Jump to content
Not connected, Your IP: 3.236.214.224

Staff

Staff
  • Content Count

    8972
  • Joined

    ...
  • Last visited

    ...
  • Days Won

    1302

Reputation Activity

  1. Haha
    Staff got a reaction from OpenSourcerer in New country: New Zealand - New 1 Gbit/s server available   ...
    So what?

    Kind regards
     
  2. Thanks
    Staff got a reaction from OpenSourcerer in Linux Hummingbird 1.1.2 with Eddie   ...
    @monstrocity

    Hello!

    Eddie handles DNS by itself. As @OpenSourcerer noted, Eddie runs Hummingbird with --ignore-dns-push. This happened even in the past, but HB 1.1.2 now logs more accurately and warns you that it has been ordered to ignore DNS push. Therefore you should upgrade to HB 1.1.2 and not use older versions anymore.

    An important implication of the above choice for Eddie is that Eddie + Hummingbird is not usable in systems where systemd-resolved is configured to not respect /etc/resolv.conf  settings (example: Fedora 33 and 34). In such systems Eddie should not be used as it can not handle DNS, while Hummingbird and Bluetit can.
     
    No, it's not a compatibility issue, it's only that Hummingbird by default handles DNS push.
     
    We can't reproduce the issue, can you please send us HB log showing the problem and any (if any) additional clue to reproduce the problem? Can you also tell us what you mean exactly with "Only logging out or restarting"?

    Kind regards
     
  3. Like
    Staff got a reaction from djmj0 in AirVPN 11th birthday celebrations   ...
    Hello!

    Today we're starting AirVPN eleventh birthday celebrations offering special discounts on longer term plans.

    It seems like it was only yesterday that we celebrated the 10th milestone birthday, and here we are, one year later already.
     
    From a two servers service located in a single country providing a handful of Mbit/s, the baby has grown up to a wide infrastructure in 22 countries in four continents, providing now 240,000+ Mbit/s to tens of thousands of people around the world.

    We still define it as a "baby", but AirVPN is now the oldest VPN in the market which never changed ownership, and it's one of the last that still puts ethics well over profit, a philosophy which has been rewarded by customers and users.

    2020 (and 2021 so far) have been harsh years for the mankind but we have no rights to complain too much because AirVPN was only marginally touched by those terrible repercussions which affected many other business sectors in general.

    In spite of that, we could not maintain our promise to deliver native software for FreeBSD and we apologize for the failure. However, releasing software for FreeBSD, specifically AirVPN Suite, remains one of our goals, so stay tuned.

    On the other hand, Eddie desktop edition, AirVPN Suite for Linux, Hummingbird for Linux and macOS, and OpenVPN 3 AirVPN library were updated substantially and swiftly.  Moreover, Eddie Android edition development has been recently re-opened to provide a new version updated to new requirements and specifications of Android 11 during 2021. Hummingbird was natively released for M1 based Apple Mac systems too, allowing a dramatic performance boost (up to +100% in >100 Mbit/s lines).

    Behind the scenes, infrastructure had some paramount improvements.

    The whole network in the Netherlands has been enlarged with additional redundancy and several servers around the world have had hardware upgrades. In Sweden and Switzerland we started operating servers connected to exclusive 10 Gbit/s lines and ports, and we optimized the environment to obtain more bandwidth from the OpenVPN processes. We managed to beat the previous 1.7 Gbit/s barrier. The performance on the customer side has improved and reached new peaks of excellence, as you can see here: https://airvpn.org/forums/topic/48234-speedtest-comparison/?do=findComment&comment=130191

    Furthermore, the infrastructure has become fully Wireguard capable and throughout 2021 we will start offering Wireguard connections, in addition to OpenVPN ones, in an hardened environment which mitigates the numerous privacy problems posed by Wireguard.

    Last but not least we re-started operations in a fourth continent, Oceania, with a new server in New Zealand.

    All AirVPN applications and libraries are free and open source software released under GPLv3.

    It's worth quoting literally what we wrote last year for AirVPN birthday:
     

    Kind regards and datalove
    AirVPN Staff
  4. Like
    Staff got a reaction from Flx in How to exclude apps from VPN   ...
    @cdysthe
    @Drk01

    Hello!

    If those solutions are too complex, you might consider a Virtual Machine. Nowadays software like VirtualBox and VMWare make running a VM a piece of cake, you just need some time (once and for all) to install an OS from scratch. Then you can connect only the VM to the VPN (exactly as you do now in your machine) and use the applications whose traffic must be tunneled only in the VM. Host traffic will remain out of the VPN.

    Kind regards
     
  5. Like
    Staff got a reaction from cyberskyway in Every VPN is slow for me, despite the well-reviewed VPNs I'm trying. Is it possible my ISP is causing this? I feel like someone's playing a joke on me   ...
    Hello!
     
    Nowadays, traffic shaping is a common practice. Several ISPs have evaluated that investing in traffic shaping techniques is better than investing in infrastructure expansion. Overselling becomes easier and the devastating congestion impact gets mitigated by enforcing penalties to all protocols which are rarely used by the majority of customers or that are more onerous for the infrastructure.
     
    Protocols and traffic types are discovered in real time via SPI and DPI.
     
    A VPN impairs traffic shaping techniques because it makes both SPI and DPI impotent. Therefore, ISPs that share the above vision (wild overselling and traffic shaping) need to shape VPN themselves, unconditionally. OpenVPN has a typical fingerprint, so it's easy to identify it with DPI. However, we provide connection modes which make OpenVPN not discernible. The most effective and at the same time efficient is a connection with "tls-crypt" which encrypts the whole OpenVPN Control Channel. It is available on entry-IP addresses 3 and 4 of our VPN servers.
     
    Please test the following one (in Eddie desktop edition):
    - from Eddie main window select "Preferences" > "Protocols"
    - untick "Automatic"
    - select the line with entry-IP address 3, port 443, protocol TCP. The row will be highlighted in blue
    - click "Save"
     
    tls-crypt will circumvent specific OpenVPN shaping, while TCP will get rid of UDP shaping, which is another commonly targeted protocol.
     
