Staff

Hello! Wait, you must enter the key label. The label is just the name you assigned to the key in your AirVPN account device panel. Kind regards

Hello! For this purpose running an OpenVPN server and client at the same time on the same router is perhaps a useless complication. A simpler solution is just connecting the router to some AirVPN server, forwarding and pre-routing the ports needed for the listening services of the machines behind the router to the proper destination (both on your AirVPN account port panel and from the router's tun interface), configuring the proper DDNS for each port, and reach from the Internet the services running on the devices behind the router. This simple solution, however, is not suitable in case you need more than 5 ports (if you need more, contact the support team). Kind regards

@cccthats3cs Hello! We have removed this limitation. If anybody else experiences this problem please contact us via support@airvpn.org or anyway write to support@airvpn.org to bypass the limitation (the support team will then sort your mail messages in the proper ticket). Kind regards

Hello! Yes, connection's key ("device" in the Client Area) can be selected via Goldcrest's --air-key option: https://airvpn.org/suite/readme/#goldcrest-configuration or via Bluetit's run control file option airkey: https://airvpn.org/suite/readme/#bluetit-configuration Please note that the key string is case sensitive. Kind regards

@cccthats3cs Hello! For the readers too. The problem was most probably caused by a rare conflict caused by a vicious bug which has been resolved. Haedus runs on a kernel based exclusively on nftables, but with iptables-nft userspace utility still available when the system basic files are uploaded in RAM. An old script of ours invoked iptables-nft once during the bootstrap and triggered the feared "translations" back an forth between iptables and nftables, which in turn caused rare troubles in adding and removing rules for remote inbound port forwarding. This series of unfortunate events was resolved by fixing the script (no more iptables-nft, of course). Fix deployment has been ongoing on the infrastructure since a week ago but was not yet rolled out on Haedus. The fix is deployed gradually because in general the bug does not cause these issues and also because a complete clients disconnection is required to bring back the system to a "no nft/iptables hybrid" status. Thank you! Kind regards

Hello! Yes, in this case it's not reachable at all. Not necessarily. You should have forwarded port 8843 on your AirVPN account port panel (you did it by re-mapping port 28443, so make sure to connect to port 28443 of your DDNS, and not 8843) and you must make sure that the GUI web app binds to the OpenVPN client's tun interface and not to OpenVPN server's tun interface or to the physical network interface. A router's GUI web app may also refuse any connection outside the local network for security reasons, please check. Please also consider to stop the OpenVPN server to discern the exact problem with the router web interface. It is the subnet of the OpenVPN server your OpenVPN client connected to. The OpenVPN server assigned to your OpenVPN client tun interface (a virtual network interface) the 10.16.170.244 adress, in the 10.16.170.0/24 subnet. The route added in table ovpnc1 ("OpenVPN client 1") and quoted in your message looks very correct. Kind regards In this context "internal" IP address is very ambiguous. That's probably the IP address of the router's physical network interface for the WAN or LAN, in turn assigned (if you use DHCP) by the ISP router your Asus router is connected to. Kind regards

Hello! Thank you for the clarification, we should have understood this setup since your very first message. This is likely the problem. Running an OpenVPN server and an OpenVPN client on the same host at the same time requires some care. Latest Merlin firmware version might support it out of the box, please verify. If this particular configuration is possible, remember that your OpenVPN server will probably be reachable from the Internet on your real IP address:1194, not on the VPN server exit-IP address, because OpenVPN server and client will necessarily rely on different tun interfaces and routing tables. Is there anyone reading this thread who achieved a proper setup of an OpenVPN server and an OpenVPN client running simultaneously on a Merlin router, with the OpenVPN client network receiving packets for the OpenVPN server subnet? Kind regards

@chbni Hello! The OpenVPN log shows a successful connection, so everything seems fine here. Just for a cross-check, please browse ipleak.net from a browser of a device behind the Asus router and verify that your "real" IP address does not appear anywhere. If it does, this potential issue: could be resolved by upgrading the firmware. By upgrading to AsusWRT Merlin you will also have the option to forward ports to a device behind the router itself, should this need arise in the future. About remote inbound port forwarding, we're back to square 1 so we will be waiting for the answer to our first question in our first message: what is this listening service running on the router you write about? Kind regards

