Staff

@squidf Hello! Yes, it was the firewall, example: janv. 11 17:01:20 cbct-desk kernel: OUTPUT REJECT IN= OUT=tun0 SRC=10.10.182.75 DST=10.10.182.1 LEN=57 TOS=0x00 PREC=0x00 TTL=64 ID=20318 DF PROTO=UDP SPT=56553 DPT=53 LEN=37 It was blocking everything on the tun interface to the VPN gateway IP address. Maybe when Eddie was working fine with WireGuard, the firewall did not block the specific WireGuard subnet? By the way, we're glad to know the "culprit" causing the problem has been found. Kind regards

@squidf Hello! OK, at least we know that the route check failure was not a "false positive". Anything else which might interfere with OpenVPN while working in UDP, in your system? Does OpenVPN work fine in TCP? Please try specifically entry-IP address 3 to port 443, in TCP. Kind regards

@squidf Hello, OpenVPN reports a successful connection but then the route check fails. Since WireGuard connection is fine we can rule out any UDP related problem. Please verify whether the route check failure is a false positive by disabling both route check and DNS check in Eddie's "Preferences" > "Advanced" and "DNS" windows, respectively. When you disable them both, the connection should be claimed as successful; at that point test the tunnel and check whether you can normally access the Internet or not. Kind regards

@squidf Ok, we are replying on the other thread for that's a different problem. Kind regards

@squidf Hello! Yes, you need to change a setting. From Eddie's main window select "Preferences" > "Advanced". Uncheck "Use Hummingbird if available" and click "Save". Kind regards

@squidf Hello! Please use OpenVPN 2.x in the meantime when you run Eddie beta version. We are working to implement missing directives in our OpenVPN3-AirVPN library fork as we did in the past.: we have decided that again we can't wait for the implementation in the mainline. Specifically, the directives which are causing a critical error are "ping-exit" and "pull-filter" in your case. However, "pull-filter" is extremely useful in a wide range of cases, so a complete implementation is necessary from scratch (currently the code from the mainline we brought in ignores some pull-filter syntax and throws errors in other cases). Kind regards

Hello! Please see our previous reply in this thread and also the following one, where we explain more thoroughly our point of view and some facts: https://airvpn.org/forums/topic/50724-two-new-1-gbits-servers-available-us/?do=findComment&comment=216468 Just a brief addition: your above quoted sentence imply that protecting privacy in an agnostic network means supporting net abusers, which is an inadmissible and shameful idea that we strongly reject. This concept is one of the "moral" or "ethical" justifications to pervasive surveillance in virtually all countries controlled by human rights hostile regimes, and in a few "Western" countries too: since someone somewhere someday might commit a crime via the Internet, let's enforce blanket data retention and pervasive packet inspection for everyone, so Internet will be a "safe place" for the "law abiding, conforming" citizen. Your consideration has been and is the founding argument for power groups having the hidden agenda to expunge the right to privacy from the list of fundamental rights. Consider that one of the strictly necessary conditions for any dictatorship to survive is the effective suppression of the right to privacy. Kind regards

Hello! The blocks you mention have nothing to do at all with torrenting or copyright notices. If they were, then yes, it would be trivial indeed to offer special servers with the aims you describe as exceptions to our mission. The main three factors causing black listing are spam e-mails, attacks to web servers via HTTP POST etc., and false positives (we include here the widespread blocks against entire IP ranges when only one IP address in that range is flagged). The first problem can be strongly mitigated, if not solved, by blocking outbound ports 465 and 587, the second problem can be resolved by blocking outbound ports 80 and 443, therefore making the server unusable to reach web sites and send out e-mail. It's easy to guess that this type of service wouldn't be used by anybody as without e-mail and the World Wide Web nobody would feel on the Internet for real, but we could add servers with this limitation for free to our customers, as a free and optional bonus outside the service (in order not to cause a contractual breach) just to test how many would use them and for which purposes (maybe something interesting will come out). Another form of mitigation would be deep packet inspection to discard any packet with malformed queries and potentially malicious purposes according to pre-defined algorithms, data set etc. (needless to say it would be a contractual breach even on a bonus server, so it's not realistic to think of it). Please note that, according to latest reports, about 1 out of 12 Windows machine in the world is infected, so in various (many?) cases the activity causing IP address black-listing is performed without the knowledge of the computer owner. Another approach, which is actually more realistic and followed by most providers, is monitoring the customer's traffic, identify the customer at least via IP address at each connection, block immediately the account when something suspicious goes on and report the customer's IP address to competent authorities (this last step becomes legally mandatory on most countries when a provider monitors the traffic and comes to know that a potential infringement has been committed).. Then it's all up to the competent authorities, end of the story for the provider. This type of service is surely possible (and in reality it has been followed in secret by several VPNs in the recent years, together with personal data harvesting) but (leaving aside our contractual breach this would cause) why then would you need a VPN? Since the traffic would be monitored anyway, most customers might just decide to let their ISP monitor their traffic, rather than shifting this "duty" to some VPN operating company or entity. Then there's another type of block (block enforced against anything that does not come from IP addresses assigned to residential ISPs - for example BBC follows a similar policy), but that's outside the scope of your complaint, we guess, since to bypass those blocks renting IP addresses assigned to residential ISPs become necessary. This is not impossible, but only in some specific countries, and we will be working on it. Kind regards

