Jump to content
Not connected, Your IP: 3.236.110.106

Staff

Staff
  • Content Count

    9012
  • Joined

    ...
  • Last visited

    ...
  • Days Won

    1315

Reputation Activity

  1. Like
    Staff got a reaction from air2157 in Linux: AirVPN Suite 1.1.0 beta available   ...
    @air2157
     
    Hello!

    We confirm that Hummingbird does not enforce restrictions on profile name and that OpenVPN 3 enforces restriction on the suffix of the file name. We managed to reproduce the issue easily, even when a merge is not requested. The merge.hpp class has been modified very recently (25 days ago) and that might perhaps explain why the problem has never been reported in years.

    We will seriously consider to remove this limitation.

    Kind regards
     
  2. Like
    Staff got a reaction from air2157 in Linux: AirVPN Suite 1.1.0 beta available   ...
    Hello!

    Acknowledged. The documentation is not only online, it's included in the package too so you can consult it anytime, even if you're offline.

    Kind regards
     
  3. Like
    Staff got a reaction from Valerian in New country: New Zealand - New 1 Gbit/s server available   ...
    @foDkc4UySz

    Hello!

    Your memory does not fail. At that time, the infamous "anti-encryption" framework was not law in Australia. Later on, the "anti-encryption" laws were enforced. It is currently the main problem in Australia which prevents us from operating VPN servers there (we operate only geo-routing ones).

    Kind regards
     
  4. Like
    Staff got a reaction from Sakata in Blocking Apple Processes in Mac OSX   ...
    @OpenSourcerer

    1) Sure. That's where the kernel filtering table may save you, while a filtering method based on the API itself can't. Proof of concept to exploit the NetworkExtension exceptions exist since months it's not FUD. Of course future research might find even newer methods and Apple decision to cancel those exceptions might even be related to security considerations, more than customer's respect. But even without those possible exploits, the behavior has been highly criticized by many Apple customers and is rightly seen as not acceptable..

    2) Yes, it was a very risky move by Apple, and no surprise they have moved away from that after a few months. On top of that you need to consider all the other 50 apps which may expose your real IP address involuntarily to the other end, not necessarily Apple, which is always a very bad thing  The expansion of the attack surface with such a decision was remarkably high.

    Kind regards
     
  5. Like
    Staff got a reaction from BKK20 in Routing ALL Traffic through AirVPN   ...
    Hello!

    Thank you for your subscription!

    The pushed routing table and default gateway by our OpenVPN servers force all the client traffic to be tunneled. The only way to escape this behavior are programs that take control of the system with administrator (root) privileges and bind to the "wrong" interface.

    Does your MMO game client pretends to run with high privileges?

    You can check the traffic flowing in your machine with programs like Wireshark (very powerful) or the network activity monitor (a limited tool, but good for your purpose) of the Comodo firewall.

    If you find that your game client takes control of your system and overrides your system routing table you might try to force it to bind to the TUN adapter (in Windows TAP-Win32 Adapter V9...) with this code/DLL injector:
    http://www.r1ch.net/stuff/forcebindip

    In general, programs which behave in that way should be considered near to malware (overriding a system routing table without the system owner explicit authorization may be a very dangerous operation in a lot of countries and anyway it is an unacceptable violation of the system security) and customers of such programs, in our opinion, should contact the software house and pretend that the problem is solved.

    Kind regards
  6. Thanks
    Staff reacted to colorman in Linux: AirVPN Suite 1.1.0 beta available   ...
    Yes Bluetit deamon starts with boot. But Goldcrest is not running.

    (update) Found this? localhost:~ # journalctl | grep bluetit   
    Apr 22 07:31:44 localhost bluetit[2107]: Starting Bluetit - AirVPN OpenVPN 3 Service 1.1.0 RC3 - 16 April 2021
    Apr 22 07:31:44 localhost bluetit[2107]: OpenVPN core 3.7 AirVPN linux x86_64 64-bit
    Apr 22 07:31:44 localhost bluetit[2107]: Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved.
    Apr 22 07:31:44 localhost systemd[1]: bluetit.service: Control process exited, code=exited status=1
    Apr 22 07:31:44 localhost bluetit[2107]: Hummingbird client is running or it did not exit gracefully. Exiting.
    Apr 22 07:31:44 localhost systemd[1]: bluetit.service: Unit entered failed state.
    Apr 22 07:31:44 localhost systemd[1]: bluetit.service: Failed with result 'exit-code'.

     

    And this...
    (update) test with Bluetit - AirVPN OpenVPN 3 Service 1.0.0 - 7 January 2021 all fine!

      * bluetit.service - AirVPN Bluetit Daemon Loaded: loaded (/etc/systemd/system/bluetit.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2021-04-22 07:31:44 CEST; 38s ago Process: 2107 ExecStart=/sbin/bluetit (code=exited, status=1/FAILURE)   Apr 22 07:31:44 localhost systemd[1]: Starting AirVPN Bluetit Daemon... Apr 22 07:31:44 localhost bluetit[2107]: Starting Bluetit - AirVPN OpenVPN 3 Service 1.1.0 RC3 - 16 April 2021 Apr 22 07:31:44 localhost bluetit[2107]: OpenVPN core 3.7 AirVPN linux x86_64 64-bit Apr 22 07:31:44 localhost systemd[1]: bluetit.service: Control process exited, code=exited status=1 Apr 22 07:31:44 localhost systemd[1]: Failed to start AirVPN Bluetit Daemon. Apr 22 07:31:44 localhost systemd[1]: bluetit.service: Unit entered failed state. Apr 22 07:31:44 localhost systemd[1]: bluetit.service: Failed with result 'exit-code'.
  7. Thanks
    Staff got a reaction from colorman in Linux: AirVPN Suite 1.1.0 beta available   ...
    @colorman

    Good! Now network lock works with Goldcrest/Bluetit, when you force nftables. Momentarily, do not forget to force it, otherwise network lock will fail. We will be investigating on this bad issue.  Correction: it does not work with nftables as well.

