Staff

Hello! We're very glad to inform you that AirVPN Suite version 2.0.0 alpha 1 is now available. UPDATE 2023-11-24: version 2.0.0 alpha 2 is now available. UPDATE 2024-05-14: version 2.0.0 beta 1 is now available. AirVPN Suite 2.0.0 introduces AirVPN's exclusive per app traffic splitting system as well as some bug fixes, revised code in order to pave the way towards the final and stable release, WireGuard support, and the latest OpenVPN3-AirVPN 3.9 library. Please see the respective changelogs for a complete list of preliminary changes for each component of the suite. If you feel adventurous and you wish to test this beta version, please feel free to report any glitch, bug and problem in this very thread. The 2.0.0 Beta 1 Suite includes: Bluetit: lightweight, ultra-fast D-Bus controlled system daemon providing full connectivity and integration to AirVPN servers, or generic OpenVPN and WireGuard servers. Bluetit can also enforce Network Lock and/or connect the system to AirVPN during the bootstrap Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN and WireGuard servers Hummingbird: lightweight and standalone binary for generic OpenVPN and WireGuard server connections Cuckoo: traffic split manager, granting full access and functionality to AirVPN's traffic split infrastructure WARNING: this is beta software in its development stage and may have bugs which may also cause critical and unstable conditions. This software is used at the whole risk of the user and it is strongly advised not to use it in production or critical systems or environments. WireGuard support WireGuard support is now available in Bluetit and Hummingbird. OpenVPN or WireGuard selection is controlled by Bluetit run control file option airvpntype or by Goldcrest option -f (short for --air-vpn-type). Possible values: openvpn, wireguard. Default: openvpn. The option is documented in the 1.3.0 manual as well. Bluetit run control file (/etc/airvpn/bluetit.rc) option: airvpntype: (string) VPN type to be used for AirVPN connections. Possible values: wireguard, openvpn. Default: openvpn Goldcrest option: --air-vpn-type, -f : VPN type for AirVPN connection <wireguard|openvpn> Suspend and resume services for systemd based systems For your comfort, the installation script can create suspend and resume services in systemd based systems, according to your preferences. allowing a more proper management of VPN connections when the system is suspended and resumed. The network connection detection code has also been rewritten to provide more appropriate behaviour. Asynchronous mode A new asynchronous mode (off by default) is supported by Bluetit and Goldcrest, allowing asynchronous connections. Network Lock can be used accordingly in asynchronous connections. Please consult the readme.md file included in every tarball for more information and details. Word completion on bash and zsh Auto completion is now available by pressing the TAB key when entering any Goldcrest or Hummingbird option and filename on a bash or zsh interpreter. Auto completion files are installed automatically by the installation script. AirVPN's VPN traffic splitting AirVPN Suite version 2.0.0 introduces traffic splitting by using a dedicated network namespace, therefore completely separating the VPN traffic from unencrypted and "out of the tunnel" traffic. The VPN traffic is carried out in the default (main) namespace, ensuring all system data and traffic to be encrypted and tunneled into the VPN by default. No clear and unencrypted data are allowed to pass through the default namespace. Any optional unencrypted data or clear network traffic must be explicitly requested by an authorized user with the right to run cuckoo, the AirVPN traffic split manager tool. AirVPN's traffic splitting is enabled and controlled by Bluetit and by means of run control directives. The system has been created in order to minimize any tedious or extensive configuration, even to the minimal point of telling Bluetit to enable traffic splitting with no other setting. In order to enable and control AirVPN's traffic splitting, the below new run control directives for /etc/airvpn/bluetit.rc have been introduced: allowtrafficsplitting: (on/off) enable or disable traffic splitting (unencrypted and out of the tunnel traffic) Default: off trafficsplitnamespace: (string) name of Linux network namespace dedicated to traffic splitting. Default: aircuckoo trafficsplitinterface: (string) name of the physical network interface to be used for traffic splitting. All