Major system upgrade COMPLETED

[gizurr 1]

Great work guys!

[Solex1 2]

    Hello Airvpn Staff,

As promised you delivered!!!

Many Many Thanks,

                  Solex1 

[CultureVulture 30]

Hang on -isn't config generator for Italy missing?

[Solex1 2]

Hello All,

 

2014-04-14 00:25:06 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA

 

Keep Up The Hard Work,

[hurty 0]

Has anyone gotten the new update to work with pfsense?

[wer 14]

Thanks for your efforts. Good job, everything seems to work perfectly!

 

Hang on -isn't config generator for Italy missing?

Not only the config generator but the whole server!

 

Will it come back?

[foxwood 4]

To quote an old car commercial, "Isn't it nice when things just work."

 

All working fine here. Many thanks! 

[franzdeu2030 0]

Hello,

 

I´m trying to connect with DD-WRT, but it´s getting TLS error. Prior to the update I could connect normaly.

 

This is my configuration (I have already generated the new keys):

 

Server IP/Name: 46.165.208.65

Port: 443

Tunnel Device: TUN

Tunnel Protocol: TCP

Encryption Cipher: AES-256 CBC

Hash Algorithm: SHA1 (tried other, but same TLS error)

TLS Cipher: TLS-DHE-RSA-WITH-AES-256-CBC-SHA

LZO Compression: Yes

TLS Auth Key: copy from ta.key (from -----BEGIN OpenVPN Static key V1----- to the end)

CA Cert: copy from ca.crt (from -----BEGIN CERTIFICATE----- to the end)

Public Client Cert: copy from user.crt (from -----BEGIN CERTIFICATE----- to the end)

Private Client Key: copy from user.key (from -----BEGIN RSA PRIVATE KEY----- to the end)

 

The complete error message is:

20140413 20:53:29 N TLS_ERROR: BIO read tls read_plaintext error: error:140830B5:lib(20):func(131):reason(181)
20140413 20:53:29 N TLS Error: TLS object -> incoming plaintext read error
20140413 20:53:29 N TLS Error: TLS handshake failed
20140413 20:53:29 N Fatal TLS error (check_tls_errors_co) restarting

 

Could someone help me solve this problem?
 

[neob4 1]

AirVPN rocks, once again the AirVPN team going the extra for their members.  We appreciate!!

 

I just got 43mpbs out of my ISP's max 50mbps connecting to a AirVPN server in my country!!!

 

Job well done.  I also appreciate being able to connect another device, phone etc.  That is sweet!

 

Thanks again from an appreciative customer.

[Staff 9972]

 

I want to verfiy something. I've downloaded all new keys, etc. I noticed the post stating:

 

"the "TLS-Cipher" or equivalent name in your configuration becomes: TLS-DHE-RSA-WITH-AES-256-CBC-SHA"

 

I changed the TLS Cipher in DD-WRT's OpenVPN settings to the above and get a TLS error. However, turning this off logs me in fine. Am I misunderstanding that it becomes that on your end and I need to change nothing in DD-WRT, or am I hitting a bug?

 

Hello!

 

Maybe you're using one of the older builds in which it is necessary to set TLS Cipher to "None" (every other setting will cause a connection failure). On some, old builds, setting TLS Cipher to "None" is the only solution: pasting the ta.key will cause DD-WRT OpenVPN implementation to consider anyway the additional TLS Auth configuration, fixing the apparent bug.

 

Kind regards

[Staff 9972]

 

Hello,

 

I´m trying to connect with DD-WRT, but it´s getting TLS error. Prior to the update I could connect normaly.

