Staff

Hello! No news, we're sorry, but let's evaluate whether the default buffer size of the UDP/IP stack is insufficient for OpenVPN3-AirVPN needs. Can you please give us the output (from a terminal) of the command: sysctl kern.ipc.maxsockbuf It will show the buffer size in bytes. We would like to compare it with our systems (Big Sur and Catalina, M1 and x86-64) where the problem doesn't occur, and check whether increasing the buffer mitigates it. Kind regards

@Xuebit Hello! We tried to reproduce the problem you reported but we failed. After we activated "cryptojacking" block list and entered getmonero.org among the allowed exceptions, we could determine that it was resolved correctly. Please try again, maybe your system and/or system browser cached DNS. You can debug with dig getmonero.org We rarely edit a list; "curated by us" doesn't necessarily imply that we edit a list, but that we select and propose it or a merge of different lists, aiming at covering all the most requested categories. Therefore you might like to ask the original compiler the reason why getmonero.org was included. We see that also bitcoin.com is included in the same block list. That said, we can of course edit those "curated by us" lists: while a regular review of each list by us is not realistic at all, we keep this option open for your and other users observations. Kind regards

@mrbert Hello! Unfortunately we don't understand the issue, therefore we recommend you open a ticket. About your last question, the DNS query should be tunneled so it should not go straight to Google, but anyway make sure that Network Lock is enabled. Anyway, you should not pick Google DNS in any case. Good DNS which respect your privacy are OpenNIC https://www.opennic.org and Quad9 (9.9.9.9). Kind regards

@Xuebit Hello! Thank you very much for the head up. The fact that the exception you entered doesn't work is unexpected, we will start an investigation because it might be a bug. The potential error about getmonero.org will be investigated as well. Kind regards

Hello everybody, can you please re-perform all of your tests and report back? We have found a bug which potentially might have caused the reported names resolution failures under rare circumstances on a few servers. We have fixed the code. Please let us know whether the problems keeps occurring or not, as our automated DNS testing sentinels deployed on the reported flag servers have stopped reporting resolution failures since when the fix was deployed. A couple of hours ago the fix has been deployed. Kind regards

@mrbert Hello! 10.4.0.1 answers only to DNS queries, nothing else, not even ICMP packets. Kind regards

Hello! We confirm that it's not possible for Eddie to start during the bootstrap of any un-rooted device running Android TV 10, 11 and 12, and this is not an Eddie-specific limitation, simply because "Always on VPN" has become mandatory for the purpose, but at the same time Android TV has always had this feature removed. Should we find a solution to circumvent this deliberate limitation on un-rooted devices, we will be willing to implement it, but at the moment we are not aware of any solution. OpenVPN connect, OpenVPN for Android and other apps undergo the very same limitation. Kind regards

@rubicon789 Hello! From the Android settings pertaining to apps, please review your OpenVPN app permission and make sure that access to storage is granted (do the same with WireGuard app if necessary). Also consider that when you run Eddie Android edition you are not forced to generate and import ovpn files to connect to our service (ovpn files remain optional). https://airvpn.org/forums/topic/29660-using-airvpn-with-eddie-client-for-android/ Kind regards

@PortlyNinja @tgiby3 Hello! Each time you renew your client key and certificate in your account "Devices" panel you need to log your account out and in again from Eddie main window, as you might have read in the instructions. In this way you force Eddie to download the new pairs. If Eddie sends an expired certificate you will get AUTH_FAILED from the VPN server, and not from the infrastructure, so no message is visible in the Client Area, in spite of the wrong suggestion by Eddie, we're sorry. The TAP driver is the driver which handles the virtual network interface used by OpenVPN. Only administrators, according to system default settings and ordinary practice in the last decades, can install system drivers. Windows lacks any such driver so it needs this additional installation of some third-party tun/tap driver for the tun/tap interfaces .The wintun driver, which is supported by OpenVPN 2.5 and higher versions, and by Eddie, is a more modern driver to drive the tun/tap interfaces. If you have issues caused by the TAP driver, including poor performance, try the wintun driver. You can activate it from Eddie's "Preferences" > "Advanced" window: check "Use wintun driver", click "Save" and re-start Eddie. Kind regards

@UndeN Hello! Please check your ticket before going on with the discussion, it looks like you ignored the answer by the support team member who should have found the fault in your configuration (executive summary: you did not forward remotely port 44158 form your AirVPN account control panel). Also, as a moderator already told you, please do not hijack threads, you already opened your own on the matter, keep the discussion there. By following simple rules and moderator directions you will improve forum readability. Thanks in advance. Kind regards

@vrspectre Hello! Is Eddie completely frozen, or is it impossible to type in credentials but Eddie responds to other inputs, for example you can open "Preferences" window and Eddie can be shut down properly from the menu? Do you run macOS 12.0, 12.1 or 12.2? Kind regards

