Staff

Thank you so much for your touching words and stellar feedback. And for your commitment in so many years.

However, were you really under the illusion that you could escape so easily?

Kind regards
 

Hello!

Passepartout can be run to connect to AirVPN servers by importing a WireGuard or OpenVPN profile generated by AirVPN's Configuration Generator.

Kind regards
 

Hello!

Starting from version 2.3, firewalld by default owns exclusively nftables tables generated by itself, thus preventing Eddie, Bluetit and Hummingbird Network Lock related operations. If you want to have Network Lock enabled and firewalld running at the same time, then you must configure firewalld by setting the following option:
NftablesTableOwner=no in firewalld's configuration file, usually /etc/firewalld/firewalld.conf .

After you have edited the configuration file with any text editor with root privileges, reload firewalld configuration or restart firewalld, and only then (re)start Bluetit, Hummingbird or Eddie. Additional insights:
https://discussion.fedoraproject.org/t/firewalld-add-flags-owner-persist-in-fedora-42/148835
https://forums.rockylinux.org/t/rocky-9-5-breaks-netfilter/16551

Kind regards
 

Hello!

We're very glad to inform you that a new 10 Gbit/s full duplex server located in Denver (CO), USA, is available: Torcular.

The AirVPN client will show automatically the new server; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard.

Torcular supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard.

Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

You can check the status as usual in our real time servers monitor .
 
Do not hesitate to contact us for any information or issue.

Kind regards & datalove
AirVPN Staff
 

Hello!

(Solved by disabling the route and DNS check).

Kind regards
 

Hello!

A very important update which improves the system dramatically has been finalized. Now you don't have to worry anymore about pools and p2p programs. Find the new features in the original message. The paragraphs that do not apply anymore appear with strike through characters. The new system is simpler, fully scalable and with zero impact on current and future users. Enjoy AirVPN!

Kind regards & datalove
AirVPN Staff
 

Hello!

We're very glad to inform you that a new 10 Gbit/s full duplex server located in Denver (CO), USA, is available: Torcular.

The AirVPN client will show automatically the new server; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard.

Torcular supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard.

Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

You can check the status as usual in our real time servers monitor .
 
Do not hesitate to contact us for any information or issue.

Kind regards & datalove
AirVPN Staff
 

Hello!

AirVPN Suite 2.0.0 beta 5 implements the required features:
https://airvpn.org/forums/topic/66706-linux-airvpn-suite-200-preview-available/?do=findComment&comment=247401

Kind regards
 

Hello!

It must be a bug in the Configuration Generator: only Marsic and Telescopium should be shown when "2.6 DCO" is selected. We are going to investigate. Thank you for the head up.

Kind regards
 

Hello!

It must be a bug in the Configuration Generator: only Marsic and Telescopium should be shown when "2.6 DCO" is selected. We are going to investigate. Thank you for the head up.

Kind regards
 

Hello!

We're very glad to inform you that AirVPN Suite version 2.0.0 alpha 1  is now available.
UPDATE 2023-11-24: version 2.0.0 alpha 2 is now available.
UPDATE 2024-05-14: version 2.0.0 beta 1 is now available.
UPDATE 2024-12-16: version 2.0.0 beta 2 is now available.
UPDATE 2025-02-13: version 2.0.0 beta 3 is now available.
UPDATE 2025-02-14: version 2.0.0 beta 4 is now available.
UPDATE 2025-04-04: version 2.0.0 beta 5 is now available.
UPDATE 2025-04-16: version 2.0.0 Release Candidate 1 is now available

PLEASE NOTE THAT FROM NOW ON COMPATIBILITY WITH DEBIAN 10 AND ITS DERIVATIVES IS LOST, MAINLY BECAUSE THE SUITE IS NOW C++20 COMPLIANT. x86_64 LEGACY VERSION IS SUITABLE FOR DEBIAN 11

