Staff

Hello! Do you get any improvement with WireGuard? In order to switch to WireGuard: from Eddie's main window please select "Preferences" > "Protocols" uncheck "Automatic" select any line with WireGuard. The line will be highlighted. click "Save" and re-start a connection to apply the change please make sure to test a few servers in different locations around your node Kind regards

Hello! Provided that exit confirmation prompt is disabled (please confirm, you can verify in "Preferences" > "UI" window) that's unexpected. What are your Windows and Eddie versions? Kind regards

@John Gow Thanks, we ignore the Linux Mint policy hostile to AirVPN and their reasons to act in this way after we supported the open source community so much in the last 13 years, but as far as it pertains to Reddit that's part of their policy enforced ever since years ago. Please note that it is in no way a block against AirVPN and that you can enter Reddit anyway from all the AirVPN servers. For a full description please jump here: https://airvpn.org/forums/topic/56980-vpn-servers-mostly-blocked-by-reddit/ It is, but it's not against AirVPN specifically. An important reason for which all VPNs tend to get blocked (but of course this can't be the reason for Linux Mint web sites) is that their usage has exceeded a critical threshold worldwide and it's now threatening businesses based on profiling, personal data harvesting and reselling. For other reasons, see also: https://airvpn.org/forums/topic/57171-no-specific-report/?do=findComment&comment=228533 Kind regards

Hello! According to the message pkexec file is not found. You should be able to resolve the problem by installing pkexec and making sure it is in the command path. Eddie uses it to run the backend process needing root privileges, but pkexec pre-installation is not granted in some distributions. Please let us know whether the problem gets solved. Kind regards

Hello! So the listening program runs Hello! So the device running the listening program is also the device connecting to the VPN. In this setup you must not forward the port on the router and you must not add VPN rules on the router. Please check here first: https://airvpn.org/faq/port_forwarding/ If the listening program is a torrent program also read here: https://airvpn.org/faq/p2p/ Kind regards

Hello! If the listening program runs behind the Fritz!Box router and it's the router the one device that connects to the VPN, then you need to forward packets properly from the Fritz!Box VPN interface to the final destination, because the VPN server forwards to your node, i.e the F!Box, and doesn't know anything about other devices behind the connected node, of course. This is an example of what you need to do in systems where iptables is available: https://airvpn.org/forums/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/ The above is not necessary if the listening program runs in the same device which also connects to the VPN. Kind regards

Hello! OK, "Automatic" always picks OpenVPN + UDP and never changes, so you need WireGuard or OpenVPN + TCP, and you need to select them manually once and for all to circumvent the block. This seems different from the problem of OP anyway. Kind regards

@firefox4dawin Hello! That's most unfortunate. We see that even OpenVPN over TCP with tls-crypt fails. As a last attempt please try OpenVPN alone, without Eddie, with TCP connection to port 443 of entry-IP address three. Instructions are here: https://airvpn.org/windows/openvpn/terminal/ Probably it will fail but it's worth a test just in case the problem starts from Eddie (for example if it gets blocked by any tool such as an antimalware program). Kind regards

I have no antivirus installed and I have windows defender turned off Hello! Please also make sure that the torrent program binds to the tun interface (if a bind option is available) and that uTP or any other equivalent traffic shaping option is disabled. UPnP and NAT-PMP must be disabled too, while DHT must be enabled. Kind regards

Hello! You should be able to avoid the password request by ticking "Don't ask [for] elevation [at] every run" in "Preferences" > "General" window. Eddie 2.23.2 is required, as this feature might not work properly in Eddie 2.21.8 on Fedora 38 and 39. Kind regards

Hello! Not entirely, because we aim at maintaining approximately the current redundancy. The reason is that for redundancy considerations and non linear CPU load on amount of connected clients we cannot deem one 3 Gbit/s server as equivalent to three 1 Gbit/s servers and even less so 10 Gbit/s server equivalent to ten 1 Gbit/s server. In this specific case four servers have been replaced by four servers (if you add up the other 10 Gbit/s server in Los Angeles) and more should come in Florida. Kind regards

Hello! Excellent, please keep us posted (moderators will keep the thread open for the readers and your valuable information on the test). Let us know whether you need help in order to build Gluetun in Raspberry OS 64 bit. Kind regards

@firefox4dawin Hello! Apparently, something is blocking either UDP or OpenVPN. Please check any antimalware and packet filtering tool (including QoS tools) both on your system and router. If you find nothing blocking, try to switch to WireGuard and check what happens: from Eddie's main window please select "Preferences" > "Protocols" uncheck "Automatic" select any line with WireGuard. The line will be highlighted. click "Save" and re-start a connection to apply the change please make sure to test a few servers in different locations around your node If WireGuard can connect, the problem is OpenVPN specific. Otherwise, UDP might be blocked and you can try an OpenVPN over TCP connection. Again change connection mode as described above, but this time pick: OpenVPN protocol TCP port 443 entry-IP address 3 (THREE) Please update the thread when you can. Also feel free to open a ticket for direct assistance by the AirVPN Support Team. Kind regards

