Staff

@Diogenes 0 Hello! Please verify whether Eddie starts minimized by checking the system tray. Eddie's tray icon is a small cloud in a circle. If you find it then Eddie is indeed running and you can bring up its main window. Please make sure you're able to see all the tray icons by forcing the system tray to show even hidden icons (in Windows by clicking the "up" arrow). If you manage to see Eddie's main window, the setting to have Eddie start minimized or not is available in the "Preferences" > "UI" window (check or uncheck "Start minimized" according to your preference). Kind regards

Hello! It's already a VM: in order to simplify the setup you may consider not to have an additional virtualization (a Docker's container) inside the VM at the moment. Just connect the VM (via Eddie Linux edition, for example, to make things simpler), configure and run qBittorrent directly to get acquainted with it. Please follow this guide to configure a torrent program: https://airvpn.org/faq/p2p/ Only after you have everything up and running properly in the VM you may consider the complication to run another container inside the Ubuntu virtual machine (and ask yourself: is it really necessary?). Kind regards

@ss11 Hello! That's correct, and we also operate with due diligence. For example, we refuse payments from Italy credit cards and accounts. Kind regards

@Pestermess Hello! By testing your port we can see that your qBittorrent program is now reachable from the Internet (on your system connected to the VPN). We suppose you resolved the problem, can you confirm? If so, can you specify for the readers how you addressed the problem? Kind regards

Hello! If you run Eddie Desktop or Android edition, or the AirVPN Suite for Linux: you can define a "white list" of "preferred servers" that contains the single server you want to connect to. If you run Hummingbird, WireGuard native apps and any OpenVPN or WireGuard compatible wrapper: generate and use a configuration file that's server specific. Kind regards

Hello! Very good to know, thank you. We will modify the announcement accordingly. To know the second address, maybe the quickest way is forwarding a port on pool 2, connecting to the VPN server you wish and consulting the AirVPN account port panel on the web site by "testing" the port. EDIT: According to documentation, however, the vast majority of trackers doesn't accept the ip parameter. Kind regards

Hello! It may be perfectly normal if you're using only a torrent program to generate traffic, due to how the protocol works. However, it is not normal if you experience those "bandwidth holes" with other operations that should provide a steady bandwidth (for example an extensive speed test through reliable servers and multiple streams). In such a case, assuming that both the VPN server your system is connected to and the home router are not at full capacity and therefore sometimes unable to provide all the required bandwidth, the observed behavior is anomalous and deeper investigation is needed. What do you get if you perform multiple speed tests through specialized web sites (e.g. speedtest.net) or tools like iPerf? Kind regards

Hello! DNS management has been improved in Eddie 2.24.2 beta version. Some systemd-resolved questionable working modes are now handled more properly. Since Ubuntu latest releases have systemd-resolved installed and running by default, can you please test the new Eddie and check whether the problem gets resolved? Please see here: https://airvpn.org/forums/topic/57401-eddie-desktop-224-beta-released/ An alternative is disabling systemd-resolved to revert back to a more robust, UNIX-like DNS management. https://gist.github.com/zoilomora/f7d264cefbb589f3f1b1fc2cea2c844c Please let us know whether or not the suggestion you will adopt solves the problem. Kind regards

Hello! Thank you for the valuable information. We will keep it in mind for DC and ADC protocols and add it to the knowledge base. Kind regards

Hello! Thank you for linking to this interesting and well written article. Yes, it has been highlighted by Windscribe, by us, and by multiple sources as early as 2022. For example: https://airvpn.org/forums/topic/53136-vpn-companies-relationship-mesh/?tab=comments#comment-189777 and you may also like to check the search results: https://airvpn.org/search/?q=crossrider The company name, VAT ID and the Registration Code at the Chamber of Commerce of Italy is written at the bottom of each web site page. Through the European Commission VIES you can verify the company data by entering the VAT ID: https://ec.europa.eu/taxation_customs/vies/#/vat-validation If you have a subscription to a business intelligence and analytics reporting companies, for example Dun & Bradstreet, you can also get more information such as business reliability, solvency and so on, which, when correlated to other information, for example donations to specific organizations, can provide you with at least clues of what you may look for. Kind regards

@Lestrad Hello! The “Set network location” message in Windows is thrown by Windows' Network Location Awareness at each network change to help the system decide whether to treat the new network (including virtual private networks of course) as public or private. WireGuard creates a new virtual interface at the beginning of each session and destroys it at the end of the session. This is probably the main reason triggering the prompt, but the fact that you are accumulating interfaces on interfaces makes us think that you're running a bugged system such as Windows 7 or some antimalware tool which prevents WireGuard from removing the interface at the end of the session. A bug in Windows 7 caused this prompt to be re-displayed multiple times for known networks, even when there was no network change, and even when the user ticked the “Always select Public and don’t ask me again” checkbox (we assume you have already done so - if not, please do it and see whether the problem gets resolved). In case you run Windows 7: as a first action, delete all the virtual interfaces while Eddie is not running. Make sure you don't run interfering antimalware tools. Test again. If the problem persists and you have already tried to force the VPN as always public to no effect, possible workarounds/patches are described in Windows forums. Before anything else please try to change the network location of the virtual network adapter (note: you must have administrator privileges). If you need remote port forwarding please make sure to set it to "Public" network. If the above does not solve the problem, please check this article too, as it could be related: https://support.microsoft.com/en-us/topic/a-set-network-location-dialog-box-appears-when-you-first-log-on-to-a-domain-joined-windows-7-based-client-computer-bac51a2c-b657-3f5f-75bc-e81fd8268c91 However, please consider to upgrade your system as Windows 7 has been abandoned a long ago and it is considered insecure and unreliable. If you don't run Windows 7, and you also don't run possible interfering tools, and the problem persists, please contact Microsoft support, because this bug should have been fixed ever since Windows 8 was released. Kind regards

