Staff

@colorman Hello and thank you! AES-CBC for Data Channel is no more accepted and should not be picked automatically, can we see your bluetit.rc and goldcrest.rc files content? Kind regards

@OpenSourcerer Hello! Thank you, bug confirmed and fixed. Before the next version comes out, you might like to use "--air-connect" in place of "-O" to keep testing. Kind regards

Hello! We're very glad to inform you that AirVPN Suite version 1.2.0 is now available. Check supported systems below UPDATE 15 Feb 22: Release Candidate 1 is available UPDATE 08 Mar 22: Release Candidate 2 is available UPDATE 17 Mar 22: Release Candidate 3 is available 24 Mar 22: Production release is available The suite includes: Bluetit: lightweight, ultra-fast D-Bus controlled system daemon providing full connectivity and integration to AirVPN servers, or generic OpenVPN servers. Bluetit can also enforce Network Lock and/or connect the system to AirVPN during the bootstrap Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN servers Hummingbird: lightweight and standalone binary for generic OpenVPN server connections What's new in 1.2.0 bug fix: white and black lists are now handled more properly by quick connection mode with new logical approach bug fix: comma in password is now parsed correctly when entered in bluetit.rc bug fix: Hummingbird network restore function works properly when hummingbird.lock file is missing but DNS and firewall rules have their backup copies to be recovered bug fixes in --pause, --resume, --reconnect options refinements in logging in automatic network lock mode, nftables takes precedence over iptables if nft userland utility exists DNS handling improvements with certain systemd-resolved wortking modes added support for zstd and gzip compressed kernel modules IPv6 bootstrap servers enhanced support update of all support libraries, including OpenVPN-AirVPN Please check the changelog at the end of this post for detailed information. Thank you very much for your tests and please report any bug, glitch, malfunction etc. in this thread! Packages Please note that the Suite is no more built for i686 systems (32 bit architecture). If you need the Suite for such systems please run 1.1.0 release in the meantime and contact us in this thread or through a ticket. Packages can be downloaded from our web site page https://airvpn.org/linux/suite/ AirVPN Suite is released under GLPv3. Source code and repository: https://gitlab.com/AirVPN/AirVPN-Suite AirVPN Suite changelog Changelog for AirVPN Suite Version 1.2.0 - 22 March 2022 [ProMIND] production release Version 1.2.0 RC 3 - 17 March 2022 [ProMIND] updated to OpenVPN3 AirVPN 3.8.1 [ProMIND] vpnclient.hpp: changed references of ClientAPI::OpenVPNClient class to ClientAPI::OpenVPNClientHelper to conform to the new OpenVPN3 client class names [ProMIND] vpnclient.hpp: added private members event_error and event_fatal_error to reflect client's event errors [ProMIND] vpnclient.hpp: added public methods eventError() and eventFatalError() [ProMIND] vpnclient.hpp: get_connection_stats() added topology, cipher, ping and ping_restart values from OpenVPN3 options Version 1.2.0 RC 2 - 8 March 2022 [ProMIND] vpnclient.hpp: added methods init(), initSupportedDataCiphers(), isDataCipherSupported() and getSupportedDataCiphers() [ProMIND] vpnclient.hpp: added cipher member to struct EventData [ProMIND] vpnclient.hpp: added getPushedDns() method [ProMIND] airvpntools.cpp: added normalizeBoolValue() method for the normalization of "simple" bools to extended values conforming to Suite's option parser and to be used to extend OpenVPN3 "simple" bool options [ProMIND] logger.hpp: flushLog() is now synchronized and thread safe by using a semaphore Version 1.2.0 RC 1 - 15 February 2022 [ProMIND] Updated to OpenVPN 3.7.2 AirVPN Version 1.2.0 Beta 1 - 7 February 2022 [ProMIND] updated to OpenVPN 3.7.1 AirVPN and latest support libraries and support projects [ProMIND] vpnclient.hpp: added methods openVPNInfo(), openVPNCopyright() and sslLibraryVersion() [ProMIND] vpnclient.hpp: added event management (subscription, unsubscription, raising) via callback functions for all native ClientEvent::Type [ProMIND] loadmod.c: added support for gz and zstd modules [ProMIND] netfilter.cpp: changed firewall priority scheme into nftables, iptables-legacy, iptables, pf [ProMIND] netfilter.cpp: added workaround for iptables modules in order to comply to kernel 5.15.x [ProMIND] netfilter.cpp: init(): in case netlock is set to iptables, force the initial loading of system rules by adding and then immediately removing two IPv4 and IPv6 "fake rules" in order to have netlock work in distributions running under kernel 5.15.x and iptables 1.8.7 [ProMIND] dnsmanager.cpp: systemHasResolved() method renamed as systemHasSystemdResolved() [ProMIND] dnsmanager.cpp: added systemHasResolvectl() method [ProMIND] optionparser.cpp: added description and order members to OptionConfig and Option structures [ProMIND] airvpntools.cpp: added automatic support and selection for AirVPN IPv6 bootstrap servers [ProMIND] airvpnserverprovider.cpp: getFilteredServerList() includes all AirVPN server. Those not meeting the connection priority scheme are sent to the bottom of the list with the highest possible penalty. This is needed in case the country black list includes all of the connection priority scheme's countries *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog for Bluetit Version 1.2.0 - 22 March 2022 [ProMIND] production release Version 1.2.0 RC 3 - 17 March 2022 [ProMIND] do not check for supported ciphers in OpenVPN config file in case eval.cipher is empty [ProMIND] establish_openvpn_connection() returns false in case of client's event error or fatal error [ProMIND] connection and connection stats threads are now stopped by dedicated functions stop_connection_thread() and void stop_connection_stats_thread() respectively [ProMIND] improved error management at connection time Version 1.2.0 RC 2 - 8 March 2022 [ProMIND] Added list_data_ciphers dbus method [ProMIND] Added list_pushed_dns dbus method [ProMIND] Check and validate requested data cipher according to VpnClient's supported ciphers [ProMIND] Shows server information summary at the end of connection process via VpnClient connected event [ProMIND] Normalized (extended) bool values for options allowuaf, compress and network-lock Version 1.2.0 RC 1 - 15 February 2022 [ProMIND] Same as Beta 1 Version 1.2.0 Beta 1 - 7 February 2022 [ProMIND] White and black lists are now properly checked when connecting to an AirVPN server or country [ProMIND] In case there are white lists defined, quick connection will ignore the connection scheme priority [ProMIND] Added "africa" and "oceania" to continent/country connection process [ProMIND] Added SSL library version to startup log [ProMIND] Removed ipv6 option and replaced with allowuaf option (Allow Unused Address Families) in order to comply to the new OpenVPN3 specifications [ProMIND] Added DBus method ssl_library_version [ProMIND] btcommon.hpp: added normalized client options and descriptions [ProMIND] add_airvpn_bootstrap_to_network_lock(): added support for AirVPN IPv6 bootstrap servers *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog for Goldcrest Version 1.2.0 - 22 March 2022 [ProMIND] production release Version 1.2.0 RC 3 - 17 March 2022 [ProMIND] Update connection statistics to the latest Bluetit specifications Version 1.2.0 RC 2 - 8 March 2022 [ProMIND] Added --list-data-ciphers option [ProMIND] Added server information summary to statistics output [ProMIND] Normalized (extended) bool values for options allowuaf, compress and network-lock Version 1.2.0 RC 1 - 15 February 2022 [ProMIND] Reassigned short option "Q" to long option "air-key-load" Version 1.2.0 Beta 1 - 7 February 2022 [ProMIND] Removed ipv6 command line option and replaced with allowuaf option (Allow Unused Address Families) in order to comply to the new OpenVPN3 specifications [ProMIND] Added OpenVPN copyright information and SSL library information to the welcome message [ProMIND] Changed usage() in order to use the new normalized option format *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Changelog for Hummingbird Version 1.2.0 - 22 March 2022 [ProMIND] production release Version 1.2.0 RC 3 - 17 March 2022 [ProMIND] updated to OpenVPN3 AirVPN 3.8.1 [ProMIND] do not check for supported ciphers in OpenVPN config file in case eval.cipher is empty [ProMIND] changed references of ClientAPI::OpenVPNClient class to ClientAPI::OpenVPNClientHelper to conform to the new OpenVPN3 client class names [ProMIND] replaced calls to removed OpenVPN client's eval_config_static() with ClientAPI::OpenVPNClientHelper::eval_config() Version 1.2.0 RC 2 - 8 March 2022 [ProMIND] Added --list-data-ciphers option [ProMIND] Check and validate requested data cipher according to VpnClient's supported ciphers [ProMIND] Normalized (extended) bool values for options allowuaf, compress and network-lock Version 1.2.0 RC 1 - 15 February 2022 [ProMIND] Updated to OpenVPN 3.7.2 AirVPN Version 1.2.0 Beta 1 - 7 February 2022 [ProMIND] updated to OpenVPN 3.7.1 AirVPN and latest support libraries and support projects [ProMIND] Added SSL library version to version message [ProMIND] Removed ipv6 command line option and replaced with allowuaf option (Allow Unused Address Families) in order to comply to the new OpenVPN3 specifications [ProMIND] Added OpenVPN and copyright information and SSL library information to the welcome message [ProMIND] Fixed recover network procedure. It now properly checks the existence of network backup file Kind regards and datalove AirVPN Staff

