Jump to content
Not connected, Your IP: 34.201.122.150
corrado

Alternative AirVPN client with provider-independent double-hop support (GNU/Linux)

Recommended Posts

Hi,

 

I have written an alternative client for AirVPN that I would like to share with you. Just as Eddie, it supports other providers, too, as long as OpenVPN config files are provided. For AirVPN and Mullvad it offers a convenient update function that just requires you to enter your credentials in order to download the latest server configurations. Furthermore, it allows you to choose among the plethora of protocols offered by AirVPN (including OpenVPN over SSL/SSH) except the experimental ones (I might add support for those in the future, once they become available for all servers).

 

Qomui (Qt OpenVPN management UI) as I have named it, is written in Python and PyQt and should run on any GNU/Linux distribution. It allows you to easily create double-hop connections. In other words, you can route your requests via two OpenVPN servers. This feature works provider-independent. For example, you could choose a Mullvad server for the first hop, and AirVPN for the second (I have successfully tested this with AirVPN, Mullvad and ProtonVPN). Thereby, it avoids a major downside of similar offers by some providers, namely the fact that if one provider controls all "hops" he or she could potentially still see, log or inspect all your traffic. In the latter case, you would gain little in terms of privacy. With the ability to "mix" providers, Qomui does not suffer from the same problem and hence offers some tangible benefits. Obviously, you would still have to sacrifice some speed/bandwith, though.

 

Depending on your DE (looking at you, Gnome!), Qomui will also display a systray icon that shows the country of the server you are currently connected to. Additional features include protection against DNS leaks and a firewall that optionally blocks all outgoing network connections except for the OpenVPN server you have chosen. Since it is never recommended to run graphical applications as root, which is a major flaw of most OpenVPN clients, all commands that require root privileges are handled by a background service that can be controlled via systemd. The following screenshot gives you an idea of what Qomui looks like (on Arch/Arc Dark Theme).

 

 

If you are interested, you can download Qomui from github:  https://github.com/corrad1nho/qomui

 

Of course, I'd be happy for any kind of feedback. If you find bugs or Qomui does not run properly or not at all on your machine, please let me know. I'm happy to help!

 

At last, a big thank you to AirVPN and its amazing community. The fact that you rely more on explaining technical details than empty promises, has helped me to learn a lot. It is also one of the main reason why I chose AirVPN. Commendably, Eddie is also released as open-source software. Only Mullvad does that, too, to my knowledge. Why doesn't every provider do that? You are selling a service, not software! Why would I trust in proprietary software? Funnily, I have never really used Eddie, though, since I was accustomed to manually adding config files to NetworkManager as my first provider did not offer a GNU/Linux client. My interest in features such as OpenVPN over SSL made me look into more convenient solutions, though. Ultimately I decided to write my own program as I wanted to learn some Python and this provided a perfect practical challenge. I have actually used Qomui daily on multiple machines during the past few months and constantly tried to improve it. So I'd thought it'd be about to time to share it (it's an alpha release, though).

 

Have a nice weekend!

 

Corrado

Share this post


Link to post

I added an additional feature that allows applications to bypass an existing OpenVPN tunnel. This can be useful if you want to use services that block OpenVPN servers such as Netflix without compromising your other internet traffic. You can easily add applications that you don't want to use the OpenVPN tunnel to Qomui and start them from there. If you are interested how this works have a look at https://serverfault.com/questions/669430/how-to-bypass-openvpn-per-application/761780#761780. Essentially, running an application outside the OpenVPN tunnel works by putting it in a network control group. This allows classifying and identifying network packets from processes in this cgroup in order to route them differently.

 

Have a look at the screenshots to get an idea

Share this post


Link to post

It's good to see stuff like this in the forums.  Compared to two years ago I think Air forums have lost a lot of knowledgeable users so this is refreshing.

 

I don't think I'll have an opportunity to use this as I use pfense but I hope somebody finds it useful.