Hello! p2p is allowed on pool 2 but it can be really used only by those programs that let you configure which IP address to announce (non existing, as far as we know). More in general, pool 2 is not suitable for any program which announces itself autonomously. In AirVPN infrastructure, the VPN traffic reaches the Internet through one exit IP address, but "pool 2" is the set of ports of another IP address (let's name it exit IP address 2, in brief exit 2). If a program receives an unsolicited incoming packet from the Internet through exit 2, it will reply properly. This happens whenever you advertise on your own how to reach your service (a web or FTP server, a game server, and so on). However, with p2p programs, it's the program itself which must advertise. DHT or a tracker will record the address they receive the advertisement (of the port etc.) from, and they will say to other peers that your p2p program is reachable on exit 1, with its pool 1 ports; however, if you have remotely forwarded a pool 2 port, peers would never be able to reach your program, because they would send packets to a port of another IP address (exit 1, the address recorded by DHT and/or trackers). The problem could be resolved by manual setting (see for example https://userpages.umbc.edu/~hamilton/btclientconfig.html#BTConfig ) when you need to seed only - additional tests are required. This is an important limitation that might be overcome in the future, for example by letting the user pick which exit IP address its traffic must go to the Internet through. In the meantime, by using pool 2 (and when necessary additional pools) for anything different from p2p and crypto wallets, port exhaustion problem is solved (in most cases only 1 forwarded port is needed for p2p). Kind regards

Hello! Yes, it is fine. Your domain name will resolve into the proper exit IP address of VPN server the corresponding device is connected to, therefore all the ports on the same pool linked to the same device will be reachable through the same IP address (hence the same domain name). Kind regards

Hello! We're not sure we understand the question. If you mean how to connect a machine through a specific certificate/key (i.e. a "device" in the user panel), then it's simple: on Eddie GUI's main window, just under the login credential fields, you have a combo box which will let you pick any certificate/key (if the box does not appear, log the account out and in again) on Eddie CLI, you can set it with the option --key=key_name on Bluetit, you may either specify the key on the bluetit.rc run control file (option airkey key_name) or on the Goldcrest configuration file or line option through the option air-key key_name Kind regards

Hello! We checked thoroughly and all of your tickets have been answered in an average time of 8 hours. All of them. EDIT: we want to add to make it clear to the readers and to be fair to the support team that your last ticket was replied to in 1 hour and 15 minutes. Kind regards

Hello! Currently not, Hummingbird searches in "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/homebrew/bin:/opt/homebrew/sbin". Reading the $PATH variable and add it to the search paths is an option we will consider for sure. Should WireGuard library become available for macOS too we will of course use it. As a momentary patch you can consider a symlink for wg and wireguard-go - both are used by Hummingbird. No, we don't, sorry. Hummingbird makes the OpenVPN3-AirVPN library available to macOS users in a single comfortable binary, to boost performance remarkably over OpenVPN 2 or the OpenVPN3 mainline library, but for WireGuard it is just a wrapper of the tools as we don't have the library in this environment. Since in macOS WireGuard does not run in the kernel space (no kernel module) this core feature for performance is lost and running wg tools or Hummingbird is most probably equivalent. We can't even design a kernel extension (not even if we had the time to plan it) because kexts are no longer allowed. However, with Hummingbird you have a built-in Network Lock (through pf) which wg tools don't offer and that may come very handy to prevent any possible traffic leak outside the VPN tunnel. Kind regards

@Blatantly0156 Hello! It sounds like you are experiencing this bug: https://github.com/qdm12/gluetun/issues/1407 Note this: "It might be because there is a listener going through the tunnel, but gluetun destroys that tunnel on an internal vpn restart and re-creates it. I had the same issue with the http client fetching version info/public ip info from within gluetun, and the fix was to close 'idle connections' for the http client when the tunnel is up again". Therefore, unless something changed in Gluetun, an effective solution is restarting qBittorrent (the 1st workaround explained in the bug thread). Also, try to increase the HEALTH_VPN_DURATION_INITIAL config option as various users reported that this change solved the problem. If all of the above fails, try to bind qBittorrent to the actual tun interface and make sure you're running the latest qBittorrent version. Anyway, not an AirVPN side problem, as you may be already aware of. Kind regards

