Jump to content
Not connected, Your IP:


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by Staff

  1. @YLwpLUbcf77U Hello! Yes. To confirm that OpenVPN works over TCP just have a look at the OpenVPN log. To confirm that OpenVPN has used TLS Crypt for negotiation check your TLS key. If it's ta.key then TLS Auth mode was used for negotiation, if it's tls-crypt.key then TLS Crypt was. Another way is checking the VPN server IP address you connect to. Entry-IP addresses 3 and 4 are reserved to TLS Crypt and won't work with TLS Auth. Entry-IP addresses 1 and 2 are reserved to TLS Auth and won't work with TLS Crypt. Kind regards
  2. Hello! We're very sorry, Apple notarization modifies the binary file. Use the non-notarized version to have the binary that we really developed and programmed. We will see how to handle this issue very soon, maybe we can re-package the notarized version with the new checksum after Apple has changed our binary. EDIT: no, we can't do that, as it would imply to re-modify the archive provided by Apple. We will therefore eliminate the checksum control in the binary for the notarized version. Checksum control for the archive remains. We underline once again that we publish the non-notarized versions to offer you the option to have binaries which have not been modified by Apple. Kind regards
  3. @Hotty Capy Hello! Thank you! We will investigate, because when the network is online, network online target should have been reached: that's exactly network-online.target purpose! But we have learned that we can't trust many Linux infecting wrecks, so this might be one of those cases. In the meantime, a quick workaround to harden your setup is enforcing permanent firewall rules blocking any communications except communications to/from (to allow DHCP) and to/from the local network and localhost. In this way your machine can't reach the Internet until Bluetit starts (in such a setup, Network Lock becomes strictly necessary, to lift the total block). Another workaround might be editing the unit file, telling that Bluetit must be started regardless of network status, because Blueitt has its own internal verification to avoid critical errors when network interfaces are not configured and/or default gateway is not available etc. We will think about it and we will let you know. Kind regards
  4. @Hotty Capy Hello! Thank you for the information you published. When Bluetit is started by systemd it activates Network Lock and connects to a server in just a few seconds. The decision to start Bluetit is up to systemd according to the target rules specified in the unit file. Contrarily to what you can do with any serious init system, determining the exact moment when a daemon or a process is started by systemd is not possible: this is one of the notorious, countless systemd flaws. The default unit file tells systemd to start Bluetit when network-online has started. Once network-online has started, systemd will start Bluetit according to its own internal priorities. Can we see how network-online is configured in your system? sudo systemctl status network-online.target sudo journalctl | grep bluetit In this way we can see the exact timing of both. Enter those commands after Bluetit has started. Kind regards
  5. Hello! Only with profiles because of the Master Password, and only at bootstrap. Open "Settings" view, expand "System" menu, enable "Restore last imported OpenVPN profile at boot". From that moment on, each time you shut down the device while Eddie is connected through a profile, Edie will restart and connect at the next boot. This will not work in Android 10 and 11 due to a change of permission registration and methods to auto-start apps at the bootstrap. Eddie will run just fine when launched manually, but will not be authorized to auto-start at boot by the system. If you run Android 10 or 11 you will need the new version 2.5 which is currently being developed, or you can try OpenVPN for Android. Kind regards
  6. @Hotty Capy Hello and thank you very much for your great feedback! Let's try and understand what happens with Bluetit during the system bootstrap. Please send us Bluetit log (cut out sensitive info if necessary) after the system has completed its startup sequence. From a terminal [emulator}: sudo journalctl | grep bluetit Kind regards
  7. @YLwpLUbcf77U Hello! It's not something DD-WRT specific, it's an OpenVPN working mode. TLS mode is essential to use all the OpenVPN security features, including PFS. We only operate OpenVPN in TLS mode. When OpenVPN works in TLS mode, TLS Crypt encrypts the whole Control Channel from the very beginning, while TLS Auth does not. Therefore TLS Crypt hides to DPI OpenVPN protocol fingerprint and it's much harder blocking OpenVPN in TLS Crypt mode than blocking OpenVPN in TLS Auth mode. TLS Crypt and TLS Auth are mutually incompatible, and each OpenVPN daemon working as server can only work with TLS Auth or TLS Crypt. That's why we offer different IP addresses for TLS Crypt and TLS Auth modes: Also note that TLS Auth and TLS Crypt keys are different. A more elaborated and precise description can be found here (1st answer): https://serverfault.com/questions/929484/openvpn-2-4-security-differences-between-tls-crypt-and-tls-auth Kind regards
  8. @Maggie144 Hello! To resolve names Hummingbird queries (via system) the DNS servers set in your system, can you please check those settings? Please make sure that publicly available DNS servers are set. If necessary, how to change DNS settings in macOS: https://serverguy.com/kb/change-dns-server-settings-mac-os/ Kind regards
  9. Hello! Can you please make sure that you're running the notarized version for macOS Catalina and higher versions? Anyway this error is under investigation. Do you run macOS in an Intel or M1 based Mac? You might like to generate a configuration file for the country you want to connect to. In this way it's the record of the domain name contained in the configuration file which gets updated regularly to make the name resolve into the IP address of the "best" server in that country, so Hummingbird will connect to that one. Kind regards
