Jump to content
Not connected, Your IP: 34.238.248.103

Search the Community

Showing results for tags 'Network Lock'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • AirVPN
    • News and Announcement
    • How-To
    • Frequently asked questions
    • Databases
  • Community
    • General & Suggestions
    • Troubleshooting and Problems
    • Blocked websites warning
    • Eddie - AirVPN Client
    • Reviews
    • Other VPN competitors or features
    • Nonprofit
    • Off-Topic
  • Other Projects
    • IP Leak
    • XMPP
    • Mirrors

Product Groups

  • AirVPN Access
  • Coupons
  • Misc

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Twitter


Mastodon


AIM


MSN


ICQ


Yahoo


XMPP / Jabber


Skype


Location


Interests

Found 84 results

  1. Hello, I'm using hummingbird as a systemd service in order to automatically connect at startup. It works as expected for the most part but I noticed an issue with network lock lately. Output of sudo systemctl status hummingbird.service after rebooting manually with the reset button: [sudo] password for user: ● hummingbird.service - Connect to VPN at startup Loaded: loaded (/etc/systemd/system/hummingbird.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Fri 2020-07-10 10:00:16 CEST; 8s ago Process: 1910 ExecStart=/home/user/scripts/vpn.sh (code=exited, status=1/FAILURE) Main PID: 1910 (code=exited, status=1/FAILURE) Jul 10 10:00:16 archlinux vpn.sh[1914]: This program is already running (PID 20073) or it did not gracefully Jul 10 10:00:16 archlinux vpn.sh[1914]: exit in its previous execution. In case you have restarted this computer Jul 10 10:00:16 archlinux vpn.sh[1914]: or just powered it on, you can remove the lock file /etc/airvpn/hummingbird.lock Jul 10 10:00:16 archlinux vpn.sh[1914]: and start this program again. Jul 10 10:00:16 archlinux vpn.sh[1914]: In case you are sure this program is not already running and your network Jul 10 10:00:16 archlinux vpn.sh[1914]: connection is not working as expected, you can run this program with the Jul 10 10:00:16 archlinux vpn.sh[1914]: "--recover-network" option in order to try restoring your system network Jul 10 10:00:16 archlinux vpn.sh[1914]: settings. Jul 10 10:00:16 archlinux systemd[1]: hummingbird.service: Main process exited, code=exited, status=1/FAILURE Jul 10 10:00:16 archlinux systemd[1]: hummingbird.service: Failed with result 'exit-code'. At this point, I still have access to the Internet, the traffic isn't routed through AirVPN tunnel at all and my real IP is used. In order to connect to an AirVPN server, I have to manually run sudo hummingbird --recover-network then sudo systemctl restart hummingbird.service. That's pretty much what I would expect having to do in such scenario, except that I would like the network lock to be working, which is not the case. What am I doing wrong? I guess that's an issue with the systemd service. Indeed, the network lock works fine if I run `sudo kill -9 $(pidof hummingbird)` while hummingbird is launched via the systemd service. Relevant details: OS: Arch Linux systemd version: 245.6-8 hummingbird version: 1:1.1.0-3 (installed from AUR) hummingbird.service file located in /etc/systemd/system: [Unit] Description=Connect to VPN at startup Wants=network-online.target After=network-online.target [Service] ExecStart=/home/user/scripts/vpn.sh [Install] WantedBy=multi-user.target - vpn.sh: #!/bin/bash /usr/bin/hummingbird $(find /home/user/VPN -type f | shuf -n 1) Thanks in advance for any pointers.
  2. Hello, last year I had written a wrapper for Eddie's CLI version (in bash) to be able to use it more easily and extensively in the linux command line like the GUI, but with less resources. I have used it since then every day without problems, but now I have finally gotten to overhaul it and adjust it to Hummingbird because it is just so much faster! I also tried to make it more easy to configure (by having a separate configuration file) and added some new functionality like support (and automatic recognition) of iptables and nftables to lock down the system even without being connected to AirVPN and automatic connection at boot with a systemd unit. Again, feel free to use this as you wish, I hope someone can benefit from this. I'm happy about any improvements and corrections and will update this if I find the time. Features graphical interface in the command line to connect to AirVPN with Hummingbird (no Eddie involved) runs in background, the interface can be closed/opened anytime without affecting the running connection possibility to connect to any server with just one ovpn configuration file easily connect to a random server, to a recommended server, to the recommended server of a specific country or to a specific server sortable list of all servers including info like used bandwidth, load and number of users possibility to connect to other VPNs with openconnect lock down system by default (permanently if you want), so even without AirVPN/Hummingbird running there won't be any unwanted network traffic automatically establish connection at boot (which can later be controlled via the interface) logging of Hummingbird's output (number of days to keep logs for can be adjusted) system notifications to let you know what happens in the background Some general notes The default network lock determines, like Hummingbird itself, if iptables, iptables-legacy or nftables is available on your system and will use the first one found in that list. You can overwrite that by specifying which one to use in the configuration file. Once activated, the lock will stay in place until manually deactivated, so no internet connection will be possible unless connected to AirVPN or other whitelisted VPNs. You can make the lock permanent (or rather activate at boot) by enabling that option in the configuration file. AirVPN's network lock overwrites the default network lock, so there will be no interference. IMPORTANT: If you have any frontend firewall for iptables/nftables running, you might to disable that or read up on how it might interfere with rule changes you make directly via iptables/nft. The same thing applies if you use just Hummingbird itself. If you enable the default permanent network lock, it will write the lock rules at boot, most likely overwriting rules by firewalld or the like, but other enabled firewalls might interfere later. Also important: If you have SELinux and you want to use nftables for Hummingbird starting at boot, you have to create a SELinux exception for nft bcause otherwise it will be denied and Hummingbird starts without setting up its own lock, thus leaving you unprotected (AirVPN staff is aware of this issue). You can do that with audit2allow. Follow for example this guide to troubleshoot the problem and fix it with the solution given by sealert. Check your /etc/resolv.conf file while not running Hummingbird (because Hummingbird's network lock replaces that file temporarily) to make sure your router is not set as a nameserver (so no 192.168... address). Some routers will push themselves on that list by DHCP whenever you connect to their network. Since communication with the router is allowed in the lock rules, DNS requests will be handled by the router and sent to whatever DNS server is configured there even when network traffic should be blocked. There are ways to prevent that file from being changed by DHCP, best configure network manager for that if you use it. To connect to other VPNs, their IPs must be whitelisted and DNS requests for their domains must be allowed in the default network lock rules (netfilter_ipbatles.rulesipv4/ipv6 and/or netfilter_nftables.rules). Only edit those files with the default network lock deactivated. The rules for airvpn.org can be copied and adjusted. You can set custom options for Hummingbird in the interface or the configuration file. All the possible options can be found in the Hummingbird manual or with sudo hummingbird --help Apart from dialog I tried to only use basic system tools. The scripts will check if everything needed is present, if not they will exit. At least bash 4 is needed. The scripts rely mostly on dialog, awk and curl (and iptables/nft as described and openconnect if needed), so it should work on most systems. I wrote and tested this on Fedora 32 with Hummingbird 1.0.3. It should be possible to use any ovpn config file generated by the AirVPN's config generator. Even with the file for one specific server it should be possible to connect to any other server because the server override function is used here. I haven't tested that extensively though and just use the config file for earth. AirVPN's API seems to be a little unreliable sometimes as in not correctly reporting the connection status. Sometimes the API reports me not being connected although I am connected to an AirVPN server. This is no big deal, it just means that the connection status sometimes may be shown falsely as disconnected. If you have the default network lock activated, no traffic would be possible if you were actually disconnected. And, lastly, VERY IMPORTANT: I am still no programmer and do this only on this on the side, so even though I tried my best to make these scripts secure and error free, there might very well be some bad practice, never-ever-do-this mistakes or other hiccups in there. It works very well for me (and has for quite a while by now), but better check it yourself. Installation Make sure you have the prerequisites installed: dialog, bash >=4, curl and awk. Copy the content of all the files to separate files on your computer, name them accordingly, and put them in the appropriate folders. It says where they belong above the file contents. Make sure to change the ownership of the systemd unit file to root:root and give the scripts execute permissions. Alternatively download the VPNControl.tar, cd into the directory where VPNControl.tar has been downloaded to and enter the following commands: tar -xvf VPNControl.tar mkdir -p "$HOME/.vpncontrol/config" && mkdir "$HOME/.vpncontrol/logs" mv vpncontrol.conf "$HOME/.vpncontrol/config/" mv netfilter_* "$HOME/.vpncontrol/config/" mv VPNControl.sh "$HOME/.local/bin/" sudo mv airvpn_boot.sh "/usr/local/bin/" sudo chown root:root airvpn.service sudo mv airvpn.service "/etc/systemd/system/" Generate a config file with AirVPN's OpenVPN Config Generator (I use the one for "Earth", but theoretically it should work with any) and put it in the config directory. Adjust the path name in the configuration file. The script assumes you have all the configuration files in the folder $HOME/.vpncontrol/config/, logs in $HOME/.vpncontrol/logs/ and the boot script in /usr/local/bin/. In the airvpn_boot.sh-script you have to adjust the path for the source command (line 34) to point to the configuration file. If you want to use different locations, you have to change them in the configuration file and (for the boot script) in the systemd unit file. If you want to use a different location for the configuration file itself, you have the change the VPNCONTROL_CONFIG variable in the VPNControl.sh-script and again the source path in the airvpn_boot.sh-script. The VPNControl.sh-script is meant to be run as a regular user. If you want to run it as root, you have to for sure change the VPNCONTROL_CONFIG variable from the previous step. Otherwise it should be possible to run it as root without problems (except notifications), but I haven't tested it. You need to insert your own API key in the configuration file. It can be found in your account under Client Area -> API. Without this, connections will still work, but user info and connection status in the main window will not be properly updated. Enable the systemd unit with sudo systemctl daemon-reload sudo systemctl enable airvpn.service If you use a setup where bash cannot be found at '/usr/bash', you have to change the path in the unit accordingly. Also I ran into a problem where systemctl complained that it couldn't find the unit. I don't know what the cause was (pretty sure the ownership and permissions were right), but it worked after I duplicated another .service file already present in /etc/systemd/system (with sudo cp) and then renamed it and exchanged the contents. Disable firewall frontends if needed (e. g. firewalld) and if you want to use the default network lock. (Firewall daemons don't necessarily interfere, but have the ability to overwrite the lock any time.) DONE! Now Hummingbird will try to establish a connection after boot. You can call the control script at any time with VPNControl.sh and disconnect/reconnect/do whatever. The script can be exited without affecting the running connection. Files These are all the necessary files (scripts and configuration files) with their default locations. Be aware that there might be a problem when manually copying the contents from here to text files where unwanted characters are inserted. If that's the case, please download the attached archive (at the very bottom of this post) and use the files from there. For the future I plan to put this somewhere more easily accessible like Gitlab. This is the main script, the interface. $HOME/.local/bin/VPNControl.sh #!/bin/bash # interactive shell script to control the command line version of the AirVPN Hummingbird client and openconnect more comfortably and extensively # originally created in January 2019 for Eddie, updated for use with Hummingbird in June 2020 # check if at least bash 4 is used if [ "${BASH_VERSINFO[0]}" -lt "4" ] then echo "This sript can only be run with bash 4 or higher." exit fi # check if necessary programs are installed PROGRAMS=( hummingbird dialog curl awk ) MISSING="false" for p in "${PROGRAMS[@]}" do command -v $p $> /dev/null if [ ! $? = "0" ] then echo "Please install $p to use this script." MISSING="true" fi done if [ "$MISSING" = "true" ] then exit fi # check which network filter is available (determined NETFILTER will be overriden if set in config file) NETFILTERS_AVAILABLE=( iptables iptables-legacy nft ) NETFILTER="none" for n in "${NETFILTERS_AVAILABLE[@]}" do command -v $n $> /dev/null if [ $? = "0" ] then NETFILTER="$n" break fi done # source variables which are subject to change from config file VPNCONTROL_CONFIG="$HOME/.vpncontrol/config/vpncontrol.conf" source "$VPNCONTROL_CONFIG" # variables which probably won't have to be changed DIALOG_OK=0 DIALOG_CANCEL=1 DIALOG_HELP=2 DIALOG_EXTRA=3 DIALOG_ITEM_HELP=4 DIALOG_ESC=255 HEIGHT=0 WIDTH=0 BACKTITLE="VPN Control" FORMAT="text" URL="https://airvpn.org/api/" COLS=$( tput cols ) ROWS=$( tput lines ) PID=$$ # set network-lock argument for hummingbird depending on available backends if [ "$NETFILTER" = "nft" ] then NETFILTER_HUM="nftables" elif [ "$NETFILTER" = "iptables" -o "$NETFILTER" = "iptables-legacy" ] then NETFILTER_HUM="iptables" else NETFILTER_HUM="on" fi function check_sudo { # check if user has sudo privileges sudo -vn &> /dev/null # gain sudo privileges for commands that need it (better than running everything with sudo) if [ $? = "1" ] then unset EXIT_STATUS_SUDO #PASS_PROMPT="Establishing OpenVPN connections and checking and changing network traffic rules requires root privileges. Please enter your password:" until [ "$EXIT_STATUS_SUDO" = "0" ] do dialog \ --backtitle "$BACKTITLE" \ --title "Password Needed" \ --output-fd 1 \ --insecure \ --passwordbox "$PASS_PROMPT" 11 35 | xargs printf '%s\n' | sudo -Svp '' &> /dev/null EXIT_STATUS_PIPE=( "${PIPESTATUS[@]}" ) EXIT_STATUS_DIALOG="${EXIT_STATUS_PIPE[0]}" EXIT_STATUS_SUDO="${EXIT_STATUS_PIPE[2]}" EXIT_SUDO_TEST="${EXIT_STATUS_PIPE[2]}" PASS_PROMPT="The password you entered is incorrect. Please try again:" case $EXIT_STATUS_DIALOG in $DIALOG_CANCEL|$DIALOG_ESC) return 1 ;; esac done # keep sudo permission until script exits or permissions are revoked (e.g. when computer goes to sleep) while [ "$EXIT_SUDO_TEST" = "0" ]; do sudo -vn; EXIT_SUDO_TEST=$?; sleep 60; kill -0 "$PID" || exit; done &> /dev/null & fi return 0 } function get_list { SERVICE_NAME="status" timeout --signal=SIGINT 10 curl -s "$URL$SERVICE_NAME/?format=$FORMAT" > "/tmp/.airvpn_server_list.txt" } function sort_list_servers { # pipe server status list to awk, filter out unnecessary stuff, # combine lines that relate to same server into single lines which are saved as array, # loop through array to format info, # print array and sort according to options, # add numbers to list for menu LIST_SERVERS=$(awk -F '[.]' \ 'BEGIN{OFS=";"} \ /^servers/ && !/ip_/ && !/country_code/ {c=$2; \ if (c in servers) servers[c]=servers[c] OFS $3; \ else servers[c]=$3; \ for (k in servers) gsub(/;bw=/, " :", servers[k]); \ for (k in servers) gsub(/;bw_max=/, "/", servers[k]); \ for (k in servers) gsub(/;currentload=/, " :", servers[k]); \ for (k in servers) gsub(/;health=/, "%:", servers[k]); \ for (k in servers) gsub(/;.*=/, ":", servers[k]); \ for (k in servers) gsub(/^.*=/, "", servers[k])} \ END{for (c in servers) print servers[c]}' "/tmp/.airvpn_server_list.txt" | sort -t ":" $1) LIST_SERVERS=$( echo "$LIST_SERVERS" | sed 's/:/;/' ) } function sort_list_countries { LIST_COUNTRIES=$(awk -F '[.]' \ 'BEGIN{OFS=";"} \ /^countries/ && (/country_name/ || /country_code/) {c=$2; \ if (c in countries) countries[c]=countries[c] OFS $3; \ else countries[c]=$3; \ for (k in countries) gsub(/;.*=/, ":", countries[k]); \ for (k in countries) gsub(/^.*=/, "", countries[k])} \ END{for (c in countries) print countries[c]}' "/tmp/.airvpn_server_list.txt" | sort -t ":" -d) } function get_userinfo { SERVICE_NAME="userinfo" # filter specific lines, save values (after "=") to variables after protecting whitespace read U_LOGIN U_EXP U_CONNECTED U_DEVICE U_SERVER_NAME U_SERVER_COUNTRY U_SERVER_LOCATION U_TIME <<< $( \ timeout --signal=SIGINT 10 curl -s "$URL$SERVICE_NAME/?key=$API_KEY&format=$FORMAT" | \ awk -F '[=]' \ 'BEGIN{ORS=";"} \ /^user.login|^user.expiration_days|^user.connected|^sessions.*device_name|^connection.server_name|^connection.server_country=|^connection.server_location|^connection.connected_since_date/ \ {print $2}' | \ sed 's/\ /\\\ /g' | sed 's/;/\ /g' \ ) if [ "$U_CONNECTED" = "true" ] then U_CONNECTED="connected" U_SERVER_FULL="$U_SERVER_NAME ($U_SERVER_LOCATION, $U_SERVER_COUNTRY)" U_TIME=$(date -d "$U_TIME UTC" +"%a %d. %b %Y %H:%M:%S") else U_CONNECTED="not connected" U_SERVER_FULL="--" U_TIME="--" fi } function connect_server { if [ "$KILLED" = "true" ] then DATE=$( date +%Y%m%d ) LOG_NAMES=($( ls "$LOG_PATH" | grep hummingbird.*log | sort -d )) LOG_NR=${#LOG_NAMES[@]} LOG_CURRENT="$LOG_PATH/hummingbird_current_$DATE.log" # if no log files should be kept, discard current logfile after process finishes, otherwise append to log file of current date if [ "$LOG_DAYS" = "0" ] then LOG_FINISH="/dev/null" else LOG_FINISH="$LOG_PATH/hummingbird_$DATE.log" fi if [ "$LOG_NR" -gt "0" ] then # check if newest log file is from today and if not, increase counter, so with the upcoming logfile the file limit will be kept if [ ! $( echo ${LOG_NAMES[-1]/#hummingbird_/} | cut -d "." -f 1 ) = "$DATE" ] then LOG_NR=$(( $LOG_NR+1 )) fi # check if more logs (including the upcoming one) are present than there should be and if so, remove oldest ones if [ "$LOG_NR" -gt "$LOG_DAYS" ] then cd "$LOG_PATH" rm "${LOG_NAMES[@]:0:(( $LOG_NR-$LOG_DAYS ))}" cd - fi fi # run hummingbird in background and detached from current window, write output to logfile, read it from there to dialog and catch sign of successful connection # hummingbird's timeout option is used, so it has enough time after sleep to recover without trying forever; TIMEOUT variable is used to try another server after some time when it is reasonable to not expect a successful connection anymore (sudo hummingbird $HUM_OPTIONS --network-lock "$NETFILTER_HUM" --timeout "$TIMEOUT_REC" --server "$1"."$DOMAIN" "$CONFIG_PATH" &> "$LOG_CURRENT"; notify-send "AirVPN" "Hummingbird process has finished."; sleep 1; cat "$LOG_CURRENT" >> "$LOG_FINISH"; rm "$LOG_CURRENT") & tail -f -n 5 "$LOG_CURRENT" | dialog --backtitle "$BACKTITLE" --title "Connecting to AirVPN (Server: $1) ..." --progressbox 20 80 & tail -f -n 5 "$LOG_CURRENT" | timeout --signal=SIGINT "$TIMEOUT_CON" grep -q -m 1 "EVENT: CONNECTED" INIT_EXIT=$? pkill -f tail.*hummingbird_current if [ "$INIT_EXIT" = "0" ] then sleep 1 get_userinfo notify-send "AirVPN" "VPN connection successfully established to AirVPN's server $U_SERVER_FULL." else U_CONNECTED="error during connection attempt" U_SERVER_FULL="--" U_TIME="--" sudo pkill -2 hummingbird notify-send "AirVPN" "Connection attempt to an AirVPN server has failed." # need to wait long enough, so "current" log file is deleted before next connection attempt, otherwise file counter will be too high and delete other log files (takes arount +20ms, but sometimes more, so better to add 1s) sleep 2 fi else U_CONNECTED="error during disconnection" U_SERVER_FULL="--" U_TIME="--" fi } function connect_openconnect { if [ "$KILLED" = "true" ] then DATE=$( date +%Y%m%d ) LOG_NAMES=($( ls "$LOG_PATH" | grep openconnect.