Hello! It's not an expected behavior... Does the same happen with Eddie 2.24.2 beta version? Kind regards

Hello! Please remember that if the VPN connection takes place from a device that is not compromised, the upstream compromised devices will be unable to understand the traffic content, including the real destinations and sources. Your ISP does not even need to compromise the ISP router, it can just watch your traffic on their upstream equipment (data retention, DPI....). One of the core features of the service is exactly preserving data confidentiality and integrity when such data pass through insecure lines and devices. Therefore, if the connection is established by the Asus router, it is vital that the router and all the downstream devices connected to it, and their line(s), are not compromised, while it does not matter whether the upstream devices and lines of your ISP are compromised, as that will not affect data confidentiality and integrity up to the VPN servers. Always use end-to-end encryption in addition, in order to prevent our own servers from seeing the payload of your traffic and protect content integrity and confidentiality between the VPN server and the final recipient/source of the packets. Kind regards

Hello! UFW is an iptables wrapper which adds its own chains. To complicate the matter even more, UFW does not work with nftables, but probably your system is based on nftables (unless it is a very old distribution). Therefore translations iptables<->nftables are continuously needed and we have seen that some bug affects them. You should consider to drop UFW and use directly the nft userspace tool to set rules, or iptables-nft if you prefer the iptables syntax. In this last case, force Eddie to use iptables too (if Eddie finds nft in your system, it will use it) in the "Preferences" > "Network Lock" window. Kind regards

Hello! Please set permanent firewall rules that block every packet out (set the OUTPUT policy to DROP). Remember (important) to add ACCEPT rules for the following destinations: 255.255.255.255 (DHCPv4), ff02::1:2 (DHCPv6), 127.0.0.1 (localhost) and to your local network. When Network Lock is engaged, this total block will be lifted and only AirVPN servers will be reachable. When Network Lock is disengaged the previous block all rules will be restored. Kind regards

Hello! The paramount IPv6 privacy problem, which was considered by many as a critical or fatal flaw compromising adoption and usage, has been resolved through privacy extensions: https://www.internetsociety.org/resources/deploy360/2014/privacy-extensions-for-ipv6-slaac/ Nowadays, ten years after that article by The Internet Society and 17 (seventeen) years after RFC 4941 virtually all widespread systems have finally adopted the very much needed privacy extensions. However, one bad apple may compromise the whole local network. See for example this paper: https://arxiv.org/abs/2203.08946 where the authors show how a single device at home that encodes its MAC address into the IPv6 address can be utilized as a tracking identifier for the entire end-user prefix. Therefore, it is good practice to verify with care every and each device and making sure that their Operating Systems implement the privacy extensions. Other than that, we can't see any serious hindrance to adopt IPv6 as far as it pertains to privacy. Furthermore, in AirVPN we picked an unorthodox approach, i.e. we implemented NAT66 with ULA, as it is one of those rare cases where it comes handy to strengthen the anonymity layer (a thoughtful analysis of the pros and cons of NAT in IPv6 can be found in the following article for example https://blogs.infoblox.com/ipv6-coe/you-thought-there-was-no-nat-for-ipv6-but-nat-still-exists/ while a pragmatic approach is here: https://blog.ipspace.net/2013/09/to-ula-or-not-to-ula-thats-question/). Switching from privacy to security, probably an informed choice can start by reading this article, that also includes other precious sources, again by the Internet Society: https://www.internetsociety.org/deploy360/ipv6/security/faq/ Kind regards

Hello! No, it is not mandatory. Please make sure not to tick "Remember me" in the sign in box. A logout due to inactivity will then be enforced. We will re-check with the web site maintainers if it's the case to lower the timeout. We have never operated a server in Hungary throughout AirVPN history. You must be confusing AirVPN with some other service. Please note that the area is well covered as we have servers in Serbia, Romania, Austria and Czech Republic. Kind regards

Ah sorry, I've only been really working on wireguard config with the wireguard client, is the alternate one(s) available via DNS? because the airdns.org domains only ever resolve to the same number of addresses as there are servers for the region/country Hello! WireGuard is available on entry IP addresses 1 and 3. Specific areas (country, continent, planet) domain names are available for every entry IP address. Please see here: https://airvpn.org/faq/servers_ip/ Kind regards

@vpn.home3 Hello! A common cause of this error is trying to import a configuration file aimed at an OpenVPN version different from the one your system runs. For example OpenVPN 2.4 does not support various OpenVPN 2.5 new directives. Please check the OpenVPN version your Asus router runs and generate the file accordingly. On the Configuration Generator please turn on the "Advanced" switch in order to see the "OpenVPN profile" combo box that lets you choose the version (2.4, 2.5, 2.6, 2.6 no-dco, 3). You can manage your keys anytime from your AirVPN account control panel (enter it by clicking "Client Area" from the upper menu of the web site). You can delete or renew a certificate/key, or you can create new, multiple certificates and keys. This is a feature AirVPN supports since so many years ago, please see here: https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/ Kind regards