    About Hummingbird, thank you: we see that Hummingbird crashes when it is invoked in that way, as Eddie does, so we have now a track to understand what happens. We'll investigate on it as well, of  course.

    Kind regards
     
  8. Thanks
    Staff reacted to pjnsmb in Linux: AirVPN Suite 1.1.0 beta available   ...
    @Staff

    Thanks
    Working again for me too

    regards
  9. Thanks
    Staff reacted to leori in Linux: AirVPN Suite 1.1.0 beta available   ...
    Ok now! Thx a bunch.

    regards

     
  10. Thanks
    Staff reacted to colorman in Linux: AirVPN Suite 1.1.0 beta available   ...
    It's oke now...thanks
  11. Thanks
    Staff got a reaction from colorman in Linux: AirVPN Suite 1.1.0 beta available   ...
    Hello!

    We're glad to inform you that AirVPN Suite 1.1.0 RC 3 is now available. Download URLs have been updated in this thread first message.

    AirVPN Suite 1.1.0 RC 3 aims at addressing RC 2 Bluetit problem or regression suffered in D-Bus message handling and found out (unfortunately not reproduced on our systems) by our community testers @pjnsmb @leori and @colorman

    Please keep testing RC 3!

    Version 1.1.0 RC 3 - 16 April 2021 - changelog
    [ProMIND] Updated to OpenVPN 3.7 AirVPN [ProMIND] vpnclient.hpp: avoid netFilter setup in case NetFilter object is not private [ProMIND] dbusconnector.cpp: fine tuned D-Bus wait cycle in R/W dispatch. Implemented a thread safe wait in order to avoid D-Bus timeout policy
    Kind regards
     
  12. Thanks
    Staff reacted to colorman in Linux: AirVPN Suite 1.1.0 beta available   ...
    Same at opensuse leap15.2
    2021-04-16 14:02:36 Maximum rate: In 28,16 Mbit/s, Out 1,21 Mbit/s
    ^C2021-04-16 14:03:26 Caught SIGTERM signal. Terminating.
       
  13. Thanks
    Staff reacted to leori in Linux: AirVPN Suite 1.1.0 beta available   ...
    Confirmed : no elegant shut-down RC2 ubuntu 20.04 :  Caught SIGTERM signal.
    Had to kill zombie. kill -9 $(ps -A -ostat,ppid | grep -e '[zZ]'| awk '{ print $2 }')
    restore network via goldcrest
  14. Thanks
    Staff reacted to pjnsmb in Linux: AirVPN Suite 1.1.0 beta available   ...
    @Staff

    Real trouble using RC2

    1# on goldcrest command :

    peter@desktop:~/Desktop/VPN$ goldcrest --air-connect  --air-server Alathfar 

    normal start of server but on using CTRL +C to terminate  the last line shows :

    ^C2021-04-15 15:40:30 Caught SIGTERM signal. Terminating.

    but that is where it stops............
    and the server remains connected.

    Full log :

    peter@desktop:~/Desktop/VPN$ goldcrest --air-connect  --air-server Alathfar 
    2021-04-15 15:24:54 Reading run control directives from file /home/peter/.config/goldcrest.rc
    Goldcrest 1.1.0 RC2 - 14 April 2021

    2021-04-15 15:24:54 Bluetit - AirVPN OpenVPN 3 Service 1.1.0 RC2 - 14 April 2021
    2021-04-15 15:24:54 OpenVPN core 3.6.7 AirVPN linux x86_64 64-bit
    2021-04-15 15:24:54 Bluetit is ready
    2021-04-15 15:24:54 Bluetit options successfully reset
    2021-04-15 15:24:54 Bluetit successfully set to command line options
    2021-04-15 15:24:54 Requesting AirVPN connection to Bluetit
    2021-04-15 15:24:54 Network filter and lock are using nftables
    2021-04-15 15:24:54 Successfully loaded kernel module nf_tables
    2021-04-15 15:24:54 Network filter successfully initialized
    2021-04-15 15:24:54 Session network filter and lock successfully enabled
    2021-04-15 15:24:54 AirVPN bootstrap servers are now allowed to pass through the network filter
    2021-04-15 15:24:54 Logging in AirVPN user pjnsmb
    2021-04-15 15:24:55 AirVPN user pjnsmb successfully logged in
    2021-04-15 15:24:55 Selected user key: DESKTOP
    2021-04-15 15:24:55 Starting connection to AirVPN server Alathfar, Maidenhead (United Kingdom)
    2021-04-15 15:24:55 Starting VPN Connection
    2021-04-15 15:24:55 TUN persistence is enabled.
    2021-04-15 15:24:55 CIPHER OVERRIDE: CHACHA20-POLY1305
    2021-04-15 15:24:55 Network lock set to 'nftables' by Bluetit policy
    2021-04-15 15:24:55 Ignore DNS push is enabled by Bluetit policy
    2021-04-15 15:24:55 OpenVPN core 3.6.7 AirVPN linux x86_64 64-bit
    2021-04-15 15:24:55 Frame=512/2048/512 mssfix-ctrl=1250
    2021-04-15 15:24:55 UNUSED OPTIONS
    6 [resolv-retry] [infinite]
    7 [nobind]
    8 [persist-key]
    9 [persist-tun]
    10 [auth-nocache]
    11 [verb] [3]
    12 [explicit-exit-notify] [5]
    2021-04-15 15:24:55 EVENT: RESOLVE
    2021-04-15 15:24:55 Local IPv4 address 192.168.0.6
    2021-04-15 15:24:55 Local IPv6 address 2a02:c7f:cc09:d900:e8e0:78ab:dbaa:b120
    2021-04-15 15:24:55 Local IPv6 address fdda:2d87:d69a:0:66c2:963b:c4e3:9f3c
    2021-04-15 15:24:55 Local IPv6 address fe80::154d:4265:bdaf:3d0
    2021-04-15 15:24:55 Local interface enp3s0
    2021-04-15 15:24:55 Setting up network filter and lock
    2021-04-15 15:24:55 Allowing system DNS 127.0.0.1 to pass through the network filter
    2021-04-15 15:24:55 Adding IPv6 server 2a01:a500:320:52a4:a5b8:604b:f9ee:869 to network filter
    2021-04-15 15:24:55 Network filter and lock successfully activated
    2021-04-15 15:24:55 Contacting [2a01:a500:320:52a4:a5b8:604b:f9ee:869]:443 via UDP
    2021-04-15 15:24:55 EVENT: WAIT
    2021-04-15 15:24:55 net_route_best_gw query IPv6: 2a01:a500:320:52a4:a5b8:604b:f9ee:869/128
    2021-04-15 15:24:55 sitnl_route_best_gw result: via fe80::3e89:94ff:fef6:ead1 dev enp3s0
    2021-04-15 15:24:55 net_route_add: 2a01:a500:320:52a4:a5b8:604b:f9ee:869/128 via fe80::3e89:94ff:fef6:ead1 dev enp3s0 table 0 metric 0
    2021-04-15 15:24:55 Connecting to [2a01:a500:320:52a4:a5b8:604b:f9ee:869]:443 (2a01:a500:320:52a4:a5b8:604b:f9ee:869) via UDPv6
    2021-04-15 15:24:55 EVENT: CONNECTING
    2021-04-15 15:24:55 Tunnel Options:V4,dev-type tun,link-mtu 1522,tun-mtu 1500,proto UDPv4,comp-lzo,cipher CHACHA20-POLY1305,auth [null-digest],keysize 256,key-method 2,tls-client
    2021-04-15 15:24:55 Peer Info:
    IV_VER=3.6.7 AirVPN
    IV_PLAT=linux
    IV_TCPNL=1
    IV_PROTO=30
    IV_CIPHERS=CHACHA20-POLY1305
    IV_LZO_STUB=1
    IV_COMP_STUB=1
    IV_COMP_STUBv2=1
    IV_IPv6=1
    UV_IPV6=yes
    IV_GUI_VER=Bluetit - AirVPN OpenVPN 3 Service 1.1.0 RC2
    IV_SSL=OpenSSL 1.1.0l  10 Sep 2019

