Staff

Hello!

The Express VPN network interface is causing a critical error, please see here for a quick solution:
https://airvpn.org/forums/topic/56643-stuck-in-a-broken-route-never-connects/?tab=comments#comment-225323

Kind regards
 

Hello!

We have no plans to operate VPN servers in France (and in Italy) for the mandatory data retention framework still enforced in disdain of three different legally binding decisions of the CJEU (see below). France is in breach and Italy is too, but the Commission hesitates to open infraction procedures. Since the decisions pertain to the the preservation of a fundamental human right enshrined in the EU Charter of Fundamental Rights and in the European Convention on Human Rights, it does not seem inappropriate to consider that both France and Italy are committing one of the worst breaches a EU Member State can be guilty of.

We might challenge with a casus belli the (il)legal framework in France, but we are already committed in other EU countries and we can't open potentially multiple legal battle fronts.

The Court of Justice declares the Data Retention Directive to be invalid
https://curia.europa.eu/jcms/upload/docs/application/pdf/2014-04/cp140054en.pdf

The Members States may not impose a general obligation to retain data on providers of electronic communications services
https://curia.europa.eu/jcms/upload/docs/application/pdf/2016-12/cp160145en.pdf

The Court of Justice confirms that EU law precludes national legislation requiring a provider of electronic communications services to carry out the general and indiscriminate transmission or retention of traffic data and location data for the purpose of combating crime in general or of safeguarding national security
https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-10/cp200123en.pdf

Kind regards
 

Thanks, I was looking forward to this update.

Especially appreciate the auto login and quick settings panel tile

I've set a specific server country as default in the list.
However when I press the big quick connect button it connects to a different country.
But when I use the quick settings panel tile, it connects to my preferred default country correctly?

So far so good (Android 14). The quick setting tile is very handy, thanks for adding it. It works as expected (connect/disconnect), so does login/connection at boot. Will report back later if I'm getting any issue.
 

What exactly is this feature? I couldn't find it anywhere in AirVPN server tab. Tapping any server will connect to said server.

@Staff more often then not when using the quick panel tile, i get an error "you need to be logged in to airvpn..."
Then i need to open the app to trigger the auto-login, kind of beats the purpose of the tile?
I have enabled remember and automatic login in the app

Also its not connecting to my "default" or "favorite" server, it just automatically determines another best one

I think I may have been having the same issues on a Firestick running basically Android 9.  Eddie 3.1 would ask for my master password (I set encrypted credentials in configurations) but then after entering it correctly the app would simply shut down.  FYI, I had set ONE local server as my default and as my favorite.  It was the one server for both to sort of force Eddie to pick that one server.  Eddie was set to auto mount when I booted the Firestick.  Not having the time to do the research I simply side loaded Eddie Android 3 back and all is good to go again.  In a week or so when I get a few days off I'll try 3.1 again and save some files to post here.  3.1 did actually connect but I couldn't navigate around because it would shut down.  Hmmmmmmmmmmm??

Thanks for the update. I will try it out and report bugs if i find one.

Thanks I've emailed to support the log file.

Edit:
Just recheck and see that I didn't put my server as favorite only as default.
I'm still not clear on the difference between default and favourite?

Hello!

Some customers have contacted the support team asking for a comment on the port shadow attack described in CVE-2021-3773 and brought into the spotlight for the umpteenth time during the Privacy Enhancing Technologies Symposium 2024: https://citizenlab.ca/2024/07/vulnerabilities-in-vpns-paper-presented-at-the-privacy-enhancing-technologies-symposium-2024/

