Jump to content
Not connected, Your IP: 3.147.57.239

Recommended Posts

I have a server which is connected permaently to AirVPN. Only some of the servers connections use the VPN connection. To achieve this, I have to bind the service on the server to the IP address that is listed under "Your VPN IPv4" on the current session statistics page (there's a bit more going on in the background, but that's the cruz of it).

 

The problem is, that this IP address keeps changing after a few days. This is very annoying, as it keeps breaking the connection to some of the servers services. Also, the "Connected since" on the stats page keeps resetting.

 

How do I prevent this from happening? Is there a way to keep the same Your VPN IPv4 address?

 

Thanks.

 

EDIT:

 

Ok bit more digging. I think it's becasue my router keeps dropping the connection and then reconnecting. If I subtract the uptime on my router from now, it exactly matches the connected since time on AirVPN.

 

Is there a way to force my vpn connection to give me the same IP I had before?

Share this post


Link to post

Hi,

 

Keeping the same private IP address between sessions would require some kind of logging. So it's probably not going to happen.

Share this post


Link to post

I encountered similar problems for two reasons.

 

The first is described here:

 

https://airvpn.org/topic/25148-ipv6-support-experimental-phase/?p=72730

 

...

 

EDIT: I realized later that this was happening only when I used IPv6 to connect through my home router. In my router I changed IPv6 allocation to "Stateful" from "Stateless", and although the DHCPv6 "lease expiration" is only 24 hours with extensions of between 30 and 150 minutes, unless I restart DHCPv6 on my router the router gives the same IPv6 address on renewal. I think that before this change, after 24 hours my public IPv6 address would change (no NAT for IPv6 in my router setup) and since AirVPN saw a connection from a different IPv6 address it gave out a different address.

 

So this was similar to what you encountered.

 

The second is described here:

 

https://airvpn.org/topic/28494-tunnel-private-subnet-changed/?p=75311

 

 

...

However, you have several small subnets /24 on each server, one per daemon, and you can't say in advance which subnet your system will enter because of the load balancing system which "welcomes" the clients and "assigns" them to the OpenVPN daemon running in the less loaded core (at the moment of connection).

...

So the local IP address you get for your tun device will be different depending upon which daemon the load balancer assigns you to? It used to be that if you connected using the same server and port (i.e. the same config file) you would get the same local IP address. This is no longer true?

 

 

There may be no way around the second issue. For this reason I added a caution in my stuff about using the VPN only for torrenting, which had relied on the IP address staying fixed:

 

https://airvpn.org/topic/9491-guide-to-setting-up-vpn-just-for-torrenting-on-windows/?p=75322

 

I now determine the IP address each time the VPN comes up and reconfigure whatever processes use the VPN.

 

EDIT:

 

Others have also asked about how to specify the IP address locally. See for example:

 

https://airvpn.org/topic/27384-fixed-ip-range-per-openvpn-ipv4-tunnel-network-setting/?p=73268

 

And this bit more specifically:

 

...

EDIT: This may also interest you:

 

https://airvpn.org/topic/14314-static-internal-ip/?do=findComment&comment=28045

...

I have begun using a version of OpenVPN that I patched to add a new configuration command I have tentatively called "ifconfig-nat". It is fairly easy to build OpenVPN from source for Linux yourself (although I have built it for Windows too). So I will paste the patch in at the end of this, in case you want to try it.

 

With the patch applied, I add this line to my configuration files:

ifconfig-nat 10.44.0.2 10.44.0.1
My local address now appears to be 10.44.0.2. And the remote/gateway address appears to be 10.44.0.1.

...

 

I have a more up to date version of that patch. But it only works for IPv4 since there is no "client-nat" for IPv6.

 

 

I could provide my most recent version if anyone wants it.

 

I did start to look at adding "client-nat" for IPv6, so that I could then add my "ifconfig-nat" for IPv6. But it would be tedious debugging it,. And I had an alternative. If someone else wanted to look at this (e.g. someone at AirVPN) I could perhaps help.

 

EDIT 2:

 

If you are using Linux, you could probably use the NAT capability of IPTABLES in an OpenVPN exit to fake a fixed local IP address. But I have no samples to offer.

 

 

This was another reason I did not pursue my patch any further.

Share this post


Link to post

If you connect to a regional domain (e.g. ca.vpn.airdns.org) your IP address may change because you may connect to a different server.

 

If you specify a single server (e.g. alhena.airservers.org) you'll always get the same internet facing IP address.

Share this post


Link to post

If you connect to a regional domain (e.g. ca.vpn.airdns.org) your IP address may change because you may connect to a different server.

 

If you specify a single server (e.g. alhena.airservers.org) you'll always get the same internet facing IP address.

 

The problem is that you now connect to the load balance. And the load balancer assigns you to a server. The IP address depends on which server it assigns you to. So you cannot control this any more. Unless AiVPN has relented from doing this load balancing? They were (justifiably) pleased about this. So I doubt they have removed it.

