Staff

Hello! When you have time you should open a ticket including Eddie log and Android logcat if possible. The log will show to the support team all the relevant system data but anyway please specify your device brand and model, and your Android exact version. The logcat will show much more information which might be needed by the developers. Kind regards

Hello! Have you tested the AirVPN Suite? If not, please see here: https://airvpn.org/linux/suite/ User manual: https://airvpn.org/suite/readme/ Kind regards

@OpenSourcerer Hello! Of course, if @gh4green means VPN tunnel encryption, on top of OpenVPN or WireGuard log check as well as routing table verification, one would get a safe proof. by analyzing the traffic on the physical network interface with tools like tcpdump or Wireshark and verifying that the payload is encrypted, even when end-to-end encryption is not enforced, Kind regards

Hello! You must never rely on information provided by the web site owners themselves, because anything can be written. Anyway information is indeed provided on our web site pages, you must have missed it. Verify directly from your browser by clicking the padlock or analogous icon to show certificate and cipher information. Also check with specialized services, for example: https://www.ssllabs.com/ssltest/analyze.html?d=airvpn.org&s=5.135.136.95&latest ipleak.net has a completely different purpose, it shows you all the information that a web site can potentially get from your browser, all the DNS servers your system queries and optionally the IP address advertised by your torrent software. Moving this thread to "Suggestions" forum as it is off-topic in Eddie forum. Kind regards

Hello! We will think about it. At the moment the Configuration Generator proposes files for OpenVPN 2.4. A user must check "Advanced Mode" and then select "OpenVPN >= 2.5" to get files compatible both with OpenVPN 2.5 and OpenVPN 3, with the correct directives: data-ciphers AES-256-GCM:AES-256-CBC:AES-192-GCM:AES-192-CBC:AES-128-GCM:AES-128-CBC data-ciphers-fallback AES-256-CBC But those files will not be compatible with OpenVPN versions older than 2.5. It's not easy when the user base is split between OpenVPN 2.3, 2.4, 2.5, 3.. with their mutual incompatibilities. Excellent! It's not planned at the moment, because tls-crypt made it essentially obsolete. We might instead consider OpenVPN over SSH in the future. Kind regards

Hello! Hello! Eddie 2.5 Android edition can start and connect during the device bootstrap even in Android 10, 11 and 12. "Always on VPN" Android settings must be enabled (therefore you can't connect at boot on Android TV) 10,. 11 and 12) and Eddie's option "Settings" > "System" > "Start VPN connection at device boot" must be on. Once it's on, you can define the "VPN Boot Priority Order", again in "Settings" > "System". Kind regards

@Maggie144 Thanks. AES-CBC is not supported on the data channel (hence "bad cipher" error). When you configure AES-GCM, we see that you can't reach Kitalpha on port 53 at all. In fact the server is reachable on port 53, and the problem could be caused by your ISP (for example by hijacking all packets to port 53, as Vodafone did some time ago). Can you try different servers and different ports? Kind regards

@Maggie144 Hello! Now the connection goes through but it's broken almost immediately, that's why you can't browse: We also notice that your system DNS setting seems wrong (10.17.151.1 is a DNS of another subnet of the same VPN server you're connecting to), as if a system restore from a previous connection to the same server on a different port was not performed correctly. Please try the following procedure and let's see whether the problem is resolved and if it re-occurs: make sure that Hummingbird is not running verify the DNS settings of your system and set the correct DNS delete the whole content of /etc/airvpn with command "sudo rm /etc/airvpn/*" reboot the system try again a connection with Hummingbird Kind regards

@Maggie144 Hello! We can't reproduce the issue with config files generated with the same settings (for example Alrami, UDP, 443 etc.). Can you send us one of those files (1, 2, or 3, for 4 and 5 the outcome is expected), without certificate and key? Yes, that's normal, because Eddie takes care to prepare the first tunnel (via SSH or stunnel) first, and only later it tells OpenVPN how to connect to that first tunnel. Kind regards

@Maggie144 Hello! The problem is here: Apparently you have generated a configuration file for OpenVPN over SSH/TLS connections, i.e. OpenVPN should connect locally to a previously established SSH or TLS tunnel. Since SSH or stunnel do not run, OpenVPN fails. Can you please check and generate a new ovpn file? Kind regards

Version 2.21.4 (Fri, 18 Feb 2022 12:04:45 +0000) [new] OpenVPN 2.5.5 [new] Allows setting a generic adapter (and not only a specific IP address) in "Interface used for connection" [change] Added an IPv6 bootstrap address in boot manifest [change] A useless, wrong error message if connection fails (about object not defined) [change] [windows] Improvement about driver detection [change] [windows] wgtunnel.dll 0.5.2 [bugfix] [windows] Unquoted service path fix [bugfix] [linux] bug with iptables/iptables-legacy/nftables in some distribution [bugfix] Useless re-auth for non-beta users [bugfix] Other minor fixes

