Staff

@Tubular Thanks for the relevant log and output. We have two overlapping problems here. One is caused by the translations between iptables and nftables (only when ufw is enabled, otherwise nftables usage is consistent and translations never enter into play). This is quickly resolved by not enabling ufw, as you noticed. The other problem is that when a session is over Eddie restores an old /etc/resolv.conf backup created in the past by Eddie 2.21.8: # Generated by Eddie v2.21.8 - https://eddie.website - Tuesday, January 14, 2025 3:36:48 PM UTC nameserver 10.<cut> The above is wrong and it could be the consequence of some old Eddie 2.21.8 dirty status caused by a crash. For the new Eddie the above file is the normal system setting to restore at the end of a session, so Eddie will make your system unable to resolve names when your system is not connected to the VPN. Please shut down Eddie, edit /etc/resolv.conf with any text editor (root privileges required) and enter only publicly available name servers, for example Quad9 (we recommend it for privacy and neutrality commitment). An example: nameserver 9.9.9.9 nameserver 149.112.112.112 nameserver 2620:fe::fe # only if your system, router and ISP support IPv6 Save the file, re-start Eddie, connect to some VPN server, shut down Eddie and verify whether the problem is solved. Kind regards

Hello! This is unexpected, and it could be the cause of the problem. Eddie should modify /etc/resolv.conf if you have Eddie configured to use VPN DNS exclusively (which is the default setting). Can you verify whether systemd-resolved is running in your system (anyway Eddie must be capable to manage any systemd-resolved working mode)? Can you also publish Eddie's system report generated while the problem is ongoing? Please see here: https://airvpn.org/forums/topic/50663-youve-been-asked-for-a-support-filesystem-report-%E2%80%93-heres-what-to-do/ Last but not least, please publish the output of the following commands: ls -l /etc/resolv.conf cat /etc/resolv.conf while the system is connected to the VPN. Kind regards

Hello! We offer TOTP based 2FA. TOTP is an open protocol. lt has been adopted as Internet Engineering Task Force (IETF) standard RFC 6238, it is not developed by Google. Furthermore, Google software and/or related services are not required in any way to use TOTP. TOTP (Time-based one-time password) is "the cornerstone of Initiative for Open Authentication (OATH) and is used in a number of two-factor authentication (2FA) systems". It is also supported by the Google Authenticator app, but of course you are not forced to run this app (Google Authenticator does not requite anymore your phone number, just to be precise). Here you can see a wide list of apps: https://en.wikipedia.org/wiki/Comparison_of_OTP_applications We are confident that this information will convince you of the imbecility of your beliefs. Kind regards

Thanks! Can you publish Bluetit's log taken after the problem has occurred? The following commands will write the log on 'bluetit.log' file: sudo journalctl | grep bluetit > bluetit.log Kind regards

@OpenSourcerer @WowSuchSpeed Hello! The decision to block ASNs, CDN, in general IP addresses or ranges of IP addresses is (was?) up to the web site operators, through the Cloudflare firewall control panel, where you can "whitelist", "blacklist" or "challenge" whatever you like (even the entire IPv4 and IPv6 spaces, if you wish so ). Why are you discussing as if it were a Cloudflare's decision? Did something change recently and now Cloudflare blocks ASNs or anyway address ranges with no chance for the web site operators to unblock them? Kind regards

Hello! We're very glad to announce a special promotion on our long term Premium plans for the end of Summer or Winter, according to the hemisphere you live in. You can get prices as low as 2.06 €/month with a three years plan, which is a 70% discount when compared to monthly plan price of 7 €. If you're already our customer and you wish to stay aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day. Please check plans special prices on https://airvpn.org and https://airvpn.org/buy All reported discounts are computed against the 7 EUR/month plan. Promotion expires on 2025-03-30 UTC. Kind regards & datalove AirVPN Staff

@Valm_Valeria Hello! What are the servers you selected? From various tests we do not get any problem. However, this step could be crucial: This is unclear. In WireGuard the keys are always embedded in the configuration file. Just rename the configuration file you downloaded with a short name and enter the following command (with root privileges): wg-quick up "path and name of the WireGuard configuration file here" Do you get any error with the above command? Kind regards