    UDP might be shaped or not in your line, so it's worth that you try it too.
     
    Eddie Android edition 2.0 connects to entry-IP address 3 by default. You might anyway need to change the protocol from UDP to TCP in the "Settings" if UDP is throttled.
     
    Kind regards
  6. Confused
    Staff got a reaction from cyberskyway in AirVPN does not recognize ICANN authority anymore   ...
    AIRVPN DOES NOT RECOGNIZE ANYMORE VERISIGN, AFILIAS AND ICANN AUTHORITY. OUR COMMITMENT AGAINST UNITED STATES OF AMERICA UNFAIR AND ILLEGAL DOMAIN NAMES SEIZURES.

    The United States of America authorities have been performing domain names seizures since the end of 2010. The seizures have been performed against perfectly legal web-sites and/or against web-sites outside US jurisdiction.

    Administrators of some of those web-sites had been previously acquitted of any charge by courts in the European Union.

    The domain name seizures affect the world wide web in its entirety since they are performed bypassing the original registrar and forcing VeriSign and Afilias (american companies which administer TLDs like .org, .net, .info and .com) to transfer the domain name to USA authorities property. No proper judicial overview is guaranteed during the seizure.

    Given all of the above, we repute that these acts:

    - are a violation of EU citizens fundamental rights, as enshrined in the European Convention on Human Rights;
    - are an attack against the Internet infrastructure and the cyberspace;
    - are a strong hint which shows that decision capacities of USA Department of Justice and ICE are severely impaired;

    and therefore from now on AirVPN does not recognize VeriSign, Afilias and/or ICANN authority over domain names. AirVPN refuses to resolve "seized" domain names to the IP address designated by USA authorities, allowing normal access to the original servers' websites / legitimate Ip addresses.

    In order to fulfil the objective, we have put in place an experimental service which is already working fine. If you find anomalies, please let us know, the system will surely improve in time.

    Kind regards
    AirVPN admins
  7. Thanks
    Staff got a reaction from colorman in Linux: AirVPN Suite 1.1.0 released   ...
    Hello!

    We're very glad to inform you that AirVPN Suite version 1.1.0 for Linux has been released. Check supported systems below

    The suite includes:
    Bluetit: lightweight, ultra-fast D-Bus controlled system daemon providing full connectivity and integration to AirVPN servers, or generic OpenVPN servers. Bluetit can also enforce Network Lock and/or connect the system to AirVPN during the bootstrap Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN servers Hummingbird: lightweight and standalone binary for generic OpenVPN server connections
    All the software is free and open source, licensed under GPLv3.  
    What's new in 1.1.0 version
     
    full compatibility with OSMC, Open Source Media Center enhanced compatibility with Raspbian persistent Network Lock implementation, useful for example to enforce prompt Network Lock during system bootstrap and prevent traffic leaks caused by processes at bootstrap (**). Use directive networklockpersist in bluetit.rc to enable Network Lock as soon as Bluetit starts, regardless of network status and connection attempts revisited Network Lock logic for additional safety new directives for bluetit.rc: networklockpersist, connectretrymax and aircipher enhanced DNS handling for peculiar systemd-resolved operational modes more rigorous handling of events through semaphore implementation new D-Bus methods for Network Lock aimed at easier control by clients. Developer's documentation will be published soon crash caused by systemd signal flooding has been resolved libcurl crash in OSMC and other systems has been fixed crash in some 32 bit systems has been fixed logical flaw causing Network Lock missed activation in case of account login failure has been fixed various bug fixes see the changelog below for more information and details   Important notes
    (**) Ponder the option carefully if your machine needs network sync via NTP or other network services outside the VPN during the bootstrap phase
    (***) Fedora 33 and openSUSE 15.2 users beware: we have noticed that in freshly installed Fedora 33 libcurl cannot find CA LetsEncrypt certificates and this will prevent Bluetit from detecting the country from ipleak.net. In this case, you can overcome this bug by using the country directive in bluetit.rc file, therefore avoiding the need to contact ipleak.net web site.
      AirVPN Suite changelog

     
    Version 1.1.0 - 4 June 2021
    [ProMIND] vpnclient.hpp: restoreNetworkSettings() now returns a warning in case backup files are not found [ProMIND] vpnclient.hpp: restoreNetworkSettings() improved restoring management with more cases/scenarios [ProMIND] updated all dependencies and libraries
    Version 1.1.0 RC 4 - 14 May 2021
    [ProMIND] optionparser.cpp: added proper message errors in case of invalid argument and allocation memory error [ProMIND] netfilter.cpp: systemBackupExists() now evaluate every firewall mode backup file name [ProMIND] netfilter.cpp: restore() now check for every firewall mode backup and restore it accordingly [ProMIND] netfilter.cpp: IPv6 rules are now allowed or added only in case IPv6 is available in the system
    Version 1.1.0 RC 3 - 16 April 2021
    [ProMIND] Updated to OpenVPN 3.7 AirVPN [ProMIND] vpnclient.hpp: avoid netFilter setup in case NetFilter object is not private [ProMIND] dbusconnector.cpp: fine tuned D-Bus wait cycle in R/W dispatch. Implemented a thread safe wait in order to avoid D-Bus timeout policy
    Version 1.1.0 RC 1 - 7 April 2021
    Release Candidate, no change from Beta 2
    Version 1.1.0 Beta 2 - 2 April 2021
    [ProMIND] localnetwork.cpp: added getDefaultGatewayInterface() method
    Version 1.1.0 Beta 1 - 11 March 2021
      [ProMIND] rcparser.cpp: removed formal list control for STRING type [ProMIND] netfilter.hpp, netfilter.cpp: added functions to set the availability of specific iptables tables in order to properly use available tables only [ProMIND] vpnclient.hpp: onResolveEvent() sets iptables tables according to the loaded modules [ProMIND] vpnclient.hpp: Changed constructor in order to use both private and external NetFilter object [ProMIND] localnetwork.cpp: added getLoopbackInterface(), getLocalIPaddresses() and getLocalInterfaces() methods [ProMIND] airvpntools.cpp: added detectLocation() method to retrieve location data from ipleak.net [ProMIND] airvpnuser.cpp: detectUserLocation() now uses AirVPNTools::detectLocation() [ProMIND] airvpnuser.cpp: loadUserProfile() now correctly sets userProfileErrorDescription in case of network failure [ProMIND] airvpnserverprovider.cpp: added "DEFAULT" rule to getUserConnectionPriority() in case user's country or continent is undefined [ProMIND] airvpnmanifest.cpp: loadManifest() now correctly sets the status STORED in case of network failure [ProMIND] Added Semaphore class [ProMIND] dnsmanager.hpp: method revertAllResolved() renamed to restoreResolved(). Besides reverting all interfaces it now restarts systemd-resolved service as well. [ProMIND] install.sh: improved update/upgrade process   Bluetit changelog
     
