Search the Community

Apologies if this has been answered before, but I couldn't find anything. I have one app on my Ubuntu laptop (ungoogled chromium) that I use specifically for banking, work, and Wikipedia editing. I'd like a way to use this app, and only this app, with my real IP‌ address without VPN, while still having the VPN‌ connection running for the rest of the laptop e.g. for Firefox, Brave, email app, etc. Is it possible to whitelist one app from the VPN connection, while keeping it on for the rest? What about specific websites? I could just input the addresses for my bank, work, and Wikipedia

Hello, i tried opening the port on AirVPN (i let the system choose a port for me) and i changed my network interface into Eddie on qBitTorrent and changed the listening port to the exact port number that was given to me by AirVPN. I went into a port checking site, specifically YouGetSignal and entered the port that was given to me and it showed as "Closed", this also happens even when i am simply torrenting. I also made sure i am connected to a VPN Server in Eddie. I was wondering if i am doing something wrong Will be waiting for a reply, thank you. EDIT, 4/25/2025: I FIGURED OUT THE ISSUE, I JUST HAD TO CONFIGURE MY FIREWALL!!

Hi, I have a problem that may come from eddie or my system. I recently switched to linux from windows, so I’m not well known in how things are working. I’ve configured the OpenSSH server on my laptop. I’m not using the port 22 but another port X. It’s working when ssh-ing on it’s local IP from another device on my LAN (and also from itself on localhost). I have eddie installed on the laptop, configured and working on the device "Laptop". ❯ sudo ip addr show dev Eddie 10: Eddie: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1320 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet [IPv4]/32 scope global Eddie valid_lft forever preferred_lft forever inet6 [IPv6]/128 scope global valid_lft forever preferred_lft forever I have a forwarded port set in the client area from port Y :2 to port X, set to the correct device "Laptop". I’ve set a [ABC].airdns.org DDNS on that forwarded port. That forwarding was working when I was on windows to connect to a ssh server listening on the same port X. I’ve added UFW rules to allow connections from Anywhere to port X for IPv4 and IPv6. ❯ sudo ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- [port X]/tcp ALLOW IN Anywhere (log) [port X]/tcp (v6) ALLOW IN Anywhere (v6) (log) When ssh-ing to the [ABC].airdns.org on port Y from another device not using a vpn, UFW is receiving the connection on port X and allowing it(I’ve anonymized the IP and ports in the following logs.) 2025-02-14T17:20:12.329780+01:00 laptop kernel: [UFW ALLOW] IN=Eddie OUT= MAC= SRC=[device IPv6] DST=[local Eddie IPv6] LEN=80 TC=40 HOPLIMIT=50 FLOWLBL=855788 PROTO=TCP SPT=42266 DPT=[port X] WINDOW=65535 RES=0x00 SYN URGP=0 2025-02-14T17:20:43.790702+01:00 laptop kernel: [UFW ALLOW] IN=Eddie OUT= MAC= SRC=[device IPv4] DST=[local Eddie IPv4] LEN=60 TOS=0x08 PREC=0x20 TTL=55 ID=43836 DF PROTO=TCP SPT=43944 DPT=[port X] WINDOW=65535 RES=0x00 SYN URGP=0 sshd is not getting the connections as the output stays listening. ❯ sudo /usr/sbin/sshd -d debug1: sshd version OpenSSH_9.6, OpenSSL 3.0.13 30 Jan 2024 debug1: private host key #0: [CENSORED] debug1: private host key #1: [CENSORED] debug1: private host key #2: [CENSORED] debug1: Set /proc/self/oom_score_adj from 200 to -1000 debug1: Bind to port [PORT X] on 0.0.0.0. Server listening on 0.0.0.0 port [PORT X]. debug1: Bind to port [PORT X] on ::. Server listening on :: port [PORT X]. The ssh client is trying the server IPv4, then IPv6, before timing out. ❯ ssh lapa -v OpenSSH_9.6p1 Ubuntu-3ubuntu13.5, OpenSSL 3.0.13 30 Jan 2024 debug1: Reading configuration data [HOME]/.ssh/config debug1: [HOME]/.ssh/config line 6: Applying options for lapa debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files debug1: /etc/ssh/ssh_config line 21: Applying options for * debug1: Connecting to [ABC].airdns.org [IPv4] port [port Y]. debug1: connect to address [IPv4] port [port Y]: Connection timed out debug1: Connecting to [ABC].airdns.org [IPv6] port [port Y]. debug1: connect to address [IPv6] port [port Y]: Connection timed out ssh: connect to host 41r.airdns.org port 55107: Connection timed out ssh-ing from my laptop to [ABC].airdns.org on port Y does not work either, but it’s not logged by the firewall. Either it’s not going through the firewall because it’s routing to the local Eddie interface, or it’s blocked by the VPN config. When trying the "Test open" functionality in the client area for that forwarded port, both IPv4 and IPv6 are shown as opened. The sshd receives the test connections as can be seen by the output of the debug mode (only the IPv4 is shown here as the sshd quit after the first connection in debug mode). ❯ sudo /usr/sbin/sshd -d debug1: sshd version OpenSSH_9.6, OpenSSL 3.0.13 30 Jan 2024 debug1: private host key #0: [CENSORED] debug1: private host key #1: [CENSORED] debug1: private host key #2: [CENSORED] debug1: Set /proc/self/oom_score_adj from 200 to -1000 debug1: Bind to port [PORT X] on 0.0.0.0. Server listening on 0.0.0.0 port [PORT X]. debug1: Bind to port [PORT X] on ::. Server listening on :: port [PORT X]. debug1: Server will not fork when running in debugging mode. Connection from 142.93.172.65 port 44700 on [IPv4] port [PORT X] rdomain "" debug1: Local version string SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.5 kex_exchange_identification: Connection closed by remote host Connection closed by 142.93.172.65 port 44700 It generates the following UFW logs: 2025-02-14T17:31:46.608668+01:00 laptop kernel: [UFW ALLOW] IN=Eddie OUT= MAC= SRC=142.93.172.65 DST=[local Eddie IPv4] LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=33260 DF PROTO=TCP SPT=44700 DPT=[port X] WINDOW=64240 RES=0x00 SYN URGP=0 2025-02-14T17:31:46.616753+01:00 laptop kernel: [UFW ALLOW] IN=Eddie OUT= MAC= SRC=2a03:b0c0:0003:00d0:0000:0000:0d02:6001 DST=[local Eddie IPv6] LEN=80 TC=0 HOPLIMIT=56 FLOWLBL=721782 PROTO=TCP SPT=35088 DPT=[port X] WINDOW=64800 RES=0x00 SYN URGP=0 I’m out of ideas where to look next. If someone knows where the problem could lay, I would greatly appreciate.

