Erquint

To be clear, I have not used any previous versions of the app, so I can't say one way or the other if this is a regression of any sort. The first time I tested — I may already had another non-AirVPN tunnel connection pre-established. I tested again and this time was unable to log in. https://eddie.website/report/733a6c8c/ And then I later repeated the test with the same result. Had to use an autonomous circumvention tool first to be able to log in or else the app couldn't refresh the server list or confirm my subscription, which is a major flaw for the purposes of a censorship circumvention tool in a country where VPN service usage is criminalized and thus combated with constant risk of autonomous circumvention tools ceasing to manage the task. Wouldn't it be possible to cache authorization within reasonable periods, at least for long-term subscribers..? With a generic client, I can just use my cryptographic key to connect to a server directly. But picking a server in EddieAndroid-4.0.0-Beta-1 still required me to log in. I'll repost to a dedicated thread, ticket or email if needed.

Surprisingly EddieAndroid-4.0.0-Beta-1 works without CPS for me in Russia, at least on my landline network. Maybe my provider relaxed some filtering that necessitated a particular constant QUIC binary strings being used. Or is it generating a QUIC mock binary automatically when `j` parameters don't work out..? Looking forward to Windows port, of course.

I just signed up for a year plan of AirVPN and gave Eddie a try. It isn't able to connect to AirVPN servers for me. And in the protocols tab of Eddie settings — all I found were just a bunch of OpenVPN ports and a few WireGuard ones. I don't need to say ports aren't protocols. I knew AmneziaWG client would work with AirVPN, but was hoping I could find use for Eddie, especially if split-tunnel routing could be set up more intelligently than the barebones AmneziaWG offers in that department. To give you an idea of routing hoops I was trying to avoid jumping: I'm having to use a self-written script for automatic CIDR-set inversion and input the result into the configs manually… it's a whole chore. I'm able to connect to AirVPN WireGuard servers using AmneziaWG client by manually enriching the configs generated with the `i1` parameter set to a binary string I had to find myself — one that slips under the DPI radar. Here's a page about AmneziaVPN, but which illustrates how a suitable binary string may be acquired: https://docs.amnezia.org/documentation/instructions/new-amneziawg-selfhosted/ I'm in Russia on Windows and Android. A poweruser and a coder where it comes to PC. Know my way around GNU/Linux and WSL when needed too. AmneziaWG 1.5 protocol extends WireGuard with CPS among other client-side obfuscation methods and presents a necessary technique of VPN connection restriction circumvention in Russia. Basic feature documentation here: https://docs.amnezia.org/documentation/amnezia-wg/#how-it-works CPS is fully compatible with any ol' WireGuard server due to inherent noise filtering WG is built on and basically only concerns establishment of a persistent connection. The DPI systems deployed over here are only capable of interrogating and filtering traffic of establishing connections to decide whether the outbound port opening by ISP will be permitted. My ISP already won't let connections to WireGuard endpoints that are performed without CPS and I'm sure many other ISPs block them as well, judging by rapid CPS adoption observed being reported on Russian Internet censorship circumvention forums. Used to be that `j` parameters would be enough to get around DPI packet filtering. Now pretty much nothing aside the `i` parameter helps in AmneziaWG client. To be clear before I proceed, I'd like to call attention to the following all being distinct entities not to be confused with each other, despite overlapping titling convention: - AmneziaWG protocol extending WireGuard protocol mainly to inject junk that bedazzles active DPI systems in the middle. This is the topic here. - AmneziaWG software forked openly from WireGuard client sources, implementing the above with its own version numbers not shared with the upstream or either protocols. - AmneziaVPN service hosted commercially. - AmneziaVPN software sorta implementing both but mainly geared as a client to the service. Now here's the pickle… Technical protocol specification documentation for AmneziaWG 1.5, including CPS is somewhat scant. No committee, just scrambling for the arms race. It's probably better to check reference implementations. IIRC, this commit implements `i#` parameters, where `#` is a digit: https://github.com/amnezia-vpn/amneziawg-go/commit/c20789848019fb494dbe9d280eb246f29b95ab85 WG Tunnel is an independent FOSS Android implementation of AmneziaWG 1.5 CPS in a config-compatible manner to AmneziaWG client: https://github.com/wgtunnel/wgtunnel I'm also aware of another implementation in a commercial WireGuard client titled WireSock Secure Connect Beta that derives those binaries procedurally, which makes it not directly config-compatible, but that is off topic at the moment. With everything above in mind, it does not seem like Eddie is going to be usable in Russia until AmneziaWG 1.5 CPS is implemented. So here's me asking if Eddie could support AmneziaWG 1.5 CPS client extension to the WireGuard protocol. And to be thorough in avoiding confusion, in case my initial statement is lost in the post, I want to repeat… No modifications is needed to AirVPN's WireGuard servers in order to implement this — CPS is client-side handshake obfuscation that WireGuard's built-in noise filtering inherently ignores.