    Version 1.1.0 - 4 June 2021 [ProMIND] Client option "network-lock" is now forbidden in case persistent network lock is enabled [ProMIND] Avoid network lock initialization in case persistent network lock is enabled and client is requiring an OpenVPN connection from profile [ProMIND] --air-list option now accepts "all" for sub options --air-server and --air-country [ProMIND] AirVPN Manifest update suspended in case Bluetit is in a dirty status [ProMIND] Changed systemd unit in order to prevent the obnoxious SIGKILL signal inappropriately sent before stop timeout completion and for no logical or practical reason when Bluetit is properly and neatly terminating in response to a legal and expected SIGTERM   Version 1.1.0 RC 4 - 14 May 2021 [ProMIND] Added directives airipv6 and air6to4 in bluetit.rc [ProMIND] In case it is requested a network recovery, VpnClient object is now initialized with NetFilter::Mode::OFF [ProMIND] In case the requested network lock method is not available, connection is not started [ProMIND] In case system location cannot be determined through ipleak.net, country is now properly set to empty, latitude and longitude to 0. [ProMIND] Persistent network lock is enabled only in case Bluetit status is clean [ProMIND] AirVPN boot connection is started only in case Bluetit status is clean [ProMIND] DNS backup files are now properly evaluated when determining dirty status [ProMIND] Added D-Bus commands "reconnect_connection" and "session_reconnect"
    Version 1.1.0 Beta 2 - 2 April 2021 [ProMIND] Gateway and gateway interface check at startup. Bluetit won't proceed until both gateway and gateway interface are properly set up by the system [ProMIND] Increased volume and rate data sizes for 32 bit architectures [ProMIND] Added aircipher directive to bluetit.rc [ProMIND] Added maxconnretries directive to bluetit.rc
    Version 1.1.0 Beta 1 - 11 March 2021 [ProMIND] connection_stats_updater(): now uses server.getEffectiveBandWidth() for AIRVPN_SERVER_BANDWIDTH [ProMIND] added bool shutdownInProgress to control bluetit exit procedure and avoid signal flooding [ProMIND] system location is detected at boot time and eventually propagated to all AirVPN users [ProMIND] Network lock and filter is now enabled and activated before AirVPN login procedure [ProMIND] Added dbus methods "enable_network_lock", "disable_network_lock" and "network_lock_status" [ProMIND] Renamed bluetit.rc directive "airconnectonboot" to "airconnectatboot" [ProMIND] Added bluetit.rc directive "networklockpersist"   Goldcrest changelog

    Version 1.1.0 - 4 June 2021
     [ProMIND] Production release
    Version 1.1.2 RC 4 - 14 May 2021
    [ProMIND] DNS backup files are now properly evaluated when determining dirty status [ProMIND] ProfileMerge is now constructed by allowing any file extension [ProMIND] Reconnection (SIGUSR2) is now allowed only in case tun persistence is enabled

    Version 1.1.2 - 2 April 2021
    [ProMIND] Updated base classes Hummingbird changelog

    Version 1.1.2 - 4 June 2021
    [ProMIND] updated all dependencies and libraries
    Version 1.1.2 RC 4 - 14 May 2021
    [ProMIND] DNS backup files are now properly evaluated when determining dirty status [ProMIND] ProfileMerge is now constructed by allowing any file extension [ProMIND] Reconnection (SIGUSR2) is now allowed only in case tun persistence is enabled  

    Architecture

    The client-daemon architecture offered by Goldcrest and Bluetit combination offers a robust security model and provides system administrators with a fine-grained, very flexible access control.

    Bluetit is fully integrated with AirVPN. The daemon is accessed through a D-Bus interface by providing specific methods and interface in order to give full support to OpenVPN connection and AirVPN functionality, including - but not limited to - quick automatic connection to the best AirVPN server for any specific location as well as any AirVPN server or country. Connection during system bootstrap is fully supported as well.  
    New OpenVPN 3 library features

    Hummingbird and Bluetit are linked against a new version of our OpenVPN 3 library which supports directive data-ciphers: it can be used consistently with OpenVPN 2.5 syntax in OpenVPN profiles.

    The directive allows OpenVPN 3 based software to negotiate a common Data Channel cipher with the OpenVPN server,, updating therefore our library to ncp-like negotiation with OpenVPN 2 branch. Hummingbird and Bluetit are already linked against the new library version, while Eddie Android edition will be updated in the near future.

    The new library also includes a different handling of IV_CIPHERS variable, fixing OpenVPN main branch issues which caused a plethora of problems with OpenVPN 2.5. The implementation, at the same time, takes care of full backward compatibility with OpenVPN versions older than 2.5.

    ncp-disable directive, which to date has never been implemented in the main  branch, is still supported, in order to further enhance backward compatibility with both OpenVPN profiles and servers, as well as connection flexibility with servers running older than 2.5 OpenVPN versions.