    2021-04-15 15:24:55 VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org CA/emailAddress=info@airvpn.org, signature: RSA-SHA1
    2021-04-15 15:24:55 VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=Alathfar/emailAddress=info@airvpn.org, signature: RSA-SHA512
    2021-04-15 15:24:55 SSL Handshake: peer certificate: CN=Alathfar, 4096 bit RSA, cipher: TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD

    2021-04-15 15:24:55 Session is ACTIVE
    2021-04-15 15:24:55 EVENT: WARN TLS: received certificate signed with SHA1. Please inform your admin to upgrade to a stronger algorithm. Support for SHA1 signatures will be dropped in the future
    2021-04-15 15:24:55 EVENT: GET_CONFIG
    2021-04-15 15:24:55 Sending PUSH_REQUEST to server...
    2021-04-15 15:24:55 OPTIONS:
    0 [comp-lzo] [no]
    1 [redirect-gateway] [ipv6] [def1] [bypass-dhcp]
    2 [dhcp-option] [DNS] [10.5.46.1]
    3 [dhcp-option] [DNS6] [fde6:7a:7d20:12e::1]
    4 [tun-ipv6]
    5 [route-gateway] [10.5.46.1]
    6 [topology] [subnet]
    7 [ping] [10]
    8 [ping-restart] [60]
    9 [ifconfig-ipv6] [fde6:7a:7d20:12e::101d/64] [fde6:7a:7d20:12e::1]
    10 [ifconfig] [10.5.46.31] [255.255.255.0]
    11 [peer-id] [2]
    12 [cipher] [CHACHA20-POLY1305]

    2021-04-15 15:24:55 PROTOCOL OPTIONS:
      cipher: CHACHA20-POLY1305
      digest: NONE
      ncp enabled: no
      key-derivation: OpenVPN PRF
      compress: LZO_STUB
      peer ID: 2
      control channel: tls-crypt enabled
    2021-04-15 15:24:55 EVENT: ASSIGN_IP
    2021-04-15 15:24:55 WARNING: ignoring server DNS push request for address 10.5.46.1
    2021-04-15 15:24:55 WARNING: ignoring server DNS push request for address fde6:7a:7d20:12e::1
    2021-04-15 15:24:55 net_iface_mtu_set: mtu 1500 for tun0
    2021-04-15 15:24:55 net_iface_up: set tun0 up
    2021-04-15 15:24:55 net_addr_add: 10.5.46.31/24 brd 10.5.46.255 dev tun0
    2021-04-15 15:24:55 net_addr_add: fde6:7a:7d20:12e::101d/64 dev tun0
    2021-04-15 15:24:55 net_route_add: 0.0.0.0/1 via 10.5.46.1 dev tun0 table 0 metric 0
    2021-04-15 15:24:55 net_route_add: 128.0.0.0/1 via 10.5.46.1 dev tun0 table 0 metric 0
    2021-04-15 15:24:55 net_route_add: ::/1 via fde6:7a:7d20:12e::1 dev tun0 table 0 metric 0
    2021-04-15 15:24:55 net_route_add: 8000::/1 via fde6:7a:7d20:12e::1 dev tun0 table 0 metric 0
    2021-04-15 15:24:55 TunPersist: saving tun context:
    Session Name: 2a01:a500:320:52a4:a5b8:604b:f9ee:869
    Layer: OSI_LAYER_3
    Remote Address: 2a01:a500:320:52a4:a5b8:604b:f9ee:869 [IPv6]
    Tunnel Addresses:
      10.5.46.31/24 -> 10.5.46.1
      fde6:7a:7d20:12e::101d/64 -> fde6:7a:7d20:12e::1 [IPv6]
    Reroute Gateway: IPv4=1 IPv6=1 flags=[ ENABLE REROUTE_GW DEF1 BYPASS_DHCP IPv4 IPv6 ]
    Block IPv6: no
    Add Routes:
    Exclude Routes:
    DNS Servers:
      10.5.46.1
      fde6:7a:7d20:12e::1 [IPv6]
    Search Domains:

