Staff

Hello! Actually such crashes may be the cause of the problem and now your system may have VPN DNS still set. If that's the case, see our previous message in this thread to quickly resolve the issue. Please feel free to report the crashes in the main thread for Eddie 2.23.1 because such crashes must not occur and must be fixed. https://airvpn.org/forums/topic/56428-eddie-desktop-223-beta-released/ We are afraid it doesn't make sense. We would rather recommend that you follow our suggestions in the previous message in this thread, as it might be just a DNS issue. Kind regards

Hello! It might be a DNS issue, if Eddie failed to restore DNS settings in case of a "dirty exit" (graceless kill, crash...). If your system can't resolve names (the purpose of DNS) you will have the feeling that Internet connection doesn't work (even if it does). When the system is connected to the VPN, names can be resolved because the VPN DNS is probably set. However, the VPN DNS is accessible only from inside the VPN. Eddie keeps safety backup files for similar occurrences, so re-running it and shutting it down properly should fix the problem. If this procedure fails, then you can check manually and set properly your system DNS. We recommend Quad9 DNS (9.9.9.9), OpenNIC https://www.opennic.org and DNS.Watch (84.200.69.80) https://dns.watch/ for their commitment to privacy and neutrality. How to configure/change DNS settings in macOS: https://serverguy.com/kb/change-dns-server-settings-mac-os/ Kind regards

Hello! An account with such features will have a maximum of 20 ports available. Thank you for your great feedback. Kind regards

@Undated8198 Hello, we have no plans to remove port forwarding, quite the contrary: we are currently deploying resources to delay port exhaustion and find alternative, but comfortable, procedures to keep offering this service in anticipation of port exhaustion. As you can see we already limited to new customers the amount of bookable ports, in order to preserve advertised features to those who are already our customers. We are committed to avoid retro-active modifications of the service for pre-existing customers, when such modifications would be detrimental for the service or anyway betraying an advertised feature. Kind regards

@Vincenttor Hello! We are monitoring the situation and we will keep you informed. In this moment we can't reproduce the issue with Google. All Google services are normally accessible from the Netherlands servers according to our tests. This is a different problem caused by Microsoft blocks and noticed years ago. A workaround was available, anyway do not let us mix different problems in this thread. About Microsoft Outlook, and more in general for Office 365 and newer versions, we kindly ask you to re-direct yourself here: https://airvpn.org/forums/topic/27414-youll-need-internet-for-this-microsoft-services-when-using-ssl-tunnel/ A general approach: https://www.macwheeler.com/windows-10-office-365-cannot-connect-over-openvpn-fixed/ Kind regards

Hello! Thank you for your valuable tests which helped us find bugs and glitches. Your work was not in vain, you can see how many bug fixes have been implemented on Eddie 2.23: most of them thanks to you and community testers like you. https://eddie.website/changelog/?software=client&format=html We assure you that your work is precious and that under no circumstance will we waste it. Eddie's Deskop edition versioning scheme and release cycle are unorthodox. For example, check what happened now with Eddie 2.23.0: a bug was found, thanks to testers from the community like you. The fix was implemented on a new version (2.23.1) and 2.23.0 has been thrown away. You don't have different betas for 2.23.0, and 2.23.0 will never be Release Candidate or release, to be clear. Similarly, Eddie 2.22.2 will never reach a Release status, and not even a Release Candidate status: each bug fix is implemented not in 2.22.2 but in a new version. You can see it as a customized SemVer (semantic versioning), where: every fix is condensed in the "post release cycle", the scheme is more similar to major.minor.patch than to major.minor.maintenance.build and a whole minor could be thrown completely away without reaching a stable phase (exactly the 2.22 you mention). https://en.wikipedia.org/wiki/Software_versioning With that said: So far no critical problem has been found by anyone on Eddie 2.22.2 so you can keep using it with the usual caveat: it does not include the bug fixes you can see on the 2.23.1 version. Furthermore, Linux users must be aware that Eddie 2.23.1 features full support, with proper DNS management, of every systemd-resolved working mode, which previous Eddie versions don't. Now that more and more Linux distributions come pre-packaged with systemd-resolved working in on-link or hybrid modes (examples: Fedora, Ubuntu), Linux users can seriously consider to jump directly to 2.23.x. Thank you again again for your valuable tests and we frankly hope that you will be among the testing group for Eddie 2.23.x as well. Kind regards

Hello! The icon status change is triggered by the first unsolicited packet reaching qBittorrent. If you don't perform the test and you start seeding or sharing some torrent file, you should see the icon turning green at the first incoming connection (it may require some time if the torrent is very well seeded). Kind regards

@SurprisedItWorks Hello! Yes, it's inconsistent at the moment. Kind regards

@bnrrteterstnjrsj45 Hello! The wintun driver is not for DCO. Are you running Eddie 2.23? If so, please check the caveats in the "Road to OpenVPN 2.6" page, specifically: Kind regards

