Jump to content
Not connected, Your IP: 3.231.3.140
Guest

How to connect to a very hostile network?

Recommended Posts

Guest

Hello, I recently bought AirVPN and everything went smoothly. Recently though, the VPN stopped connecting. I've tried reinstalling the TAP driver on multiple versions, I've reinstalled Eddie (both experimental and stable), and tried multiple protocols. The VPN works perfectly on my home network. Any suggestions?

 

I can supply logs when I get them.

Share this post


Link to post

Hello!
 

Did the protocols you tried, include TCP 443 (SSL/SHH)?


Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you.
Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily.

Share this post


Link to post
Guest

Yes I did. I've tried nearly all protocols including TCP 443 (SSH and SSL).

 

Here are my logs: 

 

I 2016.11.09 07:22:48 - Session starting.
. 2016.11.09 07:22:48 - IPv6 disabled with packet filtering.
I 2016.11.09 07:22:48 - Checking authorization ...
! 2016.11.09 07:22:49 - Connecting to Yildun (United States, Miami)
. 2016.11.09 07:22:49 - OpenVPN > OpenVPN 2.3.12 x86_64-w64-mingw32 [sSL (OpenSSL)] [LZO] [iPv6] built on Sep  5 2016
. 2016.11.09 07:22:49 - OpenVPN > Windows version 6.2 (Windows 8 or greater) 64bit
. 2016.11.09 07:22:49 - OpenVPN > library versions: OpenSSL 1.0.2h  3 May 2016, LZO 2.09
. 2016.11.09 07:22:49 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100
. 2016.11.09 07:22:49 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file
. 2016.11.09 07:22:49 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2016.11.09 07:22:49 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2016.11.09 07:22:49 - OpenVPN > Socket Buffers: R=[65536->262144] S=[65536->262144]
. 2016.11.09 07:22:49 - OpenVPN > Attempting to establish TCP connection with [AF_INET]173.44.55.178:80 [nonblock]
. 2016.11.09 07:22:50 - OpenVPN > TCP connection established with [AF_INET]173.44.55.178:80
. 2016.11.09 07:22:50 - OpenVPN > TCPv4_CLIENT link local: [undef]
. 2016.11.09 07:22:50 - OpenVPN > TCPv4_CLIENT link remote: [AF_INET]173.44.55.178:80
. 2016.11.09 07:23:23 - OpenVPN > [uNDEF] Inactivity timeout (--ping-exit), exiting
. 2016.11.09 07:23:23 - OpenVPN > SIGTERM[soft,ping-exit] received, process exiting
! 2016.11.09 07:23:23 - Disconnecting
. 2016.11.09 07:23:23 - Connection terminated.
I 2016.11.09 07:23:25 - Cancel requested.
. 2016.11.09 07:23:25 - IPv6 restored with packet filtering.
! 2016.11.09 07:23:25 - Session terminated.

Share this post


Link to post
Guest

No sadly, none of the methods seem to work. I am on a school network that blocks nearly all websites unless already allowed. It also gives SSL errors whenever you try and connect to a website. Is there a way I can make this work? The only thing I've found to work is connecting using psiphon, then, while connected, go into Eddie and use the port number that Psiphon is currently using. Not even SSL 443 will work. 

 

The weird thing is, it was working just a few days ago. But I was only using 3 different servers. Now all of a sudden, all of AirVPN's servers are blocked.

Share this post


Link to post

The weird thing is, it was working just a few days ago. But I was only using 3 different servers. Now all of a sudden, all of AirVPN's servers are blocked.

 

 

Have you tested alternative entry-IP addresses? It's easy to block all the VPN servers entry-IP addresses because they can be taken just by resolving one name. Alternative entry-IP addresses, instead, are not public and "the censorship lovers" would need to generate a configuration file for each server to get them all. At least you would make them earn properly the money they get to censor your school connections. :)

 

Kind regards

Share this post


Link to post
Guest

Yes. Like I said. Every single method doesn't work. The network I am on is very restricted and only gives access to about 100-200 websites. Is it possible to disguise AirVPN as a certain type of traffic? Even the SSL method doesn't work.

Share this post


Link to post

Do they whitelist based on IP or DNS?

If DNS, maybe you are "friend" with one of the whitelisted sites admins who can set up a A RR for you in their dns....

 

I think if they whitelist IPs only, then you might habe a hard time.

 

edit: Alternatively it might be worth trying if they check the PTR for an IP you want to connect to.

if they whitelist google.com for example and you want to connect to a plain IP, have the owner of that IP set up a PTR RR like www.google.com.

Share this post


Link to post
Guest

I would imagine they white list DNS because every AirVPN server is blocked even though I've used maybe 5 servers. But at the same time, they could be white listing IP's because some websites are blocked while others aren't. Sadly I know no one from the IT department so I might just be screwed. How would I check if they are checking the PTR? And how would I get the owner of the IP to set up a PTR RR. Sorry for my noobieness.

 

Also, some websites that should be fine give SSL errors saying that the certificate is invalid, such as google.com. 

Share this post


Link to post

>>How would I check if they are checking the PTR?

 

You would have to know details/manufacturer of their system and browse the web for manuals.... or go by try and error.

 

>>And how would I get the owner of the IP to set up a PTR RR.

 

The "owner" of an (fixed) IP usually has control over an associated DNS server and hence can set up a PTR RR very easily. In that case this will most likely be airVPN. I am sure they can set up such an "innocent" looking PTR RR on their namservers

 

>>Also, some websites that should be fine give SSL errors saying that the certificate is invalid, such as google.com.

 

That is an indicator for a man in the middle "attack"/system, which replaces the original SSL certs with some bogus ones from the firewall/"security system", so they can read/decrypt the SSL traffic.

Share this post


Link to post
Guest

So what should I do right now? Ask AirVPN to setup a PTR RR?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...