 

This is my configuration (I have already generated the new keys):

 

Server IP/Name: 46.165.208.65

Port: 443

Tunnel Device: TUN

Tunnel Protocol: TCP

Encryption Cipher: AES-256 CBC

Hash Algorithm: SHA1 (tried other, but same TLS error)

TLS Cipher: TLS-DHE-RSA-WITH-AES-256-CBC-SHA

LZO Compression: Yes

TLS Auth Key: copy from ta.key (from -----BEGIN OpenVPN Static key V1----- to the end)

CA Cert: copy from ca.crt (from -----BEGIN CERTIFICATE----- to the end)

Public Client Cert: copy from user.crt (from -----BEGIN CERTIFICATE----- to the end)

Private Client Key: copy from user.key (from -----BEGIN RSA PRIVATE KEY----- to the end)

 

Hello!

 

Can you please re-check all the certificates and keys and make sure that you pasted properly (just in case you committed a "paste mismatch")? Also, can you please make a test with "TLS Cipher" set to "None"? Finally, we disabled LZO compression, please set it to "None" or "No".

 

Kind regards

[b1cycl3 0]

Regarding DD-WRT with the most recent K3.x build available (v24-sp2 (03/29/14) mega - build 23838) and TLS-DHE-RSA-WITH-AES-256-CBC-SHA:

 

The TLS cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA is not an available cipher.  The closest ciphers are TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 and TLS-DHE-RSA-WITH-AES-256-CBC-SHA384; both of which produced tls-errors in the OpenVPN status panel and would not connect.

 

I was able to successfully connect with the TLS-DHE-RSA-WITH-AES-128-CBC-SHA cipher.

 

Thoughts?

[LittleRedRidingHood 0]

Hi!

I'm also having TLS-related problems while trying to connect from my good old WRT54GL (OpenWRT 10.03.1 "Backfire") to airvpn after the announced modifications. All keys/certs have been exchanged against the new ones. I also read the remark regarding that TLS ciphers... but the generated config files didnt contain any appropriate "tls-cipher" line... is that intended?

 

Sun Apr 13 21:29:37 2014 OpenVPN 2.1.4 mipsel-openwrt-linux [sSL] [LZO2] [EPOLL] built on Nov 15 2011

Sun Apr 13 21:29:37 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

Sun Apr 13 21:29:38 2014 Control Channel Authentication: using '/etc/openvpn/airvpn.tls' as a OpenVPN static key file

Sun Apr 13 21:29:38 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Sun Apr 13 21:29:38 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Sun Apr 13 21:29:38 2014 Control Channel MTU parms [ L:1559 D:168 EF:68 EB:0 ET:0 EL:0 ]

Sun Apr 13 21:29:38 2014 Socket Buffers: R=[43689->65534] S=[16384->65534]

Sun Apr 13 21:29:38 2014 Data Channel MTU parms [ L:1559 D:1450 EF:59 EB:4 ET:0 EL:0 ]

Sun Apr 13 21:29:38 2014 Attempting to establish TCP connection with 178.162.198.40:443 [nonblock]

Sun Apr 13 21:29:39 2014 TCP connection established with 178.162.198.40:443

Sun Apr 13 21:29:39 2014 TCPv4_CLIENT link local: [undef]

Sun Apr 13 21:29:39 2014 TCPv4_CLIENT link remote: 178.162.198.40:443

Sun Apr 13 21:29:39 2014 TLS: Initial packet from 178.162.198.40:443, sid=37d1b797 e00c1a85

Sun Apr 13 21:29:43 2014 VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

Sun Apr 13 21:29:43 2014 Validating certificate key usage

Sun Apr 13 21:29:43 2014 ++ Certificate has key usage  00a0, expects 00a0

Sun Apr 13 21:29:43 2014 VERIFY KU OK

Sun Apr 13 21:29:43 2014 Validating certificate extended key usage

Sun Apr 13 21:29:43 2014 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

Sun Apr 13 21:29:43 2014 VERIFY EKU OK

Sun Apr 13 21:29:43 2014 VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

Sun Apr 13 21:30:43 2014 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Sun Apr 13 21:30:43 2014 TLS Error: TLS handshake failed

 

 

 

[Staff 9972]

Regarding DD-WRT with the most recent K3.x build available (v24-sp2 (03/29/14) mega - build 23838) and TLS-DHE-RSA-WITH-AES-256-CBC-SHA:

 

The TLS cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA is not an available cipher.  The closest ciphers are TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 and TLS-DHE-RSA-WITH-AES-256-CBC-SHA384; both of which produced tls-errors in the OpenVPN status panel and would not connect.