Share this post


Link to post

Thanks for your replies! I will definitely look into flathub, that would be a great way for distribution and to manage dependencies in particular. However, I am not so sure whether the fact that the app would still need to manage some integral system parts (routing, iptables, cgroups etc.) would be compatible with the general flatpak approach of providing a sandboxed environment. I don't know too much about that to be honest. But these new distribution-agnostic package distribution platforms such as flatpak are surely an interesting development worth looking into.

Share this post


Link to post

I released v3.0 which among other things adds the possibility to mark servers as favorites and randomly connect to one of them. Unfortunately, after looking into it I realized that packaging the app for flathub is almost impossible as it cannot work in a container as it needs access to the main system, e.g. network management.

Share this post


Link to post

This looks like good work corrado!  I will definitely give it a try. I'll be sure to report any issues. Thx

Share this post


Link to post

Thanks, 183aTr78f9o!

 

Only issue I noticed is that "Disable IPv6" in the settings doesn't stick when restarting the program, although I get the popup saying "Configuration updated successfully". I even tried to change the setting as super user by running

 

Double-checked that, and it is indeed a bug. Thank you for letting me know! There is a line missing after reading the config file to update the Gui accordingly when Qomui is starting. However, disabling ipv6 is handled by the systemd-service, so whether or not the Gui is showing it correctly, the setting should be active nonetheless if this configuration has been successfully saved. Disabling ipv6 should even persist across reboots if qomui-service is enabled via systemd. But if not truly needed, I would recommend against disabling ipv6 as this can have unforeseen consequences for other applications that might refuse to work. The default configurations of Qomui's firewall will block all ipv6 traffic except localhost anyway.

 

I even tried to change the setting as super user by running

 

For the reason above, this does not help at all. In fact, you should never run qomui-gui as root - as it can mess with the Gui and simply won't work on Wayland sessions. All privileged commands are handled via D-Bus by qomui-service. Furthermore, whether starting the gui as root or not changing the settings requires authentication via policykit/sudo. This is to avoid making changes of security-sensitive settings such as iptables/firewall available to an unprivileged user.

 

It would be nice if we could see connection time and IP address along with down/up speeds and data volumes.

 

Down/up speeds and aggregated data volume should already be there if there is an active connection. Have a look at the screenshots I posted an let me know if this line is missing on your system. Otherwise, good suggestion, expect an update with more information shown in the status widget very soon. I'm thinking about IP, Port/Protocol, Ping and connection time.

Share this post


Link to post

Love the software. Really good work.

 

I like to navigate though keyboards a lot of the times. Is it possible to search the vpn profile name using the keyboard? You could do this in the original Eddie client. 

Share this post


Link to post

Hi carrado,

​Thought I'd drop in and say thanks, I'm using it now and it's working pretty good, I can't seem to add an application to the Bypass list (works good from cli) and the icon is there but doesn't show up on my dark theme (hover shows).  The minimize button just pops the app back up, maximize doesn't do anything, only clicking the 'x' button gives an option to minimize which will minimize to the tray. (the 'x' also gives options to exit or cancel) This is on Mint 18.3 cinnamon.

​Also, does it try to auto re-connect if the server drops out?

​Cheers and thanks again.

Share this post


Link to post
Hello corrado

On mint 18.3 xfce we got this syntax error yesterday. We installed all the dependencies and since the qomui launcher was not responding we tried to open from terminal but got this error. I remember from my ubuntu days fixing something like this but I haven't used ubuntu, mint or xfce in years. So wondering if you have suggestions on how to fix before I lose anymore cred lol

Thx

 

Traceback (most recent call last):

  File "/usr/local/bin/qomui-gui", line 9, in <module>

    load_entry_point('qomui==0.3.1', 'gui_scripts', 'qomui-gui')()

  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 476, in load_entry_point

    return get_distribution(dist).load_entry_point(group, name)

  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2700, in load_entry_point

    return ep.load()

  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2318, in load

    return self.resolve()

  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2324, in resolve

    module = __import__(self.module_name, fromlist=['__name__'], level=0)

  File "/usr/local/lib/python2.7/dist-packages/qomui/qomui_gui.py", line 1102

    def filterList(self, *arg, display="filter"):

                                     ^

SyntaxError: invalid syntax

Share this post


Link to post

Thank you all for your feedback, suggestions and bug reports. I just uploaded version 0.4 that addresses a lot of your issues. The biggest new feature is an option to automatically sort servers by latency (currently this is only performed at startup or once you activate the respective option) But first of all:

 

Talking about updates, noob question: how are we supposed to update Qomui? should I just run git clone and pip install again when the GitHub repository gets updated?