AirVPN Suite 2.0.0 introduces AirVPN's exclusive per app traffic splitting system as well as some bug fixes, revised code in order to pave the way towards the final and stable release, WireGuard support, and the latest OpenVPN3-AirVPN 3.11 library. Please see the respective changelogs for a complete list of preliminary changes for each component of the suite. If you feel adventurous and you wish to test this beta version, please feel free to report any glitch, bug and problem in this very thread.
The 2.0.0 Release Candidate 1 Suite includes:
Bluetit: lightweight, ultra-fast D-Bus controlled system daemon providing full connectivity and integration to AirVPN servers, or generic OpenVPN and WireGuard servers. Bluetit can also enforce Network Lock and/or connect the system to AirVPN during the bootstrap Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN and WireGuard servers Hummingbird: lightweight and standalone binary for generic OpenVPN and WireGuard server connections Cuckoo: traffic split manager, granting full access and functionality to AirVPN's traffic split infrastructure airsu: a "run and forget" tool to automatically set and enable the user environment for the X.Org or Wayland based ecosystem without any user input
WireGuard support
 
WireGuard support is now available in Bluetit and Hummingbird. OpenVPN or WireGuard selection is controlled by Bluetit run control file option airvpntype or by Goldcrest option -f  (short for --air-vpn-type). Possible values: openvpn, wireguard. Default: openvpn. The option is documented in the 1.3.0 manual as well.

Bluetit run control file (/etc/airvpn/bluetit.rc) option:
airvpntype: (string) VPN type to be used for AirVPN connections. Possible values: wireguard, openvpn. Default: wireguard Goldcrest option:
--air-vpn-type, -f : VPN type for AirVPN connection <wireguard|openvpn>  
Suspend and resume services for systemd based systems

For your comfort, the installation script can create suspend and resume services in systemd based systems, according to your preferences. allowing a more proper management of VPN connections when the system is suspended and resumed. The network connection detection code has also been rewritten to provide more appropriate behaviour.

  Asynchronous mode

A new asynchronous mode (off by default) is supported by Bluetit and Goldcrest, allowing asynchronous connections. Network Lock can be used accordingly in asynchronous connections. Please consult the readme.md file included in every tarball for more information and details.
  Word completion on bash and zsh

Auto completion is now available by pressing the TAB key when entering any Goldcrest or Hummingbird option and filename on a bash or zsh interpreter. Auto completion files are installed automatically by the installation script.

 
AirVPN's VPN traffic splitting

AirVPN Suite version 2.0.0 introduces traffic splitting by using a dedicated network namespace, therefore completely separating the VPN traffic from unencrypted and "out of the tunnel" traffic. The VPN traffic is carried out in the default (main) namespace, ensuring all system data and traffic to be encrypted and tunneled into the VPN by default. No clear and unencrypted data are allowed to pass through the default namespace.
Any optional unencrypted data or clear network traffic must be explicitly requested by an authorized user with the right to run cuckoo, the AirVPN traffic split manager tool.

AirVPN's traffic splitting is enabled and controlled by Bluetit and by means of run control directives. The system has been created in order to minimize any tedious or extensive configuration, even to the minimal point of telling Bluetit to enable traffic splitting with no other setting.

In order to enable and control AirVPN's traffic splitting, the below new run control directives for /etc/airvpn/bluetit.rc have been introduced: allowtrafficsplitting: (on/off) enable or disable traffic splitting (unencrypted and out of the tunnel traffic) Default: off trafficsplitnamespace: (string) name of Linux network namespace dedicated to traffic splitting. Default: aircuckoo trafficsplitinterface: (string) name of the physical network interface to be used for traffic splitting. All the unencrypted and out of the tunnel data will pass through the specified network device/interface. In case this directive is not used and unspecified, Bluetit will automatically use the main network interface of the system and connected to the default gateway. Default: unspecified trafficsplitnamespaceinterface: (string) name of the virtual network interface to be associated to the Linux network namespace dedicated to traffic splitting. Default: ckveth0 trafficsplitipv4: (IPv4 address|auto) IPv4 address of the virtual network interface used for traffic splitting. In case it is set to 'auto', Bluetit will try to automatically assign an unused IPv4 address belonging to the system's host sub-network (/24) Default: auto trafficsplitipv6: (IPv6 address|auto) IPv6 address of the virtual network interface used for traffic splitting. In case it is set to 'auto', Bluetit will try to automatically assign an unused IPv6 address belonging to the system's host sub-network (/64) Default: auto trafficsplitfirewall: (on/off) enable or disable the firewall in Linux network namespace dedicated to traffic splitting. The firewall is set up with a minimal rule set for a very basic security model. Default: off AirVPN's traffic splitting is designed in order to minimize any further configuration from the system administrator. To actually enable traffic splitting, it is just needed to set "allowtrafficsplitting" directive to "on" and Bluetit will configure the traffic split namespace with the default options as explained above. When needed, the system administrator can finely tune the traffic splitting service by using the above directives.  
  Power and limitations
 
