Staff

Hello! You are definitely right. Historically, this is a consequence of the fact the our bootstrap servers were not given by the respective datacenters IPv6 support and we did not insist on that. We will ask our providers to add IPv6 support to the bootstrap servers if possible, and then adapt our software accordingly when IPv6 layer is preferred over IPv4. Kind regards P.S. You applied a smart workaround!

@TheHellSite Hello! A dedicated forum might be excessive, but dedicated threads are surely appropriate. The official thread followed by staff members can be found in the "News" forum, which is not a community forum. Any other thread can be created by the community in the proper community forum ("Troubleshooting" is fine) and followed by the community as usual. Kind regards

@hartfieldsbane Hello! Can you please check the content of directory /etc/airvpn and post here? sudo ls /etc/airvpn A plausible explanation of the wrong behavior is that the lock file doesn't exist in /etc/airvpn, while some backup file related to firewall rules or DNS settings does. EDIT: bug confirmed, we will work to fix it. You can resolve immediately the problem by deleting the whole directory content, but first please publish its content to let us check and reproduce the issue, thank you! A bug causing a similar problem was already detected by @misam in this thread in late 2020. It was fixed in your version 1.1.2, but maybe something is still wrong. Please post text and not screenshots when possible. sudo rm /etc/airvpn/* Kind regards

@Asmodeus Hello! This was a 2020 thread, the page layout has changed in the meantime. Go here: https://airvpn.org/macos/eddie/ Click "Other versions" then select the version you want. You will be brought back to the download page, pointing this time to the version you selected. Pick the correct package for your macOS and download and install as usual. Kind regards

@eburom Thank you very much! The problem you found and kindly reported has been fixed and you'll see the fix in the next, imminent version. From the developer: you can't build the Suite now because OpenVPN3 has recently changed ClientAPI::Config definition. They replaced member ipv6 with allowUnusedAddrFamilies which is basically used for the very same purpose. The change has been already imported into OpenVPN3-AirVPN 3.7.1 fork and Bluetit/Hummingbird code has been updated accordingly in the development branch which is to be released very soon, along with some other minor fixes and changes [including the aforementioned one}. Kind regards

@r34lity23 Hello! Please make sure to accept packets to and from the bootstrap servers. You can find their IP addresses in /etc/airvpn/bluetit.rc file - bootserver directives. Kind regards

@spinmaster Hello! Our testing systems have 8 MB buffer as well. We are still struggling to reproduce the problem. In the meantime, please test with a 32 MB buffer, for example: sudo sysctl -w kern.ipc.maxsockbuf=33554432 Kind regards

Hello! No news, we're sorry, but let's evaluate whether the default buffer size of the UDP/IP stack is insufficient for OpenVPN3-AirVPN needs. Can you please give us the output (from a terminal) of the command: sysctl kern.ipc.maxsockbuf It will show the buffer size in bytes. We would like to compare it with our systems (Big Sur and Catalina, M1 and x86-64) where the problem doesn't occur, and check whether increasing the buffer mitigates it. Kind regards

@Xuebit Hello! We tried to reproduce the problem you reported but we failed. After we activated "cryptojacking" block list and entered getmonero.org among the allowed exceptions, we could determine that it was resolved correctly. Please try again, maybe your system and/or system browser cached DNS. You can debug with dig getmonero.org We rarely edit a list; "curated by us" doesn't necessarily imply that we edit a list, but that we select and propose it or a merge of different lists, aiming at covering all the most requested categories. Therefore you might like to ask the original compiler the reason why getmonero.org was included. We see that also bitcoin.com is included in the same block list. That said, we can of course edit those "curated by us" lists: while a regular review of each list by us is not realistic at all, we keep this option open for your and other users observations. Kind regards

@mrbert Hello! Unfortunately we don't understand the issue, therefore we recommend you open a ticket. About your last question, the DNS query should be tunneled so it should not go straight to Google, but anyway make sure that Network Lock is enabled. Anyway, you should not pick Google DNS in any case. Good DNS which respect your privacy are OpenNIC https://www.opennic.org and Quad9 (9.9.9.9). Kind regards

@Xuebit Hello! Thank you very much for the head up. The fact that the exception you entered doesn't work is unexpected, we will start an investigation because it might be a bug. The potential error about getmonero.org will be investigated as well. Kind regards

Hello everybody, can you please re-perform all of your tests and report back? We have found a bug which potentially might have caused the reported names resolution failures under rare circumstances on a few servers. We have fixed the code. Please let us know whether the problems keeps occurring or not, as our automated DNS testing sentinels deployed on the reported flag servers have stopped reporting resolution failures since when the fix was deployed. A couple of hours ago the fix has been deployed. Kind regards

@mrbert Hello! 10.4.0.1 answers only to DNS queries, nothing else, not even ICMP packets. Kind regards

Hello! We confirm that it's not possible for Eddie to start during the bootstrap of any un-rooted device running Android TV 10, 11 and 12, and this is not an Eddie-specific limitation, simply because "Always on VPN" has become mandatory for the purpose, but at the same time Android TV has always had this feature removed. Should we find a solution to circumvent this deliberate limitation on un-rooted devices, we will be willing to implement it, but at the moment we are not aware of any solution. OpenVPN connect, OpenVPN for Android and other apps undergo the very same limitation. Kind regards

@rubicon789 Hello! From the Android settings pertaining to apps, please review your OpenVPN app permission and make sure that access to storage is granted (do the same with WireGuard app if necessary). Also consider that when you run Eddie Android edition you are not forced to generate and import ovpn files to connect to our service (ovpn files remain optional). https://airvpn.org/forums/topic/29660-using-airvpn-with-eddie-client-for-android/ Kind regards