To explain why, unlike many other VPN services, AirVPN is not vulnerable to various attacks under the generic port shadow umbrella, please download the new paper and read below while watching table 2 on page 121:
in our infrastructure public entry-IP addresses and public exit-IP addresses are not the same (M6). This is an absolute protection against ATIP, connection inference, and port forwarding overwrite and also makes port scan impossible (another reason for which port scan is impossible is given by additional isolation, see the end of the message) per-host connection limit is enforced (M3) making eviction re-route extremely difficult if not impossible static private IP address is implemented (M2) with WireGuard (it can be changed by explicit key renewal user's action) and highly likely with OpenVPN as long as the user connects to the same server with the same key, another (redundant) protection against port scan   In our infrastructure additional protections are in place. We prefer not to disclose them all at the moment, we will just mention the block of any communication between nodes in the same virtual network either through private or public addresses. That's why, unlike any corporate VPN with shared resources, you can't contact any service inside the VPN (except the DNS), not even your own, from a machine connected to the same VPN in our infrastructure. Decapsulation as described on the paper is doomed to fail for this isolation/compartmentalization and this is also another reason for which port scans are not possible.

TL;DR
AirVPN infrastructure, according to the current state of the art in remediation and mitigation by security researchers as well as paper authors, is not vulnerable to the attacks described under the port shadow umbrella in this new paper.
 
Kind regards & datalove
AirVPN Staff
 

Hello!

Some customers have contacted the support team asking for a comment on the port shadow attack described in CVE-2021-3773 and brought into the spotlight for the umpteenth time during the Privacy Enhancing Technologies Symposium 2024: https://citizenlab.ca/2024/07/vulnerabilities-in-vpns-paper-presented-at-the-privacy-enhancing-technologies-symposium-2024/

To explain why, unlike many other VPN services, AirVPN is not vulnerable to various attacks under the generic port shadow umbrella, please download the new paper and read below while watching table 2 on page 121:
in our infrastructure public entry-IP addresses and public exit-IP addresses are not the same (M6). This is an absolute protection against ATIP, connection inference, and port forwarding overwrite and also makes port scan impossible (another reason for which port scan is impossible is given by additional isolation, see the end of the message) per-host connection limit is enforced (M3) making eviction re-route extremely difficult if not impossible static private IP address is implemented (M2) with WireGuard (it can be changed by explicit key renewal user's action) and highly likely with OpenVPN as long as the user connects to the same server with the same key, another (redundant) protection against port scan   In our infrastructure additional protections are in place. We prefer not to disclose them all at the moment, we will just mention the block of any communication between nodes in the same virtual network either through private or public addresses. That's why, unlike any corporate VPN with shared resources, you can't contact any service inside the VPN (except the DNS), not even your own, from a machine connected to the same VPN in our infrastructure. Decapsulation as described on the paper is doomed to fail for this isolation/compartmentalization and this is also another reason for which port scans are not possible.

TL;DR
AirVPN infrastructure, according to the current state of the art in remediation and mitigation by security researchers as well as paper authors, is not vulnerable to the attacks described under the port shadow umbrella in this new paper.
 
Kind regards & datalove
AirVPN Staff
 

Hello!

Some customers have contacted the support team asking for a comment on the port shadow attack described in CVE-2021-3773 and brought into the spotlight for the umpteenth time during the Privacy Enhancing Technologies Symposium 2024: https://citizenlab.ca/2024/07/vulnerabilities-in-vpns-paper-presented-at-the-privacy-enhancing-technologies-symposium-2024/

To explain why, unlike many other VPN services, AirVPN is not vulnerable to various attacks under the generic port shadow umbrella, please download the new paper and read below while watching table 2 on page 121:
in our infrastructure public entry-IP addresses and public exit-IP addresses are not the same (M6). This is an absolute protection against ATIP, connection inference, and port forwarding overwrite and also makes port scan impossible (another reason for which port scan is impossible is given by additional isolation, see the end of the message) per-host connection limit is enforced (M3) making eviction re-route extremely difficult if not impossible static private IP address is implemented (M2) with WireGuard (it can be changed by explicit key renewal user's action) and highly likely with OpenVPN as long as the user connects to the same server with the same key, another (redundant) protection against port scan   In our infrastructure additional protections are in place. We prefer not to disclose them all at the moment, we will just mention the block of any communication between nodes in the same virtual network either through private or public addresses. That's why, unlike any corporate VPN with shared resources, you can't contact any service inside the VPN (except the DNS), not even your own, from a machine connected to the same VPN in our infrastructure. Decapsulation as described on the paper is doomed to fail for this isolation/compartmentalization and this is also another reason for which port scans are not possible.

