Staff

Hello! A preliminary recommended verification, only if you connect via OpenVPN: https://airvpn.org/forums/topic/58289-openvpn-certificate-has-expired/?tab=comments#comment-231319 If you have imported into your pfSense system AirVPN OpenVPN certificates before 2021, it's time to renew them. As usual, you can use the Configuration Generator available in your AirVPN account "Client Area" to generate new files. If you need to change only specific certificates, you can tell the Configuration Generator to generate split files: turn the "Advanced" switch on, check "Separate certs/keys from ovpn files" and proceed to generate: user.crt is the client certificate ca.crt is the CA certificate user.key is the client key tls-cryp.key is the TLS Crypt key Kind regards

Hello! We inform you that between April the 10th, 2024 and April the 20th, 2024, all Dallas servers entry and exit IP addresses will be changed. The list of servers by name can be found here: https://airvpn.org/status - search for "Dallas". If you run Eddie Desktop edition, Eddie Android edition, or Bluetit + Goldcrest, no action is required as the software will update automatically all the data. If you run any program based on configuration files containing specific references to IP addresses of Dallas servers, then you will need to re-generate the file(s) after the operation has been completed. You can do it as usual through the Configuration Generator available in your AirVPN account "Client Area". If you use Dallas servers as a gateway to restricted services based on filtering anything different from Dallas exit IP addresses, please act properly in advance to avoid any lock out. This major change is part of a series of operations that will allow a much needed and used AirVPN feature to be significantly powered up. More on this in the near future. Kind regards & datalove AirVPN Staff

Hello! Please see here: https://airvpn.org/forums/topic/58289-openvpn-certificate-has-expired/?do=findComment&comment=231319 If the above solution doesn't work, please send a system report. Please see here to do it: https://airvpn.org/forums/topic/50663-youve-been-asked-for-a-support-filesystem-report-–-heres-what-to-do/ Kind regards

Hello and thank you for your choice! Please see here (feel free to continue there if you want to reply): https://airvpn.org/forums/topic/58289-openvpn-certificate-has-expired/?do=findComment&comment=231319 Kind regards

Hello and thank you for your choice! Please try the following procedure: run Eddie on Eddie's main window uncheck "Remember me" log your account out log your account in (you'll need to re-enter your AirVPN credentials) try again a connection Kind regards

Hello! Problem confirmed and under investigation. It is caused by an unexpected sluggishness of the first bootstrap server. If the first bootstrap server fails, Eddie will try the second one (timeout: 45 seconds), and then the third one (again 45 seconds timeout) and so on, so everything will work although the initial connection gets delayed. EDIT: problem solved. Kind regards

Hello! This new problem is unrelated and it is caused by an unexpected sluggishness of the first bootstrap server. We have opened an investigation just while you were writing the message. If the first bootstrap server fails, Eddie will try the second one (timeout: 45 seconds), and then the third one (again 45 seconds timeout) and so on, so everything will work although the initial connection gets delayed. EDIT: problem was solved at 6 PM CEST. Kind regards

Hello! Please check here and let us know whether the problem is solved: https://airvpn.org/forums/topic/58289-openvpn-certificate-has-expired/ Kind regards

Hello! Please see here: https://airvpn.org/forums/topic/58289-openvpn-certificate-has-expired/ Kind regards

Hello! Please see here: https://airvpn.org/forums/topic/58289-openvpn-certificate-has-expired/ Kind regards

Hello! In reality, the first point was superfluous, but it's always useful, if not mandatory, to read the manuals, especially when using services with sensitive aims (in this case enhancing privacy and providing a decent layer of anonymity). Contrary to what some tech giants would have you believe, and although illiteracy is on the rise even in "Western countries", many of the "average consumers" (horrible definition) are still able to concentrate for 3-4 minutes, read and understand manuals and guides. Luckily your idiosyncrasy against 2 minutes reading of important documents is very uncommon in AirVPN users and customers. Kind regards

Hello! The client certificates expiration dates were extended well in advance, a year ago (there is no certificate expiring in 2024), so no warning in the web site was indeed due. ca.crt expiring in 2024 was extended in 2021 (this time we went for 100 years, up to 2121). Here the problem is that Eddie Desktop edition re-downloads the certificates only when the user logs in, so the issue in this thread is caused by expired local certificates. The problem therefore affects those users with Eddie Desktop edition who created their account before 2015 and never logged out in the last thirteen months (indeed best customers!), and use OpenVPN and not WireGuard, or those users who never re-downloaded the ca.crt ever since 2021. If your pfSense system warned you of imminent certificate expiration, then most probably you are (were) using the client certificate downloaded before the automated expiration date extension: just re-download and check whether the problem gets sorted out. Surely and definitely we can add in Eddie Desktop edition a forced re-download, similarly to what Eddie Android and Bluetit do, which happens even when the user never logs out, but we can't do it for third party software, of course. Kind regards