    Please note that if you enforce a specific Data Channel cipher by means of Bluetit configuration file, Hummingbird line option, or Goldcrest configuration file and/or line option, the enforced Data Channel cipher will override data-ciphers profile directive.
      Notes on systemd

    Users running Linux distributions which are not based on systemd can safely ignore this section.
      1

    Superusers of linux-systemd systems must be aware that systemd unit configuration file has been changed in order to circumvent a systemd critical bug which causes two obnoxious SIGKILL signals inappropriately sent before stop timeout completion and for no logical or practical reason when Bluetit is properly and neatly terminating in response to a legal and expected SIGTERM. The only known workaround so far to compensate the bug is forbidding systemd to send SIGKILL to Bluetit. The bug affects at least systemd versions 205, 214, 234, 246, but it might affect other versions too.
      2

    In Fedora 33 systemd-resolved comes pre-configured to work in "on-link" mode and network-manager works together with it.

    This very peculiar, Windows-like setup kills Linux global DNS handling, causing those DNS leaks which previously occurred only on Windows. Hummingbird and Bluetit take care of preventing the brand new DNS leaks caused by such a setup.

    Also note that systemd-resolved comes pre-configured with fallback DNS (Google DNS is a systemd-resolved default fallback DNS, smart choices pile up!) which will be queried if each interface DNS server fails some resolution. In such a case, if and only if you have Network Lock enabled will DNS leaks be prevented.
      Supported systems

    The suite is currently available for Linux x86-64, i686 (32 bit distributions), arm7l (for example Raspbian, OSMC and other ARM 32 bit based systems) and aarch64 (ARM 64 bit). Both systemd and SysV-style init based systems are supported.

    AirVPN Suite is free and open source software licensed under GPLv3.
      Overview and main features
     
    AirVPN’s free and open source OpenVPN 3 suite based on AirVPN’s OpenVPN 3 library fork
      Bluetit: lightweight D-Bus controlled system daemon providing full connectivity to AirVPN servers and generic OpenVPN servers. Ability to connect the system to AirVPN during the bootstrap. Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN servers Hummingbird: lightweight and standalone client for generic OpenVPN server connection Linux i686, x86-64, arm7l and arm64 (Raspberry) support Full integration with systemd, SysV Style-init and chkconfig No heavy framework required, no GUI Tiny RAM footprint Lightning fast Based on OpenVPN 3 library fork by AirVPN version 3.6.6 with tons of critical bug fixes from the main branch, new cipher support and never seen before features ChaCha20-Poly1305 cipher support on both Control and Data Channel providing great performance boost on ARM, Raspberry PI and any Linux based platform not supporting AES-NI. Note: ChaCha20 support for Android had been already implemented in our free and open source Eddie Android edition Robust leaks prevention through Network Lock based either on iptables, nftables or pf through automatic detection Proper handling of DNS push by VPN servers, working with resolv.conf as well as any operational mode of systemd-resolved additional features   User documentation (*) and source code:

    https://gitlab.com/AirVPN/AirVPN-Suite

    User documentation is also included in an md file in each package.

    (*) Developer documentation to create custom software clients for Bluetit will be published in the very near future.
      Download page:
    https://airvpn.org/linux/suite/
  8. Thanks
    Staff got a reaction from colorman in Linux: AirVPN Suite 1.1.0 released   ...
    Hello!

    We're very glad to inform you that AirVPN Suite version 1.1.0 for Linux has been released. Check supported systems below

    The suite includes:
    Bluetit: lightweight, ultra-fast D-Bus controlled system daemon providing full connectivity and integration to AirVPN servers, or generic OpenVPN servers. Bluetit can also enforce Network Lock and/or connect the system to AirVPN during the bootstrap Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN servers Hummingbird: lightweight and standalone binary for generic OpenVPN server connections
    All the software is free and open source, licensed under GPLv3.  
    What's new in 1.1.0 version
     
    full compatibility with OSMC, Open Source Media Center enhanced compatibility with Raspbian persistent Network Lock implementation, useful for example to enforce prompt Network Lock during system bootstrap and prevent traffic leaks caused by processes at bootstrap (**). Use directive networklockpersist in bluetit.rc to enable Network Lock as soon as Bluetit starts, regardless of network status and connection attempts revisited Network Lock logic for additional safety new directives for bluetit.rc: networklockpersist, connectretrymax and aircipher enhanced DNS handling for peculiar systemd-resolved operational modes more rigorous handling of events through semaphore implementation new D-Bus methods for Network Lock aimed at easier control by clients. Developer's documentation will be published soon crash caused by systemd signal flooding has been resolved libcurl crash in OSMC and other systems has been fixed crash in some 32 bit systems has been fixed logical flaw causing Network Lock missed activation in case of account login failure has been fixed various bug fixes see the changelog below for more information and details   Important notes
    (**) Ponder the option carefully if your machine needs network sync via NTP or other network services outside the VPN during the bootstrap phase
    (***) Fedora 33 and openSUSE 15.2 users beware: we have noticed that in freshly installed Fedora 33 libcurl cannot find CA LetsEncrypt certificates and this will prevent Bluetit from detecting the country from ipleak.net. In this case, you can overcome this bug by using the country directive in bluetit.rc file, therefore avoiding the need to contact ipleak.net web site.
      AirVPN Suite changelog

