Staff

Hello! Tables include data that's 7 years old (connection slots three, countries 16, servers 138?!? it's something from 2014), screenshots are taken from another web site, the concerns about the terms of service are taken from a fantasy world (*). They are so inept hat they even failed to report correctly our prices. They do not clearly state that they are paid by our competitors, while we always refuse to pay for reviews which is probably what bothers them most, because if this fair practice was widespread, there would be no more room for bogus reviews parasites. (*) Please read the Terms of Service yourself and you'll see. It's like in some part they are talking about some other VPN service, as if the article was a frankenstein-ish copy & paste and something went wrong with a mixture of different service reviews .🤣 Note that this thread will soon be moved to trash forum. Kind regards

@Terry Stanford Hello! That sounds partially wrong, please link us this answer because we can't find it. If it was from a Staff member it needs to be fixed. We do. Please keep us informed, or inform the support team, as you prefer. Kind regards

@Terry Stanford Hello! We just made sure that support team really passed the ticket to Eddie developer for additional investigation and we see that they did so on 2021-05-06. Unfortunately it seems that the issue could not be reproduced and therefore the bug you reported is still there and can't be found. Wait, do not twist words and basic meaning. You were told that when your Mac turns off the physical network interface it is unavoidable that a VPN connection is lost, because it's the physical connection to the Internet that gets lost, obviously. That said, we do understand your anger and frustration because your reports show a substantial range of malfunctions which would irritate anybody. Sadly the main problem (for any software) in such cases is when a malfunction is reported and nobody in the development team manages to reproduce it, no matter how they try. When a malfunction is invisible (not reproducible) on development and testing systems, you have no idea where to search for the bug(s) causing it. We would like to propose you something alternative which we see the support team did not: would you like to test Hummingbird and check what happens under the same conditions, in your Mojave system? Since when your problems started, a new and more efficient Hummingbird version has been released, and it runs (for throughput) a lot faster than the previous version as well as OpenVPN 2. About Hummingbird: https://airvpn.org/hummingbird/readme/ Yes we know, you will not have a GUI, but it would be a test which might provide some clue by comparison, and who knows, maybe Hummingbird will be less problematic than Eddie in your system. Kind regards

@ProphetPX Hello! The "graduated response" in the United States (aka "three strikes") was a voluntary agreement between ISPs and copyright holders to terminate the line of an alleged copyright infringer for several months or one year, without court order and inaudita altera parte (no right to defense ex ante) and put him/her in a black list so that he/she can't re-connect to the Internet with any other provider while he/she serves his/her sentence for the alleged, unproven behavior. The agreement was followed by most if not all ISPs from 2011 to 2017, causing tens of thousand of controversial disconnections. However, it had no impact at all on on the amount of copyright infringements and it was abandoned in 2017. Sony attempt might aim at transforming the abandoned voluntary agreement into an obligation by law as it is in France, New Zealand and South Korea for example, by eroding, through a legal precedent, the safe harbor liability exemptions in the USA for ISPs. The graduated response is totally ineffective against those who protect their traffic behind serious VPN services. https://en.wikipedia.org/wiki/Graduated_response https://en.wikipedia.org/wiki/Online_Copyright_Infringement_Liability_Limitation_Act Kind regards

@yatt007 Hello! The iP address you mention 116.203... is one of our IP addresses and it is used by a CH re-routing server. Puzzle solved. Kind regards

Hello! Nothing, it's a server side "problem", not Hummingbird's. If the server does not answer within 10 seconds Hummingbird will retry. The 10 seconds value can be modified via command line options (not possible via Eddie anyway). It seems an irrelevant issue anyway, so you might safely ignore it. Kind regards

@yatt007 Hello! It looks fine... and what are your Operating System name and exact version? Have you checked whether your system queries only VPN DNS? We forgot to tell you that one of the ways you can do that is browsing https://ipleak.net while your system is connected to the VPN. Kind regards

