Jump to content
Not connected, Your IP: 107.21.85.250

Staff

Staff
  • Content Count

    9292
  • Joined

    ...
  • Last visited

    ...
  • Days Won

    1396

Posts posted by Staff


  1. @postergus

    Hello!

    Thank you for your great feedback!

    Goldcrest offers the option to drive Bluetit with a fine grained access control (typically to any user in the group airvpn), instead of having to gain root privileges. It's a paramount security enhancement which is not underestimated by any serious UNIX administrator.

    About the competition for DNS settings between Bluetit, systemd-resolved and Network Manager, there is no easy solution to implement in Bluetit, as each of the hundreds Linux distributions may work differently. Furthermore it would be probably dangerous (if possible at all) that Bluetit tried to block DNS operations by root processes or other daemons.

    Just to say, systemd-resolved alone has several working modes: modes which bypass resolv.conf file and modes which don't. It's plausible that the best course of action is that each system administrator, according to her or his needs as well as system status, performs a fine-tuning.

    Kind regards
     

  2. @XV-8774

    Hello!

    We have detected the same problem on a few Samsung devices running Android 10 and 11. Although the cause of the lack of "traffic-through" is currently unknown, (and we don't know why only certain Samsung devices are affected) we verified that Eddie 2.5 alpha 3 resolves the problem. Please see here to download the apk (you need to uninstall Eddie 2.4 first, and then side-load Eddie 2.5 alpha 3):
    https://airvpn.org/forums/topic/49705-eddie-android-edition-25-alpha-is-available/

    Eddie 2.5 beta 1 public availability is imminent, currently we are testing it internally.

    Please let us know whether Eddie 2.5 resolves the problem for you too.

    Kind regards
     

  3. Hello!

    To help us troubleshooting DNS block list issues with WireGuard, please activate at your convenience the DNS List "Air ADV", and try from terminal (Linux and macOS)
    # dig ad-delivery.net @10.128.0.1
    or in Windows
    # nslookup ad-delivery.net 10.128.0.1

    Then publish the output.

    Kind regards


     


  4. 14 hours ago, mazurka7 said:

    I seem to remember that it was possible at one time to send screenshots to Support via Contact form in the course of opening a ticket. That option has disappeared. Hence my query in this forum since I have no idea if it had been deliberately disabled. If that were the case, it would be for completely inconceivable reasons (to me) as screenshots are one of the most useful things requested and submitted in technical support.

    Can the Staff kindly comment on this and provide a way for users to  submit screenshots to Support?


    Hello!

    The issue is unexpected and not deliberate, we will investigate.

    In the meantime, please do not attach files, just copy and paste text into your message. In particular, do not send screenshots which in many cases are useless and cause only a waste of time for obvious reasons. Should attaching screenshots be absolutely unavoidable, attach them to an e-mail to support@airvpn.org

    Kind regards
     

  5. 2 hours ago, autone said:
    Yes. I can confirm it works as advertised now. 👍

    Thank you, we're very glad to know it. We have not changed anything on our side so the cause of the problem remains unknown. If it wasn't on your side, the problem might re-appear. Open a ticket if it does to let us investigate more properly.

    Kind regards
     

  6. @Zebby

    Hello!

    The forum for the community is moderated and moderators can warn an account with points for posts infringing community forum policy.

    Kind regards
     

  7. Hello!

    We're glad to inform you that Eddie 2.5 Alpha 3 is now available. It includes the ability to start and connect during bootstrap (if Master Password is disabled) according to a priority list which includes automatic choice, your defined country and your defined server, on top of the usual ability to start and connect at bootstrap via a profile. The feature is available in Android versions from 5.1 to 12, and in Android TV versions from 5.1 to 9. The feature is lost in Android TV 10 and 11 due to unavailable operations on Android systems lacking "Always on VPN" option.

    Eddie 2.5 Alpha 3 is now linked against OpenSSL 1.1.1l and also features several bug fixes, including bugs reported in this thread. The first post has been updated to show the correct URL of the latest apk and its checksum.

    Please keep testing and report malfunctions and bugs, thank you in advance!

    Kind regards
     


  8. @spinmaster

    Hello!

    It's a bug in the Configuration Generator coming from the times when the name earth3.airvpn.org existed. Now it doesn't exist anymore. Please modify it into earth3.vpn.airdns.org or earth3.all.vpn.airdns.org. The first name resolves into the entry-IP address 3 of the "best" Earth server, the latter into entry-IP addresses 3 of all VPN servers.

    We will fix the bug, in the meantime you can simply edit with any text editor your ovpn file. Thank you for having found and pointed the bug out.

    Kind regards


     

  9. Quote

    I'm not following. UDP ports are blocked by an institution level firewall,


    @monstrocity

    Hello!

