Staff

@nwlyoc @iwih2gk Good to know you solved the issue! Eddie "frontend" and "backend" communicate. If you block lo or even just localhost, you not only block Eddie communications, but even any other communication of your system with itself (i.e.any process with any process), with all sorts of bad consequences. Kind regards

Hello, nobody likes a missing closing bracket. Kind regards

@kaassouffle Hello! Eddie 2.18.9 does not run in Mojave, because of Apple notarization, we're sorry, Your alternative is good (Eddie 2.16.3 is not notarized), or you may consider even Eddie 2.19.4 beta (which runs just fine in Mojave). We provide Eddie 2.19.4 in two builds: one for Catalina, and one for Mavericks, Yosemite, El Capitan, Sierra, High Sierra and Mojave. Please see the Mac download page and click the button just below "If you run older than macOS Catalina systems, please download latest Eddie 2.19 beta version" - then download and install as usual. Kind regards

@monstrocity Hello! Yes, of course, it might, but currently it does not. See by yourself each server's stats: open https://airvpn.org/status and click servers in Tokyo for insight including packet loss history and much, much more. Kind regards

@Jamertol Hello! You can't but it's irrelevant. Make sure you have nothing listening to that port in any "other" system and it's not a security risk (something that does not exist is not a security risk by itself). Kind regards

@bookth We don't understand what you mean. Maybe the following article helps? https://serverguy.com/kb/change-dns-server-settings-mac-os/ Kind regards

@NaDre Thanks, very interesting information for everyone. Kind regards

@NaDre Hello! So, out of curiosity, if you need your own DNS to resolve names in some specific "namespace" that's not ICANN's (OpenNIC and Namecoin come to mind, for example) you can't do it? If you need to tunnel traffic in a custom protocol over DNS queries to some service (different than a DNS server) to port 53 you are unable to reach it because that traffic is hijacked to some Mullvad DNS server? Kind regards

Hello! It is possible. About two or three years ago, as a consequence of two requests by very advanced customers, we changed completely OpenVPN daemons subnets to make them unique across the whole infrastructure. That deep change main purpose was making multiple connections from the same system easier by preventing any chance of address conflicts. Connecting the same machine to multiple VPN servers is very beneficial for load balancing, failover and bandwidth aggregation. Please check for example the following, excellent guide: https://nguvu.org/pfsense/pfsense-multi-vpn-wan/ Kind regards

Hello! We host about 29% of our infrastructure in M247 owned datacenters, approximately the same amount we had in 2019, 2018 and 2017. Cloudflare does not block M247 (although the settings can change during time). So you have the remaining 71% of AirVPN servers not on M247. On the Internet, without counting hidden services etc., you have 1.5 billion web sites. Cloudflare provides services to about 13 millions of them, i.e. 0.8% of all the known Internet web sites. However, Cloudflare provides services to more than 12% web sites of the top 10M (estimated amount of visitors). In general, stay away from services that don't accept access from VPN services or Tor or I2P, for obvious reasons. We have no plans to increase our presence in M247, as we showed you in the last 4 years (the latest, slight 1% increase is due to cancellation of Hong Kong servers, none of them were with M247). Kind regards

@bigdaddy Hello! Because we need it. What you say about "rooting" :) is impossible because packets to exit-IP address port 89 are processed by a server service and are never forwarded to any client, moreover why should they be forwarded to your specific client instead of any other client? Same thing for any other port lower than 2048, there are simply NO rules to forward any such port to a specific client. Kind regards

@Hotgloblin Hello! Check out latest builds, hopefully the issue will be fixed soon. Kind regards

Hello! You did (for Firefox) here: https://airvpn.org/forums/topic/25140-the-issue-your-browser-is-avoiding-ipv6/?do=findComment&comment=81717 Quite the contrary, please re-read. Our IPv6 handling is fully compliant to RFC (including ULA choice). It's the setup of some Linux systems that's not compliant to RFC 3484 and that can be easily fixed. Additionally it's the default setup of Chrome and Firefox that makes them prefer IPv4 when possible. In our opinion, it is a good thing currently, because of the poor status of IPv6 infrastructure nowadays. Anyway browsers' setup can be fixed too, but it's outside the scope of our service. We don't see a valid reason to change our setup at the moment. We get 10/10 in https://test-ipv6.com from FreeBSD. It is anyway OT, the problem of the OP @Hotgloblin is related to apparent lack of OpenVPN IPv6 tunneling in certain firmware, even when IPv6 routes are pushed. Kind regards

