Jump to content
Not connected, Your IP: 3.236.110.106

Staff

Staff
  • Content Count

    9012
  • Joined

    ...
  • Last visited

    ...
  • Days Won

    1315

Reputation Activity

  1. Thanks
    Staff got a reaction from frpergflf in Linux: AirVPN Suite 1.0.0 released   ...
    @frpergflf

    Hello!

    SELinux correctly prevents systemd to delete the lock file. That's an illegal operation that systemd wants to perform and that tells something on how systemd is designed.

    Bleutit crash is caused by the fact that systemd bombards with SIGTERM Bluetit (and in general any real daemon). Under specific circumstances, i.e. when 2 or more SIGTERM signals are sent to Blueit almost simultaneously, Bluetit crashes, because the promise object has been already depleted when the 2nd or nth SIGTERM is received. Again, this incomprehensible behavior tells something about how systemd is designed, but at least it made us find a bug which might cause crashes in any other similar circumstance (imagine if you manage to send SIGTERM from two "kill" commands synced to be executed almost simultaneously).

    Fix will be of course implemented in the next, imminent version.

    Kind regards
     
  2. Like
    Staff got a reaction from spinmaster in macOS Apple M1: Hummingbird 1.1.1 released   ...
    @Maggie144

    Hello!

    Since Network Lock is enforced via pf rules, which act directly on the kernel filtering table, it is not plausible that Apple services can bypass them. Leaks observed on Catalina and Big Sur with other software (not our software) take place because filtering rules are enforced via specific network API. The specific network filtering exceptions (for Apple programs) hard coded in macOS Catalina and Big Sur filtering API, which caused a lot of controversies (and rightly so), allow the horrendous behavior.

    Actually, lack of traffic leaks when Eddie or Hummingbird Network Lock is active on Intel Mac has been thoroughly verified by us through external network sniffers. We confirm that nothing, including Apple services and apps, is able to bypass the firewall (pf) rules. We can perform the same verification on Mac M1 in the near future.

    The problem in iOS is worse and can't be resolved, because in iOS devices you are not in control of the device filtering table (and you are not in control of the device in general). Anyway we do not write software for iOS, as you know. Should, in the future, "Apple Silicon" platforms evolve in iOS-like system which the user can not control, then they will be unsuitable for purposes where privacy and a layer of anonymity are a priority. We doubt anyway that Apple will expel its own customers from administrative device control like it did with iOS, but let's wait and see.

    Kind regards
     
  3. Like
    Staff got a reaction from spinmaster in macOS Apple M1: Hummingbird 1.1.1 released   ...
    @Maggie144

    Hello!

    Since Network Lock is enforced via pf rules, which act directly on the kernel filtering table, it is not plausible that Apple services can bypass them. Leaks observed on Catalina and Big Sur with other software (not our software) take place because filtering rules are enforced via specific network API. The specific network filtering exceptions (for Apple programs) hard coded in macOS Catalina and Big Sur filtering API, which caused a lot of controversies (and rightly so), allow the horrendous behavior.

    Actually, lack of traffic leaks when Eddie or Hummingbird Network Lock is active on Intel Mac has been thoroughly verified by us through external network sniffers. We confirm that nothing, including Apple services and apps, is able to bypass the firewall (pf) rules. We can perform the same verification on Mac M1 in the near future.

    The problem in iOS is worse and can't be resolved, because in iOS devices you are not in control of the device filtering table (and you are not in control of the device in general). Anyway we do not write software for iOS, as you know. Should, in the future, "Apple Silicon" platforms evolve in iOS-like system which the user can not control, then they will be unsuitable for purposes where privacy and a layer of anonymity are a priority. We doubt anyway that Apple will expel its own customers from administrative device control like it did with iOS, but let's wait and see.

    Kind regards
     
  4. Thanks
    Staff got a reaction from frpergflf in Linux: AirVPN Suite 1.0.0 released   ...
    @frpergflf

    Hello!

    Allowing access to those directories to group "airvpn" is a choice of each superuser. For security reasons, by default the installer sets them belonging to root user and root or wheel group to comply to the best security practices consolidated in UNIX in the last 30 years. In general, as an optimal security solution, we want that Bluetit files can be edited only by root and sudo-ers, while Goldcrest files (but not Goldcrest binary) can be changed only by users belonging to airvpn group.

