New to VPNs, some clarifications geolocation settings?

[Badgergrr 0]

I have a few questions about airvpn.

I have been using a different VPN before air and there are a few differences I'm not following;

Old VPN, Connected to German server = DNS leak test shows German address's (no leaks) Cannot view BBC Iplayer

AirVPN, Connected to German server = DNS leak test shows USA address's ("no leaks") Can view BBC Iplayer.

To the layman this implies that Iplayer is receiving requests from an address within the UK.

Why is this? Do I need to change some settings?

[Staff 9772]

I have a few questions about airvpn.

I have been using a different VPN before air and there are a few differences I'm not following;

Old VPN, Connected to German server = DNS leak test shows German address's (no leaks) Cannot view BBC Iplayer

AirVPN, Connected to German server = DNS leak test shows USA address's ("no leaks") Can view BBC Iplayer.

To the layman this implies that Iplayer is receiving requests from an address within the UK.

Why is this? Do I need to change some settings?

Hello!

We are providing and experimental service that is allowing our customers to access BBC iPlayer from any server, including servers outside UK (as long as you use our DNS), as well as USA services from servers outside USA (try CBS and Pandora). The service is still experimental so it is not advertised, except in the servers status monitor where you can see "Micro" servers that are used to bypass IP geo-location based censorship.

Kind regards

[Badgergrr 0]

thanks admin

My other question is why do I see only USA address' when connected to a German VPN and on German address' when connected to a Dutch VPN?

[Staff 9772]

thanks admin

My other question is why do I see only USA address' when connected to a German VPN and on German address' when connected to a Dutch VPN?

Hello!

Assuming you refer to DNS servers IP addresses, you see the DNS servers IP addresses used by our servers. Google routes the DNS queries in order to optimize performance. If you see IP addresses not belonging to Google DNS, either you are tunneling your favorite DNS through our servers or you have a DNS leak.

Kind regards

[Badgergrr 0]

I do see google address's, I suppose I'm wondering why google would route queries to USA to optimize performance?

On another note I am experiencing severe speed loss. Is there a guide on the forum for resolving issues?

Speedtest without VPN = 42Mbps DL 16Mbps UP

Speedtest AIR with VPN = 9.8Mbps DL 16Mbps UP

Upload remains the same?

Steam download as a "realworld test"

No VPN 4.8Mbps DL

Air VPN 6-700Kbps

[Staff 9772]

I do see google address's, I suppose I'm wondering why google would route queries to USA to optimize performance?

On another note I am experiencing severe speed loss. Is there a guide on the forum for resolving issues?

Speedtest without VPN = 42Mbps DL 16Mbps UP

Speedtest AIR with VPN = 9.8Mbps DL 16Mbps UP

Upload remains the same?

Steam download as a "realworld test"

No VPN 4.8Mbps DL

Air VPN 6-700Kbps

Hello!

The fact that upload bandwidth is higher than download bw does not have a definite explanation. Can you try connections to different ports (in particular 53 UDP and 80 TCP) and different servers in order to make a performance comparison? Maybe your ISP performs port shaping on UDP 443. Also, can you check in your client logs if there's packet loss or packet fragmentation when you connect to an UDP port (if in doubt feel free to send them to us after some hours of connection)?

Kind regards

[Badgergrr 0]

Sorry but how would I go about doing that? I'm reasonably savvy with computers but when it comes to networking my mind is blown!

Where do I change the ports? Is this on my router?

[Staff 9772]

Sorry but how would I go about doing that? I'm reasonably savvy with computers but when it comes to networking my mind is blown!

Where do I change the ports? Is this on my router?

Hello!

If you're running the Air client for Windows, after the login please select a server (but do not click "Enter" yet), click on the "Modes" tab and select a port, finally click "Enter".

If you're running OpenVPN GUI or any other OpenVPN wrapper or OpenVPN directly, please select the port(s) and protocol(s) (multiple choices are allowed) while you generate the configuration(s) in our configuration generator.

Kind regards

[Badgergrr 0]

53 UDP hangs on connecting

80 TCP gives me results of 16Mbps dl and 1Mbps up

Better but not great and upload is suffering

[Staff 9772]

53 UDP hangs on connecting

Hello!

Can you please send us the connection logs both of the above attempted connection and of connections to port 443 UDP after some time your computer is connected?

