Jump to content
Not connected, Your IP: 3.21.12.41

Recommended Posts

I've read and understand how this works for the most part, and I actually have it working. However, I regularly see connections to bittorrent dropping and taking a long time to come back. This is for incoming sessions, not downloading.

 

Still something that is unclear, so please explain.

 

I have pfsense with 3 concurrent connections to different countries. Each VPN has continuous name resolving enabled, so they will failover when airvpn dns changes IP.

 

I have configured 3 NAT rules for each VPN to forward the port from Airvpn to my server.

 

Question 1:

Bittorrent is seeding and sharing centos7 dvd, and I have 10 clients downloading it. Will those clients randomly use one of the 3 VPN's? How can I actually check this, short of doing tcpdumps on the pfsense box?

 

Question 2:

When Airvpn DNS changes an ip address, my VPN tunnel is broken en reestablished with a new server. I assume the port forward is carried over to the new server instantly, how long should it take for clients to pick up the new ip address and find my seeded torrents again?

 

 

Now, I suspect the dropping connections and long delays in becoming active again is due to AirVPN switching to another IP. But if clients downloading from me are randomly coming in on one of the 3 VPN tunnels, they wouldn't all drop at the same time and this is what puzzles me as well.

Share this post


Link to post

lol

 

How often does AirVPN change IPs? I see various disconnects/reconnects every few hours or so and was wondering what they might be.

 

I'm having port forwarding issues myself... not sure what it is - recent pfsense release maybe? I wish I had a clue

Share this post


Link to post

The port forwarding rules are automatic for all servers, no matter which server you choose.

When you reconnect to a new server, the port you forwarded will be available for your internal IP

from the moment of your connection. The entry/exit IPs rarely change, if ever.

 

When Airvpn DNS changes an ip address, my VPN tunnel is broken en reestablished with a new server. 

Your description of the chain of events is a little wrong.

AirVPN does not change any addresses, it is your device that might be disconnecting, and then resolving the chosen server and

connects to it, which results in the address change you are seeing.

 

You have to investigate your reason for the unwanted disconnects.

Most of the steps are in the pfSense guide.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

The port forwarding rules are automatic for all servers, no matter which server you choose.

When you reconnect to a new server, the port you forwarded will be available for your internal IP

from the moment of your connection. The entry/exit IPs rarely change, if ever.

 

Your description of the chain of events is a little wrong.

When Airvpn DNS changes an ip address, my VPN tunnel is broken en reestablished with a new server. 

AirVPN does not change any addresses, it is your device that might be disconnecting, and then resolving the chosen server and

connects to it, which results in the address change you are seeing.

 

You have to investigate your reason for the unwanted disconnects.

Most of the steps are in the pfSense guide.

 

 

My understanding about the DNS and IP address is that when I use a country FQDN, say america.vpn.airdns.org and I use the openvpn directive "resolv-retry infinite", my VPN client will continually query DNS for changes. I think that it is based on the TTL. So when the record has a TTL of 300, it will query every 5 minutes to see if it has changed.

 

Now, furthermore my understanding is that you (AirVPN) are running something similar to a GSS, a Global Site Selector. Your algorithms decide to which server this FQDN points to, so when the current IP 71.19.252.26 becomes busy, high latency, or whatever, it will switch the DNS record to point to another IP which is less busy, and so forth. Because of the low TTL, clients who query DNS will quickly pick up the new IP.

 

When my VPN client, who is resolving the FQDN continually, detects it has changed, it will reestablish to the new IP. Obviously, when that happens, current connections will be broken.

 
So my disconnects are not unwanted, they are expected due to how I have set things up. I don't want my VPN client to remain stuck on a server that is very busy or has high latency, so I follow your FQDN when it changes.
 
This is how I understand this is working. Please correct me if I am wrong.
 
I realize the other question is probably better suited for the pfsense forums.
 
Thanks!

Share this post


Link to post

This is not what this directive is used for.

 

--resolv-retry n If hostname resolve fails for --remote, retry resolve for n seconds before failing.

 

This does not imply that if a new address is obtained, the old connection should be dropped.

 

You can use the country FQDN in order to get the best server at each time of connection, that part is correct.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

This is not what this directive is used for.

 

--resolv-retry n If hostname resolve fails for --remote, retry resolve for n seconds before failing.

 

This does not imply that if a new address is obtained, the old connection should be dropped.

 

You can use the country FQDN in order to get the best server at each time of connection, that part is correct.

 

I see. I'll have to investigate what is happening. I misunderstood that option so I assumed that was the cause of the disconnects.

 

Thanks!

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...