Staff

@Maggie144 Hello! Can you please check whether: running Hummingbird alone resolves the problem or not running Hummingbird (both alone and through Eddie) with the additional directive reneg-sec 1000 resolves the problem or not Kind regards

@hawkflights Hello! We would like to underline that it's not a matter of "resisting". Wiretapping and correlation between incoming and outgoing traffic is performed freely, no need to ask for provider (VPN service or datacenter) cooperation at all. The real situation is that wiretapping without judicial overview will be transparent: the servers owners and operators will not even realize it is happening as it can be easily performed outside the server. Nothing changes indeed for careful Chinese customers and users, because they already needed to connect to servers outside Hong Kong according to the golden rule suggesting to always use servers located in jurisdictions different than your own. With the current move we are actually protecting those users who are unaware of the issue. Cowardice, if any, may be typical of those VPN services that keep operating in Hong Kong just for those few more bucks brought by unaware or naive customers. Kind regards

Hello! We are very sorry to inform you that we are withdrawing all of our servers in Hong Kong. Because of the new legal framework allowing unlimited line wiretapping by Chinese entities without judicial overview, the painful decision is due and undelayable. Our presence in Asia will continue in Singapore and Japan, where our infrastructure is oversized, while we are considering expansion in other countries when both legal framework and infrastructure status of a country allow it. Kind regards & datalove AirVPN Staff

@mith_y2k Hello! Hummingbird uses OpenVPN3-AirVPN library, which leaves dynamic, real time socket buffer adjustment to asio library. Fixed buffer sizes directives are ignored. It's a superior solution. Kind regards

Hello! Wintun driver can only be used by OpenVPN 2.5 with the proper directive. Make sure you have installed OpenVPN 2.5 and configure Eddie to run OpenVPN 2.5 and enforce windows-driver wintun directive, according to the very same instructions you mention. Kind regards

@wildbill Hello! We're not sure what fix you would like. Actually the behavior you report is expected and logic, by design. When you define a white list, only servers in the white list are taken into consideration, even to gather stats. It's the exact purpose of a white list: exclude anything outside it. Anyway as @giganerd pointed out you can bypass momentarily any white or black list with a single click. Kind regards

Hello! Of course, we need to implement the feature. Kind regards

Hello! If Network Lock was on, and you did not tamper the firewall rules, it is physically (in the sense of Laws of Nature) impossible that your real IP address could be found from the Internet p2p swarm. Either the notice is not genuine or the report is not accurate. Kind regards

Hello! Eddie might not run on Graphene OS. Can you test OpenVPN for Android and check whether it works? Kind regards

@Lestrad Excellent! We're glad to know that the issue has been sorted out. Kind regards

Fixed, sorry.

Version 2.19.4 (Mon, 06 Jul 2020 13:17:19 +0000) [bugfix] Linux, Font/UI issue in some distribution (Manjaro) [bugfix] Linux, modprobe issue with zstd [change] If Netlock fails to activate, stop autoconnect.

@Terry Stanford VPN Lock is the only safe way (on Android versions older than 9) to prevent traffic leaks. Remember that in Android the application and you don't have administrator privileges and can't set firewall rules. Each time you see a lock, Eddie Android edition has saved you from traffic leaks. You can disable VPN Lock anyway, in "Settings". In Android 9 and 10 you can prevent traffic leaks outside the VPN tunnel from system settings, so in those versions you can safely disable VPN Lock and activate system leaks prevention. Kind regards

@Lestrad Maybe you have not resolved the first problem we pointed out? Anyway without log nothing can be said for sure. Always attach log. Kind regards

@Lestrad Hello, possible lack of privileges, please check Also check IPv6 support. If you don't have it make sure to not use directives push-peer-info and setenv UV_IPV6=yes If in doubt use OpenVPN 2.5 from Eddie and take care to set IPv6 layer to Block in Preferences > Networking Kind regards

Hello! You might like to test wintun driver. It is available for Windows 7 too, it resolves a plethora of problems caused by the TAP driver, and boosts performance. We have prepared a step by step guide in the how to forum, direct link: https://airvpn.org/forums/topic/46535-how-to-use-wintun-driver-in-windows/ Kind regards

Hello! DNS leaks are client side, they have nothing to do with specific servers, obviously. The method you mention to conclude that your system suffers DNS leaks is not reliable. Please make sure that your browser DNS bypass is disabled and then browse https://ipleak.net to get a more significant set of data to determine whether you have leaks or not. Kind regards