@SleepySocks Hello! A new Eddie beta version is coming out very soon (maybe even today). It features some fixes related to nft. Can you please test the new version when it's available (check the "News" forum) and verify whether the problem is resolved or not? Kind regards

Hello! Soon after IPv6 implementation years ago, but it was not advertised and we also wrote a message claiming it was not supported. That message was wrong. Kind regards

@OpenSourcerer @deguito18090 Hello! We're glad to inform that inbound packet forwarding is implemented for IPv6 too. Please feel free to open a ticket for additional investigation. Out of curiosity, IPv6 DNAT and Masquerading are supported even in Linux starting from netfilter6 in kernel 3.9.x or 4 if we remember correctly. Kind regards

@blatrala Hello! Thank you for your choice. We can't reproduce the issue, either with Firefox, Safari or Chromium. Can you tell us your browser and Operating System names and versions? Are cookies and javascript allowed in the browser? Have you tested with disabled add-ons? Kind regards

Hello! The AirVPN guide to correctly configure your torrent software and optimize performance in AirVPN by using inbound remote port forwarding and avoiding wrong settings is available in the FAQ: https://airvpn.org/faq/p2p/ Kind regards

Hello! Update: AirVPN Suite 1.2.0 Release Candidate 1 is now available. Original message download links and changelog have been updated accordingly. RC 1 is linked against the new OpenVPN3-AirVPN library and fixes all the glitches you have found so far in beta 1. Thank you for your tests! Kind regards

Hello! Update: Hummingbird 1.2.0 Release Candidate 1 is now available. Links to download the packages have been updated in this thread first message. Thank you very much for your tests! Kind regards

Hello! If you still need to increase the UDP buffer size beyond please see here: http://slaptijack.com/system-administration/mac-os-x-tcp-performance-tuning/ The article pertains to TCP but the principle is identical. By increasing mbuf clusters through setting ncl boot argument via nvram, you will be able to increase kern.ipc.maxsockbuf value after the bootstrap. So, if you need more buffer room to avoid the mentioned errors, you can have it. Maximum software buffer in bytes should be ~ (1/16) * ncl (each cluster is 2048 bytes). Remember to run nvram with root privileges and reboot to apply boot argument change. Please, we kindly ask you to keep us informed. Kind regards

@Maggie144 Hello! It was probably caused by lack of Internet connectivity. Once the connection is over Eddie is in control and is the one "checking authorization" indefinitely, Hummingbird is not running. The fact that Eddie was unresponsive to "Cancel" and kept going on indefinitely might be an Eddie's bug, we will verify. Kind regards

@Monotremata Hello! Please set the UDP buffer at its maximum size: sudo sysctl -w kern.ipc.maxsockbuf=16554432 and test again. See also: https://airvpn.org/forums/topic/46764-hummingbird-110-released/?do=findComment&comment=173140 Please keep us posted. Kind regards

Hello! Fixed, can you please try again now? Kind regards

Hello! Two tips to make the "quick" connection quicker in Eddie. Maybe you can't have the same lightning speed you have in Android and in general on Linux based systems, but you can improve remarkably the current situation. Disable route check and DNS check, provided that you keep Network Lock enabled. You can disable route check by unchecking "Check if the VPN tunnel works" in "Preferences" > "Advanced" window, while you can disable DNS check by unchecking "Check Air VPN DNS" in "Preferences" > "DNS" window. By doing so you disable security checks, thus Network Lock becomes important and probably you want to keep it always enabled. Define a white list of servers or countries, respectively in "Preferences" > "Servers" and "Countries" window which suit your needs, when you are confident to do so. Eddie will compute round trip times only of servers included in the white list, so the tests will be very few and you will save plenty of time. If you are confident to connect always to the same pool of servers, you might even completely disable any test, and save even more time. You can do so in "Preferences" > "Advanced" window by unchecking "Enable latency tests" Kind regards

Hello! Explanation found. OpenVPN3 hard codes internally the OpenSSL header value at compilation time, even though OpenSSL is linked dynamically. So, if you compile in, say, Debian 9 to ensure maximum compatibility, OpenVPN 3 will claim "1.1.0h" regardless of the actual OpenSSL used during runtime. It's a wrong approach our library inherited from the master branch. The correct approach would be for example using the proper library function to get and return the library version and avoid the aforementioned hard coding. We are going to fix this botch in our fork asap. EDIT: fix implemented in OpenVPN3 AirVPN 3.7.2. AirVPN Suite 1.2.0 RC 1 is now linked against the new library. Kind regards

@OpenSourcerer Hello! Sure, the *.rc templates will be adjusted accordingly. The Suite must use system OpenSSL library, simply because it has nothing else. That log entry is very strange, as OpenSSL 1.1.0 is nowhere, and we have noticed the same on a different system (Fedora 35). Under investigation. Thanks again. Kind regards