Staff

Not systemd, they wanted to verify whether you had systemd-resolved DNS enabled with old Eddie versions and similar behavior in Android with other tools, because you said that without VPN DNS the sites were not broken and at the same time you wrote (quote): It was you who claimed initially that the problem was NOT related to the DNS block lists, that's why initially the investigation moved to other fields, holy patience! Kind regards

Hello! You bind a program to a network interface, not a virtual network to a program! In order to do so, you can modify the following option: Set it to the virtual network interface (for example wintun in Windows). Also note that by keeping Network Lock enabled you will prevent in any case (including torrent software mis-configuration) any possible traffic leak. Kind regards

Hello! The problems you experience are caused by various Eddie bugs. Please test Eddie 2.23.1, where several bugs have been fixed, including the bug causing the option --mode.type to be ignored or incorrectly parsed. Please see here: https://airvpn.org/forums/topic/56428-eddie-desktop-223-beta-released/ Please feel free to keep us posted after you have tested the new Eddie. Kind regards

No, if all peers were not reachable BitTorrent would not work at all. The reason is trivial, just study how the protocol works. Actually there are many "dead torrents" not because there are no peers with the complete file, but because those peers in the swarm are active but not reachable. You have the impression that torrenting works even if some peers in a swarm are unreachable only because there are peers which are reachable in that swarm, so unreachable nodes (leechers) can keep leeching. This is the essence of the claims "you can keep torrenting even without remote port forwarding": yes, provided that parasites in a swarm can leech thanks to the effort of others. Maybe you should study how the protocol works before insulting. We're momentarily locking this thread, too many off topics are making it confusing. Kind regards

Hello! Since Hummingbird is not authorized to create a copy of resolv.conf, launch it with --ignore-dns-push and handle your DNS manually (if you want to consider the VPN server DNS push), like you had to do with OpenVPN for example. By ignoring the DNS push, Hummingbird will not need anymore to create a backup copy of your resolv.conf file. Kind regards

@XUCc95zVolO3uUqocjCMrg Hello! Yes, definitely misunderstood. Please make sure that you connect with the key linked to the DNS lists (Eddie Android edition lets you pick which "device" you want to use, and our service lets you select which "devices" must have DNS block lists active) and that Eddie Android uses VPN DNS. If those conditions are already met and the problem persists please do not hesitate to open a ticket because it would be a matter for the developers. Kind regards

@rgrdgr Hello! In the Suite, both Bluetit and Hummingbird offer a Network Lock feature which might come handy (or vital) to prevent any kind of traffic leak outside the VPN tunnel. Furthermore, they are both linked against OpenVPN3-AirVPN library, which offers significant bonuses and bug fixes if compared to OpenVPN3 main branch. Last but not least, Bluetit is integrated with AirVPN, so with Bluetit and Goldcrest you don't need profiles, if you don't want to use them. Check the user's manual to see even more options offered by the Suite which OpenVPN stock doesn't offer. https://airvpn.org/suite/readme/ Kind regards

Hello! Due to Android limitations enforced on the device owner (no root privileges on "not-rooted" devices), AdBlock can not set firewall rules to block ads sources. To circumvent this limitation, Adblock uses a VPN to achieve the purpose. It's the VPN which filters out the ads. However, another Android limitation in the VPNService API allows only one VPN at a time (this is a general limitation on other systems without multiple routing table etc.). Therefore it's not possible to run AdBlock and another VPN program at the same time. You may reproduce with a very good approximation Adblock behavior by enabling the DNS block lists we offer (included in any subscription). You can examine them and enable them in your AirVPN account panel "Client Area" > "DNS". Once you have enabled them. by using VPN DNS you will have a protection against ads, trackers and many malicious sources. Kind regards

