Staff

For the readers: Ain in Stockholm has been upgraded to 10 Gbit/s line and port. https://airvpn.org/forums/topic/48885-upgrade-ain-becomes-a-10-gbits-server-se/ Kind regards

@spinmaster Hello and thank you! The name resolution problem seems related to your system DNS, Can you tell us whether you see the names resolution error only when a re-connection is attempted? In the Configuration Generator, selecting "OpenVPN >= 2.5" is fine for Hummingbird 1.1.1, because our AirVPN OpenVPN 3 library supports all the needed directives and works in an OpenVPN 2.5 compatible mode for cipher negotiation. Can you please test OpenVPN 2.5 or OpenVPN 2.4.9 with Tunnelblick and check whether you get more, less or the same stability than you have with Hummingbird? The KEEPALIVE_TIMEOUT is an ordinary error caused by connection drop (your node and the VPN server can't communicate with each other for more than a minute). Kind regards

@airvpnclient Hello! Hummingbird sets the necessary rules only (maximum optimization), while Eddie opens traffic to every AirVPN node IPv4 address, therefore it needs some thousand rules. Hummingbird is designed in a way that when a disconnection takes place, Network Lock gets disabled, while Eddie keeps Network Lock until you explicitly tell it to disable Network Lock or exit. Therefore Hummingbird is not a suitable software if you need Network Lock while disconnected, but you can consider a "permanent" Network Lock with proper rules by default, so that traffic is blocked when Hummingbird restores default rules. Bluetit will have a safer behavior, more similar to Eddie's behavior, but you need to remember (as you noticed) that currently Bluetit will not activate Network Lock if an account login fails. We are working to fix this flaw as well, and quickly, in the next imminent release already. Kind regards

@airvpnclient Thanks! The new issue you reported in OSMC is confirmed and under investigation too. Kind regards

@FunThomas Hello! That's one of your own addresses. Specifically, it's the private IPv4 address of your machine in the virtual network. Either you interpret something in some incorrect way, or you're reporting yourself scanning yourself. from your own address to the very same address. As an additional note, we remind you that, in our infrastructure, nodes in the same VPN can't communicate with each other. Kind regards

@thewolfman8326 Hello! Thanks for the report. It's possible that you have a Fedora 33-like setup, i.e. systemd-resolved configured to bypass resolv.conf, and network-manager also running. It seems that in this setup Hummingbird and Bluetit can properly handle DNS push (apart from the glitch you warn us about and which we'll take care the devs are informed about) but update-systemd-resolved script can't. We would also recommend that you run Goldcrest+Bluetit when you have resolved D-Bus issues, as the client-daemon architecture provides you with a more robust and secure solution than Hummingbird does. Kind regards

@pfolk Hello! OK, you're good. We don't think you can try anything else but please feel free to open a ticket. The support team might think of something we currently miss, you never know. Kind regards

@pfolk Hello! Settings to use wintun driver are correct. A specific Data Channel cipher can be defined by directive "data-ciphers". Check your Eddie log to see which Data Channel cipher is used (if in doubt please open a ticket and send a log to the support team). Eddie can accept custom directives in "Preferences" > "OVPN Directives" window. Some examples with ciphers supported by our servers (enter only ONE directive): data-ciphers AES-256-GCM data-ciphers AES-128-GCM data-ciphers CHACHA20-POLY1305 (do not use in AES-NI supporting machines, i.e. desktop computers usually, because performance will be lower). Kind regards

@airvpnclient Yes, every OSMC user must wait for Bluetit next version in any case. Bluetit 1.0.0 does not run properly in OSMC because of OSMC customization. Next Bluetit release will aim at full OSMC compatibility. Kind regards

@SurprisedItWorks Hello and thank you! Historically in AirVPN, you can publish any guide you wish in "General and suggestions" forum. If the guide receives a positive feedback and no critical bugs are found we usually move it either to the instructions page of a specific system or the How-To forum. keeping of course the author's name and content. If a guide is "promoted" in that way, the author usually gets some years of free access to AirVPN as a "thank you". Kind regards

@thewolfman8326 Hello! Strange, as from your reports it seems that update-systemd-resolved is no more sufficient to accept effectively DNS push for certain DNS configurations in Linux. We assume that you have systemd-resolved running in some "on link" mode, or anyway bypassing /etc/resolv.conf, is this correct or not? What is your distribution? In theory, now Bluetit and Hummingbird (they are in the AirVPN Suite software) should handle properly all the numerous "DNS methods" available in Linux to date, even the Windows-like, disgraceful ones which have been adopted lately by some distributions. Can you please test and check whether Bluetit (or Hummingbird) are able to set, during an OpenVPN session, properly DNS in your Linux box AND prevent DNS leaks, or not? See also: https://airvpn.org/forums/topic/48833-linux-airvpn-suite-100-released/ (make sure to read notes about systemd-resolved as well) Kind regards

Hello! Can you please run Hummingbird directly, without Eddie? It must run fine in macOS High Sierra Please keep us posted. Kind regards

Everybody, can you please check whether the problem is resolved when you run Eddie 2.19.7? Thank you in advance. Kind regards

@Spyker Hello! Fingerprint unlock is not planned for the next Eddie Android release, but Master Password will be made optional. In the meantime you can consider picking a one-letter Master Password (it is allowed), if you are not interested in local data secure encryption. Kind regards

@pfolk Hello! Do you already use wintun driver, especially on the i5 machine? If not, try it, as the TAP-Windows driver is infamous to cause bottlenecks on some (but not all) Windows systems. The performance on the i7 based machine is fine (400 Mbit/s), but the one on the i5 based machine (200 Mbit/s) seems a little low and you might have a cap caused by the TAP driver (if you haven't already switched to wintun). Which exact i5 processor do you have? Buffer size is fine. Make sure to use AES and not CHACHA20 as your systems should support AES-NI. Kind regards