@bookth Hello! That's actually unexpected. First thing to check is DNS settings. Make sure that publicly accessible DNS servers are set in your Mac, while Air software is not running. Did it happen while you were running Eddie or Hummingbird? Kind regards

@arteryshelby We do not log and/or inspect our customers' traffic. Since 2010 you can't produce any single case, and not even the slightest clue, in which the identity of an AirVPN customer has been disclosed through traffic log and/or inspection and/or any other invasive method. It means a lot, given that various younger VPN services have been caught lying (ascertained court cases) and that AirVPN is now the oldest still active VPN service, with the exception of a minor service which anyway changed ownership twice in the last 12 years. By the way we have never asked our customers to blindly believe in our words. We do not block Tor and we even integrate its usage in our software, so you can be even safer if you can't afford to trust us OR some datacenter. For example you can use Tor over OpenVPN, to hide Tor usage to your country and ISP, and at the same time hide your traffic real origin, destination, protocol etc. to us and the datacenter the server is connected into. Last but not least, we invest a lo of money in Tor infrastructure and in 2017, 2018 and 2019 more than 2.5% of global world Tor network traffic transited on Tor exit-nodes paid by AirVPN. It is an important achievement we're proud of, and it hints to good faith. Kind regards

@Hotgloblin Hello! We see that in AsusWRT and in Asus MerlinWRT, IPv6 is not tunneled by OpenVPN, even though IPv6 push is performed. According to some forums, this is a current limitation of the firmware implementation. In Eddie Android edition IPv6 over IPv4 is enabled by default and you can fine tune according to your preferences in "Settings". However the OpenVPN3-AirVPN library in the current Eddie Android edition release has serious problems if you need a PURE IPv6 connection, so at the moment you need to renounce to pure IPv6 connections in Eddie Android. @giganerd We're not sure why you should, but if you need that IPv6 is preferred over IPv4 in spite of the solution you proposed some time ago, check here, even for a "patch" different than the one you suggested: https://gist.github.com/e00E/70bcb5f7f0db216739029a7b7e342fdf Kind regards

@bigdaddy Hello! Do not confuse server ports with your system ports. You can't remotely forward inbound ports below 2048, so packets to port 89 can''t be forwarded to your system. Service of ours listen to port 89 on VPN servers exit-IP address. Kind regards

@alphastep Hello! AirVPN allows only OpenVPN encrypted connections. You can see that here for example (respectively for Control and Data channels): . 2020.07.25 18:53:36 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA . 2020.07.25 18:53:38 - OpenVPN > Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key . 2020.07.25 18:53:38 - OpenVPN > Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key If you don't have stunnel you can't add an additional TLS tunnel (which might be useful only in very exceptional circumstances) on top of OpenVPN connection, nothing else. It has nothing to do with OpenVPN encryption. Kind regards

@cheetoh Hello! Network Lock option is highly recommended and explained in various guides and basic instructions. Even in the welcome e-mail we describe and recommend it. Network Lock prevents any possible traffic leak outside the VPN tunnel including leaks caused by software mis-configuration as well as leaks caused by unexpected VPN disconnection. Network Lock is even enabled by default by Hummingbird. When Network Lock is enabled you don't have to worry about errors in torrent software, and any other software, binding. Kind regards

@ntropia Hello! Eddie runs ping hundreds of times to perform "latency" tests, and each ping send at least two ICMP packets. Some ISPs don't like the behavior. Consider to disable "latency" tests in "Preferences" > "Advanced". Also consider Hummingbird for Linux: https://airvpn.org/hummingbird/readme/ Kind regards

@Maggie144 Hello! If it's a generic line problem you should see the same disconnections (even though with different error message, possibly) with OpenVPN 2. Can you please test for a discernment? If the connection is stable with OpenVPN 2 (you should keep it active more than 23 hours) we can safely assume that the problem is OpenVPN3-AirVPN related. Kind regards

@Maggie144 Hello! Is reneg-sec 1000 (or something similar) included in your profile? Kind regards

Hello! Currently not, we're sorry. It's the server that must listen to specific ports, it's not a client task. Maybe some server does not respond properly on port 41185, can you please give us the server(s) name(s)? Excellent! We're glad to know it. Stay tuned for future developments for macOS. Kind regards

@Maggie144 Hello! Please see here to run Hummingbird on its own: https://airvpn.org/hummingbird/readme/ Kind regards

Hello! It's physically impossible because, when done properly, wiretapping is external and transparent. Please check here to defeat adversaries with the ability to wiretap at the same time VPN servers lines and your line: https://airvpn.org/forums/topic/54-using-airvpn-over-tor/?do=findComment&comment=1745 Kind regards