    The lock file removal failure after Bluetit clean stop order by systemd is unexpected. When the problem re-occurs, would you be so kind to send us Bluetit log? sudo journalctl | grep bluetit

    @asdfasdfasdfasdfasdf

    No, it is not. If you proceed to implement, don't forget that Bluetit is a daemon.

    @dL4l7dY6
    @airvpnclient

    A source of Bluetit instability in OSMC and Raspbian 32 bit has been detected, and it's libcurl . The linked library explodes now and then. The problem has been resolved with specific libcurl linking. Development is now focused on a new Network Lock approach, to make the whole environment more secure especially during a system bootstrap. Once it is implemented (a matter of just a few days) we will be ready for testing and soon after a new release will follow, perfectly compatible with OSMC too.

    Kind regards
     
  5. Like
    Staff got a reaction from spinmaster in macOS Apple M1: Hummingbird 1.1.1 released   ...
    Hello!

    We're very glad to announce that we have just released Hummingbird for Apple M1 based machines. Hummingbird is a robust, light-weight and very fast OpenVPN 3 command line tool for Linux and macOS offering DNS handling and rock solid traffic leaks prevention out of the box.

    It's the first time that OpenVPN 3 library and Hummingbird are available as native software in M1 based Mac computers, providing faster execution speed and higher performance.

    As usual Hummingbird uses our OpenVPN 3 AirVPN library fork, which includes bug fixes and very important features missing in the main branch. Please find overview, details, documentation and download link here:
     
    Kind regards
     
  6. Thanks
    Staff got a reaction from tomMarvoloRiddle in ios persistent vpn   ...
    @tomMarvoloRiddle

    Hello!

    openvpn-connect can be configured as a VPN On Demand application. "VPN-On-Demand ... allows a VPN profile to specify the conditions under which it will automatically connect."

    Setup is not trivial and requires some patience and time, please see here:
    https://openvpn.net/vpn-server-resources/faq-regarding-openvpn-connect-ios/#can-i-use-ios-6-vpn-on-demand-with-openvpn

    Not all OpenVPN services meets "VPN on Demand" requirements. The necessary requisites are met by AirVPN.

    Kind regards
     
  7. Like
    Staff got a reaction from autone in speedtest comparison   ...
    @pfolk

    Hello!


    Settings to use wintun driver are correct. A specific Data Channel cipher can be defined by directive "data-ciphers". Check your Eddie log to see which Data Channel cipher is used (if in doubt please open a ticket and send a log to the support team).

    Eddie can accept custom directives in "Preferences" > "OVPN Directives" window. Some examples with ciphers supported by our servers (enter only ONE directive):
    data-ciphers AES-256-GCM
    data-ciphers AES-128-GCM
    data-ciphers CHACHA20-POLY1305 (do not use in AES-NI supporting machines, i.e. desktop computers usually, because performance will be lower).

    Kind regards

     
  8. Thanks
    Staff reacted to freak in AirVPN is faster than NordVPN but...   ...
    @Staff    The 'cipher AES-256-GCM' also works well.   Thanks!    It is difficult to see whether it is better - but it definitely also works fine.
  9. Like
    Staff got a reaction from ZPKZ in New 10 Gbit/s server available (CH)   ...
    For the readers: Ain in Stockholm has been upgraded to 10 Gbit/s line and port. https://airvpn.org/forums/topic/48885-upgrade-ain-becomes-a-10-gbits-server-se/

    Kind regards
     
  10. Like
    Staff got a reaction from ZPKZ in New 10 Gbit/s server available (CH)   ...
    For the readers: Ain in Stockholm has been upgraded to 10 Gbit/s line and port. https://airvpn.org/forums/topic/48885-upgrade-ain-becomes-a-10-gbits-server-se/

    Kind regards
     
  11. Thanks
    Staff reacted to MortenM in Eddie 2.19.7 unable to run, missing c++   ...
    The repack did it! Thank You.
  12. Like
    Staff got a reaction from debu in Eddie 2.19.7 unable to run, missing c++   ...
    @MortenM

    Hello!

    Eddie 2.19.7 for Windows 7 has just been re-packaged, please re-download and the problem should be sorted out.

    Kind regards
     
  13. Thanks
    Staff got a reaction from airvpnclient in Linux: AirVPN Suite 1.0.0 released   ...
    @airvpnclient

    Thanks! The new issue you reported in OSMC is confirmed and under investigation too.

    Kind regards
     
  14. Like
    Staff got a reaction from tami in Probs with Port / Eddi / hummingbird   ...
    @tami

    Hello!

