Jump to content
Not connected, Your IP: 3.227.3.146

All Activity

This stream auto-updates     

  1. Today
  2. Yesterday
  3. Here's the log with local: Sun Nov 17 14:30:12 2019 OpenVPN 2.4.8 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [ PKCS11] [MH/PKTINFO] [AEAD] built on Oct 30 2019 Sun Nov 17 14:30:12 2019 library versions: OpenSSL 1.1.1c 28 May 2019, LZO 2.10 Sun Nov 17 14:30:12 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SH A1' for HMAC authentication Sun Nov 17 14:30:12 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SH A1' for HMAC authentication Sun Nov 17 14:30:12 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]213.152.161. 180:443 Sun Nov 17 14:30:12 2019 Socket Buffers: R=[212992->212992] S=[212992->212992] Sun Nov 17 14:30:12 2019 UDP link local (bound): [AF_INET]192.168.1.3:1194 Sun Nov 17 14:30:12 2019 UDP link remote: [AF_INET]213.152.161.180:443 Sun Nov 17 14:30:16 2019 TLS: Initial packet from [AF_INET]213.152.161.180:443, sid=9e7860e8 270 66d08 Sun Nov 17 14:30:17 2019 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org Sun Nov 17 14:30:17 2019 VERIFY KU OK Sun Nov 17 14:30:17 2019 Validating certificate extended key usage Sun Nov 17 14:30:17 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Sun Nov 17 14:30:17 2019 VERIFY EKU OK Sun Nov 17 14:30:17 2019 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, em ailAddress=info@airvpn.org Sun Nov 17 14:30:17 2019 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 409 6 bit RSA Sun Nov 17 14:30:17 2019 [server] Peer Connection Initiated with [AF_INET]213.152.161.180:443 Sun Nov 17 14:30:19 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Sun Nov 17 14:30:19 2019 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gatewa y ipv6 def1 bypass-dhcp,dhcp-option DNS 10.5.128.1,dhcp-option DNS6 fde6:7a:7d20:180::1,tun-ipv6 ,route-gateway 10.5.128.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:180 ::10cb/64 fde6:7a:7d20:180::1,ifconfig 10.5.128.205 255.255.255.0,peer-id 4,cipher AES-256-GCM' Sun Nov 17 14:30:19 2019 OPTIONS IMPORT: timers and/or timeouts modified Sun Nov 17 14:30:19 2019 OPTIONS IMPORT: compression parms modified Sun Nov 17 14:30:19 2019 OPTIONS IMPORT: --ifconfig/up options modified Sun Nov 17 14:30:19 2019 OPTIONS IMPORT: route options modified Sun Nov 17 14:30:19 2019 OPTIONS IMPORT: route-related options modified Sun Nov 17 14:30:19 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Sun Nov 17 14:30:19 2019 OPTIONS IMPORT: peer-id set Sun Nov 17 14:30:19 2019 OPTIONS IMPORT: adjusting link_mtu to 1625 Sun Nov 17 14:30:19 2019 OPTIONS IMPORT: data channel crypto options modified Sun Nov 17 14:30:19 2019 Data Channel: using negotiated cipher 'AES-256-GCM' Sun Nov 17 14:30:19 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit ke y Sun Nov 17 14:30:19 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit ke y Sun Nov 17 14:30:19 2019 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=eth0 HWADDR=40:62:31:03:3 3:1e Sun Nov 17 14:30:19 2019 GDG6: remote_host_ipv6=n/a Sun Nov 17 14:30:19 2019 ROUTE6_GATEWAY fe80::9a1e:19ff:fe31:ce2a IFACE=eth0 Sun Nov 17 14:30:19 2019 TUN/TAP device tun0 opened Sun Nov 17 14:30:19 2019 TUN/TAP TX queue length set to 100 Sun Nov 17 14:30:19 2019 /sbin/ip link set dev tun0 up mtu 1500 Sun Nov 17 14:30:19 2019 /sbin/ip addr add dev tun0 10.5.128.205/24 broadcast 10.5.128.255 Sun Nov 17 14:30:19 2019 /sbin/ip -6 addr add fde6:7a:7d20:180::10cb/64 dev tun0 Sun Nov 17 14:30:24 2019 /sbin/ip route add 213.152.161.180/32 via 192.168.1.1 Sun Nov 17 