 

https://airvpn.org/topic/28494-tunnel-private-subnet-changed/?p=75305

 

... and you can't say in advance which subnet your system will enter because of the load balancing system which "welcomes" the clients and "assigns" them to the OpenVPN daemon running in the less loaded core (at the moment of connection).

 

The huge convenience of this implementation is that now we can break the previous throughput limits caused by the lack of "parallelization" of OpenVPN.

 

The Moore's law is being infringed and we can't expect significantly more powerful CPus (at one core level) for a long time; in computing power advancements we will probably never experience again (at least in our life) the peaks of 1996-1998; it's time to fight the software bloat, but a fully scalable multi-core OpenVPN release is probably not coming out soon; therefore the load balancing we have implemented is an immediate break through.

 

Kind regards

 

I added the underline.

Share this post


Link to post

 

If you connect to a regional domain (e.g. ca.vpn.airdns.org) your IP address may change because you may connect to a different server.

 

If you specify a single server (e.g. alhena.airservers.org) you'll always get the same internet facing IP address.

 

The problem is that you now connect to the load balance. And the load balancer assigns you to a server. The IP address depends on which server it assigns you to. So you cannot control this any more. Unless AiVPN has relented from doing this load balancing? They were (justifiably) pleased about this. So I doubt they have removed it.

 

https://airvpn.org/topic/28494-tunnel-private-subnet-changed/?p=75305

 

>... and you can't say in advance which subnet your system will enter because of the load balancing system which "welcomes" the clients and "assigns" them to the OpenVPN daemon running in the less loaded core (at the moment of connection).

 

The huge convenience of this implementation is that now we can break the previous throughput limits caused by the lack of "parallelization" of OpenVPN.

 

The Moore's law is being infringed and we can't expect significantly more powerful CPus (at one core level) for a long time; in computing power advancements we will probably never experience again (at least in our life) the peaks of 1996-1998; it's time to fight the software bloat, but a fully scalable multi-core OpenVPN release is probably not coming out soon; therefore the load balancing we have implemented is an immediate break through.

 

Kind regards

 

I added the underline.

 

 

 

I think that's internally a load balancing across CPU cores, not servers.  My external IP is consistently what I expect it to be depending on the server I use.

Share this post


Link to post

 

 

If you connect to a regional domain (e.g. ca.vpn.airdns.org) your IP address may change because you may connect to a different server.

 

If you specify a single server (e.g. alhena.airservers.org) you'll always get the same internet facing IP address.

 

The problem is that you now connect to the load balance. And the load balancer assigns you to a server. The IP address depends on which server it assigns you to. So you cannot control this any more. Unless AiVPN has relented from doing this load balancing? They were (justifiably) pleased about this. So I doubt they have removed it.

 

https://airvpn.org/topic/28494-tunnel-private-subnet-changed/?p=75305

 

>... and you can't say in advance which subnet your system will enter because of the load balancing system which "welcomes" the clients and "assigns" them to the OpenVPN daemon running in the less loaded core (at the moment of connection).

 

The huge convenience of this implementation is that now we can break the previous throughput limits caused by the lack of "parallelization" of OpenVPN.

 

The Moore's law is being infringed and we can't expect significantly more powerful CPus (at one core level) for a long time; in computing power advancements we will probably never experience again (at least in our life) the peaks of 1996-1998; it's time to fight the software bloat, but a fully scalable multi-core OpenVPN release is probably not coming out soon; therefore the load balancing we have implemented is an immediate break through.

 

Kind regards

 

I added the underline.

 

 

 

I think that's internally a load balancing across CPU cores, not servers.  My external IP is consistently what I expect it to be depending on the server I use.

 

 

I believe the only way to do this is to start a separate OpenVPN server for each core (using "taskset" for example). And staff used the phrase "to the OpenVPN daemon running in the less loaded core". So a separate daemon on each core. Each with its own state for its "ifconfig-pool-persist" file.

 

It would be very good if I am mistaken. Perhaps staff could clarify this?

Share this post


Link to post

I believe the only way to do this is to start a separate OpenVPN server for each core (using "taskset" for example). And staff used the phrase "to the OpenVPN daemon running in the less loaded core". So a separate daemon on each core. Each with its own state for its "ifconfig-pool-persist" file.

 

It would be very good if I am mistaken. Perhaps staff could clarify this?

 

The load balancing is internal to each server, yes, and it is rigorous. The global load balancing on VPN servers is quite different. It is a best effort balancing based on servers scoring and Eddie decisions for those users who let Eddie pick a server automatically and those who use a different client with Air country or continent domain names. The global load balancing can not be rigorous because each customer is free to force a connection to any server regardless of that server load (with some upper limit though which is rarely reached anyway).

 

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...