The adopted solution offers a remarkable security bonus in terms of isolation. For example, it gets rid of the dangerous DNS "leaks in" typical of cgroups based traffic splitting solutions. However, the dedicated namespace needs an exclusive IP address. If the system is behind a NAT (connected to a home router for example) this is not a problem, but if the system is not behind any NAT, i.e. it is assigned directly a public IP address, you will need another public IP address for the network namespace dedicated to traffic splitting. You will need to manually set the other public IP address on the trafficsplitipv4 or trafficsplitipv6 directive as the guessing abilities of Bluetit may work only within a private subnet. Please keep this limitation in mind especially if you want to run the Suite with per app traffic splitting on a dedicated or virtual server in some datacenter, as they are most of the times NOT behind any NAT.
 
Introducing Cuckoo, the AirVPN traffic splitting manager tool

Bluetit supports and implements a traffic splitting facility by using a dedicated network namespace.

AirVPN Traffic splitting is implemented by using a separate and independent network namespace, directly communicating with the system’s default gateway through a virtual interface associated to a physical network interface available in the system. This ensures a true separation of traffic between tunneled and encrypted VPN data from the unencrypted and clear data to be channeled out of the VPN tunnel. The unencrypted traffic generated within the traffic splitting network namespace will never pass through the default (main) namespace - which is under the VPN control - including, and most importantly, DNS requests.

To generate unencrypted and out of the tunnel traffic, any application software must be run inside the traffic split namespace by using the dedicated traffic split tool cuckoo which can be run by users belonging to the airvpn group only and it cannot be used by the superuser.

The usage is documented in the manual as well as on the inline help.
The traffic split namespace uses its own routing, network channels and DNS. It will not interfere or communicate in any way with the default namespace using its own encrypted tunnel. As for DNS, the traffic split namespace will use default system DNS settings.
 
Programs started with cuckoo are regular Linux processes and, as such, can be managed (stopped, interrupted, paused, terminated and killed) by using the usual process control tools. The programs started by cuckoo are assigned to the user who started cuckoo.

As a final note, in order to work properly, the following permissions must be granted to cuckoo and they are always checked at each run.
Owner: root
Group: airvpn
Permissions: -rwsr-xr-x (owner can read, write, execute and setuid; group can read and execute, others can read and execute)
 
Special note for snap packages users
Snap is a controversial, locking-in package management system developed by Canonical and praised by Microsoft. It packages applications as snaps, which are self-contained units that include all necessary dependencies and run in a sandboxed environment in its default namespace. Therefore, "snap" applications will bypass the order by the system via Cuckoo to have an application running in one specific namespace created for reverse traffic splitting. As a result, snap applications will jettison the Suite's reverse traffic splitting feature. Currently, you must avoid snap packages of those applications whose traffic must flow outside the VPN tunnel. The issue is particularly relevant ever since Ubuntu migrated certain packages exclusively to Snap, such as Chromium and Firefox. At the moment it is still possible to eradicate snap from various distributions, including Ubuntu, quickly.
 
Special note for firewalld users
Please read here, it's very important: https://airvpn.org/forums/topic/70164-linux-network-lock-and-firewalld/
  AirVPN Switch User Tool Airsu
Running an application in a graphical environment requires a user having a local environment properly set, in particular variables and access to specific sockets or cookies. They are usually set at the moment of graphical login, while they may not be properly set in case a user logged in by using the system tool su.
In this specific case the user will not probably be allowed to access the graphical environment, so any GUI application will not start.
AirVPN’s airsu is used for this specific purpose and configures the user environment to the current X.Org (X11) or Wayland based manager, thus allowing access to GUI applications when run through cuckoo.
 
