Staff

@Bohdan Kushnirchuk Hello! How to solve: To grant Terminal full disk access (except some specific critical directories) on macOS, follow these steps: Open System Settings (or System Preferences): On macOS Ventura and later, click the Apple menu at the top-left of your screen, then choose System Settings. On macOS Monterey or earlier, choose System Preferences. Go to Privacy & Security: In System Settings (Ventura and later), select Privacy & Security in the left-hand menu. In System Preferences (Monterey and earlier), click Security & Privacy, then go to the Privacy tab. Select Full Disk Access: In the Privacy & Security or Security & Privacy tab, scroll down and click Full Disk Access in the left menu. Unlock Settings: At the bottom-left of the window, you might need to click the lock icon and enter your admin password to make changes. Add Terminal: Once the lock is open, click the + button beneath the list of apps with Full Disk Access. In the file chooser window that pops up, go to Applications > Utilities, and select Terminal. Click Open to add it to the list. Restart Terminal: Close the Terminal app if it’s open, then reopen it to apply the changes. 2. Open the terminal and change ownership of the relevant files: sudo chown root /Applications/Eddie.app/Contents/MacOS/* Kind regards

Hello! For the readers' comfort, this problem is resolved. The problem was caused by qBittorrent's settings. Speed limit that was set to 10 Kib/s. Kind regards

Hello! It seems to be more of a problem on your side or anyway external to our infrastructure because the servers in New York City always provide the same amount of bandwidth ranging from 4 to 10 Gbit/s each. No change is noticeable in the last 24 hours. However Sadalmelik started operating (publicly) 36 hours ago so we don't have historic data, but it is currently delivering 7.4 Gbit/s that look normal. Please check the older servers traffic graphs by week, month or year on the real time servers monitor to confirm. Kind regards

Hello! Yes, as you might have already noticed:Kind regards

Hello! We're very glad to inform you that two new 10 Gbit/s full duplex servers located in New York City, USA, are available: Sadalmelik and Unurgunite. The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard.  Sadalmelik and Unurgunite support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor : https://airvpn.org/servers/Sadalmelik https://airvpn.org/servers/Unurgunite Do not hesitate to contact us for any information or issue. Kind regards & datalove AirVPN Staff

Hello! We're very glad to inform you that two new 10 Gbit/s full duplex servers located in Chicago (IL), USA, are available: Meridiana and Sadalsuud. The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard.  Meridiana and Sadalsuud support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the status as usual in our real time servers monitor : https://airvpn.org/servers/Meridiana https://airvpn.org/servers/Sadalsuud Do not hesitate to contact us for any information or issue. Kind regards & datalove AirVPN Staff

Hello! Should you have the will to try and "beat your limits" the user's manual should be understandable by everyone, it's quite explicative and very verbose. It's the file "README.md" in the package you already have. It is much simpler than it may appear and faster than any GUI. Since you have already installed the Suite and have Bluetit running, you can: 1. configure Bluetit to support traffic splitting by editing with a text editor with root privileges the file /etc/bluetit.rc (just type a line "allowtrafficsplitting on" and save the file) 2. restart Bluetit 3. connect Bluetit to a VPN server via Goldcrest 4. start Chromium in the specific traffic split namespace ("cuckoo --run /path/to/chromium") Each of the above steps requires just a few minutes, probably well spent, to read the documentation (each step is exhaustively documented in the manual) once and for all and perform the action. Otherwise you can wait for a Text User Interface which is the next planned improvement for Goldcrest (one of the Suite components). Kind regards

Hello! Yes, you can do it with the AirVPN Suite 2.0.0 component Bluetit. You can run that application via the provided software cuckoo once the system is connected to the VPN (also run airsu before in order to prepare the graphic environment variables for the ungoogled Chromium). Then, only this one app will have its traffic routed outside the VPN tunnel. Please see here: https://airvpn.org/forums/topic/66706-linux-airvpn-suite-200-preview-available/ AirVPN Suite 2.0.0 is currently a Release Candidate, but it has reached a remarkable reliability and stability. Release Candidate 2 is also imminent, so the stable release will come in the very near future. Kind regards