    Hummingbird has a tiny RAM footprint if compared to Eddie (a dozen MB against hundreds of MB), even because it does not need Mono and does not have a GUI, so if you don't need a GUI use Hummingbird. CPU usage is high when traffic encryption/decryption is necessary and that's also why you can't beat some throughput limit.

    Hummingbird 1.1.0 is linked against mbedTLS library. New Hummingbird 1.1.1 (you can already test it, RC 1 was out some days ago) is linked against OpenSSL, which now provides higher performance than mbedTLS, at the price of a little more needed RAM. Please test it if you can and check whether the problem remains.

    -N off disables "Network Lock" feature. If disabling "Network Lock" resolves the problem, why Network Lock activation prevents you from connecting remains to be seen. If the problem persists with Hummingbird 1.1.1, would you like to post the complete log? If you post it, please make sure not to delete VPN server IP address as you did. It's an important information and does not compromise your privacy.

    Since Raspberry CPU does not support AES-NI, you can boost performance by connecting with cipher CHACHA20-POLY1305. New Hummingbird 1.1.1 is linked against our latest OpenVPN 3 AirVPN library release, which supports data-ciphers directive and is updated to comply to OpenVPN 2.5 (which runs in our servers) specifications, so you can enforce CHACHA20 and any other supported cipher with a proper profile, or by command line option.

    To download Hummingbird 1.1.1 please see here:
    https://airvpn.org/forums/topic/48435-linux-new-software-airvpn-suite-10-beta/

    Hummingbird is included in the suite (of course feel free to test Goldcrest+Bluetit too).

    Kind regards
     
  15. Like
    Staff got a reaction from spinmaster in CHACHA20-POLY1305 on all servers   ...
    Hello!



    We're very glad to announce all VPN servers progressive upgrade to Data Channel CHACHA20-POLY1305 cipher and TLS 1.3 support.
    UPDATE 18-Nov-2020: upgrade has been completed successfully on all AirVPN servers.

    The upgrade requires restarting OpenVPN daemons and some other service. Users connected to servers will be disconnected and servers during upgrade will remain unavailable for two minutes approximately. In order to prevent massive, simultaneous disconnections, we have scheduled a progressive upgrade in 15 days, starting from tomorrow 5 Nov 2020. Please see the exact schedule at the bottom of this post, in the attached PDF file. Servers marked as "OK" have been already upgraded and you can use CHACHA20-POLY1305 with them right now.
     
    When should I use CHACHA20-POLY1305 cipher on OpenVPN Data Channel?   In general, you should prefer CHACHA20 over AES on those systems which do not support AES-NI (AES New Instructions). CHACHA20 is computationally less onerous, but not less secure, than AES for CPUs that can't rely on AES New Instructions. If you have an AES-NI supporting CPU and system, on the contrary you should prefer AES for higher performance.
      How can I use CHACHA20-POLY1305 on AirVPN?
    CHACHA20-POLY1035 on Data Channel is supported by OpenVPN 2.5 or higher versions and OpenVPN3-AirVPN library.
    In Eddie Android edition, open "Settings" > "AirVPN" > "Encryption algorithm" and select CHACHA20-POLY1305. Eddie Android edition will then filter and connect to VPN servers supporting CHACHA20-POLY1305 and will use the cipher both on Control and Data channels.

    In our web site Configuration Generator, after you have ticked "Advanced Mode", you can pick OpenVPN version >=2.5, and also select "Prefer CHACHA20-POLY1305 cipher if available". If you're generating a configuration file for Hummingbird, select OpenVPN3-AirVPN: the configuration file needs to be different, because some new directives of OpenVPN 2.5 are not supported in OpenVPN3, and Hummingbird is based on OpenVPN3-AirVPN.

    In Eddie desktop edition, upgrade to 2.19.6 version first. Then select the above mentioned option. However, most desktop computers support AES-NI, so make sure to check first, because using CHACHA20-POLY1305 on such systems will cause performance harm when you go above 300 Mbit/s (if you stay below that performance, probably you will not notice any difference). Also note that if your system does not have OpenVPN 2.5 or higher version you will not be able to use CHACHA20-POLY1305.

