yoyall 6 Posted ... I have been wondering if others out there consider the data/privacy protections or lack thereof in this or that country when choosing the vpn server to go through. For instance, I have heard that the US and UK aren't the most liberal, shall we say, and that somewhere like Sweden puts more emphasis on internet independence. So, then, do my fellow AirVPN users eschew servers in the former type countries to opt for the latter? Or is it all down to latency because AirVPN doesn't keep logs on their servers so any country's internet policies don't come into account? The reason I ask is that I was recently looking at all the countries that AirVPN has servers in and it got me thinking about which country to choose. I've always made my selection based on the country I'm in or alternatively based on latency scores. But I'm wondering if - as a privacy conscious person - I shouldn't be more sophisticated in my decision-making process...How do you choose your vpn server country? Which factors do you take into consideration? Cheers, Jules Quote Share this post Link to post
OpenSourcerer 1447 Posted ... Don't care much for the "privacy". If I want something most closely resembling being anonymous, I will use Tor, but the use cases are very, very little. For torrenting, a pseudonym like a VPN server will do just fine. There, a low RTT and good throughput are the most desired features. One can rightfully assume that a geographically close location may yield both, but it's important to take into consideration that geographic location and distance != network topology, meaning, you may have a lower RTT and better throughput with a server in Switzerland than with a server in Frankfurt if your location is northern Germany. In the past I've always looked at whether direct BGP routes are present between my ISP and the server's ISP and used those servers exclusively. I think that's why Kitalpha (Switzerland, Liberty Global), despite being ~twice as far away from me as Frankfurt, was always a better experience than Aquilae/Tauri/Velorum back then (former servers from the "old" Leaseweb Germany). But the experiences may vary; routing choices are made by many more factors. I do try to stay in the country I'm in, but sometimes I connect to a German server because I need German IP addresses. It's situational. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
yoyall 6 Posted ... Thanks very much for your response. I always get a lot from your messages. 🙏👍 I had been wondering about this when choosing a server and I'm glad that I asked the question. 1 hour ago, OpenSourcerer said: I've always looked at whether direct BGP routes are present between my ISP and the server's ISP Now I'm interesting in finding out more about this - if you don't mind. 🤔 How would I go about calculating this? A steer in this direction would be most appreciated. Thanks again for the information. Cheers, Jules Quote Share this post Link to post
OpenSourcerer 1447 Posted ... 1 hour ago, yoyall said: Now I'm interesting in finding out more about this - if you don't mind. 🤔 How would I go about calculating this? A steer in this direction would be most appreciated. You don't. A general indication is a BGP toolkit like https://bgp.he.net. You search for the ASN of your ISP and see if a server's ASN is listed in its peers list. Take AS3320 for example, it's my ISP. And take a server like Kitalpha from before which is AS6830. In the Peers IPv4 tab you will find it on rank 14 and in Peers IPv6 on rank 13. If it weren't in one of these lists, there wouldn't be a direct route. Another presentation of these are the graphs, they picture which way traffic flows. The thicker the line, the more traffic usually flows through it (which can be interpreted as "more preferred"). The advantage of the graphs will be much more clearer if you take a much smaller ASN like AS29686 for whom peering with a few bigger ASNs than itself is sufficient, they don't need to be the biggest ones. This info does not say that traffic is always routed through a particular route. It's perfectly possible that based on other criteria traffic from 3320 to 6830 will be routed through 3356 despite the direct route. As written, it's an indication. Sometimes, it's simply cheaper for either Telekom or Liberty to route it through Level3 or any other Tier 1 that also peers with the other. The result is that you'll have a few ms higher latency. But for the VPN thing I was definitely better off with Kitalpha than the German ATV threesome from before. Still, I wouldn't look too far out the window. If you're in Germany, staying with the servers there and also considering a few neighbors like the Netherlands will get you a solid choice of countries which all have the potential to satisfy your current performance needs. This BGP thing is more aimed at stationary usage. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
yoyall 6 Posted ... Oh what a cool rabbit hole this is! At the moment I'm in the UK and my current ISP is AS206067 and that of the UK servers is AS9009. From what I could tell it doesn't appear that there's a direct route. Because of the physical distance to any other country, like the Netherlands, I didn't think that I should check any servers in other countries. So, I guess I should just stick with the UK servers while I'm here. But this is great fun! Every day is a school day. Quote Share this post Link to post