I'm wondering how to go about removing this so when I open my laptop or turn on my laptop I wont need to enter in my password every time and the program can actually auto start on boot, TIA (also I'm using Eddie)

Hello, I've updated eddie-cli to lastest avaible version and it doesn't connect anymore. I've reinstalled DEBIAN Bookworm from scratch, added openVPN repo (to use lastest openVPN version), but it still doesn't connect. Any suggestion? Best regards Vizard

Hello! I'm trying to expose Jellyfin to internet through AirVPN port forwarding, but I can't for the life of me make it to work. You can see the gluetun stack I'm using bellow 45554 is the port I'm trying to use for Jellyfin. 42148 is the one I'm using for Qbittorrent. You can ignore this, it's working perfectly. I have no idea what I could be doing wrong, tried everything that came to my mind. In the AirVPN => Client Area => Forwarded Port, I tried to bind 45554 to "local port" 8096, without success. I'd really appreciate any help, Thanks for your time! services: gluetun: image: qmcgaw/gluetun container_name: gluetun cap_add: - NET_ADMIN devices: - /dev/net/tun:/dev/net/tun environment: - VPN_SERVICE_PROVIDER=airvpn - VPN_TYPE=wireguard - WIREGUARD_PRIVATE_KEY=xxx - WIREGUARD_PRESHARED_KEY=xxx - WIREGUARD_ADDRESSES=xxx - SERVER_REGIONS=Europe - FIREWALL_VPN_INPUT_PORTS=45554,42148 ports: - 8080:8080 # Qbittorrent1 - 42148:42148 # Qbittorrent1 port forwarding - 42148:42148/udp # Qbittorrent1 port forwarding - 8181:8181 # Qbittorrent2 - 6881:6881 # Qbittorrent2 port - 6881:6881/udp # Qbittorrent2 port - 8096:8096 # Jellyfin - 45554:45554 qbittorrent: image: lscr.io/linuxserver/qbittorrent:latest container_name: qbittorrent1 environment: - PUID=1000 - PGID=1000 - TZ=Etc/UTC - WEBUI_PORT=8080 - TORRENTING_PORT=42148 volumes: - /home/charly/container/qbittorrent1/appdata/:/config - /home/charly/Téléchargements/:/downloads network_mode: 'service:gluetun' depends_on: - gluetun restart: unless-stopped qbittorrent2: image: qbittorrentofficial/qbittorrent-nox:latest container_name: qbittorrent2 environment: - PUID=1000 - PGID=1000 - TZ=Etc/UTC - TORRENTING_PORT=6881 - QBT_LEGAL_NOTICE=confirm - QBT_VERSION=latest - QBT_WEBUI_PORT=8181 volumes: - /home/charly/container/qbittorrent2/appdata/:/config - /home/charly/Téléchargements/:/downloads network_mode: 'service:gluetun' depends_on: - gluetun restart: unless-stopped jellyfin: image: jellyfin/jellyfin container_name: jellyfin network_mode: 'service:gluetun' volumes: - /home/charly/container/jellyfin/config:/config - /home/charly/container/jellyfin/cache:/cache - /home/charly/container/jellyfin/movies:/movies - /home/charly/container/jellyfin/tvshows:/tvshows restart: 'unless-stopped' environment: - TZ=Etc/UTC - PUID=1000 - PGID=1000

