Staff

Hello! That was a suggestion for another user as specified in the message, not for you. You can ignore it. 😋 Kind regards

Hello! Can you please specify the exact servers where you can reliably reproduce the problem while you query VPN DNS? Note: if you cant' resolve names with other (not AirVPN's) public DNS, then the problem should be related to a broken connection, and not to VPN DNS: @root1337 The error: VERIFY ERROR: depth=1, error=certificate is not yet valid: implies that the device date is incorrectly set to the past and the certificate is not yet valid in that date. It's possible that the router could not sync through NTP during the bootstrap. Actually the first DNS server you set (10.4.0.1) is accessible only from within the VPN, therefore it will not resolve any name, including NTP server names. The router will then fall back to the second DNS, the OpenNIC one. Since OpenNIC servers have been replaced and some of them suffered downtime, try a different DNS server (for example Quad9, address 9.9.9.9). Anyway this problem seems unrelated to the other DNS issue you report. Kind regards

@geralddrissner Hello! We're sorry, the feature you mention is still unimplemented in Bluetit. Kind regards

@thetechdude Hello! We're sorry, we can't do that. Although you say it's not, what you propose is indeed specific client related traffic monitoring and logging/storing which we are contractually obliged not to perform. Even setting it as an opt-in feature would surely cause endless controversy and potential contractual breach. As a workaround, if a DNS query fails on our DNS (remember that each server runs its own DNS server) you can discover the reason through dig or nslookup. Kind regards

Hello! The feature you require is already implemented and to use it you can simply access the DNS panel from the appropriate "device" by clicking "Details" > "DNS". You can always tell whether the shown DNS panel pertains to global or per device settings by reading the description under the "DNS" title, which may be "for all of your devices" or "for device <device name>". Kind regards

@ghostp Hello! Can you please test the following connection mode: protocol TCP port 443 entry-IP address THREE and check whether the problem remains the same or not? You can change connection mode in Eddie "Preferences" > "Protocols" window: uncheck "Automatic", select the proper line (it will be highlighted) and click "Save". Kind regards

Hello! We're very glad to inform you that Eddie Android edition 2.5 has been released. The new release achieves full compatibility with Android versions 10, 11 and 12. It also maintains compatibility with Android 5.1. Many parts have been thoroughly rewritten to obtain better performance and efficiency. Ability to start and connect during device bootstrap is no more limited to a specific profile: it has been extended to a variety of choices, such as quick auto connection or user defined servers or countries, according to a customizable priority list. Master Password is now optional and VPN concurrency management has been improved. SSL/TLS library is OpenSSL, since it can provide, nowadays, slightly better performance than mbedTLS library on several processors. TLS 1.3 is supported as well. Eddie for Android is free and open source software released under GPLv3. We invite you to check from independent 3rd parties lack of trackers code signatures, for example here: https://reports.exodus-privacy.eu.org/en/reports/search/org.airvpn.eddie You can download Eddie Android 2.5 APK directly from our repository: https://airvpn.org/forums/topic/29660-using-airvpn-with-eddie-client-for-android/ You can also download it from the Google Play Store: https://play.google.com/store/apps/details?id=org.airvpn.eddie and from Amazon Appstore: https://www.amazon.com/Eddie-AirVPN-official-OpenVPN-GUI/dp/B07KTD6DH9/ Source code (and of course changelog) is available in GitLab: https://gitlab.com/AirVPN/EddieAndroid/ Main features (new features in bold): Free and open source OpenVPN GUI based on "OpenVPN 3.7.1 AirVPN" (free and open source software library by AirVPN) ChaCha20-Poly1305, AES-CBC and AES-GCM support on both OpenVPN Control and Data channel Robust, best effort prevention of traffic leaks outside the VPN tunnel Battery-conscious application Low RAM footprint Ergonomic and friendly interface Ability to start and connect the application at device boot Option to define which apps must have traffic inside or outside the VPN tunnel through white and black list Localization in simplified and traditional Chinese, Danish, English, French, German, Italian, Portuguese, Russian, Spanish, Turkish Full integration with AirVPN Enhanced security thanks to locally stored encrypted data through optional master password Quick one-tap connection and smart, fully automated server selection Smart server selection with custom settings Manual server selection Ability to start and connect during device startup according to a priority list which includes automatic choice, your defined country and your defined AirVPN server Smart attempts to bypass OpenVPN blocks featuring protocol and server fail-over Full Android TV compatibility including D-Pad support. Mouse emulation is not required. Enhancements aimed at increasing accessibility and comfort to visually impaired persons AirVPN servers sorting options Customizable "Default", "Favorite" and "Forbidden" servers and countries OpenVPN mimetype support to import profiles from external applications Multiple OpenVPN profile support. The app now imports and manages multiple OpenVPN profiles Support for custom bootstrap servers Support for favorite and forbidden countries AirVPN broadcast messages support User's subscription expiration date is shown in login/connection information The app is aware of concurrent VPN use. In case another app is granted VPN access, Eddie acts accordingly and releases VPN resources Optional local networks access. In such case, local network devices are exempted from the VPN and can be accessed within the local devices Localization override. User can choose the default language and localization from one of the available ones Favorite and forbidden lists can be emptied with a single tap Ability to directly select an AirVPN area (country, continent, planet) to connect to VPN reconnection in case of unexpected OpenVPN disconnection. (It requires VPN Lock to be disabled) VPN concurrency management Full integration with VPN traffic leaks prevention by system in Android 7 or higher version Full compatibility with Android 10, 11 and 12 User can generate or save an OpenVPN profile for any AirVPN server or country and save it in the internal OpenVPN profile manager or export it On the fly language change allowing to switch language without re-starting application Exclusive optional VPN lock in case the device cannot take advantage of Android's VPN direct management (Android 5 and 6) Server scoring algorithm implementing the latest AirVPN balancing factors in order to determine the best server for quick connection Network name and extra information are shown along with network type Device network status management Fully compatible with Android TV 5.1 and higher versions bug fixes Kind regards & datalove AirVPN Staff

