Staff

@go558a83nk The main advantage over OpenVPN in terms of performance is the fact that Wireguard runs in the kernel space while OpenVPN runs in the userspace, Cipher CHACHA20 is available in OpenVPN too. It's slower than AES in AES-NI supporting systems, so it is very relevant only in those systems which do not support AES-NI, typically mobile and embedded devices based on ARM processors. So when Wireguard can't run in the kernel space (for example when you use it in Android or iOS) you lose that gain. The fact that Wireguard does not support TCP is bad for us, because it cuts out a very remarkable percentage of our users: those who have their ISP blocking or heavily shaping UDP, those who need to pass through some proxy (which supports only TCP) to get on to the Internet, and those who need to tunnel the VPN protocol over SSH or sTunnel. Kind regards

@HannaForest Hello! It's not less or more dangerous, it's just that data retention that's mandatory for residential ISPs is not a matter which affects our service, while data retention mandatory for datacenters is. Kind regards

@jx35552zza Hello! If you still have the old profile which caused the problem, could you send it to us in a ticket? From your description we think that it is corrupt and we would like to see how it got corrupted: we have some cases where the profile is corrupt and we would like to gather more information on the issue. Kind regards

@22lr Hello! We confirm that Hummingbird does not need Mono, so @eburom recommendation is good to resolve security concerns on Mono (remember anyway that Eddie's part running with root privileges is completely written in C++ and does not need Mono). We would like to add that in June we will announce a brand new software for Linux, a deep evolution of Hummingbird. Even the new software will not need Mono in any way. Kind regards

@HannaForest About countries in the EU, any mandatory data indiscriminate retention framework is illegal according to two different CJEU decisions, so any attempt to enforce it or incrimination for having failed to enforce it can be easily challenged up to the highest court. About UK, the legal framework does not seem to enforce mandatory data retention to datacenters, but as soon as UK will get out of the EU we will re-check the situation with the help of lawyers. About France, the difference is that data retention seems mandatory for "hosting providers" (sic), so datacenters might start logging metadata without our knowledge. We will study again and re-consider in the next months anyway. Kind regards

Hello! Today we're starting AirVPN tenth birthday celebrations! From a two servers service located in a single country providing a handful of Mbit/s, the baby has grown up to a wide infrastructure in 22 countries in three continents, providing now 240,000+ Mbit/s to tens of thousands of people around the world. In 2019 and 2020, software development enhancement has paid off: now AirVPN develops on its own an OpenVPN3 forked library which resolves various problems from the main branch and adds new features. The library is used in Hummingbird, a free and open source software for Linux and Mac, known for its speed and compactness, in Eddie Android edition and in a new software which will be announced in June. Hummingbird has been released even for ARM based Linux devices, and runs fine for example in Raspberry PI. Eddie Desktop edition has been extensively rewritten to improve performance, reliability and security. Now anything not related to the user interface is written in C++ and a lot of security hardening has been implemented. Total compatibility with macOS Catalina, Windows 10 and latest Linux distributions has been achieved, and specific packages for various, widespread Linux distributions are available for easier installation. Eddie can act as a GUI for Hummingbird in Linux and Mac, while in Windows, Eddie can also be easily configured to run OpenVPN 2.5 with the wintun driver to achieve remarkable OpenVPN performance boost and put Windows on par with other systems OpenVPN throughput ability. Furthermore, the wintun driver resolves various problems which affected TAP-Windows driver. Development for OpenBSD and FreeBSD has been unfortunately re-planned but we're glad to announce here that it will continue, starting from summer 2020. All AirVPN applications and libraries are free and open source software released under GPLv3. We think that it's somehow surprising that AirVPN not only survived, but even flourished for 10 years, in an increasingly competitive market and increasingly privacy hostile environment. No whistles and bells, no marketing fluff, no fake locations, no advertising on mainstream media, a transparent privacy policy, no trackers on the web site or in mobile applications, no bullshit of any kind in our infrastructure to sell your personal data to any personal data merchant, and above all a clear mission that is the very reason which AirVPN operates for https://airvpn.org/mission , are probably, all together, the factors which allowed such a small "miracle" and maybe make AirVPN unique. Thank you all, you users, customers, members of the community, moderators, developers: the small "miracle" happened because of you, because you saw something in AirVPN. Kind regards and datalove AirVPN Staff

@snrtd Please let's move on to the topic of Hummingbird latest release. Kind regards

@Point Zero Hello! On top of all those previous recommendations, also consider to test wintun driver, please see here: https://airvpn.org/forums/topic/46535-how-to-use-wintun-driver-in-windows/ Kind regards

@colorman Hello! When you get UDP send exception: send: Operation not permitted please check the firewall rules, store them and send them to us. @eburom Both cases are intended. We will check - (EDIT: bug confirmed); in general an UDP based profile is not compatible (explicit-exit-notify is incompatible with proto tcp) with protocol TCP. Maybe a better behavior might be: allow the override and let OpenVPN library throw the critical error, then exit. That's a design decision, we will check what the developer thinks about it. Kind regards