Hey folks, I wanted to give Asahi Linux a shot and tried to install the Eddie Client on my machine. When starting the program, the UI is presented to me as a black window (which can't be closed). Any ideas what the issue might be? Thanks in advance and best regards

Dear members, As you might know, on the Eddie downloads page for Linux, there is no option for RISC-V architecture 64 bits (riscv64). However, since Eddie is open source, I managed to obtain the source and build it for riscv64. I can confirm that it is working without any issues. I attached my build of the riscv64 Eddie client to this post. You can extract it and run via eddie-cli or dotnet eddie-cli.dll. Make sure you have .NET 9 SDK installed, I linked it below. Required software: - .NET SDK 9 for riscv64 (Release v9.0.0-preview.7.24405.7 · filipnavara/dotnet-riscv (github.com) - courtesy of filipnavara) - Make sure your kernel was built with the following flags. Some vendors ship kernels that lack some features that Eddie need. CONFIG_NF_NAT=y CONFIG_NF_NAT_AMANDA=y CONFIG_NF_NAT_FTP=y CONFIG_NF_NAT_IRC=y CONFIG_NF_NAT_SIP=y CONFIG_NF_NAT_TFTP=y CONFIG_NF_NAT_REDIRECT=y CONFIG_NF_NAT_MASQUERADE=y CONFIG_NFT_NAT=y CONFIG_NETFILTER_XT_NAT=y CONFIG_NF_NAT_PPTP=y CONFIG_NF_NAT_H323=y CONFIG_IP_NF_NAT=y CONFIG_IP6_NF_NAT=y (Optional) (If you want to build it yourself) Build steps: 1. Obtain Eddie source (AirVPN/Eddie: UI/CLI for OpenVPN/WireGuard (github.com)) 2. Traverse into src/App.CLI.Linux/ 3. Open App.CLI.Linux.net7.csproj and change <TargetFramework>net7.0</TargetFramework` to <TargetFramework>net9.0</TargetFramework>. 4. Remove the lines containing PublishSingleFile, SelfContained, PublishReadyToRun 5. Run dotnet build. This will take a while. 6. The command will fail with an error mentioning postbuild.sh. This part we will need to do manually. - Run ../Lib.Platform.Linux.Native/build.sh Debug shared - Run cp ../Lib.Platform.Linux.Native/bin/libLib.Platform.Linux.Native.so ./bin/Debug/net9.0/ - Run ../App.CLI.Linux.Elevated/build.sh Debug STANDARD - Run cp ../App.CLI.Linux.Elevated/bin/eddie-cli-elevated ./bin/Debug/net9.0/ 7. Copy resources folder via cp -r ../../resources ./bin/Debug/net9.0/res 8. Ready to go! cd into ./bin/Debug/net9.0 and run eddie-cli with eddie-cli or dotnet eddie-cli.dll. eddie-riscv64.tar.gz

Please, can we Linux users get the ability to split-tunnel with the eddie client directly and not have to tinker around with iptables? Your other competitors such as Mullvad and apparently PIA already do this, and at least for Mullvad it works amazingly well, and really simply; is there any particular reason we couldn't have this on your service as well?

Logs -- https://eddie.website/report/bda37c11/ On ZorinOS 17 running Ubuntu 22.04 (more info here https://zorin.com/os/details/ ) Despite the option being enabled, minimizing Eddie just brings it to the taskbar without hiding it in the tray. Also worth mentioning that when Eddie is launched, it's automatically minimized and refuses to maximize. When I force-maximize it through keyboard options, I'm met with a completely black window. Only by going into tray and clicking the first option in the right click menu does the window return to normal. Another perhaps related oddity is the server screen looks like this - (see attachment) No lines between each server, and scrolling is wonky. This wasn't the case on previous installations (both Windows and Zorin 16). Please if you have any advice let me know.

Linux user (ZorinOS, based on Ubuntu 22.04). Recently upgraded its version on a clean install, and now Eddie leaks DNS requests (this was not the case on the older version). On ipleak.net, first it shows the VPN's DNS, then some "GOOGLE" stuff I'm not sure where they're from, then my real ISP DNS. This is the case on multiple browsers (hardened firefox and brave)‌ so I'm assuming it's a system-wide issue. Please if you have any suggestions let me know

I am running Ubuntu MATE 1.26.2 with GUI and everything on a hypervisor, and i'm fairly new to linux. When in the terminal, trying to run "eddie-ui", it gives the following error: Gtk-Message: 19:56:02: Failed to load module "atk-bridge" F 2024.05.11 19:56:02 - Cannot initialize UI. Probably a DISPLAY issue, ensure your are not running as root. Error:A null reference or invalid value was found [GDI+ status: InvalidParameter] Running it with "sudo eddie-ui", i only get the "Cannot initialize UI" error I think i got it running in the cli with the --cli option, but not sure what happened after that as it didn't seem to connect to anything. I have been googling trying a bunch of stuff for a couple hours, and i am now running into a wall... What i remember trying: Installed x-tools Installed xorg read the man eddie-ui