@Maggie144 Here: . 2021.06.16 14:19:55 - Hummingbird > EVENT: WAIT . 2021.06.16 14:20:05 - Hummingbird > Server poll timeout, trying next remote entry... the 10 seconds delay you notice are caused by the fact that the remote server does not answer within 10 seconds. The next attempt to the very same server is successful. Can you please try with Hummingbird alone (without Eddie) and check whether the same problem occurs? Kind regards

@Maggie144 Hello! We can't see this behavior, can you please send us the complete log? pf rules are 100% effective in M1 too. Kind regards

@yatt007 Hello! Yes, 95.110... is our geo-routing server in Italy. As you previously noted, geo-routing for some destination can be "on" or "off", it can't be "intermittent". Maybe the destination service uses a series of host names and IP addresses and some of them are re-routed and some are not, or maybe your system doesn't query all the times VPN DNS (the only way to be re-routed is querying VPN DNS). To begin with a preliminary verification, can you please check the second option, and make sure that your system only and exclusively queries VPN DNS? Kind regards

So what? Kind regards

@monstrocity Hello! Once again: the warnings you get are not an issue, they are intended and expected, and they must appear for the already mentioned reasons. HB 1.1.1. does not print them only because they were not implemented at that time, but Eddie invokes HB in the same way, so you should not use 1.1.1. You can safely run Eddie + Hummingbird 1.1.2 when you don't run systemd-resolved or when you run systemd-resolved configured to respect /etc/resolv.conf .- otherwise you must run Hummingbird alone, or Bluetit+Goldcrest. If the other issue re-occurs (that's the one unexpected issue) please do not forget to save the log, thanks in advance! @jrredho Both Bluetit and Hummingbird can handle swiftly DNS push & restore in Fedora 33 and 34, and in general under any systemd-resolved configuration (including the Windows-ish one Fedora picked as a default setting since 33 release). Fedora 34 is one of our primary development and testing environments so we are confident that you will have no problems at all with the new AirVPN Suite 1.1.0, but of course feel free to report. Kind regards

@monstrocity Hello! Eddie handles DNS by itself. As @OpenSourcerer noted, Eddie runs Hummingbird with --ignore-dns-push. This happened even in the past, but HB 1.1.2 now logs more accurately and warns you that it has been ordered to ignore DNS push. Therefore you should upgrade to HB 1.1.2 and not use older versions anymore. An important implication of the above choice for Eddie is that Eddie + Hummingbird is not usable in systems where systemd-resolved is configured to not respect /etc/resolv.conf settings (example: Fedora 33 and 34). In such systems Eddie should not be used as it can not handle DNS, while Hummingbird and Bluetit can. No, it's not a compatibility issue, it's only that Hummingbird by default handles DNS push. We can't reproduce the issue, can you please send us HB log showing the problem and any (if any) additional clue to reproduce the problem? Can you also tell us what you mean exactly with "Only logging out or restarting"? Kind regards

@KovaKovi Hello! Assuming that you connect to entry-IP address 3, you can get all the IP addresses you ask for by resolving the following name: europe3.all.vpn.airdns.org Query in TCP because the answer is too long for an UDP DNS query. Example with dig: dig +tcp +short europe3.all.vpn.airdns.org Kind regards

@cdysthe @Drk01 Hello! If those solutions are too complex, you might consider a Virtual Machine. Nowadays software like VirtualBox and VMWare make running a VM a piece of cake, you just need some time (once and for all) to install an OS from scratch. Then you can connect only the VM to the VPN (exactly as you do now in your machine) and use the applications whose traffic must be tunneled only in the VM. Host traffic will remain out of the VPN. Kind regards