the unencrypted and out of the tunnel data will pass through the specified network device/interface. In case this directive is not used and unspecified, Bluetit will automatically use the main network interface of the system and connected to the default gateway. Default: unspecified trafficsplitnamespaceinterface: (string) name of the virtual network interface to be associated to the Linux network namespace dedicated to traffic splitting. Default: ckveth0 trafficsplitipv4: (IPv4 address|auto) IPv4 address of the virtual network interface used for traffic splitting. In case it is set to 'auto', Bluetit will try to automatically assign an unused IPv4 address belonging to the system's host sub-network (/24) Default: auto trafficsplitipv6: (IPv6 address|auto) IPv6 address of the virtual network interface used for traffic splitting. In case it is set to 'auto', Bluetit will try to automatically assign an unused IPv6 address belonging to the system's host sub-network (/64) Default: auto trafficsplitfirewall: (on/off) enable or disable the firewall in Linux network namespace dedicated to traffic splitting. The firewall is set up with a minimal rule set for a very basic security model. Default: off AirVPN's traffic splitting is designed in order to minimize any further configuration from the system administrator. To actually enable traffic splitting, it is just needed to set "allowtrafficsplitting" directive to "on" and Bluetit will configure the traffic split namespace with the default options as explained above. When needed, the system administrator can finely tune the traffic splitting service by using the above directives. At this early stage, it is advised not to change the network namespace name but leave it to its default value "aircuckoo" to let cuckoo tool properly work. Power and limitations The adopted solution offers a remarkable security bonus in terms of isolation. For example, it gets rid of the dangerous DNS "leaks in" typical of cgroups based traffic splitting solutions. However, the dedicated namespace needs an exclusive IP address. If the system is behind a NAT (connected to a home router for example) this is not a problem, but if the system is not behind any NAT, i.e. it is assigned directly a public IP address, you will need another public IP address for the network namespace dedicated to traffic splitting. You will need to manually set the other public IP address on the trafficsplitipv4 or trafficsplitipv6 directive as the guessing abilities of Bluetit may work only within a private subnet. Please keep this limitation in mind especially if you want to run the Suite with per app traffic splitting on a dedicated or virtual server in some datacenter, as they are most of the times NOT behind any NAT. Introducing Cuckoo, the AirVPN traffic splitting manager tool Traffic splitting is implemented in AirVPN Suite by using a separate and independent network namespace, directly communicating with the system's default gateway through a virtual interface associated to a physical network interface available in the system. This ensures a true separation of traffic between tunneled and encrypted VPN data from the unencrypted and clear data to be channeled out of the VPN tunnel. The unencrypted traffic will never pass through the default namespace - which is under the VPN control - including, and most importantly, DNS requests. To generate unencrypted and out of the tunnel traffic, any software having this need must be run inside the traffic split namespace. In order to do so, AirVPN Suite 2.0.0 introduces a new tool meant to be specifically used for this purpose: Cuckoo. The tool can be used by users belonging to the airvpn group only. It cannot be used by root or any user belonging to the root group. Additionally, in order to fully use the cuckoo tool, the user must also have special capabilities enabled, notably CAP_SYS_ADMIN, CAP_NET_ADMIN and CAP_NET_RAW. The installation script will set these capabilities to the "airvpn" user only. In case you need to let other users of the airvpn group use the cuckoo tool, you can simply duplicate the corresponding line in /etc/security/capability.conf and adapt it to your needs. Note that in many distributions all of the above will not be necessary but keep it in mind if you find some issue and please feel free to report it. At this current stage cuckoo supports "aircuckoo" namespace only, that is the default namespace configured by Bluetit. This preliminary alpha version does not provide any option and