     
    Version 1.1.0 - 4 June 2021
    [ProMIND] vpnclient.hpp: restoreNetworkSettings() now returns a warning in case backup files are not found [ProMIND] vpnclient.hpp: restoreNetworkSettings() improved restoring management with more cases/scenarios [ProMIND] updated all dependencies and libraries
    Version 1.1.0 RC 4 - 14 May 2021
    [ProMIND] optionparser.cpp: added proper message errors in case of invalid argument and allocation memory error [ProMIND] netfilter.cpp: systemBackupExists() now evaluate every firewall mode backup file name [ProMIND] netfilter.cpp: restore() now check for every firewall mode backup and restore it accordingly [ProMIND] netfilter.cpp: IPv6 rules are now allowed or added only in case IPv6 is available in the system
    Version 1.1.0 RC 3 - 16 April 2021
    [ProMIND] Updated to OpenVPN 3.7 AirVPN [ProMIND] vpnclient.hpp: avoid netFilter setup in case NetFilter object is not private [ProMIND] dbusconnector.cpp: fine tuned D-Bus wait cycle in R/W dispatch. Implemented a thread safe wait in order to avoid D-Bus timeout policy
    Version 1.1.0 RC 1 - 7 April 2021
    Release Candidate, no change from Beta 2
    Version 1.1.0 Beta 2 - 2 April 2021
    [ProMIND] localnetwork.cpp: added getDefaultGatewayInterface() method
    Version 1.1.0 Beta 1 - 11 March 2021
      [ProMIND] rcparser.cpp: removed formal list control for STRING type [ProMIND] netfilter.hpp, netfilter.cpp: added functions to set the availability of specific iptables tables in order to properly use available tables only [ProMIND] vpnclient.hpp: onResolveEvent() sets iptables tables according to the loaded modules [ProMIND] vpnclient.hpp: Changed constructor in order to use both private and external NetFilter object [ProMIND] localnetwork.cpp: added getLoopbackInterface(), getLocalIPaddresses() and getLocalInterfaces() methods [ProMIND] airvpntools.cpp: added detectLocation() method to retrieve location data from ipleak.net [ProMIND] airvpnuser.cpp: detectUserLocation() now uses AirVPNTools::detectLocation() [ProMIND] airvpnuser.cpp: loadUserProfile() now correctly sets userProfileErrorDescription in case of network failure [ProMIND] airvpnserverprovider.cpp: added "DEFAULT" rule to getUserConnectionPriority() in case user's country or continent is undefined [ProMIND] airvpnmanifest.cpp: loadManifest() now correctly sets the status STORED in case of network failure [ProMIND] Added Semaphore class [ProMIND] dnsmanager.hpp: method revertAllResolved() renamed to restoreResolved(). Besides reverting all interfaces it now restarts systemd-resolved service as well. [ProMIND] install.sh: improved update/upgrade process   Bluetit changelog
     
    Version 1.1.0 - 4 June 2021 [ProMIND] Client option "network-lock" is now forbidden in case persistent network lock is enabled [ProMIND] Avoid network lock initialization in case persistent network lock is enabled and client is requiring an OpenVPN connection from profile [ProMIND] --air-list option now accepts "all" for sub options --air-server and --air-country [ProMIND] AirVPN Manifest update suspended in case Bluetit is in a dirty status [ProMIND] Changed systemd unit in order to prevent the obnoxious SIGKILL signal inappropriately sent before stop timeout completion and for no logical or practical reason when Bluetit is properly and neatly terminating in response to a legal and expected SIGTERM   Version 1.1.0 RC 4 - 14 May 2021 [ProMIND] Added directives airipv6 and air6to4 in bluetit.rc [ProMIND] In case it is requested a network recovery, VpnClient object is now initialized with NetFilter::Mode::OFF [ProMIND] In case the requested network lock method is not available, connection is not started [ProMIND] In case system location cannot be determined through ipleak.net, country is now properly set to empty, latitude and longitude to 0. [ProMIND] Persistent network lock is enabled only in case Bluetit status is clean [ProMIND] AirVPN boot connection is started only in case Bluetit status is clean [ProMIND] DNS backup files are now properly evaluated when determining dirty status [ProMIND] Added D-Bus commands "reconnect_connection" and "session_reconnect"
    Version 1.1.0 Beta 2 - 2 April 2021 [ProMIND] Gateway and gateway interface check at startup. Bluetit won't proceed until both gateway and gateway interface are properly set up by the system [ProMIND] Increased volume and rate data sizes for 32 bit architectures [ProMIND] Added aircipher directive to bluetit.rc [ProMIND] Added maxconnretries directive to bluetit.rc
    Version 1.1.0 Beta 1 - 11 March 2021 [ProMIND] connection_stats_updater(): now uses server.getEffectiveBandWidth() for AIRVPN_SERVER_BANDWIDTH [ProMIND] added bool shutdownInProgress to control bluetit exit procedure and avoid signal flooding [ProMIND] system location is detected at boot time and eventually propagated to all AirVPN users [ProMIND] Network lock and filter is now enabled and activated before AirVPN login procedure [ProMIND] Added dbus methods "enable_network_lock", "disable_network_lock" and "network_lock_status" [ProMIND] Renamed bluetit.rc directive "airconnectonboot" to "airconnectatboot" [ProMIND] Added bluetit.rc directive "networklockpersist"   Goldcrest changelog

    Version 1.1.0 - 4 June 2021
     [ProMIND] Production release
    Version 1.1.2 RC 4 - 14 May 2021
    [ProMIND] DNS backup files are now properly evaluated when determining dirty status [ProMIND] ProfileMerge is now constructed by allowing any file extension [ProMIND] Reconnection (SIGUSR2) is now allowed only in case tun persistence is enabled

    Version 1.1.2 - 2 April 2021
    [ProMIND] Updated base classes Hummingbird changelog

    Version 1.1.2 - 4 June 2021
    [ProMIND] updated all dependencies and libraries
    Version 1.1.2 RC 4 - 14 May 2021
    [ProMIND] DNS backup files are now properly evaluated when determining dirty status [ProMIND] ProfileMerge is now constructed by allowing any file extension [ProMIND] Reconnection (SIGUSR2) is now allowed only in case tun persistence is enabled  

    Architecture

    The client-daemon architecture offered by Goldcrest and Bluetit combination offers a robust security model and provides system administrators with a fine-grained, very flexible access control.

    Bluetit is fully integrated with AirVPN. The daemon is accessed through a D-Bus interface by providing specific methods and interface in order to give full support to OpenVPN connection and AirVPN functionality, including - but not limited to - quick automatic connection to the best AirVPN server for any specific location as well as any AirVPN server or country. Connection during system bootstrap is fully supported as well.  
    New OpenVPN 3 library features

    Hummingbird and Bluetit are linked against a new version of our OpenVPN 3 library which supports directive data-ciphers: it can be used consistently with OpenVPN 2.5 syntax in OpenVPN profiles.