Hello! We're very glad to inform you that we have just released Hummingbird 1.1.2 for macOS (High Sierra or higher version required). Hummingbird is available natively both for Intel and M1 based Mac computers. Hummingbird is free and open source released under GPLv3: https://gitlab.com/AirVPN/hummingbird Main features Lightweight and stand alone binary No heavy framework required, no GUI Small RAM footprint Lightning fast Up to 100% higher throughput than OpenVPN 2.5 (on 1 Gbit/s lines) Based on OpenVPN 3 library fork by AirVPN Robust leaks prevention through Network Lock based on pf - working perfectly on Big Sur too Proper handling of DNS push by VPN servers What's new Remarkably higher performance  Hummingbird 1.1.2 is based on the latest OpenVPN AirVPN library version linked against OpenSSL, and not mbedTLS anymore. OpenSSL latest versions in macOS have reached higher performance than mbedTLS both in encryption and decryption based on AES and CHACHA20-POLY1305 ciphers. The current 1.1.2 version has been additionally optimized and can now provide higher performance than 1.1.1. According to our tests now Hummigbird can reach, both on Intel i7 and M1 machines, with AES-GCM-256, 400 Mbit/s of download rate (CHACHA20 is slower as it can't still compete with AES-NI). On equal ground, as a comparison, OpenVPN 2.5.2 (our new binary optimized for M1) can reach 200 Mbit/s (only half of the speed!). Therefore, we strongly recommend that you test Hummingbird 1.1.2 even if you run Eddie. Remember that you can run Hummingbird through Eddie comfortably and quickly by setting the proper option. Hummingbird 1.1.2 is linked against latest OpenVPN3-AirVPN library. Changelog Version 1.1.2 - 4 June 2021 - [ProMIND] updated all dependencies and libraries *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 1.1.2 RC 4 - 14 May 2021 - [ProMIND] DNS backup files are now properly evaluated when determining dirty status - [ProMIND] ProfileMerge is now constructed by allowing any file extension - [ProMIND] Reconnection (SIGUSR2) is now allowed only in case tun persistence is enabled *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 1.1.2 RC 3 - 16 April 2021 - [ProMIND] Release Candidate 3 *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 1.1.2 RC 2 - 14 April 2021 - [ProMIND] Release Candidate 2 *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 1.1.2 RC 1 - 7 April 2021 - [ProMIND] Release Candidate 1 *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Version 1.1.2 - 2 April 2021 - [ProMIND] Updated base classes *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Download Hummingbird for macOS is distributed in notarized and plain versions, both for Intel and M1 processors: Check the download page: https://airvpn.org/macos/hummingbird/ The difference is about how the package is seen by macOS security and it is therefore up to the user to pick the distribution file suiting his or her needs best. The notarized version is compliant to macOS software security scheme and runs "out-of-the-box", whereas the plain version needs to be explicitly granted permission to run by the user in macOS security & privacy settings. Please note that both versions ensure the same functionality in connecting a VPN server, it is however up to the user to decide whether using the signed and notarized version or not. Jump to the manual: https://airvpn.org/hummingbird/readme Kind regards & datalove AirVPN Staff

Hello! Today we are releasing a new Hummingbird native version both for Intel and M1 based Mac. In both systems it is remarkably faster, with throughput, than the previous version. Check "News" forum later on. Kind regards

Hello! That's very interesting because our last tests (which are now three years old) showed that thousands of IP addresses are blocked directly inside the datacenters so our requirements of an agnostic network were not met. If such a censorship does not exist anymore, we will re-evaluate for sure. Kind regards

@cheapsheep Hello! Thank you for your feedback. Bug reproduced and confirmed, it will be investigated to have a fix in the next release. Your syntax is correct and in your case a list is simply a series of names separated by commas. The list works effectively, but only for "quick" connection mode. In "country" connection mode Bluetit ignores it. You can, in the meantime, have some sort of good workaround by setting boot connection mode to quick and compiling white and black list according to your needs. Kind regards

Hello! Sorry, the installer can't configure Bluetit to start automatically at bootstrap within runit specifications reported here https://docs.voidlinux.org/config/services/index.html , so you will need to configure it manually (or just run it at boot in some init script - Bluetit will be able to connect and activate Network Lock even in this way, if specified in the run control file bluetit.rc). Kind regards

@OpenSourcerer Thanks! Something might have changed in 248 because we can't reproduce the bug with the reliability we had in all previous versions we tested (205-->246). But you just proved that the bug is still there, unfortunately. Note how systemd first did not respect the timeout between SIGTERM and SIGKILL, and then sent twice SIGKILL (SIGTERM, SIGKILL and SIGKILL are all sent, according to our tests, in a time not greater than 0.2 s). Kind regards

