Staff

@Bohdan Kushnirchuk

Hello!

How to solve:
  To grant Terminal full disk access (except some specific critical directories) on macOS, follow these steps:
Open System Settings (or System Preferences):
On macOS Ventura and later, click the Apple menu at the top-left of your screen, then choose System Settings.
On macOS Monterey or earlier, choose System Preferences.
Go to Privacy & Security:
In System Settings (Ventura and later), select Privacy & Security in the left-hand menu.
In System Preferences (Monterey and earlier), click Security & Privacy, then go to the Privacy tab.
Select Full Disk Access:
In the Privacy & Security or Security & Privacy tab, scroll down and click Full Disk Access in the left menu.
Unlock Settings:
At the bottom-left of the window, you might need to click the lock icon and enter your admin password to make changes.
Add Terminal:
Once the lock is open, click the + button beneath the list of apps with Full Disk Access.
In the file chooser window that pops up, go to Applications > Utilities, and select Terminal.
Click Open to add it to the list.
Restart Terminal:
Close the Terminal app if it’s open, then reopen it to apply the changes.

 
2. Open the terminal and change ownership of the relevant files: sudo chown root /Applications/Eddie.app/Contents/MacOS/*
Kind regards
 

Hello!

Important update: OpenVPN 2.7 and DCO deployment entered its final stage. Check the update on this thread first message. Now you can start using OpenVPN + DCO on a wide portion of AirVPN infrastructure and very soon on all of it.

Kind regards & datalove
 

@Tech Jedi Alex

Hello!

Just to point out that age verification should have nothing to do with identity check. Various countries, the European Commission and some Italian bodies are studying methods of age verification that don't force the citizen to show his/her ID card at any step, and surely not to private entities they don't even know. If the UK wants to implement age verification through identity verification we don't know, but it would be a giant mistake that would allow potentially shady entities to steal and build highly reliable ID databases with huge monetary value on the black market. The Discord Hack catastrophe is a useful reminder https://www.404media.co/the-discord-hack-is-every-users-worst-nightmare/

Then of course you can debate ad nauseam about whether it is right or wrong that a person younger than 21, 18 or 16 should be forbidden to connect to a virtual private network, Tor, proxy, etc.

For the readers, our position is close to EFF position, see here: https://www.eff.org/issues/age-verification
 
We were with EDRi and EFF as usual, how can you not know?! Check our mission and endorsement page. The same must be said of some other VPNs to be honest.

Kind regards
 

What I mean by what you quoted was only now in 2026 when VPNs are soon to be 'in scope' (in UK) and surely covered elsewhere is that VPN providers finally starting to raise the alarms. 
That a VPN provider backs the EFF who was active early on is good and my comments aren't really directed at AirVPN whom I don't think has been as some of the 'leopards at my face' VPN providers I have seen on social media/tech news sites as of late.

Per the Discord hack, this is part of what I call the "big platform AV fallacy".  Not a single AV law requires *only* face scans and/or submitting an ID.
Every one allows third-party database checking.  In other words, for US and UK at least, simply typing in a phone # or inputting one's street address *and nothing more* for almost all users is enough.
Discord will stick to face scans/ID submissions because they are a freemium platform that wants to stay as much in the black as possible.
This means they will only use the verification methods with the highest friction as any user who doesn't want to do that has a high chance of never becoming a Nitro user/not that active on Discord to begin with.
Of course, they messed up badly per the leak but if they allowed third-party DB checking, there would not have been a leak to begin with (or at worst a significantly smaller one).
But just like some VPN providers (again, not Air), when the writing was on the wall leading up to AV bills working through the government, they were quiet.
Censorship may begin with the lowest hanging fruit (adult), but it will rise and affect other venues of free speech in good time.

Per the EU AV methods via an app/device, looks promising!  TBD per actual implementation.  I'm hopeful though.

Hello!

We're very glad to inform you that AirVPN Suite version 2.1.0 is now available for x86-64 and ARM based Linux systems. Our deepest gratitude is extended to the members of the outstanding testing community, whose generous support and discerning feedback have proved invaluable in identifying and resolving numerous issues.
 