    2021-04-15 15:24:55 Connected via tun
    2021-04-15 15:24:55 LZO-ASYM init swap=0 asym=1
    2021-04-15 15:24:55 Comp-stub init swap=0
    2021-04-15 15:24:55 EVENT: CONNECTED [2a01:a500:320:52a4:a5b8:604b:f9ee:869]:443 (2a01:a500:320:52a4:a5b8:604b:f9ee:869) via /UDPv6 on tun/10.5.46.31/fde6:7a:7d20:12e::101d gw=[10.5.46.1/fde6:7a:7d20:12e::1]
    2021-04-15 15:24:55 Connected to AirVPN server Alathfar, Maidenhead (United Kingdom)
    2021-04-15 15:25:54 ----------------------
    2021-04-15 15:25:54 Connected to AirVPN server Alathfar (Maidenhead, United Kingdom)
    2021-04-15 15:25:54 Users 55 - Load 27% - Bandwidth 276.03 Mbit/s - Max 1 Gbit/s
    2021-04-15 15:25:54 Connection time: 00:01:01
    2021-04-15 15:25:54 Transferred data: In 1.76 MB, Out 676.97 KB
    2021-04-15 15:25:54 Current rate: In 177.52 Kbit/s, Out 71.04 Kbit/s
    2021-04-15 15:25:54 Maximum rate: In 496.43 Kbit/s, Out 88.97 Kbit/s
    2021-04-15 15:26:54 ----------------------
    2021-04-15 15:26:54 Connected to AirVPN server Alathfar (Maidenhead, United Kingdom)
    2021-04-15 15:26:54 Users 55 - Load 27% - Bandwidth 276.03 Mbit/s - Max 1 Gbit/s
    2021-04-15 15:26:54 Connection time: 00:02:01
    2021-04-15 15:26:54 Transferred data: In 5.61 MB, Out 2.85 MB
    2021-04-15 15:26:54 Current rate: In 5.91 Kbit/s, Out 8.25 Kbit/s
    2021-04-15 15:26:54 Maximum rate: In 697.65 Kbit/s, Out 99.17 Kbit/s
    2021-04-15 15:27:54 ----------------------
    2021-04-15 15:27:54 Connected to AirVPN server Alathfar (Maidenhead, United Kingdom)
    2021-04-15 15:27:54 Users 55 - Load 27% - Bandwidth 276.03 Mbit/s - Max 1 Gbit/s
    2021-04-15 15:27:54 Connection time: 00:03:01
    2021-04-15 15:27:54 Transferred data: In 7.23 MB, Out 4.84 MB
    2021-04-15 15:27:54 Current rate: In 8.57 Kbit/s, Out 21.22 Kbit/s
    2021-04-15 15:27:54 Maximum rate: In 697.65 Kbit/s, Out 99.17 Kbit/s


    ^C2021-04-15 15:40:30 Caught SIGTERM signal. Terminating.


    2# If I stop bluetit :

    root@desktop:~# systemctl stop bluetit
    root@desktop:~# systemctl status  bluetit
    ● bluetit.service - AirVPN Bluetit Daemon
         Loaded: loaded (/etc/systemd/system/bluetit.service; enabled; vendor preset: enabled)
         Active: failed (Result: timeout) since Thu 2021-04-15 15:58:38 BST; 5s ago
        Process: 15853 ExecStart=/sbin/bluetit (code=exited, status=0/SUCCESS)
        Process: 117468 ExecStop=/bin/kill -- $MAINPID (code=exited, status=0/SUCCESS)
       Main PID: 15855 (code=killed, signal=KILL)
            CPU: 33.284s

    Apr 15 15:58:17 desktop bluetit[15855]: Received SIGTERM signal. Terminating Bluetit.
    Apr 15 15:58:17 desktop bluetit[15855]: Stopping OpenVPN3 connection thread
    Apr 15 15:58:17 desktop bluetit[15855]: Connection statistics updater thread finished
    Apr 15 15:58:38 desktop systemd[1]: bluetit.service: State 'stop-sigterm' timed out. Killing.
    Apr 15 15:58:38 desktop systemd[1]: bluetit.service: Killing process 15855 (bluetit) with signal SIGKILL.
    Apr 15 15:58:38 desktop systemd[1]: bluetit.service: Killing process 18314 (bluetit) with signal SIGKILL.
    Apr 15 15:58:38 desktop systemd[1]: bluetit.service: Main process exited, code=killed, status=9/KILL
    Apr 15 15:58:38 desktop systemd[1]: bluetit.service: Failed with result 'timeout'.
    Apr 15 15:58:38 desktop systemd[1]: Stopped AirVPN Bluetit Daemon.
    Apr 15 15:58:38 desktop systemd[1]: bluetit.service: Consumed 33.284s CPU time.

    3# If I restart bluetit :

    root@desktop:~# systemctl restart bluetit
    root@desktop:~# systemctl status  bluetit
    ● bluetit.service - AirVPN Bluetit Daemon
         Loaded: loaded (/etc/systemd/system/bluetit.service; enabled; vendor preset: enabled)
         Active: active (running) since Thu 2021-04-15 16:01:51 BST; 3s ago
        Process: 126229 ExecStart=/sbin/bluetit (code=exited, status=0/SUCCESS)
       Main PID: 126231 (bluetit)
          Tasks: 2 (limit: 9362)
         Memory: 1.4M
            CPU: 22ms
         CGroup: /system.slice/bluetit.service
                 └─126231 /sbin/bluetit

