Staff

Hello! Reading it is not sufficient, then you have to change your configuration accordingly. How did you add the end point (destination VPN server)? Kind regards

@Bobo90 Hello! Your compose file lacks the proper setting of the FIREWALL_VPN_INPUT_PORTS environment variable. If you set it on the command line options fine, but if not you must add it and set it properly. The FIREWALL_VPN_INPUT_PORTS environment variable in Gluetun specifies a comma-separated list of ports that must be allowed through the firewall. Without it, packets forwarded by the VPN server will be dropped by GlueTun firewall. About this error: "ERROR [vpn] finding a VPN server: target IP address not found: in 250 filtered connections". you should be able to resolve it by reading the documentation specific for AirVPN: https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/airvpn.md Kind regards

Hello, there's at least one Usenet provider that caps traffic of any VPN competitor to boost its own offer. This is an anti-competitive practice. Thank you for not advertising. With that said please open a ticket to investigate, especially if you get poor performance when you access any other service while connected to the VPN. Kind regards

Hello! Can you tell us your OS name and version and which Eddie version you're running? Kind regards

@airvpn12345 Hello! It's not an authorization problem, but WireGuard traffic is blocked. Can you please check any antimalware tool on your system, as well as the Windows Defender firewall, and make sure that they do not interfere with UDP and WireGuard traffic? Please check also your router and disable, if active, any traffic management tool. Kind regards

Hello! Please make sure that Eddie is not configured to connect automatically at startup on "Preferences" > "General" window. If the problem persists and you do not recognize the session(s) it is necessary to keep into consideration a possible unauthorized use of your account. Please change your AirVPN user password (pick a strong password you do not use anywhere else) and renew your keys to cut out any potential fraudulent user, please see here: https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/ Kind regards

Hello! You need to log your account out and in again. When "Remember me" is active, Eddie Desktop edition stores locally all the information. The idea is that when you're in a network that prevents bootstrap servers access, you can count on a reliable local copy to get the vital connection information. In order to force Eddie to update this copy, it is necessary to log the account out and then log it in again (from Eddie's main window). This is not necessary in Eddie Android edition which keeps a local copy but tries anyway to update it whenever possible. Kind regards

Yes that was clear. Now, is there Eddie's tray icon or not in the system tray after you have closed the promotional window? Kind regards

Yes, it's a mix. We could consider to publish this data actually. To be honest an owned server offers negligible security bonus over a leased one, unfortunately. Globally we work with 18 different dacenter owners / providers with servers in 33 different towns (physically, not with address re-location) and with transit served by, or direct peering with, all the "14 giant" tier 1 networks except Telxius/Telephonica and Sparkle, as well as a few important tier 2 providers. In the VPN infrastructure M247 has a 3% presence in America, 36% presence in Europe (but 14% in terms of total available bandwidth), 95% in Asia, 0% in Oceania. Leaseweb has 0% presence anywhere, there's not even a single VPN server from Leaseweb in the VPN infrastructure. Kind regards

Hello! Yes. The kernel already does a wonderful job to distribute fairly bandwidth, aided by the excellent ability to scale of WireGuard. OpenVPN is a little more problematic but we force a round robin distribution of peers on different instances to balance core load. Where a limit must be enforced artificially is in the amount of concurrent connections INSIDE the tunnel. Normally we allow the maximum amount supported by a powerful home router, i.e. 20000 concurrent connections per node. This limit is usually not even noticed by the users as it is well beyond the usage of virtually all of our user base. Kind regards

Hello! "Connection timed out" sounds expected and correct, just like it was with the OP, since you don't run any listening program according to your description. The only difference here is that "no port open" message means that the device the port is linked to is not connected to the VPN, or no device at all is connected, if the port is linked to "All devices". Kind regards

Hello! Maybe the app is minimized: can you please check your system's tray icon? Eddie's tray icon is a small cloud in a circle. If you find it, by double clicking it (or clicking and selecting "Show Main Window") you should be able to bring up Eddie's main window. Please make sure that you can see hidden tray icons too. Kind regards

@zimbabwe @AG999 @Upre1943 @Stalinium @Nonsense @H12345h12345 Hello! Eddie Android edition 4.0.0 preview implements full AmneziaWG support: https://airvpn.org/forums/topic/77633-eddie-android-edition-400-preview-available/ Feel free to test and report back (bug, glitches...)! Kind regards & datalove AirVPN Staff