  10. Thank you @Kenwell . The last press release you translated clarifies important points and define more precisely the scenario which convinced the prosecutors of the necessity to crack DoubleVPN computers and later shut down servers. Kind regards
  11. Hello! Thanks. It's still very vague, essentially a press release mentioning alleged crimes committed by the users, and not by the service administrators. However two sentences caught our attention: If the owners advertised the service for criminal activities, at least some form of "aiding, abetting, facilitating crime" is strongly suspected, and it's a crime itself in any legal framework we know. Here the prosecutor might mean that DoubleVPN operators/owners tried to remain anonymous? If so, that sounds like a bad premise for the owners of any service, as they must be available to be contacted timely by any competent authority, because in the EU and the USA, in order to keep the mere conduit status and/or any liability exception for the actions of the users, one of the requisites is that a service provider acts quickly to stop an ongoing illegal activity when it comes to know about such illegal activity. Of course, presumption of innocence stands, and it will be crucial to know exactly which laws would have been infringed by the service, and if the allegations will hold in court. Kind regards
  12. Hello! We did not know DoubleVPN, in the last years dozens (hundreds?) of VPN have been born around the world and we know only a part of them. It's strictly necessary to know which exact law(s) of which legal framework(s) the service would have allegedly infringed. Perhaps we will know that only during the hearing, when we will also see whether the allegations and charges will hold in court. According to the articles you passed to us, it's not possible to comment properly at this stage. Does anyone have more precise information? Kind regards
  13. @flat4 Hello! The agreements between intelligence offices to exchange information more liberally are irrelevant for our purposes, due to the nature of our service. They do not make the situation worse. You have absolutely no additional protection from traffic monitoring by intelligence agencies according to the location of the server, as Snowden documents show. If the adversary has such vast powers, our service is insufficient by itself alone in any case and in any country, and the only level of defense (which may be very effective!) is enforcing what we call "partition of trust". https://airvpn.org/forums/topic/54-using-airvpn-over-tor/?tab=comments#comment-1745 Provided that the target device is not compromised. of course... any attacker with vast power and precise targets will save time and efforts by simply cracking the device of the target, instead of hunting packets all around the world and correlating them. Kind regards
  14. @monstrocity Hello! The errors and embezzlement caused by bogus copyright notices are notorious since 2008 at least. That's a decisive reason to understand how the graduated response must include the constitutional right to a due process, and that each copyright infringement claim must be validated or rejected by a court, if the alleged infringer wants to exercise her fundamental right to a due process with presumption of innocence. How bogus notices can be sent, and how a malicious user knowing your IP address can trivially cause an arbitrary amount of copyright notices to be sent to you, was well explained many years ago in the scientific paper "Why my printer received a DMCA takedown notice". http://dmca.cs.washington.edu/uwcse_dmca_tr.pdf The fact that, in spite of all the above, various companies still dream of automated graduated response and deletion of the right to a due process and the right to legal defense shows, in our opinion, the mental imbalance of certain persons and the hidden agenda to keep making money with bogus activities: business for companies which offer their services to monitor p2p swarms and automatically generate notices was quite big years ago. And it's also sad to see, when citizens defend the copyright mafia graduated response concept, how easily many citizens are inclined to renounce to fundamental, human rights. @ProphetPX The news you reported seem to be confirmed independently by TorrentFreak, which published a day earlier: https://torrentfreak.com/comcast-suspends-internet-connection-for-downloading-torrents-210630/ Kind regards
  15. @cheapsheep @sooprtruffaut Hello! We aim at maintaining backward compatibility, but what you mention is a different case,. "Old" directives work as usual and have not been changed. New directives, which in previous versions were not available, have been added. Please note that country and aircountry are totally different directives, check the documentation: country: (string) ISO code of the country where your computer is located in. [...] aircountry: (string) Name of AirVPN country to be used for boot connection by means of airconnectatboot directive. In this specific case, airconnectatboot must be assigned to "country" option. When this mode is enabled, AirVPN connection will be established with the best performing server of the specified country. Default: empty. Moreover, please note that cipher and aircipher are also quite different directives with different purposes. Check the documentation again. https://airvpn.org/suite/readme/ As @cheapsheep noticed, in order to specify the data channel cipher for connectatboot mode, you need aircipher. This should resolve the error you experience. That said, this error will be investigated, because it might hide some bug according to your report. Kind regards
  16. @OpenSourcerer Just to clarify that this is not "fake news": https://www.eff.org/deeplinks/2021/06/if-not-overturned-bad-copyright-decision-will-lead-many-americans-lose-internet A moderator can not threaten an ex ante, pre determined censorship based on the source of the information, be it a web site or anything else. Before you enforce your censorship power we gave you, you must cross-check and verify. If you are not able to do so beyond a reasonable doubt, or you have not the time or will to do so, do not censor. Kind regards
