Staff

@OpenSourcerer @deguito18090 Hello! We're glad to inform that inbound packet forwarding is implemented for IPv6 too. Please feel free to open a ticket for additional investigation. Out of curiosity, IPv6 DNAT and Masquerading are supported even in Linux starting from netfilter6 in kernel 3.9.x or 4 if we remember correctly. Kind regards

@blatrala Hello! Thank you for your choice. We can't reproduce the issue, either with Firefox, Safari or Chromium. Can you tell us your browser and Operating System names and versions? Are cookies and javascript allowed in the browser? Have you tested with disabled add-ons? Kind regards

Hello! The AirVPN guide to correctly configure your torrent software and optimize performance in AirVPN by using inbound remote port forwarding and avoiding wrong settings is available in the FAQ: https://airvpn.org/faq/p2p/ Kind regards

Hello! Update: AirVPN Suite 1.2.0 Release Candidate 1 is now available. Original message download links and changelog have been updated accordingly. RC 1 is linked against the new OpenVPN3-AirVPN library and fixes all the glitches you have found so far in beta 1. Thank you for your tests! Kind regards

Hello! Update: Hummingbird 1.2.0 Release Candidate 1 is now available. Links to download the packages have been updated in this thread first message. Thank you very much for your tests! Kind regards

Hello! If you still need to increase the UDP buffer size beyond please see here: http://slaptijack.com/system-administration/mac-os-x-tcp-performance-tuning/ The article pertains to TCP but the principle is identical. By increasing mbuf clusters through setting ncl boot argument via nvram, you will be able to increase kern.ipc.maxsockbuf value after the bootstrap. So, if you need more buffer room to avoid the mentioned errors, you can have it. Maximum software buffer in bytes should be ~ (1/16) * ncl (each cluster is 2048 bytes). Remember to run nvram with root privileges and reboot to apply boot argument change. Please, we kindly ask you to keep us informed. Kind regards

@Maggie144 Hello! It was probably caused by lack of Internet connectivity. Once the connection is over Eddie is in control and is the one "checking authorization" indefinitely, Hummingbird is not running. The fact that Eddie was unresponsive to "Cancel" and kept going on indefinitely might be an Eddie's bug, we will verify. Kind regards

@Monotremata Hello! Please set the UDP buffer at its maximum size: sudo sysctl -w kern.ipc.maxsockbuf=16554432 and test again. See also: https://airvpn.org/forums/topic/46764-hummingbird-110-released/?do=findComment&comment=173140 Please keep us posted. Kind regards

Hello! Fixed, can you please try again now? Kind regards

Hello! Two tips to make the "quick" connection quicker in Eddie. Maybe you can't have the same lightning speed you have in Android and in general on Linux based systems, but you can improve remarkably the current situation. Disable route check and DNS check, provided that you keep Network Lock enabled. You can disable route check by unchecking "Check if the VPN tunnel works" in "Preferences" > "Advanced" window, while you can disable DNS check by unchecking "Check Air VPN DNS" in "Preferences" > "DNS" window. By doing so you disable security checks, thus Network Lock becomes important and probably you want to keep it always enabled. Define a white list of servers or countries, respectively in "Preferences" > "Servers" and "Countries" window which suit your needs, when you are confident to do so. Eddie will compute round trip times only of servers included in the white list, so the tests will be very few and you will save plenty of time. If you are confident to connect always to the same pool of servers, you might even completely disable any test, and save even more time. You can do so in "Preferences" > "Advanced" window by unchecking "Enable latency tests" Kind regards

Hello! Explanation found. OpenVPN3 hard codes internally the OpenSSL header value at compilation time, even though OpenSSL is linked dynamically. So, if you compile in, say, Debian 9 to ensure maximum compatibility, OpenVPN 3 will claim "1.1.0h" regardless of the actual OpenSSL used during runtime. It's a wrong approach our library inherited from the master branch. The correct approach would be for example using the proper library function to get and return the library version and avoid the aforementioned hard coding. We are going to fix this botch in our fork asap. EDIT: fix implemented in OpenVPN3 AirVPN 3.7.2. AirVPN Suite 1.2.0 RC 1 is now linked against the new library. Kind regards

