Huitzilopochtli 1 Posted ... Hi, I am an AirVPN newbie and also a non-geek. I have read all the FAQs and explanations and searched the forum for the topic in the title of this post. I see the protocol listed (see screenshot) but I don't understand if this is the right place (and what I need to do). Can anyone help me in simple words? Many thanks to all. Quote Share this post Link to post
OpenSourcerer 1441 Posted ... 8 hours ago, Huitzilopochtli said: Can anyone help me in simple words? "Prefer CHACHA20-POLY1305 data cipher" <-- have you tried ticking this one? Otherwise, add to custom directives: data-ciphers CHACHA20-POLY1305 Note that most processors in use on desktop today have AES-NI, encryption/decryption performance shouldn't be an issue. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Huitzilopochtli 1 Posted ... Hi. No, I did not try to do any damage. I did not want to risk making the connection insecure. I will follow your advice. Thank you for your help Quote Share this post Link to post
OpenSourcerer 1441 Posted ... 1 hour ago, Huitzilopochtli said: I did not want to risk making the connection insecure. Unfortunately, this sentence does not "qualify" you to change to CHACHA20-POLY1305 only. I'd like to ask why you want to use this option. What kind of improvement do you hope to achieve with it? Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Huitzilopochtli 1 Posted ... On 1/21/2022 at 8:08 PM, OpenSourcerer said: Unfortunately, this sentence does not "qualify" you to change to CHACHA20-POLY1305 only. I'd like to ask why you want to use this option. What kind of improvement do you hope to achieve with it? Hi. I probably didn't explain myself well. I meant that I wouldn't want to make the connection unstable by changing the software settings. Like I said, I'm inexperienced. I've been using VPNs for many years but I've never come across a panel with so many options that I've never seen in other VPNs' very simple and user friendly software. I got curious by reading a review and that's why I wanted to try AirVPN. However one thing I did understand is that using CHACHA20-POLY1305 I don't have the same choice of connections as when I first used the application with the standard configuration. For example (I am talking about the Win 10 x64 PC version) I saw that using CHACHA20-POLY 1305, when I opened the app I was always connected to a server in Belgium even when I chose a server in Switzerland by putting it among the favorites or among the defaults. Quote Share this post Link to post
OpenSourcerer 1441 Posted ... 1 hour ago, Huitzilopochtli said: However one thing I did understand is that using CHACHA20-POLY1305 I don't have the same choice of connections as when I first used the application with the standard configuration. Excuse me, this is fundamentally wrong. The choice of the cipher shouldn't influence server choice at all. The only reason you'd force a switch from AES to ChaCha20 is if your machine is overwhelmed with encryption/decryption of AES traffic and you therefore experience poor performance, as you usually would on any ARM machine like a mobile phone or the Raspberry Pi. For pretty much all desktop workloads AES is best. 1 hour ago, Huitzilopochtli said: For example (I am talking about the Win 10 x64 PC version) I saw that using CHACHA20-POLY 1305, when I opened the app I was always connected to a server in Belgium even when I chose a server in Switzerland by putting it among the favorites or among the defaults. This is impossible, unless we're talking about a yet unknown bug. As written, cipher choice does not impact server choice. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Huitzilopochtli 1 Posted ... 15 minutes ago, OpenSourcerer said: Excuse me, this is fundamentally wrong. The choice of the cipher shouldn't influence server choice at all. The only reason you'd force a switch from AES to ChaCha20 is if your machine is overwhelmed with encryption/decryption of AES traffic and you therefore experience poor performance, as you usually would on any ARM machine like a mobile phone or the Raspberry Pi. For pretty much all desktop workloads AES is best. This is impossible, unless we're talking about a yet unknown bug. As written, cipher choice does not impact server choice. I don't know why what I described happened. I have no knowledge in this area. I only reported what occurred and I DID NOT SAY that selecting CHACHA20-POLY1305 caused the routing to the Belgium server. I only said that is what happened. For me it's not a problem since I'm just trying AirVPN because I was intrigued by this Italian VPN which is undoubtedly very good since - as I've read on various websites - it's used with satisfaction by people who are very quality conscious. Quote Share this post Link to post
OpenSourcerer 1441 Posted ... 2 minutes ago, Huitzilopochtli said: I only reported what occurred and I DID NOT SAY that selecting CHACHA20-POLY1305 caused the routing to the Belgium server. I only said that is what happened. Okay… I still don't get why you want to force CHACHA20-POLY1305, then, honestly. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Huitzilopochtli 1 Posted ... 52 minutes ago, OpenSourcerer said: Okay… I still don't get why you want to force CHACHA20-POLY1305, then, honestly. It's like when you buy a new thing full of options that you've never tried or seen. Aren't you curious to see how it works if you change a few parameters? Just curious :-) Quote Share this post Link to post
OpenSourcerer 1441 Posted ... 1 hour ago, Huitzilopochtli said: It's like when you buy a new thing full of options that you've never tried or seen. Aren't you curious to see how it works if you change a few parameters? Just curious 🙂 Everytime people change things in IT they don't understand, a kitten is killed somewhere in the world. As written, you'd use ChaCha20 for less potent machines (think, pre-2010 maybe) or on ARM-based devices like mobiles; it can deliver a better throughput there. On desktop, just go with the default; you can't do anything wrong with that. As for comparison, AES is a long-standing, battle-proven cipher used for all kinds of purposes. It's so ubiquitous that support for it was built-in into processors, that's why CPUs can handle high throughputs, too. ChaCha20 is newer and so far on par with it: Throughput and security are comparable. It goes easier on resources, though (which, again, on desktop is negligible because of built-in AES). If you still want to try ChaCha20, as written before, check the checkbox or add the directive I posted further up. Can you break something with it? Nope, your connections will work just like before. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Huitzilopochtli 1 Posted ... On 1/28/2022 at 8:02 PM, OpenSourcerer said: Everytime people change things in IT they don't understand, a kitten is killed somewhere in the world. As written, you'd use ChaCha20 for less potent machines (think, pre-2010 maybe) or on ARM-based devices like mobiles; it can deliver a better throughput there. On desktop, just go with the default; you can't do anything wrong with that. As for comparison, AES is a long-standing, battle-proven cipher used for all kinds of purposes. It's so ubiquitous that support for it was built-in into processors, that's why CPUs can handle high throughputs, too. ChaCha20 is newer and so far on par with it: Throughput and security are comparable. It goes easier on resources, though (which, again, on desktop is negligible because of built-in AES). If you still want to try ChaCha20, as written before, check the checkbox or add the directive I posted further up. Can you break something with it? Nope, your connections will work just like before. thanks for your help and tips 1 OpenSourcerer reacted to this Quote Share this post Link to post