Jump to content
Not connected, Your IP: 3.235.101.141

Recommended Posts

Hello there,

 

So I was wondering ipleak says tor exit unknown and AirVPN exit yes that means i'm using AirVPN exit node right. Also

http://ipleak.net shows the DNS I'm connected to. I don't believe this is concerning but want to make sure my ip per say sweden is suppose to be the same as the DNS listing. for future reference for anybody setting up openvpn i suggest you set up iptables it took some time but with three days of research successful. arashmilani.com/post?id=53 https for eth0 and wlan0 just substitute eth0 with wlan0 and for tor users you need tcp tor does not work with udp so when you set up openvpn set it up for tcp. iptables-save into a iptable.firewall.rules folder /etc then when you want to activate them you iptables-restore -c < then the file saved. this is only true for linux distro sorry windows fans. you want to set up port forwarding on your modem to your modem ip and set the input-output all of them to 1194 hope it helps. for now the tor exit node to be or not to be a problem thanks. I think linux is the way of life theres not much you can do to keep microsoft out of your file system.

 

 

When you ste up iptables type them one at a time into terminal root user and when finshed iptables-save reboot iptables-restore then to check them iptables -L

 

so the iptables command is iptables-save > then something like /etc/iptables.firewall.rules

 

I believe AirVPN uses openvpn so I set it up manually on my pi b 3 with pivpn. the only problem i had with this is with systemd systemctl openvpn would be active but not run so what i did was change the directory that ran the file from i believe /var/systemd/system/hgdgj.service to /var/systemd/openvpn@server.service you should have a @dhfghd.service in your var file i believe. How i did this was systemctl preset openvpn@server.service your file might have a different name but it will be your key i think @.service then i stopped @.service systemctl stop dfggghd then start systemctl start then systemctl daemon-reload all in root reboot restore ip tables iptables-restore like i said before to run airvpn i simply systemctl stop openvpn@jdhfjh.service then loaded the app airvpn and connected like i said i'm using pi b 3 so i installed the mono portable and took advice from forum user installed mono4 from another forum unfortunatlly you have to configure openvpn

there was also a script i saved from git hub from openvpn service do it at your own risk theres about 3500 lines in this file https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/socket.c I could not read all this in 3 life times so whatever you have to make the directory mkdir note this is systemd users.

 

if you have a pi and use pivpn the space bar selects the option do that on eth0 or wlan0 and tcp for tor users

 

pi users or linux maybe anybody make sure to install openssl and ssh

 

dhcpcd -U eth0 or wlan0 to check all addresses for network you want your address is your host address your netmask will be ifconfig, the network number is on the first comman dhcpcd just type network broadcast is ifconfig gateway is your modem ip and if you have opendns in the first command type dns-server not servers for each address and type the address you want static ip so it would be

 

iface eth0 inet static or wlan0 control x then y save reboot everytime you go to whats my ip it should be the same follow the instruction at the top and you should be all set make sure to edit torrc file as accordingly to get airvpn click on tor and read make sure all addresses are 4 spaces in

 

if if config doesn't work root sudo -i apt install net-tools

 

i try to stay out of super user so sudo -i is root command safely for debian

 

i also install dhcp server with isc-dhcp-server maybe that might help but do it at your own risk as root

 

webrtc leaks download extension you can just go into browser settings go to extensions get more extensions look for webrtc limiter or whatever it is make sure you click options in the extensions under the webrtc extenstion and set it to use proxy i am not sure about this do it at your own risk but that should not show your ip

 

note if you go to ipleak not with an s you see tor exit as unknown look right below you will see airvpn exit yes if set up right if you are having a hard time executing app make sure you are in directory path of airvpn.exe if your using portable i'm using mono portable on debian also you set it up right you can go into preferences in app under airvpn at the top and set ssl primary i believe for extra encryption make sure to set the control port in torrc file to 9151 and delet the # if one just sit on it and hit delete not backspace once do it at your own risk for i'm not sure of the port but its recommended by airvpn tor should work when tested uncomment cookieAuthentication 1 in torrc file and then reload daemon by systemctl daemon-reload for systemd users i would reboot update i dont upgrade because of my network restore iptables you can write a sh script for autamatic reload but it don't tale long to reload them manually.