TL;DR
AirVPN infrastructure, according to the current state of the art in remediation and mitigation by security researchers as well as paper authors, is not vulnerable to the attacks described under the port shadow umbrella in this new paper.
 
Kind regards & datalove
AirVPN Staff
 

Hello!

In the previous 3.0 version you had to confirm the connection each time (after you tapped a server or selected "Connect" for some specific area following a long tap) on a dialog box. In 3.1, by default you don't have to confirm anymore. It is a community driven change. You can re-enable the confirmation dialog from the Settings.

Kind regards
 

Hello!

Some customers have contacted the support team asking for a comment on the port shadow attack described in CVE-2021-3773 and brought into the spotlight for the umpteenth time during the Privacy Enhancing Technologies Symposium 2024: https://citizenlab.ca/2024/07/vulnerabilities-in-vpns-paper-presented-at-the-privacy-enhancing-technologies-symposium-2024/

To explain why, unlike many other VPN services, AirVPN is not vulnerable to various attacks under the generic port shadow umbrella, please download the new paper and read below while watching table 2 on page 121:
in our infrastructure public entry-IP addresses and public exit-IP addresses are not the same (M6). This is an absolute protection against ATIP, connection inference, and port forwarding overwrite and also makes port scan impossible (another reason for which port scan is impossible is given by additional isolation, see the end of the message) per-host connection limit is enforced (M3) making eviction re-route extremely difficult if not impossible static private IP address is implemented (M2) with WireGuard (it can be changed by explicit key renewal user's action) and highly likely with OpenVPN as long as the user connects to the same server with the same key, another (redundant) protection against port scan   In our infrastructure additional protections are in place. We prefer not to disclose them all at the moment, we will just mention the block of any communication between nodes in the same virtual network either through private or public addresses. That's why, unlike any corporate VPN with shared resources, you can't contact any service inside the VPN (except the DNS), not even your own, from a machine connected to the same VPN in our infrastructure. Decapsulation as described on the paper is doomed to fail for this isolation/compartmentalization and this is also another reason for which port scans are not possible.

TL;DR
AirVPN infrastructure, according to the current state of the art in remediation and mitigation by security researchers as well as paper authors, is not vulnerable to the attacks described under the port shadow umbrella in this new paper.
 
Kind regards & datalove
AirVPN Staff
 

Hello!

Some customers have contacted the support team asking for a comment on the port shadow attack described in CVE-2021-3773 and brought into the spotlight for the umpteenth time during the Privacy Enhancing Technologies Symposium 2024: https://citizenlab.ca/2024/07/vulnerabilities-in-vpns-paper-presented-at-the-privacy-enhancing-technologies-symposium-2024/

To explain why, unlike many other VPN services, AirVPN is not vulnerable to various attacks under the generic port shadow umbrella, please download the new paper and read below while watching table 2 on page 121:
in our infrastructure public entry-IP addresses and public exit-IP addresses are not the same (M6). This is an absolute protection against ATIP, connection inference, and port forwarding overwrite and also makes port scan impossible (another reason for which port scan is impossible is given by additional isolation, see the end of the message) per-host connection limit is enforced (M3) making eviction re-route extremely difficult if not impossible static private IP address is implemented (M2) with WireGuard (it can be changed by explicit key renewal user's action) and highly likely with OpenVPN as long as the user connects to the same server with the same key, another (redundant) protection against port scan   In our infrastructure additional protections are in place. We prefer not to disclose them all at the moment, we will just mention the block of any communication between nodes in the same virtual network either through private or public addresses. That's why, unlike any corporate VPN with shared resources, you can't contact any service inside the VPN (except the DNS), not even your own, from a machine connected to the same VPN in our infrastructure. Decapsulation as described on the paper is doomed to fail for this isolation/compartmentalization and this is also another reason for which port scans are not possible.

