Jump to content
Not connected, Your IP:


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by Staff

  1. Hello! Space, by default, is one of the internal field separators in any shell, together with tab and newline. If you need a space in any option argument, and you have the space as IFS, you must enclose the argument in double quotes, either in the command line or in a configuration file. It will happen with any argument of course, so passwords too, nothing interesting here. Therefore, the behavior is correct and expected, and we were hunting fairies for days. However, if you already enclose the arguments in double quotes and/or you have modified your IFS environment variable to NOT consider space as an IFS, then the problem is real. We can archive the issue.now unless you tell that there's a match with one of the the mentioned cases. Kind regards
  2. Hello! We're very glad to inform you that AirVPN Suite 1.0.0 RC 1 for Linux has just been released. It addresses all the problems reported so far, except: problems reported in unstable distributions but not occurring in the same distribution stable release the specific problem reported by @OpenSourcerer as we failed to reproduce it: please report if you find anything similar to what OpenSourcerer has reported because we can't manage to reproduce the malfunction in spite of very many efforts Links to download packages have been updated in the first message of this thread. Kind regards
  3. Hello! We're very glad to inform you that Hummingbird 1.1.1 RC 1 for macOS has been released. No bugs have been found or reported during the public beta testing, Therefore, we expect that the stable release will be out soon. Please report any glitch or bug in this thread. Kind regards
  4. Hello! We're very glad to announce a special promotion on our long terms Premium plans. You can get prices as low as 2.20 €/month with a three years plan, which is a 68.6% discount when compared to monthly plan price of 7 €. You can also send an AirVPN plan as a gift: you have the option to print or send a colorful, dedicated picture with the code to activate the plan. You can do that in your account Client Area -> Your membership: Purchase and credit -> Print X-Mas after you have bought a coupon. Code shown in the above picture is an example, not a real code If you're already our customer and you wish to stay aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day. Please check plans special prices on https://airvpn.org and https://airvpn.org/buy Kind regards & datalove AirVPN Staff
  5. Hello! We're very glad to inform you that a new 10 Gbit/s server located in Zurich (CH) is available: Xuange. It's the first server we propose with a dedicated 10 Gbit/s line and port. As we have now circumvented several computing limits through load balancing and improved optimization, it's time to gradually test larger bandwidth. The AirVPN client will show automatically the new server. If you use any other OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other Air server, Xuange supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/Xuange Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team
  6. @OpenSourcerer Thanks, that simplifies things because we can test in the same environment you have with your landline provider. EDIT: do you get the same problem both from Arch and Debian 10? Kind regards
  7. @OpenSourcerer Exactly... so it can't be that. You had better ask your ISP. Probably it has nothing to do with the malfunction but you never know. In order to cross-check that T-Mobile uses IPv6 only network with a NAT64-like implementation (464XLAT, which is considerably superior than the original NAT64) you can check the official T-Mobile documents. T-Mobile USA announced "breaking free of IPv4" and 464XLAT for IPv6-only network in Apricot 2014, see for example here: https://conference.apnic.net/data/37/464xlat-apricot-2014_1393236641.pdf From other documents such as https://together.jolla.com/question/89966/use-dual-stack-ipv4-and-ipv6-on-mobile-data-by-default/ we infer that T-Mobile Germany also adopted XLAT, but it's better that you ask directly your provider for confirmation, even because it's possible that a portion of the network is IPv6 only while a small percentage of users are still stuck to some older Dual Stack etc. Thanks, that's very important and hints to a deeper bug. Thanks for the files too, we should have now all the elements to hunt the bug down in an effective way. If we need something else we will let you know, and anyway we are going to keep you posted. Kind regards