    Apr 15 16:01:51 desktop bluetit[126231]: Reading run control directives from file /etc/airvpn/bluetit.rc
    Apr 15 16:01:51 desktop bluetit[126231]: IPv6 is available in this system
    Apr 15 16:01:51 desktop bluetit[126231]: System country set to GB by Bluetit policy.
    Apr 15 16:01:51 desktop bluetit[126231]: Bluetit successfully initialized and ready
    Apr 15 16:01:51 desktop systemd[1]: Started AirVPN Bluetit Daemon.
    Apr 15 16:01:51 desktop bluetit[126231]: Bluetit did not exit gracefully on its last run or has been killed.
    Apr 15 16:01:51 desktop bluetit[126231]: Run recover network procedure or restore system settings saved in /etc/airvpn
    Apr 15 16:01:51 desktop bluetit[126231]: AirVPN Manifest updater thread started
    Apr 15 16:01:51 desktop bluetit[126231]: AirVPN Manifest update interval is 15 minutes
    Apr 15 16:01:51 desktop bluetit[126231]: Updating AirVPN Manifest
    Apr 15 16:02:51 desktop bluetit[126231]: AirVPN Manifest successfully retrieved from local instance
    Apr 15 16:03:40 desktop systemd[1]: Stopping AirVPN Bluetit Daemon...
    Apr 15 16:03:40 desktop bluetit[126231]: Received SIGTERM signal. Terminating Bluetit.
    Apr 15 16:03:40 desktop bluetit[126231]: AirVPN Manifest updater thread finished
    Apr 15 16:03:40 desktop systemd[1]: bluetit.service: Succeeded.
    Apr 15 16:03:40 desktop systemd[1]: Stopped AirVPN Bluetit Daemon.

    It takes nearly two minutes to stop the server and the goldcrest log still shows 'terminating'

    UPDATE
    closing terminal and reopening a new terminal shows :

    eter@desktop:~/Desktop/VPN$ goldcrest --air-connect  --air-server Alathfar 
    2021-04-15 16:19:41 Reading run control directives from file /home/peter/.config/goldcrest.rc
    Goldcrest 1.1.0 RC2 - 14 April 2021

    2021-04-15 16:19:41 DBusConnectorException: DBusConnector: not primary owner (2)

    UPDATE TWO
    I cannot stop goldcrest using htop either.

    Restarting the computer results in a 30 second delay on shutdown  with :

    'A stop job is running for session 1 of user peter' showing in close down terminal




     
  15. Thanks
    Staff reacted to c69c7kfrv48fuJ8Re44C in Apple Silicon version?   ...
    Worth pointing out that the Hummingbird client works very nicely on M1 Macs (natively, without Rosetta), so consider that if you're comfortable with the command line. 

    https://airvpn.org/forums/topic/48969-macos-apple-m1-hummingbird-111-released/
  16. Thanks
    Staff got a reaction from Airystocrat in Eddie ports and prococols for firewalled PC   ...
    @Airystocrat

    Hello!

    Eddie's Network Lock now works even for OpenVPN over Tor mode, but only in Windows. Eddie 2.18 or higher version is required. The feature is currently undocumented. Eddie developer may clarify the matter.

    In other systems, if you can't rely on virtualization, we would recommend Tor over OpenVPN for a 100% safe leaks prevention. Tor over OpenVPN, in terms of anonymity layer, is better than OpenVPN over Tor, because the Tor "circuit" is free and re-built at each stream, and not indefinitely fixed for the unique OpenVPN stream. Moreover you can run OpenVPN over UDP. However the final service will see that your traffic comes from Tor.

    Kind regards

     
  17. Thanks
    Staff reacted to air2157 in Linux: AirVPN Suite 1.1.0 beta available   ...
    I'm having problems with Hummingbird. My idea is to have a common TCP/443  .ovpn config file and specify the server on the command line. Here's the .ovpn config file (which, incidentally, works fine without any overrides):
     
    client dev tun remote bg3.all.vpn.airdns.org 443 resolv-retry infinite nobind persist-key persist-tun auth-nocache route-delay 5 verb 3 push-peer-info setenv UV_IPV6 no remote-cert-tls server cipher AES-256-GCM comp-lzo no proto tcp With server and port override:
      user@air-eur:~$ sudo hummingbird --server europe3.vpn.airdns.org --port 443 /etc/airvpn/tcp_443.ovpn Hummingbird - AirVPN OpenVPN 3 Client 1.1.2 RC 1 - 7 April 2021 Thu Apr 8 19:34:39.716 2021 System and service manager in use is systemd Thu Apr 8 19:34:39.736 2021 Network filter and lock are using iptables-legacy Thu Apr 8 19:34:39.750 2021 Successfully loaded kernel module iptable_filter Thu Apr 8 19:34:39.778 2021 Successfully loaded kernel module iptable_nat Thu Apr 8 19:34:39.796 2021 Successfully loaded kernel module iptable_mangle Thu Apr 8 19:34:39.816 2021 Successfully loaded kernel module iptable_security Thu Apr 8 19:34:39.837 2021 Successfully loaded kernel module iptable_raw Thu Apr 8 19:34:39.863 2021 Successfully loaded kernel module ip6table_filter Thu Apr 8 19:34:39.888 2021 Successfully loaded kernel module ip6table_nat Thu Apr 8 19:34:39.899 2021 Successfully loaded kernel module ip6table_mangle Thu Apr 8 19:34:39.909 2021 Successfully loaded kernel module ip6table_security Thu Apr 8 19:34:39.918 2021 Successfully loaded kernel module ip6table_raw ERROR: eval config error: ERR_PROFILE_GENERIC: option_error: error parsing protocol: tcp-client If I comment out the remote bg3.all.vpn.airdns.org line, it segfaults: user@air-eur:~$ sudo hummingbird --server europe3.vpn.airdns.org --port 443 /etc/airvpn/tcp_443.ovpn Hummingbird - AirVPN OpenVPN 3 Client 1.1.2 RC 1 - 7 April 2021 Thu Apr 8 19:42:18.195 2021 System and service manager in use is systemd Segmentation fault








     
  18. Thanks
    Staff reacted to tOjO in Linux: AirVPN Suite 1.1.0 beta available   ...
    @Staff, I tested the beta 2 after an uninstall of beta 1 and the bluetit daemon hasn't crashed anymore when the bandwidth is on high load.

    The problem seems indeed to be resolved. Well done ! 😉


    Grts,
    Tom
  19. Thanks
    Staff reacted to dziga_vertov in Bluetit not login at startup   ...
    Now it works indeed!! Thanks a lot for your prompt reply.