@cccthats3cs Hello! This account can not connect to VPN servers so we can't verify on our side (you probably have another account). Please open a ticket or a thread to let us know your account name in AirVPN if you want to have us verify that the settings for your account on our side are properly implemented in the VPN servers you connect to. Kind regards

Hello! No, it is not possible as the traffic flow is still encrypted on your ISP infrastructure, including your home ISP router. You were correct and this was assumed as already working. You mentioned a problem about remote inbound port forwarding, which is an additional feature. If the problem pertains to the connection by the router to the VPN servers, then it must be re-assessed: in this case remote inbound port forwarding does not even enter into play. Please clarify: can the router connect to AirVPN servers? if not, please send us the OpenVPN log taken after a connection attempt has failed is the problem related to remote inbound port forwarding? if so, please answer to the previous question and clarify: is the listening service really running on the router, or is it running on any device behind the router? Kind regards

Hello! Actually it should not be necessary. Forwarding unsolicited packets from the router to the final destination is necessary if the listening service is running on a device connected to the router, and the router is the one device which connects to the VPN. What is this listening service running on the router you write about? Maybe packets to it are blocked by firewall rules, have you checked them? Kind regards

Hello! Remote inbound port forwarding is a server side feature that can be comfortably managed from your AirVPN account port panel. Please see here: https://airvpn.org/faq/port_forwarding/ Kind regards

Hello! Please see (and if necessary continue the thread) here: Kind regards

@Fyaskass Hello! We asked for a system report, which provides relevant information in addition to the log. From the log, anyway, we can see that you picked a connection on the IPv4 layer; however, you should try one on IPv6 since you don't have IPv4 connectivity from your ISP. from Eddie's main window select Preferences > Networking set the Protocol used for connection combo box to IPv6 only click Save Test again connections and send us a system report generated by Eddie if the problem persists. Kind regards

Hello! Can you please post a system report generated by Eddie after the problem has occurred? Please see here: https://airvpn.org/forums/topic/50663-youve-been-asked-for-a-support-filesystem-report-–-heres-what-to-do/ Kind regards

Hello! OK. What is the OpenVPN version you have no problems with? OpenVPN 2 branch runs external system tools to configure interfaces and routing table, while OpenVPN3-AirVPN and Bluetit try to minimize the external tools to launch. In particular the tun interface configuration is accomplished quite differently by OpenVPN 2 and 3. If you run Bluetit in "WireGuard mode", do you experience the very same issue? Also, do you experience the same issue if you run native wg tools? Kind regards

Hi! Historically, that's for the Black Friday only. 😉 Kind regards

Hello! We reluctantly have to announce gloomy news to you all: Spooky Halloween Deals are now available in AirVPN... Save up to 74% on AirVPN longer plans (*) (*) When compared to 1 month plan price Deal will expire on 2024-11-04 UTC Check all plans and discounts here: https://airvpn.org/plans If you're already our customer and you wish to jump aboard for a longer period any additional plan will be added on top of already existing subscriptions and you will not lose any day. Every plan gives you all the features that made AirVPN a nightmare for snoopers and a scary service for competitors. Just check this frighteningly long list of terrific features if you dare: a clear mission without compromises https://airvpn.org/mission exclusive and comfortable remote inbound port forwarding system flexible, opt-in block lists against malware and other hostile entities. Pick predefined lists, add exceptions or additional blocks, define your own lists, or just use our totally neutral DNS by default improved API functions to let you control and configure VPN features and account settings active OpenVPN 3 AirVPN library open source development WireGuard integration IPv6 support, including IPv6 over IPv4 refined load balancing to squeeze every last bit per second from VPN servers free and open source software for Android, Linux, Mac and Windows easy "Configuration Generator" web interface for access through third party software guaranteed minimum bandwidth allocation GDPR compliance and very high privacy protection standards no log and/or inspection of clients' traffic effective traffic leaks prevention by AirVPN software Tor support via AirVPN software on Linux, Mac and Windows various cryptocurrencies accepted without any intermediary no obligation to use our free and open source software to enter AirVPN infrastructure. Interoperability is an AirVPN priority. perfectly clear and easy to read Privacy Notice and Terms https://airvpn.org/privacy No tricks, only treats! We witch you a spooktacular Halloween! AirVPN Staff