  8. @OpenSourcerer Hello! Thank you again for your ongoing tests. Well no, the IP address you see in the log is never returned by getaddrinfo, getaddrinfo returns structure(s) where the IP address of your network interface assigned by your upstream is included. In general it is / they are not necessarily the IP address(es) which your packets reach the Internet with (in most cases, it/they will be private address(es), of course). We do not rely on getaddrinfo and the issue can't come from it. It's strange that you mention it, so if we miss something please elaborate. Furthermore,: the address returned by ipleak.net (and not by getaddrinfo) is never used by Bluetit for the VPN connection. Note that Bluetit tries to know, via ipleak.net, the country your system is in, which is relevant for the quick connection algorithm, nothing else. The returned IPv6 address we noticed led us to ask you whether you have native IPv4 support or not. We don't understand why that would be relevant. What you say does not imply that you have native IPv4 connectivity. 🤔 You would connect anyway to IPv4 services if your ISP provides you with IPv6 only,. Thanks to any NAT64-like implementation (like T-Mobile in Germany does, you know, with a special implementation of NAT64) voilà, you reach IPv4 services over IPv6, and you don't have native IPv4. 🙃 Maybe the information will give us a clue to understand the issue, because we have no networks built in such a way to perform tests from, so the the fact that the issue can't be reproduced might be explained (or it will not, but it's worth a try). So if you determine that you have or not native IPv4 let us know. Moreover, can you please (when and if you have time, of course), do the following: connect in pure IPv4 not to Kitalpha (as Kitalpha does not support IPv6) with OpenVPN 2.5 connect with Bluetit to Kitalpha through the same profile used by OpenVPN 2.5 in your example and by self connection have Bluetit generate a profile and send it to us (after you have deleted any sensitive data). Test yourself the profile with OpenVPN 2.5 and check what happens with it and Bluetit. We'll do the same and then we can compare both outcomes Thank you in advance. Kind regards
  9. @OpenSourcerer Hello! Bluetit does not try to connect in IPv6, it respects the options that force it to connect in IPv4. However, from ipleak.net you get a reply of an IPv6 address, so it seems that you have IPv6 only. Then the log shows an empty entry, which must be investigated as it is abnormal. Then Bluetit explicitly avoids IPv6, according to your command option "-V off" and your rc file. Some other questions: are you sure that you have IPv4, or might it be that you have only IPv4 over IPv6? In general, without Bluetit, how do you connect to AirVPN in pure IPv4? Kind regards
  10. @pjnsmb Hello! We already asked in the past but we don't see any reply so we ask again: what is your distribution name and version? Kind regards
  11. @OpenSourcerer Hi, can you post Bluetit log too, after the issue has occurred? If we remember correctly you run systemd based systems so: sudo journalctl | grep bluetit Kind regards
  12. Hello! We're very glad to inform you that AirVPN Suite 1.0.0 Beta 3 has just been released. It fixes every bug found and reported in this thread so far. Please feel free to verify! Download URLs in the first message have been updated and now link to Beta 3. Please feel free to download and keep testing, thank you! Kind regards
  13. Hello! We guess you mean linked on this new library: if so, very soon, you should see the first public beta version in January. Kind regards
  14. Hello! We're very glad to inform you that we have just released Hummingbird 1.1.1 Beta 2 for macOS (High Sierra or higher version required). It is ready for public beta testing. UPDATE 23-Dec-2020: Hummingbird 1.1.1 RC 1 has been released Main features Lightweight and stand alone binary No heavy framework required, no GUI Small RAM footprint Lightning fast Based on OpenVPN 3 library fork by AirVPN robust leaks prevention through Network Lock based on pf - working perfectly on Big Sur too proper handling of DNS push by VPN servers capable of higher throughput than OpenVPN 2.5 What's new Remarkably higher performance Hummingbird 1.1.1 is based on the latest OpenVPN AirVPN library version 3.6.6 linked against OpenSSL, and not mbedTLS anymore. OpenSSL latest versions in macOS have reached higher performance than mbedTLS both in encryption and decryption based on AES and CHACHA20-POLY1305 ciphers. By relying on OpenSSL and thanks to highly optimized compilation as usual, Hummingbird on macOS is now able to beat OpenVPN 2 performance as well as previous Hummingbird 1.1.0 performance. According to our tests performed on macOS Catalina and Mojave, and keeping AES-256-GCM as Data Channel cipher, throughput increases up to 100%. Comparisons have been performed against Eddie 2.19.6 + OpenVPN 2.5, Tunnelblick + OpenVPN 2.4.9 and Hummingbird 1.1.0. All the tests consistently show a great performance boost, starting from +30% and peaking to +100%. Therefore, we strongly recommend that you test Hummingbird 1.1.1 even if you run Eddie. Remember that you can run Hummingbird through Eddie comfortably and quickly by setting the proper option. New OpenVPN 3 library features Starting from version 1..1..1, Hummingbird is linked against a new version of our OpenVPN 3 library which supports directive data-ciphers: it can be