@pipox9 Hello! The problems with some RAI channels had been resolved soon after you posted the message in summer 2021. Then a new problem arose with a couple of channels in late January 2021 and it has been again fixed at the beginning of February. These problems come from RAI changing CDN and other settings. Such events require manual intervention. Kind regards

Hello! Adding SSL/TLS to an onion service is not necessary:: https://tor.stackexchange.com/questions/6447/do-all-onion-addresses-use-ssl-tls Of course it can be used. The certificate becomes more an additional auth tool which is not needed for the security and integrity of data in transit. Kind regards

@bidasci Hello! Can you also test whether Eddie 2.21.3 beta resolves the problem or not? Please see here to download latest beta version: https://airvpn.org/forums/topic/49638-eddie-desktop-221-beta-released/ Kind regards

@adamrabbit Hello! Thank you. This thread is under the attention of Eddie developer now. Can you also test Eddie 2.21.3 beta and check whether you experience the same problems, and report back when you can? Can you also specify whether you have applied the "patch" recommended by Apple, see Kind regards

Hello! Yes, thank you! It should have been resolved in 2.21.3 beta, can you please cross-check? Kind regards

@ayazey Hello! Yes, the suggestion is still valid but with a caveat. Note that the original error comes from the fact that the script does not exist at all in /etc/openvpn. However, probably the script will not work even though systemd-resolved is disabled (IMPORTANT *), because https://wiki.archlinux.org/title/OpenVPN#The_update-systemd-resolved_custom_script so either you use the other script suggested by OpenSourcerer and the wiki (with systemd-resolved running), you make sure that /etc/nsswitch.conf does not use resolve, or you run the AirVPN Suite. Also note that the AirVPN Suite (but not Eddie atm) is capable to handle any configuration among the several possible DNS handling combinations allowed by systemd-resolved and systemd-networkd - a few remaining "glitches" pertaining to DNS handling under peculiar settings will be also fixed in the incoming 1.1.1 release. AirVPN Suite 1.1.0 has been tested under Fedora 35 (with nftables installed) and handles DNS push and DNS restore just fine. You might try it: besides offering important features like Network Lock, it might save you a lot of trial and error - and you need not disable systemd-resolved or change any other system default setting. https://airvpn.org/suite/readme/ Kind regards (*) Note to all Linux users: by default in Fedora 35 and possibly in other distributions if you want to stop systemd-resolved, a simple "stop" will not work, not even for a session, because systemd will re-start systemd-resolved, as it is a unit configured to re-start. That's why we write "disabled", and not "stopped".

@VPNwarp Hello! Thanks for your choice. From the tiny log section we can see the problem is related to IPv6. Possible solutions: Make sure that IPv6 is enabled at system level and on the TAP-Windows network interface Alternatively. from Eddie main window select "Preferences" > "Networking", set the "IPv6 layer" combo box to "Block" and click "Save" If nothing of the above resolves the issue and you get no solutions from the community please open a ticket for professional support. This is a community forum where Staff reads and writes now and then, while the support team offers assistance 24h/24. Also make sure to publish a system report ("Logs" > LIFE BELT icon" > "Copy" icon > paste into your message) which is much more useful to techies than a screenshot. Kind regards

Hello! We're glad to inform you that replacement has been completed. Now Meissa, Phact and Schedir are new, more powerful machines, in a different datacenter (again In Riga), connected to 1 Gbit/s lines. Kind regards

@tammo Hello! The required syntax in some nft versions was different and the command issued by Eddie is incorrect for your version, hence the syntax error. A fix under this respect has been implemented in Eddie 2.21 beta, can you please test Eddie latest 2.21.3 beta version? Please see here to download it: https://airvpn.org/forums/topic/49638-eddie-desktop-221-beta-released/ We are looking forward to hearing from you. Kind regards