Upcoming Frankfurt infrastructure maintenance on July 4, 2023. The following 3 servers will remain down for 8 hours. Quote: === In the coming period, Leaseweb will move all services from FRA-10 to the new state-of-the-art Iron Mountain datacenter (FRA-01) in Frankfurt. Therefore, we will need to perform scheduled maintenance on part of our infrastructure. WHEN CAN YOU EXPECT IT Timezone: CEST (UTC+02:00) July 04, 2023 09:00 - July 04, 2023 17:00 Duration: 8h WHAT IS THE IMPACT ON YOUR SERVICE? Your dedicated server(s) will be physically migrated to the FRA-01 datacenter to retain the IP addresses for your dedicated server. The server will be offline during the maintenance window. Please be assured that we will do our utmost best to keep the downtime as minimal as possible, and our engineers are available during and after the migration should any issues arise. Server(s) impacted by the migration: Dedicated Server - Intercrus Dedicated Server - Veritate Dedicated Server - Tucana === Kind regards & datalove AirVPN Staff

Hello! Actually such crashes may be the cause of the problem and now your system may have VPN DNS still set. If that's the case, see our previous message in this thread to quickly resolve the issue. Please feel free to report the crashes in the main thread for Eddie 2.23.1 because such crashes must not occur and must be fixed. https://airvpn.org/forums/topic/56428-eddie-desktop-223-beta-released/ We are afraid it doesn't make sense. We would rather recommend that you follow our suggestions in the previous message in this thread, as it might be just a DNS issue. Kind regards

Hello! It might be a DNS issue, if Eddie failed to restore DNS settings in case of a "dirty exit" (graceless kill, crash...). If your system can't resolve names (the purpose of DNS) you will have the feeling that Internet connection doesn't work (even if it does). When the system is connected to the VPN, names can be resolved because the VPN DNS is probably set. However, the VPN DNS is accessible only from inside the VPN. Eddie keeps safety backup files for similar occurrences, so re-running it and shutting it down properly should fix the problem. If this procedure fails, then you can check manually and set properly your system DNS. We recommend Quad9 DNS (9.9.9.9), OpenNIC https://www.opennic.org and DNS.Watch (84.200.69.80) https://dns.watch/ for their commitment to privacy and neutrality. How to configure/change DNS settings in macOS: https://serverguy.com/kb/change-dns-server-settings-mac-os/ Kind regards

Hello! An account with such features will have a maximum of 20 ports available. Thank you for your great feedback. Kind regards

@Undated8198 Hello, we have no plans to remove port forwarding, quite the contrary: we are currently deploying resources to delay port exhaustion and find alternative, but comfortable, procedures to keep offering this service in anticipation of port exhaustion. As you can see we already limited to new customers the amount of bookable ports, in order to preserve advertised features to those who are already our customers. We are committed to avoid retro-active modifications of the service for pre-existing customers, when such modifications would be detrimental for the service or anyway betraying an advertised feature. Kind regards

@Vincenttor Hello! We are monitoring the situation and we will keep you informed. In this moment we can't reproduce the issue with Google. All Google services are normally accessible from the Netherlands servers according to our tests. This is a different problem caused by Microsoft blocks and noticed years ago. A workaround was available, anyway do not let us mix different problems in this thread. About Microsoft Outlook, and more in general for Office 365 and newer versions, we kindly ask you to re-direct yourself here: https://airvpn.org/forums/topic/27414-youll-need-internet-for-this-microsoft-services-when-using-ssl-tunnel/ A general approach: https://www.macwheeler.com/windows-10-office-365-cannot-connect-over-openvpn-fixed/ Kind regards