14:30:24 2019 /sbin/ip route add 0.0.0.0/1 via 10.5.128.1 Sun Nov 17 14:30:24 2019 /sbin/ip route add 128.0.0.0/1 via 10.5.128.1 Sun Nov 17 14:30:24 2019 add_route_ipv6(::/3 -> fde6:7a:7d20:180::1 metric -1) dev tun0 Sun Nov 17 14:30:24 2019 /sbin/ip -6 route add ::/3 dev tun0 Sun Nov 17 14:30:24 2019 add_route_ipv6(2000::/4 -> fde6:7a:7d20:180::1 metric -1) dev tun0 Sun Nov 17 14:30:24 2019 /sbin/ip -6 route add 2000::/4 dev tun0 Sun Nov 17 14:30:24 2019 add_route_ipv6(3000::/4 -> fde6:7a:7d20:180::1 metric -1) dev tun0 Sun Nov 17 14:30:24 2019 /sbin/ip -6 route add 3000::/4 dev tun0 Sun Nov 17 14:30:24 2019 add_route_ipv6(fc00::/7 -> fde6:7a:7d20:180::1 metric -1) dev tun0 Sun Nov 17 14:30:24 2019 /sbin/ip -6 route add fc00::/7 dev tun0 Sun Nov 17 14:30:24 2019 Initialization Sequence Completed We can see that local had an effect (bound), but here is the routing table: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.5.128.1 128.0.0.0 UG 0 0 0 tun0 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 10.5.128.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 128.0.0.0 10.5.128.1 128.0.0.0 UG 0 0 0 tun0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 213.152.161.180 192.168.1.1 255.255.255.255 UGH 0 0 0 eth1 You know I'm wondering maybe I should give up on taking the push routes and just specify them myself in the .ovpn config, would that make sense?
  4. OK so I modified the netplan as follows: # Let NetworkManager manage all devices on this system #network: # version: 2 # renderer: NetworkManager network: version: 2 ethernets: eth0: addresses: - 192.168.1.3/24 gateway4: 192.168.1.1 nameservers: addresses: - 1.1.1.1 dhcp4: false dhcp6: false routes: - to: 0.0.0.0/0 via: 192.168.1.3 metric: 100 eth1: addresses: - 192.168.1.2/24 dhcp4: false dhcp6: false routes: - to: 0.0.0.0/0 via: 192.168.1.2 metric: 200 nameservers: addresses: - 1.1.1.1 - 1.0.0.1 search: [] So eth0 is 100 (lower) and eth1 is 200 (higher). I also modified client.ovpn as follows: client dev tun remote 213.152.161.180 443 route 213.152.161.180 255.255.255.255 net_gateway 0 resolv-retry infinite persist-key persist-tun auth-nocache route-delay 5 verb 3 explicit-exit-notify 5 push-peer-info setenv UV_IPV6 yes remote-cert-tls server cipher AES-256-CBC comp-lzo no proto udp key-direction 1 <ca> Resulting route table: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.5.128.1 128.0.0.0 UG 0 0 0 tun0 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 0.0.0.0 192.168.1.3 0.0.0.0 UG 100 0 0 eth0 0.0.0.0 192.168.1.2 0.0.0.0 UG 200 0 0 eth1 10.5.128.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 128.0.0.0 10.5.128.1 128.0.0.0 UG 0 0 0 tun0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 213.152.161.180 192.168.1.1 255.255.255.255 UGH 0 0 0 eth1 So you can see that I've affected the metrics but the dynamically-added route is still pointing to eth1. This effect occurs if the IP address is the same, if it is different, I get two routes, and the one I add manually gets the metric that I specify. It seems like the OpenVPN route "clobbers" the static route that I create, but not sure. I'm going to try local.
  5. You are asking whether you should change from AirVPN to PIA in AirVPN's forums? Did you expect a differentiated comparison? Look around you. We're all biased here.
  6. Giganerd thanks for answering this! The current configuration is just a hack, because I'm missing a piece of hardware. In the final configuration, both ports will be on different subnets. Let me try the other things you mentioned, and I'll post back here.