Hello! Currently not, we're sorry. At the moment Windows 7 users should run native WireGuard programs with a configuration file generated by our Configuration Generator. Kind regards

Hello! We have moved the discussion here because it was too off-topic in the beta testing thread and it polluted it. That thread is reserved to WireGuard testing in AirVPN and is aimed at finding bugs, malfunctions and so on, if any. Kind regards

Hello! We inform you that the following servers in Latvia: Meissa Phact Schedir Shaula have become suddenly nonoperational because the upstream of our provider blocked all traffic. They should come back online within a couple of days, due to new deals with a new transit provider. However, all IP addresses will change. We have decided that this is a good moment to switch to new lines and servers: we are changing the previous 100 Mbit/s lines with 1 Gbit/s lines and ports, and replacing the hardware with more powerful CPU. The four 100 Mbit/s servers will be replaced by three 1 Gbit/s servers. Location will not change, the new servers will be in Riga. We should be able to announce the new servers in the next days. EDIT 2022/02/02: replacement has been completed. Kind regards and datalove AirVPN Staff

Hello! Since no reports came in here or in tickets in the last 10 days we consider the problem as resolved, thank you very much! Kind regards

@Pwbkkee Hello! Thanks for the detailed report and the suggested solution. Unfortunately we could not reproduce the issue. Can you please tell us your exact distribution name, version and (if any) customization, to let us start from a common testing ground? Kind regards

@organicchocolate Hello! Thank you very much for the good feedback, we're glad to hear it. About Network Lock, the status is reported by the padlock on the main window. If it's closed, Network Lock is enabled. A connection must be possible even with Network Lock disable,d so the green token you mention is appropriate. Maybe you'd prefer to have Network Lock on by default. You can configure Eddie to enable Network Lock when the app starts. AirVPN Suite enables Network Lock by default. Kind regards

Hello! You are definitely right. Historically, this is a consequence of the fact the our bootstrap servers were not given by the respective datacenters IPv6 support and we did not insist on that. We will ask our providers to add IPv6 support to the bootstrap servers if possible, and then adapt our software accordingly when IPv6 layer is preferred over IPv4. Kind regards P.S. You applied a smart workaround!

@TheHellSite Hello! A dedicated forum might be excessive, but dedicated threads are surely appropriate. The official thread followed by staff members can be found in the "News" forum, which is not a community forum. Any other thread can be created by the community in the proper community forum ("Troubleshooting" is fine) and followed by the community as usual. Kind regards

@hartfieldsbane Hello! Can you please check the content of directory /etc/airvpn and post here? sudo ls /etc/airvpn A plausible explanation of the wrong behavior is that the lock file doesn't exist in /etc/airvpn, while some backup file related to firewall rules or DNS settings does. EDIT: bug confirmed, we will work to fix it. You can resolve immediately the problem by deleting the whole directory content, but first please publish its content to let us check and reproduce the issue, thank you! A bug causing a similar problem was already detected by @misam in this thread in late 2020. It was fixed in your version 1.1.2, but maybe something is still wrong. Please post text and not screenshots when possible. sudo rm /etc/airvpn/* Kind regards

@Asmodeus Hello! This was a 2020 thread, the page layout has changed in the meantime. Go here: https://airvpn.org/macos/eddie/ Click "Other versions" then select the version you want. You will be brought back to the download page, pointing this time to the version you selected. Pick the correct package for your macOS and download and install as usual. Kind regards

@eburom Thank you very much! The problem you found and kindly reported has been fixed and you'll see the fix in the next, imminent version. From the developer: you can't build the Suite now because OpenVPN3 has recently changed ClientAPI::Config definition. They replaced member ipv6 with allowUnusedAddrFamilies which is basically used for the very same purpose. The change has been already imported into OpenVPN3-AirVPN 3.7.1 fork and Bluetit/Hummingbird code has been updated accordingly in the development branch which is to be released very soon, along with some other minor fixes and changes [including the aforementioned one}. Kind regards

@r34lity23 Hello! Please make sure to accept packets to and from the bootstrap servers. You can find their IP addresses in /etc/airvpn/bluetit.rc file - bootserver directives. Kind regards

@spinmaster Hello! Our testing systems have 8 MB buffer as well. We are still struggling to reproduce the problem. In the meantime, please test with a 32 MB buffer, for example: sudo sysctl -w kern.ipc.maxsockbuf=33554432 Kind regards