@b0n Hello! On top of the previous excellent answer by @EMULE (thank you, we'll examine your analysis to improve the software) please make sure that any Radmin Famatech related software is NOT running when you run Eddie. Also consider to disable this interface: when you want to use AirVPN. Kind regards

Hello! Eddie Network Lock explicitly allows DHCPv4 by not blocking ports 67 and 68 as well as the special IP address 255.255.255.255. Does DHCPv4 work if you keep Network Lock disabled? Kind regards

Hello! OK sorry, we misunderstood the question then. No, it will not work. We'll update this thread when possible. Kind regards

Hello! It's the authoritative DNS for airdns.org. $ doggo NS airdns.org NAME TYPE CLASS TTL ADDRESS NAMESERVER airdns.org. NS IN 43200s ns1.airvpn.org. 9.9.9.9:53 airdns.org. NS IN 43200s ns2.airvpn.org. 9.9.9.9:53 $ doggo AAAA airvpn.org NAME TYPE CLASS TTL ADDRESS NAMESERVER airvpn.org. AAAA IN 1800s 2001:41d0:a:6034:: 9.9.9.9:53 $ doggo NS airvpn.org NAME TYPE CLASS TTL ADDRESS NAMESERVER airvpn.org. NS IN 3474s pdns03.domaincontrol.com. 9.9.9.9:53 airvpn.org. NS IN 3474s pdns04.domaincontrol.com. 9.9.9.9:53 $ doggo AAAA airvpn.org @pdns03.domaincontrol.com NAME TYPE CLASS TTL ADDRESS NAMESERVER airvpn.org. AAAA IN 1800s 2001:41d0:a:6034:: pdns03.domaincontrol.com:53 Kind regards

Hello! Please try also 1280 bytes. Usually 1280 bytes is strictly necessary only with PPPoE, but other conditions even in networks with larger frames may require smaller MTU. Worth a try. Kind regards

@Dunmer1E700 Thank you! Understood. This a conceptual error in cuckoo which exits if it does not find any graphic environment, for example when launched from a pure TTY. cuckoo will be modified accordingly to allow correct usage even in cases like yours. It's not a trivial matter but we should be able to deliver the patch already in RC 2. About airsu, it can work only from a terminal emulator run by X or some Wayland compositor, and this is correct. You won't need airsu to run Caddy via cuckoo if Caddy does not need any graphic environment. Thank you again, your report has been instrumental to make us realize of this conceptual error. Stay tuned for Release Candidate 2. Kind regards

Hello! We don't understand, if you don't have any graphic environment for the user connecting via SSH how can you manage to run an application that needs it, with or without Bluetit and Cuckoo? Can you clarify the system setup to let us focus on the issue? Thanks in advance! Kind regards

Hello! The unlimited traffic has nothing to do with slowing or not slowing down servers. The bandwidth allocation per connection slot as well as the amount of simultaneous connections inside the tunnel originated by each slot are crucial factors in this case and both those variables have been addressed in AirVPN ever since a decade ago. There's no need to limit the traffic in a given time frame for the purpose you mention; in fact, it would be ineffective. Kind regards

Hello! It could be related to environment variables. Please run airsu first to prepare the environment and swich to airvpn user. airsu is a Suite tool that prepares the user environment for the X.Org or Wayland based ecosystem. Feel free to keep us posted. Kind regards

Hello! If, and only if, you connect directly the router to AirVPN servers and share the AirVPN traffic with device(s) behind the router, please see here: https://docs.gl-inet.com/router/en/3/tutorials/firewall/#port-forwards From the documentation it is not totally clear whether the "WireGuard" external zone for port forwarding applies also when the router runs WireGuard in "client mode": it should work fine since a WireGuard interface does not have a fixed role as client or server, it can act as both. Thus, chances are that the port forwarding documented for WireGuard in "server mode" will work identically in "client mode". For any problem please contact their customer support and if possible report back here. Kind regards