    That's irrelevant for the problem @autone mentioned. Regardless of the tunnel transport layerl, inbound packet forwarding must work both with TCP and UDP, and both with WireGuard and OpenVPN. The fact that you can't use WireGuard is related to a possible UDP block but has nothing to do with the packet forwarding problem inside the tunnel experienced by @autone with WireGuard only. We invite @autone to open a ticket if the problem persists. In this way we can check in real time what happens with packet forwarding.

    Kind regards
     

  10. @msbntt
    @OpenSourcerer

    Hello!

    Investigation on this case and a few similar ones will start soon. It's a rare issue as far as we can see and it's confirmed.

    @msbntt
    Please try now. If you still can't connect we will compensate the fact that you can't access the service until the problem is resolved. If you have urgent need to connect and still you can't now, please open a ticket and we will give you a disposable account for the time being necessary to resolve the bug.

    Kind regards
     

  11. @monstrocity

    Hello!

    Watch out, the fact that WireGuard's transport layer is UDP does not prevent (as it happens with OpenVPN, on the other hand) both TCP and UDP wrapping, of course. TCP and UDP packet forwarding must work both with WireGuard and OpenVPN in the same way Please feel free to open a ticket if they don't.

    Kind regards

     

  12. @jelegend
     
    Quote

    My ISP is shitty so maybe they are behind it or I don't know. I thought a VPN might help get beyond any shitty practices that my ISP might be doing.


    Hello!

    About remote port forwarding you though right. Your ISP can't interfere because the data stream is still encrypted in the ISP devices, up to your own node.
     
    Quote

    is there any way to know what this service etc might be that's refusing it ?


    Strange question... It's the software that must receive the packets, in other words the software you run in your system which must be reachable from the Internet, the only software you forwarded an inbound port for.

    Kind regards
     

  13. @Agrock

    Hello!

    DNS over TLS is supported since several months ago. It is almost useless since plain DNS queries to our VPN DNS, and their replies, are anyway encrypted and authenticated because they stay in the tunnel, but you might need DoT for peculiar configurations. Check the usual specs page for more details:
    https://airvpn.org/specs

    You can define anyway custom per "device" (i.e. client certificate/key pair) block lists, personalized exceptions and blocks, regardless of the fact you use DoT or not.

    Kind regards
     

  14. Hello @jelegend

    "Connection refused" usually implies that the packets reached your node and were actively refused. A firewall, or maybe the final service, might have dropped them. If you had had the packets lost between the server and you, or not forwarded at all, you would have seen "Connection timeout" error.

    Kind regards
     


  15. @jamesmac77758
     
    Quote

    Is it possible I have my qbittorrent misconfigured?


    Hello!

    It is possible, but Network Lock rules would have blocked traffic leaks by qBittorrent even in this case.
     
    Quote

    it may be a fake email, but it's strangely close to the time I was torrenting


    Do the allegedly shared content and the listening port match? If so, it should be authentic.
     
    Quote

    how can I be sure that I'm downloading it 100 % with my IP masked?


    On https://ipleak.net you find a torrent dedicated test, "Torrent address detection", make sure you perform it.

    Also, check the firewall rules (what is your Operating System?) while Network Lock is enabled and your system is operating in the VPN. Send them to us if in doubt.

    Kind regards
     

  16. @jamesmac77758

    Hello!

    So, the first time you had Network Lock off and therefore a letter might be expected in certain countries (no matter whether you shared free or copyrighted content).

    About the second case, keep in mind that Network Lock is based on your default system firewall. If that firewall doesn't work, or its rules are modified by some process with administrator privileges, the whole concept fails, and you might have even more serious problems than a letter from your ISP: if administrative actions were performed without your knowledge, it would mean that your system is compromised.

    Also, you never know, check the letter and make sure that it's not a bogus letter. Ascertain its authenticity, if you haven't already done so. In particular, verify whether the complainant really tried to connect to your torrent client (check the port is really the one you employ, check the datestamp of presumed infringement and so on). Since recently, smaller copyright trolls did not validate with an active connection the IP address harvested from trackers (too expensive), and therefore it was so easy to engulf trackers with announcements containing fake IP addresses, just to prank people you don't like for example, or any other joke.

    Kind regards
     

  17. Hello!

    What happens if you switch to the wintun driver? From Eddie's main window select "Preferences" > "Advanced", tick "Use wintun driver", click "Save", and re-start Eddie. The wintun driver is more modern than the TAP driver and in various cases it is able to resolve several TAP driver issues as well as providing higher performance. Should it resolve your issue, you can probably forget the TAP driver.

    Kind regards
     

×
×
  • Create New...