Hello! We're very glad to inform you that 1.1.0 has just been released! We are locking this thread, please continue if necessary here: Kind regards

Hello! We're very glad to inform you that AirVPN Suite version 1.1.0 for Linux has been released. Check supported systems below The suite includes: Bluetit: lightweight, ultra-fast D-Bus controlled system daemon providing full connectivity and integration to AirVPN servers, or generic OpenVPN servers. Bluetit can also enforce Network Lock and/or connect the system to AirVPN during the bootstrap Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN servers Hummingbird: lightweight and standalone binary for generic OpenVPN server connections All the software is free and open source, licensed under GPLv3. What's new in 1.1.0 version full compatibility with OSMC, Open Source Media Center enhanced compatibility with Raspbian persistent Network Lock implementation, useful for example to enforce prompt Network Lock during system bootstrap and prevent traffic leaks caused by processes at bootstrap (**). Use directive networklockpersist in bluetit.rc to enable Network Lock as soon as Bluetit starts, regardless of network status and connection attempts revisited Network Lock logic for additional safety (****) new directives for bluetit.rc: networklockpersist, connectretrymax and aircipher enhanced DNS handling for peculiar systemd-resolved operational modes more rigorous handling of events through semaphore implementation new D-Bus methods for Network Lock aimed at easier control by clients. Developer's documentation will be published soon crash caused by systemd signal flooding has been resolved libcurl crash in OSMC and other systems has been fixed crash in some 32 bit systems has been fixed logical flaw causing Network Lock missed activation in case of account login failure has been fixed various bug fixes see the changelog below for more information and details Important notes (**) Ponder the option carefully if your machine needs network sync via NTP or other network services outside the VPN during the bootstrap phase (***) Fedora 33 and openSUSE 15.2 users beware: we have noticed that in freshly installed Fedora 33 libcurl cannot find CA LetsEncrypt certificates and this will prevent Bluetit from detecting the country from ipleak.net. In this case, you can overcome this bug by using the country directive in bluetit.rc file, therefore avoiding the need to contact ipleak.net web site. (****) Please note that Network Lock is enforced only on devices where the AirVPN Suite runs. Network Lock and DNS settings can not be enforced by AirVPN Suite in devices where the Suite does not run on. Furthermore, any root process or daemon can modify firewall rules and DNS settings and it's exclusive task of the system administrator preventing situations caused by root processes and daemons which can not be handled in any way by the Suite. AirVPN Suite changelog Version 1.1.0 - 4 June 2021 [ProMIND] vpnclient.hpp: restoreNetworkSettings() now returns a warning in case backup files are not found [ProMIND] vpnclient.hpp: restoreNetworkSettings() improved restoring management with more cases/scenarios [ProMIND] updated all dependencies and libraries Version 1.1.0 RC 4 - 14 May 2021 [ProMIND] optionparser.cpp: added proper message errors in case of invalid argument and allocation memory error [ProMIND] netfilter.cpp: systemBackupExists() now evaluate every firewall mode backup file name [ProMIND] netfilter.cpp: restore() now check for every firewall mode backup and restore it accordingly [ProMIND] netfilter.cpp: IPv6 rules are now allowed or added only in case IPv6 is available in the system Version 1.1.0 RC 3 - 16 April 2021 [ProMIND] Updated to OpenVPN 3.7 AirVPN [ProMIND] vpnclient.hpp: avoid netFilter setup in case NetFilter object is not private [ProMIND] dbusconnector.cpp: fine tuned D-Bus wait cycle in R/W dispatch. Implemented a thread safe wait in order to avoid D-Bus timeout policy Version 1.1.0 RC 1 - 7 April 2021 Release Candidate, no change from Beta 2 Version 1.1.0 Beta 2 - 2 April 2021 [ProMIND] localnetwork.cpp: added getDefaultGatewayInterface() method Version 1.1.0 Beta 1 - 11 March 2021 [ProMIND] rcparser.cpp: removed formal list control for STRING type [ProMIND] netfilter.hpp, netfilter.cpp: added functions to set the availability of specific iptables tables in order to properly use available tables only [ProMIND] vpnclient.hpp: onResolveEvent() sets iptables tables according to the loaded modules [ProMIND] vpnclient.hpp: Changed constructor in order to use both private and external NetFilter object [ProMIND] localnetwork.cpp: added getLoopbackInterface(), getLocalIPaddresses() and getLocalInterfaces() methods [ProMIND] airvpntools.cpp: added detectLocation() method to retrieve location data from ipleak.net [ProMIND] airvpnuser.cpp: detectUserLocation() now uses AirVPNTools::detectLocation() [ProMIND] airvpnuser.cpp: loadUserProfile() now correctly sets userProfileErrorDescription in case of network failure [ProMIND] airvpnserverprovider.cpp: added "DEFAULT" rule to getUserConnectionPriority() in case user's country or continent is undefined [ProMIND] airvpnmanifest.cpp: loadManifest() now correctly sets the status STORED in case of network failure [ProMIND] Added Semaphore class [ProMIND] dnsmanager.hpp: method revertAllResolved() renamed to restoreResolved(). Besides reverting all interfaces it now restarts systemd-resolved service as well. [ProMIND] install.sh: improved update/upgrade process Bluetit changelog Version 1.1.0 - 4 June 2021 [ProMIND] Client option "network-lock" is now forbidden in case persistent network lock is enabled [ProMIND] Avoid network lock initialization in case persistent network lock is enabled and client is requiring an OpenVPN connection from profile [ProMIND] --air-list option now accepts "all" for sub options --air-server and --air-country [ProMIND] AirVPN Manifest update suspended in case Bluetit is in a dirty status [ProMIND] Changed systemd unit in order to prevent the obnoxious SIGKILL signal inappropriately sent before stop timeout completion and for no logical or practical reason when Bluetit is properly and neatly terminating in response to a legal and expected SIGTERM Version 1.1.0 RC 4 - 14 May 2021 [ProMIND] Added directives airipv6 and air6to4 in bluetit.rc [ProMIND] In case it is requested a network recovery, VpnClient object is now initialized with NetFilter::Mode::OFF [ProMIND] In case the requested network lock method is not available, connection is not started [ProMIND] In case system location cannot be determined through ipleak.net, country is now properly set to empty, latitude and longitude to 0. [ProMIND] Persistent network lock is enabled only in case Bluetit status is clean [ProMIND] AirVPN boot connection is started only in case Bluetit status is clean [ProMIND] DNS backup files are now properly evaluated when determining dirty status [ProMIND] Added D-Bus commands "reconnect_connection" and "session_reconnect" Version 1.1.0 Beta 2 - 2 April 2021 [ProMIND] Gateway and gateway interface check at startup. Bluetit won't proceed until both gateway and gateway interface are properly set up by the system [ProMIND] Increased volume and rate data sizes for 32 bit architectures [ProMIND] Added aircipher directive to bluetit.rc [ProMIND] Added maxconnretries directive to bluetit.rc Version 1.1.0 Beta 1 - 11 March 2021 [ProMIND] connection_stats_updater(): now uses server.getEffectiveBandWidth() for AIRVPN_SERVER_BANDWIDTH [ProMIND] added bool shutdownInProgress to control bluetit exit procedure and avoid signal flooding [ProMIND] system location is detected at boot time and eventually propagated to all AirVPN users [ProMIND] Network lock and filter is now enabled and activated before AirVPN login procedure [ProMIND] Added dbus methods "enable_network_lock", "disable_network_lock" and "network_lock_status" [ProMIND] Renamed bluetit.rc directive "airconnectonboot" to "airconnectatboot" [ProMIND] Added bluetit.rc directive "networklockpersist" Goldcrest changelog Version 1.1.0 - 4 June 2021 [ProMIND] Production release Version 1.1.2 RC 4 - 14 May 2021 [ProMIND] DNS backup files are now properly evaluated when determining dirty status [ProMIND] ProfileMerge is now constructed by allowing any file extension [ProMIND] Reconnection (SIGUSR2) is now allowed only in case tun persistence is enabled Version 1.1.2 - 2 April 2021 [ProMIND] Updated base classes Hummingbird changelog Version 1.1.2 - 4 June 2021 [ProMIND] updated all dependencies and libraries Version 1.1.2 RC 4 - 14 May 2021 [ProMIND] DNS backup files are now properly evaluated when determining dirty status [ProMIND] ProfileMerge is now constructed by allowing any file extension [ProMIND] Reconnection (SIGUSR2) is now allowed only in case tun persistence is enabled Architecture The client-daemon architecture offered by Goldcrest and Bluetit combination offers a robust security model and provides system administrators with a fine-grained, very flexible access control. Bluetit is fully integrated with AirVPN. The daemon is accessed through a D-Bus interface by providing specific methods and interface in order to give full support to OpenVPN connection and AirVPN functionality, including - but not limited to - quick automatic connection to the best AirVPN server for any specific location as well as any AirVPN server or country. Connection during system bootstrap is fully