The 2.1.0 Suite includes:
Bluetit: lightweight, ultra-fast D-Bus controlled system daemon providing full connectivity and integration to AirVPN servers, or generic OpenVPN and WireGuard servers. Bluetit can also enforce Network Lock and/or connect the system to AirVPN during the system bootstrap Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN and WireGuard servers Hummingbird: lightweight and standalone binary for generic OpenVPN and WireGuard server connections Cuckoo: traffic split manager, granting full access and functionality to AirVPN's traffic split infrastructure airsu: a "run and forget" tool to automatically set and enable the user environment for the X.Org or Wayland based ecosystem without any user input   WHAT'S NEW
 
NEW: extensive rewrite and improvement of network availability and default gateway detection NEW: option to tunnel or not IPv4 traffic over an IPv6 tunnel with air4to6 client option and airvpn4to6 run control directive (check the updated user's manual for details) NEW: cuckoo does not require libxml2 anymore updated libraries bug fix: Bluetit doesn't crash anymore with very large routing tables bug fix: IPv6 addresses parsing and management don't fail anymore in specific circumstances bug fix: airsu bash script doesn't fail anymore when the shell of the user starting it is not bash
AirVPN Suite 2.1.0 is free and open source software released under GPLv3. Source code is available on GitLab:
https://gitlab.com/AirVPN/AirVPN-Suite

AirVPN Suite 2.1.0 is available for x86-64, AArch64 (ARM 64 bit) and armv7l (ARM 32 bit) architectures. Legacy versions are also available. 
https://airvpn.org/linux/suite/

AirVPN Suite resources, links and forum:
https://airvpn.org/forums/topic/79336-airvpn-suite-resources/

Kind regards & datalove
AirVPN Staff
 

Happy late birthday, I recently came acress AirVPN, so I am a newbie here, but seems like a great service, sad I missed the promotion to test it long term for now, maybe another deal will be there this year again.

Happy late birthday. Thank you for providing a good product, and thank you all AirVPN staff for your efforts and hard work to maintain it. 

Hello!

We're very glad to inform you that AirVPN Suite version 2.1.0 is now available for x86-64 and ARM based Linux systems. Our deepest gratitude is extended to the members of the outstanding testing community, whose generous support and discerning feedback have proved invaluable in identifying and resolving numerous issues.
 
The 2.1.0 Suite includes:
Bluetit: lightweight, ultra-fast D-Bus controlled system daemon providing full connectivity and integration to AirVPN servers, or generic OpenVPN and WireGuard servers. Bluetit can also enforce Network Lock and/or connect the system to AirVPN during the system bootstrap Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN and WireGuard servers Hummingbird: lightweight and standalone binary for generic OpenVPN and WireGuard server connections Cuckoo: traffic split manager, granting full access and functionality to AirVPN's traffic split infrastructure airsu: a "run and forget" tool to automatically set and enable the user environment for the X.Org or Wayland based ecosystem without any user input   WHAT'S NEW
 
NEW: extensive rewrite and improvement of network availability and default gateway detection NEW: option to tunnel or not IPv4 traffic over an IPv6 tunnel with air4to6 client option and airvpn4to6 run control directive (check the updated user's manual for details) NEW: cuckoo does not require libxml2 anymore updated libraries bug fix: Bluetit doesn't crash anymore with very large routing tables bug fix: IPv6 addresses parsing and management don't fail anymore in specific circumstances bug fix: airsu bash script doesn't fail anymore when the shell of the user starting it is not bash
AirVPN Suite 2.1.0 is free and open source software released under GPLv3. Source code is available on GitLab:
https://gitlab.com/AirVPN/AirVPN-Suite

AirVPN Suite 2.1.0 is available for x86-64, AArch64 (ARM 64 bit) and armv7l (ARM 32 bit) architectures. Legacy versions are also available. 
https://airvpn.org/linux/suite/

AirVPN Suite resources, links and forum:
https://airvpn.org/forums/topic/79336-airvpn-suite-resources/

Kind regards & datalove
AirVPN Staff
 

Hello!

Eddie Android edition also features a database of 30+ QUIC signatures of real web sites, including Russia and China web sites. Each signature can be selected with a tap from the list. Eddie Android edition can also generate and export an AmneziaWG configuration file with the selected CPS to be directly used on different platforms and other Amnezia compatible software.