I have included a link to the article regarding how the TunnelVision technique can be used to manipulate traffic away from the VPN tunnel. My big question is does Eddie support Network Namespaces in the Linux client. "It is not feasible to fix the issue by simply removing support for the DHCP feature because this could break Internet connectivity in some legitimate cases. The strongest recommendation we have is for VPN providers to implement network namespaces on operating systems that support them, similar to the method described in WireGuard’s documentation. Network namespaces are a Linux feature that can segment interfaces and routing tables away from the local network’s control, and other operating system maintainers should consider whether namespaces are feasible to implement. " https://www.leviathansecurity.com/blog/tunnelvision

Hi, I'm on Linux Mint 21.1 and I've installed the Eddie client (version 2.21.8, installed via apt). When I open the Eddie window, I can use it to connect to the VPN, but if I close the window, it closes the VPN connection. I would expect the connection to stay up when the client window is closed. Is there any way to do that? I've looked it up and it doesn't seem to be a common issue. If this is a normal feature of Eddie, would switching to a CLI client solve the problem? Or would I need that terminal window to stay up as well? Thanks! Edit : I found the answer, im putting it here in case other people have the same question : simply right-click the tray icon and select "hide main window", very easy

Hello, I'm reaching out to the forum because I recently subscribed to the service, and I'm having issues getting Transmission to work through the VPN. I'm using the WireGuard protocol on a Debian PC (headless without GUI). The WireGuard interface (wg0) is working fine; I can ping external addresses through it, use curl, and perform speed tests : The transmission-daemon also works perfectly when not going through the WireGuard interface but using my physical interface eth0. When I bind Transmission to the wg0 interface (specifying its IP in "bind-address-ipv4"), no traffic goes through the VPN. The trackers are unreachable, and the error "announce error: could not connect to tracker" appears. Running a netstat, I can see that Transmission is trying to connect to the tracker using various ports (why ?) through the WireGuard interface but never receives any traffic in return (SYN_SENT): However, these addresses are pingable through the wg0 interface: I've tried approaching the problem from different angles, and after several hours without any solution, I'd like to know if any of you have encountered a similar issue? (I should mention that my firewall is completely disabled for the tests). Thank you !

Couple of days ago, my two Media Centres dropped off the face of the earth... I was unable to connect to them locally, I had to connect directly... When I did this, I discovered that I had no network connection at all... Was just these two machines... Everything else, that wasn't not using AirVPN was fine.. I stopped and disabled the service and surprise, network connectivity was resumed. When I restart it, it takes 5+ minutes to do latency tests... Any ideas why this would be?