 

there will be a green button lit up on yes airvpn exit if set up right good luck with openvpn i believe airvpn is the greatest to come by and is the linux powerhouse of vpns keep in mind if it dont run right its probably a problem with openvpn not airvpn logs tell all keep a watch on them at all times

 

at the begining of this it is suposse to be /etc/iptables.firewall.rules not iptable

 

your interfaces file should look like this

 

 

iface eth0 inet static

address

netmask

network

broadcast

gateway

dns-server if some

dns-server if some

 

allow-hotplug wlan0

iface wlan0 inet static

address

netmask

 

you can to the same with wlan0 as eth0 but make sure you use the correct addresses

 

this is huge for the right network

 

if using tor try to stay away from google dns if you want to stay anonyimous pi vpn for open vpn my pi i just used opendns that what was recommend to me

 

if you have dns in that command for eth0 dhcpcd -U eth0 that is opendns feel free to use them in interfaces

 

when setting everything up you need to be root sudo -i debian for safety

 

i am a sloppy writer so i hope you can understand if not i might be able to explain it alittle better

 

there are some youtube videos on how to set up openvpn with air if you want to check them out

 

for windows

 

I have a slightly different set up then just the tor browser so if this isn't helpful its because you have a different set up then i do but this topic is close to being right

 

also for servers as such might want to install lamp server dont know if it would be helpful but i have it on all my computers mysql apache all that good stuff you can follow tutorials on line and do it manually easy enough its good to have with power houses

 

note if you do set up lamp server for power house setting up mysql it will prompt you to make a stronger password click no because nothing will work

 

my vpn is running top notch so do as said and you should be all set penguin warriors

 

keep in mind it took me about a week to do this not a days job

 

there will be errors and if you get a system problems error linux will fix itself give it time

 

command lines can be a pain sometimes i have learnt to be patient

 

at the very top i meant in port forwarding not all ports givin but both input and output there should be four of them

 

I did not change my password for my modem for reasons that i got booted out of my modem and couldn't get back into it might be different for people who own there own router but i wouldn't do anything to modem that comes from cable company i would just create really complex password on devices lower case capital number special chara puntuation and maybe spaces because you are opening your port to the outside world and they need your login password to get into your devices

 

your modem ip is the ip you log into your modem with from the web

 

do all this at your own risk because i am not a professional

 

for any mad tor user i suggest setting up a router through a pi there about 50 bucks that is a project all in itself and your on your own with that but what i did was hook the ethernet into my pi and set the tunnel through that and use my network to connect to my pi when i want to use it through my wifi on my host machine so i can keep an open line directly to my modem from a different access point and all is well i believe that what they mean when they say tor through openvpn through airvpn to isp

 

your tor traffic should be going to openvpn dns before it goes to air dns i believe that why air uses opnvpn im not worried about a service around europe because the laws are different then everywhere else its when the isp and the government collaberate to see what everybodies doing think about it is the government going to collaberate with air service or the isp i trust air way before i would the isp air is ran by human rights peoples i think is what i read maybe so think about it air service somewhere in europe or isp corperate elite that do nothing but profile people

 

you want all the encryption you can get when going to isp if you are trying to be anonymous if they only see the dns then they can know the ip all they want because it going back through the dns encrypted so how can they even see that im using tor in the first place if the ssl layer from air is covering the ssl layer of the ssl layer lol

 

the isp is only the man that throughs it back to you the only reason it even has to go through them is because there trying to profile people so it gos through a million dnses then they recieve it then through it back through the dnses so they don't actually see anything other then the fact that they need to through it back out im sure noone is even looking that would be impossible it hits there servers and circles around and make the loop all the way back the the million dnses under ssl under ssl under ssl lol

 

keep in mind if you set an ap for pi you want to configure/etc/host/hostapd im not sure and not going to go there but with research you will figure it out super users know the research it comes mandated with linux

 

tails is the way of tor and a secure linux distro i would check into it if you use tor because using your host machine for tor browsing is like handing the government all your personal info or any hacker at be and there are millions of them at least if you get spied on simple reformat of usb is all it takes

 

forbid noscript at the left of your screen for first time tor users if the government is going to back door tor they will do it with that its java script and java has tons of bugs in it.....