  17. @MateoPeri Hello! We're sorry, you can't do that from within Hummingbird. You might catch from Hummingbird output (Hummingbird prints to stdout, so you can pipe its output trivially) the string "CONNECTED". When it is caught, you run what you want and (contrarily to OpenVPN) you are not forced to do it with root privileges, which is an important security bonus. If you run Linux, consider Bluetit. It sends a D-Bus event when a connection is established. The developer's documentation is being written and it may come handy for your use case too. Stay tuned in the "News" forum, when the documentation is ready we will announce it there. Kind regards
  18. @frisof Hello! Geo-routing (aka "micro-routing") information is reported here: https://airvpn.org/forums/forum/10-websites-support/ If some web site is not reported and you notice a geo-routing in place, a possible explanation is that the web site uses a CDN we have already "geo-routed" for some other service. Feel free to report. Kind regards
  19. Hello! Tables include data that's 7 years old (connection slots three, countries 16, servers 138?!? it's something from 2014), screenshots are taken from another web site, the concerns about the terms of service are taken from a fantasy world (*). They are so inept hat they even failed to report correctly our prices. They do not clearly state that they are paid by our competitors, while we always refuse to pay for reviews which is probably what bothers them most, because if this fair practice was widespread, there would be no more room for bogus reviews parasites. (*) Please read the Terms of Service yourself and you'll see. It's like in some part they are talking about some other VPN service, as if the article was a frankenstein-ish copy & paste and something went wrong with a mixture of different service reviews .🤣 Note that this thread will soon be moved to trash forum. Kind regards
  20. @Terry Stanford Hello! That sounds partially wrong, please link us this answer because we can't find it. If it was from a Staff member it needs to be fixed. We do. Please keep us informed, or inform the support team, as you prefer. Kind regards
  21. @Terry Stanford Hello! We just made sure that support team really passed the ticket to Eddie developer for additional investigation and we see that they did so on 2021-05-06. Unfortunately it seems that the issue could not be reproduced and therefore the bug you reported is still there and can't be found. Wait, do not twist words and basic meaning. You were told that when your Mac turns off the physical network interface it is unavoidable that a VPN connection is lost, because it's the physical connection to the Internet that gets lost, obviously. That said, we do understand your anger and frustration because your reports show a substantial range of malfunctions which would irritate anybody. Sadly the main problem (for any software) in such cases is when a malfunction is reported and nobody in the development team manages to reproduce it, no matter how they try. When a malfunction is invisible (not reproducible) on development and testing systems, you have no idea where to search for the bug(s) causing it. We would like to propose you something alternative which we see the support team did not: would you like to test Hummingbird and check what happens under the same conditions, in your Mojave system? Since when your problems started, a new and more efficient Hummingbird version has been released, and it runs (for throughput) a lot faster than the previous version as well as OpenVPN 2. About Hummingbird: https://airvpn.org/hummingbird/readme/ Yes we know, you will not have a GUI, but it would be a test which might provide some clue by comparison, and who knows, maybe Hummingbird will be less problematic than Eddie in your system. Kind regards
  22. @ProphetPX Hello! The "graduated response" in the United States (aka "three strikes") was a voluntary agreement between ISPs and copyright holders to terminate the line of an alleged copyright infringer for several months or one year, without court order and inaudita altera parte (no right to defense ex ante) and put him/her in a black list so that he/she can't re-connect to the Internet with any other provider while he/she serves his/her sentence for the alleged, unproven behavior. The agreement was followed by most if not all ISPs from 2011 to 2017, causing tens of thousand of controversial disconnections. However, it had no impact at all on on the amount of copyright infringements and it was abandoned in 2017. Sony attempt might aim at transforming the abandoned voluntary agreement into an obligation by law as it is in France, New Zealand and South Korea for example, by eroding, through a legal precedent, the safe harbor liability exemptions in the USA for ISPs. The graduated response is totally ineffective against those who protect their traffic behind serious VPN services. https://en.wikipedia.org/wiki/Graduated_response https://en.wikipedia.org/wiki/Online_Copyright_Infringement_Liability_Limitation_Act Kind regards
  23. @yatt007 Hello! The iP address you mention 116.203... is one of our IP addresses and it is used by a CH re-routing server. Puzzle solved. Kind regards
  24. Hello! Nothing, it's a server side "problem", not Hummingbird's. If the server does not answer within 10 seconds Hummingbird will retry. The 10 seconds value can be modified via command line options (not possible via Eddie anyway). It seems an irrelevant issue anyway, so you might safely ignore it. Kind regards
  25. @yatt007 Hello! It looks fine... and what are your Operating System name and exact version? Have you checked whether your system queries only VPN DNS? We forgot to tell you that one of the ways you can do that is browsing https://ipleak.net while your system is connected to the VPN. Kind regards
  • Create New...