@OpenSourcerer Hello! Sure, the *.rc templates will be adjusted accordingly. The Suite must use system OpenSSL library, simply because it has nothing else. That log entry is very strange, as OpenSSL 1.1.0 is nowhere, and we have noticed the same on a different system (Fedora 35). Under investigation. Thanks again. Kind regards

Hello! Yes, ipv6 option has been removed. From the changelog: [ProMIND] Removed ipv6 command line option and replaced with allowuaf option (Allow Unused Address Families) in order to comply to the new OpenVPN3 specifications The next user's manual which will be published with the stable release will reflect the change. Kind regards

Hello! We're very glad to inform you that we have just released Hummingbird 1.2.0 macOS (High Sierra or higher version required). UPDATE 15 FEB 2022: Release Candidate 1 is available UPDATE 08 MAR 2022: Release Candidate 2 is available UPDATE 17 MAR 2022: Release Candidate 3 is available 24 MAR 2022: Production Release is now available Main features Lightweight and stand alone binary No heavy framework required, no GUI Small RAM footprint Lightning fast Based on OpenVPN 3 library fork by AirVPN robust leaks prevention through Network Lock based on pf - working perfectly on Big Sur and higher versions too proper handling of DNS push by VPN servers capable of higher throughput than OpenVPN 2.5 What's new bug fixes pertaining to --restore-network --pause --resume and --reconnect options update of all support libraries improved handling of AirVPN IPv6 bootstrap servers higher performance, mainly thanks to the new OpenSSL library version. Both Apple M1 and Intel based Mac performances are finally on par with Linux and Windows ones. Throughput as high as 650-700 Mbit/s has been reached both with CHACHA20 and AES-GCM, both on M1 and Intel based Mac computers Check the changelog for detailed information. Download Hummingbird for macOS is distributed in plain versions for M1 and Intel based Mac computers. Notarized versions will be available with the stable release. Download page: https://airvpn.org/macos/hummingbird/ Hummingbird is released under GLPv3. Source code and repository: https://gitlab.com/AirVPN/hummingbird Changelog Version 1.2.0 - 22 March 2022 [ProMIND] production release Version 1.2.0 RC 3 - 17 March 2022 [ProMIND] updated to OpenVPN3 AirVPN 3.8.1 [ProMIND] do not check for supported ciphers in OpenVPN config file in case eval.cipher is empty [ProMIND] changed references of ClientAPI::OpenVPNClient class to ClientAPI::OpenVPNClientHelper to conform to the new OpenVPN3 client class names [ProMIND] replaced calls to removed OpenVPN client's eval_config_static() with ClientAPI::OpenVPNClientHelper::eval_config() Version 1.2.0 RC 2 - 8 March 2022 [ProMIND] Added --list-data-ciphers option [ProMIND] Check and validate requested data cipher according to VpnClient's supported ciphers [ProMIND] Normalized (extended) bool values for options allowuaf, compress and network-lock Version 1.2.0 RC 1 - 15 February 2022 [ProMIND] Updated to OpenVPN 3.7.2 AirVPN Version 1.2.0 Beta 1 - 7 February 2022 [ProMIND] updated to OpenVPN 3.7.1 AirVPN and latest support libraries and support projects [ProMIND] Added SSL library version to version message [ProMIND] Removed ipv6 command line option and replaced with allowuaf option (Allow Unused Address Families) in order to comply to the new OpenVPN3 specifications [ProMIND] Added OpenVPN and copyright information and SSL library information to the welcome message [ProMIND] Fixed recover network procedure. It now properly checks the existence of network backup file Thank you for your tests! Please feel free to report any bug, malfunction etc. on this thread or through a ticket. Kind regards & datalove AirVPN Staff

@OpenSourcerer Thank you! Do you have "ipv6 on" in your goldcrest.rc ? We brought in from OpenVPN3 main branch the IPv6 member deletion and other IPv6 related modifications. EDIT: ...so ipv6 option is no more supported (check our next message). Kind regards