Hello! We're glad to know it, but isn't it dangerous to launch the device? 😀 Thank you for your tests. We have not received the ticket, can you please check? Please include the complete log and, if possible, the logcat in your ticket. Kind regards

@Maggie144 Hello and thank you! A dark theme will be planned in the near future for the next version. The option you mention suppresses dialog messages with no priority, while it can't suppress some Eddie "priority" messages, which are important. Eddie defines "normal" and "important" messages. For example, network state changes are included in the first set, while unexpected disconnections and connections related messages are included in the second set. Kind regards

@Rhenus Hello! So it's not the "same issue". Can you please open a ticket? Support team will investigate. Kind regards

@Rhenus Hello! Does "Same issue" mean that port forwarding stopped working for a while and only for some ports, and after a few hours started working again regularly, as @elcr reported? @elcr Is it still alright now? Kind regards

@Karmatron Hello and thank you for your tests! Bug causing memory leaks was found out and fixed. Memory leaks should not occur anymore in Eddie 2.21.3 (available since a few days ago) according to thorough tests, can you please test too? Keep us posted in the main thread! You can expect a stable release when all reported bugs have been solved and no new bugs emerge in a given time frame decided by the developer. As you can see, the latest version is much closer to a stable release. Kind regards

Hello! Unfortunately a set of names for your purpose has not yet been defined, we're very sorry. We will consider to fix the fault. At the moment, If you need them you can use the Configuration Generator (*) or open a ticket (specify the list of servers). Kind regards (*) Make sure to tick "Advanced Mode", so that you can see and select some connection mode ending to entry-IP address 3.

@SomewhatSane Hello and thank you! Just to balance somehow your point of view: have you have ever seen M247 servers operated by AirVPN withdrawn by us for some controversy related or not related to the behavior of our customers? We answer for you : it never happened. The same can not be said of numerous, other providers with which we have had controversies pertaining to net neutrality, allowed protocols, traffic monitoring and more, controversies which often disclosed contractual breaches by the provider or "strange" interpretations of ToS and/or AUP and/or contract, and consequently forcing AirVPN to drop the server and any commitment. Kind regards

Hello! We're very glad to inform you that a new 1 Gbit/s full duplex server located in Dublin, Ireland, is available: Minchir. The AirVPN client will show automatically the new server; if you use any other OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637 UDP for WireGuard. Minchir supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/minchir Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

Hello! We're very glad to announce a special promotion on our long terms Premium plans. You can get prices as low as 2.20 €/month with a three years plan, which is a 68.6% discount when compared to monthly plan price of 7 €. You can also send an AirVPN plan as a gift: you have the option to print or send a colorful, dedicated picture with the code to activate the plan. You can do it in your account Client Area -> Your membership: Purchase and credit -> Print X-Mas after you have bought a coupon. If you're already our customer and you wish to stay aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day. Please check plans special prices on https://airvpn.org and https://airvpn.org/buy Kind regards & datalove AirVPN Staff

Hello! We're very glad to inform you that Release Candidate 1 version is now available. It's a minor update from beta 1 version: a specific manifest permission has been added to allow app black and white traffic splitting aimed lists proper population on Android 11 and 12. Many thanks to the tester who spotted the problem in latest Android versions! The post has been updated to link to the latest RC version. Special thanks to all testers who helped us in the alpha and beta stages! Please keep testing and report malfunctions and bugs, thank you in advance! Kind regards

Hello! Network Lock is a set of firewall (pf) rules so when Eddie crashes the rules remain unchanged and no traffic leaks outside the tunnel can happen. Also note that if Eddie crashes, OpenVPN or WireGuard can keep working without problems, so your system can still be in the VPN regardless of the crash. The only way to cause leaks after Eddie crashed with Network Lock would be (on top of killing OpenVPN or WireGuard) changing firewall rules, but only superuser can do that. That said, the idea to test Eddie beta version is good, please keep us informed. Kind regards

Version 2.21.3 (Wed, 15 Dec 2021 11:35:46 +0000) [change] [windows] WireGuard 0.3.11 > 0.5.2 WireGuardNT/0.10 [change] [windows] Important fix about crash after many hours with WireGuard [change] [windows] "Recovery, unexpected crash?" false positive in some circumstances [bugfix] [linux] Updated Portable and AppImage bundles for better distro compatibility [change] [linux] Constant monitoring of /etc/resolv.conf during connection [change] [windows] Better management of network adapter creation & destruction [new] [all] "Upload to paste URL in support ticket" in Lifebelt

