What are /r/AirMessage's favorite Products & Services?

From 3.5 billion Reddit comments

Ok,

On LAN it will work perfectly as long as NordVPN on both devices allows communication with local devices. It’s probably natively activated (to let you remote print or Chromecast something with VPN on) but sometimes there’s a switch in the settings.

On WAN, you’ll need to setup port forwarding in your server’s NordVPN. I know Windscribe allows that but don’t know about NordVPN. It’s probably somewhere deep within the VPN app settings in the app or on your account page online. The Android client won’t need any other settings.

Edit : more info

Edit 2 : According to NordVPN they don't offer port forwarding :

But now that I think about it, if you set up your ports on your router, it should still reach your server as it will be local traffic. Your AirMessage content will bypass the VPN though, be careful.

I have no insight and don't know the developer so it's possible everything below is normal and I'm certainly no expert in investigating why sites are down but...

• ~~There are no recorded DNS or other admin changes that I found in the last 24 hours~~
• Turns out as I was typing this, there is an active DNS change
• The server was responding to PING at its known IP (known for the last year) but the DNS records are now pointing to a new IP on a different service
• When running some SSL tests the server responds that No SSL certificates were found on airmessage.org
• I think the web server might be running NGINX which had a massive security vulnerability that was publicly disclosed in the last week when combined with PHP and depending on how a site is configured it could create an exploit so dangerous that it made hijacking websites trivial to those with even basic admin skills
  • Hackers are using a bug in PHP7 to remotely hijack web servers

Mullvad has a split-tunneling feature so you can run the server without the VPN (only if you wanted to of course.) -- Have you tried opening a port via the Mullvad website and then running the server on that port?

Sure, it's here:

https://www.cloudflare.com/terms/#:~:text=2.8%20limitation%20on%20serving%20non-html%20content

Note some people are doing it anyway with great success; it works fine and you don't need to sign-up for an account so there's no real way for CF to stop it other than scanning for the Plex headers, which so far they have not done. Also CF has a TON of bandwidth to spare so they may not actually care unless everybody starts doing it.

I didn't do this myself due to their TOS; I figure they're going to ban it sooner or later and reckoned it wasn't worth the work setting it up. Here's a project to guide you, if you're interested.

https://github.com/danielewood/plexargod/

Regarding the CF cloud outage, again you could just point a dynamic DNS host to your home IP and forward the port so there's no clear advantage to running a CF tunnel.

Air message dev mentioned earlier that he would be working on an electron app in the future to allow for web interface like experience (post here).

The reason for this (this part might be wrong due to based on my interpretation) is the interface for airmessage web is served from airmessage connects relay server (a digital ocean instance) and not directly from the mac. The reasons for this is possibly because renewing ssl certs on the macs end and integrating FCM (firebase cloud messaging) may be difficult. The electron app acts more similarley to the android app in the sense its less a webui more standalone client.

**Second paragraph is based on my interpretation of the post linked above, I apologies if I made any errors in explanation**

Kinda a weird question (not a bug or feature request). How does air messages push notifications work at a system level? Does it rely on Firebase cloud messaging or is it direct? Also if its a direct notification from the server how does the notifications pass through without battery drain from refresh?

https://firebase.google.com/docs/cloud-messaging/

Just curious :)

This method does not directly expose your port to the open internet, it uses a reverse proxy to achieve a similar result. This means any attempts of DDOS attacks or hackers trying to crawl into your network is basically impossible. This is because it does not rely on port forwarding which exposes your network and your computer directly to the entire web, although a specific port is only being handled depending on your routers software and various other factors it makes it possible for hackers to get into your private home network, this is dangerous in a world where we have many ioT devices. When port forwarding, the entire web knows your MacBook exists with sufficient information to potentially exploit it with tools like https://www.shodan.io/ (google but for all the devices connected to the web).

This would be cool if it were built in AirMessage, but as an option not enabled by default.

First you need to install brew on the Mac here: https://brew.sh

Then in the command line do brew install autossh. Then on the server you're forwarding too you can do the following

autossh -M 0 -o "compression=no" -o "cipher=" -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -NR 1359:localhost:1359 root@IP_ADDRESS &

This will forward the port to the server @ IP_ADDRESS which is the ip or domain name that you enter on the app under server address. Not really sure if this helps what specifically do you have questions about?

It's a service that does SSH tunneling. SSH tunneling is essentially a VPN that runs on only one port, tunneling traffic from an open port on a server somewhere directly to your computer. It doesn't require port forwarding to work, but you'll most likely have to pay for it since there are servers on the other end.

EDIT: If you're interested: https://ngrok.com/

Create an account with duckdns.org and then create a domain. After that click the tab on the top called install ( or use this link https://www.duckdns.org/install.jsp).

On a new tan install homebrew fr the following website https://brew.sh/ (copy the command and paste into a terminal window it should auto install it's a package manager).

Finally go back to duck dns click install and select osx-homebrew and select the domain you created it will give you a step by step installation guide.

Alternatively you can use the osx-ip monitor option if you don't want to fiddle with the command line.

Actually, for the AirMessage port, I am using TunnelBlick and Portmap.io.

SoftEther works like a virtual Ethernet cable (if u use the client) and a reg. VPN on devices that don't have the client. It's the fastest VPN protocol and it'll be like ur using your home wifi with the speeds of the actually connection (no latency).

^Also the port it uses (25555) isn't blocked by most businesses/schools. They can block the other VPN ports (my school blocks all vpn ports, but SoftEther still works)

https://www.softether.org/ If ur curious, you can read up about it. They probably have a better explanation than mine :p

It would but I would be careful with generic brand SSD's. I recommend this one and I followed this tutorial.

Although I don't need to use any of these methods for AirMessage, I've been a subscriber of Private Internet Access VPN for many years. All the tests I've done using their port forwarding servers for AirMessage were reliably successful. I don't have experience with port forwarding using other VPNs, but I've heard of the "big name" services also offering it and working well.

I'd definitely like to hear other AirMessage users' experiences with Method #1 here.

Hmm.. to confirm, did you try all four combinations of protocols, as according to Tip A in Method #2?

Otherwise, are there any other () OpenVPN profiles or config files you can test with the Mac at work? For example, in my case, I would test my own home server VPN or Private Internet Access VPN configs to see if they at least work.

If practical, if you can test Method #2 with your Mac on some other network, that may help.

If I have time tomorrow, I'll re-visit Method #2 on my Mac and play around with different settings.

Can you give more details on this please? I have the same issue, and can find no information on configuring loopback for my router. Currently, the only way to access the Airmessage from my android phone at home is to either (a) turn off wifi and use mobile 4g, or (b) connect to an external VPN (like NordVPN).

- Is there a simple way I can set up DNS on my home network and then add a record for the dyndns?

Ubiquiti Unifi Security Gateway (USG) https://www.amazon.com/dp/B00LV8YZLK/ref=cm_sw_r_cp_apa_i_8s1ECb3WK2PA8

For anyone having the problem where it doesn't work when you are connected to your home wifi I can confirm that this gateway will work. There are probably cheaper options. Maybe others that have it working can also post their router model.