  7. Spontaneously two things come to mind. Additional route directive in OpenVPN with a lower metric, for example route 180.161.152.213 255.255.255.255 net_gateway [lower metric]. local directive, for example local 192.168.1.3. Though this might mean traffic on all other ports is not routed. Should be tried out. Actually, you can control that by simply setting the metric of eth0 routes to lower values. Maybe this anomaly with all routes are the most important is causing that. Does ip r show the same? And also, from a router's perspective, what's the point of having two interfaces in the same subnet? Load balancing? Do you regularly use the full throughput of gigabit ethernet?
  8. I have a two-port "router" (really a little computer running Ubuntu 19.10) set up as OpenVPN Client. The router has two ethernet ports: eth0: 192.168.1.3 eth1: 192.168.1.2 Both of these ports are currently connected another router: 192.168.1.1 -> Internet This is my .ovpn configuation: client dev tun remote 213.152.161.180 443 resolv-retry infinite persist-key persist-tun auth-nocache route-delay 5 verb 3 explicit-exit-notify 5 push-peer-info setenv UV_IPV6 yes remote-cert-tls server cipher AES-256-CBC comp-lzo no proto udp key-direction 1 OpenVPN is started in /etc/rc.local: openvpn --config /etc/openvpn/client/client.ovpn &> /var/log/openvpn.log & iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE All of this works fine. When the tunnel comes up, I get this routing table: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.5.128.1 128.0.0.0 UG 0 0 0 tun0 default _gateway 0.0.0.0 UG 0 0 0 eth0 10.5.128.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 128.0.0.0 10.5.128.1 128.0.0.0 UG 0 0 0 tun0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 180.161.152.213 _gateway 255.255.255.255 UGH 0 0 0 eth1 Note that the route 180.161.152.213 _gateway is using eth1. I want that route to use eth0. Note that both routes will work with the current configuration, but that will soon change. How can I ensure that OpenVPN dynamically-created route will use interface eth0?
  9. ive been with airvpn for 3 years and wondering if i should change are there better value services?
  10. if you are running the openvpn client on your router then you do need to use iptables such as the above. Just make sure to correct the tun device number
  11. I am using the Asus RT-AC68U Firmware 3.0.0.4.376-3626. I attempted to just forward the port with my security camera IP and port but have been unsuccessful. In my old router I had this but I am not sure if helps and not sure if I need that in the new one. iptables -I FORWARD -i tun0 -p udp -d destIP --dport port -j ACCEPT iptables -I FORWARD -i tun0 -p tcp -d destIP --dport port -j ACCEPT iptables -t nat -I PREROUTING -i tun1 -p tcp --dport port -j DNAT --to-destination destIP iptables -t nat -I PREROUTING -i tun1 -p udp --dport port -j DNAT --to-destination destIP I also had this command which I think was to block internet access if the VPN was not connected? iptables -I FORWARD -i br0 -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -o br0 -j ACCEPT iptables -I INPUT -i tun0 -j REJECT iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE Thanks for the help.
  12. Hello! We're very glad to inform you that two new 1 Gbit/s servers located in Vancouver (Canada) are available: Nahn and Sham. The AirVPN client will show automatically the new servers; if you use the OpenVPN client you can generate all the files to access them through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). Servers accept connections on ports 53, 80, 443, 1194, 2018 UDP and TCP. Just like every other "second generation" Air server, Nahn and Sham support OpenVPN over SSL and OpenVPN over SSH, TLS 1.2 and tls-crypt. Full IPv6 support is included as well. As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses. You can check servers status in our real time servers monitor: https://airvpn.org/servers/Nahn https://airvpn.org/servers/Sham Do not hesitate to contact us for any information or issue. Kind regards and datalove AirVPN Team
  13. Can't really answer you since we don't know what router, router OS and its version you are using.
  14. Thanks You are correct it is a double NAT. So the first port forward should be done in my Asus router settings Administrator-commands then I should be able to forward that port in Airvpn? or do I just go into the router settings for port forwarding sorry it has been years since I had to do this.
  15. In this case you need to forward the local port you set on AirVPN to the port your IP camera is listening on, something like this: Internet (AirVPN remote port) |------------| (AirVPN local port) new router (AirVPN local port) |-----------| (listening port) IP camera Your setup is a double NAT, therefore two port forwards are needed. It is important that you do the second forward for the tunnel interface tunX, X being a number, usually 0.