 

Yes, that's the way. I'm thinking about a better solutions, though (uploading to AUR, creating .deb-package etc.).

 

 

  • Possibility to sort servers by latency.
  • Adding a tooltip when overriding the tray icon with the mouse cursor with some information, like IP address, connection time, up/down speeds... in a nutshell, some of the information in the "status widget" as you call it.

 

I implemented both suggestions, but it is not displayed as tooltip yet. I will rework the tray-menu anyway and add a few options.

 

​Thought I'd drop in and say thanks, I'm using it now and it's working pretty good, I can't seem to add an application to the Bypass list (works good from cli) and the icon is there but doesn't show up on my dark theme (hover shows).  The minimize button just pops the app back up, maximize doesn't do anything, only clicking the 'x' button gives an option to minimize which will minimize to the tray. (the 'x' also gives options to exit or cancel) This is on Mint 18.3 cinnamon.

 

Thanks a lot, both bugs should be fixed. When I tested this on Mint 18.3 application list was indeed empty - reason was that Mint lacks one of the standard directories for application files. I'm not sure I understand what you mean by the icon doesn't show up on dark theme? Which icon?

 

​Also, does it try to auto re-connect if the server drops out

 

Automatic connects/disconnect happen when network changes are detected or when you start a second instance. However, Qomui does currently not monitor the tunnel. I never really had issues with drops myself and I'll have to look into a good solution to detect them - do you know if OpenVPN logs can help here?

 

I like to navigate though keyboards a lot of the times. Is it possible to search the vpn profile name using the keyboard?

 

Currently, this is not implemented. I'll add your suggestion to my to-do-list, but this might take a while...

 

On mint 18.3 xfce we got this syntax error yesterday.

 

@inradius: I think you installed Qomui for Python 2.7 instead of Python 3. This won't work as it is a Python 3 application. On Linux Mint I think you have to use the following command after cloning from github to avoid this error (try removing Qomui with "pip uninstall qomui" before you do):

sudo pip3 install ./

The "3" is the key here

 

Cheers!

 

Share this post


Link to post

 

Quote

​ Thought I'd drop in and say thanks, I'm using it now and it's working pretty good, I can't seem to add an application to the Bypass list (works good from cli) and the icon is there but doesn't show up on my dark theme (hover shows).  The minimize button just pops the app back up, maximize doesn't do anything, only clicking the 'x' button gives an option to minimize which will minimize to the tray. (the 'x' also gives options to exit or cancel) This is on Mint 18.3 cinnamon.

 

Thanks a lot, both bugs should be fixed. When I tested this on Mint 18.3 application list was indeed empty - reason was that Mint lacks one of the standard directories for application files. I'm not sure I understand what you mean by the icon doesn't show up on dark theme? Which icon?

Just tried 0.4 and I can confirm that both bugs are now gone.  ​The system tray icon doesn't show, only a space and it doesn't matter which theme I try. Hovering over the space in the system tray does gives the qomui-gui pop up and clicking on the space gives the show / quit options.

 

Quote

 

​Also, does it try to auto re-connect if the server drops out

Automatic connects/disconnect happen when network changes are detected or when you start a second instance. However, Qomui does currently not monitor the tunnel. I never really had issues with drops myself and I'll have to look into a good solution to detect them - do you know if OpenVPN logs can help here?

​It would be easy to do if everyone used network lock (just ping something) but what about using something like nmcli dev status | grep tun0. The command should return a  connected, although not at the start of the line. Or maybe if nmcli dev status --active | grep tun0 returns anything.

​Anyway, as you can tell, I'm not a programmer.