it is meant to simply run an application inside the traffic split namespace only. The usage is straightforward: cuckoo program [program options] The traffic split namespace uses its own routing, network channels and DNS. It will not interfere or communicate in any way with the default namespace where the VPN is running and using its own encrypted tunnel. As for DNS, the traffic split namespace will use default system DNS settings. Programs started with cuckoo are regular Linux processes and, as such, can be managed (that is stopped, interrupted, paused, terminated and killed) by using the usual process control tools. The programs started by cuckoo are assigned to the user who started cuckoo. As a final note, in order to work properly, the following permissions must be granted to cuckoo and they are always checked at each run. Owner: root Group: airvpn Permissions: -rwsr-xr-x (owner can read, write, execute and setuid; group can read and execute, others can read and execute) Note on Web Browsers Firefox and Chromium will not be able to resolve names in the aircuckoo namespace, not even when you run a unique instance of them inside the network namespace itself, in some Ubuntu systems. We are investigating this behavior. Brave, Opera and Konqueror are not affected by this problem, but please consider that due to how browser instances are tied to each other, you might get unexpected behavior if you run the same browser in both namespaces from the same user. For example, if the browser has been started in the default namespace while there is an active AirVPN connection, the traffic will flow to the connected AirVPN server and from the associated VPN IP address from any future apparent instance launched by the same user, and vice-versa. The second instance may detect the first, delegate the task to it and exit, so you will have a new window but not another instance. In order to circumvent the issue, at this stage you may tale care to run programs in the aircuckoo namespace via cuckoo only from airvpn account, and programs whose traffic must be tunneled from your ordinary account. In other words, to add security, do not add your ordinary account to the airvpn group if you plan to use traffic splitting, so your ordinary account will not be able to run cuckoo by accident. EDIT 2024-11-12 --- We aim at resolving most of the above limitations and caveats in the imminent beta 2 version. Download AirVPN Suite 2.0.0 beta 1: ARM 64 bit: https://eddie.website/repository/AirVPN-Suite/2.0-Beta1/AirVPN-Suite-aarch64-2.0.0-beta-1.tar.gz https://eddie.website/repository/AirVPN-Suite/2.0-Beta1/AirVPN-Suite-aarch64-2.0.0-beta-1.tar.gz.sha512 ARM 64 bit legacy: https://eddie.website/repository/AirVPN-Suite/2.0-Beta1/AirVPN-Suite-aarch64-legacy-2.0.0-beta-1.tar.gz https://eddie.website/repository/AirVPN-Suite/2.0-Beta1/AirVPN-Suite-aarch64-legacy-2.0.0-beta-1.tar.gz.sha512 ARM 32 bit: https://eddie.website/repository/AirVPN-Suite/2.0-Beta1/AirVPN-Suite-armv7l-2.0.0-beta-1.tar.gz https://eddie.website/repository/AirVPN-Suite/2.0-Beta1/AirVPN-Suite-armv7l-2.0.0-beta-1.tar.gz.sha512 ARM 32 bit legacy: https://eddie.website/repository/AirVPN-Suite/2.0-Beta1/AirVPN-Suite-armv7l-legacy-2.0.0-beta-1.tar.gz https://eddie.website/repository/AirVPN-Suite/2.0-Beta1/AirVPN-Suite-armv7l-legacy-2.0.0-beta-1.tar.gz.sha512 x86-64: https://eddie.website/repository/AirVPN-Suite/2.0-Beta1/AirVPN-Suite-x86_64-2.0.0-beta-1.tar.gz https://eddie.website/repository/AirVPN-Suite/2.0-Beta1/AirVPN-Suite-x86_64-2.0.0-beta-1.tar.gz.sha512 x86-64 legacy: https://eddie.website/repository/AirVPN-Suite/2.0-Beta1/AirVPN-Suite-x86_64-legacy-2.0.0-beta-1.tar.gz https://eddie.website/repository/AirVPN-Suite/2.0-Beta1/AirVPN-Suite-x86_64-legacy-2.0.0-beta-1.tar.gz.sha512 Changelogs Changelog for Bluetit Version 2.0.0 beta 1 - 13 May 2024 - [ProMIND] WireGuard is now the default VPN for AirVPN connection - [ProMIND] added client option --mtu - [ProMIND] added run control directive wireguardmtu - [ProMIND] added mode to client options - [ProMIND] removed options for unsupported profiles with credentials - [ProMIND] function check_if_root() renamed to is_root() - [ProMIND] added is_hummingbird_running() function - [ProMIND] D-Bus connection methods now check whether hummingbird is running - [ProMIND] Added server D-Bus keys vpn_status to connection_stats - [ProMIND] Added D-Bus command "remove_wireguard_device" - [ProMIND] Added BLUETIT_STATUS_WIREGUARD_DEVICE_EXISTS macro in btcommon.h - [ProMIND] Added