Hello! Please uncheck (on Eddie's main window) "Remember me", log your account out, then log your account in. If the problem persists open a ticket and send a system report: https://airvpn.org/forums/topic/50663-youve-been-asked-for-a-support-filesystem-report-–-heres-what-to-do/ Kind regards

Hello! Please try the following procedure: renew your certificate in the "Client Area" (instructions here: https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/ ) run Eddie on Eddie's main window uncheck "Remember me" log your account out log your account in (you'll need to re-enter your AirVPN credentials) try again a connection Main thread: Kind regards

Hello! A common cause of the problem you experience is an MTU too large for your network. Try a 1280 bytes MTU and check whether the problem disappears or not. You need the following option in the [Interface] section of your WireGuard configuration file: MTU = 1280 Kind regards

Hello! Please try the following procedure: renew your certificate in the "Client Area" (instructions here: https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/ ) run Eddie on Eddie's main window uncheck "Remember me" log your account out log your account in (you'll need to re-enter your AirVPN credentials) try again a connection Main thread: Kind regards

Hello! Does the route check fail both with OpenVPN and WireGuard? Can you please publish a system report generated by Eddie just after a connection attempt has failed? Please see here to do it: https://airvpn.org/forums/topic/50663-youve-been-asked-for-a-support-filesystem-report-–-heres-what-to-do/ Kind regards

Hello! Yes, you can still use this port by changing the "Device" combo box of the specific port to "Any device", or to the name of the device you will regularly use to connect to VPN servers. Kind regards

Hello! The problem affects those users who run Eddie Desktop edition with OpenVPN and never logged out for more than a year, or use OpenVPN clients with configuration files generated before 2021. Since Eddie Desktop edition re-downloads certificates and keys only when the operator logs in, locally some certificates have expired because we extend their expiration date automatically at least one year in advance (three years normally). Please try the following procedure to quickly resolve the problem: run Eddie on Eddie's main window uncheck "Remember me" log your account out log your account in (you'll need to re-enter your AirVPN credentials) try again a connection Kind regards

@randompersona Hello! We see that you solved the problem related to the connections. Now that the main problem is solved, on top of @Hypertext1071 suggestions, please also note that you enabled your remotely forwarded port(s) for one specific device only, but you are currently connecting with different devices, so you don't have the port forwarded by the AirVPN server. Kind regards

Hello! A possible error's cause that comes to mind is a wrong copy/paste of the user.crt file content (your client certificate), can you please check? If in doubt you can generate split certificates and keys so you know exactly which is which. To do it, just turn on the "Advanced" switch available on the Configuration Generator and then enable "Split certs/keys from ovpn files". The Generator will create the following additional files not embedded anymore in the ovpn file: user.crt - the client certificate user.key - the client key ca.crt - the CA certificate of the VPN servers tls-crypt.key - the TLS Crypt key Kind regards

Hello! Can you please try with a smaller MTU (1280 bytes)? Sometimes the problem you experience is caused by the MTU size. In spite of the fact that for 6 months everything was fine with our service, some network change (by your ISP, potentially) might require a smaller MTU now. MTU = 1280 You can edit your wg configuration file with any text editor. Just change 1320 into 1280, save the file and re-start the connection to apply the change. Kind regards

what's going on? Hello! According to WireGuard your configuration file can't be parsed. A probable cause of the parsing error is the PostUp line you created, as all the other directives seem correct and created by our Configuration Generator. Please comment it out or delete it and check whether the problem gets resolved or not. If so, you have the confirmation that the error is there. In this case execute manually the various PostUp commands (with the container connected to the VPN) and check whether any error is thrown out to discern a strictly related parsing problem from a problem caused by the failure of one of the commands. Be aware that the VPN subnet (10.128.0.0/12) overlaps with one of the subnets (10.0.0.0/8) for which you want to create a route back to your host via $DROUTE. Also note that you don't have a PreDown line, which is strictly necessary when the system disconnects from the VPN to clean up the routing table and the firewall rules. Even when the parsing error is fixed, the missing clean up may prevent future connections, so we would recommend that you write proper commands (to be executed with PreDown) deleting your custom routes and firewall rules. What is the exact purpose you want to achieve with that PostUp line? Kind regards

Hello! No, it was not and it is not. Every and each machine runs on non-affected Operating Systems, typically FreeBSD and Debian 12. Debian 12 trivially is not affected because it does not include (in the official repositories we point at) the exploited xz versions 5.6.0 / 5.6.1 (and of course we did not build them from git) while in FreeBSD: Gordon Tetlow, security officer, https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html). Kind regards

@Pi77Bull Thank you very much, we will investigate the problem. At least the units are fine. Note that you didn't need firewalld installation, so you can safely uninstall it if you wish so. You didn't need to remove ufw.service in the "Requires" line as well, it is ignored if missing. The main problem (which does not occur in Debian) now is in Bluetit itself, which waits forever for a network connection that's already available. We are investigating and we will keep you posted! Kind regards