supported as well. New OpenVPN 3 library features Hummingbird and Bluetit are linked against a new version of our OpenVPN 3 library which supports directive data-ciphers: it can be used consistently with OpenVPN 2.5 syntax in OpenVPN profiles. The directive allows OpenVPN 3 based software to negotiate a common Data Channel cipher with the OpenVPN server,, updating therefore our library to ncp-like negotiation with OpenVPN 2 branch. Hummingbird and Bluetit are already linked against the new library version, while Eddie Android edition will be updated in the near future. The new library also includes a different handling of IV_CIPHERS variable, fixing OpenVPN main branch issues which caused a plethora of problems with OpenVPN 2.5. The implementation, at the same time, takes care of full backward compatibility with OpenVPN versions older than 2.5. ncp-disable directive, which to date has never been implemented in the main branch, is still supported, in order to further enhance backward compatibility with both OpenVPN profiles and servers, as well as connection flexibility with servers running older than 2.5 OpenVPN versions. Please note that if you enforce a specific Data Channel cipher by means of Bluetit configuration file, Hummingbird line option, or Goldcrest configuration file and/or line option, the enforced Data Channel cipher will override data-ciphers profile directive. Notes on systemd Users running Linux distributions which are not based on systemd can safely ignore this section. 1 Superusers of linux-systemd systems must be aware that systemd unit configuration file has been changed in order to circumvent a systemd critical bug which causes two obnoxious SIGKILL signals inappropriately sent before stop timeout completion and for no logical or practical reason when Bluetit is properly and neatly terminating in response to a legal and expected SIGTERM. The only known workaround so far to compensate the bug is forbidding systemd to send SIGKILL to Bluetit. The bug affects at least systemd versions 205, 214, 234, 246, but it might affect other versions too. 2 In Fedora 33 systemd-resolved comes pre-configured to work in "on-link" mode and network-manager works together with it. This very peculiar, Windows-like setup kills Linux global DNS handling, causing those DNS leaks which previously occurred only on Windows. Hummingbird and Bluetit take care of preventing the brand new DNS leaks caused by such a setup. Also note that systemd-resolved comes pre-configured with fallback DNS (Google DNS is a systemd-resolved default fallback DNS, smart choices pile up!) which will be queried if each interface DNS server fails some resolution. In such a case, if and only if you have Network Lock enabled will DNS leaks be prevented. Supported systems The suite is currently available for Linux x86-64, i686 (32 bit distributions), arm7l (for example Raspbian, OSMC and other ARM 32 bit based systems) and aarch64 (ARM 64 bit). Both systemd and SysV-style init based systems are supported. AirVPN Suite is free and open source software licensed under GPLv3. Overview and main features AirVPN’s free and open source OpenVPN 3 suite based on AirVPN’s OpenVPN 3 library fork Bluetit: lightweight D-Bus controlled system daemon providing full connectivity to AirVPN servers and generic OpenVPN servers. Ability to connect the system to AirVPN during the bootstrap. Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN servers Hummingbird: lightweight and standalone client for generic OpenVPN server connection Linux i686, x86-64, arm7l and arm64 (Raspberry) support Full integration with systemd, SysV Style-init and chkconfig No heavy framework required, no GUI Tiny RAM footprint Lightning fast Based on OpenVPN 3 library fork by AirVPN version 3.6.6 with tons of critical bug fixes from the main branch, new cipher support and never seen before features ChaCha20-Poly1305 cipher support on both Control and Data Channel providing great performance boost on ARM, Raspberry PI and any Linux based platform not supporting AES-NI. Note: ChaCha20 support for Android had been already implemented in our free and open source Eddie Android edition Robust leaks prevention through Network Lock based either on iptables, nftables or pf through automatic detection Proper handling of DNS push by VPN servers, working with resolv.conf as well as any operational mode of systemd-resolved additional features User documentation (*) and source code: https://gitlab.com/AirVPN/AirVPN-Suite User documentation is also included in an md file in each package. (*) Developer documentation to create custom software clients for Bluetit will be published in the very near future. Download page: https://airvpn.org/linux/suite/