EDIT: Figured it out. I was under the assumption that systemd-resolved took over all DNS processing and made /etc/resolv.conf obsolete, but apparently that's still where AirVPN pushes the DNS settings too and somehow systemd-resolved overwrites it. Disabling systemd-resolved seems to have fixed this problem for now. Running AirVPNsuite on my server (Operating System: Debian GNU/Linux 11 (bullseye); Kernel: Linux 5.10.0-20-amd64), DNS breaks randomly 5-60mins after establishing connection. DNS settings, as far as I can tell, aren't being changed. I can still ping the server-pushed DNS server as well, but it just doesn't resolve. Relevant logs below: Logs immediately after establishing connection: root@labserver:~# resolvectl Global Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported resolv.conf mode: foreign Current DNS Server: 10.32.178.1 DNS Servers: 10.32.178.1 Link 2 (enp0s25) Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported DNS Servers: 10.32.178.1 Link 3 (docker0) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported DNS Servers: 10.32.178.1 Link 4 (tun0) Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported DNS Servers: 10.32.178.1 root@labserver:~# goldcrest --bluetit-status 2023-03-02 22:47:43 Reading run control directives from file /root/.config/goldcrest.rc Goldcrest 1.2.1 - 9 December 2022 2023-03-02 22:47:43 Bluetit - AirVPN OpenVPN 3 Service 1.2.1 - 9 December 2022 2023-03-02 22:47:43 OpenVPN core 3.8.2 AirVPN linux x86_64 64-bit 2023-03-02 22:47:43 Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved. 2023-03-02 22:47:43 OpenSSL 1.1.1n 15 Mar 2022 2023-03-02 22:47:43 Bluetit is connected to VPN 2023-03-02 22:47:43 Persistent Network Lock and Filter is enabled. (using nftables) 2023-03-02 22:47:43 ---------------------- 2023-03-02 22:47:43 Connected to AirVPN server Yildun (Miami, United States of America) 2023-03-02 22:47:43 Users 50 - Load 8% - Bandwidth 80.08 Mbit/s - Max 1 Gbit/s 2023-03-02 22:47:43 Server IP Address 173.44.55.181 - Port 443 - Protocol UDPv4 - Cipher AES-256-GCM 2023-03-02 22:47:43 Network topology: subnet - Server ping 10 s - Ping restart 60 s 2023-03-02 22:47:43 Pushed DNS: 10.32.178.1 (IPv4) 2023-03-02 22:47:43 Connection time: 00:02:25 2023-03-02 22:47:43 Transferred data: In 34.09 KB, Out 9.15 KB 2023-03-02 22:47:43 Current rate: In 0 bit/s, Out 0 bit/s 2023-03-02 22:47:43 Maximum rate: In 14.78 Kbit/s, Out 1.09 Kbit/s root@labserver:~# ping google.com PING google.com (142.250.217.206) 56(84) bytes of data. 64 bytes from mia07s61-in-f14.1e100.net (142.250.217.206): icmp_seq=1 ttl=120 time=72.3 ms 64 bytes from mia07s61-in-f14.1e100.net (142.250.217.206): icmp_seq=2 ttl=120 time=72.3 ms 64 bytes from mia07s61-in-f14.1e100.net (142.250.217.206): icmp_seq=3 ttl=120 time=72.5 ms Logs ~1 hour later when DNS has failed: root@labserver:~# resolvectl Global Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported resolv.conf mode: foreign Current DNS Server: 10.32.178.1 DNS Servers: 10.32.178.1 Link 2 (enp0s25) Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported DNS Servers: 10.32.178.1 Link 3 (docker0) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported DNS Servers: 10.32.178.1 Link 4 (tun0) Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported DNS Servers: 10.32.178.1 root@labserver:~# goldcrest --bluetit-status 2023-03-02 23:56:38 Reading run control directives from file /root/.config/goldcrest.rc Goldcrest 1.2.1 - 9 December 2022 2023-03-02 23:56:38 Bluetit - AirVPN OpenVPN 3 Service 1.2.1 - 9 December 2022 2023-03-02 23:56:38 OpenVPN core 3.8.2 AirVPN linux x86_64 64-bit 2023-03-02 23:56:38 Copyright (C) 2012-2020 OpenVPN Inc. All rights reserved. 2023-03-02 23:56:38 OpenSSL 1.1.1n 15 Mar 2022 2023-03-02 23:56:38 Bluetit is connected to VPN 2023-03-02 23:56:38 Persistent Network Lock and Filter is enabled. (using nftables) 2023-03-02 23:56:39 ---------------------- 2023-03-02 23:56:39 Connected to AirVPN server Yildun (Miami, United States of America) 2023-03-02 23:56:39 Users 50 - Load 4% - Bandwidth 48.70 Mbit/s - Max 1 Gbit/s 2023-03-02 23:56:39 Server IP Address 173.44.55.181 - Port 443 - Protocol UDPv4 - Cipher AES-256-GCM 2023-03-02 23:56:39 Network topology: subnet - Server ping 10 s - Ping restart 60 s 2023-03-02 23:56:39 Pushed DNS: 10.32.178.1 (IPv4) 2023-03-02 23:56:39 Connection time: 01:11:19 2023-03-02 23:56:39 Transferred data: In 627.65 KB, Out 107.48 KB 2023-03-02 23:56:39 Current rate: In 20 bit/s, Out 0 bit/s 2023-03-02 23:56:39 Maximum rate: In 65.65 Kbit/s, Out 3.59 Kbit/s root@labserver:~# ping google.com ping: google.com: Temporary failure in name resolution root@labserver:~# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=120 time=72.3 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=120 time=72.3 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=120 time=72.3 ms root@labserver:~# dig google.com ; <<>> DiG 9.16.33-Debian <<>> google.com ;; global options: +cmd ;; connection timed out; no servers could be reached

Hello all, I'm new to AirVPN and I'm currently loving it! Although, I have a question. I have 2 devices connected to AirVPN, one through the eddie-ui app and the other through the eddie-cli app (one Windows / one Linux). In the client area -> Sessions, it shows that both devices are connected, but when I inspect the sessions page, both devices have the same device name. I went to the devices tab in the Client Area and created a new device but I'm unsure of how to assign it to the second device. How can I go about this? Thank you. EDIT: I think it's called the AirVPN key. I was able to select it through the Eddie client app on Android but I'm unsure of how to do the same through the windows/linux version of Eddie-ui as well as the linux version of Eddie-cli.

Hi guys, iv'e tried a few distros with WireGuard but for some reason they all connect, but I loose internet connectivity right after. I always use the config generator with IPv4 only and Europe. I then import the file in to the Network Manager in KDE, connect without any problems and from then on my Internet is down. I am currently running Manjaro on a Raspberry Pi. Does anybody have any similar issues? Running the VPN over my Router directly works fine, which is confusing me. Although, this won't help me with my project. Thanks in advance for any answers!