80 TCP gives me results of 16Mbps dl and 1Mbps up

Better but not great and upload is suffering

Difficult to interpret before seeing the logs, just a little hint to outbound 443 UDP port shaping by your ISP.

Kind regards

[Badgergrr 0]

notepad logs won't appear after I attach them?

UDP443.txt

[Badgergrr 0]

UDP 53 failed

10/02/2013 - 16:12 Login...

10/02/2013 - 16:12 Login success.

10/02/2013 - 16:13 Contacting service...

10/02/2013 - 16:13 Connecting...

10/02/2013 - 16:13 OpenVPN 2.3.0 x86_64-w64-mingw32 [sSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [iPv6] built on Jan 8 2013

10/02/2013 - 16:13 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

10/02/2013 - 16:13 Socket Buffers: R=[8192->8192] S=[8192->8192]

10/02/2013 - 16:13 UDPv4 link local: [undef]

10/02/2013 - 16:13 UDPv4 link remote: [AF_INET]46.165.208.69:53

10/02/2013 - 16:14 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

10/02/2013 - 16:14 TLS Error: TLS handshake failed

10/02/2013 - 16:14 SIGUSR1[soft,tls-error] received, process restarting

10/02/2013 - 16:14 Restart pause, 2 second(s)

10/02/2013 - 16:14 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

10/02/2013 - 16:14 Socket Buffers: R=[8192->8192] S=[8192->8192]

10/02/2013 - 16:14 UDPv4 link local: [undef]

10/02/2013 - 16:14 UDPv4 link remote: [AF_INET]46.165.208.69:53

10/02/2013 - 16:15 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

10/02/2013 - 16:15 TLS Error: TLS handshake failed

10/02/2013 - 16:15 SIGUSR1[soft,tls-error] received, process restarting

10/02/2013 - 16:15 Restart pause, 2 second(s)

10/02/2013 - 16:15 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

10/02/2013 - 16:15 Socket Buffers: R=[8192->8192] S=[8192->8192]

10/02/2013 - 16:15 UDPv4 link local: [undef]

10/02/2013 - 16:15 UDPv4 link remote: [AF_INET]46.165.208.69:53

10/02/2013 - 16:16 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

10/02/2013 - 16:16 TLS Error: TLS handshake failed

10/02/2013 - 16:16 SIGUSR1[soft,tls-error] received, process restarting

10/02/2013 - 16:16 Restart pause, 2 second(s)

10/02/2013 - 16:16 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

10/02/2013 - 16:16 Socket Buffers: R=[8192->8192] S=[8192->8192]

10/02/2013 - 16:16 UDPv4 link local: [undef]

10/02/2013 - 16:16 UDPv4 link remote: [AF_INET]46.165.208.69:53

10/02/2013 - 16:17 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

10/02/2013 - 16:17 TLS Error: TLS handshake failed

10/02/2013 - 16:17 SIGUSR1[soft,tls-error] received, process restarting

10/02/2013 - 16:17 Restart pause, 2 second(s)

10/02/2013 - 16:17 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

10/02/2013 - 16:17 Socket Buffers: R=[8192->8192] S=[8192->8192]

10/02/2013 - 16:17 UDPv4 link local: [undef]

10/02/2013 - 16:17 UDPv4 link remote: [AF_INET]46.165.208.69:53

10/02/2013 - 16:18 Disconnecting...

10/02/2013 - 16:18 Disconnected.

UDP 443 connected

10/02/2013 - 16:21 Login...

10/02/2013 - 16:21 Login success.

10/02/2013 - 16:21 Contacting service...

10/02/2013 - 16:21 Connecting...