*log | sort -d )) LOG_NR=${#LOG_NAMES[@]} # if no log files should be kept, discard current logfile after process finishes, otherwise append to log file of current date if [ "$LOG_DAYS" = "0" ] then LOG_FINISH="/dev/null" else LOG_FINISH="$LOG_PATH/openconnect_$DATE.log" fi if [ "$LOG_NR" -gt "0" ] then # check if newest log file is from today and if not, increase counter, so with the upcoming logfile the file limit will be kept if [ ! $( echo ${LOG_NAMES[-1]/#openconnect_/} | cut -d "." -f 1 ) = "$DATE" ] then LOG_NR=$(( $LOG_NR+1 )) fi # check if more logs (including the upcoming one) are present than there should be and if so, remove oldest ones if [ "$LOG_NR" -gt "$LOG_DAYS" ] then cd "$LOG_PATH" rm "${LOG_NAMES[@]:0:(( $LOG_NR-$LOG_DAYS ))}" cd - fi fi ALT_SERVER=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 1) ALT_GROUP=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 2) ALT_USER=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 3) ALT_PASS=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 4) ALT_OPTS=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 5) echo "$ALT_PASS" | (sudo openconnect $ALT_OPTS --authgroup=$ALT_GROUP --user=$ALT_USER --passwd-on-stdin $ALT_SERVER &> "$LOG_PATH/openconnect_current_$DATE.log"; notify-send "Openconnect" "Openconnect process has finished."; sleep 1; cat "$LOG_PATH/openconnect_current_$DATE.log" >> "$LOG_FINISH"; rm "$LOG_PATH/openconnect_current_$DATE.log") & timeout --signal=SIGINT 3 tail -f -n 20 "$LOG_PATH/openconnect_current_$DATE.log" | dialog --backtitle "$BACKTITLE" --title "Connecting via openconnect ..." --timeout 5 --programbox 20 80 U_CONNECTED="connected" U_SERVER_FULL="$ALT_SERVER" U_TIME=$(date +"%a %d. %b %Y %H:%M:%S") else U_CONNECTED="error during disconnection" U_SERVER_FULL="--" U_TIME="--" fi } function disconnect_server { # check for running instance of hummingbird HUM_PID=$( pgrep hummingbird ) if [ $? = 0 ] then # kill process and wait for confirmation from process output # check if running instance of hummingbird is writing to logfile and if so, listen there for confirmation sudo ls -l "/proc/$HUM_PID/fd" | grep hummingbird_current &> /dev/null if [ $? = 0 ] then sudo pkill -2 hummingbird & tail -f -n 5 "$LOG_PATH/hummingbird_current_"* | dialog --backtitle "$BACKTITLE" --title "Disconnecting from AirVPN ..." --progressbox 20 80 & tail -f -n 5 "$LOG_PATH/hummingbird_current_"* | timeout --signal=SIGINT 3 grep -q -m 1 "Thread finished" pkill -f tail.*hummingbird_current else # in case connection was started without this script sudo pkill -2 hummingbird sleep 2 fi # give some time to completely close process, without sleep it's too early for new connection sleep 1 pgrep hummingbird &> /dev/null if [ $? = 1 ] then KILLED1="true" notify-send "AirVPN" "VPN connection has been stopped successfully." else KILLED1="false" notify-send "AirVPN" "An error has occured during the disconnection attempt." fi else KILLED1="true" fi # check for running instance of openconnect pgrep -f "openconnect.*--" &> /dev/null if [ $? = 0 ] then pkill -2 -f "openconnect.*--" sleep 1 pgrep -f "openconnect.*--" &> /dev/null if [ $? = 1 ] then KILLED2="true" notify-send "AirVPN" "VPN connection to openconnect has been stopped successfully." # somehow openconnect doesn't receive SIGINT and shuts down improperly, # so vpnc can't restore resolv.conf by itself sudo cp "/var/run/vpnc/resolv.conf-backup" "/etc/resolv.conf" else KILLED2="false" notify-send "AirVPN" "An error has occured during the attempt to disconnect from openconnect." fi else KILLED2="true" fi if [ "$KILLED1" = "true" -a "$KILLED2" = "true" ] then KILLED="true" else KILLED="false" fi } function toggle_lock { if [ "$1" = "activate" ] then if [ "$NETFILTER" = "iptables-legacy" ] then sudo iptables-legacy-save > "${NETFILTER_RULES_IPTABLES}ipv4.backup" sudo ip6tables-legacy-save > "${NETFILTER_RULES_IPTABLES}ipv6.backup" sudo iptables-legacy-restore < "${NETFILTER_RULES_IPTABLES}ipv4" sudo ip6tables-legacy-restore < "${NETFILTER_RULES_IPTABLES}ipv6" elif [ "$NETFILTER" = "iptables" ] then sudo iptables-save > "${NETFILTER_RULES_IPTABLES}ipv4.backup" sudo ip6tables-save > "${NETFILTER_RULES_IPTABLES}ipv6.backup" sudo iptables-restore < "${NETFILTER_RULES_IPTABLES}ipv4" sudo ip6tables-restore < "${NETFILTER_RULES_IPTABLES}ipv6" elif [ "$NETFILTER" = "nft" ] then # put command to flush ruleset at top of backup file, so when it is loaded to restore the old rules, all previous rules are deleted in the same transaction (would take 2 transacions otherwise) echo "flush ruleset" > "${NETFILTER_RULES_NFTABLES}.backup" sudo nft list ruleset >> "${NETFILTER_RULES_NFTABLES}.backup" sudo nft -f "${NETFILTER_RULES_NFTABLES}" fi elif [ "$1" = "deactivate" ] then if [ "$NETFILTER" = "iptables-legacy" ] then if [ -s "${NETFILTER_RULES_IPTABLES}ipv4.backup" ] then sudo iptables-legacy-restore < "${NETFILTER_RULES_IPTABLES}ipv4.backup" sudo rm "${NETFILTER_RULES_IPTABLES}ipv4.backup" else sudo iptables-legacy -F sudo iptables-legacy -t nat -F fi if [ -s "${NETFILTER_RULES_IPTABLES}ipv6.backup" ] then sudo ip6tables-legacy-restore < "${NETFILTER_RULES_IPTABLES}ipv6.backup" sudo rm "${NETFILTER_RULES_IPTABLES}ipv6.backup" else sudo ip6tables-legacy -F sudo ip6tables-legacy -t nat -F fi elif [ "$NETFILTER" = "iptables" ] then if [ -s "${NETFILTER_RULES_IPTABLES}ipv4.backup" ] then sudo iptables-restore < "${NETFILTER_RULES_IPTABLES}ipv4.backup" sudo rm "${NETFILTER_RULES_IPTABLES}ipv4.backup" else sudo iptables -F sudo iptables -t nat -F fi if [ -s "${NETFILTER_RULES_IPTABLES}ipv6.backup" ] then sudo ip6tables-restore < "${NETFILTER_RULES_IPTABLES}ipv6.backup" sudo rm "${NETFILTER_RULES_IPTABLES}ipv6.backup" else sudo ip6tables -F sudo ip6tables -t nat -F fi elif [ "$NETFILTER" = "nft" ] then if [ -s "${NETFILTER_RULES_NFTABLES}.backup" ] then sudo nft -f "${NETFILTER_RULES_NFTABLES}.backup" sudo rm "${NETFILTER_RULES_NFTABLES}.backup" else sudo nft flush ruleset fi fi else return 1 fi check_lock if [ "$LOCK_ACTIVE" = "inactive" ] then dialog --backtitle "$BACKTITLE" --title "Default Network Lock Inactive" --msgbox "$MISSINGRULES" $HEIGHT $WIDTH elif [ "$LOCK_ACTIVE" = "active" ] then dialog --backtitle "$BACKTITLE" --title "Default Network Lock Active" --timeout 3 --msgbox "The default network lock is active." $HEIGHT $WIDTH else return 1 fi } function check_lock { if [ "$NETFILTER" = "iptables-legacy" ] then # load rules from ruleset file into array (only -A rules (append) are loaded), prefix with iptables or ip6tables command as fitting, change -A (append) to -C (check) mapfile -t IPRULESIPV4 < <(grep -e "-A " "${NETFILTER_RULES_IPTABLES}ipv4" | sed -e 's/^\(.*\)/sudo iptables-legacy \1/' -e 's/\ -A / -C /') mapfile -t IPRULESIPV6 < <(grep -e "-A " "${NETFILTER_RULES_IPTABLES}ipv6" | sed -e 's/^\(.*\)/sudo ip6tables-legacy \1/' -e 's/\ -A / -C /') LOCK_ACTIVE="error while checking" # only checks for presence of rules, not for order; if not present in default table (filter), check in other tables MISSINGRULES="The following rules are not present:\n" for i in "${IPRULESIPV4[@]}" do eval "$i" &> /dev/null if [ ! $? = "0" ] then eval "${i/legacy/legacy -t nat}" &> /dev/null fi if [ ! $? = "0" ] then eval "${i/legacy/legacy -t mangle}" &> /dev/null fi if [ ! $? = "0" ] then eval "${i/legacy/legacy -t raw}" &> /dev/null fi if [ ! $? = "0" ] then eval "${i/legacy/legacy -t security}" &> /dev/null fi if [ ! $? = "0" ] then MISSINGRULES="$MISSINGRULES\nIPv4: $i" LOCK_ACTIVE="inactive" fi done for i in "${IPRULESIPV6[@]}" do eval "$i" &> /dev/null if [ ! $? = "0" ] then eval "${i/legacy/legacy -t nat}" &> /dev/null fi if [ ! $? = "0" ] then eval "${i/legacy/legacy -t mangle}" &> /dev/null fi if [ ! $? = "0" ] then eval "${i/legacy/legacy -t raw}" &> /dev/null fi if [ ! $? = "0" ] then eval "${i/legacy/legacy -t security}" &> /dev/null fi if [ ! $? = "0" ] then MISSINGRULES="$MISSINGRULES\nIPv6: $i" LOCK_ACTIVE="inactive" fi done if [ "$LOCK_ACTIVE" = "inactive" ] then MISSINGRULES="${MISSINGRULES//sudo iptables -C /}\n\nPlease check manually." MISSINGRULES="${MISSINGRULES//sudo ip6tables -C /}" else LOCK_ACTIVE="active" fi elif [ "$NETFILTER" = "iptables" ] then # load rules from ruleset file into array (only -A rules (append) are loaded), prefix with iptables or ip6tables command as fitting, change -A (append) to -C (check) mapfile -t IPRULESIPV4 < <(grep -e "-A " "${NETFILTER_RULES_IPTABLES}ipv4" | sed -e 's/^\(.*\)/sudo iptables \1/' -e 's/\ -A / -C /') mapfile -t IPRULESIPV6 < <(grep -e "-A " "${NETFILTER_RULES_IPTABLES}ipv6" | sed -e 's/^\(.*\)/sudo ip6tables \1/' -e 's/\ -A / -C /') LOCK_ACTIVE="error while checking" # only checks for presence of rules, not for order; if not present in default table (filter), check in other tables MISSINGRULES="The following rules are not present:\n" for i in "${IPRULESIPV4[@]}" do eval "$i" &> /dev/null if [ ! $? = "0" ] then eval "${i/tables/tables -t nat}" &> /dev/null fi if [ ! $? = "0" ] then eval "${i/tables/tables -t mangle}" &> /dev/null fi if [ ! $? = "0" ] then eval "${i/tables/tables -t raw}" &> /dev/null fi if [ ! $? = "0" ] then eval "${i/tables/tables -t security}" &> /dev/null fi if [ ! $? = "0" ] then MISSINGRULES="$MISSINGRULES\nIPv4: $i" LOCK_ACTIVE="inactive" fi done for i in "${IPRULESIPV6[@]}" do eval "$i" &> /dev/null if [ ! $? = "0" ] then eval "${i/tables/tables -t nat}" &> /dev/null fi if [ ! $? = "0" ] then eval "${i/tables/tables -t mangle}" &> /dev/null fi if [ ! $? = "0" ] then eval "${i/tables/tables -t raw}" &> /dev/null fi if [ ! $? = "0" ] then eval "${i/tables/tables -t security}" &> /dev/null fi if [ ! $? = "0" ] then MISSINGRULES="$MISSINGRULES\nIPv6: $i" LOCK_ACTIVE="inactive" fi done if [ "$LOCK_ACTIVE" = "inactive" ] then MISSINGRULES="${MISSINGRULES//sudo iptables -C /}\n\nPlease check manually." MISSINGRULES="${MISSINGRULES//sudo ip6tables -C /}" else LOCK_ACTIVE="active" fi elif [ "$NETFILTER" = "nft" ] then # only checks if named tables from netfilter config file are present NFT_LOCK_TABLES=$( sudo nft list ruleset | grep "_lock" | wc -l ) if [ "$NFT_LOCK_TABLES" -ge "3" ] then LOCK_ACTIVE="active" else LOCK_ACTIVE="inactive" MISSINGRULES="The default network lock is deactivated. The nft tables with rules for the default network lock are not loaded." fi else return 1 fi } function yesno { dialog \ --backtitle "$BACKTITLE" \ --title "$1" \ --clear \ --yesno "$2" \ $HEIGHT $WIDTH EXIT_STATUS=$? } get_userinfo # if currently connected by openconnect, set status to unknown (connection could have been established outside of this script) pgrep -f "openconnect.*--" &> /dev/null if [ $? = 0 ] then U_CONNECTED="connected (openconnect)" U_SERVER_FULL="unknown" U_TIME="unknown" fi # set default message for network lock status, so password doesn't have to be entered when starting the script to check status if [ "$NETFILTER" = "none" ] then LOCK_ACTIVE="None of the supported network filters are available, so the default network lock cannot be used." else LOCK_ACTIVE="Select option 8 to check lock status." fi while true; do exec 3>&1 selection=$(dialog \ --cr-wrap \ --backtitle "$BACKTITLE" \ --title "Main Menu" \ --clear \ --cancel-label "Quit" \ --menu "This is a control script for VPN connections, primarily for AirVPN's Hummingbird client.\nThis script can be exited and re-entered without affecting a running connection.\n\nUser: $U_LOGIN\nDays Until Expiration: $U_EXP\n\nDefault Network Lock: $LOCK_ACTIVE\n\nStatus: $U_CONNECTED\nServer: $U_SERVER_FULL\nConnected Since: $U_TIME\n\nPlease select one of the following options:" $HEIGHT $WIDTH 9 \ "0" "Connect to Recommended Server" \ "1" "Connect to Recommended Server of Country" \ "2" "Connect to Specific Server" \ "3" "Connect to Random Server" \ "4" "Set Options for Hummingbird" \ "5" "Connect via Openconnect" \ "6" "Disconnect" \ "7" "Refresh User Info" \ "8" "Check Default Network Lock Status" \ "9" "Toggle Default Network Lock" \ 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) yesno "Quit" "Exit Script?" case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) break ;; esac ;; esac case $selection in 0 ) PASS_PROMPT="Connecting to and disconnecting from AirVPN with hummingbird requires root privileges. Please enter your password:" check_sudo if [ $? = "0" ] then disconnect_server #get_list DOMAIN="vpn.airdns.org" INIT_EXIT="1" connect_server "earth" if [ ! "$INIT_EXIT" = "0" ] then count="1" for s in "${SERVERS_BEST_EU[@]}" do connect_server "$s" if [ "$INIT_EXIT" = "0" ] then break else (( count++ )) fi if [ "$count" -ge 5 ] then break fi done fi if [ ! "$INIT_EXIT" = "0" ] then for s in "${SERVERS_BEST_REST[@]}" do connect_server "$s" if [ "$INIT_EXIT" = "0" ] then break else (( count++ )) fi if [ "$count" -ge 7 ] then notify-send "AirVPN" "Connection unsuccessful after $count failed attempts." break fi done fi fi ;; 1 ) if [ ! -s "/tmp/.airvpn_server_list.txt" ] then get_list fi while true do sort_list_countries IFS=$':\n' exec 3>&1 COUNTRY_NAME=$(dialog \ --backtitle "$BACKTITLE" \ --title "Country List" \ --colors \ --no-collapse \ --column-separator ":" \ --menu "Choose a country from the list to connect to.\n\n\Zb Country Country Code\ZB" \ 30 50 31 $LIST_COUNTRIES 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- IFS=$' \t\n' case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) break ;; $DIALOG_OK) PASS_PROMPT="Connecting to and disconnecting from AirVPN with hummingbird requires root privileges. Please enter your password:" check_sudo if [ $? = "0" ] then SELECTED_COUNTRY=$(printf -- '%s\n' "${LIST_COUNTRIES[@]}" | grep "^$COUNTRY_NAME" | cut -d ":" -f 2 ) disconnect_server DOMAIN="vpn.airdns.org" connect_server "$SELECTED_COUNTRY" break fi ;; esac done ;; 2 ) while true; do exec 3>&1 SERVER_SORT=$(dialog \ --backtitle "$BACKTITLE" \ --title "Sort Server List" \ --no-collapse \ --ok-label "sort ascending" \ --extra-button \ --extra-label "sort descending" \ --menu "Please choose how you want to sort the server list." \ 14 0 7 \ "1" "Name" \ "2" "Country" \ "3" "Location" \ "4" "Continent" \ "5" "Bandwidth" \ "6" "Users" \ "7" "Load" \ 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) break ;; $DIALOG_EXTRA) SERVER_SORT_OPTION="r" ;; $DIALOG_OK) SERVER_SORT_OPTION="" ;; esac if [ "$SERVER_SORT" = "5" -o "$SERVER_SORT" = "6" -o "$SERVER_SORT" = "7" ] then SERVER_NUM_OPTION="n" else SERVER_NUM_OPTION="" fi if [ ! -s "/tmp/.airvpn_server_list.txt" ] then get_list fi while true do sort_list_servers "-k$SERVER_SORT,$SERVER_SORT$SERVER_SORT_OPTION$SERVER_NUM_OPTION" IFS=$';\n' exec 3>&1 SELECTED_SERVER=$(dialog \ --backtitle "$BACKTITLE" \ --title "Server List" \ --colors \ --no-collapse \ --extra-button \ --extra-label "Refresh List" \ --column-separator ":" \ --menu "Choose a server from the list to connect to it. (Press ESC to go back.)\n\n\Zb Name Country Location Continent Bandwidth Users Load Health\ZB" \ 40 102 31 $LIST_SERVERS 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- IFS=$' \t\n' case $EXIT_STATUS in $DIALOG_CANCEL) break 2 ;; $DIALOG_ESC) break ;; $DIALOG_EXTRA) get_list ;; $DIALOG_OK) PASS_PROMPT="Connecting to and disconnecting from AirVPN with hummingbird requires root privileges. Please enter your password:" check_sudo if [ $? = "0" ] then disconnect_server DOMAIN="airvpn.org" connect_server "$SELECTED_SERVER" break 2 fi ;; esac done done ;; 3 ) PASS_PROMPT="Connecting to and disconnecting from AirVPN with hummingbird requires root privileges. Please enter your password:" check_sudo if [ $? = "0" ] then disconnect_server get_list INIT_EXIT="1" count="0" while [ ! "$INIT_EXIT" = "0" ] do i="0" while [ $i -le 20 ] do RAN_SERVER_NM=$( grep -E "servers\..+\.public_name" /tmp/.airvpn_server_list.txt | shuf -n1 | cut -d "." -f 2 ) RAN_SERVER_HEALTH=$( grep "servers\.$RAN_SERVER_NM\.health" /tmp/.airvpn_server_list.txt | cut -d "=" -f 2 ) if [ "$RAN_SERVER_HEALTH" = "ok" ] then RAN_SERVER=$( grep "servers\.$RAN_SERVER_NM\.public_name" /tmp/.airvpn_server_list.txt | cut -d "=" -f 2 ) break fi (( i++ )) done if [ "$i" -eq 20 ] then break elif [ "$count" -ge 7 ] then notify-send "AirVPN" "Connection unsuccessful after $count failed attempts." break fi DOMAIN="airvpn.org" connect_server "$RAN_SERVER" (( count++ )) done fi ;; 4 ) exec 3>&1 HUM_OPTIONS=$(dialog \ --backtitle "$BACKTITLE" \ --title "Set custom Hummingbird options" \ --extra-button \ --extra-label "Make options permanent" \ --form "If you want to use custom options for hummingbird, you can enter them here.\nType them like you would in the command line, separated by a space (e. g. --proto tcp --ignore-dns-push).\nNote that the options --timeout, --network-lock and --server are already used and can't be set here.\nThese options will override the ones you might have set in configuration file and will only be used for connections you make until you close the script. You can make them permanent with the button below (navigate with <TAB>)." $HEIGHT $WIDTH 5 \ "Options:" 5 1 "$HUM_OPTIONS" 5 10 50 100 \ 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_EXTRA) sed -i -e '/^HUM_OPTIONS/d' "$VPNCONTROL_CONFIG" echo "HUM_OPTIONS=\"$HUM_OPTIONS\"" >> "$VPNCONTROL_CONFIG" ;; $DIALOG_OK) ;; esac ;; 5 ) exec 3>&1 # adjust field lengths if necessary CONNECT_INFO=$(dialog \ --backtitle "$BACKTITLE" \ --title "VPN via openconnect" \ --insecure \ --mixedform "Please provide your login credentials to connect to a VPN via openconnect:\n(Leave unneeded fields blank and type options as in command line, separated by space.)" $HEIGHT $WIDTH 6 \ "Server:" 1 1 "" 1 21 25 0 0 \ "Group:" 2 1 "" 2 21 25 0 0 \ "User:" 3 1 "" 3 21 25 0 0 \ "Password:" 4 1 "" 4 21 25 0 1 \ "Additional Options:" 5 1 "--no-dtls" 5 21 25 0 0 \ 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) PASS_PROMPT="Establishing OpenVPN connections requires root privileges. Please enter your password:" check_sudo if [ $? = "0" ] then disconnect_server connect_openconnect fi ;; esac ;; 6 ) PASS_PROMPT="Disconnecting from AirVPN with hummingbird requires root privileges. Please enter your password:" check_sudo if [ $? = "0" ] then disconnect_server if [ "$KILLED" = "true" ] then get_userinfo else U_CONNECTED="error during disconnection" U_SERVER_FULL="--" U_TIME="--" fi fi ;; 7 ) get_userinfo ;; 8 ) if [ "$NETFILTER" = "none" ] then dialog --backtitle "$BACKTITLE" --title "Network Lock Not Available" --timeout 3 --msgbox "$LOCK_ACTIVE" 10 35 else pgrep hummingbird &> /dev/null if [ $? = 0 ] then dialog --backtitle "$BACKTITLE" --title "Check Default Network Lock" --timeout 8 --msgbox "Default network lock can only be checked when hummingbird is not running since it has it's own network lock overriding the default one." 10 35 else PASS_PROMPT="Checking network traffic rules requires root privileges. Please enter your password:" check_sudo check_lock if [ "$LOCK_ACTIVE" = "inactive" ] then dialog --backtitle "$BACKTITLE" --title "Default Network Lock Inactive" --msgbox "$MISSINGRULES" $HEIGHT $WIDTH elif [ "$LOCK_ACTIVE" = "active" ] then dialog --backtitle "$BACKTITLE" --title "Default Network Lock Active" --timeout 3 --msgbox "The default network lock is active." $HEIGHT $WIDTH else return 1 fi fi fi ;; 9 ) if [ "$NETFILTER" = "none" ] then dialog --backtitle "$BACKTITLE" --title "Network Lock Not Available" --timeout 3 --msgbox "$LOCK_ACTIVE" 10 35 else pgrep hummingbird &> /dev/null if [ $? = 0 ] then dialog --backtitle "$BACKTITLE" --title "Toggle Network Lock" --timeout 3 --msgbox "You need to be disconnected to change network traffic rules." 10 35 else check_lock if [ "$LOCK_ACTIVE" = "inactive" ] then yesno "Toggle Network Lock" "Are you sure you want to activate the default network lock and block all connections while not connected to (any) VPN?" case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) PASS_PROMPT="Changing network traffic rules requires root privileges. Please enter your password:" check_sudo if [ $? = "0" ] then toggle_lock "activate" fi ;; esac elif [ "$LOCK_ACTIVE" = "active" ] then yesno "Toggle Network Lock" "Are you sure you want to deactivate the default network lock and allow all connections, even when not connected to a VPN?" case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) PASS_PROMPT="Changing network traffic rules requires root privileges. Please enter your password:" check_sudo if [ $? = "0" ] then toggle_lock "deactivate" fi ;; esac else return 1 fi fi fi ;; esac done clear This is the script that tries to establish a connection at boot. /usr/local/bin/airvpn_boot.sh #!