Staff

Hello! We're very glad to inform you that Eddie Android edition 3.0 Beta 3 is now available. The original post has been updated accordingly. New in Beta 3: objects management change in order to prevent Android GC from destroying them and causing various issues while Eddie is connected through WireGuard and swiped out latest OpenVPN3-AirVPN library, linked against OpenSSL 1.1.1r bug fixes resolving app crashes after peculiar actions minor bug fixes The first change is critically important and resolves the multiple problems reported both in the current thread and privately. When Eddie 3.0 preview up to beta 2 version is connected via WireGuard and swiped out, if you recall Eddie after some time (especially but not exclusively when the device screen had been turned off or the device had been locked), you may find it reporting incorrect status, reset and stuck connection statistics, quick connection button frozen. All the problems affect every previous Eddie 3.0 preview version, in every Android version, only with WireGuard connections, and have a single common cause which was finally found. The latest beta 3 resolves the whole issue according to our tests. If you experienced any of the above problems we warmly invite you to test again in the same conditions and report back. Find full description, download link and SHA256 signature in the first post of this very thread. Thank you very much for your tests and please report and describe any bug you find! Kind regards

@sarum4n Hello! We're glad to know it! We invite you to follow the "News" forum, so you will be timely informed about any relevant information and news pertaining to AirVPN infrastructure and software. It's a low traffic forum because new topics can be opened only by Staff members. https://airvpn.org/forums/forum/9-news-and-announcement/ The route-noexec directive is not implemented but you will probably be fine (and have even more flexibility) with pull-filter. Find the documentation about pull-filter in the OpenVPN 2.4 manual as it has been ported in 2021 to OpenVPN3 and OpenVPN3-AirVPN libraries: https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/ You need an ovpn profile since you can't add custom OpenVPN directives to bluetit.rc or goldcrest.rc files. We will consider the whole matter during the next version development. Kind regards

Hello! You need the default option in the command. Check also https://eddie.website/support/cli/ In case you run Linux (your mention of eth0 makes us think of *BSD and Linux) you might like to consider the AirVPN Suite as a total replacement, in particular Goldcrest and Bluetit included in the suite, which will provide you with the maximum flexibility you're looking for and at the same time the security provided by a robust client-server architecture: https://airvpn.org/suite/readme/ The AirVPN Suite, currently, does not offer a GUI at all and is specifically aimed at those many users who prefer a command line interface over a GUI. However, currently it does not support WireGuard (next version will). Kind regards

Hello! We're very glad to inform you that the feature has been implemented. Please check your account API explorer in your API panel for information and usage. Service: devices https://airvpn.org/apisettings/ Kind regards

Hello! We're very glad to inform you that the feature has been implemented. Please check your account API explorer in your API panel for information and usage. Service: devices https://airvpn.org/apisettings/ Kind regards

@sableslayer Hello! Can you please send us the Bluetit log taken just after the problem has occurred? For example, form a terminal: sudo journalctl | grep bluetit > bluetit.log and then send us the bluetit.log file. Kind regards

In 2020 a member of the AirVPN Team suggested we'd be able to to so in the future: The same feature has been requested here and in this thread: Is this feature on the roadmap? Hello! The feature has not been implemented yet, we're sorry. An impact assessment is beginning in a few days. After that, if everything is fine, we will proceed. We will keep you informed. EDIT 2022-10-06: FEATURE IMPLEMENTED Kind regards

@Oldkrow Hello, move to the ticket system for reasons which will be clear there. Kind regards

Hello! Do you still reproduce the problem with Eddie 2.22.0 and/or 2.22.1? Kind regards

Hello! Please check here for a very quick solution: https://airvpn.org/forums/topic/53004-openssl-error-restart-every-3-seconds/?do=findComment&comment=187787 Kind regards

Hello! Do you declare an MTU size on the WireGuard conf file? Relevant for this discussion: https://superuser.com/questions/1537638/wireguard-tunnel-slow-and-intermittent Different networks may require different sizes. This is probably the reason for which WireGuard developers opted for the smallest allowed size in Android, 1280 bytes. Of course if it's possible to set higher sizes the performance will improve. Kind regards

Hello! For your information, the official WireGuard Android user app forces MTU to 1280 bytes (in our Eddie app, we also had to force 1320, although MTU remains customizable in Eddie settings). Higher sizes cause malfunctions, timeouts, line breaks or snail throughput on virtually any device and network we tested, almost surely because there is (often) no room in the frame. Even the Linux client forces 1280 bytes (if it doesn't find anything else in the profile) if our memory is correct. Thus your findings are consistent and hint to the necessity to keep a low MTU size. Kind regards

Hello! The promotion is now over. Many thanks to all of our customers. Kind regards

Hello! From the screenshot we can see that you did not enable Network Lock. Please enable it to prevent any possible traffic leak, including leaks caused by configuration errors like yours. In general you must not bind programs to the physical network interface: since the original gateway is not deleted in order to allow connectivity after a VPN connection is closed by the user, by binding to the physical network interface a process may bypass the VPN tunnel when Network Lock is not active and incoming connections arrive. Note that wrong binding will arise even from UPnP, NAT-PMP and any other "automatic port mapping" methods so make sure to disable such options from the torrent program. Anyway Network Lock will prevent traffic leaks even in this case. Check your torrent program settings against the following guide available in the FAQ section: https://airvpn.org/faq/p2p/ Kind regards

