problem gets resolved). In case you run Windows 7: as a first action, delete all the virtual interfaces while Eddie is not running. Make sure you don't run interfering antimalware tools. Test again. If the problem persists and you have already tried to force the VPN as always public to no effect, possible workarounds/patches are described in Windows forums. Before anything else please try to change the network location of the virtual network adapter (note: you must have administrator privileges). If you need remote port forwarding please make sure to set it to "Public" network. If the above does not solve the problem, please check this article too, as it could be related: https://support.microsoft.com/en-us/topic/a-set-network-location-dialog-box-appears-when-you-first-log-on-to-a-domain-joined-windows-7-based-client-computer-bac51a2c-b657-3f5f-75bc-e81fd8268c91 However, please consider to upgrade your system as Windows 7 has been abandoned a long ago and it is considered insecure and unreliable. If you don't run Windows 7, and you also don't run possible interfering tools, and the problem persists, please contact Microsoft support, because this bug should have been fixed ever since Windows 8 was released. Kind regards

Hello! p2p is allowed on pool 2 but it can be really used only by those programs that let you configure which IP address to announce (non existing, as far as we know). More in general, pool 2 is not suitable for any program which announces itself autonomously. In AirVPN infrastructure, the VPN traffic reaches the Internet through one exit IP address, but "pool 2" is the set of ports of another IP address (let's name it exit IP address 2, in brief exit 2). If a program receives an unsolicited incoming packet from the Internet through exit 2, it will reply properly. This happens whenever you advertise on your own how to reach your service (a web or FTP server, a game server, and so on). However, with p2p programs, it's the program itself which must advertise. DHT or a tracker will record the address they receive the advertisement (of the port etc.) from, and they will say to other peers that your p2p program is reachable on exit 1, with its pool 1 ports; however, if you have remotely forwarded a pool 2 port, peers would never be able to reach your program, because they would send packets to a port of another IP address (exit 1, the address recorded by DHT and/or trackers). The problem could be resolved by manual setting (see for example https://userpages.umbc.edu/~hamilton/btclientconfig.html#BTConfig ) when you need to seed only - additional tests are required. This is an important limitation that might be overcome in the future, for example by letting the user pick which exit IP address its traffic must go to the Internet through. In the meantime, by using pool 2 (and when necessary additional pools) for anything different from p2p and crypto wallets, port exhaustion problem is solved (in most cases only 1 forwarded port is needed for p2p). Kind regards

Hello! Yes, it is fine. Your domain name will resolve into the proper exit IP address of VPN server the corresponding device is connected to, therefore all the ports on the same pool linked to the same device will be reachable through the same IP address (hence the same domain name). Kind regards

Hello! We're not sure we understand the question. If you mean how to connect a machine through a specific certificate/key (i.e. a "device" in the user panel), then it's simple: on Eddie GUI's main window, just under the login credential fields, you have a combo box which will let you pick any certificate/key (if the box does not appear, log the account out and in again) on Eddie CLI, you can set it with the option --key=key_name on Bluetit, you may either specify the key on the bluetit.rc run control file (option airkey key_name) or on the Goldcrest configuration file or line option through the option air-key key_name Kind regards

Hello! We checked thoroughly and all of your tickets have been answered in an average time of 8 hours. All of them. EDIT: we want to add to make it clear to the readers and to be fair to the support team that your last ticket was replied to in 1 hour and 15 minutes. Kind regards

Hello! Currently not, Hummingbird searches in "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/homebrew/bin:/opt/homebrew/sbin". Reading the $PATH variable and add it to the search paths is an option we will consider for sure. Should WireGuard library become available for macOS too we will of course use it. As a momentary patch you can consider a symlink for wg and wireguard-go - both are used by Hummingbird. No, we don't, sorry. Hummingbird makes the OpenVPN3-AirVPN library available to macOS users in a single comfortable binary, to boost performance remarkably over OpenVPN 2 or the OpenVPN3 mainline library, but for WireGuard it is just a wrapper of the tools as we don't have the library in this environment. Since in macOS WireGuard does not run in the kernel space (no kernel module) this core feature for performance is lost and running wg tools or Hummingbird is most probably equivalent. We can't even design a kernel extension (not even if we had the time to plan it) because kexts are no longer allowed. However, with Hummingbird you have a built-in Network Lock (through pf) which wg tools don't offer and that may come very handy to prevent any possible traffic leak outside the VPN tunnel. Kind regards

@Blatantly0156 Hello! It sounds like you are experiencing this bug: https://github.com/qdm12/gluetun/issues/1407 Note this: "It might be because there is a listener going through the tunnel, but gluetun destroys that tunnel on an internal vpn restart and re-creates it. I had the same issue with the http client fetching version info/public ip info from within gluetun, and the fix was to close 'idle connections' for the http client when the tunnel is up again". Therefore, unless something changed in Gluetun, an effective solution is restarting qBittorrent (the 1st workaround explained in the bug thread). Also, try to increase the value of HEALTH_VPN_DURATION_INITIAL config option / environment variable, as various users reported that this change solved the problem. If all of the above fails, try to bind qBittorrent to the actual tun interface and make sure you're running the latest qBittorrent version. Anyway, not an AirVPN side problem, as you may be already aware of. Kind regards

Hello! It's not an expected behavior... Does the same happen with Eddie 2.24.2 beta version? Kind regards

Hello! Please remember that if the VPN connection takes place from a device that is not compromised, the upstream compromised devices will be unable to understand the traffic content, including the real destinations and sources. Your ISP does not even need to compromise the ISP router, it can just watch your traffic on their upstream equipment (data retention, DPI....). One of the core features of the service is exactly preserving data confidentiality and integrity when such data pass through insecure lines and devices. Therefore, if the connection is established by the Asus router, it is vital that the router and all the downstream devices connected to it, and their line(s), are not compromised, while it does not matter whether the upstream devices and lines of your ISP are compromised, as that will not affect data confidentiality and integrity up to the VPN servers. Always use end-to-end encryption in addition, in order to prevent our own servers from seeing the payload of your traffic and protect content integrity and confidentiality between the VPN server and the final recipient/source of the packets. Kind regards

Hello! UFW is an iptables wrapper which adds its own chains. To complicate the matter even more, UFW does not work with nftables, but probably your system is based on nftables (unless it is a very old distribution). Therefore translations iptables<->nftables are continuously needed and we have seen that some bug affects them. You should consider to drop UFW and use directly the nft userspace tool to set rules, or iptables-nft if you prefer the iptables syntax. In this last case, force Eddie to use iptables too (if Eddie finds nft in your system, it will use it) in the "Preferences" > "Network Lock" window. Kind regards