Staff

Hello!

Many thanks for all these information and insight. Indeed I completely agree with what you state.

Meanwhile, I identified the culprit of plasmashell crashing: a system resource plasmoid I use on the Plasma desktop background. If I remove it, no crashes happen anymore. So the safe solution is to report it to its owner/author. Despite this I was unable to crash and end Eddie GUI gracefully, so I might have misidentified this happening. That said I will keep an eye and report again if I find a reproducible way. And I understand this is beyond your control and thank you very much for the feedback.

Kind regards!

AIRVPN DOES NOT RECOGNIZE ANYMORE VERISIGN, AFILIAS AND ICANN AUTHORITY. OUR COMMITMENT AGAINST UNITED STATES OF AMERICA UNFAIR AND ILLEGAL DOMAIN NAMES SEIZURES.

The United States of America authorities have been performing domain names seizures since the end of 2010. The seizures have been performed against perfectly legal web-sites and/or against web-sites outside US jurisdiction.

Administrators of some of those web-sites had been previously acquitted of any charge by courts in the European Union.

The domain name seizures affect the world wide web in its entirety since they are performed bypassing the original registrar and forcing VeriSign and Afilias (american companies which administer TLDs like .org, .net, .info and .com) to transfer the domain name to USA authorities property. No proper judicial overview is guaranteed during the seizure.

Given all of the above, we repute that these acts:

- are a violation of EU citizens fundamental rights, as enshrined in the European Convention on Human Rights;
- are an attack against the Internet infrastructure and the cyberspace;
- are a strong hint which shows that decision capacities of USA Department of Justice and ICE are severely impaired;

and therefore from now on AirVPN does not recognize VeriSign, Afilias and/or ICANN authority over domain names. AirVPN refuses to resolve "seized" domain names to the IP address designated by USA authorities, allowing normal access to the original servers' websites / legitimate Ip addresses.

In order to fulfil the objective, we have put in place an experimental service which is already working fine. If you find anomalies, please let us know, the system will surely improve in time.

Kind regards
AirVPN admins

Hello!

It's by Telecomix, a group an AirVPN founder co-operated with! https://en.wikipedia.org/wiki/Telecomix

Kind regards
 

Hello!
 
We're very glad to announce that Eddie Android edition 4.0.0 Beta 1 is now available.
This is a major update: for the first time Eddie Android edition features AmneziaWG complete support.

Eddie Android edition is a fully integrated with AirVPN, free and open source client allowing comfortable connections to AirVPN servers and generic VPN servers offering compatible protocols. Eddie 4.0.0 aims primarily at adding, besides the already available OpenVPN and WireGuard, a thorough and comfortable AmneziaWG support. 

AmneziaWG is a free and open source fork of WireGuard by Amnezia inheriting the architectural simplicity and high performance of the original implementation, but eliminating the identifiable network signatures that make WireGuard easily detectable by Deep Packet Inspection (DPI) systems. It can operate in several different ways, including a fallback, "compatibility mode" with WireGuard featuring anyway various obfuscation techniques.
 
What's new in Eddie 4.0.0
  AmneziaWG support Amnezia WireGuard API updated OpenSSL, OpenVPN3-AirVPN and WireGuard libraries see the complete changelog below  
AmneziaWG overview
  From the official documentation: https://docs.amnezia.org/documentation/amnezia-wg AmneziaWG offers:
Dynamic Headers for All Packet Types (compatibility with WireGuard: YES)
During tunnel initialization, the library generates a set of random constants applied to each of the four WireGuard packet formats: Init, Response, Data, Under‑Load. These constants:
Replace predictable WireGuard packet identifiers; Shift offsets of Version/Type fields; Modify reserved bits. As a result, no two clients have identical headers, making it impossible to write a universal DPI rule.
 
Handshake Length Randomization (compatibility with WireGuard: NO)
In WireGuard, the Init packet is exactly 148 bytes, and the Response packet is exactly 92 bytes. AmneziaWG adds pseudorandom prefixes S1 and S2 (0-64 bytes by default):
len(init) = 148 + S1 len(resp) = 92  + S2 Offsets of the remaining fields are automatically adjusted, and MAC tags are recalculated accordingly. In order to keep backward compatibility with WireGuard, S1 and S2 must be set to 0. 
  Obfuscation Packets I1-I5 (Signature Chain) & CPS (Custom Protocol Signature) (compatibility with WireGuard: partial, with fallback)
Before initiating a "special" handshake (every 120 seconds), the client may send up to five different UDP packets fully described by the user in the CPS format. In this way AmneziaWG can mimic perfectly QUIC, DNS and other protocols adding powerful methods to circumvent blocks. QUIC is particularly interesting as HTTP/3 is built on it and currently, from Chrome and other compatible browsers, 50% of traffic to/from Google is QUIC traffic. Therefore, blocking QUIC may have major disruptions for any ISP.
 
