Jump to content
Not connected, Your IP: 3.144.108.200

Recommended Posts

I am currently in China and like to share my experience with airvpn.

Findings

  • Every Hotel Wifi blocks VPN differently
  • Tor (orbot) always works fine
  • Airvpn is a pain on Android
  • stunnel is complicated to install
  • the own android app does not come with predefined profiles
  • the config generator is not mobile friendly
 

I tried to use stunnel on Windows -> eddie has a problem with usernames with a vowel mutation and fails to establish a connection

 

Protocols and IPs

Some IPs from AirVPN Servers seem to be completely blocked. 

E.g. Zuben:

IP1 fails completly (tested on UDP 443 / SSH 22)

IP2 on UDP 443 works fine

IP2 on UDP 1194 works fine

 


Ping to Zuben IP1 fails

Ping to IP2 works fine


 

The weired thing is that I am running 2 VPN servers in my home network. In the actual hotel both are blocked entirely.

What I do not get is why zuben on 1194 works but my VPN in the home network (on 1194 and also on 1195) fails.

I can't even ping my IP (dyndns). The DNS resolution works fine but no connection is possible. It can only be explained if all private network IPs are blocked. I tried a second private IP to connect to and this also failed. 

For the second ip a ping was possible but VPN on tcp/443 failed.

There is no real consistent image I get....

The second IP was never used in china before.

 

 

 

Some thoughts about Eddie

A feature which detects blocked servers (by a ping test?) would be great. Eddie should be capable of choosing the best IP and protocol by itself.

The chinese Firewall is able to detect openVPN connections it would be a could idea to reserve one IP (nr. 4?) only for stunnel and ssh connections. 

In the actual situation I am able to connect via 1194/udp to IP4. If the chinese firewall can detect a VPN it will block the whole IP4 and also stunnel and ssh is not possible any more.

It is a very good idea to develop eddie for android. it should be able to use ssl/ssh connections and all possible IPs and protocols should be available without manual download

 

Share this post


Link to post

Hello!

 

Nothing new, same situation since 2012 at least.

 

From China you need "OpenVPN over SSL" to port 443 (you can configure it with a few clicks in Eddie) or connect over tls-crypt to entry-IP addresses 3 and 4 in TCP (preferably to port 443 to avoid some outbound port block which could be sometimes enforced), when you find a line that's blocking OpenVPN and UDP. Connecting with "tls-crypt" saves you the pain to configure "OpenVPN over SSL" in Android. Currently about 80 Air VPN servers support tls-crypt

 

The fact that you could connect successfully in UDP is a lucky event according to the reports we have. In most cases that's not possible at all from residential, fixed lines, and from mobile lines. Restrictions anyway seem less stringent in tourist and business towns.

 

eddie has a problem with usernames with a vowel mutation and fails to establish a connection

 

This looks like a bug, it's under investigation, thanks.

 

Thank you for the report.

 

Kind regards

Share this post


Link to post

It would be great if you could start a pinned thread concerning the new tls crypt feature and its consequences.

Google couldn't help me so much.

I found this on reddit: https://www.reddit.com/r/VPN/comments/82pc26/tlscrypt_vs_stunnel/

This says that tls crypt is not as effective as stunnel.

 

My questions concerning tls-crypt:

  1. Is tls crypt as effective as stunnel in hidding an openvpn connection?
  2. How can I find airvpn servers supportings this feature?
  3. How can I use this feature on android? Do I have to use a specific app or activate something in the app?

Share this post


Link to post

@hugomueller

 

Please see here:

https://airvpn.org/topic/28153-ipv6-support-and-new-smart-features/page-3?do=findComment&comment=75733

 

The same thread can be taken as a reference. Simply, tls-crypt is supported and mandatory on entry-IP addresses 3 and 4. OpenVPN 2.4 or higher is required.

 

https://airvpn.org/topic/28153-ipv6-support-and-new-smart-features

 

tls-crypt encrypts the whole Control Channel and has been reported as effective in bypassing blocks in China and Iran at the moment (to port 443 preferably, otherwise you could experience a generic, not OpenVPN related, outbound port blocking).

 

Kind regards

Share this post


Link to post

@hugomueller

 

Please see here:

https://airvpn.org/topic/28153-ipv6-support-and-new-smart-features/page-3?do=findComment&comment=75733

 

The same thread can be taken as a reference. Simply, tls-crypt is supported and mandatory on entry-IP addresses 3 and 4. OpenVPN 2.4 or higher is required.

 

https://airvpn.org/topic/28153-ipv6-support-and-new-smart-features

 

tls-crypt encrypts the whole Control Channel and has been reported as effective in bypassing blocks in China and Iran at the moment (to port 443 preferably, otherwise you could experience a generic, not OpenVPN related, outbound port blocking).

 

Kind regards

 

 

I'm sorry, I feel bad for you Staff.  No matter how many times you say *entry IP 3 and 4* people still seem to not comprehend.  I guess they just don't open their eyes. 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...