/bin/bash # script to connect to recommended AirVPN server, created to be used in systemd unit at boot # check if necessary programs are installed PROGRAMS=( hummingbird curl ) MISSING="false" for p in "${PROGRAMS[@]}" do command -v $p $> /dev/null if [ ! $? = "0" ] then MISSING="true" fi done if [ "$MISSING" = "true" ] then exit fi # check which network filter is available (determined NETFILTER will be overriden if set in config file) NETFILTERS_AVAILABLE=( iptables iptables-legacy nft ) NETFILTER="none" for n in "${NETFILTERS_AVAILABLE[@]}" do command -v $n $> /dev/null if [ $? = "0" ] then NETFILTER="$n" break fi done # source variables which are subject to change from config file source "/home/<USER>/.vpncontrol/config/vpncontrol.conf" # set network-lock argument for hummingbird depending on available backends if [ "$NETFILTER" = "nft" ] then NETFILTER_HUM="nftables" elif [ "$NETFILTER" = "iptables" -o "$NETFILTER" = "iptables-legacy" ] then NETFILTER_HUM="iptables" else NETFILTER_HUM="on" fi # in order to correctly send notifications via notify-send as root, DISPLAY variable must be set (only on X, not on Wayland) and DBUS_SESSION_BUS_ADDRESS (automatically set based on username) #DISPLAY=:0 USER_ID=$( id -u $SCRIPT_USER ) DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$USER_ID/bus" function activate_lock { # use detour with cat because SELinux denies direct read/write access for iptables and nft (actually nft was only denied write access, couldn't read for other permission reason, but this way it works) if [ "$NETFILTER" = "iptables-legacy" ] then iptables-legacy-save | cat > "${NETFILTER_RULES_IPTABLES}ipv4.backup" ip6tables-legacy-save | cat > "${NETFILTER_RULES_IPTABLES}ipv6.backup" cat "${NETFILTER_RULES_IPTABLES}ipv4" | iptables-legacy-restore cat "${NETFILTER_RULES_IPTABLES}ipv6" | ip6tables-legacy-restore elif [ "$NETFILTER" = "iptables" ] then iptables-save | cat > "${NETFILTER_RULES_IPTABLES}ipv4.backup" ip6tables-save | cat > "${NETFILTER_RULES_IPTABLES}ipv6.backup" cat "${NETFILTER_RULES_IPTABLES}ipv4" | iptables-restore cat "${NETFILTER_RULES_IPTABLES}ipv6" | ip6tables-restore elif [ "$NETFILTER" = "nft" ] then # put command to flush ruleset at top of backup file, so when it is loaded to restore the old rules, all previous rules are deleted in the same transaction (would take 2 transacions otherwise) echo "flush ruleset" > "${NETFILTER_RULES_NFTABLES}.backup" nft list ruleset | cat >> "${NETFILTER_RULES_NFTABLES}.backup" cat "${NETFILTER_RULES_NFTABLES}" | nft -f - fi } function connect_server { DATE=$( date +%Y%m%d ) # names and number of currently present logs LOG_NAMES=($( ls "$LOG_PATH" | grep hummingbird.*log | sort -d )) LOG_NR=${#LOG_NAMES[@]} # if no log files should be kept, discard current logfile after process finishes, otherwise append to log file of current date if [ "$LOG_DAYS" = "0" ] then LOG_FINISH="/dev/null" else LOG_FINISH="$LOG_PATH/hummingbird_$DATE.log" fi # check if newest log file is from today and if not, increase counter, so with the upcoming logfile the file limit will be kept and create final log file as user, so the user can write to it later if [ "$LOG_NR" -gt "0" ] then if [ ! $( echo ${LOG_NAMES[-1]/#hummingbird_/} | cut -d "." -f 1 ) = "$DATE" ] then LOG_NR=$(( $LOG_NR+1 )) if [ ! "$LOG_DAYS" = "0" ] then su "$SCRIPT_USER" -c "touch $LOG_FINISH" fi fi # check if more logs (including the upcoming one) are present than there should be and if so, remove oldest ones if [ "$LOG_NR" -gt "$LOG_DAYS" ] then cd "$LOG_PATH" rm "${LOG_NAMES[@]:0:(( $LOG_NR-$LOG_DAYS ))}" cd - fi else su "$SCRIPT_USER" -c "touch $LOG_FINISH" fi su "$SCRIPT_USER" -c "notify-send 'AirVPN' 'Connecting to AirVPN ...'" # run hummingbird in background (and send notification when process finishes), pipe output to log (hummingbird $HUM_OPTIONS --network-lock "$NETFILTER_HUM" --timeout "$TIMEOUT_REC" --server "$1".vpn.airdns.org "$CONFIG_PATH" &>> "$LOG_PATH/hummingbird_current_$DATE.log"; su "$SCRIPT_USER" -c "notify-send.sh 'AirVPN' 'Hummingbird process has finished.'"; sleep 1; cat "$LOG_PATH/hummingbird_current_$DATE.log" >> "$LOG_FINISH"; rm "$LOG_PATH/hummingbird_current_$DATE.log") & # monitor log to catch sign of successful connection tail -f -n 5 "/$LOG_PATH/hummingbird_current_$DATE.log" | timeout --signal=SIGINT "$TIMEOUT_CON" grep -q -m 1 "EVENT: CONNECTED" INIT_EXIT=$? pkill -f tail.*hummingbird_current if [ "$INIT_EXIT" = "0" ] then # send notification as regular user for it to be sent and displayed correctly su "$SCRIPT_USER" -c "notify-send 'AirVPN' 'VPN connection successfully established.'" exit else pkill -2 hummingbird su "$SCRIPT_USER" -c "notify-send 'AirVPN' 'Connection attempt to an AirVPN server has failed.'" # need to wait long enough, so "current" log file is deleted before next connection attempt, otherwise file counter will be too high and delete other log files (takes around +20ms, but sometimes more, so better to add 1s) sleep 2 fi } INIT_EXIT="1" if [ "$DEFAULT_NETLOCK" = "enabled" ] then activate_lock fi # try to connect to recommended servers (first EU, then rest of the world; change order/adjust server lists if desired) connect_server "earth" if [ ! "$INIT_EXIT" = "0" ] then # count connection attempts in order to stop after certain number count="1" for s in "${SERVERS_BEST_EU[@]}" do connect_server "$s" if [ $INIT_EXIT = "0" ] then break else (( count++ )) fi if [ "$count" -ge 3 ] then break fi done fi if [ ! "$INIT_EXIT" = "0" ] then for s in "${SERVERS_BEST_REST[@]}" do connect_server "$s" if [ $INIT_EXIT = "0" ] then break else (( count++ )) fi if [ "$count" -ge 5 ] then su "$SCRIPT_USER" -c "notify-send 'AirVPN' 'Connection unsuccessful after '$count' failed attempts." break fi done fi exit This is the configuration file for both of the scripts. Most necessary adjustments can be made here, so the scripts don't have to be edited (except for correctly pointing at this file). $HOME/.vpncontrol/config/vpncontrol.conf #!/bin/bash # This file is part of the VPNControl configuration. # settings for AirVPN control scripts (airvpn_boot.sh and VPNControl.sh) # user in whose directory all the necessary files are stored (usually you); this is just used for this configuration file to make paths easier to change, but paths can also be changed individually SCRIPT_USER="<USER>" # path to ovpn configuration file; make sure to use absolute path without variables like $HOME since boot script is run as root CONFIG_PATH="/home/$SCRIPT_USER/.vpncontrol/config/AirVPN_All-servers_UDP-443.ovpn" # path to directory for log files (don't put a trailing slash); make sure to use absolute path without variables like $HOME since boot script is run as root LOG_PATH="/home/$SCRIPT_USER/.vpncontrol/logs" # number of days for which logs are being kept (last days with connections via hummingbird, don't have to be consecutive); if "0" there will still be a log for the current connection which will be deleted after the connection ends LOG_DAYS="3" # seconds for which the connection to a server should be attempted before aborting (and when not trying to connect to a specific server moving on to the next one) TIMEOUT_CON="12" # seconds for which hummingbird should try to restore the connection in case connectivity is lost (mostly relevant after computer wakes up from sleep; this uses hummingbird's own --timeout option, but not sure how it handles it: if it applies to dropped VPN connection itself, network interface being down or only pausing the process e.g. by sleep) TIMEOUT_REC="60" # order of countries (and continents to try overall recommended server first) when trying recommended servers SERVERS_BEST_EU=( europe nl be at bg ch cz de ee es gb lv no ro rs se ua ) SERVERS_BEST_REST=( america asia ca us jp br hk sg ) # backend for default network lock, will by default use (just like hummingbird) the first available of iptables, iptables-legacy or nft; uncomment if you want to use a specific one of those #NETFILTER="nft" # uncomment if you want to lock down the system by default (applies the default network lock at boot) #DEFAULT_NETLOCK="enabled" # path to file with rules for default network lock (needs to be present only for used backend, but both can be specified) NETFILTER_RULES_IPTABLES="/home/$SCRIPT_USER/.vpncontrol/config/netfilter_iptables.rules" NETFILTER_RULES_NFTABLES="/home/$SCRIPT_USER/.vpncontrol/config/netfilter_nftables.rules" # API key to access user specific AirVPN info API_KEY="<YOUR PERSONAL API KEY>" # set custom options for hummingbird like in the commented example; will be temporarily overwritten if you enter new ones in the control script #HUM_OPTIONS="--proto tcp --ignore-dns-push" This is the systemd unit file that integrates the boot script into the system's boot process. It has to be owned by root. /etc/systemd/system/airvpn.service [Unit] Description=AirVPN Client (hummingbird) Wants=network-online.target After=network-online.target [Service] Type=forking ExecStart=/usr/bash /usr/local/bin/airvpn_boot.sh Restart=no [Install] WantedBy=multi-user.target These are the configuration files for the default network lock using iptables. These rules block all IPv4 traffic by default except some things like local traffic and traffic to airvpn.org. The rules in the second file block all IPv6 traffic. $HOME/.vpncontrol/config/netfilter_iptables.rulesipv4 # This file is part of the VPNcontrol configuration. # default network lock iptables rules for IPv4 traffic # nat table: optional masquerade rule (NAT/ports) *nat :PREROUTING ACCEPT :INPUT ACCEPT :OUTPUT ACCEPT :POSTROUTING ACCEPT -A POSTROUTING -o tun+ -j MASQUERADE COMMIT # mangle table: no rules applied *mangle :PREROUTING ACCEPT :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT :POSTROUTING ACCEPT COMMIT # raw table: no rules applied *raw :PREROUTING ACCEPT :OUTPUT ACCEPT COMMIT # security table: no rules applied *security :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT COMMIT # filter table: all traffic blocked with some exceptions: *filter :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT # allow loopback IN -A INPUT -i lo -j ACCEPT # allow broadcastin/dhcp IN -A INPUT -s 255.255.255.255/32 -j ACCEPT # allow communication for established connections (that were allowed with these rules) -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # block all other incoming traffic -A INPUT -j DROP # allow tun device to communicate (so any VPN connection should be possible, also without Air, but respective DNS requests must be allowed)) -A FORWARD -o tun+ -j ACCEPT -A FORWARD -i tun+ -j ACCEPT # allow loopback OUT -A OUTPUT -o lo -j ACCEPT # allow LAN OUT -A OUTPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT # allow link-local OUT -A OUTPUT -s 169.254.0.0/16 -d 169.254.0.0/16 -j ACCEPT # allow broadcastin/dhcp OUT -A OUTPUT -d 255.255.255.255/32 -j ACCEPT # allow IPv4 traffic via UDP and TCP only to airvpn.org for status update # allow DNS query to resolve hostname (hex string reads "06 airvpn 03 org" - numbers are counting bits), # restrict packet length to length of this specific request package (might change?) to avoid hijacking of query (very unlikely I guess, but who cares if we're already being paranoid for the fun of it), # whitelist destination IP for TCP handshake -A OUTPUT -p udp -m udp --dport 53 -m string --hex-string "|0661697276706e036f7267|" --algo bm --to 65535 -m length --length 0:126 -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 53 -m string --hex-string "|0661697276706e036f7267|" --algo bm --to 65535 -m length --length 0:126 -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource -j ACCEPT # allow SYN request to whitelisted IP to initiate handshake, remove IP from whitelist -A OUTPUT -p tcp -m tcp --dport 53 --tcp-flags FIN,SYN,RST,ACK SYN -m recent --remove --name DEFAULT --mask 255.255.255.255 --rsource -j ACCEPT # allow outgoing connection to Air's IP -A OUTPUT -d 5.196.64.52/32 -j ACCEPT # allow tun device to communicate (so any VPN connection should be possible, also without Air, but respective DNS requests must be allowed)) -A OUTPUT -o tun+ -j ACCEPT # block all other outgoing traffic -A OUTPUT -j DROP COMMIT $HOME/.vpncontrol/config/netfilter_iptables.rulesipv6 # This file is part of the VPNcontrol configuration. # iptables rules for IPv6 traffic # nat table: no rules applied *nat :PREROUTING ACCEPT :INPUT ACCEPT :OUTPUT ACCEPT :POSTROUTING ACCEPT COMMIT # mangle table: no rules applied *mangle :PREROUTING ACCEPT :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT :POSTROUTING ACCEPT COMMIT # raw table: no rules applied *raw :PREROUTING ACCEPT :OUTPUT ACCEPT COMMIT # security table: no rules applied *security :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT COMMIT # filter table: block all traffic *filter :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT -A INPUT -j DROP -A OUTPUT -j DROP COMMIT This is the configuration file for the default network lock using nftables. These rules block all IPv4 traffic by default except some things like local traffic and traffic to airvpn.org. They also block all IPv6 traffic. $HOME/.vpncontrol/config/netfilter_nftables.rules flush ruleset table inet nat_lock { chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; } chain INPUT { type nat hook input priority 100; policy accept; } chain OUTPUT { type nat hook output priority -100; policy accept; } chain POSTROUTING { type nat hook postrouting priority srcnat; policy accept; oifname "tun*" masquerade comment "optional masquerade rule (NAT/ports)" } } table ip filter_lock { set whitelist { type ipv4_addr; flags timeout; } chain INPUT { type filter hook input priority filter; policy drop; iifname "lo" accept comment "allow loopback IN" ip saddr 255.255.255.255/32 accept comment "allow broadcastin/dhcp IN" ct state established,related accept comment "allow communication for established connections (that were allowed with these rules)" } chain FORWARD { type filter hook forward priority filter; policy drop; oifname "tun*" accept iifname "tun*" accept } chain OUTPUT { type filter hook output priority filter; policy drop; oifname "lo" accept comment "allow loopback OUT" ip saddr 192.168.0.0/16 ip daddr 192.168.0.0/16 accept comment "allow LAN OUT" ip saddr 169.254.0.0/16 ip daddr 169.254.0.0/16 accept comment "allow link-local OUT" ip daddr 255.255.255.255/32 accept comment "allow broadcastin/dhcp OUT" # allow DNS query to resolve hostname (hex string reads "06 airvpn 03 org" (prefixed with 0x, suffixed with 00) - numbers are counting bits), whitelist destination IP for TCP handshake" udp dport 53 @th,160,120 0x0661697276706e036f726700 meta length 0-126 update @whitelist { ip saddr } accept comment "allow DNS query to resolve hostname" tcp dport 53 @th,160,120 0x0661697276706e036f726700 meta length 0-126 update @whitelist { ip saddr } accept comment "allow DNS query to resolve hostname" tcp dport 53 tcp flags & (fin|syn|rst|ack) == syn update @whitelist { ip saddr timeout 1s } accept comment "allow SYN request to whitelisted IP to initiate handshake, remove IP from whitelist" ip saddr @whitelist accept comment "allow outgoing traffic from addresses in whitelist" ip daddr 5.196.64.52/32 accept comment "allow outgoing connection to Air's IP" # allow tun device to communicate (so any VPN connection should be possible, also without Air, but respective DNS requests must be allowed) oifname "tun*" accept comment "allow tun device to communicate" } } table ip6 filter_lock { chain INPUT { type filter hook input priority filter; policy drop; } chain FORWARD { type filter hook forward priority filter; policy drop; } chain OUTPUT { type filter hook output priority filter; policy drop; } } VPNConrol.tar VPNControl.tar
  3. Hi Using Eddie with "Network lock" on, and "Lock current server" on: If my internet service provider drops out..... for a few minutes.... Then Eddie reconnects to the same VPN server......Does Eddie automatically reconnecting reveal my actual IP while connecting?
  4. I had to do a clean install of my OS today. When I did this, I installed the latest version of Eddie 2.15.2. It seems to function fine when I just connect. If I activate the network lock, I lose all internet access with every program and browser. My browser just says Unable to Connect to the Internet. I have 8 text documents of data. 4 are logs: Connecting with network lock, disconnecting with network lock, connecting without network lock, and disconnecting without network lock. These tasks were performed in this order. The other 4 are system reports after performing the aforementioned tasks. Those are numbered files, but are numerically in the same order as the tasks were performed. I appreciate any and all help since a VPN is fairly useless without the lock. Thanks Eddie turned on with Network Lock.txt Eddie_20180805_215908.txt Eddie turned off with Network Lock.txt Eddie_20180805_220441.txt Eddie turned on without Network Lock.txt Eddie_20180805_220641.txt Eddie turned off without Network Lock.txt Eddie_20180805_220718.txt
  5. I have been using Eddie 2.11.5 (Windows 10, portable, 64bit) for a while now, and Network Lock works fine. I just installed Eddie 2.13.6 (Windows 10, portable, 64bit), and Network Lock no longer works. Instead I get the error message (see attached screenshot): Windows WFP, Add rule failed: App not found: <rule name="NetLock - Allow Eddie" layer="ale_auth_recv_accept_v4" ... etc. Settings on both versions are the same: Mode Automatic, Allow lan/private, Allow ping, no Addresses allowed. I even tried swaping AirVPN.xml files to see if that would work, but it still doesn't.
  6. When visiting a new location, such as an airport or coffee shop, it is my intention to have Network Lock active before even connecting to this new Wifi. I have not successfully accomplished this -- it seems I must have Network Lock disabled in order to connect to the new network. So long as Network Lock is disabled, it will connect to the Wifi immediately then work as normal. How can I have only the Wifi login bypass the Network Lock tunnel such that all other traffic is still locked to the tunnel? FYI my last attempt at using the advanced features of Eddie to allow my corporate VPN to bypass the tunnel was an epic failure....maybe I'll write up another thread on that someday. macOS Mojave 10.14.6 Eddie 2.16.3 Thanks, Snowplow
  7. I've just installed Eddie 2.16.3 on a new Windows 10 system. When Network Lock is active, I can't seem to get Eddie to connect to any of the servers because it gets stuck at "Checking route IPv6" and the connection keeps timing out. I have put exceptions in both Malwarebytes and Windows Firewall for all components used by Eddie including the OpenVPN Daemon but it still refuses to connect when Network Lock has been activated. It works fine otherwise, but it is annoying since Network Lock is a useful feature for preventing DNS leaks. I have attached a log file to see if anyone can help me figure out what's causing the problem. Bizarrely this problem is not present in earlier builds of Eddie such as 2.14.5, which I don't want to use for security reasons. I am using Windows 10 Home, Version 1803, OS build 17134.345. I hope this information is sufficient to help resolve the issue. Eddie_20181011_131408.txt
  8. Hello, after I posted some suggestions for Eddie's CLI version in this thread and received some helpful information there, I set out to write my own little interface in bash for it to implement the suggestions. Being no programmer it turned out to be quite a project for me, and I would like to share it here in case anybody else prefers to run Eddie in the terminal rather than as a full GUI application. This script still uses Eddie itself, it's just a wrapper to make it as easy to use in the command line as it is as a desktop application. Screenshots are attached. Some features and advantages: uses less resources (top shows usually 0.3% CPU usage compared to 4-5% for the desktop version) can be exited without disconnecting interactive, sortable server list option to connect to another VPN with openconnect (since I need to do that from time to time, but it should be easy to add other connection methods as well) option to lock down the system's network traffic by default, so even without Eddie running with its own network lock there will be no leaks What to watch out for: The default network lock works with direct rules in firewalld because I'm using Fedora. It should be easy to change it to use iptables directly on other distributions since firewalld's direct rules are just a way to directly manipulate iptables. Once activated, the lock will stay in place until manually deactivated (also surviving reboots), so no internet connection will be possible unless connected to AirVPN or other whitelisted VPNs. AirVPN's network lock overwrites the default network lock, so there will be no interference. Check your /etc/resolv.conf file while not running Eddie (because Eddie's network lock replaces that file temporarily) to make sure your router is not set as a nameserver (so no 192.168... address). Some routers will push themselves on that list by DHCP whenever you connect to their network. Since communication with the router is allowed in the lock rules, DNS requests will be handled by the router and sent to whatever DNS server is configured there even when network traffic should be blocked. There are ways to prevent that file from being changed by DHCP, best configure network manager for that if you use it. To connect to other VPNs, their IPs must be whitelisted and DNS requests for their domains must be allowed in the default network lock rules. The rules for airvpn.org can be copied and adjusted. I haven't yet included an option to pass command line arguments to Eddie. So if you need to set more advanced options like black-/whitelists, use of certain protocols etc., you need to set them manually in the connect_server function. All the possible options can be found in 'man eddie-ui'. You need to insert your own API key in line 5. It can be found in your account under Client Area -> API. Without this, connections will still work, but user info and connection status in the main window will not be properly updated. I tried to only use basic system tools. The script relies mostly on dialog, awk and curl (and firewalld as described and openconnect if needed), so it should work on most systems, but I'm not sure. And, lastly, VERY IMPORTANT: As I said, I'm no programmer and new to this, so even though I tried my best to make this script secure and error free, there might very well be some bad practice, never-ever-do-this mistakes or other hiccups in there. It works well for me, but better check it yourself. Feel free to use this as you wish, I hope someone can benefit from this. I'm happy about any improvements and corrections and will update this if I find the time. UPDATE: A new version which uses Hummingbird and has been improved in many aspects (including automatic connection at boot) can be found here. #!