Junk‑train (Jc) (compatibility with WireGuard: YES)
Immediately following the sequence of I-packets, a series Jc of pseudorandom packets with lengths varying between Jmin and Jmax is sent. These packets blur the timing and size profile of the session start, significantly complicating handshake detection.
 
Under‑Load Packet (compatibility with WireGuard: YES)
In WireGuard, a special keep-alive packet (“Under-Load”) is used to bypass NAT timeouts. AmneziaWG replaces its fixed header with a randomized one, the value of which can be set manually. This prevents DPI from filtering short ping packets, ensuring stable tunnel connections, especially on mobile networks.
 
 
How to use Eddie with AmneziaWG

To enable AmneziaWG mode, just tap the connection mode available in the main and other views. It will rotate between WireGuard, AmneziaWG and OpenVPN. Set it to AmneziaWG. In its default AmneziaWG mode, Eddie will use all the possible obfuscation, except protocol mimicking, that keeps WireGuard compatibility, thus allowing connections to AirVPN servers. The default settings choice was possible thanks to the invaluable support of persons living in countries where VPN blocks are widespread. Such settings have been tested as working and capable to bypass the current blocking methods in various countries. You may consider to modify them if they are ineffective to bypass "your" specific blocks.
  In Settings > Advanced, you will find, at the bottom of the page, a new "Custom Amnezia WG directives" item. By tapping it you will summon a dialog that will let you customize any possible AmneziaWG parameter.

You can maintain backward compatibility with WireGuard in the dialog WireGuard section, or enable the full AmneziaWG support in the Amnezia section, which is not compatible (at the moment) with AirVPN WireGuard servers. This mode will be mostly valuable in a not distant future, when AirVPN servers will start to support AmneziaWG natively. You may also enable QUIC or DNS mimicking for additional obfuscation efficacy. 

In order to maintain WireGuard backward compatibility, with or without QUIC or DNS mimicking, you must set:
S1 = S2 = 0
Hn ∈ {1, 2, 3, 4}
H1 ≠ H2 ≠ H3 ≠ H4

Furthermore, do not exceed the valid limit of the J parameters (anyway Eddie will not let you do it). In this preview version, Eddie's formal control of the input data is based on the following document. We strongly recommend you read it if you need to modify manually parameters:
https://github.com/amnezia-vpn/amneziawg-linux-kernel-module?tab=readme-ov-file#configuration


Please do not modify In parameters if you don't know exactly what you're doing. 

Eddie implements QUIC and DNS mimicking and random obfuscation packets for each specific "I" parameter (by using the corresponding "Generate" button). You can enable them with a tap on the proper buttons. You may mimic QUIC and DNS even to connect to WireGuard based servers.

When you enable QUIC mimicking and you maintain WireGuard backward compatibility, you add a powerful tool against blocks, because the first packets will be actual QUIC packets. AmneziaWG will fall back to WireGuard compatibility very soon. However, when DPI and SPI tools, and demultiplexers in general, identify the initial QUIC flow, most of them will be unable to detect a WireGuard flow for several minutes. This has been tested thoroughly with deep packet inspection on Linux and FreeBSD based machines by AirVPN staff.

Therefore, in different blocking scenarios the QUIC mimicking increases likelihood of successful block bypass. NOTE: the same does not happen with DNS mimicking. In this case DPI / SPI tools identify the stream initially as DNS, but are much quicker (just in a few dozens of packets) to identify the stream as WireGuard's, after the initial DNS identification.
 
If you decide to test, please report at your convenience any bug and problem in this thread. If possible generate a report from the app in a matter of seconds: by tapping the paper plane icon on the Log view bar rightmost side you will generate a full system report which will include both log and logcat and have it sent to our servers. Then you just need to send us the link the app shows you (open a ticket if you prefer to do it in private).  
Download link, checksum and changelog
https://eddie.website/repository/Android/4.0.0-Beta1/EddieAndroid-4.0.0-Beta-1.apk
 
This is a build debug package and side load is mandatory.
 