    All the best

    Adrián
  20. Like
    Staff got a reaction from pepelegal in Fowarded ports and Privacy   ...
    Hello!
     
    No.
     
     
    No. However, remotely forwarded ports are kept in the database, otherwise it would be impossible to reserve them to the appropriate accounts and dynamically forward them according to the server the customer's client connects to. Ports are deleted when the user un-forward them from the control panel. By default no port is remotely forwarded. The database is not on the web site servers.
     
     
    The current e-mail address is stored (on the db servers, not on the web site servers). This is essential to guarantee some services such as password reset, but a user is not forced to associate a real e-mail address to an account. Of course the best solution is picking an e-mail address that can't be exploited to disclose an identity.
     
     
    No.
     
     
    No.
     
     
    Remotely forwarded ports, if not deleted, can indeed compromise privacy under certain conditions. Even if deleted, they can expose the customer to correlation attacks, if a customer forwards them both on the VPN and on his/her system physical network interface(s) or router(s) etc (as clearly underlined in the FAQ). Before we can answer completely, we need that you elaborate your question. In particular, what crimes in which legal framework would you commit in this hypothetical scenario, which government and which force do you refer to?
     
    As clearly stated in the Terms of Service, a direct or indirect violation of any fundamental right (as enshrined in the ECHR) and some other acts (described in ToS art. 4) are a violation of our Terms of Service, REGARDLESS of the fact that the infringement is a crime or not according to the legal framework of the country which the customer infringes the ECHR from. On the other hand, a fact that is considered a crime according to some out of jurisdiction country legal framework has no relevance for us/is not our concern, since we (quite obviously) do not recognize the authority of any entity or the validity of any law that are out of jurisdiction. That matter will have to be faced by that country authorities without any cooperation from Air owners.
     
    Kind regards
  21. Like
    Staff got a reaction from Stalinium in VPNs - Caught in Lying!?!   ...
    @arteryshelby

    We do not log and/or inspect our customers' traffic. Since 2010 you can't produce any single case, and not even the slightest clue, in which the identity of an AirVPN customer has been disclosed through traffic log and/or inspection and/or any other invasive method.

    It means a lot, given that various younger VPN services have been caught lying (ascertained court cases) and that AirVPN is now the oldest still active VPN service, with the exception of a minor service which anyway changed ownership twice in the last 12 years.

    By the way we have never asked our customers to blindly believe in our words.

    We do not block Tor and we even integrate its usage in our software, so you can be even safer if you can't afford to trust us OR some datacenter. For example you can use Tor over OpenVPN, to hide Tor usage to your country and ISP, and at the same time hide your traffic real origin, destination, protocol etc. to us and the datacenter the server is connected into.

    Last but not least, we invest a lo of money in Tor infrastructure and in 2017, 2018 and 2019 more than 2.5% of global world Tor network traffic transited on Tor exit-nodes paid by AirVPN. It is an important achievement we're proud of, and it hints to good faith.

    Kind regards
     
  22. Thanks
    Staff reacted to dL4l7dY6 in Linux: AirVPN Suite 1.1.0 beta available   ...
    I was running a torrent client when the crash occurred., i.e. using bandwidth constantly.

    I do run PiHole but not on that box, i.e. PiHole is not aware of the VPN.



     
  23. Like
    Staff got a reaction from pklammer in Upgrade: Ain becomes a 10 Gbit/s server (SE)   ...
    Hello!

    We're very glad to inform you that a server located in Stockholm (SE) has been upgraded: Ain. Server is now connected to a 10 Gbit/s line and port, while the motherboard has been replaced with a more powerful CPU. IP addresses remain the same. You don't need to re-generate configuration files, even if you don't run our software.

    As usual the server includes load balancing between daemons to squeeze as much bandwidth as possible from the 10 Gbit/s line.

    The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP.

    Just like every other Air server, Ain supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3 and tls-crypt.

    Full IPv6 support is included as well.

    As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

    You can check the server status as usual in our real time servers monitor:
    https://airvpn.org/servers/Ain

    Do not hesitate to contact us for any information or issue.

    Kind regards and datalove
    AirVPN Team
  24. Thanks
    Staff got a reaction from colorman in Linux: AirVPN Suite 1.1.0 beta available   ...
    UPDATE 2021-04-07: 1.1.0 RELEASE CANDIDATE 1 IS AVAILABLE
    UPDATE 2021-04-15: 1.1.0 RELEASE CANDIDATE 2 IS AVAILABLE
    UPDATE 2021-04-17: 1.10 RELEASE CANDIDATE 3 IS AVAILABLE
    UPDATE 2021-05-14: 1.10 RELEASE CANDIDATE 4 IS AVAILABLE
    UPDATE 2021-06-04: 1.1.0 HAS BEEN RELEASED
     
    Hello!

    We're very glad to introduce a new AirVPN Suite version for Linux. Check supported systems below

    The suite includes:
    Bluetit: lightweight, ultra-fast D-Bus controlled system daemon providing full connectivity and integration to AirVPN servers, or generic OpenVPN servers. Bluetit can also enforce Network Lock and/or connect the system to AirVPN during the bootstrap Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN servers Hummingbird: lightweight and standalone binary for generic OpenVPN server connections
    All the software is free and open source, licensed under GPLv3.  
    What's new in 1.1.0 version
     
    full compatibility with OSMC, Open Source Media Center enhanced compatibility with Raspbian persistent Network Lock implementation, useful for example to enforce prompt Network Lock during system bootstrap and prevent traffic leaks caused by processes at bootstrap (**). Use directive networklockpersist in bluetit.rc to enable Network Lock as soon as Bluetit starts, regardless of network status and connection attempts revisited Network Lock logic for additional safety new directives for bluetit.rc: networklockpersist, connectretrymax and aircipher enhanced DNS handling for peculiar systemd-resolved operational modes more rigorous handling of events through semaphore implementation new D-Bus methods for Network Lock aimed at easier control by clients. Developer's documentation will be published soon crash caused by systemd signal flooding has been resolved libcurl crash in OSMC and other systems has been fixed crash in some 32 bit systems has been fixed logical flaw causing Network Lock missed activation in case of account login failure has been fixed various bug fixes see the changelog below for more information and details   Important notes
    (**) Ponder the option carefully if your machine needs network sync via NTP or other network services outside the VPN during the bootstrap phase
    (***) Fedora 33 and openSUSE 15.2 users beware: we have noticed that in freshly installed Fedora 33 libcurl cannot find CA LetsEncrypt certificates and this will prevent Bluetit from detecting the country from ipleak.net. In this case, you can overcome this bug by using the country directive in bluetit.rc file, therefore avoiding the need to contact ipleak.net web site.
      AirVPN Suite changelog
     
