First I want to say thanks to the developers who work on Eddie. It's a great vpn client and pretty much the only way I utilize Airvpn's services (other than Android, for now). That said, I find the cli leaves a bit to be desired. I've been using/maintaining a docker image containing Eddie that I can utilize to force my other containers to go through VPN while leaving the host machine's network untouched, and I've recently run into the following issues. The Dockerfile is here, for reference - https://github.com/rahmnathan/docker/tree/master/deluge/vpn .
1) Network lock might not activate, even when requested. This is the issue that prompted me to take a look at my image again as I had a vpn leak even though I had specified '-netlock'. Looking at the logs, there was an entry of the following (paraphrasing here) - "Network Lock not activated. No strategy available.". The log said that the network lock was not activated because there was no way for it to happen. That makes sense, as my base Docker image doesn't have iptables by default. The problem is, eddie still started and other than the log message, there was no indication that anything was wrong. To me, this seems like a scenario where eddie should fail to start for security purposes. I think if the network lock isn't going to work, the user should be forced to either fix it (install iptables, in my scenario) or remove the '-netlock' argument so they know that it will not be active.
2) Confusing '--help' output and docs. I used a combination of this page - https://airvpn.org/topic/11541-command-line-edition-and-syntax/ as well as the '--help' output to try to resolve my issue. The first confusing thing was referencing 'eddie-ui -cli' where the package I was using contains 'eddie-cli'. If both of those are still valid, it might be worth mentioning that the cli command is different based on the package you download (I'm using the command-line download). Another confusing part: In the documentation it mentions "By default, the client doesn't connect to any server automatically. Specify -connect to connect automatically."... In the '--help' output, there is also an entry of "connect Connect automatically at startup. Only for GUI, command-line always starts directly. Default: 'False'". So do I need to specify '-connect' on the command-line or not? I'm still not sure. The final documentation confusion came from this entry in the '--help' output - "By default the application works interactively: Press 'n' to connect to a server, 'x' or 'ctrl+c' to exit. Specify '--batch' for non-interactive mode." I'm still trying to figure out what '--batch' does and how it's different from '-connect'. Overall the '--help' docs leave a lot to be desired. The formatting is quite difficult to follow. I think there a missing line-breaks and maybe some that shouldn't be there. Here's a chunk that just does not look right...
Specify '--netlock' to start with network lock activation. By default the application works interactively: Press 'n' to connect to a server, 'x' or 'ctrl+c' to exit.
Specify '--batch' for non-interactive mode. cli
Don't show the graphics user interface. Connect directly. Default: 'False'
Show help manual. Default: 'False'
It looks like 'cli' should be on a new line. And I'm not sure where the 'By default' line is supposed to go, but it doesn't seem right where it is. Compared to something like 'java --help' or 'docker --help', there's a lot to be desired.
Again, overall I love Eddie and that's why I'm here trying to voice my experiences so they can be improved upon (or I can at least be educated as to why things are the way they are). If I was more familiar with .Net and Mono, I might poke around in the source myself, but I'm pretty isolated to the Java space right now. Anyway, I just wanted to open the discussion about what I found and see what everyone's thoughts are.
Edit: The exact log statement regarding the network lock is - "There is no available or enabled Network Lock mode, sorry."