Staff

@Hotty Capy Hello and thank you very much for your great feedback! Let's try and understand what happens with Bluetit during the system bootstrap. Please send us Bluetit log (cut out sensitive info if necessary) after the system has completed its startup sequence. From a terminal [emulator}: sudo journalctl | grep bluetit Kind regards

@YLwpLUbcf77U Hello! It's not something DD-WRT specific, it's an OpenVPN working mode. TLS mode is essential to use all the OpenVPN security features, including PFS. We only operate OpenVPN in TLS mode. When OpenVPN works in TLS mode, TLS Crypt encrypts the whole Control Channel from the very beginning, while TLS Auth does not. Therefore TLS Crypt hides to DPI OpenVPN protocol fingerprint and it's much harder blocking OpenVPN in TLS Crypt mode than blocking OpenVPN in TLS Auth mode. TLS Crypt and TLS Auth are mutually incompatible, and each OpenVPN daemon working as server can only work with TLS Auth or TLS Crypt. That's why we offer different IP addresses for TLS Crypt and TLS Auth modes: Also note that TLS Auth and TLS Crypt keys are different. A more elaborated and precise description can be found here (1st answer): https://serverfault.com/questions/929484/openvpn-2-4-security-differences-between-tls-crypt-and-tls-auth Kind regards

@Maggie144 Hello! To resolve names Hummingbird queries (via system) the DNS servers set in your system, can you please check those settings? Please make sure that publicly available DNS servers are set. If necessary, how to change DNS settings in macOS: https://serverguy.com/kb/change-dns-server-settings-mac-os/ Kind regards

Hello! Can you please make sure that you're running the notarized version for macOS Catalina and higher versions? Anyway this error is under investigation. Do you run macOS in an Intel or M1 based Mac? You might like to generate a configuration file for the country you want to connect to. In this way it's the record of the domain name contained in the configuration file which gets updated regularly to make the name resolve into the IP address of the "best" server in that country, so Hummingbird will connect to that one. Kind regards

Thank you @Kenwell . The last press release you translated clarifies important points and define more precisely the scenario which convinced the prosecutors of the necessity to crack DoubleVPN computers and later shut down servers. Kind regards

Hello! Thanks. It's still very vague, essentially a press release mentioning alleged crimes committed by the users, and not by the service administrators. However two sentences caught our attention: If the owners advertised the service for criminal activities, at least some form of "aiding, abetting, facilitating crime" is strongly suspected, and it's a crime itself in any legal framework we know. Here the prosecutor might mean that DoubleVPN operators/owners tried to remain anonymous? If so, that sounds like a bad premise for the owners of any service, as they must be available to be contacted timely by any competent authority, because in the EU and the USA, in order to keep the mere conduit status and/or any liability exception for the actions of the users, one of the requisites is that a service provider acts quickly to stop an ongoing illegal activity when it comes to know about such illegal activity. Of course, presumption of innocence stands, and it will be crucial to know exactly which laws would have been infringed by the service, and if the allegations will hold in court. Kind regards

Hello! We did not know DoubleVPN, in the last years dozens (hundreds?) of VPN have been born around the world and we know only a part of them. It's strictly necessary to know which exact law(s) of which legal framework(s) the service would have allegedly infringed. Perhaps we will know that only during the hearing, when we will also see whether the allegations and charges will hold in court. According to the articles you passed to us, it's not possible to comment properly at this stage. Does anyone have more precise information? Kind regards

@flat4 Hello! The agreements between intelligence offices to exchange information more liberally are irrelevant for our purposes, due to the nature of our service. They do not make the situation worse. You have absolutely no additional protection from traffic monitoring by intelligence agencies according to the location of the server, as Snowden documents show. If the adversary has such vast powers, our service is insufficient by itself alone in any case and in any country, and the only level of defense (which may be very effective!) is enforcing what we call "partition of trust". https://airvpn.org/forums/topic/54-using-airvpn-over-tor/?tab=comments#comment-1745 Provided that the target device is not compromised. of course... any attacker with vast power and precise targets will save time and efforts by simply cracking the device of the target, instead of hunting packets all around the world and correlating them. Kind regards