TL;DR
AirVPN infrastructure, according to the current state of the art in remediation and mitigation by security researchers as well as paper authors, is not vulnerable to the attacks described under the port shadow umbrella in this new paper.
 
Kind regards & datalove
AirVPN Staff
 

Hello!
 
We're very glad to inform you that Eddie Android edition 3.1 beta 1 is now available, featuring a complete update of all libraries, enhanced TV support, a new quick setting panel tile, revamped VPN profile generation, connection control buttons on notification, specific Android 14 support and much more.

Eddie Android edition is a fully integrated with AirVPN, free and open source WireGuard and OpenVPN GUI client. It is based on official WireGuard library and latest OpenVPN3-AirVPN library (free and open source software library by AirVPN), allowing comfortable connections to both OpenVPN and WireGuard servers. All Android versions from 5.1 to 14 are supported.

To those who will decide testing: thank you so much! Remember to uninstall any previous Eddie version before side loading the new Eddie 3.1 beta version. Please report at your convenience any bug and problem in this thread. If possible generate a report from the app: by tapping the paper plane icon on the Log view bar rightmost side you will generate a full system report which will include both log and logcat and have it sent to our servers. Then you just need to send us the link the app shows you (open a ticket if you prefer to do it in private).

Please remember that Android TV has been stripped of the Always On VPN feature to prevent users from connecting to a VPN during an Android TV based system bootstrap. Therefore Eddie start & connection at bootstrap, as well as system built in leaks prevention, are not possible on Android TV 10 and higher versions. For leaks prevention you can rely on Eddie's "VPN Lock" feature. Android TV 9 and older versions can still start Eddie during the bootstrap and have it connected when you activate Always on VPN and configure Eddie accordingly.
 
Eddie 3.1 new features
Eddie Android 3.1.0 beta 1 (VC 31)  
Added support to Android 14 Updated to OpenVPN3 3.11 AirVPN (20240719) Updated to OpenSSL 3.3.1 Updated to WireGuard 2e0774f Updated to the latest AirVPN Suite specifications and functions Added quick setting panel tile for quick connection and disconnection Improved VPN profiles generation Auto AirVPN user login at startup Server score sort in AirVPN Server tab Show and log connection statistics at disconnection Added permission checking at startup according to user's settings Added optional "quick tap" connection to AirVPN server tab WireGuard handshaking timeout manager can be enabled or disabled by user Added connection control buttons to notification Improved Android TV D-Pad navigation, notably left and right arrow for opening and closing the menu drawer Bug fixes and improvements   Download link
https://eddie.website/repository/Android/3.1.0-Beta1/EddieAndroid-3.1.0-beta1.apk
  SHA-512 checksum
43bb8ba4697855e5ac3381a85e52cd3382ca72c25b4e0587f1067f881731c6d247103b659767c404fb12eca6a2dd3a871f74c407e47fa0be362fc82b5d8a4401 *EddieAndroid-3.1.0-beta1.apk
How to sideload Eddie Android edition on Android TV and FireOS devices
https://airvpn.org/android/eddie/apk/tv

Kind regards & datalove
AirVPN Staff
 

Hello!
 
We're very glad to inform you that Eddie Android edition 3.1 beta 1 is now available, featuring a complete update of all libraries, enhanced TV support, a new quick setting panel tile, revamped VPN profile generation, connection control buttons on notification, specific Android 14 support and much more.

Eddie Android edition is a fully integrated with AirVPN, free and open source WireGuard and OpenVPN GUI client. It is based on official WireGuard library and latest OpenVPN3-AirVPN library (free and open source software library by AirVPN), allowing comfortable connections to both OpenVPN and WireGuard servers. All Android versions from 5.1 to 14 are supported.

To those who will decide testing: thank you so much! Remember to uninstall any previous Eddie version before side loading the new Eddie 3.1 beta version. Please report at your convenience any bug and problem in this thread. If possible generate a report from the app: by tapping the paper plane icon on the Log view bar rightmost side you will generate a full system report which will include both log and logcat and have it sent to our servers. Then you just need to send us the link the app shows you (open a ticket if you prefer to do it in private).