Kind regards
 

AIRVPN DOES NOT RECOGNIZE ANYMORE VERISIGN, AFILIAS AND ICANN AUTHORITY. OUR COMMITMENT AGAINST UNITED STATES OF AMERICA UNFAIR AND ILLEGAL DOMAIN NAMES SEIZURES.

The United States of America authorities have been performing domain names seizures since the end of 2010. The seizures have been performed against perfectly legal web-sites and/or against web-sites outside US jurisdiction.

Administrators of some of those web-sites had been previously acquitted of any charge by courts in the European Union.

The domain name seizures affect the world wide web in its entirety since they are performed bypassing the original registrar and forcing VeriSign and Afilias (american companies which administer TLDs like .org, .net, .info and .com) to transfer the domain name to USA authorities property. No proper judicial overview is guaranteed during the seizure.

Given all of the above, we repute that these acts:

- are a violation of EU citizens fundamental rights, as enshrined in the European Convention on Human Rights;
- are an attack against the Internet infrastructure and the cyberspace;
- are a strong hint which shows that decision capacities of USA Department of Justice and ICE are severely impaired;

and therefore from now on AirVPN does not recognize VeriSign, Afilias and/or ICANN authority over domain names. AirVPN refuses to resolve "seized" domain names to the IP address designated by USA authorities, allowing normal access to the original servers' websites / legitimate Ip addresses.

In order to fulfil the objective, we have put in place an experimental service which is already working fine. If you find anomalies, please let us know, the system will surely improve in time.

Kind regards
AirVPN admins

Hello!

We're very glad to inform you that AirVPN Suite version 2.1.0 is now available for x86-64 and ARM based Linux systems. Our deepest gratitude is extended to the members of the outstanding testing community, whose generous support and discerning feedback have proved invaluable in identifying and resolving numerous issues.
 
The 2.1.0 Suite includes:
Bluetit: lightweight, ultra-fast D-Bus controlled system daemon providing full connectivity and integration to AirVPN servers, or generic OpenVPN and WireGuard servers. Bluetit can also enforce Network Lock and/or connect the system to AirVPN during the system bootstrap Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN and WireGuard servers Hummingbird: lightweight and standalone binary for generic OpenVPN and WireGuard server connections Cuckoo: traffic split manager, granting full access and functionality to AirVPN's traffic split infrastructure airsu: a "run and forget" tool to automatically set and enable the user environment for the X.Org or Wayland based ecosystem without any user input   WHAT'S NEW
 
NEW: extensive rewrite and improvement of network availability and default gateway detection NEW: option to tunnel or not IPv4 traffic over an IPv6 tunnel with air4to6 client option and airvpn4to6 run control directive (check the updated user's manual for details) NEW: cuckoo does not require libxml2 anymore updated libraries bug fix: Bluetit doesn't crash anymore with very large routing tables bug fix: IPv6 addresses parsing and management don't fail anymore in specific circumstances bug fix: airsu bash script doesn't fail anymore when the shell of the user starting it is not bash
AirVPN Suite 2.1.0 is free and open source software released under GPLv3. Source code is available on GitLab:
https://gitlab.com/AirVPN/AirVPN-Suite

AirVPN Suite 2.1.0 is available for x86-64, AArch64 (ARM 64 bit) and armv7l (ARM 32 bit) architectures. Legacy versions are also available. 
https://airvpn.org/linux/suite/

AirVPN Suite resources, links and forum:
https://airvpn.org/forums/topic/79336-airvpn-suite-resources/

Kind regards & datalove
AirVPN Staff
 

Hello!

We're very glad to inform you that AirVPN Suite version 2.1.0 is now available for x86-64 and ARM based Linux systems. Our deepest gratitude is extended to the members of the outstanding testing community, whose generous support and discerning feedback have proved invaluable in identifying and resolving numerous issues.
 