Lately, I've been unable to get Eddie to connect to any server on my Linux operation system. It's always stuck while doing latency tests and I get this following error message. E 2021.12.27 13:47:45 - Exception: nft issue: exit:1; out:; err:Error: syntax error, unexpected rule, expecting string E 2021.12.27 13:47:45 - del rule ip filter OUTPUT ip daddr 52.48.66.85 counter accept E 2021.12.27 13:47:45 - ^^^^ If you need info on my OS... System: Host: <filter> Kernel: 5.14.0-4mx-amd64 x86_64 bits: 64 compiler: N/A parameters: BOOT_IMAGE=/vmlinuz-5.14.0-4mx-amd64 root=UUID=<filter> ro quiet splash slab_nomerge slub_debug=FZ init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on vsyscall=none debugfs=off oops=panic loglevel=0 spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force kvm.nx_huge_pages=force ipv6.disable=1 apparmor=1 security=apparmor random.trust_cpu=off intel_iommu=on amd_iommu=on efi=disable_early_pci_dma kaslr pti=on slab_nomerge page_poison=1 slub_debug=FPZ nosmt Desktop: Xfce 4.16.0 tk: Gtk 3.24.24 info: xfce4-panel wm: xfwm4 dm: LightDM 1.26.0 Distro: MX-21_ahs_x64 Wildflower November 22 2021 base: Debian GNU/Linux 11 (bullseye) Machine: Type: Laptop System: ASUSTeK product: ROG Strix G713QM_G713QM v: 1.0 serial: <filter> Mobo: ASUSTeK model: G713QM v: 1.0 serial: <filter> UEFI: American Megatrends LLC. v: G713QM.314 date: 09/03/2021 Battery: ID-1: BAT0 charge: 87.5 Wh condition: 87.5/90.0 Wh (97%) volts: 17.2/15.9 model: AS3GWAF3KC GA50358 type: Li-ion serial: <filter> status: Full Device-1: hidpp_battery_0 model: Logitech Wireless Keyboard K270 serial: <filter> charge: 100% (should be ignored) rechargeable: yes status: Discharging Device-2: hidpp_battery_1 model: Logitech M585/M590 Multi-Device Mouse serial: <filter> charge: 55% (should be ignored) rechargeable: yes status: Discharging CPU: Topology: 8-Core model: AMD Ryzen 9 5900HX with Radeon Graphics bits: 64 type: MCP arch: N/A family: 19 (25) model-id: 50 (80) stepping: N/A microcode: A50000B L2 cache: 4096 KiB flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm bogomips: 52703 Speed: 2857 MHz min/max: 1200/3300 MHz boost: enabled Core speeds (MHz): 1: 3370 2: 2728 3: 3567 4: 3239 5: 2523 6: 1916 7: 2650 8: 4126 Vulnerabilities: Type: itlb_multihit status: Not affected Type: l1tf status: Not affected Type: mds status: Not affected Type: meltdown status: Not affected Type: spec_store_bypass mitigation: Speculative Store Bypass disabled Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer sanitization Type: spectre_v2 mitigation: Full AMD retpoline, IBPB: always-on, IBRS_FW, STIBP: disabled, RSB filling Type: srbds status: Not affected Type: tsx_async_abort status: Not affected Graphics: Device-1: NVIDIA GA106M [GeForce RTX 3060 Mobile / Max-Q] vendor: ASUSTeK driver: N/A bus ID: 01:00.0 chip ID: 10de:2520 Device-2: AMD Cezanne vendor: ASUSTeK driver: amdgpu v: kernel bus ID: 06:00.0 chip ID: 1002:1638 Display: x11 server: X.Org 1.20.13 driver: amdgpu,ati unloaded: fbdev,modesetting,vesa resolution: 1920x1080~60Hz OpenGL: renderer: AMD RENOIR (DRM 3.42.0 5.14.0-4mx-amd64 LLVM 12.0.1) v: 4.6 Mesa 21.2.5 direct render: Yes Audio: Device-1: NVIDIA vendor: ASUSTeK driver: snd_hda_intel v: kernel bus ID: 01:00.1 chip ID: 10de:228e Device-2: AMD Renoir Radeon High Definition Audio vendor: ASUSTeK driver: snd_hda_intel v: kernel bus ID: 06:00.1 chip ID: 1002:1637 Device-3: AMD Raven/Raven2/FireFlight/Renoir Audio Processor vendor: ASUSTeK driver: N/A bus ID: 06:00.5 chip ID: 1022:15e2 Device-4: AMD Family 17h HD Audio vendor: ASUSTeK driver: snd_hda_intel v: kernel bus ID: 06:00.6 chip ID: 1022:15e3 Sound Server: ALSA v: k5.14.0-4mx-amd64 Network: Device-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet vendor: ASUSTeK driver: r8169 v: kernel port: e000 bus ID: 02:00.0 chip ID: 10ec:8168 IF: eth0 state: down mac: <filter> Device-2: Intel Wi-Fi 6 AX200 driver: iwlwifi v: kernel port: e000 bus ID: 03:00.0 chip ID: 8086:2723 IF: wlan0 state: up mac: <filter> IF-ID-1: tun0 state: unknown speed: 10 Mbps duplex: full mac: N/A Drives: Local Storage: total: 7.50 TiB used: 3.22 TiB (43.0%) ID-1: /dev/nvme0n1 vendor: Samsung model: MZVLQ1T0HBLB-00B00 size: 953.87 GiB block size: physical: 512 B logical: 512 B speed: 31.6 Gb/s lanes: 4 serial: <filter> rev: FXM7201Q scheme: GPT ID-2: /dev/nvme1n1 vendor: Samsung model: SSD 970 EVO Plus 250GB size: 232.89 GiB block size: physical: 512 B logical: 512 B speed: 31.6 Gb/s lanes: 4 serial: <filter> rev: 2B2QEXM7 scheme: GPT ID-3: /dev/sda type: USB vendor: Seagate model: Backup+ Hub BK size: 7.28 TiB block size: physical: 4096 B logical: 512 B serial: <filter> rev: D781 scheme: GPT Partition: ID-1: / raw size: 63.98 GiB size: 62.68 GiB (97.96%) used: 13.97 GiB (22.3%) fs: ext4 dev: /dev/dm-0 ID-2: /boot raw size: 256.0 MiB size: 237.9 MiB (92.93%) used: 104.7 MiB (44.0%) fs: ext4 dev: /dev/nvme1n1p2 Sensors: System Temperatures: cpu: 51.0 C mobo: N/A gpu: amdgpu temp: 46 C Fan Speeds (RPM): cpu: 0 Repos: No active apt repos in: /etc/apt/sources.list Active apt repos in: /etc/apt/sources.list.d/airvpn-stable.list 1: deb http://eddie.website/repository/apt stable main Active apt repos in: /etc/apt/sources.list.d/atom.list 1: deb [arch=amd64] https://packagecloud.io/AtomEditor/atom/any/ any main Active apt repos in: /etc/apt/sources.list.d/debian-stable-updates.list 1: deb http://deb.debian.org/debian bullseye-updates main contrib non-free Active apt repos in: /etc/apt/sources.list.d/debian.list 1: deb http://deb.debian.org/debian bullseye main contrib non-free 2: deb http://security.debian.org/debian-security bullseye-security main contrib non-free Active apt repos in: /etc/apt/sources.list.d/mx.list 1: deb https://mirror.us.oneandone.net/linux/distributions/mx/packages/mx/repo/ bullseye main non-free 2: deb https://mirror.us.oneandone.net/linux/distributions/mx/packages/mx/repo/ bullseye ahs Active apt repos in: /etc/apt/sources.list.d/whonix.list 1: deb [signed-by=/usr/share/keyrings/derivative.asc] https://deb.whonix.org bullseye main contrib non-free Info: Processes: 376 Uptime: 1h 32m Memory: 62.24 GiB used: 5.99 GiB (9.6%) Init: SysVinit v: N/A runlevel: 5 default: 5 Compilers: gcc: 10.2.1 alt: 10 Shell: quick-system-in running in: quick-system-in inxi: 3.0.36 Any help would be much appreciated. Thanks. Eddie_20211227_134819.txt

