Jump to content
Not connected, Your IP: 216.73.216.54

Staff

Staff
  • Content Count

    11511
  • Joined

    ...
  • Last visited

    ...
  • Days Won

    2027

Staff last won the day on October 8

Staff had the most liked content!

About Staff

  • Rank
    AirVPN Team
  • Birthday 05/28/2010

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hello! As you may have inferred from the "Login required" string visible on your screenshot you need to log your account in to the infrastructure. You can do it from Eddie's main window. Now, in a few countries (Russia, Iran, Azerbaijan) the login procedure to the servers that have this purpose ("bootstrap servers") may have been blocked. If you see that Eddie throws error messages such as "Login failed" or anything related to bootstrap server you will need to (try to) circumvent the block, probably by not using Eddie. This thread may help you: https://airvpn.org/forums/topic/59479-block-vpn-in-russia/ You can also open a ticket to get assistance by AirVPN support team. Remember to include a system report generated by Eddie, please see here: https://airvpn.org/forums/topic/50663-youve-been-asked-for-a-support-filesystem-report-%E2%80%93-heres-what-to-do/ Kind regards
  2. Hello! The default setting has been picked to meet the needs of most networks (except specific PPPoE networks: they have 8 bytes encapsulation overhead so a WireGuard's interface MTU of 1280 bytes may become necessary) and minimizing the performance sacrifice you suffer with smaller transfer units. However the "recommended" label is not correct, noticed. It all depends on your network so it's incorrect to say that any specific value is recommended, we apologize for the inaccuracy. Kind regards
  3. @tranquivox69 Update: Kind regards
  4. Hello! We're glad to update this thread for due clarifications and additional options for advanced users. Please note that this post pertains only to Android TV, not to Android. In Android TV, Google removed the "Always on VPN" and "Block connections without VPN" features from the user interface for customer experience related issues, but such features remain implemented, available and working. However, their activation requires "advanced" usage. Furthermore, the device manufacturer is free to hinder their usage. For the above reasons, Eddie 3.3 will implement an additional, comfortable and not "Always on VPN" based procedure to start and connect to AirVPN during the device bootstrap on all Android TV versions currently available, so you won't need any complex procedure: you'll just have to turn on an option. In spite of the above, we wish to inform you how to activate, when possible, both "Always on VPN" and "Block connections without VPN" for Eddie on Android TV, because those options together are a very convenient leak prevention method regardless of the procedure that can be used to start Eddie either during the device bootstrap or not. Please be aware that you proceed at your own risk and do not modify any other field in any database table. Should you do so, you could brick your device and the only way out would be forcing a factory reset. Consider to dump the secure table before any modification. Prepare the device to accept shell commands Activate developer's options on the device and enable debugging via USB and/or local network. Procedures to do so slightly vary from device to device, general instructions are here: https://developer.android.com/studio/debug/dev-options Install Android Debug Bridge (adb) on your computer: https://www.xda-developers.com/install-adb-windows-macos-linux/ Enable Always on VPN and Block connections without VPN options for Eddie To start, please make sure that Eddie is installed in your Android TV device and that it is configured NOT to start during the device bootstrap Connect your computer to the Android TV box, either via USB or local network (see the above linked instructions) Via adb shell, in the secure db table, set always_on_vpn_app to org.airvpn.eddie and always_on_vpn_lockdown to 1. Exact commands: adb shell settings put secure always_on_vpn_app org.airvpn.eddie adb shell settings put secure always_on_vpn_lockdown 1 Verify that the settings are not wiped out by the firmware or manufacturer's supervision programs Reboot the device (do not run Eddie) Verify that the device does not have Internet connectivity Verify that the mentioned settings have not been modified or deleted: adb shell settings list secure | grep always_on_vpn If you get Internet connection and/or the settings have not survived the reboot, then your manufacturer probably modified the system in order to reject such settings, or removed the required framework to have them working properly. In this case, you can not enjoy the features (unless you find some hack that's specific for your device). Now, it everything works as expected, run Eddie and verify that Eddie can connect to any VPN server. Once connected, verify that you have regular Internet connectivity via VPN. Disconnect Eddie, and verify that you lose again Internet connectivity. If everything went fine, you have now a nice leaks prevention at system level! How to disable both Always on VPN and lockdown You need again the shell to do it: adb shell settings delete secure always_on_vpn_lockdown adb shell settings delete secure always_on_vpn_app Then reboot the machine. Why would manufacturers hinder Always on VPN and lockdown usage when Google offered them in the API? This is a nice question and we do not have a precise answer, we're sorry. Some people speculate that it's easier to obtain specific DRM related certifications such as Widevine L1 when the mentioned features are reset or forbidden altogether. According to other speculations, it's easier to profile the device owner when VPN usage is intermittent, and nowadays profiling and personal data selling is probably a relevant source of revenue. Since Google allows the removal of the mentioned options without prejudice for its own certifications, manufacturers are indeed free to act as they deem appropriate. Who or what can block my Always on VPN and lockdown features? This table (created by ChatGPT) can be useful to summarize: +--------------------------------------------------------------+ | VPN Applications | +--------------------------------------------------------------+ | - The app must support Always-on VPN | | - If not declared, the framework ignores the configuration | | - Auto-start only possible if the app has proper privileges | +--------------------------------------------------------------+ ^ | v +--------------------------------------------------------------+ | VpnService / ConnectivityService | +--------------------------------------------------------------+ | - Manages VPN connections at system level | | - Reads ALWAYS_ON_VPN_APP and LOCKDOWN from secure settings | | - Cannot force-start an incompatible VPN app | +--------------------------------------------------------------+ ^ | v +--------------------------------------------------------------+ | Settings Provider | +--------------------------------------------------------------+ | - Stores secure/global settings values | | - Write access only for SYSTEM/SHELL/privileged apps | | - ADB changes may work but are not guaranteed | +--------------------------------------------------------------+ ^ | v +--------------------------------------------------------------+ | Firmware / OEM Layer | +--------------------------------------------------------------+ | - Can disable the UI toggle for Always-on VPN | | - Can kill VPN apps in background (Task Manager / Guard) | | - Can overwrite secure settings at boot | | - May block auto-start for DRM / streaming compatibility | +--------------------------------------------------------------+ ^ | v +--------------------------------------------------------------+ | Certifications & DRM | +--------------------------------------------------------------+ | 1. CTS / CTS-Verifier | | - Ensures API compatibility | | - Does not require exposing Always-on VPN in the UI | | 2. CDD (Compatibility Definition Document) | | - Defines minimum behavior for Android TV devices | | - Regulates background/startup for media stability | | 3. Widevine / PlayReady / HDCP | | - Can block Always-on VPN if it interferes with DRM | | - Prevents unauthorized geo-spoofing | | 4. GMS Certification | | - Requires Play Store / Google apps compliance | | - Restricts background tasks, startup, and VPN lockdown | +--------------------------------------------------------------+ Do you have a list of devices where Always on VPN + VPN lockdown work or do not work? Please feel free to report your experience with your own device! List of devices where both features work properly. nVidia Shield TV running Android TV 11 stock emulated Android TV 9, 11, 13, 14 and 16 Strong SRT420 running Android TV 11 List of devices where Always on VPN works but VPN lockdown does not and/or causes relevant problems: Amazon FireTV Cube with FireOS 7.1.x: lockdown works but if you disconnect the VPN the system enters a sort of network permanent freeze which requires a reboot Kind regards
  5. Hello! The suspicion that this is the case, especially since their VPN has proven disappointing and invasive advertising has intensified, is strong because Malwarebytes also flags entry addresses as sources of danger. On entry addresses there is obviously nothing but WireGuard, OpenVPN, and internal services that are not accessible to the public. Kind regards
  6. Hello! We're glad to inform you that they are up now. Kind regards
  7. Hello! Thank you for the suggestion. There is, but it's not based on firewall rules as the app is thought to be run even in unrooted devices, obviously. It's "VPN Lock" that you can find on the settings. Alternatively you can use the built-in Android "Always on VPN" and "Block traffic if VPN is inactive", which is a solution that's in general reliable and more flexible. Available on all Android versions except when suppressed by the manufacturer (in the recent past a few major Chinese phone companies suppressed "Always on VPN" in their custom Android implementation), but not available on Android TV 10 and higher versions on most (all?) implementations It is not "considered" open source, it IS free and open source software by definition (GPLv3 license), so not only open source, but also free (free as in freedom, not as in free beer ). We considered F-Droid but momentarily we decided not to make it available there. Anyway you can find the APK directly on our web site and side load it as usual. Kind regards
  8. @CComet Hello! It's important (not only for Eddie) that the two interfaces don't have the same default gateway, which would be a critical error in general if routing table has not been set accordingly, for example through a robust policy-based routing. Once this problem is fixed, or if it was already addressed, please send us a system report, not only a log, in case the issue with Eddie persists: https://airvpn.org/forums/topic/50663-youve-been-asked-for-a-support-filesystem-report-–-heres-what-to-do/ Kind regards
  9. @misamarumaru Hello! Can you please make sure that the FTP server listening data ports range is exactly matching the range of remotely forwarded ports? Kind regards
  10. Hello! Perhaps this thread is suitable: https://airvpn.org/forums/topic/56980-vpn-servers-mostly-blocked-by-reddit If it's not, you can consider a new thread on the "Blocked website warnings" community forum. Kind regards
  11. Hello! Very puzzling, 2.16 uses archaic libraries and OpenVPN versions. Can you tell us your Operating System name and version? Kind regards
  12. Hello! Eddie 2.24.6 connects over WireGuard by default, whereas all the previous stable versions by default launched OpenVPN 2. Please try to set virtual network interface MTU to 1280 bytes. You can do it in Eddie's "Preferences" > "WireGuard" window. Re-start the connection to apply the change and check whether performance improves. If it does not improve, try to go back to OpenVPN. You can do it in Eddie's "Preferences" > "Protocols" window. Kind regards
  13. Hello! Yes, definitely. We will consider it seriously and keep you posted. Kind regards
  14. So it's hearsay, not a direct test. Auto login yes, but automatic connection when the user starts the app, either during the bootstrap or in any another moment, is not an available feature. Currently Eddie Android edition can connect automatically only during the device bootstrap (if it is configured to do so) and only when "Always on VPN" is enabled for the app. Kind regards
×
×
  • Create New...