Please remember that Android TV has been stripped of the Always On VPN feature to prevent users from connecting to a VPN during an Android TV based system bootstrap. Therefore Eddie start & connection at bootstrap, as well as system built in leaks prevention, are not possible on Android TV 10 and higher versions. For leaks prevention you can rely on Eddie's "VPN Lock" feature. Android TV 9 and older versions can still start Eddie during the bootstrap and have it connected when you activate Always on VPN and configure Eddie accordingly.
 
Eddie 3.1 new features
Eddie Android 3.1.0 beta 1 (VC 31)  
Added support to Android 14 Updated to OpenVPN3 3.11 AirVPN (20240719) Updated to OpenSSL 3.3.1 Updated to WireGuard 2e0774f Updated to the latest AirVPN Suite specifications and functions Added quick setting panel tile for quick connection and disconnection Improved VPN profiles generation Auto AirVPN user login at startup Server score sort in AirVPN Server tab Show and log connection statistics at disconnection Added permission checking at startup according to user's settings Added optional "quick tap" connection to AirVPN server tab WireGuard handshaking timeout manager can be enabled or disabled by user Added connection control buttons to notification Improved Android TV D-Pad navigation, notably left and right arrow for opening and closing the menu drawer Bug fixes and improvements   Download link
https://eddie.website/repository/Android/3.1.0-Beta1/EddieAndroid-3.1.0-beta1.apk
  SHA-512 checksum
43bb8ba4697855e5ac3381a85e52cd3382ca72c25b4e0587f1067f881731c6d247103b659767c404fb12eca6a2dd3a871f74c407e47fa0be362fc82b5d8a4401 *EddieAndroid-3.1.0-beta1.apk
How to sideload Eddie Android edition on Android TV and FireOS devices
https://airvpn.org/android/eddie/apk/tv

Kind regards & datalove
AirVPN Staff
 

@hcReJhTCzLS5c5U

Hello!
When Firefox starts, it usually generates a lot of traffic. It contacts Mozilla Servers to check for updates, download new features, add-on servers to download and install new extensions, themes, and plugins, DNS servers on its own, SSL/TLS certificate authorities, gelocation services to determine the user’s location and provide location-based services and crash reporting services. If the Firefox traffic goes outside the VPN tunnel for any reason (check Firefox Internet connection configuration) it will be blocked by Network Lock and Firefox main window pop-up will be delayed severely.

Furthermore, a potential new issue is ongoing, which is typical in Fedora and many other distributions "transitioning to" nftables by maintaining iptables syntax backward compatibility with translations and all that jazz (yet another evidence of lack of adequate design skills and vision typical in some Linux environments).

libvirt adds rules via iptables-nft with xtables commands and nft can't process correctly anymore the ruleset. Eddie uses nft whenever it finds it, by default, so if you use libvirt for any purpose (from QEMU to VirtualBox and more), a big rule set mess can arise whenever a program runs nft. The issue has been at the moment tackled and resolved in the AirVPN Suite 2.0.0 beta 1 which goes back to launch iptables-nftables when available (even when nft is available) to avoid the mess.

On Eddie, please modify the "Preferences" > "Network Lock" > "Mode" combo box into iptables-legacy and the problem should be resolved.
 

This problem could be resoved by Eddie 2.24 beta, please test it: https://airvpn.org/forums/topic/57401-eddie-desktop-224-beta-released/

Kind regards
 

Hello!

The Express VPN interface causes a critical error to OpenVPN:

Tell Eddie to ignore any alien interface: Select from Eddie's main window Preferences > Networking, write eddie in the "VPN interface name" field click Save.
You may also consider to switch to WireGuard to bypass the alien interface. You can do it in Preferences > Protocols window. Uncheck Automatic, select a WireGuard connection mode and click Save.

Kind regards
 

Hello!

