Jump to content
Not connected, Your IP: 3.149.229.120

Recommended Posts

22 hours ago, the.one.dda said:

Today the last working option (wireguard app in router) deid. So, I'd say it's just the time for support team to come up with some sort of clear instruction for normal users.


SSH and SSL tunneling is very hard to set up on a router unless you are a very advanced user (here is an example for dd-wrt firmware; for original firmware it is not possible at all). So unfortunately normal users have to stick to using Eddie, with a bit of configuring it can do both SSH and SSL.

Share this post


Link to post
Posted ... (edited)

It took me about 5 hours, but I've found a combination that brought Wireguard back online in router. However there is still a problem with cellular provider. Cannot find a way to connect via eddie, wireguard or openvpn (ios and android). The old ssh manual for android is not working either. 

Edited ... by the.one.dda

Share this post


Link to post

I don't know if it's only for me but both SSL and SSH tunneling have got incredibly slow in the last several days, approximately since the beginning of the infamous throttling of YouTube (1st of August) or may be a couple of days later. I tried adding additional options for stunnel (socket = r:SO_OOBINLINE=yes; sni =; failover = rr; delay = yes), tried passing it through a DPI spoofer (byedpi, SpoofDPI) using proxychains: nothing helps at all, the speed still varies enormously, one moment it can be over 10 mbps, and 10 seconds later it almost stalls completely, or it may work fine for several minutes and then begin to degrade, or otherwise recover up to 10 mbps. It's completely unpredictable, and there are no errors in the log. Where is the problem? Is there a way to circumvent it?

Share this post


Link to post

I have the same problem so i opened a support ticket about the secret bootstrap servers. Signal is soon to be blocked in RF too :/.

Share this post


Link to post
On 8/3/2024 at 8:32 PM, the.one.dda said:

Cannot find a way to connect via eddie, wireguard or openvpn (ios and android). The old ssh manual for android is not working either.  

I use Connectbot and Eddie together and they work pretty well. The only thing wrong in the old guide are port numbers, everything else is still accurate.

Share this post


Link to post

May be it is all just snake oil but yesterday I was playing with the MTU settings of my OpenVPN client (SSL-wrapped) and for some reason the values around

--tun-mtu 700 --mssfix 692 mtu
improve the situation with the throttling quite visibly. SpeedTest shows that higher values (1000 or more) cause the speed to drop steeper and in larger steps, finally causing the complete freezing of transmission, lower values (500 or less) make the connection just slow and unreliable. It seems like 700 is sort of the golden middle.

Also for Linux enabling BBR (Bottleneck Bandwidth and RTT) may increase the throughput. If your Linux kernel is recent enough (4.9 or later), add the following lines to /etc/sysctl.conf:
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr
Then execute sysctl --system or reboot.

And one more advice: switch cipher to CHACHA20-POLY1305, it seems that it's now supported by almost all AirVPN servers. It probably means next to nothing but as far as I understand in theory its presence is not that easily detectable by DPI in the SSL-encrypted traffic as AES. To switch add the following parameter to openvpn (if it's started manually):
--data-ciphers CHACHA20-POLY1305
Or alternatively edit the data-ciphers line in the .conf file.

Share this post


Link to post

Currently in Russia, I can confirm that OpenVPN UDP without any extra config (on any port) works on some US, NL and LV servers on mobile networks (MegaFon, MTS).
On household connections, regular OpenVPN does not seem to work at all, but regular WireGuard sometimes does. When it doesn't work, the connection handshake usually succeeds, but no traffic passes.

But what I wanted to share is that I've had near 100% success (on both household and mobile connections) using the AmneziaWG client with many (most?) AirVPN servers. This is a client that introduces modified handshake parameters intended to fool DPI, while remaining compatible with the vanilla WireGuard server implementation, and it's available for all platforms (you can always compile from source, but at the time of writing there are binaries available at least for Windows, iOS and Mac OS and Android. Linux kernel modules and binaries are also available on Github). Note: there is also an "AmneziaVPN" GUI client but I prefer to use the bare protocol implementation instead.

These additional parameters are needed in the WireGuard config file generated by the Config Generator (check the Amnezia documentation for a detailed explanation), and have been verified to work:
 

[Interface]
Jc = 3
Jmin = 40
Jmax = 70
S1 = 0
S2 = 0
H1 = 1
H2 = 2
H3 = 3
H4 = 4

Share this post


Link to post

Yes, I can confirm that AmneziaWG currently works amazingly well with AirVPN. I get speeds up to 150+ Mbps to the German servers even without the kernel module (sorry but I don't want to install anything from GitHub into the kernel). Unfortunately it's still a "DPI spoofing" solution in the vein of GoodbyeDPI, byedpi, SpoofDPI, etc., hence sooner or later they manage to detect those fake packet tricks and block it. My opinion is that only real obfuscation (methods used by Cloak, VRay, etc.) can be considered a long-term solution.

For those who, like me, uses a Linux home server which acts like a VPN gateway, and start WireGuard/OpenVPN in a custom way, a couple of advices: download, compile and install both amneziavpn-go and amneziawg-tools. The first is the userspace daemon which creates the network interface, it will be run automatically once you run either:

awg-quick <wg_interface_name>
awg-quick <full_path_to_wg_config_file>
That is the only command you should run.

Share this post


Link to post
On 8/24/2024 at 1:55 PM, wwshake said:

These additional parameters are needed in the WireGuard config file generated by the Config Generator

Any idea on how to add those parameters to a OpenVPN connection? WG over amnesia with these settings works amasingly, but I also have to use OpenVPN as well.

Share this post


Link to post
13 hours ago, jazzlover said:
On 8/24/2024 at 1:55 PM, wwshake said:

These additional parameters are needed in the WireGuard config file generated by the Config Generator

Any idea on how to add those parameters to a OpenVPN connection? WG over amnesia with these settings works amasingly, but I also have to use OpenVPN as well.

This is only applicable to WireGuard. For OpenVPN obfuscation, I suggest you try SSL or SSH tunnels.

Share this post


Link to post

If you notice that the connection speed drops down again increase the Jc parameter (I recommend values 10-80) and rearrange the H1, H2, H3, H4 values (they should be the numbers from 1 to 4 but their order can be any). ТСПУ is able to detect and throttle AmneziaWG and I personally had this situation twice, and twice I had to pump up the Jc parameter. Don't set it too high though: too much junk is also abnormal and potentially can become a fingerprint.

According to the recent news Roskomnadzor has set a budget of 60 billion rubles (655 000 000 USD) to significantly upgrade their wonderboxes in the next 5 years. So I guess even more fun is coming. I've already bought a cheap VPS and installed Xray (VLESS-TCP-XTLS-Vision-REALITY), sing-box (Shadowsocks with 2022-blake3-aes-128-gcm) and Cloak but don't use it much to keep the IP from prematurely getting into the black lists (if they even currently exist in Russia, but in Iran they already do). May be it's all over the top but who knows the future? For now my main method of accessing the larger data world is still the good old AirVPN.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...