@James8795 Hello! Can you please publish the complete container's log taken after the problem has occurred? As a first "blind" attempt to resolve the situation, please test again with a WireGuard interface MTU set to 1280 bytes. Set the WIREGUARD_MTU environment variable to 1280 in the environment: section: environment: - VPN_SERVICE_PROVIDER=airvpn - VPN_TYPE=wireguard - HEALTH_VPN_DURATION_INITIAL=120s - WIREGUARD_MTU=1280 ... Kind regards

Hello! Passepartout can be run to connect to AirVPN servers by importing a WireGuard or OpenVPN profile generated by AirVPN's Configuration Generator. Kind regards

@Dunmer1E700 Hello! You can consider AirVPN Suite 2.0.0 RC 1 and have Caddy traffic (and if necessary any other application you wish) flow outside the VPN tunnel, since Bluetit 2.0.0 supports per app reverse traffic splitting. In this way only Caddy traffic will flow outside the VPN tunnel. Please see here: https://airvpn.org/forums/topic/66706-linux-airvpn-suite-200-preview-available Inside the package you will find the updated README.md which is a thorough user's manual. Release Candidate 1 has reached a very remarkable stability and reliability according to long and thorough internal and public testing. Release Candidate 2 is due to be out during the next week and the stable release will follow shortly. Please note that the namespace which Caddy (and any "outside the tunnel" process) lives in will have a different private IP address (consider this when you forward port 443 from the router). Kind regards

Hello! Starting from version 2.3, firewalld by default owns exclusively nftables tables generated by itself, thus preventing Eddie, Bluetit and Hummingbird Network Lock related operations. If you want to have Network Lock enabled and firewalld running at the same time, then you must configure firewalld by setting the following option: NftablesTableOwner=no in firewalld's configuration file, usually /etc/firewalld/firewalld.conf . After you have edited the configuration file with any text editor with root privileges, reload firewalld configuration or restart firewalld, and only then (re)start Bluetit, Hummingbird or Eddie. Additional insights: https://discussion.fedoraproject.org/t/firewalld-add-flags-owner-persist-in-fedora-42/148835 https://forums.rockylinux.org/t/rocky-9-5-breaks-netfilter/16551 Kind regards

Hello! GlueTun offers a remarkable integration with AirVPN and in general will not consider the configuration file to determine the end point. Instead, it will evaluate specific environment variables, please see here: https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/airvpn.md#optional-environment-variables Even if you set SERVER_REGIONS=Europe or something similar, a new end point will be determined only upon disconnection or container restart. Under no circumstance a connection will be intentionally and suddenly broken and then re-established to a different server without the operator's intervention. Remember that the mentioned environment variables will be correctly evaluated when the VPN_SERVICE_PROVIDER variable is set to airvpn: VPN_SERVICE_PROVIDER=airvpn Kind regards

Hello! Please try various WireGuard's interface MTU, starting from 1280 bytes and slowly increasing it, and check whether you have a specific value which improves the upload speed. GlueTun's environment variable setting WireGuard interface MTU is WIREGUARD_MTU. You can set it in the compose file environment: section. Remember to re-start the container each time you change the setting. Example: environment: - UID=1000 - GID=10 - TZ=Europe/Copenhagen - WIREGUARD_MTU=1280 Although you are probably in the EU, where such behavior would be illegal except when forced by congestion or exceptional causes, please note that some ISPs could cap UDP in upload even on symmetric lines (we mention UDP because WireGuard works over UDP). Please check the "traffic management" policy of your ISP, just in case. Kind regards

Hello! According to reports found on the web, Tunnelblick warns that IPv6 DNS server is not being used when the "disable ipv6" checkbox is ticked. The warning can be incorrect because it is thrown even though the IPv6 tunnel is functioning correctly and DNS queries to the provided IPv6 DNS server address work fine, can you verify? If DNS6 does not work, the problem can be related to the peculiar macOS management of IPv6 tunneling over IPv4, please see here: https://gist.github.com/smammy/3247b5114d717d12b68c201000ab163d Both Eddie and Hummingbird for macOS were rewritten in 2022/2023 to properly "convince" macOS to do IPv6 DNS lookups when your only IPv6 address is via a VPN or tunnel of some sort. We're not sure about Tunnelblick, when we tested in 2022 it could not do it. Kind regards