@colorman Hello! The failure is 2022-02-09 11:35:55 Client exception in transport_recv: crypto_alg: AES-256-CBC: bad cipher for data channel use AES-CBC cipher must not (and is not according to our tests) be selected with default settings. Therefore we would like to see the content of the mentioned files to understand how AES-CBC happened to be selected. Forget about Goldcrest running options, we see that you give Goldcrest an ovpn file to parse. Please note that if you generated an OpenVPN configuration file for OpenVPN 2.4, the directive: cipher AES-256-CBC will be included. This directive will cause the error you see on latest OpenVPN3-AirVPN and OpenVPN 2 versions. To generate a proper configuration file for AirVPN Suite and latest OpenVPN 2.5 releases, tick "Advanced Mode", then select "OpenVPN >= 2.5". In this way the aforementioned directive will not be included. Alternatively, do not use ovpn files at all (Bluetit and Goldcrest don't require them with AirVPN). Kind regards

@colorman Hello and thank you! AES-CBC for Data Channel is no more accepted and should not be picked automatically, can we see your bluetit.rc and goldcrest.rc files content? Kind regards

@OpenSourcerer Hello! Thank you, bug confirmed and fixed. Before the next version comes out, you might like to use "--air-connect" in place of "-O" to keep testing. Kind regards