Hello! We're very glad to announce that Eddie Android edition 4.0.0 Beta 1 is now available. UPDATE 2026-01-14: Eddie Android edition 4.0.0 Beta 2 is now available This is a major update: for the first time Eddie Android edition features AmneziaWG complete support. Eddie Android edition is a fully integrated with AirVPN, free and open source client allowing comfortable connections to AirVPN servers and generic VPN servers offering compatible protocols. Eddie 4.0.0 aims primarily at adding, besides the already available OpenVPN and WireGuard, a thorough and comfortable AmneziaWG support. AmneziaWG is a free and open source fork of WireGuard by Amnezia inheriting the architectural simplicity and high performance of the original implementation, but eliminating the identifiable network signatures that make WireGuard easily detectable by Deep Packet Inspection (DPI) systems. It can operate in several different ways, including a fallback, "compatibility mode" with WireGuard featuring anyway various obfuscation techniques. What's new in Eddie 4.0.0 AmneziaWG support Amnezia WireGuard API stronger anti-blocking logic: ability to log in to the service and download AirVPN infrastructure and user data while connected through a profile with a specific option on the left pane ability to read and use local user data when bootstrap servers are unreachable new "Open with..." option on top of the usual "Share" option to manage and export comfortably generated profiles on any Android version with any suitable application updated AmneziaWG parameters allowed ranges updated OpenSSL, OpenVPN3-AirVPN and WireGuard libraries bug fixes see the complete changelog below AmneziaWG overview From the official documentation: https://docs.amnezia.org/documentation/amnezia-wg AmneziaWG offers: Dynamic Headers for All Packet Types (compatibility with WireGuard: YES) During tunnel initialization, the library generates a set of random constants applied to each of the four WireGuard packet formats: Init, Response, Data, Under‑Load. These constants: Replace predictable WireGuard packet identifiers; Shift offsets of Version/Type fields; Modify reserved bits. As a result, no two clients have identical headers, making it impossible to write a universal DPI rule. Handshake Length Randomization (compatibility with WireGuard: NO) In WireGuard, the Init packet is exactly 148 bytes, and the Response packet is exactly 92 bytes. AmneziaWG adds pseudorandom prefixes S1 and S2 (0-64 bytes by default): len(init) = 148 + S1 len(resp) = 92 + S2 Offsets of the remaining fields are automatically adjusted, and MAC tags are recalculated accordingly. In order to keep backward compatibility with WireGuard, S1 and S2 must be set to 0. Obfuscation Packets I1-I5 (Signature Chain) & CPS (Custom Protocol Signature) (compatibility with WireGuard: partial, with fallback) Before initiating a "special" handshake (every 120 seconds), the client may send up to five different UDP packets fully described by the user in the CPS format. In this way AmneziaWG can mimic perfectly QUIC, DNS and other protocols adding powerful methods to circumvent blocks. QUIC is particularly interesting as HTTP/3 is built on it and currently, from Chrome and other compatible browsers, 50% of traffic to/from Google is QUIC traffic. Therefore, blocking QUIC may have major disruptions for any ISP. Junk‑train (Jc) (compatibility with WireGuard: YES) Immediately following the sequence of I-packets, a series Jc of pseudorandom packets with lengths varying between Jmin and Jmax is sent. These packets blur the timing and size profile of the session start, significantly complicating handshake detection. Under‑Load Packet (compatibility with WireGuard: YES) In WireGuard, a special keep-alive packet (“Under-Load”) is used to bypass NAT timeouts. AmneziaWG replaces its fixed header with a randomized one, the value of which can be set manually. This prevents DPI from filtering short ping packets, ensuring stable tunnel connections, especially on mobile networks. How to use Eddie with AmneziaWG To enable AmneziaWG mode, just tap the connection mode available in the main and other views. It will rotate between WireGuard, AmneziaWG and OpenVPN. Set it to AmneziaWG. In its default AmneziaWG mode, Eddie will use all the possible obfuscation, except protocol mimicking, that keeps WireGuard compatibility, thus