Note on GUI software and Web Browsers
The previous limitations on browsers have been completely resolved. Furthermore, complete compatibility with Wayland based environment has been implemented.
Because of the specific Linux architecture and namespaces, some applications may need to specify the graphical environment in order to start and use the currently selected window manager on an X.Org (X11) or Wayland based habitat. Cuckoo can automatically do this by “injecting” predefined options to some preset applications, in particular those based on the chromium engines, most of them being web browsers. To see the list of predefined applications, please start cuckoo with --list-preset-apps option.

When running an application with cuckoo, the user should make sure to actually start a new instance. This is usually granted by starting an application from the command line (such as running it with cuckoo). By starting an application from the desktop environment this may not happen.
 
Download AirVPN Suite 2.0.0 Release Candidate 1
ARM 64 bit:
https://eddie.website/repository/AirVPN-Suite/2.0-RC1/AirVPN-Suite-aarch64-2.0.0-RC-1.tar.gz
https://eddie.website/repository/AirVPN-Suite/2.0-RC1/AirVPN-Suite-aarch64-2.0.0-RC-1.tar.gz.sha512

ARM 64 bit legacy:
https://eddie.website/repository/AirVPN-Suite/2.0-RC1/AirVPN-Suite-aarch64-legacy-2.0.0-RC-1.tar.gz
https://eddie.website/repository/AirVPN-Suite/2.0-RC1/AirVPN-Suite-aarch64-legacy-2.0.0-RC-1.tar.gz.sha512

ARM 32 bit:
https://eddie.website/repository/AirVPN-Suite/2.0-RC1/AirVPN-Suite-armv7l-2.0.0-RC-1.tar.gz
https://eddie.website/repository/AirVPN-Suite/2.0-RC1/AirVPN-Suite-armv7l-2.0.0-RC-1.tar.gz.sha512

ARM 32 bit legacy:
https://eddie.website/repository/AirVPN-Suite/2.0-RC1/AirVPN-Suite-armv7l-legacy-2.0.0-RC-1.tar.gz
https://eddie.website/repository/AirVPN-Suite/2.0-RC1/AirVPN-Suite-armv7l-legacy-2.0.0-RC-1.tar.gz.sha512

x86-64:
https://eddie.website/repository/AirVPN-Suite/2.0-RC1/AirVPN-Suite-x86_64-2.0.0-RC-1.tar.gz
https://eddie.website/repository/AirVPN-Suite/2.0-RC1/AirVPN-Suite-x86_64-2.0.0-RC-1.tar.gz.sha512

x86-64 legacy:
https://eddie.website/repository/AirVPN-Suite/2.0-RC1/AirVPN-Suite-x86_64-legacy-2.0.0-RC-1.tar.gz
https://eddie.website/repository/AirVPN-Suite/2.0-RC1/AirVPN-Suite-x86_64-legacy-2.0.0-RC-1.tar.gz.sha512

Changelogs
Changelogs are available inside each package.




Kind regards & Datalove AirVPN Staff

Hello!

We're very glad to inform you that a new 10 Gbit/s full duplex server located in Denver (CO), USA, is available: Torcular.

The AirVPN client will show automatically the new server; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard.

Torcular supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard.

Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

You can check the status as usual in our real time servers monitor .
 
Do not hesitate to contact us for any information or issue.

Kind regards & datalove
AirVPN Staff
 

Hello!

We're very glad to inform you that a new 10 Gbit/s full duplex server located in Denver (CO), USA, is available: Torcular.

The AirVPN client will show automatically the new server; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard.

Torcular supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard.

Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

You can check the status as usual in our real time servers monitor .
 
Do not hesitate to contact us for any information or issue.

Kind regards & datalove
AirVPN Staff
 

Hello!