    Version 1.1.0 RC 4 - 14 May 2021
    [ProMIND] optionparser.cpp: added proper message errors in case of invalid argument and allocation memory error [ProMIND] netfilter.cpp: systemBackupExists() now evaluate every firewall mode backup file name [ProMIND] netfilter.cpp: restore() now check for every firewall mode backup and restore it accordingly [ProMIND] netfilter.cpp: IPv6 rules are now allowed or added only in case IPv6 is available in the system
    Version 1.1.0 RC 3 - 16 April 2021
    [ProMIND] Updated to OpenVPN 3.7 AirVPN [ProMIND] vpnclient.hpp: avoid netFilter setup in case NetFilter object is not private [ProMIND] dbusconnector.cpp: fine tuned D-Bus wait cycle in R/W dispatch. Implemented a thread safe wait in order to avoid D-Bus timeout policy
    Version 1.1.0 RC 1 - 7 April 2021
    Release Candidate, no change from Beta 2
    Version 1.1.0 Beta 2 - 2 April 2021
    [ProMIND] localnetwork.cpp: added getDefaultGatewayInterface() method
    Version 1.1.0 Beta 1 - 11 March 2021
      [ProMIND] rcparser.cpp: removed formal list control for STRING type [ProMIND] netfilter.hpp, netfilter.cpp: added functions to set the availability of specific iptables tables in order to properly use available tables only [ProMIND] vpnclient.hpp: onResolveEvent() sets iptables tables according to the loaded modules [ProMIND] vpnclient.hpp: Changed constructor in order to use both private and external NetFilter object [ProMIND] localnetwork.cpp: added getLoopbackInterface(), getLocalIPaddresses() and getLocalInterfaces() methods [ProMIND] airvpntools.cpp: added detectLocation() method to retrieve location data from ipleak.net [ProMIND] airvpnuser.cpp: detectUserLocation() now uses AirVPNTools::detectLocation() [ProMIND] airvpnuser.cpp: loadUserProfile() now correctly sets userProfileErrorDescription in case of network failure [ProMIND] airvpnserverprovider.cpp: added "DEFAULT" rule to getUserConnectionPriority() in case user's country or continent is undefined [ProMIND] airvpnmanifest.cpp: loadManifest() now correctly sets the status STORED in case of network failure [ProMIND] Added Semaphore class [ProMIND] dnsmanager.hpp: method revertAllResolved() renamed to restoreResolved(). Besides reverting all interfaces it now restarts systemd-resolved service as well. [ProMIND] install.sh: improved update/upgrade process   Bluetit changelog
     
    Version 1.1.0 RC 4 - 14 May 2021 [ProMIND] Added directives airipv6 and air6to4 in bluetit.rc [ProMIND] In case it is requested a network recovery, VpnClient object is now initialized with NetFilter::Mode::OFF [ProMIND] In case the requested network lock method is not available, connection is not started [ProMIND] In case system location cannot be determined through ipleak.net, country is now properly set to empty, latitude and longitude to 0. [ProMIND] Persistent network lock is enabled only in case Bluetit status is clean [ProMIND] AirVPN boot connection is started only in case Bluetit status is clean [ProMIND] DNS backup files are now properly evaluated when determining dirty status [ProMIND] Added D-Bus commands "reconnect_connection" and "session_reconnect"
    Version 1.1.0 Beta 2 - 2 April 2021 [ProMIND] Gateway and gateway interface check at startup. Bluetit won't proceed until both gateway and gateway interface are properly set up by the system [ProMIND] Increased volume and rate data sizes for 32 bit architectures [ProMIND] Added aircipher directive to bluetit.rc [ProMIND] Added maxconnretries directive to bluetit.rc
    Version 1.1.0 Beta 1 - 11 March 2021 [ProMIND] connection_stats_updater(): now uses server.getEffectiveBandWidth() for AIRVPN_SERVER_BANDWIDTH [ProMIND] added bool shutdownInProgress to control bluetit exit procedure and avoid signal flooding [ProMIND] system location is detected at boot time and eventually propagated to all AirVPN users [ProMIND] Network lock and filter is now enabled and activated before AirVPN login procedure [ProMIND] Added dbus methods "enable_network_lock", "disable_network_lock" and "network_lock_status" [ProMIND] Renamed bluetit.rc directive "airconnectonboot" to "airconnectatboot" [ProMIND] Added bluetit.rc directive "networklockpersist"   Goldcrest changelog

    Version 1.1.2 RC 4 - 14 May 2021
    [ProMIND] DNS backup files are now properly evaluated when determining dirty status [ProMIND] ProfileMerge is now constructed by allowing any file extension [ProMIND] Reconnection (SIGUSR2) is now allowed only in case tun persistence is enabled

    Version 1.1.2 - 2 April 2021
    [ProMIND] Updated base classes Hummingbird changelog

    Version 1.1.2 RC 4 - 14 May 2021
    [ProMIND] DNS backup files are now properly evaluated when determining dirty status [ProMIND] ProfileMerge is now constructed by allowing any file extension [ProMIND] Reconnection (SIGUSR2) is now allowed only in case tun persistence is enabled  

    Architecture

    The client-daemon architecture offered by Goldcrest and Bluetit combination offers a robust security model and provides system administrators with a fine-grained, very flexible access control.

