Staff

@colorman Hello! Thank you, please disclose /home/gerrit/.config/goldcrest.rc and AirVPN_Netherlands_UDP-443.ovpn (cut sensitive information, if any). Kind regards

Version 2.21.5 (Tue, 08 Mar 2022 11:30:14 +0000) [bugfix] [linux] Segmentation-fault of Elevation in some Arch distro [change] [linux] Tray icon (temporarily) removed from Arch/AUR build [bugfix] [macos] Fix for issue "Client not allowed: Remote executable not signed" [bugfix] [linux] Issue with custom IP in NetLock>Allowlist (nftables only) [bugfix] [linux] Better selection of iptables vs iptables-legacy vs iptables-nft [bugfix] [linux] Useless ping result reported in std::cout

Hello! Update: AirVPN Suite 1.2.0 Release Candidate 2 is now available. Original message download links and changelog have been updated accordingly. Thank you for your tests! Kind regards

Hello! Update: Hummingbird 1.2.0 Release Candidate 2 is now available. Links to download the packages have been updated in this thread first message. Thank you very much for your tests! Kind regards

@Gucci4Gucci Hello! False. Issue a whois before posting and mention your source ("reported as..." by whom? link?). CANES: $ whois 86.105.9.67 % IANA WHOIS server % for more information on IANA, visit http://www.iana.org % This query returned 1 object refer: whois.ripe.net inetnum: 86.0.0.0 - 86.255.255.255 organisation: RIPE NCC status: ALLOCATED whois: whois.ripe.net changed: 2004-04 source: IANA # whois.ripe.net inetnum: 86.105.9.0 - 86.105.9.127 netname: M247-Europe-SRL descr: Bucharest Infrastructure org: ORG-MES6-RIPE remarks: Geofeed found at https://geoip.m247.ro/geofeeds.csv geoloc: 44.4753217 26.1039617 country: RO admin-c: GBXS-RIPE tech-c: GBXS-RIPE status: ASSIGNED PA remarks: ---- LEGAL CONCERNS ---- remarks: For any legal requests, please send an email to remarks: ro-legal@m247.ro for a maximum 48hours response. remarks: ---- LEGAL CONCERNS---- mnt-by: GLOBALAXS-MNT created: 2016-10-04T13:14:03Z last-modified: 2022-01-18T11:17:23Z source: RIPE organisation: ORG-MES6-RIPE org-name: M247 Europe SRL country: RO org-type: LIR address: 11B Sos. Fabrica de Glucoza, 1st floor District 2 address: 020331 address: Bucharest address: ROMANIA phone: +4 031 080 0700 abuse-c: ME5262-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: M247-EU-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: M247-EU-MNT created: 2014-01-06T11:23:03Z last-modified: 2021-08-18T08:33:50Z source: RIPE # Filtered role: GLOBALAXS NOC remarks: M247 - Network Management Centre address: 1 Ball Green, Cobra Court address: M32 0QT, Manchester - United Kingdom tech-c: JB3482-RIPE tech-c: CB2407-RIPE nic-hdl: GBXS-RIPE abuse-mailbox: abuse@m247.ro mnt-by: GLOBALAXS-MNT created: 2006-07-13T15:37:05Z last-modified: 2018-09-10T17:32:45Z source: RIPE # Filtered % Information related to '86.105.9.0/24AS9009' route: 86.105.9.0/24 descr: M247 Europe SRL origin: AS9009 mnt-by: GLOBALAXS-MNT created: 2015-08-11T11:57:24Z last-modified: 2015-08-11T11:57:24Z source: RIPE % This query was served by the RIPE Database Query Service version 1.102.2 (BLAARKOP) ALAMAK: $ whois 91.207.102.163 % IANA WHOIS server % for more information on IANA, visit http://www.iana.org % This query returned 1 object refer: whois.ripe.net inetnum: 91.0.0.0 - 91.255.255.255 organisation: RIPE NCC status: ALLOCATED whois: whois.ripe.net changed: 2005-06 source: IANA # whois.ripe.net inetnum: 91.207.102.0 - 91.207.103.255 netname: M247-EUROPE-SRL country: RO org: ORG-MES6-RIPE admin-c: ME5262-RIPE tech-c: ME5262-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-END-MNT mnt-by: M247-EU-MNT mnt-routes: M247-EU-MNT mnt-domains: M247-EU-MNT remarks: ---- LEGAL CONCERNS ---- remarks: For any legal requests, please send an email to remarks: ro-legal@m247.ro for a maximum 48hours response. remarks: ---- LEGAL CONCERNS---- created: 2013-10-09T10:13:09Z last-modified: 2018-11-29T10:55:39Z source: RIPE # Filtered organisation: ORG-MES6-RIPE org-name: M247 Europe SRL country: RO org-type: LIR address: 11B Sos. Fabrica de Glucoza, 1st floor District 2 address: 020331 address: Bucharest address: ROMANIA phone: +4 031 080 0700 abuse-c: ME5262-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: M247-EU-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: M247-EU-MNT created: 2014-01-06T11:23:03Z last-modified: 2021-08-18T08:33:50Z source: RIPE # Filtered role: M247 Europe address: Sos. Fabrica de Glucoza, Nr 11B address: etaj 1, Sector 2, Bucuresti Romania admin-c: PP13161-RIPE tech-c: MP26073-RIPE abuse-mailbox: abuse@m247.ro nic-hdl: ME5262-RIPE mnt-by: M247-EU-MNT created: 2014-01-13T12:11:34Z last-modified: 2014-12-08T16:22:40Z source: RIPE # Filtered % Information related to '91.207.102.0/23AS9009' route: 91.207.102.0/23 descr: M247 Europe SRL origin: AS9009 mnt-by: GLOBALAXS-MNT created: 2015-04-17T10:11:11Z last-modified: 2015-04-17T10:11:11Z source: RIPE % This query was served by the RIPE Database Query Service version 1.102.2 (WAGYU)