 

I was able to successfully connect with the TLS-DHE-RSA-WITH-AES-128-CBC-SHA cipher.

 

Thoughts?

 

Hello!

 

We don't know for sure how it's possible since the Data Channel is AES-256-CBC. Speculating, we could assume that the TLS Cipher is overridden, in the part pertaining to the Data Channel cipher, by the appropriate field in case of conflicts, and the TLS Cipher, in this case only, is used in the part TLS-DHE-RSA... keep in mind, this is just speculation.

 

Kind regards

[franzdeu2030 0]

 

Hello,

 

I´m trying to connect with DD-WRT, but it´s getting TLS error. Prior to the update I could connect normaly.

 

This is my configuration (I have already generated the new keys):

 

Server IP/Name: 46.165.208.65

Port: 443

Tunnel Device: TUN

Tunnel Protocol: TCP

Encryption Cipher: AES-256 CBC

Hash Algorithm: SHA1 (tried other, but same TLS error)

TLS Cipher: TLS-DHE-RSA-WITH-AES-256-CBC-SHA

LZO Compression: Yes

TLS Auth Key: copy from ta.key (from -----BEGIN OpenVPN Static key V1----- to the end)

CA Cert: copy from ca.crt (from -----BEGIN CERTIFICATE----- to the end)

Public Client Cert: copy from user.crt (from -----BEGIN CERTIFICATE----- to the end)

Private Client Key: copy from user.key (from -----BEGIN RSA PRIVATE KEY----- to the end)

 

Hello!

 

Can you please re-check all the certificates and keys and make sure that you pasted properly (just in case you committed a "paste mismatch")? Also, can you please make a test with "TLS Cipher" set to "None"? Finally, we disabled LZO compression, please set it to "None" or "No".

 

Kind regards

Hello,

 

I confirm that changing TLS Cipher to none solved the problem. My DD-WRT is v24-sp2 (02/04/14) std - build 23503, so it´s not an old one.

 

Just one more question: disabling TLS Cipher implies in risks?

 

Thanks

[Staff 9972]

 

 

Hello,

 

I´m trying to connect with DD-WRT, but it´s getting TLS error. Prior to the update I could connect normaly.

 

This is my configuration (I have already generated the new keys):

 

Server IP/Name: 46.165.208.65

Port: 443

Tunnel Device: TUN

Tunnel Protocol: TCP

Encryption Cipher: AES-256 CBC

Hash Algorithm: SHA1 (tried other, but same TLS error)

TLS Cipher: TLS-DHE-RSA-WITH-AES-256-CBC-SHA

LZO Compression: Yes

TLS Auth Key: copy from ta.key (from -----BEGIN OpenVPN Static key V1----- to the end)

CA Cert: copy from ca.crt (from -----BEGIN CERTIFICATE----- to the end)

Public Client Cert: copy from user.crt (from -----BEGIN CERTIFICATE----- to the end)

Private Client Key: copy from user.key (from -----BEGIN RSA PRIVATE KEY----- to the end)

 

Hello!

 

Can you please re-check all the certificates and keys and make sure that you pasted properly (just in case you committed a "paste mismatch")? Also, can you please make a test with "TLS Cipher" set to "None"? Finally, we disabled LZO compression, please set it to "None" or "No".

 

Kind regards

Hello,

 

I confirm that changing TLS Cipher to none solved the problem. My DD-WRT is v24-sp2 (02/04/14) std - build 23503, so it´s not an old one.

 

Just one more question: disabling TLS Cipher implies in risks?

 

Thanks

 

Hello!