@jssi Hello! UDP seems blocked. Also, the Mullvad tunnel we see in the report is up, therefore conflicts will arise on the main routing table and also for the overlapping of Mullvad/AirVPN VPN range (subnet). Please check any packet filtering tool both on your Fritz!Box and your system and make sure that they do not block UDP. Moreover, please do not keep the Mullvad tunnel up while you run Eddie (and vice-versa). You may also test a connection with WireGuard. You can switch to WireGuard on Eddie's "Preferences" > "Protocols" window. Kind regards

Hello! Thank you very much for your tests. Can you please post the whole Bluetit log and also tell us your exact distribution/OS name and version? Also, if some specific action is needed to cause the crash, can you describe it step by step to help us reproduce the failure? Kind regards

@matto82 Hello! OpenVPN can't configure the tun interface (operation not permitted). Usually this happens in unprivileged containers, is it the case? Please upgrade to AirVPN Suite 2.0.0 beta and test again with both OpenVPN and WireGuard. If the issue persists, please check this thread for further insight and potential solutions: https://forum.proxmox.com/threads/openvpn-in-unprivileged-container.38670/ Kind regards

Hello! Eddie Android edition is a fully integrated with AirVPN, free and open source WireGuard and OpenVPN GUI client. Source code is available on GitLab. Eddie is based on official WireGuard library and OpenVPN3-AirVPN library (free and open source software library by AirVPN), allowing comfortable connections to both OpenVPN and WireGuard servers. All Android versions from 5.1 to 14 are supported. We're very pleased to announce that Eddie Android Edition 3.2.0 is now available: a release focused on bug fixes featuring also a much more robust management of critical situations and network conditions. You can download Eddie Android 3.2.0 APK directly from our repository or from the Google Play Store, please see here: https://airvpn.org/android/eddie/ Source code is available in GitLab: https://gitlab.com/AirVPN/EddieAndroid/ Direct link to the changelog: https://gitlab.com/AirVPN/EddieAndroid/-/blob/master/ChangeLog.txt What's new updated to OpenVPN3 3.11 AirVPN (20240912) updated to OpenSSL 3.3.2 fixed pause/resume button status according to network status change (OpenVPN) fixed a bug which caused the app to rely on VPN servers domain names for AirVPN country connections at device bootstrap fixed a bug which caused the app to crash on some systems if no network was available at device bootstrap fixed a bug which caused a paused OpenVPN connection to resume after a network change fixed AirVPN manifest management, particularly during concurrent network access and VPN startup fixed a pre-packaged manifest issue which caused the app to crash when a profile was imported and the proper manifest could not be downloaded fixed a bug which caused the app's quick tile button to become unresponsive in some systems after the app was swiped out fixed a bug which caused the app's quick connection button to become unresponsive after or during an OpenVPN session fixed a bug which caused the quick tile button status to get misaligned with the actual app status fixed a bug which caused the app to show a status different from the actual device and/or VPN status fixed a bug which caused the app to ignore the white list at the first connection through the quick tile button and in other circumstances fixed a bug which caused the app not to update the white list after a user already defined it and later changed it added profile deletion multiple selection added an optional real time log view update and refresh improved Quick Setting Tile interaction improved VPN connection at startup (device bootstrap) by checking and properly managing critical system and network conditions Main features Compatible with all Android versions ranging from 5.1 to 14 Full WireGuard support and integration with AirVPN ChaCha20-Poly1305, AES-CBC and AES-GCM support on both OpenVPN Control and Data channel Battery-conscious application Low RAM footprint Ergonomic and friendly interface Ability to start and connect the application at device bootstrap GPS spoofing Traffic splitting and reverse traffic splitting on an application basis. You can define which apps must have traffic inside or outside the VPN tunnel through white and black list Localization in simplified and traditional Chinese, Danish, English, French, German, Italian, Portuguese, Russian, Spanish, Turkish Full integration with AirVPN Quick tile button Enhanced security thanks to locally stored encrypted data through optional master password Quick one-tap connection and smart, fully automated server selection Smart server selection with custom settings Manual server selection Ability to start and connect during device startup according to a priority list which includes automatic choice, your defined country and your defined AirVPN server Smart attempts to bypass OpenVPN blocks featuring protocol and server fail-over Full Android TV compatibility including D-Pad support. Mouse emulation is not required. Enhancements aimed at increasing accessibility and comfort to visually impaired persons  AirVPN servers sorting options Customizable "Default", "Favorite" and "Forbidden" servers and countries OpenVPN and WireGuard mimetype support to import profiles from external applications Multiple OpenVPN profile support. The app now imports and manages multiple OpenVPN and WireGuard profiles Support for custom bootstrap servers Support for favorite and forbidden countries AirVPN broadcast messages support The app is aware of concurrent VPN use. In case another app is granted VPN access, Eddie acts accordingly and releases VPN resources Optional local networks access. In such a case, local network devices are exempted from the VPN and can be accessed within the local devices Localization override. User can choose the default language and localization from one of the available ones Ability to directly select an AirVPN area (country, continent, planet) to connect to VPN concurrency management Full integration with VPN traffic leaks prevention by system in Android 7 or higher version User can generate or save an OpenVPN or WireGuard profile for any AirVPN server or country and save it in the internal OpenVPN and WireGuard profile manager or export it On the fly language change allowing to switch language without re-starting application Exclusive optional VPN lock in case the device cannot take advantage of Android's VPN direct management (Android 5 and 6) Server scoring algorithm implementing the latest AirVPN balance factors in order to determine the best server for quick connection Network name and extra information are shown along with network type Device network status management Fully compatible with Android TV 5.1 and higher versions  Please remember that, starting from Android TV 10, Always On VPN feature has been stripped off in order to prevent users from connecting to a VPN during an Android TV based system bootstrap. Therefore Eddie start & connection at bootstrap, as well as system built in leaks prevention, are not possible on Android TV 10 and higher versions. For leaks prevention you can rely on Eddie's "VPN Lock" feature. Android TV 9 and older versions can still start Eddie during the bootstrap and have it connected when you activate Always on VPN and configure Eddie accordingly. Download link https://eddie.website/repository/Android/3.2.0-VC34/EddieAndroid-3.2.0-VC34.apk Quick link for faster TV devices typing: https://airvpn.org/tv SHA-256 checksum 82b5ceee79f86f6b3a81974cc907d29a38d5854ab1e2c8dff0e9f7fdb3901431 EddieAndroid-3.2.0-VC34.apk How to sideload Eddie Android edition on Android TV and FireOS devices https://airvpn.org/android/eddie/apk/tv Kind regards & datalove AirVPN Staff

