hugomueller 13 Posted ... I am currently in China and like to share my experience with airvpn.FindingsEvery Hotel Wifi blocks VPN differentlyTor (orbot) always works fineAirvpn is a pain on Androidstunnel is complicated to installthe own android app does not come with predefined profilesthe config generator is not mobile friendly I tried to use stunnel on Windows -> eddie has a problem with usernames with a vowel mutation and fails to establish a connection Protocols and IPsSome IPs from AirVPN Servers seem to be completely blocked. E.g. Zuben:IP1 fails completly (tested on UDP 443 / SSH 22)IP2 on UDP 443 works fineIP2 on UDP 1194 works fine Ping to Zuben IP1 failsPing to IP2 works fine The weired thing is that I am running 2 VPN servers in my home network. In the actual hotel both are blocked entirely.What I do not get is why zuben on 1194 works but my VPN in the home network (on 1194 and also on 1195) fails.I can't even ping my IP (dyndns). The DNS resolution works fine but no connection is possible. It can only be explained if all private network IPs are blocked. I tried a second private IP to connect to and this also failed. For the second ip a ping was possible but VPN on tcp/443 failed.There is no real consistent image I get....The second IP was never used in china before. Some thoughts about EddieA feature which detects blocked servers (by a ping test?) would be great. Eddie should be capable of choosing the best IP and protocol by itself.The chinese Firewall is able to detect openVPN connections it would be a could idea to reserve one IP (nr. 4?) only for stunnel and ssh connections. In the actual situation I am able to connect via 1194/udp to IP4. If the chinese firewall can detect a VPN it will block the whole IP4 and also stunnel and ssh is not possible any more.It is a very good idea to develop eddie for android. it should be able to use ssl/ssh connections and all possible IPs and protocols should be available without manual download Quote Share this post Link to post
Staff 9973 Posted ... Hello! Nothing new, same situation since 2012 at least. From China you need "OpenVPN over SSL" to port 443 (you can configure it with a few clicks in Eddie) or connect over tls-crypt to entry-IP addresses 3 and 4 in TCP (preferably to port 443 to avoid some outbound port block which could be sometimes enforced), when you find a line that's blocking OpenVPN and UDP. Connecting with "tls-crypt" saves you the pain to configure "OpenVPN over SSL" in Android. Currently about 80 Air VPN servers support tls-crypt The fact that you could connect successfully in UDP is a lucky event according to the reports we have. In most cases that's not possible at all from residential, fixed lines, and from mobile lines. Restrictions anyway seem less stringent in tourist and business towns. eddie has a problem with usernames with a vowel mutation and fails to establish a connection This looks like a bug, it's under investigation, thanks. Thank you for the report. Kind regards Quote Share this post Link to post
hugomueller 13 Posted ... It would be great if you could start a pinned thread concerning the new tls crypt feature and its consequences.Google couldn't help me so much.I found this on reddit: https://www.reddit.com/r/VPN/comments/82pc26/tlscrypt_vs_stunnel/This says that tls crypt is not as effective as stunnel. My questions concerning tls-crypt:Is tls crypt as effective as stunnel in hidding an openvpn connection? How can I find airvpn servers supportings this feature? How can I use this feature on android? Do I have to use a specific app or activate something in the app? Quote Share this post Link to post
hugomueller 13 Posted ... I could find the info about tls crypt in the server side but not in eddie. https://airvpn.org/servers/Cebalrai/ If I want to use tls crypt, the IP plays a role. Does also udp vs. tcp is important? This was my selection in eddie. This seems to work fine on windows Quote Share this post Link to post
Staff 9973 Posted ... @hugomueller Please see here:https://airvpn.org/topic/28153-ipv6-support-and-new-smart-features/page-3?do=findComment&comment=75733 The same thread can be taken as a reference. Simply, tls-crypt is supported and mandatory on entry-IP addresses 3 and 4. OpenVPN 2.4 or higher is required. https://airvpn.org/topic/28153-ipv6-support-and-new-smart-features tls-crypt encrypts the whole Control Channel and has been reported as effective in bypassing blocks in China and Iran at the moment (to port 443 preferably, otherwise you could experience a generic, not OpenVPN related, outbound port blocking). Kind regards Quote Share this post Link to post
go558a83nk 362 Posted ... @hugomueller Please see here:https://airvpn.org/topic/28153-ipv6-support-and-new-smart-features/page-3?do=findComment&comment=75733 The same thread can be taken as a reference. Simply, tls-crypt is supported and mandatory on entry-IP addresses 3 and 4. OpenVPN 2.4 or higher is required. https://airvpn.org/topic/28153-ipv6-support-and-new-smart-features tls-crypt encrypts the whole Control Channel and has been reported as effective in bypassing blocks in China and Iran at the moment (to port 443 preferably, otherwise you could experience a generic, not OpenVPN related, outbound port blocking). Kind regards I'm sorry, I feel bad for you Staff. No matter how many times you say *entry IP 3 and 4* people still seem to not comprehend. I guess they just don't open their eyes. Quote Share this post Link to post