Not connected, Your IP: 216.73.216.120
Online: 35842 users - 437910 Mbit/s total BWAll Activity
This stream auto-updates
- Past hour
-
-
-
-
-
-
-
- Today
-
-
-
- Yesterday
-
Care to share some of those?
-
.thumb.png.8be84fd39f94c1640ac8c5456fbf3449.png)
TLS handshake failing on 2/3 servers
Staff replied to bananaphone69's topic in Troubleshooting and Problems
Hello! We're very glad to know that the problem is solved. From the OpenVPN manual: Since mssfix 1280 resolved the problem, a plausible explanation that comes to mind is that before the problem started your network had frames fitting the previous MTU, and this is no more possible now So, it could be a change on your ISP side. Kind regards -
TLS handshake failing on 2/3 servers
bananaphone69 replied to bananaphone69's topic in Troubleshooting and Problems
Hi, thanks for your prompt and helpful response. I will respond to your points in reverse, if that's okay. 1. On some devices I have the ufw/network-manager/ovpn config setup. All of them started failing on certain addresses around one week ago. On a different device where I use wireguard with port 1637, entry3, UDP, I have not had issues with any servers. I can also make an attempt with Eddie or other tools for comparison if that would help. 2. With or without ufw, I was not able to connect to any servers via openvpn CLI. 3. I added mssfix 1280 to the config file for Hercules (a problematic server) and it worked without issue. Adding the same to Libra (a non-problematic server) made no change and it still continues to function as normal. Failing all else, I can add this to all the config files and it should work but I don't understand why this has suddenly happened when I have made no change on the files on my side and about one third still work as normal without the additional mssfix line. Are there other diagnostics or fix attempts that would help clarify the issue? -
HowTo: OPNsense using Wireguard with IPv6 support
twistabled4alt replied to OPN-UserGuide's topic in How-To
Hello @OPN-UserGuide and AirVPN users in general, I've done the tutorial and the IPv4 part is working as intended. The IPv6 on the other hand is not working. Basically when setting up all as in the tutorial, IPv6 traffic works but wouldn't be recognized as it because the IPv6-ICMP pings are wrongly translated and it result in source and destination being the same (in this case the internal VPN IPv6 IP addr). The IPv6 is working on my LAN and I'm able to ping my router from the network. Any help would be greatly appreciated! Have a great day! -
Has anyone gotten remote access to work on MacOS? I've forwarded the port, set the local to 32400, and I've tried messing with the protocols and IP layers in the client area settings but nothing seems to work. It will connect for about 10 seconds... then drop. Any help would be appreciated.
-
Hello! Please note that the ability to connect over a generic HTTP, HTTPS, SOCKS4 and SOCKS5 proxies, especially those only supporting TCP, is an OpenVPN strong feature that's not matched by WireGuard. The flexibility and ease of OpenVPN to do it is very important for anyone connecting from behind a proxy (such a corporate proxy). This is a feature that we do no want to lose so phasing out OpenVPN in its entirety is not on the table at the moment. Another similar, powerful feature that WireGuard can not offer is establishing an SSH tunnel, or a TLS one (by stunnel typically) and then connect OpenVPN over it. However, a balanced approach is possible, and we are already moving toward that direction. For example, our kernel networking tuning is preferring WireGuard needs, not OpenVPN ones, although the approach is not too unbalanced. In the future we might also consider to lower the amount of concurrent OpenVPN processes we run on servers (we do it to aid balancing for the notorious problem you mention and for which a stable and easy to maintain DCO would be a solution). Kind regards
-
Hello! We have a report that makes us suspect that in Uzbekistan it's the IP addresses of various VPN servers (not only AirVPN, other VPN too), to be blocked "unconditionally". Anyway AmneziaWG is worth a test, with and without QUIC mimicking, toward all the wg ports of our servers. It has an incredibly high rate of success in Russia and China (higher than OpenVPN over SSH and shadowsocks) so it's definitely worth a test. Please keep us posted as we have literally three reports only from Uzbekistan including yours... If you need some parameters to test check here: https://airvpn.org/forums/topic/77633-eddie-android-edition-400-preview-available/?do=findComment&comment=258644 and here: https://airvpn.org/forums/topic/59479-block-vpn-in-russia/?do=findComment&comment=237288 If you need some suggestions for the parameters In in order to mimic QUIC connection to some specific web site known to be not blocked in countries controlled by VPN hostile regimes, please contact our support team in private by opening a ticket. Kind regards
-
Traveling to Uzbekistan. I cannot connect to any AirVpn server anymore. It worked fine in USA. Any protocol available in Eddie UI do not work. Unfortunately I paid for the whole year of AirVPN service. Looks like the XRay or something similar is the way to go...
