New 10 Gbit/s server available (BG)

[Staff 9288]

Hello!

We're very glad to inform you that a new 10 Gbit/s (full duplex) server located in Sofia (Bulgaria) is available: Wazn.

With Wazn, AirVPN infrastructure can now offer 10 Gbit/s full duplex lines and servers in strategic locations all over Europe: Switzerland, the Netherlands, Sweden and Bulgaria, all of them with direct peering with a wide variety of providers and at least two tier2 transit providers.

As WireGuard diffusion increases, such servers will be able to use more and more bandwidth, while the imminent OpenVPN DCO deployment on selected AirVPN servers will also provide for more scalability and performance. According to our tests (*) from Italy, the Netherlands, the United States and Germany (from both residential and business lines) and our statistics, in the countries with a presence AirVPN remains the fastest VPN for consumers in the world, both for available bandwidth and round trip times.
We are confident that the progressive increase of CPU power and available bandwidth, together with our usual commitment against overselling, will further widen the gap.

(*) Tests performed from tier1 providers such as Telecom Italia Sparkle or "near-tier1" ones such as Cogent and Hurricane. Tests performed against a wide variety of well known VPN services, including the most advertised ones.

The AirVPN client will show automatically the new server; if you use any other OpenVPN or WireGuard client you can generate all the files to access it through our configuration/certificates/key generator (menu "Client Area"->"Config generator"). The server accepts connections on ports 53, 80, 443, 1194, 2018 UDP and TCP for OpenVPN and ports 1637 and 47107 UDP for WireGuard.

Wazn supports OpenVPN over SSL and OpenVPN over SSH, TLS 1.3, OpenVPN tls-crypt and WireGuard.

Full IPv6 support is included as well.

As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses and 4096 bit DH key not shared with any other VPN server.

You can check the status as usual in our real time servers monitor:
https://airvpn.org/servers/Wazn

Do not hesitate to contact us for any information or issue.

Kind regards and datalove

[OpenSourcerer 1235]

26 minutes ago, Staff said:

while the imminent OpenVPN DCO deployment on selected AirVPN servers will also provide for more scalability and performance

Small question regarding that. I don't see the respective kernel module in the kernel.org source, and the one from GitHub/GitLab seems broken on mainline kernels. Where do you source your kernel module from?

[Staff 9288]

56 minutes ago, OpenSourcerer said:

Small question regarding that. I don't see the respective kernel module in the kernel.org source, and the one from GitHub/GitLab seems broken on mainline kernels. Where do you source your kernel module from?

Hello!

From GitHub and yes, we have actually experienced various problems we wrote about a week ago or so, that's why you see this relevant delay in deploying DCO. Maybe DCO will have hard time to get its way into kernel.org, as we read of a lot of serious problems unresolved since months, but we'll see. We will keep you informed and we ensure you that we will not trigger a potential bomb in our kernels. If we reach an apparent stable environment, we will anyway deploy DCO very gradually.

Kind regards
 

[OpenSourcerer 1235]

May I ask which kernel version was the newest you were able to build it against? The newer 6.2 kernels abort with a rc 10 for me, so I can't even test this out with my own OpenVPN server. It's a bit sad, really.

[Staff 9288]

1 hour ago, OpenSourcerer said:

May I ask which kernel version was the newest you were able to build it against? The newer 6.2 kernels abort with a rc 10 for me, so I can't even test this out with my own OpenVPN server. It's a bit sad, really.

5.16. Correction, 5.10 We never tried to do it on 6, and we're sorry (and concerned) to hear that. Thank you for the information.

Kind regards
 

[Staff 9288]

@OpenSourcerer

Just in case this is a valuable information for you, ProMind tested and could build OpenVPN+DCO on kernel 6.2.7 (in a Fedora 37 system) without any problem, through the provided Makefile and no modifications at all. Swift procedure, not even a single warning was thrown.

Kind regards
 

[Antonio Quartulli 6]

Hi there, I am the main developer of the OpenVPN DCO kernel module and I am really happy to hear that you guys have been testing it out!
The larger the user base, the faster we can find and squash bugs!