Hello! Problem resolved server-side, please try again! Kind regards

@zsam288 Hello! It seems a bug of the WebView when passing the name of the file to be downloaded to the system's DownloadManager used by Downloader app. It looks resolved in our various Fire* devices. Can you tell us the exact FireOS version your device is running? Let's make a comparison. @GreyGold In nVidia Shield TV, the problem persists even with the most up to date system. Shield TV users may consider to save time by downloading the file with any browser with a built-in downloader. For example TV Bro is a light-weight, open source browser for Android TV featuring a built-in download manager, so it doesn't rely on system's DownloadManager. It has been tested successfully to download various apk on our nVidisa Shield TV. Then the apk can be installed with X-plore. nVidia Shield TV users have of course a variety of additional options: side loading from an USB stick where a computer has stored the Eddie APK, or get the APK directly from the local network. We have opened an investigation aimed at providing the most practical solutions for FireOS and Android TV users. EDIT: resolved. We can circumvent the bad behavior by WebView in some Android TV devices by setting a different Content-Type header with a dedicated MIME type for APK. Kind regards

@GreyGold Hello! Sorry, we omitted to mention that crucial operation. When you install a new APK with the same package name of an already installed version, you need to remove the previous version first. We added a note in the first post of this thread now. Kind regards

I have the same problem on my nVidia Shields (2017 & 2019 Pro). I have Eddie 2.4 installed (via sideload). I want to update it. Launching org.bin results in a message saying there's no app to handle this file. Renaming it to org.apk allows it to be opened for installation, but upon completion, I get the rather unhelpful, "App not installed" message. The same happens if I download the Eddie v2.5 or 3.0 .apk and try to sideload either one. How can Eddie be installed/updated on a Shield? Hello! On nVidia Shield TV you have two options. Download the APK with a computer, store it in a USB key, and install from there (or install via local network) Download the APK directly on the Shield (for example with Downloader app), rename the file into org.airvpn.eddie.apk, and install it through some File Manager (both renaming and installation tested successfully with X-Plore) Your Shield TV must be enabled to install APK downloaded from third-parties (follow the guide if in doubt). Note: strangely we experienced problems in renaming the downloaded file with Downloader, but we had no issues with X-Plore. https://play.google.com/store/apps/details?id=com.lonelycatgames.Xplore&hl=en_US&gl=US X-Plore is just a suggestion after a successful test, you can use your favorite file manager as usual. Kind regards

Hello! We're glad to inform you that we will support PeerTube by Framasoft within a few days. Support to Mastodon will remain. We're considering Pleroma as well. We see that the documentation invites to support directly the single administrators (if they accept donations) operating servers in the Fediverse. At a first glance Pleroma offers very interesting features, including Gopher support (very remarkable: get rid of Javascript bloat and make Pleroma a BBS, when necessary), PostgreSQL as RDBMS (and not MySQL) and it seems resource and memory conscious.. What's more Pleroma web interface apparently offers a better end-user experience than Mastodon, but again we're still a at a first glance only. Kind regards

Hello! We had thought about it, but ruled it out for now due to various reasons. It's not a final verdict, we'll give it another look in the future. Kind regards

Hello! It's the correct file. It's an APK that you can then install according to the guide. Do you experience any problem? If so, check the new notes we have added in the 1st message of this thread. Kind regards

@kbps Hello! Another factor to consider is the overall ability to fully utilize the 10 Gbit/s bandwidth by a server running WireGuard and various OpenVPN instances, given other constraints. For instance, on our 10 Gbit/s servers, we were unable to exceed 4 Gbit/s bandwidth (2 in + 2 out) as the CPU load increases more than proportionally with the number of connected peers, not to mention the varying number of "conntrack entries" generated by clients, which can greatly impact kernel operations in a VPN server once they exceed 110-120,000. Since AirVPN has fewer users per server than Mullvad, you should be able to achieve higher speeds on AirVPN's 10 Gbit/s servers, but you state that performance is comparable. This is likely due to the other load factors. What's more interesting is that the performance of AirVPN's 1 Gbit/s full duplex servers (i.e. 2 Gbit/s servers, all of them except Mesarthim nowadays) is higher than Mullvad's performance on 10 Gbit/s servers. Can you (or anyone else) confirm this? Kind regards

Hello! A complete, step by step guide is available here: https://airvpn.org/android/eddie/apk/tv/ Kind regards