10/02/2013 - 16:21 OpenVPN 2.3.0 x86_64-w64-mingw32 [sSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [iPv6] built on Jan 8 2013

10/02/2013 - 16:21 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

10/02/2013 - 16:21 Socket Buffers: R=[8192->8192] S=[8192->8192]

10/02/2013 - 16:21 UDPv4 link local: [undef]

10/02/2013 - 16:21 UDPv4 link remote: [AF_INET]46.165.208.69:443

10/02/2013 - 16:21 TLS: Initial packet from [AF_INET]46.165.208.69:443, sid=bbd13322 1cf2c6e2

10/02/2013 - 16:21 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org

10/02/2013 - 16:21 VERIFY OK: nsCertType=SERVER

10/02/2013 - 16:21 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org

10/02/2013 - 16:21 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

10/02/2013 - 16:21 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

10/02/2013 - 16:21 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

10/02/2013 - 16:21 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

10/02/2013 - 16:21 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

10/02/2013 - 16:21 [server] Peer Connection Initiated with [AF_INET]46.165.208.69:443

10/02/2013 - 16:21 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

10/02/2013 - 16:21 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.4.0.1,comp-lzo no,route 10.4.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.4.19.102 10.4.19.101'

10/02/2013 - 16:21 OPTIONS IMPORT: timers and/or timeouts modified

10/02/2013 - 16:21 OPTIONS IMPORT: LZO parms modified

10/02/2013 - 16:21 OPTIONS IMPORT: --ifconfig/up options modified

10/02/2013 - 16:21 OPTIONS IMPORT: route options modified

10/02/2013 - 16:21 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

10/02/2013 - 16:21 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

10/02/2013 - 16:21 open_tun, tt->ipv6=0

10/02/2013 - 16:21 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{93343A6F-0E60-41CF-835C-35D155D8CA6A}.tap

10/02/2013 - 16:21 TAP-Windows Driver Version 9.9

10/02/2013 - 16:21 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.4.19.102/255.255.255.252 on interface {93343A6F-0E60-41CF-835C-35D155D8CA6A} [DHCP-serv: 10.4.19.101, lease-time: 31536000]

10/02/2013 - 16:21 Successful ARP Flush on interface [20] {93343A6F-0E60-41CF-835C-35D155D8CA6A}

10/02/2013 - 16:21 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up

10/02/2013 - 16:21 C:\Windows\system32\route.exe ADD 46.165.208.69 MASK 255.255.255.255 192.168.1.254

10/02/2013 - 16:21 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4

10/02/2013 - 16:21 Route addition via IPAPI succeeded [adaptive]

10/02/2013 - 16:21 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.4.19.101

10/02/2013 - 16:21 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4

10/02/2013 - 16:21 Route addition via IPAPI succeeded [adaptive]

10/02/2013 - 16:21 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.4.19.101

10/02/2013 - 16:21 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4

10/02/2013 - 16:21 Route addition via IPAPI succeeded [adaptive]

10/02/2013 - 16:21 C:\Windows\system32\route.exe ADD 10.4.0.1 MASK 255.255.255.255 10.4.19.101

10/02/2013 - 16:21 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4

10/02/2013 - 16:21 Route addition via IPAPI succeeded [adaptive]

10/02/2013 - 16:21 Initialization Sequence Completed

10/02/2013 - 16:21 Starting Management Interface...

10/02/2013 - 16:21 Checking...

10/02/2013 - 16:21 Retrieve statistics...

10/02/2013 - 16:22 Connected.

UDP53.txt

[Staff 9772]

@Badgergrr

Hello!

Logs about 443 UDP are just fine, no packet loss or fragmentation (assuming the logs were collected after several minutes of connection). Please try different servers in order to determine the one which can give you the best performance.

About 53 UDP, something is blocking/dropping packets, can you please check firewall and any other program which might interfere? Does it occur with every server?

Kind regards

[Badgergrr 0]

Yes it occurs with every server, I have disabled any firewalls aswell.

[Staff 9772]

Yes it occurs with every server, I have disabled any firewalls aswell.

Hello!

If you're absolutely sure that nothing in your system and internal network can block outgoing packets to outbound port 53 UDP, and given that it happens with all our servers, the only remaining option is that your ISP drops those packets (probably except toward its own DNS).

Kind regards

[nuxt 0]

I have a few questions about airvpn.

I have been using a different VPN before air and there are a few differences I'm not following;

Old VPN, Connected to German server = DNS leak test shows German address's (no leaks) Cannot view BBC Iplayer

AirVPN, Connected to German server = DNS leak test shows USA address's ("no leaks") Can view BBC Iplayer.

To the layman this implies that Iplayer is receiving requests from an address within the UK.

Why is this? Do I need to change some settings?

Hello!