$ sha256sum EddieAndroid-4.0.0-Beta-1.apk 617269290a0406237646cc0885e5b10f3916252f89fe82ba9ccb947354980fcb EddieAndroid-4.0.0-Beta-1.apk
Changelog 4.0.0 (VC 37) - Release date: 26 November 2025 by ProMIND
Native Library
[ProMIND] updated to version 4.0.0, API 10 [ProMIND] added Amnezia WireGuard API [ProMIND] updated to OpenVPN-AirVPN 3.12 (20251126)
AirVPNUser.java
[ProMIND] getWireGuardProfile(): added Amnezia support

ConnectAirVPNServerFragment.java
[ProMIND] showConnectionInfo(): added AmneziaWG logo display [ProMIND] onCreateContextMenu(): added AmneziaWG items [ProMIND] onContextItemSelected(): added AmneziaWG items [ProMIND] added method loadVPNProfile()
ConnectVpnProfileFragment.java
[ProMIND] added Amnezia support
EddieLibraryResult.java
[ProMIND] added Amnezia WireGuard API
QuickConnectFragment.java
[ProMIND] onCreateView(): added AmneziaWG logo display [ProMIND] updateStatusBox(): added AmneziaWG logo display
SettingsActivity.java
[ProMIND] added "Custom AmneziaWG directives" setting
SettingsManager.java
[ProMIND] added Amnezia specific settings and methods
SupportTools.java [ProMIND] removed method getVPNProfile()
VPN.java
[ProMIND] added methods enableAmneziaWireGuard() and isWireGuardAmneziaEnabled()
VPNManager.java
[ProMIND] added method isWireGuardAmneziaEnabled()
VPNProfileDatabase.java
[ProMIND] added AMNEZIA type
WebViewerActivity.java
[ProMIND] EddieWebViewClient.shouldOverrideUrlLoading(): it now properly opens android asset files
WireGuardClient.java
[ProMIND] added WireGuard tunnel node to constructor  [ProMIND] added methods for generating Amnezia's junk settings
WireGuardTunnel.java
[ProMIND] added support for Amnezia WireGuard [ProMIND] added Mode enum [ProMIND] added tunnel node to constructor 
EddieLibrary.java
[ProMIND] added Amnezia WireGuard API
Kind regards & datalove
AirVPN Staff

Hello!

With WireGuard it's a very good choice as the DNS server IP address (10.128.0.1) is also the VPN gateway address, on every and each server since the WireGuard network is one.

With OpenVPN, you have different subnet on every server though and you can't rely on a fixed address. 10.4.0.1 is available on every server for DNS queries but does not respond to ping. You could consider to extract the gateway from the tun interface settings at each connection and ping that gateway.

Kind regards
 

Hello and welcome!

Another interesting use case is when you live in a country where trying to access the Tor network raises a red flag on you but the HTTP/3 (QUIC) traffic does not. So you first circumvent the blocks via some adequate VPN related protocol that looks like QUIC and only then you fire up Tor, so the regime can't trivially infer that you're trying to use Tor. Sometimes it is more practical and safer than struggling to find Tor bridges: a risk assessment is due, on a case by case basis.

Kind regards
 

We have kept the OP message to show the pervasiveness of the PRC's propaganda lackeys. We consider Taiwan (Republic of China) to be independent and autonomous from the PRC (People's Republic of China), as it is in fact. ipleak uses MaxMind and IANA databases to display results, and we are pleased that these are aligned with an anti-imperialist and democratic vision that is clearly unpalatable to the dictatorial regime of the PRC, which sees it as an obstacle to its expansionist ambitions.

@zimbabwe
@AG999
@Upre1943
@Stalinium
@Nonsense
@H12345h12345

Hello!

Eddie Android edition 4.0.0 preview implements full AmneziaWG support:
https://airvpn.org/forums/topic/77633-eddie-android-edition-400-preview-available/

Feel free to test and report back (bug, glitches...)!

Kind regards & datalove
AirVPN Staff

 

Hello!

An update:
https://www.eff.org/deeplinks/2025/12/after-years-controversy-eus-chat-control-nears-its-final-hurdle-what-know

Kind regards
 

Hello!

Be aware that 4 Mbit + 4 Mbit/s of guaranteed allocation is great for the pricing of AirVPN. Our competitors offer 0.0 (best effort, no minimum allocation guaranteed). Please consider that if residential ISPs in Europe had all of their customers connected simultaneously and requiring full bandwidth at the same time, the allocation by most of such ISPs (if performed equally for each customer) would be between 0.1 and 10 Mbit/s.

