Search the Community

I'm running a Linux distro, connected via Tor Browser v115.4.0esr. The "Recently Used Devices" panel in my profile shows Windows and Firefox v115.0. I've not used a Windows machine with AirVPN in several months, at least. My password is > 100 bits of entropy, basically impossible to guess. A hack is always possible, of course, but my practice is to use privacy and security centric OSes, like PureOS and Qubes, which are always up to date. I don't click on strange links. I guess what I'm wondering is: how reliable is the "Recently Used Devices" panel. I'll go ahead and change my password, but I'm still curious. Otto

I'm experimenting with Eddie in Standalone qubes VM. It's installed but when network lock is NOT enabled it's stuck at "Checking route IPv6" when connecting. I've tried setting it to use only IPv4 in Networking>Internet protocol used for connection but it still gets stuck at the same. When network lock is enabled the eddie client itself connects fine and internet is via the VPN in that cube, but then I can't make the other qubes connect through that cube even if I've enabled "Allow lan/private" in "Netowork Lock" and even whitelisted the specific cube internal IP address. So either way I can't make it usable in qubes.

Hello, I was trying to run eddie in a proxy vm in qubes, something like "browser vm --> eddie vm --> net vm", but eddie seems to modify routing table so that proxy doesn't route traffic downstream from a "browser vm". How would I need to modify the routing table to make eddie route traffic from "browser vm" to airvpn gateway with network lock enabled? I attached the system report of my configuration, where 10.138.37.231 is a browser vm, 10.138.35.206 is a net vm. system report.txt

I cannot have eddie's netlock feature working in a qube in Qubes OS 4. When trying to enable it within eddie-ui, I get a pop-up "Exception: Unable to initialize iptable_filter module". The same with the cli: $ eddie-ui -cli -netlock (...) Activation of Network Lock - Linux iptables Exception: Unable to initialize iptable_filter module (...) This behavior was observed both in a Debian 10 qube and in a Fedora 32 qube. I don't get this error in a Debian 10 installed over bare metal. eddie ver. 2.18.9

I've managed to run Eddie client in it's own VM on qubes fine and route other qubes through it. They have ping to IPs but can't resolve domains. I've experiment with the DNS settings but haven't found a way to make other cubes resolve domains when using the VM with Eddie as networking. I don't know much about networking so I'm hoping someone will point me to something obvious I might have been missing.

Qubes OS is security focused OS. I was wondering if eddie can be ran on their network-vpn domain and if there are anything different or special when running it like that?

Qubes offers great protection of your privacy. First, since everything is compartmentalized. a compromised browser/PDF reader etc will not give the attacker access to the rest of your system and sensitive files. Secondly, the networking system and ProxyVM's make it very easy to route your(or part of your) traffic through VPN/Tor, and if the VM is compromised, it cannot obtain your real IP address since all its traffic is routed through the ProxyVM. Mullvad has already donated to Qubes OS. They have a decentralized bitcoin fund (https://www.qubes-os.org/news/2016/07/13/qubes-distributed-fund/) and are also on Open Collective(https://opencollective.com/qubes-os) which offers great transparency and pays the individual developers directly.

Hello. What do you think would produce the best balance between security and speed? 1. Running AirVPN's client 'Eddie' in sys-netVM. 2. Putting AirVPN's OpenVPN config into Turris Omnia 2 GB router. 3. Setting up a VPN gateway in Qubes as described in Qubes' docs. Hardware: Asus »Zenbook«, Intel i5-5200U, 2.20 GHz, 12 GB RAM. Any hints and ideas are very much appreciated. Best regards. ​ PS: This also refers to the very interesting topic: ​https://airvpn.org/topic/22471-qubes-whonixtor-airvpn-world/?hl=qubes

Is there any guide on how to use Eddie on qubes 4?

Hey all, new to AirVPN. I've been trying to get the above setup working (only a day left until I have to renew) and it's definitely been a challenging one. Essentially, I'd like to have Me -> Tor -> AirVPN within a highly secure Operating System, and at the moment Qubes/Whonix seem to fit that description best as actively developed OS'. I have been trying to follow this guide: https://www.qubes-os.org/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-iptables-and-cli-scripts , installing the AirVPN client on the ProxyVM. and using it as a bridge between whonix workstation and wonix gateway however AirVPN fails to connect to any servers. Using the browser inside the AirVPN VM does work however, showing the Tor address. An easy to follow guide from Air on how to set up something like this would be awesome. I read this as well: https://airvpn.org/tor/ but if I'm being honest I wasn't sure how to apply the concepts in that article to Qubes/Whonix. I'm also open to suggestions on an easier method of achieving my goal of secure OS + Tor/VPN, even if it means using a different OS. Thanks.

Sorry to reply late on my own post but i rarely log in here. In qubes and freebsd this worked in their debian and fedora templates. Until recently. I think something happened in both(3, counting qubes) recently because qubes templates became suddenly unworkable with the modem. Debian and fedora as native installs require configuring to mbim now as well. Not really sure what the issue is. I need the modem to work more then I can diag what happened. Ill keep poking at it when i have the time.