allowing connections to AirVPN servers. The default settings choice was possible thanks to the invaluable support of persons living in countries where VPN blocks are widespread. Such settings have been tested as working and capable to bypass the current blocking methods in various countries. You may consider to modify them if they are ineffective to bypass "your" specific blocks. In Settings > Advanced, you will find, at the bottom of the page, a new "Custom Amnezia WG directives" item. By tapping it you will summon a dialog that will let you customize any possible AmneziaWG parameter. You can maintain backward compatibility with WireGuard in the dialog WireGuard section, or enable the full AmneziaWG support in the Amnezia section, which is not compatible (at the moment) with AirVPN WireGuard servers. This mode will be mostly valuable in a not distant future, when AirVPN servers will start to support AmneziaWG natively. You may also enable QUIC or DNS mimicking for additional obfuscation efficacy. In order to maintain WireGuard backward compatibility, with or without QUIC or DNS mimicking, you must set: S1 = S2 = 0 Hn ∈ {1, 2, 3, 4} H1 ≠ H2 ≠ H3 ≠ H4 Furthermore, do not exceed the valid limit of the J parameters (anyway Eddie will not let you do it). In this preview version, Eddie's formal control of the input data is based on the following document. We strongly recommend you read it if you need to modify manually parameters: https://github.com/amnezia-vpn/amneziawg-linux-kernel-module?tab=readme-ov-file#configuration Please do not modify In parameters if you don't know exactly what you're doing. Eddie implements QUIC and DNS mimicking and random obfuscation packets for each specific "I" parameter (by using the corresponding "Generate" button). You can enable them with a tap on the proper buttons. You may mimic QUIC and DNS even to connect to WireGuard based servers. When you enable QUIC mimicking and you maintain WireGuard backward compatibility, you add a powerful tool against blocks, because the first packets will be actual QUIC packets. AmneziaWG will fall back to WireGuard compatibility very soon. However, when DPI and SPI tools, and demultiplexers in general, identify the initial QUIC flow, most of them will be unable to detect a WireGuard flow for several minutes. This has been tested thoroughly with deep packet inspection on Linux and FreeBSD based machines by AirVPN staff. Therefore, in different blocking scenarios the QUIC mimicking increases likelihood of successful block bypass. NOTE: the same does not happen with DNS mimicking. In this case DPI / SPI tools identify the stream initially as DNS, but are much quicker (just in a few dozens of packets) to identify the stream as WireGuard's, after the initial DNS identification. How to use Eddie in network where the "bootstrap" servers can not be reached Eddie downloads user and infrastructure data, essential to use the service, from special "bootstrap servers" through an encrypted flow inside HTTP. If the bootstrap servers are blocked or the underlying protocol to port 80 is filtered out, Eddie is unable to proceed. Starting from this Eddie 4 version, the ability to retrieve such data locally has been added. Whenever bootstrap servers are unreachable, Eddie can read the latest available local data to connect to a VPN server. Once connected the bootstrap servers are again reachable and the local data are immediately updated for future usage. The local data remain valid as long as you don't need to change user. On top of all of the above, Eddie can now retrieve such data through the login procedure that now can be started even when a connection to a VPN server was previously established via a profile. Therefore, when you are in a restrictive network that blocks access to bootstrap servers, you can connect through a profile generated by AirVPN web site Configuration Generator. After this first connection, log your account in to the service by selecting the specific option on the left pane, enter your AirVPN account credentials as usual and make sure that Remember me checkbox is ticked: Eddie will download all the necessary files and store them locally. This procedure is "once and for all", at least as long as you don't need to change account. After this initial connection, Eddie will be able to log your account in to the infrastructure, retrieve