The 2.1.0 Suite includes:
Bluetit: lightweight, ultra-fast D-Bus controlled system daemon providing full connectivity and integration to AirVPN servers, or generic OpenVPN and WireGuard servers. Bluetit can also enforce Network Lock and/or connect the system to AirVPN during the system bootstrap Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN and WireGuard servers Hummingbird: lightweight and standalone binary for generic OpenVPN and WireGuard server connections Cuckoo: traffic split manager, granting full access and functionality to AirVPN's traffic split infrastructure airsu: a "run and forget" tool to automatically set and enable the user environment for the X.Org or Wayland based ecosystem without any user input   WHAT'S NEW
 
NEW: extensive rewrite and improvement of network availability and default gateway detection NEW: option to tunnel or not IPv4 traffic over an IPv6 tunnel with air4to6 client option and airvpn4to6 run control directive (check the updated user's manual for details) NEW: cuckoo does not require libxml2 anymore updated libraries bug fix: Bluetit doesn't crash anymore with very large routing tables bug fix: IPv6 addresses parsing and management don't fail anymore in specific circumstances bug fix: airsu bash script doesn't fail anymore when the shell of the user starting it is not bash
AirVPN Suite 2.1.0 is free and open source software released under GPLv3. Source code is available on GitLab:
https://gitlab.com/AirVPN/AirVPN-Suite

AirVPN Suite 2.1.0 is available for x86-64, AArch64 (ARM 64 bit) and armv7l (ARM 32 bit) architectures. Legacy versions are also available. 
https://airvpn.org/linux/suite/

AirVPN Suite resources, links and forum:
https://airvpn.org/forums/topic/79336-airvpn-suite-resources/

Kind regards & datalove
AirVPN Staff
 

Hello!

We're very glad to inform you that Hummingbird 2.1.0 for macOS is available. Different native versions for Intel and ARM M1/M2/M3/M4/M5 based Mac computers are available for maximum performance.

On Intel based Mac systems, macOS 10.14 Mojave or higher version is required.
On ARM Mx based Mac systems, macOS 11 Big Sur or higher version is required.

Hummingbird is free and open source released under GPLv3: https://gitlab.com/AirVPN/AirVPN-Suite
Main features
  Lightweight and stand alone binary client supporting both OpenVPN and WireGuard No heavy framework required, no GUI Small RAM footprint Lightning fast Based on OpenVPN 3 library fork by AirVPN and WireGuard Robust leaks prevention through Network Lock based on pf Proper handling of DNS push by VPN servers New, more flexible Network Lock   What's new
 
all libraries and dependencies have been updated minor bug fixes
 
Important note for high speed line users
Because of some architectural specifications and implementation in macOS Hummingbird may warn the user about shortage of buffer space, specifically when connected with the UDP. This condition is signaled by Hummingbird with the below messages in the log: UDP send exception: send: No buffer space available ERROR: NETWORK_SEND_ERROR The error is caused by the maximum network sockets size set in macOS, a value usually small and unsuited for modern high speed networks. The solution consists in increasing the maximum allowed size for socket buffers and, in case the problem persists, the number of mbuf clusters. The procedure is simple, please find out all the details in the manual. Open the README.md file with any viewer and consult the "Note on macOS and UDP" section.  
Download the software here:
https://airvpn.org/macos/hummingbird/  

Kind regards & datalove
AirVPN Staff

We have kept the OP message to show the pervasiveness of the PRC's propaganda lackeys. We consider Taiwan (Republic of China) to be independent and autonomous from the PRC (People's Republic of China), as it is in fact. ipleak uses MaxMind and IANA databases to display results, and we are pleased that these are aligned with an anti-imperialist and democratic vision that is clearly unpalatable to the dictatorial regime of the PRC, which sees it as an obstacle to its expansionist ambitions.

Hello!

The translocation has been successfully avoided. Now, to resolve the problem, please open a terminal and enter the following command while Eddie is not running: sudo chown root /Applications/Eddie.app/Contents/MacOS/*
Important, if you get a "permission denied" error after you entered the above command please grant Full Disk Access to the Terminal App.

You can do it by selecting System Preferences > Security and Privacy > Privacy > Full Disk Access and then adding the Terminal app by pressing the "+" button and selecting it. Then open another terminal and repeat the above command

Finally re-start Eddie and test again.

Kind regards
 

Hello!