The only way I've found to use Eddie (or any VPN) usably in Qubes has been to have to use it in the active Qube itself. Several updates ago of Qubes I could set up a VPN qube and route other qubes through it per Qubes's instructions... but then that just stopped working along the way one day and I've never been able to get it back. Sorry, this isn't helpful as far as fixing the using of a VPN qube, just I guess letting you know 1) you're not alone and I'm looking forward to any fixing help you've managed to stir up, and 2) it used to work fine and then Qubes changed on me rather than Eddie changing and then not working. *crosses-fingers for helpful answers*

Indeed, I find it very interesting! I haven't personally tested it, but there's no reason it shouldn't work. I've tried other VPN services that offer TCP VPN connections and it works as expected. The major downside to this simpler approach is that there isn't randomization for the VPN session to restart, which kills some of the anonymity with it, if your threat model includes a global adversary. I've setup bash scripts before to randomly connect to a different server, but I'd have to redo them if you'd want that. I think the best thing to use is the Eddie client though. Maybe this weekend I'll get around to writing a guide for getting that setup, but it depends. If you're eager to try and figure it out, here's a quick and dirty (pictureless) guide: 1) read the Network Lock documentation here: https://airvpn.org/faq/software_lock/ and use these rules to create a custom firewall (in /rw/config/qubes-firewall-user-script) that disables OUTPUT by default, allows connecting to the AirVPN servers (I just used the DNS results from earth.all.vpn.airdns.org, more here: https://airvpn.org/topic/14378-how-can-i-get-vpn-servers-entry-ip-addresses/) and doesn't allow forwarding to the eth0 device (In the Qubes docs, it is the last line for the /rw/config/qubes-firewall-user-script). Also, Eddie client runs as root during runtime, so you need to allow root user access to eth0. 2) For persistence of user data, since everything outside of /rw and /home are deleted upon reboot, I installed beesu in my TemplateVM so the AirVPN client can be started as a user, and my AirVPN login data is written to a persistent directory. 3) Then you need to disable Network Lock in the client (since qubes firewall will take care of it). 4) Edit the OpenVPN directives to allow running of the qubes-vpn-handler.sh on up and down like in the Qubes docs for manual configuration, and disable DNS I think that's it.. There were tons of other things that I did for my own personal interest, but I think that's a good starting point if you (or anyone, perhaps an AirVPN employee? .) to get a Qubes ProxyVM with the Eddie client working. The main takeaway is that Qubes VMs do not play nicely with a service that runs iptables commands directly, especially flushing the firewall setup. Whenever a VM that is downstream from the VPN is powered on/off, or networking is modified, Qubes will flush everything and setup networking to allow the new VM to access the internet. This is problematic, since if all the firewall rules are flushed without Qubes knowing, VMs behind the ProxyVM will have no way to access the internet. With the release of 4.0 though, it might be fixed.

I'm a complete noob with Linux. I have absolutely no idea about any of the command line. I've tried using the Quebs documentation, but it's clearly written for people who know what they are doing, as it doesn't say how to do the things, just that they have to be done. For one, I have no idea how to get the Airvpn config file into the relevant folders and even if I could get them there, I don't know what to do with them because the documentation just says "Set up your VPN as described in the NetworkManager documentation linked above." Well, I don't see that documentation. I really have no idea what to do. Any help is appreciated.

Hello, i am trying to configure AirVPN as ProxyVM(debian 8) in Qubes. Therefore i run the AirVPN Eddie Client within my ProxyVM. The connection to the AirVPN Server works fine but when i try to use the browser to enter a webpage, it doesn't work. AppVms aren't able to connect through the airvpn proxyvm(netvm) to the internet neither Does anyone has experience regarding setting up AirVPN in Qubes? Thank you for your help

So i downloaded the config files from AirVPN, set it to Linux, tried both UDP and TCP, in the network connection i did import saved VPN configuration and i save that. Then i try to connect to it and nothing. "connection failed because VPN connection timed out" I tried this both in sys-net, AppVM, and in proxyVM based on fedora-23. not sure what i'm doing wrong?

This is old news from Thu 04 August 2016, but I though users would find this Security Vulnerability interesting. http://blog.quarkslab.com/xen-exploitation-part-3-xsa-182-qubes-escape.html#id24

Has anyone had any luck getting hummingbird to work as a vpn vm for Qubes 4 yet? It seems the way network lock operates also does not jive well with the way Qubes operates. I have tried running it directly in sys-net, which is obviously not ideal for many situations, as well as directly on an ethernet port clients connect to(routing towards sys-net), in addition to being a regular sys-vpn with no luck so far. Im sure I am not the only one to have tried this, perhaps someone else has had some luck

Then i think i'm gonna ask around in the Qubes OS forum and in the Whonix forum as well. I think it will be related to Whonix, because if i use the QubesOS's solution it works perfectly fine. I will report back if there is any progress! Till that time i will try out the random server generator too. Am i allowed to use any AirVPN server address (like europe3.all.vpn.airdns.org) if i'm asking help? Or should i just use some random created address?