Hi there, Long time hassle-free AirVPN user with a first troubleshooting request after switching from Eddie-UI to the Bluetit stack (love your work!) Looks as though the two processes are fighting for `/etc/resolv.conf` and causing issues with DNS. NetworkManager will rewrite the file on a Wi-Fi network change, causing loss of connectivity as local DNS is disallowed by the network lock. Can be worked around by stopping the Bluetit service, toggling Wi-Fi, then re-enabling; but this is tedious to repeat if the network is at marginal signal strength. Is there a way to configure NetworkManager not to mess with DNS? I think that would largely resolve the issue. But, in an ideal world I would be able to have NetworkManager still manage the DNS if Bluetit is not active so that I can still operate normally on local networks without routing through AirVPN if I choose to. Seems unlikely to be simple, but worth asking. Given that I am getting two warnings about DNS, I wonder if `systemd-resolved` could also be interfering and if there are other configuration steps I can take to ensure compatibility with it- ``` bluetit: WARNING: NetworkManager is running on this system and may interfere with DNS management and cause DNS leaks bluetit: WARNING: systemd-resolved is running on this system and may interfere with DNS management and cause DNS leaks ``` I also wonder whether use of Goldcrest could avoid some of these problems. Personally I have not understood the need for the utility and have been interacting with Bluetit directly via systemctl and `/etc/airvpn/bluetit.rc`. As far as I can tell, Goldcrest just moves configuration stuff out of the `.rc` file into CLI args?

Recently Qbittorrent has begun locking withing 60 seconds of startup when running Eddie. Even if no torrents are active, it locks up. I am running Fedora 34 and have tried a bunch of kernels and roll backs to no avail. I have downgraded openvpn and qbittorrent (both were updated recently). I even built qbittorrent from source to test. No luck. I have tried upgrading eddie ui to the 2.21 beta and downgrading to 2.16 and 2.18. (Still no positive result) I have tried using just the root user with no torrents, I have tried Fedora 35 beta with the same result. Frankly, I'm stumped. Are there other RPMs I could try downgrading or changing? Anyone else seeing something like this?