A momentary outage of the datacenter (or part of it) that lasted for approximately 3 hours 42 minutes. You can also check the servers monitor to see all the details (click a server name to see specific server stats). https://airvpn.org/status

Kind regards
 

Hello!

We're very glad to inform you that Hummingbird 2.0.0 beta 1 for macOS (Mojave or higher version required) is available. Different native versions for Intel and M1/M2 based Mac computers are available for maximum performance.

UPDATE 2025-04-05: Hummingbird 2.0.0 beta 5 for macOS is available
UPDATE 2025-04-16: Hummingbird 2.0.0 Release Candidate 1 for macOS is available

Hummingbird is free and open source released under GPLv3: https://gitlab.com/AirVPN/AirVPN-Suite
Main features
  Lightweight and stand alone binary client supporting both OpenVPN and WireGuard No heavy framework required, no GUI Small RAM footprint Lightning fast Based on OpenVPN 3 library fork by AirVPN and WireGuard Robust leaks prevention through Network Lock based on pf Proper handling of DNS push by VPN servers New, more flexible Network Lock   What's new
 
linked against OpenVPN3-AirVPN 3.11 library all libraries and dependencies have been updated added complete WireGuard support by means of the official WireGuard tools provided by its developers. Installation of wg and wireguard-go binaries is currently required, as WireGuard library is not available on macOS. Please check the user's manual (README.md file included in the packages) WireGuard support section for comfortable, step by step instructions. new Network Lock related options offering more flexibility. Now you can accept or deny incoming, outgoing or both ICMP-echo packets, and independently you can permit or forbid IPv6 NDP, which is based on ICMPv6. The new options supported by Hummingbird (please check the readme file for additional details) are:
--allow-ping
--allow-ipv6ndp Apple ARM based systems version is now C++20 compliant (required by Sequoia)
 
 
Important note for high speed line users
Because of some architectural specifications and implementation in macOS Hummingbird may warn the user about shortage of buffer space, specifically when connected with the UDP. This condition is signaled by Hummingbird with the below messages in the log: UDP send exception: send: No buffer space available ERROR: NETWORK_SEND_ERROR The error is caused by the maximum network sockets size set in macOS, a value usually small and unsuited for modern high speed networks. The solution consists in increasing the maximum allowed size for socket buffers and, in case the problem persists, the number of mbuf clusters. The procedure is simple, please find out all the details in the manual. Open the README.md file with any viewer and consult the "Note on macOS and UDP" section.  
Download the software here:
  Apple silicon ARM based machines notarized package:
https://eddie.website/repository/hummingbird/2.0-RC1/hummingbird-macos-arm64-notarized-2.0.0-RC-1.zip
https://eddie.website/repository/hummingbird/2.0-RC1/hummingbird-macos-arm64-notarized-2.0.0-RC-1.zip.sha512


Apple silicon ARM based machines package:
https://eddie.website/repository/hummingbird/2.0-RC1/hummingbird-macos-arm64-2.0.0-RC-1.tar.gz
https://eddie.website/repository/hummingbird/2.0-RC1/hummingbird-macos-arm64-2.0.0-RC-1.tar.gz.sha512

Apple Intel based machines notarized package:
https://eddie.website/repository/hummingbird/2.0-RC1/hummingbird-macos-x86_64-notarized-2.0.0-RC-1.zip
https://eddie.website/repository/hummingbird/2.0-RC1/hummingbird-macos-x86_64-notarized-2.0.0-RC-1.zip.sha512

Apple Intel based machines package:
https://eddie.website/repository/hummingbird/2.0-RC1/hummingbird-macos-x86_64-2.0.0-RC-1.tar.gz
https://eddie.website/repository/hummingbird/2.0-RC1/hummingbird-macos-x86_64-2.0.0-RC-1.tar.gz.sha512

Kind regards & datalove
AirVPN Staff

Hello!

We're very glad to inform you that a new 10 Gbit/s full duplex server located in Denver (CO), USA, is available: Torcular.

The AirVPN client will show automatically the new server; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard.

Torcular supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard.

Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

You can check the status as usual in our real time servers monitor .
 
Do not hesitate to contact us for any information or issue.