    The directive allows OpenVPN 3 based software to negotiate a common Data Channel cipher with the OpenVPN server,, updating therefore our library to ncp-like negotiation with OpenVPN 2 branch. Hummingbird and Bluetit are already linked against the new library version, while Eddie Android edition will be updated in the near future.

    The new library also includes a different handling of IV_CIPHERS variable, fixing OpenVPN main branch issues which caused a plethora of problems with OpenVPN 2.5. The implementation, at the same time, takes care of full backward compatibility with OpenVPN versions older than 2.5.

    ncp-disable directive, which to date has never been implemented in the main  branch, is still supported, in order to further enhance backward compatibility with both OpenVPN profiles and servers, as well as connection flexibility with servers running older than 2.5 OpenVPN versions.

    Please note that if you enforce a specific Data Channel cipher by means of Bluetit configuration file, Hummingbird line option, or Goldcrest configuration file and/or line option, the enforced Data Channel cipher will override data-ciphers profile directive.
      Notes on systemd

    Users running Linux distributions which are not based on systemd can safely ignore this section.
      1

    Superusers of linux-systemd systems must be aware that systemd unit configuration file has been changed in order to circumvent a systemd critical bug which causes two obnoxious SIGKILL signals inappropriately sent before stop timeout completion and for no logical or practical reason when Bluetit is properly and neatly terminating in response to a legal and expected SIGTERM. The only known workaround so far to compensate the bug is forbidding systemd to send SIGKILL to Bluetit. The bug affects at least systemd versions 205, 214, 234, 246, but it might affect other versions too.
      2

    In Fedora 33 systemd-resolved comes pre-configured to work in "on-link" mode and network-manager works together with it.

    This very peculiar, Windows-like setup kills Linux global DNS handling, causing those DNS leaks which previously occurred only on Windows. Hummingbird and Bluetit take care of preventing the brand new DNS leaks caused by such a setup.

    Also note that systemd-resolved comes pre-configured with fallback DNS (Google DNS is a systemd-resolved default fallback DNS, smart choices pile up!) which will be queried if each interface DNS server fails some resolution. In such a case, if and only if you have Network Lock enabled will DNS leaks be prevented.
      Supported systems

    The suite is currently available for Linux x86-64, i686 (32 bit distributions), arm7l (for example Raspbian, OSMC and other ARM 32 bit based systems) and aarch64 (ARM 64 bit). Both systemd and SysV-style init based systems are supported.

    AirVPN Suite is free and open source software licensed under GPLv3.
      Overview and main features
     
    AirVPN’s free and open source OpenVPN 3 suite based on AirVPN’s OpenVPN 3 library fork
      Bluetit: lightweight D-Bus controlled system daemon providing full connectivity to AirVPN servers and generic OpenVPN servers. Ability to connect the system to AirVPN during the bootstrap. Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN servers Hummingbird: lightweight and standalone client for generic OpenVPN server connection Linux i686, x86-64, arm7l and arm64 (Raspberry) support Full integration with systemd, SysV Style-init and chkconfig No heavy framework required, no GUI Tiny RAM footprint Lightning fast Based on OpenVPN 3 library fork by AirVPN version 3.6.6 with tons of critical bug fixes from the main branch, new cipher support and never seen before features ChaCha20-Poly1305 cipher support on both Control and Data Channel providing great performance boost on ARM, Raspberry PI and any Linux based platform not supporting AES-NI. Note: ChaCha20 support for Android had been already implemented in our free and open source Eddie Android edition Robust leaks prevention through Network Lock based either on iptables, nftables or pf through automatic detection Proper handling of DNS push by VPN servers, working with resolv.conf as well as any operational mode of systemd-resolved additional features   User documentation (*) and source code:

    https://gitlab.com/AirVPN/AirVPN-Suite

    User documentation is also included in an md file in each package.

    (*) Developer documentation to create custom software clients for Bluetit will be published in the very near future.
      Download page:
    https://airvpn.org/linux/suite/
  9. Thanks
    Staff reacted to flat4 in AirVPN 11th birthday celebrations   ...
    got me bday money and spent at the right place
  10. Like
    Staff got a reaction from Stalinium in IPv6 & AirVPN (on Linux): Please reconsider your approach   ...
    @Stalinium
     
    Hello!

    Maybe you talk about network-manager-openvpn plugin, as network-manager by itself does not support OpenVPN. In our configuration files the directives to cause IPv6 push are included, unless you specifically tell the CG to NOT route IPv6 over IPv4.

    It's not our fault if they are ignored. On the other hand we have been deprecating usage of network-manager-openvpn since years and years ago for other critical problems. If you decide to use it in spite of our recommendations, you do it at your own risk.

    You are not forced to run our software in Linux. You can run OpenVPN directly for example, or any other OpenVPN GUI/wrapper different than network-manager-openvpn. In this case, you will of course need by yourself to take care of DNS push and network lock, features that are handled automatically by all of our software for Linux.

    It's therefore a security issue by network-manager-openvpn, not by AirVPN, because it's network-manager-openvpn that ignores directives that our Configuration Generator puts in, and it's you the one who does not replicate Network Lock which would have made the problem anyway irrelevant (under a security point of view).

     
    Nonsense, a MAC address is simply is not included in IPv4 packets (there's just no room for it), while nowadays all systems mitigate the MAC problem in IPv6 addresses. Our servers never receive the MAC address of any of your physical network interfaces of the router and even less of the computer. The problem is more basic, and it's simply having IPv6 traffic outside the VPN tunnel but keep in mind that you ignored instructions and our suggestions, up to the point to use exactly the software we tell you NOT to use.

    About FBI... What FBI really did was something quite different and is not a Tor problem in itself (for Silk Road, for example, it was "only" social engineering, by infiltrating an agent in the core of Silk Road and exploiting administrator's trust in this infiltrated agent - in other cases it used javascript which the final user recklessly allowed execution of, on the browser, and in a Windows system) but anyway they are talking about Tor and not OpenVPN, so we can cut the FBI cracking techniques discussion here as it is irrelevant for the matter.