The biggest ISPs in Europe (example: TIM in Italy) have an average per residential customer consumption (fixed lines: in mobility much less) of 190 GB/month, which on average means 0.58 Mbit/s throughout the month. Residential networks are normally designed and sized on the basis of these values with congestion control (traffic shaping) during peak hours or any unexpected event.

Guaranteeing no overselling beyond 4 + 4 Mbit/s was and is even nowadays a significant effort by AirVPN. In practice, as you can see on the "Top User Speed" chart, users can easily beat 500 Mbit/s, there is no congestion. But if all customers connected at the same time (assuming a fair distribution on all servers) then everyone would anyway have 4 Mbit/s (4 + 4 server side).

Kind regards
 

Hello!
 
This is interesting.

We are gradually activating IPv6 on every server, but you have IPv6 disabled at OS level, and this causes a fatal error.

For the moment, you can:

- Reactivate IPv6
No good reason is known to disable IPv6 at OS level. If you are scared about IPv6 leak when connecting to servers without IPv6 support,
a cleaner solution is simply blocking IPv6 traffic with ip6tables.
 
OR
 
- Append the following directives in your .ovpn files:
 
pull-filter ignore "route-ipv6" pull-filter ignore "redirect-gateway ipv6" pull-filter ignore "dhcp-option DNS6" pull-filter ignore "tun-ipv6" pull-filter ignore "ifconfig-ipv6" redirect-gateway def1 bypass-dhcp  
This will skip IPv6 configuration of tunnel and avoid your error. We are considering related options to Config Generator.
 
Kind regards

Hello!

Please follow this message to quickly resolve the issue:
https://airvpn.org/forums/topic/26548-linux-ip-6-addr-add-failed/?do=findComment&comment=72069

The OP problem might be different so your case should not be discussed here.

Kind regards
 

Hello!
 
We're very glad to announce a special promotion on our long terms Premium plans.
 
You can get prices as low as 2.20 €/month with a three years plan, which is a 68% discount when compared to monthly plan price of 7 €.

You can also send an AirVPN plan as a gift: you have the option to print or send a colorful, dedicated picture with the code to activate the plan. You can do it in your account Client Area -> Your membership: Purchase and credit -> Print X-Mas after you have bought a coupon.
 
 
 
If you're already our customer and you wish to stay aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day.


Please check plans special prices on https://airvpn.org and https://airvpn.org/buy --- Promotion will end on January the 8th, 2026 (UTC).
 
AirVPN does not inspect and/or log client traffic and offers:
five simultaneous connections per account (additional connection slots available if needed) inbound remote port forwarding unmatched high performance - current 'all time high' on client side is 730 Mbit/s with OpenVPN and 2100 Mbit/s with WireGuard flexible and customizable opt-in block lists protecting you from adware, trackers, spam and other malicious sources. You can customize answers or exceptions globally, at account level or even at single device level. powerful API IPv6 full support comfortable management of your client certificates and keys AES-GCM and ChaCha20 OpenVPN ciphers on all servers Perfect Forward Secrecy with unique per-server 4096 bit Diffie-Hellman keys internal DNS. Each server runs its own DNS server. DNS over HTTPS and DNS over TLS are also supported. free and open source software client side software support to traffic splitting on an application basis on Android and Linux and on a destination basis on Windows and macOS GPS spoofing on Android application
AirVPN, in accordance with its mission, develops only free and open source software for many platforms, including Android, Linux (both x86 and ARM based systems), macOS and Windows.
Promotion due to end on 2026-02-08 (UTC).
 
Kind regards & datalove
AirVPN Staff

Hello!

We're very glad to inform you that the Black Friday weeks have started in AirVPN!

Save up to 74%
when compared to one month plan price
 
Check all plans and discounts here: https://airvpn.org/buy
 
If you're already our customer and you wish to jump aboard for a longer period, any additional subscription will be added on top of already existing subscriptions and you will not lose any day.

AirVPN is one of the oldest and most experienced consumer VPN on the market, operating since 2010. It never changed ownership and it was never sold out to data harvesting or malware specialized companies as it regrettably happened to several competitors. Ever since 2010 AirVPN has been faithful to its mission.