Hello! Thank you for your valuable tests which helped us find bugs and glitches. Your work was not in vain, you can see how many bug fixes have been implemented on Eddie 2.23: most of them thanks to you and community testers like you. https://eddie.website/changelog/?software=client&format=html We assure you that your work is precious and that under no circumstance will we waste it. Eddie's Deskop edition versioning scheme and release cycle are unorthodox. For example, check what happened now with Eddie 2.23.0: a bug was found, thanks to testers from the community like you. The fix was implemented on a new version (2.23.1) and 2.23.0 has been thrown away. You don't have different betas for 2.23.0, and 2.23.0 will never be Release Candidate or release, to be clear. Similarly, Eddie 2.22.2 will never reach a Release status, and not even a Release Candidate status: each bug fix is implemented not in 2.22.2 but in a new version. You can see it as a customized SemVer (semantic versioning), where: every fix is condensed in the "post release cycle", the scheme is more similar to major.minor.patch than to major.minor.maintenance.build and a whole minor could be thrown completely away without reaching a stable phase (exactly the 2.22 you mention). https://en.wikipedia.org/wiki/Software_versioning With that said: So far no critical problem has been found by anyone on Eddie 2.22.2 so you can keep using it with the usual caveat: it does not include the bug fixes you can see on the 2.23.1 version. Furthermore, Linux users must be aware that Eddie 2.23.1 features full support, with proper DNS management, of every systemd-resolved working mode, which previous Eddie versions don't. Now that more and more Linux distributions come pre-packaged with systemd-resolved working in on-link or hybrid modes (examples: Fedora, Ubuntu), Linux users can seriously consider to jump directly to 2.23.x. Thank you again again for your valuable tests and we frankly hope that you will be among the testing group for Eddie 2.23.x as well. Kind regards

Hello! The icon status change is triggered by the first unsolicited packet reaching qBittorrent. If you don't perform the test and you start seeding or sharing some torrent file, you should see the icon turning green at the first incoming connection (it may require some time if the torrent is very well seeded). Kind regards

@SurprisedItWorks Hello! Yes, it's inconsistent at the moment. Kind regards

@bnrrteterstnjrsj45 Hello! The wintun driver is not for DCO. Are you running Eddie 2.23? If so, please check the caveats in the "Road to OpenVPN 2.6" page, specifically: Kind regards

Hello! The total availability of bandwidth is "full duplex" (so a 1 Gbit/s server can provide up to 2 Gbit/s) but the "used" bandwidth is the sum of up+down, combined. You can safely assume, due to how a VPN works, a near perfect symmetry between upload and download, as each incoming (from the Internet) packet must be sent out to the client, and vice-versa. Kind regards

@emtlo Hello! Yes, it is possible. You can run the AirVPN Suite, please see here: https://airvpn.org/suite/readme/ Kind regards

Hello! We're glad to inform you that we have just released: "Road To OpenVPN 2.6" migration plan - https://airvpn.org/road_to_openvpn26/ A new version of Config Generator with options related to OpenVPN 2.6 A new Eddie Desktop beta release (2.23.0) related to the road above, feature-locked to reach stable release https://airvpn.org/forums/topic/56428-eddie-desktop-223-beta-released/ A new server (Marsic), the first running OpenVPN 2.6 powered by DCO (server-side) and ready for client-side DCO. Kind regards & datalove AirVPN Staff

Hello! We're very glad to inform you that a new Eddie Air client version has been released: 2.23 beta. It is ready for public beta testing. How to test our experimental release: Go to download page of your OS Click the button Switch to EXPERIMENTAL Download and install There are important changes in this release, mainly: Network Lock will be activated by default. Switch back to old behavior by unchecking Preferences > Network Lock > Ensure in session OpenVPN is linked against OpenSSL 3, that deprecates old SHA1 signed certificates (already upgraded under-the-hood) for Linux systems, every and each systemd-resolved working mode is fully supported: DNS push and settings are properly managed PLEASE CONSIDER THIS AS A BETA VERSION. Don't use it for sensitive connections, it's only for those who want to collaborate on the project as beta-testers. Kind regards & dataloveAirVPN Staff

Hello! We seriously doubt that the problem is caused by Network Lock because Network Lock is a set of non-permanent firewall rules which are lost when you reboot the system. Anyway, the answer to your question is: sudo nft flush ruleset (provided that Ubuntu 22.04 is based on nftables). Please check your DNS settings as well, as those are indeed permanently set by Eddie and maybe the previous DNS settings were not restored if Eddie did not exit cleanly. If the problem persists, do not hesitate to open a ticket. By the way, we rule out that the failure to load X and/or a Desktop Environment is related to Eddie. Some other problem is apparently ongoing. Kind regards