Hello! The total availability of bandwidth is "full duplex" (so a 1 Gbit/s server can provide up to 2 Gbit/s) but the "used" bandwidth is the sum of up+down, combined. You can safely assume, due to how a VPN works, a near perfect symmetry between upload and download, as each incoming (from the Internet) packet must be sent out to the client, and vice-versa. Kind regards

@emtlo Hello! Yes, it is possible. You can run the AirVPN Suite, please see here: https://airvpn.org/suite/readme/ Kind regards

Hello! We're glad to inform you that we have just released: "Road To OpenVPN 2.6" migration plan - https://airvpn.org/road_to_openvpn26/ A new version of Config Generator with options related to OpenVPN 2.6 A new Eddie Desktop beta release (2.23.0) related to the road above, feature-locked to reach stable release https://airvpn.org/forums/topic/56428-eddie-desktop-223-beta-released/ A new server (Marsic), the first running OpenVPN 2.6 powered by DCO (server-side) and ready for client-side DCO. Kind regards & datalove AirVPN Staff

Hello! We're very glad to inform you that a new Eddie Air client version has been released: 2.23 beta. It is ready for public beta testing. How to test our experimental release: Go to download page of your OS Click the button Switch to EXPERIMENTAL Download and install There are important changes in this release, mainly: Network Lock will be activated by default. Switch back to old behavior by unchecking Preferences > Network Lock > Ensure in session OpenVPN is linked against OpenSSL 3, that deprecates old SHA1 signed certificates (already upgraded under-the-hood) for Linux systems, every and each systemd-resolved working mode is fully supported: DNS push and settings are properly managed PLEASE CONSIDER THIS AS A BETA VERSION. Don't use it for sensitive connections, it's only for those who want to collaborate on the project as beta-testers. Kind regards & dataloveAirVPN Staff

Hello! We seriously doubt that the problem is caused by Network Lock because Network Lock is a set of non-permanent firewall rules which are lost when you reboot the system. Anyway, the answer to your question is: sudo nft flush ruleset (provided that Ubuntu 22.04 is based on nftables). Please check your DNS settings as well, as those are indeed permanently set by Eddie and maybe the previous DNS settings were not restored if Eddie did not exit cleanly. If the problem persists, do not hesitate to open a ticket. By the way, we rule out that the failure to load X and/or a Desktop Environment is related to Eddie. Some other problem is apparently ongoing. Kind regards

How? Or is this specific to Eddie (which I do not use)? I find nothing on the website about this. EDIT: posted unknowingly together with @benfitita - we confirm that the described procedure is fine. Hi, you need to renew the key when you end the current session or you start a new one (but in this latter case you need the consider the caveat below). You can automate the procedure via API, but also remember to update the key or the whole profile for the next session. You can automate this procedure too. With a caveat: key renewal order through the API is not executed in real-time, it may take several seconds (you can check the status via API, or you can simply renew the key at the end of the session and take care to allow enough time for the next key/profile download and session). Kind regards