Hello! The file is relatively up to date and should suit your needs: https://raw.githubusercontent.com/qdm12/gluetun/refs/heads/master/internal/storage/servers.json Unfortunately it's all "hard coded" so the file must be edited manually for any update or you need to wait for a new release. For additional details please contact GlueTun author and/or community. Kind regards

Hello! FreeBSD 14.2 is routinely used every day by AirVPN founders and this problem has not been experienced so far. Let's troubleshoot with pre-agreed exact configuration files. Please tell us the exact settings you enter on the Configuration Generator to reproduce the problem with WireGuard as well as OpenVPN. Also, please check all the ipfw rules (if in doubt, please publish them). Thank you for your great feedback! Kind regards

Hello! Please check the proper environment variables to have GlueTun connect to the server(s) you wish, then gather the log of a connection failure. Compare it with the log of a connection attempted from the host (no containers) to understand whether the problem is GlueTun specific or your machine/network generic. If in doubt publish both logs and make sure you have read the whole GlueTun documentation. If you need support directly from AirVPN support team do not hesitate to open a ticket. Kind regards

Hello! Thank you. Eddie adds the 4 rules you mention only on INPUT chain when you disable Allow ping option. But, if Preferences > NetLock > Allow Ping is enabled (default setting), Eddie adds more general accept rules: add rule ip6 filter INPUT meta l4proto ipv6-icmp counter accept add rule ip6 filter OUTPUT meta l4proto ipv6-icmp counter accept So, it ought to work by default. Of course any feedback about best rules is welcome. In general, we need rules applied always, and rules applied only if users want ICMP and ICMPv6 enabled (option above, checked by default) Can you please enable (tick) "Allow ping" (which will actually allow ICMP and ICMPv6) on Eddie's Preferences > Network Lock window and test again? Kind regards

Don't forget the aliens who made a mess with genetic engineering to push hominids to mine gold according to Anunnaki (our educator monk mis-spelled it) legends. Kind regards

Hello! Please avoid screenshots whenever possible. Can you please send us the complete Bluetit log taken after the problem has occurred? You can extract it with: sudo journalctl | grep bluetit > bluetit.log Then send us the created bluetit.log file. If possible, please test also with AirVPN Suite 2.0.0 preview and check whether the problem persists or not: https://airvpn.org/forums/topic/66706-linux-airvpn-suite-200-preview-available/ Kind regards

Hello! That's expected, youcanseeme.org will always fail with ports on pool 2. To understand why: https://airvpn.org/forums/topic/63545-new-remote-port-forwarding-system-expansion-with-pools/ Please make sure that Plex binds to the VPN interface and that you test directly to the proper IP address that you can determine on your AirVPN account port panel only. If in doubt please test only through the port tester available on your AirVPN account port panel which will always pick the correct IP address. Also, please forward UDP too, currently you're forwarding only TCP but Plex will use UDP too for specific tasks. Kind regards

Hello! Please re-post the log if the problem persists, you have deleted it. Kind regards

Additional article which resolved any problem for a couple of customers: https://community.ui.com/questions/Port-Forwarding-from-VPN-Interface/7099072b-d3d6-46a6-a3f7-e403f6c00849#answer/17f3676b-c144-4beb-a1e7-9313716945c9 Kind regards

@sw1234 Hello! Too bad that the system report has been cut. Why did you cut a vast portion of the report pertaining to network interfaces and routing? If you did not cut anything please warn us, otherwise consider to send us an integral system report if the following suggestions do not resolve the new problem. EDIT: never mind, we can see them from your previous system report. Even the 2nd problem is now solved. The new (and hopefully last... ) problem is that Eddie route check fails, in spite of the successful connection claimed by OpenVPN. If you switch to WireGuard (you can do it in "Preferences" > "Protocols" window) does the problem persist? If so please make sure that no antimalware or packet filtering tool blocks UDP (including tools like Malwarebytes, Little Snitch, any third party antivirus...). If you find nothing blocking, or anyway the problem persists after you have disabled any possible interfering software, let's discern first whether the route check failure is a false positive by Eddie: from Eddie's main window select "Preferences" > "Advanced" uncheck "Check if the VPN tunnel works" click "Save" from Eddie's main window select "Preferences" > "DNS" uncheck "Check Air VPN DNS" click "Save" from Eddie's main window activate "Network Lock" and test again connections Kind regards