@bluesjunior It was just for the specific case of the customer who had previously installed some OpenVPN 2.5 beta version that did not support data-ciphers directive. Therefore OpenVPN failed when Eddie ran it with a profile containing that directive, which is supported by OpenVPN 2.5 release. Kind regards

@suroh Hello! We're glad to know that the quick fix resolved the issue. Yes, it's intentional, as it is a more flexible and secure solution allowing exclusive aivpn user setup, place for its files etc., log into its own session to run Goldcrest or any other Bluetit client. Sure, you can do as you prefer, or you can even add your own user to the airvpn group, according to your security needs and preferences, but consider seriously not to run Goldcrest with root privileges and not to add airvpn user to the sudo-ers. By doing the above, you would jeopardize a portion of the security model offered by the client-daemon architecture. Kind regards

@suroh Hello! OK, please hold on, we will release a fixed installation script very soon. If you want to edit install.sh for a dirty hot fix (let us know if it works): 1) Find the line: if [ ! -d "/etc/dbus-1" ] || [ ! -d "/etc/dbus-1/system.d" ]; then and replace it with if [ ! -d "/etc/dbus-1/system.d" ] && [ ! -d "/usr/share/dbus-1/system.d" ]; then 2) Find the lines: cp etc/dbus-1/system.d/* /etc/dbus-1/system.d chmod 644 /etc/dbus-1/system.d/org.airvpn.* and replace them both with the following block of text: if [ -d "/etc/dbus-1/system.d" ]; then cp etc/dbus-1/system.d/* /etc/dbus-1/system.d chmod 644 /etc/dbus-1/system.d/org.airvpn.* fi if [ -d "/usr/share/dbus-1/system.d" ]; then cp etc/dbus-1/system.d/* /usr/share/dbus-1/system.d chmod 644 /usr/share/dbus-1/system.d/org.airvpn.* fi Please note that the uninstall script will also have to be adapted (the fix will include a new uninstall.sh). Kind regards

@6gh54F4 @suroh Hello! Can you please send us the installed D-Bus related packages in your system? Can you tell us whether, in your system: /etc/dbus-1 /etc/dbus-1/system.d /usr/share/dbus-1/system.d exist or not? @suroh, can you please specify your distribution too? Kind regards

Hello! We're very glad to inform you that a new stable release of Eddie is now available for Linux (various ARM based architectures included), Mac, Windows. Eddie is a free and open source (GPLv3) OpenVPN GUI and CLI by AirVPN with many additional features such as: traffic leaks prevention via packet filtering rules DNS handling optional connections over Tor or a generic proxy customizable events traffic splitting on a destination IP address or host name basis complete and swift integration with AirVPN infrastructure white and black lists of VPN servers ability to support IPv4, IPv6 and IPv6 over IPv4 What's new in Eddie 2.19.7 enhanced wintun support in Windows, resolving TAP driver adapter issues and boosting performance Hummingbird 1.1.1 support in Linux and macOS for increased performance (up to 100% boost in macOS i7 systems when compared against OpenVPN 2) portable version for macOS which does not require Mono package installation nftables support by Network Lock in Linux via nft new aarch64 support through a Raspberry OS 64 bit beta specific build improved IPv6 support many bug fixes Eddie GUI and CLI now run with normal user privileges, while only a "backend" binary, which communicates with the user interface with authentication, gains root/administrator privileges, with important security safeguards in place: stricter parsing is enforced before passing a profile to OpenVPN in order to block insecure OpenVPN directives external system binaries which need superuser privileges (examples: openvpn, iptables, hummingbird) will not be launched if they do not belong to a superuser Eddie events are no more run with superuser privileges: instead of trusting blindly user's responsibility and care when dealing with events, now the user is required to explicitly operate to run something with high privileges, if necessary Backend binary is written in C++ on all systems (Windows included), making the whole application faster. Settings, certificates and keys of your account stored on your mass storage can optionally be encrypted on all systems either with a Master Password or in a system key-chain if available. Eddie 2.19.7 can be downloaded here: https://airvpn.org/linux - Linux version https://airvpn.org/macos - Mac version https://airvpn.org/windows - Windows version Eddie is free and open source software released under GPLv3. Source code is available on GitHub: https://github.com/AirVPN/Eddie Complete changelog can be found here. Kind regards & datalove AirVPN Staff

Hello! We're very glad to inform you that a server located in Stockholm (SE) has been upgraded: Ain. Server is now connected to a 10 Gbit/s line and port, while the motherboard has been replaced with a more powerful CPU. IP addresses remain the same. You don't need to re-generate configuration files, even if you don't run our software. As usual the server includes load balancing between daemons to squeeze as much bandwidth as possible from the 10 Gbit/s line. The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other Air server, Ain supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check the server status as usual in our real time servers monitor: https://airvpn.org/servers/Ain Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team

@OpenSourcerer OK. Ideally take the output just before you run Bluetit, then, if the problem occurs, save that output. Kind regards

@OpenSourcerer Hello! The output is fine. We'll be waiting for the next one to compare. What is the exact distribution? Kind regards

@OpenSourcerer Hello! Probably the kernel tells Bluetit that IPv6 layer is not available when you see the "problem". It's not enough that IPv6 is available locally in the system, of course (that's a pre-requisite only to tunnel IPv6 over IPv4). Can you give us the list and properties of all physical interfaces just before you start Bluetit with the "problem" and the exact distribution which you have this inconsistent behavior on? Kind regards

@airvpnclient Thanks! Ticket received and the matter is under investigation. We will update this thread too when we find anything relevant, for all readers. Kind regards