We are providing and experimental service that is allowing our customers to access BBC iPlayer from any server, including servers outside UK (as long as you use our DNS), as well as USA services from servers outside USA (try CBS and Pandora). The service is still experimental so it is not advertised, except in the servers status monitor where you can see "Micro" servers that are used to bypass IP geo-location based censorship.

Kind regards

Wow, just another reason why I love AIRVPN!!

I can access pandora from ANY server, I looked into it but figured pandora expanded, clearly not... thank you admin.

[Badgergrr 0]

Yes it occurs with every server, I have disabled any firewalls aswell.

Hello!

If you're absolutely sure that nothing in your system and internal network can block outgoing packets to outbound port 53 UDP, and given that it happens with all our servers, the only remaining option is that your ISP drops those packets (probably except toward its own DNS).

Kind regards

I don't really understand this? What else in my system would block outgoing packets? Is port 53 UDP required to gain full speed.

Also why would my ISP drop these?

Speed is only 1/5th or less? What else can I do to improve things?

[Staff 9772]

Yes it occurs with every server, I have disabled any firewalls aswell.

Hello!

If you're absolutely sure that nothing in your system and internal network can block outgoing packets to outbound port 53 UDP, and given that it happens with all our servers, the only remaining option is that your ISP drops those packets (probably except toward its own DNS).

Kind regards

I don't really understand this? What else in my system would block outgoing packets?

Hello!

You might try to discover it by disabling any single program that might interfere with connections and try a connection each time you disable one of those.

Is port 53 UDP required to gain full speed.

No, not necessarily, it depends on the port shaping (if any) performed by your ISP.

Also why would my ISP drop these?

You might like to inquire your ISP in the first place, in order to understand if the block comes from it or not.

Speed is only 1/5th or less? What else can I do to improve things?

Try different ports, protocols and servers, for each of them perform an internal speed test http://speedtest.air in order to determine the server, port and protocol which can give you the best performance.

Kind regards

[azmo 14]

We are providing and experimental service that is allowing our customers to access BBC iPlayer from any server, including servers outside UK (as long as you use our DNS), as well as USA services from servers outside USA (try CBS and Pandora). The service is still experimental so it is not advertised, except in the servers status monitor where you can see "Micro" servers that are used to bypass IP geo-location based censorship.

Kind regards

That is beyond awesome. Thanks for providing such an excellent service overall.

[azmo 14]

We are providing and experimental service that is allowing our customers to access BBC iPlayer from any server, including servers outside UK (as long as you use our DNS), as well as USA services from servers outside USA (try CBS and Pandora). The service is still experimental so it is not advertised, except in the servers status monitor where you can see "Micro" servers that are used to bypass IP geo-location based censorship.

Kind regards

That is beyond awesome - and explains why I was "interestingly" able to watch some show on PBS earlier tonight. I was a bit surprised there was no geowall, that explains.

Thanks for providing such an awesome service.

[Badgergrr 0]

I have tried every protocol on 2 UK servers (nearest) and 1 German.

These results are pretty much consistent between all 3 servers.

I should have a speed of 68-70 Mbps Down and 16 UP

443 UDP 11.5Mbps 16Mbps

443 TCP 25Mbps 2.49Mbps

80 UDP 10.6Mbps 16Mbps

80 TCP 22Mbps 16Mbps

53 UDP No Connection

53 TCP 25Mbps 2.5Mbps

Definitely a problem somewhere with major problems with UDP protocols

[blknit 0]

Hello!

We are providing and experimental service that is allowing our customers to access BBC iPlayer from any server, including servers outside UK (as long as you use our DNS), as well as USA services from servers outside USA (try CBS and Pandora). The service is still experimental so it is not advertised, except in the servers status monitor where you can see "Micro" servers that are used to bypass IP geo-location based censorship.

Kind regards

CBS and Pandora are not working anymore from Crucis.

Could you check please ?

Best regards

[Staff 9772]

Hello!

We are providing and experimental service that is allowing our customers to access BBC iPlayer from any server, including servers outside UK (as long as you use our DNS), as well as USA services from servers outside USA (try CBS and Pandora). The service is still experimental so it is not advertised, except in the servers status monitor where you can see "Micro" servers that are used to bypass IP geo-location based censorship.

Kind regards

CBS and Pandora are not working anymore from Crucis.

Could you check please ?

Best regards

Hello!

Thank you for having notified us about the problem.

We are investigating.

Kind regards