Thanks @OpenSourcerer! I wanted to use the [cc].all.vpn.airdns.org configuration because it was recommended to me in the Custom random server config generator thread by @benfitita and it worked great in other setup (not with tor) in Qubes OS or in my router. So if i understand you correctly, in this situation i should use the random server generator and specify exactly what servers i'd like to use. So basically when i'm downloading the config file, i specify the resolved host and adding all server addresses i want to use to the OpenVPN custom directives under the Advanced options? Is it tor specific that the [cc].all.vpn.airdns.org does not work?

Hello! I'm trying to setup a Proxy VM in Qubes OS using sys-whonix as a NetVM, actually it would be a VPN over Tor configuration. When i'm testing the connection, i'm only able to use this configuration if i specify a concrete server. Is it possible to use VPN over Tor if i'd like to use a random connection instead? To be specific: I've downloaded the european config file (TCP-443) and changed the remote line in the .ovpn file to europe3.all.vpn.airdns.org. Unfortunately if i'm testing the connection with sudo openvpn --cd /place/of/ovpn/file --config AirVPN_Europe_TCP-443-Entry3.ovpn this is what i get: RESOLVE: Cannot resolve host address: europe3.all.vpn.airdns.org:443 (Temporary failure in name resolution) Could not determine IPv4/IPv6 protocol SIGUSR1[Soft,init_instance] received, process restarting If i'm using europe3.vpn.airdns.org:443 in the .ovpn file it is working. Is this how it should work, or is there something I can do about it? Thanks any help!

Hello! I'm following this description (link) to make a VPN Proxy VM in Qubes OS. Unfortunately when it says to check the connection, i can't figure out how to do it. This is what i did and got an error: 1. In the VPN Proxy VM opened a terminal 2. The .ovpn file is here /rw/config/vpn/Airvpn_Europe_TCP-443-Entry3.ovpn 3. In the terminal from /home/user i use the command: openvpn --cd /rw/config/vpn --config Airvpn_Europe_TCP-443-Entry3.ovpn Unfortunately i get an error: Option error: Unrecognized or missing or extra parameter(s) in Airvpn_Europe_TCP-443-Entry3.ovpn:19: data-ciphers (2.4.7) Use --help for more information. openvpn version (debian-10): 2.4.7-1 I downloaded the .ovpn file like this: Config Generator > choosing Linux as my OS, IPv4 only for IP layer exit and IPv4 as Connect with IP layer, tick the Advenced Mode, selecting OpenVPN version >=2.5, choosing OpenVPN TCP 443 tls-crypt, tls1.2 as the protocol and tick By Continents > Europe and finally generating and downloading the .ovpn config file, where i changed eurpe3.vpn... to europe3.all.vpn.... Could someone help me out how can i check the connection with openvpn CLI? Thanks any help you can provide!

Hello! I'm following this description (link) to create a VPN-proxy VM in Qubes OS. There is a step where i should create some firewall rules in the VPN-proxy to prevent leaks. I'd like to use a random European .ovpn configuration, so i go to Config Generator > choosing Linux as my OS, IPv4 only for IP layer exit and IPv4 as Connect with IP layer, tick the Advenced Mode, selecting OpenVPN version >=2.5, choosing OpenVPN TCP 443 tls-crypt, tls1.2 as the protocol and tick By Continents > Europe and finally generating and downloading the .ovpn config file, where i changed eurpe3.vpn... to europe3.all.vpn.... To create the firewall rule, I need the IP addresses that belong to the European servers. What is the easiest way to find out these IP addresses? If i'm downloading the .ovpn file as resolved hosts, i only get 1 IP address. Thanks any help you can provided!

Hi Casper31. Thanks for the heads up. I'm a very much a novice here and am getting my head around QUBES and WHONIX. [One problem seems to be, I think I read, that QUBES has problems with some graphics cards.] A problem, I think, is that ToR appears to be compromised to some extent, according to news reports on the Snowden docs and also multiple court filings. So, if you want anonymity, privacy and security, you need a VPN + Tor or VPN + Qubes/Whonix. I have been reading up on the various tech collectives helping folks in repressive countries avoid being detected. For them, it can be a matter of life or death - and so these discussions. There are a number of people advocating a VPN cascade /multihop and ToR - another approach I've seen. But I do not have the technical expertise to judge. Given the way the West is itself engaging in mass surveillance, we may all need such technology soon. Even keeping a hand written diary is now illegal in some countries, if you work for or worked for the government there. Hello 1984.

Could the OP not just use two vpns inline as well? Keep which ever vpn connection faces the public IP static so an adversary only sees the initial connection from public ip to vpn. Then use a second vpn connection that you can change at will to write or browse wherever? For instance, the router connects to the vpn and the pc that is using to the router also connects to a different server. Or if the router cannot handle the vpn, have the pc connect to the vpn, then have a virtual machine inside the pc make the second connection and do all of your browsing from there. This is similar to what some people do with Qubes. The performance hit is not as bad as using Tor, and some websites just wont accept tor connections even if you were willing to use it.