/bin/bash # an interactive shell script to control the command line version of the AirVPN Eddie client and openconnect more comfortably PROFILE_PATH="$HOME/.airvpn/default.xml" API_KEY="<your api key>" DIALOG_OK=0 DIALOG_CANCEL=1 DIALOG_EXTRA=3 DIALOG_ESC=255 HEIGHT=0 WIDTH=0 BACKTITLE="VPN Control" FORMAT="text" URL="https://airvpn.org/api/" PID=$$ function check_sudo { # check if user has sudo privileges sudo -vn &> /dev/null # gain sudo privileges for commands that need it (better than running everything with sudo) if [ $? = "1" ] then unset EXIT_STATUS_SUDO PASS_PROMPT="Establishing VPN connections and changing network traffic rules requires root privileges. Please enter your password:" until [ "$EXIT_STATUS_SUDO" = "0" ] do dialog \ --backtitle "$BACKTITLE" \ --title "Password Needed" \ --output-fd 1 \ --insecure \ --passwordbox "$PASS_PROMPT" 11 35 | xargs printf '%s\n' | sudo -Svp '' &> /dev/null EXIT_STATUS_PIPE=( "${PIPESTATUS[@]}" ) EXIT_STATUS_DIALOG="${EXIT_STATUS_PIPE[0]}" EXIT_STATUS_SUDO="${EXIT_STATUS_PIPE[2]}" EXIT_SUDO_TEST="${EXIT_STATUS_PIPE[2]}" PASS_PROMPT="The password you entered is incorrect. Please try again:" case $EXIT_STATUS_DIALOG in $DIALOG_CANCEL|$DIALOG_ESC) return 1 ;; esac done # keep sudo permission until script exits or permissions are revoked (e.g. when computer goes to sleep) while [ "$EXIT_SUDO_TEST" = "0" ]; do sudo -vn; EXIT_SUDO_TEST=$?; sleep 60; kill -0 "$PID" || exit; done &> /dev/null & fi return 0 } function get_list { SERVICE_NAME="status" ARGS="{ \"format\":\"$FORMAT\", \"service\":\"$SERVICE_NAME\" }" timeout --signal=SIGINT 10 curl -s -d "$ARGS" -X POST "$URL" > "/tmp/.eddie_server_list.txt" } function sort_list { # pipe server status list to awk, filter out unnecessary stuff, # combine lines that relate to same server into single lines which are saved as array, # loop through array to format info, # print array and sort according to options, # add numbers to list for menu LIST=$(awk -F '[.]' \ 'BEGIN{OFS=";"} \ /^servers/ && !/ip_/ && !/country_code/ {c=$2; \ if (c in servers) servers[c]=servers[c] OFS $3; \ else servers[c]=$3; \ for (k in servers) gsub(/;bw=/, " :", servers[k]); \ for (k in servers) gsub(/;bw_max=/, "/", servers[k]); \ for (k in servers) gsub(/;currentload=/, " :", servers[k]); \ for (k in servers) gsub(/;health=/, "%:", servers[k]); \ for (k in servers) gsub(/;.*=/, ":", servers[k]); \ for (k in servers) gsub(/^.*=/, "", servers[k])} \ END{ \ for (c in servers) print servers[c]}' "/tmp/.eddie_server_list.txt" | sort -t ":" $1 | awk -F '[;]' 'BEGIN{OFS=":"} {print v++";"$1}') } function get_userinfo { SERVICE_NAME="userinfo" ARGS="{ \"format\":\"$FORMAT\", \"service\":\"$SERVICE_NAME\", \"key\":\"$API_KEY\" }" # filter specific lines, save values to variables after protecting whitespace read U_LOGIN U_EXP U_CONNECTED U_DEVICE U_SERVER_NAME U_SERVER_COUNTRY U_SERVER_LOCATION U_TIME <<< $( \ timeout --signal=SIGINT 10 curl -s -d "$ARGS" -X POST "$URL" | \ awk -F '[=]' \ 'BEGIN{ORS=";"} \ /^user.login|^user.expiration_days|^user.connected|^sessions.*device_name|^connection.server_name|^connection.server_country=|^connection.server_location|^connection.connected_since_date/ \ {print $2}' | \ sed 's/\ /\\\ /g' | sed 's/;/\ /g' \ ) if [ "$U_CONNECTED" = "1" ] then U_CONNECTED="connected" U_SERVER_FULL="$U_SERVER_NAME ($U_SERVER_LOCATION, $U_SERVER_COUNTRY)" U_TIME=$(date -d "$U_TIME UTC" +"%m/%d/%Y %H:%M:%S") else U_CONNECTED="not connected" U_SERVER_FULL="--" U_TIME="--" fi } function connect_server { if [ "$KILLED" = "true" ] then # create pipes to process status of client if [ ! -p "/tmp/.eddie_fifo1" ] then mkfifo "/tmp/.eddie_fifo1" fi if [ ! -p "/tmp/.eddie_fifo2" ] then mkfifo "/tmp/.eddie_fifo2" fi # run eddie in background and detached from current window, pipe output to named pipe (sudo eddie-ui --cli --netlock --connect --server="$1" --profile="$PROFILE_PATH" | tee "/tmp/.eddie_fifo2" &> "/tmp/.eddie_fifo1" &) cat "/tmp/.eddie_fifo2" | dialog --backtitle "$BACKTITLE" --title "Connecting to AirVPN..." --progressbox 20 80 & timeout --signal=SIGINT 60 grep -q -m 1 "Initialization Sequence Completed" "/tmp/.eddie_fifo1" INIT_EXIT=$? pkill -f cat.*eddie_fifo2 if [ $INIT_EXIT = "0" ] then get_userinfo else U_CONNECTED="error during connection attempt" U_SERVER_FULL="--" U_TIME="--" fi else U_CONNECTED="error during disconnection" U_SERVER_FULL="--" U_TIME="--" fi } function disconnect_server { # check for running instance of eddie pgrep -f mono.*eddie-ui &> /dev/null if [ $? = 0 ] then # kill process and wait for confirmation from process output if [ -p "/tmp/.eddie_fifo1" -a -p "/tmp/.eddie_fifo2" ] then sudo pkill -2 -f mono.*eddie-ui & cat "/tmp/.eddie_fifo1" | dialog --backtitle "$BACKTITLE" --title "Disconnecting AirVPN..." --progressbox 20 80 & timeout --signal=SIGINT 10 grep -q -m 1 "Shutdown complete" "/tmp/.eddie_fifo2" else # in case connection was started without this script sudo pkill -2 -f mono.*eddie-ui sleep 5 fi # give some time to completely close process, without sleep it's too early for new connection sleep 3 pgrep -f mono.*eddie-ui &> /dev/null if [ $? = 1 ] then KILLED1="true" else KILLED1="false" fi else KILLED1="true" fi # check for running instance of openconnect pgrep -f "openconnect.*--" &> /dev/null if [ $? = 0 ] then sudo pkill -2 -f "openconnect.*--" sleep 1 pgrep -f "openconnect.*--" &> /dev/null if [ $? = 1 ] then KILLED2="true" # somehow openconnect doesn't receive SIGINT and shuts down improperly, # so vpnc can't restore resolv.conf by itself sudo cp "/var/run/vpnc/resolv.conf-backup" "/etc/resolv.conf" else KILLED2="false" fi else KILLED2="true" fi if [ "$KILLED1" = "true" -a "$KILLED2" = "true" ] then KILLED="true" else KILLED="false" fi } function define_lock { if [ "$1" = "activate" ] then GAUGE_TITLE="Activating Network Lock" RULE_ACTION="add-rule" elif [ "$1" = "deactivate" ] then GAUGE_TITLE="Deactivating Network Lock" RULE_ACTION="remove-rule" else return 1 fi GAUGE_BODY="$1" IPRULES=(\ #allow loopback "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter INPUT 0 -i lo -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 0 -o lo -j ACCEPT" \ #allow lan (out) and broadcasting/dhcp "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 0 -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter INPUT 0 -s 255.255.255.255 -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 0 -d 255.255.255.255 -j ACCEPT" \ # allow tun device to communicate (so any VPN connection should be possible, also without Air, but respective DNS requests must be allowed) "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter FORWARD 0 -o tun+ -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter FORWARD 0 -i tun+ -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 998 -o tun+ -j ACCEPT" \ # optional masquerade rule (NAT/ports) "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 nat POSTROUTING 0 -o tun+ -j MASQUERADE" \ # allow ipv4 only to airvpn.org for status update # allow DNS query to resolve hostname (hex string reads "06 airvpn 03 org" - numbers are counting bits), # restrict packet length to length of this specific request package (might change?) to avoid hijacking # of query (very unlikely I guess, but who cares if we're already being paranoid for the fun of it), # whitelist destination IP for TCP handshake "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 1 -p udp --dport 53 -m string --hex-string '|06 61697276706e 03 6f7267|' --algo bm -m length --length 0:126 -m recent --set -j ACCEPT" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 1 -p tcp --dport 53 -m string --hex-string '|06 61697276706e 03 6f7267|' --algo bm -m length --length 0:126 -m recent --set -j ACCEPT" \ # add rules for other domains you wish to allow DNS requests to here (packet length can be determined with e.g. wireshark) and adjust array index # # allow SYN request to whitelisted IP to initiate handshake, remove IP from whitelist "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 1 -p tcp --syn --dport 53 -m recent --remove -j ACCEPT" \ # allow outgoing connection to Air's IP "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 1 -d 5.196.64.52 -j ACCEPT" \ # add rules for other IPs you wish to allow connections to here # # allow communication "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter INPUT 1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT" \ # drop outgoing ipv4 (if not specifically allowed by other rules) "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter OUTPUT 999 -j DROP" \ # block incoming ipv4 "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv4 filter INPUT 999 -j DROP" \ # drop all ipv6 "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv6 filter OUTPUT 0 -j DROP" \ "sudo firewall-cmd --direct --permanent --$RULE_ACTION ipv6 filter INPUT 0 -j DROP" \ # reload and restart firewalld to activate permanent rule changes "sudo firewall-cmd --reload" \ "sudo systemctl restart firewalld"\ ) toggle_lock } function toggle_lock { PERCENTAGE_STEP=$(awk -v rules="${#IPRULES[@]}" 'BEGIN {print 100/rules}') PERCENTAGE=0 COUNTER=0 # initial window dialog --backtitle "$BACKTITLE" \ --title "$GAUGE_TITLE" \ --mixedgauge "Applying iptable rules to $GAUGE_BODY the default network lock..." 35 80 "$(awk -v per="$PERCENTAGE" 'BEGIN {printf "%.0f", per}')" \ "Allow Loopback IN" "${RESULT[0]}" \ "Allow Loopback OUT" "${RESULT[1]}" \ "Allow LAN OUT" "${RESULT[2]}" \ "Allow DHCP IN" "${RESULT[3]}" \ "Allow DHCP OUT" "${RESULT[4]}" \ "Allow tun out FORWARD" "${RESULT[5]}" \ "Allow tun in FORWARD" "${RESULT[6]}" \ "Allow tun out OUT" "${RESULT[7]}" \ "tun masquerade" "${RESULT[8]}" \ "Allow DNS via UDP to airvpn.org" "${RESULT[9]}" \ "Allow DNS via TCP to airvpn.org" "${RESULT[10]}" \ "Allow connection initiation" "${RESULT[11]}" \ "Allow traffic to airvpn.org" "${RESULT[12]}" \ "Allow established connections" "${RESULT[13]}" \ "Block IPv4 OUT" "${RESULT[14]}" \ "Block IPv4 IN" "${RESULT[15]}" \ "Block IPv6 OUT" "${RESULT[16]}" \ "Block IPv6 IN" "${RESULT[17]}" \ "activate changes" "${RESULT[18]}" \ "restart firewalld" "${RESULT[19]}" for i in "${IPRULES[@]}" do RESULT["$COUNTER"]=$(eval $i) (( COUNTER++ )) PERCENTAGE=$(awk -v per="$PERCENTAGE" -v per_step="$PERCENTAGE_STEP" 'BEGIN {print per+per_step}') # progress window dialog --backtitle "$BACKTITLE" \ --title "$GAUGE_TITLE" \ --mixedgauge "Applying iptable rules to $GAUGE_BODY the default network lock..." 35 80 "$(awk -v per="$PERCENTAGE" 'BEGIN {printf "%.0f", per}')" \ "Allow Loopback IN" "${RESULT[0]}" \ "Allow Loopback OUT" "${RESULT[1]}" \ "Allow LAN OUT" "${RESULT[2]}" \ "Allow DHCP IN" "${RESULT[3]}" \ "Allow DHCP OUT" "${RESULT[4]}" \ "Allow tun out FORWARD" "${RESULT[5]}" \ "Allow tun in FORWARD" "${RESULT[6]}" \ "Allow tun out OUT" "${RESULT[7]}" \ "tun masquerade" "${RESULT[8]}" \ "Allow DNS via UDP to airvpn.org" "${RESULT[9]}" \ "Allow DNS via TCP to airvpn.org" "${RESULT[10]}" \ "Allow connection initiation" "${RESULT[11]}" \ "Allow traffic to airvpn.org" "${RESULT[12]}" \ "Allow established connections" "${RESULT[13]}" \ "Block IPv4 OUT" "${RESULT[14]}" \ "Block IPv4 IN" "${RESULT[15]}" \ "Block IPv6 OUT" "${RESULT[16]}" \ "Block IPv6 IN" "${RESULT[17]}" \ "activate changes" "${RESULT[18]}" \ "restart firewalld" "${RESULT[19]}" done # final window to show results dialog --backtitle "$BACKTITLE" \ --title "$GAUGE_TITLE" \ --mixedgauge "Applying iptable rules to $GAUGE_BODY the default network lock..." 35 80 "$(awk -v per="$PERCENTAGE" 'BEGIN {printf "%.0f", per}')" \ "Allow Loopback IN" "${RESULT[0]}" \ "Allow Loopback OUT" "${RESULT[1]}" \ "Allow LAN OUT" "${RESULT[2]}" \ "Allow DHCP IN" "${RESULT[3]}" \ "Allow DHCP OUT" "${RESULT[4]}" \ "Allow tun out FORWARD" "${RESULT[5]}" \ "Allow tun in FORWARD" "${RESULT[6]}" \ "Allow tun out OUT" "${RESULT[7]}" \ "tun masquerade" "${RESULT[8]}" \ "Allow DNS via UDP to airvpn.org" "${RESULT[9]}" \ "Allow DNS via TCP to airvpn.org" "${RESULT[10]}" \ "Allow connection initiation" "${RESULT[11]}" \ "Allow traffic to airvpn.org" "${RESULT[12]}" \ "Allow established connections" "${RESULT[13]}" \ "Block IPv4 OUT" "${RESULT[14]}" \ "Block IPv4 IN" "${RESULT[15]}" \ "Block IPv6 OUT" "${RESULT[16]}" \ "Block IPv6 IN" "${RESULT[17]}" \ "activate changes" "${RESULT[18]}" \ "restart firewalld" "${RESULT[19]}" sleep 2 unset RESULT check_lock } function check_lock { # check for success (not really though, needs improvement) LOCK_RULES=$( sudo firewall-cmd --direct --permanent --get-all-rules | wc -l ) if [ "$LOCK_RULES" -gt 16 ] then LOCK_ACTIVE="active" else LOCK_ACTIVE="inactive" fi } function yesno { dialog \ --backtitle "$BACKTITLE" \ --title "$1" \ --clear \ --yesno "$2" \ $HEIGHT $WIDTH EXIT_STATUS=$? } check_sudo if [ $? = "1" ] then clear exit fi get_userinfo # if currently connected by openconnect, set status to unknown (connection could have been established outside of this script) pgrep openconnect &> /dev/null if [ $? = 0 ] then U_CONNECTED="connected (openconnect)" U_SERVER_FULL="unknown" U_TIME="unknown" fi check_lock while true; do exec 3>&1 selection=$(dialog \ --cr-wrap \ --backtitle "$BACKTITLE" \ --title "Main Menu" \ --clear \ --cancel-label "Quit" \ --menu "This is a control script for VPN connections, primarily for Eddie, the AirVPN client.\nThis script can be exited and re-entered without affecting a running connection.\n\nUser: $U_LOGIN\nDays Until Expiration: $U_EXP\n\nDefault Network Lock: $LOCK_ACTIVE\n\nStatus: $U_CONNECTED\nServer: $U_SERVER_FULL\nConnected Since: $U_TIME\n\nPlease select one of the following options:" $HEIGHT $WIDTH 6 \ "0" "Connect to Recommended Server" \ "1" "Connect to Specific Server" \ "2" "Connect via openconnect" \ "3" "Disconnect" \ "4" "Refresh User Info" \ "5" "Toggle Default Network Lock" \ 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) yesno "Quit" "Exit Script?" case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) break ;; esac ;; esac case $selection in 0 ) check_sudo if [ $? = "0" ] then disconnect_server connect_server "" fi ;; 1 ) while true; do exec 3>&1 SERVER_SORT=$(dialog \ --backtitle "$BACKTITLE" \ --title "Sort Server List" \ --no-collapse \ --ok-label "sort ascending" \ --extra-button \ --extra-label "sort descending" \ --menu "Please choose how you want to sort the server list." \ 14 0 7 \ "1" "Name" \ "2" "Country" \ "3" "Location" \ "4" "Continent" \ "5" "Bandwidth" \ "6" "Users" \ "7" "Load" \ 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) break ;; $DIALOG_EXTRA) SERVER_SORT_OPTION="r" ;; $DIALOG_OK) SERVER_SORT_OPTION="" ;; esac if [ "$SERVER_SORT" = "5" -o "$SERVER_SORT" = "6" -o "$SERVER_SORT" = "7" ] then SERVER_NUM_OPTION="n" else SERVER_NUM_OPTION="" fi if [ ! -f "/tmp/.eddie_server_list.txt" ] then get_list fi while true do sort_list "-k$SERVER_SORT,$SERVER_SORT$SERVER_SORT_OPTION$SERVER_NUM_OPTION" IFS=$';\n' exec 3>&1 SERVER_NMBR=$(dialog \ --backtitle "$BACKTITLE" \ --title "Server List" \ --colors \ --no-collapse \ --extra-button \ --extra-label "Refresh List" \ --column-separator ":" \ --menu "Choose a server from the list to connect to it. (Press ESC to go back.)\n\n\Zb # Name Country Location Continent Bandwidth Users Load Health\ZB" \ 40 102 31 $LIST 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- IFS=$' \t\n' case $EXIT_STATUS in $DIALOG_CANCEL) break 2 ;; $DIALOG_ESC) break ;; $DIALOG_EXTRA) get_list ;; $DIALOG_OK) check_sudo if [ $? = "0" ] then SELECTED_SERVER=$(printf -- '%s\n' "${LIST[@]}" | grep "^$SERVER_NMBR;" | cut -d ";" -f 2 | cut -d ":" -f 1) disconnect_server connect_server "$SELECTED_SERVER" break 2 fi ;; esac done done ;; 2 ) exec 3>&1 # adjust field lengths if necessary CONNECT_INFO=$(dialog \ --backtitle "$BACKTITLE" \ --title "VPN via openconnect" \ --insecure \ --mixedform "Please provide your login credentials to connect to a VPN via openconnect:\n(Leave unneeded fields blank and type options as in command line, separated by space.)" $HEIGHT $WIDTH 6 \ "Server:" 1 1 "" 1 21 25 0 0 \ "Group:" 2 1 "" 2 21 25 0 0 \ "User:" 3 1 "" 3 21 25 0 0 \ "Password:" 4 1 "" 4 21 25 0 1 \ "Additional Options:" 5 1 "" 5 21 25 0 0 \ 2>&1 1>&3) EXIT_STATUS=$? exec 3>&- case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) check_sudo if [ $? = "0" ] then disconnect_server if [ "$KILLED" = "true" ] then if [ ! -p "/tmp/.eddie_fifo1" ] then mkfifo "/tmp/.eddie_fifo1" fi ALT_SERVER=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 1) ALT_GROUP=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 2) ALT_USER=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 3) ALT_PASS=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 4) ALT_OPTS=$(echo -n "$CONNECT_INFO" | cut -d$'\n' -f 5) echo "$ALT_PASS" | (sudo openconnect $ALT_OPTS --authgroup=$ALT_GROUP --user=$ALT_USER --passwd-on-stdin $ALT_SERVER &> "/tmp/.eddie_fifo1" &) timeout --signal=SIGINT 3 cat "/tmp/.eddie_fifo1" | dialog --backtitle "$BACKTITLE" --title "Connecting via openconnect..." --timeout 5 --programbox 20 80 U_CONNECTED="connected" U_SERVER_FULL="$ALT_SERVER" U_TIME=$(date +"%m/%d/%Y %H:%M:%S") else U_CONNECTED="error during disconnection" U_SERVER_FULL="--" U_TIME="--" fi fi ;; esac ;; 3 ) check_sudo if [ $? = "0" ] then disconnect_server if [ "$KILLED" = "true" ] then get_userinfo else U_CONNECTED="error during disconnection" U_SERVER_FULL="--" U_TIME="--" fi if [ -p "/tmp/.eddie_fifo1" ] then rm "/tmp/.eddie_fifo1" fi if [ -p "/tmp/.eddie_fifo2" ] then rm "/tmp/.eddie_fifo2" fi fi ;; 4 ) get_userinfo ;; 5 ) pgrep -f mono.*eddie-ui &> /dev/null if [ $? = 0 ] then dialog --backtitle "$BACKTITLE" --title "Toggle Network Lock" --timeout 3 --msgbox "You need to be disconnected to change network traffic rules." 10 35 else if [ "$LOCK_ACTIVE" = "inactive" ] then yesno "Toggle Network Lock" "Are you sure you want to activate the default network lock and block all connections while not connected to (any) VPN?" case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) check_sudo if [ $? = "0" ] then define_lock "activate" fi ;; esac else yesno "Toggle Network Lock" "Are you sure you want to deactivate the default network lock and allow all connections, even when not connected to a VPN?" case $EXIT_STATUS in $DIALOG_CANCEL|$DIALOG_ESC) ;; $DIALOG_OK) check_sudo if [ $? = "0" ] then define_lock "deactivate" fi ;; esac fi fi ;; esac done clear
  9. Hi. Before activating "Network Lock" i was able to manage my Mac mini from my MacBook Air (Screen sharing - Remote management) However when I activate "Network Lock" option i completly lose access, no matters if whitelist localhost, 0.0.0.0 or my local network, is there any solution for this? Thanks
  10. Hello, So here is my predicament. I have a cloud machine (dedicated machine in a 3rd party facility somewhere in the world). This machine runs macOS and I connect to it using VNC to run some software that is macOS-only. Now, when I use the browser while VNC'ed in this machine I don't want its real location to be known by the websites I visit. For that reason I put it behind VPN (VNC ports are forwarded of course so I can connect to the machine while it is in VPN.). I would like to activate the network lock feature so if AirVPN disconnects for some reason while I'm browsing the real IP is not leaked. However, I'm concerned that, if AirVPN disconnects and cannot reconnect for some reason, I will in fact loose all connection *into* this machine. It will be completely unreachable. So, I was thinking I could allow some ports (VNC port, SSH port) through the network lock (i.e. not going through the tunnel). This is OK for me since I mostly care about the browser not leaking the real IP to the websites I visit. How can I achieve this using the Eddie client? Is it possible at all? Thanks in advance!