Share this post


Link to post

@183aTr78f9o: Thank you very very much for your detailed report. This really helps a lot. I'm pretty sure all the crashes can be explained by a buggy implementation of the latency check feature - terminal output confirms this, too. While I was thinking hard to strike a balance between performance and usability, I didn't test this thoroughly enough. I will have fixed this by tomorrow and I will also look into the releases feed on github. I'm a total noob when it comes to github as of now and I'm still discovering all the possibilities. But looking forward I guess releasing deb packages and publishing on AUR makes even more sense.

 

At this point, qomui-gui wouldn't start at all, even via the terminal. Deleting the .qomui folder in /home solved the issue, it started. Settings were saved, but I had to enter my Air login once more. And force close again.

 

Settings are saved in /usr/share/qomui whereas servers are saved in your home folder. I just realized that installing a new version of Qomui will override your settings which is bad and will be fixed in the next release.

 

The system tray icon doesn't show, only a space and it doesn't matter which theme I try. Hovering over the space in the system tray does gives the qomui-gui pop up and clicking on the space gives the show / quit options.

 

This gives me headaches! I remember this issue when I did a test install on Linux Mint a while back but it seemed to be fixed. When you reported the other bugs, I fired up a virtual machine with Mint 18.3 but couldn't reproduce your issue with the tray icon. That's why I asked. Did you reboot/logoff by a any chance? In my case, Qomui would only show up in the start menu (tray icon would be displayed, however) after rebooting for reasons I don't quite understand yet. These problems might be connected. I have an idea or two how to make the tray icon more robust and your feedback is very valuable because these things are a nightmare to troubleshoot as Qt doesn't raise an exception when the icon is not shown. Also, do you see the tray icon when you connect to an Air server? It should display the flag of the country where the server is located.

 

​It would be easy to do if everyone used network lock (just ping something) but what about using something like nmcli dev status | grep tun0. The command should return a  connected, although not at the start of the line. Or maybe if nmcli dev status --active | grep tun0 returns anything.

 

Thank you for your suggestions! Pinging something seems bad because a failed ping could have many other reasons even if network lock is active. Checking via nmcli is probably better but I don't know how reliable this is. I'll look into it.

Share this post


Link to post

New version 0.4.1 online: Most of the bugs discussed above should be fixed - hopefully!

 

@183aTr78f9o: Updates do not override previous config files any longer.

 

@greerd: Tray icon should now be visible; I tested this successfully on two clean installs of Mint Cinnamon (virtual machine and bare metal). If not, please check if '/usr/share/icons/hicolor/scalable/apps/qomui.svg' is on your system, thanks!

Share this post


Link to post

EDIT: Updated to 0.4.1

The tray icon is visible after qomui-gui startup and until I click the connect button, then it disappears and disconnecting doesn't make it visible again, only killing and restarting the app makes it visible (until I click connect again). I'm running Mint on bare metal.

​'/usr/share/icons/hicolor/scalable/apps/qomui.svg'  does exist, is the tray icon suppose to change during the connect process?

Share this post


Link to post

My Air credentials and used protocol/port were saved, servers were still listed. However, my settings were reset once more. All boxes were unchecked.

 

I tested uninstalling/reinstalling in three different VMs and settings were preserved each time - and tried again just now with the same result. Would be interesting to know if you'll have this issue again with the next version. This should not happen in the future.

 

The tray icon is visible after qomui-gui startup and until I click the connect button, then it disappears and disconnecting doesn't make it visible again, only killing and restarting the app makes it visible (until I click connect again). I'm running Mint on bare metal.

​'/usr/share/icons/hicolor/scalable/apps/qomui.svg'  does exist, is the tray icon suppose to change during the connect process?