Hello! Multi-hopping is a client side feature. And yes, in 2012 a special "OpenVPN over Tor" mode was implemented in the Eddie AirVPN software for Desktop systems. The main "alien entity" used to multi-hop in a way that really enhances the anonymity layer strength is the Tor network as usual, as it provides a very balanced solution between usability, reliability and effectiveness. In the near future we could implement a double-hop support inside the same AirVPN network on the AirVPN Suite for Linux. It's not the most effective method to enhance the anonymity layer (because both hops belong to AirVPN) but it could be appreciated as a small additional comfort according to the feedback we have. DAITA is currently overkill because in real life AIs fail miserably. The high success rates comes out only when you have a limited sample of very few services, such as 10 pre-agreed web sites, and the target browses only those 10 with no other protocol complications, quite an unrealistic assumption. However, AI abilities can become relevant in the future to harm privacy and understand, with no needs to break encryption, which web sites a user visits, thus we don't rule out that we will implement specific techniques (especially on WireGuard) in due time. Kind regards

Hello! Yes. You can control it from your AirVPN account port panel. Please see here: https://airvpn.org/faq/port_forwarding/ Kind regards

Hello! Correct, the previous problem is solved and now this is a new one. Try to resolve it simply by logging your account out (from Eddie's main window), then login back and try a connection. Kind regards

Hello! The translocation has been successfully avoided. Now, to resolve the problem, please open a terminal and enter the following command while Eddie is not running: sudo chown root /Applications/Eddie.app/Contents/MacOS/* Important, if you get a "permission denied" error after you entered the above command please grant Full Disk Access to the Terminal App. You can do it by selecting System Preferences > Security and Privacy > Privacy > Full Disk Access and then adding the Terminal app by pressing the "+" button and selecting it. Then open another terminal and repeat the above command Finally re-start Eddie and test again. Kind regards

Hello! First, please avoid translocation (Gatekeeper Path Randomization, GRP) by copying the app in the Applications folder or in any other proper place you like, exclusively through Folder utility. Then run again the app and please send us the complete log again if the problem persists, or even better please send us a system report generated by Eddie. Kind regards

Hello! Yes, attempts to show that "objective morality" exist are around since the time of Plato (at least) but they have never succeeded. Securing the possibility of objective knowledge in morality has been the dream of several Giants of Philosophy throughout human history, but nobody so far succeeded. Nowadays scientific analysis tend to show the contrary, i.e. that there's no such thing as an objective morality. Then, even if objective morality existed, comes the huge problem to define it and to interpret the definition. Your definition for example is not universally accepted, therefore there are serious doubts that this "objectivity" exists indeed. And even by accepting your definition many actions remain moral for some people and immoral for other people, according to the interpretation of your definition (we will not insult your intelligence to make trivial examples). Anyway, all of your considerations don't change the observation that your statement according to which privacy would be "a form of luxury" for financially wealthy people is false, perhaps even according to your own definition of morality! This can be an honorable and moral behavior indeed, but we don't see how this personal choice should support the idea that privacy is the luxury of wealthy people. Kind regards

Hello! We will consult with Eddie's developer but at a first glance it's (perhaps) because the "Allow local" option acts on the Network Lock rules only, while by adding addresses you also force Eddie to modify the routing table. This is necessary with WireGuard as its userland utilities (necessary because there is no WireGuard library or kernel module in macOS) are launched by Eddie through a profile that makes all the IP address space 0.0.0.0/0 fall into the VPN tunnel. Kind regards

Hello! To discern whether your problems are GlueTun related or not, and qBittorrent related or not, please connect directly the host and test again. Also test, with and without GlueTun, performance with different protocols (not torrent). Kind regards