Hello! We're very glad to inform you that AirVPN Suite version 1.2.0 is now available. Check supported systems below UPDATE 15 Feb 22: Release Candidate 1 is available UPDATE 08 Mar 22: Release Candidate 2 is available UPDATE 17 Mar 22: Release Candidate 3 is available 24 Mar 22: Production release is available The suite includes: Bluetit: lightweight, ultra-fast D-Bus controlled system daemon providing full connectivity and integration to AirVPN servers, or generic OpenVPN servers. Bluetit can also enforce Network Lock and/or connect the system to AirVPN during the bootstrap Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN servers Hummingbird: lightweight and standalone binary for generic OpenVPN server connections What's new in 1.2.0 bug fix: white and black lists are now handled more properly by quick connection mode with new logical approach bug fix: comma in password is now parsed correctly when entered in bluetit.rc bug fix: Hummingbird network restore function works properly when hummingbird.lock file is missing but DNS and firewall rules have their backup copies to be recovered bug fixes in --pause, --resume, --reconnect options refinements in logging in automatic network lock mode, nftables takes precedence over iptables if nft userland utility exists DNS handling improvements with certain systemd-resolved wortking modes added support for zstd and gzip compressed kernel modules IPv6 bootstrap servers enhanced support update of all support libraries, including OpenVPN-AirVPN Please check the changelog at the end of this post for detailed information. Thank you very much for your tests and please report any bug, glitch, malfunction etc. in this thread! Packages Please note that the Suite is no more built for i686 systems (32 bit architecture). If you need the Suite for such systems please run 1.1.0 release in the meantime and contact us in this thread or through a ticket. Packages can be downloaded from our web site page https://airvpn.org/linux/suite/ AirVPN Suite is released under GLPv3. Source code and repository: https://gitlab.com/AirVPN/AirVPN-Suite AirVPN Suite changelog Changelog for AirVPN Suite Version 1.2.0 - 22 March 2022 [ProMIND] production release Version 1.2.0 RC 3 - 17 March 2022 [ProMIND] updated to OpenVPN3 AirVPN 3.8.1 [ProMIND] vpnclient.hpp: changed references of ClientAPI::OpenVPNClient class to ClientAPI::OpenVPNClientHelper to conform to the new OpenVPN3 client class names [ProMIND] vpnclient.hpp: added private members event_error and event_fatal_error to reflect client's event errors [ProMIND] vpnclient.hpp: added public methods eventError() and eventFatalError() [ProMIND] vpnclient.hpp: get_connection_stats() added topology, cipher, ping and ping_restart values from OpenVPN3 options Version 1.2.0 RC 2 - 8 March 2022 [ProMIND] vpnclient.hpp: added methods init(), initSupportedDataCiphers(), isDataCipherSupported() and getSupportedDataCiphers() [ProMIND] vpnclient.hpp: added cipher member to struct EventData [ProMIND] vpnclient.hpp: added getPushedDns() method [ProMIND] airvpntools.cpp: added normalizeBoolValue() method for the normalization of "simple" bools to extended values conforming to Suite's option parser and to be used to extend OpenVPN3 "simple" bool options [ProMIND] logger.hpp: flushLog() is now synchronized and thread safe by using a semaphore Version 1.2.0 RC 1 - 15 February 2022 [ProMIND] Updated to OpenVPN 3.7.2 AirVPN Version 1.2.0 Beta 1 - 7 February 2022 [ProMIND] updated to OpenVPN 3.7.1 AirVPN and latest support libraries and support projects [ProMIND] vpnclient.hpp: added methods openVPNInfo(), openVPNCopyright() and sslLibraryVersion() [ProMIND] vpnclient.hpp: added event management (subscription, unsubscription, raising) via callback functions for all native ClientEvent::Type [ProMIND] loadmod.c: added support for gz and zstd modules [ProMIND] netfilter.cpp: changed firewall priority scheme into nftables, iptables-legacy, iptables, pf [ProMIND] netfilter.cpp: added workaround for iptables modules in order to comply to kernel 5.15.x [ProMIND] netfilter.cpp: init(): in case netlock is set to iptables, force the initial loading of system rules by adding and then immediately removing two IPv4 and IPv6 "fake rules" in order to have netlock work in distributions running under kernel 5.15.x and iptables 1.8.7 [ProMIND] dnsmanager.cpp: systemHasResolved() method renamed as systemHasSystemdResolved() [ProMIND] dnsmanager.cpp: added systemHasResolvectl() method [ProMIND] optionparser.cpp: added description and order members to OptionConfig and Option structures [ProMIND] airvpntools.cpp: added automatic support and selection for AirVPN IPv6 bootstrap servers [ProMIND] airvpnserverprovider.cpp: getFilteredServerList() includes all AirVPN server. Those not meeting the connection priority scheme are sent to the bottom of the list with the highest possible penalty. This is needed in case the country black list includes all of the connection priority scheme's countries *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog for Bluetit Version 1.2.0 - 22 March 2022 [ProMIND] production release Version 1.2.0 RC 3 - 17 March 2022 [ProMIND] do not check for supported ciphers in OpenVPN config file in case eval.cipher is empty [ProMIND] establish_openvpn_connection() returns false in case of client's event error or fatal error [ProMIND] connection and connection stats threads are now stopped by dedicated functions stop_connection_thread() and void stop_connection_stats_thread() respectively [ProMIND] improved error management at connection time Version 1.2.0 RC 2 - 8 March 2022 [ProMIND] Added list_data_ciphers dbus method [ProMIND] Added list_pushed_dns dbus method [ProMIND] Check and validate requested data cipher according to VpnClient's supported ciphers [ProMIND] Shows server information summary at the end of connection process via VpnClient connected event [ProMIND] Normalized (extended) bool values for options allowuaf, compress and network-lock Version 1.2.0 RC 1 - 15 February 2022 [ProMIND] Same as Beta 1 Version 1.2.0 Beta 1 - 7 February 2022 [ProMIND] White and black lists are now properly checked when connecting to an AirVPN server or country [ProMIND] In case there are white lists defined, quick connection will ignore the connection scheme priority [ProMIND] Added "africa" and "oceania" to continent/country connection process [ProMIND] Added SSL library version to startup log [ProMIND] Removed ipv6 option and replaced with allowuaf option (Allow Unused Address Families) in order to comply to the new OpenVPN3 specifications [ProMIND] Added DBus method ssl_library_version [ProMIND] btcommon.hpp: added normalized client options and descriptions [ProMIND] add_airvpn_bootstrap_to_network_lock(): added support for AirVPN IPv6 bootstrap servers *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog for Goldcrest Version 1.2.0 - 22 March 2022 [ProMIND] production release Version 1.2.0 RC 3 - 17 March 2022 [ProMIND] Update connection statistics to the latest Bluetit specifications Version 1.2.0 RC 2 - 8 March 2022 [ProMIND] Added --list-data-ciphers option [ProMIND] Added server information summary to statistics output [ProMIND] Normalized (extended) bool values for options allowuaf, compress and network-lock Version 1.2.0 RC 1 - 15 February 2022 [ProMIND] Reassigned short option "Q" to long option "air-key-load" Version 1.2.0 Beta 1 - 7 February 2022 [ProMIND] Removed ipv6 command line option and replaced with allowuaf option (Allow Unused Address Families) in order to comply to the new OpenVPN3 specifications [ProMIND] Added OpenVPN copyright information and SSL library information to the welcome message [ProMIND] Changed usage() in order to use the new normalized option format *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog for Hummingbird Version 1.2.0 - 22 March 2022 [ProMIND] production release Version 1.2.0 RC 3 - 17 March 2022 [ProMIND] updated to OpenVPN3 AirVPN 3.8.1 [ProMIND] do not check for supported ciphers in OpenVPN config file in case eval.cipher is empty [ProMIND] changed references of ClientAPI::OpenVPNClient class to ClientAPI::OpenVPNClientHelper to conform to the new OpenVPN3 client class names [ProMIND] replaced calls to removed OpenVPN client's eval_config_static() with ClientAPI::OpenVPNClientHelper::eval_config() Version 1.2.0 RC 2 - 8 March 2022 [ProMIND] Added --list-data-ciphers option [ProMIND] Check and validate requested data cipher according to VpnClient's supported ciphers [ProMIND] Normalized (extended) bool values for options allowuaf, compress and network-lock Version 1.2.0 RC 1 - 15 February 2022 [ProMIND] Updated to OpenVPN 3.7.2 AirVPN Version 1.2.0 Beta 1 - 7 February 2022 [ProMIND] updated to OpenVPN 3.7.1 AirVPN and latest support libraries and support projects [ProMIND] Added SSL library version to version message [ProMIND] Removed ipv6 command line option and replaced with allowuaf option (Allow Unused Address Families) in order to comply to the new OpenVPN3 specifications [ProMIND] Added OpenVPN and copyright information and SSL library information to the welcome message [ProMIND] Fixed recover network procedure. It now properly checks the existence of network backup file Kind regards and datalove AirVPN Staff