  16. I am trying to view my security cameras remotely and I am using ATT cellular to send the video feeds. I had ports forwarded with AirVPN with OpenVPN setup on my old router. It has recently died so I setup OpenVpn on my new router. I did TCP instead of UDP on port 443 and if I try to forward any ports other than 80 I never get the green box. I think I use to forward 8000 but that no longer seems to work. Any suggestions?
  17. Last week
  18. If/When you connect IPv4 & IPv6 not IPv4-only you will get an Assigned IPv4 & IPv6 for the TAP-adapter. Someone that uses Eddie app for Windows OS may be able to help you there.
  19. https://www.speedtest.net/result/c/2b63a577-e5a5-4205-98db-bb25ab01c371 There are a lot of places where slowness comes from but speed can happen. I use a pfsense box to run openvpn for the whole house. The speedtest machine is my laptop on wifi, which is an area of slowness itself.
  20. just recently upgraded to ATT FIber Gigabit - on Linux (only) I get 850-900 Mbit line speed (AirVPN off), with AirVPN connected to a server with 2ms ping I get a max of 200-250 Mbit - that is real download speed not some browser speed test. Before I was on a 400 Mbit connection from Spectrum, exact same numbers... upgrading internet speed is pointless unless the VPNs can provide higher speeds...
  21. Sorry if I wasn't clear but I don't want IPv6 being used. I want to restrict to IPv4 so it seems from my tests that IPv6 is disabled. I was just concerned at first because the Eddie client showed it being enabled. I don't seem to have any actual IPv6 addresses, so I'm not sure where Eddie is getting that from, but everything else looks good in that regard. Still can't figure out why it takes forever to log in, though.
  22. The scoring rule is set at the bottom of the window, either "speed" or "latency". Roughly translated the rating means: ⭐⭐⭐⭐⭐ - "This is among the best servers for throughput for you." / "This server's latency is among the best for you." ⭐- "This server is unlikely to give you good speeds." / "Don't expect a quick and reactive experience when connected to this server."
  23. Hrmm, I really can't help you beyond that, maximum would be to search the forums for you... In the Logs tab there's a lifebelt icon which prints out support information. All the real personal info is not included.
  24. Hello! We're glad to inform you all that Chamaeleon https://airvpn.org/servers/Chamaeleon in Dallas now runs OpenVPN 2.5 daemons and is configured to accept connections with cipher CHACHA20-POLY1305 both on Control and Data Channel. You can connect in ChaCha20 with Eddie Android edition, OpenVPN 3.3 AirVPN alpha for Linux, or by using Eddie desktop edition with OpenVPN 2.5. To use cipher ChaCha20: with Eddie Android edition, select "Settings" > "AirVPN" > "Encryption Algorithm" > "CHACHA20-POLY1305" with OpenVPN 3.3 AirVPN please see here: with Eddie desktop edition, install OpenVPN 2.5, tell Eddie to use OpenVPN 2.5 in "Preferences" > "Advanced" , finally add the following custom directives in "Preferences" > "OVPN Directives" and make sure to connect or white list ONLY experimental ChaCha20 servers ncp-disable cipher CHACHA20-POLY1305 Servers supporting ChaCha20 are marked as "Experimental ChaCha20" in https://airvpn.org/status in a yellow warning. Kind regards
  25. On eddie-ui there is a 'Servers' menu on the left-hand side. Clicking on it shows all the global servers which can be selected to access the internet. A series of tabs on the top row gives further info on each server. One of the tabs is a 5-star scoring for each server. So what does the star rating mean?
  26. Took me 20+ minutes to get online today. Even after I quit Eddie and restarted, it just couldnt make a connection. It sticks on "Checking route IPV4" for many minutes before failing and trying to connect again. The password login is a pain too, any way to prevent that? Surely once I have installed Eddie, it should have authority to run without needing admin password each time it's started? Maybe I need to adjust some settings? Biggest problem is the loop it gets stuck in. When I leave machine, I unplug ethernet and tell Eddie to disconnect (to prevent the reconnect loop). But when I come back and plug it back in, Eddie can't make a connection again, that's when I got the error above, but I don't always get that error, usually it just keeps trying and failing to connect, stuck on "Checking route ipv4" usually. But today that error came up too. I could send logs, but can someone tell me how much personal info is included in them? Thanks
  1. Load more activity
×
×
  • Create New...