     
    Unfortunately not all OpenVPN versions, in client mode, can push a UV, and most versions which can't are the old ones which are also bugged with IPv6. The whole setup has been made with the purpose not to send IPv6 push to those OpenVPN versions which are bugged and would create critical errors with IPv6 push. This backward compatibility may be abandoned one day, but it's still not the right time.  Anyone having new versions can send UV and therefore this solution makes everyone happy. Furthermore our Network Lock includes IPv6 rules to prevent leaks.

    Remember that VPN software is not designed to provide an anonymity layer. It's the environment we create with our software which makes it possible, and VPN connection is a part of the anonymity layer. If you renounce to part of this environment by not using our software, you must understand what you do and how to replicate various features, first and foremost Network Lock. If you use a software that, to make things even worse, negligently ignores our own CG directives, and it is furthermore deprecated by us, then you're running at your own risk, ça va sans dire.
    .
    Kind regards
     
  11. Thanks
    Staff reacted to itsmefloraluca in AirVPN 11th birthday celebrations   ...
    Happy birthday AirVpn 🎂🥂🍾
  12. Thanks
    Staff reacted to kvlada in AirVPN 11th birthday celebrations   ...
    Congrats and here's to a 10 more!
  13. Thanks
    Staff got a reaction from colorman in Linux: AirVPN Suite 1.1.0 beta available   ...
    @colorman

    Hello!

    We have discovered some other bugs (while we fixed the ones you reported) which caused network recovery failure. A new version is coming, probably on Monday.

    Kind regards


     
  14. Thanks
    Staff got a reaction from OpenSourcerer in IPv6 & AirVPN (on Linux): Please reconsider your approach   ...
    @OpenSourcerer

    Hello!

    It must be seen how nm-ovpn handles DNS push. Historically, it has always been able to properly accept DNS push and then restore previous settings at the end of the connection. However, a double-check in those systems which run systemd-resolved configured in on-link mode and /etc/resolv.conf bypass (example: Fedora 33 by default settings) would be safer, you never know.

    In other systems where the global DNS is preserved and nameservers are "decided" by /etc/resolv.conf it appears that nm-ovpn properly handles DNS push, no DNS leaks are possible.

    A more general approach when you don't know which configuration you might encounter is (on top of usual network lock rules) blocking, via firewall, packets (both TCP and UDP) to port 53 of the router address, to prevent that local queries can be forwarded by the router in clear text to some other nameserver, potentially the ISP DNS server (it would not be a DNS leak, because the system does what you tell it to do, but the outcome is anyway a query out of the tunnel).

    Kind regards
     
  15. Thanks
    Staff reacted to IG-11 in AirVPN 11th birthday celebrations   ...
    Happy Birthday, guys! 🎂🎉
  16. Thanks
    Staff reacted to JasonBourne in AirVPN 11th birthday celebrations   ...
    Happy birthday AirVPN. Everyone at AirVPN Staff, big thumbs up for your stellar achievement! Best VPN there is 💯
  17. Thanks
    Staff reacted to Hayden_ in AirVPN 11th birthday celebrations   ...
    My plan expires in 18 days, but I just extended it by 3 years. Thank you AirVPN!
  18. Like
    Staff got a reaction from djmj0 in AirVPN 11th birthday celebrations   ...
    Hello!

    Today we're starting AirVPN eleventh birthday celebrations offering special discounts on longer term plans.

    It seems like it was only yesterday that we celebrated the 10th milestone birthday, and here we are, one year later already.
     
    From a two servers service located in a single country providing a handful of Mbit/s, the baby has grown up to a wide infrastructure in 22 countries in four continents, providing now 240,000+ Mbit/s to tens of thousands of people around the world.

    We still define it as a "baby", but AirVPN is now the oldest VPN in the market which never changed ownership, and it's one of the last that still puts ethics well over profit, a philosophy which has been rewarded by customers and users.

    2020 (and 2021 so far) have been harsh years for the mankind but we have no rights to complain too much because AirVPN was only marginally touched by those terrible repercussions which affected many other business sectors in general.

    In spite of that, we could not maintain our promise to deliver native software for FreeBSD and we apologize for the failure. However, releasing software for FreeBSD, specifically AirVPN Suite, remains one of our goals, so stay tuned.

    On the other hand, Eddie desktop edition, AirVPN Suite for Linux, Hummingbird for Linux and macOS, and OpenVPN 3 AirVPN library were updated substantially and swiftly.  Moreover, Eddie Android edition development has been recently re-opened to provide a new version updated to new requirements and specifications of Android 11 during 2021. Hummingbird was natively released for M1 based Apple Mac systems too, allowing a dramatic performance boost (up to +100% in >100 Mbit/s lines).

    Behind the scenes, infrastructure had some paramount improvements.

    The whole network in the Netherlands has been enlarged with additional redundancy and several servers around the world have had hardware upgrades. In Sweden and Switzerland we started operating servers connected to exclusive 10 Gbit/s lines and ports, and we optimized the environment to obtain more bandwidth from the OpenVPN processes. We managed to beat the previous 1.7 Gbit/s barrier. The performance on the customer side has improved and reached new peaks of excellence, as you can see here: https://airvpn.org/forums/topic/48234-speedtest-comparison/?do=findComment&comment=130191

    Furthermore, the infrastructure has become fully Wireguard capable and throughout 2021 we will start offering Wireguard connections, in addition to OpenVPN ones, in an hardened environment which mitigates the numerous privacy problems posed by Wireguard.

    Last but not least we re-started operations in a fourth continent, Oceania, with a new server in New Zealand.

    All AirVPN applications and libraries are free and open source software released under GPLv3.

    It's worth quoting literally what we wrote last year for AirVPN birthday:
     

    Kind regards and datalove
    AirVPN Staff
  19. Thanks
    Staff got a reaction from cheapsheep in VPN IP addresses: trying to preserve them o not?   ...
    Hello!