 

Absolutely no risks at all. The additional TLS authentication through the ta.key is clearly performed anyway (not that it adds any relevant security on your end, it's just an additional protection for our servers) because otherwise our servers would not accept your connection. It seems a bug of the OpenVPN client DD-WRT configuration page, but it is totally harmless.

 

Kind regards

[PirateParty 49]

Thanks for your efforts. Good job, everything seems to work perfectly!

 

Hang on -isn't config generator for Italy missing?

Not only the config generator but the whole server!

 

Will it come back?

 

Crucis server (Italy) is under maintenance.

[Afronautz 5]

Customers running any other OpenVPN wrapper or OpenVPN will need to re-download configuration, certificates and keys files.

 

This upgrade is not exactly going smoothly for me, although I've never had a problem in the past.  I'm familiar with the config files for the various servers, but I don't recall ever downloading any "certificates" or "keys files".  Where exactly can these be found for download? I'm on Windows 7/64bit, and I access without the AirVPN client. What exactly do I need to do to upgrade from the previous version (...which was working fine for me).  

 

Somehow, I'm not exactly clear, and I don't remember it being this confusing.

[darckhart 2]

i think you said it already: different devices on different servers simultaneously = win. i travel a lot, so one for home router, one for phone, one for laptop. pretty unlikely that i'm using all simultaneously, but hey, now i know it'll work! =)

 

p.s. thanks for all the upgrades airvpn!

 

 

 

Its better to use your regular connection for personal things and use a VPN for everything else in your anonymous life. Also you can use different servers on different devices. Not really sure what the benefit of that is but 3 connections is better than 1!

 

About the only advantage I can see is that your 3 simultaneous vpn connections won't be hammering just one server. By spreading the load over 3 different servers there *may* be a slight performance benefit. Not sure if it'll really be noticeable though considering you still share any server with other users, but more options are better than none. 

 

I was just wondering if there were any other benefits to 3 simultaneous vpn connections that perhaps aren't so obvious - something technical perhaps? 

[supervga 3]

Hello Hello,

 

Thanks for all the work!

 

I have an issue with my tomato based router, even after putting the new keys in, it wont connect.

I've attached screenshots to this post.

 

- I can connect via tunnelblick with the same config via laptop just fine

- I switched off and on compression (it was ON before the update)

 

I had this in my extras BEFORE the update:

resolv-retry infinite
ns-cert-type server
comp-lzo
verb 3

 

(and changed it now but its still not working)

 

Thanks a lot for the help!

 

[MVirgilStone59 15]

Tack så mycket!

Tack så mycket för de stora tjänsterna på AirVPN. Jag var imponerad innan uppgraderingen och nu är jag mycket imponerad.

Tack så mycket!

 

Thank you so much!

Thank you so much for the great services on AirVPN. I was impressed before the upgrade and now I am very impressed.

Thank you so much!

 

[thusspokesarahthrustra 0]

What If you use a mac? anything I should re install or do before trying to use tunnelblick and my saved vpn servers?

[moz2186 0]

This is just FYI for anyone having some trouble.

 

I run on a Ubuntu 12.04 server. I had an older version of OpenVPN, the one maintained by Ubuntu. No dice. I added the repos for the package maintained by OpenVPN. Still no dice. I tried different servers, different ports, etc. only to find that this line:

 

tls-auth "ta.key" 1

 

was missing the "1" on the end. I put that in and it connected straight away. I had my stupid moment for the day so I hope this might help someone else.

[perhentian 2]

Fantastic guys!!

[nunz 5]

I am a VPN newbie on OS X 10.9.1 Mavericks. So, please bear with my elementary questions.

 

On this page under Mandatory actions, I see "Customers running any other OpenVPN wrapper or OpenVPN will need to re-download configuration, certificates and keys files."

[1] For new configuration files, I re-visited this page and generated a few new ones and replaced the old ones with them.

[2] But, where do I find and re-download new certificates?

[3] Also, where do I find and re-download new keys files?

 

Thank you for your guidance!!