Staff

Hello! We had a similar project that is now temporarily frozen for good reasons: in real life the ability of the "AI"s to guess successfully the real destination from analysis of the VPN tunnel traffic is poor (the excellent success rates you see are achieved only in a controlled environment where the victim visits only destinations pre-determined from a tiny list) AmneziaWG is quickly becoming (*) a more universal approach that may be effective and that does not require our own proprietary solution, provided that constant rate tunnel, deterministic batching and traffic morphing are not required -- safe assumptions as DAITA doesn't aim at obtaining them (*) While early AmneziaWG releases could "only" add junk packets during handshakes, making it not suitable to replace DAITA, AmneziaWG latest release is also capable to perform padding of transport messages and modification of their header range. It can do all of the above, optionally, over a faithful imitation of a different protocol (any protocol that can be built on UDP), including specific HTTP/3 web sites initial flow mimicry. While these options efficacy in fighting AI guided traffic analysis must be verified in a controlled environment when AI abilities will improve, and in spite of the fact that AmneziaWG currently lacks the important active distortion feature that DAITA offers, together with reason 1 they are sufficient to let us prioritize AmneziaWG support in the infrastructure and our software, and freeze proprietary solutions research. Once AmneziaWG is operating in the whole infrastructure, it may be considered whether adding active distortion to match this DAITA feature, or anyway building additional features to outperform DAITA (on top of the many already available in Amnezia and not from scratch), is worth the effort or not. Kind regards

Hello! We're very glad to announce that Eddie Android edition 4.0.0 beta 2 is now available. New: how to use Eddie in network where the "bootstrap" servers can not be reached Eddie downloads user and infrastructure data, essential to use the service, from special "bootstrap servers" through an encrypted flow inside HTTP. If the bootstrap servers are blocked or the underlying protocol to port 80 is filtered out, Eddie is unable to proceed. Starting from Eddie 4 beta 2 version, the ability to retrieve such data locally has been added. Whenever bootstrap servers are unreachable, Eddie can read the latest available local data to connect to a VPN server. Once connected the bootstrap servers are again reachable and the local data are immediately updated for future usage. The local data remain valid as long as you don't need to change user. On top of all of the above, Eddie can now retrieve such data through the login procedure that now can be started even when a connection to a VPN server was previously established via a profile. Therefore, when you are in a restrictive network that blocks access to bootstrap servers, you can connect through a profile generated by AirVPN web site Configuration Generator. After this first connection, log your account in to the service by selecting the specific option on the left pane, enter your AirVPN account credentials as usual and make sure that Remember me checkbox is ticked: Eddie will download all the necessary files and store them locally. This procedure is "once and for all", at least as long as you don't need to change account. After this initial connection, Eddie will be able to log your account in to the infrastructure, retrieve servers data and establish connections without profiles and without bootstrap servers, offering again full AirVPN integration even when bootstrap servers are unreachable. Only If you change account you must repeat the procedure. New: "Open with..." option added to "Share" option Different Android versions allow management of files with different restrictions. Different apps may support different intents on specific Android versions. To enlarge total compatibility, now Eddie offers two different options to export and manage files, including generated profiles. You will find the usual "Share" option coupled with a new "Open with..." option. Some apps support only one intent, other apps only specific intents on specific Android versions, and so on. By adding this option Eddie enlarges considerably the amount of apps you will be able to open and/or share files with. New: AmneziaWG parameters range validity AmneziaWG parameter range validity has been documented in three different ways (official web site, GitHub documentation files, and developers comment) and the web site documentation that it's still official is in reality not aligned with the source code. The new parameters range validation adopted by Eddie 4.0.0 beta 2 is based now on GitHub latest documentation integrated by source code analysis. The original message of this thread has been updated accordingly. You will find on it the new download link and checksum, as well as detailed Amnezia description. If you decide to test, please report at your convenience any bug and problem in this thread. If possible generate a report from the app in a matter of seconds: by tapping the paper plane icon on the Log view bar rightmost side you will generate a full system report which will include both log and logcat and have it sent to our servers. Then you just need to send us the link the app shows you (open a ticket if you prefer to do it in private). Kind regards & datalove AirVPN Staff

@0bacon Hello! Please consider this before even facing the question: https://airvpn.org/forums/topic/70164-linux-network-lock-and-firewalld/ Also remember that Network Lock wants to rewrite entirely the input and output chains of the filter table. Kind regards

Hello! Your suspicion is unfounded because Network Lock is a set of firewall rules so you need to explicitly shut down Eddie in order to have it restore the previous rules. In other words, if Eddie exits unexpectedly (did it crash?) the firewall rules remain in place and you are protected. Kind regards

Hello! You need to resolve this problem first because the TAP adapter can't work with WireGuard and you would be forced to set Eddie on using OpenVPN only. Which error messages do you see when the attempted installation fails? Can you also try installing WireGuard, to check whether the installation fails through Eddie only or not? https://www.wireguard.com/install/ Kind regards

@zeroone1zero Hello! What is the problem? Eddie is ready and waiting for input. Setup seems fine and Eddie can reach the Internet and resolve names. Please generate the system report after the problem has occurred (i.e. log in to AirVPN from Eddie's main window, try a connection to some server, reproduce the problem and only then generate the report). Kind regards

Hello! On Eddie 2.22 and higher versions you can "fix" the interface name by setting it on Eddie's "Preferences" > "Networking" window (make sure you pick an interface name that's valid in your system). Kind regards