  11. I'm sorry if I say anything stupid here I'm not claiming to know anything except that network lock is enabled, my DNS servers and ipv4 settings are on airvpns reccomended, and I still get webRTC leaks. See attached image below for an example of ipleak test on mozilla. Same results show on Chrome. Only setting I changed from default was what I saw in another forum to fix a problem where once network locked you were permanently stuck checking ipv6 unable to connect. https://airvpn.org/topic/28749-eddie-problems-wont-connect-keeps-dropping/Posted 12 July 2018 - 06:26 AM UPDATE: If anyone is having an issue with IPv6 check hanging during scanning try this (Support guys advised solution and it works for me ) In Eddie "Preferences" > "Networking" set: Layer IPv4: Inside Tunnel Layer IPv6: Blocked (HERE IS THE DIFFERENCE) Protocol used for connection: IPv4 only (another difference) Click "Save" to save the changes and test again. I'm not sure how bad webRTC leaks are and I would also like to ask if my ISP can find my torrents since I just noticed this, been torrenting for half an hour thought network lock would have made that ok but now I'm worred as I am one strike away from my service being terminated. I am aware that you can disable this in browser, but if browsers can see my personal info and location here it makes me nervous ISP can as well. I'm using windows 7 Home Premium and the only virus protection I have is windows defender. Logs here Eddie System/Environment Report - 9/26/2018 2:29 AM UTC Eddie version: 2.16.3 Eddie OS build: windows_x64 Eddie architecture: x64 OS type: Windows OS name: Windows 7 Home Premium OS version: Microsoft Windows NT 6.1.7601 Service Pack 1 OS architecture: x64 Mono /.Net Framework: v2.0.50727 OpenVPN driver: TAP-Windows Adapter V9, version 9.21.2 OpenVPN: 2.4.6 - OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10 (C:\Program Files\AirVPN\openvpn.exe) SSH: plink 0.67 (C:\Program Files\AirVPN\plink.exe) SSL: stunnel 5.40 (C:\Program Files\AirVPN\stunnel.exe) curl: 7.54.1 (C:\Program Files\AirVPN\curl.exe) Profile path: C:\Users\brettwardo\AppData\Local\AirVPN\default.xml Data path: C:\Users\brettwardo\AppData\Local\AirVPN Application path: C:\Program Files\AirVPN Executable path: C:\Program Files\AirVPN\Eddie-UI.exe Command line arguments: (1 args) path="home" Network Lock Active: Yes, Windows Filtering Platform Connected to VPN: Yes, Lesath Detected DNS: 10.20.228.1, 10.4.0.1, 10.5.0.1, 2607:f428:ffff:ffff::1, 2607:f428:ffff:ffff::2 Test DNS IPv4: Ok Test DNS IPv6: Failed Test Ping IPv4: 54 ms Test Ping IPv6: -1 ms Test HTTP IPv4: Ok Test HTTP IPv6: Error:curl: (7) Failed to connect to ipv6.eddie.website port 80: Bad access Test HTTPS: Ok ---------------------------- Important options not at defaults: login: (omissis) password: (omissis) remember: True network.entry.iplayer: ipv4-only network.ipv6.mode: block ---------------------------- Logs: . 2018.09.25 21:14:24 - Eddie version: 2.16.3 / windows_x64, System: Windows, Name: Windows 7 Home Premium, Version: Microsoft Windows NT 6.1.7601 Service Pack 1, Mono/.Net: v2.0.50727 . 2018.09.25 21:14:24 - Reading options from C:\Users\brettwardo\AppData\Local\AirVPN\default.xml . 2018.09.25 21:14:24 - Command line arguments (1): path="home" . 2018.09.25 21:14:24 - Profile path: C:\Users\brettwardo\AppData\Local\AirVPN\default.xml . 2018.09.25 21:14:26 - OpenVPN Driver - TAP-Windows Adapter V9, version 9.21.2 . 2018.09.25 21:14:26 - OpenVPN - Version: 2.4.6 - OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10 (C:\Program Files\AirVPN\openvpn.exe) . 2018.09.25 21:14:26 - SSH - Version: plink 0.67 (C:\Program Files\AirVPN\plink.exe) . 2018.09.25 21:14:26 - SSL - Version: stunnel 5.40 (C:\Program Files\AirVPN\stunnel.exe) . 2018.09.25 21:14:26 - curl - Version: 7.54.1 (C:\Program Files\AirVPN\curl.exe) . 2018.09.25 21:14:26 - Certification Authorities: C:\Program Files\AirVPN\res\cacert.pem . 2018.09.25 21:14:26 - Updating systems & servers data ... I 2018.09.25 21:14:27 - Ready . 2018.09.25 21:14:27 - Systems & servers data update completed ! 2018.09.25 21:14:33 - Activation of Network Lock - Windows Filtering Platform I 2018.09.25 21:14:34 - Session starting. I 2018.09.25 21:14:34 - Checking authorization ... . 2018.09.25 21:14:35 - IPv6 disabled with packet filtering. ! 2018.09.25 21:14:35 - Connecting to Grumium (Canada, Toronto, Ontario) . 2018.09.25 21:14:35 - OpenVPN > OpenVPN 2.4.6 x86_64-w64-mingw32 [sSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 27 2018 . 2018.09.25 21:14:35 - OpenVPN > Windows version 6.1 (Windows 7) 64bit . 2018.09.25 21:14:35 - OpenVPN > library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10 . 2018.09.25 21:14:35 - Connection to OpenVPN Management Interface . 2018.09.25 21:14:35 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2018.09.25 21:14:35 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2018.09.25 21:14:35 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2018.09.25 21:14:35 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]199.19.95.187:443 . 2018.09.25 21:14:35 - OpenVPN > Socket Buffers: R=[8192->262144] S=[8192->262144] . 2018.09.25 21:14:35 - OpenVPN > UDP link local: (not bound) . 2018.09.25 21:14:35 - OpenVPN > UDP link remote: [AF_INET]199.19.95.187:443 . 2018.09.25 21:14:35 - OpenVPN > TLS: Initial packet from [AF_INET]199.19.95.187:443, sid=e36f7027 601fd48a . 2018.09.25 21:14:35 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3100 . 2018.09.25 21:14:35 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2018.09.25 21:14:35 - OpenVPN > VERIFY KU OK . 2018.09.25 21:14:35 - OpenVPN > Validating certificate extended key usage . 2018.09.25 21:14:35 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2018.09.25 21:14:35 - OpenVPN > VERIFY EKU OK . 2018.09.25 21:14:35 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Grumium, emailAddress=info@airvpn.org . 2018.09.25 21:14:35 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA . 2018.09.25 21:14:35 - OpenVPN > [Grumium] Peer Connection Initiated with [AF_INET]199.19.95.187:443 . 2018.09.25 21:14:36 - OpenVPN > SENT CONTROL [Grumium]: 'PUSH_REQUEST' (status=1) . 2018.09.25 21:14:36 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.18.36.1,dhcp-option DNS6 fde6:7a:7d20:e24::1,tun-ipv6,route-gateway 10.18.36.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:e24::10d5/64 fde6:7a:7d20:e24::1,ifconfig 10.18.36.215 255.255.255.0,peer-id 10,cipher AES-256-GCM' . 2018.09.25 21:14:36 - OpenVPN > Pushed option removed by filter: 'redirect-gateway ipv6 def1 bypass-dhcp' . 2018.09.25 21:14:36 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS6 fde6:7a:7d20:e24::1' . 2018.09.25 21:14:36 - OpenVPN > Pushed option removed by filter: 'tun-ipv6' . 2018.09.25 21:14:36 - OpenVPN > Pushed option removed by filter: 'ifconfig-ipv6 fde6:7a:7d20:e24::10d5/64 fde6:7a:7d20:e24::1' . 2018.09.25 21:14:36 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified . 2018.09.25 21:14:36 - OpenVPN > OPTIONS IMPORT: compression parms modified . 2018.09.25 21:14:36 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified . 2018.09.25 21:14:36 - OpenVPN > OPTIONS IMPORT: route-related options modified . 2018.09.25 21:14:36 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified . 2018.09.25 21:14:36 - OpenVPN > OPTIONS IMPORT: peer-id set . 2018.09.25 21:14:36 - OpenVPN > OPTIONS IMPORT: adjusting link_mtu to 1625 . 2018.09.25 21:14:36 - OpenVPN > OPTIONS IMPORT: data channel crypto options modified . 2018.09.25 21:14:36 - OpenVPN > Data Channel: using negotiated cipher 'AES-256-GCM' . 2018.09.25 21:14:36 - OpenVPN > Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key . 2018.09.25 21:14:36 - OpenVPN > Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key . 2018.09.25 21:14:36 - OpenVPN > interactive service msg_channel=0 . 2018.09.25 21:14:36 - OpenVPN > ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=14 HWADDR=44:94:fc:f1:19:cf . 2018.09.25 21:14:36 - OpenVPN > open_tun . 2018.09.25 21:14:36 - OpenVPN > TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{3C87471E-B44B-4746-949C-C8101ADDA671}.tap . 2018.09.25 21:14:36 - OpenVPN > TAP-Windows Driver Version 9.21 . 2018.09.25 21:14:36 - OpenVPN > Set TAP-Windows TUN subnet mode network/local/netmask = 10.18.36.0/10.18.36.215/255.255.255.0 [sUCCEEDED] . 2018.09.25 21:14:36 - OpenVPN > Notified TAP-Windows driver to set a DHCP IP/netmask of 10.18.36.215/255.255.255.0 on interface {3C87471E-B44B-4746-949C-C8101ADDA671} [DHCP-serv: 10.18.36.254, lease-time: 31536000] . 2018.09.25 21:14:36 - OpenVPN > Successful ARP Flush on interface [26] {3C87471E-B44B-4746-949C-C8101ADDA671} . 2018.09.25 21:14:36 - OpenVPN > do_ifconfig, tt->did_ifconfig_ipv6_setup=0 . 2018.09.25 21:14:41 - OpenVPN > TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up . 2018.09.25 21:14:41 - OpenVPN > C:\Windows\system32\route.exe ADD 199.19.95.187 MASK 255.255.255.255 192.168.1.1 . 2018.09.25 21:14:41 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4 . 2018.09.25 21:14:41 - OpenVPN > Route addition via IPAPI succeeded [adaptive] . 2018.09.25 21:14:41 - OpenVPN > C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.18.36.1 . 2018.09.25 21:14:41 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4 . 2018.09.25 21:14:41 - OpenVPN > Route addition via IPAPI succeeded [adaptive] . 2018.09.25 21:14:41 - OpenVPN > C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.18.36.1 . 2018.09.25 21:14:41 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4 . 2018.09.25 21:14:41 - OpenVPN > Route addition via IPAPI succeeded [adaptive] . 2018.09.25 21:14:41 - Interface Local Area Connection 2 metric changed from Automatic to 3, layer IPv4 . 2018.09.25 21:14:41 - Interface Local Area Connection 2 metric changed from Automatic to 3, layer IPv6 . 2018.09.25 21:14:41 - DNS leak protection with packet filtering enabled. . 2018.09.25 21:14:41 - DNS IPv4 of a network adapter forced (Local Area Connection 2, from automatic to 10.18.36.1) . 2018.09.25 21:14:41 - Routes, added a new route, 199.19.95.188 for gateway 10.18.36.1 . 2018.09.25 21:14:41 - Unable to compute route for 2604:6880:c713:5fbb:d656:d7e2:835e:6be2: IPv6 VPN gateway not available. . 2018.09.25 21:14:41 - Flushing DNS I 2018.09.25 21:14:47 - Checking route IPv4 I 2018.09.25 21:14:47 - Checking DNS ! 2018.09.25 21:14:48 - Connected. . 2018.09.25 21:14:48 - OpenVPN > Initialization Sequence Completed . 2018.09.25 21:24:27 - Updating systems & servers data ... . 2018.09.25 21:24:29 - Systems & servers data update completed . 2018.09.25 21:24:52 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #109931 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings . 2018.09.25 21:34:29 - Above log line repeated 13 times more . 2018.09.25 21:34:29 - Updating systems & servers data ... . 2018.09.25 21:34:34 - Systems & servers data update completed . 2018.09.25 21:36:10 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #711050 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings . 2018.09.25 21:42:30 - Above log line repeated 4 times more ! 2018.09.25 21:42:30 - Disconnecting . 2018.09.25 21:42:30 - Routes, removed a route previously added, 199.19.95.188 for gateway 10.18.36.1 . 2018.09.25 21:42:30 - Sending management termination signal . 2018.09.25 21:42:30 - Management - Send 'signal SIGTERM' . 2018.09.25 21:42:30 - OpenVPN > MANAGEMENT: CMD 'signal SIGTERM' . 2018.09.25 21:42:30 - OpenVPN > SIGTERM received, sending exit notification to peer . 2018.09.25 21:42:35 - OpenVPN > C:\Windows\system32\route.exe DELETE 199.19.95.187 MASK 255.255.255.255 192.168.1.1 . 2018.09.25 21:42:35 - OpenVPN > Route deletion via IPAPI succeeded [adaptive] . 2018.09.25 21:42:35 - OpenVPN > C:\Windows\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.18.36.1 . 2018.09.25 21:42:35 - OpenVPN > Route deletion via IPAPI succeeded [adaptive] . 2018.09.25 21:42:35 - OpenVPN > C:\Windows\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.18.36.1 . 2018.09.25 21:42:35 - OpenVPN > Route deletion via IPAPI succeeded [adaptive] . 2018.09.25 21:42:35 - OpenVPN > Closing TUN/TAP interface . 2018.09.25 21:42:35 - OpenVPN > TAP: DHCP address released . 2018.09.25 21:42:35 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting . 2018.09.25 21:42:35 - Connection terminated. . 2018.09.25 21:42:35 - IPv6 restored with packet filtering. . 2018.09.25 21:42:35 - DNS IPv4 of a network adapter restored to original settings (Local Area Connection 2, to automatic) . 2018.09.25 21:42:35 - DNS leak protection with packet filtering disabled. . 2018.09.25 21:42:35 - Interface Local Area Connection 2 metric restored from 3 to Automatic, layer IPv4 . 2018.09.25 21:42:35 - Interface Local Area Connection 2 metric restored from 3 to Automatic, layer IPv6 . 2018.09.25 21:42:35 - Flushing DNS ! 2018.09.25 21:42:41 - Session terminated. ! 2018.09.25 21:42:48 - Deactivation of Network Lock ! 2018.09.25 21:44:15 - Activation of Network Lock - Windows Filtering Platform I 2018.09.25 21:44:16 - Session starting. I 2018.09.25 21:44:16 - Checking authorization ... . 2018.09.25 21:44:17 - IPv6 disabled with packet filtering. ! 2018.09.25 21:44:17 - Connecting to Sualocin (Canada, Toronto, Ontario) . 2018.09.25 21:44:17 - OpenVPN > OpenVPN 2.4.6 x86_64-w64-mingw32 [sSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 27 2018 . 2018.09.25 21:44:17 - OpenVPN > Windows version 6.1 (Windows 7) 64bit . 2018.09.25 21:44:17 - OpenVPN > library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10 . 2018.09.25 21:44:17 - Connection to OpenVPN Management Interface . 2018.09.25 21:44:17 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2018.09.25 21:44:17 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2018.09.25 21:44:17 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2018.09.25 21:44:17 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]184.75.221.42:443 . 2018.09.25 21:44:17 - OpenVPN > Socket Buffers: R=[8192->262144] S=[8192->262144] . 2018.09.25 21:44:17 - OpenVPN > UDP link local: (not bound) . 2018.09.25 21:44:17 - OpenVPN > UDP link remote: [AF_INET]184.75.221.42:443 . 2018.09.25 21:44:17 - OpenVPN > TLS: Initial packet from [AF_INET]184.75.221.42:443, sid=16fb3226 abdc439b . 2018.09.25 21:44:17 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3100 . 2018.09.25 21:44:17 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2018.09.25 21:44:17 - OpenVPN > VERIFY KU OK . 2018.09.25 21:44:17 - OpenVPN > Validating certificate extended key usage . 2018.09.25 21:44:17 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2018.09.25 21:44:17 - OpenVPN > VERIFY EKU OK . 2018.09.25 21:44:17 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Sualocin, emailAddress=info@airvpn.org . 2018.09.25 21:44:17 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA . 2018.09.25 21:44:17 - OpenVPN > [sualocin] Peer Connection Initiated with [AF_INET]184.75.221.42:443 . 2018.09.25 21:44:18 - OpenVPN > SENT CONTROL [sualocin]: 'PUSH_REQUEST' (status=1) . 2018.09.25 21:44:18 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.30.196.1,dhcp-option DNS6 fde6:7a:7d20:1ac4::1,tun-ipv6,route-gateway 10.30.196.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:1ac4::1023/64 fde6:7a:7d20:1ac4::1,ifconfig 10.30.196.37 255.255.255.0,peer-id 0,cipher AES-256-GCM' . 2018.09.25 21:44:18 - OpenVPN > Pushed option removed by filter: 'redirect-gateway ipv6 def1 bypass-dhcp' . 2018.09.25 21:44:18 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS6 fde6:7a:7d20:1ac4::1' . 2018.09.25 21:44:18 - OpenVPN > Pushed option removed by filter: 'tun-ipv6' . 2018.09.25 21:44:18 - OpenVPN > Pushed option removed by filter: 'ifconfig-ipv6 fde6:7a:7d20:1ac4::1023/64 fde6:7a:7d20:1ac4::1' . 2018.09.25 21:44:18 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified . 2018.09.25 21:44:18 - OpenVPN > OPTIONS IMPORT: compression parms modified . 2018.09.25 21:44:18 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified . 2018.09.25 21:44:18 - OpenVPN > OPTIONS IMPORT: route-related options modified . 2018.09.25 21:44:18 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified . 2018.09.25 21:44:18 - OpenVPN > OPTIONS IMPORT: peer-id set . 2018.09.25 21:44:18 - OpenVPN > OPTIONS IMPORT: adjusting link_mtu to 1625 . 2018.09.25 21:44:18 - OpenVPN > OPTIONS IMPORT: data channel crypto options modified . 2018.09.25 21:44:18 - OpenVPN > Data Channel: using negotiated cipher 'AES-256-GCM' . 2018.09.25 21:44:18 - OpenVPN > Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key . 2018.09.25 21:44:18 - OpenVPN > Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key . 2018.09.25 21:44:18 - OpenVPN > interactive service msg_channel=0 . 2018.09.25 21:44:18 - OpenVPN > ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=14 HWADDR=44:94:fc:f1:19:cf . 2018.09.25 21:44:18 - OpenVPN > open_tun . 2018.09.25 21:44:18 - OpenVPN > TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{3C87471E-B44B-4746-949C-C8101ADDA671}.tap . 2018.09.25 21:44:18 - OpenVPN > TAP-Windows Driver Version 9.21 . 2018.09.25 21:44:18 - OpenVPN > Set TAP-Windows TUN subnet mode network/local/netmask = 10.30.196.0/10.30.196.37/255.255.255.0 [sUCCEEDED] . 2018.09.25 21:44:18 - OpenVPN > Notified TAP-Windows driver to set a DHCP IP/netmask of 10.30.196.37/255.255.255.0 on interface {3C87471E-B44B-4746-949C-C8101ADDA671} [DHCP-serv: 10.30.196.254, lease-time: 31536000] . 2018.09.25 21:44:18 - OpenVPN > Successful ARP Flush on interface [26] {3C87471E-B44B-4746-949C-C8101ADDA671} . 2018.09.25 21:44:18 - OpenVPN > do_ifconfig, tt->did_ifconfig_ipv6_setup=0 . 2018.09.25 21:44:23 - OpenVPN > TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up . 2018.09.25 21:44:23 - OpenVPN > C:\Windows\system32\route.exe ADD 184.75.221.42 MASK 255.255.255.255 192.168.1.1 . 2018.09.25 21:44:23 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4 . 2018.09.25 21:44:23 - OpenVPN > Route addition via IPAPI succeeded [adaptive] . 2018.09.25 21:44:23 - OpenVPN > C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.30.196.1 . 2018.09.25 21:44:23 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4 . 2018.09.25 21:44:23 - OpenVPN > Route addition via IPAPI succeeded [adaptive] . 2018.09.25 21:44:23 - OpenVPN > C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.30.196.1 . 2018.09.25 21:44:23 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4 . 2018.09.25 21:44:23 - OpenVPN > Route addition via IPAPI succeeded [adaptive] . 2018.09.25 21:44:23 - Interface Local Area Connection 2 metric changed from Automatic to 3, layer IPv4 . 2018.09.25 21:44:23 - Interface Local Area Connection 2 metric changed from Automatic to 3, layer IPv6 . 2018.09.25 21:44:23 - DNS leak protection with packet filtering enabled. . 2018.09.25 21:44:23 - DNS IPv4 of a network adapter forced (Local Area Connection 2, from automatic to 10.30.196.1) . 2018.09.25 21:44:23 - Routes, added a new route, 184.75.221.43 for gateway 10.30.196.1 . 2018.09.25 21:44:23 - Unable to compute route for 2606:6080:1001:f:ed79:9361:ea0e:3e88: IPv6 VPN gateway not available. . 2018.09.25 21:44:23 - Flushing DNS I 2018.09.25 21:44:29 - Checking route IPv4 I 2018.09.25 21:44:30 - Checking DNS ! 2018.09.25 21:44:30 - Connected. . 2018.09.25 21:44:30 - OpenVPN > Initialization Sequence Completed . 2018.09.25 21:44:34 - Updating systems & servers data ... . 2018.09.25 21:44:36 - Systems & servers data update completed . 2018.09.25 21:45:46 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #40969 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings . 2018.09.25 21:54:36 - Above log line repeated 16 times more . 2018.09.25 21:54:36 - Updating systems & servers data ... . 2018.09.25 21:54:38 - Systems & servers data update completed . 2018.09.25 22:00:07 - OpenVPN > write UDP: Unknown error (code=10065) . 2018.09.25 22:00:46 - Above log line repeated 45 times more ! 2018.09.25 22:00:46 - Disconnecting . 2018.09.25 22:00:46 - Routes, removed a route previously added, 184.75.221.43 for gateway 10.30.196.1 . 2018.09.25 22:00:46 - Sending management termination signal . 2018.09.25 22:00:46 - Management - Send 'signal SIGTERM' . 2018.09.25 22:00:46 - OpenVPN > MANAGEMENT: CMD 'signal SIGTERM' . 2018.09.25 22:00:46 - OpenVPN > SIGTERM received, sending exit notification to peer . 2018.09.25 22:00:51 - OpenVPN > C:\Windows\system32\route.exe DELETE 184.75.221.42 MASK 255.255.255.255 192.168.1.1 . 2018.09.25 22:00:51 - OpenVPN > Route deletion via IPAPI succeeded [adaptive] . 2018.09.25 22:00:51 - OpenVPN > C:\Windows\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.30.196.1 . 2018.09.25 22:00:51 - OpenVPN > Route deletion via IPAPI succeeded [adaptive] . 2018.09.25 22:00:51 - OpenVPN > C:\Windows\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.30.196.1 . 2018.09.25 22:00:51 - OpenVPN > Route deletion via IPAPI succeeded [adaptive] . 2018.09.25 22:00:51 - OpenVPN > Closing TUN/TAP interface . 2018.09.25 22:00:51 - OpenVPN > TAP: DHCP address released . 2018.09.25 22:00:51 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting . 2018.09.25 22:00:51 - Connection terminated. . 2018.09.25 22:00:51 - IPv6 restored with packet filtering. . 2018.09.25 22:00:51 - DNS IPv4 of a network adapter restored to original settings (Local Area Connection 2, to automatic) . 2018.09.25 22:00:51 - DNS leak protection with packet filtering disabled. . 2018.09.25 22:00:51 - Interface Local Area Connection 2 metric restored from 3 to Automatic, layer IPv4 . 2018.09.25 22:00:51 - Interface Local Area Connection 2 metric restored from 3 to Automatic, layer IPv6 . 2018.09.25 22:00:51 - Flushing DNS ! 2018.09.25 22:00:57 - Session terminated. ! 2018.09.25 22:01:19 - Deactivation of Network Lock ! 2018.09.25 22:01:21 - Activation of Network Lock - Windows Filtering Platform I 2018.09.25 22:01:23 - Session starting. I 2018.09.25 22:01:23 - Checking authorization ... . 2018.09.25 22:01:23 - IPv6 disabled with packet filtering. ! 2018.09.25 22:01:23 - Connecting to Lesath (Canada, Toronto, Ontario) . 2018.09.25 22:01:23 - OpenVPN > OpenVPN 2.4.6 x86_64-w64-mingw32 [sSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 27 2018 . 2018.09.25 22:01:23 - OpenVPN > Windows version 6.1 (Windows 7) 64bit . 2018.09.25 22:01:23 - OpenVPN > library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10 . 2018.09.25 22:01:23 - Connection to OpenVPN Management Interface . 2018.09.25 22:01:23 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2018.09.25 22:01:23 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2018.09.25 22:01:23 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2018.09.25 22:01:23 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]184.75.221.2:443 . 2018.09.25 22:01:23 - OpenVPN > Socket Buffers: R=[8192->262144] S=[8192->262144] . 2018.09.25 22:01:23 - OpenVPN > UDP link local: (not bound) . 