Hello! We're very glad to inform you that we have just released Hummingbird 1.1.0, featuring: both SystemV-style init and systemd support for Linux update to the latest OpenVPN3-AirVPN and asio libraries Hummingbird is AirVPN's free and open source OpenVPN 3 client based on AirVPN's OpenVPN 3 library fork. Hummingbird is available for: Linux x86-64 (reasonably recent distribution on par with Debian 9 libraries and kernel is required) Linux ARM 32 (example: Raspbian for Raspberry Pi) Linux ARM 64 (example: Ubuntu 19 and 20 for Raspberry Pi) macOS (Mojave or higher version required - please read important notes for Mac users at the end of the announcement) Main features: Lightweight and stand alone binary No heavy framework required, no GUI Tiny RAM footprint Lightning fast Based on OpenVPN 3 library fork by AirVPN with tons of critical bug fixes from the main branch, new ciphers support and never seen before features ChaCha20-Poly1305 cipher support on both Control and Data Channel providing great performance boost on ARM, Raspberry PI and any Linux-based platform not supporting AES-NI. Note: ChaCha20 support for Android had been already implemented in our free and open source Eddie Android edition robust leaks prevention through Network Lock based either on iptables, nftables or pf through automatic detection proper handling of DNS push by VPN servers, working with resolv.conf as well as any operational mode of systemd-resolved additional features For a thorough Hummingbird overview please consult https://airvpn.org/hummingbird/readme/ Hummingbird 1.1.0 adds support to Linux systems based on SystemV-style init https://en.wikipedia.org/wiki/Init#SYSV too, while the previous versions supported Linux systemd based systems only. Therefore, we gladly achieve compatibility with 35 additional Linux distributions: https://distrowatch.com/search.php?ostype=All&category=All&origin=All&basedon=All&notbasedon=None&desktop=All&architecture=All&package=All&rolling=All&isosize=All&netinstall=All&language=All&defaultinit=SysV&status=Active#simple We think it's important to support Init Freedom: https://devuan.org/os/init-freedom because systemd is POSIX incompatible and because, as the UNIX Veteran Admin collective noticed in 2014 when they announced a Debian fork: This situation prospects a lock in systemd dependencies which is de-facto threatening freedom of development and has serious consequences for Debian, its upstream and its downstream. You can download Hummingbird for Linux (all flavors) and macOS respectively here: https://airvpn.org/linux and here: http://airvpn.org/macos Important notes for macOS users From now on we provide both a signed, code-hardened, notarized version and a non-notarized version of Hummingbird for macOS. The notarized version is available essentially for those users who prefer it, but it is not recommended. The notarized version will run without blocks by Apple's Gatekeeper, but will let Apple correlate your real IP address, Apple ID and other data potentially disclosing your identity to the fact that you run, and when you did it for the first time, an application by AirVPN. If that's not acceptable for you, just download the tarball package .tar.gz (it is NOT notarized and NOT signed with our Apple developer ID on purpose) and include it in the exceptions to run non-notarized programs. In the future this could not be allowed anymore, but at the moment it is. For a more thorough explanations on important privacy issues caused by Apple and notarization please see for example here https://lapcatsoftware.com/articles/notarization-privacy.html and here https://lapcatsoftware.com/articles/catalina-executables.html Kind regards & datalove AirVPN Staff

Version 2.19.3 (Tue, 16 Jun 2020 14:36:31 +0000) [bugfix] Windows NSIS, vc_redist.exe, from '/q' to '/install /passive /norestart'. [bugfix] Windows, System Report rare hang if IPv6 not available [bugfix] macOS, CLI edition error at boot in Portable Mono [bugfix] macOS, Notarization of packages [bugfix] macOS; "Unable to obtain elevated privileges (required): Object reference not set to an instance of an object" [bugfix] Linux, modprobe issue with zstd [new] Linux, new aarch64 build (for Raspberry OS 64 bit beta) [new] macOS, CLI portable without Mono [change] Bundled with latest OpenVPN, Hummingbird, stunnel [change] Minor UI fixes, font size in some linux distro, path normalization etc. Other feedback is under investigation, please have patience. Thx. Arch Linux package will be available as soon as possible. Direct APT repository for new aarch64 doesn't work yet, issue will be fixed as soon as possible.

@deltaman8 Hello! It's not an Eddie's problem for sure, as Eddie has nothing to do with remote inbound port forwarding. According to your description, especially here: it might be a problem on our side. Could you please open a ticket to start a more thorough investigation by the technical support persons? Kind regards

Hello! Thank you for your choice. In Eddie Android edition, you have connection settings for the quick, automatic connection option and then you can have specific connection settings for specific servers. Eddie can also rotate connection modes automatically when a connection mode fails to connect (it will try different transport protocols, different destination ports and different servers progressively). Maybe you have configured TCP for one thing and you use the other, so you end up always with UDP. There is only one exception to all of the above: the protocol for OpenVPN Data Channel, which will be always the same both for quick and servers connections (deliberate design reason, because not all of our servers support CHACHA20-POLY1305 on the Data Channel). Also remember that if you use an external profile, Eddie will respect the settings of the profile: it will override "Quick connect" and "Servers" settings (very useful for different providers and other aims). To set specific servers settings, including protocol, tap the gear icon in the AIRVPN SERVER view. To set your own default settings for the quick mode, use Settings > AirVPN and remember to set Quick connection mode to Use default options only and not Automatic. Kind regards

Hello! When you enter suspension state systemd sends SIGHUP to processes.Hummingbird reacts with "restart connection" when it receives SIGHUP. Core dump is unexpected and under investigation. @eburom The systemd unit is formally correct. Kind regards

@Pompelmo The reason is based on how OpenVPN works. You can't have two connections with identical certificate to the same daemon,: each subsequent connection will break the previous one. Anyway, if you don't need remote inbound port forwarding, you can connect multiple devices to the same VPN server by using a different certificate and key pair on each device, as explained in our guide here: https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/ Kind regards

Hello! It's very important to point out that Hummingbird is a process running in the userspace of a superuser. It is not designed to be a service. A real daemon is being developed and you will hear news soon. That said, we need additional information, and specifically: - what dependencies have been declared and their level - when Hummingbird is started (in particular before or after the network layer) - how and when systemd unit launches the service (we guess it's defined as a service and not as a target) About the core dump, please feel free to send us a bt (in a ticket or attached to an e-mail to support@airvpn.org ). Did you notice any change after some Arch update? Kind regards

@lindaburger Hello! We apologize for any inconvenience, it was a temporary problem on our side. Can you please try again now? [EDIT] IMPORTANT You might still have a JavaScript script causing the problem cached in the browser: make sure to delete or refresh (usually hit F5 on the web site page) your browser's cache if you still don't see "Download" button. Kind regards