used consistently with OpenVPN 2.5 syntax in OpenVPN profiles. The directive allows OpenVPN 3 based software to negotiate a common Data Channel cipher with the OpenVPN server,, updating therefore our library to ncp-like negotiation with OpenVPN 2 branch. The new library also includes a different handling of IV_CIPHERS variable, fixing OpenVPN main branch issues causing a plethora of problems with OpenVPN 2.5. The implementation, at the same time, takes care of full backward compatibility with OpenVPN versions older than 2.5. ncp-disable directive, which to date has never been implemented in the main branch, is still supported, in order to further enhance backward compatibility with both OpenVPN profiles and servers, as well as connection flexibility with servers running older than 2.5 OpenVPN versions. Please note that if you enforce a specific Data Channel cipher by means of Hummingbird line option, the enforced Data Channel cipher will override data-ciphers profile directive. Changelog 3.6.6 AirVPN by ProMIND - [ProMIND] [2020/11/02] openvpn/ssl/proto.hpp: IV_CIPHERS is set to the overridden cipher only (both from client and/or OpenVPN profile) in order to properly work with OpenVPN 2.5 IV_CIPHERS specifications. The old method of cipher overriding by means of negotiable crypto parameters is still supported in order to maintain compatibility with OpenVPN < 2.5.0 - [ProMIND] [2020/11/24] added "data-ciphers" directive to profile config .ovpn files in order to comply to OpenVPN 2.5 negotiable data cipher specifications. In case "data-ciphers" is found in the .ovpn files IV_CIPHERS is assigned to the algorithms found in "data-ciphers". In this specific case, "cipher" directive is used as a fallback cipher and, if not already specified in "data-ciphers", is appended to IV_CIPHERS Download Hummingbird for macOS is distributed in notarized and plain versions: Signed and notarized version: https://eddie.website/repository/hummingbird/1.1.1-RC1/hummingbird-macos-notarized-1.1.1-RC-1.zip Plain version: https://eddie.website/repository/hummingbird/1.1.1-RC1/hummingbird-macos-1.1.1-RC-1.tar.gz The difference is about how the package is seen by macOS security and it is therefore up to the user to pick the distribution file suiting his or her needs best. The notarized version is compliant to macOS software security scheme and runs "out-of-the-box", whereas the plain version needs to be explicitly granted permission to run by the user in macOS security & privacy settings. Please note that both versions ensure the same functionality in connecting a VPN server, it is however up to the user to decide whether using the signed and notarized version or not. Version 1.1.0 manual is available here https://airvpn.org/hummingbird/readme/ Please report any bug or consideration in this thread if you decide to test. Thank you in advance for your tests! Kind regards & datalove AirVPN Staff
  15. @dL4l7dY6 Hello and thank you for your tests and report! Orion does exist so the error message is surely wrong. Maybe it is triggered by a wrong key name, can you please make sure that the key name (in goldcrest.rc option "air-key") matches exactly the "device" name in your control panel (i.e. "Default")? What happens if you don't specify any key in goldcrest.rc? The suite log entry calls "profile" what your account control panel calls "device", according to the label picked in Eddie Android edition (not to be confused with an "OpenVPN profile", which is a configuration file). In reality "profiles" and "devices" in this context are all labels for client certificate/key pairs, and the suite correctly defines them as "keys" in the options.. We will work to make labels more coherent between Bluetit, the website and Eddie., and avoid calling them "profiles" to prevent confusion with OpenVPN profiles. Bluetit and Golcrest already avoid "profile" label, what you see in the log must be some "remainder" in logging. Please keep us posted. Kind regards
  16. @Maggie144 Hello! Thanks, glad to hear the problem is resolved. The feature you mention is available in Goldcrest+Bluetit https://airvpn.org/forums/topic/48435-linux-new-software-airvpn-suite-10-beta/. They will be ported to macOS too, in 2021 first quarter. Kind regards
  17. @Hiroo Onoda Hello! Please discard our previous message. There is no such permission on stock Android 10 versions The wrong answer was based on a customized Android version we use. We apologize for any inconvenience. Currently Eddie can not boot automatically in Android 10 and 11 unless you start it with third party boot managers etc. The issue will be addressed in the next Eddie release, stay tuned. Kind regards
  18. Hello! We're very glad to inform you that OpenVPN AirVPN 3.6.6 is now available. It implements data-ciphers directive following the same OpenVPN 2.5 directive syntax for a more flexible and comfortable choice of Data Channel ciphers by the client side, including CHACHA20-POLY1305 whose support was added by AirVPN in 2019. OpenVPN AirVPN now handles Data Channel cipher by complying to new OpenVPN 2.5 specifications while keeping backward compatibility with older than 2.5 OpenVPN versions. For additional comfort and backward compatibility, support to ncp-disable directive implemented by AirVPN is currently kept. Please see the changelog for more details. AirVPN Suite 1.0.0 software suite for Linux is already linked against the new library. Eddie Android edition will be updated accordingly in the near future. Updated macOS software based on the new version is planned as well. Hummingbird 1.1.1 for macOS will be released soon and linked against the new library. OpenVPN AirVPN 3.6.6 is now 93 commits ahead of master branch. Source code is available on GitHub: https://github.com/AirVPN/openvpn3-airvpn Changelog 3.6.6 AirVPN - Release date: 7 December 2020 by ProMIND - [ProMIND] [2020/11/02] openvpn/ssl/proto.hpp: IV_CIPHERS is set to the overridden cipher only (both from client and/or OpenVPN profile) in order to properly work with OpenVPN 2.5 IV_CIPHERS specifications. The old method of cipher overriding by means of negotiable crypto parameters is still supported in order to maintain compatibility with OpenVPN < 2.5.0 - [ProMIND] [2020/11/24] openvpn/ssl/proto.hpp: added "data-ciphers" directive to profile config .ovpn files in order to comply to OpenVPN 2.5 negotiable data cipher specifications. In case "data-ciphers" is found in the .ovpn file IV_CIPHERS is assigned to the algorithms found in "data-ciphers". In this specific case, "cipher" directive is meant as a fallback cipher and, if not already specified in "data-ciphers", is appended to IV_CIPHERS Kind regards & datalove AirVPN Staff
  19. @clebretonfr Hello! Please consider that dnsmasq is not supported by Blutetit or Hummingbird. If you use it, DNS resolution is up to you exclusively. If DNS queries do not reach a third party DNS server, an option to consider is that the third party DNS rejects queries from AirVPN server(s). About the problem at cold start, it will be investigated, thank you for your report! Kind regards
  20. @Maggie144 Hello! Route check is performed by Eddie, not by Hummingbird. Can you please run Hummingbird alone, without Eddie, and check whether you still have the delay you report during a connection? If you determine that the delay is caused exclusively by Eddie route check, and you keep Network Lock enabled, you can safely disable route check and save a lot of time. Route check is redundant when Network Lock is enabled. You can disable route check in Eddie Preferences > Advanced window. De-tick "Check if tunnel works" item and click "Save". Currently, Hummingbird 1.1.1 beta 2 is being tested publicly in Linux, When a stable version is released, it will be ported to macOS too. Kind regards
  21. @SomewhatSane Hello! Try to enlarge buffers to 1 MB or even 2 MB. Directives to set OpenVPN buffer size: rcvbuf x sndbuf y where x and y are in bytes. For example, for 1 MB buffers: rcvbuf 1232896 sndbuf 1232896 It must also be said that, in order to beat 500 Mbit/s, you need some luck, i.e. you need finding a server that in some moment has a very low bandwidth requirement by other clients. Also, if you have an AES-NI supporting system but a less powerful CPU, try AES-128-GCM. Kind regards
  22. @Check Hello! What crashes are you referring to? In the last months we had no crashes on UK servers. Check the server monitor for several technical details that you should find useful. Kind regards
  23. @Braguette A transaction ID is not a personal information, but a code created pseudo-randomly, so it would be an error to cover it in a Privacy Notice and Terms document. Anyway it is stored in the payment processor database forever. If a customer asks for a refund, she must provide the needed data to make the refund possible, or simply ask the payment processor for a refund via the proper procedure implemented both in 2Checkout and PayPal. If the payment was delivered directly without intermediaries (i.e. through cryptocurrency which we accept cutting out any intermediary), the customer asking for a refund must again provide us with the proper data to let us verify refund eligibility, for example transaction hash in a blockchain. Kind regards
  24. Hello! We do not retain data on AirVPN servers. Data remains forever in your and our PayPal account,, as well as in your credit card company database, though. However that's a matter of PayPal or your credit card issuer privacy policy. In our privacy notice we address this fact here: Thank you very much for your choice. Enjoy AirVPN! Kind regards
  25. Hello! Android 10 and 11 change slightly the apps permission scheme. Now you need to explicitly authorize, from Android settings, an app to start at boot. It's no more sufficient that an app registers itself to start. Additionally, an explicit authorization to read the storage must be given, to allow Eddie to read profiles, nothing else. Can you please check? We are looking forward to hearing from you. Kind regards
  • Create New...