Thank you, this is a relevant information. You can stop sending us reports, we have collected enough data. Now you should tell us, if you can, and this is very important too, the exact name and version of your phone custom ROM. Kind regards

Hello! Local network exclusion is not possible when the connection is on LTE/mobile, so it's irrelevant, don't worry about it. Please review our previous questions and reply when you have time to do so, because we have some ideas and we need confirmations (or denials) from you to fully understand the issue. Kind regards

We released a new experimental version, mainly to fix some failure related to network adapter not related to OpenVPN/WireGuard.Other issues still under investigation. Version 2.22.1 (Thu, 15 Sep 2022 12:54:46 +0000) [change] [all] OpenVPN 2.5.7 [change] [Windows] Fix detection/conflict with some unusable VPN network interfaces

Thanks a lot. Now, about point 3 and 4, can you please check? Turn on the screen, and wait some time, until the network is up (check Android indicator), Also try to access the Log via the side panel (the drawer which you can access settings etc. from). Note whether the log view opens or not (it should be accessible regardless of network and Eddie condition). When the network is up, go to Eddie and check again whether Eddie still does not reconnect by itself (big button still unresponsive or not? does Eddie report "disconnected" status in spite of network up?). If the network never comes up (wait at least a minute or two after you have turned the screen on, and keep thee screen on, do not allow it to go off again) try to switch off your LTE connection (from Android settings (*) ) and then on again, and check what happens both to your device and Eddie. Thank you in advance for all the additional tests. (*) IMPORTANT: If your device connects via WiFi to an LTE router (and not directly by using a SIM in itself), and your switching on/off the WiFi card doesn't change Eddie status, reboot the router (or press the activation button which is available on certain LTE routers) and check whether Eddie status changes after the router has re-established the LTE connection. Kind regards

Hello! It will end on September the 21st. Kind regards

Hello! Can you please tell us the exact system you run in your phone? We see Android 13 from the report but probably you have a custom ROM since you have a Pixel 6. We would like to know what it is to check whether the malfunction is specific. We need to understand this part fully. Please check below and confirm or deny that each step is right: You leave the device unattended After some time, you find the device with the screen off You turn the screen on and you find Eddie disconnected. At this stage, check on Android bar whether your network is up or not (according to Eddie it's not) and tell us what you find (do not test with a browser because your leak prevention Android settings will not allow traffic) You can't access Eddie's log view at all (please make sure you can confirm or deny this for sure). What happens when you tap the "Log" entry in the side drawer? Is it totally unresponsive? Note that it is normal that the Log button on the status tab is missing when network is off. The big button for quick connection and disconnection is unresponsive too You force a connection by selecting manually a server and immediately the log view is again available and Eddie connects to that server instantly. Kind regards

For your comfort and peace of mind, check with traceroute (tracert in Windows) or mtr, and/or access various end points which tell you the IP address your packets come from. Typical speed tests sites and "what is my address" web services are perfect. Compare the IP address you get with the supposed exit-IP address of the VPN server you're connected to and verify they match. Finally, query the IANA database (with whois) for a final cross-check. Repeat multiple times for each server to minimize the likelihood that you end up to services which are accomplices of the attackers and therefore mask your IP address making you believe that you have a perfectly fine IP address while in reality your packet has come out from inside the evil Russian network. As a welcome and smart side-effect, while the attackers could do nothing with the data in transit inside their nodes because of end-to-end encryption, a re-routing of such a kind which would add an additional exit node would turn infringement notices against us exactly to zero, and alas this is not what we observe, not at all 🙄. We have never met such kind and gentle attackers, unfortunately. Kind regards 😋

Hello! OK, as soon as we have the exact version or image of the distribution you experience this problem on, we will investigate thoroughly. Kind regards

Hello! You should have the identical behavior. Can you open a ticket and send us a report as usual while you're connected with OpenVPN, with some "excluded" app? Kind regards

Hello! We're very glad to announce a special promotion on our long term Premium plans for the end of Summer or Winter, according to the hemisphere you live in. You can get prices as low as 2.06 €/month with a three years plan, which is a 70% discount when compared to monthly plan price of 7 €. If you're already our customer and you wish to stay aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day. Please check plans special prices on https://airvpn.org and https://airvpn.org/buy All reported discounts are computed against the 7 EUR/month plan. Kind regards & datalove AirVPN Staff

Hello! In this case unfortunately you can't have robust leaks protection, trivially because you explicitly need traffic outside the VPN tunnel. You may consider to re-enable VPN re-connection in Eddie settings and disable VPN lock. Any other app may also leak traffic when an unexpected disconnection occurs, but Eddie will reconnect quickly, so the system and the "excluded" apps might not have the time to close the previous socket (which will have a several seconds timeout) and open a new one outside the tunnel: the re-connection, once a network is again available, is often faster. This is a serious traffic splitting on an apps basis byproduct, when you want auto re-connection, which could be resolved only through more advanced techniques (multiple routing tables and/or cgroups) which are totally out of reach for Android apps not running with root privileges. Probably, when traffic leak prevention is an absolute must, you should either renounce to traffic splitting, or keep VPN Lock enabled and give yourself in to manual re-connections, according to the old saying "you can't have your cake and eat it too". Evaluate therefore your threat model and the consequences of a potential, although short lived, traffic leak. Kind regards