 

I'm at a loss. The issue seems to be with the .png-icons. When you start Qomui the tray icon is ​'/usr/share/icons/hicolor/scalable/apps/qomui.svg', but once you successfully connected you should see a country flag of that server (same as in the server list) instead of a blank space. The flag pngs are located at /usr/share/qomui/flags. In a nutshell, svg seems to be working png (the standard format) does not. Maybe Cinnamon can't scale the latter correctly on all systems. I realized they are actually quite large at 720x720. I did that to ensure support for HiDPI displays but may have overdone it. Since I can't reproduce the issue, I have attached a much smaller png at 32x32 of the Netherlands, and 256x256 of Sweden. If you want you can replace the original ones under /usr/share/qomui/flags with those two for testing purposes - just to confirm that it is indeed a scaling issue. If you do, try connecting to a server from Sweden/Netherlands first. I have tested 5 different DEs so far, Plasma, Gnome (no support for tray icon), Cinnamon, XFCE and Unity (or more recently, Ubuntu-Gnome), and never had this issue except with a very early version where I had just downloaded some random flag icons. Do you have a HiDPI-Display or have you heavily customized the default settings for the tray in particular? Have you tried the customized panel size and auto-scaling of icons in panel settings? Would be interesting to know if that helps.

 

Share this post


Link to post

Hi corrado,

​I tried both Sweden and Netherlands servers with the different sized icons in /usr/share/qomui/flags(664 permissions), tried in a new panel and new system tray without scaling, reboot, some other combinations and different panel scaling but no luck, as soon as I click connect, the tray icon is gone. My resolution is 1900 x 1200.

 

​Thanks for the effort in all this, it's a nice app, maybe Mint 19 will give me better luck!

Share this post


Link to post

I've been using Qomui for a week now. Other than this little hiccup when updating to 0.4.0, I've had litterally zero issue whatsoever. No crash, no disconnection, no UI glitch. I've just migrated my main machine from MATE desktop to KDE Plasma, Qomui is still working as expected.

 

Hopefully more Linux users will come accross this nice OpenVPN GUI client, it deserves to be known in my opinion.

 

Thank you for this nice feedback, glad you like Qomui! I'm currently rewritting the config-file management to reliably avoid updates overwriting your configuration. Also, I'm working on a PKGBUILD for AUR and a .deb for easier installation and update-management. Not sure where to upload the latter, though: Is launchpad still a thing?

 

​I tried both Sweden and Netherlands servers with the different sized icons in /usr/share/qomui/flags(664 permissions), tried in a new panel and new system tray without scaling, reboot, some other combinations and different panel scaling but no luck, as soon as I click connect, the tray icon is gone. My resolution is 1900 x 1200.

 

Thank you for trying! I'm out of ideas - the next update will feature an option for a "simple tray mode" that will hopefully offer a working alternative.

Share this post


Link to post
$ sudo apt-get install python3 python3-setuptools python3-pip python3-pyqt5 python3-dbus python3-dbus.mainloop.pyqt5 openvpn stunnel dnsutils net-tools dnsmasq cgroup-lite cgroup-tools geoip-bin geoip-database python3-psutil python3-requests python3-lxml python3-bs4 python3-pycountry python3-pexpect
Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances       
Lecture des informations d'état... Fait
Note : sélection de « stunnel4 » au lieu de « stunnel »
E: Impossible de trouver le paquet cgroup-lite 

 

A dependency is missing in Debian !

Share this post


Link to post

@SirAlexander: You are right, I was not aware that cgroup-lite is only available via Ubuntu repositories. It is a tool to automatically mount cgroups. Seems that on Debian "cgroupfs-mount" does the same thing. So you can try that one. In case you are not interested in the Bypass-Feature you don't have to install the cgroup-packages at all.

Share this post


Link to post

Does not work for me

 

If you could give me a little more information I'd be happy to help. What exactly isn't working? Does the gui show up at all? What distributon/DE are you using (I have only tested Ubuntu- and Arch-based distros so far)? To identify the issue it would be best if you could start the gui and the service from two respective terminals.

 

In the first one type:

sudo qomui-service

And the second one (without sudo):

qomui-gui

Then post the output here and I'm confident I can help to resolve your issue quickly - it's an early release and there are still a few things to iron out.

Share this post


Link to post

Superb progam, been using on Kali Linux no problems at all, I also would like a reconnect feature if connection is lost but thats the only thing.

Keep up the good work.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...