OpenSourcerer 1447 Posted ... 10 hours ago, yoyall said: AS206067 Based on the BGP toolkit I'd say most of your traffic will be routed through Cogent, AS174. So is probably the connection to M247. You can further check how many hops a connection there takes by using traceroute (the Unix/Linux one, not the crippled tracert from Windows; this is quite important because traceroute, among the default ICMP, can also check the hops using TCP and UDP). Let me demonstrate: $ sudo traceroute -T kitalpha.airvpn.org traceroute to kitalpha.airvpn.org (91.214.169.68), 30 hops max, 60 byte packets 1 _gateway (192.168.110.1) 1.165 ms 1.504 ms 1.819 ms 2 p3e9bf2fc.dip0.t-ipconnect.de (62.155.242.252) 11.987 ms 12.358 ms 12.443 ms 3 * * * 4 62.157.248.114 (62.157.248.114) 19.233 ms 19.375 ms 19.592 ms 5 cz-prg02a-ra2-xe-9-1-2-0.aorta.net (84.116.130.61) 32.383 ms 32.171 ms 32.268 ms 6 de-fra01b-rc1-ae-3-0.aorta.net (84.116.132.177) 28.221 ms 27.414 ms 27.792 ms 7 mlrgls901-be-2.aorta.net (84.116.211.142) 30.241 ms 20.845 ms 21.346 ms 8 46.140.77.250 (46.140.77.250) 21.457 ms 21.630 ms 21.570 ms 9 airvpn.dserver.softronics.ch (91.214.169.68) 21.938 ms 20.567 ms 21.250 ms This is a traceroute to Kitalpha. From hop 3 onwards, probably hop 2 already, this traceroute was in the backbone of my ISP, at hop 5 it was handed over to aorta.net, which is a Virgin Media company, which in turn belongs to Liberty Global, which is the ISP Kitalpha is hosted at. So, I've got one more or less hard boundary, hop 4/5, the rest is transported through the ISPs' internal BGP routers. From the traceroute it gets a little clearer to me why Kitalpha always was an absolute pleasure to use for me. Also note the latencies, we're at 21 ms to Kitalpha in CH. Now the cross check, Cujam, M247. $ sudo traceroute -T cujam.airvpn.org traceroute to cujam.airvpn.org (37.120.217.242), 30 hops max, 60 byte packets 1 _gateway (192.168.110.1) 1.371 ms 1.706 ms 2.020 ms 2 p3e9bf2fc.dip0.t-ipconnect.de (62.155.242.252) 14.082 ms 14.358 ms 14.467 ms 3 217.5.104.182 (217.5.104.182) 15.184 ms 217.5.104.170 (217.5.104.170) 15.825 ms pd900cbda.dip0.t-ipconnect.de (217.0.203.218) 15.753 ms 4 62.159.61.230 (62.159.61.230) 16.246 ms 16.329 ms 16.677 ms 5 hbg-bb3-link.ip.twelve99.net (62.115.120.70) 21.332 ms hbg-bb4-link.ip.twelve99.net (62.115.119.86) 26.246 ms 26.485 ms 6 ffm-bb1-link.ip.twelve99.net (62.115.123.76) 22.124 ms ffm-bb2-link.ip.twelve99.net (62.115.138.172) 23.866 ms 24.535 ms 7 ffm-b12-link.ip.twelve99.net (62.115.142.47) 23.281 ms 14.123 ms ffm-b12-link.ip.twelve99.net (62.115.142.5) 16.459 ms 8 m247-ic319211-ffm-b12.ip.twelve99-cust.net (213.248.84.211) 24.887 ms 24.559 ms 24.976 ms 9 vlan2916.agg1.fra4.de.m247.com (212.103.51.48) 25.311 ms 25.686 ms * 10 vlan2901.as03.fra4.de.m247.com (82.102.29.155) 27.679 ms * * 11 37.120.217.242 (37.120.217.242) 24.477 ms 16.377 ms 27.792 ms ISP's backbone from 2/3 as previously, then first handover hop 5 to twelve99.net (nomen est omen, AS1299 -> Telia), hop 8 likely an edge router dedicated to M247, so second handover here. Note the latency, it's higher despite the fact Frankfurt is roughly half as far away as Switzerland. Also note the slight fluctuations in them. All of which supports the fact that with M247 consistent download throughput is a bit more difficult to achieve. Also, before someone slaps me on the wrist: Yes yes, those numbers don't mean the world, traceroute is not a magic tool, it can miss routers, it certainly misses switches, etcetcetc. All this info for indication purposes only. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
yoyall 6 Posted ... Well this sent me down a few more rabbit holes. 😂 🍺 I first realised that I get consistently faster speeds if I connect SSL 443 rather than UDP 443. 🤔 I also noticed that when I let Eddie decide which server I should connect to, it almost always selects one from the Netherlands as opposed to one of the UK servers (where I am). I also noticed that the UK servers never score any points with speed selected... Then I had to find an alternative to tracert on Windows. I used Arch Linux for many years but as a photographer I had to admit to defeat and return to Windows to get various bits of necessary software to work. Oh well... 😭 And I'm still trying to find a tracert replacement. I've tried NetScanTools, WinMTR and TracerouteNG. But so far none seem to give me as complete a picture as my old true traceroute... Every day is a school day. 👨🎓 Quote Share this post Link to post
OpenSourcerer 1447 Posted ... 34 minutes ago, yoyall said: I first realised that I get consistently faster speeds if I connect SSL 443 rather than UDP 443. 🤔 With that you'd get the HTTPS treatment with some transit providers. You're not the first noticing this. You can always boot a live Linux and traceroute -T your heart away. But, holy moly, you guys on Windows really seem out of luck with traceroute alternatives there. At least that fact is consistent with the Spirit of Windows™. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
yoyall 6 Posted ... 57 minutes ago, OpenSourcerer said: With that you'd get the HTTPS treatment with some transit providers. Is this because they inspect the packets and disadvantage openvpn packets? Or is that they simple prioritise seemingly "real" HTTPS traffic? Quote Share this post Link to post
OpenSourcerer 1447 Posted ... HTTPS is much more common than VPNs and is used to transport just about anything. You'd need DPI to tell a VPN over SSL connection apart from simple HTTPS. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
benfitita 39 Posted ... Sooner or later HTTP/3 will become mainstream. It's based on UTP, so maybe UTP 443 traffic will become less throttled. Quote Share this post Link to post