    If you wish to manually edit your OpenVPN 2.5 profile to prefer CHACHA20 on Data Channel when available: delete directive cipher add the following directive: data-ciphers CHACHA20-POLY1305:AES-256-GCM

    Pending Upgrade Server Schedule


    Kind regards and datalove
    AirVPN Staff


     
  16. Like
    Staff got a reaction from arteryshelby in Upgrade: Ain becomes a 10 Gbit/s server (SE)   ...
    Hello!

    We're very glad to inform you that a server located in Stockholm (SE) has been upgraded: Ain. Server is now connected to a 10 Gbit/s line and port, while the motherboard has been replaced with a more powerful CPU. IP addresses remain the same. You don't need to re-generate configuration files, even if you don't run our software.

    As usual the server includes load balancing between daemons to squeeze as much bandwidth as possible from the 10 Gbit/s line.

    The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP.

    Just like every other Air server, Ain supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3 and tls-crypt.

    Full IPv6 support is included as well.

    As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

    You can check the server status as usual in our real time servers monitor:
    https://airvpn.org/servers/Ain

    Do not hesitate to contact us for any information or issue.

    Kind regards and datalove
    AirVPN Team
  17. Like
    Staff got a reaction from spinmaster in Eddie Desktop 2.19.7 released   ...
    Hello!

    We're very glad to inform you that a new stable release of Eddie is now available for Linux (various ARM based architectures included), Mac, Windows.

    Eddie is a free and open source (GPLv3) OpenVPN GUI and CLI by AirVPN with many additional features such as:
    traffic leaks prevention via packet filtering rules DNS handling optional connections over Tor or a generic proxy customizable events traffic splitting on a destination IP address or host name basis complete and swift integration with AirVPN infrastructure white and black lists of VPN servers ability to support IPv4, IPv6 and IPv6 over IPv4
    What's new in Eddie 2.19.7
      enhanced wintun support in Windows, resolving TAP driver adapter issues and boosting performance Hummingbird 1.1.1 support in Linux and macOS for increased performance (up to 100% boost in macOS i7 systems when compared against OpenVPN 2) portable version for macOS which does not require Mono package installation nftables support by Network Lock in Linux via nft new aarch64 support through a Raspberry OS 64 bit beta specific build improved IPv6 support many bug fixes


    Eddie GUI and CLI now run with normal user privileges, while only a "backend" binary, which communicates with the user interface with authentication, gains root/administrator privileges, with important security safeguards in place:
    stricter parsing is enforced before passing a profile to OpenVPN in order to block insecure OpenVPN directives external system binaries which need superuser privileges (examples: openvpn, iptables, hummingbird) will not be launched if they do not belong to a superuser Eddie events are no more run with superuser privileges: instead of trusting blindly user's responsibility and care when dealing with events, now the user is required to explicitly operate to run something with high privileges, if necessary
    Backend binary is written in C++ on all systems (Windows included), making the whole application faster.

    Settings, certificates and keys of your account stored on your mass storage can optionally be encrypted on all systems either with a Master Password or in a system key-chain if available.

    Eddie 2.19.7 can be downloaded here:
    https://airvpn.org/linux - Linux version
    https://airvpn.org/macos - Mac version
    https://airvpn.org/windows - Windows version

    Eddie is free and open source software released under GPLv3. Source code is available on GitHub: https://github.com/AirVPN/Eddie

    Complete changelog can be found here.

    Kind regards & datalove
    AirVPN Staff
     
  18. Thanks
    Staff got a reaction from antihesitator in Using AirVPN with ChromeOS (ChromeBook, ChromeBit etc)   ...
    About ChromeOS / ChromiumOS
     
    Chromium OS (or Chrome OS) is an operating system designed by Google that is based on the GNU/Linux kernel and uses Google Chrome web browser as its main user interface.
    CloudReady is the free, easy way to convert your computer to Chrome.
     
     
    Steps
    Go to Client Area > Config Generator in our web site, choose ChromeOS and other options. Download files: you need user certificate "user.p12" file and Openvpn connection "<filename>.onc" file. (If you download the ".zip" archive format that contains "user.p12" and "<filename>.onc" you must extract the archive to have the two files outside the archive as two single files on the system. See How to Unzip Files on ChromeOS.) Click your bottom-right panel, and then the gear to open the control panel.
     
    Type "certificates" in the search box and select Manage Certificates. In some version of ChromeOS the certificates menu entry is accessible only in the browser: open chrome://settings/certificates in the browser
     
    On "Your Certificates" tab, click "IMPORT AND BIND", and select the "user.p12" file. If asked, leave password empty. You should now see your certificate and “(hardware-backed)” if done correctly. Note: if "IMPORT AND BIND" is not available it's because in your device TPM chip is disabled or not available, see here. With no Bind ("hardware-backed") certificates the VPN connection cannot work.
     

