Staff

Hello! Adding SSL/TLS to an onion service is not necessary:: https://tor.stackexchange.com/questions/6447/do-all-onion-addresses-use-ssl-tls Of course it can be used. The certificate becomes more an additional auth tool which is not needed for the security and integrity of data in transit. Kind regards

@bidasci Hello! Can you also test whether Eddie 2.21.3 beta resolves the problem or not? Please see here to download latest beta version: https://airvpn.org/forums/topic/49638-eddie-desktop-221-beta-released/ Kind regards

@adamrabbit Hello! Thank you. This thread is under the attention of Eddie developer now. Can you also test Eddie 2.21.3 beta and check whether you experience the same problems, and report back when you can? Can you also specify whether you have applied the "patch" recommended by Apple, see Kind regards

Hello! Yes, thank you! It should have been resolved in 2.21.3 beta, can you please cross-check? Kind regards

@ayazey Hello! Yes, the suggestion is still valid but with a caveat. Note that the original error comes from the fact that the script does not exist at all in /etc/openvpn. However, probably the script will not work even though systemd-resolved is disabled (IMPORTANT *), because https://wiki.archlinux.org/title/OpenVPN#The_update-systemd-resolved_custom_script so either you use the other script suggested by OpenSourcerer and the wiki (with systemd-resolved running), you make sure that /etc/nsswitch.conf does not use resolve, or you run the AirVPN Suite. Also note that the AirVPN Suite (but not Eddie atm) is capable to handle any configuration among the several possible DNS handling combinations allowed by systemd-resolved and systemd-networkd - a few remaining "glitches" pertaining to DNS handling under peculiar settings will be also fixed in the incoming 1.1.1 release. AirVPN Suite 1.1.0 has been tested under Fedora 35 (with nftables installed) and handles DNS push and DNS restore just fine. You might try it: besides offering important features like Network Lock, it might save you a lot of trial and error - and you need not disable systemd-resolved or change any other system default setting. https://airvpn.org/suite/readme/ Kind regards (*) Note to all Linux users: by default in Fedora 35 and possibly in other distributions if you want to stop systemd-resolved, a simple "stop" will not work, not even for a session, because systemd will re-start systemd-resolved, as it is a unit configured to re-start. That's why we write "disabled", and not "stopped".

@VPNwarp Hello! Thanks for your choice. From the tiny log section we can see the problem is related to IPv6. Possible solutions: Make sure that IPv6 is enabled at system level and on the TAP-Windows network interface Alternatively. from Eddie main window select "Preferences" > "Networking", set the "IPv6 layer" combo box to "Block" and click "Save" If nothing of the above resolves the issue and you get no solutions from the community please open a ticket for professional support. This is a community forum where Staff reads and writes now and then, while the support team offers assistance 24h/24. Also make sure to publish a system report ("Logs" > LIFE BELT icon" > "Copy" icon > paste into your message) which is much more useful to techies than a screenshot. Kind regards

Hello! We're glad to inform you that replacement has been completed. Now Meissa, Phact and Schedir are new, more powerful machines, in a different datacenter (again In Riga), connected to 1 Gbit/s lines. Kind regards

@tammo Hello! The required syntax in some nft versions was different and the command issued by Eddie is incorrect for your version, hence the syntax error. A fix under this respect has been implemented in Eddie 2.21 beta, can you please test Eddie latest 2.21.3 beta version? Please see here to download it: https://airvpn.org/forums/topic/49638-eddie-desktop-221-beta-released/ We are looking forward to hearing from you. Kind regards

Hello! Currently not, we're sorry. At the moment Windows 7 users should run native WireGuard programs with a configuration file generated by our Configuration Generator. Kind regards

Hello! We have moved the discussion here because it was too off-topic in the beta testing thread and it polluted it. That thread is reserved to WireGuard testing in AirVPN and is aimed at finding bugs, malfunctions and so on, if any. Kind regards

Hello! We inform you that the following servers in Latvia: Meissa Phact Schedir Shaula have become suddenly nonoperational because the upstream of our provider blocked all traffic. They should come back online within a couple of days, due to new deals with a new transit provider. However, all IP addresses will change. We have decided that this is a good moment to switch to new lines and servers: we are changing the previous 100 Mbit/s lines with 1 Gbit/s lines and ports, and replacing the hardware with more powerful CPU. The four 100 Mbit/s servers will be replaced by three 1 Gbit/s servers. Location will not change, the new servers will be in Riga. We should be able to announce the new servers in the next days. EDIT 2022/02/02: replacement has been completed. Kind regards and datalove AirVPN Staff

Hello! Since no reports came in here or in tickets in the last 10 days we consider the problem as resolved, thank you very much! Kind regards

@Pwbkkee Hello! Thanks for the detailed report and the suggested solution. Unfortunately we could not reproduce the issue. Can you please tell us your exact distribution name, version and (if any) customization, to let us start from a common testing ground? Kind regards