@colorman Hello! The quoted error is usually caused by a firewall rule blocking UDP, can you please check? Kind regards

@eburom Hello and thank you! We confirm the bug you found. It is being fixed and a new version will be released before the end of May. Kind regards

@eburom Last test has showed that Hummingbird behavior is correct. Of course we can discuss ad nauseam whether an error of this kind should cause Hummingbird to exit completely or not: shall we consider the superuser responsible for his/her actions and trust that he/she does not ignore error messages, or shall we consider him/her inept for his/her role? However, your previous report should be investigated if the issue re-occurs. That, indeed, shows an unexpected outcome, but as long as you can't reproduce it we can't do anything (we could not manage to reproduce it and it never came out during alpha, beta, RC testing...). Kind regards

@crypto1.0 Hello! In Raspbian 10 you don't have a module for table "security". You can safely ignore those warnings, as Network Lock rules will be set anyway, no need of that table. Kind regards

@eburom Can you please post complete log? Kind regards

Hello! The following article will help you resolve the issue: https://www.whatismybrowser.com/guides/how-to-enable-javascript/safari-ipad Currently javascript is essential for the Configuration Generator in our web site. Kind regards

@asunder52 Hello! Hummingbird changes DNS settings at the start of the VPN connection. After that any process with root privileges can change them again. It's not that Hummingbird keeps checking DNS settings continuously: it's superuser's responsibility to be aware of who/what can change DNS settings. What is your distribution name and exact version? Log can be useful anyway, yes. Just send it in its entirety please. Also check the content of your /etc/resolv.conf file while the problem is occurring. Kind regards

@jptor1234 Hello! It's a bug affecting Eddie 2.16.3, do you still see that log entry in Eddie 2.18.9 too, even if you had previously shut Eddie down properly? Kind regards

@Mrd0708 Hello! Each VPN server has ONE exit-IPv4 address which normally never changes (it might change only under exceptional circumstances). As long as you connect to the same VPN server you can reach your service on the same IP address. We also provide a DDNS included in any AirVPN plan which might come handy for your needs: https://airvpn.org/faq/ddns/ Kind regards

Hello! Just reflect on how the Internet works and you will find the answer: because your client tries to contact other peers and it finds peers which listen. Therefore if every and each peer could not listen, p2p could not exist. Without port forwarding you are doomed to become a parasite in the swarm because you can't be contacted by anyone asking for some chunk. More in general, if nobody could see unsolicited incoming packets, the whole Internet would not exist. Kind regards

Linux and macOS, anyway. Kind regards

Hello! If you don't need a GUI check Hummingbird: https://airvpn.org/hummingbird/readme/ Kind regards

@Saken Hello! We have multiple reports from several customers that show your very same problem. We paste below a solution from the support team which so far has worked fine for most of those customers. Kind regards ==== Please make sure that no antivirus or packet filtering tool interfere. Then, we recommend a test with the wintun driver (a new driver for the virtual tun/tap network adapter used by OpenVPN). It is remarkably more efficient than the TAP-Windows driver and it should also resolve the problem you are experiencing now. 1) Install OpenVPN 2.5 tech preview with wintun driver. You can download it from here: https://openvpn.net/download/openvpn-2-5_git-wintun-technology-preview/ Please make sure that the installer installs the wintun driver too. 2) Configure Eddie to run the new OpenVPN you have installed: from Eddie's main window select "Preferences" > "Advanced" in "OpenVPN custom path" select the proper OpenVPN binary file you have installed in point 1, through the file requester (by default and assuming that your HDD is C, it will be C:/Program Files/openvpn/bin/openvpn.exe) click "Save" 3) Configure Eddie to send a directive to OpenVPN to use the wintun driver: select "Preferences" > "OVPN Directives" from Eddie's main window in the directives field enter the following line: windows-driver wintun press ENTER at the end of the line click "Save" Test again connections to AirVPN servers via Eddie. Make sure to pick servers with high bandwidth availability, check in Eddie "Servers" window or here https://airvpn.org/status Kind regards ====

@Mrd0708 Hello! By default Hummingbird enables network lock. See also --network-lock option. Another good place where you can start Hummingbird at boot is /etc/rc.local If you stop Hummingbird properly with a SIGTERM, network lock will be disabled. If you wish to test network lock when Hummingbird is not running, kill Hummingbird with no grace: sudo kill -9 `pidof hummingbird` Your system will remain with firewall's network lock rules and VPN DNS set. When you're done, to restore your previous system settings, re-run Hummingbird with --recover-network option only. Kind regards

@harryhoudini Hello! You can achieve what you want in a minute or so. While Eddie is NOT running configure your firewall to block all traffic to the Internet. Make sure to allow traffic to and from localhost to avoid possible malfunction, and consider your local network too. When you run Eddie, activating Network Lock will also allow communications with Air infrastructure. When you shut down Eddie, the traffic to the Internet will be blocked again. Kind regards

Hello! We're sorry, inbound port forwarding currently does not work in IPv6. Kind regards