Hello everybody! Some guidelines to help us investigate. When you experience the problem please report here all the following information: the fully qualified domain name you could not resolve the server you were connected to the connection mode and protocol (some OpenVPN mode or WireGuard) the DNS block lists you had active, if any the complete output of the command dig or nslookup pertaining to the "problematic" domain name Kind regards

@mariusffm Hello! Which is exactly the prime time you mention, when you notice higher round trip times? This is what we currently see from various NL servers (cut to the first entries) to and from a bunch of our servers (even non-VPN servers) in other datacenters served by different transit providers. It's very good for a Saturday night in Europe (ignore the duplicates like "Dublin" and "Ireland", it's just how our monitoring system organizes the outcome). Consider that such tests are performed every other minute so we can have a fine grained report and if you point us to the prime time we can see whether something is wrong (so far we have not detected peculiar problems). Kind regards Alblasserdam 0 ms Noord-Holland 1 ms Amsterdam 1 ms Haarlem 1 ms France - Roubaix 6 ms Ile-de-France 6 ms Berlin 7 ms France - Gravelines 7 ms Germany 7 ms Frankfurt 8 ms London 10 ms Munich 14 ms Bern 15 ms Manchester 15 ms Zurich 15 ms Dublin 17 ms Ireland 17 ms Riga 18 ms Prague 19 ms Vienna 22 ms Stockholm 22 ms Belgrade 24 ms Uppsala 27 ms Madrid 27 ms Barcelona 27 ms Oslo 28 ms Siauliai 29 ms Bucharest 30 ms Arezzo 31 ms

@barbalu Hello! If it's claimed that the law scope includes AirVPN, we can challenge, if necessary, any request. In the meantime the server complies to the usual AirVPN contractual obligations: no client traffic data and/or metadata is either inspected, stored or logged. Here below the three legally binding decisions by the CJEU pertaining to blanket data retention obligations, in 2014, 2016 and 2020. The Court of Justice declares the Data Retention Directive to be invalid https://curia.europa.eu/jcms/upload/docs/application/pdf/2014-04/cp140054en.pdf The Members States may not impose a general obligation to retain data on providers of electronic communications services https://curia.europa.eu/jcms/upload/docs/application/pdf/2016-12/cp160145en.pdf The Court of Justice confirms that EU law precludes national legislation requiring a provider of electronic communications services to carry out the general and indiscriminate transmission or retention of traffic data and location data for the purpose of combating crime in general or of safeguarding national security https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-10/cp200123en.pdf Kind regards

Hello! We're very glad to inform you that two new 1 Gbit/s full duplex servers located in Tokyo, Japan, are available: Albaldah and Bharani. The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and port 1637 UDP for WireGuard. Albaldah and Bahrani support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check servers status as usual in our real time servers monitor: https://airvpn.org/servers/albaldah https://airvpn.org/servers/bharani Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! That was a suggestion for another user as specified in the message, not for you. You can ignore it. 😋 Kind regards

Hello! Can you please specify the exact servers where you can reliably reproduce the problem while you query VPN DNS? Note: if you cant' resolve names with other (not AirVPN's) public DNS, then the problem should be related to a broken connection, and not to VPN DNS: @root1337 The error: VERIFY ERROR: depth=1, error=certificate is not yet valid: implies that the device date is incorrectly set to the past and the certificate is not yet valid in that date. It's possible that the router could not sync through NTP during the bootstrap. Actually the first DNS server you set (10.4.0.1) is accessible only from within the VPN, therefore it will not resolve any name, including NTP server names. The router will then fall back to the second DNS, the OpenNIC one. Since OpenNIC servers have been replaced and some of them suffered downtime, try a different DNS server (for example Quad9, address 9.9.9.9). Anyway this problem seems unrelated to the other DNS issue you report. Kind regards

@geralddrissner Hello! We're sorry, the feature you mention is still unimplemented in Bluetit. Kind regards

@thetechdude Hello! We're sorry, we can't do that. Although you say it's not, what you propose is indeed specific client related traffic monitoring and logging/storing which we are contractually obliged not to perform. Even setting it as an opt-in feature would surely cause endless controversy and potential contractual breach. As a workaround, if a DNS query fails on our DNS (remember that each server runs its own DNS server) you can discover the reason through dig or nslookup. Kind regards

Hello! The feature you require is already implemented and to use it you can simply access the DNS panel from the appropriate "device" by clicking "Details" > "DNS". You can always tell whether the shown DNS panel pertains to global or per device settings by reading the description under the "DNS" title, which may be "for all of your devices" or "for device <device name>". Kind regards

@ghostp Hello! Can you please test the following connection mode: protocol TCP port 443 entry-IP address THREE and check whether the problem remains the same or not? You can change connection mode in Eddie "Preferences" > "Protocols" window: uncheck "Automatic", select the proper line (it will be highlighted) and click "Save". Kind regards