servers data and establish connections without profiles and without bootstrap servers, offering again full AirVPN integration even when bootstrap servers are unreachable. Only If you change account you must repeat the procedure. Download link, checksum and changelog https://eddie.website/repository/Android/4.0.0-Beta2/EddieAndroid-4.0.0-Beta-2.apk This is a build debug package and side load is mandatory. If you decide to test, please report at your convenience any bug and problem in this thread. If possible generate a report from the app in a matter of seconds: by tapping the paper plane icon on the Log view bar rightmost side you will generate a full system report which will include both log and logcat and have it sent to our servers. Then you just need to send us the link the app shows you (open a ticket if you prefer to do it in private). $ sha256sum EddieAndroid-4.0.0-Beta-2.apk 20d4aee7a0544eec2ad379b8ab8126c2f276e4762a0a32109cb808701d2c0bb3 EddieAndroid-4.0.0-Beta-2.apk Changelog 4.0.0 (VC 37) - Release date: 26 November 2025 by ProMIND Beta 2 LogActivity.java [ProMIND] added View log button (open with...) MainActivity.java [ProMIND] method startAirVPNManifestRefresh() renamed to startAirVPNDocumentRefresh() [ProMIND] method stopAirVPNManifestRefresh() renamed to stopAirVPNDocumentRefresh() [ProMIND] member timerAirVPNManifestRefresh renamed to timerAirVPNDocumentRefresh [ProMIND] onCreate(): do exported files cleanup [ProMIND] onDestroy(): do exported files cleanup [ProMIND] drawer: added login item [ProMIND] drawer: changed login and logout icons [ProMIND] navigationViewItemSelected(): added code for AirVPN login [ProMIND] onResume(): show proper drawer's login/logout item QuickConnectFragment.java [ProMIND] onCreate(): removed AirVPN autologin (superseeded by extended "remember me" local login) [ProMIND] onCreate(): in case "remember me" is set, do local login by using locally stored user instance SettingsActivity.java [ProMIND] ameziaSettingsDialog(): fixed formal check for jc [ProMIND] removed AirVPN Autologin option (superseeded by extended "remember me" local login) SettingsManager.java [ProMIND] removed added SYSTEM_AIRVPN_AUTOLOGIN and SYSTEM_AIRVPN_AUTOLOGIN_DEFAULT (superseeded by extended "remember me" local login) [ProMIND] removed methods isAirVPNAutologinEnabled() and setAirVPNAutologin() SupportTools.java [ProMIND] added enum ShareMode [ProMIND] sharePlainText(): added argument share mode [ProMIND] sharePlainText(): the code is now compliant to all supported Android versions [ProMIND] sharePlainText(): exclude "myself" from helper apps [ProMIND] removeShareFile() renamed to removeShareFiles() [ProMIND] sharePlainText(): share/view files are now removed on app exit Beta 1 Native Library [ProMIND] updated to version 4.0.0, API 10 [ProMIND] added Amnezia WireGuard API [ProMIND] updated to OpenVPN-AirVPN 3.12 (20251126) AirVPNUser.java [ProMIND] getWireGuardProfile(): added Amnezia support ConnectAirVPNServerFragment.java [ProMIND] showConnectionInfo(): added AmneziaWG logo display [ProMIND] onCreateContextMenu(): added AmneziaWG items [ProMIND] onContextItemSelected(): added AmneziaWG items [ProMIND] added method loadVPNProfile() ConnectVpnProfileFragment.java [ProMIND] added Amnezia support EddieLibraryResult.java [ProMIND] added Amnezia WireGuard API QuickConnectFragment.java [ProMIND] onCreateView(): added AmneziaWG logo display [ProMIND] updateStatusBox(): added AmneziaWG logo display SettingsActivity.java [ProMIND] added "Custom AmneziaWG directives" setting SettingsManager.java [ProMIND] added Amnezia specific settings and methods SupportTools.java [ProMIND] removed method getVPNProfile() VPN.java [ProMIND] added methods enableAmneziaWireGuard() and isWireGuardAmneziaEnabled() VPNManager.java [ProMIND] added method isWireGuardAmneziaEnabled() VPNProfileDatabase.java [ProMIND] added AMNEZIA type WebViewerActivity.java [ProMIND] EddieWebViewClient.shouldOverrideUrlLoading(): it now properly opens android asset files WireGuardClient.java [ProMIND] added WireGuard tunnel node to constructor [ProMIND] added methods for generating Amnezia's junk settings WireGuardTunnel.java [ProMIND] added support for Amnezia WireGuard [ProMIND] added Mode enum [ProMIND] added tunnel node to constructor EddieLibrary.java [ProMIND] added Amnezia WireGuard API Kind regards & datalove AirVPN Staff