Network Lock is not permanent, so it will not survive a reboot. DNS settings are permanent. When you suffered a full disk error crash, probably Eddie could not restore system's previous DNS settings. VPN DNS settings remained most probably set and, since they are reachable only from inside the VPN, your system now can't resolve qualified domain names. You need to set proper DNS manually while Eddie is not running. It is a swift procedure, please see here:
https://support.apple.com/guide/mac-help/change-dns-settings-on-mac-mh14127/mac

If you need some suggestion on the public DNS choice, we usually recommend Quad9 and OpenNIC for their commitment to privacy and net neutrality. Primary Quad9 DNSv4 address: 9.9.9.9. OpenNIC: 195.10.195.195 
See also:
https://opennic.org
https://quad9.net

Kind regards
 

Hello!

Network Lock is not permanent, so it will not survive a reboot. DNS settings are permanent. When you suffered a full disk error crash, probably Eddie could not restore system's previous DNS settings. VPN DNS settings remained most probably set and, since they are reachable only from inside the VPN, your system now can't resolve qualified domain names. You need to set proper DNS manually while Eddie is not running. It is a swift procedure, please see here:
https://support.apple.com/guide/mac-help/change-dns-settings-on-mac-mh14127/mac

If you need some suggestion on the public DNS choice, we usually recommend Quad9 and OpenNIC for their commitment to privacy and net neutrality. Primary Quad9 DNSv4 address: 9.9.9.9. OpenNIC: 195.10.195.195 
See also:
https://opennic.org
https://quad9.net

Kind regards
 

Happy birthday Airvpn, great service all around!

Happy Birthday AirVPN! Been here since 2012. 🍻 

(fyi: I let Claude run over the code - I am no cpp developer)

Thank you for the quick response.

Regarding your question about running dockerd with zero or one virtual interface: stopping dockerd does not remove bridge interfaces or routes — they persist until reboot. We have not yet tested with only one interface, but the comparison with our second machine (same kernel, clean routing table, Bluetit works) strongly suggests the route count is the deciding factor.

Regarding the buffer, we believe we have identified the precise failure mechanism:

The socket is opened as SOCK_DGRAM (PF_NETLINK, SOCK_DGRAM). With SOCK_DGRAM netlink, the kernel splits the RTM_GETROUTE dump into multiple datagrams of approximately 4096 bytes each. The code at line 369 accumulates these into a fixed 8192 byte stack buffer:
https://gitlab.com/AirVPN/AirVPN-Suite/-/blob/master/src/network.cpp#L369

The failure sequence:
- Datagram 1: recv() returns ~4096 bytes → msgLen = 4096, buffer has 4096 bytes remaining
- Datagram 2: recv() returns ~4096 bytes → msgLen = 8192, buffer has 0 bytes remaining
- Datagram 3: recv(sock, bufPtr, sizeof(msgBuf) - msgLen) = recv(sock, bufPtr, 0) → returns 0
- NLMSG_OK(nlHdr, 0) evaluates nlmsg_len(16) <= 0 → false → throws "Received invalid packet from socket"

A system with few routes requires only 1-2 datagrams and fits comfortably in the 8192 byte buffer. A system with many routes (15+ Docker bridge interfaces) requires 3+ datagrams and hits this limit.

The fix would be to either use a dynamically allocated buffer that grows as needed, or switch to SOCK_RAW which allows reading the full dump in one call with a sufficiently large buffer.

We are happy to provide any additional information or testing to help reproduce and fix this.

Getting on for fifteen years for me. And yes, I did have to check the date on the first invoice

Happy Birthday AirVPN

Happy birthday. Been a customer since 2016

the major benefit being that ChaCha20-Poly1305 vs AES-256-GCM or AES-128-GCM on proper AES-NI supporting x86 machines can mean 2-3x the performance for the latter. 

Wireguard only supporting the former means either hardware can't keep up or we get into a good chunk of wasted cpu cycles for nothing.  

i'll wait until the full upgrade happens before switching over but I am thankful that AirVPN are going to number the providers who are supporting this finally. Thank you AirVPN. 

Hello!

Important update: OpenVPN 2.7 and DCO deployment entered its final stage. Check the update on this thread first message. Now you can start using OpenVPN + DCO on a wide portion of AirVPN infrastructure and very soon on all of it.

Kind regards & datalove
 

No problems so far 😃
Thanks Staff