@monstrocity Hello! The errors and embezzlement caused by bogus copyright notices are notorious since 2008 at least. That's a decisive reason to understand how the graduated response must include the constitutional right to a due process, and that each copyright infringement claim must be validated or rejected by a court, if the alleged infringer wants to exercise her fundamental right to a due process with presumption of innocence. How bogus notices can be sent, and how a malicious user knowing your IP address can trivially cause an arbitrary amount of copyright notices to be sent to you, was well explained many years ago in the scientific paper "Why my printer received a DMCA takedown notice". http://dmca.cs.washington.edu/uwcse_dmca_tr.pdf The fact that, in spite of all the above, various companies still dream of automated graduated response and deletion of the right to a due process and the right to legal defense shows, in our opinion, the mental imbalance of certain persons and the hidden agenda to keep making money with bogus activities: business for companies which offer their services to monitor p2p swarms and automatically generate notices was quite big years ago. And it's also sad to see, when citizens defend the copyright mafia graduated response concept, how easily many citizens are inclined to renounce to fundamental, human rights. @ProphetPX The news you reported seem to be confirmed independently by TorrentFreak, which published a day earlier: https://torrentfreak.com/comcast-suspends-internet-connection-for-downloading-torrents-210630/ Kind regards

@cheapsheep @sooprtruffaut Hello! We aim at maintaining backward compatibility, but what you mention is a different case,. "Old" directives work as usual and have not been changed. New directives, which in previous versions were not available, have been added. Please note that country and aircountry are totally different directives, check the documentation: country: (string) ISO code of the country where your computer is located in. [...] aircountry: (string) Name of AirVPN country to be used for boot connection by means of airconnectatboot directive. In this specific case, airconnectatboot must be assigned to "country" option. When this mode is enabled, AirVPN connection will be established with the best performing server of the specified country. Default: empty. Moreover, please note that cipher and aircipher are also quite different directives with different purposes. Check the documentation again. https://airvpn.org/suite/readme/ As @cheapsheep noticed, in order to specify the data channel cipher for connectatboot mode, you need aircipher. This should resolve the error you experience. That said, this error will be investigated, because it might hide some bug according to your report. Kind regards

@OpenSourcerer Just to clarify that this is not "fake news": https://www.eff.org/deeplinks/2021/06/if-not-overturned-bad-copyright-decision-will-lead-many-americans-lose-internet A moderator can not threaten an ex ante, pre determined censorship based on the source of the information, be it a web site or anything else. Before you enforce your censorship power we gave you, you must cross-check and verify. If you are not able to do so beyond a reasonable doubt, or you have not the time or will to do so, do not censor. Kind regards

@MateoPeri Hello! We're sorry, you can't do that from within Hummingbird. You might catch from Hummingbird output (Hummingbird prints to stdout, so you can pipe its output trivially) the string "CONNECTED". When it is caught, you run what you want and (contrarily to OpenVPN) you are not forced to do it with root privileges, which is an important security bonus. If you run Linux, consider Bluetit. It sends a D-Bus event when a connection is established. The developer's documentation is being written and it may come handy for your use case too. Stay tuned in the "News" forum, when the documentation is ready we will announce it there. Kind regards

@frisof Hello! Geo-routing (aka "micro-routing") information is reported here: https://airvpn.org/forums/forum/10-websites-support/ If some web site is not reported and you notice a geo-routing in place, a possible explanation is that the web site uses a CDN we have already "geo-routed" for some other service. Feel free to report. Kind regards

Hello! Tables include data that's 7 years old (connection slots three, countries 16, servers 138?!? it's something from 2014), screenshots are taken from another web site, the concerns about the terms of service are taken from a fantasy world (*). They are so inept hat they even failed to report correctly our prices. They do not clearly state that they are paid by our competitors, while we always refuse to pay for reviews which is probably what bothers them most, because if this fair practice was widespread, there would be no more room for bogus reviews parasites. (*) Please read the Terms of Service yourself and you'll see. It's like in some part they are talking about some other VPN service, as if the article was a frankenstein-ish copy & paste and something went wrong with a mixture of different service reviews .🤣 Note that this thread will soon be moved to trash forum. Kind regards

@Terry Stanford Hello! That sounds partially wrong, please link us this answer because we can't find it. If it was from a Staff member it needs to be fixed. We do. Please keep us informed, or inform the support team, as you prefer. Kind regards