Hello! In the past we did not announce new guides in the "News" forum, but from now on relevant guides will be also announced here. A new guide is available and it describes step by step how to install Eddie Android edition in Fire OS devices, such as Amazon FireStick and Cube TV. The guide can be also taken as a reference to side load Eddie (or any APK) on any Android TV device too. https://airvpn.org/android/eddie/apk/tv/ IMPORTANT: before you install, make sure that any previous Eddie version is uninstalled. (*) So here's the issue: Amazon has decided that all apps with certain behaviors must now include in-app purchases through Amazon Pay, and they'll take a 30% commission (20% for small developers and non-business ones). And it just so happens that our app, Eddie, facilitates the creation of non-Amazon accounts - which apparently counts as one of those behaviors. You see, Eddie can be used with VPN services (not Amazon's) that support WireGuard or OpenVPN, and many (if not all) of these services require creating an account to access them. Plus, the AirVPN website can be accessed from the app menu and the AirVPN logo is all over the place. So, Eddie is an app that pushes users to create non-Amazon accounts. We've decided, at least for now, to forego in-app purchases in the Eddie Android edition in order to keep the app open and avoid paying those commissions to Amazon. If we were to pay the 30% commission and maintain the same prices on our website and app, we would be selling at a loss. However, this means that Eddie won't be available on the Amazon AppStore anymore. This is where side loading comes in handy, at the price of just a couple of minutes of your time. As for the Eddie unavailability on the Google App Store for Android TV devices (it's available for any other Android device), we're waiting for an explanation from Google and hoping to fix the issue if possible. In the meantime, Android TV owners can use the guide linked above to install Eddie 3.0. Kind regards & datalove AirVPN Staff (*) When you try to install a newer version of an Android app using an APK file, you may encounter an error message stating that the "App not installed" because the package conflicts with an existing package by the same name. This occurs because Android uses the package name as a unique identifier for each app, and you cannot have two apps with the same package name installed on the same device. To fix this, you need to uninstall the older version of the app before installing the newer version. This can be done by going to the Settings app, selecting "Apps," finding the app in the list, and tapping the "Uninstall" button. Once the older version is uninstalled, you will be able to install the newer version using the APK file without any issues.

Hello! Eddie 2.22.2 beta is available for download, featuring a fix for the pesky bug. Simply head to the usual download page for your OS and click "Switch to experimental" to access the update. Kind regards

Hello! Does it happen both with OpenVPN and WireGuard? Can you send us a report showing the issue? In order to do so open the "Log" view and tap the paper plane icon on the top. Eddie will send to us log and logcat and give you back a link to them. Copy the link and send it to us (even in a ticket in private, if you prefer so). Kind regards

Hello! Not planned, we might re-consider in the next year. In the meantime you can download the APK from our web site, no need for F-Droid or any other repository. Kind regards

At the date of your writing yes, it is. You can easily see whether a promotion is ongoing from the home page and the "Buy" page. Kind regards

Hello! In order to enable a set of Windows Filtering Platform (WFP) rules to block all outbound traffic on a Windows 10/11 system, make sure that Eddie is NOT running and follow these steps: Open the Start menu and search for "Windows Defender Firewall with Advanced Security". Click on the "Windows Defender Firewall with Advanced Security" icon to open the firewall settings. In the left pane, click on "Outbound Rules". In the right pane, click on the "New Rule" button. In the New Outbound Rule Wizard, select "Custom" and click "Next". Select "All Programs" and click "Next". In the "Protocols and Ports" section, select "All outbound traffic" and click "Next". In the "Action" section, select "Block the connection" and click "Next". In the "Profile" section, select the profiles for which you want to enable the rule (e.g., Domain, Private, Public) and click "Next". In the "Name" section, give the rule a name you like (e.g., "Block all outbound traffic") and click "Finish". The new outbound rule will be added to the list of firewall rules and will block all outbound traffic on the system. Then, when you run Eddie, enable Network Lock to restore traffic flow to the VPN servers. Disable Network Lock or shut down Eddie and the previous, block-all rules will be restored. Note: no third-party packet filtering tool should run as it could re-modify your rules. Kind regards

@wiz4rd Hello! Apparently UDP is blocked. Please make sure that no packet filtering tool either on your router or system blocks UDP. If you find nothing blocking: 1) The behavior has been noted sporadically with the Proton wintun interface your system is using (probably some previous installation: if Eddie finds a wintun interface already installed, it will use it without adding interfaces).. Force Eddie to create and use its own VPN interface: from Eddie's main window select "Preferences" > "Networking", fill the "VPN interface name" with eddie (or any other very short name you like), click "Save" and try again. 2) if the previous attempt does not resolve the issue, chances are that it's your ISP the one blocking UDP. Change connection mode: from Eddie's main window select "Preferences" > "Protocols" uncheck "Automatic" select the line with OpenVPN, protocol TCP, port 443, entry-IP address 3 (THREE). The line will be highlitghted click "Save" If the above connection mode is successful, also try WireGuard. WireGuard works only in UDP, but if the ISP block pertains only to certain UDP ports, you could have a successful connection as WireGuard connects to a different port in our service. You can switch to WireGuard again in the "Preferences" > "Protocols" window. Kind regards

Hello! This is a job for Eddie's white list of apps. Enter the apps you mention in the white list and then connect to the VPN. When a white list is defined, Eddie (through the VPNService Android API) will tunnel the traffic only of apps included in the white list. Any other traffic, including system service traffic, will flow outside the tunnel. We're very glad to know that the app rocks, thank you very much for your feedback! Kind regards