 

i really dont care but its always good to play it safe after all you want to stay anonymous right

Share this post


Link to post

What the..?

 

First of all, thank you for this guide and the time you invested into it.

Unfortunately, the surge of posts makes your guide very difficult to follow, seeking specific information as well. When your train of thoughts comes to a halt, could you please pretty it up a bit? Include a table of contents in the first post, rearrange the posts, bundle the same kind of info into chapters and subchapters, use punctuation, etc. That way, it's more likely people will read it and your work won't be in vain that much.

You'll need to empty some of the posts, unfortunately you cannot hide/delete them. Apart from this, I'm sure there are people looking for this kind of info, so there's your incentive.

 

Sent via Tapatalk. Means, I don't have a computer available now.


» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

i will resume latter  don't know what happened to the post but i can clearly see that they all got compiled together sorry all i will figure this out tommorrow

Share this post


Link to post

so you might not need to do this it depends on your system and purpose of your network do this at your own risk!!!

I dont know how to compile this neatly so this is going to blow up the post.

 

Sorry about the confusion this is what I did. I have know idea how to set subdirectories and am to tired to think so here it is
note you might not have to do this for air vpn might com with openvpn in package but i wanted to be safe.
this is only for debian ubuntu or rasbian i'm not sure about power house servers
 
as root sudo -i
install  openssl and i installed ssh and net-tools.the next steps are optional dhcp server and lamp server i am using mono portable so look on air forum under how to rasberry for mono it might be needed to run air "debian"
 
1. I installed dhcp server with the command apt install isc-dhcp-server but i recommend for other uses.
 
2.set up lamp-server I would do it manually because the easy way isn't so easy. when you set up mysql do not make password stronger you will see this when you set it up there will be a bunch of questions here is a site https://www.rosehosting.com/blog/how-to-install-lamp-linux-apache-mysql-php-and-phpmyadmin-on-a-debian-8-vps/ note php admin might not download this is just to configure it but no need for me so i skipped it and change the php to 7 not 5 when installing php.
 
apt update
 
3.I configured my interfaces file with dhcpcd -U eth0 or wlan0 witch ever you are setting your tunnel up for.and ifconfig these two command will tell you everythin you need for your interfaces.your interfaces should look like this
 
auto lo
iface lo inet loopback
 
 
iface eth0 inet static
    address 
    netmask 
    network 
    broadcast 
    gateway 
    dns-server 
    dns-server 
 
allow-hotplug wlan0
iface wlan0 inet static
    address 
    netmask 
 
 your gateway is your modem's ip address. the dns-server is open dns in the first command i gave you dhcpcd if not skip it.
 this file depends on what interface you are using. them commands should tell you everything you should need to know. Make sure to reboot. whats my ip should be the same everytime
 
4. if you want to install openvpn you can do this from air site or do it manually. 
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-debian-8 this is going to take awhile just copy and paste the commands.
if you have raspbian pivpn is quicker space bar to select make sure to select your interface and use tcp if using tor .otherwise 
make sure to chmod -R 777 /etc/openvpn/ 
for access you can change this latter but i keep that way because the way i see it if someone gets in my computer through a 400 character password they will have access to them anyway
 
if you install openvpn manually make sure to leave the challenge password blank ..... when setting up key
 
in the server.conf file https://gist.github.com/laurenorsini/9925434 in my case it is server.conf this file was from pivpn the openvpn for raspberry so look closely...
 