Hello! Can you please try to delete Eddie's configuration file while Eddie is NOT running? At the next run, Eddie will re-create the configuration file with default settings (you will need to re-enter your AirVPN account credentials). In order to locate Eddie's configuration file please see here: https://eddie.website/support/data-path/ If the problem is caused by a corrupt configuration file, the above procedure will solve it. Kind regards

From the ticket, problem solved after a check on Windows Defender and any other tool blocking entirely Eddie's traffic. Kind regards

Hello! Yes, definitely, we have a problem at the custom, 3 powerful servers which will be connected to 10 Gbit/s lines at still at the custom since the 23rd of October. These 3 servers are meant to replace Wurren which is being decomissioned at the end of November. We did not expect that the USA/Canada custom border could be so slow, we're terribly sorry. The final destination is Toronto datacenter, the same one where Kornephoros is working in. Kind regards

Hello! Holy moly whack a moly, from you description the outcome seems correct and expected, apparently (again from your description) you missed entirely to configure and run any listening program, can you clarify? Kind regards

Hello! Thank you for your choice in the past years. The servers are continuously updated and added and the average performance in the last year has either remained the same or improved, notably in the USA and Europe. Currently there's more available bandwidth per user than there was one year ago. In the last 13 months AirVPN added about 230,000 Mbit/s on its infrastructure and also renewed hardware. We're talking about bare metal servers with dedicated ports and full duplex lines, no tricks with multiple addresses, shared lines or virtual machines. The outcome is remarkably good: if you compare the top hundred user speed of now with the table of one year ago, you will see an improvement of the average speed, in spite of the dramatic user base increase. https://airvpn.org/topusers/ It is even more important to note that the average speed of users after the 50th place (51-100) has increased of more than 20% if you compare it with a table of October 2024, This is due to the increase of the available bandwidth, software optimization, and hardware replacements behind the scenes. Therefore, we would focus especially on possible bottlenecks on your side, because while the infrastructure is providing better and better performance, you experience exactly the opposite. The paramount cause of the slow performance is this: Each time you get this error, the packet must be re-transmitted in its entirety. This is the apparent cause, but it must in turn be caused by something underlying, so this conclusion: is dubious, and probably wrong. It may very well be the consequence of the same aforementioned cause. Everything is wrapped in the UDP tunnel, including ICMP with WireGuard, so the continuous need to re-transmit packets severely affects the round trip time too. This hints at a problem affecting your end (either your local network, or some section of your ISP network). It is indeed strange that your 1 Gbit/s line provides only 300 Mbit/s on average without VPN. This is another clue suggesting that a problem unrelated to AirVPN is ongoing. Please repeat the tests with 1280 bytes MTU and check whether the "invalid nonce" packet error quantity disappears, decreases or remains the same. If it remains the same the problem must be investigated carefully as different anomalies can cause it: dirty line, Ethernet cable problems, WiFi interference, router firmware are the most important examples. If you're interested to go deeper in this issue and you are ready to take into consideration the idea that the problem could be on your side, the support team is available 24/7 to support you and provide you with suggestions which could resolve the issue. Or you can continue here too concurrently, so you can get community's help as well Please include more relevant information such as your Operating Systems names and versions (on top of the Windows 11 machine you already mentioned) and the software you run to connect to AirVPN servers on each system. Kind regards

Hello! This last occurrence if confirmed is definitely unexpected and hinting to a corrupt configuration file (easy solution in this case) but first try to re-define the white list once again by deleting Sheratan from it, do not perform any other operation but shut down Eddie, re-start it and check whether Sheratan is again unexpectedly in the allow list or not. If not: the configuration file should be fixed, no further action is required. If the white list is again including Sheratan: by deleting the configuration file while Eddie is not running and re-populating the server list you should resolve the problem. Locations of the configuration files here: https://eddie.website/support/data-path/ Kind regards

@Ptwifty Hello! This is a regrettable attempt to irritate AirVPN customers as retaliation by Eddie for not granting him certain benefits after almost 15 years of service. We will have to suppress these attempts at rebellion with a firm and unyielding hand. Joking aside, it seems that you have defined Sheratan as the only server to which Eddie can connect. From your description, you say that you have defined a blacklist with a single server, but in reality you have defined a whitelist with that single server. Please re-check your lists in the "Servers" window. Kind regards

@ikeu Hello! Can you please make sure that you click on the tray icon, and not on the program launching icon? The tray icon does not include the ability to start a new Eddie instance. In order to ascertain that you are managing the correct icon, please right-click on it, and a contextual menu should appear. Select "Show Main Window" from this menu and check what happens. Kind regards

Hello! You will appear on the Internet with the same IP address if you connect to the same VPN server. In order to prevent this from happening please make sure to connect each device to a different VPN server. Kind regards

You shouldn't, please read the announcement, thanks! 😋 Kind regards

Hello! Let's see what happens in the next stages: since we don't have our HQ in Switzerland, AirVPN re-location wouldn't be so painful. We would need to decommission all the VPN servers in CH and compensate the missing bandwidth with new servers in adjacent EU countries. Kind regards