@Terry Stanford Hello! We just made sure that support team really passed the ticket to Eddie developer for additional investigation and we see that they did so on 2021-05-06. Unfortunately it seems that the issue could not be reproduced and therefore the bug you reported is still there and can't be found. Wait, do not twist words and basic meaning. You were told that when your Mac turns off the physical network interface it is unavoidable that a VPN connection is lost, because it's the physical connection to the Internet that gets lost, obviously. That said, we do understand your anger and frustration because your reports show a substantial range of malfunctions which would irritate anybody. Sadly the main problem (for any software) in such cases is when a malfunction is reported and nobody in the development team manages to reproduce it, no matter how they try. When a malfunction is invisible (not reproducible) on development and testing systems, you have no idea where to search for the bug(s) causing it. We would like to propose you something alternative which we see the support team did not: would you like to test Hummingbird and check what happens under the same conditions, in your Mojave system? Since when your problems started, a new and more efficient Hummingbird version has been released, and it runs (for throughput) a lot faster than the previous version as well as OpenVPN 2. About Hummingbird: https://airvpn.org/hummingbird/readme/ Yes we know, you will not have a GUI, but it would be a test which might provide some clue by comparison, and who knows, maybe Hummingbird will be less problematic than Eddie in your system. Kind regards

@ProphetPX Hello! The "graduated response" in the United States (aka "three strikes") was a voluntary agreement between ISPs and copyright holders to terminate the line of an alleged copyright infringer for several months or one year, without court order and inaudita altera parte (no right to defense ex ante) and put him/her in a black list so that he/she can't re-connect to the Internet with any other provider while he/she serves his/her sentence for the alleged, unproven behavior. The agreement was followed by most if not all ISPs from 2011 to 2017, causing tens of thousand of controversial disconnections. However, it had no impact at all on on the amount of copyright infringements and it was abandoned in 2017. Sony attempt might aim at transforming the abandoned voluntary agreement into an obligation by law as it is in France, New Zealand and South Korea for example, by eroding, through a legal precedent, the safe harbor liability exemptions in the USA for ISPs. The graduated response is totally ineffective against those who protect their traffic behind serious VPN services. https://en.wikipedia.org/wiki/Graduated_response https://en.wikipedia.org/wiki/Online_Copyright_Infringement_Liability_Limitation_Act Kind regards

@yatt007 Hello! The iP address you mention 116.203... is one of our IP addresses and it is used by a CH re-routing server. Puzzle solved. Kind regards

Hello! Nothing, it's a server side "problem", not Hummingbird's. If the server does not answer within 10 seconds Hummingbird will retry. The 10 seconds value can be modified via command line options (not possible via Eddie anyway). It seems an irrelevant issue anyway, so you might safely ignore it. Kind regards

@yatt007 Hello! It looks fine... and what are your Operating System name and exact version? Have you checked whether your system queries only VPN DNS? We forgot to tell you that one of the ways you can do that is browsing https://ipleak.net while your system is connected to the VPN. Kind regards

@Maggie144 Here: . 2021.06.16 14:19:55 - Hummingbird > EVENT: WAIT . 2021.06.16 14:20:05 - Hummingbird > Server poll timeout, trying next remote entry... the 10 seconds delay you notice are caused by the fact that the remote server does not answer within 10 seconds. The next attempt to the very same server is successful. Can you please try with Hummingbird alone (without Eddie) and check whether the same problem occurs? Kind regards

@Maggie144 Hello! We can't see this behavior, can you please send us the complete log? pf rules are 100% effective in M1 too. Kind regards

@yatt007 Hello! Yes, 95.110... is our geo-routing server in Italy. As you previously noted, geo-routing for some destination can be "on" or "off", it can't be "intermittent". Maybe the destination service uses a series of host names and IP addresses and some of them are re-routed and some are not, or maybe your system doesn't query all the times VPN DNS (the only way to be re-routed is querying VPN DNS). To begin with a preliminary verification, can you please check the second option, and make sure that your system only and exclusively queries VPN DNS? Kind regards

So what? Kind regards

@monstrocity Hello! Once again: the warnings you get are not an issue, they are intended and expected, and they must appear for the already mentioned reasons. HB 1.1.1. does not print them only because they were not implemented at that time, but Eddie invokes HB in the same way, so you should not use 1.1.1. You can safely run Eddie + Hummingbird 1.1.2 when you don't run systemd-resolved or when you run systemd-resolved configured to respect /etc/resolv.conf .- otherwise you must run Hummingbird alone, or Bluetit+Goldcrest. If the other issue re-occurs (that's the one unexpected issue) please do not forget to save the log, thanks in advance! @jrredho Both Bluetit and Hummingbird can handle swiftly DNS push & restore in Fedora 33 and 34, and in general under any systemd-resolved configuration (including the Windows-ish one Fedora picked as a default setting since 33 release). Fedora 34 is one of our primary development and testing environments so we are confident that you will have no problems at all with the new AirVPN Suite 1.1.0, but of course feel free to report. Kind regards