@organicchocolate Hello! You don't need to rush to pull the plug and/or attend and monitor the VPN connection continuously if you enable Network Lock, which will prevent any possible traffic leak outside the VPN tunnel even when Eddie crashes. For all the other, numerous problems of Eddie 2.20 in Monterey, please follow this very thread: upgrade to Eddie 2.21 beta, apply the Apple "patches" (at least until a new Monterey fixed version is available) and all the problems should get resolved according to the reports. Kind regards

Hello! In our case, to collectively answer many requests and mitigate the amount of future tickets about it. Kind regards

Hello! We would like to inform you that we have never used the Apache Logging Services and/or Java in general, so any Log4j vulnerability, CVE-2021-44228 included (overall CVSS score 10.0 - critical) doesn't affect AirVPN web site or anything related to AirVPN. https://nvd.nist.gov/vuln/detail/CVE-2021-44228 Kind regards and datalove AirVPN Staff

@rock3716 It's an interesting case for us too. It's a very odd behavior by the provider, because it poses mere conduit problems (*). If a hosting provider intervenes to censor the content published by a customer without solicitation by a court order or at least a communication by a third party, it means they have editorial control, so they might be held liable (secondary liability) for the content published by their customers. In the reply, they clearly admit that they intervene against disinformation and misinformation, and suggest that a crime has been committed ("endangering public health"), as if they were omniscient to decide what disinformation and misinformation are, and they have the ability to monitor all the content of all of their customers. A safer approach for them would have been reporting to the competent authorities to decide whether something infringes the law or not, ensure to the publisher of the content the right to a defense, and optionally make the content unavailable while the case is ongoing. because of a third party warning, and not for their ability to check everything in their infrastructure uploaded by customers. Tons of things must be verified, but if the reports and the reply are authentic and not fake, the provider is walking on a slippery slope: apparently it is naively operating to hog editorial control, a catastrophe for any hosting/housing provider etc. (*) Directive 2000/31/EC has been transposed not only in the 27 EU Member States, but also in iceland, Norway and Liechtenstein.. Kind regards

@OpenSourcerer Hello! There is no middle-ground, either you use VPN DNS or you use Firefox DoH and renounce to some AirVPN features. Well, to say it all you can also use DNS over HTTPS or DNS over TLS with the Air VPN DNS, they are both supported, but it does not make much difference because the DNS queries remain in the tunnel even without DoH or DoT (anyway we support them both for the comfort of those users who set peculiar configurations). Surely we can improve the description, but it's not that simple, i.e. it can't be limited to DNS block lists, as other considerations such as geo-blocking feature and route hijack attack immunization should be described when one renounces to VPN DNS. We enter a sticky situation, because the advanced user already knows it all, while the beginner might be unable to understand it from a synthetic description and might join that choir of donkeys (initially formed because we refused and refuse to pay ransoms for reviews) braying that AirVPN is too complex to use. Excellent. The paper authors can't understand or accept our point of view (which pj explained in private before the paper was published when queried, but no replies came in after the explanation) but it doesn't matter, what it matters most is that our core community, advanced and/or long time users, understand why our choice makes sense and is based on good design. Kind regards

Hello! Thank you for your answers. There's just a terrible misunderstanding we can infer from one of them though (quoted), which we would like to fix. The user can, and have always been able to, disable this feature by not using Air VPN DNS, as usual. It takes a few seconds to configure it in Eddie Windows edition. By not using Air VPN DNS they will have no more NXDOMAIN returned by "use-application-dns.net" resolution (unless of course they force some other DNS that does ), as specified in our https://airvpn.org/specs page. What the authors of the paper consider a problem is probably caused by the fact that they don't like that the feature is "opt-out". But we need it otherwise we would have hundreds (thousands?) of customers complaining (and rightly so!) of alleged DNS leaks, complaining that DNS block lists don't work, complaining that geo-routing doesn't work. It's our opinion that the current implementation is good design, not poor design as claimed by the paper authors, whose consideration is frankly very questionable, again in our opinion. Our case is exactly foreseen and described by Mozilla in the list of cases for which default DoH in Firefox must be disabled. "Risks: [...] When enabling DoH by default for users, Firefox allows users (via settings) and organizations (via enterprise policies and a canary domain lookup) to disable DoH when it interferes with a preferred policy. ". In our case the preferred policy is letting the users take advantage of geo-routing, DNS block lists, as well as defusing the extremely dangerous route hijack attacks by making the DNS server address matching the VPN gateway address, and providing users with peace of mind when they test for "DNS leaks" through web sites etc. Such strong AirVPN features should remain "opt-out" and not become "opt-in", as they are not only a fairly required part of AirVPN features but also an important security addition. Those who still want Firefox DoH can simply disable DNS check and reject DNS push, or force any public DNS in Eddie, because they would not use VPN DNS in any case, obviously. Kind regards