Staff

@lexsilico Hello! Thank you. We now have all the data. We will update this thread when we have more definite information. In the meantime keep using the successful patch you have already applied. Kind regards

@72MqavduqVa286gd Hello! Nothing changed in Eddie's choice order about which firewall utility to run for the Network Lock rules. If both iptables-legacy and nft utilities are available Eddie picks iptables to avoid mixing up nft and iptables rules in various distributions running daemons at startup that still run iptables. You may force Eddie to use nft in "Preferences" > "Network Lock" windows, provided that the nft utility is in the command path. However this is probably irrelevant because, for Network Lock purposes, iptables and nft rules are identical. DNS leaks are not strictly related to network lock: we mean that in general there must be no DNS leak with or without Network Lock. Feel free to publish a system report generated by Eddie for further investigation. Kind regards

Hello! Thanks. Now let's see which route the kernel picks to reach WireGuard's EndPoint. Pick a specific server and verify that the connection takes place through wlan0. From your initial message we see that you may have picked a UK server, let's say Arber (entry-IP addresses 3: 141.98.100.148 and 2001:ac8:31:368:e619:164f:9446:ff2e). Connect to Arber (not to UK in general, connect to this specific server) and verify from the log that WireGuard picks wlan0. Disconnect, shut down Bluetit (sudo systemctl stop bluetit), and check the route the kernel picks on its own: ip route get 141.98.100.148 ip -6 route get 2001:ac8:31:368:e619:164f:9446:ff2e Publish the whole output. Kind regards

Hello! Please send also the output of ip a ip route show before you start Bluetit and/or WireGuard. Kind regards

Please re-read. Your question: "any plan ...?". Answer: "Yes ...". Kind regards

Hello! We're glad to know it. Consider that when OpenVPN finds two interfaces with the same default gateway it stops immediately by throwing a critical error due to the ambiguity. Can you publish the system's routing table and the various interface settings before WireGuard is launched? Kind regards

Solution. Kind regards

@lexsilico Hello! You still have the option to configure policy-based routing using ip to force WireGuard traffic to go through a specific interface, regardless of the default gateway metric. This specific configuration must be created by you as you have no options to force Bluetit to bypass WireGuard (kernel) decisions, and you have no option to tell WireGuard to do the same. You can add your command(s) on the PostUp and PostDown directives to ensure the correct interface is used during the WireGuard connection lifecycle. Note that in this case you will have to use your own profile with Hummingbird (or with Bluetit and Goldcrest), and not the AirVPN integrated Bluetit/Goldcrest connection mode. We will also consult with the Suite development team to study your case in more details and we will update this thread if necessary. We do not rule out the possibility to add in the future special options to compile PostUp and PostDown commands directly from within Bluetit run control file (possibly not via Goldcrest because WireGuard runs PostUp and PostDown specified executable files with root privileges). Kind regards

Hello! We already implemented it in 2021. Any domain which must be blocked includes all of its subdomains too. Besides, different matching methods are available for your additions and exceptions: Exact (exact FQDN), Domain (domain and its subdomains), Wildcard (with * and ? as wildcards), Contain, Start with, End with. Kind regards

Hello! Yes, AmneziaWG support on the server side. You do not need handshake and payload packet padding to circumvent blocks in Russia and China. Padding may be instrumental to make destination guessing from traffic pattern more difficult. Kind regards

Hello! The first main problem to resolve is setting a proper DNS that the container can query before the connection is established. Your system can't resolve the domain name of the end point (us3.vpn.airdns.org), so WireGuard does not even try to establish a VPN connection. Note how the service wg-quick@wg0.service exited because of that (temporary failure in name resolution). Please don't send screenshots whenever text is possible and suitable. Kind regards

Hello! We do agree and we are planning to implement on our software per app traffic splitting on Windows too. Currently you can enjoy per app traffic splitting on Linux (AirVPN Suite) and Android (Eddie Android edition). If the machine you use for Steam is based on Linux you can already have per app traffic splitting with our software. If you run Windows, in the meantime you can consider WireSock, which offers traffic splitting and reverse traffic splitting (on an application basis) and is fully compatible with our WireGuard servers. The Configuration Generator will generate the profiles you wish. Kind regards

Hello! Yes, it is definitely planned, but we can't give you a definite ETA. In the meantime, if you have an Android device or an Android emulator, you can use Eddie Android edition to generate configuration files (you can export them to any other system directly from Eddie's "Export" or "Open with" functions) or the Amnezia configuration patcher by @zimbabwe https://github.com/zimbabwe303/awg_conf_patch Eddie Android edition includes 30+ CPS pre-sets of real web sites, so this is the recommended solution currently to bypass blocks. Kind regards

@balkie31 Hello! For residential broadband (DSL / cable / FTTH), DHCP lease times are most commonly: ~12–24 hours (very common baseline) ~1–3 days (slightly less common) Occasionally up to ~7 days (less common, but happens) This aligns with general network guidance where stable networks use 1–7 day leases. Therefore, it is normal that you may need a re-connection every few days. You can consider to tell GlueTun to re-connect always to the same server, by setting the proper environment variable. You would be sure that your system would appear on the Internet always with the same IP address (the exit-IP address of the VPN server); on the other hand, if the specific VPN server goes down, GlueTun will be unable to re-connect as long as that server does not come up again. In any case, you may always need to re-start the torrent software as GlueTun will bring the virtual network interface down and up again. Kind regards

Hello! Not all programs support In CPS parameters. Eddie Android edition generates AmneziaWG profiles compliant to the latest official documentation and properly processed by the official Amnezia library latest release. Previous Amnezia 1.x specs may not support all the parameters. In the future we will offer Amnezia integration in our desktop software too. In the meantime you may try to update your software. Kind regards