AirVPN does not inspect and/or log client traffic and offers:
five simultaneous connections per account (additional connection slots available if needed) state of the art and flexible inbound remote port forwarding active daemons load balancing for unmatched high performance - current 'all time high' on client side is 730 Mbit/s with OpenVPN and 2000 Mbit/s with WireGuard flexible and customizable opt-in block lists protecting you from adware, trackers, spam and other malicious sources. You can customize answers or exceptions globally, at account level or even at single device level. powerful API IPv6 full support comfortable management of your client certificates and keys AES-GCM and ChaCha20 OpenVPN ciphers on all servers Perfect Forward Secrecy with unique per-server 4096 bit Diffie-Hellman keys internal DNS. Each server runs its own DNS server. DNS over HTTPS and DNS over TLS are also supported. free and open source software client side software support to traffic splitting on an application basis on Android and Linux and on a destination basis on Windows and macOS GPS spoofing on Android application
AirVPN is the only VPN provider which is actively developing OpenVPN 3 library with a fork that's currently 330 commits ahead of OpenVPN master and adds key features and bug fixes for a much more comfortable and reliable experience:
https://github.com/AirVPN/openvpn3-airvpn

AirVPN, in accordance with its mission, develops only free and open source software for many platforms, including Android, Linux (both x86 and ARM based systems), macOS and Windows.
Promotion due to end on 2025-12-03 (UTC).

Kind regards & datalove
AirVPN Staff

@Bohdan Kushnirchuk

Hello!

How to solve:
  To grant Terminal full disk access (except some specific critical directories) on macOS, follow these steps:
Open System Settings (or System Preferences):
On macOS Ventura and later, click the Apple menu at the top-left of your screen, then choose System Settings.
On macOS Monterey or earlier, choose System Preferences.
Go to Privacy & Security:
In System Settings (Ventura and later), select Privacy & Security in the left-hand menu.
In System Preferences (Monterey and earlier), click Security & Privacy, then go to the Privacy tab.
Select Full Disk Access:
In the Privacy & Security or Security & Privacy tab, scroll down and click Full Disk Access in the left menu.
Unlock Settings:
At the bottom-left of the window, you might need to click the lock icon and enter your admin password to make changes.
Add Terminal:
Once the lock is open, click the + button beneath the list of apps with Full Disk Access.
In the file chooser window that pops up, go to Applications > Utilities, and select Terminal.
Click Open to add it to the list.
Restart Terminal:
Close the Terminal app if it’s open, then reopen it to apply the changes.

 
2. Open the terminal and change ownership of the relevant files: sudo chown root /Applications/Eddie.app/Contents/MacOS/*
Kind regards
 

Hello!

We're very glad to inform you that we have just published the Developer's Reference Manual for Bluetit by promind.

Bluetit, a core component of the AirVPN-SUITE, is a lightweight D-Bus controlled system daemon providing VPN connectivity through OpenVPN 3 AirVPN. Bluetit exposes a D-Bus interface which can be used by client applications in order to control the daemon and provide full interaction and connectivity with the whole AirVPN infrastructure.

The manual covers Bluetit infrastructure and architecture and provides a complete reference for all the AirVPN’s classes on which the suite is based. The goal is to give any developer who wishes to write a Bluetit client, or a tool providing AirVPN inter-connectivity, a complete reference about the internals of both Bluetit daemon and the AirVPN–SUITE C++ classes.

The tool to swiftly interact with the AirVPN infrastructure, repeatedly required by multiple AirVPN client developers in the past, is available and fully documented now.

The document is a significant step forward in the VPN market and a further AirVPN's commitment to transparency and openness..The availability of a Developer's Reference Manual allows, in fact, any user or developer to successfully and proficiently build an AirVPN client to best suit her or his own needs.

Should you decide to have a paper copy of the document, please consider that it is typeset for double side printing.

Bluetit Developer's Reference Manual has been written and typeset in the unrivaled (ça va sans dire) LaTeX 2ε and it is released under CC BY-NC-SA 4.0 International

You can download the manual here:
https://gitlab.com/AirVPN/AirVPN-Suite/-/blob/master/docs/Bluetit-Developers-Reference-Manual.pdf

directly from this message:
Bluetit-Developers-Reference-Manual.pdf

or in the AirVPN Suite for Linux download section.

Kind regards & datalove
AirVPN Staff

Hi Archaon1,
I'm glad I could help you.
Six months ago, I was just a newbie, but thanks to the community's help, I grew rapidly.
Now, I can finally help others too.
That's the meaning of a community.
Haha, it's really satisfying to help others.
🎉🎉🎉

I installed AmneziaVPN, downloaded generated configuration (Nederland) UPD 1637 and connected. It works with and without these changes in [Interface] section.
I did not change any other config values in AmneziaVPN.
Now, I tried to use EddieUI with default params and it works too! Looks like domestic regulators have holiday in Uzbekistan...
I will try again tomorrow.