local #put your device ip
dev tun
proto tcp
port 1194
ca /etc/openvpn/easy-rsa/#pki#/ca.crt remove between the # if they tell you to create keys folder make sure these directories or point to your keys
cert /etc/openvpn/easy-rsa/pki/issued/name of crt .crt#..........1 in my case its server for both and remove the pki directory and isseued and private setting it up manually everything will be in the easy-rsa and keys folder i think
key /etc/openvpn/easy-rsa/pki/private/name of key.key#...........2 you want these in your file path
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0#this is your netmask.......3
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"# not sure left it the same.................4
# Add route to Client routing table for the OPenVPN Subnet
push "route 10.8.0.0 255.255.255.0" #netmask.................................5
# your local subnet
push "route #put your gateway address.....6 #255.255.255.0"netmask.............................7 make sure to fill these in i believe your gateway will always end with 0
# Set your primary domain name server address for clients
push "dhcp-option DNS 208.67.222.222"#left these the same its up to you you can also use google dns 8.8.8.8 and 8.8.4.4.....8
push "dhcp-option DNS 208.67.220.220"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0# change directory
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
#crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
log /var/log/openvpn.log
verb 1
 
the ones that start with # on the far left you can keep there if not they are just comments so they dont matter make sure you delete the # where i have described to you actions to take in the file some of them are numbered you can ls -la the file directory if you want to see the keys
 
you should have a vars file in openvpn this should be /etc/ directory directory change the 1024 where it says if you are paranoid to 2048 and fill in your information in locale US STATE PROVINCE all that good stuff below 
there is a export key name change that to server key name to the export key org in info you just filed out
and change at the top you have an export easy_RSA="pwd" change this to "/etc/openvpn/easy-rsa". with quote  
 when bulding key it gave me a no such file error i don't know why but if you follow the tutorial you should not have a problem. your "export key org" i would just call it server for easier handling 
so when you build your key you can just hit enter these things will already be filled in. i would just name client key client1   2   3   4 if you have more then one
 
you should have a Default.txt file if not create one that looks like this
 
client
dev tun
proto tcp
remote #put your internet ip here the one that is on whats my ip.....1 1194 #leave the 1194
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server name
cipher AES-256-CBC
auth SHA256
comp-lzo
verb 1
 
 
 note all these files can be found on github just google file directory
note the first key you make is your server key the second is your client key.
 
dh key will take about 30 minutes
there are ways to make your keys stronger check out youtube james gallagher is good the openssl command and changing des3 to 3des you want to create the ta.key so follow closely to video
 
i'm doing this off the skin of my teeth so hope it works
 
 i put a file in my var  directory it should be the one supplied to you i had to mkdir file directory it was on this > site, but do it at your own risk https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/socket.c
i also systemctl preset in my case it was openvpn@server.service because my key was server check this in /var/systemd/system there is a file that says key openvpn@name.service preset that. systemctl daemon-reload
systemctl stop openvpn@name.service then start it i would reboot then update systemctl daemon-reload then systemctl restart openvpn@name.service
also you want to log into your modem and set the port forwarding to your modem ip and 1194 1194 1194 1194.
like i said i did this with pivpn so it might work for you it might not this post is to be continued with iptables note make sure to read these files carefully because i did not comment the examples out in some of them.
the iptables are self explanatory you need them to run openvpn. remember to run air you need to stop openvpn@name.service i will resume latter with iptables or you can figure it out from the ocean of thoughts
you want to transfer a copy of the ovpn file to each device make sure it can be accessed that's all i know doing more research for i only connect to my pi through tunnel.
note i hade trouble setting up the tunnel many times and it took almost a week to set this thing up you want to see tun0 or like in your ifconfig if you don't i would make sure to set iptables 
tun0 should be installed when installing openvpn and configuring files.if this does not help download config files from air and watch youtube if you are having trouble running it sure to be root and in the directory path of airvpn.exe -c.
note you might have to create the files if so pay close attention if you paste them into it  because i have edited them do to security reasons nobody needs to know my network
I  am sorry if this wont work and sometimes i just get in the way by trying to help if you have questions feel free to ask i don't know it all but i could help anyway i can

