Jump to content
Not connected, Your IP: 18.206.194.134

Recommended Posts

Hello, pretty quick and simple question, is it possible for me to lower the encryption level? I'm running a server through this VPN, and I think it would likely help clients' connection quality if I could lower encryption, or even turn it off.

Thanks!

Share this post


Link to post

Hello!

Turning off encryption is not possible. Picking less onerous ciphers is possible.

You can see on the https://airvpn.org/status page, by clicking the name of a server, the supported ciphers both for the Control and the Data Channel. The cipher for the Control Channel is essentially irrelevant for performance, but cipher for the Data Channel is. For the Data Channel, the servers propose AES-256-GCM.

On your OpenVPN client, add the directives ncp-disable and cipher <the cipher you want>

For example, if you want AES-128-GCM:

ncp-disable
cipher AES-128-GCM
If your system does not support AES-NI (New Instructions) then you can have relevant performance boost with CHACHA20-POLY1305. Currently five Air VPN servers are running OpenVPN 2.5 offering CHACHA20, you can recognize them because they are marked yellow with "Experimental CHACHA20" description (in Canada, USA, the Netherlands, Singapore). When OpenVPN 2.5 is released as a stable version, we will progressively update all VPN servers to support CHACHA20.

So, in case you need CHACHA20 because your system or CPU does not support AES-NI (note that it's not enough that the CPU supports AES-NI: even the SSL library linked by OpenVPN must support it), you can use the cipher with directives:
ncp-disable
cipher CHACHA20-POLY1305
CHACHA20-POLY1305 on Data Channel is supported by Hummingbird and OpenVPN3-AirVPN library. It is not supported by OpenVPN versions older than 2.5.

If your system does support AES-NI, probably your performance will be worse with CHACHA20.

Kind regards



 

Share this post


Link to post
9 minutes ago, Staff said:

Hello!

Turning off encryption is not possible. Picking less onerous ciphers is possible.

You can see on the https://airvpn.org/status page, by clicking the name of a server, the supported ciphers both for the Control and the Data Channel. The cipher for the Control Channel is essentially irrelevant for performance, but cipher for the Data Channel is. For the Data Channel, the servers propose AES-256-GCM.

On your OpenVPN client, add the directives ncp-disable and cipher <the cipher you want>

For example, if you want AES-128-GCM:


ncp-disable
cipher AES-128-GCM
If your system does not support AES-NI (New Instructions) then you can have relevant performance boost with CHACHA20-POLY1305. We currently run five servers running OpenVPN 2.5 offering CHACHA20, you can recognize them because they are marked yellow with "Experimental CHACHA20" description (in Canada, USA, the Netherlands, Singapore). When OpenVPN 2.5 is released as a stable version, we will progressively update all VPN servers to support CHACHA20.

So, in case you need CHACHA20 because your system or CPU does not support AES-NI (note that it's not enough that the CPU supports AES-NI: even the SSL library linked by OpenVPN must support it), you can use the cipher with directives:

ncp-disable
cipher CHACHA20-POLY1305
If your system does support AES-NI, probably your performance will be worse with CHACHA20.

Kind regards



 
So the only directives I need to add to Custom Directives are ncp-disable and cipher AES-128-GCM?

Share this post


Link to post

While we can say, yes that's all needed to be done, I'm beginning to question this. Why would you want a lesser encryption level? What are you trying to run OpenVPN on? Router?


» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post
14 hours ago, giganerd said:

While we can say, yes that's all needed to be done, I'm beginning to question this. Why would you want a lesser encryption level? What are you trying to run OpenVPN on? Router?

I'm running a game server on a PC through AirVPN. It seems to be creating a little bit of lag, and id rather not have it turned off and expose my public IP.

Share this post


Link to post
11 hours ago, glibthefirst said:
On 2/9/2020 at 4:23 AM, giganerd said:

While we can say, yes that's all needed to be done, I'm beginning to question this. Why would you want a lesser encryption level? What are you trying to run OpenVPN on? Router?

I'm running a game server on a PC through AirVPN. It seems to be creating a little bit of lag, and id rather not have it turned off and expose my public IP.

Increased lag is going to happen when you're going through a VPN.  It adds "distance" between you and your game server and friends.  Decreasing the encryption will only make things easier on your processor but that's not where the lag is I think.

Share this post


Link to post

Public server? If yes, it's a bad approach, no matter how you see it. Your PC eats energy and therefore money. It's waay better to host this on a cheap VPS which is dedicated to that task, hence, no lag, does not expose your public IP and costs less than your electricity bill plus VPN access combined. What's more, that server can stay online and people would be able to connect even while you sleep. Also, you can choose any port you like on a VPS, not so here.


» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...