@organicchocolate Hello! Thank you very much for the good feedback, we're glad to hear it. About Network Lock, the status is reported by the padlock on the main window. If it's closed, Network Lock is enabled. A connection must be possible even with Network Lock disable,d so the green token you mention is appropriate. Maybe you'd prefer to have Network Lock on by default. You can configure Eddie to enable Network Lock when the app starts. AirVPN Suite enables Network Lock by default. Kind regards

Hello! You are definitely right. Historically, this is a consequence of the fact the our bootstrap servers were not given by the respective datacenters IPv6 support and we did not insist on that. We will ask our providers to add IPv6 support to the bootstrap servers if possible, and then adapt our software accordingly when IPv6 layer is preferred over IPv4. Kind regards P.S. You applied a smart workaround!

@TheHellSite Hello! A dedicated forum might be excessive, but dedicated threads are surely appropriate. The official thread followed by staff members can be found in the "News" forum, which is not a community forum. Any other thread can be created by the community in the proper community forum ("Troubleshooting" is fine) and followed by the community as usual. Kind regards

@hartfieldsbane Hello! Can you please check the content of directory /etc/airvpn and post here? sudo ls /etc/airvpn A plausible explanation of the wrong behavior is that the lock file doesn't exist in /etc/airvpn, while some backup file related to firewall rules or DNS settings does. EDIT: bug confirmed, we will work to fix it. You can resolve immediately the problem by deleting the whole directory content, but first please publish its content to let us check and reproduce the issue, thank you! A bug causing a similar problem was already detected by @misam in this thread in late 2020. It was fixed in your version 1.1.2, but maybe something is still wrong. Please post text and not screenshots when possible. sudo rm /etc/airvpn/* Kind regards

@Asmodeus Hello! This was a 2020 thread, the page layout has changed in the meantime. Go here: https://airvpn.org/macos/eddie/ Click "Other versions" then select the version you want. You will be brought back to the download page, pointing this time to the version you selected. Pick the correct package for your macOS and download and install as usual. Kind regards

@eburom Thank you very much! The problem you found and kindly reported has been fixed and you'll see the fix in the next, imminent version. From the developer: you can't build the Suite now because OpenVPN3 has recently changed ClientAPI::Config definition. They replaced member ipv6 with allowUnusedAddrFamilies which is basically used for the very same purpose. The change has been already imported into OpenVPN3-AirVPN 3.7.1 fork and Bluetit/Hummingbird code has been updated accordingly in the development branch which is to be released very soon, along with some other minor fixes and changes [including the aforementioned one}. Kind regards

@r34lity23 Hello! Please make sure to accept packets to and from the bootstrap servers. You can find their IP addresses in /etc/airvpn/bluetit.rc file - bootserver directives. Kind regards

@spinmaster Hello! Our testing systems have 8 MB buffer as well. We are still struggling to reproduce the problem. In the meantime, please test with a 32 MB buffer, for example: sudo sysctl -w kern.ipc.maxsockbuf=33554432 Kind regards

Hello! No news, we're sorry, but let's evaluate whether the default buffer size of the UDP/IP stack is insufficient for OpenVPN3-AirVPN needs. Can you please give us the output (from a terminal) of the command: sysctl kern.ipc.maxsockbuf It will show the buffer size in bytes. We would like to compare it with our systems (Big Sur and Catalina, M1 and x86-64) where the problem doesn't occur, and check whether increasing the buffer mitigates it. Kind regards

@Xuebit Hello! We tried to reproduce the problem you reported but we failed. After we activated "cryptojacking" block list and entered getmonero.org among the allowed exceptions, we could determine that it was resolved correctly. Please try again, maybe your system and/or system browser cached DNS. You can debug with dig getmonero.org We rarely edit a list; "curated by us" doesn't necessarily imply that we edit a list, but that we select and propose it or a merge of different lists, aiming at covering all the most requested categories. Therefore you might like to ask the original compiler the reason why getmonero.org was included. We see that also bitcoin.com is included in the same block list. That said, we can of course edit those "curated by us" lists: while a regular review of each list by us is not realistic at all, we keep this option open for your and other users observations. Kind regards

@mrbert Hello! Unfortunately we don't understand the issue, therefore we recommend you open a ticket. About your last question, the DNS query should be tunneled so it should not go straight to Google, but anyway make sure that Network Lock is enabled. Anyway, you should not pick Google DNS in any case. Good DNS which respect your privacy are OpenNIC https://www.opennic.org and Quad9 (9.9.9.9). Kind regards

@Xuebit Hello! Thank you very much for the head up. The fact that the exception you entered doesn't work is unexpected, we will start an investigation because it might be a bug. The potential error about getmonero.org will be investigated as well. Kind regards