Share this post


Link to post

I would remember to back up your file system when you get air to work because periodically it spits out errors and i have found it easiest to reimage when this problem accurs. seems some of the new tor compilations don't like the vpn service or something. my recent one was an authentication error with tor proxy i played around with /etc/tor/torsocks.conf nothing really took place so I reimaged my back up with linux you can use the dd command it should look like this "dd if=/dev/device name like sdb or in my case pi 3 was mmcblk0 was the device name make sure when backing up you use the device name and not the file system name. the first one lsblk command will read the device, sda is the computers hard drive so what i would do in that case is boot an ubuntu flash drive and copy it that way. make sure the live iso flash drive ubuntu reads your hard disk and be very carefull you don't screw this command up because you can erase your disk. the command on ubuntu or debian base distro should be if backing up hard disk but first do it at your own risk i am not responsible for i am not a proffesional!!!   this is what i would do buy a hard drive at least twice the size of my sda get a flash drive install ubuntu iso on flash drive boot into it you will use the dd command for this sudo -i for root  then you can copy the whole device image to the hard drive if you have a terrabyte sda you will want 2 terrabytes for a harddrive, and copy the whole image to it so it would be something like this and make sure your systems are not mounted the hard drive and sda should be umounted for it could mess up you file system. so dd if=/dev/sda of=/dev/sdb if that is your hard drive look for the size of device with command lsblk and thats a lowercase L or you can use sync to sync it with dd if=/dev/sda of=/dev/sdb conv=noerror,sync i have never used this command before but it speaks for itself. what these dd commands will do is only copy your filesystem to your hard drive there is also a way to create an .img file but i'm not sure about keeping a terrabyte file even gziped would probably be so huge that you would have a hell of a time moving it. it requires more research.so with this said remember one thing i have never done this with sda device but this is how i copy my pi device to my host. it's through the dd if=mmcblk0 of=/home/username/backup.img this is ok because my sd card is only 32 gigabytes so i gzip it after copied. it brings it down to about 5 gygabytes remember fat32 fs can only move up to 4 gygabytes so you will need an ext4 or ntfs fs on flashdrive if you do this with sd i back up everything 1000 times on 1000 different hard drives. with windows there are apps you can get to back up your iso not interested. don't just take my word for this article you should take what i have given you and do some research.   thank you from sonic

Share this post


Link to post

to be continued i will post a copy command soon that will be alot easier. you do not have to dd your whole image to a hd

Share this post


Link to post

keep it simple

here's a suggestion:

first, get your local to static config

set all your internet devices and phones/laptops/boxes

to a static config, make sure your router is open source

shut off the dhcp server on the router, set the dns to static

in the router and set that address to airvpn dns via openvpn/ssl

 

then manually set a static config for each device, get rid of all the

dhcp servers etc on all your stuff, ya don't need it, this also will treat

all your devices like a real 'kill switch' meaning you won't have the ability

to connect to the net without openvpn/ssl

 

say you got 5 devices and want each one to have their own server via airvpn,

just buy another airvpn subscription

 

since you are familiar with computers build a pfsense box as your new router

the idea is to keep things as simple as possible so you got less goin on

that means there is less to break, misconfig or update

 

in the end when your iptables /pfsense or ddwrt is up to connect you should need only

3 commands, basically one to up your eth0/enp2s1, next create your stunnel, next to

start your openvpn

 

if your local is configd correctly you should not be able to connect to the internet unless you

are using encryption, meaning stunnel/openvpn, that is a real kill switch and you need your router/pfsense box set up to airvpn's dns

 

for tor, i have my tor notes on my site with my configs, i'm not doin transparent routing, decided against it, so i go with stock tor basically, privoxy, use proxychains-ng, socat etc.

 

this keeps everything inside stunnel

 

splif

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...