wireguard_device_exists() function - [ProMIND} bluetit_status(): added check for existing WireGuard devices - [ProMIND] Added command line option "remove-wireguard-device" to be used in case a crash or unexpected exit and there is a WireGuard device still active - [ProMIND] Added remove_wireguard_device() function - [ProMIND] airvpn_server_save(): added check for south and north america continents - [ProMIND] airvpn_create_profile(): added use_country_fqdn argument - [ProMIND] Added air-sort and air-rsort options - [ProMIND] Added air-limit option - [ProMIND] btcommon.h renamed to btmacro.h - [ProMIND] Added server D-Bus key load to airvpn_country_info and airvpn_country_list datasets - [ProMIND] Manifest update interval is now set according to Manifest "next_update" element - [ProMIND] Added server D-Bus key continent_code and continent_name to airvpn_server_info and airvpn_server_list datasets - [ProMIND] Fixed bug in formal check for "country" and "aircountry" rc directives - [ProMIND] Added --async option for asynchronous connections - [ProMIND] Options --air-info and --air-list can now be used regardless of Bluetit connection status - [ProMIND] Added function vpn_connection_mode() - [ProMIND] Added macros VPN_MODE_BOOT, VPN_MODE_SYNCHRONOUS, VPN_MODE_ASYNCHRONOUS and VPN_MODE_DISCONNECTED - [ProMIND] Added server D-Bus keys airvpn_user_name, airvpn_user_key and vpn_connection_mode to connection_stats dataset *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 2.0.0 alpha 2 - 24 November 2023 - [ProMIND] implemented WireGuard connection - [ProMIND] replaced all OPENVPN_LOG call with Logger::log - [ProMIND] added function is_country_allowed - [ProMIND] function start_openvpn_connection renamed to start_vpn_connection() - [ProMIND] added WireGuard support to start_vpn_connection - [ProMIND] function stop_openvpn_connection renamed to stop_vpn_connection() - [ProMIND] added WireGuard support to stop_vpn_connection() - [ProMIND] D-Bus command set_openvpn_profile renamed to set_vpn_profile in order to support both OpenVPN and WireGuard connections - [ProMIND] added set_wireguard_profile() function - [ProMIND] added establish_wireguard_connection() and reconnect_wireguard() functions - [ProMIND] function reconnect_openvpn() renamed to reconnect_vpn() - [ProMIND] added WireGuard support to reconnect_vpn() *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 2.0.0 alpha 1 - 15 September 2023 - [ProMIND] updated to OpenVPN3 AirVPN 3.9 - [ProMIND] create_daemon(): replaced sprintf with snprintf - [ProMIND] create_daemon(): replaced sprintf with snprintf - [ProMIND] airvpn_server_save(): added generator tag - [ProMIND] airvpn_key_save(): added generator tag - [ProMIND] added run control directives allowtrafficsplitting, trafficsplitnamespace, trafficsplitinterface, trafficsplitnamespaceinterface, trafficsplitipv4, trafficsplitipv6 and trafficsplitfirewall - [ProMIND] start_openvpn_connection(): added log display of local interfaces/addresses - [ProMIND] recover_network(): delete traffic split namespace, in case it does exist. *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog for Cuckoo Version 2.0.0 beta 1 - 13 May 2024 *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 2.0.0 alpha 2 - 24 November 2023 - [ProMIND] Minor development maintenance release *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 2.0.0 alpha 1 - 15 September 2023 - [ProMIND] Initial alpha development release Changelog for Goldcrest Version 2.0.0 beta 1 - 13 May 2024 - [ProMIND] normalization of run control file options with Bluetit's client option macros - [ProMIND] removed options for unsupported profiles with credentials - [ProMIND] added auto completion scripts for bash and zsh - [ProMIND] added support for Bluetit's "remove-wireguard-device" option - [ProMIND] added support for Bluetit's "air-sort" and "air-limit" options - [ProMIND] added support for Bluetit's new D-Bus datasets fields - [ProMIND] added support for Bluetit async option - [ProMIND] show_connection_stats(): added support for vpn_connection_mode, airvpn_user_name and airvpn_user_key - [ProMIND] added Bluetit async option in run control file - [ProMIND] --network-lock option can now be used in async mode (set network lock on and off) *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 2.0.0 alpha 2 - 24 November 2023 - [ProMIND] show_connection_stats(): added WireGuard support - [ProMIND] show_connection_stats(): added new 2.0 stat fields *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 2.0.0 alpha 