@3x3x3 Hello! Assuming that the notices are genuine, we need to remind you that VPN usage must be compliant to the relevant legal framework of the country the VPN server is in. With all of the above said, you must make sure you do not suffer traffic leaks outside the VPN tunnel. If you run AirVPN software, this is easily achieved by activating Network Lock which is also active by default during connections (opt out). You also must make sure that you don't start the torrent software before you have connected to some VPN server if you don't run AirVPN software. Network Lock is a set of firewall rules that remain in place even in case of software crash and protect you from leaks even when the torrent software is configured in a way that permits it to bypass the VPN tunnel (typical example: UPnP enabled). Please read AirVPN FAQ and starting guide, you will get plenty of useful information and avoid unpleasant consequences by improper usage. All the important links are included in the welcome message and you can start from here: https://airvpn.org/forums/topic/18339-guide-to-getting-started-links-for-advanced-users FAQ: https://airvpn.org/faq Binding a software to the VPN network interface is another excellent layer of defense. It is highly valuable in case of a "momentary lapse of reason", for example if you completely forget to fire up AirVPN software (or your favorite software) and you start the torrent program with already active torrents. Interface binding is a simple setting if supported by your torrent program. Procedure varies according to the program you run, please read your software documentation. Kind regards

@Lordabyssos Hello! Please add a system report generated by Eddie after the problem has occurred. Please see here for detailed instructions: https://airvpn.org/forums/topic/50663-youve-been-asked-for-a-support-filesystem-report-–-heres-what-to-do/ Kind regards

@LastGoodNameLeft Hello! We can not detect any problem with Geminorum at the moment. Does this problem persist? If so, can you show the WireGuard log related to a failed connection to Geminorum? Yes, please consider to use configuration files generated for specific VPN servers, and not for the whole UK country. Kind regards

Hello! We are not familiar with toob, let's see whether someone else answers. However, you might need some fine tuning. Can you please add your Operating System name and version, the software you run to connect to AirVPN servers, and publish the log of such software taken while the problem is ongoing? Kind regards

@zeroone1zero Hello! Please delete the configuration file C:\Users\User\AppData\Local\Eddie\default.profile while Eddie is NOT running and upgrade again to Eddie 2.24.6, then generate and publish a complete system report according to the instructions available here: https://airvpn.org/forums/topic/50663-youve-been-asked-for-a-support-filesystem-report-–-heres-what-to-do/ Kind regards

Hello! It's not clear what you mean when you say that you minimize the icon: please describe the action you perform. For example, if you minimize Eddie's window in a desktop environment, the app's icon should appear on the system tray (not on the desk, not on the taskbar, but on the system tray). However, the behavior could be subtly different according to the Desktop Environment you run. For example, in specific Linux DE Gnome 3 the classical system tray is no more. Can you please check? Eddie's tray icon is a small cloud in a circle. If in doubt please specify your Operating System name and version. If it's Windows you should be able to see Eddie's tray icon on the tray, but you might need to make the hidden tray icons visible (check your system manual on how to display them; on Windows 10 you just need to click the "up" arrow). Kind regards

Hello! The AirVPN integration is kindly maintained by GlueTun developer. In brief, servers information is retrieved from the servers,json file which is updated several times a year. When starting up, Gluetun merges the hardcoded list and the contents of servers.json, preferring newer data and including any custom entries marked to be kept. For more details and a more accurate description please see here: https://deepwiki.com/qdm12/gluetun/6-server-management At this moment, while we're writing this message, the servers in Amsterdam have not yet been added. You can wait for the next update, or you may add them manually, by abiding to the json format. Alternatively you can point directly, through the proper environment variable, to the correct entry-IP address of the server you wish to connect to. In such cases you find all the information you need on the server status page https://airvpn.org/status and by generating a configuration file with the Configuration Generator. Here's an example for Vindemiatrix, only for WireGuard connections. This sub-block must be inserted in the correct position inside the airvpn block: study the file structure to quickly understand. Make sure to edit the file while no container is running. { "vpn": "wireguard", "country": "Netherlands", "region": "Europe", "city": "Amsterdam", "server_name": "Vindemiatrix", "hostname": "nl3.vpn.airdns.org", "wgpubkey": "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=", "keep": true, "ips": [ "94.228.209.212" ] }, You then need to restart the container(s) in order to merge the current list with the edited one. The "Keep": true line/flag (inside the server definition) ensures that the server will not be wiped out if you rebuild the server list. Kind regards

Hello! Hold on @Tech Jedi Alex, you hit the mark. You were just misled by this: 0777 is for a directory, but for data files the default is 0666, here's why the user ends up with 644: For the reader, if the umask is 022, the newly created file by root will get 644 (rw-r--r--) (the complement of 666 with 022 in octal) which causes the first problem. So that's why /sbin/bluetit doesn't have x even though it does in the extracted package. It doesn't matter that the original bluetit file has 755, the umask starts from 666. cp in the original script lacks the -p option so this problem should get resolved by your change with install (it should be solved even by adding "-p" to the cp command, or an additional chmod of course). It looks like a long time installation script issue that went strangely unnoticed. Noted down for a fix in the next release or a package hot fix, we'll see. Apparently there is another problem too but maybe it's not related to Suite's installation, we'll keep following the thread. Kind regards