It seems i can't post in How To so I'll post here. In this tutorial I will explain how to exclude individual programs while connected via the Eddie client and have the network lock active. I wanted to run steam without VPN so my latency was low for some competitive gaming, while my whole system was still connected and locked. For this to work we need firejail. Firejail can sandbox individual programs on it’s own with a lot of parameters. Install firejail first. We want a clean firewall state so disable network lock and flush the firewall. To check it's clean run: sudo iptables -nvL If not clean run: sudo iptables --flush Now we want to save this state to a file. sudo iptables-save -f /etc/firejail/iptables-save You can now network lock again. Make a bash script. #!/bin/bash firejail --noprofile \ --net=your_main_ethernet_interface \ --ip=ip_address_in_your_routers_subnet \ --defaultgw=router_ip \ --dns=dns_server_of_your_choice \ --dns=dns_server_of_your_choice \ --netfilter=/etc/firejail/iptables-save \ program_you_want_to_run Save in /usr/bin/ and make executable. chmod +x program You can now run the bash script and your program will be excluded from the VPN and network lock. Check with firejail --top to see if it is “jailed”. You could also replace program_you_want_to_run with $1 and name the script novpn or so. This would make it a lot more versatile. As you can now pas an argument with the script like so: novpn firefox novpn thunderbird novpn steam-runtime If you want to avoid a bash script and you want to directly run your program with firejail follow along. This means if you run (in my case) steam-runtime directly, it will be firejailed. If you do this you can delete the above bash script you made. cp /usr/share/doc/fireail/profile.template ~/.config/firejail/ Rename it to your_program.template your_program should match the executable name you want to run. In my case steam-runtime. Edit the file and comment out every include you see, so everything is commented out. And paste the text below as you see fit. Somewhere around “net” stuff would be my choice. net your_main_ethernet_interface ip ip_address_in_your_routers_subnet defaultgw router_ip dns dns_server_of_your_choice dns dns_server_of_your_choice netfilter /etc/firejail/iptables-save Make a symbolic link sudo ln -s /usr/bin/firejail /usr/local/bin/your_program And that’s It. Every time you run your_program it will be firejailed and outside of the vpn. Check with firejail --top.

I use AirVPN with Eddie on Linux (Ubuntu 21.04). I have certain applications (and even websites if possible) I would like to exclude from the VPN. I have to open and close the AirVPN connection numerous times a day since I need to open a VPN connection to my work where I download updated data. I also have an IRC client running which does not like the changes and cut me off every time I turn the VPN on and off. Other applications like Signal Desktop or Slack seems to handle these changes. Best would of course be if I could add my work VPN (OpenVPN) to the Eddie or in addition to Eddie, but that means two VPN's open at the same time and I do not even know if that is possible. I also have problems with Pandora which won't play when I set up my AirVPN connection to overseas locations (I live and work in the US). On Android it's easy to exclude apps, but on Linux I have no idea if it's possible and how I would go about setting it up.

Currently AirVPN servers ONLY provide you with IPv6 connectivity (IPv6 traffic via VPN) if OpenVPN correctly pushes a certain value to the server. This is what the relevant config lines look like: push-peer-info setenv UV_IPV6 yes 'UV_IPV6 yes' is a variable that is set to 'yes', basically: yes, gimme IPv6 push-peer-info sends the server information about the client. This includes: OS version and OpenVPN client release, your router's MAC address and of course the UV_IPV6 variable that tells the server to give you an IPv6 address. This last part is problematic and has already led to problems for AirVPN users: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/556 I've run into this issue myself when I tried to get AirVPN running on Linux using the NetworkManager interface (present in virtually every distro out there). It's confusing because it seems to work but in reality it doesn't. You do get a connection, except without IPv6 forwarding. It's no surprise people encounter this: Why would one really need to install your client if the preinstalled GUI manager has worked fine before? Nobody knows the intricacies. Not even those who reported the issue to the correct place above! *drum-roll* and the problem is: NetworkManager. Really. NetworkManager is crippled in that it DOES NOT support many of the OpenVPN features. The combination of push-peer-info + setenv is one of them. The variable is not set upon connection -> VPN connects to the server -> The server does not see UV_IPV6=yes -> The server only setups IPv4 for the client. Yes, THIS IS A SECURITY ISSUE. According to Google, 32% of users have IPv6. Here come you, an AirVPN user with IPv4 and IPv6 on Linux, using NetworkManager. It seems to connect. You quickly check a website to see your IP and see that you indeed got a new IP (IPv4) after connecting to the VPN. Maybe the website doesn't show IPv6 at all, or the user doesn't pay attention to the fact this long and cryptic IPv6 didn't change or maybe the user did not yet have IPv6 and it was enabled later by the ISP... And there the user goes to surf online with half his ass naked: IPv4 is properly routed through AirVPN but IPv6 is still going through his real ISP. This must be changed. IPv6 must be the default. Do not leave a chance to expose users. When this change is applied, both config lines will be rendered obsolete and as a bonus, the clients will no longer unnecessarily send their internal MAC addresses to the server, which can be used too: - https://threatpost.com/fbi-mum-on-how-exactly-it-hacked-tor/117127/ | https://www.theregister.com/2018/02/24/tor_fbi_hacking_appeal/ - https://web.archive.org/web/20180923231303/https://blog.owenson.me/analysis-of-the-fbi-tor-malware/ Finally if you feel there's someone who really wishes to not use IPv6 via Air: reverse the config. Make it an explicit UV_IPV6=no to opt-out. Security must be the default. Thanks for reading. I really hope this change to be introduced soon. PS: Can someone login at the Freedesktop bug tracker above to tell these people that it's fixable? I don't have an account PPS: You can see what push-peer-info sends if you set verbosity to 4: "verb 4" in the config Tags: IPv6 not working AirVPN Linux config openvpn