1 - 15 September 2023 *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog for Hummingbird Version 2.0.0 beta 1 - 13 May 2024 - [ProMIND] function read_profile() renamed to read_openvpn_profile() - [ProMIND] function worker_thread() renamed to openvpn_worker_thread() - [ProMIND] function start_connection_thread() renamed to start_openvpn_connection_thread() - [ProMIND] added function wireguard_client() - [ProMIND] added function finalize_connection() - [ProMIND] added option mode - [ProMIND] normalized log activity. Added function hblog() - [ProMIND] function clean_up() renamed to clean_up_and_exit() - [ProMIND] added function parse_options() - [ProMIND] added function bluetit_lock_file_exist() - [ProMIND] init_check(): improved check for Bluetit connection - [ProMIND] clean_up_and_exit() renamed to cleanup_and_exit() - [ProMIND] added auto completion scripts for bash and zsh - [ProMIND] added "remove-wireguard-device" option - [ProMIND] Added wireguard_device_exists() function *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 2.0.0 alpha 2 - 24 November 2023 - [ProMIND] initial compliance to 2.0 classes and architecture *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 2.0.0 alpha 1 - 15 September 2023 - [ProMIND] updated to OpenVPN3 AirVPN 3.9 - [ProMIND] --eval option prints ClientAPI::EvalConfig.reouteList data *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog for AirVPN Suite Version 2.0.0 beta 1 - 13 May 2024 - [ProMIND] updated install.sh and uninstall.sh scripts for suspend and resume services airvpnmanifest - [ProMIND] searchServer(): pattern is now searched in continent code and name as well airvpnserver - [ProMIND] method getContinent() renamed to getContinentCode() - [ProMIND] method setContinent() renamed to setContinentCode() - [ProMIND] added method getContinentName() - [ProMIND] implemented boolean comparison methods for std::sort airvpnserverprovider - [ProMIND] getFilteredServerList(): added handling for continents in country white and black lists - [ProMIND] method compareServerScore() moved to AirVPNServer class airvpntools - [ProMIND] added method directoryExists() - [ProMIND] added method startsWith() - [ProMIND] method getLoad() renamed to getTrafficLoad() - [ProMIND] split() fixed bug in case string does not contain delimiter - [ProMIND] SERVER_READ_TIMEOUT is now set to 15 seconds - [ProMIND] requestAirVPNDocument(): vector bootServerList is now shuffled before starting the document request countrycontinent - [ProMIND] Added method realCountryName() - [ProMIND] Added constants EARTH, AFRICA, AMERICA, NORTH_AMERICA, SOUTH_AMERICA, ASIA, EUROPE and OCEANIA dnsmanager - [ProMIND] All binary paths are now searched at construction time - [ProMIND] Added DNSManagerException class execproc.c - [ProMIND] Added function exec_error_description() - [ProMIND] Added function exec_cmd_error_description() - [ProMIND] Added function exec_cmd_args_error_description() loadmod.c - [ProMIND] Added function is_module_loaded() netfilter - [ProMIND] All binary paths are now searched at construction time - [ProMIND] Added method isNftUsingIptables() - [ProMIND] Added iptables-nft support to iptablesSave() and iptablesRestore() methods - [ProMIND] Added method isPfEnabled() - [ProMIND] Added methods allowPrivateNetwork() and isPrivateNetworkAllowed() - [ProMIND] Added local and service IPv6 network classes to the default initialization of netfilter - [ProMIND] setup(): added optional argument for private network management network - [ProMIND] struct Gateway: added isDefault field - [ProMIND] method scanDefaultGateway() renamed to scanGateway() - [ProMIND] added method getGatewayFromRouteTable() - [ProMIND] added method getGateway() - [ProMIND] removed member defaultGateway - [ProMIND] added members IPv4Gateway and IPv6Gateway openvpnclient - [ProMIND] implemented OpenVpnClient::acc_event() in order to comply to new master specifications. Event is ignored. - [ProMIND] Added private network option for constructors using a private NetFilter optionparser - [ProMIND] added mode to OptionConfig and Option structures - [ProMIND] added function getOptionsForMode() - [ProMIND] added function getInvalidOptionsForMode() trafficsplit - [ProMIND] added methods removeNamespaceDirectory(), namespaceConfigurationExists(), isDirty() and recover() - [ProMIND] removed methods removeDefaultNamespaceDirectory(), defaultNamespaceConfigurationExists() - [ProMIND] added methods getIPv4Gateway(), setIPv4Gateway(), getIPv6Gateway() and setIPv6Gateway() wireguardclient - [ProMIND] added method setEndPointPort() - [ProMIND] added method removeDevice() - [ProMIND] added methods createInterfaceDevice(), setDeviceConfiguration(), getDeviceList(), changeWgFilesOwnership() ands restoreWgFilesOwnership() (macOS support) - [ProMIND] Added private network option for constructors using a private NetFilter - [ProMIND] Implemented event management - [ProMIND] Improved handshake timeout management vpnclient - [ProMIND] Added private network option for constructors using a private NetFilter *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 2.0.0 alpha 2 - 24 November 2023 execproc.c - [ProMIND] added macros EXEC_MODE_VECTOR, EXEC_MODE_VECTOR_PATH, EXEC_MODE_VECTOR_PATH_ENV and EXEC_MODE_DEFAULT - [ProMIND] added functions exec_set_mode(), exec_set_environ() and exec_reset() - [ProMIND] do_execute(): added mode and environment handling - [ProMIND] execute_process(), execute_process_args(): call exec_reset() before returning - [ProMIND] get_exec_path(): renamed to exec_get_path() and added an extra argument to specify a colon separated search path airvpntools - [ProMIND] method architecture() now uses GCC macros only - [ProMIND] added method platform() dnsmanager - [ProMIND] addAddressToResolvDotConf() now requires IPAddress type logger - [ProMIND] added overloaded log metoths for std::ostringstream network - [ProMIND] added methods setupInterface(), enableInterface() and setInterfaceMtu() - [ProMIND] added method setIPAddress() to Interface class - [ProMIND] scanLocalIpAddresses() renamed to scanLocalInterfaces() - [ProMIND] Interface: added method getAddressCount() openvpnclient - [ProMIND] added inheritance from vpnclient class - [ProMIND] get_connection_stats(): added timestamp item - [ProMIND] function openVPNInfo() renamed to getInfo() - [ProMIND] function openVPNCopyright() renamed to getCopyright() wireguardclient - [ProMIND] added inheritance from vpnclient class - [ProMIND] implemented connection management methods vpnclient - [ProMIND] new class *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 2.0.0 alpha 1 - 15 September 2023 - [ProMIND] updated to OpenVPN3 AirVPN 3.9 - [ProMIND] updated install.sh and uninstall.sh scripts - [ProMIND] updated bluetit.rc template - [ProMIND] updated nsswitch.conf template - [ProMIND] added cuckoo tool to the project airvpntools - [ProMIND] formatTransferRate(): replaced sprintf with snprintf - [ProMIND] formatDataVolume(): replaced sprintf with snprintf - [ProMIND] formatTime(): replaced sprintf with snprintf execproc.c - [ProMIND] execute_process(): added stderr redirection to char *error argument - [ProMIND] do_execute(): renamed parent_pipe and child_pipe to stdin_pipe and stdout_pipe respectively - [ProMIND] do_execute(): added stderr_pipe array - [ProMIND] do_execute(): added stderr redirection to char *error argument localnetwork - [ProMIND] Class renamed to Network netfilter - [ProMIND] translateItemToNFTables(): added dormant flag to table creation - [ProMIND] added method getSystemFirewallBackend() - [ProMIND] added TARGET_IPTABLES_LEGACY and TARGET_UNKNOWN members - [ProMIND] added method itemToCommandRule() network - [ProMIND] added method interfaceExists() - [ProMIND] added overloaded method incrementIpAddress() - [ProMIND] added new public class Interface - [ProMIND] removed old interface and IP address collection in favor of class Interface - [ProMIND] removed methods scanIpAddresses() and scanInterfaces() - [ProMIND] default gateway is now evaluated at object construction and stored in member defaultGateway - [ProMIND] struct Gateway member address is now defined as IPAddress - [ProMIND] added excludeIpAddresses() and worker methods to compute a route by excluding an IP address range - [ProMIND] added getIpAddressNetmask(), getIpAddressHostmask() and getIpAddressNetwork() methods - [ProMIND] added internetChecksum() method - [ProMIND] added getNextUnusedIpAddress() method and worker methods - [ProMIND] added LocalNetworkException class openvpnclient - [ProMIND] profileNeedsResolution(): added check for ClientAPI::EvalConfig.reouteList - [ProMIND] resolveProfile(): added resolution for ClientAPI::EvalConfig.reouteList - [ProMIND] onResolveEvent(): removed log display of local interfaces/addresses - [ProMIND] saveSystemDNS(): replaced deprecated inet_ntoa() with inet_ntop() - [ProMIND] added new method getSystemDnsTable() trafficsplit - [ProMIND] new class *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Kind regards & Datalove AirVPN Staff