Kind regards & datalove
AirVPN Staff
 

Hello!

We're very glad to inform you that a new 10 Gbit/s full duplex server located in Denver (CO), USA, is available: Torcular.

The AirVPN client will show automatically the new server; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637, 47107 and 51820 UDP for WireGuard.

Torcular supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard.

Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

You can check the status as usual in our real time servers monitor .
 
Do not hesitate to contact us for any information or issue.

Kind regards & datalove
AirVPN Staff
 

Hello!

We're sorry to inform you that, due to inadmissible requests from provider Contabo, which demanded the blocking of p2p-related protocols, we have decommissioned Mesarthim server in Germany. The infrastructure in Gemany remains oversized, also thanks to the recent addition of 10 Gbit/s line and server.

Kind regards
AirVPN Staff
 

Hello!

We're very glad to inform you that AirVPN Suite 2.0.0 Release Candidate 1 for Linux is now available. The original post link is updated to show the new download URLs. The important differences from beta 5 are:
a bug causing a crash when nft error messages exceeded a definite size has been fully addressed Bluetit features additional pause and re-connection attempts aimed at facilitating re-connection at system resume after suspension and other situations Hummingbirtd --allow-ping default value is now "output" Special note for firewalld users Please read here, it's very important: https://airvpn.org/forums/topic/70164-linux-network-lock-and-firewalld/

Please note that from now on compatibility with Debian 10 and its derivatives, that reached end of long term support and end of life on June 2024, is lost even for the legacy version, mainly because the Suite is now C++20 compliant. The legacy version remains suitable for Debian 11 and its derivatives.

Kind regards
 

Hello!

The failure probably comes from the fact that Eddie service can be installed only on systemd based systems. MX Linux by default uses SysVInit, according to the documentation. We deliver the AirVPN Suite for Linux that supports SysVInit too. In the Suite, Bluetit is a daemon that can run both on SysVInit and systemd based systems. If you are interested:
https://airvpn.org/forums/topic/66706-linux-airvpn-suite-200-preview-available/

Kind regards
 

Congrats to RC1! As someone who has used Hummingbird a few years back and then switched to Eddie for Wireguard Support, I am tempted to go back to Hummingbird when v2 is being released, as it now includes WireGuard as well - great news.

Just a minor thing: instead of mentioning availability for "M1/M2" based Macs, I would maybe change the wording to "Apple Silicone" or "Apple ARM" in general (writing this on my M4 MacBook). It might be a little confusing to some users when only certain M* chips are mentioned in the description.

Hello!

We're very glad to inform you that Hummingbird 2.0.0 Release Candidate 1 is now available for macOS, both for Intel and M1/M2/M3 based systems. The links to the latest RC 1 and the main changes have been updated in the first message of this thread. This version differs from beta 5 for some updates on the OpenVPN3-AirVPN library. Besides, the M1/M2/M3 version is now C++20 compliant.

Kind regards
 

Hello!

We're very glad to inform you that Hummingbird 2.0.0 beta 1 for macOS (Mojave or higher version required) is available. Different native versions for Intel and M1/M2 based Mac computers are available for maximum performance.

UPDATE 2025-04-05: Hummingbird 2.0.0 beta 5 for macOS is available
UPDATE 2025-04-16: Hummingbird 2.0.0 Release Candidate 1 for macOS is available

Hummingbird is free and open source released under GPLv3: https://gitlab.com/AirVPN/AirVPN-Suite
Main features
  Lightweight and stand alone binary client supporting both OpenVPN and WireGuard No heavy framework required, no GUI Small RAM footprint Lightning fast Based on OpenVPN 3 library fork by AirVPN and WireGuard Robust leaks prevention through Network Lock based on pf Proper handling of DNS push by VPN servers New, more flexible Network Lock   What's new
 
linked against OpenVPN3-AirVPN 3.11 library all libraries and dependencies have been updated added complete WireGuard support by means of the official WireGuard tools provided by its developers. Installation of wg and wireguard-go binaries is currently required, as WireGuard library is not available on macOS. Please check the user's manual (README.md file included in the packages) WireGuard support section for comfortable, step by step instructions. new Network Lock related options offering more flexibility. Now you can accept or deny incoming, outgoing or both ICMP-echo packets, and independently you can permit or forbid IPv6 NDP, which is based on ICMPv6. The new options supported by Hummingbird (please check the readme file for additional details) are:
--allow-ping
--allow-ipv6ndp Apple ARM based systems version is now C++20 compliant (required by Sequoia)
 