Yes, the addition of the AmneziaWG protocol can solve the connection problems for most people at present, and I hope that AmneziaWG can be used for a long time. If in the future, when the existing protocol can no longer connect, I believe that AirVPN will add a new protocol to solve the connection problem. I will always believe in your technology and capabilities, and I believe that you will always let us breathe real internet. I will always love you, AirVPN. Keep it up!😘😘😘

Hello!

Not anymore, and even less in the near future. HTTP/3 is quickly spreading. Today, HTTP/3 is used by 36.5% of all the websites, including major web sites inside countries that enforce blocks against VPN. Furthemore, blocking UDP as such is no more realistic, not even in China, where UDP has become an instrumental protocol for many companies in any sector (video streaming, video conference, VoIP, marketing, social media marketing, regime propaganda and more), for regime aligned or regime owned activities.
 
In China you have a near 100% success rate and no shaping (apart from the normal shaping for anything outside China) with the current Amnezia "weak obfuscation" (no CPS) implementation, i.e. at the moment you don't even need QUIC mimicking (which is anyway available and very effective). Currently, bypassing blocks via UDP than via TCP is more efficient in China.
 
At the moment there is nothing more effective than mimicking QUIC with the signature / fingerprint of an existing web site that's not blocked, and you have this option right now. We see > 95% success rate, which is better than the success rates of SSH (not exceeding 75%), shadowsocks and XRay, V2Ray etc (but a lot faster!). The success rate is similar to any VPN protocol over HTTP/2, but, again, dramatically faster.
 
We're glad to know it. It is also very flexible. Thanks to CPS, you may mimic any transport layer protocol built on UDP, for example DNS, QUIC, SIP.

Kind regards
 

Hello!

The problem affects those users who run Eddie Desktop edition with OpenVPN and never logged out for more than a year, or use OpenVPN clients with configuration files generated before 2021. Since Eddie Desktop edition re-downloads certificates and keys only when the operator logs in, locally some certificates have expired because we extend their expiration date automatically at least one year in advance (three years normally).

Please try the following procedure to quickly resolve the problem:
run Eddie on Eddie's main window uncheck "Remember me" log your account out log your account in (you'll need to re-enter your AirVPN credentials) try again a connection Kind regards
 

Hello!

After a year of using AirVPN I'm very happy with the product. Website has no bloat whatsoever and it's super easy to find what you are looking for. A huge plus goes out for having an active forum available! Much better option compared to social media idiocies. Also port forwarding has been executed greatly - many other VPN services miss that altogether but even those which support it can't match AirVPN's easy-to-use robust system. Config generator is a great plus too since I'm using both WireGuard app and WireSock depending on the situation and needs. Both run just fine and very few VPN's could match this level of usability.

I sometimes have dissapointing speeds with P2P, but usually a simple server change fixes it.

Overall very happy customer. Please have a beer AirVPN staff, you've deserved it!

Hello!
 
We're very glad to announce that Eddie Android edition 4.0.0 Beta 1 is now available.
This is a major update: for the first time Eddie Android edition features AmneziaWG complete support.

Eddie Android edition is a fully integrated with AirVPN, free and open source client allowing comfortable connections to AirVPN servers and generic VPN servers offering compatible protocols. Eddie 4.0.0 aims primarily at adding, besides the already available OpenVPN and WireGuard, a thorough and comfortable AmneziaWG support. 

AmneziaWG is a free and open source fork of WireGuard by Amnezia inheriting the architectural simplicity and high performance of the original implementation, but eliminating the identifiable network signatures that make WireGuard easily detectable by Deep Packet Inspection (DPI) systems. It can operate in several different ways, including a fallback, "compatibility mode" with WireGuard featuring anyway various obfuscation techniques.
 
What's new in Eddie 4.0.0
  AmneziaWG support Amnezia WireGuard API updated OpenSSL, OpenVPN3-AirVPN and WireGuard libraries see the complete changelog below  
AmneziaWG overview
  From the official documentation: https://docs.amnezia.org/documentation/amnezia-wg AmneziaWG offers:
Dynamic Headers for All Packet Types (compatibility with WireGuard: YES)
During tunnel initialization, the library generates a set of random constants applied to each of the four WireGuard packet formats: Init, Response, Data, Under‑Load. These constants:
Replace predictable WireGuard packet identifiers; Shift offsets of Version/Type fields; Modify reserved bits. As a result, no two clients have identical headers, making it impossible to write a universal DPI rule.
 