We are sorry to inform you that for reasons entirely beyond our control, the servers in Uppsala are likely to be decommissioned in the near future due to cessation of operations. Should this event occur, we will, of course, arrange appropriate replacements in Sweden in a timely manner.

Kind regards and datalove
AirVPN Staff
 

Hello!

We are sorry to inform you that for reasons entirely beyond our control, the servers in Uppsala are likely to be decommissioned in the near future due to cessation of operations. Should this event occur, we will, of course, arrange appropriate replacements in Sweden in a timely manner.

Kind regards and datalove
AirVPN Staff
 

Hello!

We have no plans to operate VPN servers in France (and in Italy) for the mandatory data retention framework still enforced in disdain of three different legally binding decisions of the CJEU (see below). France is in breach and Italy is too, but the Commission hesitates to open infraction procedures. Since the decisions pertain to the the preservation of a fundamental human right enshrined in the EU Charter of Fundamental Rights and in the European Convention on Human Rights, it does not seem inappropriate to consider that both France and Italy are committing one of the worst breaches a EU Member State can be guilty of.

We might challenge with a casus belli the (il)legal framework in France, but we are already committed in other EU countries and we can't open potentially multiple legal battle fronts.

The Court of Justice declares the Data Retention Directive to be invalid
https://curia.europa.eu/jcms/upload/docs/application/pdf/2014-04/cp140054en.pdf

The Members States may not impose a general obligation to retain data on providers of electronic communications services
https://curia.europa.eu/jcms/upload/docs/application/pdf/2016-12/cp160145en.pdf

The Court of Justice confirms that EU law precludes national legislation requiring a provider of electronic communications services to carry out the general and indiscriminate transmission or retention of traffic data and location data for the purpose of combating crime in general or of safeguarding national security
https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-10/cp200123en.pdf

Kind regards
 

Hello!

We're sorry to inform you that Altais (Kiev, Ukraine) has been canceled by the service provider due to our refusal to provide 100% warranty that non-permitted activities will ever take place on the server, which is of course an impossible commitment not only for VPN but for any ISP providing private citizens with any online service in general.

We're also sorry to inform you that we have no plans at the moment to rent new servers in Kiev or anywhere else in Ukraine because of various factors, among which the behavior of local police (remember in the past the request for bribes masked as fines to unlock servers) and the unreliability of local datacenter managers, which seem to be used to cancel services without notification and without refunds.

Over the past decade, the behavior of Ukrainian datacenters and local authorities has brought nothing but inconvenience to our customers, so it is time to (at least temporarily) suspend operations there.

Kind regards
AirVPN Staff
 

Hello!

Most servers, but not all, in the Toronto datacenter suffer of a 20-30% persistent packet loss on IPv6, therefore the system sets them in "yellow" status with the "Low packet loss" message. If you don't need IPv6 you can anyway force a connection to them as IPv4 works just fine. We are being assisted by the datacenter technicians to understand the cause of the problem.

Kind regards
 

Hello!

Most servers, but not all, in the Toronto datacenter suffer of a 20-30% persistent packet loss on IPv6, therefore the system sets them in "yellow" status with the "Low packet loss" message. If you don't need IPv6 you can anyway force a connection to them as IPv4 works just fine. We are being assisted by the datacenter technicians to understand the cause of the problem.

Kind regards
 

Hello!

We're sorry to inform you that Altais (Kiev, Ukraine) has been canceled by the service provider due to our refusal to provide 100% warranty that non-permitted activities will ever take place on the server, which is of course an impossible commitment not only for VPN but for any ISP providing private citizens with any online service in general.

We're also sorry to inform you that we have no plans at the moment to rent new servers in Kiev or anywhere else in Ukraine because of various factors, among which the behavior of local police (remember in the past the request for bribes masked as fines to unlock servers) and the unreliability of local datacenter managers, which seem to be used to cancel services without notification and without refunds.

Over the past decade, the behavior of Ukrainian datacenters and local authorities has brought nothing but inconvenience to our customers, so it is time to (at least temporarily) suspend operations there.

Kind regards
AirVPN Staff