@dersik Hello! Eddie doesn't support traffic splitting on an application basis, we're sorry. This feature is available in the AirVPN Suite 2 preview versions for x86-64 based Linux systems. A build for ARM 64 bit will be ready in the near future, please stay tuned: https://airvpn.org/forums/topic/56704-linux-airvpn-suite-200-preview-available/ The Suite (which lacks a GUI that anyway you don't need) will let you use reverse traffic splitting. It's not what you aim for, because the Suite tunnels everything except what you run outside the tunnel, while you need the "complementary" thing (i.e. tunnel nothing but one application) but it might be useful anyway. Alternatively, containers can be considered, so that only a container traffic is tunneled.The torrent program would run in the container. Gluetun features native AirVPN support but we have never tried to build it on a Raspberry OS (did anybody tried this?) but it is possible according to documentation and some reports. Gluetun is based on Alpine for a Docker image with a very small RAM footprint. Kind regards

Hello! MTU is critical in layer 3 VPN connections. If the MTU exceeds the frame size in your network, packets don't fit and must be re-transmitted. You will see this only when the packet to be wrapped is too big. Therefore, with some web sites or services packet should be re-transmitted forever and the site will never load. With other services you might notice nothing wrong. WireGuard IPv4 link MTU default settings (from 1360 to 1420 bytes) may be too big to some networks and apparently that was the cause of the problem you experienced. MTU should be set to the maximum possible working value beyond which problems start to appear, as larger MTU may allow higher performance. See also Kind regards

Hello! Please type on any terminal: man eddie-ui Please see also: https://eddie.website/support/cli/ Kind regards

Hello! We're very glad to inform you that a new 3 Gbit/s (full duplex) server located in Raleigh, NC (USA) is available: Polis. Polis supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. The AirVPN client will show automatically the new server; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses and 4096 bit DH key not shared with any other VPN server. You can check the status as usual in our real time servers monitor: https://airvpn.org/servers/Polis Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Staff

@irxhnfdptv Thank you very much for your tests! The problem is now understood and a fix is coming on the next alpha version which will be out in the very near future, stay tuned! Kind regards

Hello! We're very glad to inform you that two new 3 Gbit/s (full duplex) server located in San José, CA (USA) are available: Bunda and Imai. They support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses and 4096 bit DH key not shared with any other VPN server. You can check the status in our real time servers monitor: https://airvpn.org/servers/Bunda https://airvpn.org/servers/Imai Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Staff

@irxhnfdptv Thanks, so it looks like the problem is Bluetit-specific. Can you please send us (here or in private) the complete Bluetit log, taken after the problem has occurred, that you can print with the following command? sudo journalctl | grep bluetit Kind regards

@irxhnfdptv Hello! WireGuard can't connect. Might it be blocked in your network? If you try a connection with the native WireGuard client for Linux, is it successful? You can generate a profile for WireGuard on our Configuration Generator available in your AirVPN account "Client Area". By testing the WireGuard client directly you may let us discern whether the problem is Bluetit-specific or not. Kind regards

Hello! The main reasons: for companies whose core business is based on personal data harvesting and reselling (with or without the consent of the data subject) VPNs are a part of a serious threat e-commerce companies consider connections from VPNs more risky for fraud attempts by the hobbyist, implementing a generic black list which includes VPN and Tor exit nodes IP addresses may be seen (probably wrongly we dare to say) as an added security filter against cracking attempts Kind regards

Hello! The web server might bind to any interface so please make sure that you keep our software "Network Lock" option enabled to prevent any traffic leak outside the VPN tunnel. Kind regards

Hello! @cccthats3cs Thank you very much, those documents are interesting indeed. All the matter is indeed a risk which we warned our users about according to their threat model since AirVPN's birth. The described investigation techniques may be instrumental to bring to justice criminals without enforcing provider to blanket data retention, and therefore they show once again the correctness of the Court of Justice of the European Union which forbade repeatedly EU Member States to oblige any ISP to perform blanket data retention. We're also pleased to see that AirVPN made no technical mistake instrumental to the suspect's incrimination and that a "trap and trace" device had to be physically installed outside AirVPN servers Unfortunately the same methods might also be used by powerful crime organizations or agencies of regimes hostile to human rights to find out and suppress activists, "dissidents" and limit freedom of expression and information. For this reason we wrote extensively about how to defeat easily such powerful adversaries (provided of course that your system is pristine, not compromised, an essential pre-requisite). In 2012 we published this for example: https://airvpn.org/forums/topic/54-using-airvpn-over-tor/?tab=comments#comment-1745 Multiple times we warned about the danger of "black boxes" and it's not incidental that "OpenVPN over Tor", for example, has been implemented in our mainstream software since 2011 or 2012 and it is advertised in the home page while Tor is also listed in the "Download" > "Other technologies" section. Kind regards

Hello! We inform you that the following servers are being withdrawn: Servers: 1+1 Gbit/s Alkes, Merope, Sabik (Los Angeles, California) Reason: not meeting our requirements anymore for hardware and lines. Replacement: yes, two 3+3 Gbit/s servers in San Jose (California), planned for January the 14th 2024 or earlier, on top of the new (already active) 10 Gbit/s server in Los Angeles (Saclateni). Servers: 1+1 Gbit/s Pollux (Jacksonville, Florida) Reason: not meeting our requirements anymore for hardware and line. Replacement: yes, one 3+3 Gbit/s servers in Raleigh (North Carolina, planned for January the 16th 2024 or earlier) + expansion in Miami planned for the near future. Kind regards and datalove AirVPN Staff