Handshake Length Randomization (compatibility with WireGuard: NO)
In WireGuard, the Init packet is exactly 148 bytes, and the Response packet is exactly 92 bytes. AmneziaWG adds pseudorandom prefixes S1 and S2 (0-64 bytes by default):
len(init) = 148 + S1 len(resp) = 92  + S2 Offsets of the remaining fields are automatically adjusted, and MAC tags are recalculated accordingly. In order to keep backward compatibility with WireGuard, S1 and S2 must be set to 0. 
  Obfuscation Packets I1-I5 (Signature Chain) & CPS (Custom Protocol Signature) (compatibility with WireGuard: partial, with fallback)
Before initiating a "special" handshake (every 120 seconds), the client may send up to five different UDP packets fully described by the user in the CPS format. In this way AmneziaWG can mimic perfectly QUIC, DNS and other protocols adding powerful methods to circumvent blocks. QUIC is particularly interesting as HTTP/3 is built on it and currently, from Chrome and other compatible browsers, 50% of traffic to/from Google is QUIC traffic. Therefore, blocking QUIC may have major disruptions for any ISP.
 
Junk‑train (Jc) (compatibility with WireGuard: YES)
Immediately following the sequence of I-packets, a series Jc of pseudorandom packets with lengths varying between Jmin and Jmax is sent. These packets blur the timing and size profile of the session start, significantly complicating handshake detection.
 
Under‑Load Packet (compatibility with WireGuard: YES)
In WireGuard, a special keep-alive packet (“Under-Load”) is used to bypass NAT timeouts. AmneziaWG replaces its fixed header with a randomized one, the value of which can be set manually. This prevents DPI from filtering short ping packets, ensuring stable tunnel connections, especially on mobile networks.
 
 
How to use Eddie with AmneziaWG

To enable AmneziaWG mode, just tap the connection mode available in the main and other views. It will rotate between WireGuard, AmneziaWG and OpenVPN. Set it to AmneziaWG. In its default AmneziaWG mode, Eddie will use all the possible obfuscation, except protocol mimicking, that keeps WireGuard compatibility, thus allowing connections to AirVPN servers. The default settings choice was possible thanks to the invaluable support of persons living in countries where VPN blocks are widespread. Such settings have been tested as working and capable to bypass the current blocking methods in various countries. You may consider to modify them if they are ineffective to bypass "your" specific blocks.
  In Settings > Advanced, you will find, at the bottom of the page, a new "Custom Amnezia WG directives" item. By tapping it you will summon a dialog that will let you customize any possible AmneziaWG parameter.

You can maintain backward compatibility with WireGuard in the dialog WireGuard section, or enable the full AmneziaWG support in the Amnezia section, which is not compatible (at the moment) with AirVPN WireGuard servers. This mode will be mostly valuable in a not distant future, when AirVPN servers will start to support AmneziaWG natively. You may also enable QUIC or DNS mimicking for additional obfuscation efficacy. 

In order to maintain WireGuard backward compatibility, with or without QUIC or DNS mimicking, you must set:
S1 = S2 = 0
Hn ∈ {1, 2, 3, 4}
H1 ≠ H2 ≠ H3 ≠ H4

Furthermore, do not exceed the valid limit of the J parameters (anyway Eddie will not let you do it). In this preview version, Eddie's formal control of the input data is based on the following document. We strongly recommend you read it if you need to modify manually parameters:
https://github.com/amnezia-vpn/amneziawg-linux-kernel-module?tab=readme-ov-file#configuration


Please do not modify In parameters if you don't know exactly what you're doing. 

Eddie implements QUIC and DNS mimicking and random obfuscation packets for each specific "I" parameter (by using the corresponding "Generate" button). You can enable them with a tap on the proper buttons. You may mimic QUIC and DNS even to connect to WireGuard based servers.

When you enable QUIC mimicking and you maintain WireGuard backward compatibility, you add a powerful tool against blocks, because the first packets will be actual QUIC packets. AmneziaWG will fall back to WireGuard compatibility very soon. However, when DPI and SPI tools, and demultiplexers in general, identify the initial QUIC flow, most of them will be unable to detect a WireGuard flow for several minutes. This has been tested thoroughly with deep packet inspection on Linux and FreeBSD based machines by AirVPN staff.

Therefore, in different blocking scenarios the QUIC mimicking increases likelihood of successful block bypass. NOTE: the same does not happen with DNS mimicking. In this case DPI / SPI tools identify the stream initially as DNS, but are much quicker (just in a few dozens of packets) to identify the stream as WireGuard's, after the initial DNS identification.
 