-
I vote this up as well, as the suggestion makes perfectly good sense. Personally I wouldn't mind if OpenVPN takes the decommissioning route. Although it still provides a solid solution, it's a product of its time and it shows (no kernel support, single threaded etc). Some VPN providers are either started or already phased it out. And I will assume the gains are in favour as much for the users as the providers themselves with WireGuard's being less demanding on the compute resources. My two pence
-
-
-
TLS handshake failing on 2/3 servers
Staff replied to bananaphone69's topic in Troubleshooting and Problems
Hello! Please note that the TLS handshake and anything else is performed by and between your system and the final web (or other service) servers. The VPN server is not a part of this process. Of course airvpn.org and ipleak.net do not block AirVPN servers. We would rather suspect some MTU related problem. Try to add in your OpenVPN configuration the following directive: mssfix 1280 Can you also test, in the problematic system, a connection by running OpenVPN directly and not relying on the network-manager-ovpn plugin? In the past it caused several different problems and it was deprecated. If the problem persists please test with ufw completely disabled. Do you mean that the problem doesn't appear at all on different systems using the same OpenVPN connection mode (entry-IP address, port and protocol)? Kind regards - Last week
-
TLS handshake failing on 2/3 servers
bananaphone69 replied to bananaphone69's topic in Troubleshooting and Problems
Thanks for your reply. The issue appears to be generalized (across almost all websites) and sudden enough (starting a week or two ago) that I would expect it's not that type of blocking. For instance, I can reproduce the error in ipleak.net and airvpn.org which naturally shouldn't be hostile to AirVPN servers. But if there is a different website or diagnostic you'd like me to try, I can do that. I can also confirm these servers are working okay on systems where I am not using this ufw/network-manager/ovpn config file method. -
TLS handshake failing on 2/3 servers
go558a83nk replied to bananaphone69's topic in Troubleshooting and Problems
Is this an issue of those sites blocking datacenter IP ranges or known VPN servers specifically? -
TLS handshake failing on 2/3 servers
bananaphone69 replied to bananaphone69's topic in Troubleshooting and Problems
Further update on this. I have tested all available 262 servers and found 90 to be working, 170 to fail at the TLS handshake stage, and 2 inconclusive (Algieba and Chamaeleon, listed as high packet loss and hardware failure on the config generator page). I have attached the list of servers without and with the TLS issue. Would appreciate support from staff or others. In over a decade of relying on AirVPN I've never encountered anything like this. Without_TLS_issue With_TLS_issue -
+1
-
i added it to compose Few attemps ago i tried with wg0.conf but docker didnt read it -
Hello! Yes, as the default settings are not adequate for high load and high throughput servers. Kind regards
-
Expose Jellyfin to internet through AirVPN port forwarding
Staff replied to charoki60's topic in Troubleshooting and Problems
Hello! Reading it is not sufficient, then you have to change your configuration accordingly. How did you add the end point (destination VPN server)? Kind regards -
Hi, Long-time AirVPN user, I'm on a linux PC, using the ufw/network-manager/ovpn config file method described here (https://airvpn.org/forums/topic/9148-prevent-leaks-with-ubuntu-linux-gufwufw-thanks-to-worric/) and here (https://airvpn.org/topic/5586-prevent-leaks-with-linux-firestarter-also-stop-traffic-when-vpn-drops/?p=14095). In the last few weeks I have noticed some servers will not go past the TLS handshake stage on most websites but some will. I attach below the results of curl -vL www.startpage.com from a functioning and non-functioning server, namely Libra and Hercules, both in Atlanta Georgia, US UDP 443 entry3, as recommended. I assume this is a global issue but may not be impacting everyone as most will be using Eddie or other tools. If there are other diagnostics that I should attempt, please let me know and I will post results. Libra Hercules
-
Hello! After a year of using AirVPN I'm very happy with the product. Website has no bloat whatsoever and it's super easy to find what you are looking for. A huge plus goes out for having an active forum available! Much better option compared to social media idiocies. Also port forwarding has been executed greatly - many other VPN services miss that altogether but even those which support it can't match AirVPN's easy-to-use robust system. Config generator is a great plus too since I'm using both WireGuard app and WireSock depending on the situation and needs. Both run just fine and very few VPN's could match this level of usability. I sometimes have dissapointing speeds with P2P, but usually a simple server change fixes it. Overall very happy customer. Please have a beer AirVPN staff, you've deserved it!