2018.09.25 22:01:23 - OpenVPN > UDP link remote: [AF_INET]184.75.221.2:443 . 2018.09.25 22:01:23 - OpenVPN > TLS: Initial packet from [AF_INET]184.75.221.2:443, sid=99f7cc86 7b2ab3a7 . 2018.09.25 22:01:23 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3100 . 2018.09.25 22:01:23 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2018.09.25 22:01:23 - OpenVPN > VERIFY KU OK . 2018.09.25 22:01:23 - OpenVPN > Validating certificate extended key usage . 2018.09.25 22:01:23 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2018.09.25 22:01:23 - OpenVPN > VERIFY EKU OK . 2018.09.25 22:01:23 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Lesath, emailAddress=info@airvpn.org . 2018.09.25 22:01:24 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA . 2018.09.25 22:01:24 - OpenVPN > [Lesath] Peer Connection Initiated with [AF_INET]184.75.221.2:443 . 2018.09.25 22:01:25 - OpenVPN > SENT CONTROL [Lesath]: 'PUSH_REQUEST' (status=1) . 2018.09.25 22:01:25 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.20.228.1,dhcp-option DNS6 fde6:7a:7d20:10e4::1,tun-ipv6,route-gateway 10.20.228.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:10e4::10c4/64 fde6:7a:7d20:10e4::1,ifconfig 10.20.228.198 255.255.255.0,peer-id 5,cipher AES-256-GCM' . 2018.09.25 22:01:25 - OpenVPN > Pushed option removed by filter: 'redirect-gateway ipv6 def1 bypass-dhcp' . 2018.09.25 22:01:25 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS6 fde6:7a:7d20:10e4::1' . 2018.09.25 22:01:25 - OpenVPN > Pushed option removed by filter: 'tun-ipv6' . 2018.09.25 22:01:25 - OpenVPN > Pushed option removed by filter: 'ifconfig-ipv6 fde6:7a:7d20:10e4::10c4/64 fde6:7a:7d20:10e4::1' . 2018.09.25 22:01:25 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified . 2018.09.25 22:01:25 - OpenVPN > OPTIONS IMPORT: compression parms modified . 2018.09.25 22:01:25 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified . 2018.09.25 22:01:25 - OpenVPN > OPTIONS IMPORT: route-related options modified . 2018.09.25 22:01:25 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified . 2018.09.25 22:01:25 - OpenVPN > OPTIONS IMPORT: peer-id set . 2018.09.25 22:01:25 - OpenVPN > OPTIONS IMPORT: adjusting link_mtu to 1625 . 2018.09.25 22:01:25 - OpenVPN > OPTIONS IMPORT: data channel crypto options modified . 2018.09.25 22:01:25 - OpenVPN > Data Channel: using negotiated cipher 'AES-256-GCM' . 2018.09.25 22:01:25 - OpenVPN > Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key . 2018.09.25 22:01:25 - OpenVPN > Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key . 2018.09.25 22:01:25 - OpenVPN > interactive service msg_channel=0 . 2018.09.25 22:01:25 - OpenVPN > ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=14 HWADDR=44:94:fc:f1:19:cf . 2018.09.25 22:01:25 - OpenVPN > open_tun . 2018.09.25 22:01:25 - OpenVPN > TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{3C87471E-B44B-4746-949C-C8101ADDA671}.tap . 2018.09.25 22:01:25 - OpenVPN > TAP-Windows Driver Version 9.21 . 2018.09.25 22:01:25 - OpenVPN > Set TAP-Windows TUN subnet mode network/local/netmask = 10.20.228.0/10.20.228.198/255.255.255.0 [sUCCEEDED] . 2018.09.25 22:01:25 - OpenVPN > Notified TAP-Windows driver to set a DHCP IP/netmask of 10.20.228.198/255.255.255.0 on interface {3C87471E-B44B-4746-949C-C8101ADDA671} [DHCP-serv: 10.20.228.254, lease-time: 31536000] . 2018.09.25 22:01:25 - OpenVPN > Successful ARP Flush on interface [26] {3C87471E-B44B-4746-949C-C8101ADDA671} . 2018.09.25 22:01:25 - OpenVPN > do_ifconfig, tt->did_ifconfig_ipv6_setup=0 . 2018.09.25 22:01:30 - OpenVPN > TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up . 2018.09.25 22:01:30 - OpenVPN > C:\Windows\system32\route.exe ADD 184.75.221.2 MASK 255.255.255.255 192.168.1.1 . 2018.09.25 22:01:30 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4 . 2018.09.25 22:01:30 - OpenVPN > Route addition via IPAPI succeeded [adaptive] . 2018.09.25 22:01:30 - OpenVPN > C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.20.228.1 . 2018.09.25 22:01:30 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4 . 2018.09.25 22:01:30 - OpenVPN > Route addition via IPAPI succeeded [adaptive] . 2018.09.25 22:01:30 - OpenVPN > C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.20.228.1 . 2018.09.25 22:01:30 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4 . 2018.09.25 22:01:30 - OpenVPN > Route addition via IPAPI succeeded [adaptive] . 2018.09.25 22:01:30 - Interface Local Area Connection 2 metric changed from Automatic to 3, layer IPv4 . 2018.09.25 22:01:30 - Interface Local Area Connection 2 metric changed from Automatic to 3, layer IPv6 . 2018.09.25 22:01:30 - DNS leak protection with packet filtering enabled. . 2018.09.25 22:01:30 - DNS IPv4 of a network adapter forced (Local Area Connection 2, from automatic to 10.20.228.1) . 2018.09.25 22:01:30 - Routes, added a new route, 184.75.221.3 for gateway 10.20.228.1 . 2018.09.25 22:01:30 - Unable to compute route for 2606:6080:1001:d:c59c:6e9a:3115:6f2f: IPv6 VPN gateway not available. . 2018.09.25 22:01:30 - Flushing DNS I 2018.09.25 22:01:36 - Checking route IPv4 I 2018.09.25 22:01:36 - Checking DNS ! 2018.09.25 22:01:37 - Connected. . 2018.09.25 22:01:37 - OpenVPN > Initialization Sequence Completed . 2018.09.25 22:03:17 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #21871 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings . 2018.09.25 22:04:38 - Above log line repeated 4 times more . 2018.09.25 22:04:38 - Updating systems & servers data ... . 2018.09.25 22:04:43 - Systems & servers data update completed . 2018.09.25 22:05:32 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #168297 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings . 2018.09.25 22:14:43 - Above log line repeated 20 times more . 2018.09.25 22:14:43 - Updating systems & servers data ... . 2018.09.25 22:14:49 - Systems & servers data update completed . 2018.09.25 22:24:49 - Updating systems & servers data ... . 2018.09.25 22:24:51 - Systems & servers data update completed ---------------------------- Network Interfaces and Routes: { "support_ipv4": true, "support_ipv6": true, "routes": [ { "address": "0.0.0.0\/0", "interface": "{059B872A-1CA2-4DBA-9DDF-FB9A70B4B0DA}", "gateway": "192.168.1.1", "metric": "276" }, { "address": "0.0.0.0\/1", "interface": "{3C87471E-B44B-4746-949C-C8101ADDA671}", "gateway": "10.20.228.1", "metric": "3" }, { "address": "10.20.228.0\/24", "interface": "{3C87471E-B44B-4746-949C-C8101ADDA671}", "gateway": "link", "metric": "259" }, { "address": "10.20.228.198", "interface": "{3C87471E-B44B-4746-949C-C8101ADDA671}", "gateway": "link", "metric": "259" }, { "address": "10.20.228.255", "interface": "{3C87471E-B44B-4746-949C-C8101ADDA671}", "gateway": "link", "metric": "259" }, { "address": "127.0.0.0\/8", "interface": "{846EE342-7039-11DE-9D20-806E6F6E6963}", "gateway": "link", "metric": "306" }, { "address": "127.0.0.1", "interface": "{846EE342-7039-11DE-9D20-806E6F6E6963}", "gateway": "link", "metric": "306" }, { "address": "127.255.255.255", "interface": "{846EE342-7039-11DE-9D20-806E6F6E6963}", "gateway": "link", "metric": "306" }, { "address": "128.0.0.0\/1", "interface": "{3C87471E-B44B-4746-949C-C8101ADDA671}", "gateway": "10.20.228.1", "metric": "3" }, { "address": "184.75.221.2", "interface": "{059B872A-1CA2-4DBA-9DDF-FB9A70B4B0DA}", "gateway": "192.168.1.1", "metric": "20" }, { "address": "184.75.221.3", "interface": "{3C87471E-B44B-4746-949C-C8101ADDA671}", "gateway": "10.20.228.1", "metric": "4" }, { "address": "192.168.1.0\/24", "interface": "{059B872A-1CA2-4DBA-9DDF-FB9A70B4B0DA}", "gateway": "link", "metric": "276" }, { "address": "192.168.1.169", "interface": "{059B872A-1CA2-4DBA-9DDF-FB9A70B4B0DA}", "gateway": "link", "metric": "276" }, { "address": "192.168.1.255", "interface": "{059B872A-1CA2-4DBA-9DDF-FB9A70B4B0DA}", "gateway": "link", "metric": "276" }, { "address": "224.0.0.0\/4", "interface": "{846EE342-7039-11DE-9D20-806E6F6E6963}", "gateway": "link", "metric": "306" }, { "address": "224.0.0.0\/4", "interface": "{059B872A-1CA2-4DBA-9DDF-FB9A70B4B0DA}", "gateway": "link", "metric": "276" }, { "address": "224.0.0.0\/4", "interface": "{3C87471E-B44B-4746-949C-C8101ADDA671}", "gateway": "link", "metric": "259" }, { "address": "255.255.255.255", "interface": "{846EE342-7039-11DE-9D20-806E6F6E6963}", "gateway": "link", "metric": "306" }, { "address": "255.255.255.255", "interface": "{059B872A-1CA2-4DBA-9DDF-FB9A70B4B0DA}", "gateway": "link", "metric": "276" }, { "address": "255.255.255.255", "interface": "{3C87471E-B44B-4746-949C-C8101ADDA671}", "gateway": "link", "metric": "259" }, { "address": "::\/0", "interface": "{059B872A-1CA2-4DBA-9DDF-FB9A70B4B0DA}", "gateway": "fe80::a3e:5dff:fe8c:d67a", "metric": "276" }, { "address": "::1", "interface": "{846EE342-7039-11DE-9D20-806E6F6E6963}", "gateway": "link", "metric": "306" }, { "address": "2600:6c4a:5d00:ac1::\/64", "interface": "{059B872A-1CA2-4DBA-9DDF-FB9A70B4B0DA}", "gateway": "link", "metric": "28" }, { "address": "2600:6c4a:5d00:ac1:0:7ece:4875:7bc9", "interface": "{059B872A-1CA2-4DBA-9DDF-FB9A70B4B0DA}", "gateway": "link", "metric": "276" }, { "address": "2600:6c4a:5d00:ac1:1877:14e:85da:7a1", "interface": "{059B872A-1CA2-4DBA-9DDF-FB9A70B4B0DA}", "gateway": "link", "metric": "276" }, { "address": "2600:6c4a:5d00:ac1:35aa:306a:8c91:7398", "interface": "{059B872A-1CA2-4DBA-9DDF-FB9A70B4B0DA}", "gateway": "link", "metric": "276" }, { "address": "fe80::\/64", "interface": "{059B872A-1CA2-4DBA-9DDF-FB9A70B4B0DA}", "gateway": "link", "metric": "276" }, { "address": "fe80::\/64", "interface": "{3C87471E-B44B-4746-949C-C8101ADDA671}", "gateway": "link", "metric": "259" }, { "address": "fe80::1877:14e:85da:7a1", "interface": "{059B872A-1CA2-4DBA-9DDF-FB9A70B4B0DA}", "gateway": "link", "metric": "276" }, { "address": "fe80::31a3:666f:6191:32e", "interface": "{3C87471E-B44B-4746-949C-C8101ADDA671}", "gateway": "link", "metric": "259" }, { "address": "ff00::\/8", "interface": "{846EE342-7039-11DE-9D20-806E6F6E6963}", "gateway": "link", "metric": "306" }, { "address": "ff00::\/8", "interface": "{059B872A-1CA2-4DBA-9DDF-FB9A70B4B0DA}", "gateway": "link", "metric": "276" }, { "address": "ff00::\/8", "interface": "{3C87471E-B44B-4746-949C-C8101ADDA671}", "gateway": "link", "metric": "259" } ], "interfaces": [ { "friendly": "Local Area Connection 2", "id": "{3C87471E-B44B-4746-949C-C8101ADDA671}", "name": "Local Area Connection 2", "description": "TAP-Windows Adapter V9", "type": "Ethernet", "status": "Up", "bytes_received": "2136216354", "bytes_sent": "2520367760", "support_ipv4": true, "support_ipv6": true, "ips": [ "fe80::31a3:666f:6191:32e", "10.20.228.198" ], "gateways": [ "10.20.228.1" ], "bind": true, "dns4": "10.20.228.1", "dns6": null }, { "friendly": "Wireless Network Connection 3", "id": "{059B872A-1CA2-4DBA-9DDF-FB9A70B4B0DA}", "name": "Wireless Network Connection 3", "description": "NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter", "type": "Wireless80211", "status": "Up", "bytes_received": "2710689643", "bytes_sent": "2874237229", "support_ipv4": true, "support_ipv6": true, "ips": [ "2600:6c4a:5d00:ac1:0:7ece:4875:7bc9", "2600:6c4a:5d00:ac1:1877:14e:85da:7a1", "2600:6c4a:5d00:ac1:35aa:306a:8c91:7398", "fe80::1877:14e:85da:7a1", "192.168.1.169" ], "gateways": [ "192.168.1.1", "fe80::a3e:5dff:fe8c:d67a" ], "bind": true, "dns4": "10.4.0.1,10.5.0.1", "dns6": null }, { "friendly": "Local Area Connection", "id": "{DF769F17-E1B7-49C6-847A-8D8C2F5C173D}", "name": "Local Area Connection", "description": "Intel® Ethernet Connection (2) I219-V", "type": "Ethernet", "status": "Down", "bytes_received": "0", "bytes_sent": "0", "support_ipv4": true, "support_ipv6": true, "ips": [ "fe80::a4fd:d3cb:9bd4:90d", "169.254.9.13" ], "gateways": [], "bind": true, "dns4": "", "dns6": null }, { "friendly": "Loopback Pseudo-Interface 1", "id": "{846EE342-7039-11DE-9D20-806E6F6E6963}", "name": "Loopback Pseudo-Interface 1", "description": "Software Loopback Interface 1", "type": "Loopback", "status": "Up", "bytes_received": "0", "bytes_sent": "0", "support_ipv4": true, "support_ipv6": true, "ips": [ "::1", "127.0.0.1" ], "gateways": [], "bind": true, "dns4": null, "dns6": null }, { "friendly": "isatap.home", "id": "{22F03BFD-EC1C-4E68-AAF2-FA213A435BCA}", "name": "isatap.home", "description": "Microsoft ISATAP Adapter", "type": "Tunnel", "status": "Down", "bytes_received": "0", "bytes_sent": "0", "support_ipv4": true, "support_ipv6": true, "ips": [], "gateways": [], "bind": false, "dns4": null, "dns6": null }, { "friendly": "isatap.{3C87471E-B44B-4746-949C-C8101ADDA671}", "id": "{377485AD-B0E9-4E77-8EF0-6986F2E35604}", "name": "isatap.{3C87471E-B44B-4746-949C-C8101ADDA671}", "description": "Microsoft ISATAP Adapter #2", "type": "Tunnel", "status": "Down", "bytes_received": "0", "bytes_sent": "0", "support_ipv4": true, "support_ipv6": true, "ips": [ "fe80::5efe:10.20.228.198" ], "gateways": [], "bind": true, "dns4": null, "dns6": null }, { "friendly": "isatap.{059B872A-1CA2-4DBA-9DDF-FB9A70B4B0DA}", "id": "{6E326A1F-4759-43DB-AA7C-663901F34BFC}", "name": "isatap.{059B872A-1CA2-4DBA-9DDF-FB9A70B4B0DA}", "description": "Microsoft ISATAP Adapter #3", "type": "Tunnel", "status": "Down", "bytes_received": "0", "bytes_sent": "0", "support_ipv4": true, "support_ipv6": true, "ips": [ "fe80::5efe:192.168.1.169" ], "gateways": [], "bind": true, "dns4": null, "dns6": null } ], "ipv4-default-gateway": "10.20.228.1", "ipv4-default-interface": "{3C87471E-B44B-4746-949C-C8101ADDA671}", "ipv6-default-gateway": "fe80::a3e:5dff:fe8c:d67a", "ipv6-default-interface": "{059B872A-1CA2-4DBA-9DDF-FB9A70B4B0DA}" } ---------------------------- ipconfig /all: Windows IP Configuration Host Name . . . . . . . . . . . . : brettwardo-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Mixed IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : home Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : TAP-Windows Adapter V9 Physical Address. . . . . . . . . : 00-FF-3C-87-47-1E DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::31a3:666f:6191:32e%26(Preferred) IPv4 Address. . . . . . . . . . . : 10.20.228.198(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Tuesday, September 25, 2018 10:01:25 PM Lease Expires . . . . . . . . . . : Wednesday, September 25, 2019 10:01:24 PM Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 10.20.228.254 DHCPv6 IAID . . . . . . . . . . . : 436272956 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-85-B8-AC-44-94-FC-F1-19-CF DNS Servers . . . . . . . . . . . : 10.20.228.1 NetBIOS over Tcpip. . . . . . . . : Enabled Wireless LAN adapter Wireless Network Connection 3: Connection-specific DNS Suffix . : home Description . . . . . . . . . . . : NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter Physical Address. . . . . . . . . : 44-94-FC-F1-19-CF DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2600:6c4a:5d00:ac1:0:7ece:4875:7bc9(Preferred) Lease Obtained. . . . . . . . . . : Tuesday, September 25, 2018 8:08:37 PM Lease Expires . . . . . . . . . . : Monday, October 01, 2018 10:09:50 AM IPv6 Address. . . . . . . . . . . : 2600:6c4a:5d00:ac1:1877:14e:85da:7a1(Preferred) Temporary IPv6 Address. . . . . . : 2600:6c4a:5d00:ac1:35aa:306a:8c91:7398(Preferred) Link-local IPv6 Address . . . . . : fe80::1877:14e:85da:7a1%14(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.169(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : fe80::a3e:5dff:fe8c:d67a%14 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 356816124 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-85-B8-AC-44-94-FC-F1-19-CF DNS Servers . . . . . . . . . . . : 2607:f428:ffff:ffff::1 2607:f428:ffff:ffff::2 10.4.0.1 10.5.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled Connection-specific DNS Suffix Search List : home Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : home Description . . . . . . . . . . . : Intel® Ethernet Connection (2) I219-V Physical Address. . . . . . . . . : B0-6E-BF-C1-39-4A DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.home: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{3C87471E-B44B-4746-949C-C8101ADDA671}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{059B872A-1CA2-4DBA-9DDF-FB9A70B4B0DA}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : home Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes
  12. Hello, i have an issue with a computer that has a a local printer connected and shared to the network. This computer has eddie with network lock active. The local printer is connected with a cross cable, it's is in the private network 169.254.182.XX. When network lock is off, i can ping and print from this computer and from any computer in the lan (the printer is shared with windows). But when network lock is on, i can't event print from the same computer connected to the printer (i can't ping either). Using last Eddie version 2.16.3. I alredy tried setting allow lan/private check, allow ping check, adding the private ip to addresses allowed and also adding the ip in the Routes "tab". But nothing change, it still not work. Anyone knows how to fix this? Thanks in advance
  13. Hi, I have recently been unable to connect to any airvpn servers with the network lock enabled. Any Suggestions? Win 7 pro. Example; I 2018.07.27 12:50:47 - AirVPN client version: 2.8.8, System: Windows, Name: Microsoft Windows NT 6.1.7601 Service Pack 1, Architecture: x86 . 2018.07.27 12:50:47 - Reading options from C:\Users\Morten\AppData\Local\AirVPN\AirVPN.xml . 2018.07.27 12:50:48 - Data Path: C:\Users\Morten\AppData\Local\AirVPN . 2018.07.27 12:50:48 - App Path: C:\Program Files\AirVPN . 2018.07.27 12:50:48 - Executable Path: C:\Program Files\AirVPN\AirVPN.exe . 2018.07.27 12:50:48 - Command line arguments (1): path="home" . 2018.07.27 12:50:48 - Operating System: Microsoft Windows NT 6.1.7601 Service Pack 1 I 2018.07.27 12:50:48 - OpenVPN Driver - TAP-Windows Adapter V9 I 2018.07.27 12:50:48 - OpenVPN - Version: OpenVPN 2.3.6 (C:\Program Files\AirVPN\openvpn.exe) I 2018.07.27 12:50:48 - SSH - Version: plink 0.63 (C:\Program Files\AirVPN\plink.exe) I 2018.07.27 12:50:48 - SSL - Version: stunnel 5.09 (C:\Program Files\AirVPN\stunnel.exe) I 2018.07.27 12:50:48 - IPV6: Available ! 2018.07.27 12:50:48 - Activation of Network Lock - Windows Firewall ! 2018.07.27 12:50:50 - Ready I 2018.07.27 12:51:36 - Session starting. I 2018.07.27 12:51:36 - Installing tunnel driver I 2018.07.27 12:51:37 - Checking authorization ... . 2018.07.27 12:51:37 - Checking authorization ..., 1° try failed (Kan ikke koble til den eksterne serveren) . 2018.07.27 12:51:37 - Checking authorization ..., 2° try failed (Kan ikke koble til den eksterne serveren) . 2018.07.27 12:51:37 - Checking authorization ..., 3° try failed (Kan ikke koble til den eksterne serveren) . 2018.07.27 12:51:37 - Checking authorization ..., 4° try failed (Kan ikke koble til den eksterne serveren) W 2018.07.27 12:51:37 - Authorization check failed, continue anyway ({1]) ! 2018.07.27 12:51:37 - Connecting to Ain (Sweden, Stockholm) . 2018.07.27 12:51:37 - OpenVPN > OpenVPN 2.3.6 i686-w64-mingw32 [sSL (OpenSSL)] [LZO] [iPv6] built on Jan 12 2015 . 2018.07.27 12:51:37 - OpenVPN > library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08 . 2018.07.27 12:51:38 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2018.07.27 12:51:38 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file . 2018.07.27 12:51:38 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2018.07.27 12:51:38 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2018.07.27 12:51:38 - OpenVPN > Socket Buffers: R=[8192->8192] S=[8192->8192] . 2018.07.27 12:51:38 - OpenVPN > UDPv4 link local: [undef] . 2018.07.27 12:51:38 - OpenVPN > UDPv4 link remote: [AF_INET]128.127.104.79:443 . 2018.07.27 12:52:10 - OpenVPN > [uNDEF] Inactivity timeout (--ping-exit), exiting . 2018.07.27 12:52:10 - OpenVPN > SIGTERM received, sending exit notification to peer . 2018.07.27 12:52:15 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting ! 2018.07.27 12:52:15 - Disconnecting . 2018.07.27 12:52:15 - Connection terminated. I 2018.07.27 12:52:18 - Checking authorization ... . 2018.07.27 12:52:18 - Checking authorization ..., 1° try failed (Kan ikke koble til den eksterne serveren) . 2018.07.27 12:52:18 - Checking authorization ..., 2° try failed (Kan ikke koble til den eksterne serveren) . 2018.07.27 12:52:18 - Checking authorization ..., 3° try failed (Kan ikke koble til den eksterne serveren) . 2018.07.27 12:52:18 - Checking authorization ..., 4° try failed (Kan ikke koble til den eksterne serveren) W 2018.07.27 12:52:18 - Authorization check failed, continue anyway ({1]) ! 2018.07.27 12:52:18 - Connecting to Tarazed (Netherlands, Alblasserdam) . 2018.07.27 12:52:19 - OpenVPN > OpenVPN 2.3.6 i686-w64-mingw32 [sSL (OpenSSL)] [LZO] [iPv6] built on Jan 12 2015 . 2018.07.27 12:52:19 - OpenVPN > library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08 . 2018.07.27 12:52:19 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2018.07.27 12:52:19 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file . 2018.07.27 12:52:19 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2018.07.27 12:52:19 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2018.07.27 12:52:19 - OpenVPN > Socket Buffers: R=[8192->8192] S=[8192->8192] . 2018.07.27 12:52:19 - OpenVPN > UDPv4 link local: [undef] . 2018.07.27 12:52:19 - OpenVPN > UDPv4 link remote: [AF_INET]213.152.161.132:443 . 2018.07.27 12:52:51 - OpenVPN > [uNDEF] Inactivity timeout (--ping-exit), exiting . 2018.07.27 12:52:51 - OpenVPN > SIGTERM received, sending exit notification to peer . 2018.07.27 12:52:56 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting ! 2018.07.27 12:52:56 - Disconnecting . 2018.07.27 12:52:56 - Connection terminated. I 2018.07.27 12:52:59 - Checking authorization ... . 2018.07.27 12:52:59 - Checking authorization ..., 1° try failed (Kan ikke koble til den eksterne serveren) . 2018.07.27 12:52:59 - Checking authorization ..., 2° try failed (Kan ikke koble til den eksterne serveren) . 2018.07.27 12:52:59 - Checking authorization ..., 3° try failed (Kan ikke koble til den eksterne serveren) . 2018.07.27 12:52:59 - Checking authorization ..., 4° try failed (Kan ikke koble til den eksterne serveren) W 2018.07.27 12:52:59 - Authorization check failed, continue anyway ({1]) ! 2018.07.27 12:52:59 - Connecting to Tarazed (Netherlands, Alblasserdam) . 2018.07.27 12:52:59 - OpenVPN > OpenVPN 2.3.6 i686-w64-mingw32 [sSL (OpenSSL)] [LZO] [iPv6] built on Jan 12 2015 . 2018.07.27 12:52:59 - OpenVPN > library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08 . 2018.07.27 12:52:59 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100 . 2018.07.27 12:52:59 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file . 2018.07.27 12:52:59 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2018.07.27 12:52:59 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication . 2018.07.27 12:52:59 - OpenVPN > Socket Buffers: R=[8192->8192] S=[8192->8192] . 2018.07.27 12:52:59 - OpenVPN > UDPv4 link local: [undef] . 2018.07.27 12:52:59 - OpenVPN > UDPv4 link remote: [AF_INET]213.152.161.132:443 . 2018.07.27 12:53:31 - OpenVPN > [uNDEF] Inactivity timeout (--ping-exit), exiting . 2018.07.27 12:53:31 - OpenVPN > SIGTERM received, sending exit notification to peer . 2018.07.27 12:53:36 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting ! 2018.07.27 12:53:36 - Disconnecting . 2018.07.27 12:53:36 - Connection terminated. I 2018.07.27 12:53:37 - Cancel requested. ! 2018.07.27 12:53:37 - Session terminated. ! 2018.07.27 12:53:51 - Deactivation of Network Lock
