yigiel 0 Posted ... 1. Once a connetion is lost, is there any way to stop Eddie from continually retrying to connect and re-establish a connection ? I could not find an option for this. 2. I understand that under network lock, iptables are updated to allow for all Air servers. Is there any way to have blacklisted servers not appear in this iptables updates ? Quote Share this post Link to post
OpenSourcerer 1447 Posted ... 12 hours ago, yigiel said: 1. Once a connetion is lost, is there any way to stop Eddie from continually retrying to connect and re-establish a connection ? I could not find an option for this. No option. But you can try with OpenVPN2 directive connect-retry-max. In Preferences > OVPN directives, add connect-retry-max 1 to the left side. 12 hours ago, yigiel said: 2. I understand that under network lock, iptables are updated to allow for all Air servers. Is there any way to have blacklisted servers not appear in this iptables updates ? Why are you asking? Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
yigiel 0 Posted ... 12 hours ago, giganerd said: Why are you asking? To lower attack surface, and just plain de-bloating. Same applies to those certs that are downloaded for each server during initial install. No need to have 100-150 ? certs and thir related open IP ports when you may just need one or a few. I know I can delete the certs and patch the iptables after the install/run, but it would have been easier if Eddie did this. Once blacklisted servers are added, their certs and iptable rules are also blacklisted (removed). Quote Share this post Link to post
OpenSourcerer 1447 Posted ... 8 hours ago, yigiel said: To lower attack surface, and just plain de-bloating. Same applies to those certs that are downloaded for each server during initial install. Don't know about you, but for me the servers are only ACCEPTed in the OUTPUT chain (origin = my host). So I can't see what you mean by attack surface here. Everything is already being dropped inbound in two locations: Once on application level (Preferences > Network Lock > Incoming set to Block) and once on server level (NAT; that's why you need port forwarding). Also, if you are connected to 1.2.3.4 and another server sits on 2.3.4.5, and someone wants to reach you on port 9000, he/she won't be able to contact you at 2.3.4.5 port 9000, anyway. About the certs – can you elaborate? If I connected with Eddie in the past, a temporary profile was generated and immediately deleted after disconnection. Is that different for you? Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Not connected, Your IP: 13.59.170.228
Online: 27780 users - 320414 Mbit/s total BW