- ...
-
- 1
-
-
-
@cbkosl I have CGNAT internet. At this moment i get to my web with tailscale and its fine, but i want to share my media with family. @Staff i ad "FIREWALL_VPN_INPUT_PORTS=#port_from_airvpn" and nothing change. i read topic from your link and nothing change, same error.
-
Expose Jellyfin to internet through AirVPN port forwarding
Staff replied to charoki60's topic in Troubleshooting and Problems
@Bobo90 Hello! Your compose file lacks the proper setting of the FIREWALL_VPN_INPUT_PORTS environment variable. If you set it on the command line options fine, but if not you must add it and set it properly. The FIREWALL_VPN_INPUT_PORTS environment variable in Gluetun specifies a comma-separated list of ports that must be allowed through the firewall. Without it, packets forwarded by the VPN server will be dropped by GlueTun firewall. About this error: "ERROR [vpn] finding a VPN server: target IP address not found: in 250 filtered connections". you should be able to resolve it by reading the documentation specific for AirVPN: https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/airvpn.md Kind regards -
Personal IPv6 exit IP as alternative to port forwarding
CentralPivot replied to CentralPivot's topic in General & Suggestions
Privacy is not the only only reason to use a VPN. Also, while it would be possible to assert that traffic going to a specific IP is tunneled to the same end user, going through a VPN means you still don't know who that end person is or where they're located based on their IP. And since we're talking about incoming traffic, this kind of analysis is already possibly by also looking at the destination port of the incoming connection. This wouldn't affect IPv4 port forwarding. All IPv4 connections would still use a shared IPv4 exit address. It wouldn't even affect port forwarding for IPv6 users that don't enable this feature. This would just be an option to get a dedicated exit IP that would forward all traffic statelessly. Traffic going to the shared exit IPs would go through the same port forwarding translations it already does. -
Hello there! Is there a reason to use Jellyfin through the VPN and port forward it? The most common ways of sharing Jellyfin/Plex would be to have a reverse proxy on your network like Nginx Proxy Manager and accessing it from there if you are outside your home network. Br Cbkosl -
HI guys, i was tryed do this with rhis video https://www.youtube.com/watch?v=LV3mcfqNgcQ , but still not working. Here is my compose. Maybe someone figure it out. When i add end point manualy in compose its drop error - "ERROR [vpn] finding a VPN server: target IP address not found: in 250 filtered connections". Without Endpoint it showing evething is healthy but when i check "curl ifconfig.io" is some ipv6, but no mine end point ipv4. When i click into jellyfin port its now show jellfin gui. I`not using 8096 because its busy by running jellyfin serwer. Jellyfin serwer 8096 i have on Truenas scale Jellyfin serwer 8097 i wanna run on Truenas->Dockge I have already qbittorrent on Docke and its working fine. God bless you all for help;)
-
-
Ehm. I am not sure how your thinking goes here, but the initiator of connections is always some VPN client. The API though operates on the backend of the server infrastructure. There is an endpoint for disconnection because the infrastructure has knowledge of all sessions and can force one of those to be killed, after which the client must reconnect itself. If there were an endpoint for connecting, what would you expect from the server? In the first place, which server? There are 262 possibilities as of today… The closest existing endpoint to your idea would be the generator endpoint which generates a config file. It can be pulled by curl for example right into OpenVPN or a wg-quick command, but as you can see, a client still initiates the connection. Please outline what you're really trying to do, or rather, how your idea came to be. I believe there are ways to do this locally.