  14. TLDR: Network lock via the Windows Firewall is completely broken in Eddie 2.14.5. The following is based on a fresh Windows 7 Professional SP1 install (Vmware VM), Eddie 2.14. 5 is at stock settings except for Network Lock being changed from "Automatic" to "Windows Firewall (Not Recommended)". Upon enabling Network Lock, the following Outbound firewall rules are created: The "Eddie - Out - Allow IPs" rule (the one highlighted) allows ALL outgoing connections !? Indeed, no traffic is blocked when the VPN is not connected, thus breaking Network LockEnabling verbose logging shows the rule being created as follows: How on earth did this get through testing? I mean, I'm smiling, but I am very f***ing furious... This really shakes the confidence that i had in AirVPN as a professional and technically competent VPN provider.
  15. For a long time, I have been using the Network Lock in Windows Firewall mode. I read this guide from 2014 about the lock modes. Recently I updated the AirVPN client, and when I went to select the Network Lock mode, it notes that Windows Firewall is "(Not Recommended)". The other option is Windows Filtering Platform. Reading other websites, I see that the Windows Filtering Platform is an API by Microsoft that can help adjust filtering. I'm not a very technical person, but I get the gist. In the past when disengaging the Network Lock, in Windows Firewall mode, sometimes it would not properly replace my old firewall policies. I keep regular backups of them, so I usually just re-import them if there is an issue. Normally, I block a program with Windows Firewall rules from communicating over my normal connection... I plan when AirVPN network lock is active, the rule is removed, and it can communicate over the VPN. This has seemed to work for me to prevent the program from communicating if it is accidentally launched when AirVPN is not active -- though I see the problem if AirVPN accidentally shuts down and wipes firewall rules, it would communicate again... I am wondering with the Windows Filtering Platform, if my Windows Firewall rules are left intact, how should I go about managing this situation? Can I limit the program from communicating over my normal connection, but allow it to communicate over the VPN? How would I set this up in Windows Firewall? Again, I am not very technical and I have not used the Windows Filtering Platform option yet, so I am assuming this is the question I should have regarding the setup?... Or perhaps my question should be: What can I do to block a program from communicating over a non AirVPN connection, but allow it to communicate over the VPN, with Windows Filtering Platform as the network lock mode?
  16. Hi, I'm using Eddie 2.13.6 on Debian. In the fall, I received a DMCA notice when I accidentally launched my torrent client while AirVPN was not running. To avoid this mistake in the future, I set the qBittorrent configuration setting "Network Interface" to tun0. The other day, I was having trouble accessing a website and thought they might be throttling/blocking the AirVPN server I was using, so I temporarily disconnected AirVPN and disabled the network lock. It seems that qBittorrent leaked over my wlan0 interface during this time, since I received another DMCA notice. Any suggestions on how I might safely configure my torrent client to cease all communication when the VPN is not enabled? Or maybe a way to temporarily configure only a single application (my Internet browser) to communicate outside of the Network Lock? Thanks.
  17. Hi, I would like to use AirVPN on my Android device but am concerned about leaking. I have seen some posts on here about using AfWall+ and was wondering if this is the best way to go. Android now also natively has a kind of Network Lock feature. But then there is also the boot leak (discussed here, along with providing a userinit script for droidwall to disable network connectivity during boot and also a script to prevent Google portal capture during wifi connection: https://blog.torproject.org/mission-impossible-hardening-android-security-and-privacy). My thinking is to use OpenVPN on the latest Lineage OS and would appreciate any assistance on the matter. Thank you.
  18. Hello everyone! This is my first post, so keep that in mind. Also, while I have better-than-average I.T. skills, I'm hardly an expert. I have recently encountered several problems, all of which I did not notice until after I installed the Windows 10 Fall Creators Update. Note that that does not necessarily mean they weren't present before the update; I just didn't notice them until afterwards. I also have some other questions. 1. If I open Eddie and activate network lock, remain unconnected to a server, attempt to load a webpage, and it doesn't work -- does that definitively mean that Network Lock is working and secure? (Assuming, of course, that it does work with network lock deactivated.) 2. I keep getting the message, "Recovery. Unexpected Crash?" (the question mark is part of the message). 3. I keep getting this message too: "The requested protocol has not been configured into the system, or no implementation for it exists." 4. If I run ipleak.net while connected to an AirVPN server, and: my IPv4 is the AirVPN server, no forwarded IP is detected, IPv6 test is not reachable, RTCPeerConnection is not available, and the DNS addresses are all AirVPN servers -- then am I definitively secured? 5. It appears IPv6 doesn't work (I get the "IPv6 test not reachable" message on ipleak.net) at all times, even if I'm not running Eddie. This was not the case when I first installed and set up Eddie. Toggling Eddie's "Disable IPv6 at OS level if requested" option doesn't seem to make a difference. 6. In Eddie's preferences, under Advanced, for the IPv6 dropdown menu, what's the difference between "None" and "Disable"? 7. What does "Force TAP interface UP" mean? I probably won't have time to check this thread again until Sunday. Thanks a bunch!
  19. Hey there When having a torrent client activated over night, Windows 10 decided to restart itself on it's own. It couldn't fully restart because of the Client preventing it, and that's a good thing. But is the Network Lock still active in that state? And if not, does the torrent client run anyway? It sounds a bit weird but hopefully you guys understand what I mean. Huge thanks for answers in advance
  20. Im having some issues with Eddie 2.13.6 not being able to connect to any servers while the network lock is activated. Its getting stuck on checking route and just keeps trying each recommended server going down the list. Im running MAC OSX Sierra. Any suggestions would be greatly appreciated. Everything seems to work fine when the network lock is not activated. Ive pasted the log below. Thank you in advance for any insigt.. I 2017.11.07 17:33:35 - Eddie version: 2.13.6 / macos_x64, System: MacOS, Name: 10.12.6, Version: Darwin Richards-MacBook-Pro.local 16.7.0 Darwin Kernel Version 16.7.0: Thu Jun 15 17:36:27 PDT 2017; root:xnu-3789.70.16~2/RELEASE_X86_64 x86_64, Mono/.Net Framework: v4.0.30319. 2017.11.07 17:33:35 - Reading options from /Users/RicksMacbookPro/.airvpn/AirVPN.xml. 2017.11.07 17:33:36 - Command line arguments (1): gui.osx.style="dark"I 2017.11.07 17:33:37 - OpenVPN Driver - ExpectedI 2017.11.07 17:33:37 - OpenVPN - Version: 2.4.3 - OpenSSL 1.0.2l 25 May 2017, LZO 2.10 (/Applications/Eddie.app/Contents/MacOS/openvpn)I 2017.11.07 17:33:38 - SSH - Version: OpenSSH_7.4p1, LibreSSL 2.5.0 (/usr/bin/ssh)I 2017.11.07 17:33:38 - SSL - Version: stunnel 5.40 (/Applications/Eddie.app/Contents/MacOS/stunnel)I 2017.11.07 17:33:38 - curl - Version: 7.54.0 (/usr/bin/curl)I 2017.11.07 17:33:38 - Certification Authorities: /Applications/Eddie.app/Contents/MacOS/cacert.pem. 2017.11.07 17:33:38 - Updating systems & servers data ...! 2017.11.07 17:33:38 - Ready. 2017.11.07 17:33:39 - Systems & servers data update completedI 2017.11.07 17:33:41 - Checking login ...! 2017.11.07 17:33:42 - Logged in.! 2017.11.07 17:33:45 - Activation of Network Lock - OS X - PF. 2017.11.07 17:33:45 - OS X - PF rules updated, reloadingI 2017.11.07 17:33:46 - Session starting.. 2017.11.07 17:33:47 - IPv6 disabled on network adapter (Bluetooth DUN). 2017.11.07 17:33:47 - IPv6 disabled on network adapter (iPhone USB). 2017.11.07 17:33:47 - IPv6 disabled on network adapter (Wi-Fi). 2017.11.07 17:33:47 - IPv6 disabled on network adapter (Bluetooth PAN). 2017.11.07 17:33:47 - IPv6 disabled on network adapter (Thunderbolt Bridge). 2017.11.07 17:33:47 - IPv6 disabled on network adapter (ibVPN-L2TP). 2017.11.07 17:33:48 - IPv6 disabled on network adapter (ibVPN-L2TP 2). 2017.11.07 17:33:48 - IPv6 disabled on network adapter (ibVPN-L2TP 3). 2017.11.07 17:33:48 - IPv6 disabled on network adapter (ibVPN-L2TP 4). 2017.11.07 17:33:48 - IPv6 disabled on network adapter (ibVPN-L2TP 5). 2017.11.07 17:33:48 - IPv6 disabled on network adapter (ibVPN-L2TP 6). 2017.11.07 17:33:48 - IPv6 disabled on network adapter (ibVPN-L2TP 7). 2017.11.07 17:33:48 - IPv6 disabled on network adapter (ibVPN-L2TP 8). 2017.11.07 17:33:48 - IPv6 disabled on network adapter (ibVPN-L2TP 9). 2017.11.07 17:33:49 - IPv6 disabled on network adapter (ibVPN-L2TP 10). 2017.11.07 17:33:49 - IPv6 disabled on network adapter (ibVPN-L2TP 11). 2017.11.07 17:33:49 - IPv6 disabled on network adapter (ibVPN-L2TP 12). 2017.11.07 17:33:49 - IPv6 disabled on network adapter (ibVPN-L2TP 13). 2017.11.07 17:33:49 - IPv6 disabled on network adapter (ibVPN-L2TP 14). 2017.11.07 17:33:49 - IPv6 disabled on network adapter (ibVPN-L2TP 15). 2017.11.07 17:33:49 - IPv6 disabled on network adapter (ibVPN-L2TP 16). 2017.11.07 17:33:50 - IPv6 disabled on network adapter (ibVPN-L2TP 17)I 2017.11.07 17:33:53 - Checking authorization ...! 2017.11.07 17:33:53 - Connecting to Homam (Canada, Vancouver). 2017.11.07 17:33:53 - OpenVPN > OpenVPN 2.4.3 x86_64-apple-darwin16.6.0 [sSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 23 2017. 2017.11.07 17:33:53 - OpenVPN > library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10. 2017.11.07 17:33:53 - Connection to OpenVPN Management Interface. 2017.11.07 17:33:54 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3116. 2017.11.07 17:33:54 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication. 2017.11.07 17:33:54 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication. 2017.11.07 17:33:54 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]71.19.252.26:443. 2017.11.07 17:33:54 - OpenVPN > Socket Buffers: R=[196724->262144] S=[9216->262144]. 2017.11.07 17:33:54 - OpenVPN > UDP link local: (not bound). 2017.11.07 17:33:54 - OpenVPN > UDP link remote: [AF_INET]71.19.252.26:443. 2017.11.07 17:33:54 - OpenVPN > TLS: Initial packet from [AF_INET]71.19.252.26:443, sid=3a3110c3 751b0ed9. 2017.11.07 17:33:54 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org. 2017.11.07 17:33:54 - OpenVPN > VERIFY KU OK. 2017.11.07 17:33:54 - OpenVPN > Validating certificate extended key usage. 2017.11.07 17:33:54 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication. 2017.11.07 17:33:54 - OpenVPN > VERIFY EKU OK. 2017.11.07 17:33:54 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Homam, emailAddress=info@airvpn.org. 2017.11.07 17:33:54 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3116. 2017.11.07 17:33:54 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA. 2017.11.07 17:33:54 - OpenVPN > [Homam] Peer Connection Initiated with [AF_INET]71.19.252.26:443. 2017.11.07 17:33:55 - OpenVPN > SENT CONTROL [Homam]: 'PUSH_REQUEST' (status=1). 2017.11.07 17:33:55 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.4.128 255.255.0.0,peer-id 10,cipher AES-256-GCM'. 2017.11.07 17:33:55 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified. 2017.11.07 17:33:55 - OpenVPN > OPTIONS IMPORT: compression parms modified. 2017.11.07 17:33:55 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified. 2017.11.07 17:33:55 - OpenVPN > OPTIONS IMPORT: route options modified. 2017.11.07 17:33:55 - OpenVPN > OPTIONS IMPORT: route-related options modified. 2017.11.07 17:33:55 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified. 2017.11.07 17:33:55 - OpenVPN > OPTIONS IMPORT: peer-id set. 2017.11.07 17:33:55 - OpenVPN > OPTIONS IMPORT: adjusting link_mtu to 1625. 2017.11.07 17:33:55 - OpenVPN > OPTIONS IMPORT: data channel crypto options modified. 2017.11.07 17:33:55 - OpenVPN > Data Channel: using negotiated cipher 'AES-256-GCM'. 2017.11.07 17:33:55 - OpenVPN > Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key. 2017.11.07 17:33:55 - OpenVPN > Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key. 2017.11.07 17:33:55 - OpenVPN > ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=en0 HWADDR=54:26:96:dd:a1:31. 2017.11.07 17:33:55 - OpenVPN > Opening utun (connect(AF_SYS_CONTROL)): Resource busy. 2017.11.07 17:33:55 - OpenVPN > Opened utun device utun1. 2017.11.07 17:33:55 - OpenVPN > do_ifconfig, tt->did_ifconfig_ipv6_setup=0. 2017.11.07 17:33:55 - OpenVPN > /sbin/ifconfig utun1 delete. 2017.11.07 17:33:55 - OpenVPN > ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address. 2017.11.07 17:33:55 - OpenVPN > NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure. 2017.11.07 17:33:55 - OpenVPN > /sbin/ifconfig utun1 10.4.4.128 10.4.4.128 netmask 255.255.0.0 mtu 1500 up. 2017.11.07 17:33:55 - OpenVPN > /sbin/route add -net 10.4.0.0 10.4.4.128 255.255.0.0. 2017.11.07 17:33:55 - OpenVPN > add net 10.4.0.0: gateway 10.4.4.128. 2017.11.07 17:33:55 - OpenVPN > /sbin/route add -net 71.19.252.26 192.168.0.1 255.255.255.255. 2017.11.07 17:33:55 - OpenVPN > add net 71.19.252.26: gateway 192.168.0.1. 2017.11.07 17:33:55 - OpenVPN > /sbin/route add -net 0.0.0.0 10.4.0.1 128.0.0.0. 2017.11.07 17:33:55 - OpenVPN > add net 0.0.0.0: gateway 10.4.0.1. 2017.11.07 17:33:55 - OpenVPN > /sbin/route add -net 128.0.0.0 10.4.0.1 128.0.0.0. 2017.11.07 17:33:55 - OpenVPN > add net 128.0.0.0: gateway 10.4.0.1. 2017.11.07 17:33:55 - DNS of a network adapter forced (Wi-Fi, from Automatic to 10.4.0.1). 2017.11.07 17:33:57 - DNS of a network adapter forced (ibVPN-L2TP 14, from Automatic to 10.4.0.1). 2017.11.07 17:33:57 - DNS of a network adapter forced (ibVPN-L2TP 15, from Automatic to 10.4.0.1). 2017.11.07 17:33:57 - DNS of a network adapter forced (ibVPN-L2TP 16, from Automatic to 10.4.0.1). 2017.11.07 17:33:57 - DNS of a network adapter forced (ibVPN-L2TP 17, from Automatic to 10.4.0.1). 2017.11.07 17:33:57 - Flushing DNS. 2017.11.07 17:33:57 - OS X - PF rules updated, reloadingI 2017.11.07 17:33:57 - Checking routeI 2017.11.07 17:33:58 - Checking DNS. 2017.11.07 17:34:10 - Checking DNS failed: eukphbvnwmbbukqyqdvuaginqxektwnv. 2017.11.07 17:34:10 - Checking DNS (2° try). 2017.11.07 17:34:18 - Checking DNS failed: eukphbvnwmbbukqyqdvuaginqxektwnv. 2017.11.07 17:34:18 - Checking DNS (3° try). 2017.11.07 17:34:21 - Checking DNS failed: eukphbvnwmbbukqyqdvuaginqxektwnvE 2017.11.07 17:34:21 - Checking DNS failed.. 2017.11.07 17:34:21 - OpenVPN > Initialization Sequence Completed! 2017.11.07 17:34:21 - Disconnecting. 2017.11.07 17:34:21 - Sending management termination signal. 2017.11.07 17:34:21 - Management - Send 'signal SIGTERM'. 2017.11.07 17:34:26 - Connection terminated.. 2017.11.07 17:34:27 - DNS of a network adapter restored to original settings (Wi-Fi, to Automatic). 2017.11.07 17:34:27 - DNS of a network adapter restored to original settings (ibVPN-L2TP 14, to Automatic). 2017.11.07 17:34:27 - DNS of a network adapter restored to original settings (ibVPN-L2TP 15, to Automatic). 2017.11.07 17:34:27 - DNS of a network adapter restored to original settings (ibVPN-L2TP 16, to Automatic). 2017.11.07 17:34:27 - DNS of a network adapter restored to original settings (ibVPN-L2TP 17, to Automatic)I 2017.11.07 17:34:30 - Checking authorization ...! 2017.11.07 17:34:30 - Connecting to Kleeia (Canada, Vancouver). 2017.11.07 17:34:31 - OpenVPN > OpenVPN 2.4.3 x86_64-apple-darwin16.6.0 [sSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 23 2017. 2017.11.07 17:34:31 - OpenVPN > library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10. 2017.11.07 17:34:31 - Connection to OpenVPN Management Interface. 2017.11.07 17:34:31 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3116. 2017.11.07 17:34:31 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication. 2017.11.07 17:34:31 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication. 2017.11.07 17:34:31 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]71.19.252.31:443. 2017.11.07 17:34:31 - OpenVPN > Socket Buffers: R=[196724->262144] S=[9216->262144]. 2017.11.07 17:34:31 - OpenVPN > UDP link local: (not bound). 2017.11.07 17:34:31 - OpenVPN > UDP link remote: [AF_INET]71.19.252.31:443. 2017.11.07 17:34:31 - OpenVPN > TLS: Initial packet from [AF_INET]71.19.252.31:443, sid=4d4d399b 6ca84467. 2017.11.07 17:34:31 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3116. 2017.11.07 17:34:31 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org. 2017.11.07 17:34:31 - OpenVPN > VERIFY KU OK. 2017.11.07 17:34:31 - OpenVPN > Validating certificate extended key usage. 2017.11.07 17:34:31 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication. 2017.11.07 17:34:31 - OpenVPN > VERIFY EKU OK. 2017.11.07 17:34:31 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Kleeia, emailAddress=info@airvpn.org. 2017.11.07 17:34:31 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA. 2017.11.07 17:34:31 - OpenVPN > [Kleeia] Peer Connection Initiated with [AF_INET]71.19.252.31:443. 2017.11.07 17:34:32 - OpenVPN > SENT CONTROL [Kleeia]: 'PUSH_REQUEST' (status=1). 2017.11.07 17:34:32 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.1.86 255.255.0.0,peer-id 63,cipher AES-256-GCM'. 2017.11.07 17:34:32 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified. 2017.11.07 17:34:32 - OpenVPN > OPTIONS IMPORT: compression parms modified. 2017.11.07 17:34:32 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified. 2017.11.07 17:34:32 - OpenVPN > OPTIONS IMPORT: route options modified. 2017.11.07 17:34:32 - OpenVPN > OPTIONS IMPORT: route-related options modified. 2017.11.07 17:34:32 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified. 2017.11.07 17:34:32 - OpenVPN > OPTIONS IMPORT: peer-id set. 2017.11.07 17:34:32 - OpenVPN > OPTIONS IMPORT: adjusting link_mtu to 1625. 2017.11.07 17:34:32 - OpenVPN > OPTIONS IMPORT: data channel crypto options modified. 2017.11.07 17:34:32 - OpenVPN > Data Channel: using negotiated cipher 'AES-256-GCM'. 2017.11.07 17:34:32 - OpenVPN > Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key. 2017.11.07 17:34:32 - OpenVPN > Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key. 2017.11.07 17:34:32 - OpenVPN > ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=en0 HWADDR=54:26:96:dd:a1:31. 2017.11.07 17:34:32 - OpenVPN > Opening utun (connect(AF_SYS_CONTROL)): Resource busy. 2017.11.07 17:34:32 - OpenVPN > Opened utun device utun1. 2017.11.07 17:34:32 - OpenVPN > do_ifconfig, tt->did_ifconfig_ipv6_setup=0. 2017.11.07 17:34:32 - OpenVPN > /sbin/ifconfig utun1 delete. 2017.11.07 17:34:32 - OpenVPN > ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address. 