Search the Community

I just signed up for a year plan of AirVPN and gave Eddie a try. It isn't able to connect to AirVPN servers for me. And in the protocols tab of Eddie settings — all I found were just a bunch of OpenVPN ports and a few WireGuard ones. I don't need to say ports aren't protocols. I knew AmneziaWG client would work with AirVPN, but was hoping I could find use for Eddie, especially if split-tunnel routing could be set up more intelligently than the barebones AmneziaWG offers in that department. To give you an idea of routing hoops I was trying to avoid jumping: I'm having to use a self-written script for automatic CIDR-set inversion and input the result into the configs manually… it's a whole chore. I'm able to connect to AirVPN WireGuard servers using AmneziaWG client by manually enriching the configs generated with the `i1` parameter set to a binary string I had to find myself — one that slips under the DPI radar. Here's a page about AmneziaVPN, but which illustrates how a suitable binary string may be acquired: https://docs.amnezia.org/documentation/instructions/new-amneziawg-selfhosted/ I'm in Russia on Windows and Android. A poweruser and a coder where it comes to PC. Know my way around GNU/Linux and WSL when needed too. AmneziaWG 1.5 protocol extends WireGuard with CPS among other client-side obfuscation methods and presents a necessary technique of VPN connection restriction circumvention in Russia. Basic feature documentation here: https://docs.amnezia.org/documentation/amnezia-wg/#how-it-works CPS is fully compatible with any ol' WireGuard server due to inherent noise filtering WG is built on and basically only concerns establishment of a persistent connection. The DPI systems deployed over here are only capable of interrogating and filtering traffic of establishing connections to decide whether the outbound port opening by ISP will be permitted. My ISP already won't let connections to WireGuard endpoints that are performed without CPS and I'm sure many other ISPs block them as well, judging by rapid CPS adoption observed being reported on Russian Internet censorship circumvention forums. Used to be that `j` parameters would be enough to get around DPI packet filtering. Now pretty much nothing aside the `i` parameter helps in AmneziaWG client. To be clear before I proceed, I'd like to call attention to the following all being distinct entities not to be confused with each other, despite overlapping titling convention: - AmneziaWG protocol extending WireGuard protocol mainly to inject junk that bedazzles active DPI systems in the middle. This is the topic here. - AmneziaWG software forked openly from WireGuard client sources, implementing the above with its own version numbers not shared with the upstream or either protocols. - AmneziaVPN service hosted commercially. - AmneziaVPN software sorta implementing both but mainly geared as a client to the service. Now here's the pickle… Technical protocol specification documentation for AmneziaWG 1.5, including CPS is somewhat scant. No committee, just scrambling for the arms race. It's probably better to check reference implementations. IIRC, this commit implements `i#` parameters, where `#` is a digit: https://github.com/amnezia-vpn/amneziawg-go/commit/c20789848019fb494dbe9d280eb246f29b95ab85 WG Tunnel is an independent FOSS Android implementation of AmneziaWG 1.5 CPS in a config-compatible manner to AmneziaWG client: https://github.com/wgtunnel/wgtunnel I'm also aware of another implementation in a commercial WireGuard client titled WireSock Secure Connect Beta that derives those binaries procedurally, which makes it not directly config-compatible, but that is off topic at the moment. With everything above in mind, it does not seem like Eddie is going to be usable in Russia until AmneziaWG 1.5 CPS is implemented. So here's me asking if Eddie could support AmneziaWG 1.5 CPS client extension to the WireGuard protocol. And to be thorough in avoiding confusion, in case my initial statement is lost in the post, I want to repeat… No modifications is needed to AirVPN's WireGuard servers in order to implement this — CPS is client-side handshake obfuscation that WireGuard's built-in noise filtering inherently ignores.

Hi, Eddie not registering its version number makes WinGet (which we all know is Microsoft's official package manager) want to reinstall its current version every time it checks for an update. A fix for this was requested here (nov 2021) and here (jan 2023) but still hasn't been implemented yet while it's such an easy fix. Upon further inspection, it seems development on the Eddie client is really slow, as can be seen here and here. There's some development being done from time to time but a new stable version hasn't been released in years. It makes me want to consider an alternative as it indicates AirVPN may not have their priorities straight. Can anyone weigh in here?

Request for the server to forward a /128 to the vpn client so that port forwarding is unneeded for IPv6, though there may be some concerns with it over hosting http content etc...

I propose to add an additional option to generate a config file per City (https://airvpn.org/generator/) that will connect to the most optimal server for that city based on server load. This would work similar to how when you connect via Country or Continent. What I mean is when generating config files (https://airvpn.org/generator/) you can only select the specific servers for each city, rather than selecting just the city itself. The problem with connecting via Country or Continent is it will often connect you to a less than optimal server relative to your location. For example, Chicago based connections might be connected to Florida etc. which ultimately leads to connections with bad latency and lower speeds.

Hello AirVPN Staff and others. I would very much like to have an API call for creating and removing port forwardings, including requesting a random port. This would allow users to have a different port open for every session started. Setting up a port to be forwarded is already pretty simple, but it does still require having a web browser running and logging in to Air. This may be a small obstacle, but an obstacle nonetheless. I strongly suspect many people will set up a port forwarding only once, and then using the same port for all future sessions, and this has some negative implications for privacy. It is already possible to have this functionality when talking to Air's web server through a browser and clicking buttons manually, so I'm making the assumption it will not be too difficult to do the same through an official HTTP-based API. Does this make sense? I'd love to hear what you think.

Hi there, I've been using the AirVPN service now for several weeks and its been great! Due to my ISP (VirginMedia) throttling VPN connections, I've been using the SSL/SSH Tunnels to get through. None the less they still apply a general throttle of 2 MB/s to all encrypted connections. After having done a bit of testing with one of my servers, I realised that the throttling is not done across the whole spectrum of ports, only ports 1 to 1024. For anything higher, in my test case 5432, there was no more throttling being applied. Would it be possible to have the SSH/SSL tunnels connecting over a port greater than 1024, in addition to the current ones (22, 52, 80, and 443)? Thanks!

Hello AirVPN, Just a quick usability suggestion. It would be great to be able to add a short description or label to each forwarded port. It's hard to keep track of which port is used for what or why you even have it open in the first place. Thank you for taking this into consideration