@OpenSourcerer Hello! We couldn't reproduce the issue in Arch, but our distribution uses DBus 1.14, while yours runs the 1.12.20 legacy. Do you have the option to upgrade to 1.12.22 or 1.14 and check whether the problem gets resolved or not? We start suspecting that the issue is related to 1.12.20. Kind regards

@OpenSourcerer Hello! Yes, that's fine, Bluetit implements an exclusive D-Bus mode to prevent multiple clients from connecting to it. That's puzzling, it may be caused by D-Bus lack of memory or wrong data type (EDIT: the error would be caused by lack of memory only according to D-Bus documentation) Furthermore Bluetit crashes immediately after.: We've been struggling and failing to reproduce the issue so far. Can you tell us your D-Bus version? Have you experienced the problem in Arch only or even in other distributions? Kind regards

Issue details Eddie checks the integrity of Eddie installation every time it is started. The following command: /usr/bin/codesign -v --verify /Applications/Eddie.app/Contents/MacOS/Eddie must return /Applications/Eddie.app/Contents/MacOS/Eddie: valid on disk /Applications/Eddie.app/Contents/MacOS/Eddie: satisfies its Designated Requirement but when a crash occurs it generates a dump file that causes failed validation: /Applications/Eddie.app/Contents/MacOS/Eddie: a sealed resource is missing or invalid file added: /Applications/Eddie.app/Contents/Resources/mono_crash.11b738480.0.json Removing dump files with the below command reverts to a successful validation: rm /Applications/Eddie.app/Contents/Resources/mono_crash*

If you encounter exactly this error under macOS: Unable to start (Client not allowed: Remote executable not signed) run from terminal (adjust the path if different) sudo rm /Applications/Eddie.app/Contents/Resources/mono_crash* This issue is resolved in Eddie version 2.21.5 and above.

@OpenSourcerer Hello! -6 option problem you have detected is caused by the fact that the option is managed by OpenVPN3 and not by the Suite. OpenVPN3 options can't have "on", "off" etc. arguments, but only "yes", "no" and "default"/other, while the Suite parser is much more flexible. We will translate the arguments of those options which are managed internally by OpenVPN3 in order to resolve the issue. In the meantime you should use only "yes" or "no" to resolve the problem and keep testing. Kind regards

Hello and thank you! OK, it sounds fine here. Yes, bug reproduced - it doesn't recognize any setting. If connection is attempted over IPv6, for example because default system choice is IPv6 or configuration file prescribes IPv6 address in remote directive, failure is expected when IPv6 is not available server side. That's fine. The problem in such systems is again the bug for which one can't turn off -6 (allowuaf), making those almost unable to connect to IPv4 only servers (a remote IPv4 address must be forced to circumvent the problem). The default setting for IPv6 should be the default system setting. Docs clarification/fix needed, we will check. Thank you very much! Kind regards

Hello! Unfortunately there's nothing we can do during these grim and tragic days. Russians are actively destroying various infrastructural resources and might enter Kyiv any time. Our deepest sorrow is caused by the uncertain fate of the Ukrainian people. Who cares about a single server, but we will keep operating it, even as a symbol, as long as the infrastructure works, and it will remain displayed in the servers status page with the Ukraine flag. Kind regards

Hello! When you have time you should open a ticket including Eddie log and Android logcat if possible. The log will show to the support team all the relevant system data but anyway please specify your device brand and model, and your Android exact version. The logcat will show much more information which might be needed by the developers. Kind regards

Hello! Have you tested the AirVPN Suite? If not, please see here: https://airvpn.org/linux/suite/ User manual: https://airvpn.org/suite/readme/ Kind regards