@PortlyNinja @tgiby3 Hello! Each time you renew your client key and certificate in your account "Devices" panel you need to log your account out and in again from Eddie main window, as you might have read in the instructions. In this way you force Eddie to download the new pairs. If Eddie sends an expired certificate you will get AUTH_FAILED from the VPN server, and not from the infrastructure, so no message is visible in the Client Area, in spite of the wrong suggestion by Eddie, we're sorry. The TAP driver is the driver which handles the virtual network interface used by OpenVPN. Only administrators, according to system default settings and ordinary practice in the last decades, can install system drivers. Windows lacks any such driver so it needs this additional installation of some third-party tun/tap driver for the tun/tap interfaces .The wintun driver, which is supported by OpenVPN 2.5 and higher versions, and by Eddie, is a more modern driver to drive the tun/tap interfaces. If you have issues caused by the TAP driver, including poor performance, try the wintun driver. You can activate it from Eddie's "Preferences" > "Advanced" window: check "Use wintun driver", click "Save" and re-start Eddie. Kind regards

@UndeN Hello! Please check your ticket before going on with the discussion, it looks like you ignored the answer by the support team member who should have found the fault in your configuration (executive summary: you did not forward remotely port 44158 form your AirVPN account control panel). Also, as a moderator already told you, please do not hijack threads, you already opened your own on the matter, keep the discussion there. By following simple rules and moderator directions you will improve forum readability. Thanks in advance. Kind regards

@vrspectre Hello! Is Eddie completely frozen, or is it impossible to type in credentials but Eddie responds to other inputs, for example you can open "Preferences" window and Eddie can be shut down properly from the menu? Do you run macOS 12.0, 12.1 or 12.2? Kind regards

Hello everybody! Some guidelines to help us investigate. When you experience the problem please report here all the following information: the fully qualified domain name you could not resolve the server you were connected to the connection mode and protocol (some OpenVPN mode or WireGuard) the DNS block lists you had active, if any the complete output of the command dig or nslookup pertaining to the "problematic" domain name Kind regards

@mariusffm Hello! Which is exactly the prime time you mention, when you notice higher round trip times? This is what we currently see from various NL servers (cut to the first entries) to and from a bunch of our servers (even non-VPN servers) in other datacenters served by different transit providers. It's very good for a Saturday night in Europe (ignore the duplicates like "Dublin" and "Ireland", it's just how our monitoring system organizes the outcome). Consider that such tests are performed every other minute so we can have a fine grained report and if you point us to the prime time we can see whether something is wrong (so far we have not detected peculiar problems). Kind regards Alblasserdam 0 ms Noord-Holland 1 ms Amsterdam 1 ms Haarlem 1 ms France - Roubaix 6 ms Ile-de-France 6 ms Berlin 7 ms France - Gravelines 7 ms Germany 7 ms Frankfurt 8 ms London 10 ms Munich 14 ms Bern 15 ms Manchester 15 ms Zurich 15 ms Dublin 17 ms Ireland 17 ms Riga 18 ms Prague 19 ms Vienna 22 ms Stockholm 22 ms Belgrade 24 ms Uppsala 27 ms Madrid 27 ms Barcelona 27 ms Oslo 28 ms Siauliai 29 ms Bucharest 30 ms Arezzo 31 ms

@barbalu Hello! If it's claimed that the law scope includes AirVPN, we can challenge, if necessary, any request. In the meantime the server complies to the usual AirVPN contractual obligations: no client traffic data and/or metadata is either inspected, stored or logged. Here below the three legally binding decisions by the CJEU pertaining to blanket data retention obligations, in 2014, 2016 and 2020. The Court of Justice declares the Data Retention Directive to be invalid https://curia.europa.eu/jcms/upload/docs/application/pdf/2014-04/cp140054en.pdf The Members States may not impose a general obligation to retain data on providers of electronic communications services https://curia.europa.eu/jcms/upload/docs/application/pdf/2016-12/cp160145en.pdf The Court of Justice confirms that EU law precludes national legislation requiring a provider of electronic communications services to carry out the general and indiscriminate transmission or retention of traffic data and location data for the purpose of combating crime in general or of safeguarding national security https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-10/cp200123en.pdf Kind regards

Hello! We're very glad to inform you that two new 1 Gbit/s full duplex servers located in Tokyo, Japan, are available: Albaldah and Bharani. The AirVPN client will show automatically the new servers; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and port 1637 UDP for WireGuard. Albaldah and Bahrani support OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check servers status as usual in our real time servers monitor: https://airvpn.org/servers/albaldah https://airvpn.org/servers/bharani Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! That was a suggestion for another user as specified in the message, not for you. You can ignore it. 😋 Kind regards

Hello! Can you please specify the exact servers where you can reliably reproduce the problem while you query VPN DNS? Note: if you cant' resolve names with other (not AirVPN's) public DNS, then the problem should be related to a broken connection, and not to VPN DNS: @root1337 The error: VERIFY ERROR: depth=1, error=certificate is not yet valid: implies that the device date is incorrectly set to the past and the certificate is not yet valid in that date. It's possible that the router could not sync through NTP during the bootstrap. Actually the first DNS server you set (10.4.0.1) is accessible only from within the VPN, therefore it will not resolve any name, including NTP server names. The router will then fall back to the second DNS, the OpenNIC one. Since OpenNIC servers have been replaced and some of them suffered downtime, try a different DNS server (for example Quad9, address 9.9.9.9). Anyway this problem seems unrelated to the other DNS issue you report. Kind regards

@geralddrissner Hello! We're sorry, the feature you mention is still unimplemented in Bluetit. Kind regards