If you decide to test, please report at your convenience any bug and problem in this thread. If possible generate a report from the app in a matter of seconds: by tapping the paper plane icon on the Log view bar rightmost side you will generate a full system report which will include both log and logcat and have it sent to our servers. Then you just need to send us the link the app shows you (open a ticket if you prefer to do it in private).  
Download link, checksum and changelog
https://eddie.website/repository/Android/4.0.0-Beta1/EddieAndroid-4.0.0-Beta-1.apk
 
This is a build debug package and side load is mandatory.
 
$ sha256sum EddieAndroid-4.0.0-Beta-1.apk 617269290a0406237646cc0885e5b10f3916252f89fe82ba9ccb947354980fcb EddieAndroid-4.0.0-Beta-1.apk
Changelog 4.0.0 (VC 37) - Release date: 26 November 2025 by ProMIND
Native Library
[ProMIND] updated to version 4.0.0, API 10 [ProMIND] added Amnezia WireGuard API [ProMIND] updated to OpenVPN-AirVPN 3.12 (20251126)
AirVPNUser.java
[ProMIND] getWireGuardProfile(): added Amnezia support

ConnectAirVPNServerFragment.java
[ProMIND] showConnectionInfo(): added AmneziaWG logo display [ProMIND] onCreateContextMenu(): added AmneziaWG items [ProMIND] onContextItemSelected(): added AmneziaWG items [ProMIND] added method loadVPNProfile()
ConnectVpnProfileFragment.java
[ProMIND] added Amnezia support
EddieLibraryResult.java
[ProMIND] added Amnezia WireGuard API
QuickConnectFragment.java
[ProMIND] onCreateView(): added AmneziaWG logo display [ProMIND] updateStatusBox(): added AmneziaWG logo display
SettingsActivity.java
[ProMIND] added "Custom AmneziaWG directives" setting
SettingsManager.java
[ProMIND] added Amnezia specific settings and methods
SupportTools.java [ProMIND] removed method getVPNProfile()
VPN.java
[ProMIND] added methods enableAmneziaWireGuard() and isWireGuardAmneziaEnabled()
VPNManager.java
[ProMIND] added method isWireGuardAmneziaEnabled()
VPNProfileDatabase.java
[ProMIND] added AMNEZIA type
WebViewerActivity.java
[ProMIND] EddieWebViewClient.shouldOverrideUrlLoading(): it now properly opens android asset files
WireGuardClient.java
[ProMIND] added WireGuard tunnel node to constructor  [ProMIND] added methods for generating Amnezia's junk settings
WireGuardTunnel.java
[ProMIND] added support for Amnezia WireGuard [ProMIND] added Mode enum [ProMIND] added tunnel node to constructor 
EddieLibrary.java
[ProMIND] added Amnezia WireGuard API
Kind regards & datalove
AirVPN Staff

AIRVPN DOES NOT RECOGNIZE ANYMORE VERISIGN, AFILIAS AND ICANN AUTHORITY. OUR COMMITMENT AGAINST UNITED STATES OF AMERICA UNFAIR AND ILLEGAL DOMAIN NAMES SEIZURES.

The United States of America authorities have been performing domain names seizures since the end of 2010. The seizures have been performed against perfectly legal web-sites and/or against web-sites outside US jurisdiction.

Administrators of some of those web-sites had been previously acquitted of any charge by courts in the European Union.

The domain name seizures affect the world wide web in its entirety since they are performed bypassing the original registrar and forcing VeriSign and Afilias (american companies which administer TLDs like .org, .net, .info and .com) to transfer the domain name to USA authorities property. No proper judicial overview is guaranteed during the seizure.

Given all of the above, we repute that these acts:

- are a violation of EU citizens fundamental rights, as enshrined in the European Convention on Human Rights;
- are an attack against the Internet infrastructure and the cyberspace;
- are a strong hint which shows that decision capacities of USA Department of Justice and ICE are severely impaired;

and therefore from now on AirVPN does not recognize VeriSign, Afilias and/or ICANN authority over domain names. AirVPN refuses to resolve "seized" domain names to the IP address designated by USA authorities, allowing normal access to the original servers' websites / legitimate Ip addresses.

In order to fulfil the objective, we have put in place an experimental service which is already working fine. If you find anomalies, please let us know, the system will surely improve in time.

Kind regards
AirVPN admins

Great!
Eddie finally supports AmneziaWG, and UDP finally has a masquerade protocol. Another protocol has been added to the list of protocols for bypassing China's Great Firewall.