@galbeedee Thank you for your review! We would like to point out some features of our service that you probably missed according to your review, so that you will be able to use them. You can use per-session WireGuard key, to overcome the questionable design of WireGuard under this respect (WireGuard does not offer dynamic address management at all). It's not very important that your private key is held by you when WireGuard demands that, server side, each public key is linked in files to the VPN IP address and to the public IP address of the client. Therefore, thanks to our design, you are able to use a one session key if necessary. You can renew your key either through the web site or through the API in order to patch this problem. On our side, we actively remove WireGuard entries to public IP addresses when a session is over. We do not understand the link you claim between the key and your browser, feel free to clarify if you wish so. File names of the generated profiles are very descriptive and they reflect community requirements. Community majority currently prefers descriptive file names and wants that the system is not tweaked to accommodate terrible WireGuard design under this respect (WireGuard wants to name the virtual interface with the file name regardless of the system limits). This is an understandable point of view and we will respect it. We will change according to community suggestions. Far from being "best practice", in our opinion, and in the current opinion of the community, that would be the practice to lower a service standard to meet the terrible design of somebody else, something reminding the old, awful but widespread, practice to develop flawed web sites to circumvent Internet Explorer bugs and accommodate its non-W3C compliant dialect. That said, we can of course add some options to make life more comfortable for anyone who should be wearied by the exhausting effort of renaming a set of files. The QR code anyway is already available for Android and iOS (in the Configuration Generator), so you don't need renaming in mobility, just shoot the code from inside wg. This is a key which is necessary when you want an additional encryption layer, and this is a great WireGuard feature. Useful for example in a post-quantum world, when a decent cryptographic algorithm is found (as the wg core has ciphers hard coded by design). Read the WireGuard documentation for more details. Currently pre-shared keys are implemented because a significant part of the community insisted that we got prepared to beat powerful quantum computers, not because we strongly believe that a post-quantum world is imminent. Relevant considerations on the topic can be found here: https://airvpn.org/forums/topic/45608-quantum-computing-and-encryption/?do=findComment&comment=218988 It is anyway considered best practice by various experts to get prepared. Since you mention Mullvad as your opinion of service operating in accordance with best practices, then be informed that pre-shared keys have been recently implemented by them too. We offered this option 13 years ago, well before WireGuard or many other VPN companies even existed. Then they were inspired by our CG. You can pick zip, 7zip, tarball, and compressed tarballs (tar.gz, tar.xz, tar.bz2). You can operate either through the API or web site, as you prefer, to generate and download the package(s) containing the profiles. Note that today the button which would let you select all the servers at once is disabled because of work in progress, but it will be re-enabled very soon. It's a good performance in our infrastructure, but you can improve it (check the top user speed table in the server status page and open a ticket to fine tune WireGuard). About the infrastructure, in 2009 the industry standard was between 20 and 100 Mbit/s, and we are very careful to offer an excellent balance between price and service quality. Since you mention iVPN as an example to follow, please compare AirVPN prices with theirs. Lupus in fabula, the following message by one of our fans reminds us of the consequences of an unwise investment policy. https://airvpn.org/forums/topic/56425-two-new-1-gbits-servers-available-us/?do=findComment&comment=223857 Remember that AirVPN is the only one offering a rigorous no overselling commitment shown by a transparent and verifiable server monitor, that's why most users enjoy higher throughput than with any competitor, and after all we are pleased to see that you are an unsatisfied customer but with 600 Mbit/s throughput and with some requirements for features that are already available. Criticisms help us improve our service, except when required features are already available, as in that case we can't implement them twice. Kind regards

Hello! We're very glad to inform you that two new 1 Gbit/s full duplex servers located in Miami, Florida, are available: Gudja and Kang, The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637 and 47107 UDP for WireGuard. Gudja and Kang support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor: https://airvpn.org/servers/Gudja/ https://airvpn.org/servers/Kang/ Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! Please open a ticket if you need more than 5 connection slots from the same account. The sales department will inform you about options and prices. Kind regards

@Peterom Hello! If it's the router the device connecting to the VPN server you need to forward the port to the final destination (your NAS address), from the tun interface. It's important that you don't use the router port panel, which will forward from the physical network interface. You can follow the instructions here because Asus Merlin WRT has iptables (and lets you access it of course): https://airvpn.org/forums/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/ Kind regards

@Rich Z Hello! Maybe Eddie was not shut down cleanly and it did not restore system's DNS settings. When this happens, the problem can be resolved by re-running Eddie and shutting it down properly. If the problem persists, please check manually your system's DNS settings and verify that public DNS are set. Quad9 (9.9.9.9) and DNS.Watch (84.200.69.80) are committed to privacy and neutrality. OpenNIC is an excellent choice as well. If necessary, consult your system's manual or any guide showing how to set or change DNS in WIndows 10, e.g. https://www.windowscentral.com/how-change-your-pcs-dns-settings-windows-10 If the problem still persists after all of the above, please open a ticket to receive dedicated support. Kind regards

@benfitita Hello! Obviously we don't comment a lot on the lists content, but just in case we remind you that you can de-select it, or you can add the exception for the CDN you mention, thanks to our flexible system. GoodbyeAds lists have been the most requested by our community in the last months, so we made them available. Kind regards

@ghost_of_rargb Hello! qBittorrent offers an option to bind to a specific network interface in "Preferences" > "Advanced" > "Network interface" combo box. Please make sure that, while your system is connected to the VPN, that box is set to the VPN network interface (tun in Linux, utun in Mac, etc.). Kind regards

Hello! Please note that starting Saturday, June 24, all new accounts will have the ability to forward remotely a maximum of 5 inbound ports. The decision is intended to extend the time period after which we will run out of ports. The change is not retroactive: all current customers and all accounts created before Saturday, June 24 will have the usual, total ports availability. In addition, we will continue to investigate viable alternatives in anticipation of port exhaustion. Kind regards & datalove AirVPN Staff

@space5 Hello! Various good ideas, but it's probably overkill. In our case, the overwhelming majority of reasons causing the addition of an IP address into black lists is not related in any way to remote port forwarding. Kind regards

@colorman Hello! The error you get with the mainline version is correct. Unfortunately your distribution is based on a glibc released on February 2020. No worries though, as you can see you can run the legacy version. On the AirVPN Suite user's manual you can find how to use the option which probably you need to modify: Enter it in the Bluetit's run control file which you can edit with any text editor and root privileges, then restart Bluetit. Example to turn it on: allowuservpnprofiles on Kind regards