Regarding compiling DCO, we normally strive to have it always compile on the latest kernel.
However, in the past few weeks we were focused on implementing some big and important changes, therefore we had to shift our effort a bit and could not work on compatibility with 6.1/6.2.

However, I think master compiles on 6.2 since a month at least.
I just tested in this very moment whether it compiles on the latest netdev tree and it does. So it should all be good for 6.3 as well!

Regarding issues: if you have experienced anything that could be reported, please do so on GH in the issue page. It's *vital* that users experiencing problems do report them upstream and provide reproducible steps (if possible).

At the moment we still have a few "quite hard to reproduce" issues open and it'd be nice to receive any kind of input regarding them if you are experiencing the same.

[OpenSourcerer 1235]

Well, apparently I was trying to build a tag from November last year all this time without noticing. Problem solved.

[Staff 9288]

13 hours ago, Antonio Quartulli said:

Hi there, I am the main developer of the OpenVPN DCO kernel module and I am really happy to hear that you guys have been testing it out!
The larger the user base, the faster we can find and squash bugs!

Regarding compiling DCO, we normally strive to have it always compile on the latest kernel.
However, in the past few weeks we were focused on implementing some big and important changes, therefore we had to shift our effort a bit and could not work on compatibility with 6.1/6.2.

However, I think master compiles on 6.2 since a month at least.
I just tested in this very moment whether it compiles on the latest netdev tree and it does. So it should all be good for 6.3 as well!

Regarding issues: if you have experienced anything that could be reported, please do so on GH in the issue page. It's *vital* that users experiencing problems do report them upstream and provide reproducible steps (if possible).

At the moment we still have a few "quite hard to reproduce" issues open and it'd be nice to receive any kind of input regarding them if you are experiencing the same.

Hello and thank you very much!

We confirm the "swift and painless compilation". The main problem we experienced is the following one:
https://github.com/OpenVPN/ovpn-dco/issues/14

Unfortunately we don't have much to add on what Schwabe already wrote. We can say that we had the issue only on a single VM (an AWS EC2 used momentarily for this purpose) during our very early testings (Debian 11, 5.10 kernel, OpenVPN 2.6/OpenSSL/DCO etc. in house built). Now that we are testing only on dedicated servers (minimal Debian 11 installation, Xeon E3 or Xeon E5 architectures on HP and Dell servers) we can not not manage to reproduce the issue anymore. Should we get some additional piece of info/dump/how to reproduce/etc. we will definitely inform you. The crashes that we had on the VM had an apparently random pattern, so we can't even say what to do to maximize the reproducibility likelihood, we're sorry. In our configuration some OpenVPN processes are working in UDP, other ones in TCP, both tls-auth and tls-crypt, in all combinations. OpenVPN on the VM was 2.6.0, we see now that you strongly recommend 2.6.2 and of course we will update.

LAST MIN. ADDITION: However, we now read a brand new comment on GitHub about the issue:
 

Quote

The receiving path for TCP connections has been totally reworked (and simplified), therefore this bug is "kinda" invalid at the moment.

Maybe we already built DCO including the TCP rework (on our dedicated server)? Can you tell when the rework and simplification have been committed?

Kind regards
 

[Antonio Quartulli 6]

3 hours ago, Staff said:

LAST MIN. ADDITION: However, we now read a brand new comment on GitHub about the issue:
 

Quote

The receiving path for TCP connections has been totally reworked (and simplified), therefore this bug is "kinda" invalid at the moment.

Maybe we already built DCO including the TCP rework (on our dedicated server)? Can you tell when the rework and simplification have been committed?

 

To use that change you need openvpn 2.6.2 in userspace, which was released just yesterday.

So the tests you performed were still using the old ovpn-dco version. You can easily check dmesg and see what version you have loaded.
If the DCO version starts with v0.1 it means it's the "old" one.
If it starts with v0.2, then you have the newest version including the change I am talking about. Just remember that you must use openvpn-2.6.2 to be able to use DCO v0.2.

Should you guys have a chance to run DCO v0.2 and encounter any issue, do not hesitate to let us know!
Thanks a lot