Hello! We're very glad to announce a special promotion on our long term Premium plans for the end of Summer or Winter, according to the hemisphere you live in. You can get prices as low as 2.06 €/month with a three years plan, which is a 70% discount when compared to monthly plan price of 7 €. If you're already our customer and you wish to stay aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day. Please check plans special prices on https://airvpn.org and https://airvpn.org/buy All reported discounts are computed against the 7 EUR/month plan. Kind regards & datalove AirVPN Staff

Hello! It might be relevant to know (just in case) that currently connections from Russia, China, Egypt, UAE may work only with OpenVPN in TCP, to port 53 or 443, in tls-crypt (entry-IP address THREE). OpenVPN over SSH is working too. Connections from Iran do not work, no matter the connection mode you try. To Iranian citizens we recommend Tor obfuscated and private bridges. You will need to update your bridge frequently. Kind regards

Hello! Currently it is not in our interest to accept it, we are sorry. Kind regards

@Shitsko @wnorcus and @pdannolfo resolved their respective problems which had different causes on the client side and not strictly related to route check. Nothing useful for the readers on this thread unfortunately, we're going to lock the thread and we recommend to follow the suggestion by @OpenSourcerer here above. Kind regards

Hello! Please send us a system report generated by Eddie. Please see here to do so: https://airvpn.org/forums/topic/50663-youve-been-asked-for-a-support-filesystem-report-–-heres-what-to-do/ Kind regards

Hello! Please send the system report as required by the support team. Please see here to do so: https://airvpn.org/forums/topic/50663-youve-been-asked-for-a-support-filesystem-report-–-heres-what-to-do/ Also, please test a connection with OpenVPN, in TCP and UDP, port 443 and port 53 (all the 4 combinations), to entry-IP address THREE and report whether the problem persists or not. You can change connection mode in Eddie's "Preferences" > "Protocols" window (uncheck "Automatic" to pick a specific connection mode). Kind regards

Hello! With "same issue" do you all mean that by switching to WireGuard the problem gets resolved, like it happens to the original two posters in July, while it persists with OpenVPN? If so, can you tell us whether the problem persists if you change OpenVPN port (for example from 443 to 53)? Also, it's very important that you attach a system report generated by Eddie. Kind regards

Hello! We're very sorry, at the moment we support automatic payments only via PayPal and not via Stripe. You may consider, during the next month, to use your credit card via PayPal (no PayPal account needed) and pick "PayPal subscription" payment option. Kind regards

Hello! Your tickets have been received and a reply was added in 8 hours, which is perfectly normal on Sunday. We see that the reply resolved the ticket by accepting your request. You can check your tickets in your "Client Area". Courtesy e-mails are also available if you have linked a valid e-mail address to your account and you don't disable notifications via mail. Kind regards

Understood. In this case we're terribly sorry but it looks like Amazon can not provide any solution. Kind regards

Hello! The VPN server names have changed into <server name>.airservers.org. The old <server name>.airvpn.org has been preserved for the old servers which had it, for backward compatibility and smoother transition. New servers added after the change have only <server name>.airservers.org. As usual, only entry-IP address 1. Kind regards

Hello! Is it not possible to redeem the gift card and credit it to your Amazon account and then use this account to pay on EU Amazon? Kind regards

Hello! We have been informed about an imminent relocation of our VPN servers in London. They will be migrated to a different datacenter. IP addresses will remain the same. Migration will start on Thursday, 14 Sept 2023, 22:00 UTC +1 and will end on Friday, 15 Sept 2023, 06:00 UTC +1 (London Time) Expected Duration: the migration is anticipated to take 8 hours, during which there will be a full interruption of services. We recommend that you connect to different VPN servers (in UK or elsewhere), not located in London, during the mentioned time frame. Kind regards AirVPN Staff

Hello! Apparently not, we're sorry. With our Amazon Seller account, customers are always re-directed to the EU main Amazon sites to process payments, no matter how we interface with it. You will anyway get the language you prefer, of course. Does it cause to you any inconvenience? Kind regards