    Well, of course Wireguard is catastrophic in this sense, because it is very poor in options, but luckily it's not the same thing with OpenVPN, because in Wireguard by default you have

    1) a permanent bijection between private IP address and client KEY (we will delete the link periodically when we offer Wireguard and re-create it when a connection is required), because Wireguard does not support any other method to dynamically handle clients (this feature might be implemented in the future) This dangerous pre-prepared static link does not exist at all in OpenVPN.

    2) your real IP address is permanently stored by Wireguard even after you turn off your software or machine, because Wireguard is extremely limited and does not have any explicit-exit-notify or ping-timeout option (we will therefore force deletion and disconnections after some time there is no communications by the clients, even though this will cause some unexpected disconnections). OpenVPN does not need to do so because it realizes when one of the peers is no more there, even in UDP of course, so the real IP address for the socket etc. is immediately lost at disconnection.

    3) Wireguard requires that the mentioned data is stored in files (we will keep them in RAM as usual, to mitigate the problem)

    But yes, we will re-consider the whole matter, just in case. Additional re-checks in security fields are always good

    Kind regards
     
  20. Like
    Staff got a reaction from djmj0 in AirVPN 11th birthday celebrations   ...
    Hello!

    Today we're starting AirVPN eleventh birthday celebrations offering special discounts on longer term plans.

    It seems like it was only yesterday that we celebrated the 10th milestone birthday, and here we are, one year later already.
     
    From a two servers service located in a single country providing a handful of Mbit/s, the baby has grown up to a wide infrastructure in 22 countries in four continents, providing now 240,000+ Mbit/s to tens of thousands of people around the world.

    We still define it as a "baby", but AirVPN is now the oldest VPN in the market which never changed ownership, and it's one of the last that still puts ethics well over profit, a philosophy which has been rewarded by customers and users.

    2020 (and 2021 so far) have been harsh years for the mankind but we have no rights to complain too much because AirVPN was only marginally touched by those terrible repercussions which affected many other business sectors in general.

    In spite of that, we could not maintain our promise to deliver native software for FreeBSD and we apologize for the failure. However, releasing software for FreeBSD, specifically AirVPN Suite, remains one of our goals, so stay tuned.

    On the other hand, Eddie desktop edition, AirVPN Suite for Linux, Hummingbird for Linux and macOS, and OpenVPN 3 AirVPN library were updated substantially and swiftly.  Moreover, Eddie Android edition development has been recently re-opened to provide a new version updated to new requirements and specifications of Android 11 during 2021. Hummingbird was natively released for M1 based Apple Mac systems too, allowing a dramatic performance boost (up to +100% in >100 Mbit/s lines).

    Behind the scenes, infrastructure had some paramount improvements.

    The whole network in the Netherlands has been enlarged with additional redundancy and several servers around the world have had hardware upgrades. In Sweden and Switzerland we started operating servers connected to exclusive 10 Gbit/s lines and ports, and we optimized the environment to obtain more bandwidth from the OpenVPN processes. We managed to beat the previous 1.7 Gbit/s barrier. The performance on the customer side has improved and reached new peaks of excellence, as you can see here: https://airvpn.org/forums/topic/48234-speedtest-comparison/?do=findComment&comment=130191

    Furthermore, the infrastructure has become fully Wireguard capable and throughout 2021 we will start offering Wireguard connections, in addition to OpenVPN ones, in an hardened environment which mitigates the numerous privacy problems posed by Wireguard.

    Last but not least we re-started operations in a fourth continent, Oceania, with a new server in New Zealand.

    All AirVPN applications and libraries are free and open source software released under GPLv3.

    It's worth quoting literally what we wrote last year for AirVPN birthday:
     

    Kind regards and datalove
    AirVPN Staff
  21. Thanks
    Staff got a reaction from cheapsheep in VPN IP addresses: trying to preserve them o not?   ...
    Hello!

    Well, of course Wireguard is catastrophic in this sense, because it is very poor in options, but luckily it's not the same thing with OpenVPN, because in Wireguard by default you have

    1) a permanent bijection between private IP address and client KEY (we will delete the link periodically when we offer Wireguard and re-create it when a connection is required), because Wireguard does not support any other method to dynamically handle clients (this feature might be implemented in the future) This dangerous pre-prepared static link does not exist at all in OpenVPN.

    2) your real IP address is permanently stored by Wireguard even after you turn off your software or machine, because Wireguard is extremely limited and does not have any explicit-exit-notify or ping-timeout option (we will therefore force deletion and disconnections after some time there is no communications by the clients, even though this will cause some unexpected disconnections). OpenVPN does not need to do so because it realizes when one of the peers is no more there, even in UDP of course, so the real IP address for the socket etc. is immediately lost at disconnection.

    3) Wireguard requires that the mentioned data is stored in files (we will keep them in RAM as usual, to mitigate the problem)

    But yes, we will re-consider the whole matter, just in case. Additional re-checks in security fields are always good

    Kind regards
     
  22. Thanks
    Staff reacted to cambell in AirVPN 11th birthday celebrations   ...
    I am good, no need to buy. Happy b day.Your subscription will expire
    in 4182 days (ma. 8 nov. 2032 11:58
  23. Thanks
    Staff reacted to LopisxD in AirVPN 11th birthday celebrations   ...
    How long is it available? I get my payment on the first and I really want to buy it next week! Thanks in regards
  24. Thanks
    Staff reacted to ent2113 in AirVPN 11th birthday celebrations   ...
    Happy Birthday!
    I'm a happy customer. The speeds are great for me on most servers (thanks to multiple datacenters to chose from ex. Leaseweb, M247 in Germany).
    One thing I would like to see is some visual polish in the Windows (Eddie) app. It's nothing very important in a security software but some UI refresh would be great.
    Keep the wind (air, pun intended) in your sails and GL in the next year.
  25. Thanks
    Staff reacted to madrat in AirVPN 11th birthday celebrations   ...
    Great job. Been very happy with the service and support over the years. Keep up the good work!!
×
×
  • Create New...