 
Important note for high speed line users
Because of some architectural specifications and implementation in macOS Hummingbird may warn the user about shortage of buffer space, specifically when connected with the UDP. This condition is signaled by Hummingbird with the below messages in the log: UDP send exception: send: No buffer space available ERROR: NETWORK_SEND_ERROR The error is caused by the maximum network sockets size set in macOS, a value usually small and unsuited for modern high speed networks. The solution consists in increasing the maximum allowed size for socket buffers and, in case the problem persists, the number of mbuf clusters. The procedure is simple, please find out all the details in the manual. Open the README.md file with any viewer and consult the "Note on macOS and UDP" section.  
Download the software here:
  Apple silicon ARM based machines notarized package:
https://eddie.website/repository/hummingbird/2.0-RC1/hummingbird-macos-arm64-notarized-2.0.0-RC-1.zip
https://eddie.website/repository/hummingbird/2.0-RC1/hummingbird-macos-arm64-notarized-2.0.0-RC-1.zip.sha512


Apple silicon ARM based machines package:
https://eddie.website/repository/hummingbird/2.0-RC1/hummingbird-macos-arm64-2.0.0-RC-1.tar.gz
https://eddie.website/repository/hummingbird/2.0-RC1/hummingbird-macos-arm64-2.0.0-RC-1.tar.gz.sha512

Apple Intel based machines notarized package:
https://eddie.website/repository/hummingbird/2.0-RC1/hummingbird-macos-x86_64-notarized-2.0.0-RC-1.zip
https://eddie.website/repository/hummingbird/2.0-RC1/hummingbird-macos-x86_64-notarized-2.0.0-RC-1.zip.sha512

Apple Intel based machines package:
https://eddie.website/repository/hummingbird/2.0-RC1/hummingbird-macos-x86_64-2.0.0-RC-1.tar.gz
https://eddie.website/repository/hummingbird/2.0-RC1/hummingbird-macos-x86_64-2.0.0-RC-1.tar.gz.sha512

Kind regards & datalove
AirVPN Staff

Hello!

We're very glad to inform you that AirVPN Suite 2.0.0 Release Candidate 1 for Linux is now available. The original post link is updated to show the new download URLs. The important differences from beta 5 are:
a bug causing a crash when nft error messages exceeded a definite size has been fully addressed Bluetit features additional pause and re-connection attempts aimed at facilitating re-connection at system resume after suspension and other situations Hummingbirtd --allow-ping default value is now "output" Special note for firewalld users Please read here, it's very important: https://airvpn.org/forums/topic/70164-linux-network-lock-and-firewalld/

Please note that from now on compatibility with Debian 10 and its derivatives, that reached end of long term support and end of life on June 2024, is lost even for the legacy version, mainly because the Suite is now C++20 compliant. The legacy version remains suitable for Debian 11 and its derivatives.

Kind regards
 

Hello!

We're very glad to inform you that AirVPN Suite 2.0.0 Release Candidate 1 for Linux is now available. The original post link is updated to show the new download URLs. The important differences from beta 5 are:
a bug causing a crash when nft error messages exceeded a definite size has been fully addressed Bluetit features additional pause and re-connection attempts aimed at facilitating re-connection at system resume after suspension and other situations Hummingbirtd --allow-ping default value is now "output" Special note for firewalld users Please read here, it's very important: https://airvpn.org/forums/topic/70164-linux-network-lock-and-firewalld/

Please note that from now on compatibility with Debian 10 and its derivatives, that reached end of long term support and end of life on June 2024, is lost even for the legacy version, mainly because the Suite is now C++20 compliant. The legacy version remains suitable for Debian 11 and its derivatives.

Kind regards