Just a quick digression on this matter: no, it would not make any difference. Alleged usage of p2p protocols or even usage of p2p to share copyrighted content never causes an IP address to be included in a black list according to our 14 years approaching experience. By blocking torrenting we would also block VoIP, distribution of free and open source software, update systems of various software houses based on p2p and more without touching the problem you mention at all. We would betray our mission for no good side effect at all. Nowadays the main reasons of blocks against VPN IP addresses are a different kind of abuse and, even more importantly, an a priori refusal of connections coming from any privacy enhancing system which hurts personal data harvesting and reselling. We are in the presence of the thorny issue of services that grant access only if the user is willing to give up his or her privacy, be it for personal data harvesting or for definite geo-location for any intellectual monopoly related issue. That said, we also work daily to remove our IP addresses from the most important black lists around the world and we also make an important exception (since AirVPN birth, so it was decided in cold blood and deemed ex ante as the only acceptable violation of Net Neutrality) to the mission by blocking outbound port 25. Only time will tell whether you're right or not: in the last 13 years the amount of ISPs willing to take VPNs on their datacenters has increased significantly. AUP which forbade consumer VPN activity just 7-8 years ago have been rewritten to allow it (the discrimination remains against Tor in some cases, though). In any case our mission comes first, so it's not a matter to tweak the service and accept disgraceful compromises for us, but it's a matter to either providing the service according to the mission or not providing it at all. The customers and users only will reward or punish our commitments. Kind regards

Hello! The problem: DCO can be used only by OpenVPN 2.6 (or higher version), it is not supported by 2.5.5, the OpenVPN version launched by Eddie in your case. Quickly solve the problem by telling Eddie to create its own interface and ignore DCO: from Eddie's main window select "Preferences" > "Networking" type eddie in the "VPN interface name" field click "Save" Alternatively you can configure Eddie to run OpenVPN 2.6 with DCO but at the moment DCO is highly experimental so if you want a stable environment just don't use DCO at the moment. If you want a VPN software working mainly in the kernel space then please consider WireGuard, as at this stage it's definitely more stable than OpenVPN with DCO. To switch to WireGuard via Eddie (you can then go back to OpenVPN anytime of course): from Eddie's main window select "Preferences" > "Protocols" uncheck "Automatic" select a line with WireGuard. The line will be highlighted click "Save" Kind regards

Hello! Yes, new 10 Gbit/s servers in the USA are planned according to userbase growth. If the current rhythm is maintained (but this is a big big if, in our business) you might see news on November. Kind regards

Hello! Unfortunately not: it is a WireGuard limitation, because the IP address is unique per key and bound to it. Only if you use a unique client key (and therefore IP address) for WireGuard profiles on each device and you don't need remote inbound port forwarding then you can connect multiple devices to the same server. Please see also https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/ Kind regards

Hello! Noted, thank you very much. It will be put under the attention of Eddie Android edition devs. Kind regards

In the meantime happy 10th anniversary! Kind regards

@20194 Hello! Yes, Eddie needs to access the "bootstrap" servers too. Anyway you can stick to WireGuard, as you say. Kind regards

@20194 Hello! Each VPN server has 4 entry-IP address. There are no domain names to obtain entry-IP addresses 2, 3 and 4 of a specific server, but only for countries or continents or all servers. You may consider to use the Configuration Generator or the API to get Xuange''s addresses only. For your comfort they are (v4 and v6, from 1 to 4): 79.142.69.159 2a00:7145:c1:1:d166:dd1b:2fa3:dbdb 79.142.69.161 2a00:7145:c1:1:6726:4916:97c9:c979 79.142.69.162 2a00:7145:c1:1:6838:aa89:d61c:fb42 79.142.69.163 2a00:7145:c1:1:c862:16de:4698:4c9d Kind regards

Hello! The Express VPN interface causes a critical error to OpenVPN: Tell Eddie to ignore any alien interface: Select from Eddie's main window Preferences > Networking, write eddie in the "VPN interface name" field click Save. You may also consider to switch to WireGuard to bypass the alien interface. You can do it in Preferences > Protocols window. Uncheck Automatic, select a WireGuard connection mode and click Save. Kind regards

Hello! Two different problems are reported in this thread for Eddie 2.23.1, can you specify which one you're experiencing as well as your Linux distribution please? Can you also confirm that you're running Eddie 2.23.1? Kind regards