Hello! We're very glad to inform you that Eddie Android edition 2.5 has been released. The new release achieves full compatibility with Android versions 10, 11 and 12. It also maintains compatibility with Android 5.1. Many parts have been thoroughly rewritten to obtain better performance and efficiency. Ability to start and connect during device bootstrap is no more limited to a specific profile: it has been extended to a variety of choices, such as quick auto connection or user defined servers or countries, according to a customizable priority list. Master Password is now optional and VPN concurrency management has been improved. SSL/TLS library is OpenSSL, since it can provide, nowadays, slightly better performance than mbedTLS library on several processors. TLS 1.3 is supported as well. Eddie for Android is free and open source software released under GPLv3. We invite you to check from independent 3rd parties lack of trackers code signatures, for example here: https://reports.exodus-privacy.eu.org/en/reports/search/org.airvpn.eddie You can download Eddie Android 2.5 APK directly from our repository: https://airvpn.org/forums/topic/29660-using-airvpn-with-eddie-client-for-android/ You can also download it from the Google Play Store: https://play.google.com/store/apps/details?id=org.airvpn.eddie and from Amazon Appstore: https://www.amazon.com/Eddie-AirVPN-official-OpenVPN-GUI/dp/B07KTD6DH9/ Source code (and of course changelog) is available in GitLab: https://gitlab.com/AirVPN/EddieAndroid/ Main features (new features in bold): Free and open source OpenVPN GUI based on "OpenVPN 3.7.1 AirVPN" (free and open source software library by AirVPN) ChaCha20-Poly1305, AES-CBC and AES-GCM support on both OpenVPN Control and Data channel Robust, best effort prevention of traffic leaks outside the VPN tunnel Battery-conscious application Low RAM footprint Ergonomic and friendly interface Ability to start and connect the application at device boot Option to define which apps must have traffic inside or outside the VPN tunnel through white and black list Localization in simplified and traditional Chinese, Danish, English, French, German, Italian, Portuguese, Russian, Spanish, Turkish Full integration with AirVPN Enhanced security thanks to locally stored encrypted data through optional master password Quick one-tap connection and smart, fully automated server selection Smart server selection with custom settings Manual server selection Ability to start and connect during device startup according to a priority list which includes automatic choice, your defined country and your defined AirVPN server Smart attempts to bypass OpenVPN blocks featuring protocol and server fail-over Full Android TV compatibility including D-Pad support. Mouse emulation is not required. Enhancements aimed at increasing accessibility and comfort to visually impaired persons AirVPN servers sorting options Customizable "Default", "Favorite" and "Forbidden" servers and countries OpenVPN mimetype support to import profiles from external applications Multiple OpenVPN profile support. The app now imports and manages multiple OpenVPN profiles Support for custom bootstrap servers Support for favorite and forbidden countries AirVPN broadcast messages support User's subscription expiration date is shown in login/connection information The app is aware of concurrent VPN use. In case another app is granted VPN access, Eddie acts accordingly and releases VPN resources Optional local networks access. In such case, local network devices are exempted from the VPN and can be accessed within the local devices Localization override. User can choose the default language and localization from one of the available ones Favorite and forbidden lists can be emptied with a single tap Ability to directly select an AirVPN area (country, continent, planet) to connect to VPN reconnection in case of unexpected OpenVPN disconnection. (It requires VPN Lock to be disabled) VPN concurrency management Full integration with VPN traffic leaks prevention by system in Android 7 or higher version Full compatibility with Android 10, 11 and 12 User can generate or save an OpenVPN profile for any AirVPN server or country and save it in the internal OpenVPN profile manager or export it On the fly language change allowing to switch language without re-starting application Exclusive optional VPN lock in case the device cannot take advantage of Android's VPN direct management (Android 5 and 6) Server scoring algorithm implementing the latest AirVPN balancing factors in order to determine the best server for quick connection Network name and extra information are shown along with network type Device network status management Fully compatible with Android TV 5.1 and higher versions bug fixes Kind regards & datalove AirVPN Staff

Hello! We're glad to know it, but isn't it dangerous to launch the device? 😀 Thank you for your tests. We have not received the ticket, can you please check? Please include the complete log and, if possible, the logcat in your ticket. Kind regards

@Maggie144 Hello and thank you! A dark theme will be planned in the near future for the next version. The option you mention suppresses dialog messages with no priority, while it can't suppress some Eddie "priority" messages, which are important. Eddie defines "normal" and "important" messages. For example, network state changes are included in the first set, while unexpected disconnections and connections related messages are included in the second set. Kind regards

@Rhenus Hello! So it's not the "same issue". Can you please open a ticket? Support team will investigate. Kind regards