How? Or is this specific to Eddie (which I do not use)? I find nothing on the website about this. EDIT: posted unknowingly together with @benfitita - we confirm that the described procedure is fine. Hi, you need to renew the key when you end the current session or you start a new one (but in this latter case you need the consider the caveat below). You can automate the procedure via API, but also remember to update the key or the whole profile for the next session. You can automate this procedure too. With a caveat: key renewal order through the API is not executed in real-time, it may take several seconds (you can check the status via API, or you can simply renew the key at the end of the session and take care to allow enough time for the next key/profile download and session). Kind regards

@galbeedee Thank you for your review! We would like to point out some features of our service that you probably missed according to your review, so that you will be able to use them. You can use per-session WireGuard key, to overcome the questionable design of WireGuard under this respect (WireGuard does not offer dynamic address management at all). It's not very important that your private key is held by you when WireGuard demands that, server side, each public key is linked in files to the VPN IP address and to the public IP address of the client. Therefore, thanks to our design, you are able to use a one session key if necessary. You can renew your key either through the web site or through the API in order to patch this problem. On our side, we actively remove WireGuard entries to public IP addresses when a session is over. We do not understand the link you claim between the key and your browser, feel free to clarify if you wish so. File names of the generated profiles are very descriptive and they reflect community requirements. Community majority currently prefers descriptive file names and wants that the system is not tweaked to accommodate terrible WireGuard design under this respect (WireGuard wants to name the virtual interface with the file name regardless of the system limits). This is an understandable point of view and we will respect it. We will change according to community suggestions. Far from being "best practice", in our opinion, and in the current opinion of the community, that would be the practice to lower a service standard to meet the terrible design of somebody else, something reminding the old, awful but widespread, practice to develop flawed web sites to circumvent Internet Explorer bugs and accommodate its non-W3C compliant dialect. That said, we can of course add some options to make life more comfortable for anyone who should be wearied by the exhausting effort of renaming a set of files. The QR code anyway is already available for Android and iOS (in the Configuration Generator), so you don't need renaming in mobility, just shoot the code from inside wg. This is a key which is necessary when you want an additional encryption layer, and this is a great WireGuard feature. Useful for example in a post-quantum world, when a decent cryptographic algorithm is found (as the wg core has ciphers hard coded by design). Read the WireGuard documentation for more details. Currently pre-shared keys are implemented because a significant part of the community insisted that we got prepared to beat powerful quantum computers, not because we strongly believe that a post-quantum world is imminent. Relevant considerations on the topic can be found here: https://airvpn.org/forums/topic/45608-quantum-computing-and-encryption/?do=findComment&comment=218988 It is anyway considered best practice by various experts to get prepared. Since you mention Mullvad as your opinion of service operating in accordance with best practices, then be informed that pre-shared keys have been recently implemented by them too. We offered this option 13 years ago, well before WireGuard or many other VPN companies even existed. Then they were inspired by our CG. You can pick zip, 7zip, tarball, and compressed tarballs (tar.gz, tar.xz, tar.bz2). You can operate either through the API or web site, as you prefer, to generate and download the package(s) containing the profiles. Note that today the button which would let you select all the servers at once is disabled because of work in progress, but it will be re-enabled very soon. It's a good performance in our infrastructure, but you can improve it (check the top user speed table in the server status page and open a ticket to fine tune WireGuard). About the infrastructure, in 2009 the industry standard was between 20 and 100 Mbit/s, and we are very careful to offer an excellent balance between price and service quality. Since you mention iVPN as an example to follow, please compare AirVPN prices with theirs. Lupus in fabula, the following message by one of our fans reminds us of the consequences of an unwise investment policy. https://airvpn.org/forums/topic/56425-two-new-1-gbits-servers-available-us/?do=findComment&comment=223857 Remember that AirVPN is the only one offering a rigorous no overselling commitment shown by a transparent and verifiable server monitor, that's why most users enjoy higher throughput than with any competitor, and after all we are pleased to see that you are an unsatisfied customer but with 600 Mbit/s throughput and with some requirements for features that are already available. Criticisms help us improve our service, except when required features are already available, as in that case we can't implement them twice. Kind regards