@OpenSourcerer Hello! Of course, if @gh4green means VPN tunnel encryption, on top of OpenVPN or WireGuard log check as well as routing table verification, one would get a safe proof. by analyzing the traffic on the physical network interface with tools like tcpdump or Wireshark and verifying that the payload is encrypted, even when end-to-end encryption is not enforced, Kind regards

Hello! You must never rely on information provided by the web site owners themselves, because anything can be written. Anyway information is indeed provided on our web site pages, you must have missed it. Verify directly from your browser by clicking the padlock or analogous icon to show certificate and cipher information. Also check with specialized services, for example: https://www.ssllabs.com/ssltest/analyze.html?d=airvpn.org&s=5.135.136.95&latest ipleak.net has a completely different purpose, it shows you all the information that a web site can potentially get from your browser, all the DNS servers your system queries and optionally the IP address advertised by your torrent software. Moving this thread to "Suggestions" forum as it is off-topic in Eddie forum. Kind regards

Hello! We will think about it. At the moment the Configuration Generator proposes files for OpenVPN 2.4. A user must check "Advanced Mode" and then select "OpenVPN >= 2.5" to get files compatible both with OpenVPN 2.5 and OpenVPN 3, with the correct directives: data-ciphers AES-256-GCM:AES-256-CBC:AES-192-GCM:AES-192-CBC:AES-128-GCM:AES-128-CBC data-ciphers-fallback AES-256-CBC But those files will not be compatible with OpenVPN versions older than 2.5. It's not easy when the user base is split between OpenVPN 2.3, 2.4, 2.5, 3.. with their mutual incompatibilities. Excellent! It's not planned at the moment, because tls-crypt made it essentially obsolete. We might instead consider OpenVPN over SSH in the future. Kind regards

Hello! Hello! Eddie 2.5 Android edition can start and connect during the device bootstrap even in Android 10, 11 and 12. "Always on VPN" Android settings must be enabled (therefore you can't connect at boot on Android TV) 10,. 11 and 12) and Eddie's option "Settings" > "System" > "Start VPN connection at device boot" must be on. Once it's on, you can define the "VPN Boot Priority Order", again in "Settings" > "System". Kind regards

@Maggie144 Thanks. AES-CBC is not supported on the data channel (hence "bad cipher" error). When you configure AES-GCM, we see that you can't reach Kitalpha on port 53 at all. In fact the server is reachable on port 53, and the problem could be caused by your ISP (for example by hijacking all packets to port 53, as Vodafone did some time ago). Can you try different servers and different ports? Kind regards

@Maggie144 Hello! Now the connection goes through but it's broken almost immediately, that's why you can't browse: We also notice that your system DNS setting seems wrong (10.17.151.1 is a DNS of another subnet of the same VPN server you're connecting to), as if a system restore from a previous connection to the same server on a different port was not performed correctly. Please try the following procedure and let's see whether the problem is resolved and if it re-occurs: make sure that Hummingbird is not running verify the DNS settings of your system and set the correct DNS delete the whole content of /etc/airvpn with command "sudo rm /etc/airvpn/*" reboot the system try again a connection with Hummingbird Kind regards

@Maggie144 Hello! We can't reproduce the issue with config files generated with the same settings (for example Alrami, UDP, 443 etc.). Can you send us one of those files (1, 2, or 3, for 4 and 5 the outcome is expected), without certificate and key? Yes, that's normal, because Eddie takes care to prepare the first tunnel (via SSH or stunnel) first, and only later it tells OpenVPN how to connect to that first tunnel. Kind regards

@Maggie144 Hello! The problem is here: Apparently you have generated a configuration file for OpenVPN over SSH/TLS connections, i.e. OpenVPN should connect locally to a previously established SSH or TLS tunnel. Since SSH or stunnel do not run, OpenVPN fails. Can you please check and generate a new ovpn file? Kind regards

Version 2.21.4 (Fri, 18 Feb 2022 12:04:45 +0000) [new] OpenVPN 2.5.5 [new] Allows setting a generic adapter (and not only a specific IP address) in "Interface used for connection" [change] Added an IPv6 bootstrap address in boot manifest [change] A useless, wrong error message if connection fails (about object not defined) [change] [windows] Improvement about driver detection [change] [windows] wgtunnel.dll 0.5.2 [bugfix] [windows] Unquoted service path fix [bugfix] [linux] bug with iptables/iptables-legacy/nftables in some distribution [bugfix] Useless re-auth for non-beta users [bugfix] Other minor fixes

@SleepySocks Hello! A new Eddie beta version is coming out very soon (maybe even today). It features some fixes related to nft. Can you please test the new version when it's available (check the "News" forum) and verify whether the problem is resolved or not? Kind regards

Hello! Soon after IPv6 implementation years ago, but it was not advertised and we also wrote a message claiming it was not supported. That message was wrong. Kind regards