    Bluetit is fully integrated with AirVPN. The daemon is accessed through a D-Bus interface by providing specific methods and interface in order to give full support to OpenVPN connection and AirVPN functionality, including - but not limited to - quick automatic connection to the best AirVPN server for any specific location as well as any AirVPN server or country. Connection during system bootstrap is fully supported as well.  
    New OpenVPN 3 library features

    Hummingbird and Bluetit are linked against a new version of our OpenVPN 3 library which supports directive data-ciphers: it can be used consistently with OpenVPN 2.5 syntax in OpenVPN profiles.

    The directive allows OpenVPN 3 based software to negotiate a common Data Channel cipher with the OpenVPN server,, updating therefore our library to ncp-like negotiation with OpenVPN 2 branch. Hummingbird and Bluetit are already linked against the new library version, while Eddie Android edition will be updated in the near future.

    The new library also includes a different handling of IV_CIPHERS variable, fixing OpenVPN main branch issues which caused a plethora of problems with OpenVPN 2.5. The implementation, at the same time, takes care of full backward compatibility with OpenVPN versions older than 2.5.

    ncp-disable directive, which to date has never been implemented in the main  branch, is still supported, in order to further enhance backward compatibility with both OpenVPN profiles and servers, as well as connection flexibility with servers running older than 2.5 OpenVPN versions.

    Please note that if you enforce a specific Data Channel cipher by means of Bluetit configuration file, Hummingbird line option, or Goldcrest configuration file and/or line option, the enforced Data Channel cipher will override data-ciphers profile directive.
      Notes on systemd-resolved

    In Fedora 33 systemd-resolved comes pre-configured to work in "on-link" mode and network-manager works together with it.

    This very peculiar, Windows-like setup kills Linux global DNS handling, causing those DNS leaks which previously occurred only on Windows. Hummingbird and Bluetit take care of preventing the brand new DNS leaks caused by such a setup.

    Also note that systemd-resolved comes pre-configured with fallback DNS (Google DNS is a systemd-resolved default fallback DNS, smart choices pile up!) which will be queried if each interface DNS server fails some resolution. In such a case, if and only if you have Network Lock enabled will DNS leaks be prevented.
      Supported systems

    The suite is currently available for Linux x86-64, i686 (32 bit distributions), arm7l (for example Raspbian, OSMC and other ARM 32 bit based systems) and aarch64 (ARM 64 bit). Both systemd and SysV-style init based systems are supported.

    AirVPN Suite is free and open source software licensed under GPLv3.
      Overview and main features
     
    AirVPN’s free and open source OpenVPN 3 suite based on AirVPN’s OpenVPN 3 library fork
      Bluetit: lightweight D-Bus controlled system daemon providing full connectivity to AirVPN servers and generic OpenVPN servers. Ability to connect the system to AirVPN during the bootstrap. Goldcrest: Bluetit client, allowing full integration with AirVPN servers, users, keys, profiles as well as generic OpenVPN servers Hummingbird: lightweight and standalone client for generic OpenVPN server connection Linux i686, x86-64, arm7l and arm64 (Raspberry) support Full integration with systemd, SysV Style-init and chkconfig No heavy framework required, no GUI Tiny RAM footprint Lightning fast Based on OpenVPN 3 library fork by AirVPN version 3.6.6 with tons of critical bug fixes from the main branch, new cipher support and never seen before features ChaCha20-Poly1305 cipher support on both Control and Data Channel providing great performance boost on ARM, Raspberry PI and any Linux based platform not supporting AES-NI. Note: ChaCha20 support for Android had been already implemented in our free and open source Eddie Android edition Robust leaks prevention through Network Lock based either on iptables, nftables or pf through automatic detection Proper handling of DNS push by VPN servers, working with resolv.conf as well as any operational mode of systemd-resolved additional features   User documentation (*) and source code:

    https://gitlab.com/AirVPN/AirVPN-Suite

    (*) Developer documentation to create custom software clients for Bluetit will be published in the near future.
      Download links:
    Linux x86-64: https://eddie.website/repository/AirVPN-Suite/1.1-RC4/AirVPN-Suite-x86_64-1.1.0-RC4.tar.gz
    Linux x-86-64 sha512 check file: https://eddie.website/repository/AirVPN-Suite/1.1-RC4/AirVPN-Suite-x86_64-1.1.0-RC4.tar.gz.sha512

    Linux i686: https://eddie.website/repository/AirVPN-Suite/1.1-RC4/AirVPN-Suite-i686-1.1.0-RC4.tar.gz
    Linux i686 sha512 check file: https://eddie.website/repository/AirVPN-Suite/1.1-RC4/AirVPN-Suite-armv7l-1.1.0-RC4.tar.gz.sha5123

    Linux arm7l: https://eddie.website/repository/AirVPN-Suite/1.1-RC4/AirVPN-Suite-armv7l-1.1.0-RC4.tar.gz
    Linux arm7l sha512 check file: https://eddie.website/repository/AirVPN-Suite/1.1-RC4/AirVPN-Suite-armv7l-1.1.0-RC4.tar.gz.sha512

    Linux aarch64: https://eddie.website/repository/AirVPN-Suite/1.1-RC4/AirVPN-Suite-aarch64-1.1.0-RC4.tar.gz
    Linux aarch64 sha512 check file: https://eddie.website/repository/AirVPN-Suite/1.1-RC4/AirVPN-Suite-aarch64-1.1.0-RC4.tar.gz.sha512

    Kind regards
    AirVPN Staff
  25. Thanks
    Staff got a reaction from telemus in New country: New Zealand - New 1 Gbit/s server available   ...
    Hello!

    We're very glad to inform you that a new 1 Gbit/s server located in Auckland (NZ) is available: Fawaris. We're also very pleased to be back in Oceania.

    The AirVPN client will show automatically the new server. If you use any other OpenVPN client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator").

    The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP.

    Just like every other Air server, Fawaris supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3 and tls-crypt.

    Full IPv6 support is included as well.

    As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

    You can check the server status as usual in our real time servers monitor:
    https://airvpn.org/servers/Fawaris

    Do not hesitate to contact us for any information or issue.

    Kind regards and datalove
    AirVPN Team
×
×
  • Create New...