     
    In the browser, open chrome://net-internals , and click ChromeOS at the bottom
     
    Choose File. Select the .onc file. It will look like it did nothing.
     
    Now in your bottom-right panel, you will have a VPN connection.
     
    Click to connect. If you are forced to enter a password, type anything, it doesn't matter what.
     
    Check whether connection is ok in the bottom-right panel.
    Many thanks to @nopcode85 for his help.
  19. Like
    Staff got a reaction from pfolk in speedtest comparison   ...
    @pfolk

    Hello!

    OK, you're good. We don't think you can try anything else but please feel free to open a ticket. The support team might think of something we currently miss, you never know.

    Kind regards
     
  20. Thanks
    Staff reacted to Old Fella in Long time user   ...
    No technical stuff from me else I would be typing all night and day.

    Is enough to say from day one I have been mightily impressed with AirVPN the product, the staff, and the forum. On the few occasions I have looked up and or emailed a few other companies and asked questions they have always fallen short in one way or usually many more ways. Why other VPN providers get much business is beyond me.😍
  21. Thanks
    Staff reacted to xkingxkaosx in New AirVPN User - AirVPN is the best!   ...
    Last week i shared a nice topic about VPN’s and how in the 21st century it is mandatory that every single person should be using one, is how some one mentioned AirVPN. I “had” 5 VPN’s on my iphone ( since it is where i use the internet the most ) i signed aboard to AirVPN and asked for a trial. And let me tell you i have not been this excited in a long time.

    after my trial ended few days ago i decided i should support AirVPN and get a subscription. Set up my windows 10 tablet, linux mint PC and of course my phone, i deleted the other VPNs off my system and did a few test and research in between and I have to say AirVPN is simple, fast, affordable, transparent and yet reliable. 

    i can not believe i have not came across AirVPN before ( Google definitely did not help bring up any mention of AirVPN ) and wasted so much time, money, researching and hassle with choosing the right VPN service.

    enough of my ranting, keep up the good work and keep up with the good fight!!!
  22. Thanks
    Staff reacted to Anarchy-X in AirVPN Suite -- Well Done   ...
    I just want to say that I'm impressed by the level of detail in the documentation accompanying the new AirVPN suite. It's almost too much information! lol

    It was easy to install and get up and running. I'm sure I can do plenty of tweaking but I quickly got connected via Goldcrest and can go about my business. Later on I'll play around with some things and see what's possible.

    I'm really glad and thankful for all the hard work that's going on behind the scenes with development of AirVPN's products. It's even better that it's all under a libré license. Maybe someone else can take something and do something else with it and contribute back to the community!

    Keep up the good work and I hope you can stay one step ahead of the MAFIAA and FAANG and all those DRM imposers. 👊🏽
  23. Like
    Staff got a reaction from bluesjunior in Eddie Desktop 2.19.7 released   ...
    @bluesjunior

    It was just for the specific case of the customer who had previously installed some OpenVPN 2.5 beta version that did not support data-ciphers directive. Therefore OpenVPN failed when Eddie ran it with a profile containing that directive, which is supported by OpenVPN 2.5 release.

    Kind regards
     
  24. Thanks
    Staff reacted to suroh in Linux: AirVPN Suite 1.0.0 released   ...
    I am running Arch Linux, uname spits out  `5.10.8-arch1-1`
    I only have `/usr/share/dbus-1/system.d`
     
  25. Like
    Staff got a reaction from arteryshelby in Upgrade: Ain becomes a 10 Gbit/s server (SE)   ...
    Hello!

    We're very glad to inform you that a server located in Stockholm (SE) has been upgraded: Ain. Server is now connected to a 10 Gbit/s line and port, while the motherboard has been replaced with a more powerful CPU. IP addresses remain the same. You don't need to re-generate configuration files, even if you don't run our software.

    As usual the server includes load balancing between daemons to squeeze as much bandwidth as possible from the 10 Gbit/s line.

    The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP.

    Just like every other Air server, Ain supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3 and tls-crypt.

    Full IPv6 support is included as well.

    As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses.

    You can check the server status as usual in our real time servers monitor:
    https://airvpn.org/servers/Ain

    Do not hesitate to contact us for any information or issue.

    Kind regards and datalove
    AirVPN Team
×
×
  • Create New...