@pipox9 Hello! The problems with some RAI channels had been resolved soon after you posted the message in summer 2021. Then a new problem arose with a couple of channels in late January 2021 and it has been again fixed at the beginning of February. These problems come from RAI changing CDN and other settings. Such events require manual intervention. Kind regards

Hello! Adding SSL/TLS to an onion service is not necessary:: https://tor.stackexchange.com/questions/6447/do-all-onion-addresses-use-ssl-tls Of course it can be used. The certificate becomes more an additional auth tool which is not needed for the security and integrity of data in transit. Kind regards

@bidasci Hello! Can you also test whether Eddie 2.21.3 beta resolves the problem or not? Please see here to download latest beta version: https://airvpn.org/forums/topic/49638-eddie-desktop-221-beta-released/ Kind regards

@adamrabbit Hello! Thank you. This thread is under the attention of Eddie developer now. Can you also test Eddie 2.21.3 beta and check whether you experience the same problems, and report back when you can? Can you also specify whether you have applied the "patch" recommended by Apple, see Kind regards

Hello! Yes, thank you! It should have been resolved in 2.21.3 beta, can you please cross-check? Kind regards

@ayazey Hello! Yes, the suggestion is still valid but with a caveat. Note that the original error comes from the fact that the script does not exist at all in /etc/openvpn. However, probably the script will not work even though systemd-resolved is disabled (IMPORTANT *), because https://wiki.archlinux.org/title/OpenVPN#The_update-systemd-resolved_custom_script so either you use the other script suggested by OpenSourcerer and the wiki (with systemd-resolved running), you make sure that /etc/nsswitch.conf does not use resolve, or you run the AirVPN Suite. Also note that the AirVPN Suite (but not Eddie atm) is capable to handle any configuration among the several possible DNS handling combinations allowed by systemd-resolved and systemd-networkd - a few remaining "glitches" pertaining to DNS handling under peculiar settings will be also fixed in the incoming 1.1.1 release. AirVPN Suite 1.1.0 has been tested under Fedora 35 (with nftables installed) and handles DNS push and DNS restore just fine. You might try it: besides offering important features like Network Lock, it might save you a lot of trial and error - and you need not disable systemd-resolved or change any other system default setting. https://airvpn.org/suite/readme/ Kind regards (*) Note to all Linux users: by default in Fedora 35 and possibly in other distributions if you want to stop systemd-resolved, a simple "stop" will not work, not even for a session, because systemd will re-start systemd-resolved, as it is a unit configured to re-start. That's why we write "disabled", and not "stopped".