Staff 10014 Posted ... Hello! We are very glad to inform you that our OpenVPN 3 development is progressing swiftly. Today we implemented directive ncp-disable which was still unsupported in OpenVPN 3.https://github.com/AirVPN/openvpn3-airvpn The directive is instrumental to allow clients Data Channel cipher free selection between those available on server, when ncp-ciphers is declared on server side, and keep at the same time total backward compatibility. Since when we implemented ChaCha20-Poly1305 https://airvpn.org/forums/topic/43850-openvpn-3-development/ on OpenVPN 3 Data Channel, "ncp-disable" has become a priority to provide servers and clients with maximum flexibility. We can therefore leave total freedom to clients to pick between AES-GCM, AES-CBC and ChaCha20 while preserving full backward compatibility. Clients with AES-NI supporting processors will prefer AES, while clients running on CPUs without AES-NI, for example most ARM CPUs, will of course tend to prefer ChaCha20. We are working hard to bring you first and foremost a new Eddie Android edition beta version to let you test ChaCha20-Poly1305 on your Android devices as soon as possible. All internal tests both with ChaCha20 and ncp-disable have been fully successful so far. Fingers crossed, maybe you will see a beta release as early as next week. UPDATE: Eddie Android edition with ChaCha20 support on both Data and Control Channel is now available https://airvpn.org/forums/topic/44201-eddie-android-edition-24-beta-1-released-chacha20-support/https://github.com/AirVPN/openvpn3-airvpn Changelog 3.3 AirVPN - Release date: 13 July 2019 by ProMIND - [ProMIND] [2019/06/02] Forked master openvpn3 repository 3.2 (qa:d87f5bbc04) - [ProMIND] [2019/06/06] Implemented CHACHA20-POLY1305 cipher for both control and data channels - [ProMIND] {2019/07/10] Implemented ncp-disable profile option Kind regards and datalove AirVPN Staff 6 Faggott, arteryshelby, zsam288 and 3 others reacted to this Quote Share this post Link to post
Flx 76 Posted ... I see you deployed/implemented only 3 servers(2 in NL and 1 in Canada). Any idea when AirVPN new wave of servers will become "Official" instead of "Experimental".? Quote Hide Flx's signature Hide all signatures Guide - EMBY Block ALL interfaces except tap/vpn Windows OS - Configuring your operating system Windows OS - Multi Session/Tunnel Share this post Link to post
Staff 10014 Posted ... Hello! On server side, we use OpenVPN 2.5 to support ChaCha20 on the Data Channel, so any server with OpenVPN 2.5 will be marked as "Experimental", to make clear that the OpenVPN running in it is a beta version. As soon as OpenVPN 2.5 stable is released, all the servers will be upgraded to support ChaCha20 on the Data Channel without the "Experimental" warning. Our next, imminent step is releasing Eddie Android edition with OpenVPN 3 supporting ChaCha20-Poly1305 to allow immediate testing from those devices based on Android that need ChaCha20 most, for performance and load reasons (such as any Android tablet, smart phone, Amazon Fire TV and any other Android based mediacenter using a CPU that does not support AES-NI). Kind regards 1 benfitita reacted to this Quote Share this post Link to post
arteryshelby 25 Posted ... Would it be possible that you implement a feature on the client to change the metric of _pushed_ routes? ATM its possible to change it for static routes you import by hand clientside or define a metric of pushed routes serverside. Id like to change the metric from a server pushed route on the clientside. Thanks! Quote Share this post Link to post
Staff 10014 Posted ... Hello! It is not planned at the moment but we can of course keep your suggestion into consideration. What's the purpose? By knowing the scenario we can make better decisions. Kind regards 1 arteryshelby reacted to this Quote Share this post Link to post
arteryshelby 25 Posted ... Thanks! In my case id like to load balance a few openvpn connections. ATM My setup is: pc --> firewall --> openvpn vm --> tun0 the firewall can loadbalance on multiple interface by round robin so id like a setup like this: pc --> firewall eth1 --> openvpn vm eth1 --> tun0 --> firewall eth2 --> openvpn vm eth2 --> tun1 --> firewall eth3 --> openvpn vm eth3 --> tun2 I used masquerade from eth1 to tun0, eth2 to tun1 and so on, but linux route table only imports route from tun0 0.0.0.0/0 so if i try to masquerade from eth2 to tun1 it wont work because there is no route imported for tun1 0.0.0.0/0. With multiple metric i could import tun1 with higher metric so its there but only used when its telled todo so. The other tun instances wont import 0.0.0.0/0 because it allready exists (with that metric) Quote Sun Jul 28 14:49:54 2019 /sbin/ip route add 0.0.0.0/1 via 10.10.0.1 RTNETLINK answers: File exists Sun Jul 28 14:49:54 2019 ERROR: Linux route add command failed: external program exited with error status: 2 Sun Jul 28 14:49:54 2019 /sbin/ip route add 128.0.0.0/1 via 10.10.0.1 RTNETLINK answers: File exists Sun Jul 28 14:49:54 2019 ERROR: Linux route add command failed: external program exited with error status: 2 hope this makes sense to you. regards Quote Share this post Link to post
Staff 10014 Posted ... Hello! In order to avoid confusion, we have changed our GitHub repository name into openvpn3-airvpn. URL has changed and has been edited accordingly in the first thread post. Kind regards Quote Share this post Link to post
pizza 0 Posted ... Do you upstream your changes to the openvpn3 repo or why do you develop a separate one? Would be nice to have your improvements also in the original openvpn3 client. Quote Share this post Link to post
Staff 10014 Posted ... @pizza Hello! We agree with you, it would have been nice but not at the price to lower our standards. The reasons of our fork have been already explained here:https://airvpn.org/forums/topic/43850-openvpn-3-development/?do=findComment&comment=98527 Kind regards Quote Share this post Link to post