2017.11.07 17:34:32 - OpenVPN > NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure. 2017.11.07 17:34:32 - OpenVPN > /sbin/ifconfig utun1 10.4.1.86 10.4.1.86 netmask 255.255.0.0 mtu 1500 up. 2017.11.07 17:34:32 - OpenVPN > /sbin/route add -net 10.4.0.0 10.4.1.86 255.255.0.0. 2017.11.07 17:34:32 - OpenVPN > add net 10.4.0.0: gateway 10.4.1.86. 2017.11.07 17:34:32 - OpenVPN > /sbin/route add -net 71.19.252.31 192.168.0.1 255.255.255.255. 2017.11.07 17:34:32 - OpenVPN > add net 71.19.252.31: gateway 192.168.0.1. 2017.11.07 17:34:32 - OpenVPN > /sbin/route add -net 0.0.0.0 10.4.0.1 128.0.0.0. 2017.11.07 17:34:32 - OpenVPN > add net 0.0.0.0: gateway 10.4.0.1. 2017.11.07 17:34:32 - OpenVPN > /sbin/route add -net 128.0.0.0 10.4.0.1 128.0.0.0. 2017.11.07 17:34:32 - OpenVPN > add net 128.0.0.0: gateway 10.4.0.1. 2017.11.07 17:34:32 - DNS of a network adapter forced (Wi-Fi, from Automatic to 10.4.0.1). 2017.11.07 17:34:33 - DNS of a network adapter forced (ibVPN-L2TP 14, from Automatic to 10.4.0.1). 2017.11.07 17:34:34 - DNS of a network adapter forced (ibVPN-L2TP 15, from Automatic to 10.4.0.1). 2017.11.07 17:34:34 - DNS of a network adapter forced (ibVPN-L2TP 16, from Automatic to 10.4.0.1). 2017.11.07 17:34:34 - DNS of a network adapter forced (ibVPN-L2TP 17, from Automatic to 10.4.0.1). 2017.11.07 17:34:34 - Flushing DNSI 2017.11.07 17:34:34 - Checking route. 2017.11.07 17:35:04 - curl: (28) Connection timed out after 30000 milliseconds. 2017.11.07 17:35:04 - Checking route (2° try). 2017.11.07 17:35:35 - curl: (28) Connection timed out after 30002 milliseconds. 2017.11.07 17:35:35 - Checking route (3° try). 2017.11.07 17:36:07 - curl: (28) Connection timed out after 30001 millisecondsE 2017.11.07 17:36:07 - Checking route failed.. 2017.11.07 17:36:08 - OpenVPN > Initialization Sequence Completed! 2017.11.07 17:36:08 - Disconnecting. 2017.11.07 17:36:08 - Sending management termination signal. 2017.11.07 17:36:08 - Management - Send 'signal SIGTERM'. 2017.11.07 17:36:14 - Connection terminated.. 2017.11.07 17:36:14 - DNS of a network adapter restored to original settings (Wi-Fi, to Automatic). 2017.11.07 17:36:14 - DNS of a network adapter restored to original settings (ibVPN-L2TP 14, to Automatic). 2017.11.07 17:36:14 - DNS of a network adapter restored to original settings (ibVPN-L2TP 15, to Automatic). 2017.11.07 17:36:15 - DNS of a network adapter restored to original settings (ibVPN-L2TP 16, to Automatic). 2017.11.07 17:36:15 - DNS of a network adapter restored to original settings (ibVPN-L2TP 17, to Automatic)I 2017.11.07 17:36:18 - Checking authorization ...! 2017.11.07 17:36:19 - Connecting to Cynosura (Canada, Vancouver). 2017.11.07 17:36:19 - OpenVPN > OpenVPN 2.4.3 x86_64-apple-darwin16.6.0 [sSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 23 2017. 2017.11.07 17:36:19 - OpenVPN > library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10. 2017.11.07 17:36:19 - Connection to OpenVPN Management Interface. 2017.11.07 17:36:19 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3116. 2017.11.07 17:36:19 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication. 2017.11.07 17:36:19 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication. 2017.11.07 17:36:19 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]71.19.252.21:443. 2017.11.07 17:36:19 - OpenVPN > Socket Buffers: R=[196724->262144] S=[9216->262144]. 2017.11.07 17:36:19 - OpenVPN > UDP link local: (not bound). 2017.11.07 17:36:19 - OpenVPN > UDP link remote: [AF_INET]71.19.252.21:443. 2017.11.07 17:36:20 - OpenVPN > TLS: Initial packet from [AF_INET]71.19.252.21:443, sid=85e241fd 2f78a0f2. 2017.11.07 17:36:20 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org. 2017.11.07 17:36:20 - OpenVPN > VERIFY KU OK. 2017.11.07 17:36:20 - OpenVPN > Validating certificate extended key usage. 2017.11.07 17:36:20 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication. 2017.11.07 17:36:20 - OpenVPN > VERIFY EKU OK. 2017.11.07 17:36:20 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Cynosura, emailAddress=info@airvpn.org. 2017.11.07 17:36:20 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA. 2017.11.07 17:36:20 - OpenVPN > [Cynosura] Peer Connection Initiated with [AF_INET]71.19.252.21:443. 2017.11.07 17:36:20 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3116. 2017.11.07 17:36:21 - OpenVPN > SENT CONTROL [Cynosura]: 'PUSH_REQUEST' (status=1). 2017.11.07 17:36:21 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.9.52 255.255.0.0,peer-id 62,cipher AES-256-GCM'. 2017.11.07 17:36:21 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified. 2017.11.07 17:36:21 - OpenVPN > OPTIONS IMPORT: compression parms modified. 2017.11.07 17:36:21 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified. 2017.11.07 17:36:22 - OpenVPN > OPTIONS IMPORT: route options modified. 2017.11.07 17:36:22 - OpenVPN > OPTIONS IMPORT: route-related options modified. 2017.11.07 17:36:22 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified. 2017.11.07 17:36:22 - OpenVPN > OPTIONS IMPORT: peer-id set. 2017.11.07 17:36:22 - OpenVPN > OPTIONS IMPORT: adjusting link_mtu to 1625. 2017.11.07 17:36:23 - OpenVPN > OPTIONS IMPORT: data channel crypto options modified. 2017.11.07 17:36:23 - OpenVPN > Data Channel: using negotiated cipher 'AES-256-GCM'. 2017.11.07 17:36:23 - OpenVPN > Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key. 2017.11.07 17:36:23 - OpenVPN > Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key. 2017.11.07 17:36:23 - OpenVPN > ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=en0 HWADDR=54:26:96:dd:a1:31. 2017.11.07 17:36:23 - OpenVPN > Opening utun (connect(AF_SYS_CONTROL)): Resource busy. 2017.11.07 17:36:23 - OpenVPN > Opened utun device utun1. 2017.11.07 17:36:23 - OpenVPN > do_ifconfig, tt->did_ifconfig_ipv6_setup=0. 2017.11.07 17:36:23 - OpenVPN > /sbin/ifconfig utun1 delete. 2017.11.07 17:36:23 - OpenVPN > ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address. 2017.11.07 17:36:23 - OpenVPN > NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure. 2017.11.07 17:36:23 - OpenVPN > /sbin/ifconfig utun1 10.4.9.52 10.4.9.52 netmask 255.255.0.0 mtu 1500 up. 2017.11.07 17:36:23 - OpenVPN > /sbin/route add -net 10.4.0.0 10.4.9.52 255.255.0.0. 2017.11.07 17:36:23 - OpenVPN > add net 10.4.0.0: gateway 10.4.9.52. 2017.11.07 17:36:23 - OpenVPN > /sbin/route add -net 71.19.252.21 192.168.0.1 255.255.255.255. 2017.11.07 17:36:23 - OpenVPN > add net 71.19.252.21: gateway 192.168.0.1. 2017.11.07 17:36:23 - OpenVPN > /sbin/route add -net 0.0.0.0 10.4.0.1 128.0.0.0. 2017.11.07 17:36:23 - OpenVPN > add net 0.0.0.0: gateway 10.4.0.1. 2017.11.07 17:36:23 - OpenVPN > /sbin/route add -net 128.0.0.0 10.4.0.1 128.0.0.0. 2017.11.07 17:36:23 - OpenVPN > add net 128.0.0.0: gateway 10.4.0.1. 2017.11.07 17:36:24 - DNS of a network adapter forced (Wi-Fi, from Automatic to 10.4.0.1). 2017.11.07 17:36:25 - DNS of a network adapter forced (ibVPN-L2TP 14, from Automatic to 10.4.0.1). 2017.11.07 17:36:25 - DNS of a network adapter forced (ibVPN-L2TP 15, from Automatic to 10.4.0.1). 2017.11.07 17:36:25 - DNS of a network adapter forced (ibVPN-L2TP 16, from Automatic to 10.4.0.1). 2017.11.07 17:36:25 - DNS of a network adapter forced (ibVPN-L2TP 17, from Automatic to 10.4.0.1). 2017.11.07 17:36:25 - Flushing DNSI 2017.11.07 17:36:25 - Checking route. 2017.11.07 17:36:56 - curl: (28) Connection timed out after 30000 milliseconds. 2017.11.07 17:36:56 - Checking route (2° try). 2017.11.07 17:37:27 - curl: (28) Connection timed out after 30001 milliseconds. 2017.11.07 17:37:27 - Checking route (3° try). 2017.11.07 17:37:59 - curl: (28) Connection timed out after 30001 millisecondsE 2017.11.07 17:37:59 - Checking route failed.. 2017.11.07 17:37:59 - OpenVPN > Initialization Sequence Completed! 2017.11.07 17:37:59 - Disconnecting. 2017.11.07 17:37:59 - Sending management termination signal. 2017.11.07 17:37:59 - Management - Send 'signal SIGTERM'. 2017.11.07 17:38:04 - Connection terminated.. 2017.11.07 17:38:04 - DNS of a network adapter restored to original settings (Wi-Fi, to Automatic). 2017.11.07 17:38:04 - DNS of a network adapter restored to original settings (ibVPN-L2TP 14, to Automatic). 2017.11.07 17:38:04 - DNS of a network adapter restored to original settings (ibVPN-L2TP 15, to Automatic). 2017.11.07 17:38:04 - DNS of a network adapter restored to original settings (ibVPN-L2TP 16, to Automatic). 2017.11.07 17:38:04 - DNS of a network adapter restored to original settings (ibVPN-L2TP 17, to Automatic)I 2017.11.07 17:38:07 - Checking authorization ...! 2017.11.07 17:38:08 - Connecting to Gemma (Canada, Vancouver). 2017.11.07 17:38:08 - OpenVPN > OpenVPN 2.4.3 x86_64-apple-darwin16.6.0 [sSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 23 2017. 2017.11.07 17:38:08 - OpenVPN > library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10. 2017.11.07 17:38:08 - Connection to OpenVPN Management Interface. 2017.11.07 17:38:08 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3116. 2017.11.07 17:38:08 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication. 2017.11.07 17:38:08 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication. 2017.11.07 17:38:08 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]71.19.252.113:443. 2017.11.07 17:38:08 - OpenVPN > Socket Buffers: R=[196724->262144] S=[9216->262144]. 2017.11.07 17:38:08 - OpenVPN > UDP link local: (not bound). 2017.11.07 17:38:08 - OpenVPN > UDP link remote: [AF_INET]71.19.252.113:443. 2017.11.07 17:38:08 - OpenVPN > TLS: Initial packet from [AF_INET]71.19.252.113:443, sid=b81fa2ce 8b4ee975. 2017.11.07 17:38:08 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3116. 2017.11.07 17:38:08 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org. 2017.11.07 17:38:08 - OpenVPN > VERIFY KU OK. 2017.11.07 17:38:08 - OpenVPN > Validating certificate extended key usage. 2017.11.07 17:38:08 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication. 2017.11.07 17:38:08 - OpenVPN > VERIFY EKU OK. 2017.11.07 17:38:08 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org. 2017.11.07 17:38:08 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA. 2017.11.07 17:38:08 - OpenVPN > [server] Peer Connection Initiated with [AF_INET]71.19.252.113:443. 2017.11.07 17:38:10 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1). 2017.11.07 17:38:10 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.21.77 255.255.0.0'. 2017.11.07 17:38:10 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified. 2017.11.07 17:38:10 - OpenVPN > OPTIONS IMPORT: compression parms modified. 2017.11.07 17:38:10 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified. 2017.11.07 17:38:10 - OpenVPN > OPTIONS IMPORT: route options modified. 2017.11.07 17:38:10 - OpenVPN > OPTIONS IMPORT: route-related options modified. 2017.11.07 17:38:10 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified. 2017.11.07 17:38:10 - OpenVPN > Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key. 2017.11.07 17:38:10 - OpenVPN > Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication. 2017.11.07 17:38:10 - OpenVPN > Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key. 2017.11.07 17:38:10 - OpenVPN > Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication. 2017.11.07 17:38:10 - OpenVPN > ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=en0 HWADDR=54:26:96:dd:a1:31. 2017.11.07 17:38:10 - OpenVPN > Opening utun (connect(AF_SYS_CONTROL)): Resource busy. 2017.11.07 17:38:10 - OpenVPN > Opened utun device utun1. 2017.11.07 17:38:10 - OpenVPN > do_ifconfig, tt->did_ifconfig_ipv6_setup=0. 2017.11.07 17:38:10 - OpenVPN > /sbin/ifconfig utun1 delete. 2017.11.07 17:38:10 - OpenVPN > ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address. 2017.11.07 17:38:10 - OpenVPN > NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure. 2017.11.07 17:38:10 - OpenVPN > /sbin/ifconfig utun1 10.4.21.77 10.4.21.77 netmask 255.255.0.0 mtu 1500 up. 2017.11.07 17:38:10 - OpenVPN > /sbin/route add -net 10.4.0.0 10.4.21.77 255.255.0.0. 2017.11.07 17:38:10 - OpenVPN > add net 10.4.0.0: gateway 10.4.21.77. 2017.11.07 17:38:10 - OpenVPN > /sbin/route add -net 71.19.252.113 192.168.0.1 255.255.255.255. 2017.11.07 17:38:10 - OpenVPN > add net 71.19.252.113: gateway 192.168.0.1. 2017.11.07 17:38:10 - OpenVPN > /sbin/route add -net 0.0.0.0 10.4.0.1 128.0.0.0. 2017.11.07 17:38:10 - OpenVPN > add net 0.0.0.0: gateway 10.4.0.1. 2017.11.07 17:38:10 - OpenVPN > /sbin/route add -net 128.0.0.0 10.4.0.1 128.0.0.0. 2017.11.07 17:38:10 - OpenVPN > add net 128.0.0.0: gateway 10.4.0.1. 2017.11.07 17:38:10 - DNS of a network adapter forced (Wi-Fi, from Automatic to 10.4.0.1). 2017.11.07 17:38:11 - DNS of a network adapter forced (ibVPN-L2TP 14, from Automatic to 10.4.0.1). 2017.11.07 17:38:11 - DNS of a network adapter forced (ibVPN-L2TP 15, from Automatic to 10.4.0.1). 2017.11.07 17:38:12 - DNS of a network adapter forced (ibVPN-L2TP 16, from Automatic to 10.4.0.1). 2017.11.07 17:38:12 - DNS of a network adapter forced (ibVPN-L2TP 17, from Automatic to 10.4.0.1). 2017.11.07 17:38:12 - Flushing DNSI 2017.11.07 17:38:12 - Checking route. 2017.11.07 17:38:42 - curl: (28) Connection timed out after 30004 milliseconds. 2017.11.07 17:38:42 - Checking route (2° try). 2017.11.07 17:39:13 - curl: (28) Connection timed out after 30001 milliseconds. 2017.11.07 17:39:13 - Checking route (3° try). 2017.11.07 17:39:45 - curl: (28) Connection timed out after 30005 millisecondsE 2017.11.07 17:39:45 - Checking route failed.. 2017.11.07 17:39:45 - OpenVPN > Initialization Sequence Completed! 2017.11.07 17:39:46 - Disconnecting. 2017.11.07 17:39:46 - Sending management termination signal. 2017.11.07 17:39:46 - Management - Send 'signal SIGTERM'. 2017.11.07 17:39:51 - Connection terminated.. 2017.11.07 17:39:51 - DNS of a network adapter restored to original settings (Wi-Fi, to Automatic). 2017.11.07 17:39:51 - DNS of a network adapter restored to original settings (ibVPN-L2TP 14, to Automatic). 2017.11.07 17:39:51 - DNS of a network adapter restored to original settings (ibVPN-L2TP 15, to Automatic). 2017.11.07 17:39:51 - DNS of a network adapter restored to original settings (ibVPN-L2TP 16, to Automatic). 2017.11.07 17:39:51 - DNS of a network adapter restored to original settings (ibVPN-L2TP 17, to Automatic)I 2017.11.07 17:39:54 - Checking authorization ...! 2017.11.07 17:39:55 - Connecting to Aludra (Canada, Toronto, Ontario). 2017.11.07 17:39:55 - OpenVPN > OpenVPN 2.4.3 x86_64-apple-darwin16.6.0 [sSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 23 2017. 2017.11.07 17:39:55 - OpenVPN > library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10. 2017.11.07 17:39:55 - Connection to OpenVPN Management Interface. 2017.11.07 17:39:55 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3116. 2017.11.07 17:39:55 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication. 2017.11.07 17:39:55 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication. 2017.11.07 17:39:55 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]104.254.90.202:443. 2017.11.07 17:39:55 - OpenVPN > Socket Buffers: R=[196724->262144] S=[9216->262144]. 2017.11.07 17:39:55 - OpenVPN > UDP link local: (not bound). 2017.11.07 17:39:55 - OpenVPN > UDP link remote: [AF_INET]104.254.90.202:443. 2017.11.07 17:39:55 - OpenVPN > TLS: Initial packet from [AF_INET]104.254.90.202:443, sid=78c1ba87 4e29bc97. 2017.11.07 17:39:55 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3116. 2017.11.07 17:39:55 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org. 2017.11.07 17:39:55 - OpenVPN > VERIFY KU OK. 2017.11.07 17:39:55 - OpenVPN > Validating certificate extended key usage. 2017.11.07 17:39:55 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication. 2017.11.07 17:39:55 - OpenVPN > VERIFY EKU OK. 2017.11.07 17:39:55 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org. 2017.11.07 17:39:55 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA. 2017.11.07 17:39:55 - OpenVPN > [server] Peer Connection Initiated with [AF_INET]104.254.90.202:443. 2017.11.07 17:39:56 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1). 2017.11.07 17:39:57 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.64.11 255.255.0.0'. 2017.11.07 17:39:57 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified. 2017.11.07 17:39:57 - OpenVPN > OPTIONS IMPORT: compression parms modified. 2017.11.07 17:39:57 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified. 2017.11.07 17:39:57 - OpenVPN > OPTIONS IMPORT: route options modified. 2017.11.07 17:39:57 - OpenVPN > OPTIONS IMPORT: route-related options modified. 2017.11.07 17:39:57 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified. 2017.11.07 17:39:57 - OpenVPN > Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key. 2017.11.07 17:39:57 - OpenVPN > Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication. 2017.11.07 17:39:57 - OpenVPN > Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key. 2017.11.07 17:39:57 - OpenVPN > Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication. 2017.11.07 17:39:57 - OpenVPN > ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=en0 HWADDR=54:26:96:dd:a1:31. 2017.11.07 17:39:57 - OpenVPN > Opening utun (connect(AF_SYS_CONTROL)): Resource busy. 2017.11.07 17:39:57 - OpenVPN > Opened utun device utun1. 2017.11.07 17:39:57 - OpenVPN > do_ifconfig, tt->did_ifconfig_ipv6_setup=0. 2017.11.07 17:39:57 - OpenVPN > /sbin/ifconfig utun1 delete. 2017.11.07 17:39:57 - OpenVPN > ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address. 2017.11.07 17:39:57 - OpenVPN > NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure. 2017.11.07 17:39:57 - OpenVPN > /sbin/ifconfig utun1 10.4.64.11 10.4.64.11 netmask 255.255.0.0 mtu 1500 up. 2017.11.07 17:39:57 - OpenVPN > /sbin/route add -net 10.4.0.0 10.4.64.11 255.255.0.0. 2017.11.07 17:39:57 - OpenVPN > add net 10.4.0.0: gateway 10.4.64.11. 2017.11.07 17:39:57 - OpenVPN > /sbin/route add -net 104.254.90.202 192.168.0.1 255.255.255.255. 2017.11.07 17:39:57 - OpenVPN > add net 104.254.90.202: gateway 192.168.0.1. 2017.11.07 17:39:57 - OpenVPN > /sbin/route add -net 0.0.0.0 10.4.0.1 128.0.0.0. 2017.11.07 17:39:57 - OpenVPN > add net 0.0.0.0: gateway 10.4.0.1. 2017.11.07 17:39:57 - OpenVPN > /sbin/route add -net 128.0.0.0 10.4.0.1 128.0.0.0. 2017.11.07 17:39:57 - OpenVPN > add net 128.0.0.0: gateway 10.4.0.1. 2017.11.07 17:39:57 - DNS of a network adapter forced (Wi-Fi, from Automatic to 10.4.0.1). 2017.11.07 17:39:58 - DNS of a network adapter forced (ibVPN-L2TP 14, from Automatic to 10.4.0.1). 2017.11.07 17:39:58 - DNS of a network adapter forced (ibVPN-L2TP 15, from Automatic to 10.4.0.1). 2017.11.07 17:39:58 - DNS of a network adapter forced (ibVPN-L2TP 16, from Automatic to 10.4.0.1). 2017.11.07 17:39:58 - DNS of a network adapter forced (ibVPN-L2TP 17, from Automatic to 10.4.0.1). 2017.11.07 17:39:58 - Flushing DNSI 2017.11.07 17:39:59 - Checking route
  21. Accessing an SMB share over TCP port 445. Kaspersky Internet Security 2016 on Win7 x64. "Addresses allowed" not fully working with Network lock enabled. Last address in list works. Disabled wfw - no change Disabled KIS - no change EDIT: Something happened to this posts' tags. Some ended up bunched together?
  22. I'm having constant problems with the Eddie GUI on Ubuntu 17.04. When the VPN connection with the network lock is up and running, everything works fine. The issues start when the VPN (and the network lock) is disabled, the original non-VPN connection is not restored. My tests show that when disabling the VPN, the routing rules are empty and none of the original, non-VPN rules are restored. I've seen this behavior for about a year, now, and I believe it is a very annoying bug of the Eddie interface. By looking at the forum, it seems it is a problem shared across different systems (or at least it affects Windows, too). The only workaround I found so far is to reboot the system preventing the auto-start of the GUI. Any chances it can be fixed? Thanks, S
  23. I do understand that the Network Lock is there to prevent many kinds of leaks. Yet, I am not certain which settings are appropriate for my purposes, and I could not find any definitive answers. I'd like the Network Lock to do be active whenever I'm connected to an Air server, but never to be active when I'm not connected. (BTW, I'm using Windows.) So my question goes like this: When I connect to an Air server, will the Network Lock become active by default? Or do I have to enable it manually? Having a look at the display with the lock icon on the right above, it seems to me that the latter ist true. As I understand it, by going to "Preferences" and then choosing "Activate Network Lock at startup", I can make sure the Network Lock is enabled just as long as the Air Client is running - whether my OS is connected to an Air server or not. (If this is the case, I will be very fine with this solution.) Am I right so far? If I got it right, I would personally guess that many people might not intuitively apprehend how to work properly with the Network Lock. Hence I would humbly suggest to you to consider changing parameters, so that when people connect to a n Air server, the Network lock will be active for their whole session by default. Thank you for your help and support.
  24. Hi, id like to: vpn -> tor in a vm but, i cant connect to tor, its stucked at: Establishing a tor circuit or: connecting to tor maybe i should allow it in address allowed?
×
×
  • Create New...