@Stalinium Hello! We recommend not to use network-manager-openvpn plugin, not NM; in itself, as you and OpenSourcerer have rightly noted. Hopefully the OpenVPN plugin bugs will be fixed soon. We have no voice on it. Of course, nobody implied that you intentionally pretended to ignore the suggestion.😋 The disclaimer was anyway added and integrated in the Linux instructions some years ago, so it's not only an isolated post. We were confident that in some months the most critical issues would have been fixed but according to your report they are not (and new ones have accumulated, apparently...), after several years, so we're not optimistic anymore. Since we release a variety of software for Linux that should make nm-ovpn irrelevant and inferior, we do not follow actively that plugin development. Thank you for your feedback, suggestions noted! Kind regards

@niecoinny @OpenSourcerer Some info that might come handy for the current discussion as well as for future reference (Linux only). Various systemd versions currently used in the majority of Linux distributions, are affected by a severe bug. When the bug comes out, at the proper termination of a unit, systemd sends SIGTERM immediately followed by two SIGKILL signals, without respecting the timeout. The bug affects at least the following versions: 204, 215, 234, 246, 248 therefore most (all?) Linux-systemd distributions are involved. When the bug comes out (frequently in 204 and 215, sometimes in 234, very frequently/always in 246, under investigation in 248) Eddie can't restore DNS settings and firewall rules (of course), and the same will happen with Bluetit (a real daemon included in the AirVPN Suite). Next unit files for Bluetit will include the only known (so far) workaround for this problem, i.e. directive SendSIGKILL=no. You can find hundreds of web pages reporting the bug in details in years, in the bug tracker too, but unfortunately a definitive fix has not yet come out. Example which summarizes well the problem: https://groups.google.com/g/weewx-user/c/Yg8OJ7uot7U @niecoinny It's worth testing AirVPN Suite in Linux, if you have time. We're also very glad to know that you managed to run Eddie properly with runit after some effort In this case, the various problems caused by systemd should vanish. On the other hand, while Eddie remains a system process, Bluetit is a real daemon. Out of the box the installer supports systemd and various SysVInit-like systems, but it's untested in your specific environment, so let us know whether you decide to test it (if so, go directly with 1.1.0 RC 4 - 1.1.0 release is imminent). Even if your init system can't be handled by the installer, you can treat Bluetit according to your needs easily. Since it is a real daemon it should be possible to handle it classically in most init systems with no peculiar problem. https://airvpn.org/forums/topic/49247-linux-airvpn-suite-110-beta-available/ Are you running runit as a supervisor of some SysVinit-like system or are you using it as a total drop-in replacement for init? Your decision to avoid systemd is in our opinion very wise. systemd is much appreciated by many people coming from Windows because it replicates some Windows concepts but betrays the basic UNIX philosophy and never you have seen such a monstrosity in, for example, the vastly superior FreeBSD (where, instead, you can find even runit). And yes, with runit you should achieve under many circumstances (bootstrap for example) higher performance than with systemd and you remain safe from the interference at many system levels of systemd (which is not only an init system). Keep us posted if you test! Kind regards