Hello! Yes, you need to handle packets in order to forward them to the proper destination. The VPN server sends incoming packets to Flint2, which in turn decrypts the VPN flow. Then, the router can not know the real, final destination of each unsolicited packet and you must define the proper rules. An example with iptables here: https://airvpn.org/forums/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/ According to online documentation it appears that Flint2 OEM firmware's graphical interface supports inbound port forwarding from the VPN interface, please check the router's manual. Kind regards

Hello! This final crash of the eddie-tray is probably a direct consequence of: Since Fedora adopted Wayland as the only display server, Eddie (just like many other applications, based or not based on Mono) may crash. Wayland by itself does not provide a graphical environment and compatibility with applications relying on Xorg is competence of the compositors. You may either try to use Eddie in CLI mode only (i.e. avoid the GUI and therefore eddie-tray) or test the AirVPN Suite 2.0.0 beta (it does not offer any GUI). While Wayland and many compositors progress and approach maturity it's possible that various issues and incompatibilities will be resolved. Xwayland is an X server that runs under Wayland, providing compatibility for native X11 applications that lack Wayland support. Can you verify whether it is installed in your system? Just installing the package xorg-xwayland should be sufficient to enable Xwayland, but reports claim that you do not have a 100% compatibility. Worth a test anyway. With all of the above said, Eddie's developers are anyway investigating. EDIT: in Fedora you can still get rid of Wayland because all the Xorg packages are available. This is the preferred solution by several Wayland victims to regain a full compatibility not only